| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250416025201.15753-1-vinicius.gomes@intel.com>
Date: Tue, 15 Apr 2025 19:52:01 -0700
From: Vinicius Costa Gomes <vinicius.gomes@...el.com>
To: Vinicius Costa Gomes <vinicius.gomes@...el.com>,
Dave Jiang <dave.jiang@...el.com>,
Vinod Koul <vkoul@...nel.org>,
Arjan van de Ven <arjan@...ux.intel.com>,
Nikhil Rao <nikhil.rao@...el.com>,
dmaengine@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v1] dmaengine: idxd: Fix allowing write() from different address spaces
Check if the process submitting the descriptor belongs to the same
address space as the one that opened the file, reject otherwise.
Fixes: 6827738dc684 ("dmaengine: idxd: add a write() method for applications to submit work")
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@...el.com>
---
drivers/dma/idxd/cdev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
index ff94ee892339..373c622fcddc 100644
--- a/drivers/dma/idxd/cdev.c
+++ b/drivers/dma/idxd/cdev.c
@@ -473,6 +473,9 @@ static ssize_t idxd_cdev_write(struct file *filp, const char __user *buf, size_t
ssize_t written = 0;
int i;
+ if (current->mm != ctx->mm)
+ return -EPERM;
+
for (i = 0; i < len/sizeof(struct dsa_hw_desc); i++) {
int rc = idxd_submit_user_descriptor(ctx, udesc + i);
--
2.49.0
Powered by blists - more mailing lists