lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Dec 2018 19:14:12 +0000
From:   Jason Gunthorpe <jgg@...lanox.com>
To:     Leon Romanovsky <leon@...nel.org>
CC:     Doug Ledford <dledford@...hat.com>,
        Yishai Hadas <yishaih@...lanox.com>,
        RDMA mailing list <linux-rdma@...r.kernel.org>,
        Achiad Shochat <achiad@...lanox.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        linux-netdev <netdev@...r.kernel.org>,
        Leon Romanovsky <leonro@...lanox.com>
Subject: Re: [PATCH mlx5-next] IB/mlx5: Prevent allocating UMEM and UCTX as
 some general object

On Wed, Dec 19, 2018 at 04:28:15PM +0200, Leon Romanovsky wrote:
> From: Yishai Hadas <yishaih@...lanox.com>
> 
> The driver needs to prevent a user space application to create a
> UMEM and UCTX via the general object command.
> 
> The UMEM must go through the kernel UMEM_REG method to prevent the user
> from setting physical addresses by himself.  The UCTX is some internal
> kernel object and shouldn't be exposed.
> 
> As of not being any more part of the general object the caps bits were
> moved to be some log_xxx indication in the general HCA caps, 0 means not
> supported.
> 
> The firmware code was adapted as well to match the above.

This commit message is a bit wonky.. how about

IB/mlx5: Use the correct commands for UMEM and UCTX allocation

During testing the command format was changed to close a security
hole. Revise the driver to use the command format that will actually
be supported in GA firmware.

Both the UMEM and UCTX are intended only for use by the kernel and
cannot be executed using a general command.

Since the UMEM and CTX are not part of the general object the caps
bits were moved to be some log_xxx location in the general HCA caps.

> Signed-off-by: Yishai Hadas <yishaih@...lanox.com>
> Reviewed-by: Achiad Shochat <achiad@...lanox.com>
> Signed-off-by: Leon Romanovsky <leonro@...lanox.com>

Also add a fixes line please, any kernel with the devx needs this
patch to work with GA firmware.

>  drivers/infiniband/hw/mlx5/devx.c | 34 ++++++++---------
>  drivers/infiniband/hw/mlx5/main.c |  3 +-
>  include/linux/mlx5/mlx5_ifc.h     | 62 +++++++++++++++++++++----------
>  3 files changed, 58 insertions(+), 41 deletions(-)

Otherwise the patch looks fine, please apply to the shared branch..

Thanks,
Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ