lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 17 Apr 2019 19:05:37 +0000
From:   "Ruhl, Michael J" <>
To:     Leon Romanovsky <>,
        Doug Ledford <>,
        Jason Gunthorpe <>
CC:     Leon Romanovsky <>,
        RDMA mailing list <>,
        Andrea Arcangeli <>,
        "Feras Daoud" <>,
        Haggai Eran <>,
        "Jason Gunthorpe" <>,
        Saeed Mahameed <>,
        linux-netdev <>
Subject: RE: [PATCH rdma-next 3/6] RDMA/ucontext: Do not allow BAR mappings
 to be executable

>-----Original Message-----
>From: [mailto:linux-rdma-
>] On Behalf Of Leon Romanovsky
>Sent: Tuesday, April 16, 2019 4:07 AM
>To: Doug Ledford <>; Jason Gunthorpe
>Cc: Leon Romanovsky <>; RDMA mailing list <linux-
>>; Andrea Arcangeli <>; Feras
>Daoud <>; Haggai Eran <>;
>Jason Gunthorpe <>; Saeed Mahameed
><>; linux-netdev <>
>Subject: [PATCH rdma-next 3/6] RDMA/ucontext: Do not allow BAR mappings
>to be executable
>From: Jason Gunthorpe <>
>These are not code pages and should never be executed.
>Fixes: 5f9794dc94f5 ("RDMA/ucontext: Add a core API for mmaping driver IO
>Signed-off-by: Jason Gunthorpe <>
>Signed-off-by: Leon Romanovsky <>
> drivers/infiniband/core/uverbs_main.c | 4 ++++
> 1 file changed, 4 insertions(+)
>diff --git a/drivers/infiniband/core/uverbs_main.c
>index fef4519d1241..3ef6474cd201 100644
>--- a/drivers/infiniband/core/uverbs_main.c
>+++ b/drivers/infiniband/core/uverbs_main.c
>@@ -889,6 +889,10 @@ static struct rdma_umap_priv
>*rdma_user_mmap_pre(struct ib_ucontext *ucontext,
> 	struct ib_uverbs_file *ufile = ucontext->ufile;
> 	struct rdma_umap_priv *priv;
>+	if (vma->vm_flags & VM_EXEC)
>+		return ERR_PTR(-EINVAL);
>+	vma->vm_flags &= ~VM_MAYEXEC;

A change like this was made in HFI with:

commit 12220267645cb7d1f3f699218e0098629e932e1f
IB/hfi: Protect against writable mmap

This caused user applications that use the stack for execution to fail.
The VM_EXEC flag is passed down during mmaps.

We had to remove this patch with:

commit 7709b0dc265f28695487712c45f02bbd1f98415d
IB/hfi1: Remove overly conservative VM_EXEC flag check

to resolve this issue.

I am not sure if this is an equivalent issue, but the code path
appears very similar.

Testing with applications that set the EXECSTACK bit will show if this
is an issue.


> 	if (vma->vm_end - vma->vm_start != size)
> 		return ERR_PTR(-EINVAL);

Powered by blists - more mailing lists