Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07839049 authored by Jareer Abdel-Qader's avatar Jareer Abdel-Qader Committed by Greg Kroah-Hartman
Browse files

staging/rdma/hfi1: close shared context security hole 



Driver does not verify userid for shared context assignments, allowing
malicious user access.

Reviewed by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: default avatarJareer H Abdel-Qader <jareer.h.abdel-qader@intel.com>
Signed-off-by: default avatarIra Weiny <ira.weiny@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent f4d26d81

drivers/staging/rdma/hfi1/file_ops.c

+1 −0
Original line number Diff line number Diff line
@@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp, 
			/* Skip ctxt if it doesn't match the requested one */

			if (memcmp(uctxt->uuid, uinfo->uuid,

				   sizeof(uctxt->uuid)) ||

			    uctxt->jkey != generate_jkey(current_uid()) ||

			    uctxt->subctxt_id != uinfo->subctxt_id ||

			    uctxt->subctxt_cnt != uinfo->subctxt_cnt)

				continue;