staging/rdma/hfi1: close shared context security hole

Driver does not verify userid for shared context assignments, allowing
malicious user access.

Reviewed by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Jareer H Abdel-Qader <jareer.h.abdel-qader@intel.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/rdma/hfi1/file_ops.c b/drivers/staging/rdma/hfi1/file_ops.c
index cbaf4f734add78be1e5dbd63ac5d2c7f2c4e09e9..955f80dfecf618996fe2755fb1ffe6182ea1c832 100644 (file)
--- a/drivers/staging/rdma/hfi1/file_ops.c
+++ b/drivers/staging/rdma/hfi1/file_ops.c
@@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp,
                        /* Skip ctxt if it doesn't match the requested one */
                        if (memcmp(uctxt->uuid, uinfo->uuid,
                                   sizeof(uctxt->uuid)) ||
+                           uctxt->jkey != generate_jkey(current_uid()) ||
                            uctxt->subctxt_id != uinfo->subctxt_id ||
                            uctxt->subctxt_cnt != uinfo->subctxt_cnt)
                                continue;