From: Jareer Abdel-Qader Date: Mon, 26 Oct 2015 14:28:33 +0000 (-0400) Subject: staging/rdma/hfi1: close shared context security hole X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=07839049db8e07c1a0ade9a102b2261cd50ac2c1;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git staging/rdma/hfi1: close shared context security hole Driver does not verify userid for shared context assignments, allowing malicious user access. Reviewed by: Mike Marciniszyn Signed-off-by: Jareer H Abdel-Qader Signed-off-by: Ira Weiny Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/rdma/hfi1/file_ops.c b/drivers/staging/rdma/hfi1/file_ops.c index cbaf4f734add..955f80dfecf6 100644 --- a/drivers/staging/rdma/hfi1/file_ops.c +++ b/drivers/staging/rdma/hfi1/file_ops.c @@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp, /* Skip ctxt if it doesn't match the requested one */ if (memcmp(uctxt->uuid, uinfo->uuid, sizeof(uctxt->uuid)) || + uctxt->jkey != generate_jkey(current_uid()) || uctxt->subctxt_id != uinfo->subctxt_id || uctxt->subctxt_cnt != uinfo->subctxt_cnt) continue;