diff options
| author | Jason Gunthorpe <jgg@mellanox.com> | 2019-04-16 14:07:25 +0300 |
|---|---|---|
| committer | Jason Gunthorpe <jgg@mellanox.com> | 2019-04-24 13:06:24 -0300 |
| commit | c660133c339f9ab684fdf568c0d51b9ae5e86002 (patch) | |
| tree | 20fed69f72f0cfb9e5acc778c79c1d7a13c07d38 /drivers/infiniband | |
| parent | 7249c8ea227a582c14f63e9e8853eb7369122f10 (diff) | |
| download | linux-c660133c339f9ab684fdf568c0d51b9ae5e86002.tar.bz2 | |
RDMA/mlx5: Do not allow the user to write to the clock page
The intent of this VMA was to be read-only from user space, but the
VM_MAYWRITE masking was missed, so mprotect could make it writable.
Cc: stable@vger.kernel.org
Fixes: 5c99eaecb1fc ("IB/mlx5: Mmap the HCA's clock info to user-space")
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Reviewed-by: Haggai Eran <haggaie@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Diffstat (limited to 'drivers/infiniband')
| -rw-r--r-- | drivers/infiniband/hw/mlx5/main.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c index 241d9ead79eb..12a75dfc992b 100644 --- a/drivers/infiniband/hw/mlx5/main.c +++ b/drivers/infiniband/hw/mlx5/main.c @@ -2068,6 +2068,7 @@ static int mlx5_ib_mmap_clock_info_page(struct mlx5_ib_dev *dev, if (vma->vm_flags & VM_WRITE) return -EPERM; + vma->vm_flags &= ~VM_MAYWRITE; if (!dev->mdev->clock_info_page) return -EOPNOTSUPP; @@ -2233,6 +2234,7 @@ static int mlx5_ib_mmap(struct ib_ucontext *ibcontext, struct vm_area_struct *vm if (vma->vm_flags & VM_WRITE) return -EPERM; + vma->vm_flags &= ~VM_MAYWRITE; /* Don't expose to user-space information it shouldn't have */ if (PAGE_SIZE > 4096) |