Shiraz Saleem 4460a7c979 RDMA/i40iw: Address an mmap handler exploit in i40iw ... commit 2ed381439e upstream. i40iw_mmap manipulates the vma->vm_pgoff to differentiate a push page mmap vs a doorbell mmap, and uses it to compute the pfn in remap_pfn_range without any validation. This is vulnerable to an mmap exploit as described in: https://lore.kernel.org/r/20201119093523.7588-1-zhudi21@huawei.com The push feature is disabled in the driver currently and therefore no push mmaps are issued from user-space. The feature does not work as expected in the x722 product. Remove the push module parameter and all VMA attribute manipulations for this feature in i40iw_mmap. Update i40iw_mmap to only allow DB user mmapings at offset = 0. Check vm_pgoff for zero and if the mmaps are bound to a single page. Cc: <stable@kernel.org> Fixes: d374984179 ("i40iw: add files for iwarp interface") Link: https://lore.kernel.org/r/20201125005616.1800-2-shiraz.saleem@intel.com Reported-by: Di Zhu <zhudi21@huawei.com> Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-12-08 10:40:28 +01:00
..
core	RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()	2020-11-01 12:01:05 +01:00
hw	RDMA/i40iw: Address an mmap handler exploit in i40iw	2020-12-08 10:40:28 +01:00
sw	RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs	2020-11-24 13:29:05 +01:00
ulp	RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces	2020-10-29 09:57:51 +01:00
Kconfig	RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs	2020-11-24 13:29:05 +01:00
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00