mirror of https://gitee.com/openkylin/linux.git
c12e56ef69
STag zero is a special STag that allows consumers to access any bus address without registering memory. The nes driver unfortunately allows STag zero to be used even with QPs created by unprivileged userspace consumers, which means that any process with direct verbs access to the nes device can read and write any memory accessible to the underlying PCI device (usually any memory in the system). Such access is usually given for cluster software such as MPI to use, so this is a local privilege escalation bug on most systems running this driver. The driver was using STag zero to receive the last streaming mode data; to allow STag zero to be disabled for unprivileged QPs, the driver now registers a special MR for this data. Cc: <stable@kernel.org> Signed-off-by: Faisal Latif <faisal.latif@intel.com> Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| nes.c | ||
| nes.h | ||
| nes_cm.c | ||
| nes_cm.h | ||
| nes_context.h | ||
| nes_hw.c | ||
| nes_hw.h | ||
| nes_nic.c | ||
| nes_user.h | ||
| nes_utils.c | ||
| nes_verbs.c | ||
| nes_verbs.h | ||