scsi: sg: mitigate read/write abuse - openslx/kernel-qcow2-linux.git

diff options

author	Jann Horn	2018-06-25 16:25:44 +0200
committer	Martin K. Petersen	2018-06-26 19:10:42 +0200
commit	26b5b874aff5659a7e26e5b1997e3df2c41fa7fd (patch)
tree	65bf8865093f0b17b95602d29c86b90e9386dda4 /drivers/scsi/qla2xxx
parent	scsi: aacraid: Fix PD performance regression over incorrect qd being set (diff)
download	kernel-qcow2-linux-26b5b874aff5659a7e26e5b1997e3df2c41fa7fd.tar.gz kernel-qcow2-linux-26b5b874aff5659a7e26e5b1997e3df2c41fa7fd.tar.xz kernel-qcow2-linux-26b5b874aff5659a7e26e5b1997e3df2c41fa7fd.zip

scsi: sg: mitigate read/write abuse

As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is not fit to be called under KERNEL_DS"), sg improperly accesses userspace memory outside the provided buffer, permitting kernel memory corruption via splice(). But it doesn't just do it on ->write(), also on ->read(). As a band-aid, make sure that the ->read() and ->write() handlers can not be called in weird contexts (kernel context or credentials different from file opener), like for ib_safe_file_access(). If someone needs to use these interfaces from different security contexts, a new interface should be written that goes through the ->ioctl() handler. I've mostly copypasted ib_safe_file_access() over as sg_safe_file_access() because I couldn't find a good common header - please tell me if you know a better way. [mkp: s/_safe_/_check_/] Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: <stable@vger.kernel.org> Signed-off-by: Jann Horn <jannh@google.com> Acked-by: Douglas Gilbert <dgilbert@interlog.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Diffstat (limited to 'drivers/scsi/qla2xxx')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: