linux/drivers
Faisal Latif c12e56ef69 RDMA/nes: Don't allow userspace QPs to use STag zero
STag zero is a special STag that allows consumers to access any bus
address without registering memory.  The nes driver unfortunately
allows STag zero to be used even with QPs created by unprivileged
userspace consumers, which means that any process with direct verbs
access to the nes device can read and write any memory accessible to
the underlying PCI device (usually any memory in the system).  Such
access is usually given for cluster software such as MPI to use, so
this is a local privilege escalation bug on most systems running this
driver.

The driver was using STag zero to receive the last streaming mode
data; to allow STag zero to be disabled for unprivileged QPs, the
driver now registers a special MR for this data.

Cc: <stable@kernel.org>
Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-12 16:21:41 -07:00
..
accessibility
acpi Merge branches 'release', 'bugzilla-12011', 'bugzilla-12632', 'misc' and 'suspend' into release 2009-02-21 22:01:43 -05:00
amba [ARM] Fix realview build 2009-01-08 16:29:41 +00:00
ata libata: Don't trust current capacity values in identify words 57-58 2009-03-05 07:26:10 -05:00
atm ATM: misplaced parentheses? 2009-02-18 17:41:38 -08:00
auxdisplay
base mm: get_nid_for_pfn() returns int 2009-03-10 15:55:10 -07:00
block Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-03-09 09:15:40 -07:00
bluetooth
cdrom
char Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-03-11 12:14:04 -07:00
clocksource
connector
cpufreq Revert "[CPUFREQ] Disable sysfs ui for p4-clockmod." 2009-03-09 15:07:33 -04:00
cpuidle
crypto crypto: ixp4xx - Fix qmgr_request_queue build failure 2009-03-04 08:01:22 +08:00
dca I/OAT: update driver version and copyright dates 2009-03-04 16:04:40 -07:00
dio m68k: dio - Kill resource_size_t format warnings 2009-01-12 20:56:42 +01:00
dma Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2009-03-08 10:23:05 -07:00
edac powerpc: More printing warning fixes for the l64 to ll64 conversion 2009-01-28 17:15:52 +11:00
eisa
firewire firewire: core: Remove card from list of cards when enable fails 2009-02-01 11:17:24 +01:00
firmware Bernhard has moved 2009-02-18 15:37:56 -08:00
gpio gpiolib: fix request related issue 2009-01-29 18:04:43 -08:00
gpu drm/i915: fix 945 fence register writes for fence 8 and above. 2009-03-11 11:02:06 -07:00
hid HID: move tmff and zpff devices from ignore_list to blacklist 2009-02-17 13:25:01 +01:00
hwmon lm85: add VRM10 support for adt7468 chip 2009-03-10 15:55:10 -07:00
i2c Merge master.kernel.org:/home/rmk/linux-2.6-arm 2009-03-03 14:12:41 -08:00
ide ide: add at91_ide driver 2009-03-05 16:10:58 +01:00
idle
ieee1394 Make ieee1394_init a fs-initcall 2009-02-26 10:32:31 -08:00
infiniband RDMA/nes: Don't allow userspace QPs to use STag zero 2009-03-12 16:21:41 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2009-03-02 15:43:03 -08:00
isdn ISDN: fix sc/shmem printk format warning 2009-02-20 00:54:44 -08:00
leds lis3lv02d: merge with leds hp disk 2009-01-15 16:39:40 -08:00
lguest lguest: fix for CONFIG_SPARSE_IRQ=y 2009-03-09 10:06:29 +10:30
macintosh Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-01-07 11:31:52 -08:00
mca
md md: fix deadlock when stopping arrays 2009-03-04 00:57:25 -07:00
media Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2009-03-02 15:43:03 -08:00
memstick memstick: annotate endianness of attribute structs 2009-01-09 16:54:41 -08:00
message [SCSI] mpt: fix disable lsi sas to use msi as default 2009-02-22 08:51:07 -06:00
mfd mfd: add support for WM8351 revision B 2009-03-12 16:20:24 -07:00
misc hpilo: new pci device 2009-02-27 16:26:22 -08:00
mmc mmc: s3cmci: fix s3c2410_dma_config() arguments. 2009-03-12 16:20:24 -07:00
mtd mtd: physmap: fix NULL pointer dereference in error path 2009-03-10 15:55:11 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 2009-03-12 09:27:53 -07:00
nubus
of drivers/of: Add the of_find_i2c_device_by_node function. 2009-01-09 15:49:06 -07:00
oprofile oprofile: fix uninitialized use of struct op_entry 2009-01-17 17:26:39 +01:00
parisc Documentation: move DMA-mapping.txt to Doc/PCI/ 2009-01-29 18:19:29 -08:00
parport m68k: atari - Rename "mfp" to "st_mfp" 2009-02-22 09:23:02 -08:00
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-02-26 14:43:42 -08:00
pcmcia powerpc: Change u64/s64 to a long long integer type 2009-01-13 14:47:59 +11:00
platform acer-wmi: fix regression in backlight detection 2009-03-12 16:20:24 -07:00
pnp Merge branch 'linus' into release 2009-01-09 03:39:43 -05:00
power ds2760_battery.c: fix division by zero 2009-03-12 16:20:23 -07:00
ps3 powerpc/ps3: Printing fixups for l64 to ll64 conversion drivers/ps3 2009-01-16 16:15:14 +11:00
rapidio
regulator leds: Fix bounds checking of wm8350->pmic.led 2009-01-30 21:50:49 +00:00
rtc rtc: t reaches -1, tested 0 2009-02-11 14:25:36 -08:00
s390 [S390] fix "mem=" handling in case of standby memory 2009-02-19 15:19:19 +01:00
sbus sparc64: wait_event_interruptible_timeout may return -ERESTARTSYS 2009-03-04 00:19:28 -08:00
scsi [SCSI] fix ABORTED_COMMAND looping forever problem 2009-02-21 20:29:38 -06:00
serial Merge branch 'sh/for-2.6.29' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6 2009-02-27 16:40:00 -08:00
sh
sn
spi spi-gpio: sanitize MISO bitvalue 2009-02-18 15:37:56 -08:00
ssb
staging Staging: w35und: fix usb_control_msg() error handling in wb35_probe() 2009-02-27 12:56:24 -08:00
tc
telephony
thermal
uio
usb USB: musb: fix srp sysfs entry deletion 2009-02-27 14:40:51 -08:00
uwb uwb: lock rc->rsvs_lock with spin_lock_bh() 2009-01-23 12:57:20 +00:00
video Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-03-11 12:14:04 -07:00
virtio virtio-pci: do not oops on config change if driver not loaded 2009-02-02 19:17:56 -08:00
w1 drivers/w1/masters/w1-gpio.c: fix read_bit() 2009-03-12 16:20:23 -07:00
watchdog [WATCHDOG] orion5x_wdt.c: 'ORION5X_TCLK' undeclared 2009-03-05 19:25:05 +00:00
xen PM: Split up sysdev_[suspend|resume] from device_power_[down|up] 2009-02-22 10:33:44 -08:00
zorro m68k: zorro - Use %pR to print resources 2009-01-12 20:56:43 +01:00
Kconfig
Makefile Merge branch 'drivers-platform' into release 2009-01-09 04:56:56 -05:00