[openib-general] uverbs security

Troy Benjegerdes hozer at hozed.org
Tue Mar 15 07:38:00 PST 2005


On Tue, Mar 15, 2005 at 08:23:52AM +0200, Michael S. Tsirkin wrote:
> Hi, Roland!
> Looking at uverbs kernel module, I notice that in some instances
> it passes some parameters from userspace directly to ib core, without
> verifying their sanity.
> 
> One example of this is qp attributes in create and modify qp.
> 
> For example, modify qp and alloc qp will simply copy the attributes.
> This might create issues since the core may assume it works against a
> trusted kernel client, so it may get confused if passed illegal
> parameter values.
> 
> For example, qp type could be IB_QPT_SMI or IB_QPT_GSI. Will this create
> a problem? Hard for me to tell ...
> 
> I think the best approach is to validate *all* user-given parameters
> before passing them on to core. What do you think?

Yes. We should be validating all user parameters, and be thinking about
malicious userspace apps. This is another reason I think we ought to
have the linux MM support a 'VM_REGISTERED' flag, and things like
selinux can have different security policies for registered memory vs
not-registered.

I think we should probably also have (possibly compile-time) options for
IB core to sanity check everything, regardless of whether it came from
userspace or kernelspace. (Kind of like CONFIG_DEBUG_KERNEL and the
like)



More information about the general mailing list