[openib-general] uverbs security

Roland Dreier roland at topspin.com
Tue Mar 15 11:27:11 PST 2005


    Michael> Hi, Roland!  Looking at uverbs kernel module, I notice
    Michael> that in some instances it passes some parameters from
    Michael> userspace directly to ib core, without verifying their
    Michael> sanity.

    Michael> One example of this is qp attributes in create and modify
    Michael> qp.

    Michael> For example, modify qp and alloc qp will simply copy the
    Michael> attributes.  This might create issues since the core may
    Michael> assume it works against a trusted kernel client, so it
    Michael> may get confused if passed illegal parameter values.

    Michael> For example, qp type could be IB_QPT_SMI or
    Michael> IB_QPT_GSI. Will this create a problem? Hard for me to
    Michael> tell ...

This particular example is OK, because mthca_provider.c has:

	case IB_QPT_SMI:
	case IB_QPT_GSI:
	{
		/* Don't allow userspace to create special QPs */
		if (pd->uobject)
			return ERR_PTR(-EINVAL);

but I agree it might be better to check this in the uverbs module.

    Michael> I think the best approach is to validate *all* user-given
    Michael> parameters before passing them on to core. What do you
    Michael> think?

Yes, we should do as much validation as possible, although I'm not
very worried about bad values that have no effect on anyone other than
the userspace process itself.

 - R.



More information about the general mailing list