[openib-general] uverbs security
Roland Dreier
roland at topspin.com
Tue Mar 15 11:27:11 PST 2005
Michael> Hi, Roland! Looking at uverbs kernel module, I notice
Michael> that in some instances it passes some parameters from
Michael> userspace directly to ib core, without verifying their
Michael> sanity.
Michael> One example of this is qp attributes in create and modify
Michael> qp.
Michael> For example, modify qp and alloc qp will simply copy the
Michael> attributes. This might create issues since the core may
Michael> assume it works against a trusted kernel client, so it
Michael> may get confused if passed illegal parameter values.
Michael> For example, qp type could be IB_QPT_SMI or
Michael> IB_QPT_GSI. Will this create a problem? Hard for me to
Michael> tell ...
This particular example is OK, because mthca_provider.c has:
case IB_QPT_SMI:
case IB_QPT_GSI:
{
/* Don't allow userspace to create special QPs */
if (pd->uobject)
return ERR_PTR(-EINVAL);
but I agree it might be better to check this in the uverbs module.
Michael> I think the best approach is to validate *all* user-given
Michael> parameters before passing them on to core. What do you
Michael> think?
Yes, we should do as much validation as possible, although I'm not
very worried about bad values that have no effect on anyone other than
the userspace process itself.
- R.
More information about the general
mailing list