RDMA/hns: Fix potential UAF after reset
driver inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/rdma-core/issues/I83L7U ---------------------------------------------------------- Currently, the mapping relationship of reset page between kernel mode and user mode is maintained by driver. If the driver is hot-plugged (e.g. reset), the memory of the reset page is released by kernel driver, but the reset page in user mode still points to this released address which would lead to a UAF. This patch use the helper rdma_user_mmap_io() to maintain the vma mapping, rather than driver itself, which remmaps the userspace reset page to an safe zero page if driver was hot-plugged. Fixes: e8b1fec4 ("RDMA/hns: Kernel notify usr space to stop ring db") Signed-off-by:Chengchang Tang <tangchengchang@huawei.com>
Loading
Please sign in to comment