On Fri, Dec 15, 2023 at 01:29:39PM -0600, Shiraz Saleem wrote:
From: Christopher Bednarz christopher.n.bednarz@intel.com
[Upstream commit bb6d73d9add68ad270888db327514384dfa44958]
Currently irdma allows zero-length STAGs to be programmed in HW during the kernel mode fast register flow. Zero-length MR or STAG registration disable HW memory length checks.
Improve gaps in bounds checking in irdma by preventing zero-length STAG or MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.
This addresses the disclosure CVE-2023-25775.
The kernel version to apply this patch is 5.15.x.
Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs") Signed-off-by: Christopher Bednarz christopher.n.bednarz@intel.com Signed-off-by: Shiraz Saleem shiraz.saleem@intel.com
drivers/infiniband/hw/irdma/ctrl.c | 6 ++++++ drivers/infiniband/hw/irdma/type.h | 2 ++ drivers/infiniband/hw/irdma/verbs.c | 10 ++++++++-- 3 files changed, 16 insertions(+), 2 deletions(-)
Now queued up, thanks.
greg k-h