On Fri, Aug 18, 2023 at 09:48:38AM -0500, Shiraz Saleem wrote:
> From: Christopher Bednarz <christopher.n.bednarz@xxxxxxxxx>
>
> Currently irdma allows zero-length STAGs to be programmed in HW during
> the kernel mode fast register flow. Zero-length MR or STAG registration
> disable HW memory length checks.
>
> Improve gaps in bounds checking in irdma by preventing zero-length STAG or
> MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.
>
> This addresses the disclosure CVE-2023-25775.
>
> Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
> Signed-off-by: Christopher Bednarz <christopher.n.bednarz@xxxxxxxxx>
> Signed-off-by: Shiraz Saleem <shiraz.saleem@xxxxxxxxx>
> ---
> drivers/infiniband/hw/irdma/ctrl.c | 6 ++++++
> drivers/infiniband/hw/irdma/type.h | 2 ++
> drivers/infiniband/hw/irdma/verbs.c | 10 ++++++++--
> 3 files changed, 16 insertions(+), 2 deletions(-)
I applied it to rdma-next because we are in -rc6 now and anyway this
patch will land Linus very soon.
Thanks
