On 2023/8/18 22:48, Shiraz Saleem wrote:
From: Christopher Bednarz <christopher.n.bednarz@xxxxxxxxx>
Currently irdma allows zero-length STAGs to be programmed in HW during
the kernel mode fast register flow. Zero-length MR or STAG registration
disable HW memory length checks.
Improve gaps in bounds checking in irdma by preventing zero-length STAG or
MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.
This addresses the disclosure CVE-2023-25775.
Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
Hello,I would like to consult the CVE. The driver corresponding to the
kernel of an earlier version (< 5.14) is i40iw and has similar code
logic. Is this CVE also involved?
Signed-off-by: Christopher Bednarz <christopher.n.bednarz@xxxxxxxxx>
Signed-off-by: Shiraz Saleem <shiraz.saleem@xxxxxxxxx>
---
drivers/infiniband/hw/irdma/ctrl.c | 6 ++++++
drivers/infiniband/hw/irdma/type.h | 2 ++
drivers/infiniband/hw/irdma/verbs.c | 10 ++++++++--
3 files changed, 16 insertions(+), 2 deletions(-)
[...]
