RDMA/irdma: Prevent zero-length STAG registration
Upstream status: v6.6-rc1
JIRA: https://issues.redhat.com/browse/RHEL-6388
CVE: CVE-2023-25775
commit bb6d73d9add68ad270888db327514384dfa44958
Author: Christopher Bednarz christopher.n.bednarz@intel.com
Date: Fri Aug 18 09:48:38 2023 -0500
RDMA/irdma: Prevent zero-length STAG registration
Currently irdma allows zero-length STAGs to be programmed in HW during
the kernel mode fast register flow. Zero-length MR or STAG registration
disable HW memory length checks.
Improve gaps in bounds checking in irdma by preventing zero-length STAG or
MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.
This addresses the disclosure CVE-2023-25775.
Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
Signed-off-by: Christopher Bednarz <christopher.n.bednarz@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Link: https://lore.kernel.org/r/20230818144838.1758-1-shiraz.saleem@intel.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Kamal Heib kheib@redhat.com