RDMA/irdma: Prevent zero-length STAG registration (!3171) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Kamal Heib requested to merge kheib/centos-stream-9:RHEL-6388 into main Oct 04, 2023

Upstream status: v6.6-rc1
JIRA: https://issues.redhat.com/browse/RHEL-6388
CVE: CVE-2023-25775

commit bb6d73d9add68ad270888db327514384dfa44958
Author: Christopher Bednarz christopher.n.bednarz@intel.com
Date: Fri Aug 18 09:48:38 2023 -0500

RDMA/irdma: Prevent zero-length STAG registration  

Currently irdma allows zero-length STAGs to be programmed in HW during  
the kernel mode fast register flow. Zero-length MR or STAG registration  
disable HW memory length checks.  

Improve gaps in bounds checking in irdma by preventing zero-length STAG or  
MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.  

This addresses the disclosure CVE-2023-25775.  

Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")  
Signed-off-by: Christopher Bednarz <christopher.n.bednarz@intel.com>  
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>  
Link: https://lore.kernel.org/r/20230818144838.1758-1-shiraz.saleem@intel.com  
Signed-off-by: Leon Romanovsky <leon@kernel.org>

Signed-off-by: Kamal Heib kheib@redhat.com

Admin message

RDMA/irdma: Prevent zero-length STAG registration

Merge request reports