git.kernel.dk Git - linux-2.6-block.git/commit - drivers/infiniband/hw/irdma/type.h

author	Christopher Bednarz <christopher.n.bednarz@intel.com>
	Fri, 18 Aug 2023 14:48:38 +0000 (09:48 -0500)
committer	Leon Romanovsky <leon@kernel.org>
	Sat, 19 Aug 2023 16:28:17 +0000 (19:28 +0300)
commit	bb6d73d9add68ad270888db327514384dfa44958
tree	78bdfbd54f590a50d5d579ef9beb8d43731bdc78	tree \| snapshot
parent	ed10435d35831478c2a93a238b62e6699bdf4834	commit \| diff

RDMA/irdma: Prevent zero-length STAG registration

Currently irdma allows zero-length STAGs to be programmed in HW during
the kernel mode fast register flow. Zero-length MR or STAG registration
disable HW memory length checks.

Improve gaps in bounds checking in irdma by preventing zero-length STAG or
MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.

This addresses the disclosure CVE-2023-25775.

Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
Signed-off-by: Christopher Bednarz <christopher.n.bednarz@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Link: https://lore.kernel.org/r/20230818144838.1758-1-shiraz.saleem@intel.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>

drivers/infiniband/hw/irdma/ctrl.c		diff \| blob \| blame \| history
drivers/infiniband/hw/irdma/type.h		diff \| blob \| blame \| history
drivers/infiniband/hw/irdma/verbs.c		diff \| blob \| blame \| history