On Wed, Nov 29, 2023 at 04:42:53PM -0600, Shiraz Saleem wrote:
[ Upstream commit bb6d73d9add68ad270888db327514384dfa44958 ]
Currently i40iw allows zero-length STAGs to be programmed in HW during the kernel mode fast register flow. Zero-length MR or STAG registration disable HW memory length checks.
Improve gaps in bounds checking in irdma by preventing zero-length STAG or MR registrations except if the IB_PD_UNSAFE_GLOBAL_RKEY is set.
This addresses the disclosure CVE-2023-25775.
i40iw is replaced by irdma upstream starting 5.14, resulting in adjustments to upstream commit to support the older APIs.
The kernel versions to apply this patch are 5.10.x 5.4.x 4.19.x 4.14.x.
We also need a working version for 5.15.y so that you do not have a regression when you update kernel trees.
thanks,
greg k-h