From patchwork Sat Oct 28 03:47:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cengiz Can X-Patchwork-Id: 1856463 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SHQW12Qbxz1yQ5 for ; Sat, 28 Oct 2023 14:48:44 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1qwaJA-0006nV-1N; Sat, 28 Oct 2023 03:48:22 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1qwaJ1-0006n8-1x for kernel-team@lists.ubuntu.com; Sat, 28 Oct 2023 03:48:11 +0000 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id EE7A23F471 for ; Sat, 28 Oct 2023 03:48:09 +0000 (UTC) Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-32dee12c5b4so1344770f8f.2 for ; Fri, 27 Oct 2023 20:48:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698464888; x=1699069688; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JurworldGdsybBbqPnhUe9qLaey5V8S5iXzEXurF0A0=; b=D76PD3G/P7ebe9MRSpCRA7scjrhL/OsdjamKQqVO9tMPCr9plZ1dssRJyjCnXZFMtN qZxr81wdb+7jkVtH0OKJeIaYPcxjxG4d9OCmLKiK5AAI6woKD5KbZWcvWhyA7Jitp5j6 AGe6hyMageICtfL4N1tbFcpjgfVFGdEPAWcX7l5qZC9+A1IL/kQWLwUr4xnGWNjABpwk iJMfR7dULyXHH2rsUhd0LLS+1TTZ9gPdoZka/mX0WjIEw1dkKmgDaI2W0ed/I6J9WkEs vN5Z04dnmq6rT7yqwrriGnBs8l6VHUamjOA2rvG64Gm0Kp6YHjierJO5HTIrwJHoppYS szWg== X-Gm-Message-State: AOJu0Yy77MiWjXdgDEpGaozg0TlRY0uyCAcX6ryIDfdd6q10W+KUPVe5 ZPyvqUFwVHChgMHScXWF7rVN2Gl2ndjXtrOv6WXgG7XDV6iycPe08PeC+K5DHm8rXyplSisWfPL AqGlyphHG0D0KOzNvLUecp7H1Gkj5AlGmC2eQDYhaX/bXPMdW8VHdq3s= X-Received: by 2002:a05:6000:a0a:b0:31f:e5cf:6724 with SMTP id co10-20020a0560000a0a00b0031fe5cf6724mr4491345wrb.46.1698464888778; Fri, 27 Oct 2023 20:48:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHksKDaeiSETZjMgRGA+8Wc5V1SeNPcMEkxORFcBo1jfBRsk3brqUVkUPpoRhwP1qi7jaI44A== X-Received: by 2002:a05:6000:a0a:b0:31f:e5cf:6724 with SMTP id co10-20020a0560000a0a00b0031fe5cf6724mr4491338wrb.46.1698464888385; Fri, 27 Oct 2023 20:48:08 -0700 (PDT) Received: from localhost (uk.sesame.canonical.com. [185.125.190.60]) by smtp.gmail.com with ESMTPSA id o26-20020a5d58da000000b0032d2489a399sm2969805wrf.49.2023.10.27.20.48.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Oct 2023 20:48:07 -0700 (PDT) From: Cengiz Can To: kernel-team@lists.ubuntu.com Subject: [SRU Jammy 0/9] CVE-2023-25775 Date: Sat, 28 Oct 2023 06:47:45 +0300 Message-Id: <20231028034754.887090-1-cengiz.can@canonical.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. [Fix] 8 clean cherry picks and 1 simple context adjusted backport. commit 2c4b14ea9507 ("RDMA/irdma: Remove enum irdma_status_code") was required for a clean cherry pick of the fix commit but since we already had a stable backport of commit 6f6dbb819dfc ("RDMA/irdma: Prevent some integer underflows") in the tree, there was a context conflict. [Test case] Since it requires a 100Gbit NIC, compile and boot tested only. [Potential regression] Medium regression potential. Due to newly introduced older patches. Christopher Bednarz (1): RDMA/irdma: Prevent zero-length STAG registration Shiraz Saleem (2): RDMA/irdma: Remove enum irdma_status_code RDMA/irdma: Remove excess error variables Zhu Yanjun (6): RDMA/irdma: Remove irdma_uk_mw_bind() RDMA/irdma: Remove irdma_sc_send_lsmm_nostag() RDMA/irdma: Remove irdma_cqp_up_map_cmd() RDMA/irdma: Remove irdma_get_hw_addr() RDMA/irdma: Make irdma_uk_cq_init() return a void RDMA/irdma: optimize rx path by removing unnecessary copy drivers/infiniband/hw/irdma/cm.c | 44 +- drivers/infiniband/hw/irdma/ctrl.c | 602 +++++++++++-------------- drivers/infiniband/hw/irdma/defs.h | 8 +- drivers/infiniband/hw/irdma/hmc.c | 105 ++--- drivers/infiniband/hw/irdma/hmc.h | 53 +-- drivers/infiniband/hw/irdma/hw.c | 190 ++++---- drivers/infiniband/hw/irdma/i40iw_hw.c | 1 - drivers/infiniband/hw/irdma/main.c | 6 +- drivers/infiniband/hw/irdma/main.h | 42 +- drivers/infiniband/hw/irdma/osdep.h | 41 +- drivers/infiniband/hw/irdma/pble.c | 77 ++-- drivers/infiniband/hw/irdma/pble.h | 25 +- drivers/infiniband/hw/irdma/protos.h | 92 ++-- drivers/infiniband/hw/irdma/puda.c | 132 +++--- drivers/infiniband/hw/irdma/puda.h | 43 +- drivers/infiniband/hw/irdma/status.h | 71 --- drivers/infiniband/hw/irdma/type.h | 113 +++-- drivers/infiniband/hw/irdma/uda.c | 35 +- drivers/infiniband/hw/irdma/uda.h | 46 +- drivers/infiniband/hw/irdma/uk.c | 223 ++++----- drivers/infiniband/hw/irdma/user.h | 91 ++-- drivers/infiniband/hw/irdma/utils.c | 244 ++++------ drivers/infiniband/hw/irdma/verbs.c | 176 +++----- drivers/infiniband/hw/irdma/ws.c | 19 +- drivers/infiniband/hw/irdma/ws.h | 2 +- 25 files changed, 1011 insertions(+), 1470 deletions(-) delete mode 100644 drivers/infiniband/hw/irdma/status.h Acked-by: Stefan Bader Acked-by: Roxana Nicolescu