Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09b7c336 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by Greg Kroah-Hartman
Browse files

RDMA/ucm: Mark UCM interface as BROKEN 

commit 7a8690ed6f5346f6738971892205e91d39b6b901 upstream.

In commit 357d23c811a7 ("Remove the obsolete libibcm library")
in rdma-core [1], we removed obsolete library which used the
/dev/infiniband/ucmX interface.

Following multiple syzkaller reports about non-sanitized
user input in the UCMA module, the short audit reveals the same
issues in UCM module too.

It is better to disable this interface in the kernel,
before syzkaller team invests time and energy to harden
this unused interface.

[1] https://github.com/linux-rdma/rdma-core/pull/279



Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e472ba15

drivers/infiniband/Kconfig

+12 −0
Original line number Diff line number Diff line
@@ -33,6 +33,18 @@ config INFINIBAND_USER_ACCESS 
	  libibverbs, libibcm and a hardware driver library from

	  <http://www.openfabrics.org/git/>.



config INFINIBAND_USER_ACCESS_UCM

	bool "Userspace CM (UCM, DEPRECATED)"

	depends on BROKEN

	depends on INFINIBAND_USER_ACCESS

	help

	  The UCM module has known security flaws, which no one is

	  interested to fix. The user-space part of this code was

	  dropped from the upstream a long time ago.



	  This option is DEPRECATED and planned to be removed.





config INFINIBAND_USER_MEM

	bool

	depends on INFINIBAND_USER_ACCESS != n

drivers/infiniband/core/Makefile

+2 −2
Original line number Diff line number Diff line
@@ -5,8 +5,8 @@ obj-$(CONFIG_INFINIBAND) += ib_core.o ib_mad.o ib_sa.o \ 
					ib_cm.o iw_cm.o ib_addr.o \

					$(infiniband-y)

obj-$(CONFIG_INFINIBAND_USER_MAD) +=	ib_umad.o

obj-$(CONFIG_INFINIBAND_USER_ACCESS) +=	ib_uverbs.o ib_ucm.o \

					$(user_access-y)

obj-$(CONFIG_INFINIBAND_USER_ACCESS) += ib_uverbs.o $(user_access-y)

obj-$(CONFIG_INFINIBAND_USER_ACCESS_UCM) += ib_ucm.o $(user_access-y)



ib_core-y :=			packer.o ud_header.o verbs.o sysfs.o \

				device.o fmr_pool.o cache.o netlink.o