Seems that MLNX_OFED-2.4 does not have this check, so it's time to patch and rebuild IB drivers :-(
diff -ur linux-2.6.32-504.8.1.el6/drivers/infiniband/core/umem.c linux-2.6.32-504.12.2.el6/drivers/infiniband/core/umem.c
--- linux-2.6.32-504.8.1.el6/drivers/infiniband/core/umem.c 2014-12-19 18:31:21.000000000 +0200
+++ linux-2.6.32-504.12.2.el6/drivers/infiniband/core/umem.c 2015-02-01 18:24:27.000000000 +0200
@@ -92,6 +92,14 @@
+ * If the combination of the addr and size requested for this memory
+ * region causes an integer overflow, return error.
+ if ((PAGE_ALIGN(addr + size) <= size) ||
+ (PAGE_ALIGN(addr + size) <= addr))
+ return ERR_PTR(-EINVAL);
1 of 1 people found this helpful
Thanks for the heads up!
Mellanox has released an updated version of the 2.4-1 release to address issue :
I noticed that while mellanox reported the problem to redhat (promptly fixed) upstream Linux kernel and ofed seem out of the loop (or atleast not fixing). I base this on the patch being missing from both Linux git master and ofed-3.18-daily.
Also the available cve info at nvd and mitre is missing lots of information (most significantly that most everybody using ib is vulnerable until updated).