AWS AWSEC2 medium security documentation change
Summary
Added changelog entry for EFA version 1.48.0 documenting bug fixes including use-after-free bugs, race conditions, memory leaks, and new security features like package signature verification
Security assessment
The changelog explicitly documents fixes for security vulnerabilities including use-after-free bugs and race conditions. It also adds documentation about new security features including individual package signature verification support. The specific mention of 'Fix use-after-free bugs in DC packet completion, CQ drain, AH unit test, and MR logging' and 'Fix race conditions in efa_rdm_ep_get_peer and QP locking' provides concrete evidence of security-related fixes.
Diff
diff --git a/AWSEC2/latest/UserGuide/efa-changelog.md b/AWSEC2/latest/UserGuide/efa-changelog.md index 0178db66a..45a1995f4 100644 --- a//AWSEC2/latest/UserGuide/efa-changelog.md +++ b//AWSEC2/latest/UserGuide/efa-changelog.md @@ -12,0 +13,36 @@ Version | Changes | Release date +1.48.0 | + + * **Upgrade to[ libfabric 2.4.0amzn3.0](https://github.com/aws/libfabric/releases/tag/v2.4.0amzn3.0)** + * Optimize shm address retrieval in RDM operations + * Fix use-after-free bugs in DC packet completion, CQ drain, AH unit test, and MR logging + * Fix race conditions in efa_rdm_ep_get_peer and QP locking + * Fix uninitialized descriptor arrays causing segfault with FI_EFA_ENABLE_SHM_TRANSFER=0 + * Fix memory leaks in fi_info, err_buf, EFA device destruction, and unit tests + * Add null check for base_ep in CQ polling to handle destroyed QPs + * Set qp->base_ep in efa_qp_create and return error if efa_mr_reg_ibv_mr returns NULL + * Move QP table from domain to device with device-level locking + * Add QP generation to data path direct request ID and verify QP number on CQE + * Stop setting qp->ibv_qp_ex->wr_id for data path direct + * Correctly remove txe from longcts_send list on receipt recv completion + * Refactor and clean up efa_cq_handle_error + * Convert MR registration counters to atomic operations + * Migrate shm MR registration code and introduce internal mr regv function + * Disable MR cache by default under ASAN + * Only disable zcpy_rx when p2p is not available but FI_HMEM is requested + * Do not track tx pkt pool for non-debug build + * Improve wait_send procedure and mock functions + * Adjust log levels for efa-direct CQ err_data and efa_show_help + * Define sanitizer macros and disable memhooks under ASAN + * Add unit tests for ep enable error path and error completion handling + * **Upgrade to[ libnccl-ofi 1.19.0](https://github.com/aws/aws-ofi-nccl/releases/tag/v1.19.0) ** + * Fixed error in handling dma-buf handles created by ROCm/HSA and added dma-buf support detection when using HSA runtime on ROCm platforms + * Fixed potential memory leaks + * Fixed NCCL topology generation for GB200 in Docker containers where NUMA nodes disconnected from Package nodes caused incorrect topology generation + * Reduced QP utilization on NIC 0 during initialization + * Improved tuner algorithm choices for P6-B200 and P6-B300 instance types + * **Support for libnccl-ofi install on NGC containers** + * **Add individual RPM/DEB package signature verification support** + * **Add support for RHEL 10** + * **Add OFI NCCL Plugin on Debian 12 and RHEL 10** + +| April 14, 2026