APPLIED[J/F]/Cmnt: [SRU F/OEM-5.14/J/OEM-5.17 PATCH 0/3] CVE-2021-33061
stefan.bader at canonical.com
Mon Aug 1 13:15:26 UTC 2022
On 27.07.22 05:30, Cengiz Can wrote:
> Insufficient control flow management for the Intel(R) 82599 Ethernet
> Controllers and Adapters may allow an authenticated user to potentially
> enable denial of service via local access.
> Patches were first introduced to net-next and were pulled to upstream.
> Break commit has not been clearly identified so it's assumed that
> it existed for a while.
> "ixgbe: add improvement for MDD response functionality" is the actual
> fix to the issue. Last patch in the series checks a flag that was
> renamed in 5.17. After discussions, I decided to put an alias into the
> header and keep the fragments untouched.
> [Test case]
> Compile and boot tested on KVM only. Since I don't have access to the
> target ethernet chip, testing scope was limited.
> [Potential regression]
> The checks that were added by the author are new and target specific
> hardware IDs. Regression potential should be minimal.
> The alias lines added to `mbx.h` (for < 5.17) should be removed if
> commit 0edbecd57057 ever lands in on our kernels.
> Slawomir Mrozowicz (3):
> ixgbe: add the ability for the PF to disable VF link state
> ixgbe: add improvement for MDD response functionality
> ixgbevf: add disable link state
> drivers/net/ethernet/intel/ixgbe/ixgbe.h | 6 +
> .../net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 21 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 39 +++-
> drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
> .../net/ethernet/intel/ixgbe/ixgbe_sriov.c | 207 ++++++++++++++----
> .../net/ethernet/intel/ixgbe/ixgbe_sriov.h | 4 +-
> drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 2 +
> .../net/ethernet/intel/ixgbevf/ixgbevf_main.c | 11 +-
> drivers/net/ethernet/intel/ixgbevf/mbx.h | 12 +
> drivers/net/ethernet/intel/ixgbevf/vf.c | 42 ++++
> drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
> 11 files changed, 301 insertions(+), 46 deletions(-)
I saw when applying this for Jammy, that only patch #2 of the 3 referred to the
CVE. Note for future submissions, that all patches sent to fix a CVE need the
annotation. For Jammy and Focal I have done that when applying.
Applied to jammy,focal:linux/master-next. Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the kernel-team