ACK/Cmnt: [SRU F/OEM-5.14/J/OEM-5.17 PATCH 0/3] CVE-2021-33061

Stefan Bader stefan.bader at canonical.com
Wed Jul 27 08:07:01 UTC 2022 

On 27.07.22 05:30, Cengiz Can wrote:
> [Impact]
> Insufficient control flow management for the Intel(R) 82599 Ethernet
> Controllers and Adapters may allow an authenticated user to potentially
> enable denial of service via local access.
> 
> [Fix]
> Patches were first introduced to net-next and were pulled to upstream.
> 
> Break commit has not been clearly identified so it's assumed that
> it existed for a while.
> 
> "ixgbe: add improvement for MDD response functionality" is the actual
> fix to the issue. Last patch in the series checks a flag that was
> renamed in 5.17. After discussions, I decided to put an alias into the
> header and keep the fragments untouched.
> 
> [Test case]
> Compile and boot tested on KVM only. Since I don't have access to the
> target ethernet chip, testing scope was limited.
> 
> [Potential regression]
> The checks that were added by the author are new and target specific
> hardware IDs. Regression potential should be minimal.
> 
> The alias lines added to `mbx.h` (for < 5.17) should be removed if
> commit 0edbecd57057 ever lands in on our kernels.
> 
> Slawomir Mrozowicz (3):
>    ixgbe: add the ability for the PF to disable VF link state
>    ixgbe: add improvement for MDD response functionality
>    ixgbevf: add disable link state
> 
>   drivers/net/ethernet/intel/ixgbe/ixgbe.h      |   6 +
>   .../net/ethernet/intel/ixgbe/ixgbe_ethtool.c  |  21 ++
>   drivers/net/ethernet/intel/ixgbe/ixgbe_main.c |  39 +++-
>   drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h  |   2 +
>   .../net/ethernet/intel/ixgbe/ixgbe_sriov.c    | 207 ++++++++++++++----
>   .../net/ethernet/intel/ixgbe/ixgbe_sriov.h    |   4 +-
>   drivers/net/ethernet/intel/ixgbevf/ixgbevf.h  |   2 +
>   .../net/ethernet/intel/ixgbevf/ixgbevf_main.c |  11 +-
>   drivers/net/ethernet/intel/ixgbevf/mbx.h      |  12 +
>   drivers/net/ethernet/intel/ixgbevf/vf.c       |  42 ++++
>   drivers/net/ethernet/intel/ixgbevf/vf.h       |   1 +
>   11 files changed, 301 insertions(+), 46 deletions(-)
> 
This has been discussed before, so just as some thoughts. Personally I probably 
would have adjusted the patch to use the old defined names. My reasoning would 
have been, yes it might cause future backports to face the same build failure 
but maybe that is a good warning sign to have a closer look. There might be more 
subtle changes which can cause more grief. We had cases where re-arranged code 
in newer kernels caused older kernels to crash when backporting fixes.

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220727/5bcdbbdb/attachment.sig>

More information about the kernel-team mailing list