From: "Pavel Machek" <pavel@ucw.cz>
To: Jan Kiszka <jan.kiszka@siemens.com>, wens@csie.org
Cc: nobuhiro1.iwamatsu@toshiba.co.jp, cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] Backporting of security patches for Intel i40e drivers required?
Date: Wed, 14 Oct 2020 16:13:55 +0200 [thread overview]
Message-ID: <20201014141355.GA16362@duo.ucw.cz> (raw)
In-Reply-To: <d5baee23-9a71-6994-146d-1b54d42d1ef9@siemens.com>
[-- Attachment #1.1: Type: text/plain, Size: 1441 bytes --]
Hi!
> given the exposure of such a device but also the fact that I can't tell
> for sure if/where it's used (not only by us), I would recommend backporting.
> > There are multiple patches fixed for 4.19, which can be separated by feature.
> >
> > - i40e: add num_vectors checker in iwarp handler
> >
> > This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver").
> > e3219ce6a7754 is not included in 4.4.y and can be ignored.
It is interesting this one is listed in both CVE-145, CVE-147 in
cip-kernel-sec. Is that an error?
> > - i40e: Wrong truncation from u16 to u8
> > This can be apply in 4.4.y.
> >
> > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
> >
> > This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter").
> > It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied.
I see also
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
which apparently allows people to listen to packets they should not
see. But I assume this requires elevated priviledges to begin with...
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 420 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5577): https://lists.cip-project.org/g/cip-dev/message/5577
Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2020-10-14 14:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-08 9:42 [cip-dev] Backporting of security patches for Intel i40e drivers required? masashi.kudo
2020-10-09 0:23 ` Nobuhiro Iwamatsu
2020-10-09 7:24 ` Jan Kiszka
2020-10-12 9:27 ` masashi.kudo
2020-10-14 14:13 ` Pavel Machek [this message]
2020-10-14 14:55 ` Chen-Yu Tsai (Moxa)
2020-11-11 13:18 ` masashi.kudo
2020-11-11 20:50 ` Ben Hutchings
2020-11-13 0:49 ` masashi.kudo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201014141355.GA16362@duo.ucw.cz \
--to=pavel@ucw.cz \
--cc=cip-dev@lists.cip-project.org \
--cc=jan.kiszka@siemens.com \
--cc=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=wens@csie.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox