5cdece6...
by
Pablo Neira Ayuso <email address hidden>
netfilter: nf_tables: stricter validation of element data
Make sure element data type and length do not mismatch the one specified
by the set declaration.
Fixes: 7d7402642eaf ("netfilter: nf_tables: variable sized set element keys / data")
Reported-by: Hugues ANGUELKOV <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
CVE-2022-34918
(backported from commit 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6)
[cengizcan: target function does not exist until 5.8 so follow history
backwards, find previous place of length check and adapt the change for
5.4]
Signed-off-by: Cengiz Can <email address hidden>
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Zachary Tahenakos <<email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
4279301...
by
Slawomir Mrozowicz <email address hidden>
ixgbevf: add disable link state
Add possibility to disable link state if it is administratively
disabled in PF.
It is part of the general functionality that allows the PF driver
to control the state of the virtual link VF devices.
Signed-off-by: Slawomir Mrozowicz <email address hidden>
Tested-by: Konrad Jankowski <email address hidden>
Signed-off-by: Tony Nguyen <email address hidden>
CVE-2021-33061
(backported from commit 443ebdd68b443ea0798c883e8aabf10d75268e92)
[cengizcan: IXGBE_VT_MSGTYPE_{NACK|ACK} were renamed in v5.17 with
commit 0edbecd57057 and the patch depends on new names. Add aliases
into `mbx.h` to fix compilation and preserve maintainability.]
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
c7f9625...
by
Slawomir Mrozowicz <email address hidden>
ixgbe: add improvement for MDD response functionality
The 82599 PF driver disable VF driver after a special MDD event occurs.
Adds the option for administrators to control whether VFs are
automatically disabled after several MDD events.
The automatically disabling is now the default mode for 82599 PF driver,
as it is more reliable.
This addresses CVE-2021-33061.
Signed-off-by: Slawomir Mrozowicz <email address hidden>
Tested-by: Konrad Jankowski <email address hidden>
Signed-off-by: Tony Nguyen <email address hidden>
CVE-2021-33061
(backported from commit 008ca35f6e87be1d60b6af3d1ae247c6d5c2531d)
[cengizcan: we don't have commit dc221851ffd1 ("ixgbe: convert to
new udp_tunnel_nic infra") from 5.9 so change context accordingly]
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
a7645bb...
by
Slawomir Mrozowicz <email address hidden>
ixgbe: add the ability for the PF to disable VF link state
Add support for ndo_set_vf_link_state the Network Device Option that
allows the PF driver to control the virtual link state of the VF devices.
Without this change a VF cannot be disabled/enabled by the administrator.
In the implementation the auto state takes over PF link state to
VF link setting, the enable state is not supported, the disable state
shut off the VF link regardless of the PF setting.
Signed-off-by: Slawomir Mrozowicz <email address hidden>
Tested-by: Konrad Jankowski <email address hidden>
Signed-off-by: Tony Nguyen <email address hidden>
CVE-2021-33061
(cherry picked from commit 366fd1000995d4cf64e1a61a0d78a051550b9841)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>