diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-05-26 17:03:07 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-05-26 17:03:29 +0200 |
commit | 1be71e246c5564a650cf22f1d0721981b6abc7d2 (patch) | |
tree | c9992c97dd24a6b029bd1accffac2669c900cf45 /debian/patches | |
parent | 48e14745e3054c52d14538ddf7e32cba06f86aff (diff) | |
download | linux-debian-1be71e246c5564a650cf22f1d0721981b6abc7d2.tar.gz |
ixgbe: add improvement for MDD response functionality (CVE-2021-33061)
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/bugfix/all/ixgbe-add-improvement-for-MDD-response-functionality.patch | 162 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 163 insertions, 0 deletions
diff --git a/debian/patches/bugfix/all/ixgbe-add-improvement-for-MDD-response-functionality.patch b/debian/patches/bugfix/all/ixgbe-add-improvement-for-MDD-response-functionality.patch new file mode 100644 index 000000000..2302c2aa9 --- /dev/null +++ b/debian/patches/bugfix/all/ixgbe-add-improvement-for-MDD-response-functionality.patch @@ -0,0 +1,162 @@ +From: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com> +Date: Tue, 1 Mar 2022 11:40:09 +0000 +Subject: ixgbe: add improvement for MDD response functionality +Origin: https://git.kernel.org/linus/008ca35f6e87be1d60b6af3d1ae247c6d5c2531d +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-33061 + +The 82599 PF driver disable VF driver after a special MDD event occurs. +Adds the option for administrators to control whether VFs are +automatically disabled after several MDD events. +The automatically disabling is now the default mode for 82599 PF driver, +as it is more reliable. + +This addresses CVE-2021-33061. + +Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com> +Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com> +Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> +--- + drivers/net/ethernet/intel/ixgbe/ixgbe.h | 4 +++ + .../net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 21 ++++++++++++++ + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 28 ++++++++++++++++++- + 3 files changed, 52 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h +index c9bf18086d9c..921a4d977d65 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h +@@ -184,6 +184,7 @@ struct vf_data_storage { + u8 trusted; + int xcast_mode; + unsigned int vf_api; ++ u8 primary_abort_count; + }; + + enum ixgbevf_xcast_modes { +@@ -558,6 +559,8 @@ struct ixgbe_mac_addr { + #define IXGBE_TRY_LINK_TIMEOUT (4 * HZ) + #define IXGBE_SFP_POLL_JIFFIES (2 * HZ) /* SFP poll every 2 seconds */ + ++#define IXGBE_PRIMARY_ABORT_LIMIT 5 ++ + /* board specific private data structure */ + struct ixgbe_adapter { + unsigned long active_vlans[BITS_TO_LONGS(VLAN_N_VID)]; +@@ -616,6 +619,7 @@ struct ixgbe_adapter { + #define IXGBE_FLAG2_RX_LEGACY BIT(16) + #define IXGBE_FLAG2_IPSEC_ENABLED BIT(17) + #define IXGBE_FLAG2_VF_IPSEC_ENABLED BIT(18) ++#define IXGBE_FLAG2_AUTO_DISABLE_VF BIT(19) + + /* Tx fast path data */ + int num_tx_queues; +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c +index f70967c32116..628d0eb0599f 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c +@@ -138,6 +138,8 @@ static const char ixgbe_priv_flags_strings[][ETH_GSTRING_LEN] = { + "legacy-rx", + #define IXGBE_PRIV_FLAGS_VF_IPSEC_EN BIT(1) + "vf-ipsec", ++#define IXGBE_PRIV_FLAGS_AUTO_DISABLE_VF BIT(2) ++ "mdd-disable-vf", + }; + + #define IXGBE_PRIV_FLAGS_STR_LEN ARRAY_SIZE(ixgbe_priv_flags_strings) +@@ -3510,6 +3512,9 @@ static u32 ixgbe_get_priv_flags(struct net_device *netdev) + if (adapter->flags2 & IXGBE_FLAG2_VF_IPSEC_ENABLED) + priv_flags |= IXGBE_PRIV_FLAGS_VF_IPSEC_EN; + ++ if (adapter->flags2 & IXGBE_FLAG2_AUTO_DISABLE_VF) ++ priv_flags |= IXGBE_PRIV_FLAGS_AUTO_DISABLE_VF; ++ + return priv_flags; + } + +@@ -3517,6 +3522,7 @@ static int ixgbe_set_priv_flags(struct net_device *netdev, u32 priv_flags) + { + struct ixgbe_adapter *adapter = netdev_priv(netdev); + unsigned int flags2 = adapter->flags2; ++ unsigned int i; + + flags2 &= ~IXGBE_FLAG2_RX_LEGACY; + if (priv_flags & IXGBE_PRIV_FLAGS_LEGACY_RX) +@@ -3526,6 +3532,21 @@ static int ixgbe_set_priv_flags(struct net_device *netdev, u32 priv_flags) + if (priv_flags & IXGBE_PRIV_FLAGS_VF_IPSEC_EN) + flags2 |= IXGBE_FLAG2_VF_IPSEC_ENABLED; + ++ flags2 &= ~IXGBE_FLAG2_AUTO_DISABLE_VF; ++ if (priv_flags & IXGBE_PRIV_FLAGS_AUTO_DISABLE_VF) { ++ if (adapter->hw.mac.type == ixgbe_mac_82599EB) { ++ /* Reset primary abort counter */ ++ for (i = 0; i < adapter->num_vfs; i++) ++ adapter->vfinfo[i].primary_abort_count = 0; ++ ++ flags2 |= IXGBE_FLAG2_AUTO_DISABLE_VF; ++ } else { ++ e_info(probe, ++ "Cannot set private flags: Operation not supported\n"); ++ return -EOPNOTSUPP; ++ } ++ } ++ + if (flags2 != adapter->flags2) { + adapter->flags2 = flags2; + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +index 13df4e0f3796..c4a4954aa317 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +@@ -7613,6 +7613,27 @@ static void ixgbe_watchdog_flush_tx(struct ixgbe_adapter *adapter) + } + + #ifdef CONFIG_PCI_IOV ++static void ixgbe_bad_vf_abort(struct ixgbe_adapter *adapter, u32 vf) ++{ ++ struct ixgbe_hw *hw = &adapter->hw; ++ ++ if (adapter->hw.mac.type == ixgbe_mac_82599EB && ++ adapter->flags2 & IXGBE_FLAG2_AUTO_DISABLE_VF) { ++ adapter->vfinfo[vf].primary_abort_count++; ++ if (adapter->vfinfo[vf].primary_abort_count == ++ IXGBE_PRIMARY_ABORT_LIMIT) { ++ ixgbe_set_vf_link_state(adapter, vf, ++ IFLA_VF_LINK_STATE_DISABLE); ++ adapter->vfinfo[vf].primary_abort_count = 0; ++ ++ e_info(drv, ++ "Malicious Driver Detection event detected on PF %d VF %d MAC: %pM mdd-disable-vf=on", ++ hw->bus.func, vf, ++ adapter->vfinfo[vf].vf_mac_addresses); ++ } ++ } ++} ++ + static void ixgbe_check_for_bad_vf(struct ixgbe_adapter *adapter) + { + struct ixgbe_hw *hw = &adapter->hw; +@@ -7644,8 +7665,10 @@ static void ixgbe_check_for_bad_vf(struct ixgbe_adapter *adapter) + continue; + pci_read_config_word(vfdev, PCI_STATUS, &status_reg); + if (status_reg != IXGBE_FAILED_READ_CFG_WORD && +- status_reg & PCI_STATUS_REC_MASTER_ABORT) ++ status_reg & PCI_STATUS_REC_MASTER_ABORT) { ++ ixgbe_bad_vf_abort(adapter, vf); + pcie_flr(vfdev); ++ } + } + } + +@@ -10746,6 +10769,9 @@ static int ixgbe_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + if (err) + goto err_sw_init; + ++ if (adapter->hw.mac.type == ixgbe_mac_82599EB) ++ adapter->flags2 |= IXGBE_FLAG2_AUTO_DISABLE_VF; ++ + switch (adapter->hw.mac.type) { + case ixgbe_mac_X550: + case ixgbe_mac_X550EM_x: +-- +2.36.1 + diff --git a/debian/patches/series b/debian/patches/series index 82bf77791..2ef3cd439 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -100,6 +100,7 @@ features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signatu debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch bugfix/x86/KVM-x86-mmu-fix-NULL-pointer-dereference-on-guest-IN.patch +bugfix/all/ixgbe-add-improvement-for-MDD-response-functionality.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch |