Re: Backporting of security patches for Intel i40e drivers required?

Pavel Machek


given the exposure of such a device but also the fact that I can't tell
for sure if/where it's used (not only by us), I would recommend backporting.
There are multiple patches fixed for 4.19, which can be separated by feature.

- i40e: add num_vectors checker in iwarp handler

This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver").
e3219ce6a7754 is not included in 4.4.y and can be ignored.
It is interesting this one is listed in both CVE-145, CVE-147 in
cip-kernel-sec. Is that an error?

- i40e: Wrong truncation from u16 to u8
This can be apply in 4.4.y.

- i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c

This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter").
It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied.
I see also

- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN

which apparently allows people to listen to packets they should not
see. But I assume this requires elevated priviledges to begin with...

Best regards,
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Join to automatically receive all group messages.