On Wed, Oct 14, 2020 at 10:14 PM Pavel Machek wrote: > > Hi! > > > given the exposure of such a device but also the fact that I can't tell > > for sure if/where it's used (not only by us), I would recommend backporting. > > > > There are multiple patches fixed for 4.19, which can be separated by feature. > > > > > > - i40e: add num_vectors checker in iwarp handler > > > > > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). > > > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > It is interesting this one is listed in both CVE-145, CVE-147 in > cip-kernel-sec. Is that an error? Given that Intel's security notice did not state which patches fixed which issues, nor which commits caused them, I tried to guess which patch fixed which issue, based solely on their descriptions. Then I looked at the history of the driver to see which commit the patches fixed. Grouping by feature is probably a better way to determine if the backport is required or not. ChenYu > > > - i40e: Wrong truncation from u16 to u8 > > > This can be apply in 4.4.y. > > > > > > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c > > > > > > This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter"). > > > It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied. > > I see also > > - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN > > which apparently allows people to listen to packets they should not > see. But I assume this requires elevated priviledges to begin with... > > Best regards, > Pavel > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany >