[-- Attachment #1: Type: text/plain, Size: 662 bytes --] Hi, Jan-san, All, At the IRC meeting today, we identified the following new CVEs are not in LTS4.4 yet. - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for mainline and 4.19+ These are for i40e driver for Intel. The kernel team would like to know whether their backporting is needed or not. For details of those CVE checking results, please see the following. https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requests/75/diffs Regarding the discussion of the IRC meeting, please see the following. https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.00.log.html Best regards, -- M. Kudo [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5514): https://lists.cip-project.org/g/cip-dev/message/5514 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 2709 bytes --] Hi, I have some comment for this issue. https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandeburg@intel.com/ There are multiple patches fixed for 4.19, which can be separated by feature. - i40e: add num_vectors checker in iwarp handler This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). e3219ce6a7754 is not included in 4.4.y and can be ignored. - i40e: Wrong truncation from u16 to u8 This can be apply in 4.4.y. - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter"). It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied. --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c @@ -181,7 +181,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct i40e_vf *vf, u16 vsi_id) * check for the valid queue id **/ static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id, - u8 qid) + u16 qid) { struct i40e_pf *pf = vf->pf; struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id); - i40e: Memory leak in i40e_config_iwarp_qvlist This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). e3219ce6a7754 is not included in 4.4.y and can be ignored. Best regards, Nobuhiro > -----Original Message----- > From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of > masashi.kudo@cybertrust.co.jp > Sent: Thursday, October 8, 2020 6:43 PM > To: cip-dev@lists.cip-project.org > Cc: jan.kiszka@siemens.com > Subject: [cip-dev] Backporting of security patches for Intel i40e drivers required? > > Hi, Jan-san, All, > > At the IRC meeting today, we identified the following new CVEs are not in LTS4.4 yet. > > - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for mainline and 4.19+ > > These are for i40e driver for Intel. > > The kernel team would like to know whether their backporting is needed or not. > > For details of those CVE checking results, please see the following. > https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requests/75/diffs > > Regarding the discussion of the IRC meeting, please see the following. > https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.00.log.html > > Best regards, > -- > M. Kudo [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5515): https://lists.cip-project.org/g/cip-dev/message/5515 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 3036 bytes --] Hi all, given the exposure of such a device but also the fact that I can't tell for sure if/where it's used (not only by us), I would recommend backporting. Jan On 09.10.20 02:23, nobuhiro1.iwamatsu@toshiba.co.jp wrote: > Hi, > > I have some comment for this issue. > https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html > https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandeburg@intel.com/ > > There are multiple patches fixed for 4.19, which can be separated by feature. > > - i40e: add num_vectors checker in iwarp handler > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > - i40e: Wrong truncation from u16 to u8 > This can be apply in 4.4.y. > > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c > > This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter"). > It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied. > > --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c > +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c > @@ -181,7 +181,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct > i40e_vf *vf, u16 vsi_id) > * check for the valid queue id > **/ > static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id, > - u8 qid) > + u16 qid) > { > struct i40e_pf *pf = vf->pf; > struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id); > > > - i40e: Memory leak in i40e_config_iwarp_qvlist > This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > Best regards, > Nobuhiro > >> -----Original Message----- >> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of >> masashi.kudo@cybertrust.co.jp >> Sent: Thursday, October 8, 2020 6:43 PM >> To: cip-dev@lists.cip-project.org >> Cc: jan.kiszka@siemens.com >> Subject: [cip-dev] Backporting of security patches for Intel i40e drivers required? >> >> Hi, Jan-san, All, >> >> At the IRC meeting today, we identified the following new CVEs are not in LTS4.4 yet. >> >> - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for mainline and 4.19+ >> >> These are for i40e driver for Intel. >> >> The kernel team would like to know whether their backporting is needed or not. >> >> For details of those CVE checking results, please see the following. >> https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requests/75/diffs >> >> Regarding the discussion of the IRC meeting, please see the following. >> https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.00.log.html >> >> Best regards, >> -- >> M. Kudo -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5516): https://lists.cip-project.org/g/cip-dev/message/5516 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 3740 bytes --] Hi, Jan-san, Thanks for your response. Best regards, -- M. Kudo > -----Original Message----- > From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of > Jan Kiszka > Sent: Friday, October 9, 2020 4:24 PM > To: nobuhiro1.iwamatsu@toshiba.co.jp; cip-dev@lists.cip-project.org > Subject: Re: [cip-dev] Backporting of security patches for Intel i40e drivers > required? > > Hi all, > > given the exposure of such a device but also the fact that I can't tell for sure > if/where it's used (not only by us), I would recommend backporting. > > Jan > > On 09.10.20 02:23, nobuhiro1.iwamatsu@toshiba.co.jp wrote: > > Hi, > > > > I have some comment for this issue. > > > https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021 > 006.html > > > > https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandebu > > rg@intel.com/ > > > > There are multiple patches fixed for 4.19, which can be separated by feature. > > > > - i40e: add num_vectors checker in iwarp handler > > > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for > client interface for IWARP driver"). > > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > > > - i40e: Wrong truncation from u16 to u8 > > This can be apply in 4.4.y. > > > > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c > > > > This issue has been produced by e284fc280473b ("i40e: Add and delete > cloud filter"). > > It is not included in 4.4.y. However, this patch has several different fixes, so > some patches need to be applied. > > > > --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c > > +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c > > @@ -181,7 +181,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct > > i40e_vf *vf, u16 vsi_id) > > * check for the valid queue id > > **/ > > static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id, > > - u8 qid) > > + u16 qid) > > { > > struct i40e_pf *pf = vf->pf; > > struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id); > > > > > > - i40e: Memory leak in i40e_config_iwarp_qvlist > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for > client interface for IWARP driver"). > > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > > > Best regards, > > Nobuhiro > > > >> -----Original Message----- > >> From: cip-dev@lists.cip-project.org > >> [mailto:cip-dev@lists.cip-project.org] On Behalf Of > >> masashi.kudo@cybertrust.co.jp > >> Sent: Thursday, October 8, 2020 6:43 PM > >> To: cip-dev@lists.cip-project.org > >> Cc: jan.kiszka@siemens.com > >> Subject: [cip-dev] Backporting of security patches for Intel i40e drivers > required? > >> > >> Hi, Jan-san, All, > >> > >> At the IRC meeting today, we identified the following new CVEs are not in > LTS4.4 yet. > >> > >> - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for > >> mainline and 4.19+ > >> > >> These are for i40e driver for Intel. > >> > >> The kernel team would like to know whether their backporting is needed or > not. > >> > >> For details of those CVE checking results, please see the following. > >> https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requ > >> ests/75/diffs > >> > >> Regarding the discussion of the IRC meeting, please see the following. > >> https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.0 > >> 0.log.html > >> > >> Best regards, > >> -- > >> M. Kudo > > -- > Siemens AG, T RDA IOT > Corporate Competence Center Embedded Linux [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5518): https://lists.cip-project.org/g/cip-dev/message/5518 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1.1: Type: text/plain, Size: 1441 bytes --] Hi! > given the exposure of such a device but also the fact that I can't tell > for sure if/where it's used (not only by us), I would recommend backporting. > > There are multiple patches fixed for 4.19, which can be separated by feature. > > > > - i40e: add num_vectors checker in iwarp handler > > > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). > > e3219ce6a7754 is not included in 4.4.y and can be ignored. It is interesting this one is listed in both CVE-145, CVE-147 in cip-kernel-sec. Is that an error? > > - i40e: Wrong truncation from u16 to u8 > > This can be apply in 4.4.y. > > > > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c > > > > This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter"). > > It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied. I see also - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN which apparently allows people to listen to packets they should not see. But I assume this requires elevated priviledges to begin with... Best regards, Pavel -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5577): https://lists.cip-project.org/g/cip-dev/message/5577 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 1918 bytes --] On Wed, Oct 14, 2020 at 10:14 PM Pavel Machek <pavel@denx.de> wrote: > > Hi! > > > given the exposure of such a device but also the fact that I can't tell > > for sure if/where it's used (not only by us), I would recommend backporting. > > > > There are multiple patches fixed for 4.19, which can be separated by feature. > > > > > > - i40e: add num_vectors checker in iwarp handler > > > > > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for client interface for IWARP driver"). > > > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > It is interesting this one is listed in both CVE-145, CVE-147 in > cip-kernel-sec. Is that an error? Given that Intel's security notice did not state which patches fixed which issues, nor which commits caused them, I tried to guess which patch fixed which issue, based solely on their descriptions. Then I looked at the history of the driver to see which commit the patches fixed. Grouping by feature is probably a better way to determine if the backport is required or not. ChenYu > > > - i40e: Wrong truncation from u16 to u8 > > > This can be apply in 4.4.y. > > > > > > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c > > > > > > This issue has been produced by e284fc280473b ("i40e: Add and delete cloud filter"). > > > It is not included in 4.4.y. However, this patch has several different fixes, so some patches need to be applied. > > I see also > > - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN > > which apparently allows people to listen to packets they should not > see. But I assume this requires elevated priviledges to begin with... > > Best regards, > Pavel > -- > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5578): https://lists.cip-project.org/g/cip-dev/message/5578 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 4328 bytes --] Hi, The other day, I inquired about CVE-2019-0145, CVE-2019-0147, and CVE-2019-0148 in the following email. The kernel team discussed for weeks how to deal with them. As a result of these discussions, we concluded to ignore them until Intel fixes issues, because: - The descriptions of patches are not clear, and we cannot figure out what is right - The patches we identified do not really look like fixing too serious stuff. So far, we had the following AI, but we close this based on the above situation. 2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - Kernel Team Best regards, -- M. Kudo > -----Original Message----- > From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of > Jan Kiszka > Sent: Friday, October 9, 2020 4:24 PM > To: nobuhiro1.iwamatsu@toshiba.co.jp; cip-dev@lists.cip-project.org > Subject: Re: [cip-dev] Backporting of security patches for Intel i40e drivers > required? > > Hi all, > > given the exposure of such a device but also the fact that I can't tell for sure > if/where it's used (not only by us), I would recommend backporting. > > Jan > > On 09.10.20 02:23, nobuhiro1.iwamatsu@toshiba.co.jp wrote: > > Hi, > > > > I have some comment for this issue. > > > https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021 > 006.html > > > > https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandebu > > rg@intel.com/ > > > > There are multiple patches fixed for 4.19, which can be separated by feature. > > > > - i40e: add num_vectors checker in iwarp handler > > > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for > client interface for IWARP driver"). > > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > > > - i40e: Wrong truncation from u16 to u8 > > This can be apply in 4.4.y. > > > > - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c > > > > This issue has been produced by e284fc280473b ("i40e: Add and delete > cloud filter"). > > It is not included in 4.4.y. However, this patch has several different fixes, so > some patches need to be applied. > > > > --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c > > +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c > > @@ -181,7 +181,7 @@ static inline bool i40e_vc_isvalid_vsi_id(struct > > i40e_vf *vf, u16 vsi_id) > > * check for the valid queue id > > **/ > > static inline bool i40e_vc_isvalid_queue_id(struct i40e_vf *vf, u16 vsi_id, > > - u8 qid) > > + u16 qid) > > { > > struct i40e_pf *pf = vf->pf; > > struct i40e_vsi *vsi = i40e_find_vsi_from_id(pf, vsi_id); > > > > > > - i40e: Memory leak in i40e_config_iwarp_qvlist > > This issue has been produced by e3219ce6a7754 ("i40e: Add support for > client interface for IWARP driver"). > > e3219ce6a7754 is not included in 4.4.y and can be ignored. > > > > Best regards, > > Nobuhiro > > > >> -----Original Message----- > >> From: cip-dev@lists.cip-project.org > >> [mailto:cip-dev@lists.cip-project.org] On Behalf Of > >> masashi.kudo@cybertrust.co.jp > >> Sent: Thursday, October 8, 2020 6:43 PM > >> To: cip-dev@lists.cip-project.org > >> Cc: jan.kiszka@siemens.com > >> Subject: [cip-dev] Backporting of security patches for Intel i40e drivers > required? > >> > >> Hi, Jan-san, All, > >> > >> At the IRC meeting today, we identified the following new CVEs are not in > LTS4.4 yet. > >> > >> - CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 [net/i40e] - Fixed for > >> mainline and 4.19+ > >> > >> These are for i40e driver for Intel. > >> > >> The kernel team would like to know whether their backporting is needed or > not. > >> > >> For details of those CVE checking results, please see the following. > >> https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/merge_requ > >> ests/75/diffs > >> > >> Regarding the discussion of the IRC meeting, please see the following. > >> https://irclogs.baserock.org/meetings/cip/2020/10/cip.2020-10-08-09.0 > >> 0.log.html > >> > >> Best regards, > >> -- > >> M. Kudo > > -- > Siemens AG, T RDA IOT > Corporate Competence Center Embedded Linux [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5790): https://lists.cip-project.org/g/cip-dev/message/5790 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 1386 bytes --] On Wed, 2020-11-11 at 13:18 +0000, masashi.kudo@cybertrust.co.jp wrote: > Hi, > > The other day, I inquired about CVE-2019-0145, CVE-2019-0147, and CVE-2019-0148 in the following email. > > The kernel team discussed for weeks how to deal with them. > As a result of these discussions, we concluded to ignore them until Intel fixes issues, because: > - The descriptions of patches are not clear, and we cannot figure out what is right > - The patches we identified do not really look like fixing too serious stuff. They all seemed to involve communication with the owner of a PCIe Virtual Function (VF). A VF might be assigned to a VM or privileged process. In Civil Infrastructure systems those should already be trusted and so the issues don't matter that much. > So far, we had the following AI, but we close this based on the above situation. > > 2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to be backported to 4.4 - Kernel Team [...] Well, I found it quite easy to backport the applicable parts of the fixes. I already sent them along with some other fixes for the 4.14 and 4.9 branches, and could still do so for 4.4. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5791): https://lists.cip-project.org/g/cip-dev/message/5791 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #1: Type: text/plain, Size: 2383 bytes --] Hi, Ben-san, By this time, you may have already left from cip-dev, but I wanted to update our status. We again discussed this, and Iwamatsu-san kindly took over this and created patches. In order to make sure that those patches appropriately address the issue, he is sending RFC to the Intel contributors. Thanks again for your comments. Also, I wanted to re-iterate my thankfulness to you for what you have done for CIP. I am really hoping your good luck in your new tasks. Best regards, -- M. Kudo > -----Original Message----- > From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of > Ben Hutchings > Sent: Thursday, November 12, 2020 5:50 AM > To: cip-dev@lists.cip-project.org; nobuhiro1.iwamatsu@toshiba.co.jp; > jan.kiszka@siemens.com > Subject: Re: [cip-dev] Backporting of security patches for Intel i40e drivers > required? > > On Wed, 2020-11-11 at 13:18 +0000, masashi.kudo@cybertrust.co.jp wrote: > > Hi, > > > > The other day, I inquired about CVE-2019-0145, CVE-2019-0147, and > CVE-2019-0148 in the following email. > > > > The kernel team discussed for weeks how to deal with them. > > As a result of these discussions, we concluded to ignore them until Intel fixes > issues, because: > > - The descriptions of patches are not clear, and we cannot figure out > > what is right > > - The patches we identified do not really look like fixing too serious stuff. > > They all seemed to involve communication with the owner of a PCIe Virtual > Function (VF). A VF might be assigned to a VM or privileged process. In Civil > Infrastructure systems those should already be trusted and so the issues don't > matter that much. > > > So far, we had the following AI, but we close this based on the above situation. > > > > 2. Check whether CVE-2019-0145, CVE-2019-0147, CVE-2019-0148 needs to > > be backported to 4.4 - Kernel Team > [...] > > Well, I found it quite easy to backport the applicable parts of the fixes. I already > sent them along with some other fixes for the 4.14 and 4.9 branches, and could > still do so for 4.4. > > Ben. > > -- > Ben Hutchings, Software Developer Codethink Ltd > https://www.codethink.co.uk/ Dale House, 35 Dale Street > Manchester, M1 2HF, United Kingdom [-- Attachment #2: Type: text/plain, Size: 420 bytes --] -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5797): https://lists.cip-project.org/g/cip-dev/message/5797 Mute This Topic: https://lists.cip-project.org/mt/77380165/4520388 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org] -=-=-=-=-=-=-=-=-=-=-=-