From patchwork Mon Jul  8 15:21:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bethany Jamison <bethany.jamison@canonical.com>
X-Patchwork-Id: 1958008
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4WHnsK37Gyz1xpd
	for <incoming@patchwork.ozlabs.org>; Tue,  9 Jul 2024 01:21:40 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1sQqBH-0002EJ-3t; Mon, 08 Jul 2024 15:21:31 +0000
Received: from smtp-relay-internal-0.internal ([10.131.114.225]
 helo=smtp-relay-internal-0.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <bethany.jamison@canonical.com>)
 id 1sQqBF-0002Db-6z
 for kernel-team@lists.ubuntu.com; Mon, 08 Jul 2024 15:21:29 +0000
Received: from mail-io1-f69.google.com (mail-io1-f69.google.com
 [209.85.166.69])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 22F223F731
 for <kernel-team@lists.ubuntu.com>; Mon,  8 Jul 2024 15:21:28 +0000 (UTC)
Received: by mail-io1-f69.google.com with SMTP id
 ca18e2360f4ac-7f6827f1acbso214597439f.0
 for <kernel-team@lists.ubuntu.com>; Mon, 08 Jul 2024 08:21:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1720452086; x=1721056886;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=Ibsn8rZ1F0HOQa71lZHPpn+oEKXLGHzPePNQ9//wYbE=;
 b=NHibAClGGx1hU4NMdBqJ8YZwKusSQibOZ4wk70+vZLbZ8vXrfso4LE+YPfnyAECK6f
 pWY/ri4TcZeryIUO/+thicHL2KkPCqnGynzhd7f2x1pGgXEZjdtDYbMznxroRtDioR1a
 WNUan0+2y15vzzXylUh/FHGq1nGc+kmE2Bhrhd/fliKoVRI+yqs/2eR18/pq6JLFFxO7
 Z2psLAkVwOiKHyG1sOtqjhh9+/SXMRnSFR8jnn23liNpi3eHYwq9z5FOeXUwXAHOmul8
 orw9MzJFfq2aXNwFE4LTYhLW2ycnu6qtJaBcpulV/YN+Bbpz+IzSO4/Qj8mlSOIbiUZ9
 FaCQ==
X-Gm-Message-State: AOJu0YwCV9SW7NdSPmyephrjnu9d/bxpT9WvTUVNaFnlvovv7/JNdunc
 KfHwH4uzKGqOsP/AqubDzcltyUyI5OYSKRIpaYXZKMb14pAvsCbdyFNM8tf5n+chNZANmge9KeC
 XVEYHfQzKoUCoCqXHw2eO2+TD55BXFpjicIOX/RZ9ZBGOAGF8Hu2tS2SVf0oy19cqq6ccg/YGbz
 1LqTo3MkYiYA==
X-Received: by 2002:a05:6e02:1a61:b0:376:1fe3:f6f0 with SMTP id
 e9e14a558f8ab-383cb134b65mr87401885ab.1.1720452086502;
 Mon, 08 Jul 2024 08:21:26 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEDizEbKZNnKknN0a84XrsVtJOBdrmlISGwxwNG7ZHUhEjK5cJiUlOdjxlTNqv47VfpfrhdLA==
X-Received: by 2002:a05:6e02:1a61:b0:376:1fe3:f6f0 with SMTP id
 e9e14a558f8ab-383cb134b65mr87401725ab.1.1720452086163;
 Mon, 08 Jul 2024 08:21:26 -0700 (PDT)
Received: from smtp.gmail.com
 (167-248-51-36.oa02.lnk04.ne.dynamic.allophone.net. [167.248.51.36])
 by smtp.gmail.com with ESMTPSA id
 8926c6da1cb9f-4bb742b887bsm6049725173.133.2024.07.08.08.21.25
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 08 Jul 2024 08:21:25 -0700 (PDT)
From: Bethany Jamison <bethany.jamison@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][J 0/1, F 0/3] CVE-2024-26830
Date: Mon,  8 Jul 2024 10:21:20 -0500
Message-Id: <20240708152124.14807-1-bethany.jamison@canonical.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

[Impact]

i40e: Do not allow untrusted VF to remove administratively set MAC

Currently when PF administratively sets VF's MAC address and the VF
is put down (VF tries to delete all MACs) then the MAC is removed
from MAC filters and primary VF MAC is zeroed.

Do not allow untrusted VF to remove primary MAC when it was set
administratively by PF.

[Fix]

Noble:	not-affected
Jammy:	Backport - I ignored #defines next to the fix area, shouldn't
	affect the fix changes
Focal:	Backport - same as Jammy, Clean cherry-picks from prereqs
Bionic:	needed
Xenial:	needed
Trusty: not going to be fixed by us

[Test Case]

Compile and boot tested

[Where problems could occur]

This fix affects those who use the Intel i40e driver, an issue with 
this fix would be visible to the user via unexpected system behavior.

Ivan Vecera (1):
  i40e: Do not allow untrusted VF to remove administratively set MAC

 .../ethernet/intel/i40e/i40e_virtchnl_pf.c    | 38 ++++++++++++++++---
 1 file changed, 33 insertions(+), 5 deletions(-)
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Noah Wager <noah.wager@canonical.com>