kernel-packages team mailing list archive

Thread
Date
[Bug 1514861] Re: mlx5 EN driver wrongly enables sets VLAN filtering under promiscuous mode

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1514861@xxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Dec 2015 20:48:12 -0000
Reply-to: Bug 1514861 <1514861@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 4.2.0-21.25

---------------
linux (4.2.0-21.25) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1522108

  [ Upstream Kernel Changes ]

  * staging/dgnc: fix info leak in ioctl
    - LP: #1509565
    - CVE-2015-7885
  * [media] media/vivid-osd: fix info leak in ioctl
    - LP: #1509564
    - CVE-2015-7884
  * KEYS: Fix race between key destruction and finding a keyring by name
    - LP: #1508856
    - CVE-2015-7872
  * KEYS: Fix crash when attempt to garbage collect an uninstantiated
    keyring
    - LP: #1508856
    - CVE-2015-7872
  * KEYS: Don't permit request_key() to construct a new keyring
    - LP: #1508856
    - CVE-2015-7872
  * isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
    - LP: #1508329
    - CVE-2015-7799
  * ppp, slip: Validate VJ compression slot parameters completely
    - LP: #1508329
    - CVE-2015-7799

linux (4.2.0-20.24) wily; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1521753

  [ Andy Whitcroft ]

  * [Tests] gcc-multilib does not exist on ppc64el
    - LP: #1515541

  [ Joseph Salisbury ]

  * SAUCE: scsi_sysfs: protect against double execution of
    __scsi_remove_device()
    - LP: #1509029

  [ Manoj Kumar ]

  * SAUCE: (noup) cxlflash: Fix to escalate LINK_RESET also on port 1
    - LP: #1513583

  [ Matthew R. Ochs ]

  * SAUCE: (noup) cxlflash: Fix to avoid virtual LUN failover failure
    - LP: #1513583

  [ Oren Givon ]

  * SAUCE: (noup) iwlwifi: Add new PCI IDs for the 8260 series
    - LP: #1517375

  [ Seth Forshee ]

  * [Config] CONFIG_DRM_AMDGPU_CIK=n
    - LP: #1510405

  [ Upstream Kernel Changes ]

  * net/mlx5e: Disable VLAN filter in promiscuous mode
    - LP: #1514861
  * drivers: net: xgene: fix RGMII 10/100Mb mode
    - LP: #1433290
  * HID: rmi: Disable scanning if the device is not a wake source
    - LP: #1515503
  * HID: rmi: Set F01 interrupt enable register when not set
    - LP: #1515503
  * net/mlx5e: Ethtool link speed setting fixes
    - LP: #1517919
  * scsi_scan: don't dump trace when scsi_prep_async_scan() is called twice
    - LP: #1517942
  * x86/ioapic: Disable interrupts when re-routing legacy IRQs
    - LP: #1508593
  * xhci: Workaround to get Intel xHCI reset working more reliably
  * megaraid_sas: Do not use PAGE_SIZE for max_sectors
    - LP: #1475166
  * net: usb: cdc_ether: add Dell DW5580 as a mobile broadband adapter
    - LP: #1513847
  * KVM: svm: unconditionally intercept #DB
    - LP: #1520184
    - CVE-2015-8104

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Wed, 02 Dec 2015
17:30:58 +0000

** Changed in: linux (Ubuntu Wily)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7799

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7872

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7884

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7885

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8104

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1514861

Title:
   mlx5 EN driver wrongly enables sets VLAN filtering under promiscuous
  mode

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Wily:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  Description of problem: The mlx5 Ethernet driver doesn't allow packets
  marked with all possible VLAN tags to be accepted under promiscuous
  mode. This is wrong and disallows Open-Stack to properly function in
  Para-Virtual configuration.

  
  How reproducible: 

   just put the NIC to promiscuous mode and send packet from another
  node tagged any vlan which was not previously configured on the NIC
  vlan filter, it will not be accepted.

  
  Actual results:
  ARP packets sent on vlan 52 packets are dropped 

  Expected results:
  packets should received 

  Host info:
  #uname -a
  Linux dev-h-vrt-006 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

  #lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:    Ubuntu 15.10
  Release:        15.10
  Codename:       wily

  
  The following upstream commit fix it:

  commit c07543431e9f3d126d083808efa0e76461d8833b
  Author: Achiad Shochat <achiad@xxxxxxxxxxxx>
  Date:   Thu Oct 8 15:26:18 2015 +0300

      net/mlx5e: Disable VLAN filter in promiscuous mode

      When the device was set to promiscuous mode, we didn't disable
      VLAN filtering, which is wrong behaviour, fix that.

      Now when the device is set to promiscuous mode RX packets
      sent over any VLAN (or no VLAN tag at all) will be accepted.

      Signed-off-by: Achiad Shochat <achiad@xxxxxxxxxxxx>
      Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

  I backported it to Ubuntu 15.10 (please see the attached patch). This
  issue need to be fix also in Ubuntu 14.04.4 not only 15.10.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1514861/+subscriptions
References

[Bug 1514861] [NEW] mlx5 EN driver wrongly enables sets VLAN filtering under promiscuous mode
From: Talat Batheesh, 2015-11-10