diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc | 122 |
1 files changed, 0 insertions, 122 deletions
diff --git a/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc b/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc deleted file mode 100644 index be8a5d80ab..0000000000 --- a/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc +++ /dev/null @@ -1,122 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-EN-20:05.mlx5en Errata Notice - The FreeBSD Project - -Topic: Fix packet forwarding performance in mlx5en(4) driver - -Category: core -Module: mlx5en -Announced: 2020-03-19 -Affects: FreeBSD 12.1 -Corrected: 2019-11-07 13:12:38 UTC (stable/12, 12.1-STABLE) - 2020-03-19 16:41:29 UTC (releng/12.1, 12.1-RELEASE-p3) - -For general information regarding FreeBSD Errata Notices and Security -Advisories, including descriptions of the fields above, security -branches, and the following sections, please visit -<URL:https://security.FreeBSD.org/>. - -I. Background - -Add CSUM_SND_TAG flag and set this flag for outgoing ratelimited mbufs. -This fixes an issue that redirected packets are dropped in the mlx5en -transmit routine. - -II. Problem Description - -Ratelimiting support in the network stack reuses an mbuf field for a -different purpose to avoid having to grow the mbuf size. This can a cause -packet drop in the forwarding case if the field in question is not cleared -prior to transmit. - -III. Impact - -All packets going through firewall code are dropped when using mlx5en(4). - -IV. Workaround - -No workaround is available. Systems not using mlx5en(4) are not affected. - -V. Solution - -Perform one of the following: - -1) To update your system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install -# reboot - -2) To update your system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 12.1] -# fetch https://security.FreeBSD.org/patches/EN-20:05/mlx5en.patch -# fetch https://security.FreeBSD.org/patches/EN-20:05/mlx5en.patch.asc -# gpg --verify mlx5en.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/12/ r354440 -releng/12.1/ r359136 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243871> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:05.mlx5en.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cIMCw/7BCNrVg/W7nwnbDdQs1xR0gTz4pUTGB7SnyXs69kJ15dimWt00oVCJurP -oh7uZIPenrS/xRosmbehsNc3IJRN6Npnf86dazuj3qRu24E3CJg9bQJ0sAHrWOXB -i6UgrWIDKIEQ/Yflpcl4bqj/L5HQsTQ/mbkBl1nYiu7VUwjGPhidRYSCQQHDY8ZM -XJ4BFBJCx+gSEcfP6iAqZTGcDAwyFkl9kzxfMIymIRqGlBABBqN6OFrnMjiBoDGL -CiTFt0rFs4/bdX8wQyRhQ6IHjFGiEbXZS4txJxP3XZaIJaPYF5snrrV1rgGjOeVl -2PmGF82ugSwrpVgPuDCMkiJEvYR6matvjRrYQDEBsz0rY6pyid4q9Ck7uKt2KW8u -M3tPtL61SbnuPXTYGpFD++xWYjlQrkcuudwHRT3NYOgNAwU6U+ejLuDzpbWFtPAh -RCQ/tmSOxTQWubxbiwiA07zxVY1a2ffguyzpc+p8PTwIbgrtuh64saoenuvNg0wJ -rhuShGQnhsfWbStOW1T21tsBkB/cZekQYt3e9zB3RREl3WBvJmKPLqO0m8WBaSUx -2iTxnMrhEAnD4R6oVouibCwRdlnxMD3xyYmJJZJ/p8hFXVZlWm60c5nKh82bQVLj -mN4Uf+V7Q/P+fkfoWFm7Dq4kYQp7DmANjh2gK80/88f9/AhX+so= -=EjZa ------END PGP SIGNATURE----- |