be2net: non-member vlan pkts not received in promiscous mode

(bnc#732006 CVE-2011-3347).
author: Benjamin Poirier <bpoirier@suse.de> 2012-06-08 19:08:24 (GMT)
committer: Benjamin Poirier <bpoirier@suse.de> 2012-06-08 19:08:24 (GMT)
commit: d50db310517fae25de84ed773eb6fd0cf7281137 (patch) (side-by-side diff)
tree: 34c674843605f9ecb851476e7a33743a7d6bf14f
parent: 2ba311d31960e2e95d443fee9fb73ba9022ae180 (diff)
2 files changed, 61 insertions, 0 deletions
diff --git a/patches.drivers/be2net-non-member-vlan-pkts-not-received-in-promisco.patch b/patches.drivers/be2net-non-member-vlan-pkts-not-received-in-promisco.patch
new file mode 100644
index 0000000..8261627
--- a/dev/null
+++ b/patches.drivers/be2net-non-member-vlan-pkts-not-received-in-promisco.patch
@@ -0,0 +1,60 @@
+From: Sathya Perla <sathya.perla@emulex.com>
+Date: Tue, 2 Aug 2011 19:57:43 +0000
+Subject: [PATCH] be2net: non-member vlan pkts not received in promiscous mode
+Patch-mainline: v3.2-rc1
+Git-commit: c0e64ef4899df4cedc872871e54e2c069d29e519
+	    be2net: non-member vlan pkts not received in promiscous mode
+References: bnc#732006 CVE-2011-3347
+
+While configuring promiscous mode, explicitly set the
+VLAN_PROMISCOUS bit to make this happen. When switching off
+promiscous mode, re-program the vids.
+
+Signed-off-by: Xavier Selvin <xavier.selvin@emulex.com>
+Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Benjamin Poirier <bpoirier@suse.de>
+---
+ drivers/net/benet/be_cmds.c |    6 ++++--
+ drivers/net/benet/be_main.c |    7 +++++++
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/benet/be_cmds.c
++++ b/drivers/net/benet/be_cmds.c
+@@ -1611,9 +1611,11 @@ int be_cmd_promiscuous_config(struct be_
+ 			OPCODE_COMMON_NTWK_RX_FILTER, sizeof(*req));
+ 
+ 	req->if_id = cpu_to_le32(adapter->if_handle);
+-	req->if_flags_mask = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS);
++	req->if_flags_mask = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS
++				| BE_IF_FLAGS_VLAN_PROMISCUOUS);
+ 	if (en)
+-		req->if_flags = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS);
++		req->if_flags = cpu_to_le32(BE_IF_FLAGS_PROMISCUOUS
++				| BE_IF_FLAGS_VLAN_PROMISCUOUS);
+ 
+ 	sge->pa_hi = cpu_to_le32(upper_32_bits(promiscous_cmd.dma));
+ 	sge->pa_lo = cpu_to_le32(promiscous_cmd.dma & 0xFFFFFFFF);
+--- a/drivers/net/benet/be_main.c
++++ b/drivers/net/benet/be_main.c
+@@ -829,6 +829,10 @@ static int be_vid_config(struct be_adapt
+ 		status = be_cmd_vlan_config(adapter, if_handle, vtag, 1, 1, 0);
+ 	}
+ 
++	/* No need to further configure vids if in promiscuous mode */
++	if (adapter->promiscuous)
++		return 0;
++
+ 	if (adapter->vlans_added <= adapter->max_vlans)  {
+ 		/* Construct VLAN Table to give to HW */
+ 		for (i = 0; i < VLAN_N_VID; i++) {
+@@ -888,6 +892,9 @@ static void be_set_multicast_list(struct
+ 	if (adapter->promiscuous) {
+ 		adapter->promiscuous = false;
+ 		be_cmd_promiscuous_config(adapter, false);
++
++		if (adapter->vlans_added)
++			be_vid_config(adapter, false, 0);
+ 	}
+ 
+ 	/* Enable multicast promisc if num configured exceeds what we support */
diff --git a/series.conf b/series.conf
index 19cf9b0..2d9d23a 100644
--- a/series.conf
+++ b/series.conf
@@ -829,6 +829,7 @@
 	patches.fixes/macvtap-zerocopy-put-page-when-fail-to-get-all-reque.patch
 	patches.fixes/macvtap-zerocopy-set-SKBTX_DEV_ZEROCOPY-only-when-sk.patch
 	patches.fixes/macvtap-zerocopy-validate-vectors-before-building-sk.patch
+	patches.drivers/be2net-non-member-vlan-pkts-not-received-in-promisco.patch
 
 	########################################################
 	# Wireless Networking
author	Benjamin Poirier <bpoirier@suse.de>	2012-06-08 19:08:24 (GMT)
committer	Benjamin Poirier <bpoirier@suse.de>	2012-06-08 19:08:24 (GMT)
commit	d50db310517fae25de84ed773eb6fd0cf7281137 (patch) (side-by-side diff)
tree	34c674843605f9ecb851476e7a33743a7d6bf14f
parent	2ba311d31960e2e95d443fee9fb73ba9022ae180 (diff)