CVE-2022-48645

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: enetc: deny offload of tc-based TSN features on VF interfaces<br /> <br /> TSN features on the ENETC (taprio, cbs, gate, police) are configured<br /> through a mix of command BD ring messages and port registers:<br /> enetc_port_rd(), enetc_port_wr().<br /> <br /> Port registers are a region of the ENETC memory map which are only<br /> accessible from the PCIe Physical Function. They are not accessible from<br /> the Virtual Functions.<br /> <br /> Moreover, attempting to access these registers crashes the kernel:<br /> <br /> $ echo 1 &gt; /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs<br /> pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001<br /> fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15<br /> fsl_enetc_vf 0000:00:01.0: enabling device (0000 -&gt; 0002)<br /> fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0<br /> $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \<br /> queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \<br /> sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2<br /> Unable to handle kernel paging request at virtual address ffff800009551a08<br /> Internal error: Oops: 96000007 [#1] PREEMPT SMP<br /> pc : enetc_setup_tc_taprio+0x170/0x47c<br /> lr : enetc_setup_tc_taprio+0x16c/0x47c<br /> Call trace:<br /> enetc_setup_tc_taprio+0x170/0x47c<br /> enetc_setup_tc+0x38/0x2dc<br /> taprio_change+0x43c/0x970<br /> taprio_init+0x188/0x1e0<br /> qdisc_create+0x114/0x470<br /> tc_modify_qdisc+0x1fc/0x6c0<br /> rtnetlink_rcv_msg+0x12c/0x390<br /> <br /> Split enetc_setup_tc() into separate functions for the PF and for the<br /> VF drivers. Also remove enetc_qos.o from being included into<br /> enetc-vf.ko, since it serves absolutely no purpose there.