CVE-2024-42142

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: E-switch, Create ingress ACL when needed<br /> <br /> Currently, ingress acl is used for three features. It is created only<br /> when vport metadata match and prio tag are enabled. But active-backup<br /> lag mode also uses it. It is independent of vport metadata match and<br /> prio tag. And vport metadata match can be disabled using the<br /> following devlink command:<br /> <br /> # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \<br /> value false cmode runtime<br /> <br /> If ingress acl is not created, will hit panic when creating drop rule<br /> for active-backup lag mode. If always create it, there will be about<br /> 5% performance degradation.<br /> <br /> Fix it by creating ingress acl when needed. If esw_port_metadata is<br /> true, ingress acl exists, then create drop rule using existing<br /> ingress acl. If esw_port_metadata is false, create ingress acl and<br /> then create drop rule.