In this advisory it is said that "No workaround is available, but systems that do not have Intel(R) 82559 series 10Gb Ethernet Controllers are not affected." https://www.freebsd.org/security/advisories/FreeBSD-EN-15:14.ixgbe.asc I suspect a 82599 controller is the correct entry, because a 82559 is a fast ethernet controller (well, not so fast anymore).
Created attachment 179019 [details] security advisory - NIC model typo
Interesting finding. Unless the issue only manifests on the 82599 chipset, I'd say we could try something a little different on a two fold approach: #1 reword the advisory and #2 update the man page with a caveat section. #1 - Reword of the advisory (patch provided): Because the patch affects the entire ixgbe(4) driver, to be in conformance with what the man page says, I'd suggest the advisory to read: No workaround is available, but systems that do not have Intel(R) 82598EB series 10Gb Ethernet Controllers are not affected. The man page for ixgbe states the following: DESCRIPTION The ixgbe driver provides support for PCI 10Gb Ethernet adapters based on the Intel 82598EB Intel(R) Network Connections. The driver supports Jumbo Frames, MSIX, TSO, and RSS. #2 - Caveat section (patch provided): Since this option is now the default on ixgbe we could add that in a caveat section of the man page for the driver (following examples of others such as ral(4).
Created attachment 179020 [details] ixgbe.4 - add flow-director CAVEAT
^Triage: The advisory typo is asc so only the security officer can accept that? I will put the manual patch for review on github with the author set to Diego and suggested by trailer set to Jan.
I'm sorry this PR never got addressed, but at this point we're not going to amend an erratum from 2015, sorry.
Sorry for the noise, thanks for closing it!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=20b823a59bc7419a6f93ec5097bd5ee524c20981 commit 20b823a59bc7419a6f93ec5097bd5ee524c20981 Author: Diego Casati <diego.casati@gmail.com> AuthorDate: 2024-10-26 20:34:16 +0000 Commit: Kevin Bowling <kbowling@FreeBSD.org> CommitDate: 2024-10-26 20:37:06 +0000 ixgbe.4: Add flow director CAVEAT Flow-director support is not fully implemented and will cause errors if enabled. Mention this in the ixgbe(4) manual. PR: 202663 MFC after: 3 days Co-authored-by: Alexander Ziaee <concussious@runbox.com> Pull Request: https://github.com/freebsd/freebsd-src/pull/1493 share/man/man4/ixgbe.4 | 8 ++++++++ 1 file changed, 8 insertions(+)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=a8308a15f48edbb224d3f225121277ef7c2f04b8 commit a8308a15f48edbb224d3f225121277ef7c2f04b8 Author: Diego Casati <diego.casati@gmail.com> AuthorDate: 2024-10-26 20:34:16 +0000 Commit: Kevin Bowling <kbowling@FreeBSD.org> CommitDate: 2024-10-29 00:28:46 +0000 ixgbe.4: Add flow director CAVEAT Flow-director support is not fully implemented and will cause errors if enabled. Mention this in the ixgbe(4) manual. PR: 202663 Co-authored-by: Alexander Ziaee <concussious@runbox.com> Pull Request: https://github.com/freebsd/freebsd-src/pull/1493 (cherry picked from commit 20b823a59bc7419a6f93ec5097bd5ee524c20981) share/man/man4/ixgbe.4 | 8 ++++++++ 1 file changed, 8 insertions(+)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=60211fe46a4ec5e6b72cb656f487297a15a0e373 commit 60211fe46a4ec5e6b72cb656f487297a15a0e373 Author: Diego Casati <diego.casati@gmail.com> AuthorDate: 2024-10-26 20:34:16 +0000 Commit: Kevin Bowling <kbowling@FreeBSD.org> CommitDate: 2024-10-29 00:29:52 +0000 ixgbe.4: Add flow director CAVEAT Flow-director support is not fully implemented and will cause errors if enabled. Mention this in the ixgbe(4) manual. PR: 202663 Co-authored-by: Alexander Ziaee <concussious@runbox.com> Pull Request: https://github.com/freebsd/freebsd-src/pull/1493 (cherry picked from commit 20b823a59bc7419a6f93ec5097bd5ee524c20981) share/man/man4/ixgbe.4 | 8 ++++++++ 1 file changed, 8 insertions(+)