Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ixgbevf: fix mailbox API compatibility by negotiating supported features[EOL][EOL]There was backward compatibility in the terms of mailbox API. Various[EOL]drivers from various OSes supporting 10G adapters from Intel portfolio[EOL]could easily negotiate mailbox API.[EOL][EOL]This convention has been broken since introducing API 1.4.[EOL]Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support[EOL]for IPSec which is specific only for the kernel ixgbe driver. None of the[EOL]rest of the Intel 10G PF/VF drivers supports it. And actually lack of[EOL]support was not included in the IPSec implementation - there were no such[EOL]code paths. No possibility to negotiate support for the feature was[EOL]introduced along with introduction of the feature itself.[EOL][EOL]Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication[EOL]between PF and VF") increasing API version to 1.5 did the same - it[EOL]introduced code supported specifically by the PF ESX driver. It altered API[EOL]version for the VF driver in the same time not touching the version[EOL]defined for the PF ixgbe driver. It led to additional discrepancies,[EOL]as the code provided within API 1.6 cannot be supported for Linux ixgbe[EOL]driver as it causes crashes.[EOL][EOL]The issue was noticed some time ago and mitigated by Jake within the commit[EOL]d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5").[EOL]As a result we have regression for IPsec support and after increasing API[EOL]to version 1.6 ixgbevf driver stopped to support ESX MBX.[EOL][EOL]To fix this mess add new mailbox op asking PF driver about supported[EOL]features. Basing on a response determine whether to set support for IPSec[EOL]and ESX-specific enhanced mailbox.[EOL][EOL]New mailbox op, for compatibility purposes, must be added within new API[EOL]revision, as API version of OOT PF & VF drivers is already increased to[EOL]1.6 and doesn't incorporate features negotiate op.[EOL][EOL]Features negotiation mechanism gives possibility to be extended with new[EOL]features when needed in the future.