BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-23:04.ixgbe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-23:04.ixgbe                                          Errata Notice
                                                          The FreeBSD Project

Topic:		ixgbe incorrectly reports input errors for 82599ES

Category:       core
Module:         ixgbe
Announced:      2023-02-08
Affects:        All supported versions of FreeBSD.
Corrected:      2022-11-17 20:13:43 UTC (stable/13, 13.1-STABLE)
                2023-02-08 16:30:38 UTC (releng/13.1, 13.1-RELEASE-p6)
                2022-11-17 20:17:22 UTC (stable/12, 12.4-STABLE)
                2023-02-08 18:30:24 UTC (releng/12.4, 12.4-RELEASE-p1)
                2023-02-08 18:28:28 UTC (releng/12.3, 12.3-RELEASE-p11)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

ixgbe(4) is driver that supports multiple Intel 10Gb Ethernet cards including
the Intel 82599.

II.  Problem Description

Intel 82599 hardware has errata related to IPv4 UDP frames with a zero
checksum.  The L4 integrity error counter is incremented for such frames,
which results in reported interface errors through utilities such as
ifconfig(8).  This confuses users, since all frames are in fact handled
correctly by the system.

III. Impact

Incorrect interface statistics are reported for affected hardware.

IV.  Workaround

Ignore reported interface errors.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-23:04/ixgbe.patch
# fetch https://security.FreeBSD.org/patches/EN-23:04/ixgbe.patch.asc
# gpg --verify ixgbe.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              daf3d88ac184    stable/13-n253100
releng/13.1/                            f3e20eb8d8f0  releng/13.1-n250178
stable/12/                                                        r372757
releng/12.4/                                                      r372916
releng/12.3/                                                      r372912
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id&6048>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:04.ixgbe.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8BcACgkQbljekB8A
Gu+H7g//dEdyDgXVQeyezAZuL1wqUaKVE0ZzPfpouG9X3+FaXMalo0FzkJy75olx
vv0eOznDoS+IWlwkdvzKCaAGZK8ZFPNT0SkNTGlABh+xvX0FoORdPLh9AmZbDlsx
1FA1Az+Sew0EJ/t0D0v/ZMTpj267664yVXI1G5IFUxTLnFq/bC9w8ssOQCWF4/+z
KgwTt7XfaxE03EE6JasyeIRKF4nobbErNo7Z+yjEkqT43geSS8N3T6uE8JwV8y2w
0wAZT3nj7TBsHnRErHgDQabPXOEdZDODV+iDGTOmu7bwmoG9FKbuuE4tZtDzKNZ1
wjjG0Gka091Wx7ss5KLO0kD99iqHrtno/I2qJuk/R5HZuNTzOsp56RgQUQu9uxjm
1Lfsd6HdzV2dd4/PZ9dGgU7bTiSIJXCh5pu3NGF3nKshgDPDq05kz3Ho3ktWEccQ
SpWOc6IyMibuxq9T50CFyW+qPMoPa4pN2BsVilwQJ/LeWYp8lcN9T5bY2ssVk33q
s6elPBZsmGOvIMe14mDUL2ANfcZSUDkbZuvCPoOo1LMGnh8TSikbj1uaWH4qntlC
gPJ502ggGaw1CuMuUzddyv14bNCL9PMY1zZOnEi6MWwZWZnVvzdqLvhz4U6BORVJ
OOqJTlxquMYGyILtHqKvqodZ471SaHMC9Sk5MPvO/mk0u3W5Zeg=sTJD
-----END PGP SIGNATURE-----