In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix queues reservation for XDP
When XDP was configured on a system with large number of CPUs and X722 NIC there was a call trace with NULL pointer dereference.
i40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0 err -12 i40e 0000:87:00.0: setup of MAIN VSI failed
BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:i40exdp+0xea/0x1b0 [i40e] Call Trace: ? i40ereconfigrssqueues+0x130/0x130 [i40e] devxdpinstall+0x61/0xe0 devxdpattach+0x18a/0x4c0 devchangexdpfd+0x1e6/0x220 dosetlink+0x616/0x1030 ? ahciportstop+0x80/0x80 ? ataqcissue+0x107/0x1e0 ? locktimerbase+0x61/0x80 ? _modtimer+0x202/0x380 rtnlsetlink+0xe5/0x170 ? bpflsmbindertransaction+0x10/0x10 ? securitycapable+0x36/0x50 rtnetlinkrcvmsg+0x121/0x350 ? rtnlcalcit.isra.0+0x100/0x100 netlinkrcvskb+0x50/0xf0 netlinkunicast+0x1d3/0x2a0 netlinksendmsg+0x22a/0x440 socksendmsg+0x5e/0x60 _syssendto+0xf0/0x160 ? _sysgetsockname+0x7e/0xc0 ? _copyfromuser+0x3c/0x80 ? _syssetsockopt+0xc8/0x1a0 _x64syssendto+0x20/0x30 dosyscall64+0x33/0x40 entrySYSCALL64afterhwframe+0x44/0xae RIP: 0033:0x7f83fa7a39e0
This was caused by PF queue pile fragmentation due to flow director VSI queue being placed right after main VSI. Because of this main VSI was not able to resize its queue allocation for XDP resulting in no queues allocated for main VSI when XDP was turned on.
Fix this by always allocating last queue in PF queue pile for a flow director VSI.