Re: [Intel-wired-lan] [PATCH net-next, v3, 2/2] i40e: support generic devlink param "max_mac_per_vf"

[Jacob Keller <jacob.e.keller@intel.com>]

[-- Attachment #1.1: Type: text/plain, Size: 1108 bytes --]



On 9/5/2025 4:46 AM, Simon Horman wrote:
> On Wed, Sep 03, 2025 at 03:25:40PM -0700, Jacob Keller wrote:
>> We didn't rate limit it before. I am not sure how fast the VF can
>> actually send messages, so I'm not sure if that change would be required.
>>
>> You could optionally also report the mac_add_max for the untrusted
>> message as well, but I think its fine to leave as-is in that case as well.
> 
> I'm not sure either. I'm more used to rate limits in the datapath,
> where network traffic can result in a log.
> 
> I think that if we want to go down the path you suggest then we should
> look at what other logs fall into the same category: generated by VM admin
> actions. And perhaps start by looking in the i40e driver for such cases.
> 
> Just my 2c worth on this one.
> 

I noticed that a VF can cause this message to be spammed indefinitely at
whatever rate the PF processes the virtchnl message, once its MAC cap is
hit. I don't think we really protect against that in any virtchnl
message, so that makes me think its likely not been considered a problem
thus far.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]