From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 80DF2C47DB3 for ; Fri, 2 Feb 2024 12:43:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 27229813B0; Fri, 2 Feb 2024 12:43:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 27229813B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=osuosl.org; s=default; t=1706877794; bh=TShIs5Ane12ECqcRVKkcZ19ytCPg1TapeO0RzlSBxmw=; h=Date:From:To:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Cc:From; b=5IFvEziUNCDXxOxnMrhmFFy5jtVqq3vYtUeB5Jbf8+b+tpYlmFneVPZ2oQFGpRK56 ivZA285jIUjqfiZx3AS5nvxgiG3tmj9Dl3B9f5/3ZpXwtz24Q1kSnyCDTWxuB3ISkM oA0C41kv6BoVjrtgFs9XAQgod7fkfDdb1whXOq5uHsAokd6yG1UijlZb9S1yA9HWJ5 RvfiekN7/yj5qnNd5AL9VOrBu82vDQGBW2rqqz7Fy3q93bVE5xu6SOEdAKHR1qa+hY zEDl1goUtpbp3tcgH775CesPiHHmZr8THS2bmmJFxwh/T64us0DZkpc2/ybZRtbRx5 MUbUnUAIID3iQ== X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L35n_NwPaOin; Fri, 2 Feb 2024 12:43:13 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp1.osuosl.org (Postfix) with ESMTP id 5B99584D58; Fri, 2 Feb 2024 12:43:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 5B99584D58 Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id D961F1BF4E5 for ; Fri, 2 Feb 2024 12:43:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id B0D74402DE for ; Fri, 2 Feb 2024 12:43:11 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B0D74402DE X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0RCaCryQBIHW for ; Fri, 2 Feb 2024 12:43:11 +0000 (UTC) Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by smtp4.osuosl.org (Postfix) with ESMTPS id 201AD402DB for ; Fri, 2 Feb 2024 12:43:10 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 201AD402DB Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id EB23E62566; Fri, 2 Feb 2024 12:43:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 60B85C433C7; Fri, 2 Feb 2024 12:43:06 +0000 (UTC) Date: Fri, 2 Feb 2024 13:43:04 +0100 From: Simon Horman To: Ivan Vecera Message-ID: <20240202124304.GQ530335@kernel.org> References: <20240131131714.23497-1-ivecera@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240131131714.23497-1-ivecera@redhat.com> X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1706877789; bh=PxfcsiEDIy9Qq5Fj9DyY2bRtJKhBqY6xM3ALRlMwdZ4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ijhod+4a9Wm7Ak9rvxRN/3QoDdbZhfsYcuZEvIQQp9DPeaDFVc2+bazmthC1sBrbM nQfyFhyaMS/RgoPZULthADl2xhEe1YJ3RxJX4a5YqjKuEPuENcdEAogRCXjwhUKuig GxIFB7Wv5vCglxl2TmlUleC8CPFybvvHk4NO8y/kB9tVPTTPY2wWrWEA3QxOglNSZ3 ea4u26WP5CCBU0MQY/6AwgqnUWGR52FaxnjeTSRqo5ASYMFvSRLeImalC+jWNtw4C2 ZkCYwcsSqMy57sfl6NLDwjvyPQBdftP0vkYsiIugAl+osmKaF+xd8Q4GFnp4DvPRMf ZfMSQ4zS/mTEw== X-Mailman-Original-Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=Ijhod+4a Subject: Re: [Intel-wired-lan] [PATCH net] i40e: Do not allow untrusted VF to remove administratively set MAC X-BeenThere: intel-wired-lan@osuosl.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Intel Wired Ethernet Linux Kernel Driver Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mateusz Palczewski , netdev@vger.kernel.org, Mitch Williams , Jesse Brandeburg , open list , Eric Dumazet , Tony Nguyen , Jeff Kirsher , Sylwester Dziedziuch , Jakub Kicinski , Paolo Abeni , "David S. Miller" , "moderated list:INTEL ETHERNET DRIVERS" Errors-To: intel-wired-lan-bounces@osuosl.org Sender: "Intel-wired-lan" On Wed, Jan 31, 2024 at 02:17:14PM +0100, Ivan Vecera wrote: > Currently when PF administratively sets VF's MAC address and the VF > is put down (VF tries to delete all MACs) then the MAC is removed > from MAC filters and primary VF MAC is zeroed. > > Do not allow untrusted VF to remove primary MAC when it was set > administratively by PF. > > Reproducer: > 1) Create VF > 2) Set VF interface up > 3) Administratively set the VF's MAC > 4) Put VF interface down > > [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs > [root@host ~]# ip link set enp2s0f0v0 up > [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d > [root@host ~]# ip link show enp2s0f0 > 23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 > link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off > [root@host ~]# ip link set enp2s0f0v0 down > [root@host ~]# ip link show enp2s0f0 > 23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 > link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off > > Fixes: 700bbf6c1f9e ("i40e: allow VF to remove any MAC filter") > Fixes: ceb29474bbbc ("i40e: Add support for VF to specify its primary MAC address") > Signed-off-by: Ivan Vecera Thanks Ivan, Reviewed-by: Simon Horman