From: Ian Campbell <ijc@hellion.org.uk>
To: David Miller <davem@davemloft.net>
Cc: gregory.v.rose@intel.com, leedom@chelsio.com,
shemminger@vyatta.com, andy@greyhouse.net, harald@redhat.com,
bhutchings@solarflare.com, sassmann@redhat.com,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
gospo@redhat.com, alexander.h.duyck@intel.com
Subject: Re: [PATCH net-next] sysfs: add entry to indicate network interfaces with random MAC address
Date: Thu, 22 Jul 2010 08:12:07 +0100 [thread overview]
Message-ID: <1279782727.13417.198.camel@localhost.localdomain> (raw)
In-Reply-To: <20100721.123324.237334251.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 2163 bytes --]
On Wed, 2010-07-21 at 12:33 -0700, David Miller wrote:
> From: "Rose, Gregory V" <gregory.v.rose@intel.com>
> Date: Wed, 21 Jul 2010 12:02:17 -0700
>
> >>From: David Miller <davem@davemloft.net>
> >>Date: Wed, 21 Jul 2010 11:48:51 -0700 (PDT)
> >>
> >>> You could do things like have the PF controller use the root
> >>filesystem
> >>> ID label to construct the VF's MAC address, or something like that.
> >>
> >>And here I of course mean the root filesystem of the guest the VF will
> >>be given to.
> >
> > I suppose you could do that but then the VM is going to have to be
> > allowed to set its own MAC address. There is a lot of opposition
> > and concern about allowing VMs to set their own MAC address.
>
> Why would that be necessary? The host with the PF creating the guest
> has access to the "device" and thus the root filesystem of the guest,
> and thus could pull in the root filesystem "key" and instantiate the
> VF's MAC before booting the guest.
Most VM host toolstacks allow you to store a MAC address for each
virtual NIC in the metadata associated with the VM. This MAC address is
either given by the user when they create the virtual NIC, random with
locally administered bit set or random in the VM vendors OID space. This
ensures the VM configuration remains consistent with time.
Why would they not continue to do the same for SR-IOV passthrough NICs?
As a fallback some toolstacks will generate a random address if the NIC
configuration doesn't specify one but if you want a persistent address
for a guest why would you not just configure it that way? Accessing the
guest root filesystem might be a nicer fallback than random generation
when users haven't explicitly configured a MAC but isn't there a chance
of a VM admin controlling the MAC address by manipulating the root
filesystem? What do you do if there is an address clash in this case,
relabelling the root filesystem is a bit of a faff. Also the root
filesystem could be contained within an LVM volume or encrypted or
whatever.
Ian.
--
Ian Campbell
Military intelligence is a contradiction in terms.
-- Groucho Marx
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2010-07-22 7:23 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-20 10:50 [PATCH net-next] sysfs: add entry to indicate network interfaces with random MAC address Stefan Assmann
2010-07-20 11:20 ` Ben Hutchings
2010-07-20 11:47 ` Stefan Assmann
2010-07-20 11:58 ` Alex Badea
2010-07-20 12:17 ` Stefan Assmann
2010-07-20 20:18 ` David Miller
2010-07-21 8:10 ` Stefan Assmann
2010-07-21 13:54 ` Ben Hutchings
2010-07-22 12:50 ` [PATCH net-next] sysfs: add attribute to indicate hw address assignment type Stefan Assmann
2010-07-22 14:07 ` Ben Hutchings
2010-07-22 14:47 ` Stefan Assmann
2010-07-25 3:50 ` David Miller
2010-07-20 12:07 ` [PATCH net-next] sysfs: add entry to indicate network interfaces with random MAC address Ben Hutchings
2010-07-20 12:41 ` Stefan Assmann
2010-07-20 14:29 ` Ben Hutchings
2010-07-20 20:17 ` David Miller
2010-07-20 21:18 ` Stephen Hemminger
2010-07-20 21:20 ` David Miller
2010-07-21 6:26 ` Harald Hoyer
2010-07-21 6:34 ` David Miller
2010-07-21 6:47 ` Harald Hoyer
2010-07-21 15:07 ` Andy Gospodarek
2010-07-21 16:34 ` Casey Leedom
2010-07-21 17:28 ` Stephen Hemminger
2010-07-21 17:32 ` David Miller
2010-07-21 18:29 ` Casey Leedom
2010-07-21 18:39 ` David Miller
2010-07-21 19:25 ` Casey Leedom
2010-07-21 18:43 ` Rose, Gregory V
2010-07-21 18:48 ` David Miller
2010-07-21 18:50 ` David Miller
2010-07-21 19:02 ` Rose, Gregory V
2010-07-21 19:33 ` David Miller
2010-07-21 19:35 ` Rose, Gregory V
2010-07-22 7:12 ` Ian Campbell [this message]
2010-07-22 6:53 ` Stefan Assmann
2010-07-23 0:26 ` Casey Leedom
2010-07-23 8:08 ` Stefan Assmann
2010-07-23 16:35 ` Casey Leedom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1279782727.13417.198.camel@localhost.localdomain \
--to=ijc@hellion.org.uk \
--cc=alexander.h.duyck@intel.com \
--cc=andy@greyhouse.net \
--cc=bhutchings@solarflare.com \
--cc=davem@davemloft.net \
--cc=gospo@redhat.com \
--cc=gregory.v.rose@intel.com \
--cc=harald@redhat.com \
--cc=leedom@chelsio.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sassmann@redhat.com \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).