Re: [PATCH v2] ixgbe: make VLAN filter conditional

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
To: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>
Cc: "e1000-devel@lists.sourceforge.net"
	<e1000-devel@lists.sourceforge.net>,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	"Choi, Sy Jong" <sy.jong.choi@intel.com>,
	Hayato Momma <h-momma@ce.jp.nec.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"ben@decadent.org.uk" <ben@decadent.org.uk>
Subject: Re: [PATCH v2] ixgbe: make VLAN filter conditional
Date: Fri, 06 Mar 2015 02:16:50 -0800	[thread overview]
Message-ID: <1425637010.2556.180.camel@jtkirshe-mobl> (raw)
In-Reply-To: <7F861DC0615E0C47A872E6F3C5FCDDBD05E4F392@BPXM14GP.gisp.nec.co.jp>

[-- Attachment #1: Type: text/plain, Size: 2561 bytes --]

On Fri, 2015-03-06 at 09:46 +0000, Hiroshi Shimamoto wrote:
> > On Fri, 2015-03-06 at 06:04 +0000, Hiroshi Shimamoto wrote:
> > > > From: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>
> > > >
> > > > Disable hardware VLAN filtering if netdev->features VLAN flag is
> > > dropped.
> > > >
> > > > In SR-IOV case, there is a use case which needs to disable VLAN
> > > filter.
> > > > For example, we need to make a network function with VF in
> > > virtualized
> > > > environment. That network function may be a software switch, a
> > > router
> > > > or etc. It means that that network function will be an end point
> > > which
> > > > terminates many VLANs.
> > > >
> > > > In the current implementation, VLAN filtering always be turned on
> > > and
> > > > VF can receive only 63 VLANs. It means that only 63 VLANs can be
> > > terminated
> > > > in one NIC.
> > > >
> > > > With this patch, if the user turns VLAN filtering off on the host,
> > > VF
> > > > can receive every VLAN packet.
> > > >
> > > > This VLAN filtering can be turned on or off when SR-IOV is disabled,
> > > if not
> > > > the operation is rejected.
> > >
> > > Hi,
> > >
> > > any comment about this?
> > > I added a warning message and prevent operation during SR-IOV is
> > > enabled.
> > 
> > Yes, the warning message you added says nothing of the huge security
> > hole this exposes.  We need a message the correctly expresses the
> > dangers in turning this off.
> 
> hm okay.
> Do you mean I should add a message like "this causes SECURITY issue", right?

Correct, you will need to notify the user that by turning off VLAN
filtering, this opens up serious security issues.  The message should
well inform the user of the potential dangers, so that if someone gets
hacked or information gets stolen because they turning off VLAN
filtering, that is was due to their choice to turn off this feature and
not a design flaw in the driver.

> > 
> > Also it does not appear that you addressed Ben Hutchings concerns, as I
> > asked.  Correct me if I am wrong and you did address Ben's concerns.
> 
> I think Ben's suggestion is to prevent turn VLAN filtering back on during
> VFs are used because that breaks guest's behavior.
> I added the code that make it impossible. We cannot turn on (or off) if
> the NIC has VFs.

And notify them that one they turn it off, then cannot turn it back on
if the NIC has VFs, so they will remain exposed and will continue to
have serious security issues.

> 
> thanks,
> Hiroshi



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

next prev parent reply	other threads:[~2015-03-06 10:16 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-06  6:04 [PATCH v2] ixgbe: make VLAN filter conditional Hiroshi Shimamoto
2015-03-06  9:34 ` Jeff Kirsher
2015-03-06  9:46   ` Hiroshi Shimamoto
2015-03-06 10:16     ` Jeff Kirsher [this message]
  -- strict thread matches above, loose matches on Subject: below --
2015-02-27  7:29 Hiroshi Shimamoto

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1425637010.2556.180.camel@jtkirshe-mobl \
    --to=jeffrey.t.kirsher@intel.com \
    --cc=ben@decadent.org.uk \
    --cc=e1000-devel@lists.sourceforge.net \
    --cc=h-momma@ce.jp.nec.com \
    --cc=h-shimamoto@ct.jp.nec.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sy.jong.choi@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).