From: Gleb Natapov <gleb@cloudius-systems.com>
To: Greg Rose <gvrose8192@gmail.com>
Cc: Vlad Zolotarov <vladz@cloudius-systems.com>,
netdev@vger.kernel.org, avi@cloudius-systems.com,
jeffrey.t.kirsher@intel.com
Subject: Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key
Date: Tue, 6 Jan 2015 08:55:35 +0200 [thread overview]
Message-ID: <20150106065535.GM29889@cloudius-systems.com> (raw)
In-Reply-To: <CALgkqUojkfTwhsoAnPZdJv-oMg7PMB5m8Q2=k5=QqXKxSJgq7w@mail.gmail.com>
On Mon, Jan 05, 2015 at 03:54:52PM -0800, Greg Rose wrote:
> On Mon, Jan 5, 2015 at 6:15 AM, Vlad Zolotarov
> <vladz@cloudius-systems.com> wrote:
> > Add the ethtool ops to VF driver to allow querying the RSS indirection table
> > and RSS Random Key.
> >
> > - PF driver: Add new VF-PF channel commands.
> > - VF driver: Utilize these new commands and add the corresponding
> > ethtool callbacks.
> >
> > New in v3:
> > - Added a missing support for x550 devices.
> > - Mask the indirection table values according to PSRTYPE[n].RQPL.
> > - Minimized the number of added VF-PF commands.
> >
> > New in v2:
> > - Added a detailed description to patches 4 and 5.
> >
> > New in v1 (compared to RFC):
> > - Use "if-else" statement instead of a "switch-case" for a single option case.
> > More specifically: in cases where the newly added API version is the only one
> > allowed. We may consider using a "switch-case" back again when the list of
> > allowed API versions in these specific places grows up.
> >
> > Vlad Zolotarov (5):
> > ixgbe: Add a RETA query command to VF-PF channel API
> > ixgbevf: Add a RETA query code
> > ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set
> > ixgbevf: Add RSS Key query code
> > ixgbevf: Add the appropriate ethtool ops to query RSS indirection
> > table and key
> >
> > drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 10 ++
> > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 91 +++++++++++++++
> > drivers/net/ethernet/intel/ixgbevf/ethtool.c | 43 +++++++
> > drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +-
> > drivers/net/ethernet/intel/ixgbevf/mbx.h | 10 ++
> > drivers/net/ethernet/intel/ixgbevf/vf.c | 132 ++++++++++++++++++++++
> > drivers/net/ethernet/intel/ixgbevf/vf.h | 2 +
> > 7 files changed, 291 insertions(+), 1 deletion(-)
>
> I've given this code a review and I don't see a way to
> set a policy in the PF driver as to whether this request should be
> allowed or not. We cannot enable this query by default - it is a
> security risk. To make this acceptable you need to do a
> couple of things.
>
Can you please elaborate on the security risk this information poses?
Is toeplitz hash function cryptographically strong enough so that VF
cannot reconstruct the hash key from hash result provided in packet
descriptor? The abstract of this paper [1] claims it is not, but I do
not have access to the full article unfortunately hence the question.
[1] http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5503170&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5503170
--
Gleb.
next prev parent reply other threads:[~2015-01-06 6:55 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-05 14:15 [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key Vlad Zolotarov
2015-01-05 14:15 ` [PATCH net-next v3 1/5] ixgbe: Add a RETA query command to VF-PF channel API Vlad Zolotarov
2015-01-05 14:15 ` [PATCH net-next v3 2/5] ixgbevf: Add a RETA query code Vlad Zolotarov
2015-01-05 14:15 ` [PATCH net-next v3 3/5] ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set Vlad Zolotarov
2015-01-05 14:15 ` [PATCH net-next v3 4/5] ixgbevf: Add RSS Key query code Vlad Zolotarov
2015-01-05 14:15 ` [PATCH net-next v3 5/5] ixgbevf: Add the appropriate ethtool ops to query RSS indirection table and key Vlad Zolotarov
2015-01-05 14:47 ` [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs " Vlad Zolotarov
2015-01-05 23:54 ` Greg Rose
2015-01-06 6:55 ` Gleb Natapov [this message]
2015-01-06 10:58 ` Vlad Zolotarov
2015-01-06 16:59 ` Greg Rose
2015-01-06 17:30 ` Vlad Zolotarov
2015-01-06 18:22 ` Greg Rose
2015-01-06 20:13 ` Vlad Zolotarov
2015-01-06 21:13 ` Greg Rose
2015-01-06 18:04 ` Gleb Natapov
2015-01-06 18:30 ` Greg Rose
2015-01-06 18:44 ` Gleb Natapov
2015-01-06 18:59 ` Eric Dumazet
2015-01-06 19:15 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150106065535.GM29889@cloudius-systems.com \
--to=gleb@cloudius-systems.com \
--cc=avi@cloudius-systems.com \
--cc=gvrose8192@gmail.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=netdev@vger.kernel.org \
--cc=vladz@cloudius-systems.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).