From: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
To: davem@davemloft.net
Cc: Ken Cox <jkc@redhat.com>,
netdev@vger.kernel.org, nhorman@redhat.com, sassmann@redhat.com,
jogreene@redhat.com, guru.anbalagane@oracle.com,
Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Subject: [net-next 10/21] ixgbe: test for trust in macvlan adjustments for VF
Date: Fri, 30 Dec 2016 01:33:30 -0800 [thread overview]
Message-ID: <20161230093341.14674-11-jeffrey.t.kirsher@intel.com> (raw)
In-Reply-To: <20161230093341.14674-1-jeffrey.t.kirsher@intel.com>
From: Ken Cox <jkc@redhat.com>
There are two methods for setting mac addresses in a Macvlan, that
differentiate themselves in the function macvlan_set_mac_Address.
If the macvlan mode is passthru, then we use the dev_set_mac_address
method, otherwise we use the dev_uc api via macvlan_sync_addresses.
The latter method (which would stem from using any non-passthru mode,
like bridge, or vepa), calls down into the driver in a path that terminates
in ixgbevf_set_uc_addr_vf, which sends a IXGBE_VF_SET_MACVLAN message,
which causes the pf to spawn the noted error message. This occurs because
it appears that the guest is trying to delete the mac address of the macvlan
before adding another.
The other path in macvlan_set_mac_address uses dev_set_mac_address, which
calls into ixgbevf_set_mac which uses the IXGBE_VF_SET_MAC_ADDR to the
pf to set the macvlan mac address.
The discrepancy here is in the handlers. The handler function for
IXGBE_VF_SET_MAC_ADDR (ixgbe_set_vf_mac_addr) has a check for
the vfinfo[].trusted bit to allow the operation if the vf is trusted.
In comparison, the IXGBE_VF_SET_MACVLAN message handler
(ixgbe_set_vf_macvlan_msg) has no such check of the trusted bit.
Signed-off-by: Ken Cox <jkc@redhat.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 7e5d985..dd1187c 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -934,7 +934,8 @@ static int ixgbe_set_vf_macvlan_msg(struct ixgbe_adapter *adapter,
IXGBE_VT_MSGINFO_SHIFT;
int err;
- if (adapter->vfinfo[vf].pf_set_mac && index > 0) {
+ if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted &&
+ index > 0) {
e_warn(drv,
"VF %d requested MACVLAN filter but is administratively denied\n",
vf);
--
2.9.3
next prev parent reply other threads:[~2016-12-30 9:33 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-30 9:33 [net-next 00/21][pull request] 10GbE Intel Wired LAN Driver Updates 2016-12-29 Jeff Kirsher
2016-12-30 9:33 ` [net-next 01/21] ixgbe: do not disable FEC from the driver Jeff Kirsher
2016-12-30 9:33 ` [net-next 02/21] ixgbe: Report driver version to firmware for x550 devices Jeff Kirsher
2016-12-30 9:33 ` [net-next 03/21] ixgbe: Fix check for ixgbe_phy_x550em_ext_t reset Jeff Kirsher
2016-12-30 9:33 ` [net-next 04/21] ixgbe: add mask for 64 RSS queues Jeff Kirsher
2016-12-30 9:33 ` [net-next 05/21] ixgbe: Add bounds check for x540 LED functions Jeff Kirsher
2016-12-30 9:33 ` [net-next 06/21] ixgbe: Reduce I2C retry count on X550 devices Jeff Kirsher
2016-12-30 9:33 ` [net-next 07/21] ixgbe: Fix reporting of 100Mb capability Jeff Kirsher
2016-12-30 9:33 ` [net-next 08/21] ixgbe: handle close/suspend race with netif_device_detach/present Jeff Kirsher
2016-12-30 9:33 ` [net-next 09/21] ixgbevf: handle race between close and suspend on shutdown Jeff Kirsher
2016-12-30 9:33 ` Jeff Kirsher [this message]
2016-12-30 9:33 ` [net-next 11/21] ixgbe: fix AER error handling Jeff Kirsher
2016-12-30 9:33 ` [net-next 12/21] ixgbevf: " Jeff Kirsher
2016-12-30 10:38 ` Sergei Shtylyov
2016-12-30 9:33 ` [net-next 13/21] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags Jeff Kirsher
2016-12-30 9:33 ` [net-next 14/21] ixgbevf: restore hw_addr on resume or error Jeff Kirsher
2016-12-30 9:33 ` [net-next 15/21] ixgbe: Configure advertised speeds correctly for KR/KX backplane Jeff Kirsher
2016-12-30 11:01 ` Sergei Shtylyov
2016-12-30 13:01 ` Rosen, Rami
2016-12-30 9:33 ` [net-next 16/21] ixgbe: Fix issues with EEPROM access Jeff Kirsher
2016-12-30 9:33 ` [net-next 17/21] ixgbe: Remove unused firmware version functions and method Jeff Kirsher
2016-12-30 9:33 ` [net-next 18/21] ixgbe: Implement firmware interface to access some PHYs Jeff Kirsher
2016-12-30 9:33 ` [net-next 19/21] ixgbe: Implement support for firmware-controlled PHYs Jeff Kirsher
2016-12-30 9:33 ` [net-next 20/21] ixgbevf: Add support for VF promiscuous mode Jeff Kirsher
2016-12-30 9:33 ` [net-next 21/21] ixgbe: Add PF " Jeff Kirsher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161230093341.14674-11-jeffrey.t.kirsher@intel.com \
--to=jeffrey.t.kirsher@intel.com \
--cc=davem@davemloft.net \
--cc=guru.anbalagane@oracle.com \
--cc=jkc@redhat.com \
--cc=jogreene@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@redhat.com \
--cc=sassmann@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).