| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 07 Jan 2015 12:03:45 -0800
From: Jeff Kirsher <jeffrey.t.kirsher@...el.com>
To: Vlad Zolotarov <vladz@...udius-systems.com>
Cc: netdev@...r.kernel.org, gleb@...udius-systems.com,
avi@...udius-systems.com
Subject: Re: [PATCH net-next v5 0/7]: ixgbevf: Allow querying VFs RSS
indirection table and key
On Wed, 2015-01-07 at 21:26 +0200, Vlad Zolotarov wrote:
> Add the ethtool ops to VF driver to allow querying the RSS indirection
> table
> and RSS Random Key.
>
> On some devices VFs share the RSS Redirection Table and Hash Key with
> a PF and letting
> the VF query this information may introduce some security risks.
> Therefore we disable this
> feature by default for such devices (e.g. 82599) and allow it for
> those where there isn't any
> possible risk (e.g. on x550). The new netdev op is going to allow a
> system administrator to
> change the default behaviour with "ip link set" command.
>
> - netdev: Add a new netdev op to allow/block VF from querying RSS
> Indirection Table and
> RSS Hash Key.
> - PF driver: Add new VF-PF channel commands.
> - VF driver: Utilize these new commands and add the corresponding
> ethtool callbacks.
>
> New in v5:
> - Added a new netdev op to allow/block VF from querying RSS
> Indirection Table and
> RSS Hash Key.
> - Let VF query the RSS info only if VF is allowed to.
>
> New in v4:
> - Forgot to run checkpatch on v3 and there were a few styling
> things to fix. ;)
>
> New in v3:
> - Added a missing support for x550 devices.
> - Mask the indirection table values according to PSRTYPE[n].RQPL.
> - Minimized the number of added VF-PF commands.
>
> New in v2:
> - Added a detailed description to patches 4 and 5.
>
> New in v1 (compared to RFC):
> - Use "if-else" statement instead of a "switch-case" for a single
> option case.
> More specifically: in cases where the newly added API version is
> the only one
> allowed. We may consider using a "switch-case" back again when
> the list of
> allowed API versions in these specific places grows up.
>
> Vlad Zolotarov (7):
> if_link: Add an additional parameter to ifla_vf_info for RSS
> querying
> ixgbe: Add a new netdev op to allow/prevent a VF from querying an
> RSS
> info
> ixgbe: Add a RETA query command to VF-PF channel API
> ixgbevf: Add a RETA query code
> ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set
> ixgbevf: Add RSS Key query code
> ixgbevf: Add the appropriate ethtool ops to query RSS indirection
> table and key
>
> drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 7 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 10 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 119
> +++++++++++++++++++
> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 +
> drivers/net/ethernet/intel/ixgbevf/ethtool.c | 42 +++++++
> drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +-
> drivers/net/ethernet/intel/ixgbevf/mbx.h | 10 ++
> drivers/net/ethernet/intel/ixgbevf/vf.c | 132
> ++++++++++++++++++++++
> drivers/net/ethernet/intel/ixgbevf/vf.h | 2 +
> include/linux/if_link.h | 1 +
> include/linux/netdevice.h | 8 ++
> include/uapi/linux/if_link.h | 8 ++
> net/core/rtnetlink.c | 33 +++++-
> 14 files changed, 372 insertions(+), 7 deletions(-)
Thanks Vlad, I will add your patches to my queue.
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists