| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jan 2015 11:56:53 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Hiroshi Shimamoto' <h-shimamoto@...jp.nec.com>, "Skidmore, Donald C" <donald.c.skidmore@...el.com>, Bjørn Mork <bjorn@...k.no> CC: "e1000-devel@...ts.sourceforge.net" <e1000-devel@...ts.sourceforge.net>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "Choi, Sy Jong" <sy.jong.choi@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Hayato Momma <h-momma@...jp.nec.com> Subject: RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous mode control From: Hiroshi Shimamoto > My concern is what is the real issue that VF multicast promiscuous mode can cause. > I think there is the 4k entries to filter multicast address, and the current ixgbe/ixgbevf > can turn all bits on from VM. That is almost same as enabling multicast promiscuous mode. > I mean that we can receive all multicast addresses by an onerous operation in untrusted VM. > I think we should clarify what is real security issue in this context. If you are worried about passing un-enabled multicasts to users then what about doing a software hash of received multicasts and checking against an actual list of multicasts enabled for that hash entry. Under normal conditions there is likely to be only a single address to check. It may (or may not) be best to use the same hash as any hashing hardware filter uses. David
Powered by blists - more mailing lists