lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 29 Sep 2017 08:04:49 -0700
From:   Alexander Duyck <alexander.duyck@...il.com>
To:     wangyunjian <wangyunjian@...wei.com>
Cc:     David Miller <davem@...emloft.net>,
        Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        Sergei Shtylyov <sergei.shtylyov@...entembedded.com>,
        Netdev <netdev@...r.kernel.org>, caihe <caihe@...wei.com>,
        intel-wired-lan <intel-wired-lan@...ts.osuosl.org>
Subject: Re: [Intel-wired-lan] [PATCH net v2] i40e: Fix limit imprecise of the
 number of MAC/VLAN that can be added for VFs

On Fri, Sep 29, 2017 at 2:13 AM, wangyunjian <wangyunjian@...wei.com> wrote:
>
>
>> -----Original Message-----
>> From: Alexander Duyck [mailto:alexander.duyck@...il.com]
>> Sent: Thursday, September 28, 2017 11:44 PM
>> To: wangyunjian <wangyunjian@...wei.com>
>> Cc: David Miller <davem@...emloft.net>; Jeff Kirsher
>> <jeffrey.t.kirsher@...el.com>; Sergei Shtylyov
>> <sergei.shtylyov@...entembedded.com>; Netdev
>> <netdev@...r.kernel.org>; caihe <caihe@...wei.com>; intel-wired-lan
>> <intel-wired-lan@...ts.osuosl.org>
>> Subject: Re: [Intel-wired-lan] [PATCH net v2] i40e: Fix limit imprecise of the
>> number of MAC/VLAN that can be added for VFs
>>
>> On Wed, Sep 27, 2017 at 7:01 PM, w00273186 <wangyunjian@...wei.com>
>> wrote:
>> > From: Yunjian Wang <wangyunjian@...wei.com>
>> >
>> > Now it doesn't limit the number of MAC/VLAN strictly. When there is more
>> > elements in the virtchnl MAC/VLAN list, it can still add successfully.
>>
>> You could still add but should you. I'm not clear from this patch
>> description what this is supposed to be addressing. If you enable the
>> "trust" flag for a VF via the "ip link set dev <iface> vf <vfnum>
>> trust on" it can make use of any resources on the device, but without
>> that there is an upper limit that is supposed to be enforced to
>> prevent the VF from making use of an excessive amount of resources.
>> That is what is being enforced by the code you are moving out of the
>> way below.
>
> I don't enable the "trust" flag for a VF. But this script can successfully add
> MACs more than I40E_VC_MAX_MAC_ADDR_PER_VF(12) in VM. It has
> same problem with VLAN.
>
> Test script:
>
> for((i=10;i<50;i++))
> do
>     ipmaddr add 01:00:5e:01:02:$i  dev eth0
> done
>
> for ((i=1;i<40;i++))
> do
>     ip link add link eth0 name eth0.$i type vlan id $i
> done
>

Okay, thanks for the info. I can see if we can address the issue in a
way that prevents us from adding the filters to the hardware before we
return the result indicating if we can support it or not.

- Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ