| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49395329523DD64492581B505F80C86D5BDCF681FD@EXMAIL.ad.emulex.com>
Date: Tue, 21 Feb 2012 14:02:27 -0800
From: <Ajit.Khaparde@...lex.Com>
To: <bhutchings@...arflare.com>
CC: <davem@...emloft.net>, <shemminger@...ux-foundation.org>,
<netdev@...r.kernel.org>
Subject: RE: [RFC net-next 1/2] if_link : add support for VF privileges
> -----Original Message-----
> From: Ben Hutchings [mailto:bhutchings@...arflare.com]
> Sent: Tuesday, February 14, 2012 5:25 PM
> To: Khaparde, Ajit
> Cc: davem@...emloft.net; shemminger@...ux-foundation.org;
> netdev@...r.kernel.org
> Subject: Re: [RFC net-next 1/2] if_link : add support for VF privileges
>
> On Tue, 2012-02-14 at 13:26 -0600, Ajit Khaparde wrote:
> > Signed-off-by: Ajit Khaparde <ajit.khaparde@...lex.com>
> > ---
> > include/linux/if_link.h | 21 +++++++++++++++++++++
> > include/linux/netdevice.h | 3 +++
> > net/core/rtnetlink.c | 17 ++++++++++++++++-
> > 3 files changed, 40 insertions(+), 1 deletions(-)
> >
> > diff --git a/include/linux/if_link.h b/include/linux/if_link.h
> > index c52d4b5..9c93a8e 100644
> > --- a/include/linux/if_link.h
> > +++ b/include/linux/if_link.h
> > @@ -280,11 +280,26 @@ enum {
> > IFLA_VF_VLAN,
> > IFLA_VF_TX_RATE, /* TX Bandwidth Allocation */
> > IFLA_VF_SPOOFCHK, /* Spoof Checking on/off switch */
> > + IFLA_VF_PRIVILEGE, /* VF Privilege level setting */
> > __IFLA_VF_MAX,
> > };
> >
> > #define IFLA_VF_MAX (__IFLA_VF_MAX - 1)
> >
> > +enum {
> > + IFLA_VF_PRIVILEGE_DEFAULT = 1, /* Default privileges */
>
> What are the default privileges? Should existing drivers report that
> their VFs have this?
Yes. Vendors can decide what privileges they want to grant for VFs by default.
>
> > + IFLA_VF_PRIVILEGE_STATS = 2, /* Privilege to gather statistics */
>
> I assume that means port or board statistics as opposed to statistics
> for the VF?
Yes, Port statistics.
>
> > + IFLA_VF_PRIVILEGE_LNK_MGMT = 4, /* Privilege to manage link
> params */
> > + IFLA_VF_PRIVILEGE_DIAG = 8, /* Privilege to perform
> diagnostics */
> > + IFLA_VF_PRIVILEGE_MAC = 16, /* Privilege to modify MAC
> address */
> > + IFLA_VF_PRIVILEGE_VLAN = 32, /* Privilege to add or remove
> VLANs */
>
> I assume these two apply to RX filtering of the VF itself. How about
> control over TX filtering?
Yes. This is for Rx filtering. Tx filtering privileges can be added if needed.
>
> > + IFLA_VF_PRIVILEGE_DEV_CFG = 64, /* Unrestricted admin access
> privlege */
>
> Does that include all the other privileges, or does it mean 'everything
> else'?
All other privileges with the exception of "secure content" (defined below).
>
> > + IFLA_VF_PRIVILEGE_SECURE = 128, /* Privilege to access secure
> content */
>
> What does that mean?
Privilege to access secure information on the ASIC like debug registers,
dump information.
>
> > + __IFLA_VF_PRIVILEGE_MAX,
> > +};
> > +
> > +#define IFLA_VF_PRIVILEGE_MAX (__IFLA_VF_PRIVILEGE_MAX - 1)
> [...]
>
> This doesn't seem to make sense for an enumeration of flags.
Yes. Will take care.
Thanks
>
> Ben.
>
> --
> Ben Hutchings, Staff Engineer, Solarflare
> Not speaking for my employer; that's the marketing department's job.
> They asked us to note that Solarflare product names are trademarked.
Powered by blists - more mailing lists