lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 08 Oct 2014 15:29:15 -0700
From:	Jeff Kirsher <jeffrey.t.kirsher@...el.com>
To:	Alexander Graf <agraf@...e.de>
Cc:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	Mitch Williams <mitch.a.williams@...el.com>,
	Andy Gospodarek <andy@...yhouse.net>,
	Stefan Assmann <sassmann@...nic.de>,
	Aaron Brown <aaron.f.brown@...el.com>,
	Greg Rose <gregory.v.rose@...el.com>,
	John Ronciak <john.ronciak@...el.com>
Subject: Re: [PATCH] igb: Indicate failure on vf reset for empty mac address

On Wed, 2014-10-08 at 23:23 +0200, Alexander Graf wrote:
> Commit 5ac6f91d changed the igb driver to expose a zero (empty) mac
> address to the VF on reset rather than a random one.
> 
> However, that behavioral change also requires igbvf driver changes
> which can be hard especially when we want to talk to proprietary
> guest OSs.
> 
> Looking at the code previous to the commit in Linux that made igbvf
> work with empty mac addresses (8d56b6d), we can see that on reset
> failure the driver will try to generate a new mac address with both
> the old and the new code.
> 
> Furthermore, ixgbe does send reset failure when it detects an empty
> mac address (35055928c).
> 
> So I think it's safe to make igb behave the same. With this patch I
> can successfully run a Windows 8.1 guest with an empty mac address
> and an assigned igbvf device that has no mac address set by the host.
> 
> If anyone is aware of a guest driver that chokes on NACK returns of
> VF RESET commands, please speak up.
> 
> Signed-off-by: Alexander Graf <agraf@...e.de>
> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

Actually after further review of this patch and the reported bug in
SuSE's bugzilla, we are NACK'ing this patch.

If the reset has not failed, why are we indicating that it has?  We
originally supplied the VF with a NULL MAC, so we should supply it
again.  That way, the VF can choose to either regenerate a new random
MAC or keep using the one that it had.

The current method was a fix that was requested by the community in the
first place, also we cannot take into account "proprietary guest OS's".

> 
> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
> index cb14bbd..e8c53b6 100644
> --- a/drivers/net/ethernet/intel/igb/igb_main.c
> +++ b/drivers/net/ethernet/intel/igb/igb_main.c
> @@ -6024,8 +6024,12 @@ static void igb_vf_reset_msg(struct igb_adapter *adapter, u32 vf)
>  	adapter->vf_data[vf].flags |= IGB_VF_FLAG_CTS;
>  
>  	/* reply to reset with ack and vf mac address */
> -	msgbuf[0] = E1000_VF_RESET | E1000_VT_MSGTYPE_ACK;
> -	memcpy(addr, vf_mac, ETH_ALEN);
> +	if (!is_zero_ether_addr(vf_mac)) {
> +		msgbuf[0] = E1000_VF_RESET | E1000_VT_MSGTYPE_ACK;
> +		memcpy(addr, vf_mac, ETH_ALEN);
> +	} else {
> +		msgbuf[0] = E1000_VF_RESET | E1000_VT_MSGTYPE_NACK;
> +	}
>  	igb_write_mbx(hw, msgbuf, 3, vf);
>  }
>  



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists