lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1462147581-135254-4-git-send-email-jeffrey.t.kirsher@intel.com> Date: Sun, 1 May 2016 17:06:09 -0700 From: Jeff Kirsher <jeffrey.t.kirsher@...el.com> To: davem@...emloft.net Cc: Anjali Singhai Jain <anjali.singhai@...el.com>, netdev@...r.kernel.org, nhorman@...hat.com, sassmann@...hat.com, jogreene@...hat.com, Jeff Kirsher <jeffrey.t.kirsher@...el.com> Subject: [net-next 03/15] i40e: Prevent falling to promiscuous if the VF is not trusted From: Anjali Singhai Jain <anjali.singhai@...el.com> With this change a non trusted VF can never fall to promiscuous mode when there is no room for a MAC/VLAN filter. Change-Id: I8a155aa25c0bcdc6093414920c9ade4ee0bd20e8 Signed-off-by: Anjali Singhai Jain <anjali.singhai@...el.com> Tested-by: Andrew Bowers <andrewx.bowers@...el.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com> --- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index 39b3b56..a45748e 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -2098,6 +2098,12 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi) } } + /* if the VF is not trusted do not do promisc */ + if ((vsi->type == I40E_VSI_SRIOV) && !pf->vf[vsi->vf_id].trusted) { + clear_bit(__I40E_FILTER_OVERFLOW_PROMISC, &vsi->state); + goto out; + } + /* check for changes in promiscuous modes */ if (changed_flags & IFF_ALLMULTI) { bool cur_multipromisc; -- 2.5.5
Powered by blists - more mailing lists