lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190504234929.3005-5-jeffrey.t.kirsher@intel.com> Date: Sat, 4 May 2019 16:49:18 -0700 From: Jeff Kirsher <jeffrey.t.kirsher@...el.com> To: davem@...emloft.net Cc: Akeem G Abodunrin <akeem.g.abodunrin@...el.com>, netdev@...r.kernel.org, nhorman@...hat.com, sassmann@...hat.com, Anirudh Venkataramanan <anirudh.venkataramanan@...el.com>, Andrew Bowers <andrewx.bowers@...el.com>, Jeff Kirsher <jeffrey.t.kirsher@...el.com> Subject: [net-next 04/15] ice: Don't remove VLAN filters that were never programmed From: Akeem G Abodunrin <akeem.g.abodunrin@...el.com> In case of non-trusted VFs, it is possible to program VLAN filter far less than what is requested by the VF originally, thereby makes number of VLAN elements being tracked by VF different from actual VLAN tags. This patch makes sure that we are not attempting to remove VLAN filter that does not exist. Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@...el.com> Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@...el.com> Tested-by: Andrew Bowers <andrewx.bowers@...el.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com> --- drivers/net/ethernet/intel/ice/ice_lib.c | 6 +++++- drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 12 +++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c index 947730d74612..83d0aef7f77e 100644 --- a/drivers/net/ethernet/intel/ice/ice_lib.c +++ b/drivers/net/ethernet/intel/ice/ice_lib.c @@ -1616,7 +1616,11 @@ int ice_vsi_kill_vlan(struct ice_vsi *vsi, u16 vid) list_add(&list->list_entry, &tmp_add_list); status = ice_remove_vlan(&pf->hw, &tmp_add_list); - if (status) { + if (status == ICE_ERR_DOES_NOT_EXIST) { + dev_dbg(&pf->pdev->dev, + "Failed to remove VLAN %d on VSI %i, it does not exist, status: %d\n", + vid, vsi->vsi_num, status); + } else if (status) { dev_err(&pf->pdev->dev, "Error removing VLAN %d on vsi %i error: %d\n", vid, vsi->vsi_num, status); diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c index abc958788267..f4b466cd4b7a 100644 --- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c +++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c @@ -2402,7 +2402,17 @@ static int ice_vc_process_vlan_msg(struct ice_vf *vf, u8 *msg, bool add_v) } } } else { - for (i = 0; i < vfl->num_elements; i++) { + /* In case of non_trusted VF, number of VLAN elements passed + * to PF for removal might be greater than number of VLANs + * filter programmed for that VF - So, use actual number of + * VLANS added earlier with add VLAN opcode. In order to avoid + * removing VLAN that doesn't exist, which result to sending + * erroneous failed message back to the VF + */ + int num_vf_vlan; + + num_vf_vlan = vf->num_vlan; + for (i = 0; i < vfl->num_elements && i < num_vf_vlan; i++) { u16 vid = vfl->vlan_id[i]; /* Make sure ice_vsi_kill_vlan is successful before -- 2.20.1
Powered by blists - more mailing lists