| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jun 2019 11:49:46 +0300
From: Denis Kirjanov <kirjanov@...il.com>
To: Doug Ledford <dledford@...hat.com>
Cc: Denis Kirjanov <kda@...ux-powerpc.org>, davem@...emloft.net,
netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
mkubecek@...e.cz
Subject: Re: [PATCH 2/2] ipoib: show VF broadcast address
On 6/14/19, Doug Ledford <dledford@...hat.com> wrote:
> On Fri, 2019-06-14 at 15:32 +0200, Denis Kirjanov wrote:
>> in IPoIB case we can't see a VF broadcast address for but
>> can see for PF
>>
>> Before:
>> 11: ib1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2044 qdisc pfifo_fast
>> state UP mode DEFAULT group default qlen 256
>> link/infiniband
>> 80:00:00:66:fe:80:00:00:00:00:00:00:24:8a:07:03:00:a4:3e:7c brd
>> 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
>> vf 0 MAC 14:80:00:00:66:fe, spoof checking off, link-state
>> disable,
>> trust off, query_rss off
>> ...
>
> The above Before: output should be used as the After: portion of the
> previous commit message. The previos commit does not fully resolve the
> problem, but yet the commit message acts as though it does.
>
>>
>> After:
>> 11: ib1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2044 qdisc pfifo_fast
>> state UP mode DEFAULT group default qlen 256
>> link/infiniband
>> 80:00:00:66:fe:80:00:00:00:00:00:00:24:8a:07:03:00:a4:3e:7c brd
>> 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
>> vf 0 link/infiniband
>> 80:00:00:66:fe:80:00:00:00:00:00:00:24:8a:07:03:00:a4:3e:7c brd
>> 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff, spoof
>> checking off, link-state disable, trust off, query_rss off
>
> Ok, I get why the After: should have a valid broadcast. What I don't
> get is why the Before: shows a MAC and the After: shows a
> link/infiniband? What change in this patch is responsible for that
> difference? I honestly expect, by reading this patch, that you would
> have a MAC and Broadcast that look like Ethernet, not that the full
> issue would be resolved.
Hi Doug,
it's the patch for iproute2 that I'm going to send
>
>> v1->v2: add the IFLA_VF_BROADCAST constant
>> v2->v3: put IFLA_VF_BROADCAST at the end
>> to avoid KABI breakage and set NLA_REJECT
>> dev_setlink
>>
>> Signed-off-by: Denis Kirjanov <kda@...ux-powerpc.org>
>> ---
>> include/uapi/linux/if_link.h | 5 +++++
>> net/core/rtnetlink.c | 5 +++++
>> 2 files changed, 10 insertions(+)
>>
>> diff --git a/include/uapi/linux/if_link.h
>> b/include/uapi/linux/if_link.h
>> index 5b225ff63b48..6f75bda2c2d7 100644
>> --- a/include/uapi/linux/if_link.h
>> +++ b/include/uapi/linux/if_link.h
>> @@ -694,6 +694,7 @@ enum {
>> IFLA_VF_IB_NODE_GUID, /* VF Infiniband node GUID */
>> IFLA_VF_IB_PORT_GUID, /* VF Infiniband port GUID */
>> IFLA_VF_VLAN_LIST, /* nested list of vlans, option for
>> QinQ */
>> + IFLA_VF_BROADCAST, /* VF broadcast */
>> __IFLA_VF_MAX,
>> };
>>
>> @@ -704,6 +705,10 @@ struct ifla_vf_mac {
>> __u8 mac[32]; /* MAX_ADDR_LEN */
>> };
>>
>> +struct ifla_vf_broadcast {
>> + __u8 broadcast[32];
>> +};
>> +
>> struct ifla_vf_vlan {
>> __u32 vf;
>> __u32 vlan; /* 0 - 4095, 0 disables VLAN filter */
>> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
>> index cec60583931f..8ac81630ab5c 100644
>> --- a/net/core/rtnetlink.c
>> +++ b/net/core/rtnetlink.c
>> @@ -908,6 +908,7 @@ static inline int rtnl_vfinfo_size(const struct
>> net_device *dev,
>> size += num_vfs *
>> (nla_total_size(0) +
>> nla_total_size(sizeof(struct ifla_vf_mac)) +
>> + nla_total_size(sizeof(struct
>> ifla_vf_broadcast)) +
>> nla_total_size(sizeof(struct ifla_vf_vlan)) +
>> nla_total_size(0) + /* nest IFLA_VF_VLAN_LIST
>> */
>> nla_total_size(MAX_VLAN_LIST_LEN *
>> @@ -1197,6 +1198,7 @@ static noinline_for_stack int
>> rtnl_fill_vfinfo(struct sk_buff *skb,
>> struct ifla_vf_vlan vf_vlan;
>> struct ifla_vf_rate vf_rate;
>> struct ifla_vf_mac vf_mac;
>> + struct ifla_vf_broadcast vf_broadcast;
>> struct ifla_vf_info ivi;
>>
>> memset(&ivi, 0, sizeof(ivi));
>> @@ -1231,6 +1233,7 @@ static noinline_for_stack int
>> rtnl_fill_vfinfo(struct sk_buff *skb,
>> vf_trust.vf = ivi.vf;
>>
>> memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac));
>> + memcpy(vf_broadcast.broadcast, dev->broadcast, dev->addr_len);
>> vf_vlan.vlan = ivi.vlan;
>> vf_vlan.qos = ivi.qos;
>> vf_vlan_info.vlan = ivi.vlan;
>> @@ -1247,6 +1250,7 @@ static noinline_for_stack int
>> rtnl_fill_vfinfo(struct sk_buff *skb,
>> if (!vf)
>> goto nla_put_vfinfo_failure;
>> if (nla_put(skb, IFLA_VF_MAC, sizeof(vf_mac), &vf_mac) ||
>> + nla_put(skb, IFLA_VF_BROADCAST, sizeof(vf_broadcast),
>> &vf_broadcast) ||
>> nla_put(skb, IFLA_VF_VLAN, sizeof(vf_vlan), &vf_vlan) ||
>> nla_put(skb, IFLA_VF_RATE, sizeof(vf_rate),
>> &vf_rate) ||
>> @@ -1753,6 +1757,7 @@ static const struct nla_policy
>> ifla_info_policy[IFLA_INFO_MAX+1] = {
>>
>> static const struct nla_policy ifla_vf_policy[IFLA_VF_MAX+1] = {
>> [IFLA_VF_MAC] = { .len = sizeof(struct ifla_vf_mac)
>> },
>> + [IFLA_VF_BROADCAST] = { .type = NLA_REJECT },
>> [IFLA_VF_VLAN] = { .len = sizeof(struct
>> ifla_vf_vlan) },
>> [IFLA_VF_VLAN_LIST] = { .type = NLA_NESTED },
>> [IFLA_VF_TX_RATE] = { .len = sizeof(struct ifla_vf_tx_rate) },
>
> --
> Doug Ledford <dledford@...hat.com>
> GPG KeyID: B826A3330E572FDD
> Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57
> 2FDD
>
--
Regards / Mit besten Grüßen,
Denis
Powered by blists - more mailing lists