lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Feb 2023 09:24:56 +0000
From:   Martin Habets <habetsm.xilinx@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Jiri Pirko <jiri@...nulli.us>,
        "Lucero Palau, Alejandro" <alejandro.lucero-palau@....com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-net-drivers (AMD-Xilinx)" <linux-net-drivers@....com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "ecree.xilinx@...il.com" <ecree.xilinx@...il.com>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "corbet@....net" <corbet@....net>,
        "jiri@...dia.com" <jiri@...dia.com>
Subject: Re: [PATCH v4 net-next 1/8] sfc: add devlink support for ef100

On Wed, Feb 01, 2023 at 11:01:48AM -0800, Jakub Kicinski wrote:
> On Wed, 1 Feb 2023 10:07:33 +0100 Jiri Pirko wrote:
> > >This is due to the recommended/required devlink lock/unlock during 
> > >driver initialization/removal.
> > >
> > >I think it is better to keep the lock/unlock inside the specific driver 
> > >devlink code, and the functions naming reflects a time window when 
> > >devlink related/dependent processing is being done.
> > >
> > >I'm not against changing this, maybe adding the lock/unlock suffix would 
> > >be preferable?:
> > >
> > >int efx_probe_devlink_and_lock(struct efx_nic *efx);
> > >void efx_probe_devlink_unlock(struct efx_nic *efx);
> > >void efx_fini_devlink_lock(struct efx_nic *efx);
> > >void efx_fini_devlink_and_unlock(struct efx_nic *efx);  
> > 
> > Sounds better. Thanks!
> 
> FWIW I'd just take the devl lock in the main driver code.
> devlink should be viewed as a layer between bus and driver rather 
> than as another subsystem the driver registers with. Otherwise reloads
> and port creation get awkward.

I see it a bit differently. For me devlink is another subsystem, it even is
an optional subsystem.
At the moment we don't support devlink port for VFs. If needed we'll add that
at some point, but likely only for newer NICs.
Do you think vDPA and RDMA devices will ever register with devlink?
At the moment I don't see devlink port ever applying to our older hardware,
like our sfn8000 or X2 cards. I do think devlink info and other commands
could apply more generally.

There definitely is a need to evolve to another layer between bus and
devices, and devlink can be used to administer that. But that does not
imply the reverse, that all devices register as devlink devices.
For security we would want to limit some operations (such as port creation)
to specific devlink instance(s). For example, normally we would not want a
tennant VM to flash new firmware that applies to the whole NIC.
I hope this makes sense.

Martin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ