lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <IA3PR11MB898544F2B6A499A11B1CAE638F5DA@IA3PR11MB8985.namprd11.prod.outlook.com>
Date: Mon, 21 Jul 2025 09:42:37 +0000
From: "Romanowski, Rafal" <rafal.romanowski@...el.com>
To: Simon Horman <horms@...nel.org>, Jamie Bainbridge
	<jamie.bainbridge@...il.com>
CC: "Vecera, Ivan" <ivecera@...hat.com>, Brett Creeley
	<brett.creeley@....com>, "Kitszel, Przemyslaw"
	<przemyslaw.kitszel@...el.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, Andrew Lunn <andrew+netdev@...n.ch>, "Eric
 Dumazet" <edumazet@...gle.com>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>, "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>, "Jakub
 Kicinski" <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, "David S.
 Miller" <davem@...emloft.net>
Subject: RE: [Intel-wired-lan] [PATCH v2 net] i40e: When removing VF MAC
 filters, only check PF-set MAC

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of Simon
> Horman
> Sent: Wednesday, June 25, 2025 11:08 AM
> To: Jamie Bainbridge <jamie.bainbridge@...il.com>
> Cc: Vecera, Ivan <ivecera@...hat.com>; Brett Creeley
> <brett.creeley@....com>; Kitszel, Przemyslaw <przemyslaw.kitszel@...el.com>;
> linux-kernel@...r.kernel.org; Andrew Lunn <andrew+netdev@...n.ch>; Eric
> Dumazet <edumazet@...gle.com>; netdev@...r.kernel.org; Nguyen, Anthony L
> <anthony.l.nguyen@...el.com>; intel-wired-lan@...ts.osuosl.org; Jakub Kicinski
> <kuba@...nel.org>; Paolo Abeni <pabeni@...hat.com>; David S. Miller
> <davem@...emloft.net>
> Subject: Re: [Intel-wired-lan] [PATCH v2 net] i40e: When removing VF MAC
> filters, only check PF-set MAC
> 
> On Wed, Jun 25, 2025 at 09:29:18AM +1000, Jamie Bainbridge wrote:
> > When the PF is processing an Admin Queue message to delete a VF's MACs
> > from the MAC filter, we currently check if the PF set the MAC and if
> > the VF is trusted.
> >
> > This results in undesirable behaviour, where if a trusted VF with a
> > PF-set MAC sets itself down (which sends an AQ message to delete the
> > VF's MAC filters) then the VF MAC is erased from the interface.
> >
> > This results in the VF losing its PF-set MAC which should not happen.
> >
> > There is no need to check for trust at all, because an untrusted VF
> > cannot change its own MAC. The only check needed is whether the PF set
> > the MAC. If the PF set the MAC, then don't erase the MAC on link-down.
> >
> > Resolve this by changing the deletion check only for PF-set MAC.
> >
> > (the out-of-tree driver has also intentionally removed the check for
> > VF trust here with OOT driver version 2.26.8, this changes the Linux
> > kernel driver behaviour and comment to match the OOT driver behaviour)
> >
> > Fixes: ea2a1cfc3b201 ("i40e: Fix VF MAC filter removal")
> > Signed-off-by: Jamie Bainbridge <jamie.bainbridge@...il.com>
> > ---
> > v2: Reword commit message as suggested by Simon Horman.
> 
> Thanks for the update.
> 
> Reviewed-by: Simon Horman <horms@...nel.org>


Tested-by: Rafal Romanowski <rafal.romanowski@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ