| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f2a0eb8b-2238-4bd2-bc81-eb0284fea6c8@redhat.com>
Date: Sat, 23 Aug 2025 12:55:26 +0300
From: mohammad heib <mheib@...hat.com>
To: Przemek Kitszel <przemyslaw.kitszel@...el.com>,
Jiri Pirko <jiri@...nulli.us>
Cc: anthony.l.nguyen@...el.com, intel-wired-lan@...ts.osuosl.org,
netdev@...r.kernel.org, Jacob Keller <jacob.e.keller@...el.com>,
Simon Horman <horms@...nel.org>
Subject: Re: [PATCH net] i40e: add devlink param to control VF MAC address
limit
Hi,
Thank you for the review. All comments have been addressed in v2.
On 8/22/25 12:09 PM, Przemek Kitszel wrote:
> On 8/22/25 01:39, mheib@...hat.com wrote:
>> From: Mohammad Heib <mheib@...hat.com>
>>
>> This patch introduces a new devlink runtime parameter
>> to control whether the VF MAC filter limit feature is
>> enabled or disabled.
>>
>> When the parameter is set to non-zero, the driver enforces the per-VF
>> MAC
>> filter limit calculated from the number of allocated VFs and ports.
>> When the parameter is unset (zero), no limit is applied and behavior
>> remains as before commit cfb1d572c986
>> ("i40e: Add ensurance of MacVlan resources for every trusted VF").
>>
>> This implementation allows us to toggle the feature through devlink
>> while preserving old behavior. In the future, the parameter can be
>> extended to represent a configurable "max MACs per VF" value, but for
>> now it acts as a simple on/off switch.
>>
>> Example command to enable per-vf mac limit:
>> - devlink dev param set pci/0000:3b:00.0 name max_mac_per_vf \
>> value 1 \
>> cmode runtime
>>
>> Fixes: cfb1d572c986 ("i40e: Add ensurance of MacVlan resources for
>> every trusted VF")
>> Signed-off-by: Mohammad Heib <mheib@...hat.com>
>
> thank you for the patch, I have a few questions/objections
>
> 1. it git-conflicts with [1], please post your next revision based on
> Tony's (fixes) tree dev-queue branch [2]
>
> 2a. it is good practice to link to the previous discussions, and CC
> individuals involved (Jake, Simon)
>
> 2b. for changes that utilize given subsystem (devlink), you need to CC
> respective maintainers (Jiri)
>
> 3. it would really be better to treat not-zero values as strict limit
>
> 4. this idea is not limited to i40e, the parameter should be global
> (for all drivers to implement), as it seems generic enough
>
> 5. when someone will make a per-given-VF param, this one will not be
> deprecated but will still work as a cap (max) value. (Leaving it at
> zero will be ofc perfectly fine).
Sure, I would be happy to add this to other drivers. Currently, I’m not
aware of any other driver that has a per-VF MAC limit implemented.
If you know of any, please point me to them.
Otherwise, I will go through the drivers I’m working with and check
whether they have such a limit or not.
>
> [1]
> https://lore.kernel.org/intel-wired-lan/20250813104552.61027-9-przemyslaw.kitszel@intel.com/T/#mac68de249365b8c4fa83054592dd98f0f789fab4
>
> [2]
> https://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue.git/log/?h=dev-queue
>
>> ---
>> Documentation/networking/devlink/i40e.rst | 19 +++++++
>> drivers/net/ethernet/intel/i40e/i40e.h | 4 ++
>> .../net/ethernet/intel/i40e/i40e_devlink.c | 56 ++++++++++++++++++-
>> .../ethernet/intel/i40e/i40e_virtchnl_pf.c | 14 ++++-
>> 4 files changed, 89 insertions(+), 4 deletions(-)
>>
>
Thanks,
Powered by blists - more mailing lists