Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752900AbbBYHeV (ORCPT ); Wed, 25 Feb 2015 02:34:21 -0500 Received: from TYO201.gate.nec.co.jp ([210.143.35.51]:50277 "EHLO tyo201.gate.nec.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752571AbbBYHeS (ORCPT ); Wed, 25 Feb 2015 02:34:18 -0500 From: Hiroshi Shimamoto To: Jeff Kirsher CC: "e1000-devel@lists.sourceforge.net" , "netdev@vger.kernel.org" , "Choi, Sy Jong" , Hayato Momma , "linux-kernel@vger.kernel.org" Subject: RE: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case Thread-Topic: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case Thread-Index: Ac//G8Ebgt2hdo25TzufE5RPi0Crjv//+oUA/10InrCBRcWXgP//aA1w Date: Wed, 25 Feb 2015 07:33:43 +0000 Message-ID: <7F861DC0615E0C47A872E6F3C5FCDDBD05E41F4D@BPXM14GP.gisp.nec.co.jp> References: <7F861DC0615E0C47A872E6F3C5FCDDBD05D9D336@BPXM14GP.gisp.nec.co.jp> <1415898512.2454.26.camel@jtkirshe-mobl> <7F861DC0615E0C47A872E6F3C5FCDDBD05E3F3CE@BPXM14GP.gisp.nec.co.jp> <1424848839.2553.34.camel@jtkirshe-mobl> In-Reply-To: <1424848839.2553.34.camel@jtkirshe-mobl> Accept-Language: ja-JP, en-US Content-Language: ja-JP X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.205.5.123] Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id t1P7YVgP025106 Content-Length: 2363 Lines: 61 > On Wed, 2015-02-25 at 00:51 +0000, Hiroshi Shimamoto wrote: > > > Subject: Re: [E1000-devel] [PATCH] ixgbe: make VLAN filter > > conditional in SR-IOV case > > > > > > On Thu, 2014-11-13 at 08:28 +0000, Hiroshi Shimamoto wrote: > > > > From: Hiroshi Shimamoto > > > > > > > > Disable hardware VLAN filtering if netdev->features VLAN flag is > > > > dropped. > > > > > > > > In SR-IOV case, there is a use case which needs to disable VLAN > > > > filter. > > > > For example, we need to make a network function with VF in > > virtualized > > > > environment. That network function may be a software switch, a > > router > > > > or etc. It means that that network function will be an end point > > which > > > > terminates many VLANs. > > > > > > > > In the current implementation, VLAN filtering always be turned on > > and > > > > VF can receive only 63 VLANs. It means that only 63 VLANs can be > > used > > > > and it's not enough at all for building a virtual router. > > > > > > > > With this patch, if the user turns VLAN filtering off on the host, > > VF > > > > can receive every VLAN packet. > > > > The behavior is changed only if VLAN filtering is turned off by > > > > ethtool. > > > > > > > > Signed-off-by: Hiroshi Shimamoto > > > > CC: Choi, Sy Jong > > > > --- > > > > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 10 ++++++++++ > > > > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++++ > > > > 2 files changed, 14 insertions(+) > > > > > > Thanks Hiroshi, I will add your patch to my queue. > > > > How about this patch? > > It hasn't been in your tree,. > > Is there any issue? > > This patch was dropped for two reasons. First was Ben Hutchings issues > with the patch needed to be addressed. Second, was due to a possible > security hole which is why VLAN filtering was not disabled in SRIOV > mode, where isolation is lost between VMs. > > If you want to continue going forward with this change, a warning > message should be added, at least, warning the user of the possible > security issues. okay, I understand. I will submit a patch which has warning message. thanks, Hiroshi ????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m???? ????????I?