Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp807561rdb; Fri, 2 Feb 2024 04:54:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IHhGGZ3inbp6bhv2V8T14E9RpmgkzAng7LURGFQD4tP4eRmubtIj699ftYCiF56hysZMWMm X-Received: by 2002:a9d:7a5a:0:b0:6e0:e90a:4b7 with SMTP id z26-20020a9d7a5a000000b006e0e90a04b7mr8355223otm.28.1706878468358; Fri, 02 Feb 2024 04:54:28 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706878468; cv=pass; d=google.com; s=arc-20160816; b=ct2P1wy648WzJW0IxussJ80+CcJh7/6avTtkr/CJcVOTqxC347snuE6FBlRFHlEAEA Z2+RRlECp1z6lo7XeVnS9FF24pOj0O2sesChBIdFNKjzPtpudwaQBHVDHsLajcT3hRQv nGcZhSJfjkRojVnuqzm2/sULJWNg2DPFH97/MrRWR+WfK8mQDTxDpm0EyziDhxmW2naO UbROCUGun6aRa91HG86zG7m9GKdP6gNPDCnB2ELxCKvn9cEWeKFiwbkzdj7oVw0wPM2G B1I9o0uS5P8QdnZGwuh0h3dOchcR+Jmyt40YNqCfl1sDaSYRTjftLZOL8A6kmXxZccI4 wxGg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=TShIs5Ane12ECqcRVKkcZ19ytCPg1TapeO0RzlSBxmw=; fh=3WNov+kSiQD0hKVqNg/nxNepUei3eOTSEgRKe9rNdWE=; b=uUOumQvdlGmbaZ60d3sKEJlCLmb6wl1K8Sxqz6He+PkeuD0rgGDPIGNHoyvwtr9h0d JNBCeQGYNsj4/9eH84vN+eI8ep8pfy/iPBZzZ3xsUZ/udR8yWk9W4MVUVXktgo8OU6J5 Ngmj9eYi/7g4fZiHkJoZzmsdLeZucMi47Y5iSFb4m9XNXL2lCzaJDFRwgBFTJ/l3WV2p Lw27C1+1aShZEoXfGqph/ESyDPKBl28ZvkfMAfConoJ/96spWOyv0CPDleruVVVrcGdc 2BmaxsED0Q94BN4ytsf8Sz/0jZ9ULwvkm4czmeADSAPQj1LdgtFGfDe2UL7wyzRaIRz6 hSvA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Ijhod+4a; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-49853-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49853-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=1; AJvYcCXkWM7U8+OxVh5LdzQl9B85+60kXF3Tl0VS4FHzS2DhXEGU/Cp8Npw8bOIOYte7JeduOWPH+LOjH8jm/iGYIKSm6tJU6OERNfev0pfG/Q== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t4-20020a63b704000000b005cddfe0c82bsi1505991pgf.211.2024.02.02.04.54.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Feb 2024 04:54:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-49853-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Ijhod+4a; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-49853-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-49853-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id EA7E8294943 for ; Fri, 2 Feb 2024 12:43:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E67BB187A; Fri, 2 Feb 2024 12:43:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ijhod+4a" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 17C7C15CE; Fri, 2 Feb 2024 12:43:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706877790; cv=none; b=nWAS1179RH1tkmo3/le4y/xUZuUhD1k3P/IoYaQHdxPDfuD7N/5zErtII5OpenfyVx61Cii30M7g95b6bSzTKhozkUKaeVDk31KHyx39pwB2pPhHofh6i8sZ7yU/kKzNTn2AdmFMfWm76AemsHnZ+wNN/93yaLz5EUZ0jv+cT1Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706877790; c=relaxed/simple; bh=PxfcsiEDIy9Qq5Fj9DyY2bRtJKhBqY6xM3ALRlMwdZ4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Jxi5TJETlZGuO/RWiWBMMjCQAzIGll2zfWjCT2k8RTxvAzKB0gzFk/rvMsieDQ59wZnoW2KCzajPwFXiMaq083SP7zbogrXpbKJOG/82wUOcdAwloGF2R6dElx0+9c6JP8/MDT1SrN3Mm2/jwBkQCRpaGqTtCoRZVyajOXSwboI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ijhod+4a; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 60B85C433C7; Fri, 2 Feb 2024 12:43:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1706877789; bh=PxfcsiEDIy9Qq5Fj9DyY2bRtJKhBqY6xM3ALRlMwdZ4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ijhod+4a9Wm7Ak9rvxRN/3QoDdbZhfsYcuZEvIQQp9DPeaDFVc2+bazmthC1sBrbM nQfyFhyaMS/RgoPZULthADl2xhEe1YJ3RxJX4a5YqjKuEPuENcdEAogRCXjwhUKuig GxIFB7Wv5vCglxl2TmlUleC8CPFybvvHk4NO8y/kB9tVPTTPY2wWrWEA3QxOglNSZ3 ea4u26WP5CCBU0MQY/6AwgqnUWGR52FaxnjeTSRqo5ASYMFvSRLeImalC+jWNtw4C2 ZkCYwcsSqMy57sfl6NLDwjvyPQBdftP0vkYsiIugAl+osmKaF+xd8Q4GFnp4DvPRMf ZfMSQ4zS/mTEw== Date: Fri, 2 Feb 2024 13:43:04 +0100 From: Simon Horman To: Ivan Vecera Cc: netdev@vger.kernel.org, Jesse Brandeburg , Tony Nguyen , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Jeff Kirsher , Mitch Williams , Sylwester Dziedziuch , Mateusz Palczewski , "moderated list:INTEL ETHERNET DRIVERS" , open list Subject: Re: [PATCH net] i40e: Do not allow untrusted VF to remove administratively set MAC Message-ID: <20240202124304.GQ530335@kernel.org> References: <20240131131714.23497-1-ivecera@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240131131714.23497-1-ivecera@redhat.com> On Wed, Jan 31, 2024 at 02:17:14PM +0100, Ivan Vecera wrote: > Currently when PF administratively sets VF's MAC address and the VF > is put down (VF tries to delete all MACs) then the MAC is removed > from MAC filters and primary VF MAC is zeroed. > > Do not allow untrusted VF to remove primary MAC when it was set > administratively by PF. > > Reproducer: > 1) Create VF > 2) Set VF interface up > 3) Administratively set the VF's MAC > 4) Put VF interface down > > [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs > [root@host ~]# ip link set enp2s0f0v0 up > [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d > [root@host ~]# ip link show enp2s0f0 > 23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 > link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off > [root@host ~]# ip link set enp2s0f0v0 down > [root@host ~]# ip link show enp2s0f0 > 23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 > link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off > > Fixes: 700bbf6c1f9e ("i40e: allow VF to remove any MAC filter") > Fixes: ceb29474bbbc ("i40e: Add support for VF to specify its primary MAC address") > Signed-off-by: Ivan Vecera Thanks Ivan, Reviewed-by: Simon Horman