Re: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case

From: Jeff Kirsher
Date: Wed Feb 25 2015 - 02:20:46 EST

Next message: Lee Jones: "Re: [RESEND PATCH v2 7/9] mfd: rtsx: add support for rts524A"
Previous message: Lee Jones: "Re: [PATCH v6 3/6] mfd: ti_am335x_tscadc: Remove unwanted reg_se_cache save"
In reply to: Hiroshi Shimamoto: "RE: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case"
Next in thread: Hiroshi Shimamoto: "RE: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2015-02-25 at 00:51 +0000, Hiroshi Shimamoto wrote:
> > Subject: Re: [E1000-devel] [PATCH] ixgbe: make VLAN filter
> conditional in SR-IOV case
> >
> > On Thu, 2014-11-13 at 08:28 +0000, Hiroshi Shimamoto wrote:
> > > From: Hiroshi Shimamoto <h-shimamoto@xxxxxxxxxxxxx>
> > >
> > > Disable hardware VLAN filtering if netdev->features VLAN flag is
> > > dropped.
> > >
> > > In SR-IOV case, there is a use case which needs to disable VLAN
> > > filter.
> > > For example, we need to make a network function with VF in
> virtualized
> > > environment. That network function may be a software switch, a
> router
> > > or etc. It means that that network function will be an end point
> which
> > > terminates many VLANs.
> > >
> > > In the current implementation, VLAN filtering always be turned on
> and
> > > VF can receive only 63 VLANs. It means that only 63 VLANs can be
> used
> > > and it's not enough at all for building a virtual router.
> > >
> > > With this patch, if the user turns VLAN filtering off on the host,
> VF
> > > can receive every VLAN packet.
> > > The behavior is changed only if VLAN filtering is turned off by
> > > ethtool.
> > >
> > > Signed-off-by: Hiroshi Shimamoto <h-shimamoto@xxxxxxxxxxxxx>
> > > CC: Choi, Sy Jong <sy.jong.choi@xxxxxxxxx>
> > > ---
> > > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 10 ++++++++++
> > > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++++
> > > 2 files changed, 14 insertions(+)
> >
> > Thanks Hiroshi, I will add your patch to my queue.
>
> How about this patch?
> It hasn't been in your tree,.
> Is there any issue?

This patch was dropped for two reasons. First was Ben Hutchings issues
with the patch needed to be addressed. Second, was due to a possible
security hole which is why VLAN filtering was not disabled in SRIOV
mode, where isolation is lost between VMs.

If you want to continue going forward with this change, a warning
message should be added, at least, warning the user of the possible
security issues.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Lee Jones: "Re: [RESEND PATCH v2 7/9] mfd: rtsx: add support for rts524A"
Previous message: Lee Jones: "Re: [PATCH v6 3/6] mfd: ti_am335x_tscadc: Remove unwanted reg_se_cache save"
In reply to: Hiroshi Shimamoto: "RE: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case"
Next in thread: Hiroshi Shimamoto: "RE: [E1000-devel] [PATCH] ixgbe: make VLAN filter conditional in SR-IOV case"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]