From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754139AbbAVJvZ (ORCPT ); Thu, 22 Jan 2015 04:51:25 -0500 Received: from smtp-out4.electric.net ([192.162.216.183]:55603 "EHLO smtp-out4.electric.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751904AbbAVJvH (ORCPT ); Thu, 22 Jan 2015 04:51:07 -0500 From: David Laight To: "'Skidmore, Donald C'" , Hiroshi Shimamoto , =?utf-8?B?QmrDuHJuIE1vcms=?= CC: "e1000-devel@lists.sourceforge.net" , "netdev@vger.kernel.org" , "Choi, Sy Jong" , "linux-kernel@vger.kernel.org" , Hayato Momma Subject: RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous mode control Thread-Topic: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous mode control Thread-Index: AQHQNRDn9S7pwXLQtk+h+o1qNyzJQpzJuLsg//955YCAATlDQIAAC34ggAADy1CAAIwkgIAA336g Date: Thu, 22 Jan 2015 09:50:00 +0000 Message-ID: <063D6719AE5E284EB5DD2968C1650D6D1CAD0C8A@AcuExch.aculab.com> References: <7F861DC0615E0C47A872E6F3C5FCDDBD05E0734E@BPXM14GP.gisp.nec.co.jp> <874mrlu18e.fsf@nemi.mork.no> <7F861DC0615E0C47A872E6F3C5FCDDBD05E07B7C@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05E07F09@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05E08FF6@BPXM14GP.gisp.nec.co.jp> <063D6719AE5E284EB5DD2968C1650D6D1CAD01D6@AcuExch.aculab.com> <7F861DC0615E0C47A872E6F3C5FCDDBD05E090FE@BPXM14GP.gisp.nec.co.jp> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.202.99.200] Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 X-Outbound-IP: 213.249.233.130 X-Env-From: David.Laight@ACULAB.COM X-PolicySMART: 3396946, 3397078 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id t0M9pTmn025971 From: Skidmore, Donald C > > > From: Hiroshi Shimamoto > > > > My concern is what is the real issue that VF multicast promiscuous mode > > can cause. > > > > I think there is the 4k entries to filter multicast address, and the > > > > current ixgbe/ixgbevf can turn all bits on from VM. That is almost same as > > enabling multicast promiscuous mode. > > > > I mean that we can receive all multicast addresses by an onerous > > operation in untrusted VM. > > > > I think we should clarify what is real security issue in this context. > > > > > > If you are worried about passing un-enabled multicasts to users then > > > what about doing a software hash of received multicasts and checking > > > against an actual list of multicasts enabled for that hash entry. > > > Under normal conditions there is likely to be only a single address to check. > > > > > > It may (or may not) be best to use the same hash as any hashing > > > hardware filter uses. > > > > thanks for the comment. But I don't think that is the point. > > > > I guess, introducing VF multicast promiscuous mode seems to add new > > privilege to peek every multicast packet in VM and that doesn't look good. > > On the other hand, I think that there has been the same privilege in the > > current ixgbe/ixgbevf implementation already. Or I'm reading the code > > wrongly. > > I'd like to clarify what is the issue of allowing to receive all multicast packets. > > Allowing a VM to give itself the privilege of seeing every multicast packet > could be seen as a hole in VM isolation. > Now if the host system allows this policy I don't see this as an issue as > someone specifically allowed this to happen and then must not be concerned. > We could even log that it has occurred, which I believe your patch did do. > The issue is also further muddied, as you mentioned above, since some of > these multicast packets are leaking anyway (the HW currently uses a 12 bit mask). > It's just that this change would greatly enlarge that hole from a fraction to > all multicast packets. Why does it have anything to do with VM isolation? Isn't is just the same as if the VM were connected directly to the ethernet cable? David {.n++%ݶw{.n+{G{ayʇڙ,jfhz_(階ݢj"mG?&~iOzv^m ?I From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Laight Subject: RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous mode control Date: Thu, 22 Jan 2015 09:50:00 +0000 Message-ID: <063D6719AE5E284EB5DD2968C1650D6D1CAD0C8A@AcuExch.aculab.com> References: <7F861DC0615E0C47A872E6F3C5FCDDBD05E0734E@BPXM14GP.gisp.nec.co.jp> <874mrlu18e.fsf@nemi.mork.no> <7F861DC0615E0C47A872E6F3C5FCDDBD05E07B7C@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05E07F09@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05E08FF6@BPXM14GP.gisp.nec.co.jp> <063D6719AE5E284EB5DD2968C1650D6D1CAD01D6@AcuExch.aculab.com> <7F861DC0615E0C47A872E6F3C5FCDDBD05E090FE@BPXM14GP.gisp.nec.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Cc: "e1000-devel@lists.sourceforge.net" , "netdev@vger.kernel.org" , "Choi, Sy Jong" , "linux-kernel@vger.kernel.org" , Hayato Momma To: "'Skidmore, Donald C'" , Hiroshi Shimamoto , =?utf-8?B?QmrDuHJuIE1vcms=?= Return-path: In-Reply-To: Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org RnJvbTogU2tpZG1vcmUsIERvbmFsZCBDIA0KPiA+ID4gRnJvbTogSGlyb3NoaSBTaGltYW1vdG8N Cj4gPiA+ID4gTXkgY29uY2VybiBpcyB3aGF0IGlzIHRoZSByZWFsIGlzc3VlIHRoYXQgVkYgbXVs dGljYXN0IHByb21pc2N1b3VzIG1vZGUNCj4gPiBjYW4gY2F1c2UuDQo+ID4gPiA+IEkgdGhpbmsg dGhlcmUgaXMgdGhlIDRrIGVudHJpZXMgdG8gZmlsdGVyIG11bHRpY2FzdCBhZGRyZXNzLCBhbmQg dGhlDQo+ID4gPiA+IGN1cnJlbnQgaXhnYmUvaXhnYmV2ZiBjYW4gdHVybiBhbGwgYml0cyBvbiBm cm9tIFZNLiBUaGF0IGlzIGFsbW9zdCBzYW1lIGFzDQo+ID4gZW5hYmxpbmcgbXVsdGljYXN0IHBy b21pc2N1b3VzIG1vZGUuDQo+ID4gPiA+IEkgbWVhbiB0aGF0IHdlIGNhbiByZWNlaXZlIGFsbCBt dWx0aWNhc3QgYWRkcmVzc2VzIGJ5IGFuIG9uZXJvdXMNCj4gPiBvcGVyYXRpb24gaW4gdW50cnVz dGVkIFZNLg0KPiA+ID4gPiBJIHRoaW5rIHdlIHNob3VsZCBjbGFyaWZ5IHdoYXQgaXMgcmVhbCBz ZWN1cml0eSBpc3N1ZSBpbiB0aGlzIGNvbnRleHQuDQo+ID4gPg0KPiA+ID4gSWYgeW91IGFyZSB3 b3JyaWVkIGFib3V0IHBhc3NpbmcgdW4tZW5hYmxlZCBtdWx0aWNhc3RzIHRvIHVzZXJzIHRoZW4N Cj4gPiA+IHdoYXQgYWJvdXQgZG9pbmcgYSBzb2Z0d2FyZSBoYXNoIG9mIHJlY2VpdmVkIG11bHRp Y2FzdHMgYW5kIGNoZWNraW5nDQo+ID4gPiBhZ2FpbnN0IGFuIGFjdHVhbCBsaXN0IG9mIG11bHRp Y2FzdHMgZW5hYmxlZCBmb3IgdGhhdCBoYXNoIGVudHJ5Lg0KPiA+ID4gVW5kZXIgbm9ybWFsIGNv bmRpdGlvbnMgdGhlcmUgaXMgbGlrZWx5IHRvIGJlIG9ubHkgYSBzaW5nbGUgYWRkcmVzcyB0byBj aGVjay4NCj4gPiA+DQo+ID4gPiBJdCBtYXkgKG9yIG1heSBub3QpIGJlIGJlc3QgdG8gdXNlIHRo ZSBzYW1lIGhhc2ggYXMgYW55IGhhc2hpbmcNCj4gPiA+IGhhcmR3YXJlIGZpbHRlciB1c2VzLg0K PiA+DQo+ID4gdGhhbmtzIGZvciB0aGUgY29tbWVudC4gQnV0IEkgZG9uJ3QgdGhpbmsgdGhhdCBp cyB0aGUgcG9pbnQuDQo+ID4NCj4gPiBJIGd1ZXNzLCBpbnRyb2R1Y2luZyBWRiBtdWx0aWNhc3Qg cHJvbWlzY3VvdXMgbW9kZSBzZWVtcyB0byBhZGQgbmV3DQo+ID4gcHJpdmlsZWdlIHRvIHBlZWsg ZXZlcnkgbXVsdGljYXN0IHBhY2tldCBpbiBWTSBhbmQgdGhhdCBkb2Vzbid0IGxvb2sgZ29vZC4N Cj4gPiBPbiB0aGUgb3RoZXIgaGFuZCwgSSB0aGluayB0aGF0IHRoZXJlIGhhcyBiZWVuIHRoZSBz YW1lIHByaXZpbGVnZSBpbiB0aGUNCj4gPiBjdXJyZW50IGl4Z2JlL2l4Z2JldmYgaW1wbGVtZW50 YXRpb24gYWxyZWFkeS4gT3IgSSdtIHJlYWRpbmcgdGhlIGNvZGUNCj4gPiB3cm9uZ2x5Lg0KPiA+ IEknZCBsaWtlIHRvIGNsYXJpZnkgd2hhdCBpcyB0aGUgaXNzdWUgb2YgYWxsb3dpbmcgdG8gcmVj ZWl2ZSBhbGwgbXVsdGljYXN0IHBhY2tldHMuDQo+IA0KPiBBbGxvd2luZyBhIFZNIHRvIGdpdmUg aXRzZWxmIHRoZSBwcml2aWxlZ2Ugb2Ygc2VlaW5nIGV2ZXJ5IG11bHRpY2FzdCBwYWNrZXQNCj4g Y291bGQgYmUgc2VlbiBhcyBhIGhvbGUgaW4gVk0gaXNvbGF0aW9uLg0KPiBOb3cgaWYgdGhlIGhv c3Qgc3lzdGVtIGFsbG93cyB0aGlzIHBvbGljeSBJIGRvbid0IHNlZSB0aGlzIGFzIGFuIGlzc3Vl IGFzDQo+IHNvbWVvbmUgc3BlY2lmaWNhbGx5IGFsbG93ZWQgdGhpcyB0byBoYXBwZW4gYW5kIHRo ZW4gbXVzdCBub3QgYmUgY29uY2VybmVkLg0KPiBXZSBjb3VsZCBldmVuIGxvZyB0aGF0IGl0IGhh cyBvY2N1cnJlZCwgd2hpY2ggSSBiZWxpZXZlIHlvdXIgcGF0Y2ggZGlkIGRvLg0KPiBUaGUgaXNz dWUgaXMgYWxzbyBmdXJ0aGVyIG11ZGRpZWQsIGFzIHlvdSBtZW50aW9uZWQgYWJvdmUsIHNpbmNl IHNvbWUgb2YNCj4gdGhlc2UgbXVsdGljYXN0IHBhY2tldHMgYXJlIGxlYWtpbmcgYW55d2F5ICh0 aGUgSFcgY3VycmVudGx5IHVzZXMgYSAxMiBiaXQgbWFzaykuDQo+IEl0J3MganVzdCB0aGF0IHRo aXMgY2hhbmdlIHdvdWxkIGdyZWF0bHkgZW5sYXJnZSB0aGF0IGhvbGUgZnJvbSBhIGZyYWN0aW9u IHRvDQo+IGFsbCBtdWx0aWNhc3QgcGFja2V0cy4NCg0KV2h5IGRvZXMgaXQgaGF2ZSBhbnl0aGlu ZyB0byBkbyB3aXRoIFZNIGlzb2xhdGlvbj8NCklzbid0IGlzIGp1c3QgdGhlIHNhbWUgYXMgaWYg dGhlIFZNIHdlcmUgY29ubmVjdGVkIGRpcmVjdGx5IHRvIHRoZQ0KZXRoZXJuZXQgY2FibGU/DQoN CglEYXZpZA0KDQo=