git.baikalelectronics.ru Git - kernel.git/commit

author	Manish Chopra <manishc@marvell.com>
	Wed, 2 Mar 2022 10:52:22 +0000 (02:52 -0800)
committer	David S. Miller <davem@davemloft.net>
	Thu, 3 Mar 2022 10:26:20 +0000 (10:26 +0000)
commit	fbabcc18f3228d3b807ec8e8edfbab1458e9963a
tree	be7431fc7ac5a3771b8adbee74b20c58baf79512	tree \| snapshot
parent	c8c04fba4603d60949d29c121cdbf2d0a4ac4fcd	commit \| diff

qed: validate and restrict untrusted VFs vlan promisc mode

Today when VFs are put in promiscuous mode, they can request PF
to configure device for them to receive all VLANs traffic regardless
of what vlan is configured by the PF (via ip link) and PF allows this
config request regardless of whether VF is trusted or not.

From security POV, when VLAN is configured for VF through PF (via ip link),
honour such config requests from VF only when they are configured to be
trusted, otherwise restrict such VFs vlan promisc mode config.

Cc: stable@vger.kernel.org
Fixes: 20d0ca8374b0 ("qed*: Add support for ndo_set_vf_trust")
Signed-off-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/ethernet/qlogic/qed/qed_sriov.c		diff \| blob \| history
drivers/net/ethernet/qlogic/qed/qed_sriov.h		diff \| blob \| history