From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ktraynor@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 1566D1B92C
 for <dev@dpdk.org>; Fri, 11 Jan 2019 10:34:34 +0100 (CET)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 5FB9C8AE6E;
 Fri, 11 Jan 2019 09:34:33 +0000 (UTC)
Received: from ktraynor.remote.csb (ovpn-117-163.ams2.redhat.com
 [10.36.117.163])
 by smtp.corp.redhat.com (Postfix) with ESMTP id C1E7E1714B;
 Fri, 11 Jan 2019 09:34:31 +0000 (UTC)
To: "Varghese, Vipin" <vipin.varghese@intel.com>,
 "Wang, Haiyue" <haiyue.wang@intel.com>, "dev@dpdk.org" <dev@dpdk.org>,
 "Zhang, Qi Z" <qi.z.zhang@intel.com>
References: <1547122051-26931-1-git-send-email-haiyue.wang@intel.com>
 <92f8ceb0-171d-f122-ad16-35eba3e9f979@redhat.com>
 <4C9E0AB70F954A408CC4ADDBF0F8FA7D4D2EFBDB@BGSMSX101.gar.corp.intel.com>
From: Kevin Traynor <ktraynor@redhat.com>
Organization: Red Hat
Message-ID: <eeb93403-1e69-763e-9b40-0868cfc18da4@redhat.com>
Date: Fri, 11 Jan 2019 09:34:30 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <4C9E0AB70F954A408CC4ADDBF0F8FA7D4D2EFBDB@BGSMSX101.gar.corp.intel.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.25]); Fri, 11 Jan 2019 09:34:33 +0000 (UTC)
Subject: Re: [dpdk-dev] [PATCH v1] net/i40e: perform basic validation on the
 VF messages
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jan 2019 09:34:34 -0000

On 01/11/2019 02:53 AM, Varghese, Vipin wrote:
> Hi Kevin,
> 
> A question, since the patch is fixing issue for 'i40e vf'  should not the sections for 'known limitations' or 'i40e PMD' be updated too?
> 

Hi Vipin, I don't think so, but it's a question for i40e maintainer.

Kevin.


> Thanks
> Vipin Varghese
> 
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Kevin Traynor
>> Sent: Thursday, January 10, 2019 11:18 PM
>> To: Wang, Haiyue <haiyue.wang@intel.com>; dev@dpdk.org; Zhang, Qi Z
>> <qi.z.zhang@intel.com>
>> Subject: Re: [dpdk-dev] [PATCH v1] net/i40e: perform basic validation on the
>> VF messages
>>
>> On 01/10/2019 12:07 PM, Haiyue Wang wrote:
>>> Do the VF message basic validation such as OPCODE message length
>>> check, some special OPCODE message format check, to protect the i40e
>>> PMD from malicious VF message attack.
>>>
>>> Fixes: 4861cde46116 ("i40e: new poll mode driver")
>>>
>>
>> Missing Cc: stable@dpdk.org ? or there is some reason not to backport?
>>
>>> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
>>> ---
>>>  drivers/net/i40e/i40e_pf.c | 25 +++++++++++++++++++++++++
>>>  1 file changed, 25 insertions(+)
>>>
>>> diff --git a/drivers/net/i40e/i40e_pf.c b/drivers/net/i40e/i40e_pf.c
>>> index 092e0d3..d6e83e3 100644
>>> --- a/drivers/net/i40e/i40e_pf.c
>>> +++ b/drivers/net/i40e/i40e_pf.c
>>> @@ -1295,6 +1295,7 @@
>>>  	uint16_t vf_id = abs_vf_id - hw->func_caps.vf_base_id;
>>>  	struct rte_pmd_i40e_mb_event_param ret_param;
>>>  	bool b_op = TRUE;
>>> +	int ret;
>>>
>>>  	if (vf_id > pf->vf_num - 1 || !pf->vfs) {
>>>  		PMD_DRV_LOG(ERR, "invalid argument"); @@ -1309,6
>> +1310,30 @@
>>>  		return;
>>>  	}
>>>
>>> +	/* perform basic checks on the msg */
>>> +	ret = virtchnl_vc_validate_vf_msg(&vf->version, opcode, msg,
>>> +msglen);
>>> +
>>> +	/* perform additional checks specific to this driver */
>>> +	if (opcode == VIRTCHNL_OP_CONFIG_RSS_KEY) {
>>> +		struct virtchnl_rss_key *vrk = (struct virtchnl_rss_key *)msg;
>>> +
>>> +		if (vrk->key_len != ((I40E_PFQF_HKEY_MAX_INDEX + 1) * 4))
>>> +			ret = VIRTCHNL_ERR_PARAM;
>>> +	} else if (opcode == VIRTCHNL_OP_CONFIG_RSS_LUT) {
>>> +		struct virtchnl_rss_lut *vrl = (struct virtchnl_rss_lut *)msg;
>>> +
>>> +		if (vrl->lut_entries != ((I40E_VFQF_HLUT1_MAX_INDEX + 1) *
>> 4))
>>> +			ret = VIRTCHNL_ERR_PARAM;
>>> +	}
>>> +
>>> +	if (ret) {
>>> +		PMD_DRV_LOG(ERR, "Invalid message from VF %u, opcode
>> %u, len %u",
>>> +			    vf_id, opcode, msglen);
>>> +		i40e_pf_host_send_msg_to_vf(vf, opcode,
>>> +					    I40E_ERR_PARAM, NULL, 0);
>>> +		return;
>>> +	}
>>> +
>>>  	/**
>>>  	 * initialise structure to send to user application
>>>  	 * will return response from user in retval field
>>>
>