Re: [dpdk-dev] [PATCH v1] net/i40e: perform basic validation on the VF messages

Fri, 11 Jan 2019 01:35:11 -0800 

On 01/11/2019 02:53 AM, Varghese, Vipin wrote:
> Hi Kevin,
> 
> A question, since the patch is fixing issue for 'i40e vf'  should not the 
> sections for 'known limitations' or 'i40e PMD' be updated too?
> 

Hi Vipin, I don't think so, but it's a question for i40e maintainer.

Kevin.


> Thanks
> Vipin Varghese
> 
>> -----Original Message-----
>> From: dev <dev-boun...@dpdk.org> On Behalf Of Kevin Traynor
>> Sent: Thursday, January 10, 2019 11:18 PM
>> To: Wang, Haiyue <haiyue.w...@intel.com>; dev@dpdk.org; Zhang, Qi Z
>> <qi.z.zh...@intel.com>
>> Subject: Re: [dpdk-dev] [PATCH v1] net/i40e: perform basic validation on the
>> VF messages
>>
>> On 01/10/2019 12:07 PM, Haiyue Wang wrote:
>>> Do the VF message basic validation such as OPCODE message length
>>> check, some special OPCODE message format check, to protect the i40e
>>> PMD from malicious VF message attack.
>>>
>>> Fixes: 4861cde46116 ("i40e: new poll mode driver")
>>>
>>
>> Missing Cc: sta...@dpdk.org ? or there is some reason not to backport?
>>
>>> Signed-off-by: Haiyue Wang <haiyue.w...@intel.com>
>>> ---
>>>  drivers/net/i40e/i40e_pf.c | 25 +++++++++++++++++++++++++
>>>  1 file changed, 25 insertions(+)
>>>
>>> diff --git a/drivers/net/i40e/i40e_pf.c b/drivers/net/i40e/i40e_pf.c
>>> index 092e0d3..d6e83e3 100644
>>> --- a/drivers/net/i40e/i40e_pf.c
>>> +++ b/drivers/net/i40e/i40e_pf.c
>>> @@ -1295,6 +1295,7 @@
>>>     uint16_t vf_id = abs_vf_id - hw->func_caps.vf_base_id;
>>>     struct rte_pmd_i40e_mb_event_param ret_param;
>>>     bool b_op = TRUE;
>>> +   int ret;
>>>
>>>     if (vf_id > pf->vf_num - 1 || !pf->vfs) {
>>>             PMD_DRV_LOG(ERR, "invalid argument"); @@ -1309,6
>> +1310,30 @@
>>>             return;
>>>     }
>>>
>>> +   /* perform basic checks on the msg */
>>> +   ret = virtchnl_vc_validate_vf_msg(&vf->version, opcode, msg,
>>> +msglen);
>>> +
>>> +   /* perform additional checks specific to this driver */
>>> +   if (opcode == VIRTCHNL_OP_CONFIG_RSS_KEY) {
>>> +           struct virtchnl_rss_key *vrk = (struct virtchnl_rss_key *)msg;
>>> +
>>> +           if (vrk->key_len != ((I40E_PFQF_HKEY_MAX_INDEX + 1) * 4))
>>> +                   ret = VIRTCHNL_ERR_PARAM;
>>> +   } else if (opcode == VIRTCHNL_OP_CONFIG_RSS_LUT) {
>>> +           struct virtchnl_rss_lut *vrl = (struct virtchnl_rss_lut *)msg;
>>> +
>>> +           if (vrl->lut_entries != ((I40E_VFQF_HLUT1_MAX_INDEX + 1) *
>> 4))
>>> +                   ret = VIRTCHNL_ERR_PARAM;
>>> +   }
>>> +
>>> +   if (ret) {
>>> +           PMD_DRV_LOG(ERR, "Invalid message from VF %u, opcode
>> %u, len %u",
>>> +                       vf_id, opcode, msglen);
>>> +           i40e_pf_host_send_msg_to_vf(vf, opcode,
>>> +                                       I40E_ERR_PARAM, NULL, 0);
>>> +           return;
>>> +   }
>>> +
>>>     /**
>>>      * initialise structure to send to user application
>>>      * will return response from user in retval field
>>>
>

Reply via email to