Hello Jason,
+-- On Fri, 11 Dec 2015, Jason Wang wrote --+
| I think it's possible for attacker. Better wait for Dmitry's answer for
| this.
Okay.
| > + /* Verify if device is active */
| > + if (s->device_active) {
| > + VMW_CFPRN("Vmxnet3 device is active");
| > + return;
| > + }
|
| What if guest want to activate a paused device?
There is a 'resume' operation defined below.
| > case VMXNET3_CMD_QUIESCE_DEV:
| > - VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
| > - vmxnet3_deactivate_device(s);
| > + if (s->device_active & VMXNET3_DEV_ACTIVE) {
| > + VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
| > + vmxnet3_pause_device(s);
| > + } else if (s->device_active & VMXNET3_DEV_PAUSE) {
| > + VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - resume the device");
| > + vmxnet3_resume_device(s);
| > + }
|
| Not sure this is the correct behavior. Is there a link to the spec?
I couldn't find a spec for vmxnet3; I referred the vmxnet3 kernel driver,
which seems to implement suspend & resume functions.
->
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/vmxnet3/vmxnet3_drv.c
In general, Ethernet documents talk about 'pause' frame mechanism to stop NIC
from buffering more data, till it has space available to process more, when it
resumes its operation.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
