Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection... | netdev

[PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Vlad Zolotarov <hidden> · 2015-01-05
[PATCH net-next v3 1/5] ixgbe: Add a RETA query command to VF-PF channel API · Vlad Zolotarov <hidden> · 2015-01-05
[PATCH net-next v3 2/5] ixgbevf: Add a RETA query code · Vlad Zolotarov <hidden> · 2015-01-05
[PATCH net-next v3 3/5] ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set · Vlad Zolotarov <hidden> · 2015-01-05
[PATCH net-next v3 4/5] ixgbevf: Add RSS Key query code · Vlad Zolotarov <hidden> · 2015-01-05
[PATCH net-next v3 5/5] ixgbevf: Add the appropriate ethtool ops to query RSS indirection table and key · Vlad Zolotarov <hidden> · 2015-01-05
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Vlad Zolotarov <hidden> · 2015-01-05
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Greg Rose <hidden> · 2015-01-05
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Gleb Natapov <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Vlad Zolotarov <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Greg Rose <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Vlad Zolotarov <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Greg Rose <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Vlad Zolotarov <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Greg Rose <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Gleb Natapov <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Greg Rose <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Gleb Natapov <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Eric Dumazet <hidden> · 2015-01-06
Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key · Gleb Natapov <hidden> · 2015-01-06

Re: [PATCH net-next v3 0/5]: ixgbevf: Allow querying VFs RSS indirection table and key

From: Greg Rose <hidden>
Date: 2015-01-06 18:31:00

On Tue, Jan 6, 2015 at 10:04 AM, Gleb Natapov [off-list ref] wrote:

On Tue, Jan 06, 2015 at 08:59:41AM -0800, Greg Rose wrote:

quoted

On Tue, Jan 6, 2015 at 2:58 AM, Vlad Zolotarov
[off-list ref] wrote:

quoted


I agree with Gleb here: when we started with just thinking about the idea of
this patch the possible security issue was the first thing that came into
our minds.
But eventually we couldn't come up with any security risk or attack example
that is exclusively caused by the fact that VF knows the indirection table
and/or RSS hash key of the PF.

So, Greg, if we have missed anything and your have such an example could you
share it here, please?

I don't have any examples and that is not my area of expertise.  But
just because we can't think of a security risk or attack example
doesn't mean there isn't one.

Is RSS hash security feature at all? Against what kind of attack? It
looks like some drivers (igb among them) use non random value for the key.

I don't believe RSS hashing itself is a security feature - I don't
know that sharing the RSS info with a VF is a security risk.  I'm just
asking that we preserve default behavior to avoid the possibility.

quoted

Just add a policy hook so that the system admin can decide whether
this information should be shared with the VFs and then we're covered
for cases of both known and unknown exploits, risks, etc.

Default off means that it will stay that way for most installations and
information will not be available for "cloud" users. It is hard to get
proper support on public cloud for less trivial issues than changing
host HW configuration.

Someone in the host is configuring the VF HW to begin with.  Someone
had to create the VFs in the first place so I presume they could set
the policy for this feature as well at the same time.  To return to an
example I provided to Vlad - anti-spoof checking is on by default but
we allow system admins to turn it off so that other features, such as
bonding, can be used.  I just want to preserve current behavior while
allowing the feature you want to add to be available for those who
want it.

If Dave and the rest of community feel that there is no risk to these
patches and that they should be applied then I'll go away and shut up
about it.  But for now I'm just approaching this from a "better safe
than sorry" viewpoint.

Thanks,

- Greg

--
                        Gleb.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help