-----Original Message----- From: Intel-wired-lan intel-wired-lan-bounces@osuosl.org On Behalf Of Wojciech Drewek Sent: Monday, June 17, 2024 3:00 PM To: Zaki, Ahmed ahmed.zaki@intel.com; intel-wired-lan@lists.osuosl.org Cc: Kitszel, Przemyslaw przemyslaw.kitszel@intel.com; stable@vger.kernel.org; Samudrala, Sridhar sridhar.samudrala@intel.com Subject: Re: [Intel-wired-lan] [PATCH iwl-next] ice: Add a per-VF limit on number of FDIR filters
On 14.06.2024 15:18, Ahmed Zaki wrote:
While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs.
Add a similar limit in ice.
CC: stable@vger.kernel.org Reviewed-by: Przemek Kitszel przemyslaw.kitszel@intel.com Suggested-by: Sridhar Samudrala sridhar.samudrala@intel.com Signed-off-by: Ahmed Zaki ahmed.zaki@intel.com
Reviewed-by: Wojciech Drewek wojciech.drewek@intel.com
.../net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 +++ .../net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 ++++++++++++++++ .../net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + 4 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c index e3cab8e98f52..5412eff8ef23 100644 --- a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c +++ b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c @@ -534,7 +534,7 @@ ice_parse_rx_flow_user_data(struct
Tested-by: Rafal Romanowski rafal.romanowski@intel.com