GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/604217/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 604217,
    "url": "http://patchwork.ozlabs.org/api/patches/604217/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/1459443150-3461-1-git-send-email-jacob.e.keller@intel.com/",
    "project": {
        "id": 46,
        "url": "http://patchwork.ozlabs.org/api/projects/46/?format=api",
        "name": "Intel Wired Ethernet development",
        "link_name": "intel-wired-lan",
        "list_id": "intel-wired-lan.osuosl.org",
        "list_email": "intel-wired-lan@osuosl.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1459443150-3461-1-git-send-email-jacob.e.keller@intel.com>",
    "list_archive_url": null,
    "date": "2016-03-31T16:52:30",
    "name": "[net] fm10k: fix multi-bit VLAN update requests from VF",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": false,
    "hash": "9046c0611bd4a0058d200badbe6fcefa2d6583ff",
    "submitter": {
        "id": 9784,
        "url": "http://patchwork.ozlabs.org/api/people/9784/?format=api",
        "name": "Jacob Keller",
        "email": "jacob.e.keller@intel.com"
    },
    "delegate": {
        "id": 68,
        "url": "http://patchwork.ozlabs.org/api/users/68/?format=api",
        "username": "jtkirshe",
        "first_name": "Jeff",
        "last_name": "Kirsher",
        "email": "jeffrey.t.kirsher@intel.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/1459443150-3461-1-git-send-email-jacob.e.keller@intel.com/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/patches/604217/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/604217/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<intel-wired-lan-bounces@lists.osuosl.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "intel-wired-lan@lists.osuosl.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@bilbo.ozlabs.org",
            "intel-wired-lan@lists.osuosl.org"
        ],
        "Received": [
            "from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ozlabs.org (Postfix) with ESMTP id 3qbVtq1zKKz9sBg\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri,  1 Apr 2016 03:52:50 +1100 (AEDT)",
            "from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 5636991D50;\n\tThu, 31 Mar 2016 16:52:50 +0000 (UTC)",
            "from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 0lrY+E9zK2h9; Thu, 31 Mar 2016 16:52:49 +0000 (UTC)",
            "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 7A8CB91D1D;\n\tThu, 31 Mar 2016 16:52:49 +0000 (UTC)",
            "from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\tby ash.osuosl.org (Postfix) with ESMTP id 1FB701BF972\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tThu, 31 Mar 2016 16:52:49 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 1B410A61B8\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tThu, 31 Mar 2016 16:52:49 +0000 (UTC)",
            "from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id zkYMz30nuhqz for <intel-wired-lan@lists.osuosl.org>;\n\tThu, 31 Mar 2016 16:52:48 +0000 (UTC)",
            "from mga04.intel.com (mga04.intel.com [192.55.52.120])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 86A91A61BA\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tThu, 31 Mar 2016 16:52:48 +0000 (UTC)",
            "from orsmga003.jf.intel.com ([10.7.209.27])\n\tby fmsmga104.fm.intel.com with ESMTP; 31 Mar 2016 09:52:48 -0700",
            "from jekeller-desk.amr.corp.intel.com (HELO\n\tjekeller-desk.jekeller.internal) ([134.134.3.87])\n\tby orsmga003.jf.intel.com with ESMTP; 31 Mar 2016 09:52:39 -0700"
        ],
        "X-Virus-Scanned": [
            "amavisd-new at osuosl.org",
            "amavisd-new at osuosl.org"
        ],
        "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6",
        "X-ExtLoop1": "1",
        "X-IronPort-AV": "E=Sophos;i=\"5.24,423,1455004800\"; d=\"scan'208\";a=\"775561129\"",
        "From": "Jacob Keller <jacob.e.keller@intel.com>",
        "To": "Intel Wired LAN <intel-wired-lan@lists.osuosl.org>",
        "Date": "Thu, 31 Mar 2016 09:52:30 -0700",
        "Message-Id": "<1459443150-3461-1-git-send-email-jacob.e.keller@intel.com>",
        "X-Mailer": "git-send-email 2.8.0.rc1.177.g5628860",
        "Subject": "[Intel-wired-lan] [PATCH net] fm10k: fix multi-bit VLAN update\n\trequests from VF",
        "X-BeenThere": "intel-wired-lan@lists.osuosl.org",
        "X-Mailman-Version": "2.1.18-1",
        "Precedence": "list",
        "List-Id": "Intel Wired Ethernet Linux Kernel Driver Development\n\t<intel-wired-lan.lists.osuosl.org>",
        "List-Unsubscribe": "<http://lists.osuosl.org/mailman/options/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@lists.osuosl.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.osuosl.org/pipermail/intel-wired-lan/>",
        "List-Post": "<mailto:intel-wired-lan@lists.osuosl.org>",
        "List-Help": "<mailto:intel-wired-lan-request@lists.osuosl.org?subject=help>",
        "List-Subscribe": "<http://lists.osuosl.org/mailman/listinfo/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@lists.osuosl.org?subject=subscribe>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "intel-wired-lan-bounces@lists.osuosl.org",
        "Sender": "\"Intel-wired-lan\" <intel-wired-lan-bounces@lists.osuosl.org>"
    },
    "content": "The VF uses a multi-bit update request to clear unused VLANs whenever it\nresets. However, an accident in a previous refector broke multi-bit\nupdates for VFs, due to misreading a comment in fm10k_vf.c and\nattempting to reduce code duplication. The problem occurs because\na multi-bit request has a non-zero length, and the PF would simply drop\nany request with the upper 16 bits set.\n\nWe can't simply remove the check of the upper 16 bits and the call to\nfm10k_iov_select vid, because this would remove the checks for default\nVID and for ensuring no other VLANs can be enabled except pf_vid when it\nhas been set. To resolve that issue, this revision uses the\niov_select_vid when we have a single-bit update, and denies any\nmulti-bit update when the VLAN was administratively set by the PF. This\nshould be ok since the PF properly updates VLAN_TABLE when it assigns\nthe PF vid. This ensures that requests to add or remove the PF vid work\nas expected, but a rogue VF could not use the multi-bit update as\na loophole to attempt receiving traffic on other VLANs.\n\nReported-by: Ngai-Mint Kwan <ngai-mint.kwan@intel.com>\nSigned-off-by: Jacob Keller <jacob.e.keller@intel.com>\n---\n\nNotes:\n    Testing-hints:\n      This patch fixes HSD 7661917\n    \n    This should probably be backported onto the net tree as it is a possible\n    security issue.\n\n drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 30 +++++++++++++++++++++--------\n 1 file changed, 22 insertions(+), 8 deletions(-)",
    "diff": "diff --git a/drivers/net/ethernet/intel/fm10k/fm10k_pf.c b/drivers/net/ethernet/intel/fm10k/fm10k_pf.c\nindex ecc99f9d2cce..d37e94df8828 100644\n--- a/drivers/net/ethernet/intel/fm10k/fm10k_pf.c\n+++ b/drivers/net/ethernet/intel/fm10k/fm10k_pf.c\n@@ -1223,18 +1223,32 @@ s32 fm10k_iov_msg_mac_vlan_pf(struct fm10k_hw *hw, u32 **results,\n \t\tif (err)\n \t\t\treturn err;\n \n-\t\t/* verify upper 16 bits are zero */\n-\t\tif (vid >> 16)\n-\t\t\treturn FM10K_ERR_PARAM;\n-\n \t\tset = !(vid & FM10K_VLAN_CLEAR);\n \t\tvid &= ~FM10K_VLAN_CLEAR;\n \n-\t\terr = fm10k_iov_select_vid(vf_info, (u16)vid);\n-\t\tif (err < 0)\n-\t\t\treturn err;\n+\t\t/* if the length field has been set, this is a multi-bit\n+\t\t * update request. For multi-bit requests, simply disallow\n+\t\t * them when the pf_vid has been set. In this case, the PF\n+\t\t * should have already cleared the VLAN_TABLE, and if we\n+\t\t * allowed them, it could allow a rogue VF to receive traffic\n+\t\t * on a VLAN it was not assigned. In the single-bit case, we\n+\t\t * need to modify requests for VLAN 0 to use the default PF or\n+\t\t * SW vid when assigned.\n+\t\t */\n \n-\t\tvid = err;\n+\t\tif (vid >> 16) {\n+\t\t\t/* prevent multi-bit requests when PF has\n+\t\t\t * administratively set the VLAN for this VF\n+\t\t\t */\n+\t\t\tif (vf_info->pf_vid)\n+\t\t\t\treturn FM10K_ERR_PARAM;\n+\t\t} else {\n+\t\t\terr = fm10k_iov_select_vid(vf_info, (u16)vid);\n+\t\t\tif (err < 0)\n+\t\t\t\treturn err;\n+\n+\t\t\tvid = err;\n+\t\t}\n \n \t\t/* update VSI info for VF in regards to VLAN table */\n \t\terr = hw->mac.ops.update_vlan(hw, vid, vf_info->vsi, set);\n",
    "prefixes": [
        "net"
    ]
}