> -----Original Message----- > From: Intel-wired-lan <intel-wired-lan-bounces@xxxxxxxxxx> On Behalf Of > Wojciech Drewek > Sent: Monday, June 17, 2024 3:00 PM > To: Zaki, Ahmed <ahmed.zaki@xxxxxxxxx>; intel-wired-lan@xxxxxxxxxxxxxxxx > Cc: Kitszel, Przemyslaw <przemyslaw.kitszel@xxxxxxxxx>; > stable@xxxxxxxxxxxxxxx; Samudrala, Sridhar <sridhar.samudrala@xxxxxxxxx> > Subject: Re: [Intel-wired-lan] [PATCH iwl-next] ice: Add a per-VF limit on > number of FDIR filters > > > > On 14.06.2024 15:18, Ahmed Zaki wrote: > > While the iavf driver adds a s/w limit (128) on the number of FDIR > > filters that the VF can request, a malicious VF driver can request > > more than that and exhaust the resources for other VFs. > > > > Add a similar limit in ice. > > > > CC: stable@xxxxxxxxxxxxxxx > > Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@xxxxxxxxx> > > Suggested-by: Sridhar Samudrala <sridhar.samudrala@xxxxxxxxx> > > Signed-off-by: Ahmed Zaki <ahmed.zaki@xxxxxxxxx> > > --- > > Reviewed-by: Wojciech Drewek <wojciech.drewek@xxxxxxxxx> > > > .../net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- > > drivers/net/ethernet/intel/ice/ice_fdir.h | 3 +++ > > .../net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 ++++++++++++++++ > > .../net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + > > 4 files changed, 21 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c > > b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c > > index e3cab8e98f52..5412eff8ef23 100644 > > --- a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c > > +++ b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c > > @@ -534,7 +534,7 @@ ice_parse_rx_flow_user_data(struct Tested-by: Rafal Romanowski <rafal.romanowski@xxxxxxxxx>
