net/mlx4_core: Add security check / enforcement for flow steering rules set for VMs Since VFs may be mapped to VMs which aren't trusted entities, flow steering rules attached through the wrapper on behalf of VFs must be checked to make sure that their L2 specification relate to MAC address assigned to that VF, and add L2 specification if its missing. Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 7fb40f87c4195ec1728527f30bc744c47a45b366 [log] [tgz]
author: Hadar Hen Zion <hadarh@mellanox.com> Wed Sep 05 22:50:49 2012 +0000
committer: David S. Miller <davem@davemloft.net> Fri Sep 07 12:55:59 2012 -0400
tree: 4a7356fc76c4db03731d7354c66f7b158682d295
parent: a8edc3bf05a3465726afdf635a820761fae0d50b [diff] [blame]
diff --git a/include/linux/mlx4/device.h b/include/linux/mlx4/device.h
index 244ba90..6e1b0f9 100644
--- a/include/linux/mlx4/device.h
+++ b/include/linux/mlx4/device.h

@@ -798,6 +798,17 @@
 
 extern const u16 __sw_id_hw[];
 
+static inline int map_hw_to_sw_id(u16 header_id)
+{
+
+	int i;
+	for (i = 0; i < MLX4_NET_TRANS_RULE_NUM; i++) {
+		if (header_id == __sw_id_hw[i])
+			return i;
+	}
+	return -EINVAL;
+}
+
 enum mlx4_net_trans_promisc_mode {
 	MLX4_FS_PROMISC_NONE = 0,
 	MLX4_FS_PROMISC_UPLINK,
commit	7fb40f87c4195ec1728527f30bc744c47a45b366	[log] [tgz]
author	Hadar Hen Zion <hadarh@mellanox.com>	Wed Sep 05 22:50:49 2012 +0000
committer	David S. Miller <davem@davemloft.net>	Fri Sep 07 12:55:59 2012 -0400
tree	4a7356fc76c4db03731d7354c66f7b158682d295
parent	a8edc3bf05a3465726afdf635a820761fae0d50b [diff] [blame]