Sashiko reported that the PF driver accepts arbitrary MAC address from from VF mailbox messages without proper validation, creating a security vulnerability [1]. In enetc_msg_pf_set_vf_primary_mac_addr(), the MAC address is extracted directly from the message buffer (cmd->mac.sa_data) and programmed into hardware via pf->ops->set_si_primary_mac() without any validity checks. A malicious VF can configure a multicast, broadcast, or all-zero MAC address. Therefore, add validation to check the MAC address provided by VF before configuring it through the mailbox interface. When a VF attempts to set its primary MAC address via ENETC_MSG_CMD_MNG_ADD command, the PF should validate whether the provided MAC address is valid. Reject invalid MAC addresses and return failure status to the VF, with a rate-limited warning message to prevent log flooding in case of repeated invalid requests. This prevents VFs from configuring invalid MAC addresses that could cause network connectivity issues or unexpected behavior. Link: https://sashiko.dev/#/patchset/20260511080805.2052495-1-wei.fang%40nxp.com #1 Fixes: beb74ac878c8 ("enetc: Add vf to pf messaging support") Signed-off-by: Wei Fang --- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf.c b/drivers/net/ethernet/freescale/enetc/enetc_pf.c index a12fd54a475f..756614ffa8c6 100644 --- a/drivers/net/ethernet/freescale/enetc/enetc_pf.c +++ b/drivers/net/ethernet/freescale/enetc/enetc_pf.c @@ -493,6 +493,12 @@ static u16 enetc_msg_pf_set_vf_primary_mac_addr(struct enetc_pf *pf, return ENETC_MSG_CMD_STATUS_FAIL; addr = cmd->mac.sa_data; + if (!is_valid_ether_addr(addr)) { + dev_warn_ratelimited(dev, "VF%d attempted to set invalid MAC", + vf_id); + return ENETC_MSG_CMD_STATUS_FAIL; + } + if (vf_state->flags & ENETC_VF_FLAG_PF_SET_MAC) dev_warn(dev, "Attempt to override PF set mac addr for VF%d\n", vf_id); -- 2.34.1