[PATCH net 1/6] net: enetc: validate VF primary MAC address before configuration
From: Wei Fang
Date: Wed May 13 2026 - 07:02:41 EST
Sashiko reported that the PF driver accepts arbitrary MAC address from
from VF mailbox messages without proper validation, creating a security
vulnerability [1].
In enetc_msg_pf_set_vf_primary_mac_addr(), the MAC address is extracted
directly from the message buffer (cmd->mac.sa_data) and programmed into
hardware via pf->ops->set_si_primary_mac() without any validity checks.
A malicious VF can configure a multicast, broadcast, or all-zero MAC
address.
Therefore, add validation to check the MAC address provided by VF before
configuring it through the mailbox interface. When a VF attempts to set
its primary MAC address via ENETC_MSG_CMD_MNG_ADD command, the PF should
validate whether the provided MAC address is valid.
Reject invalid MAC addresses and return failure status to the VF, with a
rate-limited warning message to prevent log flooding in case of repeated
invalid requests.
This prevents VFs from configuring invalid MAC addresses that could cause
network connectivity issues or unexpected behavior.
Link: https://sashiko.dev/#/patchset/20260511080805.2052495-1-wei.fang%40nxp.com #1
Fixes: beb74ac878c8 ("enetc: Add vf to pf messaging support")
Signed-off-by: Wei Fang <wei.fang@xxxxxxx>
---
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf.c b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
index a12fd54a475f..756614ffa8c6 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_pf.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
@@ -493,6 +493,12 @@ static u16 enetc_msg_pf_set_vf_primary_mac_addr(struct enetc_pf *pf,
return ENETC_MSG_CMD_STATUS_FAIL;
addr = cmd->mac.sa_data;
+ if (!is_valid_ether_addr(addr)) {
+ dev_warn_ratelimited(dev, "VF%d attempted to set invalid MAC",
+ vf_id);
+ return ENETC_MSG_CMD_STATUS_FAIL;
+ }
+
if (vf_state->flags & ENETC_VF_FLAG_PF_SET_MAC)
dev_warn(dev, "Attempt to override PF set mac addr for VF%d\n",
vf_id);
--
2.34.1