ice: Allow ignoring opcodes on specific VF

Declare bitmap of allowed commands on VF. Initialize default
opcodes list that should be always supported. Declare array of
supported opcodes for each caps used in virtchnl code.

Change allowed bitmap by setting or clearing corresponding
bit to allowlist (bit set) or denylist (bit clear).

Signed-off-by: Michal Swiatkowski <michal.swiatkowski@intel.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
This commit is contained in:
Michal Swiatkowski 2021-03-02 10:12:01 -08:00 коммит произвёл Tony Nguyen
Родитель 0891c89674
Коммит c0dcaa55f9
6 изменённых файлов: 199 добавлений и 0 удалений

Просмотреть файл

@ -26,6 +26,7 @@ ice-y := ice_main.o \
ice_fw_update.o \ ice_fw_update.o \
ice_lag.o \ ice_lag.o \
ice_ethtool.o ice_ethtool.o
ice-$(CONFIG_PCI_IOV) += ice_virtchnl_allowlist.o
ice-$(CONFIG_PCI_IOV) += ice_virtchnl_pf.o ice_sriov.o ice_virtchnl_fdir.o ice-$(CONFIG_PCI_IOV) += ice_virtchnl_pf.o ice_sriov.o ice_virtchnl_fdir.o
ice-$(CONFIG_DCB) += ice_dcb.o ice_dcb_nl.o ice_dcb_lib.o ice-$(CONFIG_DCB) += ice_dcb.o ice_dcb_nl.o ice_dcb_lib.o
ice-$(CONFIG_RFS_ACCEL) += ice_arfs.o ice-$(CONFIG_RFS_ACCEL) += ice_arfs.o

Просмотреть файл

@ -0,0 +1,165 @@
// SPDX-License-Identifier: GPL-2.0
/* Copyright (C) 2021, Intel Corporation. */
#include "ice_virtchnl_allowlist.h"
/* Purpose of this file is to share functionality to allowlist or denylist
* opcodes used in PF <-> VF communication. Group of opcodes:
* - default -> should be always allowed after creating VF,
* default_allowlist_opcodes
* - opcodes needed by VF to work correctly, but not associated with caps ->
* should be allowed after successful VF resources allocation,
* working_allowlist_opcodes
* - opcodes needed by VF when caps are activated
*
* Caps that don't use new opcodes (no opcodes should be allowed):
* - VIRTCHNL_VF_OFFLOAD_RSS_AQ
* - VIRTCHNL_VF_OFFLOAD_RSS_REG
* - VIRTCHNL_VF_OFFLOAD_WB_ON_ITR
* - VIRTCHNL_VF_OFFLOAD_CRC
* - VIRTCHNL_VF_OFFLOAD_RX_POLLING
* - VIRTCHNL_VF_OFFLOAD_RSS_PCTYPE_V2
* - VIRTCHNL_VF_OFFLOAD_ENCAP
* - VIRTCHNL_VF_OFFLOAD_ENCAP_CSUM
* - VIRTCHNL_VF_OFFLOAD_RX_ENCAP_CSUM
* - VIRTCHNL_VF_OFFLOAD_USO
*/
/* default opcodes to communicate with VF */
static const u32 default_allowlist_opcodes[] = {
VIRTCHNL_OP_GET_VF_RESOURCES, VIRTCHNL_OP_VERSION, VIRTCHNL_OP_RESET_VF,
};
/* opcodes supported after successful VIRTCHNL_OP_GET_VF_RESOURCES */
static const u32 working_allowlist_opcodes[] = {
VIRTCHNL_OP_CONFIG_TX_QUEUE, VIRTCHNL_OP_CONFIG_RX_QUEUE,
VIRTCHNL_OP_CONFIG_VSI_QUEUES, VIRTCHNL_OP_CONFIG_IRQ_MAP,
VIRTCHNL_OP_ENABLE_QUEUES, VIRTCHNL_OP_DISABLE_QUEUES,
VIRTCHNL_OP_GET_STATS, VIRTCHNL_OP_EVENT,
};
/* VIRTCHNL_VF_OFFLOAD_L2 */
static const u32 l2_allowlist_opcodes[] = {
VIRTCHNL_OP_ADD_ETH_ADDR, VIRTCHNL_OP_DEL_ETH_ADDR,
VIRTCHNL_OP_CONFIG_PROMISCUOUS_MODE,
};
/* VIRTCHNL_VF_OFFLOAD_REQ_QUEUES */
static const u32 req_queues_allowlist_opcodes[] = {
VIRTCHNL_OP_REQUEST_QUEUES,
};
/* VIRTCHNL_VF_OFFLOAD_VLAN */
static const u32 vlan_allowlist_opcodes[] = {
VIRTCHNL_OP_ADD_VLAN, VIRTCHNL_OP_DEL_VLAN,
VIRTCHNL_OP_ENABLE_VLAN_STRIPPING, VIRTCHNL_OP_DISABLE_VLAN_STRIPPING,
};
/* VIRTCHNL_VF_OFFLOAD_RSS_PF */
static const u32 rss_pf_allowlist_opcodes[] = {
VIRTCHNL_OP_CONFIG_RSS_KEY, VIRTCHNL_OP_CONFIG_RSS_LUT,
VIRTCHNL_OP_GET_RSS_HENA_CAPS, VIRTCHNL_OP_SET_RSS_HENA,
};
/* VIRTCHNL_VF_OFFLOAD_FDIR_PF */
static const u32 fdir_pf_allowlist_opcodes[] = {
VIRTCHNL_OP_ADD_FDIR_FILTER, VIRTCHNL_OP_DEL_FDIR_FILTER,
};
struct allowlist_opcode_info {
const u32 *opcodes;
size_t size;
};
#define BIT_INDEX(caps) (HWEIGHT((caps) - 1))
#define ALLOW_ITEM(caps, list) \
[BIT_INDEX(caps)] = { \
.opcodes = list, \
.size = ARRAY_SIZE(list) \
}
static const struct allowlist_opcode_info allowlist_opcodes[] = {
ALLOW_ITEM(VIRTCHNL_VF_OFFLOAD_L2, l2_allowlist_opcodes),
ALLOW_ITEM(VIRTCHNL_VF_OFFLOAD_REQ_QUEUES, req_queues_allowlist_opcodes),
ALLOW_ITEM(VIRTCHNL_VF_OFFLOAD_VLAN, vlan_allowlist_opcodes),
ALLOW_ITEM(VIRTCHNL_VF_OFFLOAD_RSS_PF, rss_pf_allowlist_opcodes),
ALLOW_ITEM(VIRTCHNL_VF_OFFLOAD_FDIR_PF, fdir_pf_allowlist_opcodes),
};
/**
* ice_vc_is_opcode_allowed - check if this opcode is allowed on this VF
* @vf: pointer to VF structure
* @opcode: virtchnl opcode
*
* Return true if message is allowed on this VF
*/
bool ice_vc_is_opcode_allowed(struct ice_vf *vf, u32 opcode)
{
if (opcode >= VIRTCHNL_OP_MAX)
return false;
return test_bit(opcode, vf->opcodes_allowlist);
}
/**
* ice_vc_allowlist_opcodes - allowlist selected opcodes
* @vf: pointer to VF structure
* @opcodes: array of opocodes to allowlist
* @size: size of opcodes array
*
* Function should be called to allowlist opcodes on VF.
*/
static void
ice_vc_allowlist_opcodes(struct ice_vf *vf, const u32 *opcodes, size_t size)
{
unsigned int i;
for (i = 0; i < size; i++)
set_bit(opcodes[i], vf->opcodes_allowlist);
}
/**
* ice_vc_clear_allowlist - clear all allowlist opcodes
* @vf: pointer to VF structure
*/
static void ice_vc_clear_allowlist(struct ice_vf *vf)
{
bitmap_zero(vf->opcodes_allowlist, VIRTCHNL_OP_MAX);
}
/**
* ice_vc_set_default_allowlist - allowlist default opcodes for VF
* @vf: pointer to VF structure
*/
void ice_vc_set_default_allowlist(struct ice_vf *vf)
{
ice_vc_clear_allowlist(vf);
ice_vc_allowlist_opcodes(vf, default_allowlist_opcodes,
ARRAY_SIZE(default_allowlist_opcodes));
}
/**
* ice_vc_set_working_allowlist - allowlist opcodes needed to by VF to work
* @vf: pointer to VF structure
*
* allowlist opcodes that aren't associated with specific caps, but
* are needed by VF to work.
*/
void ice_vc_set_working_allowlist(struct ice_vf *vf)
{
ice_vc_allowlist_opcodes(vf, working_allowlist_opcodes,
ARRAY_SIZE(working_allowlist_opcodes));
}
/**
* ice_vc_set_caps_allowlist - allowlist VF opcodes according caps
* @vf: pointer to VF structure
*/
void ice_vc_set_caps_allowlist(struct ice_vf *vf)
{
unsigned long caps = vf->driver_caps;
unsigned int i;
for_each_set_bit(i, &caps, ARRAY_SIZE(allowlist_opcodes))
ice_vc_allowlist_opcodes(vf, allowlist_opcodes[i].opcodes,
allowlist_opcodes[i].size);
}

Просмотреть файл

@ -0,0 +1,13 @@
/* SPDX-License-Identifier: GPL-2.0 */
/* Copyright (C) 2021, Intel Corporation. */
#ifndef _ICE_VIRTCHNL_ALLOWLIST_H_
#define _ICE_VIRTCHNL_ALLOWLIST_H_
#include "ice.h"
bool ice_vc_is_opcode_allowed(struct ice_vf *vf, u32 opcode);
void ice_vc_set_default_allowlist(struct ice_vf *vf);
void ice_vc_set_working_allowlist(struct ice_vf *vf);
void ice_vc_set_caps_allowlist(struct ice_vf *vf);
#endif /* _ICE_VIRTCHNL_ALLOWLIST_H_ */

Просмотреть файл

@ -5,6 +5,7 @@
#include "ice_base.h" #include "ice_base.h"
#include "ice_lib.h" #include "ice_lib.h"
#include "ice_fltr.h" #include "ice_fltr.h"
#include "ice_virtchnl_allowlist.h"
/** /**
* ice_validate_vf_id - helper to check if VF ID is valid * ice_validate_vf_id - helper to check if VF ID is valid
@ -1314,6 +1315,9 @@ bool ice_reset_all_vfs(struct ice_pf *pf, bool is_vflr)
ice_for_each_vf(pf, v) { ice_for_each_vf(pf, v) {
vf = &pf->vf[v]; vf = &pf->vf[v];
vf->driver_caps = 0;
ice_vc_set_default_allowlist(vf);
ice_vf_fdir_exit(vf); ice_vf_fdir_exit(vf);
/* clean VF control VSI when resetting VFs since it should be /* clean VF control VSI when resetting VFs since it should be
* setup only when VF creates its first FDIR rule. * setup only when VF creates its first FDIR rule.
@ -1418,6 +1422,9 @@ bool ice_reset_vf(struct ice_vf *vf, bool is_vflr)
usleep_range(10, 20); usleep_range(10, 20);
} }
vf->driver_caps = 0;
ice_vc_set_default_allowlist(vf);
/* Display a warning if VF didn't manage to reset in time, but need to /* Display a warning if VF didn't manage to reset in time, but need to
* continue on with the operation. * continue on with the operation.
*/ */
@ -1625,6 +1632,7 @@ static void ice_set_dflt_settings_vfs(struct ice_pf *pf)
set_bit(ICE_VIRTCHNL_VF_CAP_L2, &vf->vf_caps); set_bit(ICE_VIRTCHNL_VF_CAP_L2, &vf->vf_caps);
vf->spoofchk = true; vf->spoofchk = true;
vf->num_vf_qs = pf->num_qps_per_vf; vf->num_vf_qs = pf->num_qps_per_vf;
ice_vc_set_default_allowlist(vf);
/* ctrl_vsi_idx will be set to a valid value only when VF /* ctrl_vsi_idx will be set to a valid value only when VF
* creates its first fdir rule. * creates its first fdir rule.
@ -2127,6 +2135,9 @@ static int ice_vc_get_vf_res_msg(struct ice_vf *vf, u8 *msg)
/* match guest capabilities */ /* match guest capabilities */
vf->driver_caps = vfres->vf_cap_flags; vf->driver_caps = vfres->vf_cap_flags;
ice_vc_set_caps_allowlist(vf);
ice_vc_set_working_allowlist(vf);
set_bit(ICE_VF_STATE_ACTIVE, vf->vf_states); set_bit(ICE_VF_STATE_ACTIVE, vf->vf_states);
err: err:
@ -3840,6 +3851,13 @@ void ice_vc_process_vf_msg(struct ice_pf *pf, struct ice_rq_event_info *event)
err = -EINVAL; err = -EINVAL;
} }
if (!ice_vc_is_opcode_allowed(vf, v_opcode)) {
ice_vc_send_msg_to_vf(vf, v_opcode,
VIRTCHNL_STATUS_ERR_NOT_SUPPORTED, NULL,
0);
return;
}
error_handler: error_handler:
if (err) { if (err) {
ice_vc_send_msg_to_vf(vf, v_opcode, VIRTCHNL_STATUS_ERR_PARAM, ice_vc_send_msg_to_vf(vf, v_opcode, VIRTCHNL_STATUS_ERR_PARAM,

Просмотреть файл

@ -103,6 +103,7 @@ struct ice_vf {
u16 num_vf_qs; /* num of queue configured per VF */ u16 num_vf_qs; /* num of queue configured per VF */
struct ice_mdd_vf_events mdd_rx_events; struct ice_mdd_vf_events mdd_rx_events;
struct ice_mdd_vf_events mdd_tx_events; struct ice_mdd_vf_events mdd_tx_events;
DECLARE_BITMAP(opcodes_allowlist, VIRTCHNL_OP_MAX);
}; };
#ifdef CONFIG_PCI_IOV #ifdef CONFIG_PCI_IOV

Просмотреть файл

@ -139,6 +139,7 @@ enum virtchnl_ops {
/* opcode 34 - 46 are reserved */ /* opcode 34 - 46 are reserved */
VIRTCHNL_OP_ADD_FDIR_FILTER = 47, VIRTCHNL_OP_ADD_FDIR_FILTER = 47,
VIRTCHNL_OP_DEL_FDIR_FILTER = 48, VIRTCHNL_OP_DEL_FDIR_FILTER = 48,
VIRTCHNL_OP_MAX,
}; };
/* These macros are used to generate compilation errors if a structure/union /* These macros are used to generate compilation errors if a structure/union