Commit bd4302b8 authored by Hariprasad Kelam's avatar Hariprasad Kelam Committed by David S. Miller

octeontx2-af: add new mailbox to configure VF trust mode

Add new mailbox to enable PF to configure VF as trusted VF.
Trusted VF feature allows VFs to perform priviliged operations
such as enabling VF promiscuous mode, all-multicast mode and
changing the VF MAC address configured by PF. Refactored the
VF interface flags maintained by the AF driver such that the
flags do not overlap for various configurations.
Signed-off-by: default avatarHariprasad Kelam <hkelam@marvell.com>
Signed-off-by: default avatarNaveen Mamindlapalli <naveenm@marvell.com>
Signed-off-by: default avatarSunil Kovvuri Goutham <Sunil.Goutham@marvell.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cbc100aa
...@@ -134,6 +134,7 @@ M(MSIX_OFFSET, 0x005, msix_offset, msg_req, msix_offset_rsp) \ ...@@ -134,6 +134,7 @@ M(MSIX_OFFSET, 0x005, msix_offset, msg_req, msix_offset_rsp) \
M(VF_FLR, 0x006, vf_flr, msg_req, msg_rsp) \ M(VF_FLR, 0x006, vf_flr, msg_req, msg_rsp) \
M(PTP_OP, 0x007, ptp_op, ptp_req, ptp_rsp) \ M(PTP_OP, 0x007, ptp_op, ptp_req, ptp_rsp) \
M(GET_HW_CAP, 0x008, get_hw_cap, msg_req, get_hw_cap_rsp) \ M(GET_HW_CAP, 0x008, get_hw_cap, msg_req, get_hw_cap_rsp) \
M(SET_VF_PERM, 0x00b, set_vf_perm, set_vf_perm, msg_rsp) \
/* CGX mbox IDs (range 0x200 - 0x3FF) */ \ /* CGX mbox IDs (range 0x200 - 0x3FF) */ \
M(CGX_START_RXTX, 0x200, cgx_start_rxtx, msg_req, msg_rsp) \ M(CGX_START_RXTX, 0x200, cgx_start_rxtx, msg_req, msg_rsp) \
M(CGX_STOP_RXTX, 0x201, cgx_stop_rxtx, msg_req, msg_rsp) \ M(CGX_STOP_RXTX, 0x201, cgx_stop_rxtx, msg_req, msg_rsp) \
...@@ -1231,6 +1232,14 @@ struct ptp_rsp { ...@@ -1231,6 +1232,14 @@ struct ptp_rsp {
u64 clk; u64 clk;
}; };
struct set_vf_perm {
struct mbox_msghdr hdr;
u16 vf;
#define RESET_VF_PERM BIT_ULL(0)
#define VF_TRUSTED BIT_ULL(1)
u64 flags;
};
/* CPT mailbox error codes /* CPT mailbox error codes
* Range 901 - 1000. * Range 901 - 1000.
*/ */
......
...@@ -1758,6 +1758,48 @@ int rvu_mbox_handler_get_hw_cap(struct rvu *rvu, struct msg_req *req, ...@@ -1758,6 +1758,48 @@ int rvu_mbox_handler_get_hw_cap(struct rvu *rvu, struct msg_req *req,
return 0; return 0;
} }
int rvu_mbox_handler_set_vf_perm(struct rvu *rvu, struct set_vf_perm *req,
struct msg_rsp *rsp)
{
struct rvu_hwinfo *hw = rvu->hw;
u16 pcifunc = req->hdr.pcifunc;
struct rvu_pfvf *pfvf;
int blkaddr, nixlf;
u16 target;
/* Only PF can add VF permissions */
if ((pcifunc & RVU_PFVF_FUNC_MASK) || is_afvf(pcifunc))
return -EOPNOTSUPP;
target = (pcifunc & ~RVU_PFVF_FUNC_MASK) | (req->vf + 1);
pfvf = rvu_get_pfvf(rvu, target);
if (req->flags & RESET_VF_PERM) {
pfvf->flags &= RVU_CLEAR_VF_PERM;
} else if (test_bit(PF_SET_VF_TRUSTED, &pfvf->flags) ^
(req->flags & VF_TRUSTED)) {
change_bit(PF_SET_VF_TRUSTED, &pfvf->flags);
/* disable multicast and promisc entries */
if (!test_bit(PF_SET_VF_TRUSTED, &pfvf->flags)) {
blkaddr = rvu_get_blkaddr(rvu, BLKTYPE_NIX, target);
if (blkaddr < 0)
return 0;
nixlf = rvu_get_lf(rvu, &hw->block[blkaddr],
target, 0);
if (nixlf < 0)
return 0;
npc_enadis_default_mce_entry(rvu, target, nixlf,
NIXLF_ALLMULTI_ENTRY,
false);
npc_enadis_default_mce_entry(rvu, target, nixlf,
NIXLF_PROMISC_ENTRY,
false);
}
}
return 0;
}
static int rvu_process_mbox_msg(struct otx2_mbox *mbox, int devid, static int rvu_process_mbox_msg(struct otx2_mbox *mbox, int devid,
struct mbox_msghdr *req) struct mbox_msghdr *req)
{ {
......
...@@ -223,7 +223,6 @@ struct rvu_pfvf { ...@@ -223,7 +223,6 @@ struct rvu_pfvf {
u16 maxlen; u16 maxlen;
u16 minlen; u16 minlen;
u8 pf_set_vf_cfg;
u8 mac_addr[ETH_ALEN]; /* MAC address of this PF/VF */ u8 mac_addr[ETH_ALEN]; /* MAC address of this PF/VF */
u8 default_mac[ETH_ALEN]; /* MAC address from FWdata */ u8 default_mac[ETH_ALEN]; /* MAC address from FWdata */
...@@ -249,8 +248,13 @@ struct rvu_pfvf { ...@@ -249,8 +248,13 @@ struct rvu_pfvf {
enum rvu_pfvf_flags { enum rvu_pfvf_flags {
NIXLF_INITIALIZED = 0, NIXLF_INITIALIZED = 0,
PF_SET_VF_MAC,
PF_SET_VF_CFG,
PF_SET_VF_TRUSTED,
}; };
#define RVU_CLEAR_VF_PERM ~GENMASK(PF_SET_VF_TRUSTED, PF_SET_VF_MAC)
struct nix_txsch { struct nix_txsch {
struct rsrc_bmap schq; struct rsrc_bmap schq;
u8 lvl; u8 lvl;
......
...@@ -3137,15 +3137,22 @@ int rvu_mbox_handler_nix_set_mac_addr(struct rvu *rvu, ...@@ -3137,15 +3137,22 @@ int rvu_mbox_handler_nix_set_mac_addr(struct rvu *rvu,
pfvf = rvu_get_pfvf(rvu, pcifunc); pfvf = rvu_get_pfvf(rvu, pcifunc);
/* VF can't overwrite admin(PF) changes */ /* untrusted VF can't overwrite admin(PF) changes */
if (from_vf && pfvf->pf_set_vf_cfg) if (!test_bit(PF_SET_VF_TRUSTED, &pfvf->flags) &&
(from_vf && test_bit(PF_SET_VF_MAC, &pfvf->flags))) {
dev_warn(rvu->dev,
"MAC address set by admin(PF) cannot be overwritten by untrusted VF");
return -EPERM; return -EPERM;
}
ether_addr_copy(pfvf->mac_addr, req->mac_addr); ether_addr_copy(pfvf->mac_addr, req->mac_addr);
rvu_npc_install_ucast_entry(rvu, pcifunc, nixlf, rvu_npc_install_ucast_entry(rvu, pcifunc, nixlf,
pfvf->rx_chan_base, req->mac_addr); pfvf->rx_chan_base, req->mac_addr);
if (test_bit(PF_SET_VF_TRUSTED, &pfvf->flags) && from_vf)
ether_addr_copy(pfvf->default_mac, req->mac_addr);
return 0; return 0;
} }
...@@ -3188,6 +3195,11 @@ int rvu_mbox_handler_nix_set_rx_mode(struct rvu *rvu, struct nix_rx_mode *req, ...@@ -3188,6 +3195,11 @@ int rvu_mbox_handler_nix_set_rx_mode(struct rvu *rvu, struct nix_rx_mode *req,
return 0; return 0;
} }
/* untrusted VF can't configure promisc/allmulti */
if (is_vf(pcifunc) && !test_bit(PF_SET_VF_TRUSTED, &pfvf->flags) &&
(promisc || allmulti))
return 0;
err = nix_get_nixlf(rvu, pcifunc, &nixlf, NULL); err = nix_get_nixlf(rvu, pcifunc, &nixlf, NULL);
if (err) if (err)
return err; return err;
......
...@@ -1103,9 +1103,11 @@ static int npc_install_flow(struct rvu *rvu, int blkaddr, u16 target, ...@@ -1103,9 +1103,11 @@ static int npc_install_flow(struct rvu *rvu, int blkaddr, u16 target,
if (pf_set_vfs_mac) { if (pf_set_vfs_mac) {
ether_addr_copy(pfvf->default_mac, req->packet.dmac); ether_addr_copy(pfvf->default_mac, req->packet.dmac);
ether_addr_copy(pfvf->mac_addr, req->packet.dmac); ether_addr_copy(pfvf->mac_addr, req->packet.dmac);
set_bit(PF_SET_VF_MAC, &pfvf->flags);
} }
if (pfvf->pf_set_vf_cfg && req->vtag0_type == NIX_AF_LFX_RX_VTAG_TYPE7) if (test_bit(PF_SET_VF_CFG, &pfvf->flags) &&
req->vtag0_type == NIX_AF_LFX_RX_VTAG_TYPE7)
rule->vfvlan_cfg = true; rule->vfvlan_cfg = true;
return 0; return 0;
...@@ -1167,7 +1169,7 @@ int rvu_mbox_handler_npc_install_flow(struct rvu *rvu, ...@@ -1167,7 +1169,7 @@ int rvu_mbox_handler_npc_install_flow(struct rvu *rvu,
/* PF installing for its VF */ /* PF installing for its VF */
if (req->hdr.pcifunc && !from_vf && req->vf) if (req->hdr.pcifunc && !from_vf && req->vf)
pfvf->pf_set_vf_cfg = 1; set_bit(PF_SET_VF_CFG, &pfvf->flags);
/* update req destination mac addr */ /* update req destination mac addr */
if ((req->features & BIT_ULL(NPC_DMAC)) && is_npc_intf_rx(req->intf) && if ((req->features & BIT_ULL(NPC_DMAC)) && is_npc_intf_rx(req->intf) &&
...@@ -1177,7 +1179,7 @@ int rvu_mbox_handler_npc_install_flow(struct rvu *rvu, ...@@ -1177,7 +1179,7 @@ int rvu_mbox_handler_npc_install_flow(struct rvu *rvu,
} }
err = nix_get_nixlf(rvu, target, &nixlf, NULL); err = nix_get_nixlf(rvu, target, &nixlf, NULL);
if (err) if (err && is_npc_intf_rx(req->intf) && !pf_set_vfs_mac)
return -EINVAL; return -EINVAL;
/* don't enable rule when nixlf not attached or initialized */ /* don't enable rule when nixlf not attached or initialized */
...@@ -1196,6 +1198,14 @@ int rvu_mbox_handler_npc_install_flow(struct rvu *rvu, ...@@ -1196,6 +1198,14 @@ int rvu_mbox_handler_npc_install_flow(struct rvu *rvu,
if (from_vf && !enable) if (from_vf && !enable)
return -EINVAL; return -EINVAL;
/* PF sets VF mac & VF NIXLF is not attached, update the mac addr */
if (pf_set_vfs_mac && !enable) {
ether_addr_copy(pfvf->default_mac, req->packet.dmac);
ether_addr_copy(pfvf->mac_addr, req->packet.dmac);
set_bit(PF_SET_VF_MAC, &pfvf->flags);
return 0;
}
/* If message is from VF then its flow should not overlap with /* If message is from VF then its flow should not overlap with
* reserved unicast flow. * reserved unicast flow.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment