1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2022, Intel Corporation. */ 3 4 #include "ice_vf_lib_private.h" 5 #include "ice.h" 6 #include "ice_lib.h" 7 #include "ice_fltr.h" 8 #include "ice_virtchnl_allowlist.h" 9 10 /* Public functions which may be accessed by all driver files */ 11 12 /** 13 * ice_get_vf_by_id - Get pointer to VF by ID 14 * @pf: the PF private structure 15 * @vf_id: the VF ID to locate 16 * 17 * Locate and return a pointer to the VF structure associated with a given ID. 18 * Returns NULL if the ID does not have a valid VF structure associated with 19 * it. 20 * 21 * This function takes a reference to the VF, which must be released by 22 * calling ice_put_vf() once the caller is finished accessing the VF structure 23 * returned. 24 */ 25 struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id) 26 { 27 struct ice_vf *vf; 28 29 rcu_read_lock(); 30 hash_for_each_possible_rcu(pf->vfs.table, vf, entry, vf_id) { 31 if (vf->vf_id == vf_id) { 32 struct ice_vf *found; 33 34 if (kref_get_unless_zero(&vf->refcnt)) 35 found = vf; 36 else 37 found = NULL; 38 39 rcu_read_unlock(); 40 return found; 41 } 42 } 43 rcu_read_unlock(); 44 45 return NULL; 46 } 47 48 /** 49 * ice_release_vf - Release VF associated with a refcount 50 * @ref: the kref decremented to zero 51 * 52 * Callback function for kref_put to release a VF once its reference count has 53 * hit zero. 54 */ 55 static void ice_release_vf(struct kref *ref) 56 { 57 struct ice_vf *vf = container_of(ref, struct ice_vf, refcnt); 58 59 vf->vf_ops->free(vf); 60 } 61 62 /** 63 * ice_put_vf - Release a reference to a VF 64 * @vf: the VF structure to decrease reference count on 65 * 66 * Decrease the reference count for a VF, and free the entry if it is no 67 * longer in use. 68 * 69 * This must be called after ice_get_vf_by_id() once the reference to the VF 70 * structure is no longer used. Otherwise, the VF structure will never be 71 * freed. 72 */ 73 void ice_put_vf(struct ice_vf *vf) 74 { 75 kref_put(&vf->refcnt, ice_release_vf); 76 } 77 78 /** 79 * ice_has_vfs - Return true if the PF has any associated VFs 80 * @pf: the PF private structure 81 * 82 * Return whether or not the PF has any allocated VFs. 83 * 84 * Note that this function only guarantees that there are no VFs at the point 85 * of calling it. It does not guarantee that no more VFs will be added. 86 */ 87 bool ice_has_vfs(struct ice_pf *pf) 88 { 89 /* A simple check that the hash table is not empty does not require 90 * the mutex or rcu_read_lock. 91 */ 92 return !hash_empty(pf->vfs.table); 93 } 94 95 /** 96 * ice_get_num_vfs - Get number of allocated VFs 97 * @pf: the PF private structure 98 * 99 * Return the total number of allocated VFs. NOTE: VF IDs are not guaranteed 100 * to be contiguous. Do not assume that a VF ID is guaranteed to be less than 101 * the output of this function. 102 */ 103 u16 ice_get_num_vfs(struct ice_pf *pf) 104 { 105 struct ice_vf *vf; 106 unsigned int bkt; 107 u16 num_vfs = 0; 108 109 rcu_read_lock(); 110 ice_for_each_vf_rcu(pf, bkt, vf) 111 num_vfs++; 112 rcu_read_unlock(); 113 114 return num_vfs; 115 } 116 117 /** 118 * ice_get_vf_vsi - get VF's VSI based on the stored index 119 * @vf: VF used to get VSI 120 */ 121 struct ice_vsi *ice_get_vf_vsi(struct ice_vf *vf) 122 { 123 if (vf->lan_vsi_idx == ICE_NO_VSI) 124 return NULL; 125 126 return vf->pf->vsi[vf->lan_vsi_idx]; 127 } 128 129 /** 130 * ice_is_vf_disabled 131 * @vf: pointer to the VF info 132 * 133 * If the PF has been disabled, there is no need resetting VF until PF is 134 * active again. Similarly, if the VF has been disabled, this means something 135 * else is resetting the VF, so we shouldn't continue. 136 * 137 * Returns true if the caller should consider the VF as disabled whether 138 * because that single VF is explicitly disabled or because the PF is 139 * currently disabled. 140 */ 141 bool ice_is_vf_disabled(struct ice_vf *vf) 142 { 143 struct ice_pf *pf = vf->pf; 144 145 return (test_bit(ICE_VF_DIS, pf->state) || 146 test_bit(ICE_VF_STATE_DIS, vf->vf_states)); 147 } 148 149 /** 150 * ice_wait_on_vf_reset - poll to make sure a given VF is ready after reset 151 * @vf: The VF being resseting 152 * 153 * The max poll time is about ~800ms, which is about the maximum time it takes 154 * for a VF to be reset and/or a VF driver to be removed. 155 */ 156 static void ice_wait_on_vf_reset(struct ice_vf *vf) 157 { 158 int i; 159 160 for (i = 0; i < ICE_MAX_VF_RESET_TRIES; i++) { 161 if (test_bit(ICE_VF_STATE_INIT, vf->vf_states)) 162 break; 163 msleep(ICE_MAX_VF_RESET_SLEEP_MS); 164 } 165 } 166 167 /** 168 * ice_check_vf_ready_for_cfg - check if VF is ready to be configured/queried 169 * @vf: VF to check if it's ready to be configured/queried 170 * 171 * The purpose of this function is to make sure the VF is not in reset, not 172 * disabled, and initialized so it can be configured and/or queried by a host 173 * administrator. 174 */ 175 int ice_check_vf_ready_for_cfg(struct ice_vf *vf) 176 { 177 ice_wait_on_vf_reset(vf); 178 179 if (ice_is_vf_disabled(vf)) 180 return -EINVAL; 181 182 if (ice_check_vf_init(vf)) 183 return -EBUSY; 184 185 return 0; 186 } 187 188 /** 189 * ice_trigger_vf_reset - Reset a VF on HW 190 * @vf: pointer to the VF structure 191 * @is_vflr: true if VFLR was issued, false if not 192 * @is_pfr: true if the reset was triggered due to a previous PFR 193 * 194 * Trigger hardware to start a reset for a particular VF. Expects the caller 195 * to wait the proper amount of time to allow hardware to reset the VF before 196 * it cleans up and restores VF functionality. 197 */ 198 static void ice_trigger_vf_reset(struct ice_vf *vf, bool is_vflr, bool is_pfr) 199 { 200 /* Inform VF that it is no longer active, as a warning */ 201 clear_bit(ICE_VF_STATE_ACTIVE, vf->vf_states); 202 203 /* Disable VF's configuration API during reset. The flag is re-enabled 204 * when it's safe again to access VF's VSI. 205 */ 206 clear_bit(ICE_VF_STATE_INIT, vf->vf_states); 207 208 /* VF_MBX_ARQLEN and VF_MBX_ATQLEN are cleared by PFR, so the driver 209 * needs to clear them in the case of VFR/VFLR. If this is done for 210 * PFR, it can mess up VF resets because the VF driver may already 211 * have started cleanup by the time we get here. 212 */ 213 if (!is_pfr) 214 vf->vf_ops->clear_mbx_register(vf); 215 216 vf->vf_ops->trigger_reset_register(vf, is_vflr); 217 } 218 219 static void ice_vf_clear_counters(struct ice_vf *vf) 220 { 221 struct ice_vsi *vsi = ice_get_vf_vsi(vf); 222 223 vf->num_mac = 0; 224 vsi->num_vlan = 0; 225 memset(&vf->mdd_tx_events, 0, sizeof(vf->mdd_tx_events)); 226 memset(&vf->mdd_rx_events, 0, sizeof(vf->mdd_rx_events)); 227 } 228 229 /** 230 * ice_vf_pre_vsi_rebuild - tasks to be done prior to VSI rebuild 231 * @vf: VF to perform pre VSI rebuild tasks 232 * 233 * These tasks are items that don't need to be amortized since they are most 234 * likely called in a for loop with all VF(s) in the reset_all_vfs() case. 235 */ 236 static void ice_vf_pre_vsi_rebuild(struct ice_vf *vf) 237 { 238 ice_vf_clear_counters(vf); 239 vf->vf_ops->clear_reset_trigger(vf); 240 } 241 242 /** 243 * ice_vf_rebuild_vsi - rebuild the VF's VSI 244 * @vf: VF to rebuild the VSI for 245 * 246 * This is only called when all VF(s) are being reset (i.e. PCIe Reset on the 247 * host, PFR, CORER, etc.). 248 */ 249 static int ice_vf_rebuild_vsi(struct ice_vf *vf) 250 { 251 struct ice_vsi *vsi = ice_get_vf_vsi(vf); 252 struct ice_pf *pf = vf->pf; 253 254 if (ice_vsi_rebuild(vsi, true)) { 255 dev_err(ice_pf_to_dev(pf), "failed to rebuild VF %d VSI\n", 256 vf->vf_id); 257 return -EIO; 258 } 259 /* vsi->idx will remain the same in this case so don't update 260 * vf->lan_vsi_idx 261 */ 262 vsi->vsi_num = ice_get_hw_vsi_num(&pf->hw, vsi->idx); 263 vf->lan_vsi_num = vsi->vsi_num; 264 265 return 0; 266 } 267 268 /** 269 * ice_is_any_vf_in_promisc - check if any VF(s) are in promiscuous mode 270 * @pf: PF structure for accessing VF(s) 271 * 272 * Return false if no VF(s) are in unicast and/or multicast promiscuous mode, 273 * else return true 274 */ 275 bool ice_is_any_vf_in_promisc(struct ice_pf *pf) 276 { 277 bool is_vf_promisc = false; 278 struct ice_vf *vf; 279 unsigned int bkt; 280 281 rcu_read_lock(); 282 ice_for_each_vf_rcu(pf, bkt, vf) { 283 /* found a VF that has promiscuous mode configured */ 284 if (test_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states) || 285 test_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) { 286 is_vf_promisc = true; 287 break; 288 } 289 } 290 rcu_read_unlock(); 291 292 return is_vf_promisc; 293 } 294 295 /** 296 * ice_vf_set_vsi_promisc - Enable promiscuous mode for a VF VSI 297 * @vf: the VF to configure 298 * @vsi: the VF's VSI 299 * @promisc_m: the promiscuous mode to enable 300 */ 301 int 302 ice_vf_set_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m) 303 { 304 struct ice_hw *hw = &vsi->back->hw; 305 int status; 306 307 if (ice_vf_is_port_vlan_ena(vf)) 308 status = ice_fltr_set_vsi_promisc(hw, vsi->idx, promisc_m, 309 ice_vf_get_port_vlan_id(vf)); 310 else if (ice_vsi_has_non_zero_vlans(vsi)) 311 status = ice_fltr_set_vlan_vsi_promisc(hw, vsi, promisc_m); 312 else 313 status = ice_fltr_set_vsi_promisc(hw, vsi->idx, promisc_m, 0); 314 315 if (status && status != -EEXIST) { 316 dev_err(ice_pf_to_dev(vsi->back), "enable Tx/Rx filter promiscuous mode on VF-%u failed, error: %d\n", 317 vf->vf_id, status); 318 return status; 319 } 320 321 return 0; 322 } 323 324 /** 325 * ice_vf_clear_vsi_promisc - Disable promiscuous mode for a VF VSI 326 * @vf: the VF to configure 327 * @vsi: the VF's VSI 328 * @promisc_m: the promiscuous mode to disable 329 */ 330 int 331 ice_vf_clear_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m) 332 { 333 struct ice_hw *hw = &vsi->back->hw; 334 int status; 335 336 if (ice_vf_is_port_vlan_ena(vf)) 337 status = ice_fltr_clear_vsi_promisc(hw, vsi->idx, promisc_m, 338 ice_vf_get_port_vlan_id(vf)); 339 else if (ice_vsi_has_non_zero_vlans(vsi)) 340 status = ice_fltr_clear_vlan_vsi_promisc(hw, vsi, promisc_m); 341 else 342 status = ice_fltr_clear_vsi_promisc(hw, vsi->idx, promisc_m, 0); 343 344 if (status && status != -ENOENT) { 345 dev_err(ice_pf_to_dev(vsi->back), "disable Tx/Rx filter promiscuous mode on VF-%u failed, error: %d\n", 346 vf->vf_id, status); 347 return status; 348 } 349 350 return 0; 351 } 352 353 /** 354 * ice_reset_all_vfs - reset all allocated VFs in one go 355 * @pf: pointer to the PF structure 356 * 357 * First, tell the hardware to reset each VF, then do all the waiting in one 358 * chunk, and finally finish restoring each VF after the wait. This is useful 359 * during PF routines which need to reset all VFs, as otherwise it must perform 360 * these resets in a serialized fashion. 361 * 362 * Returns true if any VFs were reset, and false otherwise. 363 */ 364 void ice_reset_all_vfs(struct ice_pf *pf) 365 { 366 struct device *dev = ice_pf_to_dev(pf); 367 struct ice_hw *hw = &pf->hw; 368 struct ice_vf *vf; 369 unsigned int bkt; 370 371 /* If we don't have any VFs, then there is nothing to reset */ 372 if (!ice_has_vfs(pf)) 373 return; 374 375 mutex_lock(&pf->vfs.table_lock); 376 377 /* clear all malicious info if the VFs are getting reset */ 378 ice_for_each_vf(pf, bkt, vf) 379 if (ice_mbx_clear_malvf(&hw->mbx_snapshot, pf->vfs.malvfs, 380 ICE_MAX_SRIOV_VFS, vf->vf_id)) 381 dev_dbg(dev, "failed to clear malicious VF state for VF %u\n", 382 vf->vf_id); 383 384 /* If VFs have been disabled, there is no need to reset */ 385 if (test_and_set_bit(ICE_VF_DIS, pf->state)) { 386 mutex_unlock(&pf->vfs.table_lock); 387 return; 388 } 389 390 /* Begin reset on all VFs at once */ 391 ice_for_each_vf(pf, bkt, vf) 392 ice_trigger_vf_reset(vf, true, true); 393 394 /* HW requires some time to make sure it can flush the FIFO for a VF 395 * when it resets it. Now that we've triggered all of the VFs, iterate 396 * the table again and wait for each VF to complete. 397 */ 398 ice_for_each_vf(pf, bkt, vf) { 399 if (!vf->vf_ops->poll_reset_status(vf)) { 400 /* Display a warning if at least one VF didn't manage 401 * to reset in time, but continue on with the 402 * operation. 403 */ 404 dev_warn(dev, "VF %u reset check timeout\n", vf->vf_id); 405 break; 406 } 407 } 408 409 /* free VF resources to begin resetting the VSI state */ 410 ice_for_each_vf(pf, bkt, vf) { 411 mutex_lock(&vf->cfg_lock); 412 413 vf->driver_caps = 0; 414 ice_vc_set_default_allowlist(vf); 415 416 ice_vf_fdir_exit(vf); 417 ice_vf_fdir_init(vf); 418 /* clean VF control VSI when resetting VFs since it should be 419 * setup only when VF creates its first FDIR rule. 420 */ 421 if (vf->ctrl_vsi_idx != ICE_NO_VSI) 422 ice_vf_ctrl_invalidate_vsi(vf); 423 424 ice_vf_pre_vsi_rebuild(vf); 425 ice_vf_rebuild_vsi(vf); 426 vf->vf_ops->post_vsi_rebuild(vf); 427 428 mutex_unlock(&vf->cfg_lock); 429 } 430 431 if (ice_is_eswitch_mode_switchdev(pf)) 432 if (ice_eswitch_rebuild(pf)) 433 dev_warn(dev, "eswitch rebuild failed\n"); 434 435 ice_flush(hw); 436 clear_bit(ICE_VF_DIS, pf->state); 437 438 mutex_unlock(&pf->vfs.table_lock); 439 } 440 441 /** 442 * ice_notify_vf_reset - Notify VF of a reset event 443 * @vf: pointer to the VF structure 444 */ 445 static void ice_notify_vf_reset(struct ice_vf *vf) 446 { 447 struct ice_hw *hw = &vf->pf->hw; 448 struct virtchnl_pf_event pfe; 449 450 /* Bail out if VF is in disabled state, neither initialized, nor active 451 * state - otherwise proceed with notifications 452 */ 453 if ((!test_bit(ICE_VF_STATE_INIT, vf->vf_states) && 454 !test_bit(ICE_VF_STATE_ACTIVE, vf->vf_states)) || 455 test_bit(ICE_VF_STATE_DIS, vf->vf_states)) 456 return; 457 458 pfe.event = VIRTCHNL_EVENT_RESET_IMPENDING; 459 pfe.severity = PF_EVENT_SEVERITY_CERTAIN_DOOM; 460 ice_aq_send_msg_to_vf(hw, vf->vf_id, VIRTCHNL_OP_EVENT, 461 VIRTCHNL_STATUS_SUCCESS, (u8 *)&pfe, sizeof(pfe), 462 NULL); 463 } 464 465 /** 466 * ice_reset_vf - Reset a particular VF 467 * @vf: pointer to the VF structure 468 * @flags: flags controlling behavior of the reset 469 * 470 * Flags: 471 * ICE_VF_RESET_VFLR - Indicates a reset is due to VFLR event 472 * ICE_VF_RESET_NOTIFY - Send VF a notification prior to reset 473 * ICE_VF_RESET_LOCK - Acquire VF cfg_lock before resetting 474 * 475 * Returns 0 if the VF is currently in reset, if the resets are disabled, or 476 * if the VF resets successfully. Returns an error code if the VF fails to 477 * rebuild. 478 */ 479 int ice_reset_vf(struct ice_vf *vf, u32 flags) 480 { 481 struct ice_pf *pf = vf->pf; 482 struct ice_vsi *vsi; 483 struct device *dev; 484 struct ice_hw *hw; 485 u8 promisc_m; 486 int err = 0; 487 bool rsd; 488 489 dev = ice_pf_to_dev(pf); 490 hw = &pf->hw; 491 492 if (flags & ICE_VF_RESET_NOTIFY) 493 ice_notify_vf_reset(vf); 494 495 if (test_bit(ICE_VF_RESETS_DISABLED, pf->state)) { 496 dev_dbg(dev, "Trying to reset VF %d, but all VF resets are disabled\n", 497 vf->vf_id); 498 return 0; 499 } 500 501 if (ice_is_vf_disabled(vf)) { 502 dev_dbg(dev, "VF is already disabled, there is no need for resetting it, telling VM, all is fine %d\n", 503 vf->vf_id); 504 return 0; 505 } 506 507 if (flags & ICE_VF_RESET_LOCK) 508 mutex_lock(&vf->cfg_lock); 509 else 510 lockdep_assert_held(&vf->cfg_lock); 511 512 /* Set VF disable bit state here, before triggering reset */ 513 set_bit(ICE_VF_STATE_DIS, vf->vf_states); 514 ice_trigger_vf_reset(vf, flags & ICE_VF_RESET_VFLR, false); 515 516 vsi = ice_get_vf_vsi(vf); 517 518 ice_dis_vf_qs(vf); 519 520 /* Call Disable LAN Tx queue AQ whether or not queues are 521 * enabled. This is needed for successful completion of VFR. 522 */ 523 ice_dis_vsi_txq(vsi->port_info, vsi->idx, 0, 0, NULL, NULL, 524 NULL, vf->vf_ops->reset_type, vf->vf_id, NULL); 525 526 /* poll VPGEN_VFRSTAT reg to make sure 527 * that reset is complete 528 */ 529 rsd = vf->vf_ops->poll_reset_status(vf); 530 531 /* Display a warning if VF didn't manage to reset in time, but need to 532 * continue on with the operation. 533 */ 534 if (!rsd) 535 dev_warn(dev, "VF reset check timeout on VF %d\n", vf->vf_id); 536 537 vf->driver_caps = 0; 538 ice_vc_set_default_allowlist(vf); 539 540 /* disable promiscuous modes in case they were enabled 541 * ignore any error if disabling process failed 542 */ 543 if (test_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states) || 544 test_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) { 545 if (ice_vf_is_port_vlan_ena(vf) || vsi->num_vlan) 546 promisc_m = ICE_UCAST_VLAN_PROMISC_BITS; 547 else 548 promisc_m = ICE_UCAST_PROMISC_BITS; 549 550 if (ice_vf_clear_vsi_promisc(vf, vsi, promisc_m)) 551 dev_err(dev, "disabling promiscuous mode failed\n"); 552 } 553 554 ice_eswitch_del_vf_mac_rule(vf); 555 556 ice_vf_fdir_exit(vf); 557 ice_vf_fdir_init(vf); 558 /* clean VF control VSI when resetting VF since it should be setup 559 * only when VF creates its first FDIR rule. 560 */ 561 if (vf->ctrl_vsi_idx != ICE_NO_VSI) 562 ice_vf_ctrl_vsi_release(vf); 563 564 ice_vf_pre_vsi_rebuild(vf); 565 566 if (vf->vf_ops->vsi_rebuild(vf)) { 567 dev_err(dev, "Failed to release and setup the VF%u's VSI\n", 568 vf->vf_id); 569 err = -EFAULT; 570 goto out_unlock; 571 } 572 573 vf->vf_ops->post_vsi_rebuild(vf); 574 vsi = ice_get_vf_vsi(vf); 575 ice_eswitch_update_repr(vsi); 576 ice_eswitch_replay_vf_mac_rule(vf); 577 578 /* if the VF has been reset allow it to come up again */ 579 if (ice_mbx_clear_malvf(&hw->mbx_snapshot, pf->vfs.malvfs, 580 ICE_MAX_SRIOV_VFS, vf->vf_id)) 581 dev_dbg(dev, "failed to clear malicious VF state for VF %u\n", 582 vf->vf_id); 583 584 out_unlock: 585 if (flags & ICE_VF_RESET_LOCK) 586 mutex_unlock(&vf->cfg_lock); 587 588 return err; 589 } 590 591 /** 592 * ice_set_vf_state_qs_dis - Set VF queues state to disabled 593 * @vf: pointer to the VF structure 594 */ 595 void ice_set_vf_state_qs_dis(struct ice_vf *vf) 596 { 597 /* Clear Rx/Tx enabled queues flag */ 598 bitmap_zero(vf->txq_ena, ICE_MAX_RSS_QS_PER_VF); 599 bitmap_zero(vf->rxq_ena, ICE_MAX_RSS_QS_PER_VF); 600 clear_bit(ICE_VF_STATE_QS_ENA, vf->vf_states); 601 } 602 603 /* Private functions only accessed from other virtualization files */ 604 605 /** 606 * ice_dis_vf_qs - Disable the VF queues 607 * @vf: pointer to the VF structure 608 */ 609 void ice_dis_vf_qs(struct ice_vf *vf) 610 { 611 struct ice_vsi *vsi = ice_get_vf_vsi(vf); 612 613 ice_vsi_stop_lan_tx_rings(vsi, ICE_NO_RESET, vf->vf_id); 614 ice_vsi_stop_all_rx_rings(vsi); 615 ice_set_vf_state_qs_dis(vf); 616 } 617 618 /** 619 * ice_check_vf_init - helper to check if VF init complete 620 * @vf: the pointer to the VF to check 621 */ 622 int ice_check_vf_init(struct ice_vf *vf) 623 { 624 struct ice_pf *pf = vf->pf; 625 626 if (!test_bit(ICE_VF_STATE_INIT, vf->vf_states)) { 627 dev_err(ice_pf_to_dev(pf), "VF ID: %u in reset. Try again.\n", 628 vf->vf_id); 629 return -EBUSY; 630 } 631 return 0; 632 } 633 634 /** 635 * ice_vf_get_port_info - Get the VF's port info structure 636 * @vf: VF used to get the port info structure for 637 */ 638 struct ice_port_info *ice_vf_get_port_info(struct ice_vf *vf) 639 { 640 return vf->pf->hw.port_info; 641 } 642 643 static int ice_cfg_mac_antispoof(struct ice_vsi *vsi, bool enable) 644 { 645 struct ice_vsi_ctx *ctx; 646 int err; 647 648 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 649 if (!ctx) 650 return -ENOMEM; 651 652 ctx->info.sec_flags = vsi->info.sec_flags; 653 ctx->info.valid_sections = cpu_to_le16(ICE_AQ_VSI_PROP_SECURITY_VALID); 654 655 if (enable) 656 ctx->info.sec_flags |= ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF; 657 else 658 ctx->info.sec_flags &= ~ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF; 659 660 err = ice_update_vsi(&vsi->back->hw, vsi->idx, ctx, NULL); 661 if (err) 662 dev_err(ice_pf_to_dev(vsi->back), "Failed to configure Tx MAC anti-spoof %s for VSI %d, error %d\n", 663 enable ? "ON" : "OFF", vsi->vsi_num, err); 664 else 665 vsi->info.sec_flags = ctx->info.sec_flags; 666 667 kfree(ctx); 668 669 return err; 670 } 671 672 /** 673 * ice_vsi_ena_spoofchk - enable Tx spoof checking for this VSI 674 * @vsi: VSI to enable Tx spoof checking for 675 */ 676 static int ice_vsi_ena_spoofchk(struct ice_vsi *vsi) 677 { 678 struct ice_vsi_vlan_ops *vlan_ops; 679 int err; 680 681 vlan_ops = ice_get_compat_vsi_vlan_ops(vsi); 682 683 err = vlan_ops->ena_tx_filtering(vsi); 684 if (err) 685 return err; 686 687 return ice_cfg_mac_antispoof(vsi, true); 688 } 689 690 /** 691 * ice_vsi_dis_spoofchk - disable Tx spoof checking for this VSI 692 * @vsi: VSI to disable Tx spoof checking for 693 */ 694 static int ice_vsi_dis_spoofchk(struct ice_vsi *vsi) 695 { 696 struct ice_vsi_vlan_ops *vlan_ops; 697 int err; 698 699 vlan_ops = ice_get_compat_vsi_vlan_ops(vsi); 700 701 err = vlan_ops->dis_tx_filtering(vsi); 702 if (err) 703 return err; 704 705 return ice_cfg_mac_antispoof(vsi, false); 706 } 707 708 /** 709 * ice_vsi_apply_spoofchk - Apply Tx spoof checking setting to a VSI 710 * @vsi: VSI associated to the VF 711 * @enable: whether to enable or disable the spoof checking 712 */ 713 int ice_vsi_apply_spoofchk(struct ice_vsi *vsi, bool enable) 714 { 715 int err; 716 717 if (enable) 718 err = ice_vsi_ena_spoofchk(vsi); 719 else 720 err = ice_vsi_dis_spoofchk(vsi); 721 722 return err; 723 } 724 725 /** 726 * ice_is_vf_trusted 727 * @vf: pointer to the VF info 728 */ 729 bool ice_is_vf_trusted(struct ice_vf *vf) 730 { 731 return test_bit(ICE_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps); 732 } 733 734 /** 735 * ice_vf_has_no_qs_ena - check if the VF has any Rx or Tx queues enabled 736 * @vf: the VF to check 737 * 738 * Returns true if the VF has no Rx and no Tx queues enabled and returns false 739 * otherwise 740 */ 741 bool ice_vf_has_no_qs_ena(struct ice_vf *vf) 742 { 743 return (!bitmap_weight(vf->rxq_ena, ICE_MAX_RSS_QS_PER_VF) && 744 !bitmap_weight(vf->txq_ena, ICE_MAX_RSS_QS_PER_VF)); 745 } 746 747 /** 748 * ice_is_vf_link_up - check if the VF's link is up 749 * @vf: VF to check if link is up 750 */ 751 bool ice_is_vf_link_up(struct ice_vf *vf) 752 { 753 struct ice_port_info *pi = ice_vf_get_port_info(vf); 754 755 if (ice_check_vf_init(vf)) 756 return false; 757 758 if (ice_vf_has_no_qs_ena(vf)) 759 return false; 760 else if (vf->link_forced) 761 return vf->link_up; 762 else 763 return pi->phy.link_info.link_info & 764 ICE_AQ_LINK_UP; 765 } 766 767 /** 768 * ice_vf_set_host_trust_cfg - set trust setting based on pre-reset value 769 * @vf: VF to configure trust setting for 770 */ 771 static void ice_vf_set_host_trust_cfg(struct ice_vf *vf) 772 { 773 if (vf->trusted) 774 set_bit(ICE_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps); 775 else 776 clear_bit(ICE_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps); 777 } 778 779 /** 780 * ice_vf_rebuild_host_mac_cfg - add broadcast and the VF's perm_addr/LAA 781 * @vf: VF to add MAC filters for 782 * 783 * Called after a VF VSI has been re-added/rebuilt during reset. The PF driver 784 * always re-adds a broadcast filter and the VF's perm_addr/LAA after reset. 785 */ 786 static int ice_vf_rebuild_host_mac_cfg(struct ice_vf *vf) 787 { 788 struct device *dev = ice_pf_to_dev(vf->pf); 789 struct ice_vsi *vsi = ice_get_vf_vsi(vf); 790 u8 broadcast[ETH_ALEN]; 791 int status; 792 793 if (ice_is_eswitch_mode_switchdev(vf->pf)) 794 return 0; 795 796 eth_broadcast_addr(broadcast); 797 status = ice_fltr_add_mac(vsi, broadcast, ICE_FWD_TO_VSI); 798 if (status) { 799 dev_err(dev, "failed to add broadcast MAC filter for VF %u, error %d\n", 800 vf->vf_id, status); 801 return status; 802 } 803 804 vf->num_mac++; 805 806 if (is_valid_ether_addr(vf->hw_lan_addr.addr)) { 807 status = ice_fltr_add_mac(vsi, vf->hw_lan_addr.addr, 808 ICE_FWD_TO_VSI); 809 if (status) { 810 dev_err(dev, "failed to add default unicast MAC filter %pM for VF %u, error %d\n", 811 &vf->hw_lan_addr.addr[0], vf->vf_id, 812 status); 813 return status; 814 } 815 vf->num_mac++; 816 817 ether_addr_copy(vf->dev_lan_addr.addr, vf->hw_lan_addr.addr); 818 } 819 820 return 0; 821 } 822 823 /** 824 * ice_vf_rebuild_host_vlan_cfg - add VLAN 0 filter or rebuild the Port VLAN 825 * @vf: VF to add MAC filters for 826 * @vsi: Pointer to VSI 827 * 828 * Called after a VF VSI has been re-added/rebuilt during reset. The PF driver 829 * always re-adds either a VLAN 0 or port VLAN based filter after reset. 830 */ 831 static int ice_vf_rebuild_host_vlan_cfg(struct ice_vf *vf, struct ice_vsi *vsi) 832 { 833 struct ice_vsi_vlan_ops *vlan_ops = ice_get_compat_vsi_vlan_ops(vsi); 834 struct device *dev = ice_pf_to_dev(vf->pf); 835 int err; 836 837 if (ice_vf_is_port_vlan_ena(vf)) { 838 err = vlan_ops->set_port_vlan(vsi, &vf->port_vlan_info); 839 if (err) { 840 dev_err(dev, "failed to configure port VLAN via VSI parameters for VF %u, error %d\n", 841 vf->vf_id, err); 842 return err; 843 } 844 845 err = vlan_ops->add_vlan(vsi, &vf->port_vlan_info); 846 } else { 847 err = ice_vsi_add_vlan_zero(vsi); 848 } 849 850 if (err) { 851 dev_err(dev, "failed to add VLAN %u filter for VF %u during VF rebuild, error %d\n", 852 ice_vf_is_port_vlan_ena(vf) ? 853 ice_vf_get_port_vlan_id(vf) : 0, vf->vf_id, err); 854 return err; 855 } 856 857 err = vlan_ops->ena_rx_filtering(vsi); 858 if (err) 859 dev_warn(dev, "failed to enable Rx VLAN filtering for VF %d VSI %d during VF rebuild, error %d\n", 860 vf->vf_id, vsi->idx, err); 861 862 return 0; 863 } 864 865 /** 866 * ice_vf_rebuild_host_tx_rate_cfg - re-apply the Tx rate limiting configuration 867 * @vf: VF to re-apply the configuration for 868 * 869 * Called after a VF VSI has been re-added/rebuild during reset. The PF driver 870 * needs to re-apply the host configured Tx rate limiting configuration. 871 */ 872 static int ice_vf_rebuild_host_tx_rate_cfg(struct ice_vf *vf) 873 { 874 struct device *dev = ice_pf_to_dev(vf->pf); 875 struct ice_vsi *vsi = ice_get_vf_vsi(vf); 876 int err; 877 878 if (vf->min_tx_rate) { 879 err = ice_set_min_bw_limit(vsi, (u64)vf->min_tx_rate * 1000); 880 if (err) { 881 dev_err(dev, "failed to set min Tx rate to %d Mbps for VF %u, error %d\n", 882 vf->min_tx_rate, vf->vf_id, err); 883 return err; 884 } 885 } 886 887 if (vf->max_tx_rate) { 888 err = ice_set_max_bw_limit(vsi, (u64)vf->max_tx_rate * 1000); 889 if (err) { 890 dev_err(dev, "failed to set max Tx rate to %d Mbps for VF %u, error %d\n", 891 vf->max_tx_rate, vf->vf_id, err); 892 return err; 893 } 894 } 895 896 return 0; 897 } 898 899 /** 900 * ice_vf_rebuild_aggregator_node_cfg - rebuild aggregator node config 901 * @vsi: Pointer to VSI 902 * 903 * This function moves VSI into corresponding scheduler aggregator node 904 * based on cached value of "aggregator node info" per VSI 905 */ 906 static void ice_vf_rebuild_aggregator_node_cfg(struct ice_vsi *vsi) 907 { 908 struct ice_pf *pf = vsi->back; 909 struct device *dev; 910 int status; 911 912 if (!vsi->agg_node) 913 return; 914 915 dev = ice_pf_to_dev(pf); 916 if (vsi->agg_node->num_vsis == ICE_MAX_VSIS_IN_AGG_NODE) { 917 dev_dbg(dev, 918 "agg_id %u already has reached max_num_vsis %u\n", 919 vsi->agg_node->agg_id, vsi->agg_node->num_vsis); 920 return; 921 } 922 923 status = ice_move_vsi_to_agg(pf->hw.port_info, vsi->agg_node->agg_id, 924 vsi->idx, vsi->tc_cfg.ena_tc); 925 if (status) 926 dev_dbg(dev, "unable to move VSI idx %u into aggregator %u node", 927 vsi->idx, vsi->agg_node->agg_id); 928 else 929 vsi->agg_node->num_vsis++; 930 } 931 932 /** 933 * ice_vf_rebuild_host_cfg - host admin configuration is persistent across reset 934 * @vf: VF to rebuild host configuration on 935 */ 936 void ice_vf_rebuild_host_cfg(struct ice_vf *vf) 937 { 938 struct device *dev = ice_pf_to_dev(vf->pf); 939 struct ice_vsi *vsi = ice_get_vf_vsi(vf); 940 941 ice_vf_set_host_trust_cfg(vf); 942 943 if (ice_vf_rebuild_host_mac_cfg(vf)) 944 dev_err(dev, "failed to rebuild default MAC configuration for VF %d\n", 945 vf->vf_id); 946 947 if (ice_vf_rebuild_host_vlan_cfg(vf, vsi)) 948 dev_err(dev, "failed to rebuild VLAN configuration for VF %u\n", 949 vf->vf_id); 950 951 if (ice_vf_rebuild_host_tx_rate_cfg(vf)) 952 dev_err(dev, "failed to rebuild Tx rate limiting configuration for VF %u\n", 953 vf->vf_id); 954 955 if (ice_vsi_apply_spoofchk(vsi, vf->spoofchk)) 956 dev_err(dev, "failed to rebuild spoofchk configuration for VF %d\n", 957 vf->vf_id); 958 959 /* rebuild aggregator node config for main VF VSI */ 960 ice_vf_rebuild_aggregator_node_cfg(vsi); 961 } 962 963 /** 964 * ice_vf_ctrl_invalidate_vsi - invalidate ctrl_vsi_idx to remove VSI access 965 * @vf: VF that control VSI is being invalidated on 966 */ 967 void ice_vf_ctrl_invalidate_vsi(struct ice_vf *vf) 968 { 969 vf->ctrl_vsi_idx = ICE_NO_VSI; 970 } 971 972 /** 973 * ice_vf_ctrl_vsi_release - invalidate the VF's control VSI after freeing it 974 * @vf: VF that control VSI is being released on 975 */ 976 void ice_vf_ctrl_vsi_release(struct ice_vf *vf) 977 { 978 ice_vsi_release(vf->pf->vsi[vf->ctrl_vsi_idx]); 979 ice_vf_ctrl_invalidate_vsi(vf); 980 } 981 982 /** 983 * ice_vf_ctrl_vsi_setup - Set up a VF control VSI 984 * @vf: VF to setup control VSI for 985 * 986 * Returns pointer to the successfully allocated VSI struct on success, 987 * otherwise returns NULL on failure. 988 */ 989 struct ice_vsi *ice_vf_ctrl_vsi_setup(struct ice_vf *vf) 990 { 991 struct ice_port_info *pi = ice_vf_get_port_info(vf); 992 struct ice_pf *pf = vf->pf; 993 struct ice_vsi *vsi; 994 995 vsi = ice_vsi_setup(pf, pi, ICE_VSI_CTRL, vf, NULL); 996 if (!vsi) { 997 dev_err(ice_pf_to_dev(pf), "Failed to create VF control VSI\n"); 998 ice_vf_ctrl_invalidate_vsi(vf); 999 } 1000 1001 return vsi; 1002 } 1003 1004 /** 1005 * ice_vf_invalidate_vsi - invalidate vsi_idx/vsi_num to remove VSI access 1006 * @vf: VF to remove access to VSI for 1007 */ 1008 void ice_vf_invalidate_vsi(struct ice_vf *vf) 1009 { 1010 vf->lan_vsi_idx = ICE_NO_VSI; 1011 vf->lan_vsi_num = ICE_NO_VSI; 1012 } 1013 1014 /** 1015 * ice_vf_set_initialized - VF is ready for VIRTCHNL communication 1016 * @vf: VF to set in initialized state 1017 * 1018 * After this function the VF will be ready to receive/handle the 1019 * VIRTCHNL_OP_GET_VF_RESOURCES message 1020 */ 1021 void ice_vf_set_initialized(struct ice_vf *vf) 1022 { 1023 ice_set_vf_state_qs_dis(vf); 1024 clear_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states); 1025 clear_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states); 1026 clear_bit(ICE_VF_STATE_DIS, vf->vf_states); 1027 set_bit(ICE_VF_STATE_INIT, vf->vf_states); 1028 memset(&vf->vlan_v2_caps, 0, sizeof(vf->vlan_v2_caps)); 1029 } 1030