[PATCH iwl-net 0/5] ice: LLDP support for VFs

[PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

Allow to:
* receive LLDP packets on a VF
* transmit LLDP from a VF

Only a single VF per port can transmit LLDP packets,
all trusted VFs can transmit LLDP packets.

For both functionalities to work, private flag
fw-lldp-agent must be off.

I am aware that implemented way of configuration (through sysfs) can be
potentially controversial and would like some feedback from outside.

Larysa Zaremba (1):
  ice: Do not add LLDP-specific filter

Mateusz Pacuszka (3):
  ice: Fix check for existing switch rule
  ice: Implement VF LLDP RX support on VF
  ice: Implement VF LLDP TX support for VF

Mateusz Polchlopek (1):
  ice: Add function to get VF from device struct

 drivers/net/ethernet/intel/ice/ice.h          |   2 +
 .../net/ethernet/intel/ice/ice_adminq_cmd.h   |   1 -
 drivers/net/ethernet/intel/ice/ice_common.c   |  26 --
 drivers/net/ethernet/intel/ice/ice_common.h   |   2 -
 drivers/net/ethernet/intel/ice/ice_ethtool.c  |   6 +-
 drivers/net/ethernet/intel/ice/ice_lib.c      |  83 +++++-
 drivers/net/ethernet/intel/ice/ice_lib.h      |   4 +
 drivers/net/ethernet/intel/ice/ice_main.c     |  58 ++++
 drivers/net/ethernet/intel/ice/ice_sriov.c    |   4 +
 drivers/net/ethernet/intel/ice/ice_switch.c   |   4 +-
 drivers/net/ethernet/intel/ice/ice_vf_lib.c   | 252 ++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h   |  26 ++
 drivers/net/ethernet/intel/ice/ice_virtchnl.c |  11 +
 13 files changed, 439 insertions(+), 40 deletions(-)

-- 
2.43.0

[Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

Allow to:
* receive LLDP packets on a VF
* transmit LLDP from a VF

Only a single VF per port can transmit LLDP packets,
all trusted VFs can transmit LLDP packets.

For both functionalities to work, private flag
fw-lldp-agent must be off.

I am aware that implemented way of configuration (through sysfs) can be
potentially controversial and would like some feedback from outside.

Larysa Zaremba (1):
  ice: Do not add LLDP-specific filter

Mateusz Pacuszka (3):
  ice: Fix check for existing switch rule
  ice: Implement VF LLDP RX support on VF
  ice: Implement VF LLDP TX support for VF

Mateusz Polchlopek (1):
  ice: Add function to get VF from device struct

 drivers/net/ethernet/intel/ice/ice.h          |   2 +
 .../net/ethernet/intel/ice/ice_adminq_cmd.h   |   1 -
 drivers/net/ethernet/intel/ice/ice_common.c   |  26 --
 drivers/net/ethernet/intel/ice/ice_common.h   |   2 -
 drivers/net/ethernet/intel/ice/ice_ethtool.c  |   6 +-
 drivers/net/ethernet/intel/ice/ice_lib.c      |  83 +++++-
 drivers/net/ethernet/intel/ice/ice_lib.h      |   4 +
 drivers/net/ethernet/intel/ice/ice_main.c     |  58 ++++
 drivers/net/ethernet/intel/ice/ice_sriov.c    |   4 +
 drivers/net/ethernet/intel/ice/ice_switch.c   |   4 +-
 drivers/net/ethernet/intel/ice/ice_vf_lib.c   | 252 ++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h   |  26 ++
 drivers/net/ethernet/intel/ice/ice_virtchnl.c |  11 +
 13 files changed, 439 insertions(+), 40 deletions(-)

-- 
2.43.0

[PATCH iwl-net 1/5] ice: Add function to get VF from device struct

[Larysa Zaremba]

From: Mateusz Polchlopek <mateusz.polchlopek@intel.com>

Introduce a helper ice_get_vf_by_dev() to look up VF for a given struct
device.

Signed-off-by: Mateusz Polchlopek <mateusz.polchlopek@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 30 +++++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h |  6 +++++
 2 files changed, 36 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 2ffdae9a82df..21d22e3ad0ba 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -45,6 +45,36 @@ struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 	return NULL;
 }
 
+/**
+ * ice_get_vf_by_dev - Get pointer to VF by device
+ * @dev: the device structure
+ *
+ * Locate and return a pointer to the VF structure associated with a given
+ * device.
+ * Return: valid VF structure associated with the device, NULL if none exists
+ */
+struct ice_vf *ice_get_vf_by_dev(struct device *dev)
+{
+	struct pci_dev *vfdev;
+	struct pci_dev *pdev;
+	struct ice_pf *pf;
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	vfdev = container_of(dev, struct pci_dev, dev);
+	pdev = vfdev->physfn;
+	pf = pci_get_drvdata(pdev);
+
+	rcu_read_lock();
+	ice_for_each_vf_rcu(pf, bkt, vf) {
+		if (vf->vfdev == vfdev)
+			break;
+	}
+	rcu_read_unlock();
+
+	return vf;
+}
+
 /**
  * ice_release_vf - Release VF associated with a refcount
  * @ref: the kref decremented to zero
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.h b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
index 0cc9034065c5..48f4cdbd6d27 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
@@ -213,6 +213,7 @@ static inline u16 ice_vf_get_port_vlan_tpid(struct ice_vf *vf)
 
 #ifdef CONFIG_PCI_IOV
 struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id);
+struct ice_vf *ice_get_vf_by_dev(struct device *dev);
 void ice_put_vf(struct ice_vf *vf);
 bool ice_has_vfs(struct ice_pf *pf);
 u16 ice_get_num_vfs(struct ice_pf *pf);
@@ -237,6 +238,11 @@ static inline struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 	return NULL;
 }
 
+static inline struct ice_vf *ice_get_vf_by_dev(struct device *dev)
+{
+	return NULL;
+}
+
 static inline void ice_put_vf(struct ice_vf *vf)
 {
 }
-- 
2.43.0

[Intel-wired-lan] [PATCH iwl-net 1/5] ice: Add function to get VF from device struct

[Larysa Zaremba]

From: Mateusz Polchlopek <mateusz.polchlopek@intel.com>

Introduce a helper ice_get_vf_by_dev() to look up VF for a given struct
device.

Signed-off-by: Mateusz Polchlopek <mateusz.polchlopek@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 30 +++++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h |  6 +++++
 2 files changed, 36 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 2ffdae9a82df..21d22e3ad0ba 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -45,6 +45,36 @@ struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 	return NULL;
 }
 
+/**
+ * ice_get_vf_by_dev - Get pointer to VF by device
+ * @dev: the device structure
+ *
+ * Locate and return a pointer to the VF structure associated with a given
+ * device.
+ * Return: valid VF structure associated with the device, NULL if none exists
+ */
+struct ice_vf *ice_get_vf_by_dev(struct device *dev)
+{
+	struct pci_dev *vfdev;
+	struct pci_dev *pdev;
+	struct ice_pf *pf;
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	vfdev = container_of(dev, struct pci_dev, dev);
+	pdev = vfdev->physfn;
+	pf = pci_get_drvdata(pdev);
+
+	rcu_read_lock();
+	ice_for_each_vf_rcu(pf, bkt, vf) {
+		if (vf->vfdev == vfdev)
+			break;
+	}
+	rcu_read_unlock();
+
+	return vf;
+}
+
 /**
  * ice_release_vf - Release VF associated with a refcount
  * @ref: the kref decremented to zero
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.h b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
index 0cc9034065c5..48f4cdbd6d27 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
@@ -213,6 +213,7 @@ static inline u16 ice_vf_get_port_vlan_tpid(struct ice_vf *vf)
 
 #ifdef CONFIG_PCI_IOV
 struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id);
+struct ice_vf *ice_get_vf_by_dev(struct device *dev);
 void ice_put_vf(struct ice_vf *vf);
 bool ice_has_vfs(struct ice_pf *pf);
 u16 ice_get_num_vfs(struct ice_pf *pf);
@@ -237,6 +238,11 @@ static inline struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 	return NULL;
 }
 
+static inline struct ice_vf *ice_get_vf_by_dev(struct device *dev)
+{
+	return NULL;
+}
+
 static inline void ice_put_vf(struct ice_vf *vf)
 {
 }
-- 
2.43.0

[PATCH iwl-net 2/5] ice: Fix check for existing switch rule

[Larysa Zaremba]

From: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>

In case the rule already exists and another VSI wants to subscribe to it
new VSI list is being created and both VSIs are moved to it.
Currently, the check for already existing VSI with the same rule is done
based on fdw_id.hw_vsi_id, which applies only to LOOKUP_RX flag.
Change it to vsi_handle. This is software VSI ID, but it can be applied
here, because vsi_map itself is also based on it.

Additionally change return status in case the VSI already exists in the
VSI map to "Already exists". Such case should be handled by the caller.

Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_switch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethernet/intel/ice/ice_switch.c
index f84bab80ca42..bf2ab2b6ef68 100644
--- a/drivers/net/ethernet/intel/ice/ice_switch.c
+++ b/drivers/net/ethernet/intel/ice/ice_switch.c
@@ -3004,7 +3004,7 @@ ice_add_update_vsi_list(struct ice_hw *hw,
 		u16 vsi_handle_arr[2];
 
 		/* A rule already exists with the new VSI being added */
-		if (cur_fltr->fwd_id.hw_vsi_id == new_fltr->fwd_id.hw_vsi_id)
+		if (cur_fltr->vsi_handle == new_fltr->vsi_handle)
 			return -EEXIST;
 
 		vsi_handle_arr[0] = cur_fltr->vsi_handle;
@@ -3052,7 +3052,7 @@ ice_add_update_vsi_list(struct ice_hw *hw,
 
 		/* A rule already exists with the new VSI being added */
 		if (test_bit(vsi_handle, m_entry->vsi_list_info->vsi_map))
-			return 0;
+			return -EEXIST;
 
 		/* Update the previously created VSI list set with
 		 * the new VSI ID passed in
-- 
2.43.0

[Intel-wired-lan] [PATCH iwl-net 2/5] ice: Fix check for existing switch rule

[Larysa Zaremba]

From: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>

In case the rule already exists and another VSI wants to subscribe to it
new VSI list is being created and both VSIs are moved to it.
Currently, the check for already existing VSI with the same rule is done
based on fdw_id.hw_vsi_id, which applies only to LOOKUP_RX flag.
Change it to vsi_handle. This is software VSI ID, but it can be applied
here, because vsi_map itself is also based on it.

Additionally change return status in case the VSI already exists in the
VSI map to "Already exists". Such case should be handled by the caller.

Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_switch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethernet/intel/ice/ice_switch.c
index f84bab80ca42..bf2ab2b6ef68 100644
--- a/drivers/net/ethernet/intel/ice/ice_switch.c
+++ b/drivers/net/ethernet/intel/ice/ice_switch.c
@@ -3004,7 +3004,7 @@ ice_add_update_vsi_list(struct ice_hw *hw,
 		u16 vsi_handle_arr[2];
 
 		/* A rule already exists with the new VSI being added */
-		if (cur_fltr->fwd_id.hw_vsi_id == new_fltr->fwd_id.hw_vsi_id)
+		if (cur_fltr->vsi_handle == new_fltr->vsi_handle)
 			return -EEXIST;
 
 		vsi_handle_arr[0] = cur_fltr->vsi_handle;
@@ -3052,7 +3052,7 @@ ice_add_update_vsi_list(struct ice_hw *hw,
 
 		/* A rule already exists with the new VSI being added */
 		if (test_bit(vsi_handle, m_entry->vsi_list_info->vsi_map))
-			return 0;
+			return -EEXIST;
 
 		/* Update the previously created VSI list set with
 		 * the new VSI ID passed in
-- 
2.43.0

[PATCH iwl-net 3/5] ice: Do not add LLDP-specific filter

[Larysa Zaremba]

Commit 34295a3696fbd0d90ee7 ("ice: implement new LLDP filter command")
has introduced the ability to use LLDP-specific filter that directs all
LLDP traffic to a single VSI. However, current goal is for all trusted VFs
to be able to see LLDP neighbors. Therefore, replace the functionality with
previously used generic ethernet protocol filter.

The command was added as a way to solve an "issue with some NVMs where an
already existent LLDP filter is blocking the creation of a filter to allow
LLDP packets". Preserve this utility and remove LLDP-specific filter
before configuring another one.

Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 .../net/ethernet/intel/ice/ice_adminq_cmd.h   |  1 -
 drivers/net/ethernet/intel/ice/ice_common.c   | 26 ---------------
 drivers/net/ethernet/intel/ice/ice_common.h   |  2 --
 drivers/net/ethernet/intel/ice/ice_lib.c      | 33 +++++++++++++++----
 4 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h b/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h
index 8040317c9561..2855c955d8b4 100644
--- a/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h
+++ b/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h
@@ -1883,7 +1883,6 @@ struct ice_aqc_lldp_stop_start_specific_agent {
 /* LLDP Filter Control (direct 0x0A0A) */
 struct ice_aqc_lldp_filter_ctrl {
 	u8 cmd_flags;
-#define ICE_AQC_LLDP_FILTER_ACTION_ADD		0x0
 #define ICE_AQC_LLDP_FILTER_ACTION_DELETE	0x1
 	u8 reserved1;
 	__le16 vsi_num;
diff --git a/drivers/net/ethernet/intel/ice/ice_common.c b/drivers/net/ethernet/intel/ice/ice_common.c
index 9266f25a9978..f5cca0e2ead6 100644
--- a/drivers/net/ethernet/intel/ice/ice_common.c
+++ b/drivers/net/ethernet/intel/ice/ice_common.c
@@ -5911,32 +5911,6 @@ bool ice_fw_supports_lldp_fltr_ctrl(struct ice_hw *hw)
 				     ICE_FW_API_LLDP_FLTR_PATCH);
 }
 
-/**
- * ice_lldp_fltr_add_remove - add or remove a LLDP Rx switch filter
- * @hw: pointer to HW struct
- * @vsi_num: absolute HW index for VSI
- * @add: boolean for if adding or removing a filter
- */
-int
-ice_lldp_fltr_add_remove(struct ice_hw *hw, u16 vsi_num, bool add)
-{
-	struct ice_aqc_lldp_filter_ctrl *cmd;
-	struct ice_aq_desc desc;
-
-	cmd = &desc.params.lldp_filter_ctrl;
-
-	ice_fill_dflt_direct_cmd_desc(&desc, ice_aqc_opc_lldp_filter_ctrl);
-
-	if (add)
-		cmd->cmd_flags = ICE_AQC_LLDP_FILTER_ACTION_ADD;
-	else
-		cmd->cmd_flags = ICE_AQC_LLDP_FILTER_ACTION_DELETE;
-
-	cmd->vsi_num = cpu_to_le16(vsi_num);
-
-	return ice_aq_send_cmd(hw, &desc, NULL, 0, NULL);
-}
-
 /**
  * ice_lldp_execute_pending_mib - execute LLDP pending MIB request
  * @hw: pointer to HW struct
diff --git a/drivers/net/ethernet/intel/ice/ice_common.h b/drivers/net/ethernet/intel/ice/ice_common.h
index 32fd10de620c..900926e6414c 100644
--- a/drivers/net/ethernet/intel/ice/ice_common.h
+++ b/drivers/net/ethernet/intel/ice/ice_common.h
@@ -267,8 +267,6 @@ int
 ice_aq_set_lldp_mib(struct ice_hw *hw, u8 mib_type, void *buf, u16 buf_size,
 		    struct ice_sq_cd *cd);
 bool ice_fw_supports_lldp_fltr_ctrl(struct ice_hw *hw);
-int
-ice_lldp_fltr_add_remove(struct ice_hw *hw, u16 vsi_num, bool add);
 int ice_lldp_execute_pending_mib(struct ice_hw *hw);
 int
 ice_aq_read_i2c(struct ice_hw *hw, struct ice_aqc_link_topo_addr topo_addr,
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index 60e0d824195e..a774bcdcc0c4 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -2039,6 +2039,27 @@ static void ice_vsi_set_tc_cfg(struct ice_vsi *vsi)
 	ice_vsi_set_dcb_tc_cfg(vsi);
 }
 
+/**
+ * ice_lldp_fltr_remove_from_port - Remove a LLDP Rx filter from the port
+ * @hw: port
+ *
+ * Remove a LLDP Rx switch filter from the port. For some NVMs,
+ * such leftover filter can prevent us from configuring another one.
+ */
+static void ice_lldp_fltr_remove_from_port(struct ice_hw *hw)
+{
+	struct ice_aqc_lldp_filter_ctrl *cmd;
+	struct ice_aq_desc desc;
+
+	cmd = &desc.params.lldp_filter_ctrl;
+
+	ice_fill_dflt_direct_cmd_desc(&desc, ice_aqc_opc_lldp_filter_ctrl);
+
+	cmd->cmd_flags = ICE_AQC_LLDP_FILTER_ACTION_DELETE;
+
+	ice_aq_send_cmd(hw, &desc, NULL, 0, NULL);
+}
+
 /**
  * ice_cfg_sw_lldp - Config switch rules for LLDP packet handling
  * @vsi: the VSI being configured
@@ -2060,13 +2081,11 @@ void ice_cfg_sw_lldp(struct ice_vsi *vsi, bool tx, bool create)
 		status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_TX,
 				  ICE_DROP_PACKET);
 	} else {
-		if (ice_fw_supports_lldp_fltr_ctrl(&pf->hw)) {
-			status = ice_lldp_fltr_add_remove(&pf->hw, vsi->vsi_num,
-							  create);
-		} else {
-			status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_RX,
-					  ICE_FWD_TO_VSI);
-		}
+		if (create && ice_fw_supports_lldp_fltr_ctrl(&pf->hw))
+			ice_lldp_fltr_remove_from_port(&vsi->back->hw);
+
+		status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_RX,
+				  ICE_FWD_TO_VSI);
 	}
 
 	if (status)
-- 
2.43.0

[Intel-wired-lan] [PATCH iwl-net 3/5] ice: Do not add LLDP-specific filter

[Larysa Zaremba]

Commit 34295a3696fbd0d90ee7 ("ice: implement new LLDP filter command")
has introduced the ability to use LLDP-specific filter that directs all
LLDP traffic to a single VSI. However, current goal is for all trusted VFs
to be able to see LLDP neighbors. Therefore, replace the functionality with
previously used generic ethernet protocol filter.

The command was added as a way to solve an "issue with some NVMs where an
already existent LLDP filter is blocking the creation of a filter to allow
LLDP packets". Preserve this utility and remove LLDP-specific filter
before configuring another one.

Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 .../net/ethernet/intel/ice/ice_adminq_cmd.h   |  1 -
 drivers/net/ethernet/intel/ice/ice_common.c   | 26 ---------------
 drivers/net/ethernet/intel/ice/ice_common.h   |  2 --
 drivers/net/ethernet/intel/ice/ice_lib.c      | 33 +++++++++++++++----
 4 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h b/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h
index 8040317c9561..2855c955d8b4 100644
--- a/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h
+++ b/drivers/net/ethernet/intel/ice/ice_adminq_cmd.h
@@ -1883,7 +1883,6 @@ struct ice_aqc_lldp_stop_start_specific_agent {
 /* LLDP Filter Control (direct 0x0A0A) */
 struct ice_aqc_lldp_filter_ctrl {
 	u8 cmd_flags;
-#define ICE_AQC_LLDP_FILTER_ACTION_ADD		0x0
 #define ICE_AQC_LLDP_FILTER_ACTION_DELETE	0x1
 	u8 reserved1;
 	__le16 vsi_num;
diff --git a/drivers/net/ethernet/intel/ice/ice_common.c b/drivers/net/ethernet/intel/ice/ice_common.c
index 9266f25a9978..f5cca0e2ead6 100644
--- a/drivers/net/ethernet/intel/ice/ice_common.c
+++ b/drivers/net/ethernet/intel/ice/ice_common.c
@@ -5911,32 +5911,6 @@ bool ice_fw_supports_lldp_fltr_ctrl(struct ice_hw *hw)
 				     ICE_FW_API_LLDP_FLTR_PATCH);
 }
 
-/**
- * ice_lldp_fltr_add_remove - add or remove a LLDP Rx switch filter
- * @hw: pointer to HW struct
- * @vsi_num: absolute HW index for VSI
- * @add: boolean for if adding or removing a filter
- */
-int
-ice_lldp_fltr_add_remove(struct ice_hw *hw, u16 vsi_num, bool add)
-{
-	struct ice_aqc_lldp_filter_ctrl *cmd;
-	struct ice_aq_desc desc;
-
-	cmd = &desc.params.lldp_filter_ctrl;
-
-	ice_fill_dflt_direct_cmd_desc(&desc, ice_aqc_opc_lldp_filter_ctrl);
-
-	if (add)
-		cmd->cmd_flags = ICE_AQC_LLDP_FILTER_ACTION_ADD;
-	else
-		cmd->cmd_flags = ICE_AQC_LLDP_FILTER_ACTION_DELETE;
-
-	cmd->vsi_num = cpu_to_le16(vsi_num);
-
-	return ice_aq_send_cmd(hw, &desc, NULL, 0, NULL);
-}
-
 /**
  * ice_lldp_execute_pending_mib - execute LLDP pending MIB request
  * @hw: pointer to HW struct
diff --git a/drivers/net/ethernet/intel/ice/ice_common.h b/drivers/net/ethernet/intel/ice/ice_common.h
index 32fd10de620c..900926e6414c 100644
--- a/drivers/net/ethernet/intel/ice/ice_common.h
+++ b/drivers/net/ethernet/intel/ice/ice_common.h
@@ -267,8 +267,6 @@ int
 ice_aq_set_lldp_mib(struct ice_hw *hw, u8 mib_type, void *buf, u16 buf_size,
 		    struct ice_sq_cd *cd);
 bool ice_fw_supports_lldp_fltr_ctrl(struct ice_hw *hw);
-int
-ice_lldp_fltr_add_remove(struct ice_hw *hw, u16 vsi_num, bool add);
 int ice_lldp_execute_pending_mib(struct ice_hw *hw);
 int
 ice_aq_read_i2c(struct ice_hw *hw, struct ice_aqc_link_topo_addr topo_addr,
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index 60e0d824195e..a774bcdcc0c4 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -2039,6 +2039,27 @@ static void ice_vsi_set_tc_cfg(struct ice_vsi *vsi)
 	ice_vsi_set_dcb_tc_cfg(vsi);
 }
 
+/**
+ * ice_lldp_fltr_remove_from_port - Remove a LLDP Rx filter from the port
+ * @hw: port
+ *
+ * Remove a LLDP Rx switch filter from the port. For some NVMs,
+ * such leftover filter can prevent us from configuring another one.
+ */
+static void ice_lldp_fltr_remove_from_port(struct ice_hw *hw)
+{
+	struct ice_aqc_lldp_filter_ctrl *cmd;
+	struct ice_aq_desc desc;
+
+	cmd = &desc.params.lldp_filter_ctrl;
+
+	ice_fill_dflt_direct_cmd_desc(&desc, ice_aqc_opc_lldp_filter_ctrl);
+
+	cmd->cmd_flags = ICE_AQC_LLDP_FILTER_ACTION_DELETE;
+
+	ice_aq_send_cmd(hw, &desc, NULL, 0, NULL);
+}
+
 /**
  * ice_cfg_sw_lldp - Config switch rules for LLDP packet handling
  * @vsi: the VSI being configured
@@ -2060,13 +2081,11 @@ void ice_cfg_sw_lldp(struct ice_vsi *vsi, bool tx, bool create)
 		status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_TX,
 				  ICE_DROP_PACKET);
 	} else {
-		if (ice_fw_supports_lldp_fltr_ctrl(&pf->hw)) {
-			status = ice_lldp_fltr_add_remove(&pf->hw, vsi->vsi_num,
-							  create);
-		} else {
-			status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_RX,
-					  ICE_FWD_TO_VSI);
-		}
+		if (create && ice_fw_supports_lldp_fltr_ctrl(&pf->hw))
+			ice_lldp_fltr_remove_from_port(&vsi->back->hw);
+
+		status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_RX,
+				  ICE_FWD_TO_VSI);
 	}
 
 	if (status)
-- 
2.43.0

[PATCH iwl-net 4/5] ice: Implement VF LLDP RX support on VF

[Larysa Zaremba]

From: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>

Add rx_lldp sysfs to allow user to disable (enabled by default) RX
LLDP packets on PF when FW LLDP agent is disabled and the support for VF
LLDP is present.
Configure LLDP multicast MAC address on trusted VF to allow it to receive
LLDP packets.

Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>
Co-developed-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice.h          |  2 +
 drivers/net/ethernet/intel/ice/ice_ethtool.c  |  6 +-
 drivers/net/ethernet/intel/ice/ice_lib.c      | 47 +++++++++++++++
 drivers/net/ethernet/intel/ice/ice_lib.h      |  4 ++
 drivers/net/ethernet/intel/ice/ice_main.c     | 58 ++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.c   | 59 +++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h   |  6 ++
 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 11 ++++
 8 files changed, 191 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice.h b/drivers/net/ethernet/intel/ice/ice.h
index 365c03d1c462..992c0dfaab6f 100644
--- a/drivers/net/ethernet/intel/ice/ice.h
+++ b/drivers/net/ethernet/intel/ice/ice.h
@@ -344,6 +344,8 @@ struct ice_vsi {
 	u32 tx_busy;
 	u32 rx_buf_failed;
 	u32 rx_page_failed;
+	u8 lldp_macs;			/* counter for LLDP MACs added to VSI */
+	u8 rx_lldp_ena : 1;		/* Rx LLDP filter enabled */
 	u16 num_q_vectors;
 	/* tell if only dynamic irq allocation is allowed */
 	bool irq_dyn_alloc;
diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool.c b/drivers/net/ethernet/intel/ice/ice_ethtool.c
index 3cc364a4d682..8ae448af51e7 100644
--- a/drivers/net/ethernet/intel/ice/ice_ethtool.c
+++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c
@@ -1480,6 +1480,8 @@ static int ice_set_priv_flags(struct net_device *netdev, u32 flags)
 			if (status)
 				dev_warn(dev, "Fail to init DCB\n");
 
+			ice_ena_all_vfs_rx_lldp(pf);
+
 			pf->dcbx_cap &= ~DCB_CAP_DCBX_LLD_MANAGED;
 			pf->dcbx_cap |= DCB_CAP_DCBX_HOST;
 		} else {
@@ -1493,10 +1495,10 @@ static int ice_set_priv_flags(struct net_device *netdev, u32 flags)
 				goto ethtool_exit;
 			}
 
-			/* Remove rule to direct LLDP packets to default VSI.
+			/* Remove rules to direct LLDP packets to PF/VF VSIs.
 			 * The FW LLDP engine will now be consuming them.
 			 */
-			ice_cfg_sw_lldp(vsi, false, false);
+			ice_dis_sw_lldp(pf);
 
 			/* AQ command to start FW LLDP agent will return an
 			 * error if the agent is already started
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index a774bcdcc0c4..19f08f2e0139 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -2039,6 +2039,50 @@ static void ice_vsi_set_tc_cfg(struct ice_vsi *vsi)
 	ice_vsi_set_dcb_tc_cfg(vsi);
 }
 
+/**
+ * ice_dis_sw_lldp - Disable SW LLDP on PFs and VFs
+ * @pf: pointer to PF structure
+ *
+ * Disable SW LLDP settings on each entity that can have it
+ */
+void ice_dis_sw_lldp(struct ice_pf *pf)
+{
+	struct ice_vsi *vsi;
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	vsi = ice_get_main_vsi(pf);
+	ice_cfg_sw_lldp(vsi, false, false);
+
+	if (!test_bit(ICE_FLAG_SRIOV_ENA, pf->flags))
+		return;
+
+	ice_for_each_vf(pf, bkt, vf) {
+		vsi = ice_get_vf_vsi(vf);
+
+		if (vsi && vsi->rx_lldp_ena)
+			ice_cfg_sw_lldp(vsi, false, false);
+	}
+}
+
+/**
+ * ice_is_mc_lldp_eth_addr - Check if given MAC is an LLDP multicast address
+ * @mac: MAC address
+ *
+ * Check if given MAC is one of three possible LLDP multicast addresses.
+ */
+bool ice_is_mc_lldp_eth_addr(const u8 *mac)
+{
+	u8 lldp_mac_base[] = {0x01, 0x80, 0xc2, 0x00, 0x00};
+
+	/* Compare the first 5 octets of given and multicast LLDP address */
+	if (memcmp(mac, lldp_mac_base, (ETH_ALEN - 1) * sizeof(*mac)))
+		return false;
+
+	/* Compare the possible last octets of LLDP address and the given one */
+	return (mac[5] == 0x0e || mac[5] == 0x03 || mac[5] == 0x00);
+}
+
 /**
  * ice_lldp_fltr_remove_from_port - Remove a LLDP Rx filter from the port
  * @hw: port
@@ -2086,6 +2130,9 @@ void ice_cfg_sw_lldp(struct ice_vsi *vsi, bool tx, bool create)
 
 		status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_RX,
 				  ICE_FWD_TO_VSI);
+
+		if (!status)
+			vsi->rx_lldp_ena = create;
 	}
 
 	if (status)
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.h b/drivers/net/ethernet/intel/ice/ice_lib.h
index 0c77d581416a..befd7dec7e55 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_lib.h
@@ -68,6 +68,10 @@ int ice_vsi_stop_xdp_tx_rings(struct ice_vsi *vsi);
 
 void ice_cfg_sw_lldp(struct ice_vsi *vsi, bool tx, bool create);
 
+void ice_dis_sw_lldp(struct ice_pf *pf);
+
+bool ice_is_mc_lldp_eth_addr(const u8 *mac);
+
 int ice_set_link(struct ice_vsi *vsi, bool ena);
 
 void ice_vsi_delete(struct ice_vsi *vsi);
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 9c2c8637b4a7..af3611055e60 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -4704,9 +4704,60 @@ void ice_deinit_dev(struct ice_pf *pf)
 	ice_clear_interrupt_scheme(pf);
 }
 
+static ssize_t rx_lldp_show(struct device *dev, struct device_attribute *attr,
+			    char *buf)
+{
+	struct ice_pf *pf = dev_get_drvdata(dev);
+	struct ice_vsi *vsi = ice_get_main_vsi(pf);
+
+	return sysfs_emit(buf, "%u\n", vsi->rx_lldp_ena);
+}
+
+static ssize_t rx_lldp_store(struct device *dev, struct device_attribute *attr,
+			     const char *buf, size_t count)
+{
+	struct ice_pf *pf = dev_get_drvdata(dev);
+	struct ice_vsi *vsi;
+	bool ena;
+	int err;
+
+	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
+		dev_err(dev, "Toggling Rx LLDP for PF is only allowed when FW LLDP Agent is disabled");
+		return -EPERM;
+	}
+
+	err = kstrtobool(buf, &ena);
+	if (err)
+		return -EINVAL;
+
+	vsi = ice_get_main_vsi(pf);
+
+	if (ena == vsi->rx_lldp_ena) {
+		dev_dbg(dev, "Rx LLDP already %sabled", ena ? "en" : "dis");
+		return count;
+	}
+
+	ice_cfg_sw_lldp(vsi, false, ena);
+
+	return count;
+}
+
+static DEVICE_ATTR_RW(rx_lldp);
+
+static int ice_init_rx_lldp_sysfs(struct ice_pf *pf)
+{
+	return device_create_file(ice_pf_to_dev(pf), &dev_attr_rx_lldp);
+}
+
+static void ice_deinit_rx_lldp_sysfs(struct ice_pf *pf)
+{
+	device_remove_file(ice_pf_to_dev(pf), &dev_attr_rx_lldp);
+}
+
 static void ice_init_features(struct ice_pf *pf)
 {
 	struct device *dev = ice_pf_to_dev(pf);
+	int err;
 
 	if (ice_is_safe_mode(pf))
 		return;
@@ -4734,6 +4785,11 @@ static void ice_init_features(struct ice_pf *pf)
 		ice_cfg_lldp_mib_change(&pf->hw, true);
 	}
 
+	err = ice_init_rx_lldp_sysfs(pf);
+	if (err)
+		dev_err(dev, "could not init rx_lldp sysfs entry, err: %d",
+			err);
+
 	if (ice_init_lag(pf))
 		dev_warn(dev, "Failed to init link aggregation support\n");
 
@@ -4757,6 +4813,8 @@ static void ice_deinit_features(struct ice_pf *pf)
 		ice_dpll_deinit(pf);
 	if (pf->eswitch_mode == DEVLINK_ESWITCH_MODE_SWITCHDEV)
 		xa_destroy(&pf->eswitch.reprs);
+
+	ice_deinit_rx_lldp_sysfs(pf);
 }
 
 static void ice_init_wakeup(struct ice_pf *pf)
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 21d22e3ad0ba..2de6ef3661cf 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -518,6 +518,65 @@ static void ice_vf_rebuild_aggregator_node_cfg(struct ice_vsi *vsi)
 		vsi->agg_node->num_vsis++;
 }
 
+/**
+ * ice_ena_vf_rx_lldp
+ * @vf: VF to configure Rx LLDP for
+ *
+ * Configure Rx filters for VF to receive LLDP
+ */
+int ice_ena_vf_rx_lldp(struct ice_vf *vf)
+{
+	struct ice_pf *pf = vf->pf;
+	struct ice_vsi *vsi;
+
+	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
+		dev_err(ice_pf_to_dev(pf), "FW LLDP agent is enabled, cannot enable Rx LLDP on VF %d\n",
+			vf->vf_id);
+		return -EPERM;
+	}
+
+	if (!vf->trusted) {
+		dev_dbg(ice_pf_to_dev(pf), "VF %d is not trusted - cannot configure Rx LLDP filter.\n",
+			vf->vf_id);
+		return -EPERM;
+	}
+
+	vsi = ice_get_vf_vsi(vf);
+	if (!vsi)
+		return -ENOENT;
+
+	if (vsi->rx_lldp_ena)
+		return 0;
+
+	ice_cfg_sw_lldp(vsi, false, true);
+
+	return 0;
+}
+
+/**
+ * ice_ena_all_vfs_rx_lldp - Re-add RX LLDP filter on applicable VFs.
+ * @pf: ptr to PF
+ *
+ * That is in case when fw-lldp-agent is toggled and LLDP multicast addresses
+ * are added to the interface.
+ * RX LLDP filter will be added for trusted VFs only.
+ */
+void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
+{
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	if (!test_bit(ICE_FLAG_SRIOV_ENA, pf->flags))
+		return;
+
+	ice_for_each_vf(pf, bkt, vf) {
+		struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+
+		if (vsi && vsi->lldp_macs > 0 && !vsi->rx_lldp_ena)
+			ice_ena_vf_rx_lldp(vf);
+	}
+}
+
 /**
  * ice_vf_rebuild_host_cfg - host admin configuration is persistent across reset
  * @vf: VF to rebuild host configuration on
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.h b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
index 48f4cdbd6d27..81f734f2ae41 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
@@ -232,6 +232,8 @@ ice_vf_clear_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m);
 int ice_reset_vf(struct ice_vf *vf, u32 flags);
 void ice_reset_all_vfs(struct ice_pf *pf);
 struct ice_vsi *ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi);
+void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf);
+int ice_ena_vf_rx_lldp(struct ice_vf *vf);
 #else /* CONFIG_PCI_IOV */
 static inline struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 {
@@ -307,6 +309,10 @@ ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi)
 {
 	return NULL;
 }
+
+static inline void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
+{
+}
 #endif /* !CONFIG_PCI_IOV */
 
 #endif /* _ICE_VF_LIB_H_ */
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index c925813ec9ca..259fcbb0f397 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -1958,6 +1958,11 @@ ice_vc_add_mac_addr(struct ice_vf *vf, struct ice_vsi *vsi,
 		return ret;
 	} else {
 		vf->num_mac++;
+
+		if (ice_is_mc_lldp_eth_addr(mac_addr)) {
+			vsi->lldp_macs++;
+			ice_ena_vf_rx_lldp(vf);
+		}
 	}
 
 	ice_vfhw_mac_add(vf, vc_ether_addr);
@@ -2049,6 +2054,12 @@ ice_vc_del_mac_addr(struct ice_vf *vf, struct ice_vsi *vsi,
 		return -EIO;
 	}
 
+	if (ice_is_mc_lldp_eth_addr(mac_addr))
+		vsi->lldp_macs--;
+
+	if (vsi->rx_lldp_ena && !vsi->lldp_macs)
+		ice_cfg_sw_lldp(vsi, false, false);
+
 	ice_vfhw_mac_del(vf, vc_ether_addr);
 
 	vf->num_mac--;
-- 
2.43.0

[Intel-wired-lan] [PATCH iwl-net 4/5] ice: Implement VF LLDP RX support on VF

[Larysa Zaremba]

From: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>

Add rx_lldp sysfs to allow user to disable (enabled by default) RX
LLDP packets on PF when FW LLDP agent is disabled and the support for VF
LLDP is present.
Configure LLDP multicast MAC address on trusted VF to allow it to receive
LLDP packets.

Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>
Co-developed-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice.h          |  2 +
 drivers/net/ethernet/intel/ice/ice_ethtool.c  |  6 +-
 drivers/net/ethernet/intel/ice/ice_lib.c      | 47 +++++++++++++++
 drivers/net/ethernet/intel/ice/ice_lib.h      |  4 ++
 drivers/net/ethernet/intel/ice/ice_main.c     | 58 ++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.c   | 59 +++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h   |  6 ++
 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 11 ++++
 8 files changed, 191 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice.h b/drivers/net/ethernet/intel/ice/ice.h
index 365c03d1c462..992c0dfaab6f 100644
--- a/drivers/net/ethernet/intel/ice/ice.h
+++ b/drivers/net/ethernet/intel/ice/ice.h
@@ -344,6 +344,8 @@ struct ice_vsi {
 	u32 tx_busy;
 	u32 rx_buf_failed;
 	u32 rx_page_failed;
+	u8 lldp_macs;			/* counter for LLDP MACs added to VSI */
+	u8 rx_lldp_ena : 1;		/* Rx LLDP filter enabled */
 	u16 num_q_vectors;
 	/* tell if only dynamic irq allocation is allowed */
 	bool irq_dyn_alloc;
diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool.c b/drivers/net/ethernet/intel/ice/ice_ethtool.c
index 3cc364a4d682..8ae448af51e7 100644
--- a/drivers/net/ethernet/intel/ice/ice_ethtool.c
+++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c
@@ -1480,6 +1480,8 @@ static int ice_set_priv_flags(struct net_device *netdev, u32 flags)
 			if (status)
 				dev_warn(dev, "Fail to init DCB\n");
 
+			ice_ena_all_vfs_rx_lldp(pf);
+
 			pf->dcbx_cap &= ~DCB_CAP_DCBX_LLD_MANAGED;
 			pf->dcbx_cap |= DCB_CAP_DCBX_HOST;
 		} else {
@@ -1493,10 +1495,10 @@ static int ice_set_priv_flags(struct net_device *netdev, u32 flags)
 				goto ethtool_exit;
 			}
 
-			/* Remove rule to direct LLDP packets to default VSI.
+			/* Remove rules to direct LLDP packets to PF/VF VSIs.
 			 * The FW LLDP engine will now be consuming them.
 			 */
-			ice_cfg_sw_lldp(vsi, false, false);
+			ice_dis_sw_lldp(pf);
 
 			/* AQ command to start FW LLDP agent will return an
 			 * error if the agent is already started
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index a774bcdcc0c4..19f08f2e0139 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -2039,6 +2039,50 @@ static void ice_vsi_set_tc_cfg(struct ice_vsi *vsi)
 	ice_vsi_set_dcb_tc_cfg(vsi);
 }
 
+/**
+ * ice_dis_sw_lldp - Disable SW LLDP on PFs and VFs
+ * @pf: pointer to PF structure
+ *
+ * Disable SW LLDP settings on each entity that can have it
+ */
+void ice_dis_sw_lldp(struct ice_pf *pf)
+{
+	struct ice_vsi *vsi;
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	vsi = ice_get_main_vsi(pf);
+	ice_cfg_sw_lldp(vsi, false, false);
+
+	if (!test_bit(ICE_FLAG_SRIOV_ENA, pf->flags))
+		return;
+
+	ice_for_each_vf(pf, bkt, vf) {
+		vsi = ice_get_vf_vsi(vf);
+
+		if (vsi && vsi->rx_lldp_ena)
+			ice_cfg_sw_lldp(vsi, false, false);
+	}
+}
+
+/**
+ * ice_is_mc_lldp_eth_addr - Check if given MAC is an LLDP multicast address
+ * @mac: MAC address
+ *
+ * Check if given MAC is one of three possible LLDP multicast addresses.
+ */
+bool ice_is_mc_lldp_eth_addr(const u8 *mac)
+{
+	u8 lldp_mac_base[] = {0x01, 0x80, 0xc2, 0x00, 0x00};
+
+	/* Compare the first 5 octets of given and multicast LLDP address */
+	if (memcmp(mac, lldp_mac_base, (ETH_ALEN - 1) * sizeof(*mac)))
+		return false;
+
+	/* Compare the possible last octets of LLDP address and the given one */
+	return (mac[5] == 0x0e || mac[5] == 0x03 || mac[5] == 0x00);
+}
+
 /**
  * ice_lldp_fltr_remove_from_port - Remove a LLDP Rx filter from the port
  * @hw: port
@@ -2086,6 +2130,9 @@ void ice_cfg_sw_lldp(struct ice_vsi *vsi, bool tx, bool create)
 
 		status = eth_fltr(vsi, ETH_P_LLDP, ICE_FLTR_RX,
 				  ICE_FWD_TO_VSI);
+
+		if (!status)
+			vsi->rx_lldp_ena = create;
 	}
 
 	if (status)
diff --git a/drivers/net/ethernet/intel/ice/ice_lib.h b/drivers/net/ethernet/intel/ice/ice_lib.h
index 0c77d581416a..befd7dec7e55 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_lib.h
@@ -68,6 +68,10 @@ int ice_vsi_stop_xdp_tx_rings(struct ice_vsi *vsi);
 
 void ice_cfg_sw_lldp(struct ice_vsi *vsi, bool tx, bool create);
 
+void ice_dis_sw_lldp(struct ice_pf *pf);
+
+bool ice_is_mc_lldp_eth_addr(const u8 *mac);
+
 int ice_set_link(struct ice_vsi *vsi, bool ena);
 
 void ice_vsi_delete(struct ice_vsi *vsi);
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 9c2c8637b4a7..af3611055e60 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -4704,9 +4704,60 @@ void ice_deinit_dev(struct ice_pf *pf)
 	ice_clear_interrupt_scheme(pf);
 }
 
+static ssize_t rx_lldp_show(struct device *dev, struct device_attribute *attr,
+			    char *buf)
+{
+	struct ice_pf *pf = dev_get_drvdata(dev);
+	struct ice_vsi *vsi = ice_get_main_vsi(pf);
+
+	return sysfs_emit(buf, "%u\n", vsi->rx_lldp_ena);
+}
+
+static ssize_t rx_lldp_store(struct device *dev, struct device_attribute *attr,
+			     const char *buf, size_t count)
+{
+	struct ice_pf *pf = dev_get_drvdata(dev);
+	struct ice_vsi *vsi;
+	bool ena;
+	int err;
+
+	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
+		dev_err(dev, "Toggling Rx LLDP for PF is only allowed when FW LLDP Agent is disabled");
+		return -EPERM;
+	}
+
+	err = kstrtobool(buf, &ena);
+	if (err)
+		return -EINVAL;
+
+	vsi = ice_get_main_vsi(pf);
+
+	if (ena == vsi->rx_lldp_ena) {
+		dev_dbg(dev, "Rx LLDP already %sabled", ena ? "en" : "dis");
+		return count;
+	}
+
+	ice_cfg_sw_lldp(vsi, false, ena);
+
+	return count;
+}
+
+static DEVICE_ATTR_RW(rx_lldp);
+
+static int ice_init_rx_lldp_sysfs(struct ice_pf *pf)
+{
+	return device_create_file(ice_pf_to_dev(pf), &dev_attr_rx_lldp);
+}
+
+static void ice_deinit_rx_lldp_sysfs(struct ice_pf *pf)
+{
+	device_remove_file(ice_pf_to_dev(pf), &dev_attr_rx_lldp);
+}
+
 static void ice_init_features(struct ice_pf *pf)
 {
 	struct device *dev = ice_pf_to_dev(pf);
+	int err;
 
 	if (ice_is_safe_mode(pf))
 		return;
@@ -4734,6 +4785,11 @@ static void ice_init_features(struct ice_pf *pf)
 		ice_cfg_lldp_mib_change(&pf->hw, true);
 	}
 
+	err = ice_init_rx_lldp_sysfs(pf);
+	if (err)
+		dev_err(dev, "could not init rx_lldp sysfs entry, err: %d",
+			err);
+
 	if (ice_init_lag(pf))
 		dev_warn(dev, "Failed to init link aggregation support\n");
 
@@ -4757,6 +4813,8 @@ static void ice_deinit_features(struct ice_pf *pf)
 		ice_dpll_deinit(pf);
 	if (pf->eswitch_mode == DEVLINK_ESWITCH_MODE_SWITCHDEV)
 		xa_destroy(&pf->eswitch.reprs);
+
+	ice_deinit_rx_lldp_sysfs(pf);
 }
 
 static void ice_init_wakeup(struct ice_pf *pf)
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 21d22e3ad0ba..2de6ef3661cf 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -518,6 +518,65 @@ static void ice_vf_rebuild_aggregator_node_cfg(struct ice_vsi *vsi)
 		vsi->agg_node->num_vsis++;
 }
 
+/**
+ * ice_ena_vf_rx_lldp
+ * @vf: VF to configure Rx LLDP for
+ *
+ * Configure Rx filters for VF to receive LLDP
+ */
+int ice_ena_vf_rx_lldp(struct ice_vf *vf)
+{
+	struct ice_pf *pf = vf->pf;
+	struct ice_vsi *vsi;
+
+	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
+		dev_err(ice_pf_to_dev(pf), "FW LLDP agent is enabled, cannot enable Rx LLDP on VF %d\n",
+			vf->vf_id);
+		return -EPERM;
+	}
+
+	if (!vf->trusted) {
+		dev_dbg(ice_pf_to_dev(pf), "VF %d is not trusted - cannot configure Rx LLDP filter.\n",
+			vf->vf_id);
+		return -EPERM;
+	}
+
+	vsi = ice_get_vf_vsi(vf);
+	if (!vsi)
+		return -ENOENT;
+
+	if (vsi->rx_lldp_ena)
+		return 0;
+
+	ice_cfg_sw_lldp(vsi, false, true);
+
+	return 0;
+}
+
+/**
+ * ice_ena_all_vfs_rx_lldp - Re-add RX LLDP filter on applicable VFs.
+ * @pf: ptr to PF
+ *
+ * That is in case when fw-lldp-agent is toggled and LLDP multicast addresses
+ * are added to the interface.
+ * RX LLDP filter will be added for trusted VFs only.
+ */
+void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
+{
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	if (!test_bit(ICE_FLAG_SRIOV_ENA, pf->flags))
+		return;
+
+	ice_for_each_vf(pf, bkt, vf) {
+		struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+
+		if (vsi && vsi->lldp_macs > 0 && !vsi->rx_lldp_ena)
+			ice_ena_vf_rx_lldp(vf);
+	}
+}
+
 /**
  * ice_vf_rebuild_host_cfg - host admin configuration is persistent across reset
  * @vf: VF to rebuild host configuration on
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.h b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
index 48f4cdbd6d27..81f734f2ae41 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
@@ -232,6 +232,8 @@ ice_vf_clear_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m);
 int ice_reset_vf(struct ice_vf *vf, u32 flags);
 void ice_reset_all_vfs(struct ice_pf *pf);
 struct ice_vsi *ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi);
+void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf);
+int ice_ena_vf_rx_lldp(struct ice_vf *vf);
 #else /* CONFIG_PCI_IOV */
 static inline struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 {
@@ -307,6 +309,10 @@ ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi)
 {
 	return NULL;
 }
+
+static inline void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
+{
+}
 #endif /* !CONFIG_PCI_IOV */
 
 #endif /* _ICE_VF_LIB_H_ */
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index c925813ec9ca..259fcbb0f397 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -1958,6 +1958,11 @@ ice_vc_add_mac_addr(struct ice_vf *vf, struct ice_vsi *vsi,
 		return ret;
 	} else {
 		vf->num_mac++;
+
+		if (ice_is_mc_lldp_eth_addr(mac_addr)) {
+			vsi->lldp_macs++;
+			ice_ena_vf_rx_lldp(vf);
+		}
 	}
 
 	ice_vfhw_mac_add(vf, vc_ether_addr);
@@ -2049,6 +2054,12 @@ ice_vc_del_mac_addr(struct ice_vf *vf, struct ice_vsi *vsi,
 		return -EIO;
 	}
 
+	if (ice_is_mc_lldp_eth_addr(mac_addr))
+		vsi->lldp_macs--;
+
+	if (vsi->rx_lldp_ena && !vsi->lldp_macs)
+		ice_cfg_sw_lldp(vsi, false, false);
+
 	ice_vfhw_mac_del(vf, vc_ether_addr);
 
 	vf->num_mac--;
-- 
2.43.0

[PATCH iwl-net 5/5] ice: Implement VF LLDP TX support for VF

[Larysa Zaremba]

From: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>

Add option to enable transmit LLDP on single trusted VF via a sysfs entry,
for example:

echo '1' > /sys/class/net/<PF_IFNAME>/device/virtfn0/transmit_lldp

Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>
Co-developed-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_lib.c    |   3 +
 drivers/net/ethernet/intel/ice/ice_sriov.c  |   4 +
 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 163 ++++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h |  14 ++
 4 files changed, 184 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index 19f08f2e0139..32b1ed74bfa4 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -2062,6 +2062,9 @@ void ice_dis_sw_lldp(struct ice_pf *pf)
 
 		if (vsi && vsi->rx_lldp_ena)
 			ice_cfg_sw_lldp(vsi, false, false);
+
+		if (vf->transmit_lldp)
+			ice_handle_vf_tx_lldp(vf, false);
 	}
 }
 
diff --git a/drivers/net/ethernet/intel/ice/ice_sriov.c b/drivers/net/ethernet/intel/ice/ice_sriov.c
index a94a1c48c3de..0fe07330cc1a 100644
--- a/drivers/net/ethernet/intel/ice/ice_sriov.c
+++ b/drivers/net/ethernet/intel/ice/ice_sriov.c
@@ -832,6 +832,10 @@ static int ice_create_vf_entries(struct ice_pf *pf, u16 num_vfs)
 		vf->vfdev = vfdev;
 		vf->vf_sw_id = pf->first_sw;
 
+		err = ice_init_vf_sysfs(vf);
+		if (err)
+			goto err_free_entries;
+
 		pci_dev_get(vfdev);
 
 		/* set default number of MSI-X */
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 2de6ef3661cf..244d0ac7c9c4 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -577,6 +577,165 @@ void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
 	}
 }
 
+static bool ice_is_transmit_lldp_enabled(struct ice_pf *pf)
+{
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	ice_for_each_vf(pf, bkt, vf) {
+		if (vf->transmit_lldp)
+			return true;
+	}
+
+	return false;
+}
+
+/**
+ * ice_handle_vf_tx_lldp - enable/disable LLDP TX on VF
+ * @vf: VF to configure Tx LLDP for
+ * @ena: Enable or disable Tx LLDP switch rule
+ *
+ * Configure Tx filters for VF to transmit LLDP
+ */
+int ice_handle_vf_tx_lldp(struct ice_vf *vf, bool ena)
+{
+	void (*allow_override)(struct ice_vsi_ctx *ctx);
+	struct ice_vsi *vsi, *main_vsi;
+	struct ice_pf *pf = vf->pf;
+	struct device *dev;
+	bool prev_ena;
+
+	dev = ice_pf_to_dev(pf);
+	vsi = ice_get_vf_vsi(vf);
+	main_vsi = ice_get_main_vsi(pf);
+	if (!vsi || !main_vsi)
+		return -ENOENT;
+
+	if (ena && test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
+		dev_err(dev, "Transmit LLDP VF is only allowed when FW LLDP Agent is disabled");
+		return -EPERM;
+	}
+
+	if (ena && ice_is_transmit_lldp_enabled(pf)) {
+		dev_err(dev, "Only a single VF per port is allowed to transmit LLDP packets, ignoring the settings");
+		return -EPERM;
+	}
+
+	allow_override = ena ? ice_vsi_ctx_set_allow_override
+			     : ice_vsi_ctx_clear_allow_override;
+	prev_ena = vsi->info.sec_flags & ICE_AQ_VSI_SEC_FLAG_ALLOW_DEST_OVRD;
+
+	if (ice_vsi_update_security(vsi, allow_override))
+		return -ENOENT;
+
+	/* If VF can transmit LLDP, then PF cannot and vice versa */
+	allow_override = ena ? ice_vsi_ctx_clear_allow_override
+			     : ice_vsi_ctx_set_allow_override;
+
+	if (ice_vsi_update_security(main_vsi, allow_override)) {
+		allow_override = prev_ena  ? ice_vsi_ctx_set_allow_override
+					   : ice_vsi_ctx_clear_allow_override;
+		ice_vsi_update_security(vsi, allow_override);
+		return -ENOENT;
+	}
+
+	vf->transmit_lldp = ena;
+	return 0;
+}
+
+static ssize_t ice_transmit_lldp_vf_attr_show(struct device *dev,
+					      struct device_attribute *attr,
+					      char *buf)
+{
+	struct ice_vf *vf = ice_get_vf_by_dev(dev);
+
+	if (!vf)
+		return -ENOENT;
+
+	return sysfs_emit(buf, "%u\n", vf->transmit_lldp);
+}
+
+static ssize_t ice_transmit_lldp_vf_attr_store(struct device *dev,
+					       struct device_attribute *attr,
+					       const char *buf, size_t count)
+{
+	struct pci_dev *vfdev = container_of(dev, struct pci_dev, dev);
+	struct ice_vf *vf = ice_get_vf_by_dev(dev);
+	struct pci_dev *pdev = vfdev->physfn;
+	struct ice_pf *pf;
+	bool ena;
+	int err;
+
+	if (!vf)
+		return -ENOENT;
+
+	pf = pci_get_drvdata(pdev);
+	if (!pf)
+		return -ENOENT;
+
+	err = kstrtobool(buf, &ena);
+	if (err)
+		return -EINVAL;
+
+	if (ena == vf->transmit_lldp) {
+		dev_dbg(dev, "Transmit LLDP value already set for VF %d",
+			vf->vf_id);
+		return count;
+	}
+
+	err = ice_handle_vf_tx_lldp(vf, ena);
+	if (err)
+		return err;
+
+	return count;
+}
+
+static int ice_init_vf_transmit_lldp_sysfs(struct ice_vf *vf)
+{
+	struct device_attribute tmp = __ATTR(transmit_lldp, 0644,
+					     ice_transmit_lldp_vf_attr_show,
+					     ice_transmit_lldp_vf_attr_store);
+
+	vf->transmit_lldp_attr = tmp;
+
+	return device_create_file(&vf->vfdev->dev, &vf->transmit_lldp_attr);
+}
+
+/**
+ * ice_init_vf_sysfs - Initialize sysfs entries for a VF
+ * @vf: VF to init sysfs for
+ *
+ * Initialize sysfs entries (accessible from the host) for a VF
+ */
+int ice_init_vf_sysfs(struct ice_vf *vf)
+{
+	struct device *dev = ice_pf_to_dev(vf->pf);
+	int err = 0;
+
+	if (!vf->vfdev) {
+		dev_err(dev, "%s: no vfdev", __func__);
+		return -ENOENT;
+	}
+
+	err = ice_init_vf_transmit_lldp_sysfs(vf);
+	if (err)
+		dev_err(dev, "could not init transmit_lldp sysfs entry, err: %d",
+			err);
+
+	return err;
+}
+
+static int ice_vf_apply_tx_lldp(struct ice_vf *vf)
+{
+	if (!vf->transmit_lldp)
+		return 0;
+
+	/* Disable it so it can be applied again. */
+	vf->transmit_lldp = false;
+
+	return ice_handle_vf_tx_lldp(vf, true);
+}
+
 /**
  * ice_vf_rebuild_host_cfg - host admin configuration is persistent across reset
  * @vf: VF to rebuild host configuration on
@@ -607,6 +766,10 @@ static void ice_vf_rebuild_host_cfg(struct ice_vf *vf)
 		dev_err(dev, "failed to rebuild spoofchk configuration for VF %d\n",
 			vf->vf_id);
 
+	if (ice_vf_apply_tx_lldp(vf))
+		dev_err(dev, "failed to rebuild transmit LLDP configuration for VF %d\n",
+			vf->vf_id);
+
 	/* rebuild aggregator node config for main VF VSI */
 	ice_vf_rebuild_aggregator_node_cfg(vsi);
 }
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.h b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
index 81f734f2ae41..63e53591541e 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
@@ -104,9 +104,11 @@ struct ice_vf {
 	struct ice_vlan port_vlan_info;	/* Port VLAN ID, QoS, and TPID */
 	struct virtchnl_vlan_caps vlan_v2_caps;
 	struct ice_mbx_vf_info mbx_info;
+	struct device_attribute transmit_lldp_attr;
 	u8 pf_set_mac:1;		/* VF MAC address set by VMM admin */
 	u8 trusted:1;
 	u8 spoofchk:1;
+	u8 transmit_lldp:1;
 	u8 link_forced:1;
 	u8 link_up:1;			/* only valid if VF link is forced */
 	/* VSI indices - actual VSI pointers are maintained in the PF structure
@@ -234,6 +236,8 @@ void ice_reset_all_vfs(struct ice_pf *pf);
 struct ice_vsi *ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi);
 void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf);
 int ice_ena_vf_rx_lldp(struct ice_vf *vf);
+int ice_init_vf_sysfs(struct ice_vf *vf);
+int ice_handle_vf_tx_lldp(struct ice_vf *vf, bool ena);
 #else /* CONFIG_PCI_IOV */
 static inline struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 {
@@ -313,6 +317,16 @@ ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi)
 static inline void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
 {
 }
+
+static inline int ice_handle_vf_tx_lldp(struct ice_vf *vf, bool ena)
+{
+	return -EOPNOTSUPP;
+}
+
+static inline int ice_init_vf_sysfs(struct ice_vf *vf)
+{
+	return 0;
+}
 #endif /* !CONFIG_PCI_IOV */
 
 #endif /* _ICE_VF_LIB_H_ */
-- 
2.43.0

[Intel-wired-lan] [PATCH iwl-net 5/5] ice: Implement VF LLDP TX support for VF

[Larysa Zaremba]

From: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>

Add option to enable transmit LLDP on single trusted VF via a sysfs entry,
for example:

echo '1' > /sys/class/net/<PF_IFNAME>/device/virtfn0/transmit_lldp

Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@intel.com>
Co-developed-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Signed-off-by: Larysa Zaremba <larysa.zaremba@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_lib.c    |   3 +
 drivers/net/ethernet/intel/ice/ice_sriov.c  |   4 +
 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 163 ++++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_vf_lib.h |  14 ++
 4 files changed, 184 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c
index 19f08f2e0139..32b1ed74bfa4 100644
--- a/drivers/net/ethernet/intel/ice/ice_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_lib.c
@@ -2062,6 +2062,9 @@ void ice_dis_sw_lldp(struct ice_pf *pf)
 
 		if (vsi && vsi->rx_lldp_ena)
 			ice_cfg_sw_lldp(vsi, false, false);
+
+		if (vf->transmit_lldp)
+			ice_handle_vf_tx_lldp(vf, false);
 	}
 }
 
diff --git a/drivers/net/ethernet/intel/ice/ice_sriov.c b/drivers/net/ethernet/intel/ice/ice_sriov.c
index a94a1c48c3de..0fe07330cc1a 100644
--- a/drivers/net/ethernet/intel/ice/ice_sriov.c
+++ b/drivers/net/ethernet/intel/ice/ice_sriov.c
@@ -832,6 +832,10 @@ static int ice_create_vf_entries(struct ice_pf *pf, u16 num_vfs)
 		vf->vfdev = vfdev;
 		vf->vf_sw_id = pf->first_sw;
 
+		err = ice_init_vf_sysfs(vf);
+		if (err)
+			goto err_free_entries;
+
 		pci_dev_get(vfdev);
 
 		/* set default number of MSI-X */
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 2de6ef3661cf..244d0ac7c9c4 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -577,6 +577,165 @@ void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
 	}
 }
 
+static bool ice_is_transmit_lldp_enabled(struct ice_pf *pf)
+{
+	struct ice_vf *vf;
+	unsigned int bkt;
+
+	ice_for_each_vf(pf, bkt, vf) {
+		if (vf->transmit_lldp)
+			return true;
+	}
+
+	return false;
+}
+
+/**
+ * ice_handle_vf_tx_lldp - enable/disable LLDP TX on VF
+ * @vf: VF to configure Tx LLDP for
+ * @ena: Enable or disable Tx LLDP switch rule
+ *
+ * Configure Tx filters for VF to transmit LLDP
+ */
+int ice_handle_vf_tx_lldp(struct ice_vf *vf, bool ena)
+{
+	void (*allow_override)(struct ice_vsi_ctx *ctx);
+	struct ice_vsi *vsi, *main_vsi;
+	struct ice_pf *pf = vf->pf;
+	struct device *dev;
+	bool prev_ena;
+
+	dev = ice_pf_to_dev(pf);
+	vsi = ice_get_vf_vsi(vf);
+	main_vsi = ice_get_main_vsi(pf);
+	if (!vsi || !main_vsi)
+		return -ENOENT;
+
+	if (ena && test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
+		dev_err(dev, "Transmit LLDP VF is only allowed when FW LLDP Agent is disabled");
+		return -EPERM;
+	}
+
+	if (ena && ice_is_transmit_lldp_enabled(pf)) {
+		dev_err(dev, "Only a single VF per port is allowed to transmit LLDP packets, ignoring the settings");
+		return -EPERM;
+	}
+
+	allow_override = ena ? ice_vsi_ctx_set_allow_override
+			     : ice_vsi_ctx_clear_allow_override;
+	prev_ena = vsi->info.sec_flags & ICE_AQ_VSI_SEC_FLAG_ALLOW_DEST_OVRD;
+
+	if (ice_vsi_update_security(vsi, allow_override))
+		return -ENOENT;
+
+	/* If VF can transmit LLDP, then PF cannot and vice versa */
+	allow_override = ena ? ice_vsi_ctx_clear_allow_override
+			     : ice_vsi_ctx_set_allow_override;
+
+	if (ice_vsi_update_security(main_vsi, allow_override)) {
+		allow_override = prev_ena  ? ice_vsi_ctx_set_allow_override
+					   : ice_vsi_ctx_clear_allow_override;
+		ice_vsi_update_security(vsi, allow_override);
+		return -ENOENT;
+	}
+
+	vf->transmit_lldp = ena;
+	return 0;
+}
+
+static ssize_t ice_transmit_lldp_vf_attr_show(struct device *dev,
+					      struct device_attribute *attr,
+					      char *buf)
+{
+	struct ice_vf *vf = ice_get_vf_by_dev(dev);
+
+	if (!vf)
+		return -ENOENT;
+
+	return sysfs_emit(buf, "%u\n", vf->transmit_lldp);
+}
+
+static ssize_t ice_transmit_lldp_vf_attr_store(struct device *dev,
+					       struct device_attribute *attr,
+					       const char *buf, size_t count)
+{
+	struct pci_dev *vfdev = container_of(dev, struct pci_dev, dev);
+	struct ice_vf *vf = ice_get_vf_by_dev(dev);
+	struct pci_dev *pdev = vfdev->physfn;
+	struct ice_pf *pf;
+	bool ena;
+	int err;
+
+	if (!vf)
+		return -ENOENT;
+
+	pf = pci_get_drvdata(pdev);
+	if (!pf)
+		return -ENOENT;
+
+	err = kstrtobool(buf, &ena);
+	if (err)
+		return -EINVAL;
+
+	if (ena == vf->transmit_lldp) {
+		dev_dbg(dev, "Transmit LLDP value already set for VF %d",
+			vf->vf_id);
+		return count;
+	}
+
+	err = ice_handle_vf_tx_lldp(vf, ena);
+	if (err)
+		return err;
+
+	return count;
+}
+
+static int ice_init_vf_transmit_lldp_sysfs(struct ice_vf *vf)
+{
+	struct device_attribute tmp = __ATTR(transmit_lldp, 0644,
+					     ice_transmit_lldp_vf_attr_show,
+					     ice_transmit_lldp_vf_attr_store);
+
+	vf->transmit_lldp_attr = tmp;
+
+	return device_create_file(&vf->vfdev->dev, &vf->transmit_lldp_attr);
+}
+
+/**
+ * ice_init_vf_sysfs - Initialize sysfs entries for a VF
+ * @vf: VF to init sysfs for
+ *
+ * Initialize sysfs entries (accessible from the host) for a VF
+ */
+int ice_init_vf_sysfs(struct ice_vf *vf)
+{
+	struct device *dev = ice_pf_to_dev(vf->pf);
+	int err = 0;
+
+	if (!vf->vfdev) {
+		dev_err(dev, "%s: no vfdev", __func__);
+		return -ENOENT;
+	}
+
+	err = ice_init_vf_transmit_lldp_sysfs(vf);
+	if (err)
+		dev_err(dev, "could not init transmit_lldp sysfs entry, err: %d",
+			err);
+
+	return err;
+}
+
+static int ice_vf_apply_tx_lldp(struct ice_vf *vf)
+{
+	if (!vf->transmit_lldp)
+		return 0;
+
+	/* Disable it so it can be applied again. */
+	vf->transmit_lldp = false;
+
+	return ice_handle_vf_tx_lldp(vf, true);
+}
+
 /**
  * ice_vf_rebuild_host_cfg - host admin configuration is persistent across reset
  * @vf: VF to rebuild host configuration on
@@ -607,6 +766,10 @@ static void ice_vf_rebuild_host_cfg(struct ice_vf *vf)
 		dev_err(dev, "failed to rebuild spoofchk configuration for VF %d\n",
 			vf->vf_id);
 
+	if (ice_vf_apply_tx_lldp(vf))
+		dev_err(dev, "failed to rebuild transmit LLDP configuration for VF %d\n",
+			vf->vf_id);
+
 	/* rebuild aggregator node config for main VF VSI */
 	ice_vf_rebuild_aggregator_node_cfg(vsi);
 }
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.h b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
index 81f734f2ae41..63e53591541e 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.h
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.h
@@ -104,9 +104,11 @@ struct ice_vf {
 	struct ice_vlan port_vlan_info;	/* Port VLAN ID, QoS, and TPID */
 	struct virtchnl_vlan_caps vlan_v2_caps;
 	struct ice_mbx_vf_info mbx_info;
+	struct device_attribute transmit_lldp_attr;
 	u8 pf_set_mac:1;		/* VF MAC address set by VMM admin */
 	u8 trusted:1;
 	u8 spoofchk:1;
+	u8 transmit_lldp:1;
 	u8 link_forced:1;
 	u8 link_up:1;			/* only valid if VF link is forced */
 	/* VSI indices - actual VSI pointers are maintained in the PF structure
@@ -234,6 +236,8 @@ void ice_reset_all_vfs(struct ice_pf *pf);
 struct ice_vsi *ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi);
 void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf);
 int ice_ena_vf_rx_lldp(struct ice_vf *vf);
+int ice_init_vf_sysfs(struct ice_vf *vf);
+int ice_handle_vf_tx_lldp(struct ice_vf *vf, bool ena);
 #else /* CONFIG_PCI_IOV */
 static inline struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
 {
@@ -313,6 +317,16 @@ ice_get_vf_ctrl_vsi(struct ice_pf *pf, struct ice_vsi *vsi)
 static inline void ice_ena_all_vfs_rx_lldp(struct ice_pf *pf)
 {
 }
+
+static inline int ice_handle_vf_tx_lldp(struct ice_vf *vf, bool ena)
+{
+	return -EOPNOTSUPP;
+}
+
+static inline int ice_init_vf_sysfs(struct ice_vf *vf)
+{
+	return 0;
+}
 #endif /* !CONFIG_PCI_IOV */
 
 #endif /* _ICE_VF_LIB_H_ */
-- 
2.43.0

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Wed, 28 Feb 2024 16:59:44 +0100 Larysa Zaremba wrote:
> Allow to:
> * receive LLDP packets on a VF
> * transmit LLDP from a VF
> 
> Only a single VF per port can transmit LLDP packets,
> all trusted VFs can transmit LLDP packets.
> 
> For both functionalities to work, private flag
> fw-lldp-agent must be off.
> 
> I am aware that implemented way of configuration (through sysfs) can be
> potentially controversial and would like some feedback from outside.

Why is the device not in switchdev mode? You can put your lldp-agent
priv flag on repr netdevs.

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Wed, 28 Feb 2024 16:59:44 +0100 Larysa Zaremba wrote:
> Allow to:
> * receive LLDP packets on a VF
> * transmit LLDP from a VF
> 
> Only a single VF per port can transmit LLDP packets,
> all trusted VFs can transmit LLDP packets.
> 
> For both functionalities to work, private flag
> fw-lldp-agent must be off.
> 
> I am aware that implemented way of configuration (through sysfs) can be
> potentially controversial and would like some feedback from outside.

Why is the device not in switchdev mode? You can put your lldp-agent
priv flag on repr netdevs.

Re: [PATCH iwl-net 4/5] ice: Implement VF LLDP RX support on VF

[Jiri Pirko]

Wed, Feb 28, 2024 at 04:59:48PM CET, larysa.zaremba@intel.com wrote:

[...]


>diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
>index 9c2c8637b4a7..af3611055e60 100644
>--- a/drivers/net/ethernet/intel/ice/ice_main.c
>+++ b/drivers/net/ethernet/intel/ice/ice_main.c
>@@ -4704,9 +4704,60 @@ void ice_deinit_dev(struct ice_pf *pf)
> 	ice_clear_interrupt_scheme(pf);
> }
> 
>+static ssize_t rx_lldp_show(struct device *dev, struct device_attribute *attr,
>+			    char *buf)
>+{
>+	struct ice_pf *pf = dev_get_drvdata(dev);
>+	struct ice_vsi *vsi = ice_get_main_vsi(pf);
>+
>+	return sysfs_emit(buf, "%u\n", vsi->rx_lldp_ena);
>+}
>+
>+static ssize_t rx_lldp_store(struct device *dev, struct device_attribute *attr,
>+			     const char *buf, size_t count)
>+{
>+	struct ice_pf *pf = dev_get_drvdata(dev);
>+	struct ice_vsi *vsi;
>+	bool ena;
>+	int err;
>+
>+	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
>+		dev_err(dev, "Toggling Rx LLDP for PF is only allowed when FW LLDP Agent is disabled");
>+		return -EPERM;
>+	}
>+
>+	err = kstrtobool(buf, &ena);
>+	if (err)
>+		return -EINVAL;
>+
>+	vsi = ice_get_main_vsi(pf);
>+
>+	if (ena == vsi->rx_lldp_ena) {
>+		dev_dbg(dev, "Rx LLDP already %sabled", ena ? "en" : "dis");
>+		return count;
>+	}
>+
>+	ice_cfg_sw_lldp(vsi, false, ena);
>+
>+	return count;
>+}
>+
>+static DEVICE_ATTR_RW(rx_lldp);
>+
>+static int ice_init_rx_lldp_sysfs(struct ice_pf *pf)
>+{
>+	return device_create_file(ice_pf_to_dev(pf), &dev_attr_rx_lldp);

Don't add driver specific sysfs knobs please.

pw-bot: reject

[...]

Re: [Intel-wired-lan] [PATCH iwl-net 4/5] ice: Implement VF LLDP RX support on VF

[Jiri Pirko]

Wed, Feb 28, 2024 at 04:59:48PM CET, larysa.zaremba@intel.com wrote:

[...]


>diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
>index 9c2c8637b4a7..af3611055e60 100644
>--- a/drivers/net/ethernet/intel/ice/ice_main.c
>+++ b/drivers/net/ethernet/intel/ice/ice_main.c
>@@ -4704,9 +4704,60 @@ void ice_deinit_dev(struct ice_pf *pf)
> 	ice_clear_interrupt_scheme(pf);
> }
> 
>+static ssize_t rx_lldp_show(struct device *dev, struct device_attribute *attr,
>+			    char *buf)
>+{
>+	struct ice_pf *pf = dev_get_drvdata(dev);
>+	struct ice_vsi *vsi = ice_get_main_vsi(pf);
>+
>+	return sysfs_emit(buf, "%u\n", vsi->rx_lldp_ena);
>+}
>+
>+static ssize_t rx_lldp_store(struct device *dev, struct device_attribute *attr,
>+			     const char *buf, size_t count)
>+{
>+	struct ice_pf *pf = dev_get_drvdata(dev);
>+	struct ice_vsi *vsi;
>+	bool ena;
>+	int err;
>+
>+	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) {
>+		dev_err(dev, "Toggling Rx LLDP for PF is only allowed when FW LLDP Agent is disabled");
>+		return -EPERM;
>+	}
>+
>+	err = kstrtobool(buf, &ena);
>+	if (err)
>+		return -EINVAL;
>+
>+	vsi = ice_get_main_vsi(pf);
>+
>+	if (ena == vsi->rx_lldp_ena) {
>+		dev_dbg(dev, "Rx LLDP already %sabled", ena ? "en" : "dis");
>+		return count;
>+	}
>+
>+	ice_cfg_sw_lldp(vsi, false, ena);
>+
>+	return count;
>+}
>+
>+static DEVICE_ATTR_RW(rx_lldp);
>+
>+static int ice_init_rx_lldp_sysfs(struct ice_pf *pf)
>+{
>+	return device_create_file(ice_pf_to_dev(pf), &dev_attr_rx_lldp);

Don't add driver specific sysfs knobs please.

pw-bot: reject

[...]

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jiri Pirko]

Wed, Feb 28, 2024 at 05:47:45PM CET, kuba@kernel.org wrote:
>On Wed, 28 Feb 2024 16:59:44 +0100 Larysa Zaremba wrote:
>> Allow to:
>> * receive LLDP packets on a VF
>> * transmit LLDP from a VF
>> 
>> Only a single VF per port can transmit LLDP packets,
>> all trusted VFs can transmit LLDP packets.
>> 
>> For both functionalities to work, private flag
>> fw-lldp-agent must be off.
>> 
>> I am aware that implemented way of configuration (through sysfs) can be
>> potentially controversial and would like some feedback from outside.
>
>Why is the device not in switchdev mode? You can put your lldp-agent
>priv flag on repr netdevs.
>

But isn't it a matter of eswitch configuration? I mean, the user should
be free to configure filtering/forwarding of any packet, including LLDP
ones.

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jiri Pirko]

Wed, Feb 28, 2024 at 05:47:45PM CET, kuba@kernel.org wrote:
>On Wed, 28 Feb 2024 16:59:44 +0100 Larysa Zaremba wrote:
>> Allow to:
>> * receive LLDP packets on a VF
>> * transmit LLDP from a VF
>> 
>> Only a single VF per port can transmit LLDP packets,
>> all trusted VFs can transmit LLDP packets.
>> 
>> For both functionalities to work, private flag
>> fw-lldp-agent must be off.
>> 
>> I am aware that implemented way of configuration (through sysfs) can be
>> potentially controversial and would like some feedback from outside.
>
>Why is the device not in switchdev mode? You can put your lldp-agent
>priv flag on repr netdevs.
>

But isn't it a matter of eswitch configuration? I mean, the user should
be free to configure filtering/forwarding of any packet, including LLDP
ones.

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Thu, 29 Feb 2024 10:20:05 +0100 Jiri Pirko wrote:
> But isn't it a matter of eswitch configuration? I mean, the user should
> be free to configure filtering/forwarding of any packet, including LLDP
> ones.

This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
forwarding or filtering.

They already have the priv flag, so best to reuse that. If not possible
we can explore options, but as Larysa mentioned herself in the cover
letter sysfs is probably low on the preference list :(

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Thu, 29 Feb 2024 10:20:05 +0100 Jiri Pirko wrote:
> But isn't it a matter of eswitch configuration? I mean, the user should
> be free to configure filtering/forwarding of any packet, including LLDP
> ones.

This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
forwarding or filtering.

They already have the priv flag, so best to reuse that. If not possible
we can explore options, but as Larysa mentioned herself in the cover
letter sysfs is probably low on the preference list :(

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

On Thu, Feb 29, 2024 at 07:28:13AM -0800, Jakub Kicinski wrote:
> On Thu, 29 Feb 2024 10:20:05 +0100 Jiri Pirko wrote:
> > But isn't it a matter of eswitch configuration? I mean, the user should
> > be free to configure filtering/forwarding of any packet, including LLDP
> > ones.
> 
> This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> forwarding or filtering.
> 
> They already have the priv flag, so best to reuse that. If not possible
> we can explore options, but as Larysa mentioned herself in the cover
> letter sysfs is probably low on the preference list :(
>

FW agent is disabled NIC-wide, so only PF should be able to set such flag.

The lazy part of me likes the private flag direction, because just replacing 
sysfs entries with corresponding private flags would make patch look better
while not changing the implementation much.

I guess, treating it like a normal eswitch configuration would be ideal, but 
it would not be purely generic, as there is an added level of complexity because 
of FW Agent interactions.

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

On Thu, Feb 29, 2024 at 07:28:13AM -0800, Jakub Kicinski wrote:
> On Thu, 29 Feb 2024 10:20:05 +0100 Jiri Pirko wrote:
> > But isn't it a matter of eswitch configuration? I mean, the user should
> > be free to configure filtering/forwarding of any packet, including LLDP
> > ones.
> 
> This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> forwarding or filtering.
> 
> They already have the priv flag, so best to reuse that. If not possible
> we can explore options, but as Larysa mentioned herself in the cover
> letter sysfs is probably low on the preference list :(
>

FW agent is disabled NIC-wide, so only PF should be able to set such flag.

The lazy part of me likes the private flag direction, because just replacing 
sysfs entries with corresponding private flags would make patch look better
while not changing the implementation much.

I guess, treating it like a normal eswitch configuration would be ideal, but 
it would not be purely generic, as there is an added level of complexity because 
of FW Agent interactions.

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Thu, 29 Feb 2024 20:33:04 +0100 Larysa Zaremba wrote:
> > This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> > forwarding or filtering.
> > 
> > They already have the priv flag, so best to reuse that. If not possible
> > we can explore options, but as Larysa mentioned herself in the cover
> > letter sysfs is probably low on the preference list :(
> 
> FW agent is disabled NIC-wide, so only PF should be able to set such flag.

Sorry, then I misread. If it's about which VF gets the LLDP traffic
from the _wire_, then I'm with Jiri. It's a basic forwarding problem,
isn't it? Match on EtherType and forward?

> The lazy part of me likes the private flag direction, because just
> replacing sysfs entries with corresponding private flags would make
> patch look better while not changing the implementation much.
> 
> I guess, treating it like a normal eswitch configuration would be
> ideal, but it would not be purely generic, as there is an added level
> of complexity because of FW Agent interactions.

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Thu, 29 Feb 2024 20:33:04 +0100 Larysa Zaremba wrote:
> > This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> > forwarding or filtering.
> > 
> > They already have the priv flag, so best to reuse that. If not possible
> > we can explore options, but as Larysa mentioned herself in the cover
> > letter sysfs is probably low on the preference list :(
> 
> FW agent is disabled NIC-wide, so only PF should be able to set such flag.

Sorry, then I misread. If it's about which VF gets the LLDP traffic
from the _wire_, then I'm with Jiri. It's a basic forwarding problem,
isn't it? Match on EtherType and forward?

> The lazy part of me likes the private flag direction, because just
> replacing sysfs entries with corresponding private flags would make
> patch look better while not changing the implementation much.
> 
> I guess, treating it like a normal eswitch configuration would be
> ideal, but it would not be purely generic, as there is an added level
> of complexity because of FW Agent interactions.

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

On Fri, Mar 01, 2024 at 09:08:36AM -0800, Jakub Kicinski wrote:
> On Thu, 29 Feb 2024 20:33:04 +0100 Larysa Zaremba wrote:
> > > This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> > > forwarding or filtering.
> > > 
> > > They already have the priv flag, so best to reuse that. If not possible
> > > we can explore options, but as Larysa mentioned herself in the cover
> > > letter sysfs is probably low on the preference list :(
> > 
> > FW agent is disabled NIC-wide, so only PF should be able to set such flag.
> 
> Sorry, then I misread. If it's about which VF gets the LLDP traffic
> from the _wire_, then I'm with Jiri. It's a basic forwarding problem,
> isn't it? Match on EtherType and forward?
>

For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
neighbors.

For TX this is more complicated and is done not through eswitch, but through 
modifying security options, so do not think this would work with tc. So private 
flags are the best option? Our requirements say only a single VSI can transmit 
LLDP.

> > The lazy part of me likes the private flag direction, because just
> > replacing sysfs entries with corresponding private flags would make
> > patch look better while not changing the implementation much.
> > 
> > I guess, treating it like a normal eswitch configuration would be
> > ideal, but it would not be purely generic, as there is an added level
> > of complexity because of FW Agent interactions.
> 

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

On Fri, Mar 01, 2024 at 09:08:36AM -0800, Jakub Kicinski wrote:
> On Thu, 29 Feb 2024 20:33:04 +0100 Larysa Zaremba wrote:
> > > This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> > > forwarding or filtering.
> > > 
> > > They already have the priv flag, so best to reuse that. If not possible
> > > we can explore options, but as Larysa mentioned herself in the cover
> > > letter sysfs is probably low on the preference list :(
> > 
> > FW agent is disabled NIC-wide, so only PF should be able to set such flag.
> 
> Sorry, then I misread. If it's about which VF gets the LLDP traffic
> from the _wire_, then I'm with Jiri. It's a basic forwarding problem,
> isn't it? Match on EtherType and forward?
>

For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
neighbors.

For TX this is more complicated and is done not through eswitch, but through 
modifying security options, so do not think this would work with tc. So private 
flags are the best option? Our requirements say only a single VSI can transmit 
LLDP.

> > The lazy part of me likes the private flag direction, because just
> > replacing sysfs entries with corresponding private flags would make
> > patch look better while not changing the implementation much.
> > 
> > I guess, treating it like a normal eswitch configuration would be
> > ideal, but it would not be purely generic, as there is an added level
> > of complexity because of FW Agent interactions.
> 

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

On Tue, Mar 05, 2024 at 11:54:50AM -0800, Jakub Kicinski wrote:
> On Sat, 2 Mar 2024 01:50:03 +0100 Larysa Zaremba wrote:
> > For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
> > neighbors.
> > 
> > For TX this is more complicated and is done not through eswitch, but through 
> > modifying security options, so do not think this would work with tc. So private 
> > flags are the best option? Our requirements say only a single VSI can transmit 
> > LLDP.
> 
> It is doable theoretically, tho, right? Driver can detect that all
> eswitch VF/PF ports but one have a "drop LLDP" rule and update the
> security option correctly?

I can envision that. I'll report in this thread, if I encounter roadblocks, when 
doing v2.

Thanks!

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Larysa Zaremba]

On Tue, Mar 05, 2024 at 11:54:50AM -0800, Jakub Kicinski wrote:
> On Sat, 2 Mar 2024 01:50:03 +0100 Larysa Zaremba wrote:
> > For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
> > neighbors.
> > 
> > For TX this is more complicated and is done not through eswitch, but through 
> > modifying security options, so do not think this would work with tc. So private 
> > flags are the best option? Our requirements say only a single VSI can transmit 
> > LLDP.
> 
> It is doable theoretically, tho, right? Driver can detect that all
> eswitch VF/PF ports but one have a "drop LLDP" rule and update the
> security option correctly?

I can envision that. I'll report in this thread, if I encounter roadblocks, when 
doing v2.

Thanks!

Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Sat, 2 Mar 2024 01:50:03 +0100 Larysa Zaremba wrote:
> For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
> neighbors.
> 
> For TX this is more complicated and is done not through eswitch, but through 
> modifying security options, so do not think this would work with tc. So private 
> flags are the best option? Our requirements say only a single VSI can transmit 
> LLDP.

It is doable theoretically, tho, right? Driver can detect that all
eswitch VF/PF ports but one have a "drop LLDP" rule and update the
security option correctly?

Re: [Intel-wired-lan] [PATCH iwl-net 0/5] ice: LLDP support for VFs

[Jakub Kicinski]

On Sat, 2 Mar 2024 01:50:03 +0100 Larysa Zaremba wrote:
> For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
> neighbors.
> 
> For TX this is more complicated and is done not through eswitch, but through 
> modifying security options, so do not think this would work with tc. So private 
> flags are the best option? Our requirements say only a single VSI can transmit 
> LLDP.

It is doable theoretically, tho, right? Driver can detect that all
eswitch VF/PF ports but one have a "drop LLDP" rule and update the
security option correctly?