From: Alexander Duyck <aduyck@mirantis.com>
To: netdev@vger.kernel.org, intel-wired-lan@lists.osuosl.org
Cc: jeffrey.t.kirsher@intel.com
Subject: [next PATCH 11/11] ixgbe: Clean stale VLANs when changing port vlan or resetting
Date: Mon, 02 Nov 2015 17:10:32 -0800 [thread overview]
Message-ID: <20151103011032.28233.6892.stgit@localhost.localdomain> (raw)
In-Reply-To: <20151103005850.28233.63113.stgit@localhost.localdomain>
This patch guarantees that the VFs do not have access to VLANs that they
were not supposed to. What this patch does is add code so that we delete
the previous port VLAN after adding a new one, and if we reset the VF we
clear all of the filters associated with it.
Previously the code was leaving all previous VLANs mapped to the VF and
they didn't get deleted unless the VF specifically requested it or if the
PF itself was reset.
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 77 ++++++++++++++++++++++--
1 file changed, 72 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 03d4e5c9d71d..eeff3d075bf8 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -455,10 +455,6 @@ static int ixgbe_set_vf_vlan(struct ixgbe_adapter *adapter, int add, int vid,
struct ixgbe_hw *hw = &adapter->hw;
int err;
- /* VLAN 0 is a special case, don't allow it to be removed */
- if (!vid && !add)
- return 0;
-
/* If VLAN overlaps with one the PF is currently monitoring make
* sure that we are able to allocate a VLVF entry. This may be
* redundant but it guarantees PF will maintain visibility to
@@ -589,13 +585,75 @@ static void ixgbe_clear_vmvir(struct ixgbe_adapter *adapter, u32 vf)
IXGBE_WRITE_REG(hw, IXGBE_VMVIR(vf), 0);
}
+
+static void ixgbe_clear_vf_vlans(struct ixgbe_adapter *adapter, u32 vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ u32 i;
+
+ /* post increment loop, covers VLVF_ENTRIES - 1 to 0 */
+ for (i = IXGBE_VLVF_ENTRIES; i--;) {
+ u32 word = IXGBE_VLVFB(i * 2 + vf / 32);
+ u32 bits[2], vlvfb, vid, vfta, vlvf;
+ u32 mask = 1 << (vf / 32);
+
+ vlvfb = IXGBE_READ_REG(hw, word);
+
+ /* if our bit isn't set we can skip it */
+ if (!(vlvfb & mask))
+ continue;
+
+ /* clear our bit from vlvfb */
+ vlvfb ^= mask;
+
+ /* create 64b mask to chedk to see if we should clear VLVF */
+ bits[word % 2] = vlvfb;
+ bits[(word % 2) ^ 1] = IXGBE_READ_REG(hw, word ^ 1);
+
+ /* if promisc is enabled, PF will be present, leave VFTA */
+ if (adapter->flags2 & IXGBE_FLAG2_VLAN_PROMISC) {
+ bits[VMDQ_P(0) / 32] &= ~(1 << (VMDQ_P(0) % 32));
+
+ if (bits[0] || bits[1])
+ goto update_vlvfb;
+ goto update_vlvf;
+ }
+
+ /* if other pools are present, just remove ourselves */
+ if (bits[0] || bits[1])
+ goto update_vlvfb;
+
+ /* if we cannot determine VLAN just remove ourselves */
+ vlvf = IXGBE_READ_REG(hw, IXGBE_VLVF(i));
+ if (!vlvf)
+ goto update_vlvfb;
+
+ vid = vlvf & VLAN_VID_MASK;
+ mask = 1 << (vid % 32);
+
+ /* clear bit from VFTA */
+ vfta = IXGBE_READ_REG(hw, IXGBE_VFTA(vid / 32));
+ if (vfta & mask)
+ IXGBE_WRITE_REG(hw, IXGBE_VFTA(vid / 32), vfta ^ mask);
+update_vlvf:
+ /* clear POOL selection enable */
+ IXGBE_WRITE_REG(hw, IXGBE_VLVF(i), 0);
+update_vlvfb:
+ /* clear pool bits */
+ IXGBE_WRITE_REG(hw, IXGBE_VLVFB(word), vlvfb);
+ }
+}
+
static inline void ixgbe_vf_reset_event(struct ixgbe_adapter *adapter, u32 vf)
{
struct ixgbe_hw *hw = &adapter->hw;
struct vf_data_storage *vfinfo = &adapter->vfinfo[vf];
u8 num_tcs = netdev_get_num_tc(adapter->netdev);
- /* add PF assigned VLAN or VLAN 0 */
+ /* remove VLAN filters beloning to this VF */
+ ixgbe_clear_vf_vlans(adapter, vf);
+
+ /* add back PF assigned VLAN or VLAN 0 */
ixgbe_set_vf_vlan(adapter, true, vfinfo->pf_vlan, vf);
/* reset offloads to defaults */
@@ -858,6 +916,10 @@ static int ixgbe_set_vf_vlan_msg(struct ixgbe_adapter *adapter,
return -1;
}
+ /* VLAN 0 is a special case, don't allow it to be removed */
+ if (!vid && !add)
+ return 0;
+
err = ixgbe_set_vf_vlan(adapter, add, vid, vf);
if (err)
return err;
@@ -1251,6 +1313,9 @@ static int ixgbe_enable_port_vlan(struct ixgbe_adapter *adapter, int vf,
if (err)
goto out;
+ /* Revoke tagless access via VLAN 0 */
+ ixgbe_set_vf_vlan(adapter, false, 0, vf);
+
ixgbe_set_vmvir(adapter, vlan, qos, vf);
ixgbe_set_vmolr(hw, vf, false);
if (adapter->vfinfo[vf].spoofchk_enabled)
@@ -1284,6 +1349,8 @@ static int ixgbe_disable_port_vlan(struct ixgbe_adapter *adapter, int vf)
err = ixgbe_set_vf_vlan(adapter, false,
adapter->vfinfo[vf].pf_vlan, vf);
+ /* Restore tagless access via VLAN 0 */
+ ixgbe_set_vf_vlan(adapter, true, 0, vf);
ixgbe_clear_vmvir(adapter, vf);
ixgbe_set_vmolr(hw, vf, true);
hw->mac.ops.set_vlan_anti_spoofing(hw, false, vf);
next prev parent reply other threads:[~2015-11-03 1:10 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-03 1:09 [next PATCH 00/11] ixgbe: Add support for mixed PF/VF virtualization Alexander Duyck
2015-11-03 1:09 ` [next PATCH 01/11] ixgbe: Return error on failure to allocate mac_table Alexander Duyck
2015-12-10 22:51 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:09 ` [next PATCH 02/11] ixgbe: Fix SR-IOV VLAN pool configuration Alexander Duyck
2015-12-10 22:52 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:09 ` [next PATCH 03/11] ixgbe: Simplify definitions for regidx and bit in set_vfta Alexander Duyck
2015-12-10 22:52 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:09 ` [next PATCH 04/11] ixgbe: Reduce VT code indent in set_vfta by introducing jump label Alexander Duyck
2015-12-10 22:52 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:09 ` [next PATCH 05/11] ixgbe: Simplify configuration of setting VLVF and VLVFB Alexander Duyck
2015-12-10 22:52 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:10 ` [next PATCH 06/11] ixgbe: Add support for adding/removing VLAN on PF bypassing the VLVF Alexander Duyck
2015-12-10 22:52 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:10 ` [next PATCH 07/11] ixgbe: Reorder search to work from the top down instead of bottom up Alexander Duyck
2015-12-10 22:53 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:10 ` [next PATCH 08/11] ixgbe: Add support for VLAN promiscuous with SR-IOV Alexander Duyck
2015-12-10 22:53 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:10 ` [next PATCH 09/11] ixgbe: Fix VLAN promisc in relation to SR-IOV Alexander Duyck
2015-12-10 22:53 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:10 ` [next PATCH 10/11] ixgbe: Clear stale pool mappings Alexander Duyck
2015-12-10 22:53 ` [Intel-wired-lan] " Schmitt, Phillip J
2015-11-03 1:10 ` Alexander Duyck [this message]
2015-12-10 22:54 ` [Intel-wired-lan] [next PATCH 11/11] ixgbe: Clean stale VLANs when changing port vlan or resetting Schmitt, Phillip J
2015-11-03 12:38 ` [next PATCH 00/11] ixgbe: Add support for mixed PF/VF virtualization Jeff Kirsher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151103011032.28233.6892.stgit@localhost.localdomain \
--to=aduyck@mirantis.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jeffrey.t.kirsher@intel.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).