Commit 01cbf508 authored by Mateusz Palczewski's avatar Mateusz Palczewski Committed by Tony Nguyen

i40e: Fix to not show opcode msg on unsuccessful VF MAC change

Hide i40e opcode information sent during response to VF in case when
untrusted VF tried to change MAC on the VF interface.

This is implemented by adding an additional parameter 'hide' to the
response sent to VF function that hides the display of error
information, but forwards the error code to VF.

Previously it was not possible to send response with some error code
to VF without displaying opcode information.

Fixes: 5c3c48ac ("i40e: implement virtual device interface")
Signed-off-by: default avatarGrzegorz Szczurek <grzegorzx.szczurek@intel.com>
Signed-off-by: default avatarMateusz Palczewski <mateusz.palczewski@intel.com>
Reviewed-by: default avatarPaul M Stillwell Jr <paul.m.stillwell.jr@intel.com>
Reviewed-by: default avatarAleksandr Loktionov <aleksandr.loktionov@intel.com>
Tested-by: default avatarTony Brelinski <tony.brelinski@intel.com>
Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
parent 6f89ecf1
...@@ -1877,17 +1877,19 @@ int i40e_pci_sriov_configure(struct pci_dev *pdev, int num_vfs) ...@@ -1877,17 +1877,19 @@ int i40e_pci_sriov_configure(struct pci_dev *pdev, int num_vfs)
/***********************virtual channel routines******************/ /***********************virtual channel routines******************/
/** /**
* i40e_vc_send_msg_to_vf * i40e_vc_send_msg_to_vf_ex
* @vf: pointer to the VF info * @vf: pointer to the VF info
* @v_opcode: virtual channel opcode * @v_opcode: virtual channel opcode
* @v_retval: virtual channel return value * @v_retval: virtual channel return value
* @msg: pointer to the msg buffer * @msg: pointer to the msg buffer
* @msglen: msg length * @msglen: msg length
* @is_quiet: true for not printing unsuccessful return values, false otherwise
* *
* send msg to VF * send msg to VF
**/ **/
static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode, static int i40e_vc_send_msg_to_vf_ex(struct i40e_vf *vf, u32 v_opcode,
u32 v_retval, u8 *msg, u16 msglen) u32 v_retval, u8 *msg, u16 msglen,
bool is_quiet)
{ {
struct i40e_pf *pf; struct i40e_pf *pf;
struct i40e_hw *hw; struct i40e_hw *hw;
...@@ -1903,7 +1905,7 @@ static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode, ...@@ -1903,7 +1905,7 @@ static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode,
abs_vf_id = vf->vf_id + hw->func_caps.vf_base_id; abs_vf_id = vf->vf_id + hw->func_caps.vf_base_id;
/* single place to detect unsuccessful return values */ /* single place to detect unsuccessful return values */
if (v_retval) { if (v_retval && !is_quiet) {
vf->num_invalid_msgs++; vf->num_invalid_msgs++;
dev_info(&pf->pdev->dev, "VF %d failed opcode %d, retval: %d\n", dev_info(&pf->pdev->dev, "VF %d failed opcode %d, retval: %d\n",
vf->vf_id, v_opcode, v_retval); vf->vf_id, v_opcode, v_retval);
...@@ -1933,6 +1935,23 @@ static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode, ...@@ -1933,6 +1935,23 @@ static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode,
return 0; return 0;
} }
/**
* i40e_vc_send_msg_to_vf
* @vf: pointer to the VF info
* @v_opcode: virtual channel opcode
* @v_retval: virtual channel return value
* @msg: pointer to the msg buffer
* @msglen: msg length
*
* send msg to VF
**/
static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode,
u32 v_retval, u8 *msg, u16 msglen)
{
return i40e_vc_send_msg_to_vf_ex(vf, v_opcode, v_retval,
msg, msglen, false);
}
/** /**
* i40e_vc_send_resp_to_vf * i40e_vc_send_resp_to_vf
* @vf: pointer to the VF info * @vf: pointer to the VF info
...@@ -2695,6 +2714,7 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg) ...@@ -2695,6 +2714,7 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg)
* i40e_check_vf_permission * i40e_check_vf_permission
* @vf: pointer to the VF info * @vf: pointer to the VF info
* @al: MAC address list from virtchnl * @al: MAC address list from virtchnl
* @is_quiet: set true for printing msg without opcode info, false otherwise
* *
* Check that the given list of MAC addresses is allowed. Will return -EPERM * Check that the given list of MAC addresses is allowed. Will return -EPERM
* if any address in the list is not valid. Checks the following conditions: * if any address in the list is not valid. Checks the following conditions:
...@@ -2709,13 +2729,15 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg) ...@@ -2709,13 +2729,15 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg)
* addresses might not be accurate. * addresses might not be accurate.
**/ **/
static inline int i40e_check_vf_permission(struct i40e_vf *vf, static inline int i40e_check_vf_permission(struct i40e_vf *vf,
struct virtchnl_ether_addr_list *al) struct virtchnl_ether_addr_list *al,
bool *is_quiet)
{ {
struct i40e_pf *pf = vf->pf; struct i40e_pf *pf = vf->pf;
struct i40e_vsi *vsi = pf->vsi[vf->lan_vsi_idx]; struct i40e_vsi *vsi = pf->vsi[vf->lan_vsi_idx];
int mac2add_cnt = 0; int mac2add_cnt = 0;
int i; int i;
*is_quiet = false;
for (i = 0; i < al->num_elements; i++) { for (i = 0; i < al->num_elements; i++) {
struct i40e_mac_filter *f; struct i40e_mac_filter *f;
u8 *addr = al->list[i].addr; u8 *addr = al->list[i].addr;
...@@ -2739,6 +2761,7 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf, ...@@ -2739,6 +2761,7 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf,
!ether_addr_equal(addr, vf->default_lan_addr.addr)) { !ether_addr_equal(addr, vf->default_lan_addr.addr)) {
dev_err(&pf->pdev->dev, dev_err(&pf->pdev->dev,
"VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n"); "VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n");
*is_quiet = true;
return -EPERM; return -EPERM;
} }
...@@ -2775,6 +2798,7 @@ static int i40e_vc_add_mac_addr_msg(struct i40e_vf *vf, u8 *msg) ...@@ -2775,6 +2798,7 @@ static int i40e_vc_add_mac_addr_msg(struct i40e_vf *vf, u8 *msg)
(struct virtchnl_ether_addr_list *)msg; (struct virtchnl_ether_addr_list *)msg;
struct i40e_pf *pf = vf->pf; struct i40e_pf *pf = vf->pf;
struct i40e_vsi *vsi = NULL; struct i40e_vsi *vsi = NULL;
bool is_quiet = false;
i40e_status ret = 0; i40e_status ret = 0;
int i; int i;
...@@ -2791,7 +2815,7 @@ static int i40e_vc_add_mac_addr_msg(struct i40e_vf *vf, u8 *msg) ...@@ -2791,7 +2815,7 @@ static int i40e_vc_add_mac_addr_msg(struct i40e_vf *vf, u8 *msg)
*/ */
spin_lock_bh(&vsi->mac_filter_hash_lock); spin_lock_bh(&vsi->mac_filter_hash_lock);
ret = i40e_check_vf_permission(vf, al); ret = i40e_check_vf_permission(vf, al, &is_quiet);
if (ret) { if (ret) {
spin_unlock_bh(&vsi->mac_filter_hash_lock); spin_unlock_bh(&vsi->mac_filter_hash_lock);
goto error_param; goto error_param;
...@@ -2829,8 +2853,8 @@ static int i40e_vc_add_mac_addr_msg(struct i40e_vf *vf, u8 *msg) ...@@ -2829,8 +2853,8 @@ static int i40e_vc_add_mac_addr_msg(struct i40e_vf *vf, u8 *msg)
error_param: error_param:
/* send the response to the VF */ /* send the response to the VF */
return i40e_vc_send_resp_to_vf(vf, VIRTCHNL_OP_ADD_ETH_ADDR, return i40e_vc_send_msg_to_vf_ex(vf, VIRTCHNL_OP_ADD_ETH_ADDR,
ret); ret, NULL, 0, is_quiet);
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment