Commit d9a8d6a1 authored by David S. Miller's avatar David S. Miller

Merge branch 'bnx2x-Fix-malicious-VFs-indication'

Yuval Mintz says:

====================
bnx2x: Fix malicious VFs indication

It was discovered that for a VF there's a simple [yet uncommon] scenario
which would cause device firmware to declare that VF as malicious -
Add a vlan interface on top of a VF and disable txvlan offloading for
that VF [causing VF to transmit packets where vlan is on payload].

Patch #1 corrects driver transmission to prevent this issue.
Patch #2 is a by-product correcting PF behavior once a VF is declared
malicious.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents f6d4c713 35238822
...@@ -3883,15 +3883,26 @@ netdev_tx_t bnx2x_start_xmit(struct sk_buff *skb, struct net_device *dev) ...@@ -3883,15 +3883,26 @@ netdev_tx_t bnx2x_start_xmit(struct sk_buff *skb, struct net_device *dev)
/* when transmitting in a vf, start bd must hold the ethertype /* when transmitting in a vf, start bd must hold the ethertype
* for fw to enforce it * for fw to enforce it
*/ */
u16 vlan_tci = 0;
#ifndef BNX2X_STOP_ON_ERROR #ifndef BNX2X_STOP_ON_ERROR
if (IS_VF(bp)) if (IS_VF(bp)) {
#endif #endif
/* Still need to consider inband vlan for enforced */
if (__vlan_get_tag(skb, &vlan_tci)) {
tx_start_bd->vlan_or_ethertype = tx_start_bd->vlan_or_ethertype =
cpu_to_le16(ntohs(eth->h_proto)); cpu_to_le16(ntohs(eth->h_proto));
} else {
tx_start_bd->bd_flags.as_bitfield |=
(X_ETH_INBAND_VLAN <<
ETH_TX_BD_FLAGS_VLAN_MODE_SHIFT);
tx_start_bd->vlan_or_ethertype =
cpu_to_le16(vlan_tci);
}
#ifndef BNX2X_STOP_ON_ERROR #ifndef BNX2X_STOP_ON_ERROR
else } else {
/* used by FW for packet accounting */ /* used by FW for packet accounting */
tx_start_bd->vlan_or_ethertype = cpu_to_le16(pkt_prod); tx_start_bd->vlan_or_ethertype = cpu_to_le16(pkt_prod);
}
#endif #endif
} }
......
...@@ -901,6 +901,8 @@ static void bnx2x_vf_flr(struct bnx2x *bp, struct bnx2x_virtf *vf) ...@@ -901,6 +901,8 @@ static void bnx2x_vf_flr(struct bnx2x *bp, struct bnx2x_virtf *vf)
/* release VF resources */ /* release VF resources */
bnx2x_vf_free_resc(bp, vf); bnx2x_vf_free_resc(bp, vf);
vf->malicious = false;
/* re-open the mailbox */ /* re-open the mailbox */
bnx2x_vf_enable_mbx(bp, vf->abs_vfid); bnx2x_vf_enable_mbx(bp, vf->abs_vfid);
return; return;
...@@ -1822,9 +1824,11 @@ int bnx2x_iov_eq_sp_event(struct bnx2x *bp, union event_ring_elem *elem) ...@@ -1822,9 +1824,11 @@ int bnx2x_iov_eq_sp_event(struct bnx2x *bp, union event_ring_elem *elem)
vf->abs_vfid, qidx); vf->abs_vfid, qidx);
bnx2x_vf_handle_rss_update_eqe(bp, vf); bnx2x_vf_handle_rss_update_eqe(bp, vf);
case EVENT_RING_OPCODE_VF_FLR: case EVENT_RING_OPCODE_VF_FLR:
case EVENT_RING_OPCODE_MALICIOUS_VF:
/* Do nothing for now */ /* Do nothing for now */
return 0; return 0;
case EVENT_RING_OPCODE_MALICIOUS_VF:
vf->malicious = true;
return 0;
} }
return 0; return 0;
...@@ -1905,6 +1909,13 @@ void bnx2x_iov_adjust_stats_req(struct bnx2x *bp) ...@@ -1905,6 +1909,13 @@ void bnx2x_iov_adjust_stats_req(struct bnx2x *bp)
continue; continue;
} }
if (vf->malicious) {
DP_AND((BNX2X_MSG_IOV | BNX2X_MSG_STATS),
"vf %d malicious so no stats for it\n",
vf->abs_vfid);
continue;
}
DP_AND((BNX2X_MSG_IOV | BNX2X_MSG_STATS), DP_AND((BNX2X_MSG_IOV | BNX2X_MSG_STATS),
"add addresses for vf %d\n", vf->abs_vfid); "add addresses for vf %d\n", vf->abs_vfid);
for_each_vfq(vf, j) { for_each_vfq(vf, j) {
......
...@@ -141,6 +141,7 @@ struct bnx2x_virtf { ...@@ -141,6 +141,7 @@ struct bnx2x_virtf {
#define VF_RESET 3 /* VF FLR'd, pending cleanup */ #define VF_RESET 3 /* VF FLR'd, pending cleanup */
bool flr_clnup_stage; /* true during flr cleanup */ bool flr_clnup_stage; /* true during flr cleanup */
bool malicious; /* true if FW indicated so, until FLR */
/* dma */ /* dma */
dma_addr_t fw_stat_map; dma_addr_t fw_stat_map;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment