Merge branch 'bnx2x-Fix-malicious-VFs-indication'

Yuval Mintz says:

====================
bnx2x: Fix malicious VFs indication

It was discovered that for a VF there's a simple [yet uncommon] scenario
which would cause device firmware to declare that VF as malicious -
Add a vlan interface on top of a VF and disable txvlan offloading for
that VF [causing VF to transmit packets where vlan is on payload].

Patch #1 corrects driver transmission to prevent this issue.
Patch #2 is a by-product correcting PF behavior once a VF is declared
malicious.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2017-06-10 16:02:56 -04:00
commit d9a8d6a102
3 changed files with 28 additions and 5 deletions

View File

@ -3883,15 +3883,26 @@ netdev_tx_t bnx2x_start_xmit(struct sk_buff *skb, struct net_device *dev)
/* when transmitting in a vf, start bd must hold the ethertype
* for fw to enforce it
*/
u16 vlan_tci = 0;
#ifndef BNX2X_STOP_ON_ERROR
if (IS_VF(bp))
if (IS_VF(bp)) {
#endif
tx_start_bd->vlan_or_ethertype =
cpu_to_le16(ntohs(eth->h_proto));
/* Still need to consider inband vlan for enforced */
if (__vlan_get_tag(skb, &vlan_tci)) {
tx_start_bd->vlan_or_ethertype =
cpu_to_le16(ntohs(eth->h_proto));
} else {
tx_start_bd->bd_flags.as_bitfield |=
(X_ETH_INBAND_VLAN <<
ETH_TX_BD_FLAGS_VLAN_MODE_SHIFT);
tx_start_bd->vlan_or_ethertype =
cpu_to_le16(vlan_tci);
}
#ifndef BNX2X_STOP_ON_ERROR
else
} else {
/* used by FW for packet accounting */
tx_start_bd->vlan_or_ethertype = cpu_to_le16(pkt_prod);
}
#endif
}

View File

@ -901,6 +901,8 @@ static void bnx2x_vf_flr(struct bnx2x *bp, struct bnx2x_virtf *vf)
/* release VF resources */
bnx2x_vf_free_resc(bp, vf);
vf->malicious = false;
/* re-open the mailbox */
bnx2x_vf_enable_mbx(bp, vf->abs_vfid);
return;
@ -1822,9 +1824,11 @@ int bnx2x_iov_eq_sp_event(struct bnx2x *bp, union event_ring_elem *elem)
vf->abs_vfid, qidx);
bnx2x_vf_handle_rss_update_eqe(bp, vf);
case EVENT_RING_OPCODE_VF_FLR:
case EVENT_RING_OPCODE_MALICIOUS_VF:
/* Do nothing for now */
return 0;
case EVENT_RING_OPCODE_MALICIOUS_VF:
vf->malicious = true;
return 0;
}
return 0;
@ -1905,6 +1909,13 @@ void bnx2x_iov_adjust_stats_req(struct bnx2x *bp)
continue;
}
if (vf->malicious) {
DP_AND((BNX2X_MSG_IOV | BNX2X_MSG_STATS),
"vf %d malicious so no stats for it\n",
vf->abs_vfid);
continue;
}
DP_AND((BNX2X_MSG_IOV | BNX2X_MSG_STATS),
"add addresses for vf %d\n", vf->abs_vfid);
for_each_vfq(vf, j) {

View File

@ -141,6 +141,7 @@ struct bnx2x_virtf {
#define VF_RESET 3 /* VF FLR'd, pending cleanup */
bool flr_clnup_stage; /* true during flr cleanup */
bool malicious; /* true if FW indicated so, until FLR */
/* dma */
dma_addr_t fw_stat_map;