lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4086d641-fa32-2b66-6ffa-6e6d37e6de95@amd.com>
Date:   Mon, 13 Mar 2023 14:49:59 +0530
From:   Gautam Dawar <gdawar@....com>
To:     Jason Wang <jasowang@...hat.com>,
        Gautam Dawar <gautam.dawar@....com>
Cc:     linux-net-drivers@....com, Edward Cree <ecree.xilinx@...il.com>,
        Martin Habets <habetsm.xilinx@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Richard Cochran <richardcochran@...il.com>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        eperezma@...hat.com, harpreet.anand@....com, tanuj.kamde@....com,
        koushik.dutta@....com
Subject: Re: [PATCH net-next v2 10/14] sfc: implement filters for receiving
 traffic


On 3/10/23 10:35, Jason Wang wrote:
> Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding.
>
>
> On Tue, Mar 7, 2023 at 7:38 PM Gautam Dawar <gautam.dawar@....com> wrote:
>> Implement unicast, broadcast and unknown multicast
>> filters for receiving different types of traffic.
>>
>> Signed-off-by: Gautam Dawar <gautam.dawar@....com>
>> ---
>>   drivers/net/ethernet/sfc/ef100_vdpa.c     | 157 ++++++++++++++++++++++
>>   drivers/net/ethernet/sfc/ef100_vdpa.h     |  36 ++++-
>>   drivers/net/ethernet/sfc/ef100_vdpa_ops.c |  17 ++-
>>   3 files changed, 207 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/ethernet/sfc/ef100_vdpa.c b/drivers/net/ethernet/sfc/ef100_vdpa.c
>> index 4ba57827a6cd..5c9f29f881a6 100644
>> --- a/drivers/net/ethernet/sfc/ef100_vdpa.c
>> +++ b/drivers/net/ethernet/sfc/ef100_vdpa.c
>> @@ -16,12 +16,166 @@
>>   #include "mcdi_filters.h"
>>   #include "mcdi_functions.h"
>>   #include "ef100_netdev.h"
>> +#include "filter.h"
>> +#include "efx.h"
>>
>> +#define EFX_INVALID_FILTER_ID -1
>> +
>> +/* vDPA queues starts from 2nd VI or qid 1 */
>> +#define EF100_VDPA_BASE_RX_QID 1
>> +
>> +static const char * const filter_names[] = { "bcast", "ucast", "mcast" };
>>   static struct virtio_device_id ef100_vdpa_id_table[] = {
>>          { .device = VIRTIO_ID_NET, .vendor = PCI_VENDOR_ID_REDHAT_QUMRANET },
>>          { 0 },
>>   };
>>
>> +static int ef100_vdpa_set_mac_filter(struct efx_nic *efx,
>> +                                    struct efx_filter_spec *spec,
>> +                                    u32 qid, u8 *mac_addr)
>> +{
>> +       int rc;
>> +
>> +       efx_filter_init_rx(spec, EFX_FILTER_PRI_AUTO, 0, qid);
>> +
>> +       if (mac_addr) {
>> +               rc = efx_filter_set_eth_local(spec, EFX_FILTER_VID_UNSPEC,
>> +                                             mac_addr);
>> +               if (rc)
>> +                       pci_err(efx->pci_dev,
>> +                               "Filter set eth local failed, err: %d\n", rc);
>> +       } else {
>> +               efx_filter_set_mc_def(spec);
>> +       }
>> +
>> +       rc = efx_filter_insert_filter(efx, spec, true);
>> +       if (rc < 0)
>> +               pci_err(efx->pci_dev,
>> +                       "Filter insert failed, err: %d\n", rc);
>> +
>> +       return rc;
>> +}
>> +
>> +static int ef100_vdpa_delete_filter(struct ef100_vdpa_nic *vdpa_nic,
>> +                                   enum ef100_vdpa_mac_filter_type type)
>> +{
>> +       struct vdpa_device *vdev = &vdpa_nic->vdpa_dev;
>> +       int rc;
>> +
>> +       if (vdpa_nic->filters[type].filter_id == EFX_INVALID_FILTER_ID)
>> +               return rc;
>> +
>> +       rc = efx_filter_remove_id_safe(vdpa_nic->efx,
>> +                                      EFX_FILTER_PRI_AUTO,
>> +                                      vdpa_nic->filters[type].filter_id);
>> +       if (rc) {
>> +               dev_err(&vdev->dev, "%s filter id: %d remove failed, err: %d\n",
>> +                       filter_names[type], vdpa_nic->filters[type].filter_id,
>> +                       rc);
>> +       } else {
>> +               vdpa_nic->filters[type].filter_id = EFX_INVALID_FILTER_ID;
>> +               vdpa_nic->filter_cnt--;
>> +       }
>> +       return rc;
>> +}
>> +
>> +int ef100_vdpa_add_filter(struct ef100_vdpa_nic *vdpa_nic,
>> +                         enum ef100_vdpa_mac_filter_type type)
>> +{
>> +       struct vdpa_device *vdev = &vdpa_nic->vdpa_dev;
>> +       struct efx_nic *efx = vdpa_nic->efx;
>> +       /* Configure filter on base Rx queue only */
>> +       u32 qid = EF100_VDPA_BASE_RX_QID;
>> +       struct efx_filter_spec *spec;
>> +       u8 baddr[ETH_ALEN];
>> +       int rc;
>> +
>> +       /* remove existing filter */
>> +       rc = ef100_vdpa_delete_filter(vdpa_nic, type);
>> +       if (rc < 0) {
>> +               dev_err(&vdev->dev, "%s MAC filter deletion failed, err: %d",
>> +                       filter_names[type], rc);
>> +               return rc;
>> +       }
>> +
>> +       /* Configure MAC Filter */
>> +       spec = &vdpa_nic->filters[type].spec;
>> +       if (type == EF100_VDPA_BCAST_MAC_FILTER) {
>> +               eth_broadcast_addr(baddr);
>> +               rc = ef100_vdpa_set_mac_filter(efx, spec, qid, baddr);
>> +       } else if (type == EF100_VDPA_UNKNOWN_MCAST_MAC_FILTER) {
>> +               rc = ef100_vdpa_set_mac_filter(efx, spec, qid, NULL);
>> +       } else {
>> +               /* Ensure we have a valid mac address */
>> +               if (!vdpa_nic->mac_configured ||
>> +                   !is_valid_ether_addr(vdpa_nic->mac_address))
>> +                       return -EINVAL;
>> +
>> +               rc = ef100_vdpa_set_mac_filter(efx, spec, qid,
>> +                                              vdpa_nic->mac_address);
>> +       }
>> +
>> +       if (rc >= 0) {
>> +               vdpa_nic->filters[type].filter_id = rc;
>> +               vdpa_nic->filter_cnt++;
>> +
>> +               return 0;
>> +       }
>> +
>> +       dev_err(&vdev->dev, "%s MAC filter insert failed, err: %d\n",
>> +               filter_names[type], rc);
>> +
>> +       if (type != EF100_VDPA_UNKNOWN_MCAST_MAC_FILTER) {
>> +               ef100_vdpa_filter_remove(vdpa_nic);
>> +               return rc;
>> +       }
>> +
>> +       return 0;
>> +}
>> +
>> +int ef100_vdpa_filter_remove(struct ef100_vdpa_nic *vdpa_nic)
>> +{
>> +       enum ef100_vdpa_mac_filter_type filter;
>> +       int err = 0;
>> +       int rc;
>> +
>> +       for (filter = EF100_VDPA_BCAST_MAC_FILTER;
>> +            filter <= EF100_VDPA_UNKNOWN_MCAST_MAC_FILTER; filter++) {
>> +               rc = ef100_vdpa_delete_filter(vdpa_nic, filter);
>> +               if (rc < 0)
>> +                       /* store status of last failed filter remove */
>> +                       err = rc;
>> +       }
>> +       return err;
>> +}
>> +
>> +int ef100_vdpa_filter_configure(struct ef100_vdpa_nic *vdpa_nic)
>> +{
>> +       struct vdpa_device *vdev = &vdpa_nic->vdpa_dev;
>> +       enum ef100_vdpa_mac_filter_type filter;
>> +       int rc;
>> +
>> +       /* remove existing filters, if any */
>> +       rc = ef100_vdpa_filter_remove(vdpa_nic);
>> +       if (rc < 0) {
>> +               dev_err(&vdev->dev,
>> +                       "MAC filter deletion failed, err: %d", rc);
>> +               goto fail;
>> +       }
>> +
>> +       for (filter = EF100_VDPA_BCAST_MAC_FILTER;
>> +            filter <= EF100_VDPA_UNKNOWN_MCAST_MAC_FILTER; filter++) {
>> +               if (filter == EF100_VDPA_UCAST_MAC_FILTER &&
>> +                   !vdpa_nic->mac_configured)
>> +                       continue;
> Nit: is this better to move this inside ef100_vdpa_add_filter()?
In fact, this check is already part of ef100_vdpa_add_filter() and is 
duplicated here. Will fix.
>
>> +               rc = ef100_vdpa_add_filter(vdpa_nic, filter);
>> +               if (rc < 0)
>> +                       goto fail;
>> +       }
>> +fail:
>> +       return rc;
>> +}
>> +
>>   int ef100_vdpa_init(struct efx_probe_data *probe_data)
>>   {
>>          struct efx_nic *efx = &probe_data->efx;
>> @@ -185,6 +339,9 @@ static struct ef100_vdpa_nic *ef100_vdpa_create(struct efx_nic *efx,
>>                  goto err_put_device;
>>          }
>>
>> +       for (i = 0; i < EF100_VDPA_MAC_FILTER_NTYPES; i++)
>> +               vdpa_nic->filters[i].filter_id = EFX_INVALID_FILTER_ID;
>> +
>>          rc = get_net_config(vdpa_nic);
>>          if (rc)
>>                  goto err_put_device;
>> diff --git a/drivers/net/ethernet/sfc/ef100_vdpa.h b/drivers/net/ethernet/sfc/ef100_vdpa.h
>> index 58791402e454..49fb6be04eb3 100644
>> --- a/drivers/net/ethernet/sfc/ef100_vdpa.h
>> +++ b/drivers/net/ethernet/sfc/ef100_vdpa.h
>> @@ -72,6 +72,22 @@ enum ef100_vdpa_vq_type {
>>          EF100_VDPA_VQ_NTYPES
>>   };
>>
>> +/**
>> + * enum ef100_vdpa_mac_filter_type - vdpa filter types
>> + *
>> + * @EF100_VDPA_BCAST_MAC_FILTER: Broadcast MAC filter
>> + * @EF100_VDPA_UCAST_MAC_FILTER: Unicast MAC filter
>> + * @EF100_VDPA_UNKNOWN_MCAST_MAC_FILTER: Unknown multicast MAC filter to allow
>> + *     IPv6 Neighbor Solicitation Message
>> + * @EF100_VDPA_MAC_FILTER_NTYPES: Number of vDPA filter types
>> + */
>> +enum ef100_vdpa_mac_filter_type {
>> +       EF100_VDPA_BCAST_MAC_FILTER,
>> +       EF100_VDPA_UCAST_MAC_FILTER,
>> +       EF100_VDPA_UNKNOWN_MCAST_MAC_FILTER,
>> +       EF100_VDPA_MAC_FILTER_NTYPES,
>> +};
>> +
>>   /**
>>    * struct ef100_vdpa_vring_info - vDPA vring data structure
>>    *
>> @@ -107,6 +123,17 @@ struct ef100_vdpa_vring_info {
>>          struct vdpa_callback cb;
>>   };
>>
>> +/**
>> + * struct ef100_vdpa_filter - vDPA filter data structure
>> + *
>> + * @filter_id: filter id of this filter
>> + * @efx_filter_spec: hardware filter specs for this vdpa device
>> + */
>> +struct ef100_vdpa_filter {
>> +       s32 filter_id;
>> +       struct efx_filter_spec spec;
>> +};
>> +
>>   /**
>>    *  struct ef100_vdpa_nic - vDPA NIC data structure
>>    *
>> @@ -116,6 +143,7 @@ struct ef100_vdpa_vring_info {
>>    * @lock: Managing access to vdpa config operations
>>    * @pf_index: PF index of the vDPA VF
>>    * @vf_index: VF index of the vDPA VF
>> + * @filter_cnt: total number of filters created on this vdpa device
>>    * @status: device status as per VIRTIO spec
>>    * @features: negotiated feature bits
>>    * @max_queue_pairs: maximum number of queue pairs supported
>> @@ -123,6 +151,7 @@ struct ef100_vdpa_vring_info {
>>    * @vring: vring information of the vDPA device.
>>    * @mac_address: mac address of interface associated with this vdpa device
>>    * @mac_configured: true after MAC address is configured
>> + * @filters: details of all filters created on this vdpa device
>>    * @cfg_cb: callback for config change
>>    */
>>   struct ef100_vdpa_nic {
>> @@ -133,6 +162,7 @@ struct ef100_vdpa_nic {
>>          struct mutex lock;
>>          u32 pf_index;
>>          u32 vf_index;
>> +       u32 filter_cnt;
>>          u8 status;
>>          u64 features;
>>          u32 max_queue_pairs;
>> @@ -140,6 +170,7 @@ struct ef100_vdpa_nic {
>>          struct ef100_vdpa_vring_info vring[EF100_VDPA_MAX_QUEUES_PAIRS * 2];
>>          u8 *mac_address;
>>          bool mac_configured;
>> +       struct ef100_vdpa_filter filters[EF100_VDPA_MAC_FILTER_NTYPES];
>>          struct vdpa_callback cfg_cb;
>>   };
>>
>> @@ -147,7 +178,10 @@ int ef100_vdpa_init(struct efx_probe_data *probe_data);
>>   void ef100_vdpa_fini(struct efx_probe_data *probe_data);
>>   int ef100_vdpa_register_mgmtdev(struct efx_nic *efx);
>>   void ef100_vdpa_unregister_mgmtdev(struct efx_nic *efx);
>> -void ef100_vdpa_irq_vectors_free(void *data);
>> +int ef100_vdpa_filter_configure(struct ef100_vdpa_nic *vdpa_nic);
>> +int ef100_vdpa_filter_remove(struct ef100_vdpa_nic *vdpa_nic);
>> +int ef100_vdpa_add_filter(struct ef100_vdpa_nic *vdpa_nic,
>> +                         enum ef100_vdpa_mac_filter_type type);
>>   int ef100_vdpa_init_vring(struct ef100_vdpa_nic *vdpa_nic, u16 idx);
>>   void ef100_vdpa_irq_vectors_free(void *data);
>>   int ef100_vdpa_reset(struct vdpa_device *vdev);
>> diff --git a/drivers/net/ethernet/sfc/ef100_vdpa_ops.c b/drivers/net/ethernet/sfc/ef100_vdpa_ops.c
>> index 95a2177f85a2..db86c2693950 100644
>> --- a/drivers/net/ethernet/sfc/ef100_vdpa_ops.c
>> +++ b/drivers/net/ethernet/sfc/ef100_vdpa_ops.c
>> @@ -261,6 +261,7 @@ static void ef100_reset_vdpa_device(struct ef100_vdpa_nic *vdpa_nic)
>>          vdpa_nic->vdpa_state = EF100_VDPA_STATE_INITIALIZED;
>>          vdpa_nic->status = 0;
>>          vdpa_nic->features = 0;
>> +       ef100_vdpa_filter_remove(vdpa_nic);
>>          for (i = 0; i < (vdpa_nic->max_queue_pairs * 2); i++)
>>                  reset_vring(vdpa_nic, i);
>>          ef100_vdpa_irq_vectors_free(vdpa_nic->efx->pci_dev);
>> @@ -295,7 +296,7 @@ static int start_vdpa_device(struct ef100_vdpa_nic *vdpa_nic)
>>          rc = ef100_vdpa_irq_vectors_alloc(efx->pci_dev,
>>                                            vdpa_nic->max_queue_pairs * 2);
>>          if (rc < 0) {
>> -               pci_err(efx->pci_dev,
>> +               dev_err(&vdpa_nic->vdpa_dev.dev,
> This should be done in the previous patch.
Right. Will fix.
>
> Thanks
>
>
>>                          "vDPA IRQ alloc failed for vf: %u err:%d\n",
>>                          nic_data->vf_index, rc);
>>                  return rc;
>> @@ -309,9 +310,19 @@ static int start_vdpa_device(struct ef100_vdpa_nic *vdpa_nic)
>>                  }
>>          }
>>
>> +       rc = ef100_vdpa_filter_configure(vdpa_nic);
>> +       if (rc < 0) {
>> +               dev_err(&vdpa_nic->vdpa_dev.dev,
>> +                       "%s: vdpa configure filter failed, err: %d\n",
>> +                       __func__, rc);
>> +               goto err_filter_configure;
>> +       }
>> +
>>          vdpa_nic->vdpa_state = EF100_VDPA_STATE_STARTED;
>>          return 0;
>>
>> +err_filter_configure:
>> +       ef100_vdpa_filter_remove(vdpa_nic);
>>   clear_vring:
>>          for (j = 0; j < i; j++)
>>                  delete_vring(vdpa_nic, j);
>> @@ -680,8 +691,10 @@ static void ef100_vdpa_set_config(struct vdpa_device *vdev, unsigned int offset,
>>          }
>>
>>          memcpy((u8 *)&vdpa_nic->net_config + offset, buf, len);
>> -       if (is_valid_ether_addr(vdpa_nic->mac_address))
>> +       if (is_valid_ether_addr(vdpa_nic->mac_address)) {
>>                  vdpa_nic->mac_configured = true;
>> +               ef100_vdpa_add_filter(vdpa_nic, EF100_VDPA_UCAST_MAC_FILTER);
>> +       }
>>   }
>>
>>   static int ef100_vdpa_suspend(struct vdpa_device *vdev)
>> --
>> 2.30.1
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ