| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BYAPR11MB317440BB64EA1D3289B66EA6F5700@BYAPR11MB3174.namprd11.prod.outlook.com>
Date: Wed, 29 Jul 2020 16:31:22 +0000
From: "Creeley, Brett" <brett.creeley@...el.com>
To: "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>,
"davem@...emloft.net" <davem@...emloft.net>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"nhorman@...hat.com" <nhorman@...hat.com>,
"sassmann@...hat.com" <sassmann@...hat.com>,
"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>,
"Bowers, AndrewX" <andrewx.bowers@...el.com>
Subject: RE: [net-next 11/15] ice: Allow all VLANs in safe mode
ACK.
Thanks,
Brett
> -----Original Message-----
> From: Nguyen, Anthony L <anthony.l.nguyen@...el.com>
> Sent: Wednesday, July 29, 2020 9:24 AM
> To: davem@...emloft.net
> Cc: Creeley, Brett <brett.creeley@...el.com>; netdev@...r.kernel.org; nhorman@...hat.com; sassmann@...hat.com; Kirsher,
> Jeffrey T <jeffrey.t.kirsher@...el.com>; Nguyen, Anthony L <anthony.l.nguyen@...el.com>; Bowers, AndrewX
> <andrewx.bowers@...el.com>
> Subject: [net-next 11/15] ice: Allow all VLANs in safe mode
>
> From: Brett Creeley <brett.creeley@...el.com>
>
> Currently the PF VSI's context parameters are left in a bad state when
> going into safe mode. This is causing VLAN traffic to not pass. Fix this
> by configuring the PF VSI to allow all VLAN tagged traffic.
>
> Also, remove redundant comment explaining the safe mode flow in
> ice_probe().
>
> Signed-off-by: Brett Creeley <brett.creeley@...el.com>
> Tested-by: Andrew Bowers <andrewx.bowers@...el.com>
> Signed-off-by: Tony Nguyen <anthony.l.nguyen@...el.com>
> ---
> drivers/net/ethernet/intel/ice/ice_main.c | 59 ++++++++++++++++++++++-
> 1 file changed, 57 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
> index 9b9e30a7d690..a68371fc0a75 100644
> --- a/drivers/net/ethernet/intel/ice/ice_main.c
> +++ b/drivers/net/ethernet/intel/ice/ice_main.c
> @@ -3583,6 +3583,60 @@ int ice_vsi_recfg_qs(struct ice_vsi *vsi, int new_rx, int new_tx)
> return err;
> }
>
> +/**
> + * ice_set_safe_mode_vlan_cfg - configure PF VSI to allow all VLANs in safe mode
> + * @pf: PF to configure
> + *
> + * No VLAN offloads/filtering are advertised in safe mode so make sure the PF
> + * VSI can still Tx/Rx VLAN tagged packets.
> + */
> +static void ice_set_safe_mode_vlan_cfg(struct ice_pf *pf)
> +{
> + struct ice_vsi *vsi = ice_get_main_vsi(pf);
> + struct ice_vsi_ctx *ctxt;
> + enum ice_status status;
> + struct ice_hw *hw;
> +
> + if (!vsi)
> + return;
> +
> + ctxt = kzalloc(sizeof(*ctxt), GFP_KERNEL);
> + if (!ctxt)
> + return;
> +
> + hw = &pf->hw;
> + ctxt->info = vsi->info;
> +
> + ctxt->info.valid_sections =
> + cpu_to_le16(ICE_AQ_VSI_PROP_VLAN_VALID |
> + ICE_AQ_VSI_PROP_SECURITY_VALID |
> + ICE_AQ_VSI_PROP_SW_VALID);
> +
> + /* disable VLAN anti-spoof */
> + ctxt->info.sec_flags &= ~(ICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<
> + ICE_AQ_VSI_SEC_TX_PRUNE_ENA_S);
> +
> + /* disable VLAN pruning and keep all other settings */
> + ctxt->info.sw_flags2 &= ~ICE_AQ_VSI_SW_FLAG_RX_VLAN_PRUNE_ENA;
> +
> + /* allow all VLANs on Tx and don't strip on Rx */
> + ctxt->info.vlan_flags = ICE_AQ_VSI_VLAN_MODE_ALL |
> + ICE_AQ_VSI_VLAN_EMOD_NOTHING;
> +
> + status = ice_update_vsi(hw, vsi->idx, ctxt, NULL);
> + if (status) {
> + dev_err(ice_pf_to_dev(vsi->back), "Failed to update VSI for safe mode VLANs, err %s aq_err %s\n",
> + ice_stat_str(status),
> + ice_aq_str(hw->adminq.sq_last_status));
> + } else {
> + vsi->info.sec_flags = ctxt->info.sec_flags;
> + vsi->info.sw_flags2 = ctxt->info.sw_flags2;
> + vsi->info.vlan_flags = ctxt->info.vlan_flags;
> + }
> +
> + kfree(ctxt);
> +}
> +
> /**
> * ice_log_pkg_init - log result of DDP package load
> * @hw: pointer to hardware info
> @@ -4139,9 +4193,10 @@ ice_probe(struct pci_dev *pdev, const struct pci_device_id __always_unused *ent)
> /* Disable WoL at init, wait for user to enable */
> device_set_wakeup_enable(dev, false);
>
> - /* If no DDP driven features have to be setup, we are done with probe */
> - if (ice_is_safe_mode(pf))
> + if (ice_is_safe_mode(pf)) {
> + ice_set_safe_mode_vlan_cfg(pf);
> goto probe_done;
> + }
>
> /* initialize DDP driven features */
>
> --
> 2.26.2
Powered by blists - more mailing lists