i40e: implement anti-spoofing for VFs

Our hardware supports VF antispoofing for both MAC addresses and VLANs. Enable this feature by default for all VFs and implement the netdev op to control it from the command line. Change-ID: Ifb941da22785848aa3aba6b2231be135b8ea8f31 Signed-off-by: Mitch Williams <mitch.a.williams@intel.com> Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
author: Mitch Williams <mitch.a.williams@intel.com> 2014-05-20 04:01:40 -0400
committer: Jeff Kirsher <jeffrey.t.kirsher@intel.com> 2014-06-09 02:52:33 -0400
commit: c674d1250bfc04bae9fdbd71883713d29ad9f5d7 (patch)
tree: 05380f8f16b77b39b909ba1f8b4c3df4d80b221a /drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
parent: fdfe9cbe0f002af8fa94c04639d2f224be9847d5 (diff)
1 files changed, 50 insertions, 2 deletions
diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 4e7634c83685..3f6cad46365c 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -899,6 +899,7 @@ int i40e_alloc_vfs(struct i40e_pf *pf, u16 num_alloc_vfs)
                ret = -ENOMEM;
                goto err_alloc;
        }
+        pf->vf = vfs;
        /* apply default profile */
        for (i = 0; i < num_alloc_vfs; i++) {
@@ -908,13 +909,13 @@ int i40e_alloc_vfs(struct i40e_pf *pf, u16 num_alloc_vfs)
                /* assign default capabilities */
                set_bit(I40E_VIRTCHNL_VF_CAP_L2, &vfs[i].vf_caps);
+                vfs[i].spoofchk = true;
                /* vf resources get allocated during reset */
                i40e_reset_vf(&vfs[i], false);
                /* enable vf vplan_qtable mappings */
                i40e_enable_vf_mappings(&vfs[i]);
        }
-        pf->vf = vfs;
        pf->num_alloc_vfs = num_alloc_vfs;
        i40e_enable_pf_switch_lb(pf);
@@ -2328,7 +2329,7 @@ int i40e_ndo_get_vf_config(struct net_device *netdev,
                ivi->linkstate = IFLA_VF_LINK_STATE_ENABLE;
        else
                ivi->linkstate = IFLA_VF_LINK_STATE_DISABLE;
+        ivi->spoofchk = vf->spoofchk;
        ret = 0;
 error_param:
@@ -2395,3 +2396,50 @@ int i40e_ndo_set_vf_link_state(struct net_device *netdev, int vf_id, int link)
 error_out:
        return ret;
 }
+/**
+ * i40e_ndo_set_vf_spoofchk
+ * @netdev: network interface device structure
+ * @vf_id: vf identifier
+ * @enable: flag to enable or disable feature
+ *
+ * Enable or disable VF spoof checking
+ **/
+int i40e_ndo_set_vf_spoofck(struct net_device *netdev, int vf_id, bool enable)
+{
+        struct i40e_netdev_priv *np = netdev_priv(netdev);
+        struct i40e_vsi *vsi = np->vsi;
+        struct i40e_pf *pf = vsi->back;
+        struct i40e_vsi_context ctxt;
+        struct i40e_hw *hw = &pf->hw;
+        struct i40e_vf *vf;
+        int ret = 0;
+        /* validate the request */
+        if (vf_id >= pf->num_alloc_vfs) {
+                dev_err(&pf->pdev->dev, "Invalid VF Identifier %d\n", vf_id);
+                ret = -EINVAL;
+                goto out;
+        }
+        vf = &(pf->vf[vf_id]);
+        if (enable == vf->spoofchk)
+                goto out;
+        vf->spoofchk = enable;
+        memset(&ctxt, 0, sizeof(ctxt));
+        ctxt.seid = pf->vsi[vf->lan_vsi_index]->seid;
+        ctxt.pf_num = pf->hw.pf_id;
+        ctxt.info.valid_sections = cpu_to_le16(I40E_AQ_VSI_PROP_SECURITY_VALID);
+        if (enable)
+                ctxt.info.sec_flags |= I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
+        ret = i40e_aq_update_vsi_params(hw, &ctxt, NULL);
+        if (ret) {
+                dev_err(&pf->pdev->dev, "Error %d updating VSI parameters\n",
+                        ret);
+                ret = -EIO;
+        }
+out:
+        return ret;
+}
author	Mitch Williams <mitch.a.williams@intel.com>	2014-05-20 04:01:40 -0400
committer	Jeff Kirsher <jeffrey.t.kirsher@intel.com>	2014-06-09 02:52:33 -0400
commit	c674d1250bfc04bae9fdbd71883713d29ad9f5d7 (patch)
tree	05380f8f16b77b39b909ba1f8b4c3df4d80b221a /drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
parent	fdfe9cbe0f002af8fa94c04639d2f224be9847d5 (diff)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c index 4e7634c83685..3f6cad46365c 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -899,6 +899,7 @@ int i40e_alloc_vfs(struct i40e_pf *pf, u16 num_alloc_vfs)
899	ret = -ENOMEM;	899	ret = -ENOMEM;
900	goto err_alloc;	900	goto err_alloc;
901	}	901	}
		902	pf->vf = vfs;
902		903
903	/* apply default profile */	904	/* apply default profile */
904	for (i = 0; i < num_alloc_vfs; i++) {	905	for (i = 0; i < num_alloc_vfs; i++) {
@@ -908,13 +909,13 @@ int i40e_alloc_vfs(struct i40e_pf *pf, u16 num_alloc_vfs)
908		909
909	/* assign default capabilities */	910	/* assign default capabilities */
910	set_bit(I40E_VIRTCHNL_VF_CAP_L2, &vfs[i].vf_caps);	911	set_bit(I40E_VIRTCHNL_VF_CAP_L2, &vfs[i].vf_caps);
		912	vfs[i].spoofchk = true;
911	/* vf resources get allocated during reset */	913	/* vf resources get allocated during reset */
912	i40e_reset_vf(&vfs[i], false);	914	i40e_reset_vf(&vfs[i], false);
913		915
914	/* enable vf vplan_qtable mappings */	916	/* enable vf vplan_qtable mappings */
915	i40e_enable_vf_mappings(&vfs[i]);	917	i40e_enable_vf_mappings(&vfs[i]);
916	}	918	}
917	pf->vf = vfs;
918	pf->num_alloc_vfs = num_alloc_vfs;	919	pf->num_alloc_vfs = num_alloc_vfs;
919		920
920	i40e_enable_pf_switch_lb(pf);	921	i40e_enable_pf_switch_lb(pf);
@@ -2328,7 +2329,7 @@ int i40e_ndo_get_vf_config(struct net_device *netdev,
2328	ivi->linkstate = IFLA_VF_LINK_STATE_ENABLE;	2329	ivi->linkstate = IFLA_VF_LINK_STATE_ENABLE;
2329	else	2330	else
2330	ivi->linkstate = IFLA_VF_LINK_STATE_DISABLE;	2331	ivi->linkstate = IFLA_VF_LINK_STATE_DISABLE;
2331		2332	ivi->spoofchk = vf->spoofchk;
2332	ret = 0;	2333	ret = 0;
2333		2334
2334	error_param:	2335	error_param:
@@ -2395,3 +2396,50 @@ int i40e_ndo_set_vf_link_state(struct net_device *netdev, int vf_id, int link)
2395	error_out:	2396	error_out:
2396	return ret;	2397	return ret;
2397	}	2398	}
		2399
		2400	/**
		2401	* i40e_ndo_set_vf_spoofchk
		2402	* @netdev: network interface device structure
		2403	* @vf_id: vf identifier
		2404	* @enable: flag to enable or disable feature
		2405	*
		2406	* Enable or disable VF spoof checking
		2407	**/
		2408	int i40e_ndo_set_vf_spoofck(struct net_device *netdev, int vf_id, bool enable)
		2409	{
		2410	struct i40e_netdev_priv *np = netdev_priv(netdev);
		2411	struct i40e_vsi *vsi = np->vsi;
		2412	struct i40e_pf *pf = vsi->back;
		2413	struct i40e_vsi_context ctxt;
		2414	struct i40e_hw *hw = &pf->hw;
		2415	struct i40e_vf *vf;
		2416	int ret = 0;
		2417
		2418	/* validate the request */
		2419	if (vf_id >= pf->num_alloc_vfs) {
		2420	dev_err(&pf->pdev->dev, "Invalid VF Identifier %d\n", vf_id);
		2421	ret = -EINVAL;
		2422	goto out;
		2423	}
		2424
		2425	vf = &(pf->vf[vf_id]);
		2426
		2427	if (enable == vf->spoofchk)
		2428	goto out;
		2429
		2430	vf->spoofchk = enable;
		2431	memset(&ctxt, 0, sizeof(ctxt));
		2432	ctxt.seid = pf->vsi[vf->lan_vsi_index]->seid;
		2433	ctxt.pf_num = pf->hw.pf_id;
		2434	ctxt.info.valid_sections = cpu_to_le16(I40E_AQ_VSI_PROP_SECURITY_VALID);
		2435	if (enable)
		2436	ctxt.info.sec_flags \|= I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
		2437	ret = i40e_aq_update_vsi_params(hw, &ctxt, NULL);
		2438	if (ret) {
		2439	dev_err(&pf->pdev->dev, "Error %d updating VSI parameters\n",
		2440	ret);
		2441	ret = -EIO;
		2442	}
		2443	out:
		2444	return ret;
		2445	}