Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/17560/?format=api
{ "id": 17560, "url": "http://patches.dpdk.org/api/patches/17560/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1480756289-11835-4-git-send-email-Rasesh.Mody@cavium.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1480756289-11835-4-git-send-email-Rasesh.Mody@cavium.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1480756289-11835-4-git-send-email-Rasesh.Mody@cavium.com", "date": "2016-12-03T09:11:07", "name": "[dpdk-dev,03/25] net/qede/base: add handling of malicious VF", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "101611ad83f011ddc14215c26533d909da3eb15c", "submitter": { "id": 569, "url": "http://patches.dpdk.org/api/people/569/?format=api", "name": "Mody, Rasesh", "email": "rasesh.mody@cavium.com" }, "delegate": { "id": 319, "url": "http://patches.dpdk.org/api/users/319/?format=api", "username": "fyigit", "first_name": "Ferruh", "last_name": "Yigit", "email": "ferruh.yigit@amd.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1480756289-11835-4-git-send-email-Rasesh.Mody@cavium.com/mbox/", "series": [], "comments": "http://patches.dpdk.org/api/patches/17560/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/17560/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [IPv6:::1])\n\tby dpdk.org (Postfix) with ESMTP id 4A7F5FA65;\n\tSat, 3 Dec 2016 10:12:52 +0100 (CET)", "from mx0b-0016ce01.pphosted.com (mx0a-0016ce01.pphosted.com\n\t[67.231.148.157]) by dpdk.org (Postfix) with ESMTP id A7487FA31\n\tfor <dev@dpdk.org>; Sat, 3 Dec 2016 10:12:23 +0100 (CET)", "from pps.filterd (m0095336.ppops.net [127.0.0.1])\n\tby mx0a-0016ce01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id\n\tuB39Bn5o023327; Sat, 3 Dec 2016 01:12:13 -0800", "from avcashub1.qlogic.com ([198.186.0.117])\n\tby mx0a-0016ce01.pphosted.com with ESMTP id 26y9c9j3d9-1\n\t(version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT);\n\tSat, 03 Dec 2016 01:12:13 -0800", "from avluser05.qlc.com (10.1.113.115) by qlc.com (10.1.4.192) with\n\tMicrosoft SMTP Server id 14.3.235.1; Sat, 3 Dec 2016 01:12:12 -0800", "(from rmody@localhost)\tby avluser05.qlc.com (8.14.4/8.14.4/Submit)\n\tid uB39CDXK012225;\tSat, 3 Dec 2016 01:12:13 -0800" ], "X-Authentication-Warning": "avluser05.qlc.com: rmody set sender to\n\tRasesh.Mody@cavium.com using -f", "From": "Rasesh Mody <Rasesh.Mody@cavium.com>", "To": "<dev@dpdk.org>", "CC": "<Dept-EngDPDKDev@cavium.com>, Rasesh Mody <Rasesh.Mody@cavium.com>", "Date": "Sat, 3 Dec 2016 01:11:07 -0800", "Message-ID": "<1480756289-11835-4-git-send-email-Rasesh.Mody@cavium.com>", "X-Mailer": "git-send-email 1.7.10.3", "In-Reply-To": "<1480756289-11835-1-git-send-email-Rasesh.Mody@cavium.com>", "References": "<1480756289-11835-1-git-send-email-Rasesh.Mody@cavium.com>", "MIME-Version": "1.0", "Content-Type": "text/plain", "disclaimer": "bypass", "X-Proofpoint-Virus-Version": "vendor=nai engine=5800 definitions=8367\n\tsignatures=670762", "X-Proofpoint-Spam-Details": "rule=notspam policy=default score=0\n\tpriorityscore=1501 malwarescore=0\n\tsuspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015\n\tlowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam\n\tadjust=0\n\treason=mlx scancount=1 engine=8.0.1-1609300000\n\tdefinitions=main-1612030160", "Subject": "[dpdk-dev] [PATCH 03/25] net/qede/base: add handling of malicious VF", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<http://dpdk.org/ml/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://dpdk.org/ml/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<http://dpdk.org/ml/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Receive indication that VFs are malicious and pass it to the\ncaller/clients and stop serving those VF's additional resource requests.\n\nSigned-off-by: Rasesh Mody <Rasesh.Mody@cavium.com>\n---\n drivers/net/qede/base/bcm_osal.h | 1 +\n drivers/net/qede/base/ecore_iov_api.h | 4 +-\n drivers/net/qede/base/ecore_l2.c | 26 ++++++-\n drivers/net/qede/base/ecore_l2_api.h | 9 +++\n drivers/net/qede/base/ecore_sriov.c | 123 +++++++++++++++++++++++++++++-----\n drivers/net/qede/base/ecore_sriov.h | 1 +\n 6 files changed, 147 insertions(+), 17 deletions(-)", "diff": "diff --git a/drivers/net/qede/base/bcm_osal.h b/drivers/net/qede/base/bcm_osal.h\nindex 0b446f2e..7682ea84 100644\n--- a/drivers/net/qede/base/bcm_osal.h\n+++ b/drivers/net/qede/base/bcm_osal.h\n@@ -323,6 +323,7 @@ u32 qede_find_first_zero_bit(unsigned long *, u32);\n #define OSAL_VF_SEND_MSG2PF(dev, done, msg, reply_addr, msg_size, reply_size) 0\n #define OSAL_VF_CQE_COMPLETION(_dev_p, _cqe, _protocol)\t(0)\n #define OSAL_PF_VF_MSG(hwfn, vfid) 0\n+#define OSAL_PF_VF_MALICIOUS(hwfn, vfid) nothing\n #define OSAL_IOV_CHK_UCAST(hwfn, vfid, params) 0\n #define OSAL_IOV_POST_START_VPORT(hwfn, vf, vport_id, opaque_fid) nothing\n #define OSAL_IOV_VF_ACQUIRE(hwfn, vfid) 0\ndiff --git a/drivers/net/qede/base/ecore_iov_api.h b/drivers/net/qede/base/ecore_iov_api.h\nindex bb8df82f..0b857bb9 100644\n--- a/drivers/net/qede/base/ecore_iov_api.h\n+++ b/drivers/net/qede/base/ecore_iov_api.h\n@@ -52,6 +52,7 @@ enum ecore_iov_pf_to_vf_status {\n \tPFVF_STATUS_NOT_SUPPORTED,\n \tPFVF_STATUS_NO_RESOURCE,\n \tPFVF_STATUS_FORCED,\n+\tPFVF_STATUS_MALICIOUS,\n };\n \n struct ecore_mcp_link_params;\n@@ -301,12 +302,13 @@ bool ecore_iov_is_vf_pending_flr(struct ecore_hwfn *p_hwfn,\n * @param p_hwfn\n * @param rel_vf_id - Relative VF ID\n * @param b_enabled_only - consider only enabled VF\n+ * @param b_non_malicious - true iff we want to validate vf isn't malicious.\n *\n * @return bool - true for valid VF ID\n */\n bool ecore_iov_is_valid_vfid(struct ecore_hwfn *p_hwfn,\n \t\t\t int rel_vf_id,\n-\t\t\t bool b_enabled_only);\n+\t\t\t bool b_enabled_only, bool b_non_malicious);\n \n /**\n * @brief Get VF's public info structure\ndiff --git a/drivers/net/qede/base/ecore_l2.c b/drivers/net/qede/base/ecore_l2.c\nindex a893cb90..9989ee48 100644\n--- a/drivers/net/qede/base/ecore_l2.c\n+++ b/drivers/net/qede/base/ecore_l2.c\n@@ -36,9 +36,9 @@ ecore_sp_eth_vport_start(struct ecore_hwfn *p_hwfn,\n \tstruct vport_start_ramrod_data *p_ramrod = OSAL_NULL;\n \tstruct ecore_spq_entry *p_ent = OSAL_NULL;\n \tstruct ecore_sp_init_data init_data;\n+\tu16 rx_mode = 0, tx_err = 0;\n \tu8 abs_vport_id = 0;\n \tenum _ecore_status_t rc = ECORE_NOTIMPL;\n-\tu16 rx_mode = 0;\n \n \trc = ecore_fw_vport(p_hwfn, p_params->vport_id, &abs_vport_id);\n \tif (rc != ECORE_SUCCESS)\n@@ -71,6 +71,30 @@ ecore_sp_eth_vport_start(struct ecore_hwfn *p_hwfn,\n \n \tp_ramrod->rx_mode.state = OSAL_CPU_TO_LE16(rx_mode);\n \n+\t/* Handle requests for strict behavior on transmission errors */\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_ILLEGAL_VLAN_MODE,\n+\t\t p_params->b_err_illegal_vlan_mode ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_PACKET_TOO_SMALL,\n+\t\t p_params->b_err_small_pkt ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_ANTI_SPOOFING_ERR,\n+\t\t p_params->b_err_anti_spoof ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_ILLEGAL_INBAND_TAGS,\n+\t\t p_params->b_err_illegal_inband_mode ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_VLAN_INSERTION_W_INBAND_TAG,\n+\t\t p_params->b_err_vlan_insert_with_inband ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_MTU_VIOLATION,\n+\t\t p_params->b_err_big_pkt ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tSET_FIELD(tx_err, ETH_TX_ERR_VALS_ILLEGAL_CONTROL_FRAME,\n+\t\t p_params->b_err_ctrl_frame ?\n+\t\t ETH_TX_ERR_ASSERT_MALICIOUS : 0);\n+\tp_ramrod->tx_err_behav.values = OSAL_CPU_TO_LE16(tx_err);\n+\n \t/* TPA related fields */\n \tOSAL_MEMSET(&p_ramrod->tpa_param, 0,\n \t\t sizeof(struct eth_vport_tpa_param));\ndiff --git a/drivers/net/qede/base/ecore_l2_api.h b/drivers/net/qede/base/ecore_l2_api.h\nindex c338f5de..c12d97c9 100644\n--- a/drivers/net/qede/base/ecore_l2_api.h\n+++ b/drivers/net/qede/base/ecore_l2_api.h\n@@ -274,6 +274,15 @@ struct ecore_sp_vport_start_params {\n \tbool zero_placement_offset;\n \tbool check_mac;\n \tbool check_ethtype;\n+\n+\t/* Strict behavior on transmission errors */\n+\tbool b_err_illegal_vlan_mode;\n+\tbool b_err_illegal_inband_mode;\n+\tbool b_err_vlan_insert_with_inband;\n+\tbool b_err_small_pkt;\n+\tbool b_err_big_pkt;\n+\tbool b_err_anti_spoof;\n+\tbool b_err_ctrl_frame;\n };\n \n /**\ndiff --git a/drivers/net/qede/base/ecore_sriov.c b/drivers/net/qede/base/ecore_sriov.c\nindex c2fbee87..38c2db3d 100644\n--- a/drivers/net/qede/base/ecore_sriov.c\n+++ b/drivers/net/qede/base/ecore_sriov.c\n@@ -146,7 +146,7 @@ static enum _ecore_status_t ecore_sp_vf_stop(struct ecore_hwfn *p_hwfn,\n }\n \n bool ecore_iov_is_valid_vfid(struct ecore_hwfn *p_hwfn, int rel_vf_id,\n-\t\t\t bool b_enabled_only)\n+\t\t\t bool b_enabled_only, bool b_non_malicious)\n {\n \tif (!p_hwfn->pf_iov_info) {\n \t\tDP_NOTICE(p_hwfn->p_dev, true, \"No iov info\\n\");\n@@ -161,6 +161,10 @@ bool ecore_iov_is_valid_vfid(struct ecore_hwfn *p_hwfn, int rel_vf_id,\n \t b_enabled_only)\n \t\treturn false;\n \n+\tif ((p_hwfn->pf_iov_info->vfs_array[rel_vf_id].b_malicious) &&\n+\t b_non_malicious)\n+\t\treturn false;\n+\n \treturn true;\n }\n \n@@ -175,7 +179,8 @@ struct ecore_vf_info *ecore_iov_get_vf_info(struct ecore_hwfn *p_hwfn,\n \t\treturn OSAL_NULL;\n \t}\n \n-\tif (ecore_iov_is_valid_vfid(p_hwfn, relative_vf_id, b_enabled_only))\n+\tif (ecore_iov_is_valid_vfid(p_hwfn, relative_vf_id,\n+\t\t\t\t b_enabled_only, false))\n \t\tvf = &p_hwfn->pf_iov_info->vfs_array[relative_vf_id];\n \telse\n \t\tDP_ERR(p_hwfn, \"ecore_iov_get_vf_info: VF[%d] is not enabled\\n\",\n@@ -612,7 +617,8 @@ enum _ecore_status_t ecore_iov_hw_info(struct ecore_hwfn *p_hwfn)\n \treturn ECORE_SUCCESS;\n }\n \n-bool ecore_iov_pf_sanity_check(struct ecore_hwfn *p_hwfn, int vfid)\n+bool _ecore_iov_pf_sanity_check(struct ecore_hwfn *p_hwfn, int vfid,\n+\t\t\t\tbool b_fail_malicious)\n {\n \t/* Check PF supports sriov */\n \tif (IS_VF(p_hwfn->p_dev) || !IS_ECORE_SRIOV(p_hwfn->p_dev) ||\n@@ -620,12 +626,17 @@ bool ecore_iov_pf_sanity_check(struct ecore_hwfn *p_hwfn, int vfid)\n \t\treturn false;\n \n \t/* Check VF validity */\n-\tif (!ecore_iov_is_valid_vfid(p_hwfn, vfid, true))\n+\tif (!ecore_iov_is_valid_vfid(p_hwfn, vfid, true, b_fail_malicious))\n \t\treturn false;\n \n \treturn true;\n }\n \n+bool ecore_iov_pf_sanity_check(struct ecore_hwfn *p_hwfn, int vfid)\n+{\n+\treturn _ecore_iov_pf_sanity_check(p_hwfn, vfid, true);\n+}\n+\n void ecore_iov_set_vf_to_disable(struct ecore_dev *p_dev,\n \t\t\t\t u16 rel_vf_id, u8 to_disable)\n {\n@@ -746,6 +757,9 @@ ecore_iov_enable_vf_access(struct ecore_hwfn *p_hwfn,\n \n \tecore_iov_vf_igu_reset(p_hwfn, p_ptt, vf);\n \n+\t/* It's possible VF was previously considered malicious */\n+\tvf->b_malicious = false;\n+\n \trc = ecore_mcp_config_vf_msix(p_hwfn, p_ptt,\n \t\t\t\t vf->abs_vf_id, vf->num_sbs);\n \tif (rc != ECORE_SUCCESS)\n@@ -3227,7 +3241,8 @@ void ecore_iov_process_mbx_req(struct ecore_hwfn *p_hwfn,\n \t\t\t\t p_vf, mbx->first_tlv.tl.type);\n \n \t/* check if tlv type is known */\n-\tif (ecore_iov_tlv_supported(mbx->first_tlv.tl.type)) {\n+\tif (ecore_iov_tlv_supported(mbx->first_tlv.tl.type) &&\n+\t !p_vf->b_malicious) {\n \t\t/* switch on the opcode */\n \t\tswitch (mbx->first_tlv.tl.type) {\n \t\tcase CHANNEL_TLV_ACQUIRE:\n@@ -3270,6 +3285,27 @@ void ecore_iov_process_mbx_req(struct ecore_hwfn *p_hwfn,\n \t\t\tecore_iov_vf_mbx_release(p_hwfn, p_ptt, p_vf);\n \t\t\tbreak;\n \t\t}\n+\t} else if (ecore_iov_tlv_supported(mbx->first_tlv.tl.type)) {\n+\t\t/* If we've received a message from a VF we consider malicious\n+\t\t * we ignore the messasge unless it's one for RELEASE, in which\n+\t\t * case we'll let it have the benefit of doubt, allowing the\n+\t\t * next loaded driver to start again.\n+\t\t */\n+\t\tif (mbx->first_tlv.tl.type == CHANNEL_TLV_RELEASE) {\n+\t\t\t/* TODO - initiate FLR, remove malicious indication */\n+\t\t\tDP_VERBOSE(p_hwfn, ECORE_MSG_IOV,\n+\t\t\t\t \"VF [%02x] - considered malicious, but wanted to RELEASE. TODO\\n\",\n+\t\t\t\t p_vf->abs_vf_id);\n+\t\t} else {\n+\t\t\tDP_VERBOSE(p_hwfn, ECORE_MSG_IOV,\n+\t\t\t\t \"VF [%02x] - considered malicious; Ignoring TLV [%04x]\\n\",\n+\t\t\t\t p_vf->abs_vf_id, mbx->first_tlv.tl.type);\n+\t\t}\n+\n+\t\tecore_iov_prepare_resp(p_hwfn, p_ptt, p_vf,\n+\t\t\t\t mbx->first_tlv.tl.type,\n+\t\t\t\t sizeof(struct pfvf_def_resp_tlv),\n+\t\t\t\t PFVF_STATUS_MALICIOUS);\n \t} else {\n \t\t/* unknown TLV - this may belong to a VF driver from the future\n \t\t * - a version written after this PF driver was written, which\n@@ -3334,21 +3370,31 @@ void ecore_iov_pf_get_and_clear_pending_events(struct ecore_hwfn *p_hwfn,\n \t\t sizeof(u64) * ECORE_VF_ARRAY_LENGTH);\n }\n \n-static enum _ecore_status_t ecore_sriov_vfpf_msg(struct ecore_hwfn *p_hwfn,\n-\t\t\t\t\t\t u16 abs_vfid,\n-\t\t\t\t\t\t struct regpair *vf_msg)\n+static struct ecore_vf_info *\n+ecore_sriov_get_vf_from_absid(struct ecore_hwfn *p_hwfn, u16 abs_vfid)\n {\n \tu8 min = (u8)p_hwfn->p_dev->p_iov_info->first_vf_in_pf;\n-\tstruct ecore_vf_info *p_vf;\n \n-\tif (!ecore_iov_pf_sanity_check(p_hwfn, (int)abs_vfid - min)) {\n+\tif (!_ecore_iov_pf_sanity_check(p_hwfn, (int)abs_vfid - min, false)) {\n \t\tDP_VERBOSE(p_hwfn, ECORE_MSG_IOV,\n-\t\t\t \"Got a message from VF [abs 0x%08x] that cannot be\"\n+\t\t\t \"Got indication for VF [abs 0x%08x] that cannot be\"\n \t\t\t \" handled by PF\\n\",\n \t\t\t abs_vfid);\n-\t\treturn ECORE_SUCCESS;\n+\t\treturn OSAL_NULL;\n \t}\n-\tp_vf = &p_hwfn->pf_iov_info->vfs_array[(u8)abs_vfid - min];\n+\n+\treturn &p_hwfn->pf_iov_info->vfs_array[(u8)abs_vfid - min];\n+}\n+\n+static enum _ecore_status_t ecore_sriov_vfpf_msg(struct ecore_hwfn *p_hwfn,\n+\t\t\t\t\t\t u16 abs_vfid,\n+\t\t\t\t\t\t struct regpair *vf_msg)\n+{\n+\tstruct ecore_vf_info *p_vf = ecore_sriov_get_vf_from_absid(p_hwfn,\n+\t\t\t\t\t\t\t\t abs_vfid);\n+\n+\tif (!p_vf)\n+\t\treturn ECORE_SUCCESS;\n \n \t/* List the physical address of the request so that handler\n \t * could later on copy the message from it.\n@@ -3358,6 +3404,25 @@ static enum _ecore_status_t ecore_sriov_vfpf_msg(struct ecore_hwfn *p_hwfn,\n \treturn OSAL_PF_VF_MSG(p_hwfn, p_vf->relative_vf_id);\n }\n \n+static void ecore_sriov_vfpf_malicious(struct ecore_hwfn *p_hwfn,\n+\t\t\t\t struct malicious_vf_eqe_data *p_data)\n+{\n+\tstruct ecore_vf_info *p_vf;\n+\n+\tp_vf = ecore_sriov_get_vf_from_absid(p_hwfn, p_data->vfId);\n+\n+\tif (!p_vf)\n+\t\treturn;\n+\n+\tDP_INFO(p_hwfn,\n+\t\t\"VF [%d] - Malicious behavior [%02x]\\n\",\n+\t\tp_vf->abs_vf_id, p_data->errId);\n+\n+\tp_vf->b_malicious = true;\n+\n+\tOSAL_PF_VF_MALICIOUS(p_hwfn, p_vf->relative_vf_id);\n+}\n+\n enum _ecore_status_t ecore_sriov_eqe_event(struct ecore_hwfn *p_hwfn,\n \t\t\t\t\t u8 opcode,\n \t\t\t\t\t __le16 echo,\n@@ -3371,6 +3436,9 @@ enum _ecore_status_t ecore_sriov_eqe_event(struct ecore_hwfn *p_hwfn,\n \t\tDP_VERBOSE(p_hwfn, ECORE_MSG_IOV,\n \t\t\t \"VF-FLR is still not supported\\n\");\n \t\treturn ECORE_SUCCESS;\n+\tcase COMMON_EVENT_MALICIOUS_VF:\n+\t\tecore_sriov_vfpf_malicious(p_hwfn, &data->malicious_vf);\n+\t\treturn ECORE_SUCCESS;\n \tdefault:\n \t\tDP_INFO(p_hwfn->p_dev, \"Unknown sriov eqe event 0x%02x\\n\",\n \t\t\topcode);\n@@ -3393,7 +3461,7 @@ u16 ecore_iov_get_next_active_vf(struct ecore_hwfn *p_hwfn, u16 rel_vf_id)\n \t\tgoto out;\n \n \tfor (i = rel_vf_id; i < p_iov->total_vfs; i++)\n-\t\tif (ecore_iov_is_valid_vfid(p_hwfn, rel_vf_id, true))\n+\t\tif (ecore_iov_is_valid_vfid(p_hwfn, rel_vf_id, true, false))\n \t\t\treturn i;\n \n out:\n@@ -3439,6 +3507,12 @@ void ecore_iov_bulletin_set_forced_mac(struct ecore_hwfn *p_hwfn,\n \t\t\t \"Can not set forced MAC, invalid vfid [%d]\\n\", vfid);\n \t\treturn;\n \t}\n+\tif (vf_info->b_malicious) {\n+\t\tDP_NOTICE(p_hwfn->p_dev, false,\n+\t\t\t \"Can't set forced MAC to malicious VF [%d]\\n\",\n+\t\t\t vfid);\n+\t\treturn;\n+\t}\n \n \tfeature = 1 << MAC_ADDR_FORCED;\n \tOSAL_MEMCPY(vf_info->bulletin.p_virt->mac, mac, ETH_ALEN);\n@@ -3463,6 +3537,12 @@ enum _ecore_status_t ecore_iov_bulletin_set_mac(struct ecore_hwfn *p_hwfn,\n \t\t\t \"Can not set MAC, invalid vfid [%d]\\n\", vfid);\n \t\treturn ECORE_INVAL;\n \t}\n+\tif (vf_info->b_malicious) {\n+\t\tDP_NOTICE(p_hwfn->p_dev, false,\n+\t\t\t \"Can't set MAC to malicious VF [%d]\\n\",\n+\t\t\t vfid);\n+\t\treturn ECORE_INVAL;\n+\t}\n \n \tif (vf_info->bulletin.p_virt->valid_bitmap & (1 << MAC_ADDR_FORCED)) {\n \t\tDP_VERBOSE(p_hwfn, ECORE_MSG_IOV,\n@@ -3488,7 +3568,14 @@ ecore_iov_bulletin_set_forced_untagged_default(struct ecore_hwfn *p_hwfn,\n \tvf_info = ecore_iov_get_vf_info(p_hwfn, (u16)vfid, true);\n \tif (!vf_info) {\n \t\tDP_NOTICE(p_hwfn->p_dev, true,\n-\t\t\t \"Can not set forced MAC, invalid vfid [%d]\\n\", vfid);\n+\t\t\t \"Can not set untagged default, invalid vfid [%d]\\n\",\n+\t\t\t vfid);\n+\t\treturn ECORE_INVAL;\n+\t}\n+\tif (vf_info->b_malicious) {\n+\t\tDP_NOTICE(p_hwfn->p_dev, false,\n+\t\t\t \"Can't set untagged default to malicious VF [%d]\\n\",\n+\t\t\t vfid);\n \t\treturn ECORE_INVAL;\n \t}\n \n@@ -3553,6 +3640,12 @@ void ecore_iov_bulletin_set_forced_vlan(struct ecore_hwfn *p_hwfn,\n \t\t\t vfid);\n \t\treturn;\n \t}\n+\tif (vf_info->b_malicious) {\n+\t\tDP_NOTICE(p_hwfn->p_dev, false,\n+\t\t\t \"Can't set forced vlan to malicious VF [%d]\\n\",\n+\t\t\t vfid);\n+\t\treturn;\n+\t}\n \n \tfeature = 1 << VLAN_ADDR_FORCED;\n \tvf_info->bulletin.p_virt->pvid = pvid;\ndiff --git a/drivers/net/qede/base/ecore_sriov.h b/drivers/net/qede/base/ecore_sriov.h\nindex ed6ddc49..3c5c68f9 100644\n--- a/drivers/net/qede/base/ecore_sriov.h\n+++ b/drivers/net/qede/base/ecore_sriov.h\n@@ -97,6 +97,7 @@ struct ecore_vf_info {\n \tstruct ecore_iov_vf_mbx vf_mbx;\n \tenum vf_state state;\n \tbool b_init;\n+\tbool b_malicious;\n \tu8\t\t\tto_disable;\n \n \tstruct ecore_bulletin\tbulletin;\n", "prefixes": [ "dpdk-dev", "03/25" ] }