Commit 8b2c8582 authored by Akeem G Abodunrin's avatar Akeem G Abodunrin Committed by Jeff Kirsher
Browse files

ice: Don't allow VSI to remove unassociated ucast filter 



If a VSI is not using a unicast filter or did not configure that
particular unicast filter, driver should not allow it to be removed
by the rogue VSI.

Signed-off-by: default avatarAkeem G Abodunrin <akeem.g.abodunrin@intel.com>
Tested-by: default avatarAndrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
parent bbb968e8

drivers/net/ethernet/intel/ice/ice_switch.c

+56 −0
Original line number Original line Diff line number Diff line
@@ -2136,6 +2136,38 @@ out: 
	return status;

	return status;

}

}





/**

 * ice_find_ucast_rule_entry - Search for a unicast MAC filter rule entry

 * @hw: pointer to the hardware structure

 * @recp_id: lookup type for which the specified rule needs to be searched

 * @f_info: rule information

 *

 * Helper function to search for a unicast rule entry - this is to be used

 * to remove unicast MAC filter that is not shared with other VSIs on the

 * PF switch.

 *

 * Returns pointer to entry storing the rule if found

 */

static struct ice_fltr_mgmt_list_entry *

ice_find_ucast_rule_entry(struct ice_hw *hw, u8 recp_id,

			  struct ice_fltr_info *f_info)

{

	struct ice_switch_info *sw = hw->switch_info;

	struct ice_fltr_mgmt_list_entry *list_itr;

	struct list_head *list_head;



	list_head = &sw->recp_list[recp_id].filt_rules;

	list_for_each_entry(list_itr, list_head, list_entry) {

		if (!memcmp(&f_info->l_data, &list_itr->fltr_info.l_data,

			    sizeof(f_info->l_data)) &&

		    f_info->fwd_id.hw_vsi_id ==

		    list_itr->fltr_info.fwd_id.hw_vsi_id &&

		    f_info->flag == list_itr->fltr_info.flag)

			return list_itr;

	}

	return NULL;

}



/**

/**

 * ice_remove_mac - remove a MAC address based filter rule

 * ice_remove_mac - remove a MAC address based filter rule

 * @hw: pointer to the hardware structure

 * @hw: pointer to the hardware structure
@@ -2153,15 +2185,39 @@ enum ice_status 
ice_remove_mac(struct ice_hw *hw, struct list_head *m_list)

ice_remove_mac(struct ice_hw *hw, struct list_head *m_list)

{

{

	struct ice_fltr_list_entry *list_itr, *tmp;

	struct ice_fltr_list_entry *list_itr, *tmp;

	struct mutex *rule_lock; /* Lock to protect filter rule list */





	if (!m_list)

	if (!m_list)

		return ICE_ERR_PARAM;

		return ICE_ERR_PARAM;





	rule_lock = &hw->switch_info->recp_list[ICE_SW_LKUP_MAC].filt_rule_lock;

	list_for_each_entry_safe(list_itr, tmp, m_list, list_entry) {

	list_for_each_entry_safe(list_itr, tmp, m_list, list_entry) {

		enum ice_sw_lkup_type l_type = list_itr->fltr_info.lkup_type;

		enum ice_sw_lkup_type l_type = list_itr->fltr_info.lkup_type;

		u8 *add = &list_itr->fltr_info.l_data.mac.mac_addr[0];

		u16 vsi_handle;





		if (l_type != ICE_SW_LKUP_MAC)

		if (l_type != ICE_SW_LKUP_MAC)

			return ICE_ERR_PARAM;

			return ICE_ERR_PARAM;



		vsi_handle = list_itr->fltr_info.vsi_handle;

		if (!ice_is_vsi_valid(hw, vsi_handle))

			return ICE_ERR_PARAM;



		list_itr->fltr_info.fwd_id.hw_vsi_id =

					ice_get_hw_vsi_num(hw, vsi_handle);

		if (is_unicast_ether_addr(add) && !hw->ucast_shared) {

			/* Don't remove the unicast address that belongs to

			 * another VSI on the switch, since it is not being

			 * shared...

			 */

			mutex_lock(rule_lock);

			if (!ice_find_ucast_rule_entry(hw, ICE_SW_LKUP_MAC,

						       &list_itr->fltr_info)) {

				mutex_unlock(rule_lock);

				return ICE_ERR_DOES_NOT_EXIST;

			}

			mutex_unlock(rule_lock);

		}

		list_itr->status = ice_remove_rule_internal(hw,

		list_itr->status = ice_remove_rule_internal(hw,

							    ICE_SW_LKUP_MAC,

							    ICE_SW_LKUP_MAC,

							    list_itr);

							    list_itr);

CRA Git | Maintained and supported by SUSTech CRA and CCSE