From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id AA3A3A09E0; Fri, 11 Dec 2020 16:35:17 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0E73EC96E; Fri, 11 Dec 2020 16:34:57 +0100 (CET) Received: from shelob.oktetlabs.ru (shelob.oktetlabs.ru [91.220.146.113]) by dpdk.org (Postfix) with ESMTP id 6B3D5AC9C; Fri, 11 Dec 2020 16:34:53 +0100 (CET) Received: from localhost.localdomain (unknown [5.144.123.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by shelob.oktetlabs.ru (Postfix) with ESMTPSA id 15BD07F541; Fri, 11 Dec 2020 18:34:52 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 shelob.oktetlabs.ru 15BD07F541 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=oktetlabs.ru; s=default; t=1607700892; bh=655OchNYp6tq0oamsoELebDGDGxQPYvwF0CwTSxkdRs=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=t5JqQsq3mP+y8F4TyXn76uvm79qfb7SqA4P+jB7IOZURgr65vmSa6YM4F303KrQBw wIycUswEWWZkGJ1XcbB9fuWI2gB+3LwpxzhPB1Vu/CxgdLvWgATuHNsQ1n6D1VJbBO fQOTvpnU5HuE9gEWJE5NzA4vyWcfEeI/cRpe/T+s= From: Ivan Malov To: dev@dpdk.org Cc: stable@dpdk.org, Andy Moreton , Andrew Rybchenko Date: Fri, 11 Dec 2020 18:34:21 +0300 Message-Id: <20201211153421.28382-2-ivan.malov@oktetlabs.ru> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201211153421.28382-1-ivan.malov@oktetlabs.ru> References: <20201211153421.28382-1-ivan.malov@oktetlabs.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH 2/2] common/sfc_efx/base: check for MAE privilege X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" VFs can't control MAE, so it's important to override the general MAE capability bit by taking MAE privilege into account. Reorder the code slightly to have the privileges queried before datapath capabilities are discovered and add required MAE privilege check. Fixes: eb4e80085fae ("common/sfc_efx/base: indicate support for MAE") Cc: stable@dpdk.org Signed-off-by: Ivan Malov Reviewed-by: Andy Moreton --- drivers/common/sfc_efx/base/ef10_nic.c | 48 ++++++++++++++++---------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/drivers/common/sfc_efx/base/ef10_nic.c b/drivers/common/sfc_efx/base/ef10_nic.c index 68414d9fa..9dccde957 100644 --- a/drivers/common/sfc_efx/base/ef10_nic.c +++ b/drivers/common/sfc_efx/base/ef10_nic.c @@ -1423,11 +1423,19 @@ ef10_get_datapath_caps( #if EFSYS_OPT_MAE /* - * Indicate support for MAE. - * MAE is supported by Riverhead boards starting with R2, - * and it is required that FW is built with MAE support, too. + * Check support for EF100 Match Action Engine (MAE). + * MAE hardware is present on Riverhead boards (from R2), + * and on Keystone, and requires support in firmware. + * + * MAE control operations require MAE control privilege, + * which is not available for VFs. + * + * Privileges can change dynamically at runtime: we assume + * MAE support requires the privilege is granted initially, + * and ignore later dynamic changes. */ - if (CAP_FLAGS3(req, MAE_SUPPORTED)) + if (CAP_FLAGS3(req, MAE_SUPPORTED) && + EFX_MCDI_HAVE_PRIVILEGE(encp->enc_privilege_mask, MAE)) encp->enc_mae_supported = B_TRUE; else encp->enc_mae_supported = B_FALSE; @@ -1896,6 +1904,18 @@ efx_mcdi_nic_board_cfg( EFX_MAC_ADDR_COPY(encp->enc_mac_addr, mac_addr); + /* + * Get the current privilege mask. Note that this may be modified + * dynamically, so for most cases the value is informational only. + * If the privilege being discovered can't be granted dynamically, + * it's fine to rely on the value. In all other cases, DO NOT use + * the privilege mask to check for sufficient privileges, as that + * can result in time-of-check/time-of-use bugs. + */ + if ((rc = ef10_get_privilege_mask(enp, &mask)) != 0) + goto fail6; + encp->enc_privilege_mask = mask; + /* Board configuration (legacy) */ rc = efx_mcdi_get_board_cfg(enp, &board_type, NULL, NULL); if (rc != 0) { @@ -1903,14 +1923,14 @@ efx_mcdi_nic_board_cfg( if (rc == EACCES) board_type = 0; else - goto fail6; + goto fail7; } encp->enc_board_type = board_type; /* Fill out fields in enp->en_port and enp->en_nic_cfg from MCDI */ if ((rc = efx_mcdi_get_phy_cfg(enp)) != 0) - goto fail7; + goto fail8; /* * Firmware with support for *_FEC capability bits does not @@ -1929,18 +1949,18 @@ efx_mcdi_nic_board_cfg( /* Obtain the default PHY advertised capabilities */ if ((rc = ef10_phy_get_link(enp, &els)) != 0) - goto fail8; + goto fail9; epp->ep_default_adv_cap_mask = els.epls.epls_adv_cap_mask; epp->ep_adv_cap_mask = els.epls.epls_adv_cap_mask; /* Check capabilities of running datapath firmware */ if ((rc = ef10_get_datapath_caps(enp)) != 0) - goto fail9; + goto fail10; /* Get interrupt vector limits */ if ((rc = efx_mcdi_get_vector_cfg(enp, &base, &nvec, NULL)) != 0) { if (EFX_PCI_FUNCTION_IS_PF(encp)) - goto fail10; + goto fail11; /* Ignore error (cannot query vector limits from a VF). */ base = 0; @@ -1949,16 +1969,6 @@ efx_mcdi_nic_board_cfg( encp->enc_intr_vec_base = base; encp->enc_intr_limit = nvec; - /* - * Get the current privilege mask. Note that this may be modified - * dynamically, so this value is informational only. DO NOT use - * the privilege mask to check for sufficient privileges, as that - * can result in time-of-check/time-of-use bugs. - */ - if ((rc = ef10_get_privilege_mask(enp, &mask)) != 0) - goto fail11; - encp->enc_privilege_mask = mask; - return (0); fail11: -- 2.20.1