From: Ivan Malov <ivan.malov@oktetlabs.ru>
To: dev@dpdk.org
Cc: stable@dpdk.org, Andy Moreton <amoreton@xilinx.com>,
Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Subject: [dpdk-dev] [PATCH 2/2] common/sfc_efx/base: check for MAE privilege
Date: Fri, 11 Dec 2020 18:34:21 +0300 [thread overview]
Message-ID: <20201211153421.28382-2-ivan.malov@oktetlabs.ru> (raw)
In-Reply-To: <20201211153421.28382-1-ivan.malov@oktetlabs.ru>
VFs can't control MAE, so it's important to override the general
MAE capability bit by taking MAE privilege into account. Reorder
the code slightly to have the privileges queried before datapath
capabilities are discovered and add required MAE privilege check.
Fixes: eb4e80085fae ("common/sfc_efx/base: indicate support for MAE")
Cc: stable@dpdk.org
Signed-off-by: Ivan Malov <ivan.malov@oktetlabs.ru>
Reviewed-by: Andy Moreton <amoreton@xilinx.com>
---
drivers/common/sfc_efx/base/ef10_nic.c | 48 ++++++++++++++++----------
1 file changed, 29 insertions(+), 19 deletions(-)
diff --git a/drivers/common/sfc_efx/base/ef10_nic.c b/drivers/common/sfc_efx/base/ef10_nic.c
index 68414d9fa..9dccde957 100644
--- a/drivers/common/sfc_efx/base/ef10_nic.c
+++ b/drivers/common/sfc_efx/base/ef10_nic.c
@@ -1423,11 +1423,19 @@ ef10_get_datapath_caps(
#if EFSYS_OPT_MAE
/*
- * Indicate support for MAE.
- * MAE is supported by Riverhead boards starting with R2,
- * and it is required that FW is built with MAE support, too.
+ * Check support for EF100 Match Action Engine (MAE).
+ * MAE hardware is present on Riverhead boards (from R2),
+ * and on Keystone, and requires support in firmware.
+ *
+ * MAE control operations require MAE control privilege,
+ * which is not available for VFs.
+ *
+ * Privileges can change dynamically at runtime: we assume
+ * MAE support requires the privilege is granted initially,
+ * and ignore later dynamic changes.
*/
- if (CAP_FLAGS3(req, MAE_SUPPORTED))
+ if (CAP_FLAGS3(req, MAE_SUPPORTED) &&
+ EFX_MCDI_HAVE_PRIVILEGE(encp->enc_privilege_mask, MAE))
encp->enc_mae_supported = B_TRUE;
else
encp->enc_mae_supported = B_FALSE;
@@ -1896,6 +1904,18 @@ efx_mcdi_nic_board_cfg(
EFX_MAC_ADDR_COPY(encp->enc_mac_addr, mac_addr);
+ /*
+ * Get the current privilege mask. Note that this may be modified
+ * dynamically, so for most cases the value is informational only.
+ * If the privilege being discovered can't be granted dynamically,
+ * it's fine to rely on the value. In all other cases, DO NOT use
+ * the privilege mask to check for sufficient privileges, as that
+ * can result in time-of-check/time-of-use bugs.
+ */
+ if ((rc = ef10_get_privilege_mask(enp, &mask)) != 0)
+ goto fail6;
+ encp->enc_privilege_mask = mask;
+
/* Board configuration (legacy) */
rc = efx_mcdi_get_board_cfg(enp, &board_type, NULL, NULL);
if (rc != 0) {
@@ -1903,14 +1923,14 @@ efx_mcdi_nic_board_cfg(
if (rc == EACCES)
board_type = 0;
else
- goto fail6;
+ goto fail7;
}
encp->enc_board_type = board_type;
/* Fill out fields in enp->en_port and enp->en_nic_cfg from MCDI */
if ((rc = efx_mcdi_get_phy_cfg(enp)) != 0)
- goto fail7;
+ goto fail8;
/*
* Firmware with support for *_FEC capability bits does not
@@ -1929,18 +1949,18 @@ efx_mcdi_nic_board_cfg(
/* Obtain the default PHY advertised capabilities */
if ((rc = ef10_phy_get_link(enp, &els)) != 0)
- goto fail8;
+ goto fail9;
epp->ep_default_adv_cap_mask = els.epls.epls_adv_cap_mask;
epp->ep_adv_cap_mask = els.epls.epls_adv_cap_mask;
/* Check capabilities of running datapath firmware */
if ((rc = ef10_get_datapath_caps(enp)) != 0)
- goto fail9;
+ goto fail10;
/* Get interrupt vector limits */
if ((rc = efx_mcdi_get_vector_cfg(enp, &base, &nvec, NULL)) != 0) {
if (EFX_PCI_FUNCTION_IS_PF(encp))
- goto fail10;
+ goto fail11;
/* Ignore error (cannot query vector limits from a VF). */
base = 0;
@@ -1949,16 +1969,6 @@ efx_mcdi_nic_board_cfg(
encp->enc_intr_vec_base = base;
encp->enc_intr_limit = nvec;
- /*
- * Get the current privilege mask. Note that this may be modified
- * dynamically, so this value is informational only. DO NOT use
- * the privilege mask to check for sufficient privileges, as that
- * can result in time-of-check/time-of-use bugs.
- */
- if ((rc = ef10_get_privilege_mask(enp, &mask)) != 0)
- goto fail11;
- encp->enc_privilege_mask = mask;
-
return (0);
fail11:
--
2.20.1
next prev parent reply other threads:[~2020-12-11 15:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-11 15:34 [dpdk-dev] [PATCH 1/2] common/sfc_efx/base: update MCDI headers " Ivan Malov
2020-12-11 15:34 ` Ivan Malov [this message]
2020-12-11 15:38 ` [dpdk-dev] [PATCH 2/2] common/sfc_efx/base: check " Andrew Rybchenko
2020-12-11 15:37 ` [dpdk-dev] [PATCH 1/2] common/sfc_efx/base: update MCDI headers " Andrew Rybchenko
2020-12-15 17:40 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201211153421.28382-2-ivan.malov@oktetlabs.ru \
--to=ivan.malov@oktetlabs.ru \
--cc=amoreton@xilinx.com \
--cc=andrew.rybchenko@oktetlabs.ru \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).