From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id EA5F4231C for ; Fri, 23 Oct 2015 05:26:48 +0200 (CEST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP; 22 Oct 2015 20:26:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,185,1444719600"; d="scan'208";a="817525964" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 22 Oct 2015 20:26:47 -0700 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 22 Oct 2015 20:26:47 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 22 Oct 2015 20:26:46 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.253]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.47]) with mapi id 14.03.0248.002; Fri, 23 Oct 2015 11:26:45 +0800 From: "Lu, Wenzhuo" To: "Zhang, Helin" , "dev@dpdk.org" Thread-Topic: [PATCH v2] ixgbe: Drop flow control frames from VFs Thread-Index: AQHRDJwhdLATgKrldUy4q5ZAcIZqS55324kAgACM56A= Date: Fri, 23 Oct 2015 03:26:44 +0000 Message-ID: <6A0DE07E22DDAD4C9103DF62FEBC0909020A1FDB@shsmsx102.ccr.corp.intel.com> References: <1444445798-23929-1-git-send-email-wenzhuo.lu@intel.com> <1445499249-22588-1-git-send-email-wenzhuo.lu@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsIiwiaWQiOiI4NTVkMjcxMS1mYzJhLTRlYmUtYjg0YS03OTM1OTgxNDU2OWIiLCJwcm9wcyI6W3sibiI6IkludGVsRGF0YUNsYXNzaWZpY2F0aW9uIiwidmFscyI6W3sidmFsdWUiOiJDVFBfUFVCTElDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjQuMTAuMTkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiVlJjdk42QmVWZDZIeHVrZUxGY203dUxrVXFNN096eEorM3BmYmVmeFdzST0ifQ== x-inteldataclassification: CTP_PUBLIC x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v2] ixgbe: Drop flow control frames from VFs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 03:26:49 -0000 Hi Helin, > -----Original Message----- > From: Zhang, Helin > Sent: Friday, October 23, 2015 10:49 AM > To: Lu, Wenzhuo; dev@dpdk.org > Subject: RE: [PATCH v2] ixgbe: Drop flow control frames from VFs >=20 >=20 >=20 > > -----Original Message----- > > From: Lu, Wenzhuo > > Sent: Thursday, October 22, 2015 3:34 PM > > To: dev@dpdk.org > > Cc: Zhang, Helin; Lu, Wenzhuo > > Subject: [PATCH v2] ixgbe: Drop flow control frames from VFs > > > > This patch will drop flow control frames from being transmitted from VS= Is. > > With this patch in place a malicious VF cannot send flow control or > > PFC packets out on the wire. > > > > V2: > > Reword the comments. > > > > Signed-off-by: Wenzhuo Lu > > --- > > drivers/net/ixgbe/ixgbe_pf.c | 43 > > +++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 43 insertions(+) > > > > diff --git a/drivers/net/ixgbe/ixgbe_pf.c > > b/drivers/net/ixgbe/ixgbe_pf.c index > > fd1c4ca..b33f4e9 100644 > > --- a/drivers/net/ixgbe/ixgbe_pf.c > > +++ b/drivers/net/ixgbe/ixgbe_pf.c > > @@ -55,6 +55,7 @@ > > #define IXGBE_MAX_VFTA (128) > > #define IXGBE_VF_MSG_SIZE_DEFAULT 1 > > #define IXGBE_VF_GET_QUEUE_MSG_SIZE 5 > > +#define IXGBE_ETHERTYPE_FLOW_CTRL 0x8808 > > > > static inline uint16_t > > dev_num_vf(struct rte_eth_dev *eth_dev) @@ -166,6 +167,46 @@ void > > ixgbe_pf_host_uninit(struct rte_eth_dev *eth_dev) > > *vfinfo =3D NULL; > > } > > > > +static void > > +ixgbe_add_tx_flow_control_drop_filter(struct rte_eth_dev *eth_dev) { > > + struct ixgbe_hw *hw =3D > > + IXGBE_DEV_PRIVATE_TO_HW(eth_dev->data->dev_private); > > + struct ixgbe_filter_info *filter_info =3D > > + IXGBE_DEV_PRIVATE_TO_FILTER_INFO(eth_dev->data- > >dev_private); > > + uint16_t vf_num; > > + int i; > > + > > + /* occupy an entity of ether type filter */ > > + for (i =3D 0; i < IXGBE_MAX_ETQF_FILTERS; i++) { > > + if (!(filter_info->ethertype_mask & (1 << i))) { > > + filter_info->ethertype_mask |=3D 1 << i; > > + filter_info->ethertype_filters[i] =3D > > + IXGBE_ETHERTYPE_FLOW_CTRL; > > + break; > > + } > > + } > > + if (i =3D=3D IXGBE_MAX_ETQF_FILTERS) { > > + RTE_LOG(ERR, PMD, "Cannot find an unused ether type > filter" > > + " entity for flow control.\n"); > > + return; > > + } > > + > > + if (hw->mac.ops.set_ethertype_anti_spoofing) { > > + IXGBE_WRITE_REG(hw, IXGBE_ETQF(i), > > + (IXGBE_ETQF_FILTER_EN | > > + IXGBE_ETQF_TX_ANTISPOOF | > > + IXGBE_ETHERTYPE_FLOW_CTRL)); > > + > > + vf_num =3D dev_num_vf(eth_dev); > > + for (i =3D 0; i < vf_num; i++) { > > + hw->mac.ops.set_ethertype_anti_spoofing(hw, true, > i); > > + } > > + } > ixgbe_set_ethertype_anti_spoofing() is exposed by ixgbe_api.h, and can be > used directly. > I think we need a return value for above function, and then the caller ca= n > check it. > If it fails, does it need to return out, or just skip the failure? For it's an additional check, I don't want to let it break the normal proce= ss. If there's a failure (suppose not, because it's executed during init, there= should be enough ether type entities.), only output error log. > In addition, is this operation only for x550, right? If yes, it may need = a check > above. It's depends on if this NIC supports this function " hw->mac.ops.set_ethert= ype_anti_spoofing", If some new ixgbe NICs can support it in future, we need not change the cod= e. But seems I should check it first to avoid occupy a ethertype_filter entity= without using it. I'll send a V2. >=20 > Regards, > Helin >=20 > > + > > + return; > > +} > > + > > int ixgbe_pf_host_configure(struct rte_eth_dev *eth_dev) { > > uint32_t vtctl, fcrth; > > @@ -262,6 +303,8 @@ int ixgbe_pf_host_configure(struct rte_eth_dev > > *eth_dev) > > IXGBE_WRITE_REG(hw, IXGBE_FCRTH_82599(i), fcrth); > > } > > > > + ixgbe_add_tx_flow_control_drop_filter(eth_dev); > > + > > return 0; > > } > > > > -- > > 1.9.3