Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/1208832/?format=api
{ "id": 1208832, "url": "http://patchwork.ozlabs.org/api/patches/1208832/?format=api", "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/20191212111307.33566-2-anthony.l.nguyen@intel.com/", "project": { "id": 46, "url": "http://patchwork.ozlabs.org/api/projects/46/?format=api", "name": "Intel Wired Ethernet development", "link_name": "intel-wired-lan", "list_id": "intel-wired-lan.osuosl.org", "list_email": "intel-wired-lan@osuosl.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20191212111307.33566-2-anthony.l.nguyen@intel.com>", "list_archive_url": null, "date": "2019-12-12T11:12:54", "name": "[S35,02/15] ice: Fix VF spoofchk", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "e34c8ed2bf6412611ac45f974fdd8a03cd18684a", "submitter": { "id": 68875, "url": "http://patchwork.ozlabs.org/api/people/68875/?format=api", "name": "Tony Nguyen", "email": "anthony.l.nguyen@intel.com" }, "delegate": { "id": 68, "url": "http://patchwork.ozlabs.org/api/users/68/?format=api", "username": "jtkirshe", "first_name": "Jeff", "last_name": "Kirsher", "email": "jeffrey.t.kirsher@intel.com" }, "mbox": "http://patchwork.ozlabs.org/project/intel-wired-lan/patch/20191212111307.33566-2-anthony.l.nguyen@intel.com/mbox/", "series": [ { "id": 148167, "url": "http://patchwork.ozlabs.org/api/series/148167/?format=api", "web_url": "http://patchwork.ozlabs.org/project/intel-wired-lan/list/?series=148167", "date": "2019-12-12T11:13:03", "name": "[S35,01/15] ice: Support UDP segmentation offload", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/148167/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/1208832/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/1208832/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<intel-wired-lan-bounces@osuosl.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "intel-wired-lan@lists.osuosl.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "intel-wired-lan@lists.osuosl.org" ], "Authentication-Results": [ "ozlabs.org; spf=pass (sender SPF authorized)\n\tsmtp.mailfrom=osuosl.org (client-ip=140.211.166.136;\n\thelo=silver.osuosl.org;\n\tenvelope-from=intel-wired-lan-bounces@osuosl.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdmarc=fail (p=none dis=none) header.from=intel.com" ], "Received": [ "from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 47Yklw22tGz9sPL\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri, 13 Dec 2019 06:45:00 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby silver.osuosl.org (Postfix) with ESMTP id B68D1252B7;\n\tThu, 12 Dec 2019 19:44:58 +0000 (UTC)", "from silver.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id SwH0AdJgFWs7; Thu, 12 Dec 2019 19:44:51 +0000 (UTC)", "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby silver.osuosl.org (Postfix) with ESMTP id 7CCFB20111;\n\tThu, 12 Dec 2019 19:44:47 +0000 (UTC)", "from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 9433D1BF340\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tThu, 12 Dec 2019 19:44:42 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 80D01888D9\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tThu, 12 Dec 2019 19:44:42 +0000 (UTC)", "from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 1Pxrs29wMMTG for <intel-wired-lan@lists.osuosl.org>;\n\tThu, 12 Dec 2019 19:44:36 +0000 (UTC)", "from mga01.intel.com (mga01.intel.com [192.55.52.88])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id 3394A888C2\n\tfor <intel-wired-lan@lists.osuosl.org>;\n\tThu, 12 Dec 2019 19:44:36 +0000 (UTC)", "from orsmga001.jf.intel.com ([10.7.209.18])\n\tby fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t12 Dec 2019 11:44:35 -0800", "from unknown (HELO localhost.jf.intel.com) ([10.166.244.174])\n\tby orsmga001.jf.intel.com with ESMTP; 12 Dec 2019 11:44:34 -0800" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.69,306,1571727600\"; d=\"scan'208\";a=\"296698849\"", "From": "Tony Nguyen <anthony.l.nguyen@intel.com>", "To": "intel-wired-lan@lists.osuosl.org", "Date": "Thu, 12 Dec 2019 03:12:54 -0800", "Message-Id": "<20191212111307.33566-2-anthony.l.nguyen@intel.com>", "X-Mailer": "git-send-email 2.20.1", "In-Reply-To": "<20191212111307.33566-1-anthony.l.nguyen@intel.com>", "References": "<20191212111307.33566-1-anthony.l.nguyen@intel.com>", "MIME-Version": "1.0", "Subject": "[Intel-wired-lan] [PATCH S35 02/15] ice: Fix VF spoofchk", "X-BeenThere": "intel-wired-lan@osuosl.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "Intel Wired Ethernet Linux Kernel Driver Development\n\t<intel-wired-lan.osuosl.org>", "List-Unsubscribe": "<https://lists.osuosl.org/mailman/options/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@osuosl.org?subject=unsubscribe>", "List-Archive": "<http://lists.osuosl.org/pipermail/intel-wired-lan/>", "List-Post": "<mailto:intel-wired-lan@osuosl.org>", "List-Help": "<mailto:intel-wired-lan-request@osuosl.org?subject=help>", "List-Subscribe": "<https://lists.osuosl.org/mailman/listinfo/intel-wired-lan>, \n\t<mailto:intel-wired-lan-request@osuosl.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "intel-wired-lan-bounces@osuosl.org", "Sender": "\"Intel-wired-lan\" <intel-wired-lan-bounces@osuosl.org>" }, "content": "From: Brett Creeley <brett.creeley@intel.com>\n\nThere are many things wrong with the function\nice_set_vf_spoofchk().\n\n1. The VSI being modified is the PF VSI, not the VF VSI.\n2. We are enabling Rx VLAN pruning instead of Tx VLAN anti-spoof.\n3. The spoofchk setting for each VF is not initialized correctly\n or re-initialized correctly on reset.\n\nTo fix [1] we need to make sure we are modifying the VF VSI.\nThis is done by using the vf->lan_vsi_idx to index into the PF's\nVSI array.\n\nTo fix [2] replace setting Rx VLAN pruning in ice_set_vf_spoofchk()\nwith setting Tx VLAN anti-spoof.\n\nTo Fix [3] we need to make sure the initial VSI settings match what\nis done in ice_set_vf_spoofchk() for spoofchk=on. Also make sure\nthis also works for VF reset. This was done by modifying ice_vsi_init()\nto account for the current spoofchk state of the VF VSI.\n\nBecause of these changes, Tx VLAN anti-spoof needs to be removed\nfrom ice_cfg_vlan_pruning(). This is okay for the VF because this\nis now controlled from the admin enabling/disabling spoofchk. For the\nPF, Tx VLAN anti-spoof should not be set. This change requires us to\ncall ice_set_vf_spoofchk() when configuring promiscuous mode for\nthe VF which requires ice_set_vf_spoofchk() to move in order to prevent\na forward declaration prototype.\n\nAlso, add VLAN 0 by default when allocating a VF since the PF is unaware\nif the guest OS is running the 8021q module. Without this, MDD events will\ntrigger on untagged traffic because spoofcheck is enabled by default. Due\nto this change, ignore add/delete messages for VLAN 0 from VIRTCHNL since\nthis is added/deleted during VF initialization/teardown respectively and\nshould not be modified.\n\nSigned-off-by: Brett Creeley <brett.creeley@intel.com>\nSigned-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>\n---\n drivers/net/ethernet/intel/ice/ice.h | 1 +\n drivers/net/ethernet/intel/ice/ice_lib.c | 34 +--\n .../net/ethernet/intel/ice/ice_virtchnl_pf.c | 207 +++++++++++-------\n .../net/ethernet/intel/ice/ice_virtchnl_pf.h | 1 -\n 4 files changed, 146 insertions(+), 97 deletions(-)", "diff": "diff --git a/drivers/net/ethernet/intel/ice/ice.h b/drivers/net/ethernet/intel/ice/ice.h\nindex dc341ab1bd71..5746c07814b7 100644\n--- a/drivers/net/ethernet/intel/ice/ice.h\n+++ b/drivers/net/ethernet/intel/ice/ice.h\n@@ -278,6 +278,7 @@ struct ice_vsi {\n \tu8 current_isup:1;\t\t /* Sync 'link up' logging */\n \tu8 stat_offsets_loaded:1;\n \tu8 vlan_ena:1;\n+\tu16 num_vlan;\n \n \t/* queue information */\n \tu8 tx_mapping_mode;\t\t /* ICE_MAP_MODE_[CONTIG|SCATTER] */\ndiff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/ethernet/intel/ice/ice_lib.c\nindex f4b4a1dcd643..a05d30f86619 100644\n--- a/drivers/net/ethernet/intel/ice/ice_lib.c\n+++ b/drivers/net/ethernet/intel/ice/ice_lib.c\n@@ -828,12 +828,23 @@ static int ice_vsi_init(struct ice_vsi *vsi, bool init_vsi)\n \t\tctxt->info.valid_sections |=\n \t\t\tcpu_to_le16(ICE_AQ_VSI_PROP_RXQ_MAP_VALID);\n \n-\t/* Enable MAC Antispoof with new VSI being initialized or updated */\n-\tif (vsi->type == ICE_VSI_VF && pf->vf[vsi->vf_id].spoofchk) {\n+\t/* enable/disable MAC and VLAN anti-spoof when spoofchk is on/off\n+\t * respectively\n+\t */\n+\tif (vsi->type == ICE_VSI_VF) {\n \t\tctxt->info.valid_sections |=\n \t\t\tcpu_to_le16(ICE_AQ_VSI_PROP_SECURITY_VALID);\n-\t\tctxt->info.sec_flags |=\n-\t\t\tICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF;\n+\t\tif (pf->vf[vsi->vf_id].spoofchk) {\n+\t\t\tctxt->info.sec_flags |=\n+\t\t\t\tICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF |\n+\t\t\t\t(ICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<\n+\t\t\t\t ICE_AQ_VSI_SEC_TX_PRUNE_ENA_S);\n+\t\t} else {\n+\t\t\tctxt->info.sec_flags &=\n+\t\t\t\t~(ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF |\n+\t\t\t\t (ICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<\n+\t\t\t\t ICE_AQ_VSI_SEC_TX_PRUNE_ENA_S));\n+\t\t}\n \t}\n \n \t/* Allow control frames out of main VSI */\n@@ -1671,22 +1682,14 @@ int ice_cfg_vlan_pruning(struct ice_vsi *vsi, bool ena, bool vlan_promisc)\n \n \tctxt->info = vsi->info;\n \n-\tif (ena) {\n-\t\tctxt->info.sec_flags |=\n-\t\t\tICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<\n-\t\t\tICE_AQ_VSI_SEC_TX_PRUNE_ENA_S;\n+\tif (ena)\n \t\tctxt->info.sw_flags2 |= ICE_AQ_VSI_SW_FLAG_RX_VLAN_PRUNE_ENA;\n-\t} else {\n-\t\tctxt->info.sec_flags &=\n-\t\t\t~(ICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<\n-\t\t\t ICE_AQ_VSI_SEC_TX_PRUNE_ENA_S);\n+\telse\n \t\tctxt->info.sw_flags2 &= ~ICE_AQ_VSI_SW_FLAG_RX_VLAN_PRUNE_ENA;\n-\t}\n \n \tif (!vlan_promisc)\n \t\tctxt->info.valid_sections =\n-\t\t\tcpu_to_le16(ICE_AQ_VSI_PROP_SECURITY_VALID |\n-\t\t\t\t ICE_AQ_VSI_PROP_SW_VALID);\n+\t\t\tcpu_to_le16(ICE_AQ_VSI_PROP_SW_VALID);\n \n \tstatus = ice_update_vsi(&pf->hw, vsi->idx, ctxt, NULL);\n \tif (status) {\n@@ -1696,7 +1699,6 @@ int ice_cfg_vlan_pruning(struct ice_vsi *vsi, bool ena, bool vlan_promisc)\n \t\tgoto err_out;\n \t}\n \n-\tvsi->info.sec_flags = ctxt->info.sec_flags;\n \tvsi->info.sw_flags2 = ctxt->info.sw_flags2;\n \n \tkfree(ctxt);\ndiff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c\nindex 0004117bc192..cc663fea8627 100644\n--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c\n+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c\n@@ -991,10 +991,17 @@ static void ice_cleanup_and_realloc_vf(struct ice_vf *vf)\n \n \t/* reallocate VF resources to finish resetting the VSI state */\n \tif (!ice_alloc_vf_res(vf)) {\n+\t\tstruct ice_vsi *vsi;\n+\n \t\tice_ena_vf_mappings(vf);\n \t\tset_bit(ICE_VF_STATE_ACTIVE, vf->vf_states);\n \t\tclear_bit(ICE_VF_STATE_DIS, vf->vf_states);\n-\t\tvf->num_vlan = 0;\n+\n+\t\tvsi = pf->vsi[vf->lan_vsi_idx];\n+\t\tif (ice_vsi_add_vlan(vsi, 0))\n+\t\t\tdev_warn(ice_pf_to_dev(pf),\n+\t\t\t\t \"Failed to add VLAN 0 filter for VF %d, MDD events will trigger. Reset the VF, disable spoofchk, or enable 8021q module on the guest\",\n+\t\t\t\t vf->vf_id);\n \t}\n \n \t/* Tell the VF driver the reset is done. This needs to be done only\n@@ -1023,7 +1030,7 @@ ice_vf_set_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m,\n \tstruct ice_hw *hw;\n \n \thw = &pf->hw;\n-\tif (vf->num_vlan) {\n+\tif (vsi->num_vlan) {\n \t\tstatus = ice_set_vlan_vsi_promisc(hw, vsi->idx, promisc_m,\n \t\t\t\t\t\t rm_promisc);\n \t} else if (vf->port_vlan_id) {\n@@ -1273,7 +1280,7 @@ static bool ice_reset_vf(struct ice_vf *vf, bool is_vflr)\n \t */\n \tif (test_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states) ||\n \t test_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) {\n-\t\tif (vf->port_vlan_id || vf->num_vlan)\n+\t\tif (vf->port_vlan_id || vsi->num_vlan)\n \t\t\tpromisc_m = ICE_UCAST_VLAN_PROMISC_BITS;\n \t\telse\n \t\t\tpromisc_m = ICE_UCAST_PROMISC_BITS;\n@@ -1892,6 +1899,89 @@ static int ice_vc_config_rss_lut(struct ice_vf *vf, u8 *msg)\n \t\t\t\t NULL, 0);\n }\n \n+/**\n+ * ice_set_vf_spoofchk\n+ * @netdev: network interface device structure\n+ * @vf_id: VF identifier\n+ * @ena: flag to enable or disable feature\n+ *\n+ * Enable or disable VF spoof checking\n+ */\n+int ice_set_vf_spoofchk(struct net_device *netdev, int vf_id, bool ena)\n+{\n+\tstruct ice_netdev_priv *np = netdev_priv(netdev);\n+\tstruct ice_pf *pf = np->vsi->back;\n+\tstruct ice_vsi_ctx *ctx;\n+\tstruct ice_vsi *vf_vsi;\n+\tenum ice_status status;\n+\tstruct device *dev;\n+\tstruct ice_vf *vf;\n+\tint ret = 0;\n+\n+\tdev = ice_pf_to_dev(pf);\n+\tif (ice_validate_vf_id(pf, vf_id))\n+\t\treturn -EINVAL;\n+\n+\tvf = &pf->vf[vf_id];\n+\n+\tif (ice_check_vf_init(pf, vf))\n+\t\treturn -EBUSY;\n+\n+\tvf_vsi = pf->vsi[vf->lan_vsi_idx];\n+\tif (!vf_vsi) {\n+\t\tnetdev_err(netdev, \"VSI %d for VF %d is null\\n\",\n+\t\t\t vf->lan_vsi_idx, vf->vf_id);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (vf_vsi->type != ICE_VSI_VF) {\n+\t\tnetdev_err(netdev,\n+\t\t\t \"Type %d of VSI %d for VF %d is no ICE_VSI_VF\\n\",\n+\t\t\t vf_vsi->type, vf_vsi->vsi_num, vf->vf_id);\n+\t\treturn -ENODEV;\n+\t}\n+\n+\tif (ena == vf->spoofchk) {\n+\t\tdev_dbg(dev, \"VF spoofchk already %s\\n\", ena ? \"ON\" : \"OFF\");\n+\t\treturn 0;\n+\t}\n+\n+\tctx = kzalloc(sizeof(*ctx), GFP_KERNEL);\n+\tif (!ctx)\n+\t\treturn -ENOMEM;\n+\n+\tctx->info.sec_flags = vf_vsi->info.sec_flags;\n+\tctx->info.valid_sections = cpu_to_le16(ICE_AQ_VSI_PROP_SECURITY_VALID);\n+\tif (ena) {\n+\t\tctx->info.sec_flags |=\n+\t\t\tICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF |\n+\t\t\t(ICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<\n+\t\t\t ICE_AQ_VSI_SEC_TX_PRUNE_ENA_S);\n+\t} else {\n+\t\tctx->info.sec_flags &=\n+\t\t\t~(ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF |\n+\t\t\t (ICE_AQ_VSI_SEC_TX_VLAN_PRUNE_ENA <<\n+\t\t\t ICE_AQ_VSI_SEC_TX_PRUNE_ENA_S));\n+\t}\n+\n+\tstatus = ice_update_vsi(&pf->hw, vf_vsi->idx, ctx, NULL);\n+\tif (status) {\n+\t\tdev_err(dev,\n+\t\t\t\"Failed to %sable spoofchk on VF %d VSI %d\\n error %d\",\n+\t\t\tena ? \"en\" : \"dis\", vf->vf_id, vf_vsi->vsi_num, status);\n+\t\tret = -EIO;\n+\t\tgoto out;\n+\t}\n+\n+\t/* only update spoofchk state and VSI context on success */\n+\tvf_vsi->info.sec_flags = ctx->info.sec_flags;\n+\tvf->spoofchk = ena;\n+\n+out:\n+\tkfree(ctx);\n+\treturn ret;\n+}\n+\n /**\n * ice_vc_get_stats_msg\n * @vf: pointer to the VF info\n@@ -2719,17 +2809,6 @@ static int ice_vc_process_vlan_msg(struct ice_vf *vf, u8 *msg, bool add_v)\n \t\tgoto error_param;\n \t}\n \n-\tif (add_v && !ice_is_vf_trusted(vf) &&\n-\t vf->num_vlan >= ICE_MAX_VLAN_PER_VF) {\n-\t\tdev_info(dev,\n-\t\t\t \"VF-%d is not trusted, switch the VF to trusted mode, in order to add more VLAN addresses\\n\",\n-\t\t\t vf->vf_id);\n-\t\t/* There is no need to let VF know about being not trusted,\n-\t\t * so we can just return success message here\n-\t\t */\n-\t\tgoto error_param;\n-\t}\n-\n \tfor (i = 0; i < vfl->num_elements; i++) {\n \t\tif (vfl->vlan_id[i] > ICE_MAX_VLANID) {\n \t\t\tv_ret = VIRTCHNL_STATUS_ERR_PARAM;\n@@ -2746,6 +2825,17 @@ static int ice_vc_process_vlan_msg(struct ice_vf *vf, u8 *msg, bool add_v)\n \t\tgoto error_param;\n \t}\n \n+\tif (add_v && !ice_is_vf_trusted(vf) &&\n+\t vsi->num_vlan >= ICE_MAX_VLAN_PER_VF) {\n+\t\tdev_info(dev,\n+\t\t\t \"VF-%d is not trusted, switch the VF to trusted mode, in order to add more VLAN addresses\\n\",\n+\t\t\t vf->vf_id);\n+\t\t/* There is no need to let VF know about being not trusted,\n+\t\t * so we can just return success message here\n+\t\t */\n+\t\tgoto error_param;\n+\t}\n+\n \tif (vsi->info.pvid) {\n \t\tv_ret = VIRTCHNL_STATUS_ERR_PARAM;\n \t\tgoto error_param;\n@@ -2760,7 +2850,7 @@ static int ice_vc_process_vlan_msg(struct ice_vf *vf, u8 *msg, bool add_v)\n \t\t\tu16 vid = vfl->vlan_id[i];\n \n \t\t\tif (!ice_is_vf_trusted(vf) &&\n-\t\t\t vf->num_vlan >= ICE_MAX_VLAN_PER_VF) {\n+\t\t\t vsi->num_vlan >= ICE_MAX_VLAN_PER_VF) {\n \t\t\t\tdev_info(dev,\n \t\t\t\t\t \"VF-%d is not trusted, switch the VF to trusted mode, in order to add more VLAN addresses\\n\",\n \t\t\t\t\t vf->vf_id);\n@@ -2771,12 +2861,20 @@ static int ice_vc_process_vlan_msg(struct ice_vf *vf, u8 *msg, bool add_v)\n \t\t\t\tgoto error_param;\n \t\t\t}\n \n-\t\t\tif (ice_vsi_add_vlan(vsi, vid)) {\n+\t\t\t/* we add VLAN 0 by default for each VF so we can enable\n+\t\t\t * Tx VLAN anti-spoof without triggering MDD events so\n+\t\t\t * we don't need to add it again here\n+\t\t\t */\n+\t\t\tif (!vid)\n+\t\t\t\tcontinue;\n+\n+\t\t\tstatus = ice_vsi_add_vlan(vsi, vid);\n+\t\t\tif (status) {\n \t\t\t\tv_ret = VIRTCHNL_STATUS_ERR_PARAM;\n \t\t\t\tgoto error_param;\n \t\t\t}\n \n-\t\t\tvf->num_vlan++;\n+\t\t\tvsi->num_vlan++;\n \t\t\t/* Enable VLAN pruning when VLAN is added */\n \t\t\tif (!vlan_promisc) {\n \t\t\t\tstatus = ice_cfg_vlan_pruning(vsi, true, false);\n@@ -2812,21 +2910,29 @@ static int ice_vc_process_vlan_msg(struct ice_vf *vf, u8 *msg, bool add_v)\n \t\t */\n \t\tint num_vf_vlan;\n \n-\t\tnum_vf_vlan = vf->num_vlan;\n+\t\tnum_vf_vlan = vsi->num_vlan;\n \t\tfor (i = 0; i < vfl->num_elements && i < num_vf_vlan; i++) {\n \t\t\tu16 vid = vfl->vlan_id[i];\n \n+\t\t\t/* we add VLAN 0 by default for each VF so we can enable\n+\t\t\t * Tx VLAN anti-spoof without triggering MDD events so\n+\t\t\t * we don't want a VIRTCHNL request to remove it\n+\t\t\t */\n+\t\t\tif (!vid)\n+\t\t\t\tcontinue;\n+\n \t\t\t/* Make sure ice_vsi_kill_vlan is successful before\n \t\t\t * updating VLAN information\n \t\t\t */\n-\t\t\tif (ice_vsi_kill_vlan(vsi, vid)) {\n+\t\t\tstatus = ice_vsi_kill_vlan(vsi, vid);\n+\t\t\tif (status) {\n \t\t\t\tv_ret = VIRTCHNL_STATUS_ERR_PARAM;\n \t\t\t\tgoto error_param;\n \t\t\t}\n \n-\t\t\tvf->num_vlan--;\n+\t\t\tvsi->num_vlan--;\n \t\t\t/* Disable VLAN pruning when the last VLAN is removed */\n-\t\t\tif (!vf->num_vlan)\n+\t\t\tif (!vsi->num_vlan)\n \t\t\t\tice_cfg_vlan_pruning(vsi, false, false);\n \n \t\t\t/* Disable Unicast/Multicast VLAN promiscuous mode */\n@@ -3139,65 +3245,6 @@ ice_get_vf_cfg(struct net_device *netdev, int vf_id, struct ifla_vf_info *ivi)\n \treturn 0;\n }\n \n-/**\n- * ice_set_vf_spoofchk\n- * @netdev: network interface device structure\n- * @vf_id: VF identifier\n- * @ena: flag to enable or disable feature\n- *\n- * Enable or disable VF spoof checking\n- */\n-int ice_set_vf_spoofchk(struct net_device *netdev, int vf_id, bool ena)\n-{\n-\tstruct ice_pf *pf = ice_netdev_to_pf(netdev);\n-\tstruct ice_vsi *vsi = pf->vsi[0];\n-\tstruct ice_vsi_ctx *ctx;\n-\tenum ice_status status;\n-\tstruct device *dev;\n-\tstruct ice_vf *vf;\n-\tint ret = 0;\n-\n-\tdev = ice_pf_to_dev(pf);\n-\tif (ice_validate_vf_id(pf, vf_id))\n-\t\treturn -EINVAL;\n-\n-\tvf = &pf->vf[vf_id];\n-\tif (ice_check_vf_init(pf, vf))\n-\t\treturn -EBUSY;\n-\n-\tif (ena == vf->spoofchk) {\n-\t\tdev_dbg(dev, \"VF spoofchk already %s\\n\",\n-\t\t\tena ? \"ON\" : \"OFF\");\n-\t\treturn 0;\n-\t}\n-\n-\tctx = kzalloc(sizeof(*ctx), GFP_KERNEL);\n-\tif (!ctx)\n-\t\treturn -ENOMEM;\n-\n-\tctx->info.valid_sections = cpu_to_le16(ICE_AQ_VSI_PROP_SECURITY_VALID);\n-\n-\tif (ena) {\n-\t\tctx->info.sec_flags |= ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF;\n-\t\tctx->info.sw_flags2 |= ICE_AQ_VSI_SW_FLAG_RX_PRUNE_EN_M;\n-\t}\n-\n-\tstatus = ice_update_vsi(&pf->hw, vsi->idx, ctx, NULL);\n-\tif (status) {\n-\t\tdev_dbg(dev,\n-\t\t\t\"Error %d, failed to update VSI* parameters\\n\", status);\n-\t\tret = -EIO;\n-\t\tgoto out;\n-\t}\n-\n-\tvf->spoofchk = ena;\n-\tvsi->info.sec_flags = ctx->info.sec_flags;\n-\tvsi->info.sw_flags2 = ctx->info.sw_flags2;\n-out:\n-\tkfree(ctx);\n-\treturn ret;\n-}\n-\n /**\n * ice_wait_on_vf_reset\n * @vf: The VF being resseting\ndiff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.h b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.h\nindex 88aa65d5cb31..611f45100438 100644\n--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.h\n+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.h\n@@ -91,7 +91,6 @@ struct ice_vf {\n \tunsigned long vf_caps;\t\t/* VF's adv. capabilities */\n \tu8 num_req_qs;\t\t\t/* num of queue pairs requested by VF */\n \tu16 num_mac;\n-\tu16 num_vlan;\n \tu16 num_vf_qs;\t\t\t/* num of queue configured per VF */\n \tu16 num_qs_ena;\t\t\t/* total num of Tx/Rx queue enabled */\n };\n", "prefixes": [ "S35", "02/15" ] }