| Message ID | 20220406095252.22338-3-olivier.matz@6wind.com |
|---|---|
| State | Accepted |
| Delegated to: | Anthony Nguyen |
| Headers | show |
| Series | ixgbe: fix promiscuous mode on VF | expand |
> -----Original Message----- > From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of > Olivier Matz > Sent: Wednesday, April 6, 2022 11:53 AM > To: netdev@vger.kernel.org > Cc: Paul Menzel <pmenzel@molgen.mpg.de>; intel-wired-lan@osuosl.org; > stable@vger.kernel.org; Jakub Kicinski <kuba@kernel.org>; Nicolas Dichtel > <nicolas.dichtel@6wind.com>; Paolo Abeni <pabeni@redhat.com>; David S . > Miller <davem@davemloft.net> > Subject: [Intel-wired-lan] [PATCH net v2 2/2] ixgbe: fix unexpected VLAN Rx in > promisc mode on VF > > When the promiscuous mode is enabled on a VF, the IXGBE_VMOLR_VPE bit > (VLAN Promiscuous Enable) is set. This means that the VF will receive > packets whose VLAN is not the same than the VLAN of the VF. > > For instance, in this situation: > > ┌────────┐ ┌────────┐ ┌────────┐ > │ │ │ │ │ │ > │ │ │ │ │ │ > │ VF0├────┤VF1 VF2├────┤VF3 │ > │ │ │ │ │ │ > └────────┘ └────────┘ └────────┘ > VM1 VM2 VM3 > > vf 0: vlan 1000 > vf 1: vlan 1000 > vf 2: vlan 1001 > vf 3: vlan 1001 > > If we tcpdump on VF3, we see all the packets, even those transmitted on > vlan 1000. > > This behavior prevents to bridge VF1 and VF2 in VM2, because it will create a > loop: packets transmitted on VF1 will be received by VF2 and vice-versa, and > bridged again through the software bridge. > > This patch remove the activation of VLAN Promiscuous when a VF enables > the promiscuous mode. However, the IXGBE_VMOLR_UPE bit (Unicast > Promiscuous) is kept, so that a VF receives all packets that has the same > VLAN, whatever the destination MAC address. > > Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode") > Cc: stable@vger.kernel.org > Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> > Signed-off-by: Olivier Matz <olivier.matz@6wind.com> > --- > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > index 8d108a78941b..d4e63f0644c3 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c > @@ -1208,9 +1208,9 @@ static int ixgbe_update_vf_xcast_mode(struct Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c index 8d108a78941b..d4e63f0644c3 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c @@ -1208,9 +1208,9 @@ static int ixgbe_update_vf_xcast_mode(struct ixgbe_adapter *adapter, return -EPERM; } - disable = 0; + disable = IXGBE_VMOLR_VPE; enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | - IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE; + IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE; break; default: return -EOPNOTSUPP;
When the promiscuous mode is enabled on a VF, the IXGBE_VMOLR_VPE bit (VLAN Promiscuous Enable) is set. This means that the VF will receive packets whose VLAN is not the same than the VLAN of the VF. For instance, in this situation: ┌────────┐ ┌────────┐ ┌────────┐ │ │ │ │ │ │ │ │ │ │ │ │ │ VF0├────┤VF1 VF2├────┤VF3 │ │ │ │ │ │ │ └────────┘ └────────┘ └────────┘ VM1 VM2 VM3 vf 0: vlan 1000 vf 1: vlan 1000 vf 2: vlan 1001 vf 3: vlan 1001 If we tcpdump on VF3, we see all the packets, even those transmitted on vlan 1000. This behavior prevents to bridge VF1 and VF2 in VM2, because it will create a loop: packets transmitted on VF1 will be received by VF2 and vice-versa, and bridged again through the software bridge. This patch remove the activation of VLAN Promiscuous when a VF enables the promiscuous mode. However, the IXGBE_VMOLR_UPE bit (Unicast Promiscuous) is kept, so that a VF receives all packets that has the same VLAN, whatever the destination MAC address. Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode") Cc: stable@vger.kernel.org Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Olivier Matz <olivier.matz@6wind.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)