From nobody Fri Jul 18 19:16:21 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bkKK20qSPz62gRs; Fri, 18 Jul 2025 19:16:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bkKK12jNBz42Ln; Fri, 18 Jul 2025 19:16:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1752866181; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QFNcd5naY1HJlp8pt5q7lZk1odKFJrHPMOsE/Wi0Hxc=; b=Ts3PxVMZk/1uIwfM7G27JlyL2NTsVRv24jVuJjpSP3Sp5JIkZekl27JU3KD1rH1LB+bsAx 6TR3aOR90EZfzH+4l7UrvfijbQcqxh1S+btEwcjUDY5BfYXub7AwDcg0WSL8M4jidf3k8n PHFIBYsc7OhgvRRNkbXVBU6pxWHkwvyyXDcaKTreQMmml5gXorId+RVnaHFaTIGFi5fJ+i YVUO9fHMiljekVcysg0SMKJVLvJo0hUYGFPx4zuExEoRu3gZZfjAXvCMPemADWEsPb9xqK iT4ZGsrqULGCzEOjr27ex1Y0CoHIg0dSRhtB0vzZqTuWJ5XvRuf3cyzBBoxtVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1752866181; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QFNcd5naY1HJlp8pt5q7lZk1odKFJrHPMOsE/Wi0Hxc=; b=Q6Def2pYYF44ZEz7QzcoU6kWuVbox6S2rhvTjYxbeN4qhQ20KBdPBDiASv/QbA7ysckXsL tkbIbZGTCxvxkPLBrHgxYNhFK9Vx5dIZzSiOGcXmJctjy4IkxCqj22F5u028uxwG/Zei6u um0EJumq4p9zefNYkdczaXW1VK9Ka+UP7zb9e0CT8XWyhSJTY2iEgM0hECtulDfv3tmWJ3 ccxihatwtxNwoK4qQZKxTWX9VuVxpdiwJBnOfvUHN5aaT7rGjLxUw4lFWRZRvG9WLiQokz qhAnNTtCtK2NS6y17PfKOssXXW48x1Ow2I5W9GigrsUOwIvkO7QSSmvr5yctag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1752866181; a=rsa-sha256; cv=none; b=TfpKQgtxCFFaMBoY5w/FS2dLdHNfu2G96Kq3Tje2rRZN7SAlxqc+Vo4ibF5OJJnc7kLqTI UgZYlgx8k1fIGpcxy4oygNi8gJkFkVJ/OWzruZrvOxB1W/0nvLTOFFqaf481dqnpzTf1XT WmR3t0HSWmRHsRX9LnOptfLArLfyADry+aQrS6aDDulq5s+Nhv890lRX3ArrJfN1JDJtY9 /H85WLPNzpbn7OVP4PL2Oin6gsHqnDQzCMD7XQpYv9rjZhOdoS2ALmcKf3VNODuOpcYEW0 BQqMPLZqIXalHehPkgGAzjPJG8J7noy52e9zsCobhJm+xKQyQkJDxivyxirdaA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bkKK12826ztPX; Fri, 18 Jul 2025 19:16:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56IJGLI5001125; Fri, 18 Jul 2025 19:16:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56IJGLMK001122; Fri, 18 Jul 2025 19:16:21 GMT (envelope-from git) Date: Fri, 18 Jul 2025 19:16:21 GMT Message-Id: <202507181916.56IJGLMK001122@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: 430f1acc451c - main - ice(4): Add MAC filter and VLAN resource limits to VFs List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 430f1acc451c7084d1d5aa7df7e7ecccea1a8b51 Auto-Submitted: auto-generated The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=430f1acc451c7084d1d5aa7df7e7ecccea1a8b51 commit 430f1acc451c7084d1d5aa7df7e7ecccea1a8b51 Author: Eric Joyner AuthorDate: 2024-10-17 22:19:09 +0000 Commit: Warner Losh CommitDate: 2025-07-18 19:16:17 +0000 ice(4): Add MAC filter and VLAN resource limits to VFs Adds two new parameters to iovctl config for VLAN filter limits and MAC filter limits and gives them defaults of 64 and 16, respectively. These are intended to limit the number of resources that a VF can consume so that any one VF cannot starve an other VFs or the PF of filters. Signed-off-by: Eric Joyner Signed-off-by: Krzysztof Galazka Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1573 --- sys/dev/ice/ice_iov.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- sys/dev/ice/ice_iov.h | 8 ++++++++ 2 files changed, 50 insertions(+), 3 deletions(-) diff --git a/sys/dev/ice/ice_iov.c b/sys/dev/ice/ice_iov.c index fc37a0e7679c..e06c7eb56f7a 100644 --- a/sys/dev/ice/ice_iov.c +++ b/sys/dev/ice/ice_iov.c @@ -117,6 +117,10 @@ ice_iov_attach(struct ice_softc *sc) IOV_SCHEMA_HASDEFAULT, ICE_DEFAULT_VF_QUEUES); pci_iov_schema_add_uint16(vf_schema, "mirror-src-vsi", IOV_SCHEMA_HASDEFAULT, ICE_INVALID_MIRROR_VSI); + pci_iov_schema_add_uint16(vf_schema, "max-vlan-allowed", + IOV_SCHEMA_HASDEFAULT, ICE_DEFAULT_VF_VLAN_LIMIT); + pci_iov_schema_add_uint16(vf_schema, "max-mac-filters", + IOV_SCHEMA_HASDEFAULT, ICE_DEFAULT_VF_FILTER_LIMIT); error = pci_iov_attach(dev, pf_schema, vf_schema); if (error != 0) { @@ -360,6 +364,9 @@ ice_iov_add_vf(struct ice_softc *sc, uint16_t vfnum, const nvlist_t *params) vsi->mirror_src_vsi = nvlist_get_number(params, "mirror-src-vsi"); + vf->vlan_limit = nvlist_get_number(params, "max-vlan-allowed"); + vf->mac_filter_limit = nvlist_get_number(params, "max-mac-filters"); + vf->vf_flags |= VF_FLAG_VLAN_CAP; /* Create and setup VSI in HW */ @@ -735,10 +742,17 @@ ice_vc_add_eth_addr_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) enum virtchnl_status_code v_status = VIRTCHNL_STATUS_SUCCESS; struct virtchnl_ether_addr_list *addr_list; struct ice_hw *hw = &sc->hw; + u16 added_addr_cnt = 0; int error = 0; addr_list = (struct virtchnl_ether_addr_list *)msg_buf; + if (addr_list->num_elements > + (vf->mac_filter_limit - vf->mac_filter_cnt)) { + v_status = VIRTCHNL_STATUS_ERR_NO_MEMORY; + goto done; + } + for (int i = 0; i < addr_list->num_elements; i++) { u8 *addr = addr_list->list[i].addr; @@ -767,10 +781,15 @@ ice_vc_add_eth_addr_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) "%s: VF-%d: Error adding MAC addr for VSI %d\n", __func__, vf->vf_num, vf->vsi->idx); v_status = VIRTCHNL_STATUS_ERR_PARAM; - goto done; + continue; } + /* Don't count VF's MAC against its MAC filter limit */ + if (memcmp(addr, vf->mac, ETHER_ADDR_LEN)) + added_addr_cnt++; } + vf->mac_filter_cnt += added_addr_cnt; + done: ice_aq_send_msg_to_vf(hw, vf->vf_num, VIRTCHNL_OP_ADD_ETH_ADDR, v_status, NULL, 0, NULL); @@ -791,6 +810,7 @@ ice_vc_del_eth_addr_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) enum virtchnl_status_code v_status = VIRTCHNL_STATUS_SUCCESS; struct virtchnl_ether_addr_list *addr_list; struct ice_hw *hw = &sc->hw; + u16 deleted_addr_cnt = 0; int error = 0; addr_list = (struct virtchnl_ether_addr_list *)msg_buf; @@ -802,11 +822,18 @@ ice_vc_del_eth_addr_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) "%s: VF-%d: Error removing MAC addr for VSI %d\n", __func__, vf->vf_num, vf->vsi->idx); v_status = VIRTCHNL_STATUS_ERR_PARAM; - goto done; + continue; } + /* Don't count VF's MAC against its MAC filter limit */ + if (memcmp(addr_list->list[i].addr, vf->mac, ETHER_ADDR_LEN)) + deleted_addr_cnt++; } -done: + if (deleted_addr_cnt >= vf->mac_filter_cnt) + vf->mac_filter_cnt = 0; + else + vf->mac_filter_cnt -= deleted_addr_cnt; + ice_aq_send_msg_to_vf(hw, vf->vf_num, VIRTCHNL_OP_DEL_ETH_ADDR, v_status, NULL, 0, NULL); } @@ -838,6 +865,11 @@ ice_vc_add_vlan_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) goto done; } + if (vlan_list->num_elements > (vf->vlan_limit - vf->vlan_cnt)) { + v_status = VIRTCHNL_STATUS_ERR_NO_MEMORY; + goto done; + } + status = ice_add_vlan_hw_filters(vsi, vlan_list->vlan_id, vlan_list->num_elements); if (status) { @@ -849,6 +881,8 @@ ice_vc_add_vlan_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) goto done; } + vf->vlan_cnt += vlan_list->num_elements; + done: ice_aq_send_msg_to_vf(hw, vf->vf_num, VIRTCHNL_OP_ADD_VLAN, v_status, NULL, 0, NULL); @@ -892,6 +926,11 @@ ice_vc_del_vlan_msg(struct ice_softc *sc, struct ice_vf *vf, u8 *msg_buf) goto done; } + if (vlan_list->num_elements >= vf->vlan_cnt) + vf->vlan_cnt = 0; + else + vf->vlan_cnt -= vlan_list->num_elements; + done: ice_aq_send_msg_to_vf(hw, vf->vf_num, VIRTCHNL_OP_DEL_VLAN, v_status, NULL, 0, NULL); diff --git a/sys/dev/ice/ice_iov.h b/sys/dev/ice/ice_iov.h index c2ac5fcd5c94..c4fb3e932e3f 100644 --- a/sys/dev/ice/ice_iov.h +++ b/sys/dev/ice/ice_iov.h @@ -85,6 +85,11 @@ struct ice_vf { u16 vf_num; struct virtchnl_version_info version; + u16 mac_filter_limit; + u16 mac_filter_cnt; + u16 vlan_limit; + u16 vlan_cnt; + u16 num_irq_vectors; u16 *vf_imap; struct ice_irq_vector *tx_irqvs; @@ -101,6 +106,9 @@ struct ice_vf { #define ICE_VIRTCHNL_VALID_PROMISC_FLAGS (FLAG_VF_UNICAST_PROMISC | \ FLAG_VF_MULTICAST_PROMISC) +#define ICE_DEFAULT_VF_VLAN_LIMIT 64 +#define ICE_DEFAULT_VF_FILTER_LIMIT 16 + int ice_iov_attach(struct ice_softc *sc); int ice_iov_detach(struct ice_softc *sc);