ice: Extend malicious operations detection logic
This patch extends the existing malicious driver operation detection logic to cover malicious operations by the VF driver as well. Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
This commit is contained in:
parent
53b8decbb7
commit
7c4bc1f576
|
@ -219,6 +219,14 @@
|
||||||
#define PF_MDET_TX_PQM_VALID_M BIT(0)
|
#define PF_MDET_TX_PQM_VALID_M BIT(0)
|
||||||
#define PF_MDET_TX_TCLAN 0x000FC000
|
#define PF_MDET_TX_TCLAN 0x000FC000
|
||||||
#define PF_MDET_TX_TCLAN_VALID_M BIT(0)
|
#define PF_MDET_TX_TCLAN_VALID_M BIT(0)
|
||||||
|
#define VP_MDET_RX(_VF) (0x00294400 + ((_VF) * 4))
|
||||||
|
#define VP_MDET_RX_VALID_M BIT(0)
|
||||||
|
#define VP_MDET_TX_PQM(_VF) (0x002D2000 + ((_VF) * 4))
|
||||||
|
#define VP_MDET_TX_PQM_VALID_M BIT(0)
|
||||||
|
#define VP_MDET_TX_TCLAN(_VF) (0x000FB800 + ((_VF) * 4))
|
||||||
|
#define VP_MDET_TX_TCLAN_VALID_M BIT(0)
|
||||||
|
#define VP_MDET_TX_TDPU(_VF) (0x00040000 + ((_VF) * 4))
|
||||||
|
#define VP_MDET_TX_TDPU_VALID_M BIT(0)
|
||||||
#define GLNVM_FLA 0x000B6108
|
#define GLNVM_FLA 0x000B6108
|
||||||
#define GLNVM_FLA_LOCKED_M BIT(6)
|
#define GLNVM_FLA_LOCKED_M BIT(6)
|
||||||
#define GLNVM_GENS 0x000B6100
|
#define GLNVM_GENS 0x000B6100
|
||||||
|
|
|
@ -951,6 +951,7 @@ static void ice_handle_mdd_event(struct ice_pf *pf)
|
||||||
struct ice_hw *hw = &pf->hw;
|
struct ice_hw *hw = &pf->hw;
|
||||||
bool mdd_detected = false;
|
bool mdd_detected = false;
|
||||||
u32 reg;
|
u32 reg;
|
||||||
|
int i;
|
||||||
|
|
||||||
if (!test_bit(__ICE_MDD_EVENT_PENDING, pf->state))
|
if (!test_bit(__ICE_MDD_EVENT_PENDING, pf->state))
|
||||||
return;
|
return;
|
||||||
|
@ -1040,6 +1041,51 @@ static void ice_handle_mdd_event(struct ice_pf *pf)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* see if one of the VFs needs to be reset */
|
||||||
|
for (i = 0; i < pf->num_alloc_vfs && mdd_detected; i++) {
|
||||||
|
struct ice_vf *vf = &pf->vf[i];
|
||||||
|
|
||||||
|
reg = rd32(hw, VP_MDET_TX_PQM(i));
|
||||||
|
if (reg & VP_MDET_TX_PQM_VALID_M) {
|
||||||
|
wr32(hw, VP_MDET_TX_PQM(i), 0xFFFF);
|
||||||
|
vf->num_mdd_events++;
|
||||||
|
dev_info(&pf->pdev->dev, "TX driver issue detected on VF %d\n",
|
||||||
|
i);
|
||||||
|
}
|
||||||
|
|
||||||
|
reg = rd32(hw, VP_MDET_TX_TCLAN(i));
|
||||||
|
if (reg & VP_MDET_TX_TCLAN_VALID_M) {
|
||||||
|
wr32(hw, VP_MDET_TX_TCLAN(i), 0xFFFF);
|
||||||
|
vf->num_mdd_events++;
|
||||||
|
dev_info(&pf->pdev->dev, "TX driver issue detected on VF %d\n",
|
||||||
|
i);
|
||||||
|
}
|
||||||
|
|
||||||
|
reg = rd32(hw, VP_MDET_TX_TDPU(i));
|
||||||
|
if (reg & VP_MDET_TX_TDPU_VALID_M) {
|
||||||
|
wr32(hw, VP_MDET_TX_TDPU(i), 0xFFFF);
|
||||||
|
vf->num_mdd_events++;
|
||||||
|
dev_info(&pf->pdev->dev, "TX driver issue detected on VF %d\n",
|
||||||
|
i);
|
||||||
|
}
|
||||||
|
|
||||||
|
reg = rd32(hw, VP_MDET_RX(i));
|
||||||
|
if (reg & VP_MDET_RX_VALID_M) {
|
||||||
|
wr32(hw, VP_MDET_RX(i), 0xFFFF);
|
||||||
|
vf->num_mdd_events++;
|
||||||
|
dev_info(&pf->pdev->dev, "RX driver issue detected on VF %d\n",
|
||||||
|
i);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (vf->num_mdd_events > ICE_DFLT_NUM_MDD_EVENTS_ALLOWED) {
|
||||||
|
dev_info(&pf->pdev->dev,
|
||||||
|
"Too many MDD events on VF %d, disabled\n", i);
|
||||||
|
dev_info(&pf->pdev->dev,
|
||||||
|
"Use PF Control I/F to re-enable the VF\n");
|
||||||
|
set_bit(ICE_VF_STATE_DIS, vf->vf_states);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* re-enable MDD interrupt cause */
|
/* re-enable MDD interrupt cause */
|
||||||
clear_bit(__ICE_MDD_EVENT_PENDING, pf->state);
|
clear_bit(__ICE_MDD_EVENT_PENDING, pf->state);
|
||||||
reg = rd32(hw, PFINT_OICR_ENA);
|
reg = rd32(hw, PFINT_OICR_ENA);
|
||||||
|
|
|
@ -9,10 +9,13 @@
|
||||||
#define ICE_VLAN_PRIORITY_S 12
|
#define ICE_VLAN_PRIORITY_S 12
|
||||||
#define ICE_VLAN_M 0xFFF
|
#define ICE_VLAN_M 0xFFF
|
||||||
#define ICE_PRIORITY_M 0x7000
|
#define ICE_PRIORITY_M 0x7000
|
||||||
#define ICE_MAX_VLAN_PER_VF 8 /* restriction for non-trusted VF */
|
|
||||||
|
|
||||||
/* Restrict number of MACs a non-trusted VF can program */
|
/* Restrict number of MAC Addr and VLAN that non-trusted VF can programmed */
|
||||||
|
#define ICE_MAX_VLAN_PER_VF 8
|
||||||
#define ICE_MAX_MACADDR_PER_VF 12
|
#define ICE_MAX_MACADDR_PER_VF 12
|
||||||
|
|
||||||
|
/* Malicious Driver Detection */
|
||||||
|
#define ICE_DFLT_NUM_MDD_EVENTS_ALLOWED 3
|
||||||
#define ICE_DFLT_NUM_INVAL_MSGS_ALLOWED 10
|
#define ICE_DFLT_NUM_INVAL_MSGS_ALLOWED 10
|
||||||
|
|
||||||
/* Static VF transaction/status register def */
|
/* Static VF transaction/status register def */
|
||||||
|
@ -56,6 +59,7 @@ struct ice_vf {
|
||||||
u8 trusted;
|
u8 trusted;
|
||||||
u16 lan_vsi_idx; /* index into PF struct */
|
u16 lan_vsi_idx; /* index into PF struct */
|
||||||
u16 lan_vsi_num; /* ID as used by firmware */
|
u16 lan_vsi_num; /* ID as used by firmware */
|
||||||
|
u64 num_mdd_events; /* number of mdd events detected */
|
||||||
u64 num_inval_msgs; /* number of continuous invalid msgs */
|
u64 num_inval_msgs; /* number of continuous invalid msgs */
|
||||||
u64 num_valid_msgs; /* number of valid msgs detected */
|
u64 num_valid_msgs; /* number of valid msgs detected */
|
||||||
unsigned long vf_caps; /* vf's adv. capabilities */
|
unsigned long vf_caps; /* vf's adv. capabilities */
|
||||||
|
|
Loading…
Reference in New Issue