2 * Copyright (c) 2015, Mellanox Technologies. All rights reserved.
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
33 #include <linux/etherdevice.h>
34 #include <linux/mlx5/driver.h>
35 #include <linux/mlx5/mlx5_ifc.h>
36 #include <linux/mlx5/vport.h>
37 #include <linux/mlx5/fs.h>
38 #include "mlx5_core.h"
41 #define UPLINK_VPORT 0xFFFF
49 /* E-Switch UC L2 table hash node */
51 struct l2addr_node node;
56 /* E-Switch MC FDB table hash node */
57 struct esw_mc_addr { /* SRIOV only */
58 struct l2addr_node node;
59 struct mlx5_flow_rule *uplink_rule; /* Forward to uplink rule */
63 /* Vport UC/MC hash node */
65 struct l2addr_node node;
68 struct mlx5_flow_rule *flow_rule; /* SRIOV only */
69 /* A flag indicating that mac was added due to mc promiscuous vport */
74 UC_ADDR_CHANGE = BIT(0),
75 MC_ADDR_CHANGE = BIT(1),
76 PROMISC_CHANGE = BIT(3),
79 /* Vport context events */
80 #define SRIOV_VPORT_EVENTS (UC_ADDR_CHANGE | \
84 int esw_offloads_init(struct mlx5_eswitch *esw, int nvports);
85 void esw_offloads_cleanup(struct mlx5_eswitch *esw, int nvports);
87 static int arm_vport_context_events_cmd(struct mlx5_core_dev *dev, u16 vport,
90 int in[MLX5_ST_SZ_DW(modify_nic_vport_context_in)] = {0};
91 int out[MLX5_ST_SZ_DW(modify_nic_vport_context_out)] = {0};
94 MLX5_SET(modify_nic_vport_context_in, in,
95 opcode, MLX5_CMD_OP_MODIFY_NIC_VPORT_CONTEXT);
96 MLX5_SET(modify_nic_vport_context_in, in, field_select.change_event, 1);
97 MLX5_SET(modify_nic_vport_context_in, in, vport_number, vport);
99 MLX5_SET(modify_nic_vport_context_in, in, other_vport, 1);
100 nic_vport_ctx = MLX5_ADDR_OF(modify_nic_vport_context_in,
101 in, nic_vport_context);
103 MLX5_SET(nic_vport_context, nic_vport_ctx, arm_change_event, 1);
105 if (events_mask & UC_ADDR_CHANGE)
106 MLX5_SET(nic_vport_context, nic_vport_ctx,
107 event_on_uc_address_change, 1);
108 if (events_mask & MC_ADDR_CHANGE)
109 MLX5_SET(nic_vport_context, nic_vport_ctx,
110 event_on_mc_address_change, 1);
111 if (events_mask & PROMISC_CHANGE)
112 MLX5_SET(nic_vport_context, nic_vport_ctx,
113 event_on_promisc_change, 1);
115 return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out));
118 /* E-Switch vport context HW commands */
119 static int query_esw_vport_context_cmd(struct mlx5_core_dev *mdev, u32 vport,
120 u32 *out, int outlen)
122 u32 in[MLX5_ST_SZ_DW(query_esw_vport_context_in)] = {0};
124 MLX5_SET(query_nic_vport_context_in, in, opcode,
125 MLX5_CMD_OP_QUERY_ESW_VPORT_CONTEXT);
126 MLX5_SET(query_esw_vport_context_in, in, vport_number, vport);
128 MLX5_SET(query_esw_vport_context_in, in, other_vport, 1);
129 return mlx5_cmd_exec(mdev, in, sizeof(in), out, outlen);
132 static int query_esw_vport_cvlan(struct mlx5_core_dev *dev, u32 vport,
135 u32 out[MLX5_ST_SZ_DW(query_esw_vport_context_out)] = {0};
143 if (!MLX5_CAP_ESW(dev, vport_cvlan_strip) ||
144 !MLX5_CAP_ESW(dev, vport_cvlan_insert_if_not_exist))
147 err = query_esw_vport_context_cmd(dev, vport, out, sizeof(out));
151 cvlan_strip = MLX5_GET(query_esw_vport_context_out, out,
152 esw_vport_context.vport_cvlan_strip);
154 cvlan_insert = MLX5_GET(query_esw_vport_context_out, out,
155 esw_vport_context.vport_cvlan_insert);
157 if (cvlan_strip || cvlan_insert) {
158 *vlan = MLX5_GET(query_esw_vport_context_out, out,
159 esw_vport_context.cvlan_id);
160 *qos = MLX5_GET(query_esw_vport_context_out, out,
161 esw_vport_context.cvlan_pcp);
164 esw_debug(dev, "Query Vport[%d] cvlan: VLAN %d qos=%d\n",
170 static int modify_esw_vport_context_cmd(struct mlx5_core_dev *dev, u16 vport,
173 u32 out[MLX5_ST_SZ_DW(modify_esw_vport_context_out)] = {0};
175 MLX5_SET(modify_esw_vport_context_in, in, opcode,
176 MLX5_CMD_OP_MODIFY_ESW_VPORT_CONTEXT);
177 MLX5_SET(modify_esw_vport_context_in, in, vport_number, vport);
179 MLX5_SET(modify_esw_vport_context_in, in, other_vport, 1);
180 return mlx5_cmd_exec(dev, in, inlen, out, sizeof(out));
183 static int modify_esw_vport_cvlan(struct mlx5_core_dev *dev, u32 vport,
184 u16 vlan, u8 qos, bool set)
186 u32 in[MLX5_ST_SZ_DW(modify_esw_vport_context_in)] = {0};
188 if (!MLX5_CAP_ESW(dev, vport_cvlan_strip) ||
189 !MLX5_CAP_ESW(dev, vport_cvlan_insert_if_not_exist))
192 esw_debug(dev, "Set Vport[%d] VLAN %d qos %d set=%d\n",
193 vport, vlan, qos, set);
195 MLX5_SET(modify_esw_vport_context_in, in,
196 esw_vport_context.vport_cvlan_strip, 1);
197 /* insert only if no vlan in packet */
198 MLX5_SET(modify_esw_vport_context_in, in,
199 esw_vport_context.vport_cvlan_insert, 1);
200 MLX5_SET(modify_esw_vport_context_in, in,
201 esw_vport_context.cvlan_pcp, qos);
202 MLX5_SET(modify_esw_vport_context_in, in,
203 esw_vport_context.cvlan_id, vlan);
206 MLX5_SET(modify_esw_vport_context_in, in,
207 field_select.vport_cvlan_strip, 1);
208 MLX5_SET(modify_esw_vport_context_in, in,
209 field_select.vport_cvlan_insert, 1);
211 return modify_esw_vport_context_cmd(dev, vport, in, sizeof(in));
214 /* HW L2 Table (MPFS) management */
215 static int set_l2_table_entry_cmd(struct mlx5_core_dev *dev, u32 index,
216 u8 *mac, u8 vlan_valid, u16 vlan)
218 u32 in[MLX5_ST_SZ_DW(set_l2_table_entry_in)] = {0};
219 u32 out[MLX5_ST_SZ_DW(set_l2_table_entry_out)] = {0};
222 MLX5_SET(set_l2_table_entry_in, in, opcode,
223 MLX5_CMD_OP_SET_L2_TABLE_ENTRY);
224 MLX5_SET(set_l2_table_entry_in, in, table_index, index);
225 MLX5_SET(set_l2_table_entry_in, in, vlan_valid, vlan_valid);
226 MLX5_SET(set_l2_table_entry_in, in, vlan, vlan);
228 in_mac_addr = MLX5_ADDR_OF(set_l2_table_entry_in, in, mac_address);
229 ether_addr_copy(&in_mac_addr[2], mac);
231 return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out));
234 static int del_l2_table_entry_cmd(struct mlx5_core_dev *dev, u32 index)
236 u32 in[MLX5_ST_SZ_DW(delete_l2_table_entry_in)] = {0};
237 u32 out[MLX5_ST_SZ_DW(delete_l2_table_entry_out)] = {0};
239 MLX5_SET(delete_l2_table_entry_in, in, opcode,
240 MLX5_CMD_OP_DELETE_L2_TABLE_ENTRY);
241 MLX5_SET(delete_l2_table_entry_in, in, table_index, index);
242 return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out));
245 static int alloc_l2_table_index(struct mlx5_l2_table *l2_table, u32 *ix)
249 *ix = find_first_zero_bit(l2_table->bitmap, l2_table->size);
250 if (*ix >= l2_table->size)
253 __set_bit(*ix, l2_table->bitmap);
258 static void free_l2_table_index(struct mlx5_l2_table *l2_table, u32 ix)
260 __clear_bit(ix, l2_table->bitmap);
263 static int set_l2_table_entry(struct mlx5_core_dev *dev, u8 *mac,
264 u8 vlan_valid, u16 vlan,
267 struct mlx5_l2_table *l2_table = &dev->priv.eswitch->l2_table;
270 err = alloc_l2_table_index(l2_table, index);
274 err = set_l2_table_entry_cmd(dev, *index, mac, vlan_valid, vlan);
276 free_l2_table_index(l2_table, *index);
281 static void del_l2_table_entry(struct mlx5_core_dev *dev, u32 index)
283 struct mlx5_l2_table *l2_table = &dev->priv.eswitch->l2_table;
285 del_l2_table_entry_cmd(dev, index);
286 free_l2_table_index(l2_table, index);
290 static struct mlx5_flow_rule *
291 __esw_fdb_set_vport_rule(struct mlx5_eswitch *esw, u32 vport, bool rx_rule,
292 u8 mac_c[ETH_ALEN], u8 mac_v[ETH_ALEN])
294 int match_header = (is_zero_ether_addr(mac_c) ? 0 :
295 MLX5_MATCH_OUTER_HEADERS);
296 struct mlx5_flow_rule *flow_rule = NULL;
297 struct mlx5_flow_destination dest;
298 struct mlx5_flow_spec *spec;
299 void *mv_misc = NULL;
300 void *mc_misc = NULL;
305 match_header |= MLX5_MATCH_MISC_PARAMETERS;
307 spec = mlx5_vzalloc(sizeof(*spec));
309 esw_warn(esw->dev, "FDB: Failed to alloc match parameters\n");
312 dmac_v = MLX5_ADDR_OF(fte_match_param, spec->match_value,
313 outer_headers.dmac_47_16);
314 dmac_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
315 outer_headers.dmac_47_16);
317 if (match_header & MLX5_MATCH_OUTER_HEADERS) {
318 ether_addr_copy(dmac_v, mac_v);
319 ether_addr_copy(dmac_c, mac_c);
322 if (match_header & MLX5_MATCH_MISC_PARAMETERS) {
323 mv_misc = MLX5_ADDR_OF(fte_match_param, spec->match_value,
325 mc_misc = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
327 MLX5_SET(fte_match_set_misc, mv_misc, source_port, UPLINK_VPORT);
328 MLX5_SET_TO_ONES(fte_match_set_misc, mc_misc, source_port);
331 dest.type = MLX5_FLOW_DESTINATION_TYPE_VPORT;
332 dest.vport_num = vport;
335 "\tFDB add rule dmac_v(%pM) dmac_c(%pM) -> vport(%d)\n",
336 dmac_v, dmac_c, vport);
337 spec->match_criteria_enable = match_header;
339 mlx5_add_flow_rule(esw->fdb_table.fdb, spec,
340 MLX5_FLOW_CONTEXT_ACTION_FWD_DEST,
342 if (IS_ERR(flow_rule)) {
344 "FDB: Failed to add flow rule: dmac_v(%pM) dmac_c(%pM) -> vport(%d), err(%ld)\n",
345 dmac_v, dmac_c, vport, PTR_ERR(flow_rule));
353 static struct mlx5_flow_rule *
354 esw_fdb_set_vport_rule(struct mlx5_eswitch *esw, u8 mac[ETH_ALEN], u32 vport)
358 eth_broadcast_addr(mac_c);
359 return __esw_fdb_set_vport_rule(esw, vport, false, mac_c, mac);
362 static struct mlx5_flow_rule *
363 esw_fdb_set_vport_allmulti_rule(struct mlx5_eswitch *esw, u32 vport)
368 eth_zero_addr(mac_c);
369 eth_zero_addr(mac_v);
372 return __esw_fdb_set_vport_rule(esw, vport, false, mac_c, mac_v);
375 static struct mlx5_flow_rule *
376 esw_fdb_set_vport_promisc_rule(struct mlx5_eswitch *esw, u32 vport)
381 eth_zero_addr(mac_c);
382 eth_zero_addr(mac_v);
383 return __esw_fdb_set_vport_rule(esw, vport, true, mac_c, mac_v);
386 static int esw_create_legacy_fdb_table(struct mlx5_eswitch *esw, int nvports)
388 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
389 struct mlx5_core_dev *dev = esw->dev;
390 struct mlx5_flow_namespace *root_ns;
391 struct mlx5_flow_table *fdb;
392 struct mlx5_flow_group *g;
393 void *match_criteria;
399 esw_debug(dev, "Create FDB log_max_size(%d)\n",
400 MLX5_CAP_ESW_FLOWTABLE_FDB(dev, log_max_ft_size));
402 root_ns = mlx5_get_flow_namespace(dev, MLX5_FLOW_NAMESPACE_FDB);
404 esw_warn(dev, "Failed to get FDB flow namespace\n");
408 flow_group_in = mlx5_vzalloc(inlen);
411 memset(flow_group_in, 0, inlen);
413 table_size = BIT(MLX5_CAP_ESW_FLOWTABLE_FDB(dev, log_max_ft_size));
414 fdb = mlx5_create_flow_table(root_ns, 0, table_size, 0);
417 esw_warn(dev, "Failed to create FDB Table err %d\n", err);
420 esw->fdb_table.fdb = fdb;
422 /* Addresses group : Full match unicast/multicast addresses */
423 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
424 MLX5_MATCH_OUTER_HEADERS);
425 match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
426 dmac = MLX5_ADDR_OF(fte_match_param, match_criteria, outer_headers.dmac_47_16);
427 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
428 /* Preserve 2 entries for allmulti and promisc rules*/
429 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, table_size - 3);
430 eth_broadcast_addr(dmac);
431 g = mlx5_create_flow_group(fdb, flow_group_in);
434 esw_warn(dev, "Failed to create flow group err(%d)\n", err);
437 esw->fdb_table.legacy.addr_grp = g;
439 /* Allmulti group : One rule that forwards any mcast traffic */
440 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
441 MLX5_MATCH_OUTER_HEADERS);
442 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, table_size - 2);
443 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, table_size - 2);
446 g = mlx5_create_flow_group(fdb, flow_group_in);
449 esw_warn(dev, "Failed to create allmulti flow group err(%d)\n", err);
452 esw->fdb_table.legacy.allmulti_grp = g;
454 /* Promiscuous group :
455 * One rule that forward all unmatched traffic from previous groups
458 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
459 MLX5_MATCH_MISC_PARAMETERS);
460 MLX5_SET_TO_ONES(fte_match_param, match_criteria, misc_parameters.source_port);
461 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, table_size - 1);
462 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, table_size - 1);
463 g = mlx5_create_flow_group(fdb, flow_group_in);
466 esw_warn(dev, "Failed to create promisc flow group err(%d)\n", err);
469 esw->fdb_table.legacy.promisc_grp = g;
473 if (!IS_ERR_OR_NULL(esw->fdb_table.legacy.allmulti_grp)) {
474 mlx5_destroy_flow_group(esw->fdb_table.legacy.allmulti_grp);
475 esw->fdb_table.legacy.allmulti_grp = NULL;
477 if (!IS_ERR_OR_NULL(esw->fdb_table.legacy.addr_grp)) {
478 mlx5_destroy_flow_group(esw->fdb_table.legacy.addr_grp);
479 esw->fdb_table.legacy.addr_grp = NULL;
481 if (!IS_ERR_OR_NULL(esw->fdb_table.fdb)) {
482 mlx5_destroy_flow_table(esw->fdb_table.fdb);
483 esw->fdb_table.fdb = NULL;
487 kvfree(flow_group_in);
491 static void esw_destroy_legacy_fdb_table(struct mlx5_eswitch *esw)
493 if (!esw->fdb_table.fdb)
496 esw_debug(esw->dev, "Destroy FDB Table\n");
497 mlx5_destroy_flow_group(esw->fdb_table.legacy.promisc_grp);
498 mlx5_destroy_flow_group(esw->fdb_table.legacy.allmulti_grp);
499 mlx5_destroy_flow_group(esw->fdb_table.legacy.addr_grp);
500 mlx5_destroy_flow_table(esw->fdb_table.fdb);
501 esw->fdb_table.fdb = NULL;
502 esw->fdb_table.legacy.addr_grp = NULL;
503 esw->fdb_table.legacy.allmulti_grp = NULL;
504 esw->fdb_table.legacy.promisc_grp = NULL;
507 /* E-Switch vport UC/MC lists management */
508 typedef int (*vport_addr_action)(struct mlx5_eswitch *esw,
509 struct vport_addr *vaddr);
511 static int esw_add_uc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
513 struct hlist_head *hash = esw->l2_table.l2_hash;
514 struct esw_uc_addr *esw_uc;
515 u8 *mac = vaddr->node.addr;
516 u32 vport = vaddr->vport;
519 esw_uc = l2addr_hash_find(hash, mac, struct esw_uc_addr);
522 "Failed to set L2 mac(%pM) for vport(%d), mac is already in use by vport(%d)\n",
523 mac, vport, esw_uc->vport);
527 esw_uc = l2addr_hash_add(hash, mac, struct esw_uc_addr, GFP_KERNEL);
530 esw_uc->vport = vport;
532 err = set_l2_table_entry(esw->dev, mac, 0, 0, &esw_uc->table_index);
536 /* SRIOV is enabled: Forward UC MAC to vport */
537 if (esw->fdb_table.fdb && esw->mode == SRIOV_LEGACY)
538 vaddr->flow_rule = esw_fdb_set_vport_rule(esw, mac, vport);
540 esw_debug(esw->dev, "\tADDED UC MAC: vport[%d] %pM index:%d fr(%p)\n",
541 vport, mac, esw_uc->table_index, vaddr->flow_rule);
544 l2addr_hash_del(esw_uc);
548 static int esw_del_uc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
550 struct hlist_head *hash = esw->l2_table.l2_hash;
551 struct esw_uc_addr *esw_uc;
552 u8 *mac = vaddr->node.addr;
553 u32 vport = vaddr->vport;
555 esw_uc = l2addr_hash_find(hash, mac, struct esw_uc_addr);
556 if (!esw_uc || esw_uc->vport != vport) {
558 "MAC(%pM) doesn't belong to vport (%d)\n",
562 esw_debug(esw->dev, "\tDELETE UC MAC: vport[%d] %pM index:%d fr(%p)\n",
563 vport, mac, esw_uc->table_index, vaddr->flow_rule);
565 del_l2_table_entry(esw->dev, esw_uc->table_index);
567 if (vaddr->flow_rule)
568 mlx5_del_flow_rule(vaddr->flow_rule);
569 vaddr->flow_rule = NULL;
571 l2addr_hash_del(esw_uc);
575 static void update_allmulti_vports(struct mlx5_eswitch *esw,
576 struct vport_addr *vaddr,
577 struct esw_mc_addr *esw_mc)
579 u8 *mac = vaddr->node.addr;
582 for (vport_idx = 0; vport_idx < esw->total_vports; vport_idx++) {
583 struct mlx5_vport *vport = &esw->vports[vport_idx];
584 struct hlist_head *vport_hash = vport->mc_list;
585 struct vport_addr *iter_vaddr =
586 l2addr_hash_find(vport_hash,
589 if (IS_ERR_OR_NULL(vport->allmulti_rule) ||
590 vaddr->vport == vport_idx)
592 switch (vaddr->action) {
593 case MLX5_ACTION_ADD:
596 iter_vaddr = l2addr_hash_add(vport_hash, mac,
601 "ALL-MULTI: Failed to add MAC(%pM) to vport[%d] DB\n",
605 iter_vaddr->vport = vport_idx;
606 iter_vaddr->flow_rule =
607 esw_fdb_set_vport_rule(esw,
610 iter_vaddr->mc_promisc = true;
612 case MLX5_ACTION_DEL:
615 mlx5_del_flow_rule(iter_vaddr->flow_rule);
616 l2addr_hash_del(iter_vaddr);
622 static int esw_add_mc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
624 struct hlist_head *hash = esw->mc_table;
625 struct esw_mc_addr *esw_mc;
626 u8 *mac = vaddr->node.addr;
627 u32 vport = vaddr->vport;
629 if (!esw->fdb_table.fdb)
632 esw_mc = l2addr_hash_find(hash, mac, struct esw_mc_addr);
636 esw_mc = l2addr_hash_add(hash, mac, struct esw_mc_addr, GFP_KERNEL);
640 esw_mc->uplink_rule = /* Forward MC MAC to Uplink */
641 esw_fdb_set_vport_rule(esw, mac, UPLINK_VPORT);
643 /* Add this multicast mac to all the mc promiscuous vports */
644 update_allmulti_vports(esw, vaddr, esw_mc);
647 /* If the multicast mac is added as a result of mc promiscuous vport,
648 * don't increment the multicast ref count
650 if (!vaddr->mc_promisc)
653 /* Forward MC MAC to vport */
654 vaddr->flow_rule = esw_fdb_set_vport_rule(esw, mac, vport);
656 "\tADDED MC MAC: vport[%d] %pM fr(%p) refcnt(%d) uplinkfr(%p)\n",
657 vport, mac, vaddr->flow_rule,
658 esw_mc->refcnt, esw_mc->uplink_rule);
662 static int esw_del_mc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
664 struct hlist_head *hash = esw->mc_table;
665 struct esw_mc_addr *esw_mc;
666 u8 *mac = vaddr->node.addr;
667 u32 vport = vaddr->vport;
669 if (!esw->fdb_table.fdb)
672 esw_mc = l2addr_hash_find(hash, mac, struct esw_mc_addr);
675 "Failed to find eswitch MC addr for MAC(%pM) vport(%d)",
680 "\tDELETE MC MAC: vport[%d] %pM fr(%p) refcnt(%d) uplinkfr(%p)\n",
681 vport, mac, vaddr->flow_rule, esw_mc->refcnt,
682 esw_mc->uplink_rule);
684 if (vaddr->flow_rule)
685 mlx5_del_flow_rule(vaddr->flow_rule);
686 vaddr->flow_rule = NULL;
688 /* If the multicast mac is added as a result of mc promiscuous vport,
689 * don't decrement the multicast ref count.
691 if (vaddr->mc_promisc || (--esw_mc->refcnt > 0))
694 /* Remove this multicast mac from all the mc promiscuous vports */
695 update_allmulti_vports(esw, vaddr, esw_mc);
697 if (esw_mc->uplink_rule)
698 mlx5_del_flow_rule(esw_mc->uplink_rule);
700 l2addr_hash_del(esw_mc);
704 /* Apply vport UC/MC list to HW l2 table and FDB table */
705 static void esw_apply_vport_addr_list(struct mlx5_eswitch *esw,
706 u32 vport_num, int list_type)
708 struct mlx5_vport *vport = &esw->vports[vport_num];
709 bool is_uc = list_type == MLX5_NVPRT_LIST_TYPE_UC;
710 vport_addr_action vport_addr_add;
711 vport_addr_action vport_addr_del;
712 struct vport_addr *addr;
713 struct l2addr_node *node;
714 struct hlist_head *hash;
715 struct hlist_node *tmp;
718 vport_addr_add = is_uc ? esw_add_uc_addr :
720 vport_addr_del = is_uc ? esw_del_uc_addr :
723 hash = is_uc ? vport->uc_list : vport->mc_list;
724 for_each_l2hash_node(node, tmp, hash, hi) {
725 addr = container_of(node, struct vport_addr, node);
726 switch (addr->action) {
727 case MLX5_ACTION_ADD:
728 vport_addr_add(esw, addr);
729 addr->action = MLX5_ACTION_NONE;
731 case MLX5_ACTION_DEL:
732 vport_addr_del(esw, addr);
733 l2addr_hash_del(addr);
739 /* Sync vport UC/MC list from vport context */
740 static void esw_update_vport_addr_list(struct mlx5_eswitch *esw,
741 u32 vport_num, int list_type)
743 struct mlx5_vport *vport = &esw->vports[vport_num];
744 bool is_uc = list_type == MLX5_NVPRT_LIST_TYPE_UC;
745 u8 (*mac_list)[ETH_ALEN];
746 struct l2addr_node *node;
747 struct vport_addr *addr;
748 struct hlist_head *hash;
749 struct hlist_node *tmp;
755 size = is_uc ? MLX5_MAX_UC_PER_VPORT(esw->dev) :
756 MLX5_MAX_MC_PER_VPORT(esw->dev);
758 mac_list = kcalloc(size, ETH_ALEN, GFP_KERNEL);
762 hash = is_uc ? vport->uc_list : vport->mc_list;
764 for_each_l2hash_node(node, tmp, hash, hi) {
765 addr = container_of(node, struct vport_addr, node);
766 addr->action = MLX5_ACTION_DEL;
772 err = mlx5_query_nic_vport_mac_list(esw->dev, vport_num, list_type,
776 esw_debug(esw->dev, "vport[%d] context update %s list size (%d)\n",
777 vport_num, is_uc ? "UC" : "MC", size);
779 for (i = 0; i < size; i++) {
780 if (is_uc && !is_valid_ether_addr(mac_list[i]))
783 if (!is_uc && !is_multicast_ether_addr(mac_list[i]))
786 addr = l2addr_hash_find(hash, mac_list[i], struct vport_addr);
788 addr->action = MLX5_ACTION_NONE;
789 /* If this mac was previously added because of allmulti
790 * promiscuous rx mode, its now converted to be original
793 if (addr->mc_promisc) {
794 struct esw_mc_addr *esw_mc =
795 l2addr_hash_find(esw->mc_table,
800 "Failed to MAC(%pM) in mcast DB\n",
805 addr->mc_promisc = false;
810 addr = l2addr_hash_add(hash, mac_list[i], struct vport_addr,
814 "Failed to add MAC(%pM) to vport[%d] DB\n",
815 mac_list[i], vport_num);
818 addr->vport = vport_num;
819 addr->action = MLX5_ACTION_ADD;
825 /* Sync vport UC/MC list from vport context
826 * Must be called after esw_update_vport_addr_list
828 static void esw_update_vport_mc_promisc(struct mlx5_eswitch *esw, u32 vport_num)
830 struct mlx5_vport *vport = &esw->vports[vport_num];
831 struct l2addr_node *node;
832 struct vport_addr *addr;
833 struct hlist_head *hash;
834 struct hlist_node *tmp;
837 hash = vport->mc_list;
839 for_each_l2hash_node(node, tmp, esw->mc_table, hi) {
840 u8 *mac = node->addr;
842 addr = l2addr_hash_find(hash, mac, struct vport_addr);
844 if (addr->action == MLX5_ACTION_DEL)
845 addr->action = MLX5_ACTION_NONE;
848 addr = l2addr_hash_add(hash, mac, struct vport_addr,
852 "Failed to add allmulti MAC(%pM) to vport[%d] DB\n",
856 addr->vport = vport_num;
857 addr->action = MLX5_ACTION_ADD;
858 addr->mc_promisc = true;
862 /* Apply vport rx mode to HW FDB table */
863 static void esw_apply_vport_rx_mode(struct mlx5_eswitch *esw, u32 vport_num,
864 bool promisc, bool mc_promisc)
866 struct esw_mc_addr *allmulti_addr = esw->mc_promisc;
867 struct mlx5_vport *vport = &esw->vports[vport_num];
869 if (IS_ERR_OR_NULL(vport->allmulti_rule) != mc_promisc)
873 vport->allmulti_rule =
874 esw_fdb_set_vport_allmulti_rule(esw, vport_num);
875 if (!allmulti_addr->uplink_rule)
876 allmulti_addr->uplink_rule =
877 esw_fdb_set_vport_allmulti_rule(esw,
879 allmulti_addr->refcnt++;
880 } else if (vport->allmulti_rule) {
881 mlx5_del_flow_rule(vport->allmulti_rule);
882 vport->allmulti_rule = NULL;
884 if (--allmulti_addr->refcnt > 0)
887 if (allmulti_addr->uplink_rule)
888 mlx5_del_flow_rule(allmulti_addr->uplink_rule);
889 allmulti_addr->uplink_rule = NULL;
893 if (IS_ERR_OR_NULL(vport->promisc_rule) != promisc)
897 vport->promisc_rule = esw_fdb_set_vport_promisc_rule(esw,
899 } else if (vport->promisc_rule) {
900 mlx5_del_flow_rule(vport->promisc_rule);
901 vport->promisc_rule = NULL;
905 /* Sync vport rx mode from vport context */
906 static void esw_update_vport_rx_mode(struct mlx5_eswitch *esw, u32 vport_num)
908 struct mlx5_vport *vport = &esw->vports[vport_num];
914 err = mlx5_query_nic_vport_promisc(esw->dev,
921 esw_debug(esw->dev, "vport[%d] context update rx mode promisc_all=%d, all_multi=%d\n",
922 vport_num, promisc_all, promisc_mc);
924 if (!vport->trusted || !vport->enabled) {
930 esw_apply_vport_rx_mode(esw, vport_num, promisc_all,
931 (promisc_all || promisc_mc));
934 static void esw_vport_change_handle_locked(struct mlx5_vport *vport)
936 struct mlx5_core_dev *dev = vport->dev;
937 struct mlx5_eswitch *esw = dev->priv.eswitch;
940 mlx5_query_nic_vport_mac_address(dev, vport->vport, mac);
941 esw_debug(dev, "vport[%d] Context Changed: perm mac: %pM\n",
944 if (vport->enabled_events & UC_ADDR_CHANGE) {
945 esw_update_vport_addr_list(esw, vport->vport,
946 MLX5_NVPRT_LIST_TYPE_UC);
947 esw_apply_vport_addr_list(esw, vport->vport,
948 MLX5_NVPRT_LIST_TYPE_UC);
951 if (vport->enabled_events & MC_ADDR_CHANGE) {
952 esw_update_vport_addr_list(esw, vport->vport,
953 MLX5_NVPRT_LIST_TYPE_MC);
956 if (vport->enabled_events & PROMISC_CHANGE) {
957 esw_update_vport_rx_mode(esw, vport->vport);
958 if (!IS_ERR_OR_NULL(vport->allmulti_rule))
959 esw_update_vport_mc_promisc(esw, vport->vport);
962 if (vport->enabled_events & (PROMISC_CHANGE | MC_ADDR_CHANGE)) {
963 esw_apply_vport_addr_list(esw, vport->vport,
964 MLX5_NVPRT_LIST_TYPE_MC);
967 esw_debug(esw->dev, "vport[%d] Context Changed: Done\n", vport->vport);
969 arm_vport_context_events_cmd(dev, vport->vport,
970 vport->enabled_events);
973 static void esw_vport_change_handler(struct work_struct *work)
975 struct mlx5_vport *vport =
976 container_of(work, struct mlx5_vport, vport_change_handler);
977 struct mlx5_eswitch *esw = vport->dev->priv.eswitch;
979 mutex_lock(&esw->state_lock);
980 esw_vport_change_handle_locked(vport);
981 mutex_unlock(&esw->state_lock);
984 static void esw_vport_enable_egress_acl(struct mlx5_eswitch *esw,
985 struct mlx5_vport *vport)
987 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
988 struct mlx5_flow_group *vlan_grp = NULL;
989 struct mlx5_flow_group *drop_grp = NULL;
990 struct mlx5_core_dev *dev = esw->dev;
991 struct mlx5_flow_namespace *root_ns;
992 struct mlx5_flow_table *acl;
993 void *match_criteria;
995 /* The egress acl table contains 2 rules:
996 * 1)Allow traffic with vlan_tag=vst_vlan_id
997 * 2)Drop all other traffic.
1002 if (!MLX5_CAP_ESW_EGRESS_ACL(dev, ft_support) ||
1003 !IS_ERR_OR_NULL(vport->egress.acl))
1006 esw_debug(dev, "Create vport[%d] egress ACL log_max_size(%d)\n",
1007 vport->vport, MLX5_CAP_ESW_EGRESS_ACL(dev, log_max_ft_size));
1009 root_ns = mlx5_get_flow_namespace(dev, MLX5_FLOW_NAMESPACE_ESW_EGRESS);
1011 esw_warn(dev, "Failed to get E-Switch egress flow namespace\n");
1015 flow_group_in = mlx5_vzalloc(inlen);
1019 acl = mlx5_create_vport_flow_table(root_ns, 0, table_size, 0, vport->vport);
1022 esw_warn(dev, "Failed to create E-Switch vport[%d] egress flow Table, err(%d)\n",
1027 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1028 match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
1029 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.vlan_tag);
1030 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.first_vid);
1031 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
1032 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
1034 vlan_grp = mlx5_create_flow_group(acl, flow_group_in);
1035 if (IS_ERR(vlan_grp)) {
1036 err = PTR_ERR(vlan_grp);
1037 esw_warn(dev, "Failed to create E-Switch vport[%d] egress allowed vlans flow group, err(%d)\n",
1042 memset(flow_group_in, 0, inlen);
1043 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
1044 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
1045 drop_grp = mlx5_create_flow_group(acl, flow_group_in);
1046 if (IS_ERR(drop_grp)) {
1047 err = PTR_ERR(drop_grp);
1048 esw_warn(dev, "Failed to create E-Switch vport[%d] egress drop flow group, err(%d)\n",
1053 vport->egress.acl = acl;
1054 vport->egress.drop_grp = drop_grp;
1055 vport->egress.allowed_vlans_grp = vlan_grp;
1057 kvfree(flow_group_in);
1058 if (err && !IS_ERR_OR_NULL(vlan_grp))
1059 mlx5_destroy_flow_group(vlan_grp);
1060 if (err && !IS_ERR_OR_NULL(acl))
1061 mlx5_destroy_flow_table(acl);
1064 static void esw_vport_cleanup_egress_rules(struct mlx5_eswitch *esw,
1065 struct mlx5_vport *vport)
1067 if (!IS_ERR_OR_NULL(vport->egress.allowed_vlan))
1068 mlx5_del_flow_rule(vport->egress.allowed_vlan);
1070 if (!IS_ERR_OR_NULL(vport->egress.drop_rule))
1071 mlx5_del_flow_rule(vport->egress.drop_rule);
1073 vport->egress.allowed_vlan = NULL;
1074 vport->egress.drop_rule = NULL;
1077 static void esw_vport_disable_egress_acl(struct mlx5_eswitch *esw,
1078 struct mlx5_vport *vport)
1080 if (IS_ERR_OR_NULL(vport->egress.acl))
1083 esw_debug(esw->dev, "Destroy vport[%d] E-Switch egress ACL\n", vport->vport);
1085 esw_vport_cleanup_egress_rules(esw, vport);
1086 mlx5_destroy_flow_group(vport->egress.allowed_vlans_grp);
1087 mlx5_destroy_flow_group(vport->egress.drop_grp);
1088 mlx5_destroy_flow_table(vport->egress.acl);
1089 vport->egress.allowed_vlans_grp = NULL;
1090 vport->egress.drop_grp = NULL;
1091 vport->egress.acl = NULL;
1094 static void esw_vport_enable_ingress_acl(struct mlx5_eswitch *esw,
1095 struct mlx5_vport *vport)
1097 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
1098 struct mlx5_core_dev *dev = esw->dev;
1099 struct mlx5_flow_namespace *root_ns;
1100 struct mlx5_flow_table *acl;
1101 struct mlx5_flow_group *g;
1102 void *match_criteria;
1104 /* The ingress acl table contains 4 groups
1105 * (2 active rules at the same time -
1106 * 1 allow rule from one of the first 3 groups.
1107 * 1 drop rule from the last group):
1108 * 1)Allow untagged traffic with smac=original mac.
1109 * 2)Allow untagged traffic.
1110 * 3)Allow traffic with smac=original mac.
1111 * 4)Drop all other traffic.
1116 if (!MLX5_CAP_ESW_INGRESS_ACL(dev, ft_support) ||
1117 !IS_ERR_OR_NULL(vport->ingress.acl))
1120 esw_debug(dev, "Create vport[%d] ingress ACL log_max_size(%d)\n",
1121 vport->vport, MLX5_CAP_ESW_INGRESS_ACL(dev, log_max_ft_size));
1123 root_ns = mlx5_get_flow_namespace(dev, MLX5_FLOW_NAMESPACE_ESW_INGRESS);
1125 esw_warn(dev, "Failed to get E-Switch ingress flow namespace\n");
1129 flow_group_in = mlx5_vzalloc(inlen);
1133 acl = mlx5_create_vport_flow_table(root_ns, 0, table_size, 0, vport->vport);
1136 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress flow Table, err(%d)\n",
1140 vport->ingress.acl = acl;
1142 match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
1144 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1145 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.vlan_tag);
1146 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
1147 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
1148 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
1149 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
1151 g = mlx5_create_flow_group(acl, flow_group_in);
1154 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress untagged spoofchk flow group, err(%d)\n",
1158 vport->ingress.allow_untagged_spoofchk_grp = g;
1160 memset(flow_group_in, 0, inlen);
1161 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1162 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.vlan_tag);
1163 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
1164 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
1166 g = mlx5_create_flow_group(acl, flow_group_in);
1169 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress untagged flow group, err(%d)\n",
1173 vport->ingress.allow_untagged_only_grp = g;
1175 memset(flow_group_in, 0, inlen);
1176 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1177 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
1178 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
1179 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 2);
1180 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 2);
1182 g = mlx5_create_flow_group(acl, flow_group_in);
1185 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress spoofchk flow group, err(%d)\n",
1189 vport->ingress.allow_spoofchk_only_grp = g;
1191 memset(flow_group_in, 0, inlen);
1192 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 3);
1193 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 3);
1195 g = mlx5_create_flow_group(acl, flow_group_in);
1198 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress drop flow group, err(%d)\n",
1202 vport->ingress.drop_grp = g;
1206 if (!IS_ERR_OR_NULL(vport->ingress.allow_spoofchk_only_grp))
1207 mlx5_destroy_flow_group(
1208 vport->ingress.allow_spoofchk_only_grp);
1209 if (!IS_ERR_OR_NULL(vport->ingress.allow_untagged_only_grp))
1210 mlx5_destroy_flow_group(
1211 vport->ingress.allow_untagged_only_grp);
1212 if (!IS_ERR_OR_NULL(vport->ingress.allow_untagged_spoofchk_grp))
1213 mlx5_destroy_flow_group(
1214 vport->ingress.allow_untagged_spoofchk_grp);
1215 if (!IS_ERR_OR_NULL(vport->ingress.acl))
1216 mlx5_destroy_flow_table(vport->ingress.acl);
1219 kvfree(flow_group_in);
1222 static void esw_vport_cleanup_ingress_rules(struct mlx5_eswitch *esw,
1223 struct mlx5_vport *vport)
1225 if (!IS_ERR_OR_NULL(vport->ingress.drop_rule))
1226 mlx5_del_flow_rule(vport->ingress.drop_rule);
1228 if (!IS_ERR_OR_NULL(vport->ingress.allow_rule))
1229 mlx5_del_flow_rule(vport->ingress.allow_rule);
1231 vport->ingress.drop_rule = NULL;
1232 vport->ingress.allow_rule = NULL;
1235 static void esw_vport_disable_ingress_acl(struct mlx5_eswitch *esw,
1236 struct mlx5_vport *vport)
1238 if (IS_ERR_OR_NULL(vport->ingress.acl))
1241 esw_debug(esw->dev, "Destroy vport[%d] E-Switch ingress ACL\n", vport->vport);
1243 esw_vport_cleanup_ingress_rules(esw, vport);
1244 mlx5_destroy_flow_group(vport->ingress.allow_spoofchk_only_grp);
1245 mlx5_destroy_flow_group(vport->ingress.allow_untagged_only_grp);
1246 mlx5_destroy_flow_group(vport->ingress.allow_untagged_spoofchk_grp);
1247 mlx5_destroy_flow_group(vport->ingress.drop_grp);
1248 mlx5_destroy_flow_table(vport->ingress.acl);
1249 vport->ingress.acl = NULL;
1250 vport->ingress.drop_grp = NULL;
1251 vport->ingress.allow_spoofchk_only_grp = NULL;
1252 vport->ingress.allow_untagged_only_grp = NULL;
1253 vport->ingress.allow_untagged_spoofchk_grp = NULL;
1256 static int esw_vport_ingress_config(struct mlx5_eswitch *esw,
1257 struct mlx5_vport *vport)
1259 struct mlx5_flow_spec *spec;
1264 if (vport->spoofchk) {
1265 err = mlx5_query_nic_vport_mac_address(esw->dev, vport->vport, smac);
1268 "vport[%d] configure ingress rules failed, query smac failed, err(%d)\n",
1273 if (!is_valid_ether_addr(smac)) {
1274 mlx5_core_warn(esw->dev,
1275 "vport[%d] configure ingress rules failed, illegal mac with spoofchk\n",
1281 esw_vport_cleanup_ingress_rules(esw, vport);
1283 if (!vport->vlan && !vport->qos && !vport->spoofchk) {
1284 esw_vport_disable_ingress_acl(esw, vport);
1288 esw_vport_enable_ingress_acl(esw, vport);
1291 "vport[%d] configure ingress rules, vlan(%d) qos(%d)\n",
1292 vport->vport, vport->vlan, vport->qos);
1294 spec = mlx5_vzalloc(sizeof(*spec));
1297 esw_warn(esw->dev, "vport[%d] configure ingress rules failed, err(%d)\n",
1302 if (vport->vlan || vport->qos)
1303 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.vlan_tag);
1305 if (vport->spoofchk) {
1306 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.smac_47_16);
1307 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.smac_15_0);
1308 smac_v = MLX5_ADDR_OF(fte_match_param,
1310 outer_headers.smac_47_16);
1311 ether_addr_copy(smac_v, smac);
1314 spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
1315 vport->ingress.allow_rule =
1316 mlx5_add_flow_rule(vport->ingress.acl, spec,
1317 MLX5_FLOW_CONTEXT_ACTION_ALLOW,
1319 if (IS_ERR(vport->ingress.allow_rule)) {
1320 err = PTR_ERR(vport->ingress.allow_rule);
1322 "vport[%d] configure ingress allow rule, err(%d)\n",
1324 vport->ingress.allow_rule = NULL;
1328 memset(spec, 0, sizeof(*spec));
1329 vport->ingress.drop_rule =
1330 mlx5_add_flow_rule(vport->ingress.acl, spec,
1331 MLX5_FLOW_CONTEXT_ACTION_DROP,
1333 if (IS_ERR(vport->ingress.drop_rule)) {
1334 err = PTR_ERR(vport->ingress.drop_rule);
1336 "vport[%d] configure ingress drop rule, err(%d)\n",
1338 vport->ingress.drop_rule = NULL;
1344 esw_vport_cleanup_ingress_rules(esw, vport);
1349 static int esw_vport_egress_config(struct mlx5_eswitch *esw,
1350 struct mlx5_vport *vport)
1352 struct mlx5_flow_spec *spec;
1355 esw_vport_cleanup_egress_rules(esw, vport);
1357 if (!vport->vlan && !vport->qos) {
1358 esw_vport_disable_egress_acl(esw, vport);
1362 esw_vport_enable_egress_acl(esw, vport);
1365 "vport[%d] configure egress rules, vlan(%d) qos(%d)\n",
1366 vport->vport, vport->vlan, vport->qos);
1368 spec = mlx5_vzalloc(sizeof(*spec));
1371 esw_warn(esw->dev, "vport[%d] configure egress rules failed, err(%d)\n",
1376 /* Allowed vlan rule */
1377 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.vlan_tag);
1378 MLX5_SET_TO_ONES(fte_match_param, spec->match_value, outer_headers.vlan_tag);
1379 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.first_vid);
1380 MLX5_SET(fte_match_param, spec->match_value, outer_headers.first_vid, vport->vlan);
1382 spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
1383 vport->egress.allowed_vlan =
1384 mlx5_add_flow_rule(vport->egress.acl, spec,
1385 MLX5_FLOW_CONTEXT_ACTION_ALLOW,
1387 if (IS_ERR(vport->egress.allowed_vlan)) {
1388 err = PTR_ERR(vport->egress.allowed_vlan);
1390 "vport[%d] configure egress allowed vlan rule failed, err(%d)\n",
1392 vport->egress.allowed_vlan = NULL;
1396 /* Drop others rule (star rule) */
1397 memset(spec, 0, sizeof(*spec));
1398 vport->egress.drop_rule =
1399 mlx5_add_flow_rule(vport->egress.acl, spec,
1400 MLX5_FLOW_CONTEXT_ACTION_DROP,
1402 if (IS_ERR(vport->egress.drop_rule)) {
1403 err = PTR_ERR(vport->egress.drop_rule);
1405 "vport[%d] configure egress drop rule failed, err(%d)\n",
1407 vport->egress.drop_rule = NULL;
1414 static void esw_enable_vport(struct mlx5_eswitch *esw, int vport_num,
1417 struct mlx5_vport *vport = &esw->vports[vport_num];
1419 mutex_lock(&esw->state_lock);
1420 WARN_ON(vport->enabled);
1422 esw_debug(esw->dev, "Enabling VPORT(%d)\n", vport_num);
1424 /* Only VFs need ACLs for VST and spoofchk filtering */
1425 if (vport_num && esw->mode == SRIOV_LEGACY) {
1426 esw_vport_ingress_config(esw, vport);
1427 esw_vport_egress_config(esw, vport);
1430 mlx5_modify_vport_admin_state(esw->dev,
1431 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1433 MLX5_ESW_VPORT_ADMIN_STATE_AUTO);
1435 /* Sync with current vport context */
1436 vport->enabled_events = enable_events;
1437 vport->enabled = true;
1439 /* only PF is trusted by default */
1440 vport->trusted = (vport_num) ? false : true;
1441 esw_vport_change_handle_locked(vport);
1443 esw->enabled_vports++;
1444 esw_debug(esw->dev, "Enabled VPORT(%d)\n", vport_num);
1445 mutex_unlock(&esw->state_lock);
1448 static void esw_disable_vport(struct mlx5_eswitch *esw, int vport_num)
1450 struct mlx5_vport *vport = &esw->vports[vport_num];
1452 if (!vport->enabled)
1455 esw_debug(esw->dev, "Disabling vport(%d)\n", vport_num);
1456 /* Mark this vport as disabled to discard new events */
1457 vport->enabled = false;
1459 synchronize_irq(mlx5_get_msix_vec(esw->dev, MLX5_EQ_VEC_ASYNC));
1461 mlx5_modify_vport_admin_state(esw->dev,
1462 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1464 MLX5_ESW_VPORT_ADMIN_STATE_DOWN);
1465 /* Wait for current already scheduled events to complete */
1466 flush_workqueue(esw->work_queue);
1467 /* Disable events from this vport */
1468 arm_vport_context_events_cmd(esw->dev, vport->vport, 0);
1469 mutex_lock(&esw->state_lock);
1470 /* We don't assume VFs will cleanup after themselves.
1471 * Calling vport change handler while vport is disabled will cleanup
1472 * the vport resources.
1474 esw_vport_change_handle_locked(vport);
1475 vport->enabled_events = 0;
1476 if (vport_num && esw->mode == SRIOV_LEGACY) {
1477 esw_vport_disable_egress_acl(esw, vport);
1478 esw_vport_disable_ingress_acl(esw, vport);
1480 esw->enabled_vports--;
1481 mutex_unlock(&esw->state_lock);
1484 /* Public E-Switch API */
1485 int mlx5_eswitch_enable_sriov(struct mlx5_eswitch *esw, int nvfs, int mode)
1488 int i, enabled_events;
1490 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1491 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1494 if (!MLX5_CAP_GEN(esw->dev, eswitch_flow_table) ||
1495 !MLX5_CAP_ESW_FLOWTABLE_FDB(esw->dev, ft_support)) {
1496 esw_warn(esw->dev, "E-Switch FDB is not supported, aborting ...\n");
1500 if (!MLX5_CAP_ESW_INGRESS_ACL(esw->dev, ft_support))
1501 esw_warn(esw->dev, "E-Switch ingress ACL is not supported by FW\n");
1503 if (!MLX5_CAP_ESW_EGRESS_ACL(esw->dev, ft_support))
1504 esw_warn(esw->dev, "E-Switch engress ACL is not supported by FW\n");
1506 esw_info(esw->dev, "E-Switch enable SRIOV: nvfs(%d) mode (%d)\n", nvfs, mode);
1508 esw_disable_vport(esw, 0);
1510 if (mode == SRIOV_LEGACY)
1511 err = esw_create_legacy_fdb_table(esw, nvfs + 1);
1513 err = esw_offloads_init(esw, nvfs + 1);
1517 enabled_events = (mode == SRIOV_LEGACY) ? SRIOV_VPORT_EVENTS : UC_ADDR_CHANGE;
1518 for (i = 0; i <= nvfs; i++)
1519 esw_enable_vport(esw, i, enabled_events);
1521 esw_info(esw->dev, "SRIOV enabled: active vports(%d)\n",
1522 esw->enabled_vports);
1526 esw_enable_vport(esw, 0, UC_ADDR_CHANGE);
1530 void mlx5_eswitch_disable_sriov(struct mlx5_eswitch *esw)
1532 struct esw_mc_addr *mc_promisc;
1536 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1537 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1540 esw_info(esw->dev, "disable SRIOV: active vports(%d) mode(%d)\n",
1541 esw->enabled_vports, esw->mode);
1543 mc_promisc = esw->mc_promisc;
1544 nvports = esw->enabled_vports;
1546 for (i = 0; i < esw->total_vports; i++)
1547 esw_disable_vport(esw, i);
1549 if (mc_promisc && mc_promisc->uplink_rule)
1550 mlx5_del_flow_rule(mc_promisc->uplink_rule);
1552 if (esw->mode == SRIOV_LEGACY)
1553 esw_destroy_legacy_fdb_table(esw);
1554 else if (esw->mode == SRIOV_OFFLOADS)
1555 esw_offloads_cleanup(esw, nvports);
1557 esw->mode = SRIOV_NONE;
1558 /* VPORT 0 (PF) must be enabled back with non-sriov configuration */
1559 esw_enable_vport(esw, 0, UC_ADDR_CHANGE);
1562 void mlx5_eswitch_attach(struct mlx5_eswitch *esw)
1564 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1565 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1568 esw_enable_vport(esw, 0, UC_ADDR_CHANGE);
1569 /* VF Vports will be enabled when SRIOV is enabled */
1572 void mlx5_eswitch_detach(struct mlx5_eswitch *esw)
1574 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1575 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1578 esw_disable_vport(esw, 0);
1581 int mlx5_eswitch_init(struct mlx5_core_dev *dev)
1583 int l2_table_size = 1 << MLX5_CAP_GEN(dev, log_max_l2_table);
1584 int total_vports = MLX5_TOTAL_VPORTS(dev);
1585 struct esw_mc_addr *mc_promisc;
1586 struct mlx5_eswitch *esw;
1590 if (!MLX5_CAP_GEN(dev, vport_group_manager) ||
1591 MLX5_CAP_GEN(dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1595 "Total vports %d, l2 table size(%d), per vport: max uc(%d) max mc(%d)\n",
1596 total_vports, l2_table_size,
1597 MLX5_MAX_UC_PER_VPORT(dev),
1598 MLX5_MAX_MC_PER_VPORT(dev));
1600 esw = kzalloc(sizeof(*esw), GFP_KERNEL);
1606 esw->l2_table.bitmap = kcalloc(BITS_TO_LONGS(l2_table_size),
1607 sizeof(uintptr_t), GFP_KERNEL);
1608 if (!esw->l2_table.bitmap) {
1612 esw->l2_table.size = l2_table_size;
1614 mc_promisc = kzalloc(sizeof(*mc_promisc), GFP_KERNEL);
1619 esw->mc_promisc = mc_promisc;
1621 esw->work_queue = create_singlethread_workqueue("mlx5_esw_wq");
1622 if (!esw->work_queue) {
1627 esw->vports = kcalloc(total_vports, sizeof(struct mlx5_vport),
1634 esw->offloads.vport_reps =
1635 kzalloc(total_vports * sizeof(struct mlx5_eswitch_rep),
1637 if (!esw->offloads.vport_reps) {
1642 mutex_init(&esw->state_lock);
1644 for (vport_num = 0; vport_num < total_vports; vport_num++) {
1645 struct mlx5_vport *vport = &esw->vports[vport_num];
1647 vport->vport = vport_num;
1649 INIT_WORK(&vport->vport_change_handler,
1650 esw_vport_change_handler);
1653 esw->total_vports = total_vports;
1654 esw->enabled_vports = 0;
1655 esw->mode = SRIOV_NONE;
1657 dev->priv.eswitch = esw;
1660 if (esw->work_queue)
1661 destroy_workqueue(esw->work_queue);
1662 kfree(esw->l2_table.bitmap);
1664 kfree(esw->offloads.vport_reps);
1669 void mlx5_eswitch_cleanup(struct mlx5_eswitch *esw)
1671 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1672 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1675 esw_info(esw->dev, "cleanup\n");
1677 esw->dev->priv.eswitch = NULL;
1678 destroy_workqueue(esw->work_queue);
1679 kfree(esw->l2_table.bitmap);
1680 kfree(esw->mc_promisc);
1681 kfree(esw->offloads.vport_reps);
1686 void mlx5_eswitch_vport_event(struct mlx5_eswitch *esw, struct mlx5_eqe *eqe)
1688 struct mlx5_eqe_vport_change *vc_eqe = &eqe->data.vport_change;
1689 u16 vport_num = be16_to_cpu(vc_eqe->vport_num);
1690 struct mlx5_vport *vport;
1693 pr_warn("MLX5 E-Switch: vport %d got an event while eswitch is not initialized\n",
1698 vport = &esw->vports[vport_num];
1700 queue_work(esw->work_queue, &vport->vport_change_handler);
1703 /* Vport Administration */
1704 #define ESW_ALLOWED(esw) \
1705 (esw && MLX5_CAP_GEN(esw->dev, vport_group_manager) && mlx5_core_is_pf(esw->dev))
1706 #define LEGAL_VPORT(esw, vport) (vport >= 0 && vport < esw->total_vports)
1708 static void node_guid_gen_from_mac(u64 *node_guid, u8 mac[ETH_ALEN])
1710 ((u8 *)node_guid)[7] = mac[0];
1711 ((u8 *)node_guid)[6] = mac[1];
1712 ((u8 *)node_guid)[5] = mac[2];
1713 ((u8 *)node_guid)[4] = 0xff;
1714 ((u8 *)node_guid)[3] = 0xfe;
1715 ((u8 *)node_guid)[2] = mac[3];
1716 ((u8 *)node_guid)[1] = mac[4];
1717 ((u8 *)node_guid)[0] = mac[5];
1720 int mlx5_eswitch_set_vport_mac(struct mlx5_eswitch *esw,
1721 int vport, u8 mac[ETH_ALEN])
1723 struct mlx5_vport *evport;
1727 if (!ESW_ALLOWED(esw))
1729 if (!LEGAL_VPORT(esw, vport))
1732 evport = &esw->vports[vport];
1734 if (evport->spoofchk && !is_valid_ether_addr(mac)) {
1735 mlx5_core_warn(esw->dev,
1736 "MAC invalidation is not allowed when spoofchk is on, vport(%d)\n",
1741 err = mlx5_modify_nic_vport_mac_address(esw->dev, vport, mac);
1743 mlx5_core_warn(esw->dev,
1744 "Failed to mlx5_modify_nic_vport_mac vport(%d) err=(%d)\n",
1749 node_guid_gen_from_mac(&node_guid, mac);
1750 err = mlx5_modify_nic_vport_node_guid(esw->dev, vport, node_guid);
1752 mlx5_core_warn(esw->dev,
1753 "Failed to set vport %d node guid, err = %d. RDMA_CM will not function properly for this VF.\n",
1756 mutex_lock(&esw->state_lock);
1757 if (evport->enabled && esw->mode == SRIOV_LEGACY)
1758 err = esw_vport_ingress_config(esw, evport);
1759 mutex_unlock(&esw->state_lock);
1763 int mlx5_eswitch_set_vport_state(struct mlx5_eswitch *esw,
1764 int vport, int link_state)
1766 if (!ESW_ALLOWED(esw))
1768 if (!LEGAL_VPORT(esw, vport))
1771 return mlx5_modify_vport_admin_state(esw->dev,
1772 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1776 int mlx5_eswitch_get_vport_config(struct mlx5_eswitch *esw,
1777 int vport, struct ifla_vf_info *ivi)
1779 struct mlx5_vport *evport;
1783 if (!ESW_ALLOWED(esw))
1785 if (!LEGAL_VPORT(esw, vport))
1788 evport = &esw->vports[vport];
1790 memset(ivi, 0, sizeof(*ivi));
1791 ivi->vf = vport - 1;
1793 mlx5_query_nic_vport_mac_address(esw->dev, vport, ivi->mac);
1794 ivi->linkstate = mlx5_query_vport_admin_state(esw->dev,
1795 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1797 query_esw_vport_cvlan(esw->dev, vport, &vlan, &qos);
1800 ivi->spoofchk = evport->spoofchk;
1805 int mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
1806 int vport, u16 vlan, u8 qos)
1808 struct mlx5_vport *evport;
1812 if (!ESW_ALLOWED(esw))
1814 if (!LEGAL_VPORT(esw, vport) || (vlan > 4095) || (qos > 7))
1820 evport = &esw->vports[vport];
1822 err = modify_esw_vport_cvlan(esw->dev, vport, vlan, qos, set);
1826 mutex_lock(&esw->state_lock);
1827 evport->vlan = vlan;
1829 if (evport->enabled && esw->mode == SRIOV_LEGACY) {
1830 err = esw_vport_ingress_config(esw, evport);
1833 err = esw_vport_egress_config(esw, evport);
1837 mutex_unlock(&esw->state_lock);
1841 int mlx5_eswitch_set_vport_spoofchk(struct mlx5_eswitch *esw,
1842 int vport, bool spoofchk)
1844 struct mlx5_vport *evport;
1848 if (!ESW_ALLOWED(esw))
1850 if (!LEGAL_VPORT(esw, vport))
1853 evport = &esw->vports[vport];
1855 mutex_lock(&esw->state_lock);
1856 pschk = evport->spoofchk;
1857 evport->spoofchk = spoofchk;
1858 if (evport->enabled && esw->mode == SRIOV_LEGACY) {
1859 err = esw_vport_ingress_config(esw, evport);
1861 evport->spoofchk = pschk;
1863 mutex_unlock(&esw->state_lock);
1868 int mlx5_eswitch_set_vport_trust(struct mlx5_eswitch *esw,
1869 int vport, bool setting)
1871 struct mlx5_vport *evport;
1873 if (!ESW_ALLOWED(esw))
1875 if (!LEGAL_VPORT(esw, vport))
1878 evport = &esw->vports[vport];
1880 mutex_lock(&esw->state_lock);
1881 evport->trusted = setting;
1882 if (evport->enabled)
1883 esw_vport_change_handle_locked(evport);
1884 mutex_unlock(&esw->state_lock);
1889 int mlx5_eswitch_get_vport_stats(struct mlx5_eswitch *esw,
1891 struct ifla_vf_stats *vf_stats)
1893 int outlen = MLX5_ST_SZ_BYTES(query_vport_counter_out);
1894 u32 in[MLX5_ST_SZ_DW(query_vport_counter_in)] = {0};
1898 if (!ESW_ALLOWED(esw))
1900 if (!LEGAL_VPORT(esw, vport))
1903 out = mlx5_vzalloc(outlen);
1907 MLX5_SET(query_vport_counter_in, in, opcode,
1908 MLX5_CMD_OP_QUERY_VPORT_COUNTER);
1909 MLX5_SET(query_vport_counter_in, in, op_mod, 0);
1910 MLX5_SET(query_vport_counter_in, in, vport_number, vport);
1912 MLX5_SET(query_vport_counter_in, in, other_vport, 1);
1914 memset(out, 0, outlen);
1915 err = mlx5_cmd_exec(esw->dev, in, sizeof(in), out, outlen);
1919 #define MLX5_GET_CTR(p, x) \
1920 MLX5_GET64(query_vport_counter_out, p, x)
1922 memset(vf_stats, 0, sizeof(*vf_stats));
1923 vf_stats->rx_packets =
1924 MLX5_GET_CTR(out, received_eth_unicast.packets) +
1925 MLX5_GET_CTR(out, received_eth_multicast.packets) +
1926 MLX5_GET_CTR(out, received_eth_broadcast.packets);
1928 vf_stats->rx_bytes =
1929 MLX5_GET_CTR(out, received_eth_unicast.octets) +
1930 MLX5_GET_CTR(out, received_eth_multicast.octets) +
1931 MLX5_GET_CTR(out, received_eth_broadcast.octets);
1933 vf_stats->tx_packets =
1934 MLX5_GET_CTR(out, transmitted_eth_unicast.packets) +
1935 MLX5_GET_CTR(out, transmitted_eth_multicast.packets) +
1936 MLX5_GET_CTR(out, transmitted_eth_broadcast.packets);
1938 vf_stats->tx_bytes =
1939 MLX5_GET_CTR(out, transmitted_eth_unicast.octets) +
1940 MLX5_GET_CTR(out, transmitted_eth_multicast.octets) +
1941 MLX5_GET_CTR(out, transmitted_eth_broadcast.octets);
1943 vf_stats->multicast =
1944 MLX5_GET_CTR(out, received_eth_multicast.packets);
1946 vf_stats->broadcast =
1947 MLX5_GET_CTR(out, received_eth_broadcast.packets);