2 * Copyright (c) 2015, Mellanox Technologies. All rights reserved.
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
33 #include <linux/etherdevice.h>
34 #include <linux/mlx5/driver.h>
35 #include <linux/mlx5/mlx5_ifc.h>
36 #include <linux/mlx5/vport.h>
37 #include <linux/mlx5/fs.h>
38 #include "mlx5_core.h"
41 #define UPLINK_VPORT 0xFFFF
49 /* E-Switch UC L2 table hash node */
51 struct l2addr_node node;
56 /* E-Switch MC FDB table hash node */
57 struct esw_mc_addr { /* SRIOV only */
58 struct l2addr_node node;
59 struct mlx5_flow_rule *uplink_rule; /* Forward to uplink rule */
63 /* Vport UC/MC hash node */
65 struct l2addr_node node;
68 struct mlx5_flow_rule *flow_rule; /* SRIOV only */
69 /* A flag indicating that mac was added due to mc promiscuous vport */
74 UC_ADDR_CHANGE = BIT(0),
75 MC_ADDR_CHANGE = BIT(1),
76 PROMISC_CHANGE = BIT(3),
79 /* Vport context events */
80 #define SRIOV_VPORT_EVENTS (UC_ADDR_CHANGE | \
84 static int arm_vport_context_events_cmd(struct mlx5_core_dev *dev, u16 vport,
87 int in[MLX5_ST_SZ_DW(modify_nic_vport_context_in)] = {0};
88 int out[MLX5_ST_SZ_DW(modify_nic_vport_context_out)] = {0};
91 MLX5_SET(modify_nic_vport_context_in, in,
92 opcode, MLX5_CMD_OP_MODIFY_NIC_VPORT_CONTEXT);
93 MLX5_SET(modify_nic_vport_context_in, in, field_select.change_event, 1);
94 MLX5_SET(modify_nic_vport_context_in, in, vport_number, vport);
96 MLX5_SET(modify_nic_vport_context_in, in, other_vport, 1);
97 nic_vport_ctx = MLX5_ADDR_OF(modify_nic_vport_context_in,
98 in, nic_vport_context);
100 MLX5_SET(nic_vport_context, nic_vport_ctx, arm_change_event, 1);
102 if (events_mask & UC_ADDR_CHANGE)
103 MLX5_SET(nic_vport_context, nic_vport_ctx,
104 event_on_uc_address_change, 1);
105 if (events_mask & MC_ADDR_CHANGE)
106 MLX5_SET(nic_vport_context, nic_vport_ctx,
107 event_on_mc_address_change, 1);
108 if (events_mask & PROMISC_CHANGE)
109 MLX5_SET(nic_vport_context, nic_vport_ctx,
110 event_on_promisc_change, 1);
112 return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out));
115 /* E-Switch vport context HW commands */
116 static int modify_esw_vport_context_cmd(struct mlx5_core_dev *dev, u16 vport,
119 u32 out[MLX5_ST_SZ_DW(modify_esw_vport_context_out)] = {0};
121 MLX5_SET(modify_esw_vport_context_in, in, opcode,
122 MLX5_CMD_OP_MODIFY_ESW_VPORT_CONTEXT);
123 MLX5_SET(modify_esw_vport_context_in, in, vport_number, vport);
125 MLX5_SET(modify_esw_vport_context_in, in, other_vport, 1);
126 return mlx5_cmd_exec(dev, in, inlen, out, sizeof(out));
129 static int modify_esw_vport_cvlan(struct mlx5_core_dev *dev, u32 vport,
130 u16 vlan, u8 qos, u8 set_flags)
132 u32 in[MLX5_ST_SZ_DW(modify_esw_vport_context_in)] = {0};
134 if (!MLX5_CAP_ESW(dev, vport_cvlan_strip) ||
135 !MLX5_CAP_ESW(dev, vport_cvlan_insert_if_not_exist))
138 esw_debug(dev, "Set Vport[%d] VLAN %d qos %d set=%x\n",
139 vport, vlan, qos, set_flags);
141 if (set_flags & SET_VLAN_STRIP)
142 MLX5_SET(modify_esw_vport_context_in, in,
143 esw_vport_context.vport_cvlan_strip, 1);
145 if (set_flags & SET_VLAN_INSERT) {
146 /* insert only if no vlan in packet */
147 MLX5_SET(modify_esw_vport_context_in, in,
148 esw_vport_context.vport_cvlan_insert, 1);
150 MLX5_SET(modify_esw_vport_context_in, in,
151 esw_vport_context.cvlan_pcp, qos);
152 MLX5_SET(modify_esw_vport_context_in, in,
153 esw_vport_context.cvlan_id, vlan);
156 MLX5_SET(modify_esw_vport_context_in, in,
157 field_select.vport_cvlan_strip, 1);
158 MLX5_SET(modify_esw_vport_context_in, in,
159 field_select.vport_cvlan_insert, 1);
161 return modify_esw_vport_context_cmd(dev, vport, in, sizeof(in));
164 /* HW L2 Table (MPFS) management */
165 static int set_l2_table_entry_cmd(struct mlx5_core_dev *dev, u32 index,
166 u8 *mac, u8 vlan_valid, u16 vlan)
168 u32 in[MLX5_ST_SZ_DW(set_l2_table_entry_in)] = {0};
169 u32 out[MLX5_ST_SZ_DW(set_l2_table_entry_out)] = {0};
172 MLX5_SET(set_l2_table_entry_in, in, opcode,
173 MLX5_CMD_OP_SET_L2_TABLE_ENTRY);
174 MLX5_SET(set_l2_table_entry_in, in, table_index, index);
175 MLX5_SET(set_l2_table_entry_in, in, vlan_valid, vlan_valid);
176 MLX5_SET(set_l2_table_entry_in, in, vlan, vlan);
178 in_mac_addr = MLX5_ADDR_OF(set_l2_table_entry_in, in, mac_address);
179 ether_addr_copy(&in_mac_addr[2], mac);
181 return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out));
184 static int del_l2_table_entry_cmd(struct mlx5_core_dev *dev, u32 index)
186 u32 in[MLX5_ST_SZ_DW(delete_l2_table_entry_in)] = {0};
187 u32 out[MLX5_ST_SZ_DW(delete_l2_table_entry_out)] = {0};
189 MLX5_SET(delete_l2_table_entry_in, in, opcode,
190 MLX5_CMD_OP_DELETE_L2_TABLE_ENTRY);
191 MLX5_SET(delete_l2_table_entry_in, in, table_index, index);
192 return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out));
195 static int alloc_l2_table_index(struct mlx5_l2_table *l2_table, u32 *ix)
199 *ix = find_first_zero_bit(l2_table->bitmap, l2_table->size);
200 if (*ix >= l2_table->size)
203 __set_bit(*ix, l2_table->bitmap);
208 static void free_l2_table_index(struct mlx5_l2_table *l2_table, u32 ix)
210 __clear_bit(ix, l2_table->bitmap);
213 static int set_l2_table_entry(struct mlx5_core_dev *dev, u8 *mac,
214 u8 vlan_valid, u16 vlan,
217 struct mlx5_l2_table *l2_table = &dev->priv.eswitch->l2_table;
220 err = alloc_l2_table_index(l2_table, index);
224 err = set_l2_table_entry_cmd(dev, *index, mac, vlan_valid, vlan);
226 free_l2_table_index(l2_table, *index);
231 static void del_l2_table_entry(struct mlx5_core_dev *dev, u32 index)
233 struct mlx5_l2_table *l2_table = &dev->priv.eswitch->l2_table;
235 del_l2_table_entry_cmd(dev, index);
236 free_l2_table_index(l2_table, index);
240 static struct mlx5_flow_rule *
241 __esw_fdb_set_vport_rule(struct mlx5_eswitch *esw, u32 vport, bool rx_rule,
242 u8 mac_c[ETH_ALEN], u8 mac_v[ETH_ALEN])
244 int match_header = (is_zero_ether_addr(mac_c) ? 0 :
245 MLX5_MATCH_OUTER_HEADERS);
246 struct mlx5_flow_rule *flow_rule = NULL;
247 struct mlx5_flow_destination dest;
248 struct mlx5_flow_spec *spec;
249 void *mv_misc = NULL;
250 void *mc_misc = NULL;
255 match_header |= MLX5_MATCH_MISC_PARAMETERS;
257 spec = mlx5_vzalloc(sizeof(*spec));
259 esw_warn(esw->dev, "FDB: Failed to alloc match parameters\n");
262 dmac_v = MLX5_ADDR_OF(fte_match_param, spec->match_value,
263 outer_headers.dmac_47_16);
264 dmac_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
265 outer_headers.dmac_47_16);
267 if (match_header & MLX5_MATCH_OUTER_HEADERS) {
268 ether_addr_copy(dmac_v, mac_v);
269 ether_addr_copy(dmac_c, mac_c);
272 if (match_header & MLX5_MATCH_MISC_PARAMETERS) {
273 mv_misc = MLX5_ADDR_OF(fte_match_param, spec->match_value,
275 mc_misc = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
277 MLX5_SET(fte_match_set_misc, mv_misc, source_port, UPLINK_VPORT);
278 MLX5_SET_TO_ONES(fte_match_set_misc, mc_misc, source_port);
281 dest.type = MLX5_FLOW_DESTINATION_TYPE_VPORT;
282 dest.vport_num = vport;
285 "\tFDB add rule dmac_v(%pM) dmac_c(%pM) -> vport(%d)\n",
286 dmac_v, dmac_c, vport);
287 spec->match_criteria_enable = match_header;
289 mlx5_add_flow_rule(esw->fdb_table.fdb, spec,
290 MLX5_FLOW_CONTEXT_ACTION_FWD_DEST,
292 if (IS_ERR(flow_rule)) {
294 "FDB: Failed to add flow rule: dmac_v(%pM) dmac_c(%pM) -> vport(%d), err(%ld)\n",
295 dmac_v, dmac_c, vport, PTR_ERR(flow_rule));
303 static struct mlx5_flow_rule *
304 esw_fdb_set_vport_rule(struct mlx5_eswitch *esw, u8 mac[ETH_ALEN], u32 vport)
308 eth_broadcast_addr(mac_c);
309 return __esw_fdb_set_vport_rule(esw, vport, false, mac_c, mac);
312 static struct mlx5_flow_rule *
313 esw_fdb_set_vport_allmulti_rule(struct mlx5_eswitch *esw, u32 vport)
318 eth_zero_addr(mac_c);
319 eth_zero_addr(mac_v);
322 return __esw_fdb_set_vport_rule(esw, vport, false, mac_c, mac_v);
325 static struct mlx5_flow_rule *
326 esw_fdb_set_vport_promisc_rule(struct mlx5_eswitch *esw, u32 vport)
331 eth_zero_addr(mac_c);
332 eth_zero_addr(mac_v);
333 return __esw_fdb_set_vport_rule(esw, vport, true, mac_c, mac_v);
336 static int esw_create_legacy_fdb_table(struct mlx5_eswitch *esw, int nvports)
338 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
339 struct mlx5_core_dev *dev = esw->dev;
340 struct mlx5_flow_namespace *root_ns;
341 struct mlx5_flow_table *fdb;
342 struct mlx5_flow_group *g;
343 void *match_criteria;
349 esw_debug(dev, "Create FDB log_max_size(%d)\n",
350 MLX5_CAP_ESW_FLOWTABLE_FDB(dev, log_max_ft_size));
352 root_ns = mlx5_get_flow_namespace(dev, MLX5_FLOW_NAMESPACE_FDB);
354 esw_warn(dev, "Failed to get FDB flow namespace\n");
358 flow_group_in = mlx5_vzalloc(inlen);
361 memset(flow_group_in, 0, inlen);
363 table_size = BIT(MLX5_CAP_ESW_FLOWTABLE_FDB(dev, log_max_ft_size));
364 fdb = mlx5_create_flow_table(root_ns, 0, table_size, 0);
367 esw_warn(dev, "Failed to create FDB Table err %d\n", err);
370 esw->fdb_table.fdb = fdb;
372 /* Addresses group : Full match unicast/multicast addresses */
373 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
374 MLX5_MATCH_OUTER_HEADERS);
375 match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
376 dmac = MLX5_ADDR_OF(fte_match_param, match_criteria, outer_headers.dmac_47_16);
377 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
378 /* Preserve 2 entries for allmulti and promisc rules*/
379 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, table_size - 3);
380 eth_broadcast_addr(dmac);
381 g = mlx5_create_flow_group(fdb, flow_group_in);
384 esw_warn(dev, "Failed to create flow group err(%d)\n", err);
387 esw->fdb_table.legacy.addr_grp = g;
389 /* Allmulti group : One rule that forwards any mcast traffic */
390 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
391 MLX5_MATCH_OUTER_HEADERS);
392 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, table_size - 2);
393 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, table_size - 2);
396 g = mlx5_create_flow_group(fdb, flow_group_in);
399 esw_warn(dev, "Failed to create allmulti flow group err(%d)\n", err);
402 esw->fdb_table.legacy.allmulti_grp = g;
404 /* Promiscuous group :
405 * One rule that forward all unmatched traffic from previous groups
408 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
409 MLX5_MATCH_MISC_PARAMETERS);
410 MLX5_SET_TO_ONES(fte_match_param, match_criteria, misc_parameters.source_port);
411 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, table_size - 1);
412 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, table_size - 1);
413 g = mlx5_create_flow_group(fdb, flow_group_in);
416 esw_warn(dev, "Failed to create promisc flow group err(%d)\n", err);
419 esw->fdb_table.legacy.promisc_grp = g;
423 if (!IS_ERR_OR_NULL(esw->fdb_table.legacy.allmulti_grp)) {
424 mlx5_destroy_flow_group(esw->fdb_table.legacy.allmulti_grp);
425 esw->fdb_table.legacy.allmulti_grp = NULL;
427 if (!IS_ERR_OR_NULL(esw->fdb_table.legacy.addr_grp)) {
428 mlx5_destroy_flow_group(esw->fdb_table.legacy.addr_grp);
429 esw->fdb_table.legacy.addr_grp = NULL;
431 if (!IS_ERR_OR_NULL(esw->fdb_table.fdb)) {
432 mlx5_destroy_flow_table(esw->fdb_table.fdb);
433 esw->fdb_table.fdb = NULL;
437 kvfree(flow_group_in);
441 static void esw_destroy_legacy_fdb_table(struct mlx5_eswitch *esw)
443 if (!esw->fdb_table.fdb)
446 esw_debug(esw->dev, "Destroy FDB Table\n");
447 mlx5_destroy_flow_group(esw->fdb_table.legacy.promisc_grp);
448 mlx5_destroy_flow_group(esw->fdb_table.legacy.allmulti_grp);
449 mlx5_destroy_flow_group(esw->fdb_table.legacy.addr_grp);
450 mlx5_destroy_flow_table(esw->fdb_table.fdb);
451 esw->fdb_table.fdb = NULL;
452 esw->fdb_table.legacy.addr_grp = NULL;
453 esw->fdb_table.legacy.allmulti_grp = NULL;
454 esw->fdb_table.legacy.promisc_grp = NULL;
457 /* E-Switch vport UC/MC lists management */
458 typedef int (*vport_addr_action)(struct mlx5_eswitch *esw,
459 struct vport_addr *vaddr);
461 static int esw_add_uc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
463 struct hlist_head *hash = esw->l2_table.l2_hash;
464 struct esw_uc_addr *esw_uc;
465 u8 *mac = vaddr->node.addr;
466 u32 vport = vaddr->vport;
469 esw_uc = l2addr_hash_find(hash, mac, struct esw_uc_addr);
472 "Failed to set L2 mac(%pM) for vport(%d), mac is already in use by vport(%d)\n",
473 mac, vport, esw_uc->vport);
477 esw_uc = l2addr_hash_add(hash, mac, struct esw_uc_addr, GFP_KERNEL);
480 esw_uc->vport = vport;
482 err = set_l2_table_entry(esw->dev, mac, 0, 0, &esw_uc->table_index);
486 /* SRIOV is enabled: Forward UC MAC to vport */
487 if (esw->fdb_table.fdb && esw->mode == SRIOV_LEGACY)
488 vaddr->flow_rule = esw_fdb_set_vport_rule(esw, mac, vport);
490 esw_debug(esw->dev, "\tADDED UC MAC: vport[%d] %pM index:%d fr(%p)\n",
491 vport, mac, esw_uc->table_index, vaddr->flow_rule);
494 l2addr_hash_del(esw_uc);
498 static int esw_del_uc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
500 struct hlist_head *hash = esw->l2_table.l2_hash;
501 struct esw_uc_addr *esw_uc;
502 u8 *mac = vaddr->node.addr;
503 u32 vport = vaddr->vport;
505 esw_uc = l2addr_hash_find(hash, mac, struct esw_uc_addr);
506 if (!esw_uc || esw_uc->vport != vport) {
508 "MAC(%pM) doesn't belong to vport (%d)\n",
512 esw_debug(esw->dev, "\tDELETE UC MAC: vport[%d] %pM index:%d fr(%p)\n",
513 vport, mac, esw_uc->table_index, vaddr->flow_rule);
515 del_l2_table_entry(esw->dev, esw_uc->table_index);
517 if (vaddr->flow_rule)
518 mlx5_del_flow_rule(vaddr->flow_rule);
519 vaddr->flow_rule = NULL;
521 l2addr_hash_del(esw_uc);
525 static void update_allmulti_vports(struct mlx5_eswitch *esw,
526 struct vport_addr *vaddr,
527 struct esw_mc_addr *esw_mc)
529 u8 *mac = vaddr->node.addr;
532 for (vport_idx = 0; vport_idx < esw->total_vports; vport_idx++) {
533 struct mlx5_vport *vport = &esw->vports[vport_idx];
534 struct hlist_head *vport_hash = vport->mc_list;
535 struct vport_addr *iter_vaddr =
536 l2addr_hash_find(vport_hash,
539 if (IS_ERR_OR_NULL(vport->allmulti_rule) ||
540 vaddr->vport == vport_idx)
542 switch (vaddr->action) {
543 case MLX5_ACTION_ADD:
546 iter_vaddr = l2addr_hash_add(vport_hash, mac,
551 "ALL-MULTI: Failed to add MAC(%pM) to vport[%d] DB\n",
555 iter_vaddr->vport = vport_idx;
556 iter_vaddr->flow_rule =
557 esw_fdb_set_vport_rule(esw,
560 iter_vaddr->mc_promisc = true;
562 case MLX5_ACTION_DEL:
565 mlx5_del_flow_rule(iter_vaddr->flow_rule);
566 l2addr_hash_del(iter_vaddr);
572 static int esw_add_mc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
574 struct hlist_head *hash = esw->mc_table;
575 struct esw_mc_addr *esw_mc;
576 u8 *mac = vaddr->node.addr;
577 u32 vport = vaddr->vport;
579 if (!esw->fdb_table.fdb)
582 esw_mc = l2addr_hash_find(hash, mac, struct esw_mc_addr);
586 esw_mc = l2addr_hash_add(hash, mac, struct esw_mc_addr, GFP_KERNEL);
590 esw_mc->uplink_rule = /* Forward MC MAC to Uplink */
591 esw_fdb_set_vport_rule(esw, mac, UPLINK_VPORT);
593 /* Add this multicast mac to all the mc promiscuous vports */
594 update_allmulti_vports(esw, vaddr, esw_mc);
597 /* If the multicast mac is added as a result of mc promiscuous vport,
598 * don't increment the multicast ref count
600 if (!vaddr->mc_promisc)
603 /* Forward MC MAC to vport */
604 vaddr->flow_rule = esw_fdb_set_vport_rule(esw, mac, vport);
606 "\tADDED MC MAC: vport[%d] %pM fr(%p) refcnt(%d) uplinkfr(%p)\n",
607 vport, mac, vaddr->flow_rule,
608 esw_mc->refcnt, esw_mc->uplink_rule);
612 static int esw_del_mc_addr(struct mlx5_eswitch *esw, struct vport_addr *vaddr)
614 struct hlist_head *hash = esw->mc_table;
615 struct esw_mc_addr *esw_mc;
616 u8 *mac = vaddr->node.addr;
617 u32 vport = vaddr->vport;
619 if (!esw->fdb_table.fdb)
622 esw_mc = l2addr_hash_find(hash, mac, struct esw_mc_addr);
625 "Failed to find eswitch MC addr for MAC(%pM) vport(%d)",
630 "\tDELETE MC MAC: vport[%d] %pM fr(%p) refcnt(%d) uplinkfr(%p)\n",
631 vport, mac, vaddr->flow_rule, esw_mc->refcnt,
632 esw_mc->uplink_rule);
634 if (vaddr->flow_rule)
635 mlx5_del_flow_rule(vaddr->flow_rule);
636 vaddr->flow_rule = NULL;
638 /* If the multicast mac is added as a result of mc promiscuous vport,
639 * don't decrement the multicast ref count.
641 if (vaddr->mc_promisc || (--esw_mc->refcnt > 0))
644 /* Remove this multicast mac from all the mc promiscuous vports */
645 update_allmulti_vports(esw, vaddr, esw_mc);
647 if (esw_mc->uplink_rule)
648 mlx5_del_flow_rule(esw_mc->uplink_rule);
650 l2addr_hash_del(esw_mc);
654 /* Apply vport UC/MC list to HW l2 table and FDB table */
655 static void esw_apply_vport_addr_list(struct mlx5_eswitch *esw,
656 u32 vport_num, int list_type)
658 struct mlx5_vport *vport = &esw->vports[vport_num];
659 bool is_uc = list_type == MLX5_NVPRT_LIST_TYPE_UC;
660 vport_addr_action vport_addr_add;
661 vport_addr_action vport_addr_del;
662 struct vport_addr *addr;
663 struct l2addr_node *node;
664 struct hlist_head *hash;
665 struct hlist_node *tmp;
668 vport_addr_add = is_uc ? esw_add_uc_addr :
670 vport_addr_del = is_uc ? esw_del_uc_addr :
673 hash = is_uc ? vport->uc_list : vport->mc_list;
674 for_each_l2hash_node(node, tmp, hash, hi) {
675 addr = container_of(node, struct vport_addr, node);
676 switch (addr->action) {
677 case MLX5_ACTION_ADD:
678 vport_addr_add(esw, addr);
679 addr->action = MLX5_ACTION_NONE;
681 case MLX5_ACTION_DEL:
682 vport_addr_del(esw, addr);
683 l2addr_hash_del(addr);
689 /* Sync vport UC/MC list from vport context */
690 static void esw_update_vport_addr_list(struct mlx5_eswitch *esw,
691 u32 vport_num, int list_type)
693 struct mlx5_vport *vport = &esw->vports[vport_num];
694 bool is_uc = list_type == MLX5_NVPRT_LIST_TYPE_UC;
695 u8 (*mac_list)[ETH_ALEN];
696 struct l2addr_node *node;
697 struct vport_addr *addr;
698 struct hlist_head *hash;
699 struct hlist_node *tmp;
705 size = is_uc ? MLX5_MAX_UC_PER_VPORT(esw->dev) :
706 MLX5_MAX_MC_PER_VPORT(esw->dev);
708 mac_list = kcalloc(size, ETH_ALEN, GFP_KERNEL);
712 hash = is_uc ? vport->uc_list : vport->mc_list;
714 for_each_l2hash_node(node, tmp, hash, hi) {
715 addr = container_of(node, struct vport_addr, node);
716 addr->action = MLX5_ACTION_DEL;
722 err = mlx5_query_nic_vport_mac_list(esw->dev, vport_num, list_type,
726 esw_debug(esw->dev, "vport[%d] context update %s list size (%d)\n",
727 vport_num, is_uc ? "UC" : "MC", size);
729 for (i = 0; i < size; i++) {
730 if (is_uc && !is_valid_ether_addr(mac_list[i]))
733 if (!is_uc && !is_multicast_ether_addr(mac_list[i]))
736 addr = l2addr_hash_find(hash, mac_list[i], struct vport_addr);
738 addr->action = MLX5_ACTION_NONE;
739 /* If this mac was previously added because of allmulti
740 * promiscuous rx mode, its now converted to be original
743 if (addr->mc_promisc) {
744 struct esw_mc_addr *esw_mc =
745 l2addr_hash_find(esw->mc_table,
750 "Failed to MAC(%pM) in mcast DB\n",
755 addr->mc_promisc = false;
760 addr = l2addr_hash_add(hash, mac_list[i], struct vport_addr,
764 "Failed to add MAC(%pM) to vport[%d] DB\n",
765 mac_list[i], vport_num);
768 addr->vport = vport_num;
769 addr->action = MLX5_ACTION_ADD;
775 /* Sync vport UC/MC list from vport context
776 * Must be called after esw_update_vport_addr_list
778 static void esw_update_vport_mc_promisc(struct mlx5_eswitch *esw, u32 vport_num)
780 struct mlx5_vport *vport = &esw->vports[vport_num];
781 struct l2addr_node *node;
782 struct vport_addr *addr;
783 struct hlist_head *hash;
784 struct hlist_node *tmp;
787 hash = vport->mc_list;
789 for_each_l2hash_node(node, tmp, esw->mc_table, hi) {
790 u8 *mac = node->addr;
792 addr = l2addr_hash_find(hash, mac, struct vport_addr);
794 if (addr->action == MLX5_ACTION_DEL)
795 addr->action = MLX5_ACTION_NONE;
798 addr = l2addr_hash_add(hash, mac, struct vport_addr,
802 "Failed to add allmulti MAC(%pM) to vport[%d] DB\n",
806 addr->vport = vport_num;
807 addr->action = MLX5_ACTION_ADD;
808 addr->mc_promisc = true;
812 /* Apply vport rx mode to HW FDB table */
813 static void esw_apply_vport_rx_mode(struct mlx5_eswitch *esw, u32 vport_num,
814 bool promisc, bool mc_promisc)
816 struct esw_mc_addr *allmulti_addr = esw->mc_promisc;
817 struct mlx5_vport *vport = &esw->vports[vport_num];
819 if (IS_ERR_OR_NULL(vport->allmulti_rule) != mc_promisc)
823 vport->allmulti_rule =
824 esw_fdb_set_vport_allmulti_rule(esw, vport_num);
825 if (!allmulti_addr->uplink_rule)
826 allmulti_addr->uplink_rule =
827 esw_fdb_set_vport_allmulti_rule(esw,
829 allmulti_addr->refcnt++;
830 } else if (vport->allmulti_rule) {
831 mlx5_del_flow_rule(vport->allmulti_rule);
832 vport->allmulti_rule = NULL;
834 if (--allmulti_addr->refcnt > 0)
837 if (allmulti_addr->uplink_rule)
838 mlx5_del_flow_rule(allmulti_addr->uplink_rule);
839 allmulti_addr->uplink_rule = NULL;
843 if (IS_ERR_OR_NULL(vport->promisc_rule) != promisc)
847 vport->promisc_rule = esw_fdb_set_vport_promisc_rule(esw,
849 } else if (vport->promisc_rule) {
850 mlx5_del_flow_rule(vport->promisc_rule);
851 vport->promisc_rule = NULL;
855 /* Sync vport rx mode from vport context */
856 static void esw_update_vport_rx_mode(struct mlx5_eswitch *esw, u32 vport_num)
858 struct mlx5_vport *vport = &esw->vports[vport_num];
864 err = mlx5_query_nic_vport_promisc(esw->dev,
871 esw_debug(esw->dev, "vport[%d] context update rx mode promisc_all=%d, all_multi=%d\n",
872 vport_num, promisc_all, promisc_mc);
874 if (!vport->info.trusted || !vport->enabled) {
880 esw_apply_vport_rx_mode(esw, vport_num, promisc_all,
881 (promisc_all || promisc_mc));
884 static void esw_vport_change_handle_locked(struct mlx5_vport *vport)
886 struct mlx5_core_dev *dev = vport->dev;
887 struct mlx5_eswitch *esw = dev->priv.eswitch;
890 mlx5_query_nic_vport_mac_address(dev, vport->vport, mac);
891 esw_debug(dev, "vport[%d] Context Changed: perm mac: %pM\n",
894 if (vport->enabled_events & UC_ADDR_CHANGE) {
895 esw_update_vport_addr_list(esw, vport->vport,
896 MLX5_NVPRT_LIST_TYPE_UC);
897 esw_apply_vport_addr_list(esw, vport->vport,
898 MLX5_NVPRT_LIST_TYPE_UC);
901 if (vport->enabled_events & MC_ADDR_CHANGE) {
902 esw_update_vport_addr_list(esw, vport->vport,
903 MLX5_NVPRT_LIST_TYPE_MC);
906 if (vport->enabled_events & PROMISC_CHANGE) {
907 esw_update_vport_rx_mode(esw, vport->vport);
908 if (!IS_ERR_OR_NULL(vport->allmulti_rule))
909 esw_update_vport_mc_promisc(esw, vport->vport);
912 if (vport->enabled_events & (PROMISC_CHANGE | MC_ADDR_CHANGE)) {
913 esw_apply_vport_addr_list(esw, vport->vport,
914 MLX5_NVPRT_LIST_TYPE_MC);
917 esw_debug(esw->dev, "vport[%d] Context Changed: Done\n", vport->vport);
919 arm_vport_context_events_cmd(dev, vport->vport,
920 vport->enabled_events);
923 static void esw_vport_change_handler(struct work_struct *work)
925 struct mlx5_vport *vport =
926 container_of(work, struct mlx5_vport, vport_change_handler);
927 struct mlx5_eswitch *esw = vport->dev->priv.eswitch;
929 mutex_lock(&esw->state_lock);
930 esw_vport_change_handle_locked(vport);
931 mutex_unlock(&esw->state_lock);
934 static int esw_vport_enable_egress_acl(struct mlx5_eswitch *esw,
935 struct mlx5_vport *vport)
937 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
938 struct mlx5_flow_group *vlan_grp = NULL;
939 struct mlx5_flow_group *drop_grp = NULL;
940 struct mlx5_core_dev *dev = esw->dev;
941 struct mlx5_flow_namespace *root_ns;
942 struct mlx5_flow_table *acl;
943 void *match_criteria;
945 /* The egress acl table contains 2 rules:
946 * 1)Allow traffic with vlan_tag=vst_vlan_id
947 * 2)Drop all other traffic.
952 if (!MLX5_CAP_ESW_EGRESS_ACL(dev, ft_support))
955 if (!IS_ERR_OR_NULL(vport->egress.acl))
958 esw_debug(dev, "Create vport[%d] egress ACL log_max_size(%d)\n",
959 vport->vport, MLX5_CAP_ESW_EGRESS_ACL(dev, log_max_ft_size));
961 root_ns = mlx5_get_flow_namespace(dev, MLX5_FLOW_NAMESPACE_ESW_EGRESS);
963 esw_warn(dev, "Failed to get E-Switch egress flow namespace\n");
967 flow_group_in = mlx5_vzalloc(inlen);
971 acl = mlx5_create_vport_flow_table(root_ns, 0, table_size, 0, vport->vport);
974 esw_warn(dev, "Failed to create E-Switch vport[%d] egress flow Table, err(%d)\n",
979 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
980 match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
981 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.vlan_tag);
982 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.first_vid);
983 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
984 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
986 vlan_grp = mlx5_create_flow_group(acl, flow_group_in);
987 if (IS_ERR(vlan_grp)) {
988 err = PTR_ERR(vlan_grp);
989 esw_warn(dev, "Failed to create E-Switch vport[%d] egress allowed vlans flow group, err(%d)\n",
994 memset(flow_group_in, 0, inlen);
995 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
996 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
997 drop_grp = mlx5_create_flow_group(acl, flow_group_in);
998 if (IS_ERR(drop_grp)) {
999 err = PTR_ERR(drop_grp);
1000 esw_warn(dev, "Failed to create E-Switch vport[%d] egress drop flow group, err(%d)\n",
1005 vport->egress.acl = acl;
1006 vport->egress.drop_grp = drop_grp;
1007 vport->egress.allowed_vlans_grp = vlan_grp;
1009 kvfree(flow_group_in);
1010 if (err && !IS_ERR_OR_NULL(vlan_grp))
1011 mlx5_destroy_flow_group(vlan_grp);
1012 if (err && !IS_ERR_OR_NULL(acl))
1013 mlx5_destroy_flow_table(acl);
1017 static void esw_vport_cleanup_egress_rules(struct mlx5_eswitch *esw,
1018 struct mlx5_vport *vport)
1020 if (!IS_ERR_OR_NULL(vport->egress.allowed_vlan))
1021 mlx5_del_flow_rule(vport->egress.allowed_vlan);
1023 if (!IS_ERR_OR_NULL(vport->egress.drop_rule))
1024 mlx5_del_flow_rule(vport->egress.drop_rule);
1026 vport->egress.allowed_vlan = NULL;
1027 vport->egress.drop_rule = NULL;
1030 static void esw_vport_disable_egress_acl(struct mlx5_eswitch *esw,
1031 struct mlx5_vport *vport)
1033 if (IS_ERR_OR_NULL(vport->egress.acl))
1036 esw_debug(esw->dev, "Destroy vport[%d] E-Switch egress ACL\n", vport->vport);
1038 esw_vport_cleanup_egress_rules(esw, vport);
1039 mlx5_destroy_flow_group(vport->egress.allowed_vlans_grp);
1040 mlx5_destroy_flow_group(vport->egress.drop_grp);
1041 mlx5_destroy_flow_table(vport->egress.acl);
1042 vport->egress.allowed_vlans_grp = NULL;
1043 vport->egress.drop_grp = NULL;
1044 vport->egress.acl = NULL;
1047 static int esw_vport_enable_ingress_acl(struct mlx5_eswitch *esw,
1048 struct mlx5_vport *vport)
1050 int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
1051 struct mlx5_core_dev *dev = esw->dev;
1052 struct mlx5_flow_namespace *root_ns;
1053 struct mlx5_flow_table *acl;
1054 struct mlx5_flow_group *g;
1055 void *match_criteria;
1057 /* The ingress acl table contains 4 groups
1058 * (2 active rules at the same time -
1059 * 1 allow rule from one of the first 3 groups.
1060 * 1 drop rule from the last group):
1061 * 1)Allow untagged traffic with smac=original mac.
1062 * 2)Allow untagged traffic.
1063 * 3)Allow traffic with smac=original mac.
1064 * 4)Drop all other traffic.
1069 if (!MLX5_CAP_ESW_INGRESS_ACL(dev, ft_support))
1072 if (!IS_ERR_OR_NULL(vport->ingress.acl))
1075 esw_debug(dev, "Create vport[%d] ingress ACL log_max_size(%d)\n",
1076 vport->vport, MLX5_CAP_ESW_INGRESS_ACL(dev, log_max_ft_size));
1078 root_ns = mlx5_get_flow_namespace(dev, MLX5_FLOW_NAMESPACE_ESW_INGRESS);
1080 esw_warn(dev, "Failed to get E-Switch ingress flow namespace\n");
1084 flow_group_in = mlx5_vzalloc(inlen);
1088 acl = mlx5_create_vport_flow_table(root_ns, 0, table_size, 0, vport->vport);
1091 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress flow Table, err(%d)\n",
1095 vport->ingress.acl = acl;
1097 match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
1099 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1100 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.vlan_tag);
1101 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
1102 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
1103 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
1104 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
1106 g = mlx5_create_flow_group(acl, flow_group_in);
1109 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress untagged spoofchk flow group, err(%d)\n",
1113 vport->ingress.allow_untagged_spoofchk_grp = g;
1115 memset(flow_group_in, 0, inlen);
1116 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1117 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.vlan_tag);
1118 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
1119 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
1121 g = mlx5_create_flow_group(acl, flow_group_in);
1124 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress untagged flow group, err(%d)\n",
1128 vport->ingress.allow_untagged_only_grp = g;
1130 memset(flow_group_in, 0, inlen);
1131 MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
1132 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
1133 MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
1134 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 2);
1135 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 2);
1137 g = mlx5_create_flow_group(acl, flow_group_in);
1140 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress spoofchk flow group, err(%d)\n",
1144 vport->ingress.allow_spoofchk_only_grp = g;
1146 memset(flow_group_in, 0, inlen);
1147 MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 3);
1148 MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 3);
1150 g = mlx5_create_flow_group(acl, flow_group_in);
1153 esw_warn(dev, "Failed to create E-Switch vport[%d] ingress drop flow group, err(%d)\n",
1157 vport->ingress.drop_grp = g;
1161 if (!IS_ERR_OR_NULL(vport->ingress.allow_spoofchk_only_grp))
1162 mlx5_destroy_flow_group(
1163 vport->ingress.allow_spoofchk_only_grp);
1164 if (!IS_ERR_OR_NULL(vport->ingress.allow_untagged_only_grp))
1165 mlx5_destroy_flow_group(
1166 vport->ingress.allow_untagged_only_grp);
1167 if (!IS_ERR_OR_NULL(vport->ingress.allow_untagged_spoofchk_grp))
1168 mlx5_destroy_flow_group(
1169 vport->ingress.allow_untagged_spoofchk_grp);
1170 if (!IS_ERR_OR_NULL(vport->ingress.acl))
1171 mlx5_destroy_flow_table(vport->ingress.acl);
1174 kvfree(flow_group_in);
1178 static void esw_vport_cleanup_ingress_rules(struct mlx5_eswitch *esw,
1179 struct mlx5_vport *vport)
1181 if (!IS_ERR_OR_NULL(vport->ingress.drop_rule))
1182 mlx5_del_flow_rule(vport->ingress.drop_rule);
1184 if (!IS_ERR_OR_NULL(vport->ingress.allow_rule))
1185 mlx5_del_flow_rule(vport->ingress.allow_rule);
1187 vport->ingress.drop_rule = NULL;
1188 vport->ingress.allow_rule = NULL;
1191 static void esw_vport_disable_ingress_acl(struct mlx5_eswitch *esw,
1192 struct mlx5_vport *vport)
1194 if (IS_ERR_OR_NULL(vport->ingress.acl))
1197 esw_debug(esw->dev, "Destroy vport[%d] E-Switch ingress ACL\n", vport->vport);
1199 esw_vport_cleanup_ingress_rules(esw, vport);
1200 mlx5_destroy_flow_group(vport->ingress.allow_spoofchk_only_grp);
1201 mlx5_destroy_flow_group(vport->ingress.allow_untagged_only_grp);
1202 mlx5_destroy_flow_group(vport->ingress.allow_untagged_spoofchk_grp);
1203 mlx5_destroy_flow_group(vport->ingress.drop_grp);
1204 mlx5_destroy_flow_table(vport->ingress.acl);
1205 vport->ingress.acl = NULL;
1206 vport->ingress.drop_grp = NULL;
1207 vport->ingress.allow_spoofchk_only_grp = NULL;
1208 vport->ingress.allow_untagged_only_grp = NULL;
1209 vport->ingress.allow_untagged_spoofchk_grp = NULL;
1212 static int esw_vport_ingress_config(struct mlx5_eswitch *esw,
1213 struct mlx5_vport *vport)
1215 struct mlx5_flow_spec *spec;
1219 if (vport->info.spoofchk && !is_valid_ether_addr(vport->info.mac)) {
1220 mlx5_core_warn(esw->dev,
1221 "vport[%d] configure ingress rules failed, illegal mac with spoofchk\n",
1227 esw_vport_cleanup_ingress_rules(esw, vport);
1229 if (!vport->info.vlan && !vport->info.qos && !vport->info.spoofchk) {
1230 esw_vport_disable_ingress_acl(esw, vport);
1234 err = esw_vport_enable_ingress_acl(esw, vport);
1236 mlx5_core_warn(esw->dev,
1237 "failed to enable ingress acl (%d) on vport[%d]\n",
1243 "vport[%d] configure ingress rules, vlan(%d) qos(%d)\n",
1244 vport->vport, vport->info.vlan, vport->info.qos);
1246 spec = mlx5_vzalloc(sizeof(*spec));
1249 esw_warn(esw->dev, "vport[%d] configure ingress rules failed, err(%d)\n",
1254 if (vport->info.vlan || vport->info.qos)
1255 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.vlan_tag);
1257 if (vport->info.spoofchk) {
1258 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.smac_47_16);
1259 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.smac_15_0);
1260 smac_v = MLX5_ADDR_OF(fte_match_param,
1262 outer_headers.smac_47_16);
1263 ether_addr_copy(smac_v, vport->info.mac);
1266 spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
1267 vport->ingress.allow_rule =
1268 mlx5_add_flow_rule(vport->ingress.acl, spec,
1269 MLX5_FLOW_CONTEXT_ACTION_ALLOW,
1271 if (IS_ERR(vport->ingress.allow_rule)) {
1272 err = PTR_ERR(vport->ingress.allow_rule);
1274 "vport[%d] configure ingress allow rule, err(%d)\n",
1276 vport->ingress.allow_rule = NULL;
1280 memset(spec, 0, sizeof(*spec));
1281 vport->ingress.drop_rule =
1282 mlx5_add_flow_rule(vport->ingress.acl, spec,
1283 MLX5_FLOW_CONTEXT_ACTION_DROP,
1285 if (IS_ERR(vport->ingress.drop_rule)) {
1286 err = PTR_ERR(vport->ingress.drop_rule);
1288 "vport[%d] configure ingress drop rule, err(%d)\n",
1290 vport->ingress.drop_rule = NULL;
1296 esw_vport_cleanup_ingress_rules(esw, vport);
1301 static int esw_vport_egress_config(struct mlx5_eswitch *esw,
1302 struct mlx5_vport *vport)
1304 struct mlx5_flow_spec *spec;
1307 esw_vport_cleanup_egress_rules(esw, vport);
1309 if (!vport->info.vlan && !vport->info.qos) {
1310 esw_vport_disable_egress_acl(esw, vport);
1314 err = esw_vport_enable_egress_acl(esw, vport);
1316 mlx5_core_warn(esw->dev,
1317 "failed to enable egress acl (%d) on vport[%d]\n",
1323 "vport[%d] configure egress rules, vlan(%d) qos(%d)\n",
1324 vport->vport, vport->info.vlan, vport->info.qos);
1326 spec = mlx5_vzalloc(sizeof(*spec));
1329 esw_warn(esw->dev, "vport[%d] configure egress rules failed, err(%d)\n",
1334 /* Allowed vlan rule */
1335 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.vlan_tag);
1336 MLX5_SET_TO_ONES(fte_match_param, spec->match_value, outer_headers.vlan_tag);
1337 MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.first_vid);
1338 MLX5_SET(fte_match_param, spec->match_value, outer_headers.first_vid, vport->info.vlan);
1340 spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
1341 vport->egress.allowed_vlan =
1342 mlx5_add_flow_rule(vport->egress.acl, spec,
1343 MLX5_FLOW_CONTEXT_ACTION_ALLOW,
1345 if (IS_ERR(vport->egress.allowed_vlan)) {
1346 err = PTR_ERR(vport->egress.allowed_vlan);
1348 "vport[%d] configure egress allowed vlan rule failed, err(%d)\n",
1350 vport->egress.allowed_vlan = NULL;
1354 /* Drop others rule (star rule) */
1355 memset(spec, 0, sizeof(*spec));
1356 vport->egress.drop_rule =
1357 mlx5_add_flow_rule(vport->egress.acl, spec,
1358 MLX5_FLOW_CONTEXT_ACTION_DROP,
1360 if (IS_ERR(vport->egress.drop_rule)) {
1361 err = PTR_ERR(vport->egress.drop_rule);
1363 "vport[%d] configure egress drop rule failed, err(%d)\n",
1365 vport->egress.drop_rule = NULL;
1372 static void node_guid_gen_from_mac(u64 *node_guid, u8 mac[ETH_ALEN])
1374 ((u8 *)node_guid)[7] = mac[0];
1375 ((u8 *)node_guid)[6] = mac[1];
1376 ((u8 *)node_guid)[5] = mac[2];
1377 ((u8 *)node_guid)[4] = 0xff;
1378 ((u8 *)node_guid)[3] = 0xfe;
1379 ((u8 *)node_guid)[2] = mac[3];
1380 ((u8 *)node_guid)[1] = mac[4];
1381 ((u8 *)node_guid)[0] = mac[5];
1384 static void esw_apply_vport_conf(struct mlx5_eswitch *esw,
1385 struct mlx5_vport *vport)
1387 int vport_num = vport->vport;
1392 mlx5_modify_vport_admin_state(esw->dev,
1393 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1395 vport->info.link_state);
1396 mlx5_modify_nic_vport_mac_address(esw->dev, vport_num, vport->info.mac);
1397 mlx5_modify_nic_vport_node_guid(esw->dev, vport_num, vport->info.node_guid);
1398 modify_esw_vport_cvlan(esw->dev, vport_num, vport->info.vlan, vport->info.qos,
1399 (vport->info.vlan || vport->info.qos));
1401 /* Only legacy mode needs ACLs */
1402 if (esw->mode == SRIOV_LEGACY) {
1403 esw_vport_ingress_config(esw, vport);
1404 esw_vport_egress_config(esw, vport);
1407 static void esw_enable_vport(struct mlx5_eswitch *esw, int vport_num,
1410 struct mlx5_vport *vport = &esw->vports[vport_num];
1412 mutex_lock(&esw->state_lock);
1413 WARN_ON(vport->enabled);
1415 esw_debug(esw->dev, "Enabling VPORT(%d)\n", vport_num);
1417 /* Restore old vport configuration */
1418 esw_apply_vport_conf(esw, vport);
1420 /* Sync with current vport context */
1421 vport->enabled_events = enable_events;
1422 vport->enabled = true;
1424 /* only PF is trusted by default */
1426 vport->info.trusted = true;
1428 esw_vport_change_handle_locked(vport);
1430 esw->enabled_vports++;
1431 esw_debug(esw->dev, "Enabled VPORT(%d)\n", vport_num);
1432 mutex_unlock(&esw->state_lock);
1435 static void esw_disable_vport(struct mlx5_eswitch *esw, int vport_num)
1437 struct mlx5_vport *vport = &esw->vports[vport_num];
1439 if (!vport->enabled)
1442 esw_debug(esw->dev, "Disabling vport(%d)\n", vport_num);
1443 /* Mark this vport as disabled to discard new events */
1444 vport->enabled = false;
1446 synchronize_irq(mlx5_get_msix_vec(esw->dev, MLX5_EQ_VEC_ASYNC));
1447 /* Wait for current already scheduled events to complete */
1448 flush_workqueue(esw->work_queue);
1449 /* Disable events from this vport */
1450 arm_vport_context_events_cmd(esw->dev, vport->vport, 0);
1451 mutex_lock(&esw->state_lock);
1452 /* We don't assume VFs will cleanup after themselves.
1453 * Calling vport change handler while vport is disabled will cleanup
1454 * the vport resources.
1456 esw_vport_change_handle_locked(vport);
1457 vport->enabled_events = 0;
1459 if (vport_num && esw->mode == SRIOV_LEGACY) {
1460 mlx5_modify_vport_admin_state(esw->dev,
1461 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1463 MLX5_ESW_VPORT_ADMIN_STATE_DOWN);
1464 esw_vport_disable_egress_acl(esw, vport);
1465 esw_vport_disable_ingress_acl(esw, vport);
1467 esw->enabled_vports--;
1468 mutex_unlock(&esw->state_lock);
1471 /* Public E-Switch API */
1472 int mlx5_eswitch_enable_sriov(struct mlx5_eswitch *esw, int nvfs, int mode)
1475 int i, enabled_events;
1477 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1478 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1481 if (!MLX5_CAP_GEN(esw->dev, eswitch_flow_table) ||
1482 !MLX5_CAP_ESW_FLOWTABLE_FDB(esw->dev, ft_support)) {
1483 esw_warn(esw->dev, "E-Switch FDB is not supported, aborting ...\n");
1487 if (!MLX5_CAP_ESW_INGRESS_ACL(esw->dev, ft_support))
1488 esw_warn(esw->dev, "E-Switch ingress ACL is not supported by FW\n");
1490 if (!MLX5_CAP_ESW_EGRESS_ACL(esw->dev, ft_support))
1491 esw_warn(esw->dev, "E-Switch engress ACL is not supported by FW\n");
1493 esw_info(esw->dev, "E-Switch enable SRIOV: nvfs(%d) mode (%d)\n", nvfs, mode);
1495 esw_disable_vport(esw, 0);
1497 if (mode == SRIOV_LEGACY)
1498 err = esw_create_legacy_fdb_table(esw, nvfs + 1);
1500 err = esw_offloads_init(esw, nvfs + 1);
1504 enabled_events = (mode == SRIOV_LEGACY) ? SRIOV_VPORT_EVENTS : UC_ADDR_CHANGE;
1505 for (i = 0; i <= nvfs; i++)
1506 esw_enable_vport(esw, i, enabled_events);
1508 esw_info(esw->dev, "SRIOV enabled: active vports(%d)\n",
1509 esw->enabled_vports);
1513 esw_enable_vport(esw, 0, UC_ADDR_CHANGE);
1514 esw->mode = SRIOV_NONE;
1518 void mlx5_eswitch_disable_sriov(struct mlx5_eswitch *esw)
1520 struct esw_mc_addr *mc_promisc;
1524 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1525 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1528 esw_info(esw->dev, "disable SRIOV: active vports(%d) mode(%d)\n",
1529 esw->enabled_vports, esw->mode);
1531 mc_promisc = esw->mc_promisc;
1532 nvports = esw->enabled_vports;
1534 for (i = 0; i < esw->total_vports; i++)
1535 esw_disable_vport(esw, i);
1537 if (mc_promisc && mc_promisc->uplink_rule)
1538 mlx5_del_flow_rule(mc_promisc->uplink_rule);
1540 if (esw->mode == SRIOV_LEGACY)
1541 esw_destroy_legacy_fdb_table(esw);
1542 else if (esw->mode == SRIOV_OFFLOADS)
1543 esw_offloads_cleanup(esw, nvports);
1545 esw->mode = SRIOV_NONE;
1546 /* VPORT 0 (PF) must be enabled back with non-sriov configuration */
1547 esw_enable_vport(esw, 0, UC_ADDR_CHANGE);
1550 void mlx5_eswitch_attach(struct mlx5_eswitch *esw)
1552 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1553 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1556 esw_enable_vport(esw, 0, UC_ADDR_CHANGE);
1557 /* VF Vports will be enabled when SRIOV is enabled */
1560 void mlx5_eswitch_detach(struct mlx5_eswitch *esw)
1562 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1563 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1566 esw_disable_vport(esw, 0);
1569 int mlx5_eswitch_init(struct mlx5_core_dev *dev)
1571 int l2_table_size = 1 << MLX5_CAP_GEN(dev, log_max_l2_table);
1572 int total_vports = MLX5_TOTAL_VPORTS(dev);
1573 struct esw_mc_addr *mc_promisc;
1574 struct mlx5_eswitch *esw;
1578 if (!MLX5_CAP_GEN(dev, vport_group_manager) ||
1579 MLX5_CAP_GEN(dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1583 "Total vports %d, l2 table size(%d), per vport: max uc(%d) max mc(%d)\n",
1584 total_vports, l2_table_size,
1585 MLX5_MAX_UC_PER_VPORT(dev),
1586 MLX5_MAX_MC_PER_VPORT(dev));
1588 esw = kzalloc(sizeof(*esw), GFP_KERNEL);
1594 esw->l2_table.bitmap = kcalloc(BITS_TO_LONGS(l2_table_size),
1595 sizeof(uintptr_t), GFP_KERNEL);
1596 if (!esw->l2_table.bitmap) {
1600 esw->l2_table.size = l2_table_size;
1602 mc_promisc = kzalloc(sizeof(*mc_promisc), GFP_KERNEL);
1607 esw->mc_promisc = mc_promisc;
1609 esw->work_queue = create_singlethread_workqueue("mlx5_esw_wq");
1610 if (!esw->work_queue) {
1615 esw->vports = kcalloc(total_vports, sizeof(struct mlx5_vport),
1622 esw->offloads.vport_reps =
1623 kzalloc(total_vports * sizeof(struct mlx5_eswitch_rep),
1625 if (!esw->offloads.vport_reps) {
1630 mutex_init(&esw->state_lock);
1632 for (vport_num = 0; vport_num < total_vports; vport_num++) {
1633 struct mlx5_vport *vport = &esw->vports[vport_num];
1635 vport->vport = vport_num;
1636 vport->info.link_state = MLX5_ESW_VPORT_ADMIN_STATE_AUTO;
1638 INIT_WORK(&vport->vport_change_handler,
1639 esw_vport_change_handler);
1642 esw->total_vports = total_vports;
1643 esw->enabled_vports = 0;
1644 esw->mode = SRIOV_NONE;
1646 dev->priv.eswitch = esw;
1649 if (esw->work_queue)
1650 destroy_workqueue(esw->work_queue);
1651 kfree(esw->l2_table.bitmap);
1653 kfree(esw->offloads.vport_reps);
1658 void mlx5_eswitch_cleanup(struct mlx5_eswitch *esw)
1660 if (!esw || !MLX5_CAP_GEN(esw->dev, vport_group_manager) ||
1661 MLX5_CAP_GEN(esw->dev, port_type) != MLX5_CAP_PORT_TYPE_ETH)
1664 esw_info(esw->dev, "cleanup\n");
1666 esw->dev->priv.eswitch = NULL;
1667 destroy_workqueue(esw->work_queue);
1668 kfree(esw->l2_table.bitmap);
1669 kfree(esw->mc_promisc);
1670 kfree(esw->offloads.vport_reps);
1675 void mlx5_eswitch_vport_event(struct mlx5_eswitch *esw, struct mlx5_eqe *eqe)
1677 struct mlx5_eqe_vport_change *vc_eqe = &eqe->data.vport_change;
1678 u16 vport_num = be16_to_cpu(vc_eqe->vport_num);
1679 struct mlx5_vport *vport;
1682 pr_warn("MLX5 E-Switch: vport %d got an event while eswitch is not initialized\n",
1687 vport = &esw->vports[vport_num];
1689 queue_work(esw->work_queue, &vport->vport_change_handler);
1692 /* Vport Administration */
1693 #define ESW_ALLOWED(esw) \
1694 (esw && MLX5_CAP_GEN(esw->dev, vport_group_manager) && mlx5_core_is_pf(esw->dev))
1695 #define LEGAL_VPORT(esw, vport) (vport >= 0 && vport < esw->total_vports)
1697 int mlx5_eswitch_set_vport_mac(struct mlx5_eswitch *esw,
1698 int vport, u8 mac[ETH_ALEN])
1700 struct mlx5_vport *evport;
1704 if (!ESW_ALLOWED(esw))
1706 if (!LEGAL_VPORT(esw, vport))
1709 mutex_lock(&esw->state_lock);
1710 evport = &esw->vports[vport];
1712 if (evport->info.spoofchk && !is_valid_ether_addr(mac)) {
1713 mlx5_core_warn(esw->dev,
1714 "MAC invalidation is not allowed when spoofchk is on, vport(%d)\n",
1720 err = mlx5_modify_nic_vport_mac_address(esw->dev, vport, mac);
1722 mlx5_core_warn(esw->dev,
1723 "Failed to mlx5_modify_nic_vport_mac vport(%d) err=(%d)\n",
1728 node_guid_gen_from_mac(&node_guid, mac);
1729 err = mlx5_modify_nic_vport_node_guid(esw->dev, vport, node_guid);
1731 mlx5_core_warn(esw->dev,
1732 "Failed to set vport %d node guid, err = %d. RDMA_CM will not function properly for this VF.\n",
1735 ether_addr_copy(evport->info.mac, mac);
1736 evport->info.node_guid = node_guid;
1737 if (evport->enabled && esw->mode == SRIOV_LEGACY)
1738 err = esw_vport_ingress_config(esw, evport);
1741 mutex_unlock(&esw->state_lock);
1745 int mlx5_eswitch_set_vport_state(struct mlx5_eswitch *esw,
1746 int vport, int link_state)
1748 struct mlx5_vport *evport;
1751 if (!ESW_ALLOWED(esw))
1753 if (!LEGAL_VPORT(esw, vport))
1756 mutex_lock(&esw->state_lock);
1757 evport = &esw->vports[vport];
1759 err = mlx5_modify_vport_admin_state(esw->dev,
1760 MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT,
1763 mlx5_core_warn(esw->dev,
1764 "Failed to set vport %d link state, err = %d",
1769 evport->info.link_state = link_state;
1772 mutex_unlock(&esw->state_lock);
1776 int mlx5_eswitch_get_vport_config(struct mlx5_eswitch *esw,
1777 int vport, struct ifla_vf_info *ivi)
1779 struct mlx5_vport *evport;
1781 if (!ESW_ALLOWED(esw))
1783 if (!LEGAL_VPORT(esw, vport))
1786 evport = &esw->vports[vport];
1788 memset(ivi, 0, sizeof(*ivi));
1789 ivi->vf = vport - 1;
1791 mutex_lock(&esw->state_lock);
1792 ether_addr_copy(ivi->mac, evport->info.mac);
1793 ivi->linkstate = evport->info.link_state;
1794 ivi->vlan = evport->info.vlan;
1795 ivi->qos = evport->info.qos;
1796 ivi->spoofchk = evport->info.spoofchk;
1797 ivi->trusted = evport->info.trusted;
1798 mutex_unlock(&esw->state_lock);
1803 int __mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
1804 int vport, u16 vlan, u8 qos, u8 set_flags)
1806 struct mlx5_vport *evport;
1809 if (!ESW_ALLOWED(esw))
1811 if (!LEGAL_VPORT(esw, vport) || (vlan > 4095) || (qos > 7))
1814 mutex_lock(&esw->state_lock);
1815 evport = &esw->vports[vport];
1817 err = modify_esw_vport_cvlan(esw->dev, vport, vlan, qos, set_flags);
1821 evport->info.vlan = vlan;
1822 evport->info.qos = qos;
1823 if (evport->enabled && esw->mode == SRIOV_LEGACY) {
1824 err = esw_vport_ingress_config(esw, evport);
1827 err = esw_vport_egress_config(esw, evport);
1831 mutex_unlock(&esw->state_lock);
1835 int mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
1836 int vport, u16 vlan, u8 qos)
1841 set_flags = SET_VLAN_STRIP | SET_VLAN_INSERT;
1843 return __mlx5_eswitch_set_vport_vlan(esw, vport, vlan, qos, set_flags);
1846 int mlx5_eswitch_set_vport_spoofchk(struct mlx5_eswitch *esw,
1847 int vport, bool spoofchk)
1849 struct mlx5_vport *evport;
1853 if (!ESW_ALLOWED(esw))
1855 if (!LEGAL_VPORT(esw, vport))
1858 mutex_lock(&esw->state_lock);
1859 evport = &esw->vports[vport];
1860 pschk = evport->info.spoofchk;
1861 evport->info.spoofchk = spoofchk;
1862 if (evport->enabled && esw->mode == SRIOV_LEGACY)
1863 err = esw_vport_ingress_config(esw, evport);
1865 evport->info.spoofchk = pschk;
1866 mutex_unlock(&esw->state_lock);
1871 int mlx5_eswitch_set_vport_trust(struct mlx5_eswitch *esw,
1872 int vport, bool setting)
1874 struct mlx5_vport *evport;
1876 if (!ESW_ALLOWED(esw))
1878 if (!LEGAL_VPORT(esw, vport))
1881 mutex_lock(&esw->state_lock);
1882 evport = &esw->vports[vport];
1883 evport->info.trusted = setting;
1884 if (evport->enabled)
1885 esw_vport_change_handle_locked(evport);
1886 mutex_unlock(&esw->state_lock);
1891 int mlx5_eswitch_get_vport_stats(struct mlx5_eswitch *esw,
1893 struct ifla_vf_stats *vf_stats)
1895 int outlen = MLX5_ST_SZ_BYTES(query_vport_counter_out);
1896 u32 in[MLX5_ST_SZ_DW(query_vport_counter_in)] = {0};
1900 if (!ESW_ALLOWED(esw))
1902 if (!LEGAL_VPORT(esw, vport))
1905 out = mlx5_vzalloc(outlen);
1909 MLX5_SET(query_vport_counter_in, in, opcode,
1910 MLX5_CMD_OP_QUERY_VPORT_COUNTER);
1911 MLX5_SET(query_vport_counter_in, in, op_mod, 0);
1912 MLX5_SET(query_vport_counter_in, in, vport_number, vport);
1914 MLX5_SET(query_vport_counter_in, in, other_vport, 1);
1916 memset(out, 0, outlen);
1917 err = mlx5_cmd_exec(esw->dev, in, sizeof(in), out, outlen);
1921 #define MLX5_GET_CTR(p, x) \
1922 MLX5_GET64(query_vport_counter_out, p, x)
1924 memset(vf_stats, 0, sizeof(*vf_stats));
1925 vf_stats->rx_packets =
1926 MLX5_GET_CTR(out, received_eth_unicast.packets) +
1927 MLX5_GET_CTR(out, received_eth_multicast.packets) +
1928 MLX5_GET_CTR(out, received_eth_broadcast.packets);
1930 vf_stats->rx_bytes =
1931 MLX5_GET_CTR(out, received_eth_unicast.octets) +
1932 MLX5_GET_CTR(out, received_eth_multicast.octets) +
1933 MLX5_GET_CTR(out, received_eth_broadcast.octets);
1935 vf_stats->tx_packets =
1936 MLX5_GET_CTR(out, transmitted_eth_unicast.packets) +
1937 MLX5_GET_CTR(out, transmitted_eth_multicast.packets) +
1938 MLX5_GET_CTR(out, transmitted_eth_broadcast.packets);
1940 vf_stats->tx_bytes =
1941 MLX5_GET_CTR(out, transmitted_eth_unicast.octets) +
1942 MLX5_GET_CTR(out, transmitted_eth_multicast.octets) +
1943 MLX5_GET_CTR(out, transmitted_eth_broadcast.octets);
1945 vf_stats->multicast =
1946 MLX5_GET_CTR(out, received_eth_multicast.packets);
1948 vf_stats->broadcast =
1949 MLX5_GET_CTR(out, received_eth_broadcast.packets);