diff options
| author |  Jacob Keller <jacob.e.keller@intel.com>
| 2024-02-16 14:06:37 -0800 |
|---|---|---|
| committer |  Tony Nguyen <anthony.l.nguyen@intel.com>
| 2024-03-04 10:24:13 -0800 |
| commit | 11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab (patch) | |
| tree | 27ada7efa15d034898ad416e567a00ea07d83b84 /security | |
| parent | ice: remove unnecessary duplicate checks for VF VSI ID (diff) | |
| download | linux-11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab.tar.gz linux-11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab.tar.bz2 linux-11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab.zip | |
ice: use relative VSI index for VFs instead of PF VSI number
When initializing over virtchnl, the PF is required to pass a VSI ID to the
VF as part of its capabilities exchange. The VF driver reports this value
back to the PF in a variety of commands. The PF driver validates that this
value matches the value it sent to the VF.
Some hardware families such as the E700 series could use this value when
reading RSS registers or communicating directly with firmware over the
Admin Queue.
However, E800 series hardware does not support any of these interfaces and
the VF's only use for this value is to report it back to the PF. Thus,
there is no requirement that this value be an actual VSI ID value of any
kind.
The PF driver already does not trust that the VF sends it a real VSI ID.
The VSI structure is always looked up from the VF structure. The PF does
validate that the VSI ID provided matches a VSI associated with the VF, but
otherwise does not use the VSI ID for any purpose.
Instead of reporting the VSI number relative to the PF space, report a
fixed value of 1. When communicating with the VF over virtchnl, validate
that the VSI number is returned appropriately.
This avoids leaking information about the firmware of the PF state.
Currently the ice driver only supplies a VF with a single VSI. However, it
appears that virtchnl has some support for allowing multiple VSIs. I did
not attempt to implement this. However, space is left open to allow further
relative indexes if additional VSIs are provided in future feature
development. For this reason, keep the ice_vc_isvalid_vsi_id function in
place to allow extending it for multiple VSIs in the future.
This change will also simplify handling of live migration in a future
series. Since we no longer will provide a real VSI number to the VF, there
will be no need to keep track of this number when migrating to a new host.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions