ice_vf_mbx.c source code [linux/drivers/net/ethernet/intel/ice/ice_vf_mbx.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/ Copyright (c) 2018, Intel Corporation. /
3
4	#include "ice_common.h"
5	#include "ice_vf_mbx.h"
6
7	/**
8	* ice_aq_send_msg_to_vf
9	* @hw: pointer to the hardware structure
10	* @vfid: VF ID to send msg
11	* @v_opcode: opcodes for VF-PF communication
12	* @v_retval: return error code
13	* @msg: pointer to the msg buffer
14	* @msglen: msg length
15	* @cd: pointer to command details
16	*
17	* Send message to VF driver (0x0802) using mailbox
18	* queue and asynchronously sending message via
19	* ice_sq_send_cmd() function
20	*/
21	int
22	ice_aq_send_msg_to_vf(struct ice_hw *hw, u16 vfid, u32 v_opcode, u32 v_retval,
23	u8 msg, u16 msglen, struct* ice_sq_cd *cd)
24	{
25	struct ice_aqc_pf_vf_msg *cmd;
26	struct ice_aq_desc desc;
27
28	ice_fill_dflt_direct_cmd_desc(desc: &desc, opcode: ice_mbx_opc_send_msg_to_vf);
29
30	cmd = &desc.params.virt;
31	cmd->id = cpu_to_le32(vfid);
32
33	desc.cookie_high = cpu_to_le32(v_opcode);
34	desc.cookie_low = cpu_to_le32(v_retval);
35
36	if (msglen)
37	desc.flags \|= cpu_to_le16(ICE_AQ_FLAG_RD);
38
39	return ice_sq_send_cmd(hw, cq: &hw->mailboxq, desc: &desc, buf: msg, buf_size: msglen, cd);
40	}
41
42	static const u32 ice_legacy_aq_to_vc_speed[] = {
43	VIRTCHNL_LINK_SPEED_100MB, / BIT(0) /
44	VIRTCHNL_LINK_SPEED_100MB,
45	VIRTCHNL_LINK_SPEED_1GB,
46	VIRTCHNL_LINK_SPEED_1GB,
47	VIRTCHNL_LINK_SPEED_1GB,
48	VIRTCHNL_LINK_SPEED_10GB,
49	VIRTCHNL_LINK_SPEED_20GB,
50	VIRTCHNL_LINK_SPEED_25GB,
51	VIRTCHNL_LINK_SPEED_40GB,
52	VIRTCHNL_LINK_SPEED_40GB,
53	VIRTCHNL_LINK_SPEED_40GB,
54	};
55
56	/**
57	* ice_conv_link_speed_to_virtchnl
58	* @adv_link_support: determines the format of the returned link speed
59	* @link_speed: variable containing the link_speed to be converted
60	*
61	* Convert link speed supported by HW to link speed supported by virtchnl.
62	* If adv_link_support is true, then return link speed in Mbps. Else return
63	* link speed as a VIRTCHNL_LINK_SPEED_* casted to a u32. Note that the caller
64	* needs to cast back to an enum virtchnl_link_speed in the case where
65	* adv_link_support is false, but when adv_link_support is true the caller can
66	* expect the speed in Mbps.
67	*/
68	u32 ice_conv_link_speed_to_virtchnl(bool adv_link_support, u16 link_speed)
69	{
70	/ convert a BIT() value into an array index /
71	u32 index = fls(x: link_speed) - `1`;
72
73	if (adv_link_support)
74	return ice_get_link_speed(index);
75	else if (index < ARRAY_SIZE(ice_legacy_aq_to_vc_speed))
76	/ Virtchnl speeds are not defined for every speed supported in*
77	* the hardware. To maintain compatibility with older AVF
78	* drivers, while reporting the speed the new speed values are
79	* resolved to the closest known virtchnl speeds
80	*/
81	return ice_legacy_aq_to_vc_speed[index];
82
83	return VIRTCHNL_LINK_SPEED_UNKNOWN;
84	}
85
86	/ The mailbox overflow detection algorithm helps to check if there*
87	* is a possibility of a malicious VF transmitting too many MBX messages to the
88	* PF.
89	* 1. The mailbox snapshot structure, ice_mbx_snapshot, is initialized during
90	* driver initialization in ice_init_hw() using ice_mbx_init_snapshot().
91	* The struct ice_mbx_snapshot helps to track and traverse a static window of
92	* messages within the mailbox queue while looking for a malicious VF.
93	*
94	* 2. When the caller starts processing its mailbox queue in response to an
95	* interrupt, the structure ice_mbx_snapshot is expected to be cleared before
96	* the algorithm can be run for the first time for that interrupt. This
97	* requires calling ice_mbx_reset_snapshot() as well as calling
98	* ice_mbx_reset_vf_info() for each VF tracking structure.
99	*
100	* 3. For every message read by the caller from the MBX Queue, the caller must
101	* call the detection algorithm's entry function ice_mbx_vf_state_handler().
102	* Before every call to ice_mbx_vf_state_handler() the struct ice_mbx_data is
103	* filled as it is required to be passed to the algorithm.
104	*
105	* 4. Every time a message is read from the MBX queue, a tracking structure
106	* for the VF must be passed to the state handler. The boolean output
107	* report_malvf from ice_mbx_vf_state_handler() serves as an indicator to the
108	* caller whether it must report this VF as malicious or not.
109	*
110	* 5. When a VF is identified to be malicious, the caller can send a message
111	* to the system administrator.
112	*
113	* 6. The PF is responsible for maintaining the struct ice_mbx_vf_info
114	* structure for each VF. The PF should clear the VF tracking structure if the
115	* VF is reset. When a VF is shut down and brought back up, we will then
116	* assume that the new VF is not malicious and may report it again if we
117	* detect it again.
118	*
119	* 7. The function ice_mbx_reset_snapshot() is called to reset the information
120	* in ice_mbx_snapshot for every new mailbox interrupt handled.
121	*/
122	#define ICE_RQ_DATA_MASK(rq_data) ((rq_data) & PF_MBX_ARQH_ARQH_M)
123	/ Using the highest value for an unsigned 16-bit value 0xFFFF to indicate that*
124	* the max messages check must be ignored in the algorithm
125	*/
126	#define ICE_IGNORE_MAX_MSG_CNT 0xFFFF
127
128	/**
129	* ice_mbx_reset_snapshot - Reset mailbox snapshot structure
130	* @snap: pointer to the mailbox snapshot
131	*/
132	static void ice_mbx_reset_snapshot(struct ice_mbx_snapshot *snap)
133	{
134	struct ice_mbx_vf_info *vf_info;
135
136	/ Clear mbx_buf in the mailbox snaphot structure and setting the*
137	* mailbox snapshot state to a new capture.
138	*/
139	memset(&snap->mbx_buf, `0`, sizeof(snap->mbx_buf));
140	snap->mbx_buf.state = ICE_MAL_VF_DETECT_STATE_NEW_SNAPSHOT;
141
142	/ Reset message counts for all VFs to zero /
143	list_for_each_entry(vf_info, &snap->mbx_vf, list_entry)
144	vf_info->msg_count = `0`;
145	}
146
147	/**
148	* ice_mbx_traverse - Pass through mailbox snapshot
149	* @hw: pointer to the HW struct
150	* @new_state: new algorithm state
151	*
152	* Traversing the mailbox static snapshot without checking
153	* for malicious VFs.
154	*/
155	static void
156	ice_mbx_traverse(struct ice_hw *hw,
157	enum ice_mbx_snapshot_state *new_state)
158	{
159	struct ice_mbx_snap_buffer_data *snap_buf;
160	u32 num_iterations;
161
162	snap_buf = &hw->mbx_snapshot.mbx_buf;
163
164	/ As mailbox buffer is circular, applying a mask*
165	* on the incremented iteration count.
166	*/
167	num_iterations = ICE_RQ_DATA_MASK(++snap_buf->num_iterations);
168
169	/ Checking either of the below conditions to exit snapshot traversal:*
170	* Condition-1: If the number of iterations in the mailbox is equal to
171	* the mailbox head which would indicate that we have reached the end
172	* of the static snapshot.
173	* Condition-2: If the maximum messages serviced in the mailbox for a
174	* given interrupt is the highest possible value then there is no need
175	* to check if the number of messages processed is equal to it. If not
176	* check if the number of messages processed is greater than or equal
177	* to the maximum number of mailbox entries serviced in current work item.
178	*/
179	if (num_iterations == snap_buf->head \|\|
180	(snap_buf->max_num_msgs_mbx < ICE_IGNORE_MAX_MSG_CNT &&
181	++snap_buf->num_msg_proc >= snap_buf->max_num_msgs_mbx))
182	*new_state = ICE_MAL_VF_DETECT_STATE_NEW_SNAPSHOT;
183	}
184
185	/**
186	* ice_mbx_detect_malvf - Detect malicious VF in snapshot
187	* @hw: pointer to the HW struct
188	* @vf_info: mailbox tracking structure for a VF
189	* @new_state: new algorithm state
190	* @is_malvf: boolean output to indicate if VF is malicious
191	*
192	* This function tracks the number of asynchronous messages
193	* sent per VF and marks the VF as malicious if it exceeds
194	* the permissible number of messages to send.
195	*/
196	static int
197	ice_mbx_detect_malvf(struct ice_hw hw, struct* ice_mbx_vf_info *vf_info,
198	enum ice_mbx_snapshot_state *new_state,
199	bool *is_malvf)
200	{
201	/ increment the message count for this VF /
202	vf_info->msg_count++;
203
204	if (vf_info->msg_count >= ICE_ASYNC_VF_MSG_THRESHOLD)
205	*is_malvf = true;
206
207	/ continue to iterate through the mailbox snapshot /
208	ice_mbx_traverse(hw, new_state);
209
210	return `0`;
211	}
212
213	/**
214	* ice_mbx_vf_state_handler - Handle states of the overflow algorithm
215	* @hw: pointer to the HW struct
216	* @mbx_data: pointer to structure containing mailbox data
217	* @vf_info: mailbox tracking structure for the VF in question
218	* @report_malvf: boolean output to indicate whether VF should be reported
219	*
220	* The function serves as an entry point for the malicious VF
221	* detection algorithm by handling the different states and state
222	* transitions of the algorithm:
223	* New snapshot: This state is entered when creating a new static
224	* snapshot. The data from any previous mailbox snapshot is
225	* cleared and a new capture of the mailbox head and tail is
226	* logged. This will be the new static snapshot to detect
227	* asynchronous messages sent by VFs. On capturing the snapshot
228	* and depending on whether the number of pending messages in that
229	* snapshot exceed the watermark value, the state machine enters
230	* traverse or detect states.
231	* Traverse: If pending message count is below watermark then iterate
232	* through the snapshot without any action on VF.
233	* Detect: If pending message count exceeds watermark traverse
234	* the static snapshot and look for a malicious VF.
235	*/
236	int
237	ice_mbx_vf_state_handler(struct ice_hw hw, struct* ice_mbx_data *mbx_data,
238	struct ice_mbx_vf_info vf_info, bool report_malvf)
239	{
240	struct ice_mbx_snapshot *snap = &hw->mbx_snapshot;
241	struct ice_mbx_snap_buffer_data *snap_buf;
242	struct ice_ctl_q_info *cq = &hw->mailboxq;
243	enum ice_mbx_snapshot_state new_state;
244	bool is_malvf = false;
245	int status = `0`;
246
247	if (!report_malvf \|\| !mbx_data \|\| !vf_info)
248	return -EINVAL;
249
250	*report_malvf = false;
251
252	/ When entering the mailbox state machine assume that the VF*
253	* is not malicious until detected.
254	*/
255	/ Checking if max messages allowed to be processed while servicing current*
256	* interrupt is not less than the defined AVF message threshold.
257	*/
258	if (mbx_data->max_num_msgs_mbx <= ICE_ASYNC_VF_MSG_THRESHOLD)
259	return -EINVAL;
260
261	/ The watermark value should not be lesser than the threshold limit*
262	* set for the number of asynchronous messages a VF can send to mailbox
263	* nor should it be greater than the maximum number of messages in the
264	* mailbox serviced in current interrupt.
265	*/
266	if (mbx_data->async_watermark_val < ICE_ASYNC_VF_MSG_THRESHOLD \|\|
267	mbx_data->async_watermark_val > mbx_data->max_num_msgs_mbx)
268	return -EINVAL;
269
270	new_state = ICE_MAL_VF_DETECT_STATE_INVALID;
271	snap_buf = &snap->mbx_buf;
272
273	switch (snap_buf->state) {
274	case ICE_MAL_VF_DETECT_STATE_NEW_SNAPSHOT:
275	/ Clear any previously held data in mailbox snapshot structure. /
276	ice_mbx_reset_snapshot(snap);
277
278	/ Collect the pending ARQ count, number of messages processed and*
279	* the maximum number of messages allowed to be processed from the
280	* Mailbox for current interrupt.
281	*/
282	snap_buf->num_pending_arq = mbx_data->num_pending_arq;
283	snap_buf->num_msg_proc = mbx_data->num_msg_proc;
284	snap_buf->max_num_msgs_mbx = mbx_data->max_num_msgs_mbx;
285
286	/ Capture a new static snapshot of the mailbox by logging the*
287	* head and tail of snapshot and set num_iterations to the tail
288	* value to mark the start of the iteration through the snapshot.
289	*/
290	snap_buf->head = ICE_RQ_DATA_MASK(cq->rq.next_to_clean +
291	mbx_data->num_pending_arq);
292	snap_buf->tail = ICE_RQ_DATA_MASK(cq->rq.next_to_clean - `1`);
293	snap_buf->num_iterations = snap_buf->tail;
294
295	/ Pending ARQ messages returned by ice_clean_rq_elem*
296	* is the difference between the head and tail of the
297	* mailbox queue. Comparing this value against the watermark
298	* helps to check if we potentially have malicious VFs.
299	*/
300	if (snap_buf->num_pending_arq >=
301	mbx_data->async_watermark_val) {
302	new_state = ICE_MAL_VF_DETECT_STATE_DETECT;
303	status = ice_mbx_detect_malvf(hw, vf_info, new_state: &new_state, is_malvf: &is_malvf);
304	} else {
305	new_state = ICE_MAL_VF_DETECT_STATE_TRAVERSE;
306	ice_mbx_traverse(hw, new_state: &new_state);
307	}
308	break;
309
310	case ICE_MAL_VF_DETECT_STATE_TRAVERSE:
311	new_state = ICE_MAL_VF_DETECT_STATE_TRAVERSE;
312	ice_mbx_traverse(hw, new_state: &new_state);
313	break;
314
315	case ICE_MAL_VF_DETECT_STATE_DETECT:
316	new_state = ICE_MAL_VF_DETECT_STATE_DETECT;
317	status = ice_mbx_detect_malvf(hw, vf_info, new_state: &new_state, is_malvf: &is_malvf);
318	break;
319
320	default:
321	new_state = ICE_MAL_VF_DETECT_STATE_INVALID;
322	status = -EIO;
323	}
324
325	snap_buf->state = new_state;
326
327	/ Only report VFs as malicious the first time we detect it /
328	if (is_malvf && !vf_info->malicious) {
329	vf_info->malicious = `1`;
330	*report_malvf = true;
331	}
332
333	return status;
334	}
335
336	/**
337	* ice_mbx_clear_malvf - Clear VF mailbox info
338	* @vf_info: the mailbox tracking structure for a VF
339	*
340	* In case of a VF reset, this function shall be called to clear the VF's
341	* current mailbox tracking state.
342	*/
343	void ice_mbx_clear_malvf(struct ice_mbx_vf_info *vf_info)
344	{
345	vf_info->malicious = `0`;
346	vf_info->msg_count = `0`;
347	}
348
349	/**
350	* ice_mbx_init_vf_info - Initialize a new VF mailbox tracking info
351	* @hw: pointer to the hardware structure
352	* @vf_info: the mailbox tracking info structure for a VF
353	*
354	* Initialize a VF mailbox tracking info structure and insert it into the
355	* snapshot list.
356	*
357	* If you remove the VF, you must also delete the associated VF info structure
358	* from the linked list.
359	*/
360	void ice_mbx_init_vf_info(struct ice_hw hw, struct* ice_mbx_vf_info *vf_info)
361	{
362	struct ice_mbx_snapshot *snap = &hw->mbx_snapshot;
363
364	ice_mbx_clear_malvf(vf_info);
365	list_add(new: &vf_info->list_entry, head: &snap->mbx_vf);
366	}
367
368	/**
369	* ice_mbx_init_snapshot - Initialize mailbox snapshot data
370	* @hw: pointer to the hardware structure
371	*
372	* Clear the mailbox snapshot structure and initialize the VF mailbox list.
373	*/
374	void ice_mbx_init_snapshot(struct ice_hw *hw)
375	{
376	struct ice_mbx_snapshot *snap = &hw->mbx_snapshot;
377
378	INIT_LIST_HEAD(list: &snap->mbx_vf);
379	ice_mbx_reset_snapshot(snap);
380	}
381

source code of linux/drivers/net/ethernet/intel/ice/ice_vf_mbx.c