[PATCH net-next 11/15] net: enetc: restore VF MAC promiscuous mode after FLR for ENETC v4
From: <hidden>
Date: 2026-06-05 07:24:07
Also in:
imx, lkml
Subsystem:
freescale enetc ethernet drivers, networking drivers, the rest · Maintainers:
Claudiu Manoil, Vladimir Oltean, Wei Fang, Clark Wang, Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds
From: Wei Fang <wei.fang@nxp.com> On ENETC v4, a PCIe VF Function Level Reset (FLR) resets certain bits in PF register space, including PSIPMMR[SIn_MAC_UP] and PSIPMMR[SIn_MAC_MP], which control the unicast and multicast promiscuous mode for the corresponding SI. The reset (default) value of these bits enables promiscuous mode, meaning that after a VF FLR, the SI is left in promiscuous mode regardless of the configuration set by the PF driver prior to the reset. This is a potential security vulnerability: a malicious VM could deliberately trigger a VF FLR to force promiscuous mode on its SI, allowing it to capture network traffic not destined for that VF. To mitigate this, make the following changes: - Add ENETC_VF_FLAG_UC_PROMISC and ENETC_VF_FLAG_MC_PROMISC to enetc_vf_flags to track the PF-managed promiscuous mode state for each VF. - Update enetc_msg_set_vf_mac_promisc_mode() to keep these flags in sync whenever a VF requests a promiscuous mode change via messaging. - Update enetc_pf_set_vf_trust() to clear both promisc flags when a VF is untrusted, so that a subsequent FLR cannot restore promiscuous mode that the PF has already revoked. - Add a vf_flr_handler callback to enetc_pf_ops. The ENETC v4 implementation re-applies the tracked UC/MC promiscuous mode settings to the hardware after each FLR, ensuring the hardware state matches the PF-managed policy rather than the insecure reset default. - Add enetc_vf_flr_handler() in enetc_msg.c to detect FLR events via the PSIIDR register and dispatch to the vf_flr_handler callback. Invoke it at the start of enetc_msg_task() before processing VF messages. - Enable FLR interrupts in PSIIER only when a vf_flr_handler callback is registered, keeping ENETC v1 behavior unchanged. Signed-off-by: Wei Fang <wei.fang@nxp.com> --- .../net/ethernet/freescale/enetc/enetc4_pf.c | 21 +++++++++ .../net/ethernet/freescale/enetc/enetc_hw.h | 12 +++++ .../net/ethernet/freescale/enetc/enetc_msg.c | 44 ++++++++++++++++++- .../net/ethernet/freescale/enetc/enetc_pf.h | 3 ++ .../freescale/enetc/enetc_pf_common.c | 4 +- 5 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc4_pf.c b/drivers/net/ethernet/freescale/enetc/enetc4_pf.c
index 2e081a59154e..15c8b704b2b7 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc4_pf.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc4_pf.c@@ -283,11 +283,32 @@ static void enetc4_pf_set_mac_filter(struct enetc_pf *pf, int type) enetc4_pf_set_mac_hash_filter(pf, ENETC_MAC_FILTER_TYPE_MC); } +static void enetc4_pf_vf_flr_handler(struct enetc_pf *pf, int vf_id) +{ + struct enetc_hw *hw = &pf->si->hw; + struct enetc_vf_state *vf_state; + bool uc_promisc, mc_promisc; + + vf_state = &pf->vf_state[vf_id]; + mutex_lock(&vf_state->lock); + + uc_promisc = !!(vf_state->flags & ENETC_VF_FLAG_UC_PROMISC); + mc_promisc = !!(vf_state->flags & ENETC_VF_FLAG_MC_PROMISC); + + mutex_lock(&pf->msg_lock); + enetc4_pf_set_si_mac_promisc(hw, vf_id + 1, UC, uc_promisc); + enetc4_pf_set_si_mac_promisc(hw, vf_id + 1, MC, mc_promisc); + mutex_unlock(&pf->msg_lock); + + mutex_unlock(&vf_state->lock); +} + static const struct enetc_pf_ops enetc4_pf_ops = { .set_si_primary_mac = enetc4_pf_set_si_primary_mac, .get_si_primary_mac = enetc4_pf_get_si_primary_mac, .set_si_mac_promisc = enetc4_pf_set_si_mac_promisc, .set_si_mac_hash_filter = enetc4_pf_set_si_mac_hash_filter, + .vf_flr_handler = enetc4_pf_vf_flr_handler, }; static int enetc4_pf_struct_init(struct enetc_si *si)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_hw.h b/drivers/net/ethernet/freescale/enetc/enetc_hw.h
index 37c6060ccc82..62844344ff29 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_hw.h
+++ b/drivers/net/ethernet/freescale/enetc/enetc_hw.h@@ -109,6 +109,18 @@ static inline u32 enetc_vsi_set_msize(u32 size) #define ENETC_PSIIER 0xa00 #define ENETC_PSIIDR 0xa08 + +/* VF FLR interrupt mask, n is the active number of VSIs. + * It is available for ENETC_PSIIER and ENETC_PSIIDR registers. + */ +#define ENETC_VFFLR_MASK(n) \ + ({ typeof(n) _n = (n); (_n) ? GENMASK(16 + (_n), 17) : 0; }) + +/* VF FLR interrupt bit, n is VSI index. It is available + * for ENETC_PSIIER and ENETC_PSIIDR registers. + */ +#define ENETC_VFFLR_BIT(n) BIT(17 + (n)) + #define ENETC_SITXIDR 0xa18 #define ENETC_SIRXIDR 0xa28 #define ENETC_SIMSIVR 0xa30
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_msg.c b/drivers/net/ethernet/freescale/enetc/enetc_msg.c
index d9560e2c5385..6aacb22cfa82 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_msg.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_msg.c@@ -23,6 +23,9 @@ static void enetc_enable_psiier_interrupts(struct enetc_pf *pf) u32 psiier = ENETC_PSIMR_MASK(pf->num_vfs); struct enetc_hw *hw = &pf->si->hw; + if (pf->ops->vf_flr_handler) + psiier |= ENETC_VFFLR_MASK(pf->num_vfs); + enetc_wr(hw, ENETC_PSIIER, psiier); }
@@ -184,11 +187,23 @@ static u16 enetc_msg_set_vf_mac_promisc_mode(struct enetc_pf *pf, int vf_id, mutex_lock(&pf->msg_lock); - if (type & ENETC_MAC_FILTER_TYPE_UC) + if (type & ENETC_MAC_FILTER_TYPE_UC) { + if (promisc) + vf_state->flags |= ENETC_VF_FLAG_UC_PROMISC; + else + vf_state->flags &= ~ENETC_VF_FLAG_UC_PROMISC; + pf->ops->set_si_mac_promisc(hw, si_id, UC, promisc); + } + + if (type & ENETC_MAC_FILTER_TYPE_MC) { + if (promisc) + vf_state->flags |= ENETC_VF_FLAG_MC_PROMISC; + else + vf_state->flags &= ~ENETC_VF_FLAG_MC_PROMISC; - if (type & ENETC_MAC_FILTER_TYPE_MC) pf->ops->set_si_mac_promisc(hw, si_id, MC, promisc); + } mutex_unlock(&pf->msg_lock);
@@ -507,6 +522,29 @@ static void enetc_msg_handle_rxmsg(struct enetc_pf *pf, int vf_id, kfree(msg); } +static void enetc_vf_flr_handler(struct enetc_pf *pf) +{ + u32 flr_mask = ENETC_VFFLR_MASK(pf->num_vfs); + struct enetc_hw *hw = &pf->si->hw; + u32 flr_status; + + if (!pf->ops->vf_flr_handler) + return; + + flr_status = enetc_rd(hw, ENETC_PSIIDR) & flr_mask; + if (!flr_status) + return; + + for (int i = 0; i < pf->num_vfs; i++) { + if (!(ENETC_VFFLR_BIT(i) & flr_status)) + continue; + + /* Clear FLR interrupt status, W1C */ + enetc_wr(hw, ENETC_PSIIDR, ENETC_VFFLR_BIT(i)); + pf->ops->vf_flr_handler(pf, i); + } +} + static void enetc_msg_task(struct work_struct *work) { struct enetc_si *si = container_of(work, struct enetc_si, msg_task);
@@ -515,6 +553,8 @@ static void enetc_msg_task(struct work_struct *work) u32 mr_status, mr_mask; int i; + enetc_vf_flr_handler(pf); + mr_mask = ENETC_PSIMR_MASK(pf->num_vfs); mr_status = (enetc_rd(hw, ENETC_PSIMSGRR) & mr_mask) | (enetc_rd(hw, ENETC_PSIIDR) & mr_mask);
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf.h b/drivers/net/ethernet/freescale/enetc/enetc_pf.h
index 7ca85731d6cc..650735a7de81 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_pf.h
+++ b/drivers/net/ethernet/freescale/enetc/enetc_pf.h@@ -10,6 +10,8 @@ enum enetc_vf_flags { ENETC_VF_FLAG_PF_SET_MAC = BIT(0), ENETC_VF_FLAG_TRUSTED = BIT(1), + ENETC_VF_FLAG_UC_PROMISC = BIT(2), + ENETC_VF_FLAG_MC_PROMISC = BIT(3), }; struct enetc_vf_state {
@@ -38,6 +40,7 @@ struct enetc_pf_ops { enum enetc_mac_addr_type type, bool en); void (*set_si_mac_hash_filter)(struct enetc_hw *hw, int si, enum enetc_mac_addr_type type, u64 hash); + void (*vf_flr_handler)(struct enetc_pf *pf, int vf_id); }; struct enetc_pf {
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf_common.c b/drivers/net/ethernet/freescale/enetc/enetc_pf_common.c
index 66a9a734d18e..1aecaba04cfd 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_pf_common.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_pf_common.c@@ -480,7 +480,9 @@ int enetc_pf_set_vf_trust(struct net_device *ndev, int vf, bool setting) if (setting) { vf_state->flags |= ENETC_VF_FLAG_TRUSTED; } else { - vf_state->flags &= ~ENETC_VF_FLAG_TRUSTED; + vf_state->flags &= ~(ENETC_VF_FLAG_TRUSTED | + ENETC_VF_FLAG_UC_PROMISC | + ENETC_VF_FLAG_MC_PROMISC); /* Clear MAC hash filters and disable MAC promiscuous modes * if the VF is untrusted.
--
2.34.1