From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CE6B2D0C64; Tue, 25 Nov 2025 08:35:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059704; cv=none; b=Up9jkoJwtl1YeFRr5iXFAq2yNsQ4ZmIgWiFOImKOKb4GEWnokZunPd9mQqVtdL2qV897DHm2j4JR18wroOqE6Gw92JpApf96z0ndoIUz4Cc2fZpxM0DBkl8RgNDNbcOroT3ywe79gwt3zYAGkFCvEQHzw98vOHho/vM93Hkusi4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059704; c=relaxed/simple; bh=r5EaSDWS/NmPpI6YZYT8Fc7qlBaoieqrFHyUugOu9/o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=n9ILg7HV7N/3/FkdmxivNooM0Rz+MtBCZvkSwfoCFWM8wFW8Ze/lQysIaPaSrIhC6Dt1ckJdLLn+R8jfEcLA+92EbXjTqps0mDqfaWGMr9Z4ptpH15L8N3H7dDDWgvMK5wTx9DMqM9VpI9bK07di/zfDyMXvAe4a2quY0+Xjxgk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iYJYVRXl; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iYJYVRXl" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059702; x=1795595702; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=r5EaSDWS/NmPpI6YZYT8Fc7qlBaoieqrFHyUugOu9/o=; b=iYJYVRXlHYOht90gx/Iz4OeZJznCe/oYcW6TyQYjh3a0dUWJ7zWdmqNw EYOq1+g1loRsfHeyRYevS06GpVR668P6B1DdNzugeuTrB6FdFOIBrAGgn MQnFG++ALCjIDOnDHpUp5MD9h7m9u3KpPyAAy3EyjGhqjQiHl5GeBaFaC +ztKIwBcZ5AQ/CDWlz3GTxzJa2pkTgeIntn3eE+kgs39xB+4tjUTmWM9g N97LBg2BwBDIE5u5Zz2bdoXU0Yyga1RnbtzARb78zccANwtm3+GT1Fmih XCuMEYd8NlAVFcZ8yJwYYEQ5Z4TZVlzaSiODXEvNwsK78PeUGdJcLYL6w w==; X-CSE-ConnectionGUID: yPjTgxE5QCqMoeGmAbbx7w== X-CSE-MsgGUID: 24US4iTQTAWyJKIFE7yLEA== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694425" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694425" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:02 -0800 X-CSE-ConnectionGUID: Z6EnwLaTTHuXHK9utNrn6g== X-CSE-MsgGUID: CANhbQb6SiGAIHx+HW7l3Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749753" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:00 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 1/8] ice: in dvm, use outer VLAN in MAC,VLAN lookup Date: Tue, 25 Nov 2025 09:34:49 +0100 Message-ID: <20251125083456.28822-2-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In double VLAN mode (DVM), outer VLAN is located a word earlier in the field vector compared to the single VLAN mode. We already modify ICE_SW_LKUP_VLAN to use it but ICE_SW_LKUP_MAC_VLAN was left untouched, causing the lookup to match any packet with one or no layer of Dot1q. This change enables to fix cross-vlan loopback traffic using MAC,VLAN lookups. Reviewed-by: Aleksandr Loktionov Reviewed-by: Michal Swiatkowski Signed-off-by: Jakub Slepecki --- No changes in v2. --- drivers/net/ethernet/intel/ice/ice_vlan_mode.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/net/ethernet/intel/ice/ice_vlan_mode.c b/drivers/net/e= thernet/intel/ice/ice_vlan_mode.c index fb526cb84776..68a7b05de44e 100644 --- a/drivers/net/ethernet/intel/ice/ice_vlan_mode.c +++ b/drivers/net/ethernet/intel/ice/ice_vlan_mode.c @@ -198,6 +198,7 @@ static bool ice_is_dvm_supported(struct ice_hw *hw) #define ICE_SW_LKUP_VLAN_LOC_LKUP_IDX 1 #define ICE_SW_LKUP_VLAN_PKT_FLAGS_LKUP_IDX 2 #define ICE_SW_LKUP_PROMISC_VLAN_LOC_LKUP_IDX 2 +#define ICE_SW_LKUP_MAC_VLAN_LOC_LKUP_IDX 4 #define ICE_PKT_FLAGS_0_TO_15_FV_IDX 1 static struct ice_update_recipe_lkup_idx_params ice_dvm_dflt_recipes[] =3D= { { @@ -234,6 +235,17 @@ static struct ice_update_recipe_lkup_idx_params ice_dv= m_dflt_recipes[] =3D { .mask_valid =3D false, /* use pre-existing mask */ .lkup_idx =3D ICE_SW_LKUP_PROMISC_VLAN_LOC_LKUP_IDX, }, + { + /* Similarly to ICE_SW_LKUP_VLAN, change to outer/single VLAN in + * DVM + */ + .rid =3D ICE_SW_LKUP_MAC_VLAN, + .fv_idx =3D ICE_EXTERNAL_VLAN_ID_FV_IDX, + .ignore_valid =3D true, + .mask =3D 0, + .mask_valid =3D false, + .lkup_idx =3D ICE_SW_LKUP_MAC_VLAN_LOC_LKUP_IDX, + }, }; =20 /** --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B7C62DE6E3; Tue, 25 Nov 2025 08:35:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059706; cv=none; b=YtvoE4OaaevIpdUcn0gc/CNPKzLWJsjmdoB/mMAjr7fK2XMxO7Cu70MIHl24OnZU2KqzkFUn013mXgPbwLK4PaHYOERJdmGRivt+l3Px3YTxCB8EDiVxPv+PdRs0lrVRWML8XWPq7mLC5eHEYrgHMHEeyLs4eYHIEqCm3BCzye8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059706; c=relaxed/simple; bh=CkOg50ZTZK5cLrGgc9Uvzi0MGhXEEBucMaNkoTh/zYE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sl1d5MN1j7yJTktzYDwSd4a2psb03OWu8ZuDu62PfDNRjQSEnso5V66rlQIsYEFKmQucmPtfN5PjgzjMireqqcmFKqab+PRkypMO1HOPYuVP8rX1EWaD14gFEAxbiHnY9piVIPLEd/b9/G5jap4EOaPGZQBRIM/FHF7vEbDsn5E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dD6mkMo8; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dD6mkMo8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059704; x=1795595704; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CkOg50ZTZK5cLrGgc9Uvzi0MGhXEEBucMaNkoTh/zYE=; b=dD6mkMo8v0mePcPDjxb9gQ6z02G3f6dwigDXqQLfy1p6q68a4W4mfqtJ bECitfmZ9+TpGVIVw+bx1cIocUpb/cSm8uYLc6F2XBhLkk5KbW8lyZ5Ov EPO3G116BKNcApQSeOdXr2cWEchckDqHhnjfSW97ngQ4CrrYrSKiMvfo/ IN9gSluE62T+HpS5JYsna9RBPiSLezCHrIpoUG2lcImfe7OSIiO8YR7EZ /A/0Lp1VmOFCdwO048ahHHQkdhYTQRB5j+YdEeCDtqna1dJCXU0EVSE2o +4AY6+BD1jV3XaYuIp4nKXDQHo7xaNI/H2SLVBa9yHNWEGfkrsoYAqXb2 Q==; X-CSE-ConnectionGUID: miDRYEUFQpelKqetXOyXXQ== X-CSE-MsgGUID: VEZl39liR8OxzNE1Kyopig== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694436" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694436" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:04 -0800 X-CSE-ConnectionGUID: ljGkFbAqSLqyl64GnV9HsQ== X-CSE-MsgGUID: 5mpc/gcLQXCieSrgb6fySQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749757" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:02 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 2/8] ice: allow creating mac,vlan filters along mac filters Date: Tue, 25 Nov 2025 09:34:50 +0100 Message-ID: <20251125083456.28822-3-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Among other uses, MAC filters are currently used to forward loopback traffic between VSIs. However, they only match destination MAC addresses making them prone to mistakes when handling traffic within multiple VLANs and especially across the boundaries. This patch allows the driver to create MAC,VLAN filters in the same flow as MAC-only filters completely interchangeably. This is intended to be used to forward the loopback traffic only within the boundaries of particular VLANs. Reviewed-by: Michal Swiatkowski Reviewed-by: Aleksandr Loktionov Signed-off-by: Jakub Slepecki --- No changes in v2. --- drivers/net/ethernet/intel/ice/ice_switch.c | 48 ++++++++++++++++----- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethe= rnet/intel/ice/ice_switch.c index 84848f0123e7..0275e2910c6b 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.c +++ b/drivers/net/ethernet/intel/ice/ice_switch.c @@ -3606,6 +3606,29 @@ bool ice_vlan_fltr_exist(struct ice_hw *hw, u16 vlan= _id, u16 vsi_handle) return false; } =20 +/** + * ice_fltr_mac_address - Find MAC in filter + * @dst: output MAC address + * @info: information struct for the filter in question + * + * Return: 0 for success, %-ENXIO if no address was found in the filter + * information. + */ +static +int ice_fltr_mac_address(u8 *dst, struct ice_fltr_info *info) +{ + switch (info->lkup_type) { + case ICE_SW_LKUP_MAC: + ether_addr_copy(dst, info->l_data.mac.mac_addr); + return 0; + case ICE_SW_LKUP_MAC_VLAN: + ether_addr_copy(dst, info->l_data.mac_vlan.mac_addr); + return 0; + default: + return -ENXIO; + } +} + /** * ice_add_mac - Add a MAC address based filter rule * @hw: pointer to the hardware structure @@ -3614,16 +3637,19 @@ bool ice_vlan_fltr_exist(struct ice_hw *hw, u16 vla= n_id, u16 vsi_handle) int ice_add_mac(struct ice_hw *hw, struct list_head *m_list) { struct ice_fltr_list_entry *m_list_itr; - int status =3D 0; + int err; =20 if (!m_list || !hw) return -EINVAL; =20 list_for_each_entry(m_list_itr, m_list, list_entry) { - u8 *add =3D &m_list_itr->fltr_info.l_data.mac.mac_addr[0]; + u8 addr[ETH_ALEN]; u16 vsi_handle; u16 hw_vsi_id; =20 + err =3D ice_fltr_mac_address(addr, &m_list_itr->fltr_info); + if (err || is_zero_ether_addr(addr)) + return -EINVAL; m_list_itr->fltr_info.flag =3D ICE_FLTR_TX; vsi_handle =3D m_list_itr->fltr_info.vsi_handle; if (!ice_is_vsi_valid(hw, vsi_handle)) @@ -3634,17 +3660,19 @@ int ice_add_mac(struct ice_hw *hw, struct list_head= *m_list) if (m_list_itr->fltr_info.src_id !=3D ICE_SRC_ID_VSI) return -EINVAL; m_list_itr->fltr_info.src =3D hw_vsi_id; - if (m_list_itr->fltr_info.lkup_type !=3D ICE_SW_LKUP_MAC || - is_zero_ether_addr(add)) + if (m_list_itr->fltr_info.lkup_type !=3D ICE_SW_LKUP_MAC && + m_list_itr->fltr_info.lkup_type !=3D ICE_SW_LKUP_MAC_VLAN) return -EINVAL; =20 - m_list_itr->status =3D ice_add_rule_internal(hw, ICE_SW_LKUP_MAC, - m_list_itr); + m_list_itr->status =3D + ice_add_rule_internal(hw, + m_list_itr->fltr_info.lkup_type, + m_list_itr); if (m_list_itr->status) return m_list_itr->status; } =20 - return status; + return 0; } =20 /** @@ -4055,7 +4083,7 @@ int ice_remove_mac(struct ice_hw *hw, struct list_hea= d *m_list) enum ice_sw_lkup_type l_type =3D list_itr->fltr_info.lkup_type; u16 vsi_handle; =20 - if (l_type !=3D ICE_SW_LKUP_MAC) + if (l_type !=3D ICE_SW_LKUP_MAC && l_type !=3D ICE_SW_LKUP_MAC_VLAN) return -EINVAL; =20 vsi_handle =3D list_itr->fltr_info.vsi_handle; @@ -4066,7 +4094,7 @@ int ice_remove_mac(struct ice_hw *hw, struct list_hea= d *m_list) ice_get_hw_vsi_num(hw, vsi_handle); =20 list_itr->status =3D ice_remove_rule_internal(hw, - ICE_SW_LKUP_MAC, + l_type, list_itr); if (list_itr->status) return list_itr->status; @@ -4507,6 +4535,7 @@ ice_remove_vsi_lkup_fltr(struct ice_hw *hw, u16 vsi_h= andle, =20 switch (lkup) { case ICE_SW_LKUP_MAC: + case ICE_SW_LKUP_MAC_VLAN: ice_remove_mac(hw, &remove_list_head); break; case ICE_SW_LKUP_VLAN: @@ -4516,7 +4545,6 @@ ice_remove_vsi_lkup_fltr(struct ice_hw *hw, u16 vsi_h= andle, case ICE_SW_LKUP_PROMISC_VLAN: ice_remove_promisc(hw, lkup, &remove_list_head); break; - case ICE_SW_LKUP_MAC_VLAN: case ICE_SW_LKUP_ETHERTYPE: case ICE_SW_LKUP_ETHERTYPE_MAC: case ICE_SW_LKUP_DFLT: --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8F1C2FE07F; Tue, 25 Nov 2025 08:35:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059708; cv=none; b=d/EgYsCUsQ2jwrlQhkDjZqe0Fmjyjy7HpA4DN2d6p+Cm2GXO7hyjamWaZF3g9t+KGNkhqNsNlrFdPUEAba1DkE9fw52+dFWvD/q30leC9b1WhGT4Y0s1JBirMu9S/AlrcEXd6wCBiJrYrnqbEZ64g+3KWqCIw9MYFzPKb6TskpM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059708; c=relaxed/simple; bh=xUpDawPFLzKaHHNYiJdKNStCKkCfTxKkZDCKX4yXwnA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KNONz6ZUvaYkIa85pBO1yXO0G3/W2KfPWQzZr5hPRNeb6ZcgsVGXjzSnc0/epJudIv/SpsrZ3i/dLF36CRrrdFNgbSZDQWO7LIjxPTXT/IAWdyHjw9SnABnSByTYEQqkvtiRkbnS06el3wGdaJEnWipRPkJfQNiwBp4Q7Lq2fi8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=PRxf9QBb; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="PRxf9QBb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059706; x=1795595706; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=xUpDawPFLzKaHHNYiJdKNStCKkCfTxKkZDCKX4yXwnA=; b=PRxf9QBbUgq/Gd6DMBpeiiSeYramYnyPr9quU3r6L1uLnf8suPBY0lEv lx/loZABLSbG1m/Vw/+mo0hbOmGtM3Wq+LsOvEC2TvLIIZMfbMsZzlW9U Sfs4EjEvkhCL2+x4LYkQARKIL0sxN6Ciw4JMHVDIDgVFZhptEYx7LCwDx 2gi/cFnWIAY2B2jMprFzJnxTBu3/Bx5Vegr+XrdsK7x9ccWD57zYtdaeK 4BS5uAL5nNztIRFN8WQawXvi5ZvHSqvFZ0oehgL36CefpDGfetjLWhjF5 J1R+OOMS9ennTOqG+djGt0tQna2DQkk/jXL5c0P6n90saMHWqtEPE4aww g==; X-CSE-ConnectionGUID: fQ3RiYovSAq9VzQrqoHmHw== X-CSE-MsgGUID: X/ZxKYkjSTK8aczCZPgw1Q== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694443" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694443" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:06 -0800 X-CSE-ConnectionGUID: XUgbbGsWTuqMLHvT5UsbZw== X-CSE-MsgGUID: Gy/QTL77R6CVUSZnlQnqHg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749828" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:05 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 3/8] ice: do not check for zero mac when creating mac filters Date: Tue, 25 Nov 2025 09:34:51 +0100 Message-ID: <20251125083456.28822-4-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A zero MAC address was considered a special case while creating a new MAC filter. There is no particular reason for that other than the fact that the union containing it was assumed to be zeroed out. Now, address is pulled out of the union by ice_fltr_mac_address which checks all of the previously assumed zero-address cases and returns an error if they are hit. Reviewed-by: Aleksandr Loktionov Reviewed-by: Michal Swiatkowski Signed-off-by: Jakub Slepecki --- No changes in v2. --- drivers/net/ethernet/intel/ice/ice_switch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethe= rnet/intel/ice/ice_switch.c index 0275e2910c6b..04e5d653efce 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.c +++ b/drivers/net/ethernet/intel/ice/ice_switch.c @@ -3648,7 +3648,7 @@ int ice_add_mac(struct ice_hw *hw, struct list_head *= m_list) u16 hw_vsi_id; =20 err =3D ice_fltr_mac_address(addr, &m_list_itr->fltr_info); - if (err || is_zero_ether_addr(addr)) + if (err) return -EINVAL; m_list_itr->fltr_info.flag =3D ICE_FLTR_TX; vsi_handle =3D m_list_itr->fltr_info.vsi_handle; --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0E1B2FF166; Tue, 25 Nov 2025 08:35:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059710; cv=none; b=bIW+QYHsU4LEYGyrzdCRCm2+42CycKe9XufrMlvEvNCmPF/Z0HDHOn9TIW2vMuDtihu0qf/4OMqaqo/7jOI0j+L7WYn0QB8FjApwLw+7otdMIoUb0CN8v+FOqIFJsWMSAsiDEOwTwInvCTiYQVIL0cXzvdk6DWA5yYeh+3P4rSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059710; c=relaxed/simple; bh=LD1Sq4vuKKU7qYEKwzSby9X/dhqZHZ7greDgzv3gq80=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZZs3og8Xqx/vg0LvrFz+dK57lxuRwrFldNs5k2BOFeQV+s01SXZWkI2f1pz+LkUlwEv461LMpzivAobvpMr/IAoEioOn0MNIv1DEzZPg7eg1EicAmuqTZvfO+gAhqRj8XZ0675kObOd8szuBp8jgJQQMtBa5GlADK5TYenZuaFM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=icrBi0FN; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="icrBi0FN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059708; x=1795595708; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=LD1Sq4vuKKU7qYEKwzSby9X/dhqZHZ7greDgzv3gq80=; b=icrBi0FN1/SR7j9FX4xqpb292DPbC1WFqlQHp7IVCcBbCcGdVyx7xUAx VPpdBOK3tOUeIna+KRN9oKonWwqx0RckTf4Eo7gBydFUnYQ9OsuNoz3H0 74joVkjjV2vWdaY5vRZlir/zt12F/eb+XtQfODB7yWDsJnF9vvtpuY2ax XtNpspaS7qKhEl1JZPXe+EXm69RS9Ren7xAoyaJZHhMAXTLL6wx/fEM2o EzFeshaB5T8sOJEivi4GqaU1XWnPUFzB9/adv5Ve6gp0yE3bMi8b8UnlI WxFsD4lBHbjKu+i8gEgXL7gJan/I4dHR9we4juvVPueiOJ6rch0e1vZy8 w==; X-CSE-ConnectionGUID: j7qkJEzcQgyWC6IfCtRhAg== X-CSE-MsgGUID: VUAcT2TcQYafnds5MF39iA== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694450" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694450" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:08 -0800 X-CSE-ConnectionGUID: +zCLvLmcS66fbIl3F29HFA== X-CSE-MsgGUID: pxG76YHFSxWB+dOT9wBuFQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749931" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:07 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 4/8] ice: allow overriding lan_en, lb_en in switch Date: Tue, 25 Nov 2025 09:34:52 +0100 Message-ID: <20251125083456.28822-5-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Currently, lan_en and lb_en are determined based on switching mode, destination MAC, and the lookup type, action type and flags of the rule in question. This gives little to no options for the user (such as ice_fltr.c) to enforce rules to behave in a specific way. Such functionality is needed to work with pairs of rules, for example, when handling MAC forward to LAN together with MAC,VLAN forward to loopback rules pair. This case could not be easily deduced in a context of a single filter without adding a specialized flag. Instead of adding a specialized flag to mark special scenario rules, we add a slightly more generic flag to the lan_en and lb_en themselves for the ice_fltr.c to request specific destination flags later on, for example, to override value: struct ice_fltr_info fi; fi.lb_en =3D ICE_FLTR_INFO_LB_LAN_FORCE_ENABLED; fi.lan_en =3D ICE_FLTR_INFO_LB_LAN_FORCE_DISABLED; Signed-off-by: Jakub Slepecki --- Dropping reviewed-by from Micha=C5=82 due to changes. Changes in v2: - Use FIELD_GET et al. when handling fi.lb_en and fi.lan_en. - Rename /LB_LAN/s/_MASK/_M/ because one of uses would need to break line. --- drivers/net/ethernet/intel/ice/ice_switch.c | 21 +++++++++++++-------- drivers/net/ethernet/intel/ice/ice_switch.h | 8 ++++++++ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethe= rnet/intel/ice/ice_switch.c index 04e5d653efce..b3f5cda1571e 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.c +++ b/drivers/net/ethernet/intel/ice/ice_switch.c @@ -2538,8 +2538,9 @@ int ice_get_initial_sw_cfg(struct ice_hw *hw) */ static void ice_fill_sw_info(struct ice_hw *hw, struct ice_fltr_info *fi) { - fi->lb_en =3D false; - fi->lan_en =3D false; + bool lan_en =3D false; + bool lb_en =3D false; + if ((fi->flag & ICE_FLTR_TX) && (fi->fltr_act =3D=3D ICE_FWD_TO_VSI || fi->fltr_act =3D=3D ICE_FWD_TO_VSI_LIST || @@ -2549,7 +2550,7 @@ static void ice_fill_sw_info(struct ice_hw *hw, struc= t ice_fltr_info *fi) * packets to the internal switch that will be dropped. */ if (fi->lkup_type !=3D ICE_SW_LKUP_VLAN) - fi->lb_en =3D true; + lb_en =3D true; =20 /* Set lan_en to TRUE if * 1. The switch is a VEB AND @@ -2578,14 +2579,18 @@ static void ice_fill_sw_info(struct ice_hw *hw, str= uct ice_fltr_info *fi) !is_unicast_ether_addr(fi->l_data.mac.mac_addr)) || (fi->lkup_type =3D=3D ICE_SW_LKUP_MAC_VLAN && !is_unicast_ether_addr(fi->l_data.mac.mac_addr))) - fi->lan_en =3D true; + lan_en =3D true; } else { - fi->lan_en =3D true; + lan_en =3D true; } } =20 if (fi->flag & ICE_FLTR_TX_ONLY) - fi->lan_en =3D false; + lan_en =3D false; + if (!FIELD_GET(ICE_FLTR_INFO_LB_LAN_FORCE_M, fi->lb_en)) + FIELD_MODIFY(ICE_FLTR_INFO_LB_LAN_VALUE_M, &fi->lb_en, lb_en); + if (!FIELD_GET(ICE_FLTR_INFO_LB_LAN_FORCE_M, fi->lan_en)) + FIELD_MODIFY(ICE_FLTR_INFO_LB_LAN_VALUE_M, &fi->lan_en, lan_en); } =20 /** @@ -2669,9 +2674,9 @@ ice_fill_sw_rule(struct ice_hw *hw, struct ice_fltr_i= nfo *f_info, return; } =20 - if (f_info->lb_en) + if (FIELD_GET(ICE_FLTR_INFO_LB_LAN_VALUE_M, f_info->lb_en)) act |=3D ICE_SINGLE_ACT_LB_ENABLE; - if (f_info->lan_en) + if (FIELD_GET(ICE_FLTR_INFO_LB_LAN_VALUE_M, f_info->lan_en)) act |=3D ICE_SINGLE_ACT_LAN_ENABLE; =20 switch (f_info->lkup_type) { diff --git a/drivers/net/ethernet/intel/ice/ice_switch.h b/drivers/net/ethe= rnet/intel/ice/ice_switch.h index 671d7a5f359f..b694c131ad58 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.h +++ b/drivers/net/ethernet/intel/ice/ice_switch.h @@ -72,6 +72,14 @@ enum ice_src_id { ICE_SRC_ID_LPORT, }; =20 +#define ICE_FLTR_INFO_LB_LAN_VALUE_M BIT(0) +#define ICE_FLTR_INFO_LB_LAN_FORCE_M BIT(1) +#define ICE_FLTR_INFO_LB_LAN_FORCE_ENABLED \ + (FIELD_PREP_CONST(ICE_FLTR_INFO_LB_LAN_VALUE_M, true) | \ + FIELD_PREP_CONST(ICE_FLTR_INFO_LB_LAN_FORCE_M, true)) +#define ICE_FLTR_INFO_LB_LAN_FORCE_DISABLED \ + (FIELD_PREP_CONST(ICE_FLTR_INFO_LB_LAN_FORCE_M, true)) + struct ice_fltr_info { /* Look up information: how to look up packet */ enum ice_sw_lkup_type lkup_type; --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13126301707; Tue, 25 Nov 2025 08:35:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059712; cv=none; b=uqPNiBJWhlnzFDuBwr7J72wHUyLiG1GJS99PY0/Uo4rCpMVvEaRea4Wg9zix7B2CQLPsPPS1n/sFJmdQlyPNmyN+Lc5KqpJm1YWW20sfB3bhvadkbwmDPj4oiWHXFlwF4n5TR1hLeFpbz39q6RQT+fOhNwuDkYwMWsfhVe1a9ms= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059712; c=relaxed/simple; bh=rfktUNSHXyzPN3pzMsTX6vARAezK2hbtDU6Cz49p+Ro=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=M1mJAK2Nb9CQ5/i8oyki9OxAKn90GuxRcAfDlV69+5aXbicFfJVHNfpKYkC/Vnvi/RAEfKlE5otXYgZfz04ErjZjF/pvNfxE+qdDiqWOXR83dJPCcESPwbnORLh4VdkEOpUeI/vIPsezJqsTVZ1ixsm8o7ymnC4xgZ6DBGWh5Ag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=REhWepgA; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="REhWepgA" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059711; x=1795595711; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=rfktUNSHXyzPN3pzMsTX6vARAezK2hbtDU6Cz49p+Ro=; b=REhWepgAqkZCxrjSkRB9Fl1aBf/xBkq0c7DOLv0nzKpAY1zeQ+pPtGk/ VkobyceYY2xWz0PqcbaQ/ZVPfvm9whL2qHDVNgdI9rkCc8RJNHKj+TRaZ Fjg3Z1t1UZAtRusIm03lQ5Ltrua0HxnMESuonbZDwKGEPT+pT0SoQ+h/Q L5OVRFoXDPJq+cdqw56xD4Pln3wjCSVOI/wp/kvrlP6JKoSDn3jbbPfJF I0qTVwl2gQUyUifYxjo1rYlLWciQgul7U/cdvOpKp7XXWEPVbvrjB2yNk nnC67MQ7gZJQ1HBKfMz164hwf3V9Gk0xOgFFNKJ6tAqk25GlYYx0hCwQZ w==; X-CSE-ConnectionGUID: mkhE5qiIRVmIW+GWRbrw6w== X-CSE-MsgGUID: GSQlx2FOTD6kF3oo6fbecA== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694453" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694453" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:10 -0800 X-CSE-ConnectionGUID: Fy1uzKRWT86ueoohf65P3A== X-CSE-MsgGUID: fJ5AkLtpSMqJXvwsArGDyA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749935" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:09 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 5/8] ice: update mac,vlan rules when toggling between VEB and VEPA Date: Tue, 25 Nov 2025 09:34:53 +0100 Message-ID: <20251125083456.28822-6-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable When changing into VEPA mode MAC rules are modified to forward all traffic to the wire instead of allowing some packets to go into the loopback. MAC,VLAN rules may and will also be used to forward loopback traffic in VEB, so when we switch to VEPA, we want them to behave similarly to MAC-only rules. ice_vsi_update_bridge_mode() will now attempt a rollback of switch filters in case an update fails. If the rollback also fails, we will now return the rollback error instead of the initial error. Signed-off-by: Jakub Slepecki Reviewed-by stays valid from my side. Reviewed-by: Aleksandr Loktionov --- Testing hints: MAC,VLAN rules are created only if entire series is applied. The easiest way to test that rules were adjusted is to run traffic and observe what packets are sent to LAN. VEPA is expected to behave same as before the series. VEB is expected to (a) behave like VEPA if loopback traffic would cross VLANs, or (b) behave as before. Traffic from/to external hosts is expected to remain unchanged. Dropping reviewed-by Micha=C5=82 due to changes. Changes in v2: - Close open parenthesis in ice_vsi_update_bridge_mode() description. - Explain returns in ice_vsi_update_bridge_mode(). --- drivers/net/ethernet/intel/ice/ice_main.c | 48 +++++++++++++++++---- drivers/net/ethernet/intel/ice/ice_switch.c | 8 ++-- drivers/net/ethernet/intel/ice/ice_switch.h | 3 +- 3 files changed, 46 insertions(+), 13 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethern= et/intel/ice/ice_main.c index 0b6175ade40d..921ed2b6c0aa 100644 --- a/drivers/net/ethernet/intel/ice/ice_main.c +++ b/drivers/net/ethernet/intel/ice/ice_main.c @@ -8104,8 +8104,16 @@ static int ice_vsi_update_bridge_mode(struct ice_vsi= *vsi, u16 bmode) * * Sets the bridge mode (VEB/VEPA) of the switch to which the netdev (VSI)= is * hooked up to. Iterates through the PF VSI list and sets the loopback mo= de (if - * not already set for all VSIs connected to this switch. And also update = the + * not already set for all VSIs connected to this switch). And also update= the * unicast switch filter rules for the corresponding switch of the netdev. + * + * Return: + * * %0 if mode was set, propagated to VSIs, and changes to filters were a= ll + * successful, + * * %-EINVAL if requested netlink attributes or bridge mode were invalid, + * * otherwise an error from VSI update, filter rollback, or filter update= is + * forwarded. This may include %-EINVAL. See ice_vsi_update_bridge_mode(= ) and + * ice_update_sw_rule_bridge_mode(). */ static int ice_bridge_setlink(struct net_device *dev, struct nlmsghdr *nlh, @@ -8115,8 +8123,8 @@ ice_bridge_setlink(struct net_device *dev, struct nlm= sghdr *nlh, struct ice_pf *pf =3D ice_netdev_to_pf(dev); struct nlattr *attr, *br_spec; struct ice_hw *hw =3D &pf->hw; + int rem, v, rb_err, err =3D 0; struct ice_sw *pf_sw; - int rem, v, err =3D 0; =20 pf_sw =3D pf->first_sw; /* find the attribute in the netlink message */ @@ -8126,6 +8134,7 @@ ice_bridge_setlink(struct net_device *dev, struct nlm= sghdr *nlh, =20 nla_for_each_nested_type(attr, IFLA_BRIDGE_MODE, br_spec, rem) { __u16 mode =3D nla_get_u16(attr); + u8 old_evb_veb =3D hw->evb_veb; =20 if (mode !=3D BRIDGE_MODE_VEPA && mode !=3D BRIDGE_MODE_VEB) return -EINVAL; @@ -8147,17 +8156,38 @@ ice_bridge_setlink(struct net_device *dev, struct n= lmsghdr *nlh, /* Update the unicast switch filter rules for the corresponding * switch of the netdev */ - err =3D ice_update_sw_rule_bridge_mode(hw); + err =3D ice_update_sw_rule_bridge_mode(hw, ICE_SW_LKUP_MAC); + if (err) { + /* evb_veb is expected to be already reverted in error + * path because of the potential rollback. + */ + hw->evb_veb =3D old_evb_veb; + goto err_without_rollback; + } + err =3D ice_update_sw_rule_bridge_mode(hw, ICE_SW_LKUP_MAC_VLAN); if (err) { - netdev_err(dev, "switch rule update failed, mode =3D %d err %d aq_err %= s\n", - mode, err, + /* ice_update_sw_rule_bridge_mode looks this up, so we + * must revert it before attempting a rollback. + */ + hw->evb_veb =3D old_evb_veb; + goto err_rollback_mac; + } + pf_sw->bridge_mode =3D mode; + continue; + +err_rollback_mac: + rb_err =3D ice_update_sw_rule_bridge_mode(hw, ICE_SW_LKUP_MAC); + if (rb_err) { + netdev_err(dev, "switch rule update failed, mode =3D %d err %d; rollbac= k failed, err %d aq_err %s\n", + mode, err, rb_err, libie_aq_str(hw->adminq.sq_last_status)); - /* revert hw->evb_veb */ - hw->evb_veb =3D (pf_sw->bridge_mode =3D=3D BRIDGE_MODE_VEB); - return err; + return rb_err; } =20 - pf_sw->bridge_mode =3D mode; +err_without_rollback: + netdev_err(dev, "switch rule update failed, mode =3D %d err %d aq_err %s= \n", + mode, err, libie_aq_str(hw->adminq.sq_last_status)); + return err; } =20 return 0; diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethe= rnet/intel/ice/ice_switch.c index b3f5cda1571e..e0ff9a0882d5 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.c +++ b/drivers/net/ethernet/intel/ice/ice_switch.c @@ -3065,10 +3065,12 @@ ice_update_pkt_fwd_rule(struct ice_hw *hw, struct i= ce_fltr_info *f_info) /** * ice_update_sw_rule_bridge_mode * @hw: pointer to the HW struct + * @lkup: recipe/lookup type to update * * Updates unicast switch filter rules based on VEB/VEPA mode */ -int ice_update_sw_rule_bridge_mode(struct ice_hw *hw) +int ice_update_sw_rule_bridge_mode(struct ice_hw *hw, + enum ice_sw_lkup_type lkup) { struct ice_switch_info *sw =3D hw->switch_info; struct ice_fltr_mgmt_list_entry *fm_entry; @@ -3076,8 +3078,8 @@ int ice_update_sw_rule_bridge_mode(struct ice_hw *hw) struct mutex *rule_lock; /* Lock to protect filter rule list */ int status =3D 0; =20 - rule_lock =3D &sw->recp_list[ICE_SW_LKUP_MAC].filt_rule_lock; - rule_head =3D &sw->recp_list[ICE_SW_LKUP_MAC].filt_rules; + rule_lock =3D &sw->recp_list[lkup].filt_rule_lock; + rule_head =3D &sw->recp_list[lkup].filt_rules; =20 mutex_lock(rule_lock); list_for_each_entry(fm_entry, rule_head, list_entry) { diff --git a/drivers/net/ethernet/intel/ice/ice_switch.h b/drivers/net/ethe= rnet/intel/ice/ice_switch.h index b694c131ad58..f1917e15b26c 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.h +++ b/drivers/net/ethernet/intel/ice/ice_switch.h @@ -361,7 +361,8 @@ int ice_add_adv_rule(struct ice_hw *hw, struct ice_adv_lkup_elem *lkups, u16 lkups_cnt, struct ice_adv_rule_info *rinfo, struct ice_rule_query_data *added_entry); -int ice_update_sw_rule_bridge_mode(struct ice_hw *hw); +int ice_update_sw_rule_bridge_mode(struct ice_hw *hw, + enum ice_sw_lkup_type lkup); int ice_add_vlan(struct ice_hw *hw, struct list_head *m_list); int ice_remove_vlan(struct ice_hw *hw, struct list_head *v_list); int ice_add_mac(struct ice_hw *hw, struct list_head *m_lst); --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5595D3019BA; Tue, 25 Nov 2025 08:35:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059715; cv=none; b=Ujdx/NzA/Lew69MaVTkz/YNZxnSK/XIKWsOGdjSpgWJ3tDkqr1cSlGf650rAqzrGYurAhnu9Lb9+W5rgESRTdPEryv/iKegox+PPNyJLMN+DXTbHHZUE7W9s8Gbg+w5PQNiK2GfWzz6wviHFsQEwjpzH/JCC06CyX2cBZdcbP3A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059715; c=relaxed/simple; bh=QnuibCi06y3kAvMvHiJfgcBcNmBpeHEyvC1u7Dlu7c0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Alhm1tCBPnYQecqxgZ8z2OgT+UsfcQsrsH98uT203qUKGaaDg+AtuMKYQmRl9LnWOMbLdZSk/1cnu8Wx/VpUQ4iVf0J/ymqnFynf+/9OPGHfsyiR2eoOCb8Iun7cNJZm8J6WsEtWLVLoM5yBREZNkY56eRhh4eyug4aO9j7jkD0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Q1osl69p; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Q1osl69p" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059713; x=1795595713; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QnuibCi06y3kAvMvHiJfgcBcNmBpeHEyvC1u7Dlu7c0=; b=Q1osl69pSBxaY9DGo4WNnXGEN4BX9SSHehvHzsO/huxu8ZiLJ+H4fJk9 KtQCLfKzpqZG1PKanC/HjEOqiuTXbTG5DOIAssGTBLRRbiLKfLbiSIDxM I2HkiUU8YFc/0CpOf4hSmCD1X9iHH4nKXRFQU4JrPDNfTGJEEeq1aAC45 R/AcumMuzY3GqDRq+BhElBDh1YggKDb8HjLszPKBLN37hz3fSzQS2UHqg c93N/JfRkBDJzCYUEtGGwlJ2Z4T+0cnOWMH5alOcmFifbrWbgpUTuIegY 2V1zpKHlXAeKbKfcFl67sU/g7EilkIJLeMdiUHX+/bFV7z6d7R+aU5/OE w==; X-CSE-ConnectionGUID: 5NbYSHs1SyOqoSJ/GIP1ww== X-CSE-MsgGUID: oEVAh+QDRsGBWeULSbTr/w== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694460" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694460" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:13 -0800 X-CSE-ConnectionGUID: tqGKKAbVTjKPW88qtD1oyQ== X-CSE-MsgGUID: EjLNB/d4QriELPvLsODJAQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749941" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:11 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 6/8] ice: add functions to query for vsi's pvids Date: Tue, 25 Nov 2025 09:34:54 +0100 Message-ID: <20251125083456.28822-7-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" PVID information is set across two structs and several members depending primarily on DVM support and VSI type. This commit adds function that guess whether PVID is set and where and allow to access raw VLAN ID set. This is intended to be used later on to decide what MAC{,VLAN} filters to set for a VSI. Reviewed-by: Michal Swiatkowski Reviewed-by: Aleksandr Loktionov Signed-off-by: Jakub Slepecki --- No changes in v2. --- drivers/net/ethernet/intel/ice/ice_lib.c | 56 ++++++++++++++++++++++++ drivers/net/ethernet/intel/ice/ice_lib.h | 2 + 2 files changed, 58 insertions(+) diff --git a/drivers/net/ethernet/intel/ice/ice_lib.c b/drivers/net/etherne= t/intel/ice/ice_lib.c index 44f3c2bab308..55ba043f8f5e 100644 --- a/drivers/net/ethernet/intel/ice/ice_lib.c +++ b/drivers/net/ethernet/intel/ice/ice_lib.c @@ -4059,3 +4059,59 @@ void ice_vsi_update_l2tsel(struct ice_vsi *vsi, enum= ice_l2tsel l2tsel) wr32(hw, qrx_context_offset, regval); } } + +/** + * ice_vsi_has_outer_pvid - check if VSI has outer Port VLAN ID assigned + * @info: props of VSI in question + * + * Return: true if VSI has outer PVID, false otherwise. + */ +static bool +ice_vsi_has_outer_pvid(const struct ice_aqc_vsi_props *info) +{ + return info->outer_vlan_flags & ICE_AQ_VSI_OUTER_VLAN_PORT_BASED_INSERT; +} + +/** + * ice_vsi_has_inner_pvid - check if VSI has inner Port VLAN ID assigned + * @info: props of VSI in question + * + * Return: true if VSI has inner PVID, false otherwise. + */ +static bool +ice_vsi_has_inner_pvid(const struct ice_aqc_vsi_props *info) +{ + return info->inner_vlan_flags & ICE_AQ_VSI_INNER_VLAN_INSERT_PVID; +} + +/** + * ice_vsi_has_pvid - check if VSI has Port VLAN ID assigned + * @vsi: VSI in question + * + * Return: true if VSI has either outer or inner PVID, false otherwise. + */ +bool +ice_vsi_has_pvid(struct ice_vsi *vsi) +{ + return ice_vsi_has_outer_pvid(&vsi->info) || + ice_vsi_has_inner_pvid(&vsi->info); +} + +/** + * ice_vsi_pvid - retrieve VSI's Port VLAN ID + * @vsi: VSI in question + * + * Return: VSI's PVID; it is valid only if ice_vsi_has_pvid is true. + */ +u16 +ice_vsi_pvid(struct ice_vsi *vsi) +{ + __le16 vlan_info =3D 0; + + if (ice_vsi_has_outer_pvid(&vsi->info)) + vlan_info =3D vsi->info.port_based_outer_vlan; + else if (ice_vsi_has_inner_pvid(&vsi->info)) + vlan_info =3D vsi->info.port_based_inner_vlan; + + return le16_to_cpu(vlan_info) & VLAN_VID_MASK; +} diff --git a/drivers/net/ethernet/intel/ice/ice_lib.h b/drivers/net/etherne= t/intel/ice/ice_lib.h index 2cb1eb98b9da..c28c69963946 100644 --- a/drivers/net/ethernet/intel/ice/ice_lib.h +++ b/drivers/net/ethernet/intel/ice/ice_lib.h @@ -124,4 +124,6 @@ void ice_clear_feature_support(struct ice_pf *pf, enum = ice_feature f); void ice_init_feature_support(struct ice_pf *pf); bool ice_vsi_is_rx_queue_active(struct ice_vsi *vsi); void ice_vsi_update_l2tsel(struct ice_vsi *vsi, enum ice_l2tsel l2tsel); +bool ice_vsi_has_pvid(struct ice_vsi *vsi); +u16 ice_vsi_pvid(struct ice_vsi *vsi); #endif /* !_ICE_LIB_H_ */ --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90A063019C5; Tue, 25 Nov 2025 08:35:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059717; cv=none; b=F25cqmFoQWRtom6FVEaOMkwD0dTAVDKKh316yrOy8OKA8xbw1WOyiUKIOllXnwihwz70c1aw637KKT7UqBwY57TGtgABVmtj4IK9zWIs16RfMyWseZtdwwCphNswJ3gBXyX12DzNpmIIB6xJMZAVSdLqGuPs3B+8DKBKB5C7wE0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059717; c=relaxed/simple; bh=6muR2WPvesx66PW1vmJn92/ClL9m4ig7yvnTOy2aBmk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=U3/a1WDYm7rAZ3THXAeBUXoZ91gPVAa5jQiukJWPfZnbURQOfawiw9YO0Zy6keSv/H5WE/ruiW4rVBV6Xw3EveGQRVH9BUuAy5eVupZBuGkx+ZA0x+BIcz3RQxzfzrZXqDfOp4Q9VJt/l7FZpHLVhY7UGvfHdC4quaN5pVA/LeM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fk/zpBfi; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fk/zpBfi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059715; x=1795595715; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6muR2WPvesx66PW1vmJn92/ClL9m4ig7yvnTOy2aBmk=; b=fk/zpBfiuWYXP98TX6GDAcq2xbQXFD1avj6oxJRNth9ZdTY7rKJKohvI +hLNTllEB8+/ozaxSVylpB5N40uYFbLWyv/Vj8PQ4FkbSF1k7q5qxs9rV NzM80BQJDdjayG1ZVmU3AJe1/thcF2ZXdRrIcl9PqjJVWkNduXUb4Nmox CXb32q21qyeHqIRXngRKBJ0mMZv1JsXs/D3RWt5Q6LZX2Ddg7SD+SxUC5 LrhOWPBONkEDtt9YRhGCRzWk3mLL8f0Ii7bwMHChriimEeNsQryHvNwK2 NEERQ+xpE7StZlgpcpQsgU4k9p9vxuPj8OoKg5smPt0GgEhaVET8nMubV Q==; X-CSE-ConnectionGUID: Rj78gLJHTMibfG1KCazsxw== X-CSE-MsgGUID: oID3WdADTqCHg2DJHDuggA== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694471" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694471" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:15 -0800 X-CSE-ConnectionGUID: ooaZs8VmTPiCAaYnQwO6Ow== X-CSE-MsgGUID: EX1H3JVLQZ+KBepzZHMhZw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749947" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:13 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 7/8] ice: add mac vlan to filter API Date: Tue, 25 Nov 2025 09:34:55 +0100 Message-ID: <20251125083456.28822-8-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Michal Swiatkowski Allow mac vlan filters to be managed by filters API in ice driver. Together with mac-only filters they will be used to forward traffic intended for loopback in VEB mode. Signed-off-by: Michal Swiatkowski Reviewed-by: Aleksandr Loktionov Signed-off-by: Jakub Slepecki --- No changes in v2. --- drivers/net/ethernet/intel/ice/ice_fltr.c | 33 +++++++++++++++++++++++ drivers/net/ethernet/intel/ice/ice_fltr.h | 4 +++ 2 files changed, 37 insertions(+) diff --git a/drivers/net/ethernet/intel/ice/ice_fltr.c b/drivers/net/ethern= et/intel/ice/ice_fltr.c index aff7a141c30d..96a4e4b1b3fc 100644 --- a/drivers/net/ethernet/intel/ice/ice_fltr.c +++ b/drivers/net/ethernet/intel/ice/ice_fltr.c @@ -240,6 +240,39 @@ ice_fltr_add_mac_to_list(struct ice_vsi *vsi, struct l= ist_head *list, list); } =20 +/** + * ice_fltr_add_mac_vlan_to_list - add MAC VLAN filter info to + * existing list + * @vsi: pointer to VSI struct + * @list: list to add filter info to + * @mac: MAC address to add + * @vlan_id: VLAN id to add + * @action: filter action + * + * Return: + * * 0 if entry for filter was added, or + * * %-ENOMEM if entry could not be allocated. + */ +int +ice_fltr_add_mac_vlan_to_list(struct ice_vsi *vsi, struct list_head *list, + const u8 *mac, u16 vlan_id, + enum ice_sw_fwd_act_type action) +{ + struct ice_fltr_info info =3D {}; + + info.flag =3D ICE_FLTR_TX; + info.src_id =3D ICE_SRC_ID_VSI; + info.lkup_type =3D ICE_SW_LKUP_MAC_VLAN; + info.fltr_act =3D action; + info.vsi_handle =3D vsi->idx; + + info.l_data.mac_vlan.vlan_id =3D vlan_id; + ether_addr_copy(info.l_data.mac_vlan.mac_addr, mac); + + return ice_fltr_add_entry_to_list(ice_pf_to_dev(vsi->back), &info, + list); +} + /** * ice_fltr_add_vlan_to_list - add VLAN filter info to exsisting list * @vsi: pointer to VSI struct diff --git a/drivers/net/ethernet/intel/ice/ice_fltr.h b/drivers/net/ethern= et/intel/ice/ice_fltr.h index 0f3dbc308eec..fb9ffb39be50 100644 --- a/drivers/net/ethernet/intel/ice/ice_fltr.h +++ b/drivers/net/ethernet/intel/ice/ice_fltr.h @@ -23,6 +23,10 @@ int ice_fltr_add_mac_to_list(struct ice_vsi *vsi, struct list_head *list, const u8 *mac, enum ice_sw_fwd_act_type action); int +ice_fltr_add_mac_vlan_to_list(struct ice_vsi *vsi, struct list_head *list, + const u8 *mac, u16 vlan_id, + enum ice_sw_fwd_act_type action); +int ice_fltr_add_mac(struct ice_vsi *vsi, const u8 *mac, enum ice_sw_fwd_act_type action); int --=20 2.43.0 From nobody Tue Dec 2 00:04:09 2025 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9E7D302CAC; Tue, 25 Nov 2025 08:35:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.11 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059720; cv=none; b=Bx/gsKt7BaqvFCOKdB+lShnOK9wXT0OB/2pXyROI9RrgWUN3SdvFCKKelU/SvR7aQKXFb10nRuCW00i8C/8Zr0q2hjlXQ59Yv/0EO38x0W+zTG1bwL+WUf7H7qmrAhjYvYQ19ds2YWLGqgottQzeame1SP0N94qqbFZs69XJwks= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764059720; c=relaxed/simple; bh=ZE5m1noLYEBVewBNpcWz7cAgC6/mDEw1KqgIxytGNFQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=E4vU3is8bIA8fAQhmLkUM5u+OiX8wS9bwkyanucnscOKg/X1HL1rjNUqMYdh1oz1v3qtIikmdjOZCWYP3d8KLt4nkROet19hJUsvhA+P+XviRDBy4ddp84gI6nhva8HZ9Ojx2pYx5xrEhU6retUqp4W453SjGsAH/N3LvYusD2Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cjC4t1L0; arc=none smtp.client-ip=192.198.163.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cjC4t1L0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1764059718; x=1795595718; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZE5m1noLYEBVewBNpcWz7cAgC6/mDEw1KqgIxytGNFQ=; b=cjC4t1L0lCMOZXCgUgeio+pT9HShJsOWBEJ4qQF8EQeXSD1pt0va4CQK UOLQKPG7Ao/1weCdP73wnZGxY7fcv6sNLYUhvhsoOM2ZK/ndddT7dI5KZ tfiTcgY/XQmdkUbs28peNwSS78n0Y6iKujzp/ZRC01qhJ7o3TDV0Ohwi2 wgyNIUGBDBv0V5sJcznIRwDulQ7LQijNtEtVT0aeb4FiZltdfedRxxbM/ r6U9mvob6FfAVXtkU0JtBqd77odvhT5+wBv9xl+7BjOeg6rdwXx5UB6Bj hK6OAv8K9ezSp7d/70dLb5k3Im/G4lgfgIGm7JtTCl21BexjqB1YfOTph g==; X-CSE-ConnectionGUID: UMg8bbPRR3e4/bKmcG49JA== X-CSE-MsgGUID: vHqaQpQBRmO14NxMUXgKFg== X-IronPort-AV: E=McAfee;i="6800,10657,11623"; a="76694481" X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="76694481" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 00:35:17 -0800 X-CSE-ConnectionGUID: y4CLIAn9TCme8aCRpbQ5ag== X-CSE-MsgGUID: +IILS/lkRuOz1EkuFmW/YA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.20,225,1758610800"; d="scan'208";a="196749952" Received: from hpe-dl385gen10.igk.intel.com ([10.91.240.117]) by orviesa003.jf.intel.com with ESMTP; 25 Nov 2025 00:35:16 -0800 From: Jakub Slepecki To: intel-wired-lan@lists.osuosl.org Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, przemyslaw.kitszel@intel.com, anthony.l.nguyen@intel.com, michal.swiatkowski@linux.intel.com, jakub.slepecki@intel.com, aleksandr.loktionov@intel.com Subject: [PATCH iwl-next v2 8/8] ice: in VEB, prevent "cross-vlan" traffic from hitting loopback Date: Tue, 25 Nov 2025 09:34:56 +0100 Message-ID: <20251125083456.28822-9-jakub.slepecki@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125083456.28822-1-jakub.slepecki@intel.com> References: <20251125083456.28822-1-jakub.slepecki@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Technology Poland sp. z o.o. - ul. Slowackiego 173, 80-298 Gdansk - KRS 101882 - NIP 957-07-52-316 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In Virtual Ethernet Bridge (VEB) mode, we use MAC filters to forward traffic between two VFs. We also use VLAN filters to prune potential destinations, so that they don't cross VLANs. In case a VF in VLAN X sends a packet to a MAC address matching another VF but in VLAN Y, both these filters will be hit. Packet will be sent to loopback-only to VF in VLAN Y, but VLAN filter will prune its VSI from the destination list leaving the packet stranded in the internal switch and thus dropped. Since there is no destination for the packet in the VLAN X, it should instead be sent to the wire. To fix this, we introduce MAC,VLAN filters in place of MAC-only filters if VSI is part of any VLAN. We consider VSI part of a VLAN if it has a PVID set, or if it has a specific VLAN filter and does not have a VLAN 0 filter. This approach does not attempt to fix interactions with upper devices. If an upper vlan device requests a separate MAC address filter resulting in a call to __dev_uc_sync, the VSI will start receiving all packets destined for this MAC and not just within the VLAN. I don't see a straight-forward way to resolve this: information about MAC and VLAN filters coming from kernel to driver is disconnected from one another and from the device that requests it. It could be worked around by, for example, tracking all upper devices with netdev notifications and adjusting the filters there. The scope of this patch is hence limited to VF traffic. Following situations were considered for VLAN filters additions, removal, or changes: 1. ice changes VF's vlan 2. VF is reset and rebuilt 3. vlan device attaches above a PF or a VF And same for MAC filters: 4. PF's MAC is changed 5. PF changes MAC of a VF 6. VF's MAC is changed 7. ndo_set_rx_mode et al When VLAN is assigned to a VF in (1), the affected VF is reset and rebuild. This makes (1) the same as (2). We end up with two cases where VLAN filters are added: (2) and (3). To correctly handle (1-2), we move the VLAN filters initialization before the MAC filters initialization, since MAC filters now depend on VLAN filters presence. These two handle PVID (or lack of thereof) and because they are always associated with a reset, we don't need to consider updating MAC and MAC,VLAN filters afterwards. In (3), we will always have a lower device that is expected to receive all packets for its MAC regardless of VLAN tag. Because of the caveat described above, we will do the same for each MAC address associated with the interface regardless of VLANs. The result is we only have MAC-only filters in this case. When we create MAC filters in (4-7) we now check for existing VLAN filters and depending on PVID and VLAN 0 presence we decide to create, respectively, a MAC and MAC,VLAN filter pair, or a MAC filter. This is done implicitly when requesting to remove old MAC and add new MAC, so no change is required to this flow. Reviewed-by: Michal Swiatkowski Reviewed-by: Aleksandr Loktionov Signed-off-by: Jakub Slepecki --- No changes in v2. --- drivers/net/ethernet/intel/ice/ice_fltr.c | 71 +++++++++++++++++++-- drivers/net/ethernet/intel/ice/ice_fltr.h | 6 +- drivers/net/ethernet/intel/ice/ice_main.c | 8 +-- drivers/net/ethernet/intel/ice/ice_switch.c | 2 +- drivers/net/ethernet/intel/ice/ice_switch.h | 2 + drivers/net/ethernet/intel/ice/ice_vf_lib.c | 8 +-- 6 files changed, 83 insertions(+), 14 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_fltr.c b/drivers/net/ethern= et/intel/ice/ice_fltr.c index 96a4e4b1b3fc..c0fc1bced167 100644 --- a/drivers/net/ethernet/intel/ice/ice_fltr.c +++ b/drivers/net/ethernet/intel/ice/ice_fltr.c @@ -3,6 +3,7 @@ =20 #include "ice.h" #include "ice_fltr.h" +#include "ice_lib.h" =20 /** * ice_fltr_free_list - free filter lists helper @@ -221,10 +222,12 @@ void ice_fltr_remove_all(struct ice_vsi *vsi) * @list: list to add filter info to * @mac: MAC address to add * @action: filter action + * @external: force the filter to enable lan destination */ int ice_fltr_add_mac_to_list(struct ice_vsi *vsi, struct list_head *list, - const u8 *mac, enum ice_sw_fwd_act_type action) + const u8 *mac, enum ice_sw_fwd_act_type action, + bool external) { struct ice_fltr_info info =3D { 0 }; =20 @@ -233,6 +236,10 @@ ice_fltr_add_mac_to_list(struct ice_vsi *vsi, struct l= ist_head *list, info.lkup_type =3D ICE_SW_LKUP_MAC; info.fltr_act =3D action; info.vsi_handle =3D vsi->idx; + if (external) { + info.lb_en =3D ICE_FLTR_INFO_LB_LAN_FORCE_ENABLED; + info.lan_en =3D ICE_FLTR_INFO_LB_LAN_FORCE_ENABLED; + } =20 ether_addr_copy(info.l_data.mac.mac_addr, mac); =20 @@ -273,6 +280,62 @@ ice_fltr_add_mac_vlan_to_list(struct ice_vsi *vsi, str= uct list_head *list, list); } =20 +/** + * ice_fltr_add_macs_to_list - add MAC and MAC,VLAN filters info to an exi= sting + * list + * @vsi: pointer to VSI struct + * @list: list to add filter info to + * @mac: MAC address to add + * @action: filter action + * + * Return: + * * 0 on success, or + * * %-ENOMEM if entry for filter could not be allocated. + */ +int +ice_fltr_add_macs_to_list(struct ice_vsi *vsi, struct list_head *list, + const u8 *mac, enum ice_sw_fwd_act_type action) +{ + if (is_multicast_ether_addr(mac)) { + /* There is no point in doing the same gymnastics as below + * because multicast addresses are sent to both lan and lb then + * pruned as necessary. + */ + return ice_fltr_add_mac_to_list(vsi, list, mac, action, false); + } else if (ice_vsi_has_pvid(vsi)) { + u16 pvid =3D ice_vsi_pvid(vsi); + int ret; + + ret =3D ice_fltr_add_mac_to_list(vsi, list, mac, action, true); + if (ret) + return ret; + + return ice_fltr_add_mac_vlan_to_list(vsi, list, mac, pvid, + action); + } else if (vsi->num_vlan !=3D ice_vsi_num_non_zero_vlans(vsi)) { + /* If VSI has VLAN 0 filters, then the interface is prepared to + * receive untagged packets. As of now, we simply don't have + * heuristics to decide which MAC is and is not part of which + * VLAN so we put them all in the same bucket. + */ + return ice_fltr_add_mac_to_list(vsi, list, mac, action, false); + } + + /* This branch is a.s. dead. There are three cases that may happen: + * + * - no vlans in sight; this is the VLAN 0 branch, + * - VF is assigned PVID; this is ice_vsi_has_pvid branch, + * - PF or VF is under vlan device; this is the VLAN 0 branch. + * + * This is where you would implement support for multiple VLANs but + * without the VLAN 0. This could happen if vlan upper device is + * assigned a MAC that is unique compared to lower ice device that is + * forced to accept any VLAN. This would imply MAC-only filter for one + * MAC address (PF) and MAC,VLAN+MAC filters for another (vlan). + */ + return ice_fltr_add_mac_to_list(vsi, list, mac, action, false); +} + /** * ice_fltr_add_vlan_to_list - add VLAN filter info to exsisting list * @vsi: pointer to VSI struct @@ -343,7 +406,7 @@ ice_fltr_prepare_mac(struct ice_vsi *vsi, const u8 *mac, LIST_HEAD(tmp_list); int result; =20 - if (ice_fltr_add_mac_to_list(vsi, &tmp_list, mac, action)) { + if (ice_fltr_add_macs_to_list(vsi, &tmp_list, mac, action)) { ice_fltr_free_list(ice_pf_to_dev(vsi->back), &tmp_list); return -ENOMEM; } @@ -371,8 +434,8 @@ ice_fltr_prepare_mac_and_broadcast(struct ice_vsi *vsi,= const u8 *mac, int result; =20 eth_broadcast_addr(broadcast); - if (ice_fltr_add_mac_to_list(vsi, &tmp_list, mac, action) || - ice_fltr_add_mac_to_list(vsi, &tmp_list, broadcast, action)) { + if (ice_fltr_add_macs_to_list(vsi, &tmp_list, mac, action) || + ice_fltr_add_macs_to_list(vsi, &tmp_list, broadcast, action)) { ice_fltr_free_list(ice_pf_to_dev(vsi->back), &tmp_list); return -ENOMEM; } diff --git a/drivers/net/ethernet/intel/ice/ice_fltr.h b/drivers/net/ethern= et/intel/ice/ice_fltr.h index fb9ffb39be50..ed3371b0a71f 100644 --- a/drivers/net/ethernet/intel/ice/ice_fltr.h +++ b/drivers/net/ethernet/intel/ice/ice_fltr.h @@ -21,12 +21,16 @@ ice_fltr_set_vsi_promisc(struct ice_hw *hw, u16 vsi_han= dle, u8 promisc_mask, u16 vid); int ice_fltr_add_mac_to_list(struct ice_vsi *vsi, struct list_head *list, - const u8 *mac, enum ice_sw_fwd_act_type action); + const u8 *mac, enum ice_sw_fwd_act_type action, + bool external); int ice_fltr_add_mac_vlan_to_list(struct ice_vsi *vsi, struct list_head *list, const u8 *mac, u16 vlan_id, enum ice_sw_fwd_act_type action); int +ice_fltr_add_macs_to_list(struct ice_vsi *vsi, struct list_head *list, + const u8 *mac, enum ice_sw_fwd_act_type action); +int ice_fltr_add_mac(struct ice_vsi *vsi, const u8 *mac, enum ice_sw_fwd_act_type action); int diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethern= et/intel/ice/ice_main.c index 921ed2b6c0aa..60d5e23d0d1a 100644 --- a/drivers/net/ethernet/intel/ice/ice_main.c +++ b/drivers/net/ethernet/intel/ice/ice_main.c @@ -212,8 +212,8 @@ static int ice_add_mac_to_sync_list(struct net_device *= netdev, const u8 *addr) struct ice_netdev_priv *np =3D netdev_priv(netdev); struct ice_vsi *vsi =3D np->vsi; =20 - if (ice_fltr_add_mac_to_list(vsi, &vsi->tmp_sync_list, addr, - ICE_FWD_TO_VSI)) + if (ice_fltr_add_macs_to_list(vsi, &vsi->tmp_sync_list, addr, + ICE_FWD_TO_VSI)) return -EINVAL; =20 return 0; @@ -242,8 +242,8 @@ static int ice_add_mac_to_unsync_list(struct net_device= *netdev, const u8 *addr) if (ether_addr_equal(addr, netdev->dev_addr)) return 0; =20 - if (ice_fltr_add_mac_to_list(vsi, &vsi->tmp_unsync_list, addr, - ICE_FWD_TO_VSI)) + if (ice_fltr_add_macs_to_list(vsi, &vsi->tmp_unsync_list, addr, + ICE_FWD_TO_VSI)) return -EINVAL; =20 return 0; diff --git a/drivers/net/ethernet/intel/ice/ice_switch.c b/drivers/net/ethe= rnet/intel/ice/ice_switch.c index e0ff9a0882d5..c1418fd490cc 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.c +++ b/drivers/net/ethernet/intel/ice/ice_switch.c @@ -4016,7 +4016,7 @@ ice_cfg_dflt_vsi(struct ice_port_info *pi, u16 vsi_ha= ndle, bool set, * @fm_entry: filter entry to inspect * @vsi_handle: VSI handle to compare with filter info */ -static bool +bool ice_vsi_uses_fltr(struct ice_fltr_mgmt_list_entry *fm_entry, u16 vsi_handl= e) { return ((fm_entry->fltr_info.fltr_act =3D=3D ICE_FWD_TO_VSI && diff --git a/drivers/net/ethernet/intel/ice/ice_switch.h b/drivers/net/ethe= rnet/intel/ice/ice_switch.h index f1917e15b26c..a65c74c30b2e 100644 --- a/drivers/net/ethernet/intel/ice/ice_switch.h +++ b/drivers/net/ethernet/intel/ice/ice_switch.h @@ -341,6 +341,8 @@ ice_update_vsi(struct ice_hw *hw, u16 vsi_handle, struc= t ice_vsi_ctx *vsi_ctx, bool ice_is_vsi_valid(struct ice_hw *hw, u16 vsi_handle); struct ice_vsi_ctx *ice_get_vsi_ctx(struct ice_hw *hw, u16 vsi_handle); void ice_clear_all_vsi_ctx(struct ice_hw *hw); +bool ice_vsi_uses_fltr(struct ice_fltr_mgmt_list_entry *fm_entry, + u16 vsi_handle); /* Switch config */ int ice_get_initial_sw_cfg(struct ice_hw *hw); =20 diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethe= rnet/intel/ice/ice_vf_lib.c index de9e81ccee66..1031ce20bb60 100644 --- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c +++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c @@ -501,14 +501,14 @@ static void ice_vf_rebuild_host_cfg(struct ice_vf *vf) =20 ice_vf_set_host_trust_cfg(vf); =20 - if (ice_vf_rebuild_host_mac_cfg(vf)) - dev_err(dev, "failed to rebuild default MAC configuration for VF %d\n", - vf->vf_id); - if (ice_vf_rebuild_host_vlan_cfg(vf, vsi)) dev_err(dev, "failed to rebuild VLAN configuration for VF %u\n", vf->vf_id); =20 + if (ice_vf_rebuild_host_mac_cfg(vf)) + dev_err(dev, "failed to rebuild default MAC configuration for VF %d\n", + vf->vf_id); + if (ice_vf_rebuild_host_tx_rate_cfg(vf)) dev_err(dev, "failed to rebuild Tx rate limiting configuration for VF %u= \n", vf->vf_id); --=20 2.43.0