diff mbox series

[net,v2,2/2] ixgbe: fix unexpected VLAN Rx in promisc mode on VF

Message ID 20220406095252.22338-3-olivier.matz@6wind.com (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series ixgbe: fix promiscuous mode on VF | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers fail 1 blamed authors not CCed: h-shimamoto@ct.jp.nec.com; 2 maintainers not CCed: intel-wired-lan@lists.osuosl.org h-shimamoto@ct.jp.nec.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 11 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Olivier Matz April 6, 2022, 9:52 a.m. UTC 
When the promiscuous mode is enabled on a VF, the IXGBE_VMOLR_VPE
bit (VLAN Promiscuous Enable) is set. This means that the VF will
receive packets whose VLAN is not the same than the VLAN of the VF.

For instance, in this situation:

┌────────┐    ┌────────┐    ┌────────┐
│        │    │        │    │        │
│        │    │        │    │        │
│     VF0├────┤VF1  VF2├────┤VF3     │
│        │    │        │    │        │
└────────┘    └────────┘    └────────┘
   VM1           VM2           VM3

vf 0:  vlan 1000
vf 1:  vlan 1000
vf 2:  vlan 1001
vf 3:  vlan 1001

If we tcpdump on VF3, we see all the packets, even those transmitted
on vlan 1000.

This behavior prevents to bridge VF1 and VF2 in VM2, because it will
create a loop: packets transmitted on VF1 will be received by VF2 and
vice-versa, and bridged again through the software bridge.

This patch remove the activation of VLAN Promiscuous when a VF enables
the promiscuous mode. However, the IXGBE_VMOLR_UPE bit (Unicast
Promiscuous) is kept, so that a VF receives all packets that has the
same VLAN, whatever the destination MAC address.

Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode")
Cc: stable@vger.kernel.org
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
---
 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Jankowski, Konrad0 June 6, 2022, 11:45 a.m. UTC | #1 
> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of
> Olivier Matz
> Sent: Wednesday, April 6, 2022 11:53 AM
> To: netdev@vger.kernel.org
> Cc: Paul Menzel <pmenzel@molgen.mpg.de>; intel-wired-lan@osuosl.org;
> stable@vger.kernel.org; Jakub Kicinski <kuba@kernel.org>; Nicolas Dichtel
> <nicolas.dichtel@6wind.com>; Paolo Abeni <pabeni@redhat.com>; David S .
> Miller <davem@davemloft.net>
> Subject: [Intel-wired-lan] [PATCH net v2 2/2] ixgbe: fix unexpected VLAN Rx in
> promisc mode on VF
> 
> When the promiscuous mode is enabled on a VF, the IXGBE_VMOLR_VPE bit
> (VLAN Promiscuous Enable) is set. This means that the VF will receive
> packets whose VLAN is not the same than the VLAN of the VF.
> 
> For instance, in this situation:
> 
> ┌────────┐    ┌────────┐    ┌────────┐
> │        │    │        │    │        │
> │        │    │        │    │        │
> │     VF0├────┤VF1  VF2├────┤VF3     │
> │        │    │        │    │        │
> └────────┘    └────────┘    └────────┘
>    VM1           VM2           VM3
> 
> vf 0:  vlan 1000
> vf 1:  vlan 1000
> vf 2:  vlan 1001
> vf 3:  vlan 1001
> 
> If we tcpdump on VF3, we see all the packets, even those transmitted on
> vlan 1000.
> 
> This behavior prevents to bridge VF1 and VF2 in VM2, because it will create a
> loop: packets transmitted on VF1 will be received by VF2 and vice-versa, and
> bridged again through the software bridge.
> 
> This patch remove the activation of VLAN Promiscuous when a VF enables
> the promiscuous mode. However, the IXGBE_VMOLR_UPE bit (Unicast
> Promiscuous) is kept, so that a VF receives all packets that has the same
> VLAN, whatever the destination MAC address.
> 
> Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode")
> Cc: stable@vger.kernel.org
> Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
> ---
>  drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> index 8d108a78941b..d4e63f0644c3 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> @@ -1208,9 +1208,9 @@ static int ixgbe_update_vf_xcast_mode(struct

Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
diff mbox series

Patch

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 8d108a78941b..d4e63f0644c3 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1208,9 +1208,9 @@  static int ixgbe_update_vf_xcast_mode(struct ixgbe_adapter *adapter,
 			return -EPERM;
 		}
 
-		disable = 0;
+		disable = IXGBE_VMOLR_VPE;
 		enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE |
-			 IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
+			 IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE;
 		break;
 	default:
 		return -EOPNOTSUPP;