diff mbox series

[net-next,2/6] bnxt_en: Do not allow ethtool -m on an untrusted VF

Message ID 20241215205943.2341612-3-michael.chan@broadcom.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series bnxt_en: Driver update | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang fail Errors and warnings before: 80 this patch: 82
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1 this patch: 1
netdev/checkpatch warning WARNING: Argument 'bp' is not used in function-like macro
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 2 this patch: 2
netdev/source_inline success Was 0 now: 0

Commit Message

Michael Chan Dec. 15, 2024, 8:59 p.m. UTC 
Block all ethtool module operations on an untrusted VF.  The firmware
won't allow it and will return error.

Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt.c         | 4 ++++
 drivers/net/ethernet/broadcom/bnxt/bnxt.h         | 5 +++++
 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 +++++++++
 3 files changed, 18 insertions(+)

Comments

kernel test robot Dec. 16, 2024, 2:25 p.m. UTC | #1 
Hi Michael,

kernel test robot noticed the following build warnings:

[auto build test WARNING on net-next/main]

url:    https://github.com/intel-lab-lkp/linux/commits/Michael-Chan/bnxt_en-Use-FW-defined-resource-limits-for-RoCE/20241216-050303
base:   net-next/main
patch link:    https://lore.kernel.org/r/20241215205943.2341612-3-michael.chan%40broadcom.com
patch subject: [PATCH net-next 2/6] bnxt_en: Do not allow ethtool -m on an untrusted VF
config: riscv-randconfig-002-20241216 (https://download.01.org/0day-ci/archive/20241216/202412162242.yQ3MVnZ5-lkp@intel.com/config)
compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241216/202412162242.yQ3MVnZ5-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202412162242.yQ3MVnZ5-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> drivers/net/ethernet/broadcom/bnxt/bnxt.c:8287:7: warning: variable 'flags' is uninitialized when used here [-Wuninitialized]
                   if (flags & FUNC_QCFG_RESP_FLAGS_TRUSTED_VF)
                       ^~~~~
   drivers/net/ethernet/broadcom/bnxt/bnxt.c:8269:11: note: initialize the variable 'flags' to silence this warning
           u16 flags;
                    ^
                     = 0
   1 warning generated.


vim +/flags +8287 drivers/net/ethernet/broadcom/bnxt/bnxt.c

  8264	
  8265	static int bnxt_hwrm_func_qcfg(struct bnxt *bp)
  8266	{
  8267		struct hwrm_func_qcfg_output *resp;
  8268		struct hwrm_func_qcfg_input *req;
  8269		u16 flags;
  8270		int rc;
  8271	
  8272		rc = hwrm_req_init(bp, req, HWRM_FUNC_QCFG);
  8273		if (rc)
  8274			return rc;
  8275	
  8276		req->fid = cpu_to_le16(0xffff);
  8277		resp = hwrm_req_hold(bp, req);
  8278		rc = hwrm_req_send(bp, req);
  8279		if (rc)
  8280			goto func_qcfg_exit;
  8281	
  8282	#ifdef CONFIG_BNXT_SRIOV
  8283		if (BNXT_VF(bp)) {
  8284			struct bnxt_vf_info *vf = &bp->vf;
  8285	
  8286			vf->vlan = le16_to_cpu(resp->vlan) & VLAN_VID_MASK;
> 8287			if (flags & FUNC_QCFG_RESP_FLAGS_TRUSTED_VF)
  8288				vf->flags |= BNXT_VF_TRUST;
  8289			else
  8290				vf->flags &= ~BNXT_VF_TRUST;
  8291		} else {
  8292			bp->pf.registered_vfs = le16_to_cpu(resp->registered_vfs);
  8293		}
  8294	#endif
  8295		flags = le16_to_cpu(resp->flags);
  8296		if (flags & (FUNC_QCFG_RESP_FLAGS_FW_DCBX_AGENT_ENABLED |
  8297			     FUNC_QCFG_RESP_FLAGS_FW_LLDP_AGENT_ENABLED)) {
  8298			bp->fw_cap |= BNXT_FW_CAP_LLDP_AGENT;
  8299			if (flags & FUNC_QCFG_RESP_FLAGS_FW_DCBX_AGENT_ENABLED)
  8300				bp->fw_cap |= BNXT_FW_CAP_DCBX_AGENT;
  8301		}
  8302		if (BNXT_PF(bp) && (flags & FUNC_QCFG_RESP_FLAGS_MULTI_HOST))
  8303			bp->flags |= BNXT_FLAG_MULTI_HOST;
  8304	
  8305		if (flags & FUNC_QCFG_RESP_FLAGS_RING_MONITOR_ENABLED)
  8306			bp->fw_cap |= BNXT_FW_CAP_RING_MONITOR;
  8307	
  8308		if (flags & FUNC_QCFG_RESP_FLAGS_ENABLE_RDMA_SRIOV)
  8309			bp->fw_cap |= BNXT_FW_CAP_ENABLE_RDMA_SRIOV;
  8310	
  8311		switch (resp->port_partition_type) {
  8312		case FUNC_QCFG_RESP_PORT_PARTITION_TYPE_NPAR1_0:
  8313		case FUNC_QCFG_RESP_PORT_PARTITION_TYPE_NPAR1_5:
  8314		case FUNC_QCFG_RESP_PORT_PARTITION_TYPE_NPAR2_0:
  8315			bp->port_partition_type = resp->port_partition_type;
  8316			break;
  8317		}
  8318		if (bp->hwrm_spec_code < 0x10707 ||
  8319		    resp->evb_mode == FUNC_QCFG_RESP_EVB_MODE_VEB)
  8320			bp->br_mode = BRIDGE_MODE_VEB;
  8321		else if (resp->evb_mode == FUNC_QCFG_RESP_EVB_MODE_VEPA)
  8322			bp->br_mode = BRIDGE_MODE_VEPA;
  8323		else
  8324			bp->br_mode = BRIDGE_MODE_UNDEF;
  8325	
  8326		bp->max_mtu = le16_to_cpu(resp->max_mtu_configured);
  8327		if (!bp->max_mtu)
  8328			bp->max_mtu = BNXT_MAX_MTU;
  8329	
  8330		if (bp->db_size)
  8331			goto func_qcfg_exit;
  8332	
  8333		bp->db_offset = le16_to_cpu(resp->legacy_l2_db_size_kb) * 1024;
  8334		if (BNXT_CHIP_P5(bp)) {
  8335			if (BNXT_PF(bp))
  8336				bp->db_offset = DB_PF_OFFSET_P5;
  8337			else
  8338				bp->db_offset = DB_VF_OFFSET_P5;
  8339		}
  8340		bp->db_size = PAGE_ALIGN(le16_to_cpu(resp->l2_doorbell_bar_size_kb) *
  8341					 1024);
  8342		if (!bp->db_size || bp->db_size > pci_resource_len(bp->pdev, 2) ||
  8343		    bp->db_size <= bp->db_offset)
  8344			bp->db_size = pci_resource_len(bp->pdev, 2);
  8345	
  8346	func_qcfg_exit:
  8347		hwrm_req_drop(bp, req);
  8348		return rc;
  8349	}
  8350
Ido Schimmel Dec. 16, 2024, 2:50 p.m. UTC | #2 
On Sun, Dec 15, 2024 at 12:59:39PM -0800, Michael Chan wrote:
> @@ -4480,6 +4486,9 @@ static int bnxt_get_module_eeprom_by_page(struct net_device *dev,
>  	struct bnxt *bp = netdev_priv(dev);
>  	int rc;
>  
> +	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp))
> +		return -EPERM;
> +

Nit: You can use 'extack' here to help users understand why the
operation failed.

>  	rc = bnxt_get_module_status(bp, extack);
>  	if (rc)
>  		return rc;
diff mbox series

Patch

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 469352ac1f7e..631dbda725ab 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -8284,6 +8284,10 @@  static int bnxt_hwrm_func_qcfg(struct bnxt *bp)
 		struct bnxt_vf_info *vf = &bp->vf;
 
 		vf->vlan = le16_to_cpu(resp->vlan) & VLAN_VID_MASK;
+		if (flags & FUNC_QCFG_RESP_FLAGS_TRUSTED_VF)
+			vf->flags |= BNXT_VF_TRUST;
+		else
+			vf->flags &= ~BNXT_VF_TRUST;
 	} else {
 		bp->pf.registered_vfs = le16_to_cpu(resp->registered_vfs);
 	}
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index 3e20d200da62..d5e81e008ab5 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -2270,6 +2270,11 @@  struct bnxt {
 
 #define BNXT_PF(bp)		(!((bp)->flags & BNXT_FLAG_VF))
 #define BNXT_VF(bp)		((bp)->flags & BNXT_FLAG_VF)
+#ifdef CONFIG_BNXT_SRIOV
+#define	BNXT_VF_IS_TRUSTED(bp)	((bp)->vf.flags & BNXT_VF_TRUST)
+#else
+#define	BNXT_VF_IS_TRUSTED(bp)	0
+#endif
 #define BNXT_NPAR(bp)		((bp)->port_partition_type)
 #define BNXT_MH(bp)		((bp)->flags & BNXT_FLAG_MULTI_HOST)
 #define BNXT_SINGLE_PF(bp)	(BNXT_PF(bp) && !BNXT_NPAR(bp) && !BNXT_MH(bp))
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index d87681d71106..8de488f7cb6b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -4375,6 +4375,9 @@  static int bnxt_get_module_info(struct net_device *dev,
 	struct bnxt *bp = netdev_priv(dev);
 	int rc;
 
+	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp))
+		return -EPERM;
+
 	/* No point in going further if phy status indicates
 	 * module is not inserted or if it is powered down or
 	 * if it is of type 10GBase-T
@@ -4426,6 +4429,9 @@  static int bnxt_get_module_eeprom(struct net_device *dev,
 	u16  start = eeprom->offset, length = eeprom->len;
 	int rc = 0;
 
+	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp))
+		return -EPERM;
+
 	memset(data, 0, eeprom->len);
 
 	/* Read A0 portion of the EEPROM */
@@ -4480,6 +4486,9 @@  static int bnxt_get_module_eeprom_by_page(struct net_device *dev,
 	struct bnxt *bp = netdev_priv(dev);
 	int rc;
 
+	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp))
+		return -EPERM;
+
 	rc = bnxt_get_module_status(bp, extack);
 	if (rc)
 		return rc;