From patchwork Mon Nov 21 15:00:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Rybchenko X-Patchwork-Id: 17109 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 549CC56A8; Mon, 21 Nov 2016 16:02:28 +0100 (CET) Received: from nbfkord-smmo02.seg.att.com (nbfkord-smmo02.seg.att.com [209.65.160.78]) by dpdk.org (Postfix) with ESMTP id 3F45C377A for ; Mon, 21 Nov 2016 16:01:28 +0100 (CET) Received: from unknown [12.187.104.26] by nbfkord-smmo02.seg.att.com(mxl_mta-7.2.4-7) with SMTP id 74c03385.0.1541294.00-2389.3424173.nbfkord-smmo02.seg.att.com (envelope-from ); Mon, 21 Nov 2016 15:01:28 +0000 (UTC) X-MXL-Hash: 58330c4866fba7d4-f6aace7eabe85c884eae2e92da2c43263d9aa835 Received: from ocex03.SolarFlarecom.com (10.20.40.36) by ocex03.SolarFlarecom.com (10.20.40.36) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Mon, 21 Nov 2016 07:01:21 -0800 Received: from opal.uk.solarflarecom.com (10.17.10.1) by ocex03.SolarFlarecom.com (10.20.40.36) with Microsoft SMTP Server (TLS) id 15.0.1044.25 via Frontend Transport; Mon, 21 Nov 2016 07:01:20 -0800 Received: from uklogin.uk.solarflarecom.com (uklogin.uk.solarflarecom.com [10.17.10.10]) by opal.uk.solarflarecom.com (8.13.8/8.13.8) with ESMTP id uALF1JWF007122 for ; Mon, 21 Nov 2016 15:01:19 GMT Received: from uklogin.uk.solarflarecom.com (localhost.localdomain [127.0.0.1]) by uklogin.uk.solarflarecom.com (8.13.8/8.13.8) with ESMTP id uALF1J2x006765 for ; Mon, 21 Nov 2016 15:01:19 GMT From: Andrew Rybchenko To: Date: Mon, 21 Nov 2016 15:00:22 +0000 Message-ID: <1479740470-6723-9-git-send-email-arybchenko@solarflare.com> X-Mailer: git-send-email 1.8.2.3 In-Reply-To: <1479740470-6723-1-git-send-email-arybchenko@solarflare.com> References: <1479740470-6723-1-git-send-email-arybchenko@solarflare.com> MIME-Version: 1.0 X-AnalysisOut: [v=2.1 cv=UI/baXry c=1 sm=1 tr=0 a=8BlWFWvVlq5taO8ncb8nKg==] X-AnalysisOut: [:17 a=L24OOQBejmoA:10 a=zRKbQ67AAAAA:8 a=inLJhq1JaXTOU6n3J] X-AnalysisOut: [zYA:9 a=VoA77v782GmB_VUc:21 a=9_PVjTHx_sAgySlJ:21 a=PA03WX] X-AnalysisOut: [8tBzeizutn5_OT:22] X-Spam: [F=0.4928362029; CM=0.500; S=0.492(2015072901)] X-MAIL-FROM: X-SOURCE-IP: [12.187.104.26] Subject: [dpdk-dev] [PATCH 08/56] net/sfc: import libefx MCDI proxy authorization support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" MCDI proxy authorization may be used if priviledged PCI function (physical function) would like to intercept and authorize MCDI requests done by unprivileged (e.g. virtual) PCI function. It may be used to control unpriviledged function Rx mode (e.g. promicsuous, all-multicast), MTU and default MAC address change requests etc. Current libefx support is limited to client-side which is required to work when function requests need to be authorized. Server side support required to request and do the authorization is not implemented yet. EFSYS_OPT_MCDI_PROXY_AUTH should be enabled to use it. From Solarflare Communications Inc. Signed-off-by: Andrew Rybchenko --- drivers/net/sfc/efx/base/efx.h | 3 ++ drivers/net/sfc/efx/base/efx_check.h | 7 ++++ drivers/net/sfc/efx/base/efx_mcdi.c | 74 ++++++++++++++++++++++++++++++++++++ drivers/net/sfc/efx/base/efx_mcdi.h | 17 +++++++++ 4 files changed, 101 insertions(+) diff --git a/drivers/net/sfc/efx/base/efx.h b/drivers/net/sfc/efx/base/efx.h index 0ca0156..3899580 100644 --- a/drivers/net/sfc/efx/base/efx.h +++ b/drivers/net/sfc/efx/base/efx.h @@ -209,6 +209,9 @@ typedef struct efx_mcdi_transport_s { void (*emt_logger)(void *, efx_log_msg_t, void *, size_t, void *, size_t); #endif /* EFSYS_OPT_MCDI_LOGGING */ +#if EFSYS_OPT_MCDI_PROXY_AUTH + void (*emt_ev_proxy_response)(void *, uint32_t, efx_rc_t); +#endif /* EFSYS_OPT_MCDI_PROXY_AUTH */ } efx_mcdi_transport_t; extern __checkReturn efx_rc_t diff --git a/drivers/net/sfc/efx/base/efx_check.h b/drivers/net/sfc/efx/base/efx_check.h index 228b42c..470f73c 100644 --- a/drivers/net/sfc/efx/base/efx_check.h +++ b/drivers/net/sfc/efx/base/efx_check.h @@ -84,6 +84,13 @@ # endif #endif /* EFSYS_OPT_MCDI_LOGGING */ +#if EFSYS_OPT_MCDI_PROXY_AUTH +/* Support MCDI proxy authorization */ +# if !EFSYS_OPT_MCDI +# error "MCDI_PROXY_AUTH requires MCDI" +# endif +#endif /* EFSYS_OPT_MCDI_PROXY_AUTH */ + #ifdef EFSYS_OPT_MON_LM87 # error "MON_LM87 is obsolete and is not supported." #endif diff --git a/drivers/net/sfc/efx/base/efx_mcdi.c b/drivers/net/sfc/efx/base/efx_mcdi.c index 59a16fc..7b82096 100644 --- a/drivers/net/sfc/efx/base/efx_mcdi.c +++ b/drivers/net/sfc/efx/base/efx_mcdi.c @@ -352,6 +352,21 @@ efx_mcdi_read_response_header( emrp->emr_err_code = err_code; emrp->emr_err_arg = err_arg; +#if EFSYS_OPT_MCDI_PROXY_AUTH + if ((err_code == MC_CMD_ERR_PROXY_PENDING) && + (err_len == sizeof (err))) { + /* + * The MCDI request would normally fail with EPERM, but + * firmware has forwarded it to an authorization agent + * attached to a privileged PF. + * + * Save the authorization request handle. The client + * must wait for a PROXY_RESPONSE event, or timeout. + */ + emrp->emr_proxy_handle = err_arg; + } +#endif /* EFSYS_OPT_MCDI_PROXY_AUTH */ + #if EFSYS_OPT_MCDI_LOGGING if (emtp->emt_logger != NULL) { emtp->emt_logger(emtp->emt_context, @@ -372,6 +387,9 @@ efx_mcdi_read_response_header( emrp->emr_rc = 0; emrp->emr_out_length_used = data_len; +#if EFSYS_OPT_MCDI_PROXY_AUTH + emrp->emr_proxy_handle = 0; +#endif /* EFSYS_OPT_MCDI_PROXY_AUTH */ return; fail3: @@ -732,6 +750,62 @@ efx_mcdi_ev_cpl( emtp->emt_ev_cpl(emtp->emt_context); } +#if EFSYS_OPT_MCDI_PROXY_AUTH + + __checkReturn efx_rc_t +efx_mcdi_get_proxy_handle( + __in efx_nic_t *enp, + __in efx_mcdi_req_t *emrp, + __out uint32_t *handlep) +{ + efx_rc_t rc; + + /* + * Return proxy handle from MCDI request that returned with error + * MC_MCD_ERR_PROXY_PENDING. This handle is used to wait for a matching + * PROXY_RESPONSE event. + */ + if ((emrp == NULL) || (handlep == NULL)) { + rc = EINVAL; + goto fail1; + } + if ((emrp->emr_rc != 0) && + (emrp->emr_err_code == MC_CMD_ERR_PROXY_PENDING)) { + *handlep = emrp->emr_proxy_handle; + rc = 0; + } else { + *handlep = 0; + rc = ENOENT; + } + return (rc); + +fail1: + EFSYS_PROBE1(fail1, efx_rc_t, rc); + return (rc); +} + + void +efx_mcdi_ev_proxy_response( + __in efx_nic_t *enp, + __in unsigned int handle, + __in unsigned int status) +{ + const efx_mcdi_transport_t *emtp = enp->en_mcdi.em_emtp; + efx_rc_t rc; + + /* + * Handle results of an authorization request for a privileged MCDI + * command. If authorization was granted then we must re-issue the + * original MCDI request. If authorization failed or timed out, + * then the original MCDI request should be completed with the + * result code from this event. + */ + rc = (status == 0) ? 0 : efx_mcdi_request_errcode(status); + + emtp->emt_ev_proxy_response(emtp->emt_context, handle, rc); +} +#endif /* EFSYS_OPT_MCDI_PROXY_AUTH */ + void efx_mcdi_ev_death( __in efx_nic_t *enp, diff --git a/drivers/net/sfc/efx/base/efx_mcdi.h b/drivers/net/sfc/efx/base/efx_mcdi.h index a408b5b..a62e921 100644 --- a/drivers/net/sfc/efx/base/efx_mcdi.h +++ b/drivers/net/sfc/efx/base/efx_mcdi.h @@ -59,6 +59,9 @@ struct efx_mcdi_req_s { /* Internals: low level transport details */ unsigned int emr_err_code; unsigned int emr_err_arg; +#if EFSYS_OPT_MCDI_PROXY_AUTH + uint32_t emr_proxy_handle; +#endif }; typedef struct efx_mcdi_iface_s { @@ -90,6 +93,20 @@ efx_mcdi_ev_cpl( __in unsigned int outlen, __in int errcode); +#if EFSYS_OPT_MCDI_PROXY_AUTH +extern __checkReturn efx_rc_t +efx_mcdi_get_proxy_handle( + __in efx_nic_t *enp, + __in efx_mcdi_req_t *emrp, + __out uint32_t *handlep); + +extern void +efx_mcdi_ev_proxy_response( + __in efx_nic_t *enp, + __in unsigned int handle, + __in unsigned int status); +#endif + extern void efx_mcdi_ev_death( __in efx_nic_t *enp,