xref: /linux/drivers/net/ethernet/intel/ice/ice_vf_lib.c (revision b92dd11725a7c57f55e148c7d3ce58a86f480575)
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2022, Intel Corporation. */
3 
4 #include "ice_vf_lib_private.h"
5 #include "ice.h"
6 #include "ice_lib.h"
7 #include "ice_fltr.h"
8 #include "ice_virtchnl_allowlist.h"
9 
10 /* Public functions which may be accessed by all driver files */
11 
12 /**
13  * ice_get_vf_by_id - Get pointer to VF by ID
14  * @pf: the PF private structure
15  * @vf_id: the VF ID to locate
16  *
17  * Locate and return a pointer to the VF structure associated with a given ID.
18  * Returns NULL if the ID does not have a valid VF structure associated with
19  * it.
20  *
21  * This function takes a reference to the VF, which must be released by
22  * calling ice_put_vf() once the caller is finished accessing the VF structure
23  * returned.
24  */
25 struct ice_vf *ice_get_vf_by_id(struct ice_pf *pf, u16 vf_id)
26 {
27 	struct ice_vf *vf;
28 
29 	rcu_read_lock();
30 	hash_for_each_possible_rcu(pf->vfs.table, vf, entry, vf_id) {
31 		if (vf->vf_id == vf_id) {
32 			struct ice_vf *found;
33 
34 			if (kref_get_unless_zero(&vf->refcnt))
35 				found = vf;
36 			else
37 				found = NULL;
38 
39 			rcu_read_unlock();
40 			return found;
41 		}
42 	}
43 	rcu_read_unlock();
44 
45 	return NULL;
46 }
47 
48 /**
49  * ice_release_vf - Release VF associated with a refcount
50  * @ref: the kref decremented to zero
51  *
52  * Callback function for kref_put to release a VF once its reference count has
53  * hit zero.
54  */
55 static void ice_release_vf(struct kref *ref)
56 {
57 	struct ice_vf *vf = container_of(ref, struct ice_vf, refcnt);
58 
59 	vf->vf_ops->free(vf);
60 }
61 
62 /**
63  * ice_put_vf - Release a reference to a VF
64  * @vf: the VF structure to decrease reference count on
65  *
66  * Decrease the reference count for a VF, and free the entry if it is no
67  * longer in use.
68  *
69  * This must be called after ice_get_vf_by_id() once the reference to the VF
70  * structure is no longer used. Otherwise, the VF structure will never be
71  * freed.
72  */
73 void ice_put_vf(struct ice_vf *vf)
74 {
75 	kref_put(&vf->refcnt, ice_release_vf);
76 }
77 
78 /**
79  * ice_has_vfs - Return true if the PF has any associated VFs
80  * @pf: the PF private structure
81  *
82  * Return whether or not the PF has any allocated VFs.
83  *
84  * Note that this function only guarantees that there are no VFs at the point
85  * of calling it. It does not guarantee that no more VFs will be added.
86  */
87 bool ice_has_vfs(struct ice_pf *pf)
88 {
89 	/* A simple check that the hash table is not empty does not require
90 	 * the mutex or rcu_read_lock.
91 	 */
92 	return !hash_empty(pf->vfs.table);
93 }
94 
95 /**
96  * ice_get_num_vfs - Get number of allocated VFs
97  * @pf: the PF private structure
98  *
99  * Return the total number of allocated VFs. NOTE: VF IDs are not guaranteed
100  * to be contiguous. Do not assume that a VF ID is guaranteed to be less than
101  * the output of this function.
102  */
103 u16 ice_get_num_vfs(struct ice_pf *pf)
104 {
105 	struct ice_vf *vf;
106 	unsigned int bkt;
107 	u16 num_vfs = 0;
108 
109 	rcu_read_lock();
110 	ice_for_each_vf_rcu(pf, bkt, vf)
111 		num_vfs++;
112 	rcu_read_unlock();
113 
114 	return num_vfs;
115 }
116 
117 /**
118  * ice_get_vf_vsi - get VF's VSI based on the stored index
119  * @vf: VF used to get VSI
120  */
121 struct ice_vsi *ice_get_vf_vsi(struct ice_vf *vf)
122 {
123 	if (vf->lan_vsi_idx == ICE_NO_VSI)
124 		return NULL;
125 
126 	return vf->pf->vsi[vf->lan_vsi_idx];
127 }
128 
129 /**
130  * ice_is_vf_disabled
131  * @vf: pointer to the VF info
132  *
133  * If the PF has been disabled, there is no need resetting VF until PF is
134  * active again. Similarly, if the VF has been disabled, this means something
135  * else is resetting the VF, so we shouldn't continue.
136  *
137  * Returns true if the caller should consider the VF as disabled whether
138  * because that single VF is explicitly disabled or because the PF is
139  * currently disabled.
140  */
141 bool ice_is_vf_disabled(struct ice_vf *vf)
142 {
143 	struct ice_pf *pf = vf->pf;
144 
145 	return (test_bit(ICE_VF_DIS, pf->state) ||
146 		test_bit(ICE_VF_STATE_DIS, vf->vf_states));
147 }
148 
149 /**
150  * ice_wait_on_vf_reset - poll to make sure a given VF is ready after reset
151  * @vf: The VF being resseting
152  *
153  * The max poll time is about ~800ms, which is about the maximum time it takes
154  * for a VF to be reset and/or a VF driver to be removed.
155  */
156 static void ice_wait_on_vf_reset(struct ice_vf *vf)
157 {
158 	int i;
159 
160 	for (i = 0; i < ICE_MAX_VF_RESET_TRIES; i++) {
161 		if (test_bit(ICE_VF_STATE_INIT, vf->vf_states))
162 			break;
163 		msleep(ICE_MAX_VF_RESET_SLEEP_MS);
164 	}
165 }
166 
167 /**
168  * ice_check_vf_ready_for_cfg - check if VF is ready to be configured/queried
169  * @vf: VF to check if it's ready to be configured/queried
170  *
171  * The purpose of this function is to make sure the VF is not in reset, not
172  * disabled, and initialized so it can be configured and/or queried by a host
173  * administrator.
174  */
175 int ice_check_vf_ready_for_cfg(struct ice_vf *vf)
176 {
177 	ice_wait_on_vf_reset(vf);
178 
179 	if (ice_is_vf_disabled(vf))
180 		return -EINVAL;
181 
182 	if (ice_check_vf_init(vf))
183 		return -EBUSY;
184 
185 	return 0;
186 }
187 
188 /**
189  * ice_trigger_vf_reset - Reset a VF on HW
190  * @vf: pointer to the VF structure
191  * @is_vflr: true if VFLR was issued, false if not
192  * @is_pfr: true if the reset was triggered due to a previous PFR
193  *
194  * Trigger hardware to start a reset for a particular VF. Expects the caller
195  * to wait the proper amount of time to allow hardware to reset the VF before
196  * it cleans up and restores VF functionality.
197  */
198 static void ice_trigger_vf_reset(struct ice_vf *vf, bool is_vflr, bool is_pfr)
199 {
200 	/* Inform VF that it is no longer active, as a warning */
201 	clear_bit(ICE_VF_STATE_ACTIVE, vf->vf_states);
202 
203 	/* Disable VF's configuration API during reset. The flag is re-enabled
204 	 * when it's safe again to access VF's VSI.
205 	 */
206 	clear_bit(ICE_VF_STATE_INIT, vf->vf_states);
207 
208 	/* VF_MBX_ARQLEN and VF_MBX_ATQLEN are cleared by PFR, so the driver
209 	 * needs to clear them in the case of VFR/VFLR. If this is done for
210 	 * PFR, it can mess up VF resets because the VF driver may already
211 	 * have started cleanup by the time we get here.
212 	 */
213 	if (!is_pfr)
214 		vf->vf_ops->clear_mbx_register(vf);
215 
216 	vf->vf_ops->trigger_reset_register(vf, is_vflr);
217 }
218 
219 static void ice_vf_clear_counters(struct ice_vf *vf)
220 {
221 	struct ice_vsi *vsi = ice_get_vf_vsi(vf);
222 
223 	if (vsi)
224 		vsi->num_vlan = 0;
225 
226 	vf->num_mac = 0;
227 	memset(&vf->mdd_tx_events, 0, sizeof(vf->mdd_tx_events));
228 	memset(&vf->mdd_rx_events, 0, sizeof(vf->mdd_rx_events));
229 }
230 
231 /**
232  * ice_vf_pre_vsi_rebuild - tasks to be done prior to VSI rebuild
233  * @vf: VF to perform pre VSI rebuild tasks
234  *
235  * These tasks are items that don't need to be amortized since they are most
236  * likely called in a for loop with all VF(s) in the reset_all_vfs() case.
237  */
238 static void ice_vf_pre_vsi_rebuild(struct ice_vf *vf)
239 {
240 	ice_vf_clear_counters(vf);
241 	vf->vf_ops->clear_reset_trigger(vf);
242 }
243 
244 /**
245  * ice_vf_rebuild_vsi - rebuild the VF's VSI
246  * @vf: VF to rebuild the VSI for
247  *
248  * This is only called when all VF(s) are being reset (i.e. PCIe Reset on the
249  * host, PFR, CORER, etc.).
250  */
251 static int ice_vf_rebuild_vsi(struct ice_vf *vf)
252 {
253 	struct ice_vsi *vsi = ice_get_vf_vsi(vf);
254 	struct ice_pf *pf = vf->pf;
255 
256 	if (WARN_ON(!vsi))
257 		return -EINVAL;
258 
259 	if (ice_vsi_rebuild(vsi, true)) {
260 		dev_err(ice_pf_to_dev(pf), "failed to rebuild VF %d VSI\n",
261 			vf->vf_id);
262 		return -EIO;
263 	}
264 	/* vsi->idx will remain the same in this case so don't update
265 	 * vf->lan_vsi_idx
266 	 */
267 	vsi->vsi_num = ice_get_hw_vsi_num(&pf->hw, vsi->idx);
268 	vf->lan_vsi_num = vsi->vsi_num;
269 
270 	return 0;
271 }
272 
273 /**
274  * ice_is_any_vf_in_unicast_promisc - check if any VF(s)
275  * are in unicast promiscuous mode
276  * @pf: PF structure for accessing VF(s)
277  *
278  * Return false if no VF(s) are in unicast promiscuous mode,
279  * else return true
280  */
281 bool ice_is_any_vf_in_unicast_promisc(struct ice_pf *pf)
282 {
283 	bool is_vf_promisc = false;
284 	struct ice_vf *vf;
285 	unsigned int bkt;
286 
287 	rcu_read_lock();
288 	ice_for_each_vf_rcu(pf, bkt, vf) {
289 		/* found a VF that has promiscuous mode configured */
290 		if (test_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states)) {
291 			is_vf_promisc = true;
292 			break;
293 		}
294 	}
295 	rcu_read_unlock();
296 
297 	return is_vf_promisc;
298 }
299 
300 /**
301  * ice_vf_get_promisc_masks - Calculate masks for promiscuous modes
302  * @vf: the VF pointer
303  * @vsi: the VSI to configure
304  * @ucast_m: promiscuous mask to apply to unicast
305  * @mcast_m: promiscuous mask to apply to multicast
306  *
307  * Decide which mask should be used for unicast and multicast filter,
308  * based on presence of VLANs
309  */
310 void
311 ice_vf_get_promisc_masks(struct ice_vf *vf, struct ice_vsi *vsi,
312 			 u8 *ucast_m, u8 *mcast_m)
313 {
314 	if (ice_vf_is_port_vlan_ena(vf) ||
315 	    ice_vsi_has_non_zero_vlans(vsi)) {
316 		*mcast_m = ICE_MCAST_VLAN_PROMISC_BITS;
317 		*ucast_m = ICE_UCAST_VLAN_PROMISC_BITS;
318 	} else {
319 		*mcast_m = ICE_MCAST_PROMISC_BITS;
320 		*ucast_m = ICE_UCAST_PROMISC_BITS;
321 	}
322 }
323 
324 /**
325  * ice_vf_clear_all_promisc_modes - Clear promisc/allmulticast on VF VSI
326  * @vf: the VF pointer
327  * @vsi: the VSI to configure
328  *
329  * Clear all promiscuous/allmulticast filters for a VF
330  */
331 static int
332 ice_vf_clear_all_promisc_modes(struct ice_vf *vf, struct ice_vsi *vsi)
333 {
334 	struct ice_pf *pf = vf->pf;
335 	u8 ucast_m, mcast_m;
336 	int ret = 0;
337 
338 	ice_vf_get_promisc_masks(vf, vsi, &ucast_m, &mcast_m);
339 	if (test_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states)) {
340 		if (!test_bit(ICE_FLAG_VF_TRUE_PROMISC_ENA, pf->flags)) {
341 			if (ice_is_dflt_vsi_in_use(vsi->port_info))
342 				ret = ice_clear_dflt_vsi(vsi);
343 		} else {
344 			ret = ice_vf_clear_vsi_promisc(vf, vsi, ucast_m);
345 		}
346 
347 		if (ret) {
348 			dev_err(ice_pf_to_dev(vf->pf), "Disabling promiscuous mode failed\n");
349 		} else {
350 			clear_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states);
351 			dev_info(ice_pf_to_dev(vf->pf), "Disabling promiscuous mode succeeded\n");
352 		}
353 	}
354 
355 	if (test_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) {
356 		ret = ice_vf_clear_vsi_promisc(vf, vsi, mcast_m);
357 		if (ret) {
358 			dev_err(ice_pf_to_dev(vf->pf), "Disabling allmulticast mode failed\n");
359 		} else {
360 			clear_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states);
361 			dev_info(ice_pf_to_dev(vf->pf), "Disabling allmulticast mode succeeded\n");
362 		}
363 	}
364 	return ret;
365 }
366 
367 /**
368  * ice_vf_set_vsi_promisc - Enable promiscuous mode for a VF VSI
369  * @vf: the VF to configure
370  * @vsi: the VF's VSI
371  * @promisc_m: the promiscuous mode to enable
372  */
373 int
374 ice_vf_set_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m)
375 {
376 	struct ice_hw *hw = &vsi->back->hw;
377 	int status;
378 
379 	if (ice_vf_is_port_vlan_ena(vf))
380 		status = ice_fltr_set_vsi_promisc(hw, vsi->idx, promisc_m,
381 						  ice_vf_get_port_vlan_id(vf));
382 	else if (ice_vsi_has_non_zero_vlans(vsi))
383 		status = ice_fltr_set_vlan_vsi_promisc(hw, vsi, promisc_m);
384 	else
385 		status = ice_fltr_set_vsi_promisc(hw, vsi->idx, promisc_m, 0);
386 
387 	if (status && status != -EEXIST) {
388 		dev_err(ice_pf_to_dev(vsi->back), "enable Tx/Rx filter promiscuous mode on VF-%u failed, error: %d\n",
389 			vf->vf_id, status);
390 		return status;
391 	}
392 
393 	return 0;
394 }
395 
396 /**
397  * ice_vf_clear_vsi_promisc - Disable promiscuous mode for a VF VSI
398  * @vf: the VF to configure
399  * @vsi: the VF's VSI
400  * @promisc_m: the promiscuous mode to disable
401  */
402 int
403 ice_vf_clear_vsi_promisc(struct ice_vf *vf, struct ice_vsi *vsi, u8 promisc_m)
404 {
405 	struct ice_hw *hw = &vsi->back->hw;
406 	int status;
407 
408 	if (ice_vf_is_port_vlan_ena(vf))
409 		status = ice_fltr_clear_vsi_promisc(hw, vsi->idx, promisc_m,
410 						    ice_vf_get_port_vlan_id(vf));
411 	else if (ice_vsi_has_non_zero_vlans(vsi))
412 		status = ice_fltr_clear_vlan_vsi_promisc(hw, vsi, promisc_m);
413 	else
414 		status = ice_fltr_clear_vsi_promisc(hw, vsi->idx, promisc_m, 0);
415 
416 	if (status && status != -ENOENT) {
417 		dev_err(ice_pf_to_dev(vsi->back), "disable Tx/Rx filter promiscuous mode on VF-%u failed, error: %d\n",
418 			vf->vf_id, status);
419 		return status;
420 	}
421 
422 	return 0;
423 }
424 
425 /**
426  * ice_reset_all_vfs - reset all allocated VFs in one go
427  * @pf: pointer to the PF structure
428  *
429  * Reset all VFs at once, in response to a PF or other device reset.
430  *
431  * First, tell the hardware to reset each VF, then do all the waiting in one
432  * chunk, and finally finish restoring each VF after the wait. This is useful
433  * during PF routines which need to reset all VFs, as otherwise it must perform
434  * these resets in a serialized fashion.
435  */
436 void ice_reset_all_vfs(struct ice_pf *pf)
437 {
438 	struct device *dev = ice_pf_to_dev(pf);
439 	struct ice_hw *hw = &pf->hw;
440 	struct ice_vf *vf;
441 	unsigned int bkt;
442 
443 	/* If we don't have any VFs, then there is nothing to reset */
444 	if (!ice_has_vfs(pf))
445 		return;
446 
447 	mutex_lock(&pf->vfs.table_lock);
448 
449 	/* clear all malicious info if the VFs are getting reset */
450 	ice_for_each_vf(pf, bkt, vf)
451 		if (ice_mbx_clear_malvf(&hw->mbx_snapshot, pf->vfs.malvfs,
452 					ICE_MAX_SRIOV_VFS, vf->vf_id))
453 			dev_dbg(dev, "failed to clear malicious VF state for VF %u\n",
454 				vf->vf_id);
455 
456 	/* If VFs have been disabled, there is no need to reset */
457 	if (test_and_set_bit(ICE_VF_DIS, pf->state)) {
458 		mutex_unlock(&pf->vfs.table_lock);
459 		return;
460 	}
461 
462 	/* Begin reset on all VFs at once */
463 	ice_for_each_vf(pf, bkt, vf)
464 		ice_trigger_vf_reset(vf, true, true);
465 
466 	/* HW requires some time to make sure it can flush the FIFO for a VF
467 	 * when it resets it. Now that we've triggered all of the VFs, iterate
468 	 * the table again and wait for each VF to complete.
469 	 */
470 	ice_for_each_vf(pf, bkt, vf) {
471 		if (!vf->vf_ops->poll_reset_status(vf)) {
472 			/* Display a warning if at least one VF didn't manage
473 			 * to reset in time, but continue on with the
474 			 * operation.
475 			 */
476 			dev_warn(dev, "VF %u reset check timeout\n", vf->vf_id);
477 			break;
478 		}
479 	}
480 
481 	/* free VF resources to begin resetting the VSI state */
482 	ice_for_each_vf(pf, bkt, vf) {
483 		mutex_lock(&vf->cfg_lock);
484 
485 		vf->driver_caps = 0;
486 		ice_vc_set_default_allowlist(vf);
487 
488 		ice_vf_fdir_exit(vf);
489 		ice_vf_fdir_init(vf);
490 		/* clean VF control VSI when resetting VFs since it should be
491 		 * setup only when VF creates its first FDIR rule.
492 		 */
493 		if (vf->ctrl_vsi_idx != ICE_NO_VSI)
494 			ice_vf_ctrl_invalidate_vsi(vf);
495 
496 		ice_vf_pre_vsi_rebuild(vf);
497 		ice_vf_rebuild_vsi(vf);
498 		vf->vf_ops->post_vsi_rebuild(vf);
499 
500 		mutex_unlock(&vf->cfg_lock);
501 	}
502 
503 	if (ice_is_eswitch_mode_switchdev(pf))
504 		if (ice_eswitch_rebuild(pf))
505 			dev_warn(dev, "eswitch rebuild failed\n");
506 
507 	ice_flush(hw);
508 	clear_bit(ICE_VF_DIS, pf->state);
509 
510 	mutex_unlock(&pf->vfs.table_lock);
511 }
512 
513 /**
514  * ice_notify_vf_reset - Notify VF of a reset event
515  * @vf: pointer to the VF structure
516  */
517 static void ice_notify_vf_reset(struct ice_vf *vf)
518 {
519 	struct ice_hw *hw = &vf->pf->hw;
520 	struct virtchnl_pf_event pfe;
521 
522 	/* Bail out if VF is in disabled state, neither initialized, nor active
523 	 * state - otherwise proceed with notifications
524 	 */
525 	if ((!test_bit(ICE_VF_STATE_INIT, vf->vf_states) &&
526 	     !test_bit(ICE_VF_STATE_ACTIVE, vf->vf_states)) ||
527 	    test_bit(ICE_VF_STATE_DIS, vf->vf_states))
528 		return;
529 
530 	pfe.event = VIRTCHNL_EVENT_RESET_IMPENDING;
531 	pfe.severity = PF_EVENT_SEVERITY_CERTAIN_DOOM;
532 	ice_aq_send_msg_to_vf(hw, vf->vf_id, VIRTCHNL_OP_EVENT,
533 			      VIRTCHNL_STATUS_SUCCESS, (u8 *)&pfe, sizeof(pfe),
534 			      NULL);
535 }
536 
537 /**
538  * ice_reset_vf - Reset a particular VF
539  * @vf: pointer to the VF structure
540  * @flags: flags controlling behavior of the reset
541  *
542  * Flags:
543  *   ICE_VF_RESET_VFLR - Indicates a reset is due to VFLR event
544  *   ICE_VF_RESET_NOTIFY - Send VF a notification prior to reset
545  *   ICE_VF_RESET_LOCK - Acquire VF cfg_lock before resetting
546  *
547  * Returns 0 if the VF is currently in reset, if resets are disabled, or if
548  * the VF resets successfully. Returns an error code if the VF fails to
549  * rebuild.
550  */
551 int ice_reset_vf(struct ice_vf *vf, u32 flags)
552 {
553 	struct ice_pf *pf = vf->pf;
554 	struct ice_vsi *vsi;
555 	struct device *dev;
556 	struct ice_hw *hw;
557 	int err = 0;
558 	bool rsd;
559 
560 	dev = ice_pf_to_dev(pf);
561 	hw = &pf->hw;
562 
563 	if (flags & ICE_VF_RESET_NOTIFY)
564 		ice_notify_vf_reset(vf);
565 
566 	if (test_bit(ICE_VF_RESETS_DISABLED, pf->state)) {
567 		dev_dbg(dev, "Trying to reset VF %d, but all VF resets are disabled\n",
568 			vf->vf_id);
569 		return 0;
570 	}
571 
572 	if (ice_is_vf_disabled(vf)) {
573 		vsi = ice_get_vf_vsi(vf);
574 		if (!vsi) {
575 			dev_dbg(dev, "VF is already removed\n");
576 			return -EINVAL;
577 		}
578 		ice_vsi_stop_lan_tx_rings(vsi, ICE_NO_RESET, vf->vf_id);
579 		ice_vsi_stop_all_rx_rings(vsi);
580 		dev_dbg(dev, "VF is already disabled, there is no need for resetting it, telling VM, all is fine %d\n",
581 			vf->vf_id);
582 		return 0;
583 	}
584 
585 	if (flags & ICE_VF_RESET_LOCK)
586 		mutex_lock(&vf->cfg_lock);
587 	else
588 		lockdep_assert_held(&vf->cfg_lock);
589 
590 	/* Set VF disable bit state here, before triggering reset */
591 	set_bit(ICE_VF_STATE_DIS, vf->vf_states);
592 	ice_trigger_vf_reset(vf, flags & ICE_VF_RESET_VFLR, false);
593 
594 	vsi = ice_get_vf_vsi(vf);
595 	if (WARN_ON(!vsi)) {
596 		err = -EIO;
597 		goto out_unlock;
598 	}
599 
600 	ice_dis_vf_qs(vf);
601 
602 	/* Call Disable LAN Tx queue AQ whether or not queues are
603 	 * enabled. This is needed for successful completion of VFR.
604 	 */
605 	ice_dis_vsi_txq(vsi->port_info, vsi->idx, 0, 0, NULL, NULL,
606 			NULL, vf->vf_ops->reset_type, vf->vf_id, NULL);
607 
608 	/* poll VPGEN_VFRSTAT reg to make sure
609 	 * that reset is complete
610 	 */
611 	rsd = vf->vf_ops->poll_reset_status(vf);
612 
613 	/* Display a warning if VF didn't manage to reset in time, but need to
614 	 * continue on with the operation.
615 	 */
616 	if (!rsd)
617 		dev_warn(dev, "VF reset check timeout on VF %d\n", vf->vf_id);
618 
619 	vf->driver_caps = 0;
620 	ice_vc_set_default_allowlist(vf);
621 
622 	/* disable promiscuous modes in case they were enabled
623 	 * ignore any error if disabling process failed
624 	 */
625 	ice_vf_clear_all_promisc_modes(vf, vsi);
626 
627 	ice_eswitch_del_vf_mac_rule(vf);
628 
629 	ice_vf_fdir_exit(vf);
630 	ice_vf_fdir_init(vf);
631 	/* clean VF control VSI when resetting VF since it should be setup
632 	 * only when VF creates its first FDIR rule.
633 	 */
634 	if (vf->ctrl_vsi_idx != ICE_NO_VSI)
635 		ice_vf_ctrl_vsi_release(vf);
636 
637 	ice_vf_pre_vsi_rebuild(vf);
638 
639 	if (vf->vf_ops->vsi_rebuild(vf)) {
640 		dev_err(dev, "Failed to release and setup the VF%u's VSI\n",
641 			vf->vf_id);
642 		err = -EFAULT;
643 		goto out_unlock;
644 	}
645 
646 	vf->vf_ops->post_vsi_rebuild(vf);
647 	vsi = ice_get_vf_vsi(vf);
648 	if (WARN_ON(!vsi)) {
649 		err = -EINVAL;
650 		goto out_unlock;
651 	}
652 
653 	ice_eswitch_update_repr(vsi);
654 	ice_eswitch_replay_vf_mac_rule(vf);
655 
656 	/* if the VF has been reset allow it to come up again */
657 	if (ice_mbx_clear_malvf(&hw->mbx_snapshot, pf->vfs.malvfs,
658 				ICE_MAX_SRIOV_VFS, vf->vf_id))
659 		dev_dbg(dev, "failed to clear malicious VF state for VF %u\n",
660 			vf->vf_id);
661 
662 out_unlock:
663 	if (flags & ICE_VF_RESET_LOCK)
664 		mutex_unlock(&vf->cfg_lock);
665 
666 	return err;
667 }
668 
669 /**
670  * ice_set_vf_state_qs_dis - Set VF queues state to disabled
671  * @vf: pointer to the VF structure
672  */
673 void ice_set_vf_state_qs_dis(struct ice_vf *vf)
674 {
675 	/* Clear Rx/Tx enabled queues flag */
676 	bitmap_zero(vf->txq_ena, ICE_MAX_RSS_QS_PER_VF);
677 	bitmap_zero(vf->rxq_ena, ICE_MAX_RSS_QS_PER_VF);
678 	clear_bit(ICE_VF_STATE_QS_ENA, vf->vf_states);
679 }
680 
681 /* Private functions only accessed from other virtualization files */
682 
683 /**
684  * ice_dis_vf_qs - Disable the VF queues
685  * @vf: pointer to the VF structure
686  */
687 void ice_dis_vf_qs(struct ice_vf *vf)
688 {
689 	struct ice_vsi *vsi = ice_get_vf_vsi(vf);
690 
691 	if (WARN_ON(!vsi))
692 		return;
693 
694 	ice_vsi_stop_lan_tx_rings(vsi, ICE_NO_RESET, vf->vf_id);
695 	ice_vsi_stop_all_rx_rings(vsi);
696 	ice_set_vf_state_qs_dis(vf);
697 }
698 
699 /**
700  * ice_check_vf_init - helper to check if VF init complete
701  * @vf: the pointer to the VF to check
702  */
703 int ice_check_vf_init(struct ice_vf *vf)
704 {
705 	struct ice_pf *pf = vf->pf;
706 
707 	if (!test_bit(ICE_VF_STATE_INIT, vf->vf_states)) {
708 		dev_err(ice_pf_to_dev(pf), "VF ID: %u in reset. Try again.\n",
709 			vf->vf_id);
710 		return -EBUSY;
711 	}
712 	return 0;
713 }
714 
715 /**
716  * ice_vf_get_port_info - Get the VF's port info structure
717  * @vf: VF used to get the port info structure for
718  */
719 struct ice_port_info *ice_vf_get_port_info(struct ice_vf *vf)
720 {
721 	return vf->pf->hw.port_info;
722 }
723 
724 /**
725  * ice_cfg_mac_antispoof - Configure MAC antispoof checking behavior
726  * @vsi: the VSI to configure
727  * @enable: whether to enable or disable the spoof checking
728  *
729  * Configure a VSI to enable (or disable) spoof checking behavior.
730  */
731 static int ice_cfg_mac_antispoof(struct ice_vsi *vsi, bool enable)
732 {
733 	struct ice_vsi_ctx *ctx;
734 	int err;
735 
736 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
737 	if (!ctx)
738 		return -ENOMEM;
739 
740 	ctx->info.sec_flags = vsi->info.sec_flags;
741 	ctx->info.valid_sections = cpu_to_le16(ICE_AQ_VSI_PROP_SECURITY_VALID);
742 
743 	if (enable)
744 		ctx->info.sec_flags |= ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF;
745 	else
746 		ctx->info.sec_flags &= ~ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF;
747 
748 	err = ice_update_vsi(&vsi->back->hw, vsi->idx, ctx, NULL);
749 	if (err)
750 		dev_err(ice_pf_to_dev(vsi->back), "Failed to configure Tx MAC anti-spoof %s for VSI %d, error %d\n",
751 			enable ? "ON" : "OFF", vsi->vsi_num, err);
752 	else
753 		vsi->info.sec_flags = ctx->info.sec_flags;
754 
755 	kfree(ctx);
756 
757 	return err;
758 }
759 
760 /**
761  * ice_vsi_ena_spoofchk - enable Tx spoof checking for this VSI
762  * @vsi: VSI to enable Tx spoof checking for
763  */
764 static int ice_vsi_ena_spoofchk(struct ice_vsi *vsi)
765 {
766 	struct ice_vsi_vlan_ops *vlan_ops;
767 	int err = 0;
768 
769 	vlan_ops = ice_get_compat_vsi_vlan_ops(vsi);
770 
771 	/* Allow VF with VLAN 0 only to send all tagged traffic */
772 	if (vsi->type != ICE_VSI_VF || ice_vsi_has_non_zero_vlans(vsi)) {
773 		err = vlan_ops->ena_tx_filtering(vsi);
774 		if (err)
775 			return err;
776 	}
777 
778 	return ice_cfg_mac_antispoof(vsi, true);
779 }
780 
781 /**
782  * ice_vsi_dis_spoofchk - disable Tx spoof checking for this VSI
783  * @vsi: VSI to disable Tx spoof checking for
784  */
785 static int ice_vsi_dis_spoofchk(struct ice_vsi *vsi)
786 {
787 	struct ice_vsi_vlan_ops *vlan_ops;
788 	int err;
789 
790 	vlan_ops = ice_get_compat_vsi_vlan_ops(vsi);
791 
792 	err = vlan_ops->dis_tx_filtering(vsi);
793 	if (err)
794 		return err;
795 
796 	return ice_cfg_mac_antispoof(vsi, false);
797 }
798 
799 /**
800  * ice_vsi_apply_spoofchk - Apply Tx spoof checking setting to a VSI
801  * @vsi: VSI associated to the VF
802  * @enable: whether to enable or disable the spoof checking
803  */
804 int ice_vsi_apply_spoofchk(struct ice_vsi *vsi, bool enable)
805 {
806 	int err;
807 
808 	if (enable)
809 		err = ice_vsi_ena_spoofchk(vsi);
810 	else
811 		err = ice_vsi_dis_spoofchk(vsi);
812 
813 	return err;
814 }
815 
816 /**
817  * ice_is_vf_trusted
818  * @vf: pointer to the VF info
819  */
820 bool ice_is_vf_trusted(struct ice_vf *vf)
821 {
822 	return test_bit(ICE_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps);
823 }
824 
825 /**
826  * ice_vf_has_no_qs_ena - check if the VF has any Rx or Tx queues enabled
827  * @vf: the VF to check
828  *
829  * Returns true if the VF has no Rx and no Tx queues enabled and returns false
830  * otherwise
831  */
832 bool ice_vf_has_no_qs_ena(struct ice_vf *vf)
833 {
834 	return (!bitmap_weight(vf->rxq_ena, ICE_MAX_RSS_QS_PER_VF) &&
835 		!bitmap_weight(vf->txq_ena, ICE_MAX_RSS_QS_PER_VF));
836 }
837 
838 /**
839  * ice_is_vf_link_up - check if the VF's link is up
840  * @vf: VF to check if link is up
841  */
842 bool ice_is_vf_link_up(struct ice_vf *vf)
843 {
844 	struct ice_port_info *pi = ice_vf_get_port_info(vf);
845 
846 	if (ice_check_vf_init(vf))
847 		return false;
848 
849 	if (ice_vf_has_no_qs_ena(vf))
850 		return false;
851 	else if (vf->link_forced)
852 		return vf->link_up;
853 	else
854 		return pi->phy.link_info.link_info &
855 			ICE_AQ_LINK_UP;
856 }
857 
858 /**
859  * ice_vf_set_host_trust_cfg - set trust setting based on pre-reset value
860  * @vf: VF to configure trust setting for
861  */
862 static void ice_vf_set_host_trust_cfg(struct ice_vf *vf)
863 {
864 	if (vf->trusted)
865 		set_bit(ICE_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps);
866 	else
867 		clear_bit(ICE_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps);
868 }
869 
870 /**
871  * ice_vf_rebuild_host_mac_cfg - add broadcast and the VF's perm_addr/LAA
872  * @vf: VF to add MAC filters for
873  *
874  * Called after a VF VSI has been re-added/rebuilt during reset. The PF driver
875  * always re-adds a broadcast filter and the VF's perm_addr/LAA after reset.
876  */
877 static int ice_vf_rebuild_host_mac_cfg(struct ice_vf *vf)
878 {
879 	struct device *dev = ice_pf_to_dev(vf->pf);
880 	struct ice_vsi *vsi = ice_get_vf_vsi(vf);
881 	u8 broadcast[ETH_ALEN];
882 	int status;
883 
884 	if (WARN_ON(!vsi))
885 		return -EINVAL;
886 
887 	if (ice_is_eswitch_mode_switchdev(vf->pf))
888 		return 0;
889 
890 	eth_broadcast_addr(broadcast);
891 	status = ice_fltr_add_mac(vsi, broadcast, ICE_FWD_TO_VSI);
892 	if (status) {
893 		dev_err(dev, "failed to add broadcast MAC filter for VF %u, error %d\n",
894 			vf->vf_id, status);
895 		return status;
896 	}
897 
898 	vf->num_mac++;
899 
900 	if (is_valid_ether_addr(vf->hw_lan_addr.addr)) {
901 		status = ice_fltr_add_mac(vsi, vf->hw_lan_addr.addr,
902 					  ICE_FWD_TO_VSI);
903 		if (status) {
904 			dev_err(dev, "failed to add default unicast MAC filter %pM for VF %u, error %d\n",
905 				&vf->hw_lan_addr.addr[0], vf->vf_id,
906 				status);
907 			return status;
908 		}
909 		vf->num_mac++;
910 
911 		ether_addr_copy(vf->dev_lan_addr.addr, vf->hw_lan_addr.addr);
912 	}
913 
914 	return 0;
915 }
916 
917 /**
918  * ice_vf_rebuild_host_vlan_cfg - add VLAN 0 filter or rebuild the Port VLAN
919  * @vf: VF to add MAC filters for
920  * @vsi: Pointer to VSI
921  *
922  * Called after a VF VSI has been re-added/rebuilt during reset. The PF driver
923  * always re-adds either a VLAN 0 or port VLAN based filter after reset.
924  */
925 static int ice_vf_rebuild_host_vlan_cfg(struct ice_vf *vf, struct ice_vsi *vsi)
926 {
927 	struct ice_vsi_vlan_ops *vlan_ops = ice_get_compat_vsi_vlan_ops(vsi);
928 	struct device *dev = ice_pf_to_dev(vf->pf);
929 	int err;
930 
931 	if (ice_vf_is_port_vlan_ena(vf)) {
932 		err = vlan_ops->set_port_vlan(vsi, &vf->port_vlan_info);
933 		if (err) {
934 			dev_err(dev, "failed to configure port VLAN via VSI parameters for VF %u, error %d\n",
935 				vf->vf_id, err);
936 			return err;
937 		}
938 
939 		err = vlan_ops->add_vlan(vsi, &vf->port_vlan_info);
940 	} else {
941 		err = ice_vsi_add_vlan_zero(vsi);
942 	}
943 
944 	if (err) {
945 		dev_err(dev, "failed to add VLAN %u filter for VF %u during VF rebuild, error %d\n",
946 			ice_vf_is_port_vlan_ena(vf) ?
947 			ice_vf_get_port_vlan_id(vf) : 0, vf->vf_id, err);
948 		return err;
949 	}
950 
951 	err = vlan_ops->ena_rx_filtering(vsi);
952 	if (err)
953 		dev_warn(dev, "failed to enable Rx VLAN filtering for VF %d VSI %d during VF rebuild, error %d\n",
954 			 vf->vf_id, vsi->idx, err);
955 
956 	return 0;
957 }
958 
959 /**
960  * ice_vf_rebuild_host_tx_rate_cfg - re-apply the Tx rate limiting configuration
961  * @vf: VF to re-apply the configuration for
962  *
963  * Called after a VF VSI has been re-added/rebuild during reset. The PF driver
964  * needs to re-apply the host configured Tx rate limiting configuration.
965  */
966 static int ice_vf_rebuild_host_tx_rate_cfg(struct ice_vf *vf)
967 {
968 	struct device *dev = ice_pf_to_dev(vf->pf);
969 	struct ice_vsi *vsi = ice_get_vf_vsi(vf);
970 	int err;
971 
972 	if (WARN_ON(!vsi))
973 		return -EINVAL;
974 
975 	if (vf->min_tx_rate) {
976 		err = ice_set_min_bw_limit(vsi, (u64)vf->min_tx_rate * 1000);
977 		if (err) {
978 			dev_err(dev, "failed to set min Tx rate to %d Mbps for VF %u, error %d\n",
979 				vf->min_tx_rate, vf->vf_id, err);
980 			return err;
981 		}
982 	}
983 
984 	if (vf->max_tx_rate) {
985 		err = ice_set_max_bw_limit(vsi, (u64)vf->max_tx_rate * 1000);
986 		if (err) {
987 			dev_err(dev, "failed to set max Tx rate to %d Mbps for VF %u, error %d\n",
988 				vf->max_tx_rate, vf->vf_id, err);
989 			return err;
990 		}
991 	}
992 
993 	return 0;
994 }
995 
996 /**
997  * ice_vf_rebuild_aggregator_node_cfg - rebuild aggregator node config
998  * @vsi: Pointer to VSI
999  *
1000  * This function moves VSI into corresponding scheduler aggregator node
1001  * based on cached value of "aggregator node info" per VSI
1002  */
1003 static void ice_vf_rebuild_aggregator_node_cfg(struct ice_vsi *vsi)
1004 {
1005 	struct ice_pf *pf = vsi->back;
1006 	struct device *dev;
1007 	int status;
1008 
1009 	if (!vsi->agg_node)
1010 		return;
1011 
1012 	dev = ice_pf_to_dev(pf);
1013 	if (vsi->agg_node->num_vsis == ICE_MAX_VSIS_IN_AGG_NODE) {
1014 		dev_dbg(dev,
1015 			"agg_id %u already has reached max_num_vsis %u\n",
1016 			vsi->agg_node->agg_id, vsi->agg_node->num_vsis);
1017 		return;
1018 	}
1019 
1020 	status = ice_move_vsi_to_agg(pf->hw.port_info, vsi->agg_node->agg_id,
1021 				     vsi->idx, vsi->tc_cfg.ena_tc);
1022 	if (status)
1023 		dev_dbg(dev, "unable to move VSI idx %u into aggregator %u node",
1024 			vsi->idx, vsi->agg_node->agg_id);
1025 	else
1026 		vsi->agg_node->num_vsis++;
1027 }
1028 
1029 /**
1030  * ice_vf_rebuild_host_cfg - host admin configuration is persistent across reset
1031  * @vf: VF to rebuild host configuration on
1032  */
1033 void ice_vf_rebuild_host_cfg(struct ice_vf *vf)
1034 {
1035 	struct device *dev = ice_pf_to_dev(vf->pf);
1036 	struct ice_vsi *vsi = ice_get_vf_vsi(vf);
1037 
1038 	if (WARN_ON(!vsi))
1039 		return;
1040 
1041 	ice_vf_set_host_trust_cfg(vf);
1042 
1043 	if (ice_vf_rebuild_host_mac_cfg(vf))
1044 		dev_err(dev, "failed to rebuild default MAC configuration for VF %d\n",
1045 			vf->vf_id);
1046 
1047 	if (ice_vf_rebuild_host_vlan_cfg(vf, vsi))
1048 		dev_err(dev, "failed to rebuild VLAN configuration for VF %u\n",
1049 			vf->vf_id);
1050 
1051 	if (ice_vf_rebuild_host_tx_rate_cfg(vf))
1052 		dev_err(dev, "failed to rebuild Tx rate limiting configuration for VF %u\n",
1053 			vf->vf_id);
1054 
1055 	if (ice_vsi_apply_spoofchk(vsi, vf->spoofchk))
1056 		dev_err(dev, "failed to rebuild spoofchk configuration for VF %d\n",
1057 			vf->vf_id);
1058 
1059 	/* rebuild aggregator node config for main VF VSI */
1060 	ice_vf_rebuild_aggregator_node_cfg(vsi);
1061 }
1062 
1063 /**
1064  * ice_vf_ctrl_invalidate_vsi - invalidate ctrl_vsi_idx to remove VSI access
1065  * @vf: VF that control VSI is being invalidated on
1066  */
1067 void ice_vf_ctrl_invalidate_vsi(struct ice_vf *vf)
1068 {
1069 	vf->ctrl_vsi_idx = ICE_NO_VSI;
1070 }
1071 
1072 /**
1073  * ice_vf_ctrl_vsi_release - invalidate the VF's control VSI after freeing it
1074  * @vf: VF that control VSI is being released on
1075  */
1076 void ice_vf_ctrl_vsi_release(struct ice_vf *vf)
1077 {
1078 	ice_vsi_release(vf->pf->vsi[vf->ctrl_vsi_idx]);
1079 	ice_vf_ctrl_invalidate_vsi(vf);
1080 }
1081 
1082 /**
1083  * ice_vf_ctrl_vsi_setup - Set up a VF control VSI
1084  * @vf: VF to setup control VSI for
1085  *
1086  * Returns pointer to the successfully allocated VSI struct on success,
1087  * otherwise returns NULL on failure.
1088  */
1089 struct ice_vsi *ice_vf_ctrl_vsi_setup(struct ice_vf *vf)
1090 {
1091 	struct ice_port_info *pi = ice_vf_get_port_info(vf);
1092 	struct ice_pf *pf = vf->pf;
1093 	struct ice_vsi *vsi;
1094 
1095 	vsi = ice_vsi_setup(pf, pi, ICE_VSI_CTRL, vf, NULL);
1096 	if (!vsi) {
1097 		dev_err(ice_pf_to_dev(pf), "Failed to create VF control VSI\n");
1098 		ice_vf_ctrl_invalidate_vsi(vf);
1099 	}
1100 
1101 	return vsi;
1102 }
1103 
1104 /**
1105  * ice_vf_invalidate_vsi - invalidate vsi_idx/vsi_num to remove VSI access
1106  * @vf: VF to remove access to VSI for
1107  */
1108 void ice_vf_invalidate_vsi(struct ice_vf *vf)
1109 {
1110 	vf->lan_vsi_idx = ICE_NO_VSI;
1111 	vf->lan_vsi_num = ICE_NO_VSI;
1112 }
1113 
1114 /**
1115  * ice_vf_set_initialized - VF is ready for VIRTCHNL communication
1116  * @vf: VF to set in initialized state
1117  *
1118  * After this function the VF will be ready to receive/handle the
1119  * VIRTCHNL_OP_GET_VF_RESOURCES message
1120  */
1121 void ice_vf_set_initialized(struct ice_vf *vf)
1122 {
1123 	ice_set_vf_state_qs_dis(vf);
1124 	clear_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states);
1125 	clear_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states);
1126 	clear_bit(ICE_VF_STATE_DIS, vf->vf_states);
1127 	set_bit(ICE_VF_STATE_INIT, vf->vf_states);
1128 	memset(&vf->vlan_v2_caps, 0, sizeof(vf->vlan_v2_caps));
1129 }
1130