1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2018, Intel Corporation. */ 3 4 #include "ice_common.h" 5 #include "ice_vf_mbx.h" 6 7 /** 8 * ice_aq_send_msg_to_vf 9 * @hw: pointer to the hardware structure 10 * @vfid: VF ID to send msg 11 * @v_opcode: opcodes for VF-PF communication 12 * @v_retval: return error code 13 * @msg: pointer to the msg buffer 14 * @msglen: msg length 15 * @cd: pointer to command details 16 * 17 * Send message to VF driver (0x0802) using mailbox 18 * queue and asynchronously sending message via 19 * ice_sq_send_cmd() function 20 */ 21 int 22 ice_aq_send_msg_to_vf(struct ice_hw *hw, u16 vfid, u32 v_opcode, u32 v_retval, 23 u8 *msg, u16 msglen, struct ice_sq_cd *cd) 24 { 25 struct ice_aqc_pf_vf_msg *cmd; 26 struct ice_aq_desc desc; 27 28 ice_fill_dflt_direct_cmd_desc(&desc, ice_mbx_opc_send_msg_to_vf); 29 30 cmd = &desc.params.virt; 31 cmd->id = cpu_to_le32(vfid); 32 33 desc.cookie_high = cpu_to_le32(v_opcode); 34 desc.cookie_low = cpu_to_le32(v_retval); 35 36 if (msglen) 37 desc.flags |= cpu_to_le16(ICE_AQ_FLAG_RD); 38 39 return ice_sq_send_cmd(hw, &hw->mailboxq, &desc, msg, msglen, cd); 40 } 41 42 static const u32 ice_legacy_aq_to_vc_speed[] = { 43 VIRTCHNL_LINK_SPEED_100MB, /* BIT(0) */ 44 VIRTCHNL_LINK_SPEED_100MB, 45 VIRTCHNL_LINK_SPEED_1GB, 46 VIRTCHNL_LINK_SPEED_1GB, 47 VIRTCHNL_LINK_SPEED_1GB, 48 VIRTCHNL_LINK_SPEED_10GB, 49 VIRTCHNL_LINK_SPEED_20GB, 50 VIRTCHNL_LINK_SPEED_25GB, 51 VIRTCHNL_LINK_SPEED_40GB, 52 VIRTCHNL_LINK_SPEED_40GB, 53 VIRTCHNL_LINK_SPEED_40GB, 54 }; 55 56 /** 57 * ice_conv_link_speed_to_virtchnl 58 * @adv_link_support: determines the format of the returned link speed 59 * @link_speed: variable containing the link_speed to be converted 60 * 61 * Convert link speed supported by HW to link speed supported by virtchnl. 62 * If adv_link_support is true, then return link speed in Mbps. Else return 63 * link speed as a VIRTCHNL_LINK_SPEED_* casted to a u32. Note that the caller 64 * needs to cast back to an enum virtchnl_link_speed in the case where 65 * adv_link_support is false, but when adv_link_support is true the caller can 66 * expect the speed in Mbps. 67 */ 68 u32 ice_conv_link_speed_to_virtchnl(bool adv_link_support, u16 link_speed) 69 { 70 /* convert a BIT() value into an array index */ 71 u32 index = fls(link_speed) - 1; 72 73 if (adv_link_support) 74 return ice_get_link_speed(index); 75 else if (index < ARRAY_SIZE(ice_legacy_aq_to_vc_speed)) 76 /* Virtchnl speeds are not defined for every speed supported in 77 * the hardware. To maintain compatibility with older AVF 78 * drivers, while reporting the speed the new speed values are 79 * resolved to the closest known virtchnl speeds 80 */ 81 return ice_legacy_aq_to_vc_speed[index]; 82 83 return VIRTCHNL_LINK_SPEED_UNKNOWN; 84 } 85 86 /* The mailbox overflow detection algorithm helps to check if there 87 * is a possibility of a malicious VF transmitting too many MBX messages to the 88 * PF. 89 * 1. The mailbox snapshot structure, ice_mbx_snapshot, is initialized during 90 * driver initialization in ice_init_hw() using ice_mbx_init_snapshot(). 91 * The struct ice_mbx_snapshot helps to track and traverse a static window of 92 * messages within the mailbox queue while looking for a malicious VF. 93 * 94 * 2. When the caller starts processing its mailbox queue in response to an 95 * interrupt, the structure ice_mbx_snapshot is expected to be cleared before 96 * the algorithm can be run for the first time for that interrupt. This 97 * requires calling ice_mbx_reset_snapshot() as well as calling 98 * ice_mbx_reset_vf_info() for each VF tracking structure. 99 * 100 * 3. For every message read by the caller from the MBX Queue, the caller must 101 * call the detection algorithm's entry function ice_mbx_vf_state_handler(). 102 * Before every call to ice_mbx_vf_state_handler() the struct ice_mbx_data is 103 * filled as it is required to be passed to the algorithm. 104 * 105 * 4. Every time a message is read from the MBX queue, a tracking structure 106 * for the VF must be passed to the state handler. The boolean output 107 * report_malvf from ice_mbx_vf_state_handler() serves as an indicator to the 108 * caller whether it must report this VF as malicious or not. 109 * 110 * 5. When a VF is identified to be malicious, the caller can send a message 111 * to the system administrator. 112 * 113 * 6. The PF is responsible for maintaining the struct ice_mbx_vf_info 114 * structure for each VF. The PF should clear the VF tracking structure if the 115 * VF is reset. When a VF is shut down and brought back up, we will then 116 * assume that the new VF is not malicious and may report it again if we 117 * detect it again. 118 * 119 * 7. The function ice_mbx_reset_snapshot() is called to reset the information 120 * in ice_mbx_snapshot for every new mailbox interrupt handled. 121 */ 122 #define ICE_RQ_DATA_MASK(rq_data) ((rq_data) & PF_MBX_ARQH_ARQH_M) 123 /* Using the highest value for an unsigned 16-bit value 0xFFFF to indicate that 124 * the max messages check must be ignored in the algorithm 125 */ 126 #define ICE_IGNORE_MAX_MSG_CNT 0xFFFF 127 128 /** 129 * ice_mbx_reset_snapshot - Reset mailbox snapshot structure 130 * @snap: pointer to the mailbox snapshot 131 */ 132 static void ice_mbx_reset_snapshot(struct ice_mbx_snapshot *snap) 133 { 134 struct ice_mbx_vf_info *vf_info; 135 136 /* Clear mbx_buf in the mailbox snaphot structure and setting the 137 * mailbox snapshot state to a new capture. 138 */ 139 memset(&snap->mbx_buf, 0, sizeof(snap->mbx_buf)); 140 snap->mbx_buf.state = ICE_MAL_VF_DETECT_STATE_NEW_SNAPSHOT; 141 142 /* Reset message counts for all VFs to zero */ 143 list_for_each_entry(vf_info, &snap->mbx_vf, list_entry) 144 vf_info->msg_count = 0; 145 } 146 147 /** 148 * ice_mbx_traverse - Pass through mailbox snapshot 149 * @hw: pointer to the HW struct 150 * @new_state: new algorithm state 151 * 152 * Traversing the mailbox static snapshot without checking 153 * for malicious VFs. 154 */ 155 static void 156 ice_mbx_traverse(struct ice_hw *hw, 157 enum ice_mbx_snapshot_state *new_state) 158 { 159 struct ice_mbx_snap_buffer_data *snap_buf; 160 u32 num_iterations; 161 162 snap_buf = &hw->mbx_snapshot.mbx_buf; 163 164 /* As mailbox buffer is circular, applying a mask 165 * on the incremented iteration count. 166 */ 167 num_iterations = ICE_RQ_DATA_MASK(++snap_buf->num_iterations); 168 169 /* Checking either of the below conditions to exit snapshot traversal: 170 * Condition-1: If the number of iterations in the mailbox is equal to 171 * the mailbox head which would indicate that we have reached the end 172 * of the static snapshot. 173 * Condition-2: If the maximum messages serviced in the mailbox for a 174 * given interrupt is the highest possible value then there is no need 175 * to check if the number of messages processed is equal to it. If not 176 * check if the number of messages processed is greater than or equal 177 * to the maximum number of mailbox entries serviced in current work item. 178 */ 179 if (num_iterations == snap_buf->head || 180 (snap_buf->max_num_msgs_mbx < ICE_IGNORE_MAX_MSG_CNT && 181 ++snap_buf->num_msg_proc >= snap_buf->max_num_msgs_mbx)) 182 *new_state = ICE_MAL_VF_DETECT_STATE_NEW_SNAPSHOT; 183 } 184 185 /** 186 * ice_mbx_detect_malvf - Detect malicious VF in snapshot 187 * @hw: pointer to the HW struct 188 * @vf_info: mailbox tracking structure for a VF 189 * @new_state: new algorithm state 190 * @is_malvf: boolean output to indicate if VF is malicious 191 * 192 * This function tracks the number of asynchronous messages 193 * sent per VF and marks the VF as malicious if it exceeds 194 * the permissible number of messages to send. 195 */ 196 static int 197 ice_mbx_detect_malvf(struct ice_hw *hw, struct ice_mbx_vf_info *vf_info, 198 enum ice_mbx_snapshot_state *new_state, 199 bool *is_malvf) 200 { 201 /* increment the message count for this VF */ 202 vf_info->msg_count++; 203 204 if (vf_info->msg_count >= ICE_ASYNC_VF_MSG_THRESHOLD) 205 *is_malvf = true; 206 207 /* continue to iterate through the mailbox snapshot */ 208 ice_mbx_traverse(hw, new_state); 209 210 return 0; 211 } 212 213 /** 214 * ice_mbx_vf_state_handler - Handle states of the overflow algorithm 215 * @hw: pointer to the HW struct 216 * @mbx_data: pointer to structure containing mailbox data 217 * @vf_info: mailbox tracking structure for the VF in question 218 * @report_malvf: boolean output to indicate whether VF should be reported 219 * 220 * The function serves as an entry point for the malicious VF 221 * detection algorithm by handling the different states and state 222 * transitions of the algorithm: 223 * New snapshot: This state is entered when creating a new static 224 * snapshot. The data from any previous mailbox snapshot is 225 * cleared and a new capture of the mailbox head and tail is 226 * logged. This will be the new static snapshot to detect 227 * asynchronous messages sent by VFs. On capturing the snapshot 228 * and depending on whether the number of pending messages in that 229 * snapshot exceed the watermark value, the state machine enters 230 * traverse or detect states. 231 * Traverse: If pending message count is below watermark then iterate 232 * through the snapshot without any action on VF. 233 * Detect: If pending message count exceeds watermark traverse 234 * the static snapshot and look for a malicious VF. 235 */ 236 int 237 ice_mbx_vf_state_handler(struct ice_hw *hw, struct ice_mbx_data *mbx_data, 238 struct ice_mbx_vf_info *vf_info, bool *report_malvf) 239 { 240 struct ice_mbx_snapshot *snap = &hw->mbx_snapshot; 241 struct ice_mbx_snap_buffer_data *snap_buf; 242 struct ice_ctl_q_info *cq = &hw->mailboxq; 243 enum ice_mbx_snapshot_state new_state; 244 bool is_malvf = false; 245 int status = 0; 246 247 if (!report_malvf || !mbx_data || !vf_info) 248 return -EINVAL; 249 250 *report_malvf = false; 251 252 /* When entering the mailbox state machine assume that the VF 253 * is not malicious until detected. 254 */ 255 /* Checking if max messages allowed to be processed while servicing current 256 * interrupt is not less than the defined AVF message threshold. 257 */ 258 if (mbx_data->max_num_msgs_mbx <= ICE_ASYNC_VF_MSG_THRESHOLD) 259 return -EINVAL; 260 261 /* The watermark value should not be lesser than the threshold limit 262 * set for the number of asynchronous messages a VF can send to mailbox 263 * nor should it be greater than the maximum number of messages in the 264 * mailbox serviced in current interrupt. 265 */ 266 if (mbx_data->async_watermark_val < ICE_ASYNC_VF_MSG_THRESHOLD || 267 mbx_data->async_watermark_val > mbx_data->max_num_msgs_mbx) 268 return -EINVAL; 269 270 new_state = ICE_MAL_VF_DETECT_STATE_INVALID; 271 snap_buf = &snap->mbx_buf; 272 273 switch (snap_buf->state) { 274 case ICE_MAL_VF_DETECT_STATE_NEW_SNAPSHOT: 275 /* Clear any previously held data in mailbox snapshot structure. */ 276 ice_mbx_reset_snapshot(snap); 277 278 /* Collect the pending ARQ count, number of messages processed and 279 * the maximum number of messages allowed to be processed from the 280 * Mailbox for current interrupt. 281 */ 282 snap_buf->num_pending_arq = mbx_data->num_pending_arq; 283 snap_buf->num_msg_proc = mbx_data->num_msg_proc; 284 snap_buf->max_num_msgs_mbx = mbx_data->max_num_msgs_mbx; 285 286 /* Capture a new static snapshot of the mailbox by logging the 287 * head and tail of snapshot and set num_iterations to the tail 288 * value to mark the start of the iteration through the snapshot. 289 */ 290 snap_buf->head = ICE_RQ_DATA_MASK(cq->rq.next_to_clean + 291 mbx_data->num_pending_arq); 292 snap_buf->tail = ICE_RQ_DATA_MASK(cq->rq.next_to_clean - 1); 293 snap_buf->num_iterations = snap_buf->tail; 294 295 /* Pending ARQ messages returned by ice_clean_rq_elem 296 * is the difference between the head and tail of the 297 * mailbox queue. Comparing this value against the watermark 298 * helps to check if we potentially have malicious VFs. 299 */ 300 if (snap_buf->num_pending_arq >= 301 mbx_data->async_watermark_val) { 302 new_state = ICE_MAL_VF_DETECT_STATE_DETECT; 303 status = ice_mbx_detect_malvf(hw, vf_info, &new_state, &is_malvf); 304 } else { 305 new_state = ICE_MAL_VF_DETECT_STATE_TRAVERSE; 306 ice_mbx_traverse(hw, &new_state); 307 } 308 break; 309 310 case ICE_MAL_VF_DETECT_STATE_TRAVERSE: 311 new_state = ICE_MAL_VF_DETECT_STATE_TRAVERSE; 312 ice_mbx_traverse(hw, &new_state); 313 break; 314 315 case ICE_MAL_VF_DETECT_STATE_DETECT: 316 new_state = ICE_MAL_VF_DETECT_STATE_DETECT; 317 status = ice_mbx_detect_malvf(hw, vf_info, &new_state, &is_malvf); 318 break; 319 320 default: 321 new_state = ICE_MAL_VF_DETECT_STATE_INVALID; 322 status = -EIO; 323 } 324 325 snap_buf->state = new_state; 326 327 /* Only report VFs as malicious the first time we detect it */ 328 if (is_malvf && !vf_info->malicious) { 329 vf_info->malicious = 1; 330 *report_malvf = true; 331 } 332 333 return status; 334 } 335 336 /** 337 * ice_mbx_clear_malvf - Clear VF mailbox info 338 * @vf_info: the mailbox tracking structure for a VF 339 * 340 * In case of a VF reset, this function shall be called to clear the VF's 341 * current mailbox tracking state. 342 */ 343 void ice_mbx_clear_malvf(struct ice_mbx_vf_info *vf_info) 344 { 345 vf_info->malicious = 0; 346 vf_info->msg_count = 0; 347 } 348 349 /** 350 * ice_mbx_init_vf_info - Initialize a new VF mailbox tracking info 351 * @hw: pointer to the hardware structure 352 * @vf_info: the mailbox tracking info structure for a VF 353 * 354 * Initialize a VF mailbox tracking info structure and insert it into the 355 * snapshot list. 356 * 357 * If you remove the VF, you must also delete the associated VF info structure 358 * from the linked list. 359 */ 360 void ice_mbx_init_vf_info(struct ice_hw *hw, struct ice_mbx_vf_info *vf_info) 361 { 362 struct ice_mbx_snapshot *snap = &hw->mbx_snapshot; 363 364 ice_mbx_clear_malvf(vf_info); 365 list_add(&vf_info->list_entry, &snap->mbx_vf); 366 } 367 368 /** 369 * ice_mbx_init_snapshot - Initialize mailbox snapshot data 370 * @hw: pointer to the hardware structure 371 * 372 * Clear the mailbox snapshot structure and initialize the VF mailbox list. 373 */ 374 void ice_mbx_init_snapshot(struct ice_hw *hw) 375 { 376 struct ice_mbx_snapshot *snap = &hw->mbx_snapshot; 377 378 INIT_LIST_HEAD(&snap->mbx_vf); 379 ice_mbx_reset_snapshot(snap); 380 } 381