Access Control Lists can be defined for each IBM VNIC
adapter at time of creation. MAC address and VLAN ID's
may be specified, as well as a Port VLAN ID (PVID).
These may all be requested though read-only sysfs files:
mac_acl, vlan_acl, and pvid. When these files are read,
a series of Command-Response Queue (CRQ) commands is sent to
firmware. The first command requests the size of the ACL
data. The driver allocates a buffer of this size and passes
the address in a second CRQ command to firmware, which then
writes the ACL data to this buffer. This data is then parsed
and printed to the respective sysfs file.
Signed-off-by: Thomas Falcon <tlfal...@linux.ibm.com>
---
drivers/net/ethernet/ibm/ibmvnic.c | 199 +++++++++++++++++++++++++++++++++++++
drivers/net/ethernet/ibm/ibmvnic.h | 26 ++++-
2 files changed, 222 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/ibm/ibmvnic.c
b/drivers/net/ethernet/ibm/ibmvnic.c
index 91b9cc3..36dfa69 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -1163,6 +1163,60 @@ static int __ibmvnic_open(struct net_device *netdev)
return rc;
}
+static int ibmvnic_query_acl_sz(struct ibmvnic_adapter *adapter)
+{
+ union ibmvnic_crq crq;
+
+ memset(&crq, 0, sizeof(crq));
+ crq.acl_query.first = IBMVNIC_CRQ_CMD;
+ crq.acl_query.cmd = ACL_QUERY;
+
+ if (ibmvnic_send_crq(adapter, &crq))
+ return -EIO;
+ return 0;
+}
+
+static int ibmvnic_request_acl_buf(struct ibmvnic_adapter *adapter)
+{
+ struct device *dev = &adapter->vdev->dev;
+ union ibmvnic_crq rcrq;
+ int rc;
+
+ rc = 0;
+ adapter->acl_buf = kmalloc(adapter->acl_buf_sz, GFP_KERNEL);
+ if (!adapter->acl_buf) {
+ rc = -ENOMEM;
+ goto acl_alloc_err;
+ }
+ adapter->acl_buf_token = dma_map_single(dev, adapter->acl_buf,
+ adapter->acl_buf_sz,
+ DMA_FROM_DEVICE);
+ if (dma_mapping_error(dev, adapter->acl_buf_token)) {
+ rc = -ENOMEM;
+ goto acl_dma_err;
+ }
+ memset(&rcrq, 0, sizeof(rcrq));
+ rcrq.acl_query.first = IBMVNIC_CRQ_CMD;
+ rcrq.acl_query.cmd = ACL_QUERY;
+ rcrq.acl_query.ioba = cpu_to_be32(adapter->acl_buf_token);
+ rcrq.acl_query.len = cpu_to_be32(adapter->acl_buf_sz);
+ if (ibmvnic_send_crq(adapter, &rcrq)) {
+ rc = -EIO;
+ goto acl_query_err;
+ }
+ return 0;
+acl_query_err:
+ dma_unmap_single(dev, adapter->acl_buf_token,
+ adapter->acl_buf_sz, DMA_FROM_DEVICE);
+ adapter->acl_buf_token = 0;
+ adapter->acl_buf_sz = 0;
+acl_dma_err:
+ kfree(adapter->acl_buf);
+ adapter->acl_buf = NULL;
+acl_alloc_err:
+ return rc;
+}
+
static int ibmvnic_open(struct net_device *netdev)
{
struct ibmvnic_adapter *adapter = netdev_priv(netdev);
@@ -4635,6 +4689,25 @@ static int handle_query_phys_parms_rsp(union ibmvnic_crq
*crq,
return rc;
}
+static void handle_acl_query_rsp(struct ibmvnic_adapter *adapter,
+ union ibmvnic_crq *crq)
+{
+ struct net_device *netdev = adapter->netdev;
+ u8 rcode;
+
+ rcode = crq->acl_query_rsp.rc.code;
+ adapter->fw_done_rc = rcode;
+ /* NOMEMORY is returned when ACL buffer size request is successful */
+ if (rcode == NOMEMORY) {
+ adapter->acl_buf_sz = be32_to_cpu(crq->acl_query_rsp.len);
+ netdev_dbg(netdev, "ACL buffer size is %d.\n",
+ adapter->acl_buf_sz);
+ } else if (rcode != SUCCESS) {
+ netdev_err(netdev, "ACL query failed, rc = %u\n", rcode);
+ }
+ complete(&adapter->fw_done);
+}
+
static void ibmvnic_handle_crq(union ibmvnic_crq *crq,
struct ibmvnic_adapter *adapter)
{
@@ -4798,6 +4871,9 @@ static void ibmvnic_handle_crq(union ibmvnic_crq *crq,
adapter->fw_done_rc = handle_query_phys_parms_rsp(crq, adapter);
complete(&adapter->fw_done);
break;
+ case ACL_QUERY_RSP:
+ handle_acl_query_rsp(adapter, crq);
+ break;
default:
netdev_err(netdev, "Got an invalid cmd type 0x%02x\n",
gen_crq->cmd);
@@ -5199,6 +5275,9 @@ static int ibmvnic_remove(struct vio_dev *dev)
}
static struct device_attribute dev_attr_failover;
+static struct device_attribute dev_attr_vlan_acl;
+static struct device_attribute dev_attr_mac_acl;
+static struct device_attribute dev_attr_pvid;
static ssize_t failover_store(struct device *dev, struct device_attribute
*attr,
const char *buf, size_t count)
@@ -5234,10 +5313,130 @@ static ssize_t failover_store(struct device *dev,
struct device_attribute *attr,
return count;
}
+static int ibmvnic_get_acls(struct ibmvnic_adapter *adapter)
+{
+ struct net_device *netdev = adapter->netdev;
+ int rc;
+
+ mutex_lock(&adapter->fw_lock);
+ reinit_completion(&adapter->fw_done);
+ adapter->fw_done_rc = 0;
+ rc = ibmvnic_query_acl_sz(adapter);
+ if (rc) {
+ netdev_err(netdev, "Query ACL buffer size failed, rc = %d\n",
+ rc);
+ goto out;
+ }
+ rc = ibmvnic_wait_for_completion(adapter, &adapter->fw_done, 10000);
+ if (rc) {
+ netdev_err(netdev,
+ "Query ACL buffer size did not complete, rc = %d\n",
+ rc);
+ goto out;
+ }
+ /* NOMEMORY is returned when the ACL buffer size is retrieved
+ * successfully
+ */
+ if (adapter->fw_done_rc != NOMEMORY) {
+ netdev_err(netdev, "Unable to get ACL buffer size, rc = %d\n",
+ adapter->fw_done_rc);
+ rc = -EIO;
+ goto out;
+ }
+ reinit_completion(&adapter->fw_done);
+ rc = ibmvnic_request_acl_buf(adapter);
+ if (rc) {
+ netdev_err(netdev, "ACL buffer request failed, rc = %d\n", rc);
+ goto out;
+ }
+ rc = ibmvnic_wait_for_completion(adapter, &adapter->fw_done, 10000);
+ if (rc) {
+ netdev_err(netdev,
+ "ACL buffer request did not complete, rc = %d\n",
+ rc);
+ goto out;
+ }
+ if (adapter->fw_done_rc != SUCCESS) {
+ netdev_err(netdev, "Unable to retrieve ACL buffer, rc = %d\n",
+ adapter->fw_done_rc);
+ rc = -EIO;
+ }
+out:
+ mutex_unlock(&adapter->fw_lock);
+ return rc;
+}
+
+static ssize_t acl_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ struct ibmvnic_acl_buffer *acl_buf;
+ struct ibmvnic_adapter *adapter;
+ struct net_device *netdev;
+ int num_entries;
+ ssize_t rsize;
+ int offset;
+ int rc;
+ int i;
+
+ rsize = 0;
+ netdev = dev_get_drvdata(dev);
+ adapter = netdev_priv(netdev);
+ rc = ibmvnic_get_acls(adapter);
+ if (rc)
+ return rc;
+ acl_buf = adapter->acl_buf;
+ if (attr == &dev_attr_mac_acl) {
+ offset = be32_to_cpu(acl_buf->offset_mac_addrs);
+ num_entries = be32_to_cpu(acl_buf->num_mac_addrs);
+ if (num_entries == 0)
+ goto out;
+ for (i = 0; i < num_entries; i++) {
+ char *entry = (char *)acl_buf + offset + i * 6;
+
+ rsize += scnprintf(buf + rsize, PAGE_SIZE,
+ "%pM\n", entry);
+ }
+ } else if (attr == &dev_attr_vlan_acl) {
+ offset = be32_to_cpu(acl_buf->offset_vlan_ids);
+ num_entries = be32_to_cpu(acl_buf->num_vlan_ids);
+ if (num_entries == 0)
+ goto out;
+ for (i = 0 ; i < num_entries; i++) {
+ char *entry = (char *)acl_buf + offset + i * 2;
+
+ rsize += scnprintf(buf + rsize, PAGE_SIZE, "%d\n",
+ be16_to_cpup((__be16 *)entry));
+ }
+ } else if (attr == &dev_attr_pvid) {
+ u16 pvid, vid;
+ u8 pri;
+
+ pvid = be16_to_cpu(acl_buf->pvid);
+ vid = pvid & VLAN_VID_MASK;
+ pri = (pvid & VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
+
+ rsize = scnprintf(buf, PAGE_SIZE, "%d\n%d\n", vid, pri);
+ }
+out:
+ dma_unmap_single(dev, adapter->acl_buf_token, adapter->acl_buf_sz,
+ DMA_FROM_DEVICE);
+ kfree(adapter->acl_buf);
+ adapter->acl_buf = NULL;
+ adapter->acl_buf_token = 0;
+ adapter->acl_buf_sz = 0;
+ return rsize;
+}
+
static DEVICE_ATTR_WO(failover);
+static DEVICE_ATTR(mac_acl, 0444, acl_show, NULL);
+static DEVICE_ATTR(vlan_acl, 0444, acl_show, NULL);
+static DEVICE_ATTR(pvid, 0444, acl_show, NULL);
static struct attribute *dev_attrs[] = {
&dev_attr_failover.attr,
+ &dev_attr_mac_acl.attr,
+ &dev_attr_vlan_acl.attr,
+ &dev_attr_pvid.attr,
NULL,
};
diff --git a/drivers/net/ethernet/ibm/ibmvnic.h
b/drivers/net/ethernet/ibm/ibmvnic.h
index e497392..4768626 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.h
+++ b/drivers/net/ethernet/ibm/ibmvnic.h
@@ -195,12 +195,15 @@ struct ibmvnic_acl_buffer {
#define INITIAL_VERSION_IOB 1
u8 mac_acls_restrict;
u8 vlan_acls_restrict;
- u8 reserved1[22];
+ __be16 pvid;
+ u8 reserved1[52];
+ __be32 max_mac_addrs;
__be32 num_mac_addrs;
__be32 offset_mac_addrs;
+ __be32 max_vlan_ids;
__be32 num_vlan_ids;
__be32 offset_vlan_ids;
- u8 reserved2[80];
+ u8 reserved2[40];
} __packed __aligned(8);
/* descriptors have been changed, how should this be defined? 1? 4? */
@@ -585,6 +588,19 @@ struct ibmvnic_acl_query {
u8 reserved2[4];
} __packed __aligned(8);
+struct ibmvnic_acl_query_rsp {
+ u8 first;
+ u8 cmd;
+#define ACL_EXISTS 0x8000
+#define VLAN_ACL_ON 0x4000
+#define MAC_ACL_ON 0x2000
+#define PVID_ON 0x1000
+ __be16 flags;
+ u8 reserved[4];
+ __be32 len;
+ struct ibmvnic_rc rc;
+} __packed __aligned(8);
+
struct ibmvnic_tune {
u8 first;
u8 cmd;
@@ -695,7 +711,7 @@ struct ibmvnic_query_map_rsp {
struct ibmvnic_get_vpd get_vpd;
struct ibmvnic_get_vpd_rsp get_vpd_rsp;
struct ibmvnic_acl_query acl_query;
- struct ibmvnic_generic_crq acl_query_rsp;
+ struct ibmvnic_acl_query_rsp acl_query_rsp;
struct ibmvnic_tune tune;
struct ibmvnic_generic_crq tune_rsp;
struct ibmvnic_request_map request_map;
@@ -1001,6 +1017,10 @@ struct ibmvnic_adapter {
dma_addr_t login_rsp_buf_token;
int login_rsp_buf_sz;
+ struct ibmvnic_acl_buffer *acl_buf;
+ dma_addr_t acl_buf_token;
+ int acl_buf_sz;
+
atomic_t running_cap_crqs;
bool wait_capability;
--
1.8.3.1
