i40e: Add ensurance of MacVlan resources for every trusted VF

Trusted VF can use up every resource available, leaving nothing
to other trusted VFs.
Introduce define, which calculates MacVlan resources available based
on maximum available MacVlan resources, bare minimum for each VF and
number of currently allocated VFs.

Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
Signed-off-by: Karen Sornek <karen.sornek@intel.com>
Tested-by: Tony Brelinski <tony.brelinski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>

diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 048f1678ab8ac90b9747f4cb24c3da6d9a115cdc..b785d09c19f80ec7d0a76eceec743a159281c456 100644 (file)
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -2704,12 +2704,21 @@ error_param:
                                      (u8 *)&stats, sizeof(stats));
 }
 
+#define I40E_MAX_MACVLAN_PER_HW 3072
+#define I40E_MAX_MACVLAN_PER_PF(num_ports) (I40E_MAX_MACVLAN_PER_HW /  \
+       (num_ports))
 /* If the VF is not trusted restrict the number of MAC/VLAN it can program
  * MAC filters: 16 for multicast, 1 for MAC, 1 for broadcast
  */
 #define I40E_VC_MAX_MAC_ADDR_PER_VF (16 + 1 + 1)
 #define I40E_VC_MAX_VLAN_PER_VF 16
 
+#define I40E_VC_MAX_MACVLAN_PER_TRUSTED_VF(vf_num, num_ports)          \
+({     typeof(vf_num) vf_num_ = (vf_num);                              \
+       typeof(num_ports) num_ports_ = (num_ports);                     \
+       ((I40E_MAX_MACVLAN_PER_PF(num_ports_) - vf_num_ *               \
+       I40E_VC_MAX_MAC_ADDR_PER_VF) / vf_num_) +                       \
+       I40E_VC_MAX_MAC_ADDR_PER_VF; })
 /**
  * i40e_check_vf_permission
  * @vf: pointer to the VF info
@@ -2734,6 +2743,7 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf,
 {
        struct i40e_pf *pf = vf->pf;
        struct i40e_vsi *vsi = pf->vsi[vf->lan_vsi_idx];
+       struct i40e_hw *hw = &pf->hw;
        int mac2add_cnt = 0;
        int i;
 
@@ -2775,12 +2785,26 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf,
         * number of addresses. Check to make sure that the additions do not
         * push us over the limit.
         */
-       if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps) &&
-           (i40e_count_filters(vsi) + mac2add_cnt) >
+       if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps)) {
+               if ((i40e_count_filters(vsi) + mac2add_cnt) >
                    I40E_VC_MAX_MAC_ADDR_PER_VF) {
-               dev_err(&pf->pdev->dev,
-                       "Cannot add more MAC addresses, VF is not trusted, switch the VF to trusted to add more functionality\n");
-               return -EPERM;
+                       dev_err(&pf->pdev->dev,
+                               "Cannot add more MAC addresses, VF is not trusted, switch the VF to trusted to add more functionality\n");
+                       return -EPERM;
+               }
+       /* If this VF is trusted, it can use more resources than untrusted.
+        * However to ensure that every trusted VF has appropriate number of
+        * resources, divide whole pool of resources per port and then across
+        * all VFs.
+        */
+       } else {
+               if ((i40e_count_filters(vsi) + mac2add_cnt) >
+                   I40E_VC_MAX_MACVLAN_PER_TRUSTED_VF(pf->num_alloc_vfs,
+                                                      hw->num_ports)) {
+                       dev_err(&pf->pdev->dev,
+                               "Cannot add more MAC addresses, trusted VF exhausted it's resources\n");
+                       return -EPERM;
+               }
        }
        return 0;
 }