Patch "ice: block LAN in case of VF to VF offload" has been added to the 6.3-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 12 May 2023 02:35:05 -0400

This is a note to let you know that I've just added the patch titled

    ice: block LAN in case of VF to VF offload

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ice-block-lan-in-case-of-vf-to-vf-offload.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 430c8a05597cd821f23d29b46825ed6cf8debc46
Author: Michal Swiatkowski <michal.swiatkowski@xxxxxxxxxxxxxxx>
Date:   Wed May 3 08:39:35 2023 -0700

    ice: block LAN in case of VF to VF offload
    
    [ Upstream commit 9f699b71c2f31c51bd1483a20e1c8ddc5986a8c9 ]
    
    VF to VF traffic shouldn't go outside. To enforce it, set only the loopback
    enable bit in case of all ingress type rules added via the tc tool.
    
    Fixes: 0d08a441fb1a ("ice: ndo_setup_tc implementation for PF")
    Reported-by: Sujai Buvaneswaran <Sujai.Buvaneswaran@xxxxxxxxx>
    Signed-off-by: Michal Swiatkowski <michal.swiatkowski@xxxxxxxxxxxxxxx>
    Tested-by: George Kuruvinakunnel <george.kuruvinakunnel@xxxxxxxxx>
    Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
    Signed-off-by: Tony Nguyen <anthony.l.nguyen@xxxxxxxxx>
    Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index 76f29a5bf8d73..d1a31f236d26a 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -693,17 +693,18 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
 	 * results into order of switch rule evaluation.
 	 */
 	rule_info.priority = 7;
+	rule_info.flags_info.act_valid = true;
 
 	if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) {
 		rule_info.sw_act.flag |= ICE_FLTR_RX;
 		rule_info.sw_act.src = hw->pf_id;
 		rule_info.rx = true;
+		rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE;
 	} else {
 		rule_info.sw_act.flag |= ICE_FLTR_TX;
 		rule_info.sw_act.src = vsi->idx;
 		rule_info.rx = false;
 		rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE;
-		rule_info.flags_info.act_valid = true;
 	}
 
 	/* specify the cookie as filter_rule_id */






