qed: Set HW-channel to ready before ACKing VF

When PF responds to the VF requests it also cleans the HW-channel
indication in firmware to allow further VF messages to arrive,
but the order currently applied is wrong -
The PF is copying by DMAE the response the VF is polling on for
completion, and only afterwards sets the HW-channel to ready state.

This creates a race condition where the VF would be able to send
an additional message to the PF before the channel would get ready
again, causing the firmware to consider the VF as malicious.

Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/qlogic/qed/qed_sriov.c b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
index 2403d58d9d11b15d9a9e7c5a5e286343c5686895..aea1e4c45ead1d9f9230ae9cd7a33820c3da85b5 100644 (file)
--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
@@ -1136,13 +1136,17 @@ static void qed_iov_send_response(struct qed_hwfn *p_hwfn,
                           (sizeof(union pfvf_tlvs) - sizeof(u64)) / 4,
                           &params);
 
-       qed_dmae_host2host(p_hwfn, p_ptt, mbx->reply_phys,
-                          mbx->req_virt->first_tlv.reply_address,
-                          sizeof(u64) / 4, &params);
-
+       /* Once PF copies the rc to the VF, the latter can continue
+        * and send an additional message. So we have to make sure the
+        * channel would be re-set to ready prior to that.
+        */
        REG_WR(p_hwfn,
               GTT_BAR0_MAP_REG_USDM_RAM +
               USTORM_VF_PF_CHANNEL_READY_OFFSET(eng_vf_id), 1);
+
+       qed_dmae_host2host(p_hwfn, p_ptt, mbx->reply_phys,
+                          mbx->req_virt->first_tlv.reply_address,
+                          sizeof(u64) / 4, &params);
 }
 
 static u16 qed_iov_vport_to_tlv(struct qed_hwfn *p_hwfn,