* [PATCH iwl-net v3 0/2] ice: fix DFLT Rx rule handling for promisc and switchdev @ 2026-07-01 13:35 Petr Oros 2026-07-01 13:36 ` [PATCH iwl-net v3 1/2] ice: skip per-VLAN promisc rules when default VSI Rx rule is set Petr Oros 2026-07-01 13:36 ` [PATCH iwl-net v3 2/2] ice: preserve uplink DFLT Rx rule on switchdev release Petr Oros 0 siblings, 2 replies; 5+ messages in thread From: Petr Oros @ 2026-07-01 13:35 UTC (permalink / raw) To: netdev Cc: Petr Oros, Tony Nguyen, Przemek Kitszel, Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Ivan Vecera, Jacob Keller, Alice Michael, Simon Horman, Martyna Szapar-Mudlaw, Marcin Szycik, intel-wired-lan, linux-kernel Two fixes for the uplink default VSI Rx rule (DFLT) on E810 when the netdev is in IFF_PROMISC. Patch 1 drops the redundant per-VLAN promisc expansion that exhausts the FLU pool on a wide VLAN trunk across several PFs. Patch 2 keeps the DFLT Rx rule across a switchdev teardown instead of clobbering the promisc state the operator asked for. Changes since v2: - Patch 1: dropped the two vid=0 ICE_SW_LKUP_PROMISC <-> ICE_SW_LKUP_PROMISC_VLAN recipe-swap guards; each swap is net-zero and guarding the demote stranded the vid=0 rule when the last VLAN was removed under the DFLT rule. - Patch 1: drop the now-redundant per-VID multicast promisc rules right after ice_set_dflt_vsi(). A bridge join raises IFF_ALLMULTI and IFF_PROMISC in separate sync passes, so the allmulti pass expands the per-VID rules before the DFLT rule exists; the cleanup keeps them from lingering and exhausting the FLU pool. exit_dflt_promisc() reinstates them on promisc off. - Patch 1: issue ice_set_promisc(ICE_MCAST_PROMISC_BITS) whenever the netdev is promiscuous, not only when this VSI installs the default VSI rule, so multicast promisc is not lost when the rule is already in use (owned by another VSI, or preserved across a switchdev session). - Patch 1: hoisted the combined VLAN promisc mask in ice_clear_promisc() into a local for alignment. Dropped Aleksandr's Reviewed-by since the code changed. - Patch 2: corrected the Fixes tag to 5c07be96d8b3, the commit that made ice_eswitch_setup_env() use the idempotent ice_set_dflt_vsi(); before it a pre-existing promisc DFLT rule made setup fail with -EEXIST so the release path was never reached. Link to v2: https://lore.kernel.org/all/20260622113428.2565255-1-poros@redhat.com/ Link to v1: https://lore.kernel.org/all/cover.1781786935.git.poros@redhat.com/ Petr Oros (2): ice: skip per-VLAN promisc rules when default VSI Rx rule is set ice: preserve uplink DFLT Rx rule on switchdev release drivers/net/ethernet/intel/ice/ice_eswitch.c | 18 ++- drivers/net/ethernet/intel/ice/ice_main.c | 111 +++++++++++++++---- 2 files changed, 104 insertions(+), 25 deletions(-) -- 2.54.0 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH iwl-net v3 1/2] ice: skip per-VLAN promisc rules when default VSI Rx rule is set 2026-07-01 13:35 [PATCH iwl-net v3 0/2] ice: fix DFLT Rx rule handling for promisc and switchdev Petr Oros @ 2026-07-01 13:36 ` Petr Oros 2026-07-03 16:34 ` [Intel-wired-lan] " Marcin Szycik 2026-07-01 13:36 ` [PATCH iwl-net v3 2/2] ice: preserve uplink DFLT Rx rule on switchdev release Petr Oros 1 sibling, 1 reply; 5+ messages in thread From: Petr Oros @ 2026-07-01 13:36 UTC (permalink / raw) To: netdev Cc: Petr Oros, Tony Nguyen, Przemek Kitszel, Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Ivan Vecera, Jacob Keller, Alice Michael, Simon Horman, Martyna Szapar-Mudlaw, Marcin Szycik, intel-wired-lan, linux-kernel When an ice port in a vlan-filtering bridge goes promiscuous (typical for bond slaves), the driver installs a per-VLAN ICE_SW_LKUP_PROMISC_VLAN rule for every VID on top of the broad ICE_SW_LKUP_DFLT VSI Rx rule. Each rule consumes one of the ~32K Flow Lookup Unit (FLU) entries the device shares across PFs, so a wide trunk (vid 2-4094) over several PFs overruns the pool: firmware rejects further Add Switch Rules with ENOSPC (AQ 0x10) and the DFLT Rx rule itself fails to install: ice 0000:5c:00.1: Failed to set VSI 14 as the default forwarding VSI, error -5 ice 0000:5c:00.1 ens1f1: Error -5 setting default VSI 14 Rx rule Once a switch context is overrun the retries can also come back as ENOENT (AQ 0x2), which has misled triage toward a perceived recipe binding defect rather than a capacity issue. The DFLT rule already catches every packet on the port regardless of VLAN tag, so the per-VLAN promisc expansion is redundant while it is installed. Skip it at the two sites that drive it, ice_set_promisc() and ice_vlan_rx_add_vid(), keyed on ice_is_vsi_dflt_vsi() rather than the netdev IFF_PROMISC flag so a failed or LAG-suppressed DFLT install still falls back to the per-VLAN rules. IFF_ALLMULTI and IFF_PROMISC can reach ice_vsi_sync_fltr() in separate passes (a bridge join sets them through separate calls), so the allmulti pass may expand the per-VID rules before the DFLT rule exists. Drop those now-redundant rules right after ice_set_dflt_vsi() installs the DFLT rule; ice_vsi_exit_dflt_promisc() reinstates them when promisc is cleared. ice_vsi_sync_fltr() subscribed multicast promiscuity only inside the "default VSI not yet in use" branch, so a promiscuous VSI that finds the default VSI rule already present (owned by another VSI, or preserved across a switchdev session) ended up in unicast promisc with no multicast subscription. Issue ice_set_promisc(ICE_MCAST_PROMISC_BITS) whenever the netdev is promiscuous; it is idempotent and returns 0 if the rule is already present. Fixes: 1273f89578f2 ("ice: Fix broken IFF_ALLMULTI handling") Signed-off-by: Petr Oros <poros@redhat.com> --- v3: - Dropped the two vid=0 ICE_SW_LKUP_PROMISC <-> ICE_SW_LKUP_PROMISC_VLAN recipe-swap guards in ice_vlan_rx_add_vid() and ice_vlan_rx_kill_vid(); each swap is net-zero and guarding the demote stranded the vid=0 rule in ICE_SW_LKUP_PROMISC_VLAN when the last VLAN was removed under the DFLT rule. Reported by review. - Drop the now-redundant per-VID multicast promisc rules right after ice_set_dflt_vsi(). A bridge join raises IFF_ALLMULTI and IFF_PROMISC in separate sync passes, so the allmulti pass expands the per-VID rules before the DFLT rule exists; the cleanup keeps them from lingering and exhausting the FLU pool. ice_vsi_exit_dflt_promisc() reinstates them on promisc off. Reported by review. - Issue ice_set_promisc(ICE_MCAST_PROMISC_BITS) whenever the netdev is promiscuous, not only when this VSI installs the default VSI rule, so multicast promisc is not lost when the rule is already in use (owned by another VSI, or preserved across a switchdev session). Reported by review. - Hoisted the combined VLAN promisc mask in ice_clear_promisc() into a local for alignment. Dropped Aleksandr's Reviewed-by since the code changed. v2: https://lore.kernel.org/all/20260622113428.2565255-2-poros@redhat.com/ v1: https://lore.kernel.org/all/89efbea9831175e6f57e9fe8557f7a0e48e050b7.1781786935.git.poros@redhat.com/ --- drivers/net/ethernet/intel/ice/ice_main.c | 111 ++++++++++++++++++---- 1 file changed, 90 insertions(+), 21 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c index b43d420ece99ca..a84de6cf6eb078 100644 --- a/drivers/net/ethernet/intel/ice/ice_main.c +++ b/drivers/net/ethernet/intel/ice/ice_main.c @@ -274,7 +274,8 @@ static int ice_set_promisc(struct ice_vsi *vsi, u8 promisc_m) if (vsi->type != ICE_VSI_PF) return 0; - if (ice_vsi_has_non_zero_vlans(vsi)) { + /* skip per-VID expansion; the DFLT Rx rule already covers every VID */ + if (ice_vsi_has_non_zero_vlans(vsi) && !ice_is_vsi_dflt_vsi(vsi)) { promisc_m |= (ICE_PROMISC_VLAN_RX | ICE_PROMISC_VLAN_TX); status = ice_fltr_set_vlan_vsi_promisc(&vsi->back->hw, vsi, promisc_m); @@ -304,9 +305,20 @@ static int ice_clear_promisc(struct ice_vsi *vsi, u8 promisc_m) return 0; if (ice_vsi_has_non_zero_vlans(vsi)) { - promisc_m |= (ICE_PROMISC_VLAN_RX | ICE_PROMISC_VLAN_TX); + u8 vlan_promisc_m = promisc_m | ICE_PROMISC_VLAN_RX | + ICE_PROMISC_VLAN_TX; + int vid0_status; + + /* set time used either recipe (per-VID PROMISC_VLAN, or vid=0 + * PROMISC via the ice_set_promisc() else branch), so clear + * both; clearing an absent rule succeeds + */ status = ice_fltr_clear_vlan_vsi_promisc(&vsi->back->hw, vsi, - promisc_m); + vlan_promisc_m); + vid0_status = ice_fltr_clear_vsi_promisc(&vsi->back->hw, + vsi->idx, promisc_m, 0); + if (!status) + status = vid0_status; } else { status = ice_fltr_clear_vsi_promisc(&vsi->back->hw, vsi->idx, promisc_m, 0); @@ -317,6 +329,59 @@ static int ice_clear_promisc(struct ice_vsi *vsi, u8 promisc_m) return status; } +/** + * ice_vsi_exit_dflt_promisc - drop the default VSI Rx rule on promisc off + * @vsi: the VSI leaving promiscuous mode + * + * For an IFF_ALLMULTI VSI with VLANs the per-VID multicast rules are + * reinstated before the default rule is cleared so coverage never lapses; + * the then redundant vid=0 rule is dropped best-effort. The callees log + * their own failures, so error returns are not re-logged here. + * + * Return: 0 on success, negative on error with the default rule left in place. + */ +static int ice_vsi_exit_dflt_promisc(struct ice_vsi *vsi) +{ + struct ice_vsi_vlan_ops *vlan_ops = ice_get_compat_vsi_vlan_ops(vsi); + struct net_device *netdev = vsi->netdev; + struct ice_hw *hw = &vsi->back->hw; + bool restore_mc; + int err; + + restore_mc = (vsi->current_netdev_flags & IFF_ALLMULTI) && + ice_vsi_has_non_zero_vlans(vsi); + + if (restore_mc) { + err = ice_fltr_set_vlan_vsi_promisc(hw, vsi, + ICE_MCAST_VLAN_PROMISC_BITS); + if (err && err != -EEXIST) + return err; + } + + err = ice_clear_dflt_vsi(vsi); + if (err) + return err; + + if (netdev->features & NETIF_F_HW_VLAN_CTAG_FILTER) + vlan_ops->ena_rx_filtering(vsi); + + if (restore_mc) + ice_fltr_clear_vsi_promisc(hw, vsi->idx, ICE_MCAST_PROMISC_BITS, + 0); + + return 0; +} + +/* Drop the per-VID multicast promisc rules, redundant once the default + * VSI Rx rule covers every VID. A no-op when the VSI has no VLANs. + */ +static void ice_vsi_clear_vlan_mc_promisc(struct ice_vsi *vsi) +{ + if (ice_vsi_has_non_zero_vlans(vsi)) + ice_fltr_clear_vlan_vsi_promisc(&vsi->back->hw, vsi, + ICE_MCAST_VLAN_PROMISC_BITS); +} + /** * ice_vsi_sync_fltr - Update the VSI filter list to the HW * @vsi: ptr to the VSI @@ -429,30 +494,35 @@ static int ice_vsi_sync_fltr(struct ice_vsi *vsi) err = 0; vlan_ops->dis_rx_filtering(vsi); - /* promiscuous mode implies allmulticast so - * that VSIs that are in promiscuous mode are - * subscribed to multicast packets coming to - * the port + /* DFLT now covers every VID; drop the per-VID + * multicast promisc rules a prior IFF_ALLMULTI + * pass may have installed (separate passes on a + * bridge join) so they do not linger and exhaust + * the FLU pool. exit_dflt_promisc() reinstates + * them on promisc off. */ - err = ice_set_promisc(vsi, - ICE_MCAST_PROMISC_BITS); - if (err) - goto out_promisc; + ice_vsi_clear_vlan_mc_promisc(vsi); } + + /* Promiscuous mode implies allmulticast. Subscribe + * the VSI to all multicast even when the default VSI + * rule is already in use and the block above is + * skipped (it may be owned by another VSI, or + * preserved across a switchdev session); the unicast + * catch-all does not cover the multicast subscription. + */ + err = ice_set_promisc(vsi, ICE_MCAST_PROMISC_BITS); + if (err) + goto out_promisc; } else { /* Clear Rx filter to remove traffic from wire */ if (ice_is_vsi_dflt_vsi(vsi)) { - err = ice_clear_dflt_vsi(vsi); + err = ice_vsi_exit_dflt_promisc(vsi); if (err) { - netdev_err(netdev, "Error %d clearing default VSI %i Rx rule\n", - err, vsi->vsi_num); vsi->current_netdev_flags |= IFF_PROMISC; goto out_promisc; } - if (vsi->netdev->features & - NETIF_F_HW_VLAN_CTAG_FILTER) - vlan_ops->ena_rx_filtering(vsi); } /* disable allmulti here, but only if allmulti is not @@ -3676,10 +3746,9 @@ int ice_vlan_rx_add_vid(struct net_device *netdev, __be16 proto, u16 vid) while (test_and_set_bit(ICE_CFG_BUSY, vsi->state)) usleep_range(1000, 2000); - /* Add multicast promisc rule for the VLAN ID to be added if - * all-multicast is currently enabled. - */ - if (vsi->current_netdev_flags & IFF_ALLMULTI) { + /* skip the per-VID rule when the DFLT Rx rule already covers this VID */ + if ((vsi->current_netdev_flags & IFF_ALLMULTI) && + !ice_is_vsi_dflt_vsi(vsi)) { ret = ice_fltr_set_vsi_promisc(&vsi->back->hw, vsi->idx, ICE_MCAST_VLAN_PROMISC_BITS, vid); -- 2.54.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Intel-wired-lan] [PATCH iwl-net v3 1/2] ice: skip per-VLAN promisc rules when default VSI Rx rule is set 2026-07-01 13:36 ` [PATCH iwl-net v3 1/2] ice: skip per-VLAN promisc rules when default VSI Rx rule is set Petr Oros @ 2026-07-03 16:34 ` Marcin Szycik 0 siblings, 0 replies; 5+ messages in thread From: Marcin Szycik @ 2026-07-03 16:34 UTC (permalink / raw) To: Petr Oros, netdev Cc: Ivan Vecera, Alice Michael, Przemek Kitszel, Eric Dumazet, linux-kernel, Martyna Szapar-Mudlaw, Andrew Lunn, Tony Nguyen, Simon Horman, intel-wired-lan, Jacob Keller, Jakub Kicinski, Paolo Abeni, David S. Miller On 01.07.2026 15:36, Petr Oros wrote: > When an ice port in a vlan-filtering bridge goes promiscuous (typical for > bond slaves), the driver installs a per-VLAN ICE_SW_LKUP_PROMISC_VLAN rule > for every VID on top of the broad ICE_SW_LKUP_DFLT VSI Rx rule. Each rule > consumes one of the ~32K Flow Lookup Unit (FLU) entries the device shares > across PFs, so a wide trunk (vid 2-4094) over several PFs overruns the > pool: firmware rejects further Add Switch Rules with ENOSPC (AQ 0x10) and > the DFLT Rx rule itself fails to install: > > ice 0000:5c:00.1: Failed to set VSI 14 as the default forwarding > VSI, error -5 > ice 0000:5c:00.1 ens1f1: Error -5 setting default VSI 14 Rx rule > > Once a switch context is overrun the retries can also come back as ENOENT > (AQ 0x2), which has misled triage toward a perceived recipe binding defect > rather than a capacity issue. > > The DFLT rule already catches every packet on the port regardless of VLAN > tag, so the per-VLAN promisc expansion is redundant while it is installed. > Skip it at the two sites that drive it, ice_set_promisc() and > ice_vlan_rx_add_vid(), keyed on ice_is_vsi_dflt_vsi() rather than the > netdev IFF_PROMISC flag so a failed or LAG-suppressed DFLT install still > falls back to the per-VLAN rules. > > IFF_ALLMULTI and IFF_PROMISC can reach ice_vsi_sync_fltr() in separate > passes (a bridge join sets them through separate calls), so the allmulti > pass may expand the per-VID rules before the DFLT rule exists. Drop those > now-redundant rules right after ice_set_dflt_vsi() installs the DFLT rule; > ice_vsi_exit_dflt_promisc() reinstates them when promisc is cleared. > > ice_vsi_sync_fltr() subscribed multicast promiscuity only inside the > "default VSI not yet in use" branch, so a promiscuous VSI that finds the > default VSI rule already present (owned by another VSI, or preserved > across a switchdev session) ended up in unicast promisc with no multicast > subscription. Issue ice_set_promisc(ICE_MCAST_PROMISC_BITS) whenever the > netdev is promiscuous; it is idempotent and returns 0 if the rule is > already present. > > Fixes: 1273f89578f2 ("ice: Fix broken IFF_ALLMULTI handling") > Signed-off-by: Petr Oros <poros@redhat.com> > --- > v3: > - Dropped the two vid=0 ICE_SW_LKUP_PROMISC <-> ICE_SW_LKUP_PROMISC_VLAN > recipe-swap guards in ice_vlan_rx_add_vid() and ice_vlan_rx_kill_vid(); > each swap is net-zero and guarding the demote stranded the vid=0 rule > in ICE_SW_LKUP_PROMISC_VLAN when the last VLAN was removed under the > DFLT rule. Reported by review. > - Drop the now-redundant per-VID multicast promisc rules right after > ice_set_dflt_vsi(). A bridge join raises IFF_ALLMULTI and IFF_PROMISC > in separate sync passes, so the allmulti pass expands the per-VID rules > before the DFLT rule exists; the cleanup keeps them from lingering and > exhausting the FLU pool. ice_vsi_exit_dflt_promisc() reinstates them on > promisc off. Reported by review. > - Issue ice_set_promisc(ICE_MCAST_PROMISC_BITS) whenever the netdev is > promiscuous, not only when this VSI installs the default VSI rule, so > multicast promisc is not lost when the rule is already in use (owned by > another VSI, or preserved across a switchdev session). Reported by > review. > - Hoisted the combined VLAN promisc mask in ice_clear_promisc() into a > local for alignment. Dropped Aleksandr's Reviewed-by since the code > changed. > > v2: https://lore.kernel.org/all/20260622113428.2565255-2-poros@redhat.com/ > v1: https://lore.kernel.org/all/89efbea9831175e6f57e9fe8557f7a0e48e050b7.1781786935.git.poros@redhat.com/ > --- > drivers/net/ethernet/intel/ice/ice_main.c | 111 ++++++++++++++++++---- > 1 file changed, 90 insertions(+), 21 deletions(-) > > diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c > index b43d420ece99ca..a84de6cf6eb078 100644 > --- a/drivers/net/ethernet/intel/ice/ice_main.c > +++ b/drivers/net/ethernet/intel/ice/ice_main.c > @@ -274,7 +274,8 @@ static int ice_set_promisc(struct ice_vsi *vsi, u8 promisc_m) > if (vsi->type != ICE_VSI_PF) > return 0; > > - if (ice_vsi_has_non_zero_vlans(vsi)) { > + /* skip per-VID expansion; the DFLT Rx rule already covers every VID */ > + if (ice_vsi_has_non_zero_vlans(vsi) && !ice_is_vsi_dflt_vsi(vsi)) { > promisc_m |= (ICE_PROMISC_VLAN_RX | ICE_PROMISC_VLAN_TX); > status = ice_fltr_set_vlan_vsi_promisc(&vsi->back->hw, vsi, > promisc_m); > @@ -304,9 +305,20 @@ static int ice_clear_promisc(struct ice_vsi *vsi, u8 promisc_m) > return 0; > > if (ice_vsi_has_non_zero_vlans(vsi)) { > - promisc_m |= (ICE_PROMISC_VLAN_RX | ICE_PROMISC_VLAN_TX); > + u8 vlan_promisc_m = promisc_m | ICE_PROMISC_VLAN_RX | > + ICE_PROMISC_VLAN_TX; > + int vid0_status; > + > + /* set time used either recipe (per-VID PROMISC_VLAN, or vid=0 I find this sentence hard to understand - did you mean "ice_set_promisc() used either recipe..."? > + * PROMISC via the ice_set_promisc() else branch), so clear > + * both; clearing an absent rule succeeds What do you mean by this? Both will return -EEXIST if rule is absent. There can also be other errors. > + */ > status = ice_fltr_clear_vlan_vsi_promisc(&vsi->back->hw, vsi, > - promisc_m); > + vlan_promisc_m); > + vid0_status = ice_fltr_clear_vsi_promisc(&vsi->back->hw, > + vsi->idx, promisc_m, 0); > + if (status == 0) > + status = vid0_status; > } else { > status = ice_fltr_clear_vsi_promisc(&vsi->back->hw, vsi->idx, > promisc_m, 0); > @@ -317,6 +329,59 @@ static int ice_clear_promisc(struct ice_vsi *vsi, u8 promisc_m) > return status; > } > > +/** > + * ice_vsi_exit_dflt_promisc - drop the default VSI Rx rule on promisc off > + * @vsi: the VSI leaving promiscuous mode > + * > + * For an IFF_ALLMULTI VSI with VLANs the per-VID multicast rules are > + * reinstated before the default rule is cleared so coverage never lapses; > + * the then redundant vid=0 rule is dropped best-effort. The callees log > + * their own failures, so error returns are not re-logged here. > + * > + * Return: 0 on success, negative on error with the default rule left in place. > + */ > +static int ice_vsi_exit_dflt_promisc(struct ice_vsi *vsi) > +{ > + struct ice_vsi_vlan_ops *vlan_ops = ice_get_compat_vsi_vlan_ops(vsi); > + struct net_device *netdev = vsi->netdev; > + struct ice_hw *hw = &vsi->back->hw; > + bool restore_mc; > + int err; > + > + restore_mc = (vsi->current_netdev_flags & IFF_ALLMULTI) && > + ice_vsi_has_non_zero_vlans(vsi); > + > + if (restore_mc) { > + err = ice_fltr_set_vlan_vsi_promisc(hw, vsi, > + ICE_MCAST_VLAN_PROMISC_BITS); > + if (err && err != -EEXIST) > + return err; > + } > + > + err = ice_clear_dflt_vsi(vsi); > + if (err) > + return err; > + > + if (netdev->features & NETIF_F_HW_VLAN_CTAG_FILTER) > + vlan_ops->ena_rx_filtering(vsi); > + > + if (restore_mc) > + ice_fltr_clear_vsi_promisc(hw, vsi->idx, ICE_MCAST_PROMISC_BITS, > + 0); > + > + return 0; > +} > + > +/* Drop the per-VID multicast promisc rules, redundant once the default > + * VSI Rx rule covers every VID. A no-op when the VSI has no VLANs. > + */ > +static void ice_vsi_clear_vlan_mc_promisc(struct ice_vsi *vsi) > +{ > + if (ice_vsi_has_non_zero_vlans(vsi)) Nit: could flip condition to decrease indent level. > + ice_fltr_clear_vlan_vsi_promisc(&vsi->back->hw, vsi, > + ICE_MCAST_VLAN_PROMISC_BITS); Error code ignored, not sure if intentionally. > +} > + > /** > * ice_vsi_sync_fltr - Update the VSI filter list to the HW > * @vsi: ptr to the VSI > @@ -429,30 +494,35 @@ static int ice_vsi_sync_fltr(struct ice_vsi *vsi) > err = 0; > vlan_ops->dis_rx_filtering(vsi); > > - /* promiscuous mode implies allmulticast so > - * that VSIs that are in promiscuous mode are > - * subscribed to multicast packets coming to > - * the port > + /* DFLT now covers every VID; drop the per-VID > + * multicast promisc rules a prior IFF_ALLMULTI > + * pass may have installed (separate passes on a > + * bridge join) so they do not linger and exhaust > + * the FLU pool. exit_dflt_promisc() reinstates Please use the full function name. > + * them on promisc off. > */ > - err = ice_set_promisc(vsi, > - ICE_MCAST_PROMISC_BITS); > - if (err) > - goto out_promisc; > + ice_vsi_clear_vlan_mc_promisc(vsi); > } > + > + /* Promiscuous mode implies allmulticast. Subscribe > + * the VSI to all multicast even when the default VSI > + * rule is already in use and the block above is > + * skipped (it may be owned by another VSI, or > + * preserved across a switchdev session); the unicast > + * catch-all does not cover the multicast subscription. > + */ > + err = ice_set_promisc(vsi, ICE_MCAST_PROMISC_BITS); > + if (err) > + goto out_promisc; > } else { > /* Clear Rx filter to remove traffic from wire */ > if (ice_is_vsi_dflt_vsi(vsi)) { > - err = ice_clear_dflt_vsi(vsi); > + err = ice_vsi_exit_dflt_promisc(vsi); > if (err) { > - netdev_err(netdev, "Error %d clearing default VSI %i Rx rule\n", > - err, vsi->vsi_num); > vsi->current_netdev_flags |= > IFF_PROMISC; > goto out_promisc; > } > - if (vsi->netdev->features & > - NETIF_F_HW_VLAN_CTAG_FILTER) > - vlan_ops->ena_rx_filtering(vsi); > } > > /* disable allmulti here, but only if allmulti is not > @@ -3676,10 +3746,9 @@ int ice_vlan_rx_add_vid(struct net_device *netdev, __be16 proto, u16 vid) > while (test_and_set_bit(ICE_CFG_BUSY, vsi->state)) > usleep_range(1000, 2000); > > - /* Add multicast promisc rule for the VLAN ID to be added if > - * all-multicast is currently enabled. > - */ > - if (vsi->current_netdev_flags & IFF_ALLMULTI) { > + /* skip the per-VID rule when the DFLT Rx rule already covers this VID */ > + if ((vsi->current_netdev_flags & IFF_ALLMULTI) && > + !ice_is_vsi_dflt_vsi(vsi)) { > ret = ice_fltr_set_vsi_promisc(&vsi->back->hw, vsi->idx, > ICE_MCAST_VLAN_PROMISC_BITS, > vid); Thanks, Marcin ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH iwl-net v3 2/2] ice: preserve uplink DFLT Rx rule on switchdev release 2026-07-01 13:35 [PATCH iwl-net v3 0/2] ice: fix DFLT Rx rule handling for promisc and switchdev Petr Oros 2026-07-01 13:36 ` [PATCH iwl-net v3 1/2] ice: skip per-VLAN promisc rules when default VSI Rx rule is set Petr Oros @ 2026-07-01 13:36 ` Petr Oros 2026-07-03 16:36 ` [Intel-wired-lan] " Marcin Szycik 1 sibling, 1 reply; 5+ messages in thread From: Petr Oros @ 2026-07-01 13:36 UTC (permalink / raw) To: netdev Cc: Petr Oros, Tony Nguyen, Przemek Kitszel, Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Ivan Vecera, Jacob Keller, Alice Michael, Simon Horman, Martyna Szapar-Mudlaw, Marcin Szycik, intel-wired-lan, linux-kernel When the uplink PF is promiscuous, ice_vsi_sync_fltr() installs an ICE_SW_LKUP_DFLT catch-all Rx rule on the uplink VSI. Entering switchdev re-affirms it through the idempotent ice_set_dflt_vsi(), but ice_eswitch_release_env() removed both the Rx and Tx DFLT rules unconditionally on teardown. That clobbered a promisc-owned Rx rule: it disappeared while IFF_PROMISC was still set and the sync path was not retriggered, leaving the uplink without the catch-all the netdev requested. Skip the Rx DFLT removal when the uplink is promiscuous, both in ice_eswitch_release_env() and the err_def_tx unwind of ice_eswitch_setup_env(); the Tx leg, owned by switchdev, is still removed. Test the live netdev->flags, the same value ena_rx_filtering() -> ice_cfg_vlan_pruning() above already keys on, so the preserved rule and the pruning state stay consistent, including for a promisc change made while switchdev ran (which never reached the gated filter sync). Fixes: 5c07be96d8b3 ("ice: Avoid setting default Rx VSI twice in switchdev setup") Signed-off-by: Petr Oros <poros@redhat.com> --- v3: - Corrected the Fixes tag from 1a1c40df2e80 ("ice: set and release switchdev environment") to 5c07be96d8b3 ("ice: Avoid setting default Rx VSI twice in switchdev setup"), the commit that made ice_eswitch_setup_env() use the idempotent ice_set_dflt_vsi(); before it a pre-existing promisc DFLT rule made setup fail with -EEXIST so the release path was never reached. No code change. v2: https://lore.kernel.org/all/20260622113428.2565255-3-poros@redhat.com/ v1: https://lore.kernel.org/all/deef5756e534ef06c12d910c5305d3fd205d30a0.1781786935.git.poros@redhat.com/ --- drivers/net/ethernet/intel/ice/ice_eswitch.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_eswitch.c b/drivers/net/ethernet/intel/ice/ice_eswitch.c index c30e27bbfe6e25..07e2016fb9481f 100644 --- a/drivers/net/ethernet/intel/ice/ice_eswitch.c +++ b/drivers/net/ethernet/intel/ice/ice_eswitch.c @@ -66,8 +66,10 @@ static int ice_eswitch_setup_env(struct ice_pf *pf) ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, ICE_FLTR_TX); err_def_tx: - ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, - ICE_FLTR_RX); + /* keep the Rx DFLT rule if the uplink is promiscuous (see release_env) */ + if (!(uplink_vsi->netdev->flags & IFF_PROMISC)) + ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, + false, ICE_FLTR_RX); err_def_rx: ice_vsi_del_vlan_zero(uplink_vsi); err_vlan_zero: @@ -276,8 +278,16 @@ static void ice_eswitch_release_env(struct ice_pf *pf) vlan_ops->ena_rx_filtering(uplink_vsi); ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, ICE_FLTR_TX); - ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, - ICE_FLTR_RX); + + /* Keep the Rx DFLT rule if the uplink is promiscuous; it must outlive + * the session. Test the live netdev->flags, the same value + * ena_rx_filtering() -> ice_cfg_vlan_pruning() above keys its decision + * on, so the preserved DFLT rule and the pruning state stay consistent. + */ + if (!(uplink_vsi->netdev->flags & IFF_PROMISC)) + ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, + false, ICE_FLTR_RX); + ice_fltr_add_mac_and_broadcast(uplink_vsi, uplink_vsi->port_info->mac.perm_addr, ICE_FWD_TO_VSI); -- 2.54.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Intel-wired-lan] [PATCH iwl-net v3 2/2] ice: preserve uplink DFLT Rx rule on switchdev release 2026-07-01 13:36 ` [PATCH iwl-net v3 2/2] ice: preserve uplink DFLT Rx rule on switchdev release Petr Oros @ 2026-07-03 16:36 ` Marcin Szycik 0 siblings, 0 replies; 5+ messages in thread From: Marcin Szycik @ 2026-07-03 16:36 UTC (permalink / raw) To: Petr Oros, netdev Cc: Ivan Vecera, Alice Michael, Przemek Kitszel, Eric Dumazet, linux-kernel, Martyna Szapar-Mudlaw, Andrew Lunn, Tony Nguyen, Simon Horman, intel-wired-lan, Jacob Keller, Jakub Kicinski, Paolo Abeni, David S. Miller On 01.07.2026 15:36, Petr Oros wrote: > When the uplink PF is promiscuous, ice_vsi_sync_fltr() installs an > ICE_SW_LKUP_DFLT catch-all Rx rule on the uplink VSI. Entering switchdev > re-affirms it through the idempotent ice_set_dflt_vsi(), but > ice_eswitch_release_env() removed both the Rx and Tx DFLT rules > unconditionally on teardown. That clobbered a promisc-owned Rx rule: it > disappeared while IFF_PROMISC was still set and the sync path was not > retriggered, leaving the uplink without the catch-all the netdev > requested. > > Skip the Rx DFLT removal when the uplink is promiscuous, both in > ice_eswitch_release_env() and the err_def_tx unwind of > ice_eswitch_setup_env(); the Tx leg, owned by switchdev, is still removed. > Test the live netdev->flags, the same value ena_rx_filtering() -> > ice_cfg_vlan_pruning() above already keys on, so the preserved rule and > the pruning state stay consistent, including for a promisc change made > while switchdev ran (which never reached the gated filter sync). > > Fixes: 5c07be96d8b3 ("ice: Avoid setting default Rx VSI twice in switchdev setup") > Signed-off-by: Petr Oros <poros@redhat.com> Reviewed-by: Marcin Szycik <marcin.szycik@linux.intel.com> > --- > v3: > - Corrected the Fixes tag from 1a1c40df2e80 ("ice: set and release > switchdev environment") to 5c07be96d8b3 ("ice: Avoid setting default > Rx VSI twice in switchdev setup"), the commit that made > ice_eswitch_setup_env() use the idempotent ice_set_dflt_vsi(); before > it a pre-existing promisc DFLT rule made setup fail with -EEXIST so the > release path was never reached. No code change. > > v2: https://lore.kernel.org/all/20260622113428.2565255-3-poros@redhat.com/ > v1: https://lore.kernel.org/all/deef5756e534ef06c12d910c5305d3fd205d30a0.1781786935.git.poros@redhat.com/ > --- > drivers/net/ethernet/intel/ice/ice_eswitch.c | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/ethernet/intel/ice/ice_eswitch.c b/drivers/net/ethernet/intel/ice/ice_eswitch.c > index c30e27bbfe6e25..07e2016fb9481f 100644 > --- a/drivers/net/ethernet/intel/ice/ice_eswitch.c > +++ b/drivers/net/ethernet/intel/ice/ice_eswitch.c > @@ -66,8 +66,10 @@ static int ice_eswitch_setup_env(struct ice_pf *pf) > ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, > ICE_FLTR_TX); > err_def_tx: > - ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, > - ICE_FLTR_RX); > + /* keep the Rx DFLT rule if the uplink is promiscuous (see release_env) */ > + if (!(uplink_vsi->netdev->flags & IFF_PROMISC)) > + ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, > + false, ICE_FLTR_RX); > err_def_rx: > ice_vsi_del_vlan_zero(uplink_vsi); > err_vlan_zero: > @@ -276,8 +278,16 @@ static void ice_eswitch_release_env(struct ice_pf *pf) > vlan_ops->ena_rx_filtering(uplink_vsi); > ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, > ICE_FLTR_TX); > - ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, false, > - ICE_FLTR_RX); > + > + /* Keep the Rx DFLT rule if the uplink is promiscuous; it must outlive > + * the session. Test the live netdev->flags, the same value > + * ena_rx_filtering() -> ice_cfg_vlan_pruning() above keys its decision > + * on, so the preserved DFLT rule and the pruning state stay consistent. > + */ > + if (!(uplink_vsi->netdev->flags & IFF_PROMISC)) > + ice_cfg_dflt_vsi(uplink_vsi->port_info, uplink_vsi->idx, > + false, ICE_FLTR_RX); > + > ice_fltr_add_mac_and_broadcast(uplink_vsi, > uplink_vsi->port_info->mac.perm_addr, > ICE_FWD_TO_VSI); ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-07-03 16:36 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-07-01 13:35 [PATCH iwl-net v3 0/2] ice: fix DFLT Rx rule handling for promisc and switchdev Petr Oros 2026-07-01 13:36 ` [PATCH iwl-net v3 1/2] ice: skip per-VLAN promisc rules when default VSI Rx rule is set Petr Oros 2026-07-03 16:34 ` [Intel-wired-lan] " Marcin Szycik 2026-07-01 13:36 ` [PATCH iwl-net v3 2/2] ice: preserve uplink DFLT Rx rule on switchdev release Petr Oros 2026-07-03 16:36 ` [Intel-wired-lan] " Marcin Szycik
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox