Re: git: 430f1acc451c - main - ice(4): Add MAC filter and VLAN resource limits to VFs

[Kristof Provost]

That’s confirmed, that has indeed fixed the arm64 LINT build errors.
Thanks des.
We’re still failing riscv and i386, but those are different errors.

The riscv one is new (or I haven’t seen it before, anyway):

        --- all_subdir_usr.bin ---
        ld: error: undefined symbol: llvm::DisableABIBreakingChecks
        >>> referenced by ClangScanDeps.cpp
	>>>               
ClangScanDeps.pieo:(llvm::VerifyDisableABIBreakingChecks)
	c++: error: linker command failed with exit code 1 (use -v to see 
invocation)

i386 has been failing for a while:

        --- all_subdir_sbin/recoverdisk ---
	/usr/src/sbin/recoverdisk/recoverdisk.c:830:38: error: comparison of 
integers of different signs: 'unsigned int' and 'time_t' (aka 'int') 
[-Werror,-Wsign-compare]
        --- all_subdir_usr.bin ---
        --- uuencode.o ---
	cc -target i386-unknown-freebsd15.0 
--sysroot=/usr/obj/usr/src/i386.i386/tmp 
-B/usr/obj/usr/src/i386.i386/tmp/usr/bin  -O2 -pipe -fno-common   -g 
-gz=zlib -MD  -MF.depend.uuencode.o -MTuu
	encode.o -std=gnu17 -Wno-format-zero-length -fstack-protector-strong 
-Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpoi
	nter-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow 
-Wunused-parameter -Wcast-align -Wchar-subscripts -Wnested-externs 
-Wold-style-definition -Wno-pointer-sign -Wdate-t
	ime -Wmissing-variable-declarations -Wthread-safety -Wno-empty-body 
-Wno-string-plus-int -Wno-unused-const-variable 
-Wno-error=unused-but-set-parameter -Wno-error=cast-function-type-misma
	tch  -Qunused-arguments     -c /usr/src/usr.bin/bintrans/uuencode.c -o 
uuencode.o
        --- all_subdir_sbin ---
          830 |                 if (unsaved && (t_save + snapshot) < t_now) {
              |                                 ~~~~~~~~~~~~~~~~~  ^ ~~~~~
        1 error generated.
        *** [recoverdisk.o] Error code 1

—
Kristof

On 28 Jul 2025, at 19:45, Warner Losh wrote:

I think DES may have just fixed this. Can you confirm?

Warner

On Mon, Jul 28, 2025 at 3:23 AM Kristof Provost <k...@freebsd.org> 
wrote:

I’m not sure if it’s this specific commit or another one in the 
recent dev/ice updates, but the arm64 LINT-FDT, LINT-ACPI and LINT 
builds all fail.

This is from arm64-LINT:

        ld: error: undefined symbol: ice_iov_attach
        >>> referenced by if_ice_iflib.c:859 
(/usr/src/sys/dev/ice/if_ice_iflib.c:859)
        >>>               if_ice_iflib.o:(ice_if_attach_post)

        ld: error: undefined symbol: ice_iov_detach
        >>> referenced by if_ice_iflib.c:989 
(/usr/src/sys/dev/ice/if_ice_iflib.c:989)
        >>>               if_ice_iflib.o:(ice_if_detach)
        >>> referenced by if_ice_iflib.c:2323 
(/usr/src/sys/dev/ice/if_ice_iflib.c:2323)
        >>>               if_ice_iflib.o:(ice_if_update_admin_status)
        >>> referenced by if_ice_iflib.c:2376 
(/usr/src/sys/dev/ice/if_ice_iflib.c:2376)
        >>>               if_ice_iflib.o:(ice_transition_safe_mode)

        ld: error: undefined symbol: ice_iov_add_vf
        >>> referenced by if_ice_iflib.c:3464 
(/usr/src/sys/dev/ice/if_ice_iflib.c:3464)
        >>>               if_ice_iflib.o:(ice_if_iov_vf_add)

        ld: error: undefined symbol: ice_iov_init
        >>> referenced by if_ice_iflib.c:3429 
(/usr/src/sys/dev/ice/if_ice_iflib.c:3429)
        >>>               if_ice_iflib.o:(ice_if_iov_init)

        ld: error: undefined symbol: ice_iov_uninit
        >>> referenced by if_ice_iflib.c:3445 
(/usr/src/sys/dev/ice/if_ice_iflib.c:3445)
        >>>               if_ice_iflib.o:(ice_if_iov_uninit)

        ld: error: undefined symbol: ice_iov_handle_vflr
        >>> referenced by if_ice_iflib.c:3480 
(/usr/src/sys/dev/ice/if_ice_iflib.c:3480)
        >>>               if_ice_iflib.o:(ice_if_vflr_handle)

        ld: error: undefined symbol: ice_vc_notify_all_vfs_link_state
        >>> referenced by if_ice_iflib.c:757 
(/usr/src/sys/dev/ice/if_ice_iflib.c:757)
        >>>               if_ice_iflib.o:(ice_update_link_status)

        ld: error: undefined symbol: ice_vc_handle_vf_msg
        >>> referenced by ice_lib.c:2285 
(/usr/src/sys/dev/ice/ice_lib.c:2285)
        >>>               ice_lib.o:(ice_process_ctrlq)
        *** [kernel.full] Error code 1

—
Kristof

On 18 Jul 2025, at 21:16, Warner Losh wrote:
The branch main has been updated by imp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=430f1acc451c7084d1d5aa7df7e7ecccea1a8b51

commit 430f1acc451c7084d1d5aa7df7e7ecccea1a8b51
Author:     Eric Joyner <eric.joy...@intel.com>
AuthorDate: 2024-10-17 22:19:09 +0000
Commit:     Warner Losh <i...@freebsd.org>
CommitDate: 2025-07-18 19:16:17 +0000

    ice(4): Add MAC filter and VLAN resource limits to VFs

    Adds two new parameters to iovctl config for VLAN filter limits 
and MAC
    filter limits and gives them defaults of 64 and 16, 
respectively.

    These are intended to limit the number of resources that a VF 
can
    consume so that any one VF cannot starve an other VFs or the PF 
of
    filters.

    Signed-off-by: Eric Joyner <eric.joy...@intel.com>
    Signed-off-by: Krzysztof Galazka <krzysztof.gala...@intel.com>
    Reviewed by: imp
    Pull Request: https://github.com/freebsd/freebsd-src/pull/1573
---
 sys/dev/ice/ice_iov.c | 45 
++++++++++++++++++++++++++++++++++++++++++---
 sys/dev/ice/ice_iov.h |  8 ++++++++
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/sys/dev/ice/ice_iov.c b/sys/dev/ice/ice_iov.c
index fc37a0e7679c..e06c7eb56f7a 100644
--- a/sys/dev/ice/ice_iov.c
+++ b/sys/dev/ice/ice_iov.c
@@ -117,6 +117,10 @@ ice_iov_attach(struct ice_softc *sc)
          IOV_SCHEMA_HASDEFAULT, ICE_DEFAULT_VF_QUEUES);
      pci_iov_schema_add_uint16(vf_schema, "mirror-src-vsi",
          IOV_SCHEMA_HASDEFAULT, ICE_INVALID_MIRROR_VSI);
+     pci_iov_schema_add_uint16(vf_schema, "max-vlan-allowed",
+         IOV_SCHEMA_HASDEFAULT, ICE_DEFAULT_VF_VLAN_LIMIT);
+     pci_iov_schema_add_uint16(vf_schema, "max-mac-filters",
+         IOV_SCHEMA_HASDEFAULT, ICE_DEFAULT_VF_FILTER_LIMIT);

      error = pci_iov_attach(dev, pf_schema, vf_schema);
      if (error != 0) {
@@ -360,6 +364,9 @@ ice_iov_add_vf(struct ice_softc *sc, uint16_t 
vfnum, const nvlist_t *params)

      vsi->mirror_src_vsi = nvlist_get_number(params, 
"mirror-src-vsi");

+     vf->vlan_limit = nvlist_get_number(params, 
"max-vlan-allowed");
+     vf->mac_filter_limit = nvlist_get_number(params, 
"max-mac-filters");
+
      vf->vf_flags |= VF_FLAG_VLAN_CAP;

      /* Create and setup VSI in HW */
@@ -735,10 +742,17 @@ ice_vc_add_eth_addr_msg(struct ice_softc *sc, 
struct ice_vf *vf, u8 *msg_buf)
      enum virtchnl_status_code v_status = VIRTCHNL_STATUS_SUCCESS;
      struct virtchnl_ether_addr_list *addr_list;
      struct ice_hw *hw = &sc->hw;
+     u16 added_addr_cnt = 0;
      int error = 0;

      addr_list = (struct virtchnl_ether_addr_list *)msg_buf;

+     if (addr_list->num_elements >
+         (vf->mac_filter_limit - vf->mac_filter_cnt)) {
+             v_status = VIRTCHNL_STATUS_ERR_NO_MEMORY;
+             goto done;
+     }
+
      for (int i = 0; i < addr_list->num_elements; i++) {
              u8 *addr = addr_list->list[i].addr;

@@ -767,10 +781,15 @@ ice_vc_add_eth_addr_msg(struct ice_softc *sc, 
struct ice_vf *vf, u8 *msg_buf)
                          "%s: VF-%d: Error adding MAC addr for VSI 
%d\n",
                          __func__, vf->vf_num, vf->vsi->idx);
                      v_status = VIRTCHNL_STATUS_ERR_PARAM;
-                     goto done;
+                     continue;
              }
+             /* Don't count VF's MAC against its MAC filter limit 
*/
+             if (memcmp(addr, vf->mac, ETHER_ADDR_LEN))
+                     added_addr_cnt++;
      }

+     vf->mac_filter_cnt += added_addr_cnt;
+
 done:
      ice_aq_send_msg_to_vf(hw, vf->vf_num, 
VIRTCHNL_OP_ADD_ETH_ADDR,
          v_status, NULL, 0, NULL);
@@ -791,6 +810,7 @@ ice_vc_del_eth_addr_msg(struct ice_softc *sc, 
struct ice_vf *vf, u8 *msg_buf)
      enum virtchnl_status_code v_status = VIRTCHNL_STATUS_SUCCESS;
      struct virtchnl_ether_addr_list *addr_list;
      struct ice_hw *hw = &sc->hw;
+     u16 deleted_addr_cnt = 0;
      int error = 0;

      addr_list = (struct virtchnl_ether_addr_list *)msg_buf;
@@ -802,11 +822,18 @@ ice_vc_del_eth_addr_msg(struct ice_softc *sc, 
struct ice_vf *vf, u8 *msg_buf)
                          "%s: VF-%d: Error removing MAC addr for 
VSI %d\n",
                          __func__, vf->vf_num, vf->vsi->idx);
                      v_status = VIRTCHNL_STATUS_ERR_PARAM;
-                     goto done;
+                     continue;
              }
+             /* Don't count VF's MAC against its MAC filter limit 
*/
+             if (memcmp(addr_list->list[i].addr, vf->mac, 
ETHER_ADDR_LEN))
+                     deleted_addr_cnt++;
      }

-done:
+     if (deleted_addr_cnt >= vf->mac_filter_cnt)
+             vf->mac_filter_cnt = 0;
+     else
+             vf->mac_filter_cnt -= deleted_addr_cnt;
+
      ice_aq_send_msg_to_vf(hw, vf->vf_num, 
VIRTCHNL_OP_DEL_ETH_ADDR,
          v_status, NULL, 0, NULL);
 }
@@ -838,6 +865,11 @@ ice_vc_add_vlan_msg(struct ice_softc *sc, 
struct ice_vf *vf, u8 *msg_buf)
              goto done;
      }

+     if (vlan_list->num_elements > (vf->vlan_limit - vf->vlan_cnt)) 
{
+             v_status = VIRTCHNL_STATUS_ERR_NO_MEMORY;
+             goto done;
+     }
+
      status = ice_add_vlan_hw_filters(vsi, vlan_list->vlan_id,
                                      vlan_list->num_elements);
      if (status) {
@@ -849,6 +881,8 @@ ice_vc_add_vlan_msg(struct ice_softc *sc, struct 
ice_vf *vf, u8 *msg_buf)
              goto done;
      }

+     vf->vlan_cnt += vlan_list->num_elements;
+
 done:
      ice_aq_send_msg_to_vf(hw, vf->vf_num, VIRTCHNL_OP_ADD_VLAN,
          v_status, NULL, 0, NULL);
@@ -892,6 +926,11 @@ ice_vc_del_vlan_msg(struct ice_softc *sc, 
struct ice_vf *vf, u8 *msg_buf)
              goto done;
      }

+     if (vlan_list->num_elements >= vf->vlan_cnt)
+             vf->vlan_cnt = 0;
+     else
+             vf->vlan_cnt -= vlan_list->num_elements;
+
 done:
      ice_aq_send_msg_to_vf(hw, vf->vf_num, VIRTCHNL_OP_DEL_VLAN,
          v_status, NULL, 0, NULL);
diff --git a/sys/dev/ice/ice_iov.h b/sys/dev/ice/ice_iov.h
index c2ac5fcd5c94..c4fb3e932e3f 100644
--- a/sys/dev/ice/ice_iov.h
+++ b/sys/dev/ice/ice_iov.h
@@ -85,6 +85,11 @@ struct ice_vf {
      u16 vf_num;
      struct virtchnl_version_info version;

+     u16 mac_filter_limit;
+     u16 mac_filter_cnt;
+     u16 vlan_limit;
+     u16 vlan_cnt;
+
      u16 num_irq_vectors;
      u16 *vf_imap;
      struct ice_irq_vector *tx_irqvs;
@@ -101,6 +106,9 @@ struct ice_vf {
 #define ICE_VIRTCHNL_VALID_PROMISC_FLAGS     
(FLAG_VF_UNICAST_PROMISC | \
                                               FLAG_VF_MULTICAST_PROMISC)

+#define ICE_DEFAULT_VF_VLAN_LIMIT                    64
+#define ICE_DEFAULT_VF_FILTER_LIMIT                  16
+
 int ice_iov_attach(struct ice_softc *sc);
 int ice_iov_detach(struct ice_softc *sc);