--- /dev/null
+From 831f70a5b93bd2d9e858ced2c12fab5766ede5e7 Mon Sep 17 00:00:00 2001
+From: Amit Chaudhari <amitchaudhari@mac.com>
+Date: Tue, 19 Aug 2025 17:49:19 -0400
+Subject: HID: asus: add support for missing PX series fn keys
+
+From: Amit Chaudhari <amitchaudhari@mac.com>
+
+commit 831f70a5b93bd2d9e858ced2c12fab5766ede5e7 upstream.
+
+Add support for missing hotkey keycodes affecting Asus PX13 and PX16 families
+so userspace can use them.
+
+Signed-off-by: Amit Chaudhari <amitchaudhari@mac.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/hid-asus.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/hid/hid-asus.c
++++ b/drivers/hid/hid-asus.c
+@@ -971,7 +971,10 @@ static int asus_input_mapping(struct hid
+ case 0xc4: asus_map_key_clear(KEY_KBDILLUMUP); break;
+ case 0xc5: asus_map_key_clear(KEY_KBDILLUMDOWN); break;
+ case 0xc7: asus_map_key_clear(KEY_KBDILLUMTOGGLE); break;
++ case 0x4e: asus_map_key_clear(KEY_FN_ESC); break;
++ case 0x7e: asus_map_key_clear(KEY_EMOJI_PICKER); break;
+
++ case 0x8b: asus_map_key_clear(KEY_PROG1); break; /* ProArt Creator Hub key */
+ case 0x6b: asus_map_key_clear(KEY_F21); break; /* ASUS touchpad toggle */
+ case 0x38: asus_map_key_clear(KEY_PROG1); break; /* ROG key */
+ case 0xba: asus_map_key_clear(KEY_PROG2); break; /* Fn+C ASUS Splendid */
--- /dev/null
+From eac04428abe9f9cb203ffae4600791ea1d24eb18 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:17 +0200
+Subject: i40e: add mask to apply valid bits for itr_idx
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit eac04428abe9f9cb203ffae4600791ea1d24eb18 upstream.
+
+The ITR index (itr_idx) is only 2 bits wide. When constructing the
+register value for QINT_RQCTL, all fields are ORed together. Without
+masking, higher bits from itr_idx may overwrite adjacent fields in the
+register.
+
+Apply I40E_QINT_RQCTL_ITR_INDX_MASK to ensure only the intended bits are
+set.
+
+Fixes: 5c3c48ac6bf5 ("i40e: implement virtual device interface")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -448,7 +448,7 @@ static void i40e_config_irq_link_list(st
+ (qtype << I40E_QINT_RQCTL_NEXTQ_TYPE_SHIFT) |
+ (pf_queue_id << I40E_QINT_RQCTL_NEXTQ_INDX_SHIFT) |
+ BIT(I40E_QINT_RQCTL_CAUSE_ENA_SHIFT) |
+- (itr_idx << I40E_QINT_RQCTL_ITR_INDX_SHIFT);
++ FIELD_PREP(I40E_QINT_RQCTL_ITR_INDX_MASK, itr_idx);
+ wr32(hw, reg_idx, reg);
+ }
+
--- /dev/null
+From cb79fa7118c150c3c76a327894bb2eb878c02619 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:16 +0200
+Subject: i40e: add max boundary check for VF filters
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit cb79fa7118c150c3c76a327894bb2eb878c02619 upstream.
+
+There is no check for max filters that VF can request. Add it.
+
+Fixes: e284fc280473 ("i40e: Add and delete cloud filter")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -3908,6 +3908,8 @@ err:
+ aq_ret);
+ }
+
++#define I40E_MAX_VF_CLOUD_FILTER 0xFF00
++
+ /**
+ * i40e_vc_add_cloud_filter
+ * @vf: pointer to the VF info
+@@ -3947,6 +3949,14 @@ static int i40e_vc_add_cloud_filter(stru
+ goto err_out;
+ }
+
++ if (vf->num_cloud_filters >= I40E_MAX_VF_CLOUD_FILTER) {
++ dev_warn(&pf->pdev->dev,
++ "VF %d: Max number of filters reached, can't apply cloud filter\n",
++ vf->vf_id);
++ aq_ret = -ENOSPC;
++ goto err_out;
++ }
++
+ cfilter = kzalloc(sizeof(*cfilter), GFP_KERNEL);
+ if (!cfilter) {
+ aq_ret = -ENOMEM;
--- /dev/null
+From 55d225670def06b01af2e7a5e0446fbe946289e8 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:11 +0200
+Subject: i40e: add validation for ring_len param
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit 55d225670def06b01af2e7a5e0446fbe946289e8 upstream.
+
+The `ring_len` parameter provided by the virtual function (VF)
+is assigned directly to the hardware memory context (HMC) without
+any validation.
+
+To address this, introduce an upper boundary check for both Tx and Rx
+queue lengths. The maximum number of descriptors supported by the
+hardware is 8k-32.
+Additionally, enforce alignment constraints: Tx rings must be a multiple
+of 8, and Rx rings must be a multiple of 32.
+
+Fixes: 5c3c48ac6bf5 ("i40e: implement virtual device interface")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -653,6 +653,13 @@ static int i40e_config_vsi_tx_queue(stru
+
+ /* only set the required fields */
+ tx_ctx.base = info->dma_ring_addr / 128;
++
++ /* ring_len has to be multiple of 8 */
++ if (!IS_ALIGNED(info->ring_len, 8) ||
++ info->ring_len > I40E_MAX_NUM_DESCRIPTORS_XL710) {
++ ret = -EINVAL;
++ goto error_context;
++ }
+ tx_ctx.qlen = info->ring_len;
+ tx_ctx.rdylist = le16_to_cpu(vsi->info.qs_handle[0]);
+ tx_ctx.rdylist_act = 0;
+@@ -716,6 +723,13 @@ static int i40e_config_vsi_rx_queue(stru
+
+ /* only set the required fields */
+ rx_ctx.base = info->dma_ring_addr / 128;
++
++ /* ring_len has to be multiple of 32 */
++ if (!IS_ALIGNED(info->ring_len, 32) ||
++ info->ring_len > I40E_MAX_NUM_DESCRIPTORS_XL710) {
++ ret = -EINVAL;
++ goto error_param;
++ }
+ rx_ctx.qlen = info->ring_len;
+
+ if (info->splithdr_enabled) {
--- /dev/null
+From f1ad24c5abe1eaef69158bac1405a74b3c365115 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:13 +0200
+Subject: i40e: fix idx validation in config queues msg
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit f1ad24c5abe1eaef69158bac1405a74b3c365115 upstream.
+
+Ensure idx is within range of active/initialized TCs when iterating over
+vf->ch[idx] in i40e_vc_config_queues_msg().
+
+Fixes: c27eac48160d ("i40e: Enable ADq and create queue channel/s on VF")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Kamakshi Nellore <nellorex.kamakshi@intel.com> (A Contingent Worker at Intel)
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -2398,7 +2398,7 @@ static int i40e_vc_config_queues_msg(str
+ }
+
+ if (vf->adq_enabled) {
+- if (idx >= ARRAY_SIZE(vf->ch)) {
++ if (idx >= vf->num_tc) {
+ aq_ret = -ENODEV;
+ goto error_param;
+ }
+@@ -2419,7 +2419,7 @@ static int i40e_vc_config_queues_msg(str
+ * to its appropriate VSIs based on TC mapping
+ */
+ if (vf->adq_enabled) {
+- if (idx >= ARRAY_SIZE(vf->ch)) {
++ if (idx >= vf->num_tc) {
+ aq_ret = -ENODEV;
+ goto error_param;
+ }
--- /dev/null
+From aa68d3c3ac8d1dcec40d52ae27e39f6d32207009 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:12 +0200
+Subject: i40e: fix idx validation in i40e_validate_queue_map
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit aa68d3c3ac8d1dcec40d52ae27e39f6d32207009 upstream.
+
+Ensure idx is within range of active/initialized TCs when iterating over
+vf->ch[idx] in i40e_validate_queue_map().
+
+Fixes: c27eac48160d ("i40e: Enable ADq and create queue channel/s on VF")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Kamakshi Nellore <nellorex.kamakshi@intel.com> (A Contingent Worker at Intel)
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -2469,8 +2469,10 @@ static int i40e_validate_queue_map(struc
+ u16 vsi_queue_id, queue_id;
+
+ for_each_set_bit(vsi_queue_id, &queuemap, I40E_MAX_VSI_QP) {
+- if (vf->adq_enabled) {
+- vsi_id = vf->ch[vsi_queue_id / I40E_MAX_VF_VSI].vsi_id;
++ u16 idx = vsi_queue_id / I40E_MAX_VF_VSI;
++
++ if (vf->adq_enabled && idx < vf->num_tc) {
++ vsi_id = vf->ch[idx].vsi_id;
+ queue_id = (vsi_queue_id % I40E_DEFAULT_QUEUES_PER_VF);
+ } else {
+ queue_id = vsi_queue_id;
--- /dev/null
+From 9739d5830497812b0bdeaee356ddefbe60830b88 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:14 +0200
+Subject: i40e: fix input validation logic for action_meta
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit 9739d5830497812b0bdeaee356ddefbe60830b88 upstream.
+
+Fix condition to check 'greater or equal' to prevent OOB dereference.
+
+Fixes: e284fc280473 ("i40e: Add and delete cloud filter")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -3605,7 +3605,7 @@ static int i40e_validate_cloud_filter(st
+
+ /* action_meta is TC number here to which the filter is applied */
+ if (!tc_filter->action_meta ||
+- tc_filter->action_meta > vf->num_tc) {
++ tc_filter->action_meta >= vf->num_tc) {
+ dev_info(&pf->pdev->dev, "VF %d: Invalid TC number %u\n",
+ vf->vf_id, tc_filter->action_meta);
+ goto err;
--- /dev/null
+From 877b7e6ffc23766448236e8732254534c518ba42 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:15 +0200
+Subject: i40e: fix validation of VF state in get resources
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit 877b7e6ffc23766448236e8732254534c518ba42 upstream.
+
+VF state I40E_VF_STATE_ACTIVE is not the only state in which
+VF is actually active so it should not be used to determine
+if a VF is allowed to obtain resources.
+
+Use I40E_VF_STATE_RESOURCES_LOADED that is set only in
+i40e_vc_get_vf_resources_msg() and cleared during reset.
+
+Fixes: 61125b8be85d ("i40e: Fix failed opcode appearing if handling messages from VF")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 7 ++++++-
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 ++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -1467,6 +1467,7 @@ static void i40e_trigger_vf_reset(struct
+ * functions that may still be running at this point.
+ */
+ clear_bit(I40E_VF_STATE_INIT, &vf->vf_states);
++ clear_bit(I40E_VF_STATE_RESOURCES_LOADED, &vf->vf_states);
+
+ /* In the case of a VFLR, the HW has already reset the VF and we
+ * just need to clean up, so don't hit the VFRTRIG register.
+@@ -2133,7 +2134,10 @@ static int i40e_vc_get_vf_resources_msg(
+ size_t len = 0;
+ int ret;
+
+- if (!i40e_sync_vf_state(vf, I40E_VF_STATE_INIT)) {
++ i40e_sync_vf_state(vf, I40E_VF_STATE_INIT);
++
++ if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states) ||
++ test_bit(I40E_VF_STATE_RESOURCES_LOADED, &vf->vf_states)) {
+ aq_ret = -EINVAL;
+ goto err;
+ }
+@@ -2236,6 +2240,7 @@ static int i40e_vc_get_vf_resources_msg(
+ vf->default_lan_addr.addr);
+ }
+ set_bit(I40E_VF_STATE_ACTIVE, &vf->vf_states);
++ set_bit(I40E_VF_STATE_RESOURCES_LOADED, &vf->vf_states);
+
+ err:
+ /* send the response back to the VF */
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h
+@@ -41,7 +41,8 @@ enum i40e_vf_states {
+ I40E_VF_STATE_MC_PROMISC,
+ I40E_VF_STATE_UC_PROMISC,
+ I40E_VF_STATE_PRE_ENABLE,
+- I40E_VF_STATE_RESETTING
++ I40E_VF_STATE_RESETTING,
++ I40E_VF_STATE_RESOURCES_LOADED,
+ };
+
+ /* VF capabilities */
--- /dev/null
+From b99dd77076bd3fddac6f7f1cbfa081c38fde17f5 Mon Sep 17 00:00:00 2001
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Date: Wed, 13 Aug 2025 12:45:18 +0200
+Subject: i40e: improve VF MAC filters accounting
+
+From: Lukasz Czapnik <lukasz.czapnik@intel.com>
+
+commit b99dd77076bd3fddac6f7f1cbfa081c38fde17f5 upstream.
+
+When adding new VM MAC, driver checks only *active* filters in
+vsi->mac_filter_hash. Each MAC, even in non-active state is using resources.
+
+To determine number of MACs VM uses, count VSI filters in *any* state.
+
+Add i40e_count_all_filters() to simply count all filters, and rename
+i40e_count_filters() to i40e_count_active_filters() to avoid ambiguity.
+
+Fixes: cfb1d572c986 ("i40e: Add ensurance of MacVlan resources for every trusted VF")
+Cc: stable@vger.kernel.org
+Signed-off-by: Lukasz Czapnik <lukasz.czapnik@intel.com>
+Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
+Signed-off-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e.h | 3
+ drivers/net/ethernet/intel/i40e/i40e_main.c | 26 +++++++-
+ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 65 ++++++++-------------
+ 3 files changed, 50 insertions(+), 44 deletions(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e.h
++++ b/drivers/net/ethernet/intel/i40e/i40e.h
+@@ -1277,7 +1277,8 @@ struct i40e_mac_filter *i40e_add_mac_fil
+ const u8 *macaddr);
+ int i40e_del_mac_filter(struct i40e_vsi *vsi, const u8 *macaddr);
+ bool i40e_is_vsi_in_vlan(struct i40e_vsi *vsi);
+-int i40e_count_filters(struct i40e_vsi *vsi);
++int i40e_count_all_filters(struct i40e_vsi *vsi);
++int i40e_count_active_filters(struct i40e_vsi *vsi);
+ struct i40e_mac_filter *i40e_find_mac(struct i40e_vsi *vsi, const u8 *macaddr);
+ void i40e_vlan_stripping_enable(struct i40e_vsi *vsi);
+ static inline bool i40e_is_sw_dcb(struct i40e_pf *pf)
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
+@@ -1241,12 +1241,30 @@ void i40e_update_stats(struct i40e_vsi *
+ }
+
+ /**
+- * i40e_count_filters - counts VSI mac filters
++ * i40e_count_all_filters - counts VSI MAC filters
+ * @vsi: the VSI to be searched
+ *
+- * Returns count of mac filters
+- **/
+-int i40e_count_filters(struct i40e_vsi *vsi)
++ * Return: count of MAC filters in any state.
++ */
++int i40e_count_all_filters(struct i40e_vsi *vsi)
++{
++ struct i40e_mac_filter *f;
++ struct hlist_node *h;
++ int bkt, cnt = 0;
++
++ hash_for_each_safe(vsi->mac_filter_hash, bkt, h, f, hlist)
++ cnt++;
++
++ return cnt;
++}
++
++/**
++ * i40e_count_active_filters - counts VSI MAC filters
++ * @vsi: the VSI to be searched
++ *
++ * Return: count of active MAC filters.
++ */
++int i40e_count_active_filters(struct i40e_vsi *vsi)
+ {
+ struct i40e_mac_filter *f;
+ struct hlist_node *h;
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -2865,24 +2865,6 @@ error_param:
+ (u8 *)&stats, sizeof(stats));
+ }
+
+-/**
+- * i40e_can_vf_change_mac
+- * @vf: pointer to the VF info
+- *
+- * Return true if the VF is allowed to change its MAC filters, false otherwise
+- */
+-static bool i40e_can_vf_change_mac(struct i40e_vf *vf)
+-{
+- /* If the VF MAC address has been set administratively (via the
+- * ndo_set_vf_mac command), then deny permission to the VF to
+- * add/delete unicast MAC addresses, unless the VF is trusted
+- */
+- if (vf->pf_set_mac && !vf->trusted)
+- return false;
+-
+- return true;
+-}
+-
+ #define I40E_MAX_MACVLAN_PER_HW 3072
+ #define I40E_MAX_MACVLAN_PER_PF(num_ports) (I40E_MAX_MACVLAN_PER_HW / \
+ (num_ports))
+@@ -2921,8 +2903,10 @@ static inline int i40e_check_vf_permissi
+ struct i40e_pf *pf = vf->pf;
+ struct i40e_vsi *vsi = pf->vsi[vf->lan_vsi_idx];
+ struct i40e_hw *hw = &pf->hw;
+- int mac2add_cnt = 0;
+- int i;
++ int i, mac_add_max, mac_add_cnt = 0;
++ bool vf_trusted;
++
++ vf_trusted = test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps);
+
+ for (i = 0; i < al->num_elements; i++) {
+ struct i40e_mac_filter *f;
+@@ -2942,9 +2926,8 @@ static inline int i40e_check_vf_permissi
+ * The VF may request to set the MAC address filter already
+ * assigned to it so do not return an error in that case.
+ */
+- if (!i40e_can_vf_change_mac(vf) &&
+- !is_multicast_ether_addr(addr) &&
+- !ether_addr_equal(addr, vf->default_lan_addr.addr)) {
++ if (!vf_trusted && !is_multicast_ether_addr(addr) &&
++ vf->pf_set_mac && !ether_addr_equal(addr, vf->default_lan_addr.addr)) {
+ dev_err(&pf->pdev->dev,
+ "VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n");
+ return -EPERM;
+@@ -2953,29 +2936,33 @@ static inline int i40e_check_vf_permissi
+ /*count filters that really will be added*/
+ f = i40e_find_mac(vsi, addr);
+ if (!f)
+- ++mac2add_cnt;
++ ++mac_add_cnt;
+ }
+
+ /* If this VF is not privileged, then we can't add more than a limited
+- * number of addresses. Check to make sure that the additions do not
+- * push us over the limit.
+- */
+- if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps)) {
+- if ((i40e_count_filters(vsi) + mac2add_cnt) >
+- I40E_VC_MAX_MAC_ADDR_PER_VF) {
+- dev_err(&pf->pdev->dev,
+- "Cannot add more MAC addresses, VF is not trusted, switch the VF to trusted to add more functionality\n");
+- return -EPERM;
+- }
+- /* If this VF is trusted, it can use more resources than untrusted.
++ * number of addresses.
++ *
++ * If this VF is trusted, it can use more resources than untrusted.
+ * However to ensure that every trusted VF has appropriate number of
+ * resources, divide whole pool of resources per port and then across
+ * all VFs.
+ */
+- } else {
+- if ((i40e_count_filters(vsi) + mac2add_cnt) >
+- I40E_VC_MAX_MACVLAN_PER_TRUSTED_VF(pf->num_alloc_vfs,
+- hw->num_ports)) {
++ if (!vf_trusted)
++ mac_add_max = I40E_VC_MAX_MAC_ADDR_PER_VF;
++ else
++ mac_add_max = I40E_VC_MAX_MACVLAN_PER_TRUSTED_VF(pf->num_alloc_vfs, hw->num_ports);
++
++ /* VF can replace all its filters in one step, in this case mac_add_max
++ * will be added as active and another mac_add_max will be in
++ * a to-be-removed state. Account for that.
++ */
++ if ((i40e_count_active_filters(vsi) + mac_add_cnt) > mac_add_max ||
++ (i40e_count_all_filters(vsi) + mac_add_cnt) > 2 * mac_add_max) {
++ if (!vf_trusted) {
++ dev_err(&pf->pdev->dev,
++ "Cannot add more MAC addresses, VF is not trusted, switch the VF to trusted to add more functionality\n");
++ return -EPERM;
++ } else {
+ dev_err(&pf->pdev->dev,
+ "Cannot add more MAC addresses, trusted VF exhausted it's resources\n");
+ return -EPERM;
drm-panthor-defer-scheduler-entitiy-destruction-to-q.patch
platform-x86-lg-laptop-fix-wmab-call-in-fan_mode_sto.patch
smb-client-fix-wrong-index-reference-in-smb2_compoun.patch
+hid-asus-add-support-for-missing-px-series-fn-keys.patch
+i40e-add-validation-for-ring_len-param.patch
+i40e-fix-idx-validation-in-i40e_validate_queue_map.patch
+i40e-fix-idx-validation-in-config-queues-msg.patch
+i40e-fix-input-validation-logic-for-action_meta.patch
+i40e-fix-validation-of-vf-state-in-get-resources.patch
+i40e-add-max-boundary-check-for-vf-filters.patch
+i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch
+i40e-improve-vf-mac-filters-accounting.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
