bnxt_en: Do not allow ethtool -m on an untrusted VF

	if (rc)

		goto func_qcfg_exit;

	flags = le16_to_cpu(resp->flags);

#ifdef CONFIG_BNXT_SRIOV

	if (BNXT_VF(bp)) {

		struct bnxt_vf_info *vf = &bp->vf;

		vf->vlan = le16_to_cpu(resp->vlan) & VLAN_VID_MASK;

		if (flags & FUNC_QCFG_RESP_FLAGS_TRUSTED_VF)

			vf->flags |= BNXT_VF_TRUST;

		else

			vf->flags &= ~BNXT_VF_TRUST;

	} else {

		bp->pf.registered_vfs = le16_to_cpu(resp->registered_vfs);

	}

#endif

	flags = le16_to_cpu(resp->flags);

	if (flags & (FUNC_QCFG_RESP_FLAGS_FW_DCBX_AGENT_ENABLED |

		     FUNC_QCFG_RESP_FLAGS_FW_LLDP_AGENT_ENABLED)) {

		bp->fw_cap |= BNXT_FW_CAP_LLDP_AGENT;

#define BNXT_PF(bp)		(!((bp)->flags & BNXT_FLAG_VF))

#define BNXT_VF(bp)		((bp)->flags & BNXT_FLAG_VF)

#ifdef CONFIG_BNXT_SRIOV

#define	BNXT_VF_IS_TRUSTED(bp)	((bp)->vf.flags & BNXT_VF_TRUST)

#else

#define	BNXT_VF_IS_TRUSTED(bp)	0

#endif

#define BNXT_NPAR(bp)		((bp)->port_partition_type)

#define BNXT_MH(bp)		((bp)->flags & BNXT_FLAG_MULTI_HOST)

#define BNXT_SINGLE_PF(bp)	(BNXT_PF(bp) && !BNXT_NPAR(bp) && !BNXT_MH(bp))

	struct bnxt *bp = netdev_priv(dev);

	int rc;

	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp))

		return -EPERM;

	/* No point in going further if phy status indicates

	 * module is not inserted or if it is powered down or

	 * if it is of type 10GBase-T

	u16  start = eeprom->offset, length = eeprom->len;

	int rc = 0;

	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp))

		return -EPERM;

	memset(data, 0, eeprom->len);

	/* Read A0 portion of the EEPROM */

	struct bnxt *bp = netdev_priv(dev);

	int rc;

	if (BNXT_VF(bp) && !BNXT_VF_IS_TRUSTED(bp)) {

		NL_SET_ERR_MSG_MOD(extack,

				   "Module read not permitted on untrusted VF");

		return -EPERM;

	}

	rc = bnxt_get_module_status(bp, extack);

	if (rc)

		return rc;