[PATCH iproute2 v2] iplink: Support VF Trust
From: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com>
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0 vf 1 trust on
To untrust VF.
# ip link set dev eth0 vf 1 trust off
Signed-off-by: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com>
---
v1 -> v2: rebase to the latest code of iproute2.
The VF trust patch has been in kernel and the IFLA_VF_TRUST netlink attribute
has been included iproute2, but no actual handler for this.
This patch add the functionality to trust vf from ip command.
ip/iplink.c | 13 +
man/man8/ip-link.8.in | 7 ++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/ip/iplink.c b/ip/iplink.c
index 5ab9d61..69f5057 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -82,6 +82,7 @@ void iplink_usage(void)
fprintf(stderr, " [ spoofchk { on |
off} ] ]\n");
fprintf(stderr, " [ query_rss { on |
off} ] ]\n");
fprintf(stderr, " [ state { auto |
enable | disable} ] ]\n");
+ fprintf(stderr, " [ trust { on | off}
] ]\n");
fprintf(stderr, " [ master DEVICE ]\n");
fprintf(stderr, " [ nomaster ]\n");
fprintf(stderr, " [ addrgenmode { eui64 | none
| stable_secret | random } ]\n");
@@ -356,6 +357,18 @@ static int iplink_parse_vf(int vf, int *argcp, char
***argvp,
ivs.vf = vf;
addattr_l(>n, sizeof(*req), IFLA_VF_RSS_QUERY_EN,
, sizeof(ivs));
+ } else if (matches(*argv, "trust") == 0) {
+ struct ifla_vf_trust ivt;
+ NEXT_ARG();
+ if (matches(*argv, "on") == 0)
+ ivt.setting = 1;
+ else if (matches(*argv, "off") == 0)
+ ivt.setting = 0;
+ else
+ invarg("Invalid \"trust\" value\n", *argv);
+ ivt.vf = vf;
+ addattr_l(>n, sizeof(*req), IFLA_VF_TRUST, ,
sizeof(ivt));
+
} else if (matches(*argv, "state") == 0) {
struct ifla_vf_link_state ivl;
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4d32343..7dd7a90 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -142,7 +142,8 @@ ip-link \- network device configuration
.B min_tx_rate
.IR TXRATE " ] ["
.B spoofchk { on | off } ] [
-.B state { auto | enable | disable}
+.B state { auto | enable | disable} ] [
+.B trust { on | off }
] |
.br
.B master
@@ -1019,6 +1020,10 @@ parameter must be specified.
reflection of the PF link state, enable lets the VF to communicate with other
VFs on
this host even if the PF link state is down, disable causes the HW to drop any
packets
sent by the VF.
+.sp
+.BI trust " on|off"
+- trust the specified VF user. This enables that VF user can set a specific
feature
+which may impact security and/or performance. (e.g. VF multicast promiscuous
mode)
.in -8
.TP
--
1.8.3.1
[iproute2 PATCH] iplink: Support VF Trust
From: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com>
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0 vf 1 trust on
To untrust VF.
# ip link set dev eth0 vf 1 trust off
Signed-off-by: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com>
---
This patch implements a functionality for trusting a VF in ip command.
The kernel side implementation of if_link was submitted as below.
http://marc.info/?l=linux-netdev=144074520803184=2
[PATCH v8 1/3] if_link: Add control trust VF
---
include/linux/if_link.h | 6 ++
ip/iplink.c | 13 +
man/man8/ip-link.8.in | 7 ++-
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index 1934566..ca9a681 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -499,6 +499,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -560,6 +561,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/ip/iplink.c b/ip/iplink.c
index 1c45205..0536f34 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -82,6 +82,7 @@ void iplink_usage(void)
fprintf(stderr, " [ spoofchk { on |
off} ] ]\n");
fprintf(stderr, " [ query_rss { on |
off} ] ]\n");
fprintf(stderr, " [ state { auto |
enable | disable} ] ]\n");
+ fprintf(stderr, " [ trust { on | off}
] ]\n");
fprintf(stderr, " [ master DEVICE ]\n");
fprintf(stderr, " [ nomaster ]\n");
fprintf(stderr, " [ addrgenmode { eui64 | none
} ]\n");
@@ -352,6 +353,18 @@ static int iplink_parse_vf(int vf, int *argcp, char
***argvp,
ivs.vf = vf;
addattr_l(>n, sizeof(*req), IFLA_VF_RSS_QUERY_EN,
, sizeof(ivs));
+ } else if (matches(*argv, "trust") == 0) {
+ struct ifla_vf_trust ivt;
+ NEXT_ARG();
+ if (matches(*argv, "on") == 0)
+ ivt.setting = 1;
+ else if (matches(*argv, "off") == 0)
+ ivt.setting = 0;
+ else
+ invarg("Invalid \"trust\" value\n", *argv);
+ ivt.vf = vf;
+ addattr_l(>n, sizeof(*req), IFLA_VF_TRUST, ,
sizeof(ivt));
+
} else if (matches(*argv, "state") == 0) {
struct ifla_vf_link_state ivl;
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4928249..6a0c876 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -142,7 +142,8 @@ ip-link \- network device configuration
.B min_tx_rate
.IR TXRATE " ] ["
.B spoofchk { on | off } ] [
-.B state { auto | enable | disable}
+.B state { auto | enable | disable} ] [
+.B trust { on | off }
] |
.br
.B master
@@ -968,6 +969,10 @@ parameter must be specified.
reflection of the PF link state, enable lets the VF to communicate with other
VFs on
this host even if the PF link state is down, disable causes the HW to drop any
packets
sent by the VF.
+.sp
+.BI trust " on|off"
+- trust the specified VF user. This enables that VF user can set a specific
feature
+which may impact security and/or perfomance. (e.g. VF multicast promiscuous
mode)
.in -8
.TP
--
1.8.3.1
[PATCH v8 0/3] Introduce VF trust capability and xcast_mode in VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com There is a limitation in the number of multicast L2 addresses in ixgbe and ixgbevf driver. The number of multicast addresses in VF is 30 in the current implementation. That means that we can use up to 30 IPv6 addresses only. On the other hand there is a functionality to set VF multicast promiscuous mode in the NIC. This patchset addresses the issue. First, it introduces VF trusting capability. Like VF multicast promiscuous may hurt security and performance. We would like to enable such functionality only on trusted VF. Next, it introduces VF xcast_mode that represents multicast mode in VF and request it to PF. If ALLMULTI is set in VF network device, it requests VF multicast promiscuous mode to PF. And the VF is trusted, PF enables VF multicast promiscuous mode. Short history v5-v6 Reorganize patchsets, make it with VF trust and MC promisc mode. v6-v7 Change to introduce xcast_mode instead of dedicated VF multicast promisc mode API. v7-v8 Fix to use EOPNOTSUPP in ixgbe_update_vf_xcast_mode() on error, instead of -1. Hiroshi Shimamoto (3): if_link: Add control trust VF ixgbe: Add new ndo to trust VF ixgbe, ixgbevf: Add new mbox API xcast mode drivers/net/ethernet/intel/ixgbe/ixgbe.h | 8 ++ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 96 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h| 1 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 6 ++ drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 ++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 + drivers/net/ethernet/intel/ixgbevf/vf.c | 41 ++ drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + include/linux/if_link.h | 1 + include/linux/netdevice.h | 3 + include/uapi/linux/if_link.h | 6 ++ net/core/rtnetlink.c | 24 +- 14 files changed, 197 insertions(+), 3 deletions(-) -- 1.8.3.1
[PATCH v8 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature. IPv6 requires the multicast
MAC address for each IP address to handle the Neighbor Solicitation
message. We couldn't assign over 30 IPv6 addresses to a single VF.
This patch introduces the new mailbox API, IXGBE_VF_UPDATE_XCAST_MODE,
to update multicast mode of VF. This adds 3 modes;
- NONE only L2 exact match addresses or Flow Director enabled
- MULTIBAM and ROMPE set
- ALLMULTI BAM, ROMPE and MPE set
If a guest VF user wants over 30 MAC multicast addresses, set IFF_ALLMULTI
to request PF to update xcast mode to enable VF multicast promiscuous mode.
On the other hand, enabling VF multicast promiscuous mode may affect
security and performance in the network of the NIC. Only trusted VF can
enable multicast promiscuous mode. The behavior of untrusted VF is the
same as previous version.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 7 +++
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 59 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 6 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 +++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 41
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
8 files changed, 126 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index f147a5a..838284c 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -153,9 +153,16 @@ struct vf_data_storage {
u8 spoofchk_enabled;
bool rss_query_enabled;
u8 trusted;
+ int xcast_mode;
unsigned int vf_api;
};
+enum ixgbevf_xcast_modes {
+ IXGBEVF_XCAST_MODE_NONE = 0,
+ IXGBEVF_XCAST_MODE_MULTI,
+ IXGBEVF_XCAST_MODE_ALLMULTI,
+};
+
struct vf_macvlans {
struct list_head l;
int vf;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..8daa95f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_UPDATE_XCAST_MODE 0x0c
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 65aeb58..fcd8b27 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -119,6 +119,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
/* Untrust all VFs */
adapter-vfinfo[i].trusted = false;
+
+ /* set the default xcast mode */
+ adapter-vfinfo[i].xcast_mode = IXGBEVF_XCAST_MODE_NONE;
}
return 0;
@@ -1004,6 +1007,59 @@ static int ixgbe_get_vf_rss_key(struct ixgbe_adapter
*adapter,
return 0;
}
+static int ixgbe_update_vf_xcast_mode(struct ixgbe_adapter *adapter,
+ u32 *msgbuf, u32 vf)
+{
+ struct ixgbe_hw *hw = adapter-hw;
+ int xcast_mode = msgbuf[1];
+ u32 vmolr, disable, enable;
+
+ /* verify the PF is supporting the correct APIs */
+ switch (adapter-vfinfo[vf].vf_api) {
+ case ixgbe_mbox_api_12:
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+
+ if (xcast_mode IXGBEVF_XCAST_MODE_MULTI
+ !adapter-vfinfo[vf].trusted) {
+ xcast_mode = IXGBEVF_XCAST_MODE_MULTI;
+ }
+
+ if (adapter-vfinfo[vf].xcast_mode == xcast_mode)
+ goto out;
+
+ switch (xcast_mode) {
+ case IXGBEVF_XCAST_MODE_NONE:
+ disable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ enable = 0;
+ break;
+ case IXGBEVF_XCAST_MODE_MULTI:
+ disable = IXGBE_VMOLR_MPE;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE;
+ break;
+ case IXGBEVF_XCAST_MODE_ALLMULTI:
+ disable = 0;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+
+ vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ vmolr = ~disable;
+ vmolr |= enable
[PATCH v8 2/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 37 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 1 +
4 files changed, 40 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 3b9b911..f147a5a 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -152,6 +152,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 626ed01..914c1b0 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8399,6 +8399,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 1d17b58..65aeb58 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -116,6 +116,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
* we want to disable the querying by default.
*/
adapter-vfinfo[i].rss_query_enabled = 0;
+
+ /* Untrust all VFs */
+ adapter-vfinfo[i].trusted = false;
}
return 0;
@@ -1124,6 +1127,17 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
+static inline void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
+{
+ struct ixgbe_hw *hw = adapter-hw;
+ u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter-vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, ping, 1, vf);
+}
+
void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
{
struct ixgbe_hw *hw = adapter-hw;
@@ -1416,6 +1430,28 @@ int ixgbe_ndo_set_vf_rss_query_en(struct net_device
*netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf = adapter-num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter-vfinfo[vf].trusted == setting)
+ return 0;
+
+ adapter-vfinfo[vf].trusted = setting;
+
+ /* reset VF to reconfigure features */
+ adapter-vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, VF %u is %strusted\n, vf, setting ? : not );
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1430,5 +1466,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi-qos = adapter-vfinfo[vf].pf_qos;
ivi-spoofchk = adapter-vfinfo[vf].spoofchk_enabled;
ivi-rss_query_en = adapter-vfinfo[vf].rss_query_enabled;
+ ivi-trusted = adapter-vfinfo[vf].trusted;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 2c197e6..dad9257 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
@@ -49,6 +49,7 @@ int ixgbe_ndo_set_vf_bw(struct net_device *netdev, int vf,
int min_tx_rate,
int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_set_vf_rss_query_en(struct net_device *netdev, int vf,
bool setting);
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi);
void ixgbe_check_vf_rate_limit(struct ixgbe_adapter *adapter);
--
1.8.3.1
[PATCH v7 2/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 37 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 1 +
4 files changed, 40 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index edf1fb9..fb72622 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -152,6 +152,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 935fce7..b26b64e 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8365,6 +8365,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 1d17b58..65aeb58 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -116,6 +116,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
* we want to disable the querying by default.
*/
adapter-vfinfo[i].rss_query_enabled = 0;
+
+ /* Untrust all VFs */
+ adapter-vfinfo[i].trusted = false;
}
return 0;
@@ -1124,6 +1127,17 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
+static inline void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
+{
+ struct ixgbe_hw *hw = adapter-hw;
+ u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter-vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, ping, 1, vf);
+}
+
void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
{
struct ixgbe_hw *hw = adapter-hw;
@@ -1416,6 +1430,28 @@ int ixgbe_ndo_set_vf_rss_query_en(struct net_device
*netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf = adapter-num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter-vfinfo[vf].trusted == setting)
+ return 0;
+
+ adapter-vfinfo[vf].trusted = setting;
+
+ /* reset VF to reconfigure features */
+ adapter-vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, VF %u is %strusted\n, vf, setting ? : not );
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1430,5 +1466,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi-qos = adapter-vfinfo[vf].pf_qos;
ivi-spoofchk = adapter-vfinfo[vf].spoofchk_enabled;
ivi-rss_query_en = adapter-vfinfo[vf].rss_query_enabled;
+ ivi-trusted = adapter-vfinfo[vf].trusted;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 2c197e6..dad9257 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
@@ -49,6 +49,7 @@ int ixgbe_ndo_set_vf_bw(struct net_device *netdev, int vf,
int min_tx_rate,
int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_set_vf_rss_query_en(struct net_device *netdev, int vf,
bool setting);
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi);
void ixgbe_check_vf_rate_limit(struct ixgbe_adapter *adapter);
--
1.8.3.1
[PATCH v7 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature. IPv6 requires the multicast
MAC address for each IP address to handle the Neighbor Solicitation
message. We couldn't assign over 30 IPv6 addresses to a single VF.
This patch introduces the new mailbox API, IXGBE_VF_UPDATE_XCAST_MODE,
to update multicast mode of VF. This adds 3 modes;
- NONE only L2 exact match addresses or Flow Director enabled
- MULTIBAM and ROMPE set
- ALLMULTI BAM, ROMPE and MPE set
If a guest VF user wants over 30 MAC multicast addresses, set IFF_ALLMULTI
to request PF to update xcast mode to enable VF multicast promiscuous mode.
On the other hand, enabling VF multicast promiscuous mode may affect
security and performance in the network of the NIC. Only trusted VF can
enable multicast promiscuous mode. The behavior of untrusted VF is the
same as previous version.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 7 +++
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 59 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 6 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 +++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 41
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
8 files changed, 126 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index fb72622..17250ef 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -153,9 +153,16 @@ struct vf_data_storage {
u8 spoofchk_enabled;
bool rss_query_enabled;
u8 trusted;
+ int xcast_mode;
unsigned int vf_api;
};
+enum ixgbevf_xcast_modes {
+ IXGBEVF_XCAST_MODE_NONE = 0,
+ IXGBEVF_XCAST_MODE_MULTI,
+ IXGBEVF_XCAST_MODE_ALLMULTI,
+};
+
struct vf_macvlans {
struct list_head l;
int vf;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..8daa95f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_UPDATE_XCAST_MODE 0x0c
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 65aeb58..ac071e5 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -119,6 +119,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
/* Untrust all VFs */
adapter-vfinfo[i].trusted = false;
+
+ /* set the default xcast mode */
+ adapter-vfinfo[i].xcast_mode = IXGBEVF_XCAST_MODE_NONE;
}
return 0;
@@ -1004,6 +1007,59 @@ static int ixgbe_get_vf_rss_key(struct ixgbe_adapter
*adapter,
return 0;
}
+static int ixgbe_update_vf_xcast_mode(struct ixgbe_adapter *adapter,
+ u32 *msgbuf, u32 vf)
+{
+ struct ixgbe_hw *hw = adapter-hw;
+ int xcast_mode = msgbuf[1];
+ u32 vmolr, disable, enable;
+
+ /* verify the PF is supporting the correct APIs */
+ switch (adapter-vfinfo[vf].vf_api) {
+ case ixgbe_mbox_api_12:
+ break;
+ default:
+ return -1;
+ }
+
+ if (xcast_mode IXGBEVF_XCAST_MODE_MULTI
+ !adapter-vfinfo[vf].trusted) {
+ xcast_mode = IXGBEVF_XCAST_MODE_MULTI;
+ }
+
+ if (adapter-vfinfo[vf].xcast_mode == xcast_mode)
+ goto out;
+
+ switch (xcast_mode) {
+ case IXGBEVF_XCAST_MODE_NONE:
+ disable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ enable = 0;
+ break;
+ case IXGBEVF_XCAST_MODE_MULTI:
+ disable = IXGBE_VMOLR_MPE;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE;
+ break;
+ case IXGBEVF_XCAST_MODE_ALLMULTI:
+ disable = 0;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ break;
+ default:
+ return -1;
+ }
+
+ vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ vmolr = ~disable;
+ vmolr |= enable;
+ IXGBE_WRITE_REG
[PATCH v7 1/3] if_link: Add control trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is fully trusted.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h| 3 +++
include/uapi/linux/if_link.h | 6 ++
net/core/rtnetlink.c | 24 +---
4 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index ae5d0d2..f923d15 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -24,5 +24,6 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
+ __u32 trusted;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index e20979d..a034fb8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -873,6 +873,7 @@ typedef u16 (*select_queue_fallback_t)(struct net_device
*dev,
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_config)(struct net_device *dev,
* int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
link_state);
@@ -1095,6 +1096,8 @@ struct net_device_ops {
int max_tx_rate);
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
+ int (*ndo_set_vf_trust)(struct net_device *dev,
+ int vf, bool setting);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 2c7e8e3..891050c 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -485,6 +485,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -546,6 +547,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 9e433d5..803b80c 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct net_device
*dev,
/* IFLA_VF_STATS_BROADCAST */
nla_total_size(sizeof(__u64)) +
/* IFLA_VF_STATS_MULTICAST */
-nla_total_size(sizeof(__u64)));
+nla_total_size(sizeof(__u64)) +
+nla_total_size(sizeof(struct ifla_vf_trust)));
return size;
} else
return 0;
@@ -1151,6 +1152,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
struct ifla_vf_link_state vf_linkstate;
struct ifla_vf_rss_query_en vf_rss_query_en;
struct ifla_vf_stats vf_stats;
+ struct ifla_vf_trust vf_trust;
/*
* Not all SR-IOV capable drivers support the
@@ -1160,6 +1162,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
*/
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
+ ivi.trusted = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is auto
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1173,7 +1176,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
vf_tx_rate.vf =
vf_spoofchk.vf =
vf_linkstate.vf =
- vf_rss_query_en.vf = ivi.vf;
+ vf_rss_query_en.vf =
+ vf_trust.vf = ivi.vf
RE: [Intel-wired-lan] [PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox API to enable MC promiscuous mode
Subject: Re: [Intel-wired-lan] [PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox
API to enable MC promiscuous mode
On 06/17/2015 04:45 AM, Hiroshi Shimamoto wrote:
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature.
IPv6 requires the multicast MAC address for each IP address to handle
the Neighbor Solicitation message.
We couldn't assign over 30 IPv6 addresses to a single VF interface.
The easy way to solve this is enabling multicast promiscuous mode.
It is good to have a functionality to enable multicast promiscuous mode
for each VF from VF driver.
This patch introduces the new mbox API, IXGBE_VF_SET_MC_PROMISC, to
enable/disable multicast promiscuous mode in VF. If multicast
promiscuous mode is enabled the VF can receive all multicast packets.
With this patch, the ixgbevf driver automatically enable multicast
promiscuous mode when the number of multicast addresses is over than 30
if possible.
PF only allow to enbale VF multicast promiscuous mode if the VF is trusted.
If not trusted, PF returns an error to VF and VF will fallback the previous
behavior, that only 30 multicast addresses are registered to the filter.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 55
+++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 ++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 49
+++-
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
7 files changed, 112 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 7f76c12..054db64 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -146,6 +146,7 @@ struct vf_data_storage {
u16 vlans_enabled;
bool clear_to_send;
bool pf_set_mac;
+ bool mc_promisc;
u16 pf_vlan; /* When set, guest VLAN config not allowed. */
u16 pf_qos;
u16 tx_rate;
Instead of casting this as a bool I think it might be better served as
an enum. You basically have 4 levels you could set:
DISABLED No traffic allowed, Rx disabled, PF only
NONE only L2 exact match addresses or Flow Director enabled
MULTI BAM ROMPE set
ALLMULTI BAM, ROMPE, MPE set
PROMISC BAM, ROMPE, MPE, UPE (available on x540)
VLAN_PROMISC BAM, ROMPE, MPE, UPE, VPE (available on x540)
That just leaves AUPE and ROPE which are kind of special cases. AUPE
should be set if an port VLAN is not assigned by the PF, and as far as
ROPE it could be thought of as a poor-mans promiscuous so it might be
useful for 82599 to possibly try to put together some sort of
promiscuous mode though I cannot say for certain.
The idea is to make use of the enum to enable higher or lower levels of
escalation. You could then limit a non-trusted VF to MULTI for any
requests of ALLMULTI, PROMISC, or VLAN_PROMSIC and if the VF is trusted
it would have access to ALLMULTI on 82599, and potentially PROMISC or
VLAN_PROMISC on x540 and newer.
It hadn't occurred to me until just now that the NONE option might be
desirable to some as well since it is possible that somebody would
rather use flow director rules to send traffic to a VF rather than have
it receive broadcast or multicast traffic. By doing this we enable that
as a possible use case. It could all be controlled through the
IFF_BROADCAST, IFF_MULTICAST, IFF_ALLMULTI, and IFF_PROMISC flags in
set_rx_mode.
We did something like this for fm10k as it was a requirement of the
Switch API. You could probably do something similar for the
ixgbe/ixgbevf mailbox interface as it seems like it might be a better
fit than adding a new message to cover one specific case.
I'm considering and working about the above change.
I agree with having such mode change interface is better than adding a specific
feature message.
thanks,
Hiroshi
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..703d40b 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_SET_MC_PROMISC0x0c/* VF requests MC promiscuous */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
RE: [Intel-wired-lan] [PATCH v6 1/3] if_link: Add control trust VF
Subject: Re: [Intel-wired-lan] [PATCH v6 1/3] if_link: Add control trust VF
On 06/17/2015 04:41 AM, Hiroshi Shimamoto wrote:
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is fully trusted.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Reviewed-by: Hayato Momma h-mo...@ce.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h| 3 +++
include/uapi/linux/if_link.h | 6 ++
net/core/rtnetlink.c | 19 +--
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index ae5d0d2..f923d15 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -24,5 +24,6 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
+ __u32 trusted;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index e20979d..a034fb8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -873,6 +873,7 @@ typedef u16 (*select_queue_fallback_t)(struct
net_device *dev,
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool
setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_config)(struct net_device *dev,
*int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
link_state);
@@ -1095,6 +1096,8 @@ struct net_device_ops {
int max_tx_rate);
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
+ int (*ndo_set_vf_trust)(struct net_device *dev,
+ int vf, bool setting);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 2c7e8e3..891050c 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -485,6 +485,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -546,6 +547,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
*Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 2d102ce..abd1a75 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct
net_device *dev,
/* IFLA_VF_STATS_BROADCAST */
nla_total_size(sizeof(__u64)) +
/* IFLA_VF_STATS_MULTICAST */
-nla_total_size(sizeof(__u64)));
+nla_total_size(sizeof(__u64)) +
+nla_total_size(sizeof(struct ifla_vf_trust)));
return size;
} else
return 0;
@@ -1151,6 +1152,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
struct net_device *dev,
struct ifla_vf_link_state vf_linkstate;
struct ifla_vf_rss_query_en vf_rss_query_en;
struct ifla_vf_stats vf_stats;
+ struct ifla_vf_trust vf_trust;
/*
* Not all SR-IOV capable drivers support the
@@ -1160,6 +1162,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
struct net_device *dev,
*/
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
+ ivi.trusted = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is auto
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1173,7 +1176,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
struct net_device *dev,
vf_tx_rate.vf
[PATCH v6 2/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 45 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 1 +
4 files changed, 41 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 8830c0f..7f76c12 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -152,6 +152,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 5f1b06a..376b49b 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8349,6 +8349,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 1d17b58..826f88e 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -116,6 +116,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
* we want to disable the querying by default.
*/
adapter-vfinfo[i].rss_query_enabled = 0;
+
+ /* Untrust all VFs */
+ adapter-vfinfo[i].trusted = false;
}
return 0;
@@ -1124,18 +1127,23 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
-void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+static inline void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
{
struct ixgbe_hw *hw = adapter-hw;
u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter-vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, ping, 1, vf);
+}
+
+void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+{
int i;
- for (i = 0 ; i adapter-num_vfs; i++) {
- ping = IXGBE_PF_CONTROL_MSG;
- if (adapter-vfinfo[i].clear_to_send)
- ping |= IXGBE_VT_MSGTYPE_CTS;
- ixgbe_write_mbx(hw, ping, 1, i);
- }
+ for (i = 0 ; i adapter-num_vfs; i++)
+ ixgbe_ping_vf(adapter, i);
}
int ixgbe_ndo_set_vf_mac(struct net_device *netdev, int vf, u8 *mac)
@@ -1416,6 +1424,28 @@ int ixgbe_ndo_set_vf_rss_query_en(struct net_device
*netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf = adapter-num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter-vfinfo[vf].trusted == setting)
+ return 0;
+
+ adapter-vfinfo[vf].trusted = setting;
+
+ /* reset VF to reconfigure features */
+ adapter-vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, VF %u is %strusted\n, vf, setting ? : not );
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1430,5 +1460,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi-qos = adapter-vfinfo[vf].pf_qos;
ivi-spoofchk = adapter-vfinfo[vf].spoofchk_enabled;
ivi-rss_query_en = adapter-vfinfo[vf].rss_query_enabled;
+ ivi-trusted = adapter-vfinfo[vf].trusted;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 2c197e6..dad9257 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
@@ -49,6 +49,7 @@ int ixgbe_ndo_set_vf_bw(struct net_device *netdev, int vf,
int min_tx_rate,
int
[PATCH v6 1/3] if_link: Add control trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is fully trusted.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Reviewed-by: Hayato Momma h-mo...@ce.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h| 3 +++
include/uapi/linux/if_link.h | 6 ++
net/core/rtnetlink.c | 19 +--
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index ae5d0d2..f923d15 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -24,5 +24,6 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
+ __u32 trusted;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index e20979d..a034fb8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -873,6 +873,7 @@ typedef u16 (*select_queue_fallback_t)(struct net_device
*dev,
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_config)(struct net_device *dev,
* int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
link_state);
@@ -1095,6 +1096,8 @@ struct net_device_ops {
int max_tx_rate);
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
+ int (*ndo_set_vf_trust)(struct net_device *dev,
+ int vf, bool setting);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 2c7e8e3..891050c 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -485,6 +485,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -546,6 +547,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 2d102ce..abd1a75 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct net_device
*dev,
/* IFLA_VF_STATS_BROADCAST */
nla_total_size(sizeof(__u64)) +
/* IFLA_VF_STATS_MULTICAST */
-nla_total_size(sizeof(__u64)));
+nla_total_size(sizeof(__u64)) +
+nla_total_size(sizeof(struct ifla_vf_trust)));
return size;
} else
return 0;
@@ -1151,6 +1152,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
struct ifla_vf_link_state vf_linkstate;
struct ifla_vf_rss_query_en vf_rss_query_en;
struct ifla_vf_stats vf_stats;
+ struct ifla_vf_trust vf_trust;
/*
* Not all SR-IOV capable drivers support the
@@ -1160,6 +1162,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
*/
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
+ ivi.trusted = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is auto
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1173,7 +1176,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
vf_tx_rate.vf =
vf_spoofchk.vf =
vf_linkstate.vf =
- vf_rss_query_en.vf = ivi.vf;
+ vf_rss_query_en.vf
[PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox API to enable MC promiscuous mode
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature.
IPv6 requires the multicast MAC address for each IP address to handle
the Neighbor Solicitation message.
We couldn't assign over 30 IPv6 addresses to a single VF interface.
The easy way to solve this is enabling multicast promiscuous mode.
It is good to have a functionality to enable multicast promiscuous mode
for each VF from VF driver.
This patch introduces the new mbox API, IXGBE_VF_SET_MC_PROMISC, to
enable/disable multicast promiscuous mode in VF. If multicast
promiscuous mode is enabled the VF can receive all multicast packets.
With this patch, the ixgbevf driver automatically enable multicast
promiscuous mode when the number of multicast addresses is over than 30
if possible.
PF only allow to enbale VF multicast promiscuous mode if the VF is trusted.
If not trusted, PF returns an error to VF and VF will fallback the previous
behavior, that only 30 multicast addresses are registered to the filter.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 55 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 ++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 49 +++-
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
7 files changed, 112 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 7f76c12..054db64 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -146,6 +146,7 @@ struct vf_data_storage {
u16 vlans_enabled;
bool clear_to_send;
bool pf_set_mac;
+ bool mc_promisc;
u16 pf_vlan; /* When set, guest VLAN config not allowed. */
u16 pf_qos;
u16 tx_rate;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..703d40b 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_SET_MC_PROMISC0x0c/* VF requests MC promiscuous */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 826f88e..925d9c6 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -119,6 +119,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
/* Untrust all VFs */
adapter-vfinfo[i].trusted = false;
+
+ /* Turn multicast promiscuous mode off for all VFs */
+ adapter-vfinfo[i].mc_promisc = false;
}
return 0;
@@ -335,6 +338,12 @@ static int ixgbe_set_vf_multicasts(struct ixgbe_adapter
*adapter,
u32 mta_reg;
u32 vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ /* Disable multicast promiscuous first */
+ if (adapter-vfinfo[vf].mc_promisc) {
+ vmolr = ~IXGBE_VMOLR_MPE;
+ adapter-vfinfo[vf].mc_promisc = false;
+ }
+
/* only so many hash values supported */
entries = min(entries, IXGBE_MAX_VF_MC_ENTRIES);
@@ -660,6 +669,7 @@ static int ixgbe_vf_reset_msg(struct ixgbe_adapter
*adapter, u32 vf)
u32 msgbuf[4] = {0, 0, 0, 0};
u8 *addr = (u8 *)(msgbuf[1]);
u32 q_per_pool = __ALIGN_MASK(1, ~vmdq-mask);
+ u32 vmolr;
int i;
e_info(probe, VF Reset msg received from vf %d\n, vf);
@@ -721,6 +731,12 @@ static int ixgbe_vf_reset_msg(struct ixgbe_adapter
*adapter, u32 vf)
IXGBE_WRITE_REG(hw, IXGBE_PVFTDWBALn(q_per_pool, vf, i), 0);
}
+ /* Disable multicast promiscuous on reset */
+ vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ vmolr = ~IXGBE_VMOLR_MPE;
+ IXGBE_WRITE_REG(hw, IXGBE_VMOLR(vf), vmolr);
+ adapter-vfinfo[vf].mc_promisc = false;
+
/* reply to reset with ack and vf mac address */
msgbuf[0] = IXGBE_VF_RESET;
if (!is_zero_ether_addr(vf_mac)) {
@@ -1004,6 +1020,42 @@ static int ixgbe_get_vf_rss_key(struct ixgbe_adapter
*adapter,
return 0;
}
+static int ixgbe_set_vf_mc_promisc(struct ixgbe_adapter *adapter
[PATCH 2/3] ixgbe, ixgbevf: error MC promisc unless trusted
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Make PF returns an error to VF multicast promiscuous mode if the VF is not
trusted. On VF, check the result from PF and fallback to previous behavior
that only 30 addresses are registered.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 9 +
drivers/net/ethernet/intel/ixgbevf/vf.c| 21 +
2 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 6c602bc..5eb3108 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1074,6 +1074,10 @@ static int ixgbe_set_vf_mc_promisc(struct ixgbe_adapter
*adapter,
if (adapter-vfinfo[vf].mc_promisc == enable)
return 0;
+ /* Don't enable MC promisc unless VF is trusted */
+ if (enable !adapter-vfinfo[vf].trusted)
+ return -1;
+
adapter-vfinfo[vf].mc_promisc = enable;
if (enable)
@@ -1513,10 +1517,7 @@ int ixgbe_ndo_set_vf_trust(struct net_device *netdev,
int vf, bool setting)
adapter-vfinfo[vf].trusted = setting;
- /* Reconfigure features which are only allowed for trusted VF */
- /* VF multicast promiscuous mode */
- if (adapter-vfinfo[vf].mc_promisc)
- ixgbe_enable_vf_mc_promisc(adapter, vf);
+ /* TODO: reset to reconfigure features */
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c
b/drivers/net/ethernet/intel/ixgbevf/vf.c
index 89aecd0..6547c17 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.c
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.c
@@ -430,6 +430,7 @@ static s32 ixgbevf_request_mc_promisc_vf(struct ixgbe_hw
*hw)
{
struct ixgbevf_adapter *adapter = hw-back;
u32 msgbuf[IXGBE_VFMAILBOX_SIZE];
+ int err;
dev_info(adapter-pdev-dev, Request MC PROMISC\n);
@@ -439,7 +440,17 @@ static s32 ixgbevf_request_mc_promisc_vf(struct ixgbe_hw
*hw)
msgbuf[0] = IXGBE_VF_SET_MC_PROMISC;
msgbuf[1] = 1;
- ixgbevf_write_msg_read_ack(hw, msgbuf, 2);
+ err = hw-mbx.ops.write_posted(hw, msgbuf, 2);
+ if (err)
+ return err;
+ err = hw-mbx.ops.read_posted(hw, msgbuf, 2);
+ if (err)
+ return err;
+
+ msgbuf[0] = ~IXGBE_VT_MSGTYPE_CTS;
+
+ if (msgbuf[0] == (IXGBE_VF_SET_MC_PROMISC | IXGBE_VT_MSGTYPE_NACK))
+ return -EPERM;
return 0;
}
@@ -474,11 +485,13 @@ static s32 ixgbevf_update_mc_addr_list_vf(struct ixgbe_hw
*hw,
* mode, turn it on.
*/
if (hw-api_version == ixgbe_mbox_api_12) {
- if (!hw-mac.mc_promisc) {
- ixgbevf_request_mc_promisc_vf(hw);
+ if (!hw-mac.mc_promisc
+ !ixgbevf_request_mc_promisc_vf(hw)) {
hw-mac.mc_promisc = true;
}
- return 0;
+ /* If we are in MC promisc, return here */
+ if (hw-mac.mc_promisc)
+ return 0;
}
cnt = 30;
}
--
1.8.3.1
[PATCH 1/3] ixgbevf: refactor ixgbevf_update_mc_addr_list_vf
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Add ixgbevf_request_mc_promisc_vf which is for request VF multicast
promiscuous mode, and move the codes from ixgbevf_update_mc_addr_list_vf.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbevf/vf.c | 29 +++--
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c
b/drivers/net/ethernet/intel/ixgbevf/vf.c
index b5aac76..89aecd0 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.c
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.c
@@ -426,6 +426,24 @@ static void ixgbevf_write_msg_read_ack(struct ixgbe_hw *hw,
mbx-ops.read_posted(hw, retmsg, size);
}
+static s32 ixgbevf_request_mc_promisc_vf(struct ixgbe_hw *hw)
+{
+ struct ixgbevf_adapter *adapter = hw-back;
+ u32 msgbuf[IXGBE_VFMAILBOX_SIZE];
+
+ dev_info(adapter-pdev-dev, Request MC PROMISC\n);
+
+ memset(msgbuf, 0, sizeof(msgbuf));
+
+ /* enabling multicast promiscuous */
+ msgbuf[0] = IXGBE_VF_SET_MC_PROMISC;
+ msgbuf[1] = 1;
+
+ ixgbevf_write_msg_read_ack(hw, msgbuf, 2);
+
+ return 0;
+}
+
/**
* ixgbevf_update_mc_addr_list_vf - Update Multicast addresses
* @hw: pointer to the HW structure
@@ -457,18 +475,9 @@ static s32 ixgbevf_update_mc_addr_list_vf(struct ixgbe_hw
*hw,
*/
if (hw-api_version == ixgbe_mbox_api_12) {
if (!hw-mac.mc_promisc) {
- struct ixgbevf_adapter *adapter = hw-back;
-
- dev_info(adapter-pdev-dev, Request MC
PROMISC\n);
-
- /* enabling multicast promiscuous */
- msgbuf[0] = IXGBE_VF_SET_MC_PROMISC;
- msgbuf[1] = 1;
- ixgbevf_write_msg_read_ack(hw, msgbuf, 2);
-
+ ixgbevf_request_mc_promisc_vf(hw);
hw-mac.mc_promisc = true;
}
-
return 0;
}
cnt = 30;
--
1.8.3.1
N�r��yb�X��ǧv�^�){.n�+���z�^�)w* jg���
�ݢj/���z�ޖ��2�ޙ�)ߡ�a����
�G���h��j:+v���w��٥
[PATCH 3/3] ixgbe: ping to reset on changing trust status
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 25 +
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 5eb3108..7bb9926 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1212,18 +1212,23 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
-void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+static void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
{
struct ixgbe_hw *hw = adapter-hw;
u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter-vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, ping, 1, vf);
+}
+
+void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+{
int i;
- for (i = 0 ; i adapter-num_vfs; i++) {
- ping = IXGBE_PF_CONTROL_MSG;
- if (adapter-vfinfo[i].clear_to_send)
- ping |= IXGBE_VT_MSGTYPE_CTS;
- ixgbe_write_mbx(hw, ping, 1, i);
- }
+ for (i = 0 ; i adapter-num_vfs; i++)
+ ixgbe_ping_vf(adapter, i);
}
int ixgbe_ndo_set_vf_mac(struct net_device *netdev, int vf, u8 *mac)
@@ -1517,7 +1522,11 @@ int ixgbe_ndo_set_vf_trust(struct net_device *netdev,
int vf, bool setting)
adapter-vfinfo[vf].trusted = setting;
- /* TODO: reset to reconfigure features */
+ /* reset VF to reconfigure features */
+ adapter-vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, VF %u is %strusted\n, vf, setting ? : not );
return 0;
}
--
1.8.3.1
N�r��yb�X��ǧv�^�){.n�+���z�^�)w* jg���
�ݢj/���z�ޖ��2�ޙ�)ߡ�a����
�G���h��j:+v���w��٥
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Rose, Gregory V
Sent: Tuesday, May 26, 2015 7:01 PM
To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
l...@lists.osuosl.org
Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi,
Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
sassm...@redhat.com
Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
Sent: Tuesday, May 26, 2015 5:28 PM
To: Rose, Gregory V; Skidmore, Donald C; Kirsher, Jeffrey T;
intel-wired- l...@lists.osuosl.org
Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi,
Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
sassm...@redhat.com
Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Skidmore, Donald C
Sent: Tuesday, May 26, 2015 10:46 AM
To: Hiroshi Shimamoto; Rose, Gregory V; Kirsher, Jeffrey T;
intel-wired- l...@lists.osuosl.org
Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List;
Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
sassm...@redhat.com
Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
[snip]
-Original Message-
From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
Sent: Monday, May 25, 2015 6:00 PM
To: Skidmore, Donald C; Rose, Gregory V; Kirsher, Jeffrey T;
intel-wired- l...@lists.osuosl.org
Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List;
Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or
Gerlitz; sassm...@redhat.com
Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
Do you mean that VF should care about it is trusted or not?
Should VF request MC Promisc again when it's trusted?
Or, do you mean VF never be trusted during its (or VM's) lifetime?
I think the VF shouldn't directly know whether it is trusted or
not
That's completely irrevelant. The person administering the PF will
be the person who provided trusted privileges to the VF. He'll then
*tell* or somehow other communicate to the person administering the
VF
(probably himself/herself) and then proceed to execute commands on
that VF that require trusted privileges.
If the VF does not have trusted privileges then the commands to add
VLAN filters, set promiscuous modes, and any other privileged
commands
will fail.
Let's not get too fancy with this. It's simple - the host VMM admin
provides trusted privileges to the VF. The person administering the
VF (if in fact it is not the same person, it usually will be) will
proceed to do things that require VF trusted privileges.
Now I think that it's better to have an interface between PF and VF to
know the VF is trusted.
Otherwise VM cannot know whether its VF is trusted, that prevents
automatic operations.
Agreed, it would be silly for the VF to have privileges but not know that
it can
use them!
Or add another communicating interface outside of ixgbe PF-VF mbox API?
We can't depend on any given vendor specific interface. I'd add a very
clear
comment in the Physical Function ndo op that gives a VF trusted privileges
that it is up to the driver to notify the VF driver. But yes, in the case
of Intel
drivers the mailbox or admin queue (for i40e) would be the mechanism to do
that. I know you have some ixgbe patches that coincide with this patch so
that's a good place to look.
Now why I am not against this (VF knowing it is trusted) happening I don't
see the need for it either. I believe the
same could be accomplished by allowing the PF to ask for whatever
configuration it wants and some requests will not be
granted by the PF unless the VF is trusted. Given, this may require an
extension of the mailbox messages to allow for
NAK's to make it clear to the VF the request wasn't granted.
However like Greg mentions above this need not be requirement, different
drivers could implement this way or not.
Now I'm preparing a patchset to handle an error against VF MC promisc request.
I'm not sure that which is better to have new mailbox API which indicates VF is
trusted.
I made a patchset which doesn't add new API but handles error against VF MC
promisc request.
Will submit it.
thanks,
Hiroshi
N�r��yb�X��ǧv�^�){.n�+���z�^�)w* jg���
�ݢj/���z�ޖ��2�ޙ�)ߡ�a����
�G���h��j:+v���w��٥
RE: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
Subject: Re: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to disable VLAN filter On 05/26/2015 06:11 PM, Hiroshi Shimamoto wrote: On 05/21/2015 06:10 AM, Hiroshi Shimamoto wrote: From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com Introduce module parameter disable_hw_vlan_filter to disable HW VLAN filter on ixgbe module load. From the hardware limitation, there are only 64 VLAN entries for HW VLAN filter, and it leads to limit the number of VLANs up to 64 among PF and VFs. For SDN/NFV case, we need to handle unlimited VLAN packets on VF. In such case, every VLAN packet can be transmitted to each VF. When we try to make VLAN devices on VF, the 65th VLAN registration fails and never be able to receive a packet with that VLAN tag. If we do the below command on VM, ethX.65 to ethX.100 cannot be created. # for i in `seq 1 100`; do \ ip link add link ethX name ethX.$i type vlan id $i; done There is a capability to disable HW VLAN filter and that makes all VLAN tagged packets can be transmitted to every VFs. After VLAN filter stage, unicast packets are transmitted to VF which has the MAC address same as the transmitting packet. With this patch and disable_hw_vlan_filter=1, we can use unlimited number of VLANs on VF. Disabling HW VLAN filter breaks some NIC features such as DCB and FCoE. DCB and FCoE are disabled when HW VLAN filter is disabled by this module parameter. Because of that reason, the administrator has to know that before turning off HW VLAN filter. You might also want to note that it makes the system susceptible to broadcast/multicast storms since it eliminates any/all VLAN isolation. So a broadcast or multicast packet on one VLAN is received on ALL interfaces regardless of their VLAN configuration. In addition the current VF driver is likely to just receive the packet as untagged, see ixgbevf_process_skb_fields(). As a result one or two VFs can bring the entire system to a crawl by saturating the PCIe bus via broadcast/multicast traffic since there is nothing to prevent them from talking to each other over VLANs that are no longer there. that's right. On the other hand, an untagged packet is not isolated, doesn't it same broadcast/multicast storm on untagged network? Yes, that is one of the reasons for VLANs. It provides isolation so that if you have two entities on the same network you won't have entity A able to talk to entity B. The problem is with VLAN promiscuous enabled if entity B is a VF it will see the traffic but has no way to know that it was VLAN tagged and a part of entity A's VLAN. Sorry, I guess I failed to make a question to clarify. Occupying PCIe bus with broadcast/multicast packets causes performance degradation. VLAN filter can isolate traffic and reduce PCIe bus usage, but untagged broadcast/multicast traffic is still problem, I think. What is difference between tagged packet and untagged packet? For the sake of backwards compatibility I would say that a feature like this should be mutually exclusive with SR-IOV as well since it will cause erratic behavior. The VF will receive requests from all VLANs thinking the traffic is untagged, and then send replies back to VLAN 0 even though that isn't where the message originated. Sorry, I couldn't catch the above part. Could you explain a bit more? thanks, Hiroshi Until the VF issue is fixed this type of feature is a no-go. The current behavior for a VF is that if it receives a VLAN that it didn't request it assumes it is operating in port VLAN mode. The problem is with your patch the VF will be receiving all traffic but have no idea which VLAN it came from. As a result it could be replying to multicast or broadcast requests on one VLAN with the wrong VLAN ID. The VLAN behavior of the VF drivers will need to be fixed before something like that could be supported with ANY of the VFs. As such you will probably need to fix the VF driver in order to allow any of them to come online when VLAN filtering is disabled, as the driver will need to report the VLAN tag ID up to the stack. Thanks, that explains cleaner, I think I got the issue. I have to check the exact behavior on my box to understand correctly, will do. thanks, Hiroshi -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message- From: Skidmore, Donald C Sent: Tuesday, May 26, 2015 10:46 AM To: Hiroshi Shimamoto; Rose, Gregory V; Kirsher, Jeffrey T; intel-wired- l...@lists.osuosl.org Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; sassm...@redhat.com Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF [snip] -Original Message- From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com] Sent: Monday, May 25, 2015 6:00 PM To: Skidmore, Donald C; Rose, Gregory V; Kirsher, Jeffrey T; intel-wired- l...@lists.osuosl.org Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; sassm...@redhat.com Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF Do you mean that VF should care about it is trusted or not? Should VF request MC Promisc again when it's trusted? Or, do you mean VF never be trusted during its (or VM's) lifetime? I think the VF shouldn't directly know whether it is trusted or not That's completely irrevelant. The person administering the PF will be the person who provided trusted privileges to the VF. He'll then *tell* or somehow other communicate to the person administering the VF (probably himself/herself) and then proceed to execute commands on that VF that require trusted privileges. If the VF does not have trusted privileges then the commands to add VLAN filters, set promiscuous modes, and any other privileged commands will fail. Let's not get too fancy with this. It's simple - the host VMM admin provides trusted privileges to the VF. The person administering the VF (if in fact it is not the same person, it usually will be) will proceed to do things that require VF trusted privileges. Now I think that it's better to have an interface between PF and VF to know the VF is trusted. Otherwise VM cannot know whether its VF is trusted, that prevents automatic operations. Or add another communicating interface outside of ixgbe PF-VF mbox API? . It should request MC Promisc and get it if it is trusted and not if it is not trusted. So if you (as the system admin know you have a VF that will need to request MC Promisc make sure you promote that VF to trusted before assigning it to a VM. That way when it requests MC Promisc the PF will be able to grant it. Multicast promiscuous should be allowed for the VFs. We already allow VFs to set whatever multicast filters they want so if they want to go into MPE then so what? We don't care. It's not a security risk. Right now, without any modification, the VF can set 30 multicast filters and listen. It can then remove those and set another 30 filters and listen. And so on and so on. So if a VF can already listen on any MC filter it wants then why this artificial restriction on MC promiscuous mode. I'm fine with that, previously I mentioned about that. Without resetting PF, we can listen every MC packet which hash was set. PF reset will restore the last 30 MC addresses per VF. Also there is a single hash entries table, all VFs will got a MC packet which hash was set in the table. If a VF user set a filter, other users will receive that MC packet. We don't care about this case. Unicast promiscuous is the security risk and I think we've handled that. So, should we separate the discussion, about trusting VF operation and about MC promiscuous? And what do you think about being untrusted from trusted state? This is an interesting question. If we allowed a VM to go from trusted - untrusted we would have to turn off any special configuration that trusted allowed. Maybe in such cases we could reset the PF? And of course require all the special configuration (MC Promisc) to default to off after being reset. To remove privileges from a VF that you're already set to privileged will require destruction of the VF VSI and VFLR to the VF - after it comes up it can't do any further privileged operations. yeah, sounds good to reset VF on changing privilege. [snip This too is a valid point. Currently we would just not do it (MC Promisc) and the VF would have to figure that out for itself. Passing a NAK back to the VF might be nicer. :) Of course I assumed the sysadm would know that he/she wanted to give a VF trusted status and would do that before the VF was even assigned to a VM, so the issue would never come up. Maybe that is not valid for your use case? Let's not worry about MC promiscuous mode. As I pointed out above we already let VFs set any MC address filters they want so that horse has already left the barn. Do you think that VF MC promiscuous mode isn't needed to handle under trusted mode, right? thanks, Hiroshi Focus on getting the VF privileged mode configuration going
RE: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
On 05/21/2015 06:10 AM, Hiroshi Shimamoto wrote: From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com Introduce module parameter disable_hw_vlan_filter to disable HW VLAN filter on ixgbe module load. From the hardware limitation, there are only 64 VLAN entries for HW VLAN filter, and it leads to limit the number of VLANs up to 64 among PF and VFs. For SDN/NFV case, we need to handle unlimited VLAN packets on VF. In such case, every VLAN packet can be transmitted to each VF. When we try to make VLAN devices on VF, the 65th VLAN registration fails and never be able to receive a packet with that VLAN tag. If we do the below command on VM, ethX.65 to ethX.100 cannot be created. # for i in `seq 1 100`; do \ ip link add link ethX name ethX.$i type vlan id $i; done There is a capability to disable HW VLAN filter and that makes all VLAN tagged packets can be transmitted to every VFs. After VLAN filter stage, unicast packets are transmitted to VF which has the MAC address same as the transmitting packet. With this patch and disable_hw_vlan_filter=1, we can use unlimited number of VLANs on VF. Disabling HW VLAN filter breaks some NIC features such as DCB and FCoE. DCB and FCoE are disabled when HW VLAN filter is disabled by this module parameter. Because of that reason, the administrator has to know that before turning off HW VLAN filter. You might also want to note that it makes the system susceptible to broadcast/multicast storms since it eliminates any/all VLAN isolation. So a broadcast or multicast packet on one VLAN is received on ALL interfaces regardless of their VLAN configuration. In addition the current VF driver is likely to just receive the packet as untagged, see ixgbevf_process_skb_fields(). As a result one or two VFs can bring the entire system to a crawl by saturating the PCIe bus via broadcast/multicast traffic since there is nothing to prevent them from talking to each other over VLANs that are no longer there. that's right. On the other hand, an untagged packet is not isolated, doesn't it same broadcast/multicast storm on untagged network? For the sake of backwards compatibility I would say that a feature like this should be mutually exclusive with SR-IOV as well since it will cause erratic behavior. The VF will receive requests from all VLANs thinking the traffic is untagged, and then send replies back to VLAN 0 even though that isn't where the message originated. Sorry, I couldn't catch the above part. Could you explain a bit more? thanks, Hiroshi Until the VF issue is fixed this type of feature is a no-go. -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Rose, Gregory V
Sent: Friday, May 22, 2015 8:08 AM
To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
l...@lists.osuosl.org
Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi,
Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
sassm...@redhat.com
Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Intel-wired-lan
[mailto:intel-wired-lan-boun...@lists.osuosl.org] On Behalf Of Hiroshi
Shimamoto
Sent: Thursday, May 21, 2015 7:31 PM
To: Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
l...@lists.osuosl.org
Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi,
Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
sassm...@redhat.com
Subject: Re: [Intel-wired-lan] [PATCH v5 3/3] ixgbe: Add new ndo to
trust VF
[big snip]
I think your concerns are related to some operational assumptions.
My basic concept is, not to change the behavior of VM, existing user
operation.
I mean that I didn't think it's better that the user should check the
both of the ixgbevf driver can deal with new API and the VF is trusted.
Now, I think the point is who takes care whether the VF is trusted. Right?
It seems that you think the VF user should handle that user is trusted
and do something with a notice that you're trusted or untrusted from
the host.
Is that correct?
I made it in PF side, because it looks easy to handle it. If something
to do in VF side, I think ixgbevf driver should handle it.
Setting the VF trusted mode feature should only be allowed through the PF
as it is the only trusted entity from the start. We do not want the VF
being
able to decide for itself to be trusted.
- Greg
I completely agree with Greg and never meant to imply anything else.
The PF should be where a given VF is made trusted. Likewise a VF can get
promoted to MC Promiscuous buy requesting
over 30 MC groups. I like this and your patch currently does this. So for
example below:
PFVF
-----
Set given VF as trusted
Request 30+ MC groups via Mail Box
Put PF in MC Promiscuous mode
What I am concerned about is the following flow where we seem to store the
fact the VF requests more than 30+ MC groups
so that we can automatically enter MC Promisc Mode if that VF is ever made
trusted.
PFVF
--- --
Currently VF is NOT trusted
Request 30+ MC groups via Mail Box
Do NOT put PF in MC Promisc
(hw-mac.mc_promisc = true)
Some time later
Set given VF as trusted
(because mc_promisc set) Put PF in MC Promisc
I don't like the fact that the PF remembers that the VF was denied MC
Promiscuous mode in the past. And because of that
automatically put the VF in MC Promiscuous mode when it becomes trusted.
Maybe showing in code what I would like removed/added
would be more helpful, probably should have started doing that. :)
Do you mean that VF should care about it is trusted or not?
Should VF request MC Promisc again when it's trusted?
Or, do you mean VF never be trusted during its (or VM's) lifetime?
And what do you think about being untrusted from trusted state?
I would remove this bit of code from ixgbe_ndo_set_vf_trust():
int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool
setting) {
struct ixgbe_adapter *adapter = netdev_priv(netdev);
if (vf = adapter-num_vfs)
return -EINVAL;
/* nothing to do */
if (adapter-vfinfo[vf].trusted == setting)
return 0;
adapter-vfinfo[vf].trusted = setting;
- /* Reconfigure features which are only allowed for trusted VF */
- /* VF multicast promiscuous mode */
- if (adapter-vfinfo[vf].mc_promisc)
- ixgbe_enable_vf_mc_promisc(adapter, vf);
I understand, you don't think we need to have a capability to enable/disable MC
Promisc on the fly.
return 0;
}
This of course would be we should not set mc_promisc ever if we are NOT
trusted (adapter-vfinfo[vf].trusted) so in
ixgbe_set_vf_mc_promisc() I would add or something like it:
static int ixgbe_set_vf_mc_promisc(struct ixgbe_adapter *adapter,
u32 *msgbuf, u32 vf)
{
bool enable = !!msgbuf[1]; /* msgbuf contains the flag to enable */
switch (adapter-vfinfo[vf].vf_api) {
case ixgbe_mbox_api_12:
break;
default:
return -1;
}
+ /* have to be trusted */
+ If (!adapter-vfinfo[vf].trusted)
+ Return 0;
Should we return an error to VF to inform it isn't trusted?
+
/* nothing
[PATCH v5] ixgbe: Add module parameter to disable VLAN filter
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Introduce module parameter disable_hw_vlan_filter to disable HW VLAN
filter on ixgbe module load.
From the hardware limitation, there are only 64 VLAN entries for HW VLAN
filter, and it leads to limit the number of VLANs up to 64 among PF and
VFs. For SDN/NFV case, we need to handle unlimited VLAN packets on VF.
In such case, every VLAN packet can be transmitted to each VF.
When we try to make VLAN devices on VF, the 65th VLAN registration fails
and never be able to receive a packet with that VLAN tag.
If we do the below command on VM, ethX.65 to ethX.100 cannot be created.
# for i in `seq 1 100`; do \
ip link add link ethX name ethX.$i type vlan id $i; done
There is a capability to disable HW VLAN filter and that makes all VLAN
tagged packets can be transmitted to every VFs. After VLAN filter stage,
unicast packets are transmitted to VF which has the MAC address same as
the transmitting packet.
With this patch and disable_hw_vlan_filter=1, we can use unlimited
number of VLANs on VF.
Disabling HW VLAN filter breaks some NIC features such as DCB and FCoE.
DCB and FCoE are disabled when HW VLAN filter is disabled by this module
parameter.
Because of that reason, the administrator has to know that before turning
off HW VLAN filter.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 29 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 5181a4d..492615d 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -632,6 +632,7 @@ struct ixgbe_adapter {
#define IXGBE_FLAG_FCOE_ENABLED (u32)(1 21)
#define IXGBE_FLAG_SRIOV_CAPABLE(u32)(1 22)
#define IXGBE_FLAG_SRIOV_ENABLED(u32)(1 23)
+#define IXGBE_FLAG_VLAN_FILTER_ENABLED (u32)(1 24)
u32 flags2;
#define IXGBE_FLAG2_RSC_CAPABLE (u32)(1 0)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 263cb40..b45570f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -158,6 +158,10 @@ module_param(allow_unsupported_sfp, uint, 0);
MODULE_PARM_DESC(allow_unsupported_sfp,
Allow unsupported and untested SFP+ modules on 82599-based
adapters);
+static unsigned int disable_hw_vlan_filter;
+module_param(disable_hw_vlan_filter, uint, 0);
+MODULE_PARM_DESC(disable_hw_vlan_filter, Disable HW VLAN filter);
+
#define DEFAULT_MSG_ENABLE (NETIF_MSG_DRV|NETIF_MSG_PROBE|NETIF_MSG_LINK)
static int debug = -1;
module_param(debug, int, 0);
@@ -4159,6 +4163,9 @@ void ixgbe_set_rx_mode(struct net_device *netdev)
hw-addr_ctrl.user_set_promisc = false;
}
+ if (!(adapter-flags IXGBE_FLAG_VLAN_FILTER_ENABLED))
+ vlnctrl = ~(IXGBE_VLNCTRL_VFE | IXGBE_VLNCTRL_CFIEN);
+
/*
* Write addresses to available RAR registers, if there is not
* sufficient space to store all the addresses then enable
@@ -5251,6 +5258,22 @@ static int ixgbe_sw_init(struct ixgbe_adapter *adapter)
#endif /* CONFIG_IXGBE_DCB */
#endif /* IXGBE_FCOE */
+ if (likely(!disable_hw_vlan_filter)) {
+ /* HW VLAN filter is enabled by default */
+ adapter-flags |= IXGBE_FLAG_VLAN_FILTER_ENABLED;
+ } else {
+ e_dev_warn(Disabling HW VLAN filter.
+ DCB and FCoE are also disabled.\n);
+#ifdef IXGBE_FCOE
+ /* Disabling FCoE */
+ adapter-flags = ~IXGBE_FLAG_FCOE_CAPABLE;
+ adapter-flags = ~IXGBE_FLAG_FCOE_ENABLED;
+#ifdef CONFIG_IXGBE_DCB
+ adapter-fcoe.up = 0;
+#endif /* CONFIG_IXGBE_DCB */
+#endif /* IXGBE_FCOE */
+ }
+
adapter-mac_table = kzalloc(sizeof(struct ixgbe_mac_addr) *
hw-mac.num_rar_entries,
GFP_ATOMIC);
@@ -7733,6 +7756,9 @@ int ixgbe_setup_tc(struct net_device *dev, u8 tc)
ixgbe_clear_interrupt_scheme(adapter);
#ifdef CONFIG_IXGBE_DCB
+ /* Unable to use DCB if HW VLAN filter is disabled */
+ if (!(adapter-flags IXGBE_FLAG_VLAN_FILTER_ENABLED))
+ tc = 0;
if (tc) {
netdev_set_num_tc(dev, tc);
ixgbe_set_prio_tc_map(adapter);
@@ -8562,7 +8588,8 @@ skip_sriov:
}
netdev-hw_features |= NETIF_F_RXALL;
- netdev-features |= NETIF_F_HW_VLAN_CTAG_FILTER;
+ if (adapter-flags IXGBE_FLAG_VLAN_FILTER_ENABLED)
+ netdev-features |= NETIF_F_HW_VLAN_CTAG_FILTER;
netdev-vlan_features
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
Sent: Wednesday, May 20, 2015 9:13 PM
To: Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
Cc: Or Gerlitz; David Miller; Linux Netdev List; nhor...@redhat.com;
sassm...@redhat.com; jogre...@redhat.com; Choi, Sy Jong; Edward Cree;
Rony Efraim
Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
Sent: Tuesday, May 19, 2015 5:06 PM
To: Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
Cc: Skidmore, Donald C; Or Gerlitz; David Miller; Linux Netdev List;
nhor...@redhat.com; sassm...@redhat.com; jogre...@redhat.com;
Choi,
Sy Jong; Edward Cree; Rony Efraim
Subject: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Implement the new netdev op to trust VF in ixgbe and make VF
multicast promiscuous mode enabled only in trusted VF.
The administrator can make VF trusted by ip command which supports
trust message.
# ip link set dev eth0 vf 1 trust on
After making VF untrusted, ixgbe disables VF multicast promiscuous
feature requested from VF.
# ip link set dev eth0 vf 1 trust off
Only trusted VF can enable VF multicast promiscuous mode and handle
over
30 IPv6 addresses on VM, because VF multicast promiscuous mode may
hurt performance.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Reviewed-by: Hayato Momma h-mo...@ce.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 5
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 38
+++---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 ++
4 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 08e65b6..5181a4d 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -153,6 +153,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index b1ea707..263cb40 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -3679,6 +3679,10 @@ static void
ixgbe_configure_virtualization(struct
ixgbe_adapter *adapter)
/* Enable/Disable RSS query feature */
ixgbe_ndo_set_vf_rss_query_en(adapter-netdev, i,
adapter-
vfinfo[i].rss_query_enabled);
+
+ /* Reconfigure features in trusted */
+ ixgbe_ndo_set_vf_trust(adapter-netdev, i,
+ adapter-vfinfo[i].trusted);
}
}
@@ -8182,6 +8186,7 @@ static const struct net_device_ops
ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 615f651..6c602bc 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -117,8 +117,11 @@ static int __ixgbe_enable_sriov(struct
ixgbe_adapter
*adapter)
*/
adapter-vfinfo[i].rss_query_enabled = 0;
- /* Turn multicast promiscuous mode off for all
VFs */
+ /* Disallow VF multicast promiscuous capability
+* and turn it off for all VFs
+*/
adapter-vfinfo[i].mc_promisc = false;
+ adapter-vfinfo[i].trusted = false;
}
return 0;
@@ -329,9 +332,14 @@ static int ixgbe_enable_vf_mc_promisc(struct
ixgbe_adapter *adapter, u32 vf)
hw = adapter-hw;
vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
- e_info(drv, VF %u: enabling multicast promiscuous\n, vf);
-
- vmolr |= IXGBE_VMOLR_MPE
RE: [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
Subject: Re: [PATCH v5] ixgbe: Add module parameter to disable VLAN filter From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com Date: Thu, 21 May 2015 13:10:49 + diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c index 263cb40..b45570f 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c @@ -158,6 +158,10 @@ module_param(allow_unsupported_sfp, uint, 0); MODULE_PARM_DESC(allow_unsupported_sfp, Allow unsupported and untested SFP+ modules on 82599-based adapters); +static unsigned int disable_hw_vlan_filter; +module_param(disable_hw_vlan_filter, uint, 0); +MODULE_PARM_DESC(disable_hw_vlan_filter, Disable HW VLAN filter); Sorry, module parameters like this are not allowed. You must use a generic, portable interface, to configure networking device settings. Could you please tell me which interface is good for this? Otherwise every other driver that wants to do something similar will have yet another module option with a different name, and every user will suffer because they will need to learn a different mechanism to perform this configuration for every driver. Right, I agree. But I thought that this requirement seems really special and closed in ixgbe driver, that the reason I tried it with module parameter. thanks, Hiroshi -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
-Original Message-
From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
Sent: Tuesday, May 19, 2015 5:06 PM
To: Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
Cc: Skidmore, Donald C; Or Gerlitz; David Miller; Linux Netdev List;
nhor...@redhat.com; sassm...@redhat.com; jogre...@redhat.com;
Choi, Sy Jong; Edward Cree; Rony Efraim
Subject: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Implement the new netdev op to trust VF in ixgbe and make VF multicast
promiscuous mode enabled only in trusted VF.
The administrator can make VF trusted by ip command which supports trust
message.
# ip link set dev eth0 vf 1 trust on
After making VF untrusted, ixgbe disables VF multicast promiscuous feature
requested from VF.
# ip link set dev eth0 vf 1 trust off
Only trusted VF can enable VF multicast promiscuous mode and handle over
30 IPv6 addresses on VM, because VF multicast promiscuous mode may hurt
performance.
Signed-off-by: Hiroshi Shimamoto h-shimam...@ct.jp.nec.com
Reviewed-by: Hayato Momma h-mo...@ce.jp.nec.com
CC: Choi, Sy Jong sy.jong.c...@intel.com
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 5
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 38
+++---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 ++
4 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 08e65b6..5181a4d 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -153,6 +153,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index b1ea707..263cb40 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -3679,6 +3679,10 @@ static void ixgbe_configure_virtualization(struct
ixgbe_adapter *adapter)
/* Enable/Disable RSS query feature */
ixgbe_ndo_set_vf_rss_query_en(adapter-netdev, i,
adapter-
vfinfo[i].rss_query_enabled);
+
+ /* Reconfigure features in trusted */
+ ixgbe_ndo_set_vf_trust(adapter-netdev, i,
+ adapter-vfinfo[i].trusted);
}
}
@@ -8182,6 +8186,7 @@ static const struct net_device_ops
ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 615f651..6c602bc 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -117,8 +117,11 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
*/
adapter-vfinfo[i].rss_query_enabled = 0;
- /* Turn multicast promiscuous mode off for all VFs */
+ /* Disallow VF multicast promiscuous capability
+* and turn it off for all VFs
+*/
adapter-vfinfo[i].mc_promisc = false;
+ adapter-vfinfo[i].trusted = false;
}
return 0;
@@ -329,9 +332,14 @@ static int ixgbe_enable_vf_mc_promisc(struct
ixgbe_adapter *adapter, u32 vf)
hw = adapter-hw;
vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
- e_info(drv, VF %u: enabling multicast promiscuous\n, vf);
-
- vmolr |= IXGBE_VMOLR_MPE;
+ if (adapter-vfinfo[vf].trusted) {
+ e_info(drv, VF %u: enabling multicast promiscuous\n, vf);
+ vmolr |= IXGBE_VMOLR_MPE;
+ } else {
+ e_info(drv, VF %u: disabling multicast promiscuous
+ on untrusted VF.\n, vf);
+ vmolr = ~IXGBE_VMOLR_MPE;
+ }
IXGBE_WRITE_REG(hw, IXGBE_VMOLR(vf), vmolr);
@@ -1492,6 +1500,27 @@ int ixgbe_ndo_set_vf_rss_query_en(struct
net_device *netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool
+setting) {
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf = adapter-num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter-vfinfo[vf].trusted == setting
