[PATCH iproute2 v2] iplink: Support VF Trust
From: Hiroshi Shimamoto
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0 vf 1 trust on
To untrust VF.
# ip link set dev eth0 vf 1 trust off
Signed-off-by: Hiroshi Shimamoto
---
v1 -> v2: rebase to the latest code of iproute2.
The VF trust patch has been in kernel and the IFLA_VF_TRUST netlink attribute
has been included iproute2, but no actual handler for this.
This patch add the functionality to trust vf from ip command.
ip/iplink.c | 13 +
man/man8/ip-link.8.in | 7 ++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/ip/iplink.c b/ip/iplink.c
index 5ab9d61..69f5057 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -82,6 +82,7 @@ void iplink_usage(void)
fprintf(stderr, " [ spoofchk { on |
off} ] ]\n");
fprintf(stderr, " [ query_rss { on |
off} ] ]\n");
fprintf(stderr, " [ state { auto |
enable | disable} ] ]\n");
+ fprintf(stderr, " [ trust { on | off}
] ]\n");
fprintf(stderr, " [ master DEVICE ]\n");
fprintf(stderr, " [ nomaster ]\n");
fprintf(stderr, " [ addrgenmode { eui64 | none
| stable_secret | random } ]\n");
@@ -356,6 +357,18 @@ static int iplink_parse_vf(int vf, int *argcp, char
***argvp,
ivs.vf = vf;
addattr_l(&req->n, sizeof(*req), IFLA_VF_RSS_QUERY_EN,
&ivs, sizeof(ivs));
+ } else if (matches(*argv, "trust") == 0) {
+ struct ifla_vf_trust ivt;
+ NEXT_ARG();
+ if (matches(*argv, "on") == 0)
+ ivt.setting = 1;
+ else if (matches(*argv, "off") == 0)
+ ivt.setting = 0;
+ else
+ invarg("Invalid \"trust\" value\n", *argv);
+ ivt.vf = vf;
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_TRUST, &ivt,
sizeof(ivt));
+
} else if (matches(*argv, "state") == 0) {
struct ifla_vf_link_state ivl;
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4d32343..7dd7a90 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -142,7 +142,8 @@ ip-link \- network device configuration
.B min_tx_rate
.IR TXRATE " ] ["
.B spoofchk { on | off } ] [
-.B state { auto | enable | disable}
+.B state { auto | enable | disable} ] [
+.B trust { on | off }
] |
.br
.B master
@@ -1019,6 +1020,10 @@ parameter must be specified.
reflection of the PF link state, enable lets the VF to communicate with other
VFs on
this host even if the PF link state is down, disable causes the HW to drop any
packets
sent by the VF.
+.sp
+.BI trust " on|off"
+- trust the specified VF user. This enables that VF user can set a specific
feature
+which may impact security and/or performance. (e.g. VF multicast promiscuous
mode)
.in -8
.TP
--
1.8.3.1
[iproute2 PATCH] iplink: Support VF Trust
From: Hiroshi Shimamoto
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0 vf 1 trust on
To untrust VF.
# ip link set dev eth0 vf 1 trust off
Signed-off-by: Hiroshi Shimamoto
---
This patch implements a functionality for trusting a VF in ip command.
The kernel side implementation of if_link was submitted as below.
http://marc.info/?l=linux-netdev&m=144074520803184&w=2
[PATCH v8 1/3] if_link: Add control trust VF
---
include/linux/if_link.h | 6 ++
ip/iplink.c | 13 +
man/man8/ip-link.8.in | 7 ++-
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index 1934566..ca9a681 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -499,6 +499,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -560,6 +561,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/ip/iplink.c b/ip/iplink.c
index 1c45205..0536f34 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -82,6 +82,7 @@ void iplink_usage(void)
fprintf(stderr, " [ spoofchk { on |
off} ] ]\n");
fprintf(stderr, " [ query_rss { on |
off} ] ]\n");
fprintf(stderr, " [ state { auto |
enable | disable} ] ]\n");
+ fprintf(stderr, " [ trust { on | off}
] ]\n");
fprintf(stderr, " [ master DEVICE ]\n");
fprintf(stderr, " [ nomaster ]\n");
fprintf(stderr, " [ addrgenmode { eui64 | none
} ]\n");
@@ -352,6 +353,18 @@ static int iplink_parse_vf(int vf, int *argcp, char
***argvp,
ivs.vf = vf;
addattr_l(&req->n, sizeof(*req), IFLA_VF_RSS_QUERY_EN,
&ivs, sizeof(ivs));
+ } else if (matches(*argv, "trust") == 0) {
+ struct ifla_vf_trust ivt;
+ NEXT_ARG();
+ if (matches(*argv, "on") == 0)
+ ivt.setting = 1;
+ else if (matches(*argv, "off") == 0)
+ ivt.setting = 0;
+ else
+ invarg("Invalid \"trust\" value\n", *argv);
+ ivt.vf = vf;
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_TRUST, &ivt,
sizeof(ivt));
+
} else if (matches(*argv, "state") == 0) {
struct ifla_vf_link_state ivl;
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4928249..6a0c876 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -142,7 +142,8 @@ ip-link \- network device configuration
.B min_tx_rate
.IR TXRATE " ] ["
.B spoofchk { on | off } ] [
-.B state { auto | enable | disable}
+.B state { auto | enable | disable} ] [
+.B trust { on | off }
] |
.br
.B master
@@ -968,6 +969,10 @@ parameter must be specified.
reflection of the PF link state, enable lets the VF to communicate with other
VFs on
this host even if the PF link state is down, disable causes the HW to drop any
packets
sent by the VF.
+.sp
+.BI trust " on|off"
+- trust the specified VF user. This enables that VF user can set a specific
feature
+which may impact security and/or perfomance. (e.g. VF multicast promiscuous
mode)
.in -8
.TP
--
1.8.3.1
[PATCH v8 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode
From: Hiroshi Shimamoto
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature. IPv6 requires the multicast
MAC address for each IP address to handle the Neighbor Solicitation
message. We couldn't assign over 30 IPv6 addresses to a single VF.
This patch introduces the new mailbox API, IXGBE_VF_UPDATE_XCAST_MODE,
to update multicast mode of VF. This adds 3 modes;
- NONE only L2 exact match addresses or Flow Director enabled
- MULTIBAM and ROMPE set
- ALLMULTI BAM, ROMPE and MPE set
If a guest VF user wants over 30 MAC multicast addresses, set IFF_ALLMULTI
to request PF to update xcast mode to enable VF multicast promiscuous mode.
On the other hand, enabling VF multicast promiscuous mode may affect
security and performance in the network of the NIC. Only trusted VF can
enable multicast promiscuous mode. The behavior of untrusted VF is the
same as previous version.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 7 +++
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 59 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 6 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 +++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 41
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
8 files changed, 126 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index f147a5a..838284c 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -153,9 +153,16 @@ struct vf_data_storage {
u8 spoofchk_enabled;
bool rss_query_enabled;
u8 trusted;
+ int xcast_mode;
unsigned int vf_api;
};
+enum ixgbevf_xcast_modes {
+ IXGBEVF_XCAST_MODE_NONE = 0,
+ IXGBEVF_XCAST_MODE_MULTI,
+ IXGBEVF_XCAST_MODE_ALLMULTI,
+};
+
struct vf_macvlans {
struct list_head l;
int vf;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..8daa95f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_UPDATE_XCAST_MODE 0x0c
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 65aeb58..fcd8b27 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -119,6 +119,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
/* Untrust all VFs */
adapter->vfinfo[i].trusted = false;
+
+ /* set the default xcast mode */
+ adapter->vfinfo[i].xcast_mode = IXGBEVF_XCAST_MODE_NONE;
}
return 0;
@@ -1004,6 +1007,59 @@ static int ixgbe_get_vf_rss_key(struct ixgbe_adapter
*adapter,
return 0;
}
+static int ixgbe_update_vf_xcast_mode(struct ixgbe_adapter *adapter,
+ u32 *msgbuf, u32 vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ int xcast_mode = msgbuf[1];
+ u32 vmolr, disable, enable;
+
+ /* verify the PF is supporting the correct APIs */
+ switch (adapter->vfinfo[vf].vf_api) {
+ case ixgbe_mbox_api_12:
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+
+ if (xcast_mode > IXGBEVF_XCAST_MODE_MULTI &&
+ !adapter->vfinfo[vf].trusted) {
+ xcast_mode = IXGBEVF_XCAST_MODE_MULTI;
+ }
+
+ if (adapter->vfinfo[vf].xcast_mode == xcast_mode)
+ goto out;
+
+ switch (xcast_mode) {
+ case IXGBEVF_XCAST_MODE_NONE:
+ disable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ enable = 0;
+ break;
+ case IXGBEVF_XCAST_MODE_MULTI:
+ disable = IXGBE_VMOLR_MPE;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE;
+ break;
+ case IXGBEVF_XCAST_MODE_ALLMULTI:
+ disable = 0;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ break;
+ default:
+ return -EOPNOTSUPP;
+ }
+
+ vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ vmolr &= ~disable;
+ vmolr |= enable;
[PATCH v8 2/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 37 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 1 +
4 files changed, 40 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 3b9b911..f147a5a 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -152,6 +152,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 626ed01..914c1b0 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8399,6 +8399,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 1d17b58..65aeb58 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -116,6 +116,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
* we want to disable the querying by default.
*/
adapter->vfinfo[i].rss_query_enabled = 0;
+
+ /* Untrust all VFs */
+ adapter->vfinfo[i].trusted = false;
}
return 0;
@@ -1124,6 +1127,17 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
+static inline void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter->vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, &ping, 1, vf);
+}
+
void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
{
struct ixgbe_hw *hw = &adapter->hw;
@@ -1416,6 +1430,28 @@ int ixgbe_ndo_set_vf_rss_query_en(struct net_device
*netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf >= adapter->num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter->vfinfo[vf].trusted == setting)
+ return 0;
+
+ adapter->vfinfo[vf].trusted = setting;
+
+ /* reset VF to reconfigure features */
+ adapter->vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, "VF %u is %strusted\n", vf, setting ? "" : "not ");
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1430,5 +1466,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi->qos = adapter->vfinfo[vf].pf_qos;
ivi->spoofchk = adapter->vfinfo[vf].spoofchk_enabled;
ivi->rss_query_en = adapter->vfinfo[vf].rss_query_enabled;
+ ivi->trusted = adapter->vfinfo[vf].trusted;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 2c197e6..dad9257 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
@@ -49,6 +49,7 @@ int ixgbe_ndo_set_vf_bw(struct net_device *netdev, int vf,
int min_tx_rate,
int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_set_vf_rss_query_en(struct net_device *netdev, int vf,
bool setting);
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi);
void ixgbe_check_vf_rate_limit(struct ixgbe_adapter *adapter);
--
1.8.3.1
[PATCH v8 1/3] if_link: Add control trust VF
From: Hiroshi Shimamoto
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is fully trusted.
Signed-off-by: Hiroshi Shimamoto
CC: Choi, Sy Jong
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h| 3 +++
include/uapi/linux/if_link.h | 6 ++
net/core/rtnetlink.c | 24 +---
4 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index ae5d0d2..f923d15 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -24,5 +24,6 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
+ __u32 trusted;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 6163ecb..7db19e7 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -880,6 +880,7 @@ typedef u16 (*select_queue_fallback_t)(struct net_device
*dev,
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_config)(struct net_device *dev,
* int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
link_state);
@@ -1121,6 +1122,8 @@ struct net_device_ops {
int max_tx_rate);
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
+ int (*ndo_set_vf_trust)(struct net_device *dev,
+ int vf, bool setting);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 313c305..2d6abd4 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -498,6 +498,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -559,6 +560,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 788ceed..2836bf1 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct net_device
*dev,
/* IFLA_VF_STATS_BROADCAST */
nla_total_size(sizeof(__u64)) +
/* IFLA_VF_STATS_MULTICAST */
-nla_total_size(sizeof(__u64)));
+nla_total_size(sizeof(__u64)) +
+nla_total_size(sizeof(struct ifla_vf_trust)));
return size;
} else
return 0;
@@ -1154,6 +1155,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
struct ifla_vf_link_state vf_linkstate;
struct ifla_vf_rss_query_en vf_rss_query_en;
struct ifla_vf_stats vf_stats;
+ struct ifla_vf_trust vf_trust;
/*
* Not all SR-IOV capable drivers support the
@@ -1163,6 +1165,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
*/
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
+ ivi.trusted = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is "auto"
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1176,7 +1179,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
vf_tx_rate.vf =
vf_spoofchk.vf =
vf_linkstate.vf =
- vf_rss_query_en.vf = ivi.vf;
+ vf_rss_query_en.vf =
+ vf_trust.vf = ivi.vf;
memcpy(vf_mac.mac, ivi.mac, size
[PATCH v8 0/3] Introduce VF trust capability and xcast_mode in VF
From: Hiroshi Shimamoto There is a limitation in the number of multicast L2 addresses in ixgbe and ixgbevf driver. The number of multicast addresses in VF is 30 in the current implementation. That means that we can use up to 30 IPv6 addresses only. On the other hand there is a functionality to set VF multicast promiscuous mode in the NIC. This patchset addresses the issue. First, it introduces VF trusting capability. Like VF multicast promiscuous may hurt security and performance. We would like to enable such functionality only on trusted VF. Next, it introduces VF xcast_mode that represents multicast mode in VF and request it to PF. If ALLMULTI is set in VF network device, it requests VF multicast promiscuous mode to PF. And the VF is trusted, PF enables VF multicast promiscuous mode. Short history v5->v6 Reorganize patchsets, make it with VF trust and MC promisc mode. v6->v7 Change to introduce xcast_mode instead of dedicated VF multicast promisc mode API. v7->v8 Fix to use EOPNOTSUPP in ixgbe_update_vf_xcast_mode() on error, instead of -1. Hiroshi Shimamoto (3): if_link: Add control trust VF ixgbe: Add new ndo to trust VF ixgbe, ixgbevf: Add new mbox API xcast mode drivers/net/ethernet/intel/ixgbe/ixgbe.h | 8 ++ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 96 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h| 1 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 6 ++ drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 ++ drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 + drivers/net/ethernet/intel/ixgbevf/vf.c | 41 ++ drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + include/linux/if_link.h | 1 + include/linux/netdevice.h | 3 + include/uapi/linux/if_link.h | 6 ++ net/core/rtnetlink.c | 24 +- 14 files changed, 197 insertions(+), 3 deletions(-) -- 1.8.3.1
[PATCH v7 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode
From: Hiroshi Shimamoto
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature. IPv6 requires the multicast
MAC address for each IP address to handle the Neighbor Solicitation
message. We couldn't assign over 30 IPv6 addresses to a single VF.
This patch introduces the new mailbox API, IXGBE_VF_UPDATE_XCAST_MODE,
to update multicast mode of VF. This adds 3 modes;
- NONE only L2 exact match addresses or Flow Director enabled
- MULTIBAM and ROMPE set
- ALLMULTI BAM, ROMPE and MPE set
If a guest VF user wants over 30 MAC multicast addresses, set IFF_ALLMULTI
to request PF to update xcast mode to enable VF multicast promiscuous mode.
On the other hand, enabling VF multicast promiscuous mode may affect
security and performance in the network of the NIC. Only trusted VF can
enable multicast promiscuous mode. The behavior of untrusted VF is the
same as previous version.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 7 +++
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 59 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 6 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 8 +++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 41
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
8 files changed, 126 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index fb72622..17250ef 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -153,9 +153,16 @@ struct vf_data_storage {
u8 spoofchk_enabled;
bool rss_query_enabled;
u8 trusted;
+ int xcast_mode;
unsigned int vf_api;
};
+enum ixgbevf_xcast_modes {
+ IXGBEVF_XCAST_MODE_NONE = 0,
+ IXGBEVF_XCAST_MODE_MULTI,
+ IXGBEVF_XCAST_MODE_ALLMULTI,
+};
+
struct vf_macvlans {
struct list_head l;
int vf;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..8daa95f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_UPDATE_XCAST_MODE 0x0c
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 65aeb58..ac071e5 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -119,6 +119,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
/* Untrust all VFs */
adapter->vfinfo[i].trusted = false;
+
+ /* set the default xcast mode */
+ adapter->vfinfo[i].xcast_mode = IXGBEVF_XCAST_MODE_NONE;
}
return 0;
@@ -1004,6 +1007,59 @@ static int ixgbe_get_vf_rss_key(struct ixgbe_adapter
*adapter,
return 0;
}
+static int ixgbe_update_vf_xcast_mode(struct ixgbe_adapter *adapter,
+ u32 *msgbuf, u32 vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ int xcast_mode = msgbuf[1];
+ u32 vmolr, disable, enable;
+
+ /* verify the PF is supporting the correct APIs */
+ switch (adapter->vfinfo[vf].vf_api) {
+ case ixgbe_mbox_api_12:
+ break;
+ default:
+ return -1;
+ }
+
+ if (xcast_mode > IXGBEVF_XCAST_MODE_MULTI &&
+ !adapter->vfinfo[vf].trusted) {
+ xcast_mode = IXGBEVF_XCAST_MODE_MULTI;
+ }
+
+ if (adapter->vfinfo[vf].xcast_mode == xcast_mode)
+ goto out;
+
+ switch (xcast_mode) {
+ case IXGBEVF_XCAST_MODE_NONE:
+ disable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ enable = 0;
+ break;
+ case IXGBEVF_XCAST_MODE_MULTI:
+ disable = IXGBE_VMOLR_MPE;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE;
+ break;
+ case IXGBEVF_XCAST_MODE_ALLMULTI:
+ disable = 0;
+ enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE | IXGBE_VMOLR_MPE;
+ break;
+ default:
+ return -1;
+ }
+
+ vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ vmolr &= ~disable;
+ vmolr |= enable;
+
[PATCH v7 2/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 37 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 1 +
4 files changed, 40 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index edf1fb9..fb72622 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -152,6 +152,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 935fce7..b26b64e 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8365,6 +8365,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 1d17b58..65aeb58 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -116,6 +116,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
* we want to disable the querying by default.
*/
adapter->vfinfo[i].rss_query_enabled = 0;
+
+ /* Untrust all VFs */
+ adapter->vfinfo[i].trusted = false;
}
return 0;
@@ -1124,6 +1127,17 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
+static inline void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter->vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, &ping, 1, vf);
+}
+
void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
{
struct ixgbe_hw *hw = &adapter->hw;
@@ -1416,6 +1430,28 @@ int ixgbe_ndo_set_vf_rss_query_en(struct net_device
*netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf >= adapter->num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter->vfinfo[vf].trusted == setting)
+ return 0;
+
+ adapter->vfinfo[vf].trusted = setting;
+
+ /* reset VF to reconfigure features */
+ adapter->vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, "VF %u is %strusted\n", vf, setting ? "" : "not ");
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1430,5 +1466,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi->qos = adapter->vfinfo[vf].pf_qos;
ivi->spoofchk = adapter->vfinfo[vf].spoofchk_enabled;
ivi->rss_query_en = adapter->vfinfo[vf].rss_query_enabled;
+ ivi->trusted = adapter->vfinfo[vf].trusted;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 2c197e6..dad9257 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
@@ -49,6 +49,7 @@ int ixgbe_ndo_set_vf_bw(struct net_device *netdev, int vf,
int min_tx_rate,
int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_set_vf_rss_query_en(struct net_device *netdev, int vf,
bool setting);
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting);
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi);
void ix
[PATCH v7 1/3] if_link: Add control trust VF
From: Hiroshi Shimamoto
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is fully trusted.
Signed-off-by: Hiroshi Shimamoto
CC: Choi, Sy Jong
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h| 3 +++
include/uapi/linux/if_link.h | 6 ++
net/core/rtnetlink.c | 24 +---
4 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index ae5d0d2..f923d15 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -24,5 +24,6 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
+ __u32 trusted;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index e20979d..a034fb8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -873,6 +873,7 @@ typedef u16 (*select_queue_fallback_t)(struct net_device
*dev,
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_config)(struct net_device *dev,
* int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
link_state);
@@ -1095,6 +1096,8 @@ struct net_device_ops {
int max_tx_rate);
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
+ int (*ndo_set_vf_trust)(struct net_device *dev,
+ int vf, bool setting);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 2c7e8e3..891050c 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -485,6 +485,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -546,6 +547,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 9e433d5..803b80c 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct net_device
*dev,
/* IFLA_VF_STATS_BROADCAST */
nla_total_size(sizeof(__u64)) +
/* IFLA_VF_STATS_MULTICAST */
-nla_total_size(sizeof(__u64)));
+nla_total_size(sizeof(__u64)) +
+nla_total_size(sizeof(struct ifla_vf_trust)));
return size;
} else
return 0;
@@ -1151,6 +1152,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
struct ifla_vf_link_state vf_linkstate;
struct ifla_vf_rss_query_en vf_rss_query_en;
struct ifla_vf_stats vf_stats;
+ struct ifla_vf_trust vf_trust;
/*
* Not all SR-IOV capable drivers support the
@@ -1160,6 +1162,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
*/
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
+ ivi.trusted = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is "auto"
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1173,7 +1176,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
vf_tx_rate.vf =
vf_spoofchk.vf =
vf_linkstate.vf =
- vf_rss_query_en.vf = ivi.vf;
+ vf_rss_query_en.vf =
+ vf_trust.vf = ivi.vf;
memcpy(vf_mac.mac, ivi.mac, size
RE: [Intel-wired-lan] [PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox API to enable MC promiscuous mode
> Subject: Re: [Intel-wired-lan] [PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox
> API to enable MC promiscuous mode
>
> On 06/17/2015 04:45 AM, Hiroshi Shimamoto wrote:
> > From: Hiroshi Shimamoto
> >
> > The limitation of the number of multicast address for VF is not enough
> > for the large scale server with SR-IOV feature.
> > IPv6 requires the multicast MAC address for each IP address to handle
> > the Neighbor Solicitation message.
> > We couldn't assign over 30 IPv6 addresses to a single VF interface.
> >
> > The easy way to solve this is enabling multicast promiscuous mode.
> > It is good to have a functionality to enable multicast promiscuous mode
> > for each VF from VF driver.
> >
> > This patch introduces the new mbox API, IXGBE_VF_SET_MC_PROMISC, to
> > enable/disable multicast promiscuous mode in VF. If multicast
> > promiscuous mode is enabled the VF can receive all multicast packets.
> >
> > With this patch, the ixgbevf driver automatically enable multicast
> > promiscuous mode when the number of multicast addresses is over than 30
> > if possible.
> >
> > PF only allow to enbale VF multicast promiscuous mode if the VF is trusted.
> > If not trusted, PF returns an error to VF and VF will fallback the previous
> > behavior, that only 30 multicast addresses are registered to the filter.
> >
> > Signed-off-by: Hiroshi Shimamoto
> > CC: Choi, Sy Jong
> > ---
> > drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
> > drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
> > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 55
> > +++
> > drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 ++
> > drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
> > drivers/net/ethernet/intel/ixgbevf/vf.c | 49
> > +++-
> > drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
> > 7 files changed, 112 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > index 7f76c12..054db64 100644
> > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > @@ -146,6 +146,7 @@ struct vf_data_storage {
> > u16 vlans_enabled;
> > bool clear_to_send;
> > bool pf_set_mac;
> > + bool mc_promisc;
> > u16 pf_vlan; /* When set, guest VLAN config not allowed. */
> > u16 pf_qos;
> > u16 tx_rate;
>
> Instead of casting this as a bool I think it might be better served as
> an enum. You basically have 4 levels you could set:
> DISABLED No traffic allowed, Rx disabled, PF only
> NONE only L2 exact match addresses or Flow Director enabled
> MULTI BAM & ROMPE set
> ALLMULTI BAM, ROMPE, & MPE set
> PROMISC BAM, ROMPE, MPE, & UPE (available on x540)
> VLAN_PROMISC BAM, ROMPE, MPE, UPE, & VPE (available on x540)
>
> That just leaves AUPE and ROPE which are kind of special cases. AUPE
> should be set if an port VLAN is not assigned by the PF, and as far as
> ROPE it could be thought of as a poor-mans promiscuous so it might be
> useful for 82599 to possibly try to put together some sort of
> promiscuous mode though I cannot say for certain.
>
> The idea is to make use of the enum to enable higher or lower levels of
> escalation. You could then limit a non-trusted VF to MULTI for any
> requests of ALLMULTI, PROMISC, or VLAN_PROMSIC and if the VF is trusted
> it would have access to ALLMULTI on 82599, and potentially PROMISC or
> VLAN_PROMISC on x540 and newer.
>
> It hadn't occurred to me until just now that the NONE option might be
> desirable to some as well since it is possible that somebody would
> rather use flow director rules to send traffic to a VF rather than have
> it receive broadcast or multicast traffic. By doing this we enable that
> as a possible use case. It could all be controlled through the
> IFF_BROADCAST, IFF_MULTICAST, IFF_ALLMULTI, and IFF_PROMISC flags in
> set_rx_mode.
>
> We did something like this for fm10k as it was a requirement of the
> Switch API. You could probably do something similar for the
> ixgbe/ixgbevf mailbox interface as it seems like it might be a better
> fit than adding a new message to cover one specific case.
I'm considering and working about the above change.
I agree with having such mode change interface is better than adding a specific
feature message.
thanks,
Hiroshi
>
> > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
RE: [Intel-wired-lan] [PATCH v6 1/3] if_link: Add control trust VF
> Subject: Re: [Intel-wired-lan] [PATCH v6 1/3] if_link: Add control trust VF
>
> On 06/17/2015 04:41 AM, Hiroshi Shimamoto wrote:
> > From: Hiroshi Shimamoto
> >
> > Add netlink directives and ndo entry to trust VF user.
> >
> > This controls the special permission of VF user.
> > The administrator will dedicatedly trust VF user to use some features
> > which impacts security and/or performance.
> >
> > The administrator never turn it on unless VF user is fully trusted.
> >
> > Signed-off-by: Hiroshi Shimamoto
> > Reviewed-by: Hayato Momma
> > CC: Choi, Sy Jong
> > ---
> > include/linux/if_link.h | 1 +
> > include/linux/netdevice.h| 3 +++
> > include/uapi/linux/if_link.h | 6 ++
> > net/core/rtnetlink.c | 19 +--
> > 4 files changed, 27 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/linux/if_link.h b/include/linux/if_link.h
> > index ae5d0d2..f923d15 100644
> > --- a/include/linux/if_link.h
> > +++ b/include/linux/if_link.h
> > @@ -24,5 +24,6 @@ struct ifla_vf_info {
> > __u32 min_tx_rate;
> > __u32 max_tx_rate;
> > __u32 rss_query_en;
> > + __u32 trusted;
> > };
> > #endif /* _LINUX_IF_LINK_H */
> > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> > index e20979d..a034fb8 100644
> > --- a/include/linux/netdevice.h
> > +++ b/include/linux/netdevice.h
> > @@ -873,6 +873,7 @@ typedef u16 (*select_queue_fallback_t)(struct
> > net_device *dev,
> >* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
> >* int max_tx_rate);
> >* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool
> > setting);
> > + * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
> >* int (*ndo_get_vf_config)(struct net_device *dev,
> >*int vf, struct ifla_vf_info *ivf);
> >* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
> > link_state);
> > @@ -1095,6 +1096,8 @@ struct net_device_ops {
> >int max_tx_rate);
> > int (*ndo_set_vf_spoofchk)(struct net_device *dev,
> >int vf, bool setting);
> > + int (*ndo_set_vf_trust)(struct net_device *dev,
> > + int vf, bool setting);
> > int (*ndo_get_vf_config)(struct net_device *dev,
> > int vf,
> > struct ifla_vf_info *ivf);
> > diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
> > index 2c7e8e3..891050c 100644
> > --- a/include/uapi/linux/if_link.h
> > +++ b/include/uapi/linux/if_link.h
> > @@ -485,6 +485,7 @@ enum {
> > * on/off switch
> > */
> > IFLA_VF_STATS, /* network device statistics */
> > + IFLA_VF_TRUST, /* Trust VF */
> > __IFLA_VF_MAX,
> > };
> >
> > @@ -546,6 +547,11 @@ enum {
> >
> > #define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
> >
> > +struct ifla_vf_trust {
> > + __u32 vf;
> > + __u32 setting;
> > +};
> > +
> > /* VF ports management section
> >*
> >*Nested layout of set/get msg is:
> > diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> > index 2d102ce..abd1a75 100644
> > --- a/net/core/rtnetlink.c
> > +++ b/net/core/rtnetlink.c
> > @@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct
> > net_device *dev,
> > /* IFLA_VF_STATS_BROADCAST */
> > nla_total_size(sizeof(__u64)) +
> > /* IFLA_VF_STATS_MULTICAST */
> > -nla_total_size(sizeof(__u64)));
> > +nla_total_size(sizeof(__u64)) +
> > +nla_total_size(sizeof(struct ifla_vf_trust)));
> > return size;
> > } else
> > return 0;
> > @@ -1151,6 +1152,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb,
> > struct net_device *dev,
> > struct ifla_vf_link_state vf_linkstate;
> > struct ifla_vf_rss_query_en vf_rss_query_en;
> > struct ifla_vf_stats vf_stats;
> > + struct ifla_vf_trust vf_tr
[PATCH v6 1/3] if_link: Add control trust VF
From: Hiroshi Shimamoto
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is fully trusted.
Signed-off-by: Hiroshi Shimamoto
Reviewed-by: Hayato Momma
CC: Choi, Sy Jong
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h| 3 +++
include/uapi/linux/if_link.h | 6 ++
net/core/rtnetlink.c | 19 +--
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index ae5d0d2..f923d15 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -24,5 +24,6 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
+ __u32 trusted;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index e20979d..a034fb8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -873,6 +873,7 @@ typedef u16 (*select_queue_fallback_t)(struct net_device
*dev,
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_config)(struct net_device *dev,
* int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int
link_state);
@@ -1095,6 +1096,8 @@ struct net_device_ops {
int max_tx_rate);
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
+ int (*ndo_set_vf_trust)(struct net_device *dev,
+ int vf, bool setting);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 2c7e8e3..891050c 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -485,6 +485,7 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
+ IFLA_VF_TRUST, /* Trust VF */
__IFLA_VF_MAX,
};
@@ -546,6 +547,11 @@ enum {
#define IFLA_VF_STATS_MAX (__IFLA_VF_STATS_MAX - 1)
+struct ifla_vf_trust {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 2d102ce..abd1a75 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -831,7 +831,8 @@ static inline int rtnl_vfinfo_size(const struct net_device
*dev,
/* IFLA_VF_STATS_BROADCAST */
nla_total_size(sizeof(__u64)) +
/* IFLA_VF_STATS_MULTICAST */
-nla_total_size(sizeof(__u64)));
+nla_total_size(sizeof(__u64)) +
+nla_total_size(sizeof(struct ifla_vf_trust)));
return size;
} else
return 0;
@@ -1151,6 +1152,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
struct ifla_vf_link_state vf_linkstate;
struct ifla_vf_rss_query_en vf_rss_query_en;
struct ifla_vf_stats vf_stats;
+ struct ifla_vf_trust vf_trust;
/*
* Not all SR-IOV capable drivers support the
@@ -1160,6 +1162,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
*/
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
+ ivi.trusted = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is "auto"
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1173,7 +1176,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct
net_device *dev,
vf_tx_rate.vf =
vf_spoofchk.vf =
vf_linkstate.vf =
- vf_rss_query_en.vf = ivi.vf;
+ vf_rss_query_en.vf =
+ vf_trust.vf = ivi.vf;
memcpy(vf_mac.mac, ivi.mac, size
[PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox API to enable MC promiscuous mode
From: Hiroshi Shimamoto
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature.
IPv6 requires the multicast MAC address for each IP address to handle
the Neighbor Solicitation message.
We couldn't assign over 30 IPv6 addresses to a single VF interface.
The easy way to solve this is enabling multicast promiscuous mode.
It is good to have a functionality to enable multicast promiscuous mode
for each VF from VF driver.
This patch introduces the new mbox API, IXGBE_VF_SET_MC_PROMISC, to
enable/disable multicast promiscuous mode in VF. If multicast
promiscuous mode is enabled the VF can receive all multicast packets.
With this patch, the ixgbevf driver automatically enable multicast
promiscuous mode when the number of multicast addresses is over than 30
if possible.
PF only allow to enbale VF multicast promiscuous mode if the VF is trusted.
If not trusted, PF returns an error to VF and VF will fallback the previous
behavior, that only 30 multicast addresses are registered to the filter.
Signed-off-by: Hiroshi Shimamoto
CC: Choi, Sy Jong
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c| 55 +++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 ++
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 49 +++-
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
7 files changed, 112 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 7f76c12..054db64 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -146,6 +146,7 @@ struct vf_data_storage {
u16 vlans_enabled;
bool clear_to_send;
bool pf_set_mac;
+ bool mc_promisc;
u16 pf_vlan; /* When set, guest VLAN config not allowed. */
u16 pf_qos;
u16 tx_rate;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index b1e4703..703d40b 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -102,6 +102,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_GET_RETA 0x0a/* VF request for RETA */
#define IXGBE_VF_GET_RSS_KEY 0x0b/* get RSS key */
+#define IXGBE_VF_SET_MC_PROMISC0x0c/* VF requests MC promiscuous */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 826f88e..925d9c6 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -119,6 +119,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
/* Untrust all VFs */
adapter->vfinfo[i].trusted = false;
+
+ /* Turn multicast promiscuous mode off for all VFs */
+ adapter->vfinfo[i].mc_promisc = false;
}
return 0;
@@ -335,6 +338,12 @@ static int ixgbe_set_vf_multicasts(struct ixgbe_adapter
*adapter,
u32 mta_reg;
u32 vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ /* Disable multicast promiscuous first */
+ if (adapter->vfinfo[vf].mc_promisc) {
+ vmolr &= ~IXGBE_VMOLR_MPE;
+ adapter->vfinfo[vf].mc_promisc = false;
+ }
+
/* only so many hash values supported */
entries = min(entries, IXGBE_MAX_VF_MC_ENTRIES);
@@ -660,6 +669,7 @@ static int ixgbe_vf_reset_msg(struct ixgbe_adapter
*adapter, u32 vf)
u32 msgbuf[4] = {0, 0, 0, 0};
u8 *addr = (u8 *)(&msgbuf[1]);
u32 q_per_pool = __ALIGN_MASK(1, ~vmdq->mask);
+ u32 vmolr;
int i;
e_info(probe, "VF Reset msg received from vf %d\n", vf);
@@ -721,6 +731,12 @@ static int ixgbe_vf_reset_msg(struct ixgbe_adapter
*adapter, u32 vf)
IXGBE_WRITE_REG(hw, IXGBE_PVFTDWBALn(q_per_pool, vf, i), 0);
}
+ /* Disable multicast promiscuous on reset */
+ vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
+ vmolr &= ~IXGBE_VMOLR_MPE;
+ IXGBE_WRITE_REG(hw, IXGBE_VMOLR(vf), vmolr);
+ adapter->vfinfo[vf].mc_promisc = false;
+
/* reply to reset with ack and vf mac address */
msgbuf[0] = IXGBE_VF_RESET;
if (!is_zero_ether_addr(vf_mac)) {
@@ -1004,6 +1020,42 @@ static int ixgbe_get_vf_rss_key(struct ixgbe_adapter
*adapter,
return 0;
}
+static int ixgbe_set_vf_mc_promisc(struct ixgbe_adapter *adapter,
+
[PATCH v6 2/3] ixgbe: Add new ndo to trust VF
From: Hiroshi Shimamoto
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 45 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 1 +
4 files changed, 41 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 8830c0f..7f76c12 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -152,6 +152,7 @@ struct vf_data_storage {
u16 vlan_count;
u8 spoofchk_enabled;
bool rss_query_enabled;
+ u8 trusted;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 5f1b06a..376b49b 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -8349,6 +8349,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
.ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
+ .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64= ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 1d17b58..826f88e 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -116,6 +116,9 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
*adapter)
* we want to disable the querying by default.
*/
adapter->vfinfo[i].rss_query_enabled = 0;
+
+ /* Untrust all VFs */
+ adapter->vfinfo[i].trusted = false;
}
return 0;
@@ -1124,18 +1127,23 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
-void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+static inline void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
{
struct ixgbe_hw *hw = &adapter->hw;
u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter->vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, &ping, 1, vf);
+}
+
+void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+{
int i;
- for (i = 0 ; i < adapter->num_vfs; i++) {
- ping = IXGBE_PF_CONTROL_MSG;
- if (adapter->vfinfo[i].clear_to_send)
- ping |= IXGBE_VT_MSGTYPE_CTS;
- ixgbe_write_mbx(hw, &ping, 1, i);
- }
+ for (i = 0 ; i < adapter->num_vfs; i++)
+ ixgbe_ping_vf(adapter, i);
}
int ixgbe_ndo_set_vf_mac(struct net_device *netdev, int vf, u8 *mac)
@@ -1416,6 +1424,28 @@ int ixgbe_ndo_set_vf_rss_query_en(struct net_device
*netdev, int vf,
return 0;
}
+int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf >= adapter->num_vfs)
+ return -EINVAL;
+
+ /* nothing to do */
+ if (adapter->vfinfo[vf].trusted == setting)
+ return 0;
+
+ adapter->vfinfo[vf].trusted = setting;
+
+ /* reset VF to reconfigure features */
+ adapter->vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, "VF %u is %strusted\n", vf, setting ? "" : "not ");
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1430,5 +1460,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi->qos = adapter->vfinfo[vf].pf_qos;
ivi->spoofchk = adapter->vfinfo[vf].spoofchk_enabled;
ivi->rss_query_en = adapter->vfinfo[vf].rss_query_enabled;
+ ivi->trusted = adapter->vfinfo[vf].trusted;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 2c197e6..dad9257 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe
[PATCH 3/3] ixgbe: ping to reset on changing trust status
From: Hiroshi Shimamoto
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 25 +
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 5eb3108..7bb9926 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1212,18 +1212,23 @@ void ixgbe_disable_tx_rx(struct ixgbe_adapter *adapter)
IXGBE_WRITE_REG(hw, IXGBE_VFRE(1), 0);
}
-void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+static void ixgbe_ping_vf(struct ixgbe_adapter *adapter, int vf)
{
struct ixgbe_hw *hw = &adapter->hw;
u32 ping;
+
+ ping = IXGBE_PF_CONTROL_MSG;
+ if (adapter->vfinfo[vf].clear_to_send)
+ ping |= IXGBE_VT_MSGTYPE_CTS;
+ ixgbe_write_mbx(hw, &ping, 1, vf);
+}
+
+void ixgbe_ping_all_vfs(struct ixgbe_adapter *adapter)
+{
int i;
- for (i = 0 ; i < adapter->num_vfs; i++) {
- ping = IXGBE_PF_CONTROL_MSG;
- if (adapter->vfinfo[i].clear_to_send)
- ping |= IXGBE_VT_MSGTYPE_CTS;
- ixgbe_write_mbx(hw, &ping, 1, i);
- }
+ for (i = 0 ; i < adapter->num_vfs; i++)
+ ixgbe_ping_vf(adapter, i);
}
int ixgbe_ndo_set_vf_mac(struct net_device *netdev, int vf, u8 *mac)
@@ -1517,7 +1522,11 @@ int ixgbe_ndo_set_vf_trust(struct net_device *netdev,
int vf, bool setting)
adapter->vfinfo[vf].trusted = setting;
- /* TODO: reset to reconfigure features */
+ /* reset VF to reconfigure features */
+ adapter->vfinfo[vf].clear_to_send = false;
+ ixgbe_ping_vf(adapter, vf);
+
+ e_info(drv, "VF %u is %strusted\n", vf, setting ? "" : "not ");
return 0;
}
--
1.8.3.1
N�r��yb�X��ǧv�^�){.n�+���z�^�)w* jg���
�ݢj/���z�ޖ��2�ޙ&�)ߡ�a����
�G���h��j:+v���w��٥
[PATCH 0/3] ixgbe, ixgbevf: make VF driver check MC promisc enabled
From: Hiroshi Shimamoto Make PF returns error against VF multicast promiscuous mode request from untrusted VF, and VF handles that error. To reconfigure, PF send reset to VF when trust status is changed. This patchset is against the latest Jeff's tree which contains my VF multicast promiscuous mode patches. Hiroshi Shimamoto (3): ixgbevf: refactor ixgbevf_update_mc_addr_list_vf ixgbe, ixgbevf: error MC promisc unless trusted ixgbe: ping to reset on changing trust status drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 32 -- drivers/net/ethernet/intel/ixgbevf/vf.c| 46 +++--- 2 files changed, 55 insertions(+), 23 deletions(-) -- 1.8.3.1
[PATCH 2/3] ixgbe, ixgbevf: error MC promisc unless trusted
From: Hiroshi Shimamoto
Make PF returns an error to VF multicast promiscuous mode if the VF is not
trusted. On VF, check the result from PF and fallback to previous behavior
that only 30 addresses are registered.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 9 +
drivers/net/ethernet/intel/ixgbevf/vf.c| 21 +
2 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 6c602bc..5eb3108 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1074,6 +1074,10 @@ static int ixgbe_set_vf_mc_promisc(struct ixgbe_adapter
*adapter,
if (adapter->vfinfo[vf].mc_promisc == enable)
return 0;
+ /* Don't enable MC promisc unless VF is trusted */
+ if (enable && !adapter->vfinfo[vf].trusted)
+ return -1;
+
adapter->vfinfo[vf].mc_promisc = enable;
if (enable)
@@ -1513,10 +1517,7 @@ int ixgbe_ndo_set_vf_trust(struct net_device *netdev,
int vf, bool setting)
adapter->vfinfo[vf].trusted = setting;
- /* Reconfigure features which are only allowed for trusted VF */
- /* VF multicast promiscuous mode */
- if (adapter->vfinfo[vf].mc_promisc)
- ixgbe_enable_vf_mc_promisc(adapter, vf);
+ /* TODO: reset to reconfigure features */
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c
b/drivers/net/ethernet/intel/ixgbevf/vf.c
index 89aecd0..6547c17 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.c
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.c
@@ -430,6 +430,7 @@ static s32 ixgbevf_request_mc_promisc_vf(struct ixgbe_hw
*hw)
{
struct ixgbevf_adapter *adapter = hw->back;
u32 msgbuf[IXGBE_VFMAILBOX_SIZE];
+ int err;
dev_info(&adapter->pdev->dev, "Request MC PROMISC\n");
@@ -439,7 +440,17 @@ static s32 ixgbevf_request_mc_promisc_vf(struct ixgbe_hw
*hw)
msgbuf[0] = IXGBE_VF_SET_MC_PROMISC;
msgbuf[1] = 1;
- ixgbevf_write_msg_read_ack(hw, msgbuf, 2);
+ err = hw->mbx.ops.write_posted(hw, msgbuf, 2);
+ if (err)
+ return err;
+ err = hw->mbx.ops.read_posted(hw, msgbuf, 2);
+ if (err)
+ return err;
+
+ msgbuf[0] &= ~IXGBE_VT_MSGTYPE_CTS;
+
+ if (msgbuf[0] == (IXGBE_VF_SET_MC_PROMISC | IXGBE_VT_MSGTYPE_NACK))
+ return -EPERM;
return 0;
}
@@ -474,11 +485,13 @@ static s32 ixgbevf_update_mc_addr_list_vf(struct ixgbe_hw
*hw,
* mode, turn it on.
*/
if (hw->api_version == ixgbe_mbox_api_12) {
- if (!hw->mac.mc_promisc) {
- ixgbevf_request_mc_promisc_vf(hw);
+ if (!hw->mac.mc_promisc &&
+ !ixgbevf_request_mc_promisc_vf(hw)) {
hw->mac.mc_promisc = true;
}
- return 0;
+ /* If we are in MC promisc, return here */
+ if (hw->mac.mc_promisc)
+ return 0;
}
cnt = 30;
}
--
1.8.3.1
[PATCH 1/3] ixgbevf: refactor ixgbevf_update_mc_addr_list_vf
From: Hiroshi Shimamoto
Add ixgbevf_request_mc_promisc_vf which is for request VF multicast
promiscuous mode, and move the codes from ixgbevf_update_mc_addr_list_vf.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbevf/vf.c | 29 +++--
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c
b/drivers/net/ethernet/intel/ixgbevf/vf.c
index b5aac76..89aecd0 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.c
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.c
@@ -426,6 +426,24 @@ static void ixgbevf_write_msg_read_ack(struct ixgbe_hw *hw,
mbx->ops.read_posted(hw, retmsg, size);
}
+static s32 ixgbevf_request_mc_promisc_vf(struct ixgbe_hw *hw)
+{
+ struct ixgbevf_adapter *adapter = hw->back;
+ u32 msgbuf[IXGBE_VFMAILBOX_SIZE];
+
+ dev_info(&adapter->pdev->dev, "Request MC PROMISC\n");
+
+ memset(msgbuf, 0, sizeof(msgbuf));
+
+ /* enabling multicast promiscuous */
+ msgbuf[0] = IXGBE_VF_SET_MC_PROMISC;
+ msgbuf[1] = 1;
+
+ ixgbevf_write_msg_read_ack(hw, msgbuf, 2);
+
+ return 0;
+}
+
/**
* ixgbevf_update_mc_addr_list_vf - Update Multicast addresses
* @hw: pointer to the HW structure
@@ -457,18 +475,9 @@ static s32 ixgbevf_update_mc_addr_list_vf(struct ixgbe_hw
*hw,
*/
if (hw->api_version == ixgbe_mbox_api_12) {
if (!hw->mac.mc_promisc) {
- struct ixgbevf_adapter *adapter = hw->back;
-
- dev_info(&adapter->pdev->dev, "Request MC
PROMISC\n");
-
- /* enabling multicast promiscuous */
- msgbuf[0] = IXGBE_VF_SET_MC_PROMISC;
- msgbuf[1] = 1;
- ixgbevf_write_msg_read_ack(hw, msgbuf, 2);
-
+ ixgbevf_request_mc_promisc_vf(hw);
hw->mac.mc_promisc = true;
}
-
return 0;
}
cnt = 30;
--
1.8.3.1
N�r��yb�X��ǧv�^�){.n�+���z�^�)w* jg���
�ݢj/���z�ޖ��2�ޙ&�)ߡ�a����
�G���h��j:+v���w��٥
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> > -Original Message- > > From: Rose, Gregory V > > Sent: Tuesday, May 26, 2015 7:01 PM > > To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired- > > l...@lists.osuosl.org > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi, > > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > sassm...@redhat.com > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > -Original Message- > > > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com] > > > Sent: Tuesday, May 26, 2015 5:28 PM > > > To: Rose, Gregory V; Skidmore, Donald C; Kirsher, Jeffrey T; > > > intel-wired- l...@lists.osuosl.org > > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi, > > > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > > sassm...@redhat.com > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > -Original Message- > > > > > From: Skidmore, Donald C > > > > > Sent: Tuesday, May 26, 2015 10:46 AM > > > > > To: Hiroshi Shimamoto; Rose, Gregory V; Kirsher, Jeffrey T; > > > > > intel-wired- l...@lists.osuosl.org > > > > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; > > > > > Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > > > > sassm...@redhat.com > > > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > > > > > > > > > > > [snip] > > > > > > > > > > > > > > > -Original Message- > > > > > > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com] > > > > > > Sent: Monday, May 25, 2015 6:00 PM > > > > > > To: Skidmore, Donald C; Rose, Gregory V; Kirsher, Jeffrey T; > > > > > > intel-wired- l...@lists.osuosl.org > > > > > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; > > > > > > Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or > > > > > > Gerlitz; sassm...@redhat.com > > > > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > > > > > > > > > > > Do you mean that VF should care about it is trusted or not? > > > > > > Should VF request MC Promisc again when it's trusted? > > > > > > Or, do you mean VF never be trusted during its (or VM's) lifetime? > > > > > > > > > > I think the VF shouldn't directly know whether it is trusted or > > > > > not > > > > > > > > That's completely irrevelant. The person administering the PF will > > > > be the person who provided trusted privileges to the VF. He'll then > > > > *tell* or somehow other communicate to the person administering the > > > > VF > > > (probably himself/herself) and then proceed to execute commands on > > > that VF that require trusted privileges. > > > > > > > > If the VF does not have trusted privileges then the commands to add > > > > VLAN filters, set promiscuous modes, and any other privileged > > > > commands > > > will fail. > > > > > > > > Let's not get too fancy with this. It's simple - the host VMM admin > > > > provides trusted privileges to the VF. The person administering the > > > > VF (if in fact it is not the same person, it usually will be) will > > > proceed to do things that require VF trusted privileges. > > > > > > Now I think that it's better to have an interface between PF and VF to > > > know the VF is trusted. > > > Otherwise VM cannot know whether its VF is trusted, that prevents > > > automatic operations. > > > > Agreed, it would be silly for the VF to have privileges but not know that > > it can > > use them! > > > > > Or add another communicating interface outside of ixgbe PF-VF mbox API? > > > > We can't depend on any given vendor specific interface. I'd add a very > > clear > > comment in the Physical Function ndo op that gives a VF trusted privileges > > that it is up to the driver to notify the VF driver. But yes, in the case > > of Intel > > drivers the mailbox or admin queue (for i40e) would be the mechanism to do > > th
RE: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
> Subject: Re: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to > disable VLAN filter > > On 05/26/2015 06:11 PM, Hiroshi Shimamoto wrote: > >> On 05/21/2015 06:10 AM, Hiroshi Shimamoto wrote: > >>> From: Hiroshi Shimamoto > >>> > >>> Introduce module parameter "disable_hw_vlan_filter" to disable HW VLAN > >>> filter on ixgbe module load. > >>> > >>> From the hardware limitation, there are only 64 VLAN entries for HW VLAN > >>> filter, and it leads to limit the number of VLANs up to 64 among PF and > >>> VFs. For SDN/NFV case, we need to handle unlimited VLAN packets on VF. > >>> In such case, every VLAN packet can be transmitted to each VF. > >>> > >>> When we try to make VLAN devices on VF, the 65th VLAN registration fails > >>> and never be able to receive a packet with that VLAN tag. > >>> If we do the below command on VM, ethX.65 to ethX.100 cannot be created. > >>> # for i in `seq 1 100`; do \ > >>> ip link add link ethX name ethX.$i type vlan id $i; done > >>> > >>> There is a capability to disable HW VLAN filter and that makes all VLAN > >>> tagged packets can be transmitted to every VFs. After VLAN filter stage, > >>> unicast packets are transmitted to VF which has the MAC address same as > >>> the transmitting packet. > >>> > >>> With this patch and "disable_hw_vlan_filter=1", we can use unlimited > >>> number of VLANs on VF. > >>> > >>> Disabling HW VLAN filter breaks some NIC features such as DCB and FCoE. > >>> DCB and FCoE are disabled when HW VLAN filter is disabled by this module > >>> parameter. > >>> Because of that reason, the administrator has to know that before turning > >>> off HW VLAN filter. > >> You might also want to note that it makes the system susceptible to > >> broadcast/multicast storms since it eliminates any/all VLAN isolation. > >> So a broadcast or multicast packet on one VLAN is received on ALL > >> interfaces regardless of their VLAN configuration. In addition the > >> current VF driver is likely to just receive the packet as untagged, see > >> ixgbevf_process_skb_fields(). As a result one or two VFs can bring the > >> entire system to a crawl by saturating the PCIe bus via > >> broadcast/multicast traffic since there is nothing to prevent them from > >> talking to each other over VLANs that are no longer there. > > that's right. > > > > On the other hand, an untagged packet is not isolated, > > doesn't it same broadcast/multicast storm on untagged network? > > Yes, that is one of the reasons for VLANs. It provides isolation so > that if you have two entities on the same network you won't have entity > A able to talk to entity B. The problem is with VLAN promiscuous > enabled if entity B is a VF it will see the traffic but has no way to > know that it was VLAN tagged and a part of entity A's VLAN. Sorry, I guess I failed to make a question to clarify. Occupying PCIe bus with broadcast/multicast packets causes performance degradation. VLAN filter can isolate traffic and reduce PCIe bus usage, but untagged broadcast/multicast traffic is still problem, I think. What is difference between tagged packet and untagged packet? > > > > >> For the sake of backwards compatibility I would say that a feature like > >> this should be mutually exclusive with SR-IOV as well since it will > >> cause erratic behavior. The VF will receive requests from all VLANs > >> thinking the traffic is untagged, and then send replies back to VLAN 0 > >> even though that isn't where the message originated. > > Sorry, I couldn't catch the above part. > > Could you explain a bit more? > > > > thanks, > > Hiroshi > > > >> Until the VF issue > >> is fixed this type of feature is a no-go. > > > > The current behavior for a VF is that if it receives a VLAN that it > didn't request it assumes it is operating in port VLAN mode. The > problem is with your patch the VF will be receiving all traffic but have > no idea which VLAN it came from. As a result it could be replying to > multicast or broadcast requests on one VLAN with the wrong VLAN ID. > > The VLAN behavior of the VF drivers will need to be fixed before > something like that could be supported with ANY of the VFs. As such you > will probably need to fix the VF driver in order to allow any of them to > come online when VLAN filtering is disabled, as the driver will need to > report the VLAN tag ID up to the stack. Thanks, that explains cleaner, I think I got the issue. I have to check the exact behavior on my box to understand correctly, will do. thanks, Hiroshi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
> On 05/21/2015 06:10 AM, Hiroshi Shimamoto wrote: > > From: Hiroshi Shimamoto > > > > Introduce module parameter "disable_hw_vlan_filter" to disable HW VLAN > > filter on ixgbe module load. > > > > From the hardware limitation, there are only 64 VLAN entries for HW VLAN > > filter, and it leads to limit the number of VLANs up to 64 among PF and > > VFs. For SDN/NFV case, we need to handle unlimited VLAN packets on VF. > > In such case, every VLAN packet can be transmitted to each VF. > > > > When we try to make VLAN devices on VF, the 65th VLAN registration fails > > and never be able to receive a packet with that VLAN tag. > > If we do the below command on VM, ethX.65 to ethX.100 cannot be created. > ># for i in `seq 1 100`; do \ > > ip link add link ethX name ethX.$i type vlan id $i; done > > > > There is a capability to disable HW VLAN filter and that makes all VLAN > > tagged packets can be transmitted to every VFs. After VLAN filter stage, > > unicast packets are transmitted to VF which has the MAC address same as > > the transmitting packet. > > > > With this patch and "disable_hw_vlan_filter=1", we can use unlimited > > number of VLANs on VF. > > > > Disabling HW VLAN filter breaks some NIC features such as DCB and FCoE. > > DCB and FCoE are disabled when HW VLAN filter is disabled by this module > > parameter. > > Because of that reason, the administrator has to know that before turning > > off HW VLAN filter. > > You might also want to note that it makes the system susceptible to > broadcast/multicast storms since it eliminates any/all VLAN isolation. > So a broadcast or multicast packet on one VLAN is received on ALL > interfaces regardless of their VLAN configuration. In addition the > current VF driver is likely to just receive the packet as untagged, see > ixgbevf_process_skb_fields(). As a result one or two VFs can bring the > entire system to a crawl by saturating the PCIe bus via > broadcast/multicast traffic since there is nothing to prevent them from > talking to each other over VLANs that are no longer there. that's right. On the other hand, an untagged packet is not isolated, doesn't it same broadcast/multicast storm on untagged network? > > For the sake of backwards compatibility I would say that a feature like > this should be mutually exclusive with SR-IOV as well since it will > cause erratic behavior. The VF will receive requests from all VLANs > thinking the traffic is untagged, and then send replies back to VLAN 0 > even though that isn't where the message originated. Sorry, I couldn't catch the above part. Could you explain a bit more? thanks, Hiroshi > Until the VF issue > is fixed this type of feature is a no-go. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> > -Original Message- > > From: Skidmore, Donald C > > Sent: Tuesday, May 26, 2015 10:46 AM > > To: Hiroshi Shimamoto; Rose, Gregory V; Kirsher, Jeffrey T; intel-wired- > > l...@lists.osuosl.org > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi, Sy > > Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > sassm...@redhat.com > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > [snip] > > > > > > -Original Message- > > > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com] > > > Sent: Monday, May 25, 2015 6:00 PM > > > To: Skidmore, Donald C; Rose, Gregory V; Kirsher, Jeffrey T; > > > intel-wired- l...@lists.osuosl.org > > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi, > > > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > > sassm...@redhat.com > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > > Do you mean that VF should care about it is trusted or not? > > > Should VF request MC Promisc again when it's trusted? > > > Or, do you mean VF never be trusted during its (or VM's) lifetime? > > > > I think the VF shouldn't directly know whether it is trusted or not > > That's completely irrevelant. The person administering the PF will be the > person who provided trusted privileges to the > VF. He'll then *tell* or somehow other communicate to the person > administering the VF (probably himself/herself) and > then proceed to execute commands on that VF that require trusted privileges. > > If the VF does not have trusted privileges then the commands to add VLAN > filters, set promiscuous modes, and any other > privileged commands will fail. > > Let's not get too fancy with this. It's simple - the host VMM admin provides > trusted privileges to the VF. The person > administering the VF (if in fact it is not the same person, it usually will > be) will proceed to do things that require > VF trusted privileges. Now I think that it's better to have an interface between PF and VF to know the VF is trusted. Otherwise VM cannot know whether its VF is trusted, that prevents automatic operations. Or add another communicating interface outside of ixgbe PF-VF mbox API? > > > . It > > should request MC Promisc and get it if it is trusted and not if it is not > > trusted. So if you (as the system admin know you have a VF that will need > > to request MC Promisc make sure you promote that VF to trusted before > > assigning it to a VM. That way when it requests MC Promisc the PF will be > > able to grant it. > > > > Multicast promiscuous should be allowed for the VFs. We already allow VFs to > set whatever multicast filters they want > so if they want to go into MPE then so what? We don't care. It's not a > security risk. Right now, without any modification, > the VF can set 30 multicast filters and listen. It can then remove those and > set another 30 filters and listen. And > so on and so on. So if a VF can already listen on any MC filter it wants > then why this artificial restriction on MC promiscuous > mode. I'm fine with that, previously I mentioned about that. Without resetting PF, we can listen every MC packet which hash was set. PF reset will restore the last 30 MC addresses per VF. Also there is a single hash entries table, all VFs will got a MC packet which hash was set in the table. If a VF user set a filter, other users will receive that MC packet. > > We don't care about this case. Unicast promiscuous is the security risk and I > think we've handled that. So, should we separate the discussion, about trusting VF operation and about MC promiscuous? > > > > > > > > > And what do you think about being untrusted from trusted state? > > > > This is an interesting question. If we allowed a VM to go from trusted -> > > untrusted we would have to turn off any "special" configuration that > > trusted allowed. Maybe in such cases we could reset the PF? And of > > course require all the "special" configuration (MC Promisc) to default to > > off after being reset. > > > > To remove privileges from a VF that you're already set to privileged will > require destruction of the VF VSI and VFLR to > the VF - after it comes up it can't do any further privileged operations. yeah, sounds good to reset VF on changing privilege. > > [snip > > > This too is a valid point. Currently we would just not do i
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> > -Original Message-
> > From: Rose, Gregory V
> > Sent: Friday, May 22, 2015 8:08 AM
> > To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
> > l...@lists.osuosl.org
> > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi,
> > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
> > sassm...@redhat.com
> > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> >
> >
> > > -Original Message-
> > > From: Intel-wired-lan
> > > [mailto:intel-wired-lan-boun...@lists.osuosl.org] On Behalf Of Hiroshi
> > > Shimamoto
> > > Sent: Thursday, May 21, 2015 7:31 PM
> > > To: Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
> > > l...@lists.osuosl.org
> > > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux Netdev List; Choi,
> > > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz;
> > > sassm...@redhat.com
> > > Subject: Re: [Intel-wired-lan] [PATCH v5 3/3] ixgbe: Add new ndo to
> > > trust VF
> > >
> >
> > [big snip]
> >
> > > I think your concerns are related to some operational assumptions.
> > > My basic concept is, not to change the behavior of VM, existing user
> > > operation.
> > > I mean that I didn't think it's better that the user should check the
> > > both of the ixgbevf driver can deal with new API and the VF is trusted.
> > >
> > > Now, I think the point is who takes care whether the VF is trusted. Right?
> > > It seems that you think the VF user should handle that user is trusted
> > > and do something with a notice that "you're trusted or untrusted" from
> > > the host.
> > > Is that correct?
> > > I made it in PF side, because it looks easy to handle it. If something
> > > to do in VF side, I think ixgbevf driver should handle it.
> >
> > Setting the VF trusted mode feature should only be allowed through the PF
> > as it is the only trusted entity from the start. We do not want the VF
> > being
> > able to decide for itself to be trusted.
> >
> > - Greg
> >
>
> I completely agree with Greg and never meant to imply anything else.
>
> The PF should be where a given VF is made "trusted". Likewise a VF can get
> promoted to MC Promiscuous buy requesting
> over 30 MC groups. I like this and your patch currently does this. So for
> example below:
>
> PFVF
> -----
> Set given VF as trusted
> Request 30+ MC groups via Mail Box
> Put PF in MC Promiscuous mode
>
>
> What I am concerned about is the following flow where we seem to store the
> fact the VF requests more than 30+ MC groups
> so that we can automatically enter MC Promisc Mode if that VF is ever made
> trusted.
>
> PFVF
> --- --
> Currently VF is NOT trusted
> Request 30+ MC groups via Mail Box
> Do NOT put PF in MC Promisc
> (hw->mac.mc_promisc = true)
>
> < Some time later >
>
> Set given VF as trusted
> (because mc_promisc set) Put PF in MC Promisc
>
>
> I don't like the fact that the PF remembers that the VF was denied MC
> Promiscuous mode in the past. And because of that
> automatically put the VF in MC Promiscuous mode when it becomes trusted.
> Maybe showing in code what I would like removed/added
> would be more helpful, probably should have started doing that. :)
Do you mean that VF should care about it is trusted or not?
Should VF request MC Promisc again when it's trusted?
Or, do you mean VF never be trusted during its (or VM's) lifetime?
And what do you think about being untrusted from trusted state?
>
> I would remove this bit of code from ixgbe_ndo_set_vf_trust():
>
> int ixgbe_ndo_set_vf_trust(struct net_device *netdev, int vf, bool
> setting) {
> struct ixgbe_adapter *adapter = netdev_priv(netdev);
>
> if (vf >= adapter->num_vfs)
> return -EINVAL;
>
> /* nothing to do */
> if (adapter->vfinfo[vf].trusted == setting)
> return 0;
>
> adapter->vfinfo[vf].trusted = setting;
>
> - /* Reconfigure features which are only allowed for trusted VF */
> - /* VF multicast promiscuous mode */
> - if (adapter->vfinfo[vf].mc_promisc)
> - ixgbe_enable_vf_mc_promisc(adapter, vf);
I understand, you don't t
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> > -Original Message-
> > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
> > Sent: Wednesday, May 20, 2015 9:13 PM
> > To: Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
> > Cc: Or Gerlitz; David Miller; Linux Netdev List; nhor...@redhat.com;
> > sassm...@redhat.com; jogre...@redhat.com; Choi, Sy Jong; Edward Cree;
> > Rony Efraim
> > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> >
> > > > -Original Message-
> > > > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
> > > > Sent: Tuesday, May 19, 2015 5:06 PM
> > > > To: Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
> > > > Cc: Skidmore, Donald C; Or Gerlitz; David Miller; Linux Netdev List;
> > > > nhor...@redhat.com; sassm...@redhat.com; jogre...@redhat.com;
> > Choi,
> > > > Sy Jong; Edward Cree; Rony Efraim
> > > > Subject: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> > > >
> > > > From: Hiroshi Shimamoto
> > > >
> > > > Implement the new netdev op to trust VF in ixgbe and make VF
> > > > multicast promiscuous mode enabled only in trusted VF.
> > > >
> > > > The administrator can make VF trusted by ip command which supports
> > > > trust message.
> > > > # ip link set dev eth0 vf 1 trust on
> > > >
> > > > After making VF untrusted, ixgbe disables VF multicast promiscuous
> > > > feature requested from VF.
> > > > # ip link set dev eth0 vf 1 trust off
> > > >
> > > > Only trusted VF can enable VF multicast promiscuous mode and handle
> > > > over
> > > > 30 IPv6 addresses on VM, because VF multicast promiscuous mode may
> > > > hurt performance.
> > > >
> > > > Signed-off-by: Hiroshi Shimamoto
> > > > Reviewed-by: Hayato Momma
> > > > CC: Choi, Sy Jong
> > > > ---
> > > > drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
> > > > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 5
> > > > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 38
> > > > +++---
> > > > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 ++
> > > > 4 files changed, 42 insertions(+), 4 deletions(-)
> > > >
> > > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > > > b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > > > index 08e65b6..5181a4d 100644
> > > > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > > > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > > > @@ -153,6 +153,7 @@ struct vf_data_storage {
> > > > u16 vlan_count;
> > > > u8 spoofchk_enabled;
> > > > bool rss_query_enabled;
> > > > + u8 trusted;
> > > > unsigned int vf_api;
> > > > };
> > > >
> > > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > > > b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > > > index b1ea707..263cb40 100644
> > > > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > > > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > > > @@ -3679,6 +3679,10 @@ static void
> > > > ixgbe_configure_virtualization(struct
> > > > ixgbe_adapter *adapter)
> > > > /* Enable/Disable RSS query feature */
> > > > ixgbe_ndo_set_vf_rss_query_en(adapter->netdev, i,
> > > > adapter-
> > > > >vfinfo[i].rss_query_enabled);
> > > > +
> > > > + /* Reconfigure features in trusted */
> > > > + ixgbe_ndo_set_vf_trust(adapter->netdev, i,
> > > > + adapter->vfinfo[i].trusted);
> > > > }
> > > > }
> > > >
> > > > @@ -8182,6 +8186,7 @@ static const struct net_device_ops
> > > > ixgbe_netdev_ops = {
> > > > .ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
> > > > .ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
> > > > .ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
> > > > + .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
> > > > .ndo_get_vf_config = ixgbe_ndo_get_vf_config,
> > > >
RE: [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
> Subject: Re: [PATCH v5] ixgbe: Add module parameter to disable VLAN filter > > From: Hiroshi Shimamoto > Date: Thu, 21 May 2015 13:10:49 + > > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c > > b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c > > index 263cb40..b45570f 100644 > > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c > > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c > > @@ -158,6 +158,10 @@ module_param(allow_unsupported_sfp, uint, 0); > > MODULE_PARM_DESC(allow_unsupported_sfp, > > "Allow unsupported and untested SFP+ modules on 82599-based > > adapters"); > > > > +static unsigned int disable_hw_vlan_filter; > > +module_param(disable_hw_vlan_filter, uint, 0); > > +MODULE_PARM_DESC(disable_hw_vlan_filter, "Disable HW VLAN filter"); > > Sorry, module parameters like this are not allowed. > > You must use a generic, portable interface, to configure networking > device settings. Could you please tell me which interface is good for this? > > Otherwise every other driver that wants to do something similar will > have yet another module option with a different name, and every user > will suffer because they will need to learn a different mechanism > to perform this configuration for every driver. Right, I agree. But I thought that this requirement seems really special and closed in ixgbe driver, that the reason I tried it with module parameter. thanks, Hiroshi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v5] ixgbe: Add module parameter to disable VLAN filter
From: Hiroshi Shimamoto
Introduce module parameter "disable_hw_vlan_filter" to disable HW VLAN
filter on ixgbe module load.
>From the hardware limitation, there are only 64 VLAN entries for HW VLAN
filter, and it leads to limit the number of VLANs up to 64 among PF and
VFs. For SDN/NFV case, we need to handle unlimited VLAN packets on VF.
In such case, every VLAN packet can be transmitted to each VF.
When we try to make VLAN devices on VF, the 65th VLAN registration fails
and never be able to receive a packet with that VLAN tag.
If we do the below command on VM, ethX.65 to ethX.100 cannot be created.
# for i in `seq 1 100`; do \
ip link add link ethX name ethX.$i type vlan id $i; done
There is a capability to disable HW VLAN filter and that makes all VLAN
tagged packets can be transmitted to every VFs. After VLAN filter stage,
unicast packets are transmitted to VF which has the MAC address same as
the transmitting packet.
With this patch and "disable_hw_vlan_filter=1", we can use unlimited
number of VLANs on VF.
Disabling HW VLAN filter breaks some NIC features such as DCB and FCoE.
DCB and FCoE are disabled when HW VLAN filter is disabled by this module
parameter.
Because of that reason, the administrator has to know that before turning
off HW VLAN filter.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 29 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 5181a4d..492615d 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -632,6 +632,7 @@ struct ixgbe_adapter {
#define IXGBE_FLAG_FCOE_ENABLED (u32)(1 << 21)
#define IXGBE_FLAG_SRIOV_CAPABLE(u32)(1 << 22)
#define IXGBE_FLAG_SRIOV_ENABLED(u32)(1 << 23)
+#define IXGBE_FLAG_VLAN_FILTER_ENABLED (u32)(1 << 24)
u32 flags2;
#define IXGBE_FLAG2_RSC_CAPABLE (u32)(1 << 0)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 263cb40..b45570f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -158,6 +158,10 @@ module_param(allow_unsupported_sfp, uint, 0);
MODULE_PARM_DESC(allow_unsupported_sfp,
"Allow unsupported and untested SFP+ modules on 82599-based
adapters");
+static unsigned int disable_hw_vlan_filter;
+module_param(disable_hw_vlan_filter, uint, 0);
+MODULE_PARM_DESC(disable_hw_vlan_filter, "Disable HW VLAN filter");
+
#define DEFAULT_MSG_ENABLE (NETIF_MSG_DRV|NETIF_MSG_PROBE|NETIF_MSG_LINK)
static int debug = -1;
module_param(debug, int, 0);
@@ -4159,6 +4163,9 @@ void ixgbe_set_rx_mode(struct net_device *netdev)
hw->addr_ctrl.user_set_promisc = false;
}
+ if (!(adapter->flags & IXGBE_FLAG_VLAN_FILTER_ENABLED))
+ vlnctrl &= ~(IXGBE_VLNCTRL_VFE | IXGBE_VLNCTRL_CFIEN);
+
/*
* Write addresses to available RAR registers, if there is not
* sufficient space to store all the addresses then enable
@@ -5251,6 +5258,22 @@ static int ixgbe_sw_init(struct ixgbe_adapter *adapter)
#endif /* CONFIG_IXGBE_DCB */
#endif /* IXGBE_FCOE */
+ if (likely(!disable_hw_vlan_filter)) {
+ /* HW VLAN filter is enabled by default */
+ adapter->flags |= IXGBE_FLAG_VLAN_FILTER_ENABLED;
+ } else {
+ e_dev_warn("Disabling HW VLAN filter. "
+ "DCB and FCoE are also disabled.\n");
+#ifdef IXGBE_FCOE
+ /* Disabling FCoE */
+ adapter->flags &= ~IXGBE_FLAG_FCOE_CAPABLE;
+ adapter->flags &= ~IXGBE_FLAG_FCOE_ENABLED;
+#ifdef CONFIG_IXGBE_DCB
+ adapter->fcoe.up = 0;
+#endif /* CONFIG_IXGBE_DCB */
+#endif /* IXGBE_FCOE */
+ }
+
adapter->mac_table = kzalloc(sizeof(struct ixgbe_mac_addr) *
hw->mac.num_rar_entries,
GFP_ATOMIC);
@@ -7733,6 +7756,9 @@ int ixgbe_setup_tc(struct net_device *dev, u8 tc)
ixgbe_clear_interrupt_scheme(adapter);
#ifdef CONFIG_IXGBE_DCB
+ /* Unable to use DCB if HW VLAN filter is disabled */
+ if (!(adapter->flags & IXGBE_FLAG_VLAN_FILTER_ENABLED))
+ tc = 0;
if (tc) {
netdev_set_num_tc(dev, tc);
ixgbe_set_prio_tc_map(adapter);
@@ -8562,7 +8588,8 @@ skip_sriov:
}
netdev->hw_features |= NETIF_F_RXALL;
- netdev->features |= NETIF_F_HW_VLAN_CTAG_FILTER;
+ if
RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> > -Original Message-
> > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
> > Sent: Tuesday, May 19, 2015 5:06 PM
> > To: Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
> > Cc: Skidmore, Donald C; Or Gerlitz; David Miller; Linux Netdev List;
> > nhor...@redhat.com; sassm...@redhat.com; jogre...@redhat.com;
> > Choi, Sy Jong; Edward Cree; Rony Efraim
> > Subject: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF
> >
> > From: Hiroshi Shimamoto
> >
> > Implement the new netdev op to trust VF in ixgbe and make VF multicast
> > promiscuous mode enabled only in trusted VF.
> >
> > The administrator can make VF trusted by ip command which supports trust
> > message.
> > # ip link set dev eth0 vf 1 trust on
> >
> > After making VF untrusted, ixgbe disables VF multicast promiscuous feature
> > requested from VF.
> > # ip link set dev eth0 vf 1 trust off
> >
> > Only trusted VF can enable VF multicast promiscuous mode and handle over
> > 30 IPv6 addresses on VM, because VF multicast promiscuous mode may hurt
> > performance.
> >
> > Signed-off-by: Hiroshi Shimamoto
> > Reviewed-by: Hayato Momma
> > CC: Choi, Sy Jong
> > ---
> > drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
> > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 5
> > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 38
> > +++---
> > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 ++
> > 4 files changed, 42 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > index 08e65b6..5181a4d 100644
> > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
> > @@ -153,6 +153,7 @@ struct vf_data_storage {
> > u16 vlan_count;
> > u8 spoofchk_enabled;
> > bool rss_query_enabled;
> > + u8 trusted;
> > unsigned int vf_api;
> > };
> >
> > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > index b1ea707..263cb40 100644
> > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > @@ -3679,6 +3679,10 @@ static void ixgbe_configure_virtualization(struct
> > ixgbe_adapter *adapter)
> > /* Enable/Disable RSS query feature */
> > ixgbe_ndo_set_vf_rss_query_en(adapter->netdev, i,
> > adapter-
> > >vfinfo[i].rss_query_enabled);
> > +
> > + /* Reconfigure features in trusted */
> > + ixgbe_ndo_set_vf_trust(adapter->netdev, i,
> > + adapter->vfinfo[i].trusted);
> > }
> > }
> >
> > @@ -8182,6 +8186,7 @@ static const struct net_device_ops
> > ixgbe_netdev_ops = {
> > .ndo_set_vf_rate= ixgbe_ndo_set_vf_bw,
> > .ndo_set_vf_spoofchk= ixgbe_ndo_set_vf_spoofchk,
> > .ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
> > + .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
> > .ndo_get_vf_config = ixgbe_ndo_get_vf_config,
> > .ndo_get_stats64= ixgbe_get_stats64,
> > #ifdef CONFIG_IXGBE_DCB
> > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> > b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> > index 615f651..6c602bc 100644
> > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
> > @@ -117,8 +117,11 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter
> > *adapter)
> > */
> > adapter->vfinfo[i].rss_query_enabled = 0;
> >
> > - /* Turn multicast promiscuous mode off for all VFs */
> > + /* Disallow VF multicast promiscuous capability
> > +* and turn it off for all VFs
> > +*/
> > adapter->vfinfo[i].mc_promisc = false;
> > + adapter->vfinfo[i].trusted = false;
> > }
> >
> > return 0;
> > @@ -329,9 +332,14 @@ static int ixgbe_enable_vf_mc_promisc(struct
> > ixgbe_adapter *adapter, u32 vf)
> > hw = &adapter->hw;
> > vmolr = IXGBE_READ_REG(hw, IXGBE_VMOLR(vf));
> >
> > - e_info(drv, "VF %u: enabling multicast promiscuous\n", vf);
> > -
> > - vmolr |= IXGBE_VMOLR_MPE;
>
