lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Oct 2022 13:42:06 +0200
From:   Steen Hegelund <steen.hegelund@...rochip.com>
To:     "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
CC:     Steen Hegelund <steen.hegelund@...rochip.com>,
        <UNGLinuxDriver@...rochip.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Casper Andersson" <casper.casan@...il.com>,
        Russell King <rmk+kernel@...linux.org.uk>,
        Wan Jiabing <wanjiabing@...o.com>,
        "Nathan Huckleberry" <nhuck@...gle.com>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>
Subject: [PATCH net-next v2 0/9]  Add support for Sparx5 IS2 VCAP

This provides initial support for the Sparx5 VCAP functionality via the 'tc'
traffic control userspace tool and its flower filter.

Version History:
================
v2      Made the KUNIT test model a superset of the real model to fix a
        kernel robot build error.

v1      Initial version

Overview:
=========

The supported flower filter keys and actions are:

- source and destination MAC address keys
- trap action
- pass action

The supported Sparx5 VCAPs are: IS2 (see below for more info)

The VCAP (Versatile Content-Aware Processor) feature is essentially a TCAM with
rules consisting of:

- Programmable key fields
- Programmable action fields
- A counter (which may be only one bit wide)

Besides this each VCAP has:

- A number of independent lookups
- A keyset configuration typically per port per lookup

VCAPs are used in many of the TSN features such as PSFP, PTP, FRER as well as
the general shaping, policing and access control, so it is an important building
block for these advanced features.

Functionality:
==============

When a frame is passed to a VCAP the VCAP will generate a set of keys (keyset)
based on the traffic type.  If there is a rule created with this keyset in the
VCAP and the values of the keys matches the values in the keyset of the frame,
the rule is said to match and the actions in the rule will be executed and the
rule counter will be incremented.  No more rules will be examined in this VCAP
lookup.

If there is no match in the current lookup the frame will be matched against the
next lookup (some VCAPs do the processing of the lookups in parallel).

The Sparx5 SoC has 6 different VCAP types:

- IS0: Ingress Stage 0 (AKA CLM) mostly handles classification
- IS2: Ingress Stage 2 mostly handles access control
- IP6PFX: IPv6 prefix: Provides tables for IPV6 address management
- LPM: Longest Path Match for IP guarding and routing
- ES0: Egress Stage 0 is mostly used for CPU copying and multicast handling
- ES2: Egress Stage 2 is known as the rewriter and mostly updates tags


Design:
=======

The VCAP implementation provides switchcore independent handling of rules
and supports:

- Creating and deleting rules
- Updating and getting rules

The platform specific API implementation as well as the platform specific model
of the VCAP instances are attached to the VCAP API and a client can then
access rules via the API in a platform independent way, with the
limitations that each VCAP has in terms of is supported keys and actions.

The VCAP model is generated from information delivered by the designers if the
VCAP hardware.

Here is an illustration of this:

  +------------------+     +------------------+
  | TC flower filter |     | PTP client       |
  | for Sparx5       |     | for Sparx5       |
  +-------------\----+     +---------/--------+
                 \                  /
                  \                /
                   \              /
                    \            /
                     \          /
                 +----v--------v----+
                 |     VCAP API     |
                 +---------|--------+
                           |
                           |
                           |
                           |
                 +---------v--------+
                 |   VCAP control   |
                 |   instance       |
                 +----/--------|----+
                     /         |
                    /          |
                   /           |
                  /            |
  +--------------v---+    +----v-------------+
  |   Sparx5 VCAP    |    | Sparx5 VCAP API  |
  |   model          |    | Implementation   |
  +------------------+    +---------|--------+
                                    |
                                    |
                                    |
                                    |
                          +---------v--------+
                          | Sparx5 VCAP HW   |
                          +------------------+

Delivery:
=========

For now only the IS2 is supported but later the IS0, ES0 and ES2 will be added.
There are currently no plans to support the IP6PFX and the LPM VCAPs.

The IS2 VCAP has 4 lookups and they are accessible with a TC chain id:

- chain 8000000: IS2 Lookup 0
- chain 8100000: IS2 Lookup 1
- chain 8200000: IS2 Lookup 2
- chain 8300000: IS2 Lookup 3

These lookups are executed in parallel by the IS2 VCAP but the actions are
executed in series (the datasheet explains what happens if actions overlap).

The functionality of TC flower as well as TC matchall filters will be expanded
in later submissions as well as the number of VCAPs supported.

This is current plan:

- add support for more TC flower filter keys and extend the Sparx5 port keyset
  configuration
- support for TC protocol all
- debugfs support for inspecting rules
- TC flower filter statistics
- Sparx5 IS0 VCAP support and more TC keys and actions to support this
- add TC policer and drop action support (depends on the Sparx5 QoS support
  upstreamed separately)
- Sparx5 ES0 VCAP support and more TC actions to support this
- TC flower template support
- TC matchall filter support for mirroring and policing ports
- TC flower filter mirror action support
- Sparx5 ES2 VCAP support


The LAN966x switchcore will also be updated to use the VCAP API as well as
future Microchip switches.
The LAN966x has 3 VCAPS (IS1, IS2 and ES0) and a slightly different keyset and
actionset portfolio than Sparx5.

Steen Hegelund (9):
  net: microchip: sparx5: Adding initial VCAP API support
  net: microchip: sparx5: Adding IS2 VCAP model to VCAP API
  net: microchip: sparx5: Adding IS2 VCAP register interface
  net: microchip: sparx5: Adding initial tc flower support for VCAP API
  net: microchip: sparx5: Adding port keyset config and callback
    interface
  net: microchip: sparx5: Adding basic rule management in VCAP API
  net: microchip: sparx5: Writing rules to the IS2 VCAP
  net: microchip: sparx5: Adding KUNIT test VCAP model
  net: microchip: sparx5: Adding KUNIT test for the VCAP API

 MAINTAINERS                                   |    1 +
 drivers/net/ethernet/microchip/Kconfig        |    1 +
 drivers/net/ethernet/microchip/Makefile       |    1 +
 drivers/net/ethernet/microchip/sparx5/Kconfig |    1 +
 .../net/ethernet/microchip/sparx5/Makefile    |    8 +-
 .../ethernet/microchip/sparx5/sparx5_main.c   |    9 +
 .../ethernet/microchip/sparx5/sparx5_main.h   |    6 +
 .../microchip/sparx5/sparx5_main_regs.h       |  460 +-
 .../net/ethernet/microchip/sparx5/sparx5_tc.c |   46 +
 .../net/ethernet/microchip/sparx5/sparx5_tc.h |   14 +
 .../microchip/sparx5/sparx5_tc_flower.c       |  256 +
 .../microchip/sparx5/sparx5_vcap_ag_api.c     | 1351 ++++
 .../microchip/sparx5/sparx5_vcap_ag_api.h     |   18 +
 .../microchip/sparx5/sparx5_vcap_impl.c       |  527 ++
 .../microchip/sparx5/sparx5_vcap_impl.h       |   20 +
 drivers/net/ethernet/microchip/vcap/Kconfig   |   52 +
 drivers/net/ethernet/microchip/vcap/Makefile  |    9 +
 .../net/ethernet/microchip/vcap/vcap_ag_api.h |  326 +
 .../microchip/vcap/vcap_ag_api_kunit.h        |  643 ++
 .../net/ethernet/microchip/vcap/vcap_api.c    | 1142 ++++
 .../net/ethernet/microchip/vcap/vcap_api.h    |  272 +
 .../ethernet/microchip/vcap/vcap_api_client.h |  195 +
 .../ethernet/microchip/vcap/vcap_api_kunit.c  |  933 +++
 .../microchip/vcap/vcap_model_kunit.c         | 5570 +++++++++++++++++
 .../microchip/vcap/vcap_model_kunit.h         |   10 +
 25 files changed, 11867 insertions(+), 4 deletions(-)
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_vcap_ag_api.c
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_vcap_ag_api.h
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_vcap_impl.c
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_vcap_impl.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/Kconfig
 create mode 100644 drivers/net/ethernet/microchip/vcap/Makefile
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_ag_api.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_ag_api_kunit.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api.c
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api_client.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_model_kunit.c
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_model_kunit.h

-- 
2.38.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ