lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Nov 2022 22:31:06 +0100
From:   Steen Hegelund <steen.hegelund@...rochip.com>
To:     "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
CC:     Steen Hegelund <steen.hegelund@...rochip.com>,
        <UNGLinuxDriver@...rochip.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Casper Andersson" <casper.casan@...il.com>,
        Russell King <rmk+kernel@...linux.org.uk>,
        Wan Jiabing <wanjiabing@...o.com>,
        "Nathan Huckleberry" <nhuck@...gle.com>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        "Steen Hegelund" <Steen.Hegelund@...rochip.com>,
        Daniel Machon <daniel.machon@...rochip.com>,
        Horatiu Vultur <horatiu.vultur@...rochip.com>,
        Lars Povlsen <lars.povlsen@...rochip.com>
Subject: [PATCH net-next v2 0/8] Add support for VCAP debugFS in Sparx5

This provides support for getting VCAP instance, VCAP rule and VCAP port
keyset configuration information via the debug file system.

It builds on top of the initial IS2 VCAP support found in these series:

https://lore.kernel.org/all/20221020130904.1215072-1-steen.hegelund@microchip.com/
https://lore.kernel.org/all/20221109114116.3612477-1-steen.hegelund@microchip.com/
https://lore.kernel.org/all/20221111130519.1459549-1-steen.hegelund@microchip.com/

Functionality:
==============

The VCAP API exposes a /sys/kernel/debug/sparx5/vcaps folder containing
the following entries:

- raw_<vcap>_<instance>
    This is a raw dump of the VCAP instance with a line for each available
    VCAP rule.  This information is limited to the VCAP rule address, the
    rule size and the rule keyset name as this requires very little
    information from the VCAP cache.

    This can be used to detect if a valid rule is stored at the correct
    address.

- <vcap>_<instance>
    This dumps the VCAP instance configuration: address ranges, chain id
    ranges, word size of keys and actions etc, and for each VCAP rule the
    details of keys (values and masks) and actions are shown.

    This is useful when discovering if the expected rule is present and in
    which order it will be matched.

- <interface>
    This shows the keyset configuration per lookup and traffic type and the
    set of sticky bits (common for all interfaces). This is cleared when
    shown, so it is possible to sample over a period of time.

    It also shows if this port/lookup is enabled for matching in the VCAP.

    This can be used to find out which keyset the traffic being sent to a
    port, will be matched against, and if such traffic has been seen by one
    of the ports.

Delivery:
=========

This is current plan for delivering the full VCAP feature set of Sparx5:

- TC protocol all support for IS2 VCAP
- Sparx5 IS0 VCAP support
- TC policer and drop action support (depends on the Sparx5 QoS support
  upstreamed separately)
- Sparx5 ES0 VCAP support
- TC flower template support
- TC matchall filter support for mirroring and policing ports
- TC flower filter mirror action support
- Sparx5 ES2 VCAP support

Version History:
================
v2      Removed a 'support' folder (used for integration testing) that had
        been added in patch 6/8 by a mistake.
        Wrapped long lines.

v1      Initial version

Steen Hegelund (8):
  net: microchip: sparx5: Ensure L3 protocol has a default value
  net: microchip: sparx5: Ensure VCAP last_used_addr is set back to
    default
  net: microchip: sparx5: Add VCAP debugFS support
  net: microchip: sparx5: Add raw VCAP debugFS support for the VCAP API
  net: microchip: sparx5: Add VCAP rule debugFS support for the VCAP API
  net: microchip: sparx5: Add VCAP debugFS key/action support for the
    VCAP API
  net: microchip: sparx5: Add VCAP locking to protect rules
  net: microchip: sparx5: Add VCAP debugfs KUNIT test

 .../net/ethernet/microchip/sparx5/Makefile    |   1 +
 .../ethernet/microchip/sparx5/sparx5_main.c   |   3 +
 .../ethernet/microchip/sparx5/sparx5_main.h   |   3 +
 .../microchip/sparx5/sparx5_tc_flower.c       |   6 +-
 .../microchip/sparx5/sparx5_vcap_debugfs.c    | 200 +++++
 .../microchip/sparx5/sparx5_vcap_debugfs.h    |  33 +
 .../microchip/sparx5/sparx5_vcap_impl.c       |  67 +-
 .../microchip/sparx5/sparx5_vcap_impl.h       |  48 ++
 drivers/net/ethernet/microchip/vcap/Kconfig   |   1 +
 drivers/net/ethernet/microchip/vcap/Makefile  |   1 +
 .../net/ethernet/microchip/vcap/vcap_api.c    | 106 ++-
 .../net/ethernet/microchip/vcap/vcap_api.h    |  14 +-
 .../microchip/vcap/vcap_api_debugfs.c         | 782 ++++++++++++++++++
 .../microchip/vcap/vcap_api_debugfs.h         |  41 +
 .../microchip/vcap/vcap_api_debugfs_kunit.c   | 545 ++++++++++++
 .../ethernet/microchip/vcap/vcap_api_kunit.c  |  12 +-
 .../microchip/vcap/vcap_api_private.h         | 103 +++
 17 files changed, 1838 insertions(+), 128 deletions(-)
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_vcap_debugfs.c
 create mode 100644 drivers/net/ethernet/microchip/sparx5/sparx5_vcap_debugfs.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.c
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api_debugfs.h
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api_debugfs_kunit.c
 create mode 100644 drivers/net/ethernet/microchip/vcap/vcap_api_private.h

-- 
2.38.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ