lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Jul 2018 09:23:49 +0300
From:   Ido Schimmel <idosch@...lanox.com>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, jiri@...lanox.com, mlxsw@...lanox.com,
        Ido Schimmel <idosch@...lanox.com>
Subject: [PATCH net-next 00/17] mlxsw: Introduce algorithmic TCAM support

The Spectrum-2 ASIC uses an algorithmic TCAM (A-TCAM) where multiple
exact matches lookups are performed instead of a single lookup as with
standard circuit TCAM (C-TCAM) memory. This allows for higher scale and
reduced power consumption.

The lookups are performed by masking a packet using different masks
(e.g., {dst_ip/24, ethtype}) defined for the region and looking for an
exact match. Eventually, the rule with the highest priority will be
picked.

Since the number of masks per-region is limited, the ASIC includes a
C-TCAM that can be used as a spill area for rules that do not fit into
the A-TCAM.

The driver currently uses a C-TCAM only mode which is similar to
Spectrum-1. However, this mode severely limits both the number of
supported ACL rules and the performance of the ACL lookup.

This patch set introduces initial support for the A-TCAM mode where the
C-TCAM is only used for rule spillage.

The first five patches add the registers and ASIC resources needed in
order to make use of the A-TCAM.

Next three patches are the "meat" and add the eRP core which is used to
manage the masks used by each ACL region. The individual commit messages
are lengthy and aim to thoroughly explain the subject.

The next seven patches perform small adjustments in the code and the
related data structures and are meant to prepare the code base to the
introduction of the A-TCAM in the last two patches.

Various A-TCAM optimization will be the focus of follow-up patch sets:

* Pruning - Used to reduce the number of lookups. Each rule will include
  a prune vector that indicates which masks should not be considered for
  further lookups as they cannot result in a higher priority match

* Bloom filter - Used to reduce the number of lookups. Before performing
  a lookup with a given mask the ASIC will consult a bloom filter
  (managed by the driver) that indicates whether a match might exist using
  the considered mask

* Masks aggregation - Used to increase scale and reduce lookups. Masks
  that only differ by up to eight consecutive bits (delta bits) can be
  aggregated into a single mask. The delta bits then become a part of the
  rule's key. For example, dst_ip/16 and dst_ip/17 can be represented as
  dst_ip/16 with a delta bit of one. Rules using the aggregated mask then
  specify whether the 17-th bit should be masked or not and its value

Ido Schimmel (17):
  mlxsw: reg: Prepare PERERP register for A-TCAM usage
  mlxsw: reg: Add Policy-Engine TCAM Entry Register Version 3
  mlxsw: reg: Add Policy-Engine eRP Table Register
  mlxsw: resources: Add Spectrum-2 maximum large key ID resource
  mlxsw: resources: Add Spectrum-2 eRP resources
  mlxsw: spectrum_acl: Implement common eRP core
  mlxsw: spectrum_acl: Enable C-TCAM only mode in eRP core
  mlxsw: spectrum_acl: Add support for C-TCAM eRPs
  mlxsw: spectrum_acl: Extend Spectrum-2 region struct
  mlxsw: spectrum_acl: Allow encoding a partial key
  mlxsw: spectrum_acl: Add A-TCAM initialization
  mlxsw: spectrum_acl: Encapsulate C-TCAM region in A-TCAM region
  mlxsw: spectrum_acl: Make global TCAM resources available to regions
  mlxsw: spectrum_acl: Add A-TCAM region initialization
  mlxsw: spectrum_acl: Pass C-TCAM region and entry to insert function
  mlxsw: spectrum_acl: Add A-TCAM rule insertion and deletion
  mlxsw: spectrum_acl: Start using A-TCAM

 drivers/net/ethernet/mellanox/mlxsw/Kconfig   |    1 +
 drivers/net/ethernet/mellanox/mlxsw/Makefile  |    2 +-
 .../mellanox/mlxsw/core_acl_flex_keys.c       |   10 +-
 .../mellanox/mlxsw/core_acl_flex_keys.h       |    2 +-
 drivers/net/ethernet/mellanox/mlxsw/reg.h     |  301 ++++-
 .../net/ethernet/mellanox/mlxsw/resources.h   |   14 +
 .../net/ethernet/mellanox/mlxsw/spectrum.h    |    1 +
 .../mellanox/mlxsw/spectrum1_acl_tcam.c       |   24 +-
 .../mellanox/mlxsw/spectrum2_acl_tcam.c       |   82 +-
 .../mellanox/mlxsw/spectrum_acl_atcam.c       |  509 ++++++-
 .../mellanox/mlxsw/spectrum_acl_ctcam.c       |   40 +-
 .../mellanox/mlxsw/spectrum_acl_erp.c         | 1199 +++++++++++++++++
 .../mellanox/mlxsw/spectrum_acl_tcam.c        |    2 +-
 .../mellanox/mlxsw/spectrum_acl_tcam.h        |  117 +-
 14 files changed, 2235 insertions(+), 69 deletions(-)
 create mode 100644 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ