lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190619051143.GB30694@mellanox.com>
Date:   Wed, 19 Jun 2019 05:12:19 +0000
From:   Jianbo Liu <jianbol@...lanox.com>
To:     Parav Pandit <parav@...lanox.com>
CC:     Saeed Mahameed <saeedm@...lanox.com>,
        Leon Romanovsky <leonro@...lanox.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
        Eli Britstein <elibr@...lanox.com>,
        Roi Dayan <roid@...lanox.com>, Mark Bloch <markb@...lanox.com>
Subject: Re: [PATCH mlx5-next 05/15] net/mlx5: E-Switch, Tag packet with vport
 number in VF vports and uplink ingress ACLs

The 06/18/2019 18:31, Parav Pandit wrote:
> 
> 
> > -----Original Message-----
> > From: netdev-owner@...r.kernel.org <netdev-owner@...r.kernel.org> On
> > Behalf Of Saeed Mahameed
> > Sent: Tuesday, June 18, 2019 12:53 AM
> > To: Saeed Mahameed <saeedm@...lanox.com>; Leon Romanovsky
> > <leonro@...lanox.com>
> > Cc: netdev@...r.kernel.org; linux-rdma@...r.kernel.org; Jianbo Liu
> > <jianbol@...lanox.com>; Eli Britstein <elibr@...lanox.com>; Roi Dayan
> > <roid@...lanox.com>; Mark Bloch <markb@...lanox.com>
> > Subject: [PATCH mlx5-next 05/15] net/mlx5: E-Switch, Tag packet with vport
> > number in VF vports and uplink ingress ACLs
> > 
> > From: Jianbo Liu <jianbol@...lanox.com>
> > 
> > When a dual-port VHCA sends a RoCE packet on its non-native port, and the
> > packet arrives to its affiliated vport FDB, a mismatch might occur on the rules
> > that match the packet source vport as it is not represented by single VHCA only
> > in this case. So we change to match on metadata instead of source vport.
> > To do that, a rule is created in all vports and uplink ingress ACLs, to save the
> > source vport number and vhca id in the packet's metadata in order to match on
> > it later.
> > The metadata register used is the first of the 32-bit type C registers. It can be
> > used for matching and header modify operations. The higher 16 bits of this
> > register are for vhca id, and the lower 16 ones is for vport number.
> > This change is not for dual-port RoCE only. If HW and FW allow, the vport
> > metadata matching is enabled by default.
> > 
> > Signed-off-by: Jianbo Liu <jianbol@...lanox.com>
> > Reviewed-by: Eli Britstein <elibr@...lanox.com>
> > Reviewed-by: Roi Dayan <roid@...lanox.com>
> > Reviewed-by: Mark Bloch <markb@...lanox.com>
> > Signed-off-by: Saeed Mahameed <saeedm@...lanox.com>
> > ---
> >  .../net/ethernet/mellanox/mlx5/core/eswitch.c |   2 +
> >  .../net/ethernet/mellanox/mlx5/core/eswitch.h |   9 +
> >  .../mellanox/mlx5/core/eswitch_offloads.c     | 183 ++++++++++++++----
> >  include/linux/mlx5/eswitch.h                  |   3 +
> >  4 files changed, 161 insertions(+), 36 deletions(-)
> > 
> > diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> > b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> > index a42a23e505df..1235fd84ae3a 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
> > @@ -1168,6 +1168,8 @@ void esw_vport_cleanup_ingress_rules(struct
> > mlx5_eswitch *esw,
> > 
> >  	vport->ingress.drop_rule = NULL;
> >  	vport->ingress.allow_rule = NULL;
> > +
> > +	esw_vport_del_ingress_acl_modify_metadata(esw, vport);
> >  }
> > 
> >  void esw_vport_disable_ingress_acl(struct mlx5_eswitch *esw, diff --git
> > a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
> > b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
> > index 8b9f2cf58e91..4417a195832e 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
> > @@ -68,6 +68,8 @@ struct vport_ingress {
> >  	struct mlx5_flow_group *allow_spoofchk_only_grp;
> >  	struct mlx5_flow_group *allow_untagged_only_grp;
> >  	struct mlx5_flow_group *drop_grp;
> > +	int                      modify_metadata_id;
> No need for random alignment. Just have one white space after int.

Not random. It's to align with other lines in the this structure.
There are also other fileds with more than one spaces after type.
It looks ugly if there are different styles in the same structure.

> 
> > +	struct mlx5_flow_handle  *modify_metadata_rule;
> >  	struct mlx5_flow_handle  *allow_rule;
> >  	struct mlx5_flow_handle  *drop_rule;
> >  	struct mlx5_fc           *drop_counter;
> > @@ -196,6 +198,10 @@ struct mlx5_esw_functions {
> >  	u16			num_vfs;
> >  };
> > 
> > +enum {
> > +	MLX5_ESWITCH_VPORT_MATCH_METADATA = BIT(0), };
> > +
> >  struct mlx5_eswitch {
> >  	struct mlx5_core_dev    *dev;
> >  	struct mlx5_nb          nb;
> > @@ -203,6 +209,7 @@ struct mlx5_eswitch {
> >  	struct hlist_head       mc_table[MLX5_L2_ADDR_HASH_SIZE];
> >  	struct workqueue_struct *work_queue;
> >  	struct mlx5_vport       *vports;
> > +	u32                     flags;
> Same as above, no need for extra aligment.

Same reason.

> 
> >  	int                     total_vports;
> >  	int                     enabled_vports;
> >  	/* Synchronize between vport change events @@ -240,6 +247,8 @@
> > void esw_vport_disable_egress_acl(struct mlx5_eswitch *esw,
> >  				  struct mlx5_vport *vport);
> >  void esw_vport_disable_ingress_acl(struct mlx5_eswitch *esw,
> >  				   struct mlx5_vport *vport);
> > +void esw_vport_del_ingress_acl_modify_metadata(struct mlx5_eswitch *esw,
> > +					       struct mlx5_vport *vport);
> > 
> >  /* E-Switch API */
> >  int mlx5_eswitch_init(struct mlx5_core_dev *dev); diff --git
> > a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
> > b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
> > index 17abb98b48af..871ae44dc132 100644
> > --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
> > +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c

...

> > +static int esw_create_offloads_acl_tables(struct mlx5_eswitch *esw) {
> > +	struct mlx5_vport *vport;
> > +	int i, j;
> > +	int err;
> > +
> > +	mlx5_esw_for_all_vports(esw, i, vport) {
> > +		err = esw_vport_ingress_common_config(esw, vport);
> >  		if (err)
> > -			goto err_egress;
> > +			goto err_ingress;
> > +
> > +		if (vport->vport >= MLX5_VPORT_FIRST_VF &&
> > +		    vport->vport <= esw->dev->priv.sriov.num_vfs) {
> Add an helper API mlx5_esw_is_vport(const struct mlx5_esw *esw, const struct mlx5_vport *vport) 
> and use at two places in ingress and egress config.

It's very simple logic, but new API make things complicated. If adding
mlx5_esw_is_vport() as you suggested, no one can know what's the meaning
of this function from name, and need to check the implementation again,
which will waste too much time.

> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ