lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200527014924.278327-1-saeedm@mellanox.com>
Date:   Tue, 26 May 2020 18:49:08 -0700
From:   Saeed Mahameed <saeedm@...lanox.com>
To:     "David S. Miller" <davem@...emloft.net>, kuba@...nel.org
Cc:     netdev@...r.kernel.org, Saeed Mahameed <saeedm@...lanox.com>
Subject: [pull request][net-next 00/16] mlx5 updates 2020-05-26

Hi Dave/Jakub.

This series adds support for mlx5 switchdev VM failover using FW bonded
representor vport and probed VF interface via eswitch vport ACLs.
Plus some extra misc updates.

For more information please see tag log below.

Please pull and let me know if there is any problem.

Thanks,
Saeed.

---
The following changes since commit fb8ddaa915395c97f234340f465a4c424a7be090:

  Merge tag 'batadv-next-for-davem-20200526' of git://git.open-mesh.org/linux-merge (2020-05-26 15:19:29 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git tags/mlx5-updates-2020-05-26

for you to fetch changes up to e95af813ca7ba71840d0407c87f573b540d70c1b:

  net/mlx5: DR, Split RX and TX lock for parallel insertion (2020-05-26 18:37:18 -0700)

----------------------------------------------------------------
mlx5-updates-2020-05-26

Updates highlights:

1) From Vu Pham (8): Support VM traffics failover with bonded VF
representors and e-switch egress/ingress ACLs

This series introduce the support for Virtual Machine running I/O
traffic over direct/fast VF path and failing over to slower
paravirtualized path using the following features:

     __________________________________
    |  VM      _________________        |
    |          |FAILOVER device |       |
    |          |________________|       |
    |                  |                |
    |              ____|_____           |
    |              |         |          |
    |       ______ |___  ____|_______   |
    |       |  VF PT  |  |VIRTIO-NET |  |
    |       | device  |  | device    |  |
    |       |_________|  |___________|  |
    |___________|______________|________|
                |              |
                | HYPERVISOR   |
                |          ____|______
                |         |  macvtap  |
                |         |virtio BE  |
                |         |___________|
                |               |
                |           ____|_____
                |           |host VF  |
                |           |_________|
                |               |
           _____|______    _____|_____
           |  PT VF    |  |  host VF  |
           |representor|  |representor|
           |___________|  |___________|
                \               /
                 \             /
                  \           /
                   \         /                     _________________
                    \_______/                     |                |
                 _______|________                 |    V-SWITCH    |
                |VF representors |________________|      (OVS)     |
                |      bond      |                |________________|
                |________________|                        |
                                                  ________|________
                                                 |    Uplink       |
                                                 |  representor    |
                                                 |_________________|

Summary:
--------
Problem statement:
------------------
Currently in above topology, when netfailover device is configured using
VFs and eswitch VF representors, and when traffic fails over to stand-by
VF which is exposed using macvtap device to guest VM, eswitch fails to
switch the traffic to the stand-by VF representor. This occurs because
there is no knowledge at eswitch level of the stand-by representor
device.

Solution:
---------
Using standard bonding driver, a bond netdevice is created over VF
representor device which is used for offloading tc rules.
Two VF representors are bonded together, one for the passthrough VF
device and another one for the stand-by VF device.
With this solution, mlx5 driver listens to the failover events
occuring at the bond device level to failover traffic to either of
the active VF representor of the bond.

a. VM with netfailover device of VF pass-thru (PT) device and virtio-net
   paravirtualized device with same MAC-address to handle failover
   traffics at VM level.

b. Host bond is active-standby mode, with the lower devices being the VM
   VF PT representor, and the representor of the 2nd VF to handle
   failover traffics at Hypervisor/V-Switch OVS level.
   - During the steady state (fast datapath): set the bond active
     device to be the VM PT VF representor.
   - During failover: apply bond failover to the second VF representor
     device which connects to the VM non-accelerated path.

c. E-Switch ingress/egress ACL tables to support failover traffics at
   E-Switch level
   I. E-Switch egress ACL with forward-to-vport rule:
     - By default, eswitch vport egress acl forward packets to its
       counterpart NIC vport.
     - During port failover, the egress acl forward-to-vport rule will
       be added to e-switch vport of passive/in-active slave VF
representor
       to forward packets to other e-switch vport ie. the active slave
       representor's e-switch vport to handle egress "failover"
traffics.
     - Using lower change netdev event to detect a representor is a
       lower
       dev (slave) of bond and becomes active, adding egress acl
       forward-to-vport rule of all other slave netdevs to forward to
this
       representor's vport.
     - Using upper change netdev event to detect a representor unslaving
       from bond device to delete its vport's egress acl forward-to-vport
       rule.

   II. E-Switch ingress ACL metadata reg_c for match
     - Bonded representors' vorts sharing tc block have the same
       root ingress acl table and a unique metadata for match.
     - Traffics from both representors's vports will be tagged with same
       unique metadata reg_c.
     - Using upper change netdev event to detect a representor
       enslaving/unslaving from bond device to setup shared root ingress
       acl and unique metadata.

2) From Alex Vesker (2): Slpit RX and TX lock for parallel rule insertion in
software steering

3) Eli Britstein (2): Optimize performance for IPv4/IPv6 ethertype use the HW
ip_version register rather than parsing eth frames for ethertype.

4) Mark Bloch (1): Add basic suspend/resume support

----------------------------------------------------------------
Alex Vesker (2):
      net/mlx5: DR, Add a spinlock to protect the send ring
      net/mlx5: DR, Split RX and TX lock for parallel insertion

Eli Britstein (2):
      net/mlx5e: Helper function to set ethertype
      net/mlx5e: Optimize performance for IPv4/IPv6 ethertype

Mark Bloch (1):
      net/mlx5: Add basic suspend/resume support

Or Gerlitz (2):
      net/mlx5e: Use netdev events to set/del egress acl forward-to-vport rule
      net/mlx5e: Offload flow rules to active lower representor

Parav Pandit (1):
      net/mlx5: Add missing mutex destroy

Vu Pham (8):
      net/mlx5: E-Switch, Refactor eswitch egress acl codes
      net/mlx5: E-Switch, Refactor eswitch ingress acl codes
      net/mlx5: E-Switch, Introduce APIs to enable egress acl forward-to-vport rule
      net/mlx5e: Support tc block sharing for representors
      net/mlx5e: Add bond_metadata and its slave entries
      net/mlx5: E-Switch, Alloc and free unique metadata for match
      net/mlx5e: Slave representors sharing unique metadata for match
      net/mlx5e: Use change upper event to setup representors' bond_metadata

 drivers/net/ethernet/mellanox/mlx5/core/Makefile   |   7 +-
 .../mellanox/mlx5/core/diag/fs_tracepoint.c        |  85 ++--
 .../net/ethernet/mellanox/mlx5/core/en/rep/bond.c  | 350 +++++++++++++
 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c |  10 +-
 .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c    |  21 +-
 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c   |  30 +-
 drivers/net/ethernet/mellanox/mlx5/core/en_rep.h   |  13 +
 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c    |  96 +++-
 drivers/net/ethernet/mellanox/mlx5/core/en_tc.h    |   4 +
 .../mellanox/mlx5/core/esw/acl/egress_lgcy.c       | 170 +++++++
 .../mellanox/mlx5/core/esw/acl/egress_ofld.c       | 235 +++++++++
 .../ethernet/mellanox/mlx5/core/esw/acl/helper.c   | 160 ++++++
 .../ethernet/mellanox/mlx5/core/esw/acl/helper.h   |  26 +
 .../mellanox/mlx5/core/esw/acl/ingress_lgcy.c      | 279 ++++++++++
 .../mellanox/mlx5/core/esw/acl/ingress_ofld.c      | 322 ++++++++++++
 .../net/ethernet/mellanox/mlx5/core/esw/acl/lgcy.h |  17 +
 .../net/ethernet/mellanox/mlx5/core/esw/acl/ofld.h |  29 ++
 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c  | 559 +--------------------
 drivers/net/ethernet/mellanox/mlx5/core/eswitch.h  |  41 +-
 .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 401 +++------------
 drivers/net/ethernet/mellanox/mlx5/core/main.c     |  34 +-
 .../mellanox/mlx5/core/steering/dr_domain.c        |  14 +-
 .../mellanox/mlx5/core/steering/dr_matcher.c       |  10 +-
 .../ethernet/mellanox/mlx5/core/steering/dr_rule.c |  31 +-
 .../ethernet/mellanox/mlx5/core/steering/dr_send.c |  13 +-
 .../mellanox/mlx5/core/steering/dr_table.c         |  12 +-
 .../mellanox/mlx5/core/steering/dr_types.h         |  25 +-
 27 files changed, 1983 insertions(+), 1011 deletions(-)
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/egress_lgcy.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/egress_ofld.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/helper.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/helper.h
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_lgcy.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/lgcy.h
 create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ofld.h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ