lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 13 Jul 2020 10:43:15 -0700
From:   Tony Nguyen <anthony.l.nguyen@...el.com>
To:     davem@...emloft.net
Cc:     Tony Nguyen <anthony.l.nguyen@...el.com>, netdev@...r.kernel.org,
        nhorman@...hat.com, sassmann@...hat.com,
        jeffrey.t.kirsher@...el.com
Subject: [net-next 0/5][pull request] 100GbE Intel Wired LAN Driver Updates 2020-07-13

This series contains updates to ice driver and virtchnl header file.

The iproute2 and ethtool are evolving to expose the NIC hardware
capability. But these available orchestration methods in Linux kernel are
limited in their capability to exercise advanced functionality in the
hardware, since different vendors may have different data programming
method.

Intel Ethernet Adaptive Virtual Function (AVF) is the common hardware
interface for SR-IOV, it has the defined message format to talk with the
PF.

To make good use of the advanced functionality like Switch (Binary
Classifier). The ice PF driver introduces a DCF (Device Config Function)
mode to extend the AVF feature.

The DCF (Device Config Function) method wraps a raw flow admin queue
command in a virthcnl message and sends it to the PF to be executed. This
is required because it doesn't have the privilege level to issue the admin
queue commands, so it acts as a proxy PF. So that the user can customize
the AVF feature, and use their own programming language to translate the
flow rule management data into ice raw flow, these raw flows then can be
executed in PF's sandbox.

And the kernel PF driver fully controls the behavior of DCF for security,
like only the trusted VF with ID zero can run in DCF mode, and also for
being compatible with the common AVF feature, the VF needs to advertise and
acquire DCF capability first.

The following are changes since commit 94339443686b36d3223bc032b7947267474e2679:
  net: bridge: notify on vlan tunnel changes done via the old api
and are available in the git repository at:
  git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue 100GbE

Haiyue Wang (5):
  ice: add the virtchnl handler for AdminQ command
  ice: add DCF cap negotiation and state machine
  ice: support to get the VSI mapping
  ice: enable DDP package info querying
  ice: add switch rule management for DCF

 drivers/net/ethernet/intel/ice/Makefile       |   2 +-
 drivers/net/ethernet/intel/ice/ice.h          |   2 +
 .../net/ethernet/intel/ice/ice_adminq_cmd.h   |   6 +
 drivers/net/ethernet/intel/ice/ice_dcf.c      | 833 ++++++++++++++++++
 drivers/net/ethernet/intel/ice/ice_dcf.h      |  91 ++
 drivers/net/ethernet/intel/ice/ice_main.c     |   2 +
 drivers/net/ethernet/intel/ice/ice_switch.c   |  16 +-
 drivers/net/ethernet/intel/ice/ice_switch.h   |  27 +-
 drivers/net/ethernet/intel/ice/ice_type.h     |   9 +
 .../net/ethernet/intel/ice/ice_virtchnl_pf.c  | 366 ++++++++
 .../net/ethernet/intel/ice/ice_virtchnl_pf.h  |   1 +
 include/linux/avf/virtchnl.h                  |  63 ++
 12 files changed, 1392 insertions(+), 26 deletions(-)
 create mode 100644 drivers/net/ethernet/intel/ice/ice_dcf.c
 create mode 100644 drivers/net/ethernet/intel/ice/ice_dcf.h

-- 
2.26.2

Powered by blists - more mailing lists