| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jul 2020 10:43:15 -0700
From: Tony Nguyen <anthony.l.nguyen@...el.com>
To: davem@...emloft.net
Cc: Tony Nguyen <anthony.l.nguyen@...el.com>, netdev@...r.kernel.org,
nhorman@...hat.com, sassmann@...hat.com,
jeffrey.t.kirsher@...el.com
Subject: [net-next 0/5][pull request] 100GbE Intel Wired LAN Driver Updates 2020-07-13
This series contains updates to ice driver and virtchnl header file.
The iproute2 and ethtool are evolving to expose the NIC hardware
capability. But these available orchestration methods in Linux kernel are
limited in their capability to exercise advanced functionality in the
hardware, since different vendors may have different data programming
method.
Intel Ethernet Adaptive Virtual Function (AVF) is the common hardware
interface for SR-IOV, it has the defined message format to talk with the
PF.
To make good use of the advanced functionality like Switch (Binary
Classifier). The ice PF driver introduces a DCF (Device Config Function)
mode to extend the AVF feature.
The DCF (Device Config Function) method wraps a raw flow admin queue
command in a virthcnl message and sends it to the PF to be executed. This
is required because it doesn't have the privilege level to issue the admin
queue commands, so it acts as a proxy PF. So that the user can customize
the AVF feature, and use their own programming language to translate the
flow rule management data into ice raw flow, these raw flows then can be
executed in PF's sandbox.
And the kernel PF driver fully controls the behavior of DCF for security,
like only the trusted VF with ID zero can run in DCF mode, and also for
being compatible with the common AVF feature, the VF needs to advertise and
acquire DCF capability first.
The following are changes since commit 94339443686b36d3223bc032b7947267474e2679:
net: bridge: notify on vlan tunnel changes done via the old api
and are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue 100GbE
Haiyue Wang (5):
ice: add the virtchnl handler for AdminQ command
ice: add DCF cap negotiation and state machine
ice: support to get the VSI mapping
ice: enable DDP package info querying
ice: add switch rule management for DCF
drivers/net/ethernet/intel/ice/Makefile | 2 +-
drivers/net/ethernet/intel/ice/ice.h | 2 +
.../net/ethernet/intel/ice/ice_adminq_cmd.h | 6 +
drivers/net/ethernet/intel/ice/ice_dcf.c | 833 ++++++++++++++++++
drivers/net/ethernet/intel/ice/ice_dcf.h | 91 ++
drivers/net/ethernet/intel/ice/ice_main.c | 2 +
drivers/net/ethernet/intel/ice/ice_switch.c | 16 +-
drivers/net/ethernet/intel/ice/ice_switch.h | 27 +-
drivers/net/ethernet/intel/ice/ice_type.h | 9 +
.../net/ethernet/intel/ice/ice_virtchnl_pf.c | 366 ++++++++
.../net/ethernet/intel/ice/ice_virtchnl_pf.h | 1 +
include/linux/avf/virtchnl.h | 63 ++
12 files changed, 1392 insertions(+), 26 deletions(-)
create mode 100644 drivers/net/ethernet/intel/ice/ice_dcf.c
create mode 100644 drivers/net/ethernet/intel/ice/ice_dcf.h
--
2.26.2
Powered by blists - more mailing lists