| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jan 2022 20:42:03 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Parav Pandit <parav@...dia.com>
Cc: Sunil Sudhakar Rani <sunrani@...dia.com>,
Saeed Mahameed <saeedm@...dia.com>,
Jiri Pirko <jiri@...dia.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
Bodong Wang <bodong@...dia.com>
Subject: Re: [PATCH net-next 1/2] devlink: Add support to set port function
as trusted
On Thu, 13 Jan 2022 03:37:47 +0000 Parav Pandit wrote:
> > > The fairness among VFs is present via the QoS knobs. Hence it doesn't hogg
> > the entire crypto path.
Could you please fix your email client? It's incorrectly wrapping the
quotes and at the same time not wrapping your replies at all. :( What
client is this?
> > Why do you want to disable it, then?
> Each enabled feature consumes
> (a) driver level memory resource such as querying ip sec capabilities and more later,
> (b) time in querying those capabilities,
These are on the VM's side, it's not hypervisors responsibility to help
the client by stripping features.
> (c) device level initialization in supporting this capability
>
> So for light weight devices which doesn't need it we want to keep it disabled.
You need to explain this better. We are pretty far from "trust"
settings, which are about privilege and not breaking isolation.
"device level initialization" tells me nothing.
> > > It is the internal mlx5 implementation of how to do steering, triggered by
> > netdev ndo's and other devices callback.
> > > There are multiple options on how steering is done.
> > > Such as sw_steering or dev managed steering.
> > > There is already a control knob to choose sw vs dev steering as devlink
> > param on the PF at [1].
> > > This [1] device specific param is only limited to PF. For VFs, HV need to
> > enable/disable this capability on selected VF.
> > > API wise nothing drastic is getting added here, it's only on different object.
> > (instead of device, it is port function).
> > >
> > > [1]
> > > https://www.kernel.org/doc/html/v5.8/networking/device_drivers/mellano
> > > x/mlx5.html#devlink-parameters
> >
> > Ah, that thing. IIRC this was added for TC offloads, VFs don't own the eswitch
> > so what rules are they inserting to require "high insertion rate"? My suspicion
> > is that since it's not TC it'd be mostly for the "DR" feature you have hence my
> > comment on it not being netdev.
> No it is limited to tc offloads.
> A VF netdev inserts flow steering rss rules on nic rx table.
> This also uses the same smfs/dmfs when a VF is capable to do so.
Given the above are you concerned about privilege or also just
resources use here? Do VFs have SMFS today?
Powered by blists - more mailing lists