lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Feb 2022 16:59:14 +0100
From:   Andrew Lunn <andrew@...n.ch>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        Ido Schimmel <idosch@...dia.com>,
        Petr Machata <petrm@...dia.com>,
        Alexander Duyck <alexander.duyck@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...dia.com>, f.fainelli@...il.com,
        vivien.didelot@...il.com
Subject: Re: [RFC PATCH net-next 1/2] net: dsa: allow setting port-based QoS
 priority using tc matchall skbedit

On Thu, Feb 10, 2022 at 08:53:21PM +0200, Vladimir Oltean wrote:
> Hi Andrew,
> 
> On Thu, 14 Jan 2021 at 03:03, Andrew Lunn <andrew@...n.ch> wrote:
> > On Thu, Jan 14, 2021 at 02:17:59AM +0200, Vladimir Oltean wrote:
> > > On Thu, Jan 14, 2021 at 12:41:28AM +0100, Andrew Lunn wrote:
> > > > On Wed, Jan 13, 2021 at 05:41:38PM +0200, Vladimir Oltean wrote:
> > > > > + int     (*port_priority_set)(struct dsa_switch *ds, int port,
> > > > > +                              struct dsa_mall_skbedit_tc_entry *skbedit);
> > > >
> > > > The fact we can turn this on/off suggests there should be a way to
> > > > disable this in the hardware, when the matchall is removed. I don't
> > > > see any such remove support in this patch.
> > >
> > > I don't understand this comment, sorry. When the matchall filter
> > > containing the skbedit action gets removed, DSA calls the driver's
> > > .port_priority_set callback again, this time with a priority of 0.
> > > There's nothing to "remove" about a port priority. I made an assumption
> > > (which I still consider perfectly reasonable) that no port-based
> > > prioritization means that all traffic gets classified to traffic class 0.
> >
> > That does not work for mv88e6xxx. Its default setup, if i remember
> > correctly, is it looks at the TOS bits to determine priority
> > classes. So in its default state, it is using all the available
> > traffic classes.  It can also be configured to look at the VLAN
> > priority, or the TCAM can set the priority class, or there is a per
> > port default priority, which is what you are describing here. There
> > are bits to select which of these happen on ingress, on a per port
> > basis.
> >
> > So setting the port priority to 0 means setting the priority of
> > zero. It does not mean go back to the default prioritisation scheme.
> >
> > I guess any switch which has a range of options for prioritisation
> > selection will have a similar problem. It defaults to something,
> > probably something a bit smarter than everything goes to traffic class
> > 0.
> >
> >       Andrew
> 
> I was going through my old patches, and re-reading this conversation,
> it appears one of us is misunderstanding something.
> 
> I looked at some Marvell datasheet and it has a similar QoS
> classification pipeline to Vitesse switches. There is a port-based
> default priority which can be overridden by IP DSCP, VLAN PCP, or
> advanced QoS classification (TCAM).
> 
> The proposal I had was to configure the default port priority using tc
> matchall skbedit priority. Advanced QoS classification would then be
> expressed as tc-flower filters with a higher precedence than the
> matchall (basically the "catchall"). PCP and DSCP, I don't know if
> that can be expressed cleanly using tc. I think there's something in
> the dcb ops, but I haven't studied that too deeply.
> 
> Anyway, I don't exactly understand your point, that an add/del is in
> any way better than a "set". Even for Marvell, what I'm proposing here
> would translate in a "set to 0" on "del" anyway. That's why this patch
> set is RFC. I don't know if there's a better way to express a
> port-based default priority than a matchall rule having the lowest
> precedence.

I think we have a generic problem in that the switch does not start up
in a state where all QoS features are turned off. But a traditional
netdev does have all QoS features off by default. You need to
explicitly turn on a QoS feature on a netdev by using tc, or some
other configuration mechanism.

To make the linux view of QoS features actually match what the
hardware is doing, we need to preload tc with a number of rules.  Your
proposed 'tc matchall skbedit priority' rule might need to be already
in tc because the switch might already be doing that by default, etc.

I also wonder if we need tc rules you cannot actually remove, because
you cannot turn the feature off in hardware? 'tc matchall skbedit
priority' is setting the default priority. If you remove the rule, the
hardware is still going to apply a default priority, it is just
ambiguous from tc what value it is using. It would be better if the
rule was present from boot, and all you can do is change the priority,
not remove the rule.

We need to consider the generic problem that the hardware comes with a
preconfigured QoS profile, which we currently don't reflect in Linux.
We have deployed devices which rely on that QoS profile. How do we
transition to describing that preconfigured QoS profile, and allowing
it to be changed?

   Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ