lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220703205407.110890-1-saeed@kernel.org>
Date:   Sun,  3 Jul 2022 13:54:02 -0700
From:   Saeed Mahameed <saeed@...nel.org>
To:     Leon Romanovsky <leonro@...dia.com>,
        Saeed Mahameed <saeedm@...dia.com>
Cc:     Jason Gunthorpe <jgg@...dia.com>, netdev@...r.kernel.org,
        linux-rdma@...r.kernel.org
Subject: [PATCH mlx5-next 0/5] mlx5-next updates 2022-07-03

From: Saeed Mahameed <saeedm@...dia.com>

Mark Bloch Says:
================
Expose steering anchor

Expose a steering anchor per priority to allow users to re-inject
packets back into default NIC pipeline for additional processing.

MLX5_IB_METHOD_STEERING_ANCHOR_CREATE returns a flow table ID which
a user can use to re-inject packets at a specific priority.

A FTE (flow table entry) can be created and the flow table ID
used as a destination.

When a packet is taken into a RDMA-controlled steering domain (like
software steering) there may be a need to insert the packet back into
the default NIC pipeline. This exposes a flow table ID to the user that can
be used as a destination in a flow table entry.

With this new method priorities that are exposed to users via
MLX5_IB_METHOD_FLOW_MATCHER_CREATE can be reached from a non-zero UID.

As user-created flow tables (via RDMA DEVX) are created with a non-zero UID
thus it's impossible to point to a NIC core flow table (core driver flow tables
are created with UID value of zero) from userspace.
Create flow tables that are exposed to users with the shared UID, this
allows users to point to default NIC flow tables.

Steering loops are prevented at FW level as FW enforces that no flow
table at level X can point to a table at level lower than X. 

===============

Mark Bloch (5):
  net/mlx5: Expose the ability to point to any UID from shared UID
  net/mlx5: fs, expose flow table ID to users
  net/mlx5: fs, allow flow table creation with a UID
  RDMA/mlx5: Refactor get flow table function
  RDMA/mlx5: Expose steering anchor to userspace

 drivers/infiniband/hw/mlx5/fs.c               | 159 ++++++++++++++++--
 drivers/infiniband/hw/mlx5/mlx5_ib.h          |   6 +
 .../net/ethernet/mellanox/mlx5/core/fs_cmd.c  |  16 +-
 .../net/ethernet/mellanox/mlx5/core/fs_cmd.h  |   2 +-
 .../net/ethernet/mellanox/mlx5/core/fs_core.c |   8 +-
 .../mellanox/mlx5/core/steering/dr_cmd.c      |   1 +
 .../mellanox/mlx5/core/steering/dr_table.c    |   8 +-
 .../mellanox/mlx5/core/steering/dr_types.h    |   1 +
 .../mellanox/mlx5/core/steering/fs_dr.c       |   7 +-
 .../mellanox/mlx5/core/steering/mlx5dr.h      |   3 +-
 include/linux/mlx5/fs.h                       |   2 +
 include/linux/mlx5/mlx5_ifc.h                 |   6 +-
 include/uapi/rdma/mlx5_user_ioctl_cmds.h      |  17 ++
 13 files changed, 204 insertions(+), 32 deletions(-)

-- 
2.36.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ