lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 5 Jul 2022 16:19:11 +0530
From:   Ratheesh Kannoth <rkannoth@...vell.com>
To:     <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>
CC:     <sgoutham@...vell.com>, <davem@...emloft.net>,
        <edumazet@...gle.com>, <kuba@...nel.org>, <pabeni@...hat.com>,
        Ratheesh Kannoth <rkannoth@...vell.com>
Subject: [PATCH 00/12] *** Exact Match Table and Field hash ***

*** Exact match table and Field hash support for CN10KB silicon ***

Ratheesh Kannoth (11):

These patch series enables exact match table in CN10KB silicon. Legacy
silicon used NPC mcam to do packet fields/channel matching for NPC rules.
NPC mcam resources exahausted as customer use case increased.
Supporting many DMAC filter becomes a challenge, as RPM based filter
count is less. Exact match table has 4way 2K entry table and a 32 entry
fully associative cam table. Second table is to handle hash
table collision overflows in 4way 2K entry table. Enabling exact match table
results in KEX key to be appended with Hit/Miss status. This can be used
to match in NPC mcam for a more generic rule and drop those packets than
having DMAC drop rules for each DMAC entry in NPC mcam.

  octeontx2-af: Exact match support
  octeontx2-af: Exact match scan from kex profile
  octeontx2-af: devlink configuration support
  octeontx2-af: FLR handler for exact match table.
  octeontx2-af: Drop rules for NPC MCAM
  octeontx2-af: Debugsfs support for exact match.
  octeontx2: Modify mbox request and response structures
  octeontx2-af: Wrapper functions for mac addr add/del/update/reset
  octeontx2-af: Invoke exact match functions if supported
  octeontx2-pf: Add support for exact match table.
  octeontx2-af: Enable Exact match flag in kex profile

Suman Ghosh (1):

CN10KB variant of CN10K series of silicons supports
a new feature where in a large protocol field
(eg 128bit IPv6 DIP) can be condensed into a small
hashed 32bit data. This saves a lot of space in MCAM key
and allows user to add more protocol fields into the filter.
A max of two such protocol data can be hashed.
This patch adds support for hashing IPv6 SIP and/or DIP.

  octeontx2-af: Support to hash reduce of actual field into MCAM key

 .../ethernet/marvell/octeontx2/af/Makefile    |    2 +-
 First patch in the series "octeontx2-af: Support to hash reduce of actual field into MCAM key"
 introduced new C file. Makefile is modified to compile the same.

 .../net/ethernet/marvell/octeontx2/af/mbox.h  |   41 +-
 Mbox request and response structures requires modification. RPM based DMAC filter can be modified at any location
 in the RPM filter table as entry's location has no relation to content. But for NPC exact match's 2K, 4way table
 is based on hash. This means that modification of an entry may fail if hash mismatches. In these cases, we need
 to delete existing entry and create a new entry in a different slot determined by hash value. This index has to
 be returned to caller.

 .../net/ethernet/marvell/octeontx2/af/npc.h   |   25 +
 New data types (enums and macros) for this feature.

 .../marvell/octeontx2/af/npc_profile.h        |    5 +-
 Kex profile changes to add exact match HIT bit in the Key. Inorder to accommodate this nibble, NPC_PARSE_NIBBLE_ERRCODE
 is deleted as it is not used.

 .../net/ethernet/marvell/octeontx2/af/rvu.c   |   17 +
 Exact match HW capability flag is initialized to false. FLR handler changes to invoke rvu_npc_exact_reset()
 to free all exact match resources in case of interface reset.

 .../net/ethernet/marvell/octeontx2/af/rvu.h   |   24 +-
 Exact match table info is defined in rvu_hwinfo structure. This table structure is heap allocated and maintains
 all information about available/free/allocated resources.

 .../ethernet/marvell/octeontx2/af/rvu_cgx.c   |   41 +-
 As of today, RPM based DMAC filter is configured upon user command. Each of these mbox handler is trapped and
 checked for NPC exact match support. If support is enabled, invokes Exact match API instead of RPM dmac based calls.

 .../marvell/octeontx2/af/rvu_debugfs.c        |  179 ++
 Three debugfs entries would be created if Exact match table is supported.
	1. exact_entries : List out npc exact match entries
	2. exact_info : Info related exact match tables (mem and cam table)
	3. exact_drop_cnt: Drop packet counter for each NPC mcam drop rule.

 .../marvell/octeontx2/af/rvu_devlink.c        |   71 +-
 Devlink provides flexibility to user to switch to RPM based DMAC filters on CN10KB silicon. Please note that
 devlink command fails if user added DMAC filters prior to devlink command to disable exact match table.

 .../ethernet/marvell/octeontx2/af/rvu_nix.c   |    7 +
 Promiscous mode enable must disable this Exact match table based drop rule on NPC mcam. set rx mode routine
 calls enable/disable corresponding NPC exact drop rule when promiscous mode is toggled.

 .../ethernet/marvell/octeontx2/af/rvu_npc.c   |   51 +-
 APIs to reserve NPC mcam entries. This is used to reserve and configure NPC drop rules.

 .../marvell/octeontx2/af/rvu_npc_fs.c         |  162 +-
 For each PF, there is a drop rule installed in NPC mcam. This installation is done during rvu probe itself.
 Drop rule has multicast and broadcast bits turned off. This means that broadcast and multicast packets will
 never get dropped irrespective of NPC exact match table. This rule action is drop if exact table match bit
 0 and channel is matched. This means if there is no hit is exact match table and channel match, packets will
 be dropped.

 .../marvell/octeontx2/af/rvu_npc_fs.h         |   17 +
 Function declarations.

 .../marvell/octeontx2/af/rvu_npc_hash.c       | 1958 +++++++++++++++++
 New file added. This file implements add/del/update to exact match table,
 probing of the feature and invokes function to install drop ruleis in NPC mcam.

 .../marvell/octeontx2/af/rvu_npc_hash.h       |  233 ++
 function declarations for rvu_npc_hash.c

 .../ethernet/marvell/octeontx2/af/rvu_reg.h   |   15 +
 Register access macros for NPC exact match.

 .../marvell/octeontx2/nic/otx2_common.h       |   10 +-
 Since NPC exact match table has more entries than RPM DMAC filter, size of bmap_to_dmacindex is
 increased from 8 to 32bit. Maximum number of dmac entries available also increased (increased the size of bitmap)

 .../marvell/octeontx2/nic/otx2_dmac_flt.c     |   46 +-
 .../marvell/octeontx2/nic/otx2_flows.c        |   40 +-
 .../ethernet/marvell/octeontx2/nic/otx2_pf.c  |    2 +-
 Above change in marvell/octeontx2/nic/otx2_common.h, require corresponding modification in these 3 C files.
 Please note that we need to modify/change existing entry index as mentioned in description of
 net/ethernet/marvell/octeontx2/af/mbox.h in this cover letter.

 20 files changed, 2879 insertions(+), 67 deletions(-)
 create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.h
 create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c
 create mode 100644 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.h

--
2.25.1

Powered by blists - more mailing lists