lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 8 Jun 2024 10:01:21 +0100
From: Simon Horman <horms@...nel.org>
To: Petr Machata <petrm@...dia.com>
Cc: "David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	netdev@...r.kernel.org, Amit Cohen <amcohen@...dia.com>,
	Ido Schimmel <idosch@...dia.com>, Jiri Pirko <jiri@...nulli.us>,
	Alexander Zubkov <green@...tor.net>, mlxsw@...dia.com
Subject: Re: [PATCH net 6/6] mlxsw: spectrum_acl: Fix ACL scale regression
 and firmware errors

On Thu, Jun 06, 2024 at 04:49:43PM +0200, Petr Machata wrote:
> From: Ido Schimmel <idosch@...dia.com>
> 
> ACLs that reside in the algorithmic TCAM (A-TCAM) in Spectrum-2 and
> newer ASICs can share the same mask if their masks only differ in up to
> 8 consecutive bits. For example, consider the following filters:
> 
>  # tc filter add dev swp1 ingress pref 1 proto ip flower dst_ip 192.0.2.0/24 action drop
>  # tc filter add dev swp1 ingress pref 1 proto ip flower dst_ip 198.51.100.128/25 action drop
> 
> The second filter can use the same mask as the first (dst_ip/24) with a
> delta of 1 bit.
> 
> However, the above only works because the two filters have different
> values in the common unmasked part (dst_ip/24). When entries have the
> same value in the common unmasked part they create undesired collisions
> in the device since many entries now have the same key. This leads to
> firmware errors such as [1] and to a reduced scale.
> 
> Fix by adjusting the hash table key to only include the value in the
> common unmasked part. That is, without including the delta bits. That
> way the driver will detect the collision during filter insertion and
> spill the filter into the circuit TCAM (C-TCAM).
> 
> Add a test case that fails without the fix and adjust existing cases
> that check C-TCAM spillage according to the above limitation.
> 
> [1]
> mlxsw_spectrum2 0000:06:00.0: EMAD reg access failed (tid=3379b18a00003394,reg_id=3027(ptce3),type=write,status=8(resource not available))
> 
> Fixes: c22291f7cf45 ("mlxsw: spectrum: acl: Implement delta for ERP")
> Reported-by: Alexander Zubkov <green@...tor.net>
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> Reviewed-by: Amit Cohen <amcohen@...dia.com>
> Tested-by: Alexander Zubkov <green@...tor.net>
> Signed-off-by: Petr Machata <petrm@...dia.com>

Reviewed-by: Simon Horman <horms@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ