From: Vlad Zolotarov <vladz@cloudius-systems.com>
To: netdev@vger.kernel.org
Cc: jeffrey.t.kirsher@intel.com, avi@cloudius-systems.com,
gleb@cloudius-systems.com,
Vlad Zolotarov <vladz@cloudius-systems.com>
Subject: [PATCH net-next v6 1/7] if_link: Add an additional parameter to ifla_vf_info for RSS querying
Date: Sun, 22 Mar 2015 21:01:21 +0200 [thread overview]
Message-ID: <1427050887-19412-2-git-send-email-vladz@cloudius-systems.com> (raw)
In-Reply-To: <1427050887-19412-1-git-send-email-vladz@cloudius-systems.com>
Add configuration setting for drivers to allow/block an RSS Redirection Table and
a Hash Key querying for discrete VFs.
On some devices VF share the mentioned above information with PF and querying it may
adduce a theoretical security risk. We want to let a system administrator to decide if he/she
wants to take this risk or not.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h | 8 ++++++++
include/uapi/linux/if_link.h | 8 ++++++++
net/core/rtnetlink.c | 32 ++++++++++++++++++++++++++------
4 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index 119130e..da49299 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -14,5 +14,6 @@ struct ifla_vf_info {
__u32 linkstate;
__u32 min_tx_rate;
__u32 max_tx_rate;
+ __u32 rss_query_en;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 5ae69e7..883a926 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -875,6 +875,11 @@ typedef u16 (*select_queue_fallback_t)(struct net_device *dev,
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int link_state);
* int (*ndo_set_vf_port)(struct net_device *dev, int vf,
* struct nlattr *port[]);
+ *
+ * Enable or disable the VF ability to query its RSS Redirection Table and
+ * Hash Key. This is needed since on some devices VF share this information
+ * with PF and querying it may adduce a theoretical security risk.
+ * int (*ndo_set_vf_rss_query_en)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_port)(struct net_device *dev, int vf, struct sk_buff *skb);
* int (*ndo_setup_tc)(struct net_device *dev, u8 tc)
* Called to setup 'tc' number of traffic classes in the net device. This
@@ -1094,6 +1099,9 @@ struct net_device_ops {
struct nlattr *port[]);
int (*ndo_get_vf_port)(struct net_device *dev,
int vf, struct sk_buff *skb);
+ int (*ndo_set_vf_rss_query_en)(
+ struct net_device *dev,
+ int vf, bool setting);
int (*ndo_setup_tc)(struct net_device *dev, u8 tc);
#if IS_ENABLED(CONFIG_FCOE)
int (*ndo_fcoe_enable)(struct net_device *dev);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index f5f5edd..3cc2c5a 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -464,6 +464,9 @@ enum {
IFLA_VF_SPOOFCHK, /* Spoof Checking on/off switch */
IFLA_VF_LINK_STATE, /* link state enable/disable/auto switch */
IFLA_VF_RATE, /* Min and Max TX Bandwidth Allocation */
+ IFLA_VF_RSS_QUERY_EN, /* RSS Redirection Table and Hash Key query
+ * on/off switch
+ */
__IFLA_VF_MAX,
};
@@ -508,6 +511,11 @@ struct ifla_vf_link_state {
__u32 link_state;
};
+struct ifla_vf_rss_query_en {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index e769510..719ecde 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -818,7 +818,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev,
nla_total_size(sizeof(struct ifla_vf_vlan)) +
nla_total_size(sizeof(struct ifla_vf_spoofchk)) +
nla_total_size(sizeof(struct ifla_vf_rate)) +
- nla_total_size(sizeof(struct ifla_vf_link_state)));
+ nla_total_size(sizeof(struct ifla_vf_link_state)) +
+ nla_total_size(sizeof(struct ifla_vf_rss_query_en)));
return size;
} else
return 0;
@@ -1132,14 +1133,16 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
struct ifla_vf_tx_rate vf_tx_rate;
struct ifla_vf_spoofchk vf_spoofchk;
struct ifla_vf_link_state vf_linkstate;
+ struct ifla_vf_rss_query_en vf_rss_query_en;
/*
* Not all SR-IOV capable drivers support the
- * spoofcheck query. Preset to -1 so the user
- * space tool can detect that the driver didn't
- * report anything.
+ * spoofcheck and "RSS query enable" query. Preset to
+ * -1 so the user space tool can detect that the driver
+ * didn't report anything.
*/
ivi.spoofchk = -1;
+ ivi.rss_query_en = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is "auto"
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1152,7 +1155,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
vf_rate.vf =
vf_tx_rate.vf =
vf_spoofchk.vf =
- vf_linkstate.vf = ivi.vf;
+ vf_linkstate.vf =
+ vf_rss_query_en.vf = ivi.vf;
memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac));
vf_vlan.vlan = ivi.vlan;
@@ -1162,6 +1166,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
vf_rate.max_tx_rate = ivi.max_tx_rate;
vf_spoofchk.setting = ivi.spoofchk;
vf_linkstate.link_state = ivi.linkstate;
+ vf_rss_query_en.setting = ivi.rss_query_en;
vf = nla_nest_start(skb, IFLA_VF_INFO);
if (!vf) {
nla_nest_cancel(skb, vfinfo);
@@ -1176,7 +1181,10 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
nla_put(skb, IFLA_VF_SPOOFCHK, sizeof(vf_spoofchk),
&vf_spoofchk) ||
nla_put(skb, IFLA_VF_LINK_STATE, sizeof(vf_linkstate),
- &vf_linkstate))
+ &vf_linkstate) ||
+ nla_put(skb, IFLA_VF_RSS_QUERY_EN,
+ sizeof(vf_rss_query_en),
+ &vf_rss_query_en))
goto nla_put_failure;
nla_nest_end(skb, vf);
}
@@ -1290,6 +1298,7 @@ static const struct nla_policy ifla_vf_policy[IFLA_VF_MAX+1] = {
[IFLA_VF_SPOOFCHK] = { .len = sizeof(struct ifla_vf_spoofchk) },
[IFLA_VF_RATE] = { .len = sizeof(struct ifla_vf_rate) },
[IFLA_VF_LINK_STATE] = { .len = sizeof(struct ifla_vf_link_state) },
+ [IFLA_VF_RSS_QUERY_EN] = { .len = sizeof(struct ifla_vf_rss_query_en) },
};
static const struct nla_policy ifla_port_policy[IFLA_PORT_MAX+1] = {
@@ -1500,6 +1509,17 @@ static int do_setvfinfo(struct net_device *dev, struct nlattr *attr)
ivl->link_state);
break;
}
+ case IFLA_VF_RSS_QUERY_EN: {
+ struct ifla_vf_rss_query_en *ivrssq_en;
+
+ ivrssq_en = nla_data(vf);
+ err = -EOPNOTSUPP;
+ if (ops->ndo_set_vf_rss_query_en)
+ err = ops->ndo_set_vf_rss_query_en(dev,
+ ivrssq_en->vf,
+ ivrssq_en->setting);
+ break;
+ }
default:
err = -EINVAL;
break;
--
2.1.0
next prev parent reply other threads:[~2015-03-22 19:01 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-22 19:01 [PATCH net-next v6 0/7]: ixgbevf: Allow querying VFs RSS indirection table and key Vlad Zolotarov
2015-03-22 19:01 ` Vlad Zolotarov [this message]
2015-03-23 10:30 ` [PATCH net-next v6 1/7] if_link: Add an additional parameter to ifla_vf_info for RSS querying Jeff Kirsher
2015-03-22 19:01 ` [PATCH net-next v6 2/7] ixgbe: Add a new netdev op to allow/prevent a VF from querying an RSS info Vlad Zolotarov
2015-03-23 10:30 ` Jeff Kirsher
2015-03-22 19:01 ` [PATCH net-next v6 3/7] ixgbe: Add a RETA query command to VF-PF channel API Vlad Zolotarov
2015-03-23 10:30 ` Jeff Kirsher
2015-03-22 19:01 ` [PATCH net-next v6 4/7] ixgbevf: Add a RETA query code Vlad Zolotarov
2015-03-23 10:31 ` Jeff Kirsher
2015-03-23 23:46 ` Tantilov, Emil S
2015-03-24 10:25 ` Vlad Zolotarov
2015-03-24 18:12 ` Tantilov, Emil S
2015-03-24 19:06 ` Vlad Zolotarov
2015-03-24 21:04 ` Tantilov, Emil S
2015-03-25 9:27 ` Vlad Zolotarov
2015-03-25 18:35 ` Tantilov, Emil S
2015-03-25 20:17 ` Vlad Zolotarov
2015-03-25 21:04 ` Alexander Duyck
2015-03-26 1:09 ` Tantilov, Emil S
2015-03-26 9:35 ` Vlad Zolotarov
2015-03-26 14:40 ` Alexander Duyck
2015-03-26 15:10 ` Vlad Zolotarov
2015-03-26 15:59 ` Alexander Duyck
2015-03-26 16:02 ` Vlad Zolotarov
2015-03-26 16:29 ` Vlad Zolotarov
2015-03-26 18:10 ` Vlad Zolotarov
2015-03-26 18:25 ` Alexander Duyck
[not found] ` <5511AFD6.2020406@cloudius-systems.com>
2015-03-24 22:50 ` Tantilov, Emil S
2015-03-25 9:29 ` Vlad Zolotarov
2015-03-25 9:39 ` Jeff Kirsher
2015-03-25 9:41 ` Vlad Zolotarov
2015-03-22 19:01 ` [PATCH net-next v6 5/7] ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set Vlad Zolotarov
2015-03-23 10:31 ` Jeff Kirsher
2015-03-22 19:01 ` [PATCH net-next v6 6/7] ixgbevf: Add RSS Key query code Vlad Zolotarov
2015-03-23 10:31 ` Jeff Kirsher
2015-03-22 19:01 ` [PATCH net-next v6 7/7] ixgbevf: Add the appropriate ethtool ops to query RSS indirection table and key Vlad Zolotarov
2015-03-23 10:31 ` Jeff Kirsher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1427050887-19412-2-git-send-email-vladz@cloudius-systems.com \
--to=vladz@cloudius-systems.com \
--cc=avi@cloudius-systems.com \
--cc=gleb@cloudius-systems.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.