* [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV
@ 2020-08-21 1:16 Carolyn Wyborny
2020-08-21 1:17 ` [RFC PATCH net-next 1/2] net: Implement granular VF trust flags Carolyn Wyborny
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Carolyn Wyborny @ 2020-08-21 1:16 UTC (permalink / raw)
To: netdev; +Cc: davem, kuba, jesse.brandeburg, tom.herbert
Proposal for Granular VF Trust Flags for SR-IOV
I would like to propose extending the concept of VF trust in a more
granular way by creating VF trust flags. VF Trust Flags would allow more
flexibility in assigning privileges to VF's administratively in SR-IOV.
Users are asking for more configuration to be available in the VF.
Features for one use case like a firewall are not always wanted in a
different type of privilegd VF. If a base set of generic privileges could be
configured in a more granular way, they can be combined in a more flexible
way by the user.
The implementation would do this by by adding a new iflattribute for trust
flags which defines the flags in an nla_bitfield32. The changes `would
also include changes to .ndo_set_vf_trust parameters, different or converted
settings in .ndo_get_vf_config, kernel validation of the trust flags and
driver changes for those that implement .ndo_set_vf_trust. There will also
be changes proposed for ip link in the iproute2 toolset.
This patchset provides an example implementation that is not complete.
It does not include the full validation of the feature flags in the kernel,
all the helper macros likely needed for the trust flags nor all the driver
changes needed. It also needs a method for advertising supported privileges
and validation to ensure unsupported privileges are not being set.
It does have a simple example driver implementation in igb. The full
patchset will include all these things.
I'd like to start the discussion about the general idea and then begin the
dicussion about a base set of VF privleges that would be generic across the
device vendors.
---
Carolyn Wyborny (2):
net: Implement granular VF trust flags
igb: Implement granular VF trust flags
drivers/net/ethernet/intel/igb/igb.h | 2 +
drivers/net/ethernet/intel/igb/igb_main.c | 21 ++++++-----
include/linux/if_link.h | 2 +
include/linux/netdevice.h | 4 +-
include/uapi/linux/if_link.h | 53 ++++++++++++++++++++++++++++-
net/core/rtnetlink.c | 41 +++++++++++++++++++++-
tools/include/uapi/linux/if_link.h | 53 ++++++++++++++++++++++++++++-
7 files changed, 157 insertions(+), 19 deletions(-)
--
Signature
^ permalink raw reply [flat|nested] 7+ messages in thread
* [RFC PATCH net-next 1/2] net: Implement granular VF trust flags
2020-08-21 1:16 [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Carolyn Wyborny
@ 2020-08-21 1:17 ` Carolyn Wyborny
2020-08-21 3:35 ` kernel test robot
2020-08-21 3:56 ` kernel test robot
2020-08-21 1:18 ` [RFC PATCH net-next 2/2] igb: " Carolyn Wyborny
2020-08-25 16:31 ` [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Shannon Nelson
2 siblings, 2 replies; 7+ messages in thread
From: Carolyn Wyborny @ 2020-08-21 1:17 UTC (permalink / raw)
To: netdev; +Cc: davem, kuba, jesse.brandeburg, tom.herbert
Add generic VF privilege defines as trust flags, ifla_vf_trust_flags
struct and validation by the kernel of flags configured by drivers.
These are all for use with granular VF Trust flags feature. See known
limitations and gaps in the cover message.
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
---
include/linux/if_link.h | 2 +
include/linux/netdevice.h | 4 +--
include/uapi/linux/if_link.h | 53 +++++++++++++++++++++++++++++++++++-
net/core/rtnetlink.c | 41 ++++++++++++++++++++++++++--
tools/include/uapi/linux/if_link.h | 53 +++++++++++++++++++++++++++++++++++-
5 files changed, 145 insertions(+), 8 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index 622658dfbf0a..7f0ec02b5c11 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -27,7 +27,7 @@ struct ifla_vf_info {
__u32 min_tx_rate;
__u32 max_tx_rate;
__u32 rss_query_en;
- __u32 trusted;
+ vf_trust_flags_t trust_flags;
__be16 vlan_proto;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index b0e303f6603f..7081d47af18b 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1080,7 +1080,7 @@ struct netdev_net_notifier {
* int (*ndo_set_vf_rate)(struct net_device *dev, int vf, int min_tx_rate,
* int max_tx_rate);
* int (*ndo_set_vf_spoofchk)(struct net_device *dev, int vf, bool setting);
- * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, bool setting);
+ * int (*ndo_set_vf_trust)(struct net_device *dev, int vf, vf_trust_flags_t flags);
* int (*ndo_get_vf_config)(struct net_device *dev,
* int vf, struct ifla_vf_info *ivf);
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int link_state);
@@ -1345,7 +1345,7 @@ struct net_device_ops {
int (*ndo_set_vf_spoofchk)(struct net_device *dev,
int vf, bool setting);
int (*ndo_set_vf_trust)(struct net_device *dev,
- int vf, bool setting);
+ int vf, vf_trust_flags_t flags);
int (*ndo_get_vf_config)(struct net_device *dev,
int vf,
struct ifla_vf_info *ivf);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 7fba4de511de..bfc69a1703dc 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -727,11 +727,12 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
- IFLA_VF_TRUST, /* Trust VF */
+ IFLA_VF_TRUST, /* Trust VF all/nothing */
IFLA_VF_IB_NODE_GUID, /* VF Infiniband node GUID */
IFLA_VF_IB_PORT_GUID, /* VF Infiniband port GUID */
IFLA_VF_VLAN_LIST, /* nested list of vlans, option for QinQ */
IFLA_VF_BROADCAST, /* VF broadcast */
+ IFLA_VF_TRUST_FLAGS, /* VF Trust flags */
__IFLA_VF_MAX,
};
@@ -826,6 +827,56 @@ struct ifla_vf_trust {
__u32 setting;
};
+/* Granular Trust via trust flags - similar to netdev feature flags */
+typedef u32 vf_trust_flags_t;
+
+enum {
+ VF_TRUST_F_LEGACY_BIT, /* Original all or nothing */
+ VF_TRUST_F_ADV_FLOW_BIT, /* Advanced traffic flow features */
+ VF_TRUST_F_MIRROR_BIT, /* Mirroring */
+ VF_TRUST_F_UC_PROM_BIT, /* Unicast promiscuous mode */
+ VF_TRUST_F_VLAN_PROM_BIT, /* Vlan promiscuous mode */
+ VF_TRUST_F_MC_PROM_BIT, /* Multicast promiscuous mode */
+ VF_TRUST_F_MACADDR_CHANGE_BIT, /* MAC Address change */
+ VF_TRUST_F_MTU_CHANGE_BIT, /* MTU Change */
+ VF_TRUST_F_MAC_SPFCHK_DIS_BIT, /* MAC Spoofcheck Disable */
+ VF_TRUST_F_VLAN_SPFCHK_DIS_BIT, /* VLAN Spoofcheck Disable */
+
+ /* Add new generic VF Trust features here */
+
+ VF_TRUST_F_COUNT
+};
+
+/* trust flag helpers - TODO: need to complete this, example only */
+#define VF_TRUST_BIT(bit) ((vf_trust_flags_t)1 << (bit))
+#define VF_TRUST(name) VF_TRUST_BIT(VF_TRUST_F_##name##_BIT)
+
+#define VF_TRUST_F_LEGACY VF_TRUST(LEGACY)
+#define VF_TRUST_F_ADV_FLOW VF_TRUST(ADV_FLOW)
+#define VF_TRUST_F_MIRROR VF_TRUST(MIRROR)
+#define VF_TRUST_F_UC_PROM VF_TRUST(UC_PROM)
+#define VF_TRUST_F_VLAN_PROM VF_TRUST(VLAN_PROM)
+#define VF_TRUST_F_MC_PROM VF_TRUST(MC_PROM)
+#define VF_TRUST_F_MACADDR_CHANGE VF_TRUST(MACADDR_CHANGE)
+#define VF_TRUST_F_MTU_CHANGE VF_TRUST(MTU_CHANGE)
+#define VF_TRUST_F_MAC_SPFCHK_DIS VF_TRUST(MAC_SPFCHK_DIS
+#define VF_TRUST_F_VLAN_SPFCHK_DIS VF_TRUST(VLAN_SPFCHK_DIS
+
+#define VF_TRUST_F_ALL (VF_TRUST_F_ADV_FLOW | \
+ VF_TRUST_F_MIRROR | \
+ VF_TRUST_F_UC_PROM | \
+ VF_TRUST_F_VLAN_PROM | \
+ VF_TRUST_F_MC_PROM | \
+ VF_TRUST_F_MACADDR_CHANGE | \
+ VF_TRUST_F_MTU_CHANGE | \
+ VF_TRUST_F_MAC_SPFCHK_DIS | \
+ VF_TRUST_F_VLAN_SPFCHK_DIS)
+
+struct ifla_vf_trust_flags {
+ __u32 vf;
+ nla_bitfield32 flags;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 68e0682450c6..bda25fec16a1 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -946,7 +946,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev,
nla_total_size_64bit(sizeof(__u64)) +
/* IFLA_VF_STATS_TX_DROPPED */
nla_total_size_64bit(sizeof(__u64)) +
- nla_total_size(sizeof(struct ifla_vf_trust)));
+ nla_total_size(sizeof(struct ifla_vf_trust)) +
+ nla_total_size(sizeof(strucct ifla_vf_trust_flags)));
return size;
} else
return 0;
@@ -1226,6 +1227,7 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
struct ifla_vf_rss_query_en vf_rss_query_en;
struct nlattr *vf, *vfstats, *vfvlanlist;
struct ifla_vf_link_state vf_linkstate;
+ struct ifla_vf_trust_flags vf_trust_flags;
struct ifla_vf_vlan_info vf_vlan_info;
struct ifla_vf_spoofchk vf_spoofchk;
struct ifla_vf_tx_rate vf_tx_rate;
@@ -1249,6 +1251,10 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
ivi.spoofchk = -1;
ivi.rss_query_en = -1;
ivi.trusted = -1;
+
+ /* Setting trust flags to default untrusted */
+ ivi.trust_flags = 0;
+
/* The default value for VF link state is "auto"
* IFLA_VF_LINK_STATE_AUTO which equals zero
*/
@@ -1271,6 +1277,7 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
vf_linkstate.vf =
vf_rss_query_en.vf =
vf_trust.vf =
+ vf_trust_flags.vf =
node_guid.vf =
port_guid.vf = ivi.vf;
@@ -1288,6 +1295,13 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
vf_linkstate.link_state = ivi.linkstate;
vf_rss_query_en.setting = ivi.rss_query_en;
vf_trust.setting = ivi.trusted;
+ /* TODO need to define privilege caps as well and best way to convert */
+ vf_trust_flags.flags = ivi.trust_flags;
+ if (ivi.trust_flags)
+ vf_trust_flags.flags |= VF_TRUST_F_LEGACY;
+ /* TODO set vf_trust.setting here too */
+ else
+ vf_trust_flags.flags = ivi.trust_flags;
vf = nla_nest_start_noflag(skb, IFLA_VF_INFO);
if (!vf)
goto nla_put_vfinfo_failure;
@@ -1306,7 +1320,9 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
sizeof(vf_rss_query_en),
&vf_rss_query_en) ||
nla_put(skb, IFLA_VF_TRUST,
- sizeof(vf_trust), &vf_trust))
+ sizeof(vf_trust), &vf_trust) ||
+ nla_put(skb, IFLA_VF_TRUST_FLAGS,
+ sizeof(vf_trust_flags), &vf_trust_flags))
goto nla_put_vf_failure;
if (dev->netdev_ops->ndo_get_vf_guid &&
@@ -1896,6 +1912,7 @@ static const struct nla_policy ifla_vf_policy[IFLA_VF_MAX+1] = {
[IFLA_VF_RSS_QUERY_EN] = { .len = sizeof(struct ifla_vf_rss_query_en) },
[IFLA_VF_STATS] = { .type = NLA_NESTED },
[IFLA_VF_TRUST] = { .len = sizeof(struct ifla_vf_trust) },
+ [IFLA_VF_TRUST_FLAGS] = { .len = sizeof(struct ifla_vf_trust_flags) },
[IFLA_VF_IB_NODE_GUID] = { .len = sizeof(struct ifla_vf_guid) },
[IFLA_VF_IB_PORT_GUID] = { .len = sizeof(struct ifla_vf_guid) },
};
@@ -2458,8 +2475,26 @@ static int do_setvfinfo(struct net_device *dev, struct nlattr **tb)
if (ivt->vf >= INT_MAX)
return -EINVAL;
err = -EOPNOTSUPP;
+
+ if (ivt->setting >= 0)
+ ivtf->flags = VF_TRUST_F_LEGACY;
if (ops->ndo_set_vf_trust)
- err = ops->ndo_set_vf_trust(dev, ivt->vf, ivt->setting);
+ err = ops->ndo_set_vf_trust(dev, ivt->vf, (vf_trust_flags_t)ivt->setting);
+ if (err < 0)
+ return err;
+ }
+
+ if (tb[IFLA_VF_TRUST_FLAGS]) {
+ struct ifla_vf_trust_flags *ivtf = nla_data(tb[IFLA_VF_TRUST_FLAGS]);
+
+ if (ivtf->vf >= INT_MAX)
+ return -EINVAL;
+ err = -EOPNOTSUPP;
+ if (ops->ndo_set_vf_trust) {
+ /* TODO need flag val and priv cap's check here */
+ err = ops->ndo_set_vf_trust(dev, ivtf->vf,
+ ivtf->flags);
+ }
if (err < 0)
return err;
}
diff --git a/tools/include/uapi/linux/if_link.h b/tools/include/uapi/linux/if_link.h
index 781e482dc499..32de860904ee 100644
--- a/tools/include/uapi/linux/if_link.h
+++ b/tools/include/uapi/linux/if_link.h
@@ -705,11 +705,12 @@ enum {
* on/off switch
*/
IFLA_VF_STATS, /* network device statistics */
- IFLA_VF_TRUST, /* Trust VF */
+ IFLA_VF_TRUST, /* Trust VF all/nothing */
IFLA_VF_IB_NODE_GUID, /* VF Infiniband node GUID */
IFLA_VF_IB_PORT_GUID, /* VF Infiniband port GUID */
IFLA_VF_VLAN_LIST, /* nested list of vlans, option for QinQ */
IFLA_VF_BROADCAST, /* VF broadcast */
+ IFLA_VF_TRUST_FLAGS, /* VF Trust flags */
__IFLA_VF_MAX,
};
@@ -804,6 +805,56 @@ struct ifla_vf_trust {
__u32 setting;
};
+/* Granular Trust via trust flags - similar to netdev feature flags */
+typedef u32 vf_trust_flags_t
+
+enum {
+ VF_TRUST_F_LEGACY_BIT, /* Original all or nothing */
+ VF_TRUST_F_ADV_FLOW_BIT, /* Advanced traffic flow features */
+ VF_TRUST_F_MIRROR_BIT, /* Mirroring */
+ VF_TRUST_F_UC_PROM_BIT, /* Unicast promiscuous mode */
+ VF_TRUST_F_VLAN_PROM_BIT, /* Vlan promiscuous mode */
+ VF_TRUST_F_MC_PROM_BIT, /* Multicast promiscuous mode */
+ VF_TRUST_F_MACADDR_CHANGE_BIT, /* MAC Address change */
+ VF_TRUST_F_MTU_CHANGE_BIT, /* MTU Change */
+ VF_TRUST_F_MAC_SPFCHK_DIS_BIT, /* MAC Spoofcheck Disable */
+ VF_TRUST_F_VLAN_SPFCHK_DIS_BIT, /* VLAN Spoofcheck Disable */
+
+ /* Add new generic VF Trust features here */
+
+ VF_TRUST_FLAGS_COUNT
+};
+
+/* trust flag helpers - TODO: need to finish this, example only */
+#define VF_TRUST_BIT(bit) ((vf_trust_flags_t)1 << (bit))
+#define VF_TRUST(name) VF_TRUST_BIT(VF_TRUST_F_##name##_BIT)
+
+#define VF_TRUST_F_LEGACY VF_TRUST(LEGACY)
+#define VF_TRUST_F_ADV_FLOW VF_TRUST(ADV_FLOW)
+#define VF_TRUST_F_MIRROR VF_TRUST(MIRROR)
+#define VF_TRUST_F_UC_PROM VF_TRUST(UC_PROM)
+#define VF_TRUST_F_VLAN_PROM VF_TRUST(VLAN_PROM)
+#define VF_TRUST_F_MC_PROM VF_TRUST(MC_PROM)
+#define VF_TRUST_F_MACADDR_CHANGE VF_TRUST(MACADDR_CHANGE)
+#define VF_TRUST_F_MTU_CHANGE VF_TRUST(MTU_CHANGE)
+#define VF_TRUST_F_MAC_SPFCHK_DIS VF_TRUST(MAC_SPFCHK_DIS
+#define VF_TRUST_F_VLAN_SPFCHK_DIS VF_TRUST(VLAN_SPFCHK_DIS
+
+#define VF_TRUST_F_ALL (VF_TRUST_F_ADV_FLOW | \
+ VF_TRUST_F_MIRROR | \
+ VF_TRUST_F_UC_PROM | \
+ VF_TRUST_F_VLAN_PROM | \
+ VF_TRUST_F_MC_PROM | \
+ VF_TRUST_F_MACADDR_CHANGE | \
+ VF_TRUST_F_MTU_CHANGE | \
+ VF_TRUST_F_MAC_SPFCHK_DIS | \
+ VF_TRUST_F_VLAN_SPFCHK_DIS)
+
+struct ifla_vf_trust_flags {
+ __u32 vf;
+ nla_bitfield32 flags;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [RFC PATCH net-next 2/2] igb: Implement granular VF trust flags
2020-08-21 1:16 [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Carolyn Wyborny
2020-08-21 1:17 ` [RFC PATCH net-next 1/2] net: Implement granular VF trust flags Carolyn Wyborny
@ 2020-08-21 1:18 ` Carolyn Wyborny
2020-08-25 16:31 ` [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Shannon Nelson
2 siblings, 0 replies; 7+ messages in thread
From: Carolyn Wyborny @ 2020-08-21 1:18 UTC (permalink / raw)
To: netdev; +Cc: davem, kuba, jesse.brandeburg, tom.herbert
Implement granular VF trust flags feature in the igb driver. See
known limitations and gaps in cover message.
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
---
drivers/net/ethernet/intel/igb/igb.h | 2 +-
drivers/net/ethernet/intel/igb/igb_main.c | 21 +++++++++++----------
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb.h b/drivers/net/ethernet/intel/igb/igb.h
index 2f015b60a995..073a3f764f3f 100644
--- a/drivers/net/ethernet/intel/igb/igb.h
+++ b/drivers/net/ethernet/intel/igb/igb.h
@@ -89,7 +89,7 @@ struct vf_data_storage {
u16 pf_qos;
u16 tx_rate;
bool spoofchk_enabled;
- bool trusted;
+ vf_trust_flags_t trust_flags;
};
/* Number of unicast MAC filters reserved for the PF in the RAR registers */
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 4f05f6efe6af..63a2df986f90 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -164,7 +164,7 @@ static int igb_ndo_set_vf_bw(struct net_device *, int, int, int);
static int igb_ndo_set_vf_spoofchk(struct net_device *netdev, int vf,
bool setting);
static int igb_ndo_set_vf_trust(struct net_device *netdev, int vf,
- bool setting);
+ vf_trust_flags_t flags);
static int igb_ndo_get_vf_config(struct net_device *netdev, int vf,
struct ifla_vf_info *ivi);
static void igb_check_vf_rate_limit(struct igb_adapter *);
@@ -6756,7 +6756,7 @@ static int igb_vf_configure(struct igb_adapter *adapter, int vf)
adapter->vf_data[vf].spoofchk_enabled = true;
/* By default VFs are not trusted */
- adapter->vf_data[vf].trusted = false;
+ adapter->vf_data[vf].trust_flags = 0;
return 0;
}
@@ -7397,7 +7397,7 @@ static int igb_set_vf_mac_filter(struct igb_adapter *adapter, const int vf,
break;
case E1000_VF_MAC_FILTER_ADD:
if ((vf_data->flags & IGB_VF_FLAG_PF_SET_MAC) &&
- !vf_data->trusted) {
+ !(vf_data->trust_flags & VF_TRUST_F_ADV_FLOW)) {
dev_warn(&pdev->dev,
"VF %d requested MAC filter but is administratively denied\n",
vf);
@@ -7455,7 +7455,7 @@ static int igb_set_vf_mac_addr(struct igb_adapter *adapter, u32 *msg, int vf)
if (!info) {
if ((vf_data->flags & IGB_VF_FLAG_PF_SET_MAC) &&
- !vf_data->trusted) {
+ !(vf_data->trust_flags & VF_TRUST_F_MACADDR_CHANGE)) {
dev_warn(&pdev->dev,
"VF %d attempted to override administratively set MAC address\nReload the VF driver to resume operations\n",
vf);
@@ -9333,19 +9333,20 @@ static int igb_ndo_set_vf_spoofchk(struct net_device *netdev, int vf,
return 0;
}
-static int igb_ndo_set_vf_trust(struct net_device *netdev, int vf, bool setting)
+static int igb_ndo_set_vf_trust(struct net_device *netdev, int vf,
+ vf_trust_flags_t flags)
{
struct igb_adapter *adapter = netdev_priv(netdev);
if (vf >= adapter->vfs_allocated_count)
return -EINVAL;
- if (adapter->vf_data[vf].trusted == setting)
+ if (adapter->vf_data[vf].trust_flags == flags)
return 0;
- adapter->vf_data[vf].trusted = setting;
+ adapter->vf_data[vf].trust_flags = flags;
- dev_info(&adapter->pdev->dev, "VF %u is %strusted\n",
- vf, setting ? "" : "not ");
+ dev_info(&adapter->pdev->dev, "VF %u trust_flags=%x\n",
+ vf, flags);
return 0;
}
@@ -9362,7 +9363,7 @@ static int igb_ndo_get_vf_config(struct net_device *netdev,
ivi->vlan = adapter->vf_data[vf].pf_vlan;
ivi->qos = adapter->vf_data[vf].pf_qos;
ivi->spoofchk = adapter->vf_data[vf].spoofchk_enabled;
- ivi->trusted = adapter->vf_data[vf].trusted;
+ ivi->trust_flags = adapter->vf_data[vf].trust_flags;
return 0;
}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [RFC PATCH net-next 1/2] net: Implement granular VF trust flags
2020-08-21 1:17 ` [RFC PATCH net-next 1/2] net: Implement granular VF trust flags Carolyn Wyborny
@ 2020-08-21 3:35 ` kernel test robot
2020-08-21 3:56 ` kernel test robot
1 sibling, 0 replies; 7+ messages in thread
From: kernel test robot @ 2020-08-21 3:35 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 12913 bytes --]
Hi Carolyn,
[FYI, it's a private test report for your RFC patch.]
[auto build test ERROR on net-next/master]
url: https://github.com/0day-ci/linux/commits/Carolyn-Wyborny/Granular-VF-Trust-Flags-for-SR-IOV/20200821-092637
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git 1e76a2ff317d0dd9db60b5d9bb6e8215c1513fa8
config: alpha-randconfig-r015-20200821 (attached as .config)
compiler: alpha-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=alpha
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/intel/ixgbe/ixgbe_main.c:7:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c:10240:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
10240 | .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
| ^~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c:10240:22: note: (near initialization for 'ixgbe_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c:7:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c: In function 'ixgbe_ndo_get_vf_config':
>> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c:1717:5: error: 'struct ifla_vf_info' has no member named 'trusted'
1717 | ivi->trusted = adapter->vfinfo[vf].trusted;
| ^~
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from include/linux/etherdevice.h:21,
from drivers/net/ethernet/intel/i40e/i40e_main.c:4:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/intel/i40e/i40e_main.c:12959:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
12959 | .ndo_set_vf_trust = i40e_ndo_set_vf_trust,
| ^~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/i40e/i40e_main.c:12959:22: note: (near initialization for 'i40e_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from include/net/sock.h:46,
from include/linux/tcp.h:19,
from include/net/tcp.h:20,
from drivers/net/ethernet/intel/i40e/i40e.h:7,
from drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c: In function 'i40e_ndo_get_vf_config':
>> drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4387:5: error: 'struct ifla_vf_info' has no member named 'trusted'
4387 | ivi->trusted = vf->trusted;
| ^~
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/qlogic/qede/qede_main.c:12:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/qlogic/qede/qede_main.c:653:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
653 | .ndo_set_vf_trust = qede_set_vf_trust,
| ^~~~~~~~~~~~~~~~~
drivers/net/ethernet/qlogic/qede/qede_main.c:653:22: note: (near initialization for 'qede_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
# https://github.com/0day-ci/linux/commit/4bb6e978a1d0ad9d75c7da88901c610afa0ac3e4
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Carolyn-Wyborny/Granular-VF-Trust-Flags-for-SR-IOV/20200821-092637
git checkout 4bb6e978a1d0ad9d75c7da88901c610afa0ac3e4
vim +10240 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
6453073987ba392 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2017-07-17 10221
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10222 static const struct net_device_ops ixgbe_netdev_ops = {
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10223 .ndo_open = ixgbe_open,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10224 .ndo_stop = ixgbe_close,
008298231abbeb9 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-20 10225 .ndo_start_xmit = ixgbe_xmit_frame,
e90d400c2b65c7b drivers/net/ixgbe/ixgbe_main.c Chris Leech 2009-03-10 10226 .ndo_set_rx_mode = ixgbe_set_rx_mode,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10227 .ndo_validate_addr = eth_validate_addr,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10228 .ndo_set_mac_address = ixgbe_set_mac,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10229 .ndo_change_mtu = ixgbe_change_mtu,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10230 .ndo_tx_timeout = ixgbe_tx_timeout,
c04f90e59243148 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Rostislav Pehlivanov 2016-01-27 10231 .ndo_set_tx_maxrate = ixgbe_tx_maxrate,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10232 .ndo_vlan_rx_add_vid = ixgbe_vlan_rx_add_vid,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10233 .ndo_vlan_rx_kill_vid = ixgbe_vlan_rx_kill_vid,
6b73e10d2d89f9c drivers/net/ixgbe/ixgbe_main.c Ben Hutchings 2009-04-29 10234 .ndo_do_ioctl = ixgbe_ioctl,
7f01648aa32185b drivers/net/ixgbe/ixgbe_main.c Greg Rose 2010-05-04 10235 .ndo_set_vf_mac = ixgbe_ndo_set_vf_mac,
7f01648aa32185b drivers/net/ixgbe/ixgbe_main.c Greg Rose 2010-05-04 10236 .ndo_set_vf_vlan = ixgbe_ndo_set_vf_vlan,
ed616689a3d95eb drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Sucheta Chakraborty 2014-05-22 10237 .ndo_set_vf_rate = ixgbe_ndo_set_vf_bw,
de4c7f653b2ff24 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Greg Rose 2011-09-29 10238 .ndo_set_vf_spoofchk = ixgbe_ndo_set_vf_spoofchk,
e65ce0d395c2822 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Vlad Zolotarov 2015-03-30 10239 .ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
54011e4db839504 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Hiroshi Shimamoto 2015-08-28 @10240 .ndo_set_vf_trust = ixgbe_ndo_set_vf_trust,
7f01648aa32185b drivers/net/ixgbe/ixgbe_main.c Greg Rose 2010-05-04 10241 .ndo_get_vf_config = ixgbe_ndo_get_vf_config,
de1036b1cea147c drivers/net/ixgbe/ixgbe_main.c Eric Dumazet 2010-10-20 10242 .ndo_get_stats64 = ixgbe_get_stats64,
e4c6734eaab9069 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2016-02-16 10243 .ndo_setup_tc = __ixgbe_setup_tc,
332d4a7d981e25d drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-05-13 10244 #ifdef IXGBE_FCOE
eadec877ce9ca46 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Alexander Duyck 2018-07-09 10245 .ndo_select_queue = ixgbe_select_queue,
332d4a7d981e25d drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-05-13 10246 .ndo_fcoe_ddp_setup = ixgbe_fcoe_ddp_get,
68a683cf6a5ff09 drivers/net/ixgbe/ixgbe_main.c Yi Zou 2011-02-01 10247 .ndo_fcoe_ddp_target = ixgbe_fcoe_ddp_target,
332d4a7d981e25d drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-05-13 10248 .ndo_fcoe_ddp_done = ixgbe_fcoe_ddp_put,
8450ff8cd7fba6e drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-08-31 10249 .ndo_fcoe_enable = ixgbe_fcoe_enable,
8450ff8cd7fba6e drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-08-31 10250 .ndo_fcoe_disable = ixgbe_fcoe_disable,
61a1fa102ada6d8 drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-10-28 10251 .ndo_fcoe_get_wwn = ixgbe_fcoe_get_wwn,
ea81875ae07aeac drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Neerav Parikh 2012-01-04 10252 .ndo_fcoe_get_hbainfo = ixgbe_fcoe_get_hbainfo,
332d4a7d981e25d drivers/net/ixgbe/ixgbe_main.c Yi Zou 2009-05-13 10253 #endif /* IXGBE_FCOE */
082757afcf7d6e4 drivers/net/ixgbe/ixgbe_main.c Don Skidmore 2011-07-21 10254 .ndo_set_features = ixgbe_set_features,
082757afcf7d6e4 drivers/net/ixgbe/ixgbe_main.c Don Skidmore 2011-07-21 10255 .ndo_fix_features = ixgbe_fix_features,
0f4b0add851a741 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2012-04-15 10256 .ndo_fdb_add = ixgbe_ndo_fdb_add,
815cccbf10b2711 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2012-10-24 10257 .ndo_bridge_setlink = ixgbe_ndo_bridge_setlink,
815cccbf10b2711 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2012-10-24 10258 .ndo_bridge_getlink = ixgbe_ndo_bridge_getlink,
2a47fa45d4dfbc5 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2013-11-06 10259 .ndo_dfwd_add_station = ixgbe_fwd_add,
2a47fa45d4dfbc5 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2013-11-06 10260 .ndo_dfwd_del_station = ixgbe_fwd_del,
dc221851ffd1e6e drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Jakub Kicinski 2020-07-09 10261 .ndo_udp_tunnel_add = udp_tunnel_nic_add_port,
dc221851ffd1e6e drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Jakub Kicinski 2020-07-09 10262 .ndo_udp_tunnel_del = udp_tunnel_nic_del_port,
f467bc06022d4d3 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Mark Rustad 2015-06-15 10263 .ndo_features_check = ixgbe_features_check,
f4e63525ee35f9c drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Jakub Kicinski 2017-11-03 10264 .ndo_bpf = ixgbe_xdp,
6453073987ba392 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c John Fastabend 2017-07-17 10265 .ndo_xdp_xmit = ixgbe_xdp_xmit,
9116e5e2b1fff71 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c Magnus Karlsson 2019-08-14 10266 .ndo_xsk_wakeup = ixgbe_xsk_wakeup,
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10267 };
0edc352743156a3 drivers/net/ixgbe/ixgbe_main.c Stephen Hemminger 2008-11-19 10268
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 24783 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [RFC PATCH net-next 1/2] net: Implement granular VF trust flags
2020-08-21 1:17 ` [RFC PATCH net-next 1/2] net: Implement granular VF trust flags Carolyn Wyborny
2020-08-21 3:35 ` kernel test robot
@ 2020-08-21 3:56 ` kernel test robot
1 sibling, 0 replies; 7+ messages in thread
From: kernel test robot @ 2020-08-21 3:56 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 10594 bytes --]
Hi Carolyn,
[FYI, it's a private test report for your RFC patch.]
[auto build test ERROR on net-next/master]
url: https://github.com/0day-ci/linux/commits/Carolyn-Wyborny/Granular-VF-Trust-Flags-for-SR-IOV/20200821-092637
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git 1e76a2ff317d0dd9db60b5d9bb6e8215c1513fa8
config: arc-allyesconfig (attached as .config)
compiler: arc-elf-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=arc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from include/linux/etherdevice.h:21,
from drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:6:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c: In function 'hclge_get_vf_config':
>> drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:2930:5: error: 'struct ifla_vf_info' has no member named 'trusted'
2930 | ivf->trusted = vport->vf_info.trusted;
| ^~
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/intel/ice/ice.h:12,
from drivers/net/ethernet/intel/ice/ice_main.c:9:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/intel/ice/ice_main.c:6815:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
6815 | .ndo_set_vf_trust = ice_set_vf_trust,
| ^~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/ice/ice_main.c:6815:22: note: (near initialization for 'ice_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/intel/ice/ice.h:12,
from drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:4:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c: In function 'ice_get_vf_cfg':
>> drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3789:5: error: 'struct ifla_vf_info' has no member named 'trusted'
3789 | ivi->trusted = vf->trusted;
| ^~
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from include/trace/events/xdp.h:8,
from include/linux/bpf_trace.h:5,
from drivers/net/ethernet/netronome/nfp/nfp_net_common.c:16:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/netronome/nfp/nfp_net_common.c:3655:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
3655 | .ndo_set_vf_trust = nfp_app_set_vf_trust,
| ^~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/netronome/nfp/nfp_net_common.c:3655:22: note: (near initialization for 'nfp_net_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from include/linux/etherdevice.h:21,
from drivers/net/ethernet/netronome/nfp/nfp_net_repr.c:4:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/netronome/nfp/nfp_net_repr.c:270:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
270 | .ndo_set_vf_trust = nfp_app_set_vf_trust,
| ^~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/netronome/nfp/nfp_net_repr.c:270:22: note: (near initialization for 'nfp_repr_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from include/linux/etherdevice.h:21,
from drivers/net/ethernet/netronome/nfp/nfp_net_sriov.c:6:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
drivers/net/ethernet/netronome/nfp/nfp_net_sriov.c: In function 'nfp_app_get_vf_config':
>> drivers/net/ethernet/netronome/nfp/nfp_net_sriov.c:240:5: error: 'struct ifla_vf_info' has no member named 'trusted'
240 | ivi->trusted = FIELD_GET(NFP_NET_VF_CFG_CTRL_TRUST, flags);
| ^~
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/broadcom/bnxt/bnxt.c:22:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
>> drivers/net/ethernet/broadcom/bnxt/bnxt.c:11734:22: error: initialization of 'int (*)(struct net_device *, int, vf_trust_flags_t)' {aka 'int (*)(struct net_device *, int, unsigned int)'} from incompatible pointer type 'int (*)(struct net_device *, int, bool)' {aka 'int (*)(struct net_device *, int, _Bool)'} [-Werror=incompatible-pointer-types]
11734 | .ndo_set_vf_trust = bnxt_set_vf_trust,
| ^~~~~~~~~~~~~~~~~
drivers/net/ethernet/broadcom/bnxt/bnxt.c:11734:22: note: (near initialization for 'bnxt_netdev_ops.ndo_set_vf_trust')
cc1: some warnings being treated as errors
--
In file included from include/linux/if_link.h:5,
from include/uapi/linux/netdevice.h:32,
from include/linux/netdevice.h:47,
from drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:13:
include/uapi/linux/if_link.h:877:2: error: unknown type name 'nla_bitfield32'
877 | nla_bitfield32 flags;
| ^~~~~~~~~~~~~~
drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c: In function 'bnxt_get_vf_config':
>> drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:196:5: error: 'struct ifla_vf_info' has no member named 'trusted'
196 | ivi->trusted = bnxt_is_trusted_vf(bp, vf);
| ^~
# https://github.com/0day-ci/linux/commit/4bb6e978a1d0ad9d75c7da88901c610afa0ac3e4
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Carolyn-Wyborny/Granular-VF-Trust-Flags-for-SR-IOV/20200821-092637
git checkout 4bb6e978a1d0ad9d75c7da88901c610afa0ac3e4
vim +2930 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
6430f744a45adb Yufeng Mo 2019-10-08 2916
6430f744a45adb Yufeng Mo 2019-10-08 2917 static int hclge_get_vf_config(struct hnae3_handle *handle, int vf,
6430f744a45adb Yufeng Mo 2019-10-08 2918 struct ifla_vf_info *ivf)
6430f744a45adb Yufeng Mo 2019-10-08 2919 {
6430f744a45adb Yufeng Mo 2019-10-08 2920 struct hclge_vport *vport = hclge_get_vport(handle);
6430f744a45adb Yufeng Mo 2019-10-08 2921 struct hclge_dev *hdev = vport->back;
6430f744a45adb Yufeng Mo 2019-10-08 2922
6430f744a45adb Yufeng Mo 2019-10-08 2923 vport = hclge_get_vf_vport(hdev, vf);
6430f744a45adb Yufeng Mo 2019-10-08 2924 if (!vport)
6430f744a45adb Yufeng Mo 2019-10-08 2925 return -EINVAL;
6430f744a45adb Yufeng Mo 2019-10-08 2926
6430f744a45adb Yufeng Mo 2019-10-08 2927 ivf->vf = vf;
6430f744a45adb Yufeng Mo 2019-10-08 2928 ivf->linkstate = vport->vf_info.link_state;
22044f95faa05c Jian Shen 2019-10-08 2929 ivf->spoofchk = vport->vf_info.spoofchk;
e196ec75958e16 Jian Shen 2019-10-08 @2930 ivf->trusted = vport->vf_info.trusted;
ee9e44248f52b6 Yonglong Liu 2019-10-08 2931 ivf->min_tx_rate = 0;
ee9e44248f52b6 Yonglong Liu 2019-10-08 2932 ivf->max_tx_rate = vport->vf_info.max_tx_rate;
89b40c7fe2a8b3 Huazhong Tan 2019-12-19 2933 ivf->vlan = vport->port_base_vlan_cfg.vlan_info.vlan_tag;
89b40c7fe2a8b3 Huazhong Tan 2019-12-19 2934 ivf->vlan_proto = htons(vport->port_base_vlan_cfg.vlan_info.vlan_proto);
89b40c7fe2a8b3 Huazhong Tan 2019-12-19 2935 ivf->qos = vport->port_base_vlan_cfg.vlan_info.qos;
6430f744a45adb Yufeng Mo 2019-10-08 2936 ether_addr_copy(ivf->mac, vport->vf_info.mac);
6430f744a45adb Yufeng Mo 2019-10-08 2937
6430f744a45adb Yufeng Mo 2019-10-08 2938 return 0;
6430f744a45adb Yufeng Mo 2019-10-08 2939 }
6430f744a45adb Yufeng Mo 2019-10-08 2940
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 65317 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV
2020-08-21 1:16 [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Carolyn Wyborny
2020-08-21 1:17 ` [RFC PATCH net-next 1/2] net: Implement granular VF trust flags Carolyn Wyborny
2020-08-21 1:18 ` [RFC PATCH net-next 2/2] igb: " Carolyn Wyborny
@ 2020-08-25 16:31 ` Shannon Nelson
2020-08-26 22:23 ` Wyborny, Carolyn
2 siblings, 1 reply; 7+ messages in thread
From: Shannon Nelson @ 2020-08-25 16:31 UTC (permalink / raw)
To: Carolyn Wyborny, netdev; +Cc: davem, kuba, jesse.brandeburg, tom.herbert
On 8/20/20 6:16 PM, Carolyn Wyborny wrote:
> Proposal for Granular VF Trust Flags for SR-IOV
>
> I would like to propose extending the concept of VF trust in a more
> granular way by creating VF trust flags. VF Trust Flags would allow more
> flexibility in assigning privileges to VF's administratively in SR-IOV.
> Users are asking for more configuration to be available in the VF.
> Features for one use case like a firewall are not always wanted in a
> different type of privilegd VF. If a base set of generic privileges could be
> configured in a more granular way, they can be combined in a more flexible
> way by the user.
>
> The implementation would do this by by adding a new iflattribute for trust
> flags which defines the flags in an nla_bitfield32. The changes `would
> also include changes to .ndo_set_vf_trust parameters, different or converted
> settings in .ndo_get_vf_config, kernel validation of the trust flags and
> driver changes for those that implement .ndo_set_vf_trust. There will also
> be changes proposed for ip link in the iproute2 toolset.
>
> This patchset provides an example implementation that is not complete.
> It does not include the full validation of the feature flags in the kernel,
> all the helper macros likely needed for the trust flags nor all the driver
> changes needed. It also needs a method for advertising supported privileges
> and validation to ensure unsupported privileges are not being set.
> It does have a simple example driver implementation in igb. The full
> patchset will include all these things.
>
> I'd like to start the discussion about the general idea and then begin the
> dicussion about a base set of VF privleges that would be generic across the
> device vendors.
>
> ---
Hi Carolyn, thanks for sending this out, and for your presentation at
NetDev last week. Here are some initial thoughts and questions I had to
get the discussion going.
Would this ever need to be extended to the sub-function devices (sf)
that some devlink threads are discussing?
What would the user-land side of this look like? Would this be an
extension of the existing ip link set dev <pf> vf <vfid> <attr>
<value>? How would these attributes be named?
Will enabling the legacy trust include trusting all current and future
trust items, or should it be limited to the current set? If limited,
then you might add a macro for VF_TRUST_F_ALL_LEGACY. Not sure whether
or not this would be a good thing.
Instead of SPFCHK_DIS or "spoofchk_disable" - can we get replace the
reverse logic and rename these?
Permission bits might be needed for allowing RSS configuration and
bandwidth limits.
Will there need to be more granularity around the Advanced Flow
configuration abilities?
Should there be permission bits for changing settings found in
ethtool-based settings like link-ksettings, coalesce, pause, speed, etc?
How can we guide/manage this to be sure we don't end up with vendors
pushing device specific permission bits or feature enabling bits rather
than generic permissions?
Do we really need a typedef for vf_trust_flags_t, or can we keep with a
simple type?
Cheers,
sln
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV
2020-08-25 16:31 ` [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Shannon Nelson
@ 2020-08-26 22:23 ` Wyborny, Carolyn
0 siblings, 0 replies; 7+ messages in thread
From: Wyborny, Carolyn @ 2020-08-26 22:23 UTC (permalink / raw)
To: Shannon Nelson, netdev; +Cc: davem, kuba, Brandeburg, Jesse, Herbert, Tom
> -----Original Message-----
> From: Shannon Nelson <snelson@pensando.io>
> Sent: Tuesday, August 25, 2020 9:32 AM
> To: Wyborny, Carolyn <carolyn.wyborny@intel.com>;
> netdev@vger.kernel.org
> Cc: davem@davemloft.net; kuba@kernel.org; Brandeburg, Jesse
> <jesse.brandeburg@intel.com>; Herbert, Tom <tom.herbert@intel.com>
> Subject: Re: [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV
>
>
>
> On 8/20/20 6:16 PM, Carolyn Wyborny wrote:
> > Proposal for Granular VF Trust Flags for SR-IOV
> >
> > I would like to propose extending the concept of VF trust in a more
> > granular way by creating VF trust flags. VF Trust Flags would allow more
> > flexibility in assigning privileges to VF's administratively in SR-IOV.
> > Users are asking for more configuration to be available in the VF.
> > Features for one use case like a firewall are not always wanted in a
> > different type of privilegd VF. If a base set of generic privileges could be
> > configured in a more granular way, they can be combined in a more flexible
> > way by the user.
> >
> > The implementation would do this by by adding a new iflattribute for trust
> > flags which defines the flags in an nla_bitfield32. The changes `would
> > also include changes to .ndo_set_vf_trust parameters, different or
> converted
> > settings in .ndo_get_vf_config, kernel validation of the trust flags and
> > driver changes for those that implement .ndo_set_vf_trust. There will also
> > be changes proposed for ip link in the iproute2 toolset.
> >
> > This patchset provides an example implementation that is not complete.
> > It does not include the full validation of the feature flags in the kernel,
> > all the helper macros likely needed for the trust flags nor all the driver
> > changes needed. It also needs a method for advertising supported
> privileges
> > and validation to ensure unsupported privileges are not being set.
> > It does have a simple example driver implementation in igb. The full
> > patchset will include all these things.
> >
> > I'd like to start the discussion about the general idea and then begin the
> > dicussion about a base set of VF privleges that would be generic across the
> > device vendors.
> >
> > ---
>
> Hi Carolyn, thanks for sending this out, and for your presentation at
> NetDev last week. Here are some initial thoughts and questions I had to
> get the discussion going.
>
> Would this ever need to be extended to the sub-function devices (sf)
> that some devlink threads are discussing?
Thanks Shannon,
Yes, in some form but IIUC, subfunctions are not SR-IOV and I'm not exactly sure of the interaction between them. I realize that orchestration software also has this concept of trust/privilege but its handled at a higher layer than SR-IOV. So, while this proposal is a narrow focus on SR-IOV specifically, I think this is a good question. Perhaps an overall security model should be detailed or defined where there are gaps that shows the pieces and how they go together.
>
> What would the user-land side of this look like? Would this be an
> extension of the existing ip link set dev <pf> vf <vfid> <attr>
> <value>? How would these attributes be named?
Yes, I was thinking ip link set <pf> vf <vfid> trust val <val>, but am open to better ideas.
>
> Will enabling the legacy trust include trusting all current and future
> trust items, or should it be limited to the current set? If limited,
> then you might add a macro for VF_TRUST_F_ALL_LEGACY. Not sure
> whether
> or not this would be a good thing.
My initial thinking was that current tools would use the flags, even if its legacy trust and the providing of legacy trust functionality would be done at the driver side. Anything using the old nla_vf_trust attribute would need the correct handling in the drivers to provide what looks like legacy trust. Also, any trust flag set, would cause the old trust setting to be configured in order to provide the needed backwards compatibility.
>
> Instead of SPFCHK_DIS or "spoofchk_disable" - can we get replace the
> reverse logic and rename these?
So, this is intended for the privilege to disable the spoofchk feature. It’s a security feature that's enabled by default. I'm open to renaming though. What do you think would be better?
>
> Permission bits might be needed for allowing RSS configuration and
> bandwidth limits.
Yes, as Srijeet mentioned. Can add two for RSS config and bandwidth on the next submission.
>
> Will there need to be more granularity around the Advanced Flow
> configuration abilities?
This is a good question and after looking around at the other driver's use of the original trust feature, I wasn't sure if we need just one flag here or more. What would you suggest from your device perspective?
>
> Should there be permission bits for changing settings found in
> ethtool-based settings like link-ksettings, coalesce, pause, speed, etc?
I think once we have this privilege scheme implemented, it might make sense to consider this. This brings up another potential policy question around VF's knowing their configuration or not. I would prefer to allow admin's to make policy decisions but in a virtualized world there are two layers of admin. Maybe its best to support both models.
>
> How can we guide/manage this to be sure we don't end up with vendors
> pushing device specific permission bits or feature enabling bits rather
> than generic permissions?
I was hoping that the kernel submission process would genericize them flags by default, but perhaps that optimistic. Is there another feature or system that has solved this potential problem or do we keep creating it for ourselves?
>
> Do we really need a typedef for vf_trust_flags_t, or can we keep with a
> simple type?
Possibly not, I'm open to design suggestions. I think the bitfield ops and helpers are the more important things to implement well.
Thanks,
Carolyn
>
> Cheers,
> sln
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-08-26 22:23 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-21 1:16 [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Carolyn Wyborny
2020-08-21 1:17 ` [RFC PATCH net-next 1/2] net: Implement granular VF trust flags Carolyn Wyborny
2020-08-21 3:35 ` kernel test robot
2020-08-21 3:56 ` kernel test robot
2020-08-21 1:18 ` [RFC PATCH net-next 2/2] igb: " Carolyn Wyborny
2020-08-25 16:31 ` [RFC PATCH net-next 0/2] Granular VF Trust Flags for SR-IOV Shannon Nelson
2020-08-26 22:23 ` Wyborny, Carolyn
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.