From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hiroshi Shimamoto Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF Date: Mon, 15 Jun 2015 10:39:37 +0000 Message-ID: <7F861DC0615E0C47A872E6F3C5FCDDBD05EDEF30@BPXM14GP.gisp.nec.co.jp> References: <7F861DC0615E0C47A872E6F3C5FCDDBD05EB28F4@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB3B4A@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB4EE6@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB8A65@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB9DA7@BPXM14GP.gisp.nec.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Cc: "nhorman@redhat.com" , "jogreene@redhat.com" , Linux Netdev List , "Choi, Sy Jong" , Rony Efraim , "David Miller" , Edward Cree , Or Gerlitz , "sassmann@redhat.com" To: "Skidmore, Donald C" , "Rose, Gregory V" , "Kirsher, Jeffrey T" , "intel-wired-lan@lists.osuosl.org" Return-path: Received: from TYO202.gate.nec.co.jp ([210.143.35.52]:41436 "EHLO tyo202.gate.nec.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753374AbbFOKpH (ORCPT ); Mon, 15 Jun 2015 06:45:07 -0400 In-Reply-To: Content-Language: ja-JP Sender: netdev-owner@vger.kernel.org List-ID: PiA+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+ID4gRnJvbTogUm9zZSwgR3JlZ29yeSBW DQo+ID4gU2VudDogVHVlc2RheSwgTWF5IDI2LCAyMDE1IDc6MDEgUE0NCj4gPiBUbzogSGlyb3No aSBTaGltYW1vdG87IFNraWRtb3JlLCBEb25hbGQgQzsgS2lyc2hlciwgSmVmZnJleSBUOyBpbnRl bC13aXJlZC0NCj4gPiBsYW5AbGlzdHMub3N1b3NsLm9yZw0KPiA+IENjOiBuaG9ybWFuQHJlZGhh dC5jb207IGpvZ3JlZW5lQHJlZGhhdC5jb207IExpbnV4IE5ldGRldiBMaXN0OyBDaG9pLA0KPiA+ IFN5IEpvbmc7IFJvbnkgRWZyYWltOyBEYXZpZCBNaWxsZXI7IEVkd2FyZCBDcmVlOyBPciBHZXJs aXR6Ow0KPiA+IHNhc3NtYW5uQHJlZGhhdC5jb20NCj4gPiBTdWJqZWN0OiBSRTogW1BBVENIIHY1 IDMvM10gaXhnYmU6IEFkZCBuZXcgbmRvIHRvIHRydXN0IFZGDQo+ID4NCj4gPg0KPiA+ID4gLS0t LS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gPiA+IEZyb206IEhpcm9zaGkgU2hpbWFtb3RvIFtt YWlsdG86aC1zaGltYW1vdG9AY3QuanAubmVjLmNvbV0NCj4gPiA+IFNlbnQ6IFR1ZXNkYXksIE1h eSAyNiwgMjAxNSA1OjI4IFBNDQo+ID4gPiBUbzogUm9zZSwgR3JlZ29yeSBWOyBTa2lkbW9yZSwg RG9uYWxkIEM7IEtpcnNoZXIsIEplZmZyZXkgVDsNCj4gPiA+IGludGVsLXdpcmVkLSBsYW5AbGlz dHMub3N1b3NsLm9yZw0KPiA+ID4gQ2M6IG5ob3JtYW5AcmVkaGF0LmNvbTsgam9ncmVlbmVAcmVk aGF0LmNvbTsgTGludXggTmV0ZGV2IExpc3Q7IENob2ksDQo+ID4gPiBTeSBKb25nOyBSb255IEVm cmFpbTsgRGF2aWQgTWlsbGVyOyBFZHdhcmQgQ3JlZTsgT3IgR2VybGl0ejsNCj4gPiA+IHNhc3Nt YW5uQHJlZGhhdC5jb20NCj4gPiA+IFN1YmplY3Q6IFJFOiBbUEFUQ0ggdjUgMy8zXSBpeGdiZTog QWRkIG5ldyBuZG8gdG8gdHJ1c3QgVkYNCj4gPiA+DQo+ID4gPiA+ID4gLS0tLS1PcmlnaW5hbCBN ZXNzYWdlLS0tLS0NCj4gPiA+ID4gPiBGcm9tOiBTa2lkbW9yZSwgRG9uYWxkIEMNCj4gPiA+ID4g PiBTZW50OiBUdWVzZGF5LCBNYXkgMjYsIDIwMTUgMTA6NDYgQU0NCj4gPiA+ID4gPiBUbzogSGly b3NoaSBTaGltYW1vdG87IFJvc2UsIEdyZWdvcnkgVjsgS2lyc2hlciwgSmVmZnJleSBUOw0KPiA+ ID4gPiA+IGludGVsLXdpcmVkLSBsYW5AbGlzdHMub3N1b3NsLm9yZw0KPiA+ID4gPiA+IENjOiBu aG9ybWFuQHJlZGhhdC5jb207IGpvZ3JlZW5lQHJlZGhhdC5jb207IExpbnV4IE5ldGRldiBMaXN0 Ow0KPiA+ID4gPiA+IENob2ksIFN5IEpvbmc7IFJvbnkgRWZyYWltOyBEYXZpZCBNaWxsZXI7IEVk d2FyZCBDcmVlOyBPciBHZXJsaXR6Ow0KPiA+ID4gPiA+IHNhc3NtYW5uQHJlZGhhdC5jb20NCj4g PiA+ID4gPiBTdWJqZWN0OiBSRTogW1BBVENIIHY1IDMvM10gaXhnYmU6IEFkZCBuZXcgbmRvIHRv IHRydXN0IFZGDQo+ID4gPiA+ID4NCj4gPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPiBbc25pcF0N Cj4gPiA+ID4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS0NCj4gPiA+ID4gPiA+IEZyb206IEhpcm9zaGkgU2hpbWFtb3RvIFttYWlsdG86aC1zaGltYW1v dG9AY3QuanAubmVjLmNvbV0NCj4gPiA+ID4gPiA+IFNlbnQ6IE1vbmRheSwgTWF5IDI1LCAyMDE1 IDY6MDAgUE0NCj4gPiA+ID4gPiA+IFRvOiBTa2lkbW9yZSwgRG9uYWxkIEM7IFJvc2UsIEdyZWdv cnkgVjsgS2lyc2hlciwgSmVmZnJleSBUOw0KPiA+ID4gPiA+ID4gaW50ZWwtd2lyZWQtIGxhbkBs aXN0cy5vc3Vvc2wub3JnDQo+ID4gPiA+ID4gPiBDYzogbmhvcm1hbkByZWRoYXQuY29tOyBqb2dy ZWVuZUByZWRoYXQuY29tOyBMaW51eCBOZXRkZXYgTGlzdDsNCj4gPiA+ID4gPiA+IENob2ksIFN5 IEpvbmc7IFJvbnkgRWZyYWltOyBEYXZpZCBNaWxsZXI7IEVkd2FyZCBDcmVlOyBPcg0KPiA+ID4g PiA+ID4gR2VybGl0ejsgc2Fzc21hbm5AcmVkaGF0LmNvbQ0KPiA+ID4gPiA+ID4gU3ViamVjdDog UkU6IFtQQVRDSCB2NSAzLzNdIGl4Z2JlOiBBZGQgbmV3IG5kbyB0byB0cnVzdCBWRg0KPiA+ID4g PiA+ID4NCj4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPiBEbyB5b3UgbWVhbiB0aGF0IFZGIHNob3Vs ZCBjYXJlIGFib3V0IGl0IGlzIHRydXN0ZWQgb3Igbm90Pw0KPiA+ID4gPiA+ID4gU2hvdWxkIFZG IHJlcXVlc3QgTUMgUHJvbWlzYyBhZ2FpbiB3aGVuIGl0J3MgdHJ1c3RlZD8NCj4gPiA+ID4gPiA+ IE9yLCBkbyB5b3UgbWVhbiBWRiBuZXZlciBiZSB0cnVzdGVkIGR1cmluZyBpdHMgKG9yIFZNJ3Mp IGxpZmV0aW1lPw0KPiA+ID4gPiA+DQo+ID4gPiA+ID4gSSB0aGluayB0aGUgVkYgc2hvdWxkbid0 IGRpcmVjdGx5IGtub3cgd2hldGhlciBpdCBpcyB0cnVzdGVkIG9yDQo+ID4gPiA+ID4gbm90DQo+ ID4gPiA+DQo+ID4gPiA+IFRoYXQncyBjb21wbGV0ZWx5IGlycmV2ZWxhbnQuICBUaGUgcGVyc29u IGFkbWluaXN0ZXJpbmcgdGhlIFBGIHdpbGwNCj4gPiA+ID4gYmUgdGhlIHBlcnNvbiB3aG8gcHJv dmlkZWQgdHJ1c3RlZCBwcml2aWxlZ2VzIHRvIHRoZSBWRi4gIEhlJ2xsIHRoZW4NCj4gPiA+ID4g KnRlbGwqIG9yIHNvbWVob3cgb3RoZXIgY29tbXVuaWNhdGUgdG8gdGhlIHBlcnNvbiBhZG1pbmlz dGVyaW5nIHRoZQ0KPiA+ID4gPiBWRg0KPiA+ID4gKHByb2JhYmx5IGhpbXNlbGYvaGVyc2VsZikg YW5kIHRoZW4gcHJvY2VlZCB0byBleGVjdXRlIGNvbW1hbmRzIG9uDQo+ID4gPiB0aGF0IFZGIHRo YXQgcmVxdWlyZSB0cnVzdGVkIHByaXZpbGVnZXMuDQo+ID4gPiA+DQo+ID4gPiA+IElmIHRoZSBW RiBkb2VzIG5vdCBoYXZlIHRydXN0ZWQgcHJpdmlsZWdlcyB0aGVuIHRoZSBjb21tYW5kcyB0byBh ZGQNCj4gPiA+ID4gVkxBTiBmaWx0ZXJzLCBzZXQgcHJvbWlzY3VvdXMgbW9kZXMsIGFuZCBhbnkg b3RoZXIgcHJpdmlsZWdlZA0KPiA+ID4gPiBjb21tYW5kcw0KPiA+ID4gd2lsbCBmYWlsLg0KPiA+ ID4gPg0KPiA+ID4gPiBMZXQncyBub3QgZ2V0IHRvbyBmYW5jeSB3aXRoIHRoaXMuICBJdCdzIHNp bXBsZSAtIHRoZSBob3N0IFZNTSBhZG1pbg0KPiA+ID4gPiBwcm92aWRlcyB0cnVzdGVkIHByaXZp bGVnZXMgdG8gdGhlIFZGLiAgVGhlIHBlcnNvbiBhZG1pbmlzdGVyaW5nIHRoZQ0KPiA+ID4gPiBW RiAoaWYgaW4gZmFjdCBpdCBpcyBub3QgdGhlIHNhbWUgcGVyc29uLCBpdCB1c3VhbGx5IHdpbGwg YmUpIHdpbGwNCj4gPiA+IHByb2NlZWQgdG8gZG8gdGhpbmdzIHRoYXQgcmVxdWlyZSBWRiB0cnVz dGVkIHByaXZpbGVnZXMuDQo+ID4gPg0KPiA+ID4gTm93IEkgdGhpbmsgdGhhdCBpdCdzIGJldHRl ciB0byBoYXZlIGFuIGludGVyZmFjZSBiZXR3ZWVuIFBGIGFuZCBWRiB0bw0KPiA+ID4ga25vdyB0 aGUgVkYgaXMgdHJ1c3RlZC4NCj4gPiA+IE90aGVyd2lzZSBWTSBjYW5ub3Qga25vdyB3aGV0aGVy IGl0cyBWRiBpcyB0cnVzdGVkLCB0aGF0IHByZXZlbnRzDQo+ID4gPiBhdXRvbWF0aWMgb3BlcmF0 aW9ucy4NCj4gPg0KPiA+IEFncmVlZCwgaXQgd291bGQgYmUgc2lsbHkgZm9yIHRoZSBWRiB0byBo YXZlIHByaXZpbGVnZXMgYnV0IG5vdCBrbm93IHRoYXQgaXQgY2FuDQo+ID4gdXNlIHRoZW0hDQo+ ID4NCj4gPiA+IE9yIGFkZCBhbm90aGVyIGNvbW11bmljYXRpbmcgaW50ZXJmYWNlIG91dHNpZGUg b2YgaXhnYmUgUEYtVkYgbWJveCBBUEk/DQo+ID4NCj4gPiBXZSBjYW4ndCBkZXBlbmQgb24gYW55 IGdpdmVuIHZlbmRvciBzcGVjaWZpYyBpbnRlcmZhY2UuICBJJ2QgYWRkIGEgdmVyeSBjbGVhcg0K PiA+IGNvbW1lbnQgaW4gdGhlIFBoeXNpY2FsIEZ1bmN0aW9uIG5kbyBvcCB0aGF0IGdpdmVzIGEg VkYgdHJ1c3RlZCBwcml2aWxlZ2VzDQo+ID4gdGhhdCBpdCBpcyB1cCB0byB0aGUgZHJpdmVyIHRv IG5vdGlmeSB0aGUgVkYgZHJpdmVyLiAgQnV0IHllcywgaW4gdGhlIGNhc2Ugb2YgSW50ZWwNCj4g PiBkcml2ZXJzIHRoZSBtYWlsYm94IG9yIGFkbWluIHF1ZXVlIChmb3IgaTQwZSkgd291bGQgYmUg dGhlIG1lY2hhbmlzbSB0byBkbw0KPiA+IHRoYXQuICBJIGtub3cgeW91IGhhdmUgc29tZSBpeGdi ZSBwYXRjaGVzIHRoYXQgY29pbmNpZGUgd2l0aCB0aGlzIHBhdGNoIHNvDQo+ID4gdGhhdCdzIGEg Z29vZCBwbGFjZSB0byBsb29rLg0KPiA+DQo+IA0KPiBOb3cgd2h5IEkgYW0gbm90IGFnYWluc3Qg dGhpcyAoVkYga25vd2luZyBpdCBpcyAidHJ1c3RlZCIpIGhhcHBlbmluZyBJIGRvbid0IHNlZSB0 aGUgbmVlZCBmb3IgaXQgZWl0aGVyLiAgSSBiZWxpZXZlIHRoZQ0KPiBzYW1lIGNvdWxkIGJlIGFj Y29tcGxpc2hlZCBieSBhbGxvd2luZyB0aGUgUEYgdG8gYXNrIGZvciB3aGF0ZXZlciBjb25maWd1 cmF0aW9uIGl0IHdhbnRzIGFuZCBzb21lIHJlcXVlc3RzIHdpbGwgbm90IGJlDQo+IGdyYW50ZWQg YnkgdGhlIFBGIHVubGVzcyB0aGUgVkYgaXMgdHJ1c3RlZC4gIEdpdmVuLCB0aGlzIG1heSByZXF1 aXJlIGFuIGV4dGVuc2lvbiBvZiB0aGUgbWFpbGJveCBtZXNzYWdlcyB0byBhbGxvdyBmb3INCj4g TkFLJ3MgdG8gbWFrZSBpdCBjbGVhciB0byB0aGUgVkYgdGhlIHJlcXVlc3Qgd2Fzbid0IGdyYW50 ZWQuDQo+IA0KPiBIb3dldmVyIGxpa2UgR3JlZyBtZW50aW9ucyBhYm92ZSB0aGlzIG5lZWQgbm90 IGJlIHJlcXVpcmVtZW50LCBkaWZmZXJlbnQgZHJpdmVycyBjb3VsZCBpbXBsZW1lbnQgdGhpcyB3 YXkgb3Igbm90Lg0KPiANCg0KTm93IEknbSBwcmVwYXJpbmcgYSBwYXRjaHNldCB0byBoYW5kbGUg YW4gZXJyb3IgYWdhaW5zdCBWRiBNQyBwcm9taXNjIHJlcXVlc3QuDQpJJ20gbm90IHN1cmUgdGhh dCB3aGljaCBpcyBiZXR0ZXIgdG8gaGF2ZSBuZXcgbWFpbGJveCBBUEkgd2hpY2ggaW5kaWNhdGVz IFZGIGlzIHRydXN0ZWQuDQoNCkkgbWFkZSBhIHBhdGNoc2V0IHdoaWNoIGRvZXNuJ3QgYWRkIG5l dyBBUEkgYnV0IGhhbmRsZXMgZXJyb3IgYWdhaW5zdCBWRiBNQyBwcm9taXNjIHJlcXVlc3QuDQpX aWxsIHN1Ym1pdCBpdC4NCg0KdGhhbmtzLA0KSGlyb3NoaQ0K From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hiroshi Shimamoto Date: Mon, 15 Jun 2015 10:39:37 +0000 Subject: [Intel-wired-lan] [PATCH v5 3/3] ixgbe: Add new ndo to trust VF In-Reply-To: References: <7F861DC0615E0C47A872E6F3C5FCDDBD05EB28F4@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB3B4A@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB4EE6@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB8A65@BPXM14GP.gisp.nec.co.jp> <7F861DC0615E0C47A872E6F3C5FCDDBD05EB9DA7@BPXM14GP.gisp.nec.co.jp> Message-ID: <7F861DC0615E0C47A872E6F3C5FCDDBD05EDEF30@BPXM14GP.gisp.nec.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: intel-wired-lan@osuosl.org List-ID: > > -----Original Message----- > > From: Rose, Gregory V > > Sent: Tuesday, May 26, 2015 7:01 PM > > To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired- > > lan at lists.osuosl.org > > Cc: nhorman at redhat.com; jogreene at redhat.com; Linux Netdev List; Choi, > > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > sassmann at redhat.com > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > -----Original Message----- > > > From: Hiroshi Shimamoto [mailto:h-shimamoto at ct.jp.nec.com] > > > Sent: Tuesday, May 26, 2015 5:28 PM > > > To: Rose, Gregory V; Skidmore, Donald C; Kirsher, Jeffrey T; > > > intel-wired- lan at lists.osuosl.org > > > Cc: nhorman at redhat.com; jogreene at redhat.com; Linux Netdev List; Choi, > > > Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > > sassmann at redhat.com > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > -----Original Message----- > > > > > From: Skidmore, Donald C > > > > > Sent: Tuesday, May 26, 2015 10:46 AM > > > > > To: Hiroshi Shimamoto; Rose, Gregory V; Kirsher, Jeffrey T; > > > > > intel-wired- lan at lists.osuosl.org > > > > > Cc: nhorman at redhat.com; jogreene at redhat.com; Linux Netdev List; > > > > > Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or Gerlitz; > > > > > sassmann at redhat.com > > > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > > > > > > > > > > > [snip] > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Hiroshi Shimamoto [mailto:h-shimamoto at ct.jp.nec.com] > > > > > > Sent: Monday, May 25, 2015 6:00 PM > > > > > > To: Skidmore, Donald C; Rose, Gregory V; Kirsher, Jeffrey T; > > > > > > intel-wired- lan at lists.osuosl.org > > > > > > Cc: nhorman at redhat.com; jogreene at redhat.com; Linux Netdev List; > > > > > > Choi, Sy Jong; Rony Efraim; David Miller; Edward Cree; Or > > > > > > Gerlitz; sassmann at redhat.com > > > > > > Subject: RE: [PATCH v5 3/3] ixgbe: Add new ndo to trust VF > > > > > > > > > > > > > > > > > > Do you mean that VF should care about it is trusted or not? > > > > > > Should VF request MC Promisc again when it's trusted? > > > > > > Or, do you mean VF never be trusted during its (or VM's) lifetime? > > > > > > > > > > I think the VF shouldn't directly know whether it is trusted or > > > > > not > > > > > > > > That's completely irrevelant. The person administering the PF will > > > > be the person who provided trusted privileges to the VF. He'll then > > > > *tell* or somehow other communicate to the person administering the > > > > VF > > > (probably himself/herself) and then proceed to execute commands on > > > that VF that require trusted privileges. > > > > > > > > If the VF does not have trusted privileges then the commands to add > > > > VLAN filters, set promiscuous modes, and any other privileged > > > > commands > > > will fail. > > > > > > > > Let's not get too fancy with this. It's simple - the host VMM admin > > > > provides trusted privileges to the VF. The person administering the > > > > VF (if in fact it is not the same person, it usually will be) will > > > proceed to do things that require VF trusted privileges. > > > > > > Now I think that it's better to have an interface between PF and VF to > > > know the VF is trusted. > > > Otherwise VM cannot know whether its VF is trusted, that prevents > > > automatic operations. > > > > Agreed, it would be silly for the VF to have privileges but not know that it can > > use them! > > > > > Or add another communicating interface outside of ixgbe PF-VF mbox API? > > > > We can't depend on any given vendor specific interface. I'd add a very clear > > comment in the Physical Function ndo op that gives a VF trusted privileges > > that it is up to the driver to notify the VF driver. But yes, in the case of Intel > > drivers the mailbox or admin queue (for i40e) would be the mechanism to do > > that. I know you have some ixgbe patches that coincide with this patch so > > that's a good place to look. > > > > Now why I am not against this (VF knowing it is "trusted") happening I don't see the need for it either. I believe the > same could be accomplished by allowing the PF to ask for whatever configuration it wants and some requests will not be > granted by the PF unless the VF is trusted. Given, this may require an extension of the mailbox messages to allow for > NAK's to make it clear to the VF the request wasn't granted. > > However like Greg mentions above this need not be requirement, different drivers could implement this way or not. > Now I'm preparing a patchset to handle an error against VF MC promisc request. I'm not sure that which is better to have new mailbox API which indicates VF is trusted. I made a patchset which doesn't add new API but handles error against VF MC promisc request. Will submit it. thanks, Hiroshi