* [dpdk-dev] [DPDK v2] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
@ 2019-12-09 17:23 ` taox.zhu
2020-01-14 19:43 ` [dpdk-dev] [PATCH v3] " taox.zhu
` (5 subsequent siblings)
6 siblings, 0 replies; 12+ messages in thread
From: taox.zhu @ 2019-12-09 17:23 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
This patch adds a handler for malicious driver detection event.
We just gave a warning log and a statistical count on the PF.
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 ++
drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 93 insertions(+), 2 deletions(-)
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index 38acf5906..539ea5c57 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 0eaa45a76..5f39006a4 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -56,6 +56,10 @@ New Features
Also, make sure to start the actual text at the margin.
=========================================================
+* **Updated the Intel i40e driver.**
+
+ Added PF support Malicious Device Drive event catch and notify.
+
Removed Items
-------------
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 5999c964b..a66069b48 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index 295ad593b..b14521017 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* [dpdk-dev] [PATCH v3] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
2019-12-09 17:23 ` [dpdk-dev] [DPDK v2] " taox.zhu
@ 2020-01-14 19:43 ` taox.zhu
2020-01-14 11:06 ` Yang, Qiming
2020-01-15 18:47 ` [dpdk-dev] [PATCH v4] " taox.zhu
` (4 subsequent siblings)
6 siblings, 1 reply; 12+ messages in thread
From: taox.zhu @ 2020-01-14 19:43 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, qiming.yang, xiaolong.ye, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
add warning and counter to handle the maliciouse driver detection
event.
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 ++
drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 93 insertions(+), 2 deletions(-)
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index 38acf5906..539ea5c57 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 0eaa45a76..5f39006a4 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -56,6 +56,10 @@ New Features
Also, make sure to start the actual text at the margin.
=========================================================
+* **Updated the Intel i40e driver.**
+
+ Added PF support Malicious Device Drive event catch and notify.
+
Removed Items
-------------
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index 5999c964b..a66069b48 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index 295ad593b..b14521017 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: [dpdk-dev] [PATCH v3] net/i40e: add PF MDD event handler
2020-01-14 19:43 ` [dpdk-dev] [PATCH v3] " taox.zhu
@ 2020-01-14 11:06 ` Yang, Qiming
0 siblings, 0 replies; 12+ messages in thread
From: Yang, Qiming @ 2020-01-14 11:06 UTC (permalink / raw)
To: Zhu, TaoX, Xing, Beilei, Zhang, Qi Z; +Cc: dev, Ye, Xiaolong
> -----Original Message-----
> From: Zhu, TaoX <taox.zhu@intel.com>
> Sent: Wednesday, January 15, 2020 3:43 AM
> To: Xing, Beilei <beilei.xing@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>
> Cc: dev@dpdk.org; Yang, Qiming <qiming.yang@intel.com>; Ye, Xiaolong
> <xiaolong.ye@intel.com>; Zhu, TaoX <taox.zhu@intel.com>
> Subject: [PATCH v3] net/i40e: add PF MDD event handler
>
> From: Zhu Tao <taox.zhu@intel.com>
>
> add warning and counter to handle the maliciouse driver detection event.
Add/add
Acked-by: Qiming Yang <qiming.yang@intel.com>
>
> Signed-off-by: Zhu Tao <taox.zhu@intel.com>
> ---
> doc/guides/nics/i40e.rst | 1 +
> doc/guides/rel_notes/release_20_02.rst | 4 ++
> drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
> drivers/net/i40e/i40e_ethdev.h | 1 +
> 4 files changed, 93 insertions(+), 2 deletions(-)
>
> diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst index
> 38acf5906..539ea5c57 100644
> --- a/doc/guides/nics/i40e.rst
> +++ b/doc/guides/nics/i40e.rst
> @@ -43,6 +43,7 @@ Features of the i40e PMD are:
> - Dynamic Device Personalization (DDP)
> - Queue region configuration
> - Virtual Function Port Representors
> +- Malicious Device Drive event catch and notify
>
> Prerequisites
> -------------
> diff --git a/doc/guides/rel_notes/release_20_02.rst
> b/doc/guides/rel_notes/release_20_02.rst
> index 0eaa45a76..5f39006a4 100644
> --- a/doc/guides/rel_notes/release_20_02.rst
> +++ b/doc/guides/rel_notes/release_20_02.rst
> @@ -56,6 +56,10 @@ New Features
> Also, make sure to start the actual text at the margin.
> =========================================================
>
> +* **Updated the Intel i40e driver.**
> +
> + Added PF support Malicious Device Drive event catch and notify.
> +
>
> Removed Items
> -------------
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 5999c964b..a66069b48 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
> rte_free(info.msg_buf);
> }
>
> +static void
> +i40e_handle_mdd_event(struct rte_eth_dev *dev) {
> + struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data-
> >dev_private);
> + struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data-
> >dev_private);
> + bool mdd_detected = false;
> + struct i40e_pf_vf *vf;
> + uint32_t reg;
> + int i;
> +
> + /* find what triggered the MDD event */
> + reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
> + if (reg & I40E_GL_MDET_TX_VALID_MASK) {
> + uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
> + I40E_GL_MDET_TX_PF_NUM_SHIFT;
> + uint16_t vf_num = (reg &
> I40E_GL_MDET_TX_VF_NUM_MASK) >>
> + I40E_GL_MDET_TX_VF_NUM_SHIFT;
> + uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
> + I40E_GL_MDET_TX_EVENT_SHIFT;
> + uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
> + I40E_GL_MDET_TX_QUEUE_SHIFT) -
> + hw->func_caps.base_queue;
> + PMD_DRV_LOG(WARNING, "Malicious Driver Detection event
> 0x%02x on TX "
> + "queue %d PF number 0x%02x VF number 0x%02x
> device %s\n",
> + event, queue, pf_num, vf_num, dev->data-
> >name);
> + I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
> + mdd_detected = true;
> + }
> + reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
> + if (reg & I40E_GL_MDET_RX_VALID_MASK) {
> + uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
> + I40E_GL_MDET_RX_FUNCTION_SHIFT;
> + uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
> + I40E_GL_MDET_RX_EVENT_SHIFT;
> + uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
> + I40E_GL_MDET_RX_QUEUE_SHIFT) -
> + hw->func_caps.base_queue;
> +
> + PMD_DRV_LOG(WARNING, "Malicious Driver Detection event
> 0x%02x on RX "
> + "queue %d of function 0x%02x device %s\n",
> + event, queue, func, dev->data->name);
> + I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
> + mdd_detected = true;
> + }
> +
> + if (mdd_detected) {
> + reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
> + if (reg & I40E_PF_MDET_TX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
> + PMD_DRV_LOG(WARNING, "TX driver issue detected on
> PF\n");
> + }
> + reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
> + if (reg & I40E_PF_MDET_RX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
> + PMD_DRV_LOG(WARNING, "RX driver issue detected
> on PF\n");
> + }
> + }
> +
> + /* see if one of the VFs needs its hand slapped */
> + for (i = 0; i < pf->vf_num && mdd_detected; i++) {
> + vf = &pf->vfs[i];
> + reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
> + if (reg & I40E_VP_MDET_TX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
> + vf->num_mdd_events++;
> + PMD_DRV_LOG(WARNING, "TX driver issue detected on
> VF %d %-"
> + PRIu64 "times\n",
> + i, vf->num_mdd_events);
> + }
> +
> + reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
> + if (reg & I40E_VP_MDET_RX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
> + vf->num_mdd_events++;
> + PMD_DRV_LOG(WARNING, "RX driver issue detected
> on VF %d %-"
> + PRIu64 "times\n",
> + i, vf->num_mdd_events);
> + }
> + }
> +}
> +
> /**
> * Interrupt handler triggered by NIC for handling
> * specific interrupt.
> @@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
> }
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
> - if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
> + if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
> + i40e_handle_mdd_event(dev);
> + }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
> @@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
> goto done;
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
> - if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
> + if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
> + i40e_handle_mdd_event(dev);
> + }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
> diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
> index 295ad593b..b14521017 100644
> --- a/drivers/net/i40e/i40e_ethdev.h
> +++ b/drivers/net/i40e/i40e_ethdev.h
> @@ -426,6 +426,7 @@ struct i40e_pf_vf {
> /* version of the virtchnl from VF */
> struct virtchnl_version_info version;
> uint32_t request_caps; /* offload caps requested from VF */
> + uint64_t num_mdd_events; /* num of mdd events detected */
>
> /*
> * Variables for store the arrival timestamp of VF messages.
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev] [PATCH v4] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
2019-12-09 17:23 ` [dpdk-dev] [DPDK v2] " taox.zhu
2020-01-14 19:43 ` [dpdk-dev] [PATCH v3] " taox.zhu
@ 2020-01-15 18:47 ` taox.zhu
2020-01-16 2:38 ` Ye Xiaolong
2020-01-16 12:08 ` [dpdk-dev] [PATCH v5] " taox.zhu
` (3 subsequent siblings)
6 siblings, 1 reply; 12+ messages in thread
From: taox.zhu @ 2020-01-15 18:47 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, qiming.yang, xiaolong.ye, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
add warning and counter to handle the maliciouse
driver detection event.
update doc/guides/nics/i40e.rst
update doc/guides/rel_notes/release_20_02.rst
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 +-
drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 92 insertions(+), 3 deletions(-)
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index c7c34b62f..2bf11e8ca 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 1e83e659a..a39f22221 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -66,11 +66,13 @@ New Features
* Added support for RSS using L3/L4 source/destination only.
-* **Updated i40e driver to support L2TPv3 over IP flows.**
+* **Updated i40e driver.**
Updated the i40e PMD to support L2TPv3 over IP profiles which can be
programmed by the dynamic device personalization (DDP) process.
+ Added PF support Malicious Device Drive event catch and notify.
+
* **Updated testpmd to support L2TPv3 over IP flows.**
Added support for L2TPv3 over IP rte_flow patterns to the testpmd
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index afb6f554b..95bfed4d9 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index bba2b83b4..370e6298f 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: [dpdk-dev] [PATCH v4] net/i40e: add PF MDD event handler
2020-01-15 18:47 ` [dpdk-dev] [PATCH v4] " taox.zhu
@ 2020-01-16 2:38 ` Ye Xiaolong
0 siblings, 0 replies; 12+ messages in thread
From: Ye Xiaolong @ 2020-01-16 2:38 UTC (permalink / raw)
To: taox.zhu; +Cc: beilei.xing, qi.z.zhang, dev, qiming.yang
On 01/15, taox.zhu@intel.com wrote:
>From: Zhu Tao <taox.zhu@intel.com>
>
>add warning and counter to handle the maliciouse
>driver detection event.
Better to have more descriptions about the motivation about this patch.
>update doc/guides/nics/i40e.rst
>update doc/guides/rel_notes/release_20_02.rst
Above 2 lines are not needed.
>
>Signed-off-by: Zhu Tao <taox.zhu@intel.com>
>---
> doc/guides/nics/i40e.rst | 1 +
> doc/guides/rel_notes/release_20_02.rst | 4 +-
> drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
> drivers/net/i40e/i40e_ethdev.h | 1 +
> 4 files changed, 92 insertions(+), 3 deletions(-)
>
>diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
>index c7c34b62f..2bf11e8ca 100644
>--- a/doc/guides/nics/i40e.rst
>+++ b/doc/guides/nics/i40e.rst
>@@ -43,6 +43,7 @@ Features of the i40e PMD are:
> - Dynamic Device Personalization (DDP)
> - Queue region configuration
> - Virtual Function Port Representors
>+- Malicious Device Drive event catch and notify
>
> Prerequisites
> -------------
>diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
>index 1e83e659a..a39f22221 100644
>--- a/doc/guides/rel_notes/release_20_02.rst
>+++ b/doc/guides/rel_notes/release_20_02.rst
>@@ -66,11 +66,13 @@ New Features
>
> * Added support for RSS using L3/L4 source/destination only.
>
>-* **Updated i40e driver to support L2TPv3 over IP flows.**
>+* **Updated i40e driver.**
>
> Updated the i40e PMD to support L2TPv3 over IP profiles which can be
> programmed by the dynamic device personalization (DDP) process.
>
>+ Added PF support Malicious Device Drive event catch and notify.
>+
> * **Updated testpmd to support L2TPv3 over IP flows.**
>
> Added support for L2TPv3 over IP rte_flow patterns to the testpmd
>diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
>index afb6f554b..95bfed4d9 100644
>--- a/drivers/net/i40e/i40e_ethdev.c
>+++ b/drivers/net/i40e/i40e_ethdev.c
>@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
> rte_free(info.msg_buf);
> }
>
>+static void
>+i40e_handle_mdd_event(struct rte_eth_dev *dev)
>+{
>+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
>+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
>+ bool mdd_detected = false;
>+ struct i40e_pf_vf *vf;
>+ uint32_t reg;
>+ int i;
>+
>+ /* find what triggered the MDD event */
>+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
>+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
>+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
>+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
>+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
>+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
>+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
>+ I40E_GL_MDET_TX_EVENT_SHIFT;
>+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
>+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
>+ hw->func_caps.base_queue;
>+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
>+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
>+ event, queue, pf_num, vf_num, dev->data->name);
>+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
Use Macros for 0xffffffff and below 0xFFFF.
>+ mdd_detected = true;
>+ }
>+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
>+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
>+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
>+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
>+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
>+ I40E_GL_MDET_RX_EVENT_SHIFT;
>+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
>+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
>+ hw->func_caps.base_queue;
>+
>+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
>+ "queue %d of function 0x%02x device %s\n",
>+ event, queue, func, dev->data->name);
>+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
>+ mdd_detected = true;
>+ }
>+
>+ if (mdd_detected) {
>+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
>+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
>+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
>+ }
>+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
>+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
>+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
>+ }
>+ }
>+
>+ /* see if one of the VFs needs its hand slapped */
>+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
>+ vf = &pf->vfs[i];
>+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
>+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
>+ vf->num_mdd_events++;
>+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
>+ PRIu64 "times\n",
>+ i, vf->num_mdd_events);
>+ }
>+
>+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
>+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
>+ vf->num_mdd_events++;
>+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
>+ PRIu64 "times\n",
>+ i, vf->num_mdd_events);
>+ }
>+ }
>+}
>+
> /**
> * Interrupt handler triggered by NIC for handling
> * specific interrupt.
>@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
> }
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
>- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
>+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
>+ i40e_handle_mdd_event(dev);
>+ }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
>@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
> goto done;
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
>- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
>+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
>+ i40e_handle_mdd_event(dev);
>+ }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
>diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
>index bba2b83b4..370e6298f 100644
>--- a/drivers/net/i40e/i40e_ethdev.h
>+++ b/drivers/net/i40e/i40e_ethdev.h
>@@ -426,6 +426,7 @@ struct i40e_pf_vf {
> /* version of the virtchnl from VF */
> struct virtchnl_version_info version;
> uint32_t request_caps; /* offload caps requested from VF */
>+ uint64_t num_mdd_events; /* num of mdd events detected */
>
> /*
> * Variables for store the arrival timestamp of VF messages.
>--
>2.17.1
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev] [PATCH v5] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
` (2 preceding siblings ...)
2020-01-15 18:47 ` [dpdk-dev] [PATCH v4] " taox.zhu
@ 2020-01-16 12:08 ` taox.zhu
2020-01-17 11:24 ` taox.zhu
` (2 subsequent siblings)
6 siblings, 0 replies; 12+ messages in thread
From: taox.zhu @ 2020-01-16 12:08 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, qiming.yang, xiaolong.ye, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
add warning and counter to handle the maliciouse driver detection event.
When the hardware determines that a VF has maliciouse driver, this VF
will become unworkable, the PF records and gives a warning message.
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
Acked-by: Qiming Yang <qiming.yang@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 +-
drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 92 insertions(+), 3 deletions(-)
v5:
- Change commit message
v4:
- Change commit message
- Rebase doc/guides/rel_notes/release_20_02.rst
v3:
- Change commit message
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index c7c34b62f..2bf11e8ca 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 1e83e659a..a39f22221 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -66,11 +66,13 @@ New Features
* Added support for RSS using L3/L4 source/destination only.
-* **Updated i40e driver to support L2TPv3 over IP flows.**
+* **Updated i40e driver.**
Updated the i40e PMD to support L2TPv3 over IP profiles which can be
programmed by the dynamic device personalization (DDP) process.
+ Added PF support Malicious Device Drive event catch and notify.
+
* **Updated testpmd to support L2TPv3 over IP flows.**
Added support for L2TPv3 over IP rte_flow patterns to the testpmd
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index afb6f554b..95bfed4d9 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index bba2b83b4..370e6298f 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* [dpdk-dev] [PATCH v5] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
` (3 preceding siblings ...)
2020-01-16 12:08 ` [dpdk-dev] [PATCH v5] " taox.zhu
@ 2020-01-17 11:24 ` taox.zhu
2020-01-17 3:08 ` Zhu, TaoX
2020-01-17 11:54 ` [dpdk-dev] [PATCH v7] " taox.zhu
2020-01-17 14:35 ` [dpdk-dev] [PATCH v8] " taox.zhu
6 siblings, 1 reply; 12+ messages in thread
From: taox.zhu @ 2020-01-17 11:24 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, qiming.yang, xiaolong.ye, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
Add warning and counter to handle the malicious driver detection event.
When the hardware determines that a malicious driver on VF, this VF
will become unworkable, the PF records and gives a warning message.
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
Acked-by: Qiming Yang <qiming.yang@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 +-
drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 92 insertions(+), 3 deletions(-)
v6:
- Change commit message
v5:
- Change commit message
v4:
- Change commit message
- Rebase doc/guides/rel_notes/release_20_02.rst
v3:
- Change commit message
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index c7c34b62f..2bf11e8ca 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 1e83e659a..a39f22221 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -66,11 +66,13 @@ New Features
* Added support for RSS using L3/L4 source/destination only.
-* **Updated i40e driver to support L2TPv3 over IP flows.**
+* **Updated i40e driver.**
Updated the i40e PMD to support L2TPv3 over IP profiles which can be
programmed by the dynamic device personalization (DDP) process.
+ Added PF support Malicious Device Drive event catch and notify.
+
* **Updated testpmd to support L2TPv3 over IP flows.**
Added support for L2TPv3 over IP rte_flow patterns to the testpmd
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index afb6f554b..95bfed4d9 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index bba2b83b4..370e6298f 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: [dpdk-dev] [PATCH v5] net/i40e: add PF MDD event handler
2020-01-17 11:24 ` taox.zhu
@ 2020-01-17 3:08 ` Zhu, TaoX
0 siblings, 0 replies; 12+ messages in thread
From: Zhu, TaoX @ 2020-01-17 3:08 UTC (permalink / raw)
To: Xing, Beilei, Zhang, Qi Z; +Cc: dev, Yang, Qiming, Ye, Xiaolong
Hi ALL,
The name of patch subject has forgotten to be modified. Please ignore this patch and I will resend it.
BR,
Zhu, Tao
> -----Original Message-----
> From: Zhu, TaoX
> Sent: Friday, January 17, 2020 7:24 PM
> To: Xing, Beilei <beilei.xing@intel.com>; Zhang, Qi Z <qi.z.zhang@intel.com>
> Cc: dev@dpdk.org; Yang, Qiming <qiming.yang@intel.com>; Ye, Xiaolong
> <xiaolong.ye@intel.com>; Zhu, TaoX <taox.zhu@intel.com>
> Subject: [PATCH v5] net/i40e: add PF MDD event handler
>
> From: Zhu Tao <taox.zhu@intel.com>
>
> Add warning and counter to handle the malicious driver detection event.
> When the hardware determines that a malicious driver on VF, this VF will
> become unworkable, the PF records and gives a warning message.
>
> Signed-off-by: Zhu Tao <taox.zhu@intel.com>
> Acked-by: Qiming Yang <qiming.yang@intel.com>
> ---
> doc/guides/nics/i40e.rst | 1 +
> doc/guides/rel_notes/release_20_02.rst | 4 +-
> drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
> drivers/net/i40e/i40e_ethdev.h | 1 +
> 4 files changed, 92 insertions(+), 3 deletions(-)
>
> v6:
> - Change commit message
> v5:
> - Change commit message
> v4:
> - Change commit message
> - Rebase doc/guides/rel_notes/release_20_02.rst
> v3:
> - Change commit message
>
> diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst index
> c7c34b62f..2bf11e8ca 100644
> --- a/doc/guides/nics/i40e.rst
> +++ b/doc/guides/nics/i40e.rst
> @@ -43,6 +43,7 @@ Features of the i40e PMD are:
> - Dynamic Device Personalization (DDP)
> - Queue region configuration
> - Virtual Function Port Representors
> +- Malicious Device Drive event catch and notify
>
> Prerequisites
> -------------
> diff --git a/doc/guides/rel_notes/release_20_02.rst
> b/doc/guides/rel_notes/release_20_02.rst
> index 1e83e659a..a39f22221 100644
> --- a/doc/guides/rel_notes/release_20_02.rst
> +++ b/doc/guides/rel_notes/release_20_02.rst
> @@ -66,11 +66,13 @@ New Features
>
> * Added support for RSS using L3/L4 source/destination only.
>
> -* **Updated i40e driver to support L2TPv3 over IP flows.**
> +* **Updated i40e driver.**
>
> Updated the i40e PMD to support L2TPv3 over IP profiles which can be
> programmed by the dynamic device personalization (DDP) process.
>
> + Added PF support Malicious Device Drive event catch and notify.
> +
> * **Updated testpmd to support L2TPv3 over IP flows.**
>
> Added support for L2TPv3 over IP rte_flow patterns to the testpmd diff --
> git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index afb6f554b..95bfed4d9 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev
> *dev)
> rte_free(info.msg_buf);
> }
>
> +static void
> +i40e_handle_mdd_event(struct rte_eth_dev *dev) {
> + struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data-
> >dev_private);
> + struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data-
> >dev_private);
> + bool mdd_detected = false;
> + struct i40e_pf_vf *vf;
> + uint32_t reg;
> + int i;
> +
> + /* find what triggered the MDD event */
> + reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
> + if (reg & I40E_GL_MDET_TX_VALID_MASK) {
> + uint8_t pf_num = (reg &
> I40E_GL_MDET_TX_PF_NUM_MASK) >>
> + I40E_GL_MDET_TX_PF_NUM_SHIFT;
> + uint16_t vf_num = (reg &
> I40E_GL_MDET_TX_VF_NUM_MASK) >>
> + I40E_GL_MDET_TX_VF_NUM_SHIFT;
> + uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
> + I40E_GL_MDET_TX_EVENT_SHIFT;
> + uint16_t queue = ((reg &
> I40E_GL_MDET_TX_QUEUE_MASK) >>
> + I40E_GL_MDET_TX_QUEUE_SHIFT) -
> + hw->func_caps.base_queue;
> + PMD_DRV_LOG(WARNING, "Malicious Driver Detection
> event 0x%02x on TX "
> + "queue %d PF number 0x%02x VF number 0x%02x
> device %s\n",
> + event, queue, pf_num, vf_num, dev->data-
> >name);
> + I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
> + mdd_detected = true;
> + }
> + reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
> + if (reg & I40E_GL_MDET_RX_VALID_MASK) {
> + uint8_t func = (reg &
> I40E_GL_MDET_RX_FUNCTION_MASK) >>
> + I40E_GL_MDET_RX_FUNCTION_SHIFT;
> + uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
> + I40E_GL_MDET_RX_EVENT_SHIFT;
> + uint16_t queue = ((reg &
> I40E_GL_MDET_RX_QUEUE_MASK) >>
> + I40E_GL_MDET_RX_QUEUE_SHIFT) -
> + hw->func_caps.base_queue;
> +
> + PMD_DRV_LOG(WARNING, "Malicious Driver Detection
> event 0x%02x on RX "
> + "queue %d of function 0x%02x device %s\n",
> + event, queue, func, dev->data-
> >name);
> + I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
> + mdd_detected = true;
> + }
> +
> + if (mdd_detected) {
> + reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
> + if (reg & I40E_PF_MDET_TX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
> + PMD_DRV_LOG(WARNING, "TX driver issue
> detected on PF\n");
> + }
> + reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
> + if (reg & I40E_PF_MDET_RX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
> + PMD_DRV_LOG(WARNING, "RX driver issue
> detected on PF\n");
> + }
> + }
> +
> + /* see if one of the VFs needs its hand slapped */
> + for (i = 0; i < pf->vf_num && mdd_detected; i++) {
> + vf = &pf->vfs[i];
> + reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
> + if (reg & I40E_VP_MDET_TX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
> + vf->num_mdd_events++;
> + PMD_DRV_LOG(WARNING, "TX driver issue
> detected on VF %d %-"
> + PRIu64 "times\n",
> + i, vf->num_mdd_events);
> + }
> +
> + reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
> + if (reg & I40E_VP_MDET_RX_VALID_MASK) {
> + I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
> + vf->num_mdd_events++;
> + PMD_DRV_LOG(WARNING, "RX driver issue
> detected on VF %d %-"
> + PRIu64 "times\n",
> + i, vf->num_mdd_events);
> + }
> + }
> +}
> +
> /**
> * Interrupt handler triggered by NIC for handling
> * specific interrupt.
> @@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
> }
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
> - if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
> + if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming
> detected");
> + i40e_handle_mdd_event(dev);
> + }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
> @@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
> goto done;
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
> - if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
> + if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming
> detected");
> + i40e_handle_mdd_event(dev);
> + }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
> diff --git a/drivers/net/i40e/i40e_ethdev.h
> b/drivers/net/i40e/i40e_ethdev.h index bba2b83b4..370e6298f 100644
> --- a/drivers/net/i40e/i40e_ethdev.h
> +++ b/drivers/net/i40e/i40e_ethdev.h
> @@ -426,6 +426,7 @@ struct i40e_pf_vf {
> /* version of the virtchnl from VF */
> struct virtchnl_version_info version;
> uint32_t request_caps; /* offload caps requested from VF */
> + uint64_t num_mdd_events; /* num of mdd events detected */
>
> /*
> * Variables for store the arrival timestamp of VF messages.
> --
> 2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [dpdk-dev] [PATCH v7] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
` (4 preceding siblings ...)
2020-01-17 11:24 ` taox.zhu
@ 2020-01-17 11:54 ` taox.zhu
2020-01-17 14:35 ` [dpdk-dev] [PATCH v8] " taox.zhu
6 siblings, 0 replies; 12+ messages in thread
From: taox.zhu @ 2020-01-17 11:54 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, qiming.yang, xiaolong.ye, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
Add warning and counter to handle the malicious driver detection event.
When the hardware determines that a malicious driver on VF, this VF
will become unworkable, the PF records and gives a warning message.
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
Acked-by: Qiming Yang <qiming.yang@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 +-
drivers/net/i40e/i40e_ethdev.c | 89 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 92 insertions(+), 3 deletions(-)
v7:
- fix subject patch version
v6:
- Change commit message
v5:
- Change commit message
v4:
- Change commit message
- Rebase doc/guides/rel_notes/release_20_02.rst
v3:
- Change commit message
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index c7c34b62f..2bf11e8ca 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 1e83e659a..a39f22221 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -66,11 +66,13 @@ New Features
* Added support for RSS using L3/L4 source/destination only.
-* **Updated i40e driver to support L2TPv3 over IP flows.**
+* **Updated i40e driver.**
Updated the i40e PMD to support L2TPv3 over IP profiles which can be
programmed by the dynamic device personalization (DDP) process.
+ Added PF support Malicious Device Drive event catch and notify.
+
* **Updated testpmd to support L2TPv3 over IP flows.**
Added support for L2TPv3 over IP rte_flow patterns to the testpmd
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index afb6f554b..95bfed4d9 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,87 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, 0xffffffff);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, 0xffffffff);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX, 0xFFFF);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i), 0xFFFF);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6873,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6920,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index bba2b83b4..370e6298f 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* [dpdk-dev] [PATCH v8] net/i40e: add PF MDD event handler
2019-12-09 13:59 [dpdk-dev] [PATCH] net/i40e: add PF MDD event handler taox.zhu
` (5 preceding siblings ...)
2020-01-17 11:54 ` [dpdk-dev] [PATCH v7] " taox.zhu
@ 2020-01-17 14:35 ` taox.zhu
2020-01-17 6:33 ` Ye Xiaolong
6 siblings, 1 reply; 12+ messages in thread
From: taox.zhu @ 2020-01-17 14:35 UTC (permalink / raw)
To: beilei.xing, qi.z.zhang; +Cc: dev, qiming.yang, xiaolong.ye, Zhu Tao
From: Zhu Tao <taox.zhu@intel.com>
Add warning and counter to handle the malicious driver detection event.
When the hardware determines that a malicious driver on VF,
this VF will become unworkable, the PF records and gives a warning message.
Signed-off-by: Zhu Tao <taox.zhu@intel.com>
Acked-by: Qiming Yang <qiming.yang@intel.com>
---
doc/guides/nics/i40e.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 +-
drivers/net/i40e/i40e_ethdev.c | 94 +++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
4 files changed, 97 insertions(+), 3 deletions(-)
v8:
- Replace magic number with macros.
v7:
- fix subject patch version
v6:
- Change commit message
v5:
- Change commit message
v4:
- Change commit message
- Rebase doc/guides/rel_notes/release_20_02.rst
v3:
- Change commit message
diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
index c7c34b62f..2bf11e8ca 100644
--- a/doc/guides/nics/i40e.rst
+++ b/doc/guides/nics/i40e.rst
@@ -43,6 +43,7 @@ Features of the i40e PMD are:
- Dynamic Device Personalization (DDP)
- Queue region configuration
- Virtual Function Port Representors
+- Malicious Device Drive event catch and notify
Prerequisites
-------------
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 1e83e659a..a39f22221 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -66,11 +66,13 @@ New Features
* Added support for RSS using L3/L4 source/destination only.
-* **Updated i40e driver to support L2TPv3 over IP flows.**
+* **Updated i40e driver.**
Updated the i40e PMD to support L2TPv3 over IP profiles which can be
programmed by the dynamic device personalization (DDP) process.
+ Added PF support Malicious Device Drive event catch and notify.
+
* **Updated testpmd to support L2TPv3 over IP flows.**
Added support for L2TPv3 over IP rte_flow patterns to the testpmd
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index afb6f554b..caca3e88f 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -6760,6 +6760,92 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
rte_free(info.msg_buf);
}
+static void
+i40e_handle_mdd_event(struct rte_eth_dev *dev)
+{
+#define I40E_MDD_CLEAR32 0xFFFFFFFF
+#define I40E_MDD_CLEAR16 0xFFFF
+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+ bool mdd_detected = false;
+ struct i40e_pf_vf *vf;
+ uint32_t reg;
+ int i;
+
+ /* find what triggered the MDD event */
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
+ I40E_GL_MDET_TX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
+ event, queue, pf_num, vf_num, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, I40E_MDD_CLEAR32);
+ mdd_detected = true;
+ }
+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
+ I40E_GL_MDET_RX_EVENT_SHIFT;
+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
+ hw->func_caps.base_queue;
+
+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
+ "queue %d of function 0x%02x device %s\n",
+ event, queue, func, dev->data->name);
+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, I40E_MDD_CLEAR32);
+ mdd_detected = true;
+ }
+
+ if (mdd_detected) {
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, I40E_MDD_CLEAR16);
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
+ }
+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX,
+ I40E_MDD_CLEAR16);
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
+ }
+ }
+
+ /* see if one of the VFs needs its hand slapped */
+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
+ vf = &pf->vfs[i];
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i),
+ I40E_MDD_CLEAR16);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+
+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i),
+ I40E_MDD_CLEAR16);
+ vf->num_mdd_events++;
+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
+ PRIu64 "times\n",
+ i, vf->num_mdd_events);
+ }
+ }
+}
+
/**
* Interrupt handler triggered by NIC for handling
* specific interrupt.
@@ -6792,8 +6878,10 @@ i40e_dev_interrupt_handler(void *param)
}
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
@@ -6837,8 +6925,10 @@ i40e_dev_alarm_handler(void *param)
goto done;
if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
+ i40e_handle_mdd_event(dev);
+ }
if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
PMD_DRV_LOG(INFO, "ICR0: global reset requested");
if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
index bba2b83b4..370e6298f 100644
--- a/drivers/net/i40e/i40e_ethdev.h
+++ b/drivers/net/i40e/i40e_ethdev.h
@@ -426,6 +426,7 @@ struct i40e_pf_vf {
/* version of the virtchnl from VF */
struct virtchnl_version_info version;
uint32_t request_caps; /* offload caps requested from VF */
+ uint64_t num_mdd_events; /* num of mdd events detected */
/*
* Variables for store the arrival timestamp of VF messages.
--
2.17.1
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: [dpdk-dev] [PATCH v8] net/i40e: add PF MDD event handler
2020-01-17 14:35 ` [dpdk-dev] [PATCH v8] " taox.zhu
@ 2020-01-17 6:33 ` Ye Xiaolong
0 siblings, 0 replies; 12+ messages in thread
From: Ye Xiaolong @ 2020-01-17 6:33 UTC (permalink / raw)
To: taox.zhu; +Cc: beilei.xing, qi.z.zhang, dev, qiming.yang
On 01/17, taox.zhu@intel.com wrote:
>From: Zhu Tao <taox.zhu@intel.com>
>
>Add warning and counter to handle the malicious driver detection event.
>When the hardware determines that a malicious driver on VF,
>this VF will become unworkable, the PF records and gives a warning message.
>
>Signed-off-by: Zhu Tao <taox.zhu@intel.com>
>Acked-by: Qiming Yang <qiming.yang@intel.com>
>---
> doc/guides/nics/i40e.rst | 1 +
> doc/guides/rel_notes/release_20_02.rst | 4 +-
> drivers/net/i40e/i40e_ethdev.c | 94 +++++++++++++++++++++++++-
> drivers/net/i40e/i40e_ethdev.h | 1 +
> 4 files changed, 97 insertions(+), 3 deletions(-)
>
>v8:
>- Replace magic number with macros.
>v7:
>- fix subject patch version
>v6:
>- Change commit message
>v5:
>- Change commit message
>v4:
>- Change commit message
>- Rebase doc/guides/rel_notes/release_20_02.rst
>v3:
>- Change commit message
>
>diff --git a/doc/guides/nics/i40e.rst b/doc/guides/nics/i40e.rst
>index c7c34b62f..2bf11e8ca 100644
>--- a/doc/guides/nics/i40e.rst
>+++ b/doc/guides/nics/i40e.rst
>@@ -43,6 +43,7 @@ Features of the i40e PMD are:
> - Dynamic Device Personalization (DDP)
> - Queue region configuration
> - Virtual Function Port Representors
>+- Malicious Device Drive event catch and notify
>
> Prerequisites
> -------------
>diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
>index 1e83e659a..a39f22221 100644
>--- a/doc/guides/rel_notes/release_20_02.rst
>+++ b/doc/guides/rel_notes/release_20_02.rst
>@@ -66,11 +66,13 @@ New Features
>
> * Added support for RSS using L3/L4 source/destination only.
>
>-* **Updated i40e driver to support L2TPv3 over IP flows.**
>+* **Updated i40e driver.**
>
> Updated the i40e PMD to support L2TPv3 over IP profiles which can be
> programmed by the dynamic device personalization (DDP) process.
>
>+ Added PF support Malicious Device Drive event catch and notify.
>+
> * **Updated testpmd to support L2TPv3 over IP flows.**
>
> Added support for L2TPv3 over IP rte_flow patterns to the testpmd
>diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
>index afb6f554b..caca3e88f 100644
>--- a/drivers/net/i40e/i40e_ethdev.c
>+++ b/drivers/net/i40e/i40e_ethdev.c
>@@ -6760,6 +6760,92 @@ i40e_dev_handle_aq_msg(struct rte_eth_dev *dev)
> rte_free(info.msg_buf);
> }
>
>+static void
>+i40e_handle_mdd_event(struct rte_eth_dev *dev)
>+{
>+#define I40E_MDD_CLEAR32 0xFFFFFFFF
>+#define I40E_MDD_CLEAR16 0xFFFF
>+ struct i40e_hw *hw = I40E_DEV_PRIVATE_TO_HW(dev->data->dev_private);
>+ struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
>+ bool mdd_detected = false;
>+ struct i40e_pf_vf *vf;
>+ uint32_t reg;
>+ int i;
>+
>+ /* find what triggered the MDD event */
>+ reg = I40E_READ_REG(hw, I40E_GL_MDET_TX);
>+ if (reg & I40E_GL_MDET_TX_VALID_MASK) {
>+ uint8_t pf_num = (reg & I40E_GL_MDET_TX_PF_NUM_MASK) >>
>+ I40E_GL_MDET_TX_PF_NUM_SHIFT;
>+ uint16_t vf_num = (reg & I40E_GL_MDET_TX_VF_NUM_MASK) >>
>+ I40E_GL_MDET_TX_VF_NUM_SHIFT;
>+ uint8_t event = (reg & I40E_GL_MDET_TX_EVENT_MASK) >>
>+ I40E_GL_MDET_TX_EVENT_SHIFT;
>+ uint16_t queue = ((reg & I40E_GL_MDET_TX_QUEUE_MASK) >>
>+ I40E_GL_MDET_TX_QUEUE_SHIFT) -
>+ hw->func_caps.base_queue;
>+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on TX "
>+ "queue %d PF number 0x%02x VF number 0x%02x device %s\n",
>+ event, queue, pf_num, vf_num, dev->data->name);
>+ I40E_WRITE_REG(hw, I40E_GL_MDET_TX, I40E_MDD_CLEAR32);
>+ mdd_detected = true;
>+ }
>+ reg = I40E_READ_REG(hw, I40E_GL_MDET_RX);
>+ if (reg & I40E_GL_MDET_RX_VALID_MASK) {
>+ uint8_t func = (reg & I40E_GL_MDET_RX_FUNCTION_MASK) >>
>+ I40E_GL_MDET_RX_FUNCTION_SHIFT;
>+ uint8_t event = (reg & I40E_GL_MDET_RX_EVENT_MASK) >>
>+ I40E_GL_MDET_RX_EVENT_SHIFT;
>+ uint16_t queue = ((reg & I40E_GL_MDET_RX_QUEUE_MASK) >>
>+ I40E_GL_MDET_RX_QUEUE_SHIFT) -
>+ hw->func_caps.base_queue;
>+
>+ PMD_DRV_LOG(WARNING, "Malicious Driver Detection event 0x%02x on RX "
>+ "queue %d of function 0x%02x device %s\n",
>+ event, queue, func, dev->data->name);
>+ I40E_WRITE_REG(hw, I40E_GL_MDET_RX, I40E_MDD_CLEAR32);
>+ mdd_detected = true;
>+ }
>+
>+ if (mdd_detected) {
>+ reg = I40E_READ_REG(hw, I40E_PF_MDET_TX);
>+ if (reg & I40E_PF_MDET_TX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_PF_MDET_TX, I40E_MDD_CLEAR16);
>+ PMD_DRV_LOG(WARNING, "TX driver issue detected on PF\n");
>+ }
>+ reg = I40E_READ_REG(hw, I40E_PF_MDET_RX);
>+ if (reg & I40E_PF_MDET_RX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_PF_MDET_RX,
>+ I40E_MDD_CLEAR16);
>+ PMD_DRV_LOG(WARNING, "RX driver issue detected on PF\n");
>+ }
>+ }
>+
>+ /* see if one of the VFs needs its hand slapped */
>+ for (i = 0; i < pf->vf_num && mdd_detected; i++) {
>+ vf = &pf->vfs[i];
>+ reg = I40E_READ_REG(hw, I40E_VP_MDET_TX(i));
>+ if (reg & I40E_VP_MDET_TX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_VP_MDET_TX(i),
>+ I40E_MDD_CLEAR16);
>+ vf->num_mdd_events++;
>+ PMD_DRV_LOG(WARNING, "TX driver issue detected on VF %d %-"
>+ PRIu64 "times\n",
>+ i, vf->num_mdd_events);
>+ }
>+
>+ reg = I40E_READ_REG(hw, I40E_VP_MDET_RX(i));
>+ if (reg & I40E_VP_MDET_RX_VALID_MASK) {
>+ I40E_WRITE_REG(hw, I40E_VP_MDET_RX(i),
>+ I40E_MDD_CLEAR16);
>+ vf->num_mdd_events++;
>+ PMD_DRV_LOG(WARNING, "RX driver issue detected on VF %d %-"
>+ PRIu64 "times\n",
>+ i, vf->num_mdd_events);
>+ }
>+ }
>+}
>+
> /**
> * Interrupt handler triggered by NIC for handling
> * specific interrupt.
>@@ -6792,8 +6878,10 @@ i40e_dev_interrupt_handler(void *param)
> }
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
>- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
>+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
>+ i40e_handle_mdd_event(dev);
>+ }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
>@@ -6837,8 +6925,10 @@ i40e_dev_alarm_handler(void *param)
> goto done;
> if (icr0 & I40E_PFINT_ICR0_ECC_ERR_MASK)
> PMD_DRV_LOG(ERR, "ICR0: unrecoverable ECC error");
>- if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK)
>+ if (icr0 & I40E_PFINT_ICR0_MAL_DETECT_MASK) {
> PMD_DRV_LOG(ERR, "ICR0: malicious programming detected");
>+ i40e_handle_mdd_event(dev);
>+ }
> if (icr0 & I40E_PFINT_ICR0_GRST_MASK)
> PMD_DRV_LOG(INFO, "ICR0: global reset requested");
> if (icr0 & I40E_PFINT_ICR0_PCI_EXCEPTION_MASK)
>diff --git a/drivers/net/i40e/i40e_ethdev.h b/drivers/net/i40e/i40e_ethdev.h
>index bba2b83b4..370e6298f 100644
>--- a/drivers/net/i40e/i40e_ethdev.h
>+++ b/drivers/net/i40e/i40e_ethdev.h
>@@ -426,6 +426,7 @@ struct i40e_pf_vf {
> /* version of the virtchnl from VF */
> struct virtchnl_version_info version;
> uint32_t request_caps; /* offload caps requested from VF */
>+ uint64_t num_mdd_events; /* num of mdd events detected */
>
> /*
> * Variables for store the arrival timestamp of VF messages.
>--
>2.17.1
>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>
Applied to dpdk-next-net-intel, Thanks.
^ permalink raw reply [flat|nested] 12+ messages in thread