From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 146E5A0350; Mon, 28 Feb 2022 08:40:19 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DA3044068C; Mon, 28 Feb 2022 08:40:18 +0100 (CET) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1anam02on2046.outbound.protection.outlook.com [40.107.96.46]) by mails.dpdk.org (Postfix) with ESMTP id 4FCFE4068A for ; Mon, 28 Feb 2022 08:40:17 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mpGF/LdAcEdiKpG2ZCc8RhD/f/8FXSIpDw6sGUVw8yq8lCgtUEg6f4NmbWPbQp7KlOed1ngZ726xQmjcaGxYUkf6D7iiToqPLgjSKEvFgTbiuGv2WjQ1dz375mwl0cxkkHG1X/KlAevbkWnGDA51F42O8yp2wFgyihY/XRclIWTjdABxLRp/DvN0JIfNX9eXVbaTeJkhQNhTMvgvT93vOraVgBexwiof/oyiGc6R2HqY7UELyBjd3GnZRV7hHoFQrX9N8nuoAmGPT9t5+rutJ4/JdKjrZIwj1hos+ZbkGW7l3op58yRBfnVPFtaLi+NJS9DdsommBsV40X/11Jkx9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RYAX+MnH925mKEDSL7DX5MljEAEdXCIxEaPPpPV8ua0=; b=BqmqqfBN2oEVJiuuiXAags8FZ7kX7Tjti6D6EeMfTMXctrQdHOwc0WOdsNrxQ6JPMxY3j9Y/doWQ6EB9dnGd9HFUZesAnavEZD6p3ZSca5kfKV3QC3MK+f3wSyPuM8iJM8FGvLrfB5OvLGpidYm9s6SCCBQ4ioHDavsr3nh8EItlnZmeHcD2PXMzHOKJ5PPnFygVP28NQjw12t1WABhm/EDFxK8+DiTf7DHwMBANL13i10kvjAAcO7av3gsaEz7A64MYPmQs9KVMCWXICGaY8vVTxF1Y+OwVbwkACKjwTCEEzqeeK7Bt1Dk8K3Pm54C3IO6ShFTBr+m9frpzXEvFyQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip is 12.22.5.236) smtp.rcpttodomain=monjalon.net smtp.mailfrom=nvidia.com; dmarc=temperror action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RYAX+MnH925mKEDSL7DX5MljEAEdXCIxEaPPpPV8ua0=; b=GhqsuQebM2+paeUhMapPiPAYEvODVT6hvUlU0GaYZxbe68VG3uNsP4c2Ca1GUtQJ2o3RbZkH1hU7yyZKoKzEo7gKVcqMvMs62fbKRBJuNLQzX+9iDOu/AIjOJvx86K/6uvhY+0woBBGMf0+mJMs2Y0VsM1YVhIMEfaJKxlpJ7ugLukUE7zmRja901rfhgM77UwZ6XUCJgVYUE/WVIBpkRHMbDaD9POlmtQ0u0VN6Fh810ho4T0iFp7FOFfNRfJjEHSJqKTAvI4pakDABEo9v/kKbQssMkmLRlleDtgjY3teadO2QO4FSoHT9b0xHtVAl+s7kfZdd3l7ZywOMcGuV6Q== Received: from BN6PR2001CA0034.namprd20.prod.outlook.com (2603:10b6:405:16::20) by BY5PR12MB4259.namprd12.prod.outlook.com (2603:10b6:a03:202::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Mon, 28 Feb 2022 07:40:11 +0000 Received: from BN8NAM11FT052.eop-nam11.prod.protection.outlook.com (2603:10b6:405:16:cafe::b9) by BN6PR2001CA0034.outlook.office365.com (2603:10b6:405:16::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.26 via Frontend Transport; Mon, 28 Feb 2022 07:40:11 +0000 X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is 12.22.5.236) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=temperror action=none header.from=nvidia.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of nvidia.com: DNS Timeout) Received: from mail.nvidia.com (12.22.5.236) by BN8NAM11FT052.mail.protection.outlook.com (10.13.177.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5017.22 via Frontend Transport; Mon, 28 Feb 2022 07:40:09 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL109.nvidia.com (10.27.9.19) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 28 Feb 2022 07:40:08 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.9; Sun, 27 Feb 2022 23:40:06 -0800 From: Asaf Penso To: CC: , , , Subject: [PATCH v2] doc: add steps to configure VF interface as trusted Date: Mon, 28 Feb 2022 09:39:47 +0200 Message-ID: <20220228073947.3009246-1-asafp@nvidia.com> X-Mailer: git-send-email 2.18.2 In-Reply-To: <20220227154617.2946292-1-asafp@nvidia.com> References: <20220227154617.2946292-1-asafp@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 94fa7d2e-50dc-43c6-3348-08d9fa8d8c0b X-MS-TrafficTypeDiagnostic: BY5PR12MB4259:EE_ X-LD-Processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pFMD01eVgLTOCY6BqQZwntboAMatlAAgDxVLDvi+9uoHaUrBrYJri6FHhj1/+MNxLvCxwUxYwmosf6HpoxADxSGpX5e0qD466DLOkN7KAkfaz32NKxhmq2/vxmZGo4iLJQO/MmnW4FYmQ15MyYNk6GXzr25dgVdHAvUUOOylQWSksFkZUOn3hbl0T97k35+3Jkso1MPsmzTnnG2lvhmulbOViQSlre4zOdyYm94akznjD8YtYkGWIgt/jfJPAthVIWNxWFMS29mB75nk7O5Y6XAfOZp58Bev40rTSUasdHGhkSGPvhhUBcM4rNzhkQk9+VG0zaIt0mFyBq4XRX8BtrIFRIPoRrodg1XEfEWbA2kzN3uVzNuwbGR7zLvHXyJCl1eR6k2WlWplCVadacFqCyB6XnZxrGwhDQyC+IPaFZO1RsyfPu+S6n6quV/WIc1aSmsJGLIGnoxjBICubv94B6OsnTXj2Yiu+0cMLT33Gy5vioZeUJmKCJdNeZ1M3ygEAL+E6p9Uk/i6exn7Sf+y1LM4C6EXP4zRa1+DK0WZTcdlQ8/a1qZ4EQHG+CkDxGo+WS99yjJYYNAw2GZGwapchYGSHnA8Ugl+M9hsaNMhhrqN7bv0sry6acjMts2VuJl6HPjfsLLa5jVI+y5qM88D5oW1m5/lOEV6tDa/zOK3KGqrtFCZH/LcSuoQCoHE1a75qtmBUCh/hbB3BfiWu20Xcw== X-Forefront-Antispam-Report: CIP:12.22.5.236; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(47076005)(70206006)(70586007)(83380400001)(508600001)(4326008)(8676002)(36860700001)(86362001)(6666004)(63350400001)(55016003)(36756003)(7696005)(63370400001)(356005)(8936002)(6286002)(107886003)(6916009)(81166007)(426003)(336012)(316002)(5660300002)(40460700003)(26005)(186003)(16526019)(2906002)(82310400004)(2616005)(54906003)(1076003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2022 07:40:09.4794 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 94fa7d2e-50dc-43c6-3348-08d9fa8d8c0b X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.236]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT052.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4259 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Trusted VF is needed to offload rules with rte_flow to a group that is bigger than 0. The configuration is done in two parts: driver and FW. This patch adds the needed steps to configure a VF to be trusted. Signed-off-by: Asaf Penso Reviewed-by: Raslan Darawsheh --- doc/guides/nics/mlx5.rst | 75 +++++++++++++++++++++++++++++++++------- 1 file changed, 63 insertions(+), 12 deletions(-) diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst index c31a154181..e853d6f6a2 100644 --- a/doc/guides/nics/mlx5.rst +++ b/doc/guides/nics/mlx5.rst @@ -498,9 +498,9 @@ Limitations - c_rsvd0_v: C bit, K bit, S bit - protocol type - - checksum - - key - - sequence + - Checksum + - Key + - Sequence Matching on checksum and sequence needs OFED 5.6+. @@ -847,10 +847,10 @@ for an additional list of options shared with other mlx5 drivers. By default (if the ``tx_pp`` is not specified) send scheduling on timestamps feature is disabled. - Starting with ConnectX-7 the capability to schedule traffic directly - on timestamp specified in descriptor is provided, - no extra objects are needed anymore and scheduling capability - is advertised and handled regardless ``tx_pp`` parameter presence. + Starting since ConnectX-7 the capability to schedule traffic directly + on timestamp specified in descriptor is provided, no extra objects are + needed anymore and scheduling capability is advertised and handled + regardless tx_pp parameter presence. - ``tx_skew`` parameter [int] @@ -963,13 +963,14 @@ for an additional list of options shared with other mlx5 drivers. Value 0 means legacy Verbs flow offloading. Value 1 enables the DV flow steering assuming it is supported by the - driver (requires rdma-core 24 or higher). + driver (RDMA Core library version is rdma-core-24.0 or higher). - Value 2 enables the WQE based hardware steering. - In this mode, only queue-based flow management is supported. + Value 2 enables the WQE based hardware steering. In this mode only + the queue-based rte_flow_q flow management is supported. - It is configured by default to 1 (DV flow steering) if supported. - Otherwise, the value is 0 which indicates legacy Verbs flow offloading. + Configured by default to 1 DV flow steering if the driver(RDMA CORE library) + supported. Otherwise, the value will be 0 which indicates legacy Verbs flow + offloading. - ``dv_esw_en`` parameter [int] @@ -1613,3 +1614,53 @@ both the meters in hierarchy on that flow. add port meter policy 0 2 g_actions meter mtr_id M / end y_actions end r_actions drop / end create port meter 0 N 2 2 yes 0xffff 1 0 flow create 0 ingress group 1 pattern eth / end actions meter mtr_id N / end + +How to configure a VF as trusted +-------------------------------- + +This section demonstrates how to configure a virtual function (VF) interface as trusted. +Trusted VF is needed to offload rules with rte_flow to a group that is bigger than 0. +The configuration is done in two parts: driver and FW. + +The procedure below is an example of using a ConnectX-5 adapter card (pf0) with 2 VFs: + +#. Create 2 VFs on the PF pf0 when in Legacy SR-IOV mode:: + + $ echo 2 > /sys/class/net/pf0/device/mlx5_num_vfs + +#. Verify the VFs are created: + + .. code-block:: console + + $ lspci | grep Mellanox + 82:00.0 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5] + 82:00.1 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5] + 82:00.2 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] + 82:00.3 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] + +#. Unbind all VFs. For each VF PCIe, using the following command to unbind the driver:: + + $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/unbind + +#. Set the VFs to be trusted for the kernel by using one of the methods below: + - Using sysfs file:: + + $ echo ON | tee /sys/class/net/pf0/device/sriov/0/trust + $ echo ON | tee /sys/class/net/pf0/device/sriov/1/trust + + - Using “ip link” command:: + + $ ip link set p0 vf 0 trust on + $ ip link set p0 vf 1 trust on + +#. Configure all VFs using mlxreg:: + + $ mlxreg -d /dev/mst/mt4121_pciconf0 --reg_name VHCA_TRUST_LEVEL --yes --set "all_vhca=0x1,trust_level=0x1" + + .. note:: + + Firmware version used must be >= xx.29.1016 and MFT >= 4.18 + +#. For each VF PCIe, using the following command to bind the driver:: + + $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/bind -- 2.18.2