From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4EF7CA00C5; Sun, 3 Jul 2022 10:02:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D7ED040E50; Sun, 3 Jul 2022 10:02:23 +0200 (CEST) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2080.outbound.protection.outlook.com [40.107.223.80]) by mails.dpdk.org (Postfix) with ESMTP id 43C3640685 for ; Sun, 3 Jul 2022 10:02:22 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e+Db4FQnTG3z4OOwD+xRinbXkTY7knA1LAz9TbWcZ0+vQOkuKU8iWpLoH2g1Ubo1FCsvEUwV8xlHfd+0CwE5mI9CX1N+yELlsBNZb9cueJGOP4fmNRnLsMaZftFN3bQKYuT9UA/sK3F3WKZSVtGoiehwq2VpbBrU54iNOaoVcwD6TDKr3Bg6an3vbKnI7026+1lEMuAQ22desEz5SO7FzdN9YM6wzSyo282glnhx1Y3x/fEyXSxcVMqIT/69TQMkVQuZn83O1D3htBGtmZ8kBQtc7Om1QOBZ6PsyQw9At7d8aBS55HSjBrO5jPDJnxcYFCgrIlOwu4tBu86mBLB/Rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q0n7pptxIOQJ9YJBqSjXNkpgH8Dsd/HaAffOI2ei3LU=; b=A5Aij4ItVdTzhZVWWIVyz9TDXOkp6rWoUvkG5nRGLlI4UuKJJfCEkIk5TmjddDVcug5Luf7i1IVWLonAxsQLsOEHLZYh0ZDbRtkBTYxicD2L4rfmEpeA/vRzABS+9+ZJvHklIVhoAWXcG4l0AbvOHSAoJA4reOh0/zXK0k3/hIIoqC5Xl52zpTkPjhkxm0TqwAe8z+kpbdQRhfRMksbuWJQeKzFY9cxw55TtiwWyUhYkl/+ffy8d+ZUn9ulTuL434qrDPIOU6WBUlHqjT/vuuHrC8/PgYVjORxYFm9D3ZN7Vdia67WvdEDk2XgCTuMWpPRkj/uDTN6momCspJT6jwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.235) smtp.rcpttodomain=dpdk.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q0n7pptxIOQJ9YJBqSjXNkpgH8Dsd/HaAffOI2ei3LU=; b=knyBD9CybmRxSDljlDL8fqRTHUmR8M83nYUw11AVu2gbG47KfBP0b/IZNjJciH/SWyTbe+ySpFTGTr5B5SW8lDnq92WW6ZDwrx0oyQnUNVcLELIqdtP018wpjT/T+pbY6T0NMMzd5RK860kOA/jkGrnRbtWkhGneqWK5RXk7Z/+wVAGSwXYNJYrOZwi1A72PDfw4zZDaRDJxfWBXbm06/3Tw8L6YaxsZi0CN1b+5KfIpwAoHqtRzmw6XKwbThIRK6MYpeHaeJZCmaGsqfSmT6j4GDfK74KoMsi3M6pnLQ4zQFimdO0mO+jP0KfGtJcYS12brZ9814EPjqE4FUvERkw== Received: from BN6PR17CA0006.namprd17.prod.outlook.com (2603:10b6:404:65::16) by BL0PR12MB4930.namprd12.prod.outlook.com (2603:10b6:208:1c8::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.14; Sun, 3 Jul 2022 08:02:20 +0000 Received: from BN8NAM11FT064.eop-nam11.prod.protection.outlook.com (2603:10b6:404:65:cafe::f8) by BN6PR17CA0006.outlook.office365.com (2603:10b6:404:65::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.18 via Frontend Transport; Sun, 3 Jul 2022 08:02:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.235) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.235 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.235; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (12.22.5.235) by BN8NAM11FT064.mail.protection.outlook.com (10.13.176.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5395.14 via Frontend Transport; Sun, 3 Jul 2022 08:02:20 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL107.nvidia.com (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Sun, 3 Jul 2022 08:02:19 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Sun, 3 Jul 2022 01:02:17 -0700 From: Gregory Etelson To: CC: , , , , Viacheslav Ovsiienko Subject: [PATCH] net/mlx5: reject negative integrity item configuration Date: Sun, 3 Jul 2022 11:02:02 +0300 Message-ID: <20220703080202.443-1-getelson@nvidia.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6240b63b-ab5c-4a0e-91d6-08da5cca5ae9 X-MS-TrafficTypeDiagnostic: BL0PR12MB4930:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hSNhgOTAUJJehmC4oiRxTJ+WMEm1XJ/61aDqLIRBzSpvsFwLptHfFnKh1SJe6wNqjroXieC6etftR397LQU3HRqpsfcD+nGfN+hhVWyVhPyH8eim7nXGKCs886eUVmEn+x/0T6q/fOXVnuK76dYnFYAuGmsGDW95IxbgfitG0I15e120/gBjZKYH/PM43X9gGRPV1PPDU9GsQSEZ5fX+pOkgLiYVZl1yPShPPSHFKyJqNXAWn0hEMNfYZUa7OFXcKVCXIEb81RLo0puhiY+PXWKWZk0ZvFibE0ulLI7IIf2+Q3KOJcN6XEq/pJqFNZptIBmFG4ZAzW4jAxpNypi/E9/MjpD2QO30S2Uq+daxRROA/0/IMc+CbJNULPnezJUql9azvu5AXa9UDvRHXU+Mh/PJp3TCoFT4da2LrBPIuIH6Nha2aUkNZ03LVJh7uThTZtE2kZAOOjtQQPyQ8dmQsKdC0rDv4Xj+I1syhU1aGs9+x/8FWkWDqp1UofQxJPkbmKnVne5GZJzhyjgak64Kz/4in9Wca1jUGigtt13OtOJjqTZ9wQSPOu/YJOeibyW4w7TtdfvPnQMbWMZwXhNC9nyZY6cQyMSSeW5dnWzptSGxYm5DeJ5fSvpcOSJTkNG9QNTKTDX+TyjJ+cyWJVzXo8n9IBgZkmdanQt77S2lSVdxfvyBfmnHa3khmoS66dV91kVlZNSBTpU4NslDpDPeS8wXF5ZUkhFbmyEZRnVsQ6coLinrSd+xCRrwi/EsWIfT8B+i/uF8kjeL0SXtALv6uShHhQ/HQhQPeD4d9z1U8qmomWsDZjo9whNGaNOrBvXBMTNkt1iQhvtqOGd7Frh2BZbhAADQ1iTL44D5rp+JFLI= X-Forefront-Antispam-Report: CIP:12.22.5.235; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230016)(4636009)(136003)(396003)(376002)(39860400002)(346002)(36840700001)(40470700004)(46966006)(55016003)(86362001)(8676002)(70586007)(70206006)(40480700001)(36756003)(316002)(8936002)(82310400005)(4326008)(81166007)(478600001)(6666004)(82740400003)(356005)(40460700003)(41300700001)(54906003)(6916009)(83380400001)(2906002)(107886003)(6286002)(26005)(7696005)(186003)(2616005)(36860700001)(16526019)(336012)(426003)(47076005)(1076003)(5660300002)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jul 2022 08:02:20.3033 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6240b63b-ab5c-4a0e-91d6-08da5cca5ae9 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.235]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT064.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB4930 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Negative integrity item refers to condition when the item value mask is set, but value spec is cleared: ... integrity value mask l4_ok value spec 0 ... RTE library defines integrity bits `l3_ok` and `l4_ok` as accumulators for all hardware L3 and L4 integrity verifications respectfully. Hardware `l3_ok` and `l4_ok` integrity bits refer to L3 and L4 network headers only. Integrity bits `l3_ok` and `l4_ok` are not compatible between RTE library and hardware. PMD translations for RTE `l3_ok` are: IPv4: `l3_ok` and `l3_csum_ok` IPv6: `l3_ok` RTE `l4_ok` is translated into PMD `l4_ok` and `l4_csum_ok` bits. Positive IPv4 `l3_ok` flow item configuration is translated into a single matcher that AND corresponding hardware bits. Negative IPv4 `l3_ok` is translated into 2 hardware conditions where each condition probes a single integrity bit: RTE::l3_ok is 0 => MLX5::l3_ok is 0 OR MLX5:l3_csum_ok is 0 MLX5 hardware does not do OR condition in flow rule item. Negative IPv4 `l3_ok` must be translated into 2 flow rules. Similarly negative RTE `l4_ok` condition is also translated into 2 hardware rules. Current PMD roadmap does not allow implicit flow rule split. TODO: extend RTE integrity bits definition to allow match on each hardware integrity bit for accumulated integiry matches. Bugzilla ID: 948 cc: stable@dpdk.com Signed-off-by: Gregory Etelson Acked-by: Matan Azrad --- doc/guides/nics/mlx5.rst | 5 +++-- drivers/net/mlx5/mlx5_flow_dv.c | 6 ++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst index 9f2832e284..99734157d0 100644 --- a/doc/guides/nics/mlx5.rst +++ b/doc/guides/nics/mlx5.rst @@ -479,14 +479,15 @@ Limitations - Integrity offload is enabled starting from **ConnectX-6 Dx**. - Verification bits provided by the hardware are ``l3_ok``, ``ipv4_csum_ok``, ``l4_ok``, ``l4_csum_ok``. - ``level`` value 0 references outer headers. + - Negative integrity item verification is not supported - Multiple integrity items not supported in a single flow rule. - Flow rule items supplied by application must explicitly specify network headers referred by integrity item. For example, if integrity item mask sets ``l4_ok`` or ``l4_csum_ok`` bits, reference to L4 network header, TCP or UDP, must be in the rule pattern as well:: flow create 0 ingress pattern integrity level is 0 value mask l3_ok value spec l3_ok / eth / ipv6 / end … - or - flow create 0 ingress pattern integrity level is 0 value mask l4_ok value spec 0 / eth / ipv4 proto is udp / end … + + flow create 0 ingress pattern integrity level is 0 value mask l4_ok value spec l4_ok / eth / ipv4 proto is udp / end … - Connection tracking: diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index 09349a021b..bee9363515 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -6779,6 +6779,12 @@ flow_dv_validate_item_integrity(struct rte_eth_dev *dev, RTE_FLOW_ERROR_TYPE_ITEM, integrity_item, "unsupported integrity filter"); + if ((mask->l3_ok & !spec->l3_ok) || (mask->l4_ok & !spec->l4_ok) || + (mask->ipv4_csum_ok & !spec->ipv4_csum_ok) || + (mask->l4_csum_ok & !spec->l4_csum_ok)) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + NULL, "negative integrity flow is not supported"); if (spec->level > 1) { if (pattern_flags & MLX5_FLOW_ITEM_INNER_INTEGRITY) return rte_flow_error_set -- 2.34.1