DPDK patches and discussions
 help / color / mirror / Atom feed
From: Dariusz Sosnowski <dsosnowski@nvidia.com>
To: Matan Azrad <matan@nvidia.com>,
	Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Cc: <dev@dpdk.org>, <stable@dpdk.org>, Ori Kam <orika@nvidia.com>
Subject: [PATCH 2/2] net/mlx5: fix isolated mode when repr matching is disabled
Date: Sat, 25 Feb 2023 20:18:10 +0000	[thread overview]
Message-ID: <20230225201810.10838-3-dsosnowski@nvidia.com> (raw)
In-Reply-To: <20230225201810.10838-1-dsosnowski@nvidia.com>

In HW steering mode, when running on an E-Switch setup,
mlx5 PMD provides an ability to enable or disable
representor matching (through `repr_matching_en` device argument).
If representor matching is enabled, any ingress or egress flow rule,
created on any port representor will match traffic related
to that specific port.
If it is disabled, flow rule created on one of the ports,
will match traffic related to all ports.

As a result, when representor matching is disabled,
PMD cannot correctly create control flow rules for receiving
default traffic according to port configuration.
Since each port representor in the same switch domain,
can have different port configuration and flow rules
do not differentiate between ports, these flow rules cannot be
correctly applied.
In that case, each port works in de facto isolated mode.

This patch makes sure that if representor matching is disabled,
port is forced into isolated mode. Disabling flow isolated is forbidden.

Fixes: 483181f7b6dd ("net/mlx5: support device control of representor matching")
Cc: stable@dpdk.org

Signed-off-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
Acked-by: Ori Kam <orika@nvidia.com>
---
 doc/guides/nics/mlx5.rst         |  3 +++
 drivers/net/mlx5/linux/mlx5_os.c | 16 ++++++++++++++++
 drivers/net/mlx5/mlx5_flow.c     |  4 ++++
 3 files changed, 23 insertions(+)

diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index 6510e74fb9..350fb0287e 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -1137,6 +1137,9 @@ for an additional list of options shared with other mlx5 drivers.
   - 0. If representor matching is disabled, then there will be no implicit
     item added. As a result, ingress flow rules will match traffic
     coming to any port, not only the port on which flow rule is created.
+    Because of that, default flow rules for ingress traffic cannot be created
+    and port starts in isolated mode by default. Port cannot be switched back
+    to non-isolated mode.
 
   - 1. If representor matching is enabled (default setting),
     then each ingress pattern template has an implicit REPRESENTED_PORT
diff --git a/drivers/net/mlx5/linux/mlx5_os.c b/drivers/net/mlx5/linux/mlx5_os.c
index a71474c90a..2cce0a7f0f 100644
--- a/drivers/net/mlx5/linux/mlx5_os.c
+++ b/drivers/net/mlx5/linux/mlx5_os.c
@@ -1613,6 +1613,22 @@ mlx5_dev_spawn(struct rte_device *dpdk_dev,
 			err = EINVAL;
 			goto error;
 		}
+		/*
+		 * If representor matching is disabled, PMD cannot create default flow rules
+		 * to receive traffic for all ports, since implicit source port match is not added.
+		 * Isolated mode is forced.
+		 */
+		if (priv->sh->config.dv_esw_en && !priv->sh->config.repr_matching) {
+			err = mlx5_flow_isolate(eth_dev, 1, NULL);
+			if (err < 0) {
+				err = -err;
+				goto error;
+			}
+			DRV_LOG(WARNING, "port %u ingress traffic is restricted to defined "
+					 "flow rules (isolated mode) since representor "
+					 "matching is disabled",
+				eth_dev->data->port_id);
+		}
 		return eth_dev;
 #else
 		DRV_LOG(ERR, "DV support is missing for HWS.");
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index a6a426caf7..7ee30bdd1f 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -8077,6 +8077,10 @@ mlx5_flow_isolate(struct rte_eth_dev *dev,
 				   "port must be stopped first");
 		return -rte_errno;
 	}
+	if (!enable && !priv->sh->config.repr_matching)
+		return rte_flow_error_set(error, ENOTSUP, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+					  "isolated mode cannot be disabled when "
+					  "representor matching is disabled");
 	priv->isolated = !!enable;
 	if (enable)
 		dev->dev_ops = &mlx5_dev_ops_isolate;
-- 
2.25.1


  parent reply	other threads:[~2023-02-25 20:19 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-25 20:18 [PATCH 0/2] net/mlx5: fix representor matching Dariusz Sosnowski
2023-02-25 20:18 ` [PATCH 1/2] net/mlx5: fix egress group translation in HWS Dariusz Sosnowski
2023-03-08  3:04   ` Suanming Mou
2023-02-25 20:18 ` Dariusz Sosnowski [this message]
2023-03-08  3:04   ` [PATCH 2/2] net/mlx5: fix isolated mode when repr matching is disabled Suanming Mou
2023-03-19 15:32 ` [PATCH 0/2] net/mlx5: fix representor matching Matan Azrad
2023-03-19 17:26 ` Raslan Darawsheh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230225201810.10838-3-dsosnowski@nvidia.com \
    --to=dsosnowski@nvidia.com \
    --cc=dev@dpdk.org \
    --cc=matan@nvidia.com \
    --cc=orika@nvidia.com \
    --cc=stable@dpdk.org \
    --cc=viacheslavo@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).