diff mbox series

[v2] doc: add steps to configure VF interface as trusted

Message ID 20220228073947.3009246-1-asafp@nvidia.com (mailing list archive)
State Superseded, archived
Delegated to: Raslan Darawsheh
Headers
Series [v2] doc: add steps to configure VF interface as trusted |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS

Commit Message

Asaf Penso Feb. 28, 2022, 7:39 a.m. UTC 
  Trusted VF is needed to offload rules with rte_flow to a group
that is bigger than 0.
The configuration is done in two parts: driver and FW.

This patch adds the needed steps to configure a VF to be trusted.

Signed-off-by: Asaf Penso <asafp@nvidia.com>
Reviewed-by: Raslan Darawsheh <rasland@nvidia.com>
---
 doc/guides/nics/mlx5.rst | 75 +++++++++++++++++++++++++++++++++-------
 1 file changed, 63 insertions(+), 12 deletions(-)

Comments

Raslan Darawsheh March 7, 2022, 10:42 a.m. UTC | #1 
Hi,

> -----Original Message-----
> From: Asaf Penso <asafp@nvidia.com>
> Sent: Monday, February 28, 2022 9:40 AM
> To: dev@dpdk.org
> Cc: NBU-Contact-Thomas Monjalon (EXTERNAL) <thomas@monjalon.net>;
> Slava Ovsiienko <viacheslavo@nvidia.com>; Matan Azrad
> <matan@nvidia.com>; Raslan Darawsheh <rasland@nvidia.com>
> Subject: [PATCH v2] doc: add steps to configure VF interface as trusted
> 
> Trusted VF is needed to offload rules with rte_flow to a group that is bigger
> than 0.
> The configuration is done in two parts: driver and FW.
> 
> This patch adds the needed steps to configure a VF to be trusted.
> 
> Signed-off-by: Asaf Penso <asafp@nvidia.com>
> Reviewed-by: Raslan Darawsheh <rasland@nvidia.com>

Patch applied to next-net-mlx,

Kindest regards,
Raslan Darawsheh
diff mbox series

Patch

diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index c31a154181..e853d6f6a2 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -498,9 +498,9 @@  Limitations
 
   - c_rsvd0_v: C bit, K bit, S bit
   - protocol type
-  - checksum
-  - key
-  - sequence
+  - Checksum
+  - Key
+  - Sequence
 
   Matching on checksum and sequence needs OFED 5.6+.
 
@@ -847,10 +847,10 @@  for an additional list of options shared with other mlx5 drivers.
   By default (if the ``tx_pp`` is not specified) send scheduling on timestamps
   feature is disabled.
 
-  Starting with ConnectX-7 the capability to schedule traffic directly
-  on timestamp specified in descriptor is provided,
-  no extra objects are needed anymore and scheduling capability
-  is advertised and handled regardless ``tx_pp`` parameter presence.
+  Starting since ConnectX-7 the capability to schedule traffic directly
+  on timestamp specified in descriptor is provided, no extra objects are
+  needed anymore and scheduling capability is advertised and handled
+  regardless tx_pp parameter presence.
 
 - ``tx_skew`` parameter [int]
 
@@ -963,13 +963,14 @@  for an additional list of options shared with other mlx5 drivers.
   Value 0 means legacy Verbs flow offloading.
 
   Value 1 enables the DV flow steering assuming it is supported by the
-  driver (requires rdma-core 24 or higher).
+  driver (RDMA Core library version is rdma-core-24.0 or higher).
 
-  Value 2 enables the WQE based hardware steering.
-  In this mode, only queue-based flow management is supported.
+  Value 2 enables the WQE based hardware steering. In this mode only
+  the queue-based rte_flow_q flow management is supported.
 
-  It is configured by default to 1 (DV flow steering) if supported.
-  Otherwise, the value is 0 which indicates legacy Verbs flow offloading.
+  Configured by default to 1 DV flow steering if the driver(RDMA CORE library)
+  supported. Otherwise, the value will be 0 which indicates legacy Verbs flow
+  offloading.
 
 - ``dv_esw_en`` parameter [int]
 
@@ -1613,3 +1614,53 @@  both the meters in hierarchy on that flow.
    add port meter policy 0 2 g_actions meter mtr_id M / end y_actions end r_actions drop / end
    create port meter 0 N 2 2 yes 0xffff 1 0
    flow create 0 ingress group 1 pattern eth / end actions meter mtr_id N / end
+
+How to configure a VF as trusted
+--------------------------------
+
+This section demonstrates how to configure a virtual function (VF) interface as trusted.
+Trusted VF is needed to offload rules with rte_flow to a group that is bigger than 0.
+The configuration is done in two parts: driver and FW.
+
+The procedure below is an example of using a ConnectX-5 adapter card (pf0) with 2 VFs:
+
+#. Create 2 VFs on the PF pf0 when in Legacy SR-IOV mode::
+
+   $ echo 2 > /sys/class/net/pf0/device/mlx5_num_vfs
+
+#. Verify the VFs are created:
+
+   .. code-block:: console
+
+      $ lspci | grep Mellanox
+      82:00.0 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5]
+      82:00.1 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5]
+      82:00.2 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function]
+      82:00.3 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function]
+
+#. Unbind all VFs. For each VF PCIe, using the following command to unbind the driver::
+
+   $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/unbind
+
+#. Set the VFs to be trusted for the kernel by using one of the methods below:
+      - Using sysfs file::
+
+        $ echo ON | tee /sys/class/net/pf0/device/sriov/0/trust
+        $ echo ON | tee /sys/class/net/pf0/device/sriov/1/trust
+
+      - Using “ip link” command::
+
+        $ ip link set p0 vf 0 trust on
+        $ ip link set p0 vf 1 trust on
+
+#. Configure all VFs using mlxreg::
+
+   $ mlxreg -d /dev/mst/mt4121_pciconf0 --reg_name VHCA_TRUST_LEVEL --yes --set "all_vhca=0x1,trust_level=0x1"
+
+   .. note::
+
+      Firmware version used must be >= xx.29.1016 and MFT >= 4.18
+
+#. For each VF PCIe, using the following command to bind the driver::
+
+   $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/bind