From patchwork Thu Nov 16 11:01:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Kavanagh X-Patchwork-Id: 838488 X-Patchwork-Delegate: ian.stokes@intel.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3ycyy16RGhz9s72 for ; Thu, 16 Nov 2017 22:02:33 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 24CAE9F8; Thu, 16 Nov 2017 11:01:51 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3D10994B for ; Thu, 16 Nov 2017 11:01:49 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9B50AF1 for ; Thu, 16 Nov 2017 11:01:48 +0000 (UTC) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Nov 2017 03:01:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,402,1505804400"; d="scan'208";a="5642557" Received: from silpixa00380299.ir.intel.com ([10.237.222.17]) by orsmga001.jf.intel.com with ESMTP; 16 Nov 2017 03:01:47 -0800 From: Mark Kavanagh To: dev@openvswitch.org Date: Thu, 16 Nov 2017 11:01:44 +0000 Message-Id: <1510830105-157433-2-git-send-email-mark.b.kavanagh@intel.com> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1510830105-157433-1-git-send-email-mark.b.kavanagh@intel.com> References: <1510830105-157433-1-git-send-email-mark.b.kavanagh@intel.com> X-Spam-Status: No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: maxime.coquelin@redhat.com Subject: [ovs-dev] [PATCH 1/2] netdev-dpdk: DPDK v17.11 upgrade X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This commit adds support for DPDK v17.11: - minor updates to accomodate DPDK API changes - update references to DPDK version in Documentation - update DPDK version in travis' linux-build script Signed-off-by: Mark Kavanagh Acked-by: Maxime Coquelin Acked-by: Ciara Loftus --- .travis/linux-build.sh | 2 +- Documentation/faq/releases.rst | 1 + Documentation/intro/install/dpdk.rst | 10 +++++----- Documentation/topics/dpdk/ring.rst | 2 +- Documentation/topics/dpdk/vhost-user.rst | 8 ++++---- NEWS | 2 ++ lib/netdev-dpdk.c | 7 ++++--- 7 files changed, 18 insertions(+), 14 deletions(-) diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh index 4d6459f..ed28ee4 100755 --- a/.travis/linux-build.sh +++ b/.travis/linux-build.sh @@ -81,7 +81,7 @@ fi if [ "$DPDK" ]; then if [ -z "$DPDK_VER" ]; then - DPDK_VER="17.05.2" + DPDK_VER="17.11" fi install_dpdk $DPDK_VER if [ "$CC" = "clang" ]; then diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index d903b06..62a1957 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -164,6 +164,7 @@ Q: What DPDK version does each Open vSwitch release work with? 2.6.x 16.07.2 2.7.x 16.11.3 2.8.x 17.05.2 + 2.9.x 17.11 ============ ======= Q: I get an error like this when I configure Open vSwitch: diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index bb69ae5..3fecb5c 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -40,7 +40,7 @@ Build requirements In addition to the requirements described in :doc:`general`, building Open vSwitch with DPDK will require the following: -- DPDK 17.05.2 +- DPDK 17.11 - A `DPDK supported NIC`_ @@ -69,9 +69,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget http://fast.dpdk.org/rel/dpdk-17.05.2.tar.xz - $ tar xf dpdk-17.05.2.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-17.05.2 + $ wget http://fast.dpdk.org/rel/dpdk-17.11.tar.xz + $ tar xf dpdk-17.11.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-17.11 $ cd $DPDK_DIR #. (Optional) Configure DPDK as a shared library @@ -583,7 +583,7 @@ Limitations The latest list of validated firmware versions can be found in the `DPDK release notes`_. -.. _DPDK release notes: http://dpdk.org/doc/guides/rel_notes/release_17_05.html +.. _DPDK release notes: http://dpdk.org/doc/guides/rel_notes/release_17_11.html Reporting Bugs -------------- diff --git a/Documentation/topics/dpdk/ring.rst b/Documentation/topics/dpdk/ring.rst index ad9d7a5..8d0ede8 100644 --- a/Documentation/topics/dpdk/ring.rst +++ b/Documentation/topics/dpdk/ring.rst @@ -77,4 +77,4 @@ DPDK. However, this functionality was removed because: - :doc:`vhost-user interfaces ` are the defacto DPDK-based path to guests -.. _DPDK documentation: https://dpdk.readthedocs.io/en/v17.05/prog_guide/ring_lib.html +.. _DPDK documentation: https://dpdk.readthedocs.io/en/v17.11/prog_guide/ring_lib.html diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst index 74ac06e..5347995 100644 --- a/Documentation/topics/dpdk/vhost-user.rst +++ b/Documentation/topics/dpdk/vhost-user.rst @@ -292,9 +292,9 @@ To begin, instantiate a guest as described in :ref:`dpdk-vhost-user` or DPDK sources to VM and build DPDK:: $ cd /root/dpdk/ - $ wget http://fast.dpdk.org/rel/dpdk-17.05.2.tar.xz - $ tar xf dpdk-17.05.2.tar.xz - $ export DPDK_DIR=/root/dpdk/dpdk-stable-17.05.2 + $ wget http://fast.dpdk.org/rel/dpdk-17.11.tar.xz + $ tar xf dpdk-17.11.tar.xz + $ export DPDK_DIR=/root/dpdk/dpdk-17.11 $ export DPDK_TARGET=x86_64-native-linuxapp-gcc $ export DPDK_BUILD=$DPDK_DIR/$DPDK_TARGET $ cd $DPDK_DIR @@ -378,7 +378,7 @@ Sample XML - + diff --git a/NEWS b/NEWS index a93237f..74e59bf 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ Post-v2.8.0 IPv6 packets. - Linux kernel 4.13 * Add support for compiling OVS with the latest Linux 4.13 kernel + - DPDK: + * Add support for DPDK v17.11 v2.8.0 - 31 Aug 2017 -------------------- diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index 76e79be..ed5bf62 100644 --- a/lib/netdev-dpdk.c +++ b/lib/netdev-dpdk.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -150,8 +151,8 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF / ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF)) #define DPDK_ETH_PORT_ID_INVALID RTE_MAX_ETHPORTS -/* DPDK library uses uint8_t for port_id. */ -typedef uint8_t dpdk_port_t; +/* DPDK library uses uint16_t for port_id. */ +typedef uint16_t dpdk_port_t; #define VHOST_ENQ_RETRY_NUM 8 #define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ) @@ -2582,7 +2583,7 @@ netdev_dpdk_detach(struct unixctl_conn *conn, int argc OVS_UNUSED, { int ret; char *response; - uint8_t port_id; + dpdk_port_t port_id; char devname[RTE_ETH_NAME_MAX_LEN]; struct netdev_dpdk *dev; From patchwork Thu Nov 16 11:01:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Kavanagh X-Patchwork-Id: 838489 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3ycyyr6SL8z9rxj for ; Thu, 16 Nov 2017 22:03:16 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 3845CA86; Thu, 16 Nov 2017 11:01:52 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A0102A81 for ; Thu, 16 Nov 2017 11:01:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CDD95F1 for ; Thu, 16 Nov 2017 11:01:49 +0000 (UTC) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Nov 2017 03:01:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,402,1505804400"; d="scan'208";a="5642564" Received: from silpixa00380299.ir.intel.com ([10.237.222.17]) by orsmga001.jf.intel.com with ESMTP; 16 Nov 2017 03:01:48 -0800 From: Mark Kavanagh To: dev@openvswitch.org Date: Thu, 16 Nov 2017 11:01:45 +0000 Message-Id: <1510830105-157433-3-git-send-email-mark.b.kavanagh@intel.com> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1510830105-157433-1-git-send-email-mark.b.kavanagh@intel.com> References: <1510830105-157433-1-git-send-email-mark.b.kavanagh@intel.com> X-Spam-Status: No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: maxime.coquelin@redhat.com Subject: [ovs-dev] [PATCH 2/2] netdev-dpdk: add support for vhost IOMMU feature X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org DPDK v17.11 introduces support for the vHost IOMMU feature. This is a security feature, that restricts the vhost memory that a virtio device may access. This feature also enables the vhost REPLY_ACK protocol, the implementation of which is known to work in newer versions of QEMU (i.e. v2.10.0), but is buggy in older versions (v2.7.0 - v2.9.0, inclusive). As such, the feature is disabled by default in (and should remain so, for the aforementioned older QEMU verions). Starting with QEMU v2.9.1, vhost-iommu-support can safely be enabled, even without having an IOMMU device, with no performance penalty. This patch adds a new vhost port option, vhost-iommu-support, to allow enablement of the vhost IOMMU feature: $ ovs-vsctl add-port br0 vhost-client-1 \ -- set Interface vhost-client-1 type=dpdkvhostuserclient \ options:vhost-server-path=$VHOST_USER_SOCKET_PATH \ options:vhost-iommu-support=true Note that support for this feature is only implemented for vhost user client ports (since vhost user ports are considered deprecated). Signed-off-by: Mark Kavanagh Acked-by: Maxime Coquelin Acked-by: Ciara Loftus --- Documentation/topics/dpdk/vhost-user.rst | 21 +++++++++++++++++++++ NEWS | 1 + lib/netdev-dpdk.c | 29 ++++++++++++++++++++++++++--- vswitchd/vswitch.xml | 10 ++++++++++ 4 files changed, 58 insertions(+), 3 deletions(-) diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst index 5347995..8dff901 100644 --- a/Documentation/topics/dpdk/vhost-user.rst +++ b/Documentation/topics/dpdk/vhost-user.rst @@ -250,6 +250,27 @@ Once the vhost-user-client ports have been added to the switch, they must be added to the guest. Like vhost-user ports, there are two ways to do this: using QEMU directly, or using libvirt. Only the QEMU case is covered here. +vhost-user client IOMMU +~~~~~~~~~~~~~~~~~~~~~~~ +It is possible to enable IOMMU support for vHost User client ports. This is +a feature which restricts the vhost memory that a virtio device can access, and +as such is useful in deployments in which security is a concern. IOMMU mode may +be enabled on the command line:: + + $ ovs-vsctl add-port br0 vhost-client-1 \ + -- set Interface vhost-client-1 type=dpdkvhostuserclient \ + options:vhost-server-path=$VHOST_USER_SOCKET_PATH \ + options:vhost-iommu-support=true + +.. important:: + + Enabling the IOMMU feature also enables the vhost user reply-ack protocol; + this is known to work on QEMU v2.10.0, but is buggy on older versions + (2.7.0 - 2.9.0, inclusive). Consequently, the IOMMU feaure is disabled by + default (and should remain so if using the aforementioned versions of QEMU). + Starting with QEMU v2.9.1, vhost-iommu-support can safely be enabled, even + without having an IOMMU device, with no performance penalty. + Adding vhost-user-client ports to the guest (QEMU) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/NEWS b/NEWS index 74e59bf..c15dc24 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,7 @@ Post-v2.8.0 * Add support for compiling OVS with the latest Linux 4.13 kernel - DPDK: * Add support for DPDK v17.11 + * Add support for vHost IOMMU feature v2.8.0 - 31 Aug 2017 -------------------- diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index ed5bf62..2e9633a 100644 --- a/lib/netdev-dpdk.c +++ b/lib/netdev-dpdk.c @@ -1424,15 +1424,29 @@ netdev_dpdk_vhost_client_set_config(struct netdev *netdev, { struct netdev_dpdk *dev = netdev_dpdk_cast(netdev); const char *path; + bool iommu_enable; + bool request_reconfigure = false; + uint64_t vhost_driver_flags_prev = dev->vhost_driver_flags; ovs_mutex_lock(&dev->mutex); if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT)) { path = smap_get(args, "vhost-server-path"); if (path && strcmp(path, dev->vhost_id)) { strcpy(dev->vhost_id, path); - netdev_request_reconfigure(netdev); + request_reconfigure = true; } } + + iommu_enable = smap_get_bool(args, "vhost-iommu-support", false); + if (iommu_enable) + dev->vhost_driver_flags |= RTE_VHOST_USER_IOMMU_SUPPORT; + else + dev->vhost_driver_flags &= ~RTE_VHOST_USER_IOMMU_SUPPORT; + if (vhost_driver_flags_prev != dev->vhost_driver_flags) + request_reconfigure = true; + + if (request_reconfigure) + netdev_request_reconfigure(netdev); ovs_mutex_unlock(&dev->mutex); return 0; @@ -3326,9 +3340,18 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev *netdev) */ if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT) && strlen(dev->vhost_id)) { + /* Enable vhost IOMMU, if it was requested. + * XXX: the 'flags' variable is required, as not all vhost backend + * features are currently supported by OvS; in time, it should be + * possible to invoke rte_vhost_driver_register(), passing + * dev->vhost_driver_flags directly as a parameter to same. + */ + uint64_t flags = RTE_VHOST_USER_CLIENT; + if (dev->vhost_driver_flags & RTE_VHOST_USER_IOMMU_SUPPORT) + flags |= RTE_VHOST_USER_IOMMU_SUPPORT; + /* Register client-mode device */ - err = rte_vhost_driver_register(dev->vhost_id, - RTE_VHOST_USER_CLIENT); + err = rte_vhost_driver_register(dev->vhost_id, flags); if (err) { VLOG_ERR("vhost-user device setup failure for device %s\n", dev->vhost_id); diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index c145e1a..a633226 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -2654,6 +2654,16 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \

+ +

+ The value specifies whether IOMMU support is enabled for a vHost User + client mode device that has been or will be created by QEMU. + Only supported by dpdkvhostuserclient interfaces. If not specified or + an incorrect value is specified, defaults to 'false'. +

+ +