From patchwork Fri Feb 26 02:40:18 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>
X-Patchwork-Id: 588599
Return-Path: <intel-wired-lan-bounces@lists.osuosl.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 7AF89140321
	for <incoming@patchwork.ozlabs.org>;
	Fri, 26 Feb 2016 14:22:41 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id B023F95C88;
	Fri, 26 Feb 2016 03:22:40 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ETW7eNNdnPmm; Fri, 26 Feb 2016 03:22:39 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id E0B4795C2D;
	Fri, 26 Feb 2016 03:22:39 +0000 (UTC)
X-Original-To: intel-wired-lan@lists.osuosl.org
Delivered-To: intel-wired-lan@lists.osuosl.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ash.osuosl.org (Postfix) with ESMTP id 207521C1209
	for <intel-wired-lan@lists.osuosl.org>;
	Fri, 26 Feb 2016 02:48:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 1C68A95B70
	for <intel-wired-lan@lists.osuosl.org>;
	Fri, 26 Feb 2016 02:48:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id FQcMD+978ZOR for <intel-wired-lan@lists.osuosl.org>;
	Fri, 26 Feb 2016 02:48:02 +0000 (UTC)
X-Greylist: delayed 00:05:09 by SQLgrey-1.7.6
Received: from tyo200.gate.nec.co.jp (TYO200.gate.nec.co.jp [210.143.35.50])
	by hemlock.osuosl.org (Postfix) with ESMTPS id A08CA95B52
	for <intel-wired-lan@lists.osuosl.org>;
	Fri, 26 Feb 2016 02:48:02 +0000 (UTC)
Received: from tyo202.gate.nec.co.jp ([10.7.69.202])
	by tyo200.gate.nec.co.jp (8.13.8/8.13.4) with ESMTP id u1Q2m09L001371
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <intel-wired-lan@lists.osuosl.org>;
	Fri, 26 Feb 2016 11:48:01 +0900 (JST)
Received: from mailgate3.nec.co.jp ([10.7.69.195])
	by tyo202.gate.nec.co.jp (8.13.8/8.13.4) with ESMTP id u1Q2gXos009500;
	Fri, 26 Feb 2016 11:42:33 +0900 (JST)
Received: from mailsv3.nec.co.jp (imss61.nec.co.jp [10.7.69.156]) by
	mailgate3.nec.co.jp (8.11.7/3.7W-MAILGATE-NEC) with ESMTP
	id u1Q2gWP17778; Fri, 26 Feb 2016 11:42:32 +0900 (JST)
Received: from mail02.kamome.nec.co.jp (mail02.kamome.nec.co.jp [10.25.43.5])
	by mailsv3.nec.co.jp (8.13.8/8.13.4) with ESMTP id u1Q2gWaD013859;
	Fri, 26 Feb 2016 11:42:32 +0900 (JST)
Received: from bpxc99gp.gisp.nec.co.jp ([10.38.151.143] [10.38.151.143]) by
	mail01b.kamome.nec.co.jp with ESMTP id BT-MMP-5781689;
	Fri, 26 Feb 2016 11:40:20 +0900
Received: from BPXM14GP.gisp.nec.co.jp ([10.38.151.206]) by
	BPXC15GP.gisp.nec.co.jp ([10.38.151.143]) with mapi id 14.03.0224.002;
	Fri, 26 Feb 2016 11:40:19 +0900
From: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>
To: Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
	Stephen Hemminger <stephen@networkplumber.org>
Thread-Topic: [PATCH iproute2 v2] iplink: Support VF Trust
Thread-Index: AdFwPlgR3ROF3PlzRfWjWU0kW6j4Tw==
Date: Fri, 26 Feb 2016 02:40:18 +0000
Message-ID: <7F861DC0615E0C47A872E6F3C5FCDDBD05FB353F@BPXM14GP.gisp.nec.co.jp>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.205.5.123]
MIME-Version: 1.0
X-Mailman-Approved-At: Fri, 26 Feb 2016 03:22:38 +0000
Cc: "nhorman@redhat.com" <nhorman@redhat.com>, "Choi,
	Sy Jong" <sy.jong.choi@intel.com>, Rony Efraim <ronye@mellanox.com>,
	David Miller <davem@davemloft.net>,
	"intel-wired-lan@lists.osuosl.org" <intel-wired-lan@lists.osuosl.org>,
	Linux Netdev List <netdev@vger.kernel.org>,
	Edward Cree <ecree@solarflare.com>, Or Gerlitz <gerlitz.or@gmail.com>,
	"sassmann@redhat.com" <sassmann@redhat.com>
Subject: [Intel-wired-lan] [PATCH iproute2 v2] iplink: Support VF Trust
X-BeenThere: intel-wired-lan@lists.osuosl.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Intel Wired Ethernet Linux Kernel Driver Development
	<intel-wired-lan.lists.osuosl.org>
List-Unsubscribe: <http://lists.osuosl.org/mailman/options/intel-wired-lan>,
	<mailto:intel-wired-lan-request@lists.osuosl.org?subject=unsubscribe>
List-Archive: <http://lists.osuosl.org/pipermail/intel-wired-lan/>
List-Post: <mailto:intel-wired-lan@lists.osuosl.org>
List-Help: <mailto:intel-wired-lan-request@lists.osuosl.org?subject=help>
List-Subscribe: <http://lists.osuosl.org/mailman/listinfo/intel-wired-lan>,
	<mailto:intel-wired-lan-request@lists.osuosl.org?subject=subscribe>
Errors-To: intel-wired-lan-bounces@lists.osuosl.org
Sender: "Intel-wired-lan" <intel-wired-lan-bounces@lists.osuosl.org>

From: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>

Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.

To trust VF.
 # ip link set dev eth0 vf 1 trust on

To untrust VF.
 # ip link set dev eth0 vf 1 trust off

Signed-off-by: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>
---

v1 -> v2: rebase to the latest code of iproute2.

The VF trust patch has been in kernel and the IFLA_VF_TRUST netlink attribute
has been included iproute2, but no actual handler for this.
This patch add the functionality to trust vf from ip command.

 ip/iplink.c           | 13 +++++++++++++
 man/man8/ip-link.8.in |  7 ++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/ip/iplink.c b/ip/iplink.c
index 5ab9d61..69f5057 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -82,6 +82,7 @@ void iplink_usage(void)
 	fprintf(stderr, "				   [ spoofchk { on | off} ] ]\n");
 	fprintf(stderr, "				   [ query_rss { on | off} ] ]\n");
 	fprintf(stderr, "				   [ state { auto | enable | disable} ] ]\n");
+	fprintf(stderr, "				   [ trust { on | off} ] ]\n");
 	fprintf(stderr, "			  [ master DEVICE ]\n");
 	fprintf(stderr, "			  [ nomaster ]\n");
 	fprintf(stderr, "			  [ addrgenmode { eui64 | none | stable_secret | random } ]\n");
@@ -356,6 +357,18 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp,
 			ivs.vf = vf;
 			addattr_l(&req->n, sizeof(*req), IFLA_VF_RSS_QUERY_EN, &ivs, sizeof(ivs));
 
+		} else if (matches(*argv, "trust") == 0) {
+			struct ifla_vf_trust ivt;
+			NEXT_ARG();
+			if (matches(*argv, "on") == 0)
+				ivt.setting = 1;
+			else if (matches(*argv, "off") == 0)
+				ivt.setting = 0;
+			else
+				invarg("Invalid \"trust\" value\n", *argv);
+			ivt.vf = vf;
+			addattr_l(&req->n, sizeof(*req), IFLA_VF_TRUST, &ivt, sizeof(ivt));
+
 		} else if (matches(*argv, "state") == 0) {
 			struct ifla_vf_link_state ivl;
 
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4d32343..7dd7a90 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -142,7 +142,8 @@ ip-link \- network device configuration
 .B min_tx_rate
 .IR TXRATE " ] ["
 .B spoofchk { on | off } ] [
-.B state { auto | enable | disable}
+.B state { auto | enable | disable} ] [
+.B trust { on | off }
 ] |
 .br
 .B master
@@ -1019,6 +1020,10 @@ parameter must be specified.
 reflection of the PF link state, enable lets the VF to communicate with other VFs on
 this host even if the PF link state is down, disable causes the HW to drop any packets
 sent by the VF.
+.sp
+.BI trust " on|off"
+- trust the specified VF user. This enables that VF user can set a specific feature
+which may impact security and/or performance. (e.g. VF multicast promiscuous mode)
 .in -8
 
 .TP