From patchwork Wed Nov 8 12:00:09 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Kavanagh
X-Patchwork-Id: 835780
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 3yX4gh5Bfzz9s3w
for ;
Wed, 8 Nov 2017 23:03:12 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id 31F06BB3;
Wed, 8 Nov 2017 12:00:17 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 9640EC84
for ; Wed, 8 Nov 2017 12:00:14 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DB46946F
for ; Wed, 8 Nov 2017 12:00:13 +0000 (UTC)
Received: from orsmga004.jf.intel.com ([10.7.209.38])
by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
08 Nov 2017 04:00:13 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,364,1505804400"; d="scan'208";a="147411593"
Received: from silpixa00380299.ir.intel.com ([10.237.222.17])
by orsmga004.jf.intel.com with ESMTP; 08 Nov 2017 04:00:12 -0800
From: Mark Kavanagh
To: dev@openvswitch.org
Date: Wed, 8 Nov 2017 12:00:09 +0000
Message-Id: <1510142410-169357-2-git-send-email-mark.b.kavanagh@intel.com>
X-Mailer: git-send-email 1.9.3
In-Reply-To: <1510142410-169357-1-git-send-email-mark.b.kavanagh@intel.com>
References: <1510142410-169357-1-git-send-email-mark.b.kavanagh@intel.com>
X-Spam-Status: No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,
RP_MATCHES_RCVD autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: maxime.coquelin@redhat.com
Subject: [ovs-dev] [RFC PATCH V2 1/2] netdev-dpdk: DPDK v17.11 upgrade
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
This commit adds support for DPDK v17.11:
- minor updates to accomodate DPDK API changes
- update references to DPDK version in Documentation
- update DPDK version in travis' linux-build script
Signed-off-by: Mark Kavanagh
Reviewed-by: Christian Ehrhardt
---
.travis/linux-build.sh | 2 +-
Documentation/faq/releases.rst | 1 +
Documentation/intro/install/dpdk.rst | 10 +++++-----
Documentation/topics/dpdk/ring.rst | 2 +-
Documentation/topics/dpdk/vhost-user.rst | 8 ++++----
NEWS | 2 ++
lib/netdev-dpdk.c | 7 ++++---
7 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/.travis/linux-build.sh b/.travis/linux-build.sh
index 4d6459f..ed28ee4 100755
--- a/.travis/linux-build.sh
+++ b/.travis/linux-build.sh
@@ -81,7 +81,7 @@ fi
if [ "$DPDK" ]; then
if [ -z "$DPDK_VER" ]; then
- DPDK_VER="17.05.2"
+ DPDK_VER="17.11"
fi
install_dpdk $DPDK_VER
if [ "$CC" = "clang" ]; then
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index d903b06..62a1957 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -164,6 +164,7 @@ Q: What DPDK version does each Open vSwitch release work with?
2.6.x 16.07.2
2.7.x 16.11.3
2.8.x 17.05.2
+ 2.9.x 17.11
============ =======
Q: I get an error like this when I configure Open vSwitch:
diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst
index bb69ae5..3fecb5c 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -40,7 +40,7 @@ Build requirements
In addition to the requirements described in :doc:`general`, building Open
vSwitch with DPDK will require the following:
-- DPDK 17.05.2
+- DPDK 17.11
- A `DPDK supported NIC`_
@@ -69,9 +69,9 @@ Install DPDK
#. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
$ cd /usr/src/
- $ wget http://fast.dpdk.org/rel/dpdk-17.05.2.tar.xz
- $ tar xf dpdk-17.05.2.tar.xz
- $ export DPDK_DIR=/usr/src/dpdk-stable-17.05.2
+ $ wget http://fast.dpdk.org/rel/dpdk-17.11.tar.xz
+ $ tar xf dpdk-17.11.tar.xz
+ $ export DPDK_DIR=/usr/src/dpdk-17.11
$ cd $DPDK_DIR
#. (Optional) Configure DPDK as a shared library
@@ -583,7 +583,7 @@ Limitations
The latest list of validated firmware versions can be found in the `DPDK
release notes`_.
-.. _DPDK release notes: http://dpdk.org/doc/guides/rel_notes/release_17_05.html
+.. _DPDK release notes: http://dpdk.org/doc/guides/rel_notes/release_17_11.html
Reporting Bugs
--------------
diff --git a/Documentation/topics/dpdk/ring.rst b/Documentation/topics/dpdk/ring.rst
index ad9d7a5..8d0ede8 100644
--- a/Documentation/topics/dpdk/ring.rst
+++ b/Documentation/topics/dpdk/ring.rst
@@ -77,4 +77,4 @@ DPDK. However, this functionality was removed because:
- :doc:`vhost-user interfaces ` are the defacto DPDK-based path to
guests
-.. _DPDK documentation: https://dpdk.readthedocs.io/en/v17.05/prog_guide/ring_lib.html
+.. _DPDK documentation: https://dpdk.readthedocs.io/en/v17.11/prog_guide/ring_lib.html
diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst
index 74ac06e..fdf6ae1 100644
--- a/Documentation/topics/dpdk/vhost-user.rst
+++ b/Documentation/topics/dpdk/vhost-user.rst
@@ -292,9 +292,9 @@ To begin, instantiate a guest as described in :ref:`dpdk-vhost-user` or
DPDK sources to VM and build DPDK::
$ cd /root/dpdk/
- $ wget http://fast.dpdk.org/rel/dpdk-17.05.2.tar.xz
- $ tar xf dpdk-17.05.2.tar.xz
- $ export DPDK_DIR=/root/dpdk/dpdk-stable-17.05.2
+ $ wget http://fast.dpdk.org/rel/dpdk-17.11.tar.xz
+ $ tar xf dpdk-17.11.tar.xz
+ $ export DPDK_DIR=/root/dpdk/dpdk-stable-17.11
$ export DPDK_TARGET=x86_64-native-linuxapp-gcc
$ export DPDK_BUILD=$DPDK_DIR/$DPDK_TARGET
$ cd $DPDK_DIR
@@ -378,7 +378,7 @@ Sample XML
-
+
diff --git a/NEWS b/NEWS
index 047f34b..6acd8bd 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,8 @@ Post-v2.8.0
IPv6 packets.
- Linux kernel 4.13
* Add support for compiling OVS with the latest Linux 4.13 kernel
+ - DPDK:
+ * Add support for DPDK v17.11
v2.8.0 - 31 Aug 2017
--------------------
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index 76e79be..ed5bf62 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -26,6 +26,7 @@
#include
#include
+#include
#include
#include
#include
@@ -150,8 +151,8 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF / ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF))
#define DPDK_ETH_PORT_ID_INVALID RTE_MAX_ETHPORTS
-/* DPDK library uses uint8_t for port_id. */
-typedef uint8_t dpdk_port_t;
+/* DPDK library uses uint16_t for port_id. */
+typedef uint16_t dpdk_port_t;
#define VHOST_ENQ_RETRY_NUM 8
#define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ)
@@ -2582,7 +2583,7 @@ netdev_dpdk_detach(struct unixctl_conn *conn, int argc OVS_UNUSED,
{
int ret;
char *response;
- uint8_t port_id;
+ dpdk_port_t port_id;
char devname[RTE_ETH_NAME_MAX_LEN];
struct netdev_dpdk *dev;
From patchwork Wed Nov 8 12:00:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Kavanagh
X-Patchwork-Id: 835784
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
[140.211.169.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 3yX4j42Nk7z9s7C
for ;
Wed, 8 Nov 2017 23:04:24 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
by mail.linuxfoundation.org (Postfix) with ESMTP id B26ECCA9;
Wed, 8 Nov 2017 12:00:18 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id CA1D6C83
for ; Wed, 8 Nov 2017 12:00:15 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 506E2196
for ; Wed, 8 Nov 2017 12:00:15 +0000 (UTC)
Received: from orsmga004.jf.intel.com ([10.7.209.38])
by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
08 Nov 2017 04:00:14 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,364,1505804400"; d="scan'208";a="147411614"
Received: from silpixa00380299.ir.intel.com ([10.237.222.17])
by orsmga004.jf.intel.com with ESMTP; 08 Nov 2017 04:00:13 -0800
From: Mark Kavanagh
To: dev@openvswitch.org
Date: Wed, 8 Nov 2017 12:00:10 +0000
Message-Id: <1510142410-169357-3-git-send-email-mark.b.kavanagh@intel.com>
X-Mailer: git-send-email 1.9.3
In-Reply-To: <1510142410-169357-1-git-send-email-mark.b.kavanagh@intel.com>
References: <1510142410-169357-1-git-send-email-mark.b.kavanagh@intel.com>
X-Spam-Status: No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,
RP_MATCHES_RCVD autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: maxime.coquelin@redhat.com
Subject: [ovs-dev] [RFC PATCH V2 2/2] netdev-dpdk: add support for vhost
IOMMU feature
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org
DPDK v17.11 introduces support for the vHost IOMMU feature.
This is a security feature, that restricts the vhost memory
that a virtio device may access.
This feature also enables the vhost REPLY_ACK protocol, the
implementation of which is known to work in newer versions of
QEMU (i.e. v2.10.0), but is buggy in older versions (v2.7.0 -
v2.9.0, inclusive). As such, the feature is disabled by default
in (and should remain so, for the aforementioned older QEMU
verions). Starting with QEMU v2.9.1, vhost-iommu-support can
safely be enabled, even without having an IOMMU device, with
no performance penalty.
This patch adds a new vhost port option, vhost-iommu-support,
to allow enablement of the vhost IOMMU feature:
$ ovs-vsctl add-port br0 vhost-client-1 \
-- set Interface vhost-client-1 type=dpdkvhostuserclient \
options:vhost-server-path=$VHOST_USER_SOCKET_PATH \
options:vhost-iommu-support=true
Note that support for this feature is only implemented for vhost
user client ports (since vhost user ports are considered deprecated).
Signed-off-by: Mark Kavanagh
Acked-by: Ciara Loftus
---
Documentation/topics/dpdk/vhost-user.rst | 21 +++++++++++++++++++++
NEWS | 1 +
lib/netdev-dpdk.c | 29 ++++++++++++++++++++++++++---
vswitchd/vswitch.xml | 10 ++++++++++
4 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst
index fdf6ae1..6d65971 100644
--- a/Documentation/topics/dpdk/vhost-user.rst
+++ b/Documentation/topics/dpdk/vhost-user.rst
@@ -250,6 +250,27 @@ Once the vhost-user-client ports have been added to the switch, they must be
added to the guest. Like vhost-user ports, there are two ways to do this: using
QEMU directly, or using libvirt. Only the QEMU case is covered here.
+vhost-user client IOMMU
+~~~~~~~~~~~~~~~~~~~~~~~
+It is possible to enable IOMMU support for vHost User client ports. This is
+a feature which restricts the vhost memory that a virtio device can access, and
+as such is useful in deployments in which security is a concern. IOMMU mode may
+be enabled on the command line::
+
+ $ ovs-vsctl add-port br0 vhost-client-1 \
+ -- set Interface vhost-client-1 type=dpdkvhostuserclient \
+ options:vhost-server-path=$VHOST_USER_SOCKET_PATH \
+ options:vhost-iommu-support=true
+
+.. important::
+
+ Enabling the IOMMU feature also enables the vhost user reply-ack protocol;
+ this is known to work on QEMU v2.10.0, but is buggy on older versions
+ (2.7.0 - 2.9.0, inclusive). Consequently, the IOMMU feaure is disabled by
+ default (and should remain so if using the aforementioned versions of QEMU).
+ Starting with QEMU v2.9.1, vhost-iommu-support can safely be enabled, even
+ without having an IOMMU device, with no performance penalty.
+
Adding vhost-user-client ports to the guest (QEMU)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/NEWS b/NEWS
index 6acd8bd..de53d2f 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ Post-v2.8.0
* Add support for compiling OVS with the latest Linux 4.13 kernel
- DPDK:
* Add support for DPDK v17.11
+ * Add support for vHost IOMMU feature
v2.8.0 - 31 Aug 2017
--------------------
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index ed5bf62..2e9633a 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -1424,15 +1424,29 @@ netdev_dpdk_vhost_client_set_config(struct netdev *netdev,
{
struct netdev_dpdk *dev = netdev_dpdk_cast(netdev);
const char *path;
+ bool iommu_enable;
+ bool request_reconfigure = false;
+ uint64_t vhost_driver_flags_prev = dev->vhost_driver_flags;
ovs_mutex_lock(&dev->mutex);
if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT)) {
path = smap_get(args, "vhost-server-path");
if (path && strcmp(path, dev->vhost_id)) {
strcpy(dev->vhost_id, path);
- netdev_request_reconfigure(netdev);
+ request_reconfigure = true;
}
}
+
+ iommu_enable = smap_get_bool(args, "vhost-iommu-support", false);
+ if (iommu_enable)
+ dev->vhost_driver_flags |= RTE_VHOST_USER_IOMMU_SUPPORT;
+ else
+ dev->vhost_driver_flags &= ~RTE_VHOST_USER_IOMMU_SUPPORT;
+ if (vhost_driver_flags_prev != dev->vhost_driver_flags)
+ request_reconfigure = true;
+
+ if (request_reconfigure)
+ netdev_request_reconfigure(netdev);
ovs_mutex_unlock(&dev->mutex);
return 0;
@@ -3326,9 +3340,18 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev *netdev)
*/
if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT)
&& strlen(dev->vhost_id)) {
+ /* Enable vhost IOMMU, if it was requested.
+ * XXX: the 'flags' variable is required, as not all vhost backend
+ * features are currently supported by OvS; in time, it should be
+ * possible to invoke rte_vhost_driver_register(), passing
+ * dev->vhost_driver_flags directly as a parameter to same.
+ */
+ uint64_t flags = RTE_VHOST_USER_CLIENT;
+ if (dev->vhost_driver_flags & RTE_VHOST_USER_IOMMU_SUPPORT)
+ flags |= RTE_VHOST_USER_IOMMU_SUPPORT;
+
/* Register client-mode device */
- err = rte_vhost_driver_register(dev->vhost_id,
- RTE_VHOST_USER_CLIENT);
+ err = rte_vhost_driver_register(dev->vhost_id, flags);
if (err) {
VLOG_ERR("vhost-user device setup failure for device %s\n",
dev->vhost_id);
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index c145e1a..a633226 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -2654,6 +2654,16 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
+
+
+ The value specifies whether IOMMU support is enabled for a vHost User
+ client mode device that has been or will be created by QEMU.
+ Only supported by dpdkvhostuserclient interfaces. If not specified or
+ an incorrect value is specified, defaults to 'false'.
+