[PATCH 2/2] net/mlx5: fix isolated mode when repr matching is disabled
Dariusz Sosnowski
dsosnowski at nvidia.com
Sat Feb 25 21:18:10 CET 2023
In HW steering mode, when running on an E-Switch setup,
mlx5 PMD provides an ability to enable or disable
representor matching (through `repr_matching_en` device argument).
If representor matching is enabled, any ingress or egress flow rule,
created on any port representor will match traffic related
to that specific port.
If it is disabled, flow rule created on one of the ports,
will match traffic related to all ports.
As a result, when representor matching is disabled,
PMD cannot correctly create control flow rules for receiving
default traffic according to port configuration.
Since each port representor in the same switch domain,
can have different port configuration and flow rules
do not differentiate between ports, these flow rules cannot be
correctly applied.
In that case, each port works in de facto isolated mode.
This patch makes sure that if representor matching is disabled,
port is forced into isolated mode. Disabling flow isolated is forbidden.
Fixes: 483181f7b6dd ("net/mlx5: support device control of representor matching")
Cc: stable at dpdk.org
Signed-off-by: Dariusz Sosnowski <dsosnowski at nvidia.com>
Acked-by: Ori Kam <orika at nvidia.com>
---
doc/guides/nics/mlx5.rst | 3 +++
drivers/net/mlx5/linux/mlx5_os.c | 16 ++++++++++++++++
drivers/net/mlx5/mlx5_flow.c | 4 ++++
3 files changed, 23 insertions(+)
diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index 6510e74fb9..350fb0287e 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -1137,6 +1137,9 @@ for an additional list of options shared with other mlx5 drivers.
- 0. If representor matching is disabled, then there will be no implicit
item added. As a result, ingress flow rules will match traffic
coming to any port, not only the port on which flow rule is created.
+ Because of that, default flow rules for ingress traffic cannot be created
+ and port starts in isolated mode by default. Port cannot be switched back
+ to non-isolated mode.
- 1. If representor matching is enabled (default setting),
then each ingress pattern template has an implicit REPRESENTED_PORT
diff --git a/drivers/net/mlx5/linux/mlx5_os.c b/drivers/net/mlx5/linux/mlx5_os.c
index a71474c90a..2cce0a7f0f 100644
--- a/drivers/net/mlx5/linux/mlx5_os.c
+++ b/drivers/net/mlx5/linux/mlx5_os.c
@@ -1613,6 +1613,22 @@ mlx5_dev_spawn(struct rte_device *dpdk_dev,
err = EINVAL;
goto error;
}
+ /*
+ * If representor matching is disabled, PMD cannot create default flow rules
+ * to receive traffic for all ports, since implicit source port match is not added.
+ * Isolated mode is forced.
+ */
+ if (priv->sh->config.dv_esw_en && !priv->sh->config.repr_matching) {
+ err = mlx5_flow_isolate(eth_dev, 1, NULL);
+ if (err < 0) {
+ err = -err;
+ goto error;
+ }
+ DRV_LOG(WARNING, "port %u ingress traffic is restricted to defined "
+ "flow rules (isolated mode) since representor "
+ "matching is disabled",
+ eth_dev->data->port_id);
+ }
return eth_dev;
#else
DRV_LOG(ERR, "DV support is missing for HWS.");
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index a6a426caf7..7ee30bdd1f 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -8077,6 +8077,10 @@ mlx5_flow_isolate(struct rte_eth_dev *dev,
"port must be stopped first");
return -rte_errno;
}
+ if (!enable && !priv->sh->config.repr_matching)
+ return rte_flow_error_set(error, ENOTSUP, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+ "isolated mode cannot be disabled when "
+ "representor matching is disabled");
priv->isolated = !!enable;
if (enable)
dev->dev_ops = &mlx5_dev_ops_isolate;
--
2.25.1
More information about the stable
mailing list