mlx4_core: Implement mechanism for reserved Q_Keys
The SR-IOV special QP tunneling mechanism uses proxy special QPs (instead of the real special QPs) for MADs on guests. These proxy QPs send their packets to a "tunnel" QP owned by the master. The master then forwards the MAD (after any required paravirtualization) to the real special QP, which sends out the MAD. For security reasons (i.e., to prevent guests from sending MADs to tunnel QPs belonging to other guests), each proxy-tunnel QP pair is assigned a unique, reserved, Q_Key. These Q_Keys are available only for proxy and tunnel QPs -- if the guest tries to use these Q_Keys with other QPs, it will fail. This patch introduces a mechanism for reserving a block of 64K Q_Keys for proxy/tunneling use. The patch introduces also two new fields into mlx4_dev: base_sqpn and base_tunnel_sqpn. In SR-IOV mode, the QP numbers for the "real," proxy, and tunnel sqps are added to the reserved QPN area (so that they will not change). There are 8 special QPs per port in the HCA, and each of them is assigned both a proxy and a tunnel QP, for each VF and for the PF as well in SR-IOV mode. The QPNs for these QPs are arranged as follows: 1. The real SQP numbers (8) 2. The proxy SQPs (8 * (max number of VFs + max number of PFs) 3. The tunnel SQPs (8 * (max number of VFs + max number of PFs) To support these QPs, two new fields are added to struct mlx4_dev: base_sqp: this is the QP number of the first of the real SQPs base_tunnel_sqp: this is the qp number of the first qp in the tunnel sqp region. (On guests, this is the first tunnel sqp of the 8 which are assigned to that guest). In addition, in SR-IOV mode, sqp_start is the number of the first proxy SQP in the proxy SQP region. (In guests, this is the first proxy SQP of the 8 which are assigned to that guest) Note that in non-SR-IOV mode, there are no proxies and no tunnels. In this case, sqp_start is set to sqp_base -- which minimizes code changes. Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
This commit is contained in:
parent
2aca1172c2
commit
396f2feb05
|
@ -391,6 +391,23 @@ static int mlx4_how_many_lives_vf(struct mlx4_dev *dev)
|
|||
return ret;
|
||||
}
|
||||
|
||||
int mlx4_get_parav_qkey(struct mlx4_dev *dev, u32 qpn, u32 *qkey)
|
||||
{
|
||||
u32 qk = MLX4_RESERVED_QKEY_BASE;
|
||||
if (qpn >= dev->caps.base_tunnel_sqpn + 8 * MLX4_MFUNC_MAX ||
|
||||
qpn < dev->caps.sqp_start)
|
||||
return -EINVAL;
|
||||
|
||||
if (qpn >= dev->caps.base_tunnel_sqpn)
|
||||
/* tunnel qp */
|
||||
qk += qpn - dev->caps.base_tunnel_sqpn;
|
||||
else
|
||||
qk += qpn - dev->caps.sqp_start;
|
||||
*qkey = qk;
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(mlx4_get_parav_qkey);
|
||||
|
||||
int mlx4_is_slave_active(struct mlx4_dev *dev, int slave)
|
||||
{
|
||||
struct mlx4_priv *priv = mlx4_priv(dev);
|
||||
|
|
|
@ -56,6 +56,13 @@ enum {
|
|||
MLX4_MAX_PORTS = 2
|
||||
};
|
||||
|
||||
/* base qkey for use in sriov tunnel-qp/proxy-qp communication.
|
||||
* These qkeys must not be allowed for general use. This is a 64k range,
|
||||
* and to test for violation, we use the mask (protect against future chg).
|
||||
*/
|
||||
#define MLX4_RESERVED_QKEY_BASE (0xFFFF0000)
|
||||
#define MLX4_RESERVED_QKEY_MASK (0xFFFF0000)
|
||||
|
||||
enum {
|
||||
MLX4_BOARD_ID_LEN = 64
|
||||
};
|
||||
|
@ -293,6 +300,8 @@ struct mlx4_caps {
|
|||
int max_qp_init_rdma;
|
||||
int max_qp_dest_rdma;
|
||||
int sqp_start;
|
||||
u32 base_sqpn;
|
||||
u32 base_tunnel_sqpn;
|
||||
int num_srqs;
|
||||
int max_srq_wqes;
|
||||
int max_srq_sge;
|
||||
|
@ -772,4 +781,6 @@ int mlx4_wol_write(struct mlx4_dev *dev, u64 config, int port);
|
|||
int mlx4_counter_alloc(struct mlx4_dev *dev, u32 *idx);
|
||||
void mlx4_counter_free(struct mlx4_dev *dev, u32 idx);
|
||||
|
||||
int mlx4_get_parav_qkey(struct mlx4_dev *dev, u32 qpn, u32 *qkey);
|
||||
|
||||
#endif /* MLX4_DEVICE_H */
|
||||
|
|
Loading…
Reference in New Issue