diff --git a/0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch b/0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch new file mode 100644 index 0000000..b43c066 --- /dev/null +++ b/0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch @@ -0,0 +1,34 @@ +From 9a20eb387a578575400dd266cf64bebc323a5e7a Mon Sep 17 00:00:00 2001 +From: Mark Kavanagh +Date: Fri, 20 Oct 2017 13:37:00 +0100 +Subject: [PATCH 1/3] netdev-dpdk: replace uint8_t with dpdk_port_t + +netdev_dpdk_detach() declares a 'port_id' variable, of type uint8_t. +This variable should instead be of type dpdk_port_t. + +Fixes: bb37956ac ("netdev-dpdk: Use uint8_t for port_id.") +CC: Ilya Maximets +Signed-off-by: Mark Kavanagh +Acked-by: Ilya Maximets +Signed-off-by: Ian Stokes +Signed-off-by: Markos Chandras +--- + lib/netdev-dpdk.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c +index 41acb5b62..dc96d7ce3 100644 +--- a/lib/netdev-dpdk.c ++++ b/lib/netdev-dpdk.c +@@ -2521,7 +2521,7 @@ netdev_dpdk_detach(struct unixctl_conn *conn, int argc OVS_UNUSED, + { + int ret; + char *response; +- uint8_t port_id; ++ dpdk_port_t port_id; + char devname[RTE_ETH_NAME_MAX_LEN]; + struct netdev_dpdk *dev; + +-- +2.15.1 + diff --git a/0002-netdev-dpdk-DPDK-v17.11-upgrade.patch b/0002-netdev-dpdk-DPDK-v17.11-upgrade.patch new file mode 100644 index 0000000..58aa8db --- /dev/null +++ b/0002-netdev-dpdk-DPDK-v17.11-upgrade.patch @@ -0,0 +1,40 @@ +From 48d294a05d4c0723aba6d7bae2e8a7bb56921736 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Tue, 9 Jan 2018 15:55:34 +0000 +Subject: [PATCH 2/3] netdev-dpdk: DPDK v17.11 upgrade + +API changes for DPDK v17.11 (taken from upstream commit +5e925ccc2a6f569f1b32365e3660671b8e7d36b3 "netdev-dpdk: DPDK v17.11 +upgrade") + +Signed-off-by: Markos Chandras +--- + lib/netdev-dpdk.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c +index dc96d7ce3..b93aa2354 100644 +--- a/lib/netdev-dpdk.c ++++ b/lib/netdev-dpdk.c +@@ -26,6 +26,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -150,8 +151,8 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF / ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF)) + + #define DPDK_ETH_PORT_ID_INVALID RTE_MAX_ETHPORTS + +-/* DPDK library uses uint8_t for port_id. */ +-typedef uint8_t dpdk_port_t; ++/* DPDK library uses uint16_t for port_id. */ ++typedef uint16_t dpdk_port_t; + + #define VHOST_ENQ_RETRY_NUM 8 + #define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ) +-- +2.15.1 + diff --git a/0003-netdev-dpdk-vHost-IOMMU-support.patch b/0003-netdev-dpdk-vHost-IOMMU-support.patch new file mode 100644 index 0000000..30b4dcd --- /dev/null +++ b/0003-netdev-dpdk-vHost-IOMMU-support.patch @@ -0,0 +1,217 @@ +From 99aa592dd03c15e9857cfc9c93cc31a8a660af7e Mon Sep 17 00:00:00 2001 +From: Mark Kavanagh +Date: Fri, 8 Dec 2017 10:53:47 +0000 +Subject: [PATCH 3/3] netdev-dpdk: vHost IOMMU support + +DPDK v17.11 introduces support for the vHost IOMMU feature. +This is a security feature, which restricts the vhost memory +that a virtio device may access. + +This feature also enables the vhost REPLY_ACK protocol, the +implementation of which is known to work in newer versions of +QEMU (i.e. v2.10.0), but is buggy in older versions (v2.7.0 - +v2.9.0, inclusive). As such, the feature is disabled by default +in (and should remain so), for the aforementioned older QEMU +verions. Starting with QEMU v2.9.1, vhost-iommu-support can +safely be enabled, even without having an IOMMU device, with +no performance penalty. + +This patch adds a new global config option, vhost-iommu-support, +that controls enablement of the vhost IOMMU feature: + + ovs-vsctl set Open_vSwitch . other_config:vhost-iommu-support=true + +This value defaults to false; to enable IOMMU support, this field +should be set to true when setting other global parameters on init +(such as "dpdk-socket-mem", for example). Changing the value at +runtime is not supported, and requires restarting the vswitch daemon. + +Signed-off-by: Mark Kavanagh +Acked-by: Kevin Traynor +Signed-off-by: Ian Stokes +--- + Documentation/topics/dpdk/vhost-user.rst | 28 ++++++++++++++++++++++++++++ + lib/dpdk-stub.c | 6 ++++++ + lib/dpdk.c | 12 ++++++++++++ + lib/dpdk.h | 3 +++ + lib/netdev-dpdk.c | 14 ++++++++++---- + vswitchd/vswitch.xml | 15 +++++++++++++++ + 6 files changed, 74 insertions(+), 4 deletions(-) + +diff --git a/Documentation/topics/dpdk/vhost-user.rst b/Documentation/topics/dpdk/vhost-user.rst +index d383a16e3..9286f8ac6 100644 +--- a/Documentation/topics/dpdk/vhost-user.rst ++++ b/Documentation/topics/dpdk/vhost-user.rst +@@ -273,6 +273,34 @@ One benefit of using this mode is the ability for vHost ports to 'reconnect' in + event of the switch crashing or being brought down. Once it is brought back up, + the vHost ports will reconnect automatically and normal service will resume. + ++vhost-user-client IOMMU Support ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++vhost IOMMU is a feature which restricts the vhost memory that a virtio device ++can access, and as such is useful in deployments in which security is a ++concern. ++ ++IOMMU support may be enabled via a global config value, ++```vhost-iommu-support```. Setting this to true enables vhost IOMMU support for ++all vhost ports when/where available:: ++ ++ $ ovs-vsctl set Open_vSwitch . other_config:vhost-iommu-support=true ++ ++The default value is false. ++ ++.. important:: ++ ++ Changing this value requires restarting the daemon. ++ ++.. important:: ++ ++ Enabling the IOMMU feature also enables the vhost user reply-ack protocol; ++ this is known to work on QEMU v2.10.0, but is buggy on older versions ++ (2.7.0 - 2.9.0, inclusive). Consequently, the IOMMU feature is disabled by ++ default (and should remain so if using the aforementioned versions of ++ QEMU). Starting with QEMU v2.9.1, vhost-iommu-support can safely be ++ enabled, even without having an IOMMU device, with no performance penalty. ++ + .. _dpdk-testpmd: + + DPDK in the Guest +diff --git a/lib/dpdk-stub.c b/lib/dpdk-stub.c +index daef7291f..36021807c 100644 +--- a/lib/dpdk-stub.c ++++ b/lib/dpdk-stub.c +@@ -48,3 +48,9 @@ dpdk_get_vhost_sock_dir(void) + { + return NULL; + } ++ ++bool ++dpdk_vhost_iommu_enabled(void) ++{ ++ return false; ++} +diff --git a/lib/dpdk.c b/lib/dpdk.c +index 8da6c3244..6710d10fc 100644 +--- a/lib/dpdk.c ++++ b/lib/dpdk.c +@@ -41,6 +41,7 @@ VLOG_DEFINE_THIS_MODULE(dpdk); + static FILE *log_stream = NULL; /* Stream for DPDK log redirection */ + + static char *vhost_sock_dir = NULL; /* Location of vhost-user sockets */ ++static bool vhost_iommu_enabled = false; /* Status of vHost IOMMU support */ + + static int + process_vhost_flags(char *flag, const char *default_val, int size, +@@ -345,6 +346,11 @@ dpdk_init__(const struct smap *ovs_other_config) + vhost_sock_dir = sock_dir_subcomponent; + } + ++ vhost_iommu_enabled = smap_get_bool(ovs_other_config, ++ "vhost-iommu-support", false); ++ VLOG_INFO("IOMMU support for vhost-user-client %s.", ++ vhost_iommu_enabled ? "enabled" : "disabled"); ++ + argv = grow_argv(&argv, 0, 1); + argc = 1; + argv[0] = xstrdup(ovs_get_program_name()); +@@ -482,6 +488,12 @@ dpdk_get_vhost_sock_dir(void) + return vhost_sock_dir; + } + ++bool ++dpdk_vhost_iommu_enabled(void) ++{ ++ return vhost_iommu_enabled; ++} ++ + void + dpdk_set_lcore_id(unsigned cpu) + { +diff --git a/lib/dpdk.h b/lib/dpdk.h +index 673a1f17e..dc58d968a 100644 +--- a/lib/dpdk.h ++++ b/lib/dpdk.h +@@ -17,6 +17,8 @@ + #ifndef DPDK_H + #define DPDK_H + ++#include ++ + #ifdef DPDK_NETDEV + + #include +@@ -35,5 +37,6 @@ struct smap; + void dpdk_init(const struct smap *ovs_other_config); + void dpdk_set_lcore_id(unsigned cpu); + const char *dpdk_get_vhost_sock_dir(void); ++bool dpdk_vhost_iommu_enabled(void); + + #endif /* dpdk.h */ +diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c +index b93aa2354..3082fd668 100644 +--- a/lib/netdev-dpdk.c ++++ b/lib/netdev-dpdk.c +@@ -3259,6 +3259,7 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev *netdev) + { + struct netdev_dpdk *dev = netdev_dpdk_cast(netdev); + int err; ++ uint64_t vhost_flags = 0; + + ovs_mutex_lock(&dev->mutex); + +@@ -3269,16 +3270,21 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev *netdev) + */ + if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT) + && strlen(dev->vhost_id)) { +- /* Register client-mode device */ +- err = rte_vhost_driver_register(dev->vhost_id, +- RTE_VHOST_USER_CLIENT); ++ /* Register client-mode device. */ ++ vhost_flags |= RTE_VHOST_USER_CLIENT; ++ ++ /* Enable IOMMU support, if explicitly requested. */ ++ if (dpdk_vhost_iommu_enabled()) { ++ vhost_flags |= RTE_VHOST_USER_IOMMU_SUPPORT; ++ } ++ err = rte_vhost_driver_register(dev->vhost_id, vhost_flags); + if (err) { + VLOG_ERR("vhost-user device setup failure for device %s\n", + dev->vhost_id); + goto unlock; + } else { + /* Configuration successful */ +- dev->vhost_driver_flags |= RTE_VHOST_USER_CLIENT; ++ dev->vhost_driver_flags |= vhost_flags; + VLOG_INFO("vHost User device '%s' created in 'client' mode, " + "using client socket '%s'", + dev->up.name, dev->vhost_id); +diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml +index 074535b58..8f646059f 100644 +--- a/vswitchd/vswitch.xml ++++ b/vswitchd/vswitch.xml +@@ -344,6 +344,21 @@ +

+ + ++ ++

++ vHost IOMMU is a security feature, which restricts the vhost memory ++ that a virtio device may access. vHost IOMMU support is disabled by ++ default, due to a bug in QEMU implementations of the vhost REPLY_ACK ++ protocol, (on which vHost IOMMU relies) prior to v2.9.1. Setting this ++ value to true enables vHost IOMMU support for vHost User ++ Client ports in OvS-DPDK, starting from DPDK v17.11. ++

++

++ Changing this value requires restarting the daemon. ++

++ ++ + +

+-- +2.15.1 + diff --git a/openvswitch.changes b/openvswitch.changes index 5d4aead..970385f 100644 --- a/openvswitch.changes +++ b/openvswitch.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jan 9 16:25:48 UTC 2018 - mchandras@suse.de + +- Add upstream patches to support DPDK 17.11 (fate#322609) + * 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch + * 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch + * 0003-netdev-dpdk-vHost-IOMMU-support.patch + ------------------------------------------------------------------- Wed Dec 27 17:05:35 UTC 2017 - mchandras@suse.de diff --git a/openvswitch.spec b/openvswitch.spec index 39e8d03..b8f8366 100644 --- a/openvswitch.spec +++ b/openvswitch.spec @@ -1,7 +1,7 @@ # # spec file for package openvswitch # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -48,6 +48,12 @@ Url: http://openvswitch.org/ Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz Source1: preamble Source89: Module.supported.updates +# PATCH-FIX-UPSTREAM: 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch +Patch0: 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch +# PATCH-FIX-UPSTREAM: 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch +Patch1: 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch +# PATCH-FIX-UPSTREAM: 0003-netdev-dpdk-vHost-IOMMU-support.patch +Patch2: 0003-netdev-dpdk-vHost-IOMMU-support.patch Patch99: 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module six} @@ -323,6 +329,9 @@ performance and connectivity issues in Open vSwitch setup. %prep %setup -q -n openvswitch-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 %patch99 -p1 %build