From dfd3e840ee7868b33fa7a799fb47e68dc653c5b1 Mon Sep 17 00:00:00 2001 From: Asaf Penso Date: Mon, 28 Feb 2022 10:11:17 +0200 Subject: [PATCH] doc: add steps to configure mlx5 VF as trusted Trusted VF is needed to offload rules with rte_flow to a group that is bigger than 0. The configuration is done in two parts: driver and FW. This patch adds the needed steps to configure a VF to be trusted. Signed-off-by: Asaf Penso Reviewed-by: Raslan Darawsheh --- doc/guides/nics/mlx5.rst | 51 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst index 2fe5784c04..a734d10d3f 100644 --- a/doc/guides/nics/mlx5.rst +++ b/doc/guides/nics/mlx5.rst @@ -1615,3 +1615,54 @@ both the meters in hierarchy on that flow. add port meter policy 0 2 g_actions meter mtr_id M / end y_actions end r_actions drop / end create port meter 0 N 2 2 yes 0xffff 1 0 flow create 0 ingress group 1 pattern eth / end actions meter mtr_id N / end + +How to configure a VF as trusted +-------------------------------- + +This section demonstrates how to configure a virtual function (VF) interface as trusted. +Trusted VF is needed to offload rules with rte_flow to a group that is bigger than 0. +The configuration is done in two parts: driver and FW. + +The procedure below is an example of using a ConnectX-5 adapter card (pf0) with 2 VFs: + +#. Create 2 VFs on the PF pf0 when in Legacy SR-IOV mode:: + + $ echo 2 > /sys/class/net/pf0/device/mlx5_num_vfs + +#. Verify the VFs are created: + + .. code-block:: console + + $ lspci | grep Mellanox + 82:00.0 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5] + 82:00.1 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5] + 82:00.2 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] + 82:00.3 Ethernet controller: Mellanox Technologies MT27800 Family [ConnectX-5 Virtual Function] + +#. Unbind all VFs. For each VF PCIe, using the following command to unbind the driver:: + + $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/unbind + +#. Set the VFs to be trusted for the kernel by using one of the methods below: + + - Using sysfs file:: + + $ echo ON | tee /sys/class/net/pf0/device/sriov/0/trust + $ echo ON | tee /sys/class/net/pf0/device/sriov/1/trust + + - Using “ip link” command:: + + $ ip link set p0 vf 0 trust on + $ ip link set p0 vf 1 trust on + +#. Configure all VFs using mlxreg:: + + $ mlxreg -d /dev/mst/mt4121_pciconf0 --reg_name VHCA_TRUST_LEVEL --yes --set "all_vhca=0x1,trust_level=0x1" + + .. note:: + + Firmware version used must be >= xx.29.1016 and MFT >= 4.18 + +#. For each VF PCIe, using the following command to bind the driver:: + + $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/bind -- 2.20.1