* [PATCH v11 01/13] admin: Introduce self group
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 02/13] admin: Use already defined names for the legacy commands Parav Pandit
` (13 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Define self group to control the self device itself.
Subsequent patches introduces the concept of device capabilities
and device resources which utilizes the self group to access
capabilities and uses device resources to refer to the device itself.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v9->v10:
- rephrase the self group description
- removed duplicate description sentence
---
admin.tex | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/admin.tex b/admin.tex
index 0803c26..44e0f83 100644
--- a/admin.tex
+++ b/admin.tex
@@ -1,7 +1,10 @@
\section{Device groups}\label{sec:Basic Facilities of a Virtio Device / Device groups}
It is occasionally useful to have a device control a group of
-other devices. Terminology used in such cases:
+other devices (the group may occasionally include the device
+itself) within a group. The owner device itself is not a
+member of the group (except in the special case of the self group).
+Terminology used in such cases:
\begin{description}
\item[Device group]
@@ -10,7 +13,7 @@ \section{Device groups}\label{sec:Basic Facilities of a Virtio Device / Device g
or owner, the device controlling the group.
\item[Member device]
a device within a group. The owner device itself is not
- a member of the group.
+ a member of the group except for the \field{Self group type}.
\item[Member identifier]
each member has this identifier, unique within the group
and used to address it through the owner device.
@@ -37,6 +40,11 @@ \section{Device groups}\label{sec:Basic Facilities of a Virtio Device / Device g
The following group types, and their identifiers, are currently specified:
\begin{description}
+\item[Self group type (0x0)]
+This device group includes the owner device itself and no other devices.
+The group type identifier for this group is 0x0.
+The member identifier for this group has a value of 0x0.
+
\item[SR-IOV group type (0x1)]
This device group has a PCI Single Root I/O Virtualization
(SR-IOV) physical function (PF) device as the owner and includes
@@ -78,6 +86,7 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
/* Device-readable part */
le16 opcode;
/*
+ * 0 - Self
* 1 - SR-IOV
* 2-65535 - reserved
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 02/13] admin: Use already defined names for the legacy commands
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
2024-06-04 13:28 ` [PATCH v11 01/13] admin: Introduce self group Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 03/13] admin: Add theory of operation for capability admin commands Parav Pandit
` (12 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Instead of description, use the existing name for defining the legacy
commands. While at it, prefer the shorter label names which
are already unique and refer them as hyperreference in the table
for quick naviation.
This is editorial change to align to subsequent patches.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
---
admin-cmds-legacy-interface.tex | 24 ++++++++++++++----------
admin.tex | 10 +++++-----
2 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/admin-cmds-legacy-interface.tex b/admin-cmds-legacy-interface.tex
index b9c96d4..7b1ce4e 100644
--- a/admin-cmds-legacy-interface.tex
+++ b/admin-cmds-legacy-interface.tex
@@ -17,10 +17,10 @@ \subsubsection{Legacy Interfaces}\label{sec:Basic Facilities of a Virtio Device
The following commands support such a legacy interface functionality:
\begin{enumerate}
-\item Legacy Common Configuration Write Command
-\item Legacy Common Configuration Read Command
-\item Legacy Device Configuration Write Command
-\item Legacy Device Configuration Read Command
+\item VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_WRITE
+\item VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_READ
+\item VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_WRITE
+\item VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_READ
\end{enumerate}
These commands are currently only defined for the SR-IOV group type and
@@ -29,8 +29,8 @@ \subsubsection{Legacy Interfaces}\label{sec:Basic Facilities of a Virtio Device
Bus / PCI Device Layout / Legacy Interfaces: A Note on PCI Device Layout} except
that little-endian format is assumed unconditionally.
-\paragraph{Legacy Common Configuration Write Command}\label{par:Basic Facilities of a Virtio Device / Device groups / Group
-administration commands / Legacy Interface / Legacy Common Configuration Write Command}
+\paragraph{VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_WRITE}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_WRITE}
This command has the same effect as writing into the virtio common configuration
structure through the legacy interface. The \field{command_specific_data} is in
@@ -59,7 +59,8 @@ \subsubsection{Legacy Interfaces}\label{sec:Basic Facilities of a Virtio Device
This command has no command specific result.
-\paragraph{Legacy Common Configuration Read Command}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / Legacy Common Configuration Read Command}
+\paragraph{VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_READ}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_READ}
This command has the same effect as reading from the virtio common configuration
structure through the legacy interface. The \field{command_specific_data} is in
@@ -94,7 +95,8 @@ \subsubsection{Legacy Interfaces}\label{sec:Basic Facilities of a Virtio Device
returned by the device. The length of the data read is simply the length of
\field{data}.
-\paragraph{Legacy Device Configuration Write Command}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / Legacy Device Configuration Write Command}
+\paragraph{VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_WRITE}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_WRITE}
This command has the same effect as writing into the virtio device-specific
configuration through the legacy interface. The \field{command_specific_data} is in
@@ -123,7 +125,8 @@ \subsubsection{Legacy Interfaces}\label{sec:Basic Facilities of a Virtio Device
This command has no command specific result.
-\paragraph{Legacy Device Configuration Read Command}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / Legacy Device Configuration Read Command}
+\paragraph{VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_READ}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_READ}
This command has the same effect as reading from the virtio device-specific
configuration through the legacy interface. The \field{command_specific_data} is in
@@ -159,7 +162,8 @@ \subsubsection{Legacy Interfaces}\label{sec:Basic Facilities of a Virtio Device
The length of the data read is simply the length of \field{data}.
-\paragraph{Legacy Driver Notification}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / Legacy Driver Notifications}
+\paragraph{VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO}
The driver of the owner device can send a driver notification to the member
device operated using the legacy interface by executing
diff --git a/admin.tex b/admin.tex
index 44e0f83..7838301 100644
--- a/admin.tex
+++ b/admin.tex
@@ -126,15 +126,15 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline
0x0001 & VIRTIO_ADMIN_CMD_LIST_USE & Provides to device list of commands used for this group type \\
\hline
-0x0002 & VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_WRITE & Writes into the legacy common configuration structure \\
+0x0002 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_WRITE]{VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_WRITE} & Writes into the legacy common configuration structure \\
\hline
-0x0003 & VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_READ & Reads from the legacy common configuration structure \\
+0x0003 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_READ]{VIRTIO_ADMIN_CMD_LEGACY_COMMON_CFG_READ} & Reads from the legacy common configuration structure \\
\hline
-0x0004 & VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_WRITE & Writes into the legacy device configuration structure \\
+0x0004 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_WRITE]{VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_WRITE} & Writes into the legacy device configuration structure \\
\hline
-0x0005 & VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_READ & Reads into the legacy device configuration structure \\
+0x0005 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_READ]{VIRTIO_ADMIN_CMD_LEGACY_DEV_CFG_READ} & Reads into the legacy device configuration structure \\
\hline
-0x0006 & VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO & Query the notification region information \\
+0x0006 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO]{VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO} & Query the notification region information \\
\hline
0x0007 - 0x7FFF & - & Commands using \field{struct virtio_admin_cmd} \\
\hline
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 03/13] admin: Add theory of operation for capability admin commands
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
2024-06-04 13:28 ` [PATCH v11 01/13] admin: Introduce self group Parav Pandit
2024-06-04 13:28 ` [PATCH v11 02/13] admin: Use already defined names for the legacy commands Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 04/13] admin: Prepare table for multipage listing Parav Pandit
` (11 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Device capability indicates the supported functionality and
resources of the device to the driver.
Driver capability indicates the supported functionality
and resources which driver will be using. Driver capability is
subset of the device capability.
Add theory of operation describing it.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v9->v10:
- replaced 'functionalities' to 'functionality'
- added missing article 'the'
- replaced capabilities to capability
- rephrase for listing for device type specific capabilities
- rephrase the first para description of capabilities
- moved capability type to next patch
---
admin-cmds-capabilities.tex | 34 ++++++++++++++++++++++++++++++++++
admin.tex | 1 +
2 files changed, 35 insertions(+)
create mode 100644 admin-cmds-capabilities.tex
diff --git a/admin-cmds-capabilities.tex b/admin-cmds-capabilities.tex
new file mode 100644
index 0000000..ef9481c
--- /dev/null
+++ b/admin-cmds-capabilities.tex
@@ -0,0 +1,34 @@
+\subsubsection{Device and driver capabilities}\label{sec:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
+
+Device and driver capabilities are implemented as structured groupings for
+specific device functionality and their related resource objects. The device exposes
+its supported functionality and resource object limits through an administration
+command, utilizing the 'self group type.' Each capability possesses a
+unique ID. Through an administration command, also employing the
+'self group type,' the driver reports the functionality and
+resource object limits it intends to use. Before executing any operations
+related to the capabilities, the driver communicates these
+capabilities to the device. The driver is allowed to set the
+capability at any time, provided there are no pending operations
+at the device level associated with that capability.
+
+The device presents the supported capability IDs to the driver as a bitmap.
+The driver uses the administration command to learn about the
+supported capabilities bitmap.
+
+A capability consists of one or more fields, where each field can be a
+limit number, a bitmap, or an array of entries. In an array field,
+the structure depends on the specific array and the capability type.
+For each bitmap field, the driver sets the desired bits - but only out of
+those bits in a bitmap that the device has presented.
+The driver sets each limit number field to a desired value that
+is smaller than or equal to the value the device presented.
+Similarly, for an array field, the driver sets the desired capability
+entries but only out of the capability entries that the device has presented.
+
+It is anticipated that any necessary new fields for a capability will be
+appended to the structure's end, ensuring both forward and backward
+compatibility between the device and driver. Furthermore, to avoid
+indefinite growth of a single capability, it is expected that new
+functionality will lead to the creation of new capability rather
+than expanding existing ones.
diff --git a/admin.tex b/admin.tex
index 7838301..56c92a6 100644
--- a/admin.tex
+++ b/admin.tex
@@ -306,6 +306,7 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
might differ between different group types.
\input{admin-cmds-legacy-interface.tex}
+\input{admin-cmds-capabilities.tex}
\devicenormative{\subsubsection}{Group administration commands}{Basic Facilities of a Virtio Device / Device groups / Group administration commands}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 04/13] admin: Prepare table for multipage listing
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (2 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 03/13] admin: Add theory of operation for capability admin commands Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 05/13] admin: Add capability admin commands Parav Pandit
` (10 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
If the table spans across two pages, it is not readable.
Make use of xltabular package that supports table spanning
across multiple pages.
Signed-off-by: Parav Pandit <parav@nvidia.com>
---
admin.tex | 4 ++--
virtio.tex | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/admin.tex b/admin.tex
index 56c92a6..c93c74c 100644
--- a/admin.tex
+++ b/admin.tex
@@ -118,7 +118,7 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\field{opcode} specifies the command. The valid
values for \field{opcode} can be found in the following table:
-\begin{tabularx}{\textwidth}{ |l||l|X| }
+\begin{xltabular}{\textwidth}{ |l||l|X| }
\hline
opcode & Name & Command Description \\
\hline \hline
@@ -140,7 +140,7 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline
0x8000 - 0xFFFF & - & Reserved for future commands (possibly using a different structure) \\
\hline
-\end{tabularx}
+\end{xltabular}
The \field{group_type} specifies the group type identifier.
The \field{group_member_id} specifies the member identifier within the group.
diff --git a/virtio.tex b/virtio.tex
index 37e49b1..7c52a40 100644
--- a/virtio.tex
+++ b/virtio.tex
@@ -35,6 +35,7 @@
\usepackage{xltxtra}
\usepackage{etoolbox}
\usepackage{tabularx}
+\usepackage{xltabular}
\usepackage{underscore}
\usepackage{xstring}
\usepackage{enumitem}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 05/13] admin: Add capability admin commands
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (3 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 04/13] admin: Prepare table for multipage listing Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 06/13] admin: Add theory of operation for device resource objects Parav Pandit
` (9 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Add three capabilities related administration commands.
First to get the device capability.
Second to set the driver capability.
Third for the driver to discover which capabilities can be accessed.
Even though the current series restricts device capability reading
to the self group type, same structure and command format etc will
be reusable in future to read the capability from the owner device
and also to set the device capability via owner device using
new DEV_CAP_SET command.
Resource objects are introduced in subsequent patch which utilizes
the capability, however some description around resource object
limit is covered in this patch to keep things simple.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v9->v10:
- removed white space at end of line
- squashed the dedicated patch of status code with the usage patch (this one)
- renamed read/write caps to device_get_cap/driver_set_cap
- restrict get and set command to only self group
- supported_caps renamed to cap_id query
- removed length from the get/set/query commands as it can be derived
- renamed cid to id as its part of the cap command structure
---
admin-cmds-capabilities.tex | 196 ++++++++++++++++++++++++++++++++++++
admin.tex | 12 ++-
conformance.tex | 2 +
virtio.tex | 1 +
4 files changed, 210 insertions(+), 1 deletion(-)
diff --git a/admin-cmds-capabilities.tex b/admin-cmds-capabilities.tex
index ef9481c..07b8ddb 100644
--- a/admin-cmds-capabilities.tex
+++ b/admin-cmds-capabilities.tex
@@ -32,3 +32,199 @@ \subsubsection{Device and driver capabilities}\label{sec:Basic Facilities of a V
indefinite growth of a single capability, it is expected that new
functionality will lead to the creation of new capability rather
than expanding existing ones.
+
+Capabilities are categorized into two ranges by their IDs, as listed:
+
+\begin{table}[H]
+\caption{Capability ids}
+\label{table:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / capability ids}
+\begin{tabularx}{\textwidth}{ |l|X| }
+\hline
+Id & Description \\
+\hline \hline
+0x0000-0x07ff & Generic capability for all device types \\
+\hline
+0x0800-0x0fff & Device type specific capability \\
+\hline
+0x1000 - 0xFFFF & Reserved for future \\
+\hline
+\end{tabularx}
+\end{table}
+
+Device type specific capabilities are described separately for each device
+type under \field{Device and driver capabilities}.
+
+The device and driver capabilities commands are currently defined for self group
+type.
+
+\begin{enumerate}
+\item VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY
+\item VIRTIO_ADMIN_CMD_DEVICE_CAP_GET
+\item VIRTIO_ADMIN_CMD_DRIVER_CAP_SET
+\end{enumerate}
+
+\paragraph{VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY}
+
+This command queries the bitmap of capability ids
+listed in \ref{table:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / capability ids}.
+
+For the command VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY, \field{opcode} is set to 0x7.
+\field{group_member_id} is set to zero.
+
+This command has no command specific data.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_query_cap_id_result {
+ le64 supported_caps[];
+};
+\end{lstlisting}
+
+When the command completes successfully, \field{command_specific_result}
+is in the format \field{struct virtio_admin_cmd_query_cap_id_result}.
+
+\field{supported_caps} is an array of 64 bit values in little-endian byte
+order, in which a bit is set if the specific capability is supported.
+Thus, \field{supported_caps[0]} refers to the first 64-bit value in this
+array corresponding to capability ids 0 to
+63, \field{supported_caps[1]} is the second 64-bit value corresponding to
+capability ids 64 to 127, etc. For example, the array of size 2 including
+the values 0x3 in \field{supported_caps[0]} and 0x1 in
+\field{supported_caps[1]} indicates that only capability id 0, 1
+and 64 are supported.
+The length of the array depends on the supported capabilities - it is
+large enough to include bits set for all supported capability ids,
+that is the length can be calculated by starting with the largest
+supported capability id adding one, dividing by 64 and rounding up.
+In other words, for VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY the length of
+\field{command_specific_result} will be
+$DIV_ROUND_UP(max_cap_id, 64) * 8$ where DIV_ROUND_UP is integer division
+with round up and \field{max_cap_id} is the largest available capability id.
+
+The array is also allowed to be larger and to additionally include an arbitrary
+number of all-zero entries.
+
+\paragraph{VIRTIO_ADMIN_CMD_DEVICE_CAP_GET}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_DEVICE_CAP_GET}
+
+This command gets the device capability for the specified capability
+id \field{id}.
+
+For the command VIRTIO_ADMIN_CMD_DEVICE_CAP_GET, \field{opcode} is set to 0x8.
+\field{group_member_id} is set to zero.
+
+\field{command_specific_data} is in format
+\field{struct virtio_admin_cmd_cap_get_data}.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_cap_get_data {
+ le16 id;
+ u8 reserved[6];
+};
+\end{lstlisting}
+
+\field{id} refers to the capability id listed in \ref{table:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / capability ids}.
+\field{reserved} is reserved for future use and set to zero.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_cap_get_result {
+ u8 cap_specific_data[];
+};
+\end{lstlisting}
+
+When the command completes successfully, \field{command_specific_result}
+is in the format \field{struct virtio_admin_cmd_cap_get_result} responded
+by the device. Each capability uses different capability specific
+\field{cap_specific_data} and is described separately.
+
+\paragraph{VIRTIO_ADMIN_CMD_DRIVER_CAP_SET}\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_DRIVER_CAP_SET}
+
+This command sets the driver capability, indicating to the device which capability
+the driver uses. The driver can set a resource object limit capability that is smaller
+than or equal to the value published by the device capability.
+If the capability is a set of flags, the driver sets the flag bits that are set
+in the device capability; the driver does not set any flag bits that are not
+set by the device.
+
+For the command VIRTIO_ADMIN_CMD_DRIVER_CAP_SET, \field{opcode} is set to 0x9.
+\field{group_member_id} is set to zero.
+The \field{command_specific_data} is in the format
+\field{struct virtio_admin_cmd_cap_set_data}.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_cap_set_data {
+ le16 id;
+ u8 reserved[6];
+ u8 cap_specific_data[];
+};
+\end{lstlisting}
+
+\field{id} refers to the capability id listed in \ref{table:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / capability ids}.
+\field{reserved} is reserved for future use and set to zero.
+
+There is no command specific result.
+When the command completes successfully, the driver capability is updated to
+the values supplied in \field{cap_specific_data}.
+
+\devicenormative{\paragraph}{Device and driver capabilities}{Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
+
+If the device supports capabilities, it MUST support the commands
+VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY,
+VIRTIO_ADMIN_CMD_DRIVER_CAP_SET, and
+VIRTIO_ADMIN_CMD_DEVICE_CAP_GET.
+
+For the VIRTIO_ADMIN_CMD_DRIVER_CAP_SET command,
+\begin{itemize}
+\item the device MUST support the setting of resource object limit driver capability to a
+value that is same as or smaller than the one reported in the device
+capability,
+\item the device MUST support the setting of capability flags bits to
+all or fewer bits than the one reported in the device capability;
+\end{itemize}
+this is applicable unless specific capability fields are explicitly
+stated as non-writable in the VIRTIO_ADMIN_CMD_DEVICE_CAP_GET command.
+
+The device MAY complete the command VIRTIO_ADMIN_CMD_DRIVER_CAP_SET with
+\field{status} set to VIRTIO_ADMIN_STATUS_EINVAL,
+if the capability resource object limit is larger than the value reported by the
+device's capability, or the capability flag bit is set, which is not set in
+the device's capability.
+
+The device MUST complete the commands VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY,
+VIRTIO_ADMIN_CMD_DRIVER_CAP_GET, and VIRTIO_ADMIN_CMD_DRIVER_CAP_SET
+with \field{status} set to VIRTIO_ADMIN_STATUS_EINVAL if the commands are not
+for the self group type.
+
+The device SHOULD complete the commands VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY,
+VIRTIO_ADMIN_CMD_DRIVER_CAP_GET, VIRTIO_ADMIN_CMD_DRIVER_CAP_SET with
+\field{status} set to VIRTIO_ADMIN_STATUS_EINVAL if the commands are not for the
+self group type.
+
+The device SHOULD complete the command VIRTIO_ADMIN_CMD_DRIVER_CAP_SET with
+\field{status} set to VIRTIO_ADMIN_STATUS_EBUSY if the command requests to disable
+a capability while the device still has valid resource objects related to the
+capability being disabled.
+
+The device SHOULD complete the comands VIRTIO_ADMIN_CMD_DEVICE_CAP_GET and
+VIRTIO_ADMIN_CMD_DRIVER_CAP_SET with \field{status} set to
+VIRTIO_ADMIN_STATUS_ENXIO if the capability id is not reported
+in command VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY.
+
+Upon a device reset, the device MUST reset all driver capabilities.
+
+\drivernormative{\paragraph}{Device and driver capabilities}{Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
+
+The driver MUST send the command VIRTIO_ADMIN_CMD_DRIVER_CAP_SET before
+using any resource objects that depend on such a capability.
+
+In VIRTIO_ADMIN_CMD_DRIVER_CAP_SET command, the driver MUST NOT set
+\begin{itemize}
+\item the resource object limit value larger than the value reported
+by the device in the command VIRTIO_ADMIN_CMD_DEVICE_CAP_GET,
+\item flags bits which was not reported by the device in the command
+VIRTIO_ADMIN_CMD_DEVICE_CAP_GET,
+\item array entries not reported by the device in the command
+VIRTIO_ADMIN_CMD_DEVICE_CAP_GET.
+\end{itemize}
+
+The driver MUST NOT disable any of the driver capability using the command
+VIRTIO_ADMIN_CMD_DRIVER_CAP_SET when related resource objects
+are created but not destroyed.
diff --git a/admin.tex b/admin.tex
index c93c74c..c8b3de4 100644
--- a/admin.tex
+++ b/admin.tex
@@ -136,7 +136,13 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline
0x0006 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Legacy Interface / VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO]{VIRTIO_ADMIN_CMD_LEGACY_NOTIFY_INFO} & Query the notification region information \\
\hline
-0x0007 - 0x7FFF & - & Commands using \field{struct virtio_admin_cmd} \\
+0x0007 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY]{VIRTIO_ADMIN_CMD_CAP_ID_LIST_QUERY} & Query the supported device capabilities bitmap \\
+\hline
+0x0008 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_DEVICE_CAP_GET]{VIRTIO_ADMIN_CMD_DEVICE_CAP_GET} & Get the device capabilities \\
+\hline
+0x0009 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_DRIVER_CAP_SET]{VIRTIO_ADMIN_CMD_DRIVER_CAP_SET} & Set the driver capabilities \\
+\hline
+0x000a - 0x7FFF & - & Commands using \field{struct virtio_admin_cmd} \\
\hline
0x8000 - 0xFFFF & - & Reserved for future commands (possibly using a different structure) \\
\hline
@@ -162,10 +168,14 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline \hline
00 & VIRTIO_ADMIN_STATUS_OK & successful completion \\
\hline
+06 & VIRTIO_ADMIN_STATUS_ENXIO & no such capability \\
+\hline
11 & VIRTIO_ADMIN_STATUS_EAGAIN & try again \\
\hline
12 & VIRTIO_ADMIN_STATUS_ENOMEM & insufficient resources \\
\hline
+16 & VIRTIO_ADMIN_STATUS_EBUSY & device busy \\
+\hline
22 & VIRTIO_ADMIN_STATUS_EINVAL & invalid command \\
\hline
other & - & group administration command error \\
diff --git a/conformance.tex b/conformance.tex
index 183c059..8b77eba 100644
--- a/conformance.tex
+++ b/conformance.tex
@@ -99,6 +99,7 @@ \section{Conformance Targets}\label{sec:Conformance / Conformance Targets}
\item \ref{drivernormative:General Initialization And Device Operation / Device Initialization}
\item \ref{drivernormative:General Initialization And Device Operation / Device Cleanup}
\item \ref{drivernormative:Reserved Feature Bits}
+\item \ref{drivernormative:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
\end{itemize}
\conformance{\subsection}{PCI Driver Conformance}\label{sec:Conformance / Driver Conformance / PCI Driver Conformance}
@@ -181,6 +182,7 @@ \section{Conformance Targets}\label{sec:Conformance / Conformance Targets}
\item \ref{devicenormative:Basic Facilities of a Virtio Device / Packed Virtqueues / Scatter-Gather Support}
\item \ref{devicenormative:Basic Facilities of a Virtio Device / Shared Memory Regions}
\item \ref{devicenormative:Reserved Feature Bits}
+\item \ref{devicenormative:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
\end{itemize}
\conformance{\subsection}{PCI Device Conformance}\label{sec:Conformance / Device Conformance / PCI Device Conformance}
diff --git a/virtio.tex b/virtio.tex
index 7c52a40..3bb5c14 100644
--- a/virtio.tex
+++ b/virtio.tex
@@ -39,6 +39,7 @@
\usepackage{underscore}
\usepackage{xstring}
\usepackage{enumitem}
+\usepackage{float}
\IfFileExists{ellipsis.sty}{\usepackage{ellipsis}}{
\message{!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!}
\message{LaTeX Warning: Missing ellipsis.sty: dots (...) will look ugly}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 06/13] admin: Add theory of operation for device resource objects
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (4 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 05/13] admin: Add capability admin commands Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 07/13] admin: Add device resource objects admin commands Parav Pandit
` (8 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
The driver controls the device by means of device resource objects.
These operations include create, query, modify, and destroy the device
resource objects.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v9->v10:
- grammar corrections with article and others
- rephrase 'device resource' to 'device resource object'
- shifted description of max limit before describing the id
- renamed 'identifier' to 'id'
- rephrase around id
- rephrase from link to depend
- rephrase 'linked resource' to dependent resource
v7->v8:
- added text about administration commands execution rate behavior
---
admin-cmds-resource-objects.tex | 69 +++++++++++++++++++++++++++++++++
admin.tex | 1 +
2 files changed, 70 insertions(+)
create mode 100644 admin-cmds-resource-objects.tex
diff --git a/admin-cmds-resource-objects.tex b/admin-cmds-resource-objects.tex
new file mode 100644
index 0000000..a74cb3b
--- /dev/null
+++ b/admin-cmds-resource-objects.tex
@@ -0,0 +1,69 @@
+\subsubsection{Device resource objects}\label{sec:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}
+
+Providing certain functionality consumes limited device resources such as
+memory, processing units, buffer memory, or end-to-end credits. A device may
+support multiple types of resource objects, each controlling different device
+functionality. To manage this, virtio provides
+\field{Device resource objects} that the driver can create, modify, and
+destroy using administration commands with the self group type. Creating and
+destroying a resource object consume and release device resources, respectively.
+The device resource object query command returns the resource object as
+maintained by the device.
+
+For each resource type, the number of resource objects that can be created
+is reported by the device as part of a device capability
+\ref{sec:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}.
+The driver reports the desired (same or lower) number of resource objects
+as part of a driver capability \ref{sec:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}.
+For each device object type, resource object limit is defined by field
+\field{limit} using \field{Device and driver capabilities}.
+
+\begin{lstlisting}
+le32 limit; /* maximum resource id = limit - 1 */
+\end{lstlisting}
+
+Each resource object has a unique resource object ID - a driver-assigned number
+in the range of 0 to \field{limit - 1}, where the \field{limit} is the maximum
+number set by the driver for this resource object type. These resource IDs are unique within
+each resource object type. The driver assigns the resource ID when creating a
+device resource object. Once the resource object is successfully created,
+subsequent resource modification, query, and destroy commands use this
+resource object ID. No two resource objects share the same ID. Destroying a
+resource object allows for the reuse of its ID for another resource object
+of the same type.
+
+A valid resource object id is \field{limit - 1}. For example, when a device
+reports a \field{limit = 10} capability for a resource object, and drivers sets
+\field{limit = 8}, the valid resource object id range for the device and the
+driver is 0 to 7 for all the resource object commands. In this example,
+the driver can only create 8 resource objects of a specified type.
+
+A resource object of one type may depend on the resource object of another type.
+Such dependency between resource objects is established by referring to the unique
+resource ID in the administration commands. For example, a driver creates a
+resource object identified by ID A of one type, then creates another resource
+object identified by ID B of a different type, which depends on resource object
+A. This dependency establishes the lifecycle of these resource objects. The driver
+that creates the dependent resource object must destroy the resource objects in the
+exact reverse order of their creation. In this example, the driver would
+destroy resource object B before destroying resource object A.
+
+Some resource object types are generic, common across multiple devices.
+Others are specific for one device type.
+
+\begin{tabular}{|l|l|}
+\hline
+Resource object type & Description \\
+\hline \hline
+0x000-0x1ff & Generic resource object type common across all devices \\
+\hline
+0x200-0x4ff & Device type specific resource object \\
+\hline
+0x500-0xffff & Reserved for future use \\
+\hline
+\end{tabular}
+
+When the device resets, it starts with zero resources of each type; the driver
+can create resources up to the published \field{limit}. The driver can
+destroy and recreate the resource one or multiple times. Upon device reset,
+all resource objects created by the driver are destroyed within the device.
diff --git a/admin.tex b/admin.tex
index c8b3de4..d8a19c4 100644
--- a/admin.tex
+++ b/admin.tex
@@ -317,6 +317,7 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\input{admin-cmds-legacy-interface.tex}
\input{admin-cmds-capabilities.tex}
+\input{admin-cmds-resource-objects.tex}
\devicenormative{\subsubsection}{Group administration commands}{Basic Facilities of a Virtio Device / Device groups / Group administration commands}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 07/13] admin: Add device resource objects admin commands
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (5 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 06/13] admin: Add theory of operation for device resource objects Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 08/13] virtio-net: Add theory of operation for flow filter Parav Pandit
` (7 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Add generic administration commands create, modify, query and destroy
device resource object.
Each resource object defines resource specific attributes for the commands.
Once the resource object is created by the driver, it can be query/modify or
destroyed by the driver.
Each resource object is identified using a unique resource id per
resource type.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v10->v11:
- addressed comments from Satananda
- improved driver normative for two resource objects with same ID
v9->v10:
- added hyperreference to quickly jump to command definition
- renamed rid to just id as it is part of the resource related structs
- removed length field from the commands as it can be derived
- rephrase for group_member_id
- squashed the patch that added the error code
- renamed and rephrase 'device resource' to 'device resource object'
- removed performance part of commit log for future and implementation
creativity
v8->v9:
- changed command name from read_data/read_result to query_data/query_result
to match the opcode name and description
- added fields_bmap bitmap to support future support of optional fields
in the resources without inventing new set of commands, for example
multiple pages in the VQ, PASID in VQ, flow counter id in flow filter rule
etc.
- fixed spelling from 'destroyd' to 'destroyed'
- fixed 'upto' to 'up to'
---
admin-cmds-capabilities.tex | 3 +
admin-cmds-resource-objects.tex | 199 ++++++++++++++++++++++++++++++++
admin.tex | 14 ++-
conformance.tex | 2 +
4 files changed, 216 insertions(+), 2 deletions(-)
diff --git a/admin-cmds-capabilities.tex b/admin-cmds-capabilities.tex
index 07b8ddb..8119a56 100644
--- a/admin-cmds-capabilities.tex
+++ b/admin-cmds-capabilities.tex
@@ -210,6 +210,9 @@ \subsubsection{Device and driver capabilities}\label{sec:Basic Facilities of a V
Upon a device reset, the device MUST reset all driver capabilities.
+The device SHOULD treat the driver resource limits as zero if the
+driver has not set such capability, unless otherwise explicitly stated.
+
\drivernormative{\paragraph}{Device and driver capabilities}{Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
The driver MUST send the command VIRTIO_ADMIN_CMD_DRIVER_CAP_SET before
diff --git a/admin-cmds-resource-objects.tex b/admin-cmds-resource-objects.tex
index a74cb3b..291f7e6 100644
--- a/admin-cmds-resource-objects.tex
+++ b/admin-cmds-resource-objects.tex
@@ -67,3 +67,202 @@ \subsubsection{Device resource objects}\label{sec:Basic Facilities of a Virtio D
can create resources up to the published \field{limit}. The driver can
destroy and recreate the resource one or multiple times. Upon device reset,
all resource objects created by the driver are destroyed within the device.
+
+Following administration commands control device resource objects,
+they are only supported for the self group type:
+
+\begin{enumerate}
+\item VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE
+\item VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY
+\item VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY
+\item VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY
+\end{enumerate}
+
+Each resource object administration command uses a common header
+\field{struct virtio_admin_cmd_resource_obj_cmd_hdr}.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_resource_obj_cmd_hdr {
+ le16 type;
+ u8 reserved[2];
+ le32 id; /* Indicates unique resource object id per resource object type */
+};
+
+\end{lstlisting}
+
+\field{type} refers to the device resource object type.
+\field{id} uniquely identifies the resource object of a specified \field{type}.
+
+\paragraph{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE}
+
+This command creates the specified resource object of \field{type} identified by the
+resource id \field{id}. The valid range of \field{id} is defined by the
+device in the related device capability. The driver assigns the unique \field{id}
+for the resource for the specified \field{type}.
+
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE, \field{opcode} is set to 0xa.
+\field{group_member_id} is set to zero.
+The \field{command_specific_data} is in the format
+\field{struct virtio_admin_cmd_resource_obj_create_data}.
+\field{resource_obj_specific_data} refers to the resource object specific data.
+Each resource uses a different \field{resource_obj_specific_data} and is described
+separately.
+
+\field{flags} is reserved for future extension for optional resource object attributes and
+is set to 0. Each resource object uses a different value for
+\field{flags} and it is described separately.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_resource_obj_create_data {
+ struct virtio_admin_cmd_resource_obj_cmd_hdr hdr;
+ le64 flags;
+ u8 resource_obj_specific_data[];
+};
+\end{lstlisting}
+
+When the command completes successfully, the resource object is created by the
+device and the device can immediately begin using it.
+This command has no command specific result.
+
+\paragraph{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY}
+
+This command modifies the attributes of an existing device resource object.
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY, \field{opcode} is set to 0xb.
+The \field{command_specific_data} is in the format
+\field{struct virtio_admin_cmd_resource_modify_data}.
+\field{group_member_id} is set to zero.
+\field{id} identifies the resource object of type \field{type} whose attributes
+to modify.
+This command modifies the attributes supplied in \field{resource_obj_specific_data}.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_resource_modify_data {
+ struct virtio_admin_cmd_resource_obj_cmd_hdr hdr;
+ le64 flags;
+ u8 resource_obj_specific_data[];
+};
+\end{lstlisting}
+
+This command has no command specific result.
+When the command completes successfully, attributes of the resource object is
+set to the values supplied in \field{resource_obj_specific_data}.
+
+\paragraph{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY}
+
+This command queries attributes of the existing resource object.
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY, \field{opcode} is set to 0xc.
+\field{group_member_id} is set to zero.
+The \field{command_specific_data} is in the format
+\field{struct virtio_admin_cmd_resource_obj_query_data}.
+\field{id} identifies the existing resource object of type \field{type} whose
+attributes to query.
+
+\begin{lstlisting}
+struct virtio_admin_cmd_resource_obj_query_data {
+ struct virtio_admin_cmd_resource_obj_cmd_hdr hdr;
+ le64 flags;
+};
+\end{lstlisting}
+
+\begin{lstlisting}
+struct virtio_admin_cmd_resource_obj_query_result {
+ u8 resource_obj_specific_result[];
+};
+\end{lstlisting}
+
+\field{command_specific_result} is in the format
+\field{virtio_admin_cmd_resource_obj_query_result}.
+
+When the command completes successfully, the attributes of the specified
+resource object are are set in \field{resource_obj_specific_data}.
+
+\paragraph{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY}
+\label{par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY}
+
+This command destroys the previously created device resource object.
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY, \field{opcode} is set to 0xd.
+The \field{command_specific_data} is in the format
+\field{struct virtio_admin_cmd_resource_obj_cmd_hdr}.
+\field{group_member_id} is set to zero.
+\field{id} identifies the existing resource object of type \field{type}.
+
+This command destroys the specified resource object of \field{type} identified
+by \field{id}, which is previously created using
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE command.
+
+This command has no command specific result.
+When the command completes successfully, the resource object is destroyed from the device.
+
+\devicenormative{\paragraph}{Device resource objects}{Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}
+
+The device SHOULD complete the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE
+with \field{status} set to VIRTIO_ADMIN_STATUS_EEXIST if a resource object already exists
+with supplied resource \field{id} for the specified \field{type}.
+
+The device SHOULD complete the commands VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY,
+VIRTIO_ADMIN_CMD_RESOURCE_QUERY and
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY with \field{status} set to
+VIRTIO_ADMIN_STATUS_ENXIO if the specified resource object does not exist.
+
+The device SHOULD set \field{status} to VIRTIO_ADMIN_STATUS_ENOSPC for the
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE if the device fail to create the
+resource object.
+
+The device SHOULD complete the commands VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY or
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY commands with \field{status} set to
+VIRTIO_ADMIN_STATUS_EBUSY if other resource objects depend on the resource object
+being modified or destroyed.
+
+The device MUST allow recreating the resource object using the command
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE which was previously
+destroyed using the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY respectively
+without undergoing a device reset.
+
+The device SHOULD allow creating the resource object using
+the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE with any resource
+id as long as the resource object is not created.
+
+The device MAY fail the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE even if the
+resources within the device have not reached up to the \field{max_limit}
+but the device MAY have reached an internal limit.
+
+When a capability represents a number of resource objects, the device SHOULD
+allow creating as many resource objects as represented by the driver capability.
+
+The device MUST NOT have any side effects on the resource object when the command
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY fails.
+
+The device MUST complete the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY
+with \field{resource_obj_specific_data} which is matching the
+\field{resource_obj_specific_data} of last VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE
+or VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY command.
+
+On device reset, the device MUST destroy all the resource objects which
+have been created.
+
+\drivernormative{\paragraph}{Device resource objects}{Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}
+
+The driver MUST not create a second resource object of the same type with same
+ID using command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE before destroying the
+previously created resource object.
+
+The driver MUST NOT create more resource objects of a specified \field{type} using
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE than the maximum limit set by the
+driver capability.
+
+The driver SHOULD NOT modify, query and destroy the resource object which is
+already destroyed previously by the driver.
+
+The driver SHOULD NOT destroy the resource object on which other resource objects
+are depending; the driver SHOULD destroy all the resource objects which do not depend
+on other resource objects.
+
+The driver MUST NOT set the capability related to the resource objects if the
+resource objects have been created using the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE
+and not yet destroyed.
+
+The driver MUST send the command VIRTIO_ADMIN_CMD_DRIVER_CAP_SET before using
+any resources related to such capability.
diff --git a/admin.tex b/admin.tex
index d8a19c4..5b908ae 100644
--- a/admin.tex
+++ b/admin.tex
@@ -142,7 +142,15 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline
0x0009 & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities / VIRTIO_ADMIN_CMD_DRIVER_CAP_SET]{VIRTIO_ADMIN_CMD_DRIVER_CAP_SET} & Set the driver capabilities \\
\hline
-0x000a - 0x7FFF & - & Commands using \field{struct virtio_admin_cmd} \\
+0x000a & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE]{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE} & Create a device resource object \\
+\hline
+0x000c & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY]{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY} & Modify a device resource object \\
+\hline
+0x000b & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY]{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY} & Query a device resource object \\
+\hline
+0x000d & \hyperref[par:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects / VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY]{VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY} & Destroy a device resource object \\
+\hline
+0x000e - 0x7FFF & - & Commands using \field{struct virtio_admin_cmd} \\
\hline
0x8000 - 0xFFFF & - & Reserved for future commands (possibly using a different structure) \\
\hline
@@ -168,7 +176,7 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline \hline
00 & VIRTIO_ADMIN_STATUS_OK & successful completion \\
\hline
-06 & VIRTIO_ADMIN_STATUS_ENXIO & no such capability \\
+06 & VIRTIO_ADMIN_STATUS_ENXIO & no such capability or resource\\
\hline
11 & VIRTIO_ADMIN_STATUS_EAGAIN & try again \\
\hline
@@ -178,6 +186,8 @@ \subsection{Group administration commands}\label{sec:Basic Facilities of a Virti
\hline
22 & VIRTIO_ADMIN_STATUS_EINVAL & invalid command \\
\hline
+28 & VIRTIO_ADMIN_STATUS_ENOSPC & resources exhausted on device \\
+\hline
other & - & group administration command error \\
\hline
\end{tabular}
diff --git a/conformance.tex b/conformance.tex
index 8b77eba..297b78a 100644
--- a/conformance.tex
+++ b/conformance.tex
@@ -100,6 +100,7 @@ \section{Conformance Targets}\label{sec:Conformance / Conformance Targets}
\item \ref{drivernormative:General Initialization And Device Operation / Device Cleanup}
\item \ref{drivernormative:Reserved Feature Bits}
\item \ref{drivernormative:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
+\item \ref{drivernormative:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}
\end{itemize}
\conformance{\subsection}{PCI Driver Conformance}\label{sec:Conformance / Driver Conformance / PCI Driver Conformance}
@@ -183,6 +184,7 @@ \section{Conformance Targets}\label{sec:Conformance / Conformance Targets}
\item \ref{devicenormative:Basic Facilities of a Virtio Device / Shared Memory Regions}
\item \ref{devicenormative:Reserved Feature Bits}
\item \ref{devicenormative:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device and driver capabilities}
+\item \ref{devicenormative:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}
\end{itemize}
\conformance{\subsection}{PCI Device Conformance}\label{sec:Conformance / Device Conformance / PCI Device Conformance}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 08/13] virtio-net: Add theory of operation for flow filter
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (6 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 07/13] admin: Add device resource objects admin commands Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2024-06-04 13:28 ` [PATCH v11 09/13] virtio-net: Add flow filter capability Parav Pandit
` (6 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Currently packet allow/drop interface has following limitations.
1. Driver can either select which MAC and VLANs to consider
for allowing/dropping packets, here, the driver has a
limitation that driver needs to supply full mac
table or full vlan table for each type. Driver cannot add or
delete an individual entry.
2. Driver cannot select mac+vlan combination for which
to allow/drop packet.
3. Driver cannot not set other commonly used packet match fields
such as IP header fields, TCP, UDP, SCP header fields.
4. Driver cannot steer specific packets based on the match
fields to specific receiveq.
5. Driver do not have multiple or dedicated virtqueues to
perform flow filter requests in accelerated manner in
the device.
Flow filter as a generic framework overcome above limitations.
As starting point it is useful to support at least two use cases.
a. ARFS
b. ethtool ntuple steering
In future it can be further extended for usecases such as
switching device, connection tracking or may be more.
The flow filter has following properties.
1. It is an extendible object that driver can create, destroy.
2. It belongs to a flow filter group.
3. Each flow filter rule is identified using a unique id,
has priority, match key, destination(rq) and action(allow/drop).
4. Flow filter key also refers to the mask to learn which fields
of the packets to match.
This patch adds theory of operation for flow filter functionality.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v9->v10:
- updated to refer to device resource object
v6->v7:
- addressed comments from Cornelia
- plenty of grammar corrections suggested by Cornelia
- removed stale reference to flow filter virtqueue
- removed incorrect stale hunk of a label
- removed dependency on feature bit and control vq
- rebased to use device capabilities and device resources
v4->v5:
- to avoid feature bit overlap with rss context patch, pick next
unique bit 65
v3->v4:
- removed flow filter virtqueue section as dynamic queues are
not supported currently
v2->v3:
- removed dependency on the dynamic queue creation as the
infrastructure is not yet ready
v1->v2:
- fixed comments from Heng
- grammar corrections
- spelling corrections
---
device-types/net/description.tex | 68 ++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
diff --git a/device-types/net/description.tex b/device-types/net/description.tex
index e65cdd5..58d0692 100644
--- a/device-types/net/description.tex
+++ b/device-types/net/description.tex
@@ -2411,6 +2411,74 @@ \subsubsection{Control Virtqueue}\label{sec:Device Types / Network Device / Devi
of the driver's records. In such cases, the driver should allocate additional
space for the \field{command-specific-result} buffer.
+\subsubsection{Flow filter}\label{sec:Device Types / Network Device / Device Operation / Flow filter}
+
+A network device can support one or more flow filter rules. Each flow filter rule
+is applied by matching a packet and then taking an action, such as directing the packet
+to a specific receiveq or dropping the packet. An example of a match is
+matching on specific source and destination IP addresses.
+
+A flow filter rule is a device resource object that consists of a key,
+a processing priority, and an action to either direct a packet to a
+receive queue or drop the packet.
+
+Each rule uses a classifier. The key is matched against the packet using
+a classifier, defining which fields in the packet are matched.
+A classifier resource object consists of one or more field selectors, each with
+a type that specifies the header fields to be matched against, and a mask.
+The mask can match whole fields or parts of a field in a header. Each
+rule resource object depends on the classifier resource object.
+
+When a packet is received, relevant fields are extracted
+(in the same way) from both the packet and the key according to the
+classifier. The resulting field contents are then compared -
+if they are identical the rule action is taken, if they are not, the rule is ignored.
+
+Multiple flow filter rules are part of a group. The rule resource object
+depends on the group. Each rule within a
+group has a rule priority, and each group also has a group priority. For a
+packet, a group with the highest priority is selected first. Within a group,
+rules are applied from highest to lowest priority, until one of the rules
+matches the packet and an action is taken. If all the rules within a group
+are ignored, the group with the next highest priority is selected, and so on.
+
+The driver controls the flow filter rule, classifier and group resource objects using
+administration commands described in
+\ref{sec:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}.
+
+\paragraph{Packet processing order}\label{sec:sec:Device Types / Network Device / Device Operation / Flow filter / Packet processing order}
+
+Note that flow filter rules are applied after MAC/VLAN filtering. Flow filter
+rules take precedence over steering: if a flow filter rule results in an action,
+the steering configuration does not apply. The steering configuration only applies
+to packets for which no flow filter rule action was performed. For example,
+incoming packets can be processed in the following order:
+
+\begin{itemize}
+\item apply steering configuration received using control virtqueue commands
+ VIRTIO_NET_CTRL_RX, VIRTIO_NET_CTRL_MAC and VIRTIO_NET_CTRL_VLAN.
+\item apply flow filter rules if any.
+\item if no filter rule applied, apply steering configuration received using command
+ VIRTIO_NET_CTRL_MQ_RSS_CONFIG or as per automatic receive steering.
+\end{itemize}
+
+Some incoming packet processing examples:
+\begin{itemize}
+\item If the packet is dropped by the flow filter rule, RSS
+ steering is ignored for the packet.
+\item If the packet is directed to a specific receiveq using flow filter rule,
+ the RSS steering is ignored for the packet.
+\item If a packet is dropped due to the VIRTIO_NET_CTRL_MAC configuration,
+ both flow filter rules and the RSS steering are ignored for the packet.
+\item If a packet does not match any flow filter rules,
+ the RSS steering is used to select the receiveq for the packet (if enabled).
+\item If there are two flow filter groups configured as group_A and group_B
+ with respective group priorities as 4, and 5; flow filter rules of
+ group_B are applied first having highest group priority, if there is a match,
+ the flow filter rules of group_A are ignored; if there is no match for
+ the flow filter rules in group_B, the flow filter rules of next level group_A are applied.
+\end{itemize}
+
\subsubsection{Legacy Interface: Framing Requirements}\label{sec:Device
Types / Network Device / Legacy Interface: Framing Requirements}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 09/13] virtio-net: Add flow filter capability
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (7 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 08/13] virtio-net: Add theory of operation for flow filter Parav Pandit
@ 2024-06-04 13:28 ` Parav Pandit
2025-11-18 22:09 ` Michael S. Tsirkin
2024-06-04 13:29 ` [PATCH v11 10/13] virtio-net: Add flow filter group, classifier and rule resource objects Parav Pandit
` (5 subsequent siblings)
14 siblings, 1 reply; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:28 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Add first flow filter capability that indicates device resource
limits such as number of flow filter rules, groups and selectors.
add second capability that indicates supported selectors defining
which packet headers and their fields supported.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v10->v11:
- fixed comment from Satananda
- fixed the field name to not have 'per_group' in it as it
applies to all flow rules
v9->v10:
- removed num_types field
- used singular capability
- consolidated capability to one
- removed the bmap due to generic mask and key
- added key_mask length to indicate what is the maximum size
of key and mask fields supported by device
- added partial mask supported capability to indicate if the
device can support it or not
- added reference to individual protocol headers
- added actions capability
v6->v7:
- plenty of grammar corrections suggested by Cornelia
- using generic device capabilities framework
- renamed max_flow_priorities_per_group to
max_ff_rules_priorities_per_group to make it more clear
v2->v3:
- rebased on virtio-1.4 branch
- removed reference for flow filter virtqueue
v1->v2:
- addressed comments from Satananda
- added vlan type match field
- kept space for types between l2, l3, l4 header match types
- renamed mask to mask_supported with shorter width
- made more fields reserved for future
- addressed comments from Heng
- grammar correction
- added field to indicate supported number of actions per flow
filter match entry
- added missing documentation for max_flow_priorities_per_group
v0->v1:
- added mask field in the type to indicate supported mask by device
and also in later patch to use it to indicate mask on adding
flow filter. As a result removed the mask_supported capability
field
---
device-types/net/description.tex | 194 +++++++++++++++++++++++++++++++
introduction.tex | 13 +++
2 files changed, 207 insertions(+)
diff --git a/device-types/net/description.tex b/device-types/net/description.tex
index 58d0692..a299c32 100644
--- a/device-types/net/description.tex
+++ b/device-types/net/description.tex
@@ -401,6 +401,22 @@ \subsection{Device Initialization}\label{sec:Device Types / Network Device / Dev
A truly minimal driver would only accept VIRTIO_NET_F_MAC and ignore
everything else.
+\subsection{Device and driver capabilities}\label{sec:Device Types / Network Device / Device and driver capabilities}
+
+The network device has the following capabilities.
+
+\begin{tabularx}{\textwidth}{ |l||l|X| }
+\hline
+Identifier & Name & Description \\
+\hline \hline
+0x0800 & \hyperref[par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_RESOURCE_CAP]{VIRTIO_NET_FF_RESOURCE_CAP} & Flow filter resource capability \\
+\hline
+0x0801 & \hyperref[par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP]{VIRTIO_NET_FF_SELECTOR_CAP} & Flow filter classifier capability \\
+\hline
+0x0802 & \hyperref[par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_ACTION_CAP]{VIRTIO_NET_FF_ACTION_CAP} & Flow filter action capability \\
+\hline
+\end{tabularx}
+
\subsection{Device Operation}\label{sec:Device Types / Network Device / Device Operation}
Packets are transmitted by placing them in the
@@ -2442,6 +2458,14 @@ \subsubsection{Flow filter}\label{sec:Device Types / Network Device / Device Ope
matches the packet and an action is taken. If all the rules within a group
are ignored, the group with the next highest priority is selected, and so on.
+The device and the driver indicates flow filter resource limits using the capability
+\ref{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_RESOURCE_CAP} specifying the limits on the number of flow filter rule,
+group and classifier resource objects. The capability \ref{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP} specifies which selectors the device supports.
+The driver indicates the selectors it is using by setting the flow
+filter selector capability, prior to adding any resource objects.
+
+The capability \ref{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_ACTION_CAP} specifies which actions the device supports.
+
The driver controls the flow filter rule, classifier and group resource objects using
administration commands described in
\ref{sec:Basic Facilities of a Virtio Device / Device groups / Group administration commands / Device resource objects}.
@@ -2479,6 +2503,176 @@ \subsubsection{Flow filter}\label{sec:Device Types / Network Device / Device Ope
the flow filter rules in group_B, the flow filter rules of next level group_A are applied.
\end{itemize}
+\paragraph{Device and driver capabilities}
+\label{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities}
+
+\subparagraph{VIRTIO_NET_FF_RESOURCE_CAP}
+\label{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_RESOURCE_CAP}
+
+The capability VIRTIO_NET_FF_RESOURCE_CAP indicates the flow filter resource limits.
+\field{cap_specific_data} is in the format
+\field{struct virtio_net_ff_cap_data}.
+
+\begin{lstlisting}
+struct virtio_net_ff_cap_data {
+ le32 groups_limit;
+ le32 selectors_limit;
+ le32 rules_limit;
+ le32 rules_per_group_limit;
+ u8 last_rule_priority;
+ u8 selectors_per_classifier_limit;
+};
+\end{lstlisting}
+
+\field{groups_limit}, and \field{selectors_limit} represent the maximum
+number of flow filter groups and selectors, respectively, that the driver can create.
+ \field{rules_limit} is the maximum number of
+flow fiilter rules that the driver can create across all the groups.
+\field{rules_per_group_limit} is the maximum number of flow filter rules that the driver
+can create for each flow filter group.
+
+\field{last_rule_priority} is the highest priority that can be assigned to a
+flow filter rule.
+
+\field{selectors_per_classifier_limit} is the maximum number of selectors
+that a classifier can have.
+
+\subparagraph{VIRTIO_NET_FF_SELECTOR_CAP}
+\label{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP}
+
+The capability VIRTIO_NET_FF_SELECTOR_CAP lists the supported selectors and the
+supported packet header fields for each selector.
+\field{cap_specific_data} is in the format \field{struct virtio_net_ff_cap_mask_data}.
+
+\begin{lstlisting}[label={lst:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP / virtio_net_ff_selector}]
+struct virtio_net_ff_selector {
+ u8 type;
+ u8 flags;
+ u8 reserved[2];
+ u8 length;
+ u8 reserved1[3];
+ u8 mask[];
+};
+
+struct virtio_net_ff_cap_mask_data {
+ u8 count;
+ u8 reserved[7];
+ struct virtio_net_ff_selector selectors[];
+};
+
+#define VIRTIO_NET_FF_MASK_F_PARTIAL_MASK (1 << 0)
+\end{lstlisting}
+
+\field{count} indicates number of valid entries in the \field{selectors} array.
+\field{selectors[]} is an array of supported selectors. Within each array entry:
+\field{type} specifies the type of the packet header, as defined in table
+\ref{table:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP / flow filter selector types}. \field{mask} specifies which fields of the
+packet header can be matched in a flow filter rule.
+
+Each \field{type} is also listed in table
+\ref{table:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP / flow filter selector types}. \field{mask} is a byte array
+in network byte order. For example, when \field{type} is VIRTIO_NET_FF_MASK_TYPE_IPV6,
+the \field{mask} is in the format \hyperref[intro:IPv6-Header-Format]{IPv6 Header Format}.
+
+If partial masking is not set, then all bits in each field have to be either all 0s
+to ignore this field or all 1s to match on this field. If partial masking is set,
+then any combination of bits can bit set to match on these bits.
+For example, when a selector \field{type} is VIRTIO_NET_FF_MASK_TYPE_ETH, if
+\field{mask[0-12]} are zero and \field{mask[13-14]} are 0xff (all 1s), it
+indicates that matching is only supported for \field{EtherType} of
+\field{Ethernet MAC frame}, matching is not supported for
+\field{Destination Address} and \field{Source Address}.
+
+The entries in the array \field{selectors} are ordered by
+\field{type}, with each \field{type} value only appearing once.
+
+\field{length} is the length of a dynamic array \field{mask} in bytes.
+\field{reserved} and \field{reserved1} are reserved and set to zero.
+
+\begin{table}[H]
+\caption{Flow filter selector types}
+\label{table:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP / flow filter selector types}
+\begin{tabularx}{\textwidth}{ |l|X|X| }
+\hline
+Type & Name & Description \\
+\hline \hline
+0x0 & - & Reserved \\
+\hline
+0x1 & VIRTIO_NET_FF_MASK_TYPE_ETH & 14 bytes of frame header starting from destination address described in \hyperref[intro:IEEE 802.3-2022]{IEEE 802.3-2022} \\
+\hline
+0x2 & VIRTIO_NET_FF_MASK_TYPE_IPV4 & 20 bytes of \hyperref[intro:Internet-Header-Format]{IPv4: Internet Header Format} \\
+\hline
+0x3 & VIRTIO_NET_FF_MASK_TYPE_IPV6 & 40 bytes of \hyperref[intro:IPv6-Header-Format]{IPv6 Header Format} \\
+\hline
+0x4 & VIRTIO_NET_FF_MASK_TYPE_TCP & 20 bytes of \hyperref[intro:TCP-Header-Format]{TCP Header Format} \\
+\hline
+0x5 & VIRTIO_NET_FF_MASK_TYPE_UDP & 8 bytes of UDP header described in \hyperref[intro:UDP]{UDP} \\
+\hline
+0x6 - 0xFF & & Reserved for future \\
+\hline
+\end{tabularx}
+\end{table}
+
+When VIRTIO_NET_FF_MASK_F_PARTIAL_MASK (bit 0) is set, it indicates that
+partial masking is supported for all the fields of the selector identified by \field{type}.
+
+For the selector \field{type} VIRTIO_NET_FF_MASK_TYPE_IPV4, if a partial mask is unsupported,
+then matching on an individual bit of \field{Flags} in the
+\field{IPv4: Internet Header Format} is unsupported. \field{Flags} has to match as a whole
+if it is supported.
+
+For the selector \field{type} VIRTIO_NET_FF_MASK_TYPE_IPV4, \field{mask} includes fields
+up to the \field{Destination Address}; that is, \field{Options} and
+\field{Padding} are excluded.
+
+For the selector \field{type} VIRTIO_NET_FF_MASK_TYPE_IPV6, the \field{Next Header} field
+of the \field{mask} corresponds to the \field{Next Header} in the packet
+when \field{IPv6 Extension Headers} are not present. When the packet includes
+one or more \field{IPv6 Extension Headers}, the \field{Next Header} field of
+the \field{mask} corresponds to the \field{Next Header} of the last
+\field{IPv6 Extension Header} in the packet.
+
+For the selector \field{type} VIRTIO_NET_FF_MASK_TYPE_TCP, \field{Control bits}
+are treated as individual fields for matching; that is, matching individual
+\field{Control bits} does not depend on the partial mask support.
+
+\subparagraph{VIRTIO_NET_FF_ACTION_CAP}
+\label{par:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_ACTION_CAP}
+
+The capability VIRTIO_NET_FF_ACTION_CAP lists the supported actions in a rule.
+\field{cap_specific_data} is in the format \field{struct virtio_net_ff_cap_actions}.
+
+\begin{lstlisting}
+struct virtio_net_ff_actions {
+ u8 count;
+ u8 reserved[7];
+ u8 actions[];
+};
+\end{lstlisting}
+
+\field{actions} is an array listing all possible actions.
+The entries in the array are ordered from the smallest to the largest,
+with each supported value appearing exactly once. Each entry can have the
+following values:
+
+\begin{table}[H]
+\caption{Flow filter rule actions}
+\label{table:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_ACTION_CAP / flow filter rule actions}
+\begin{tabularx}{\textwidth}{ |l|X|X| }
+\hline
+Action & Name & Description \\
+\hline \hline
+0x0 & - & reserved \\
+\hline
+0x1 & VIRTIO_NET_FF_ACTION_DROP & Matching packet will be dropped by the device \\
+\hline
+0x2 & VIRTIO_NET_FF_ACTION_DIRECT_RX_VQ & Matching packet will be directed to a receive queue \\
+\hline
+0x3 - 0xFF & & Reserved for future \\
+\hline
+\end{tabularx}
+\end{table}
+
\subsubsection{Legacy Interface: Framing Requirements}\label{sec:Device
Types / Network Device / Legacy Interface: Framing Requirements}
diff --git a/introduction.tex b/introduction.tex
index 8bcef03..0d84927 100644
--- a/introduction.tex
+++ b/introduction.tex
@@ -59,6 +59,10 @@ \section{Normative References}\label{sec:Normative References}
IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture,
\newline\url{http://www.ieee802.org/},
IEEE\\
+ \phantomsection\label{intro:IEEE 802.3-2022}\textbf{[IEEE 802.3-2022]} &
+ IEEE Standard for Ethernet,
+ \newline\url{https://doi.org/10.1109/IEEESTD.2022.9844436},
+ IEEE 802.3-2022\\
\phantomsection\label{intro:SAM}\textbf{[SAM]} &
SCSI Architectural Model,
\newline\url{http://www.t10.org/cgi-bin/ac.pl?t=f&f=sam4r05.pdf}\\
@@ -135,12 +139,21 @@ \section{Normative References}\label{sec:Normative References}
\phantomsection\label{intro:IP}\textbf{[IP]} &
INTERNET PROTOCOL
\newline\url{https://www.rfc-editor.org/rfc/rfc791}\\
+ \phantomsection\label{intro:Internet-Header-Format}\textbf{[Internet Header Format]} &
+ Internet Header Format
+ \newline\url{https://datatracker.ietf.org/doc/html/rfc791#section-3.1}\\
+ \phantomsection\label{intro:IPv6-Header-Format}\textbf{[IPv6 Header Format]} &
+ IPv6 Header Format
+ \newline\url{https://www.rfc-editor.org/rfc/rfc8200#section-3}\\
\phantomsection\label{intro:UDP}\textbf{[UDP]} &
User Datagram Protocol
\newline\url{https://www.rfc-editor.org/rfc/rfc768}\\
\phantomsection\label{intro:TCP}\textbf{[TCP]} &
TRANSMISSION CONTROL PROTOCOL
\newline\url{https://www.rfc-editor.org/rfc/rfc793}\\
+ \phantomsection\label{intro:TCP-Header-Format}\textbf{[TCP Header Format]} &
+ TCP Header Format
+ \newline\url{https://www.rfc-editor.org/rfc/rfc9293#name-header-format}\\
\phantomsection\label{intro:CAN}\textbf{[CAN]} &
ISO 11898-1:2015 Road vehicles -- Controller area network (CAN) -- Part 1: Data link layer and physical signalling\\
\end{longtable}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* Re: [PATCH v11 09/13] virtio-net: Add flow filter capability
2024-06-04 13:28 ` [PATCH v11 09/13] virtio-net: Add flow filter capability Parav Pandit
@ 2025-11-18 22:09 ` Michael S. Tsirkin
2025-11-19 3:31 ` Parav Pandit
0 siblings, 1 reply; 20+ messages in thread
From: Michael S. Tsirkin @ 2025-11-18 22:09 UTC (permalink / raw)
To: Parav Pandit
Cc: virtio-comment, cohuck, hengqi, sburla, shahafs, si-wei.liu,
peter.hilber, jasowang, xuanzhuo
On Tue, Jun 04, 2024 at 04:28:59PM +0300, Parav Pandit wrote:
> +\begin{lstlisting}
> +struct virtio_net_ff_cap_data {
> + le32 groups_limit;
> + le32 selectors_limit;
> + le32 rules_limit;
> + le32 rules_per_group_limit;
> + u8 last_rule_priority;
> + u8 selectors_per_classifier_limit;
> +};
> +\end{lstlisting}
I don't know how I missed this, but this structure is not
aligned properly. In a typical compiler there's going
to be a 2 byte padding here :(
It's been a year ... do you think it's too late to fix?
Parav?
If it's been out too long then maybe we need a flag to fix it.
--
MST
^ permalink raw reply [flat|nested] 20+ messages in thread* RE: [PATCH v11 09/13] virtio-net: Add flow filter capability
2025-11-18 22:09 ` Michael S. Tsirkin
@ 2025-11-19 3:31 ` Parav Pandit
0 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2025-11-19 3:31 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: virtio-comment@lists.linux.dev, cohuck@redhat.com,
hengqi@linux.alibaba.com, sburla@marvell.com, Shahaf Shuler,
si-wei.liu@oracle.com, peter.hilber@opensynergy.com,
jasowang@redhat.com, xuanzhuo@linux.alibaba.com
> From: Michael S. Tsirkin <mst@redhat.com>
> Sent: 19 November 2025 03:40 AM
>
> On Tue, Jun 04, 2024 at 04:28:59PM +0300, Parav Pandit wrote:
> > +\begin{lstlisting}
> > +struct virtio_net_ff_cap_data {
> > + le32 groups_limit;
> > + le32 selectors_limit;
> > + le32 rules_limit;
> > + le32 rules_per_group_limit;
> > + u8 last_rule_priority;
> > + u8 selectors_per_classifier_limit; }; \end{lstlisting}
>
>
> I don't know how I missed this, but this structure is not aligned properly. In a
> typical compiler there's going to be a 2 byte padding here :(
>
>
> It's been a year ... do you think it's too late to fix?
> Parav?
> If it's been out too long then maybe we need a flag to fix it.
Structure not aligned to 8B size is not so good, but it is allowed.
The spec already has text as below.
Many device and driver in-memory structure layouts are documented using the C struct syntax. All structures
are assumed to be without additional padding. To stress this, cases where common C compilers are known
to insert extra padding within structures are tagged using the GNU C __attribute__((packed)) syntax.
Above structure is similar to
struct virtio_net_config is 28 bytes.
struct virtio_gpu_config is 20 bytes.
Patch-5 should define this struct using packed attribute.
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v11 10/13] virtio-net: Add flow filter group, classifier and rule resource objects
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (8 preceding siblings ...)
2024-06-04 13:28 ` [PATCH v11 09/13] virtio-net: Add flow filter capability Parav Pandit
@ 2024-06-04 13:29 ` Parav Pandit
2024-06-04 13:29 ` [PATCH v11 11/13] virtio-net: Add flow filter device and driver requirements Parav Pandit
` (4 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:29 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Flow filter rules depend on the flow filter group resource object.
The device can have one or more flow filter groups. Each flow filter
group has its own order. The group order defines the packet
processing order in the flow filter domain.
Define flow filter classifier object which consists of one
or multiple types of packet header fields to consider
for matching. A mask can match on partial field or whole
field if the device supports partial masking for a given
mask type.
Define flow filter rule resource which consists of
match key, reference to group and mask objects and
an action.
Currently it covers the most common filter types and value
of Ethernet header, IPV4 and IPV6 headers and TCP and UDP headers.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
changelog:
v9->v10:
- rephrase from 'resource' to 'resource object'
- renamed and rephrase 'forward' to 'direct'
- skipped dest_ prefix from the action
- removed union and kept the reserved1 for future extension
- added text for reserved and reserved1 future extension for example for switch port
or next rule object id or some other object
- simplified structures for single key and single action
- flow rule to refer to the flow filter mask resource object
- removed specific type and key specific fields
v6->v7:
- plenty of grammar corrections suggested by Cornelia
- adapt to generic device resource framework
- addressed comments from Cornelia
- reworded the description for group delete command
- rebased the series on top of generic resource framework
v2->v3:
- removed references to flow filter virtqueues
- removed one partial sentence
- added text for delete request
- aligned request and opcode values to just say request in the defines
v1->v2:
- squashed with match fields definition patch of v1
- added length to the flexible array definition struct to benefit
from future runtime length bound checkers listed in
https://people.kernel.org/kees/bounded-flexible-arrays-in-c
- renamed value to key
- addressed comments from Satananda
- merged destination and action to one struct
v0->v1:
- reworded add flow request text to consider optional mask
- replaced respond with set
- added mask flag to the type
---
device-types/net/description.tex | 173 +++++++++++++++++++++++++++++++
introduction.tex | 8 ++
2 files changed, 181 insertions(+)
diff --git a/device-types/net/description.tex b/device-types/net/description.tex
index a299c32..4084bfb 100644
--- a/device-types/net/description.tex
+++ b/device-types/net/description.tex
@@ -417,6 +417,22 @@ \subsection{Device and driver capabilities}\label{sec:Device Types / Network Dev
\hline
\end{tabularx}
+\subsection{Device resource objects}\label{sec:Device Types / Network Device / Device resource objects}
+
+The network device has the following resource objects.
+
+\begin{tabularx}{\textwidth}{ |l||l|X| }
+\hline
+type & Name & Description \\
+\hline \hline
+0x0200 & \hyperref[par:Device Types / Network Device / Device Operation / Flow filter / Resource objects / VIRTIO_NET_RESOURCE_OBJ_FF_GROUP]{VIRTIO_NET_RESOURCE_OBJ_FF_GROUP} & Flow filter group resource object \\
+\hline
+0x0201 & \hyperref[par:Device Types / Network Device / Device Operation / Flow filter / Resource objects / VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER]{VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER} & Flow filter mask object \\
+\hline
+0x0202 & \hyperref[par:Device Types / Network Device / Device Operation / Flow filter / Resource objects / VIRTIO_NET_RESOURCE_OBJ_FF_RULE]{VIRTIO_NET_RESOURCE_OBJ_FF_RULE} & Flow filter rule object \\
+\hline
+\end{tabularx}
+
\subsection{Device Operation}\label{sec:Device Types / Network Device / Device Operation}
Packets are transmitted by placing them in the
@@ -2673,6 +2689,163 @@ \subsubsection{Flow filter}\label{sec:Device Types / Network Device / Device Ope
\end{tabularx}
\end{table}
+\paragraph{Resource objects}
+\label{par:Device Types / Network Device / Device Operation / Flow filter / Resource objects}
+
+\subparagraph{VIRTIO_NET_RESOURCE_OBJ_FF_GROUP}\label{par:Device Types / Network Device / Device Operation / Flow filter / Resource objects / VIRTIO_NET_RESOURCE_OBJ_FF_GROUP}
+
+A flow filter group contains between 0 and \field{rules_limit} rules, as specified by the
+capability VIRTIO_NET_FF_RESOURCE_CAP. For the flow filter group object both
+\field{resource_obj_specific_data} and
+\field{resource_obj_specific_result} are in the format
+\field{struct virtio_net_resource_obj_ff_group}.
+
+\begin{lstlisting}
+struct virtio_net_resource_obj_ff_group {
+ le16 group_priority;
+};
+\end{lstlisting}
+
+\field{group_priority} specifies the priority for the group. Each group has a
+distinct priority. For each incoming packet, the device tries to apply rules
+from groups from higher \field{group_priority} value to lower, until either a
+rule matches the packet or all groups have been tried.
+
+\subparagraph{VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER}\label{par:Device Types / Network Device / Device Operation / Flow filter / Resource objects / VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER}
+
+A classifier is used to match a flow filter key against a packet. The
+classifier defines the desired packet fields to match, and is represented by
+the VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER device resource object.
+
+For the flow filter classifier object both \field{resource_obj_specific_data} and
+\field{resource_obj_specific_result} are in the format
+\field{struct virtio_net_resource_obj_ff_classifier}.
+
+\begin{lstlisting}
+struct virtio_net_resource_obj_ff_classifier {
+ u8 count;
+ u8 reserved[7];
+ struct virtio_net_ff_selector selectors[];
+};
+\end{lstlisting}
+
+A classifier is an array of \field{selectors}. The number of selectors in the
+array is indicated by \field{count}. The selector has a type that specifies
+the header fields to be matched against, and a mask.
+See \ref{lst:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_SELECTOR_CAP / virtio_net_ff_selector}
+for details about selectors.
+
+The first selector is always VIRTIO_NET_FF_MASK_TYPE_ETH. When there are multiple
+selectors, a second selector can be either VIRTIO_NET_FF_MASK_TYPE_IPV4
+or VIRTIO_NET_FF_MASK_TYPE_IPV6. If the third selector exists, the third
+selector can be either VIRTIO_NET_FF_MASK_TYPE_UDP or VIRTIO_NET_FF_MASK_TYPE_TCP.
+For example, to match a Ethernet IPv6 UDP packet,
+\field{selectors[0].type} is set to VIRTIO_NET_FF_MASK_TYPE_ETH, \field{selectors[1].type}
+is set to VIRTIO_NET_FF_MASK_TYPE_IPV6 and \field{selectors[2].type} is
+set to VIRTIO_NET_FF_MASK_TYPE_UDP; accordingly, \field{selectors[0].mask[0-13]} is
+for Ethernet header fields, \field{selectors[1].mask[0-39]} is set for IPV6 header
+and \field{selectors[2].mask[0-7]} is set for UDP header.
+
+When there are multiple selectors, the type of the (N+1)\textsuperscript{th} selector
+affects the mask of the (N)\textsuperscript{th} selector. If
+\field{count} is 2 or more, all the mask bits within \field{selectors[0]}
+corresponding to \field{EtherType} of an Ethernet header are set.
+
+If \field{count} is more than 2:
+\begin{itemize}
+\item if \field{selector[1].type} is, VIRTIO_NET_FF_MASK_TYPE_IPV4, then, all the mask bits within
+\field{selector[1]} for \field{Protocol} is set.
+\item if \field{selector[1].type} is, VIRTIO_NET_FF_MASK_TYPE_IPV6, then, all the mask bits within
+\field{selector[1]} for \field{Next Header} is set.
+\end{itemize}
+
+If for a given packet header field, a subset of bits of a field is to be matched,
+and if the partial mask is supported, the flow filter
+mask object can specify a mask which has fewer bits set than the packet header
+field size. For example, a partial mask for the Ethernet header source mac
+address can be of 1-bit for multicast detection instead of 48-bits.
+
+\subparagraph{VIRTIO_NET_RESOURCE_OBJ_FF_RULE}\label{par:Device Types / Network Device / Device Operation / Flow filter / Resource objects / VIRTIO_NET_RESOURCE_OBJ_FF_RULE}
+
+Each flow filter rule resource object comprises a key, a priority, and an action.
+For the flow filter rule object,
+\field{resource_obj_specific_data} and
+\field{resource_obj_specific_result} are in the format
+\field{struct virtio_net_resource_obj_ff_rule}.
+
+\begin{lstlisting}
+struct virtio_net_resource_obj_ff_rule {
+ le32 group_id;
+ le32 classifier_id;
+ u8 rule_priority;
+ u8 key_length; /* length of key in bytes */
+ u8 action;
+ u8 reserved;
+ le16 vq_index;
+ u8 reserved1[2];
+ u8 keys[][];
+};
+\end{lstlisting}
+
+\field{group_id} is the resource object ID of the flow filter group to which
+this rule belongs. \field{classifier_id} is the resource object ID of the
+classifier used to match a packet against the \field{key}.
+
+\field{rule_priority} denotes the priority of the rule within the group
+specified by the \field{group_id}.
+Rules within the group are applied from the highest to the lowest priority
+until a rule matches the packet and an
+action is taken. Rules with the same priority can be applied in any order.
+
+\field{reserved} and \field{reserved1} are reserved and set to 0.
+
+\field{keys[][]} is an array of keys to match against packets, using
+the classifier specified by \field{classifier_id}. Each entry (key) comprises
+a byte array, and they are located one immediately after another.
+The size (number of entries) of the array is exactly the same as that of
+\field{selectors} in the classifier, or in other words, \field{count}
+in the classifier.
+
+\field{key_length} specifies the total length of \field{keys} in bytes.
+In other words, it equals the sum total of \field{length} of all
+selectors in \field{selectors} in the classifier specified by
+\field{classifier_id}.
+
+For example, if a classifier object's \field{selectors[0].type} is
+VIRTIO_NET_FF_MASK_TYPE_ETH and \field{selectors[1].type} is
+VIRTIO_NET_FF_MASK_TYPE_IPV6,
+then selectors[0].length is 14 and selectors[1].length is 40.
+Accordingly, the \field{key_length} is set to 54.
+This setting indicates that the \field{key} array's length is 54 bytes
+comprising a first byte array of 14 bytes for the
+Ethernet MAC header in bytes 0-13, immediately followed by 40 bytes for the
+IPv6 header in bytes 14-53.
+
+When there are multiple selectors in the classifier object, the key bytes
+for (N)\textsuperscript{th} selector are set so that
+(N+1)\textsuperscript{th} selector can be matched.
+
+If \field{count} is 2 or more, key bytes of \field{EtherType}
+are set according to \hyperref[intro:IEEE 802 Ethertypes]{IEEE 802 Ethertypes}
+for VIRTIO_NET_FF_MASK_TYPE_IPV4 or VIRTIO_NET_FF_MASK_TYPE_IPV6 respectively.
+
+If \field{count} is more than 2, when \field{selector[1].type} is
+VIRTIO_NET_FF_MASK_TYPE_IPV4 or VIRTIO_NET_FF_MASK_TYPE_IPV6, key
+bytes of \field{Protocol} or \field{Next Header} is set as per
+\field{Protocol Numbers} defined \hyperref[intro:IANA Protocol Numbers]{IANA Protocol Numbers}
+respectively.
+
+\field{action} is the action to take when a packet matches the
+\field{key} using the \field{classifier_id}. Supported actions are described in
+\ref{table:Device Types / Network Device / Device Operation / Flow filter / Device and driver capabilities / VIRTIO_NET_FF_ACTION_CAP / flow filter rule actions}.
+
+\field{vq_index} specifies a receive virtqueue. When the \field{action} is set
+to VIRTIO_NET_FF_ACTION_DIRECT_RX_VQ, and the packet matches the \field{key},
+the matching packet is directed to this virtqueue.
+
+Note that at most one action is ever taken for a given packet. If a rule is
+applied and an action is taken, the action of other rules is not taken.
+
\subsubsection{Legacy Interface: Framing Requirements}\label{sec:Device
Types / Network Device / Legacy Interface: Framing Requirements}
diff --git a/introduction.tex b/introduction.tex
index 0d84927..9c57af8 100644
--- a/introduction.tex
+++ b/introduction.tex
@@ -63,6 +63,14 @@ \section{Normative References}\label{sec:Normative References}
IEEE Standard for Ethernet,
\newline\url{https://doi.org/10.1109/IEEESTD.2022.9844436},
IEEE 802.3-2022\\
+ \phantomsection\label{intro:IEEE 802 Ethertypes}\textbf{[IEEE 802 Ethertypes]} &
+ IEEE 802 Ethertypes,
+ \newline\url{https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml},
+ IANA\\
+ \phantomsection\label{intro:IANA Protocol Numbers}\textbf{[IANA Protocol Numbers]} &
+ IANA Protocol Numbers,
+ \newline\url{https://www.iana.org/assignments/protocol-numbers},
+ IANA\\
\phantomsection\label{intro:SAM}\textbf{[SAM]} &
SCSI Architectural Model,
\newline\url{http://www.t10.org/cgi-bin/ac.pl?t=f&f=sam4r05.pdf}\\
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 11/13] virtio-net: Add flow filter device and driver requirements
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (9 preceding siblings ...)
2024-06-04 13:29 ` [PATCH v11 10/13] virtio-net: Add flow filter group, classifier and rule resource objects Parav Pandit
@ 2024-06-04 13:29 ` Parav Pandit
2024-06-04 13:29 ` [PATCH v11 12/13] newdevice: Improve the appendix chapter heading to reflect the content Parav Pandit
` (3 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:29 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Add device and driver flow filter requirements.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Heng Qi <hengqi@linux.alibaba.com>
---
changelog:
v10->v11:
- renamed last_rule_priority_per_group to last_rule_priority
v9->v10:
- rephrase from 'resource' to 'resource object'
v6->v7:
- added device normatives for valid ranges
- rebased to use capabilities and resources
v5->v6:
- removed white spaces from end of line
- added missing conformance links
v2->v3:
- removed dependency on the dynamic queue creation as the
infrastructure is not yet ready
v1->v2:
- fixed comments from Heng
- fixed spelling from initializaton to initialization
- added more requirements for multiple actions
v0->v1:
- addressed comments from Satananda
- added device requirement to return non zero value in fields_bmap
- added device requirement to not repeat filter type in response
- added driver requirement to order filter match field as it
appears in the packet
- added device requirement to fail group delete command on existing
flow entries
---
device-types/net/description.tex | 174 ++++++++++++++++++++++++
device-types/net/device-conformance.tex | 1 +
device-types/net/driver-conformance.tex | 1 +
3 files changed, 176 insertions(+)
diff --git a/device-types/net/description.tex b/device-types/net/description.tex
index 4084bfb..0ad6f1d 100644
--- a/device-types/net/description.tex
+++ b/device-types/net/description.tex
@@ -2846,6 +2846,180 @@ \subsubsection{Flow filter}\label{sec:Device Types / Network Device / Device Ope
Note that at most one action is ever taken for a given packet. If a rule is
applied and an action is taken, the action of other rules is not taken.
+\devicenormative{\paragraph}{Flow filter}{Device Types / Network Device / Device Operation / Flow filter}
+
+When the device supports flow filter operations,
+\begin{itemize}
+\item the device MUST set VIRTIO_NET_FF_RESOURCE_CAP, VIRTIO_NET_FF_SELECTOR_CAP
+and VIRTIO_NET_FF_ACTION_CAP capability in the \field{supported_caps} in the
+command VIRTIO_ADMIN_CMD_CAP_SUPPORT_QUERY.
+\item the device MUST support the administration commands
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE,
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY, VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY,
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY for the resource types
+VIRTIO_NET_RESOURCE_OBJ_FF_GROUP, VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER and
+VIRTIO_NET_RESOURCE_OBJ_FF_RULE.
+\end{itemize}
+
+When any of the VIRTIO_NET_FF_RESOURCE_CAP, VIRTIO_NET_FF_SELECTOR_CAP, or
+VIRTIO_NET_FF_ACTION_CAP capability is disabled, the device SHOULD set
+\field{status} to VIRTIO_ADMIN_STATUS_Q_INVALID_OPCODE for the commands
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE,
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_MODIFY, VIRTIO_ADMIN_CMD_RESOURCE_OBJ_QUERY,
+and VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY. These commands apply to the resource
+\field{type} of VIRTIO_NET_RESOURCE_OBJ_FF_GROUP, VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER, and
+VIRTIO_NET_RESOURCE_OBJ_FF_RULE.
+
+The device SHOULD set \field{status} to VIRTIO_ADMIN_STATUS_EINVAL for the
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE when the resource \field{type}
+is VIRTIO_NET_RESOURCE_OBJ_FF_GROUP, if a flow filter group already exists
+with the supplied \field{group_priority}.
+
+The device SHOULD set \field{status} to VIRTIO_ADMIN_STATUS_ENOSPC for the
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE when the resource \field{type}
+is VIRTIO_NET_RESOURCE_OBJ_FF_GROUP, if the number of flow filter group
+objects in the device exceeds the lower of the configured driver
+capabilities \field{groups_limit} and \field{rules_per_group_limit}.
+
+The device SHOULD set \field{status} to VIRTIO_ADMIN_STATUS_ENOSPC for the
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE when the resource \field{type} is
+VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER, if the number of flow filter selector
+objects in the device exceeds the configured driver capability
+\field{selectors_limit}.
+
+The device SHOULD set \field{status} to VIRTIO_ADMIN_STATUS_EBUSY for the
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY for a flow filter group when
+the flow filter group has one or more flow filter rules depending on it.
+
+The device SHOULD set \field{status} to VIRTIO_ADMIN_STATUS_EBUSY for the
+command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY for a flow filter classifier when
+the flow filter classifier has one or more flow filter rules depending on it.
+
+The device SHOULD fail the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE for the
+flow filter rule resource object if,
+\begin{itemize}
+\item \field{vq_index} is not a valid receive virtqueue index for
+the VIRTIO_NET_FF_ACTION_DIRECT_RX_VQ action,
+\item \field{priority} is greater than or equal to
+ \field{last_rule_priority},
+\item \field{id} is greater than or equal to \field{rules_limit} or
+ greater than or equal to \field{rules_per_group_limit}, whichever is lower,
+\item the length of \field{keys} and the length of all the mask bytes of
+ \field{selectors[].mask} as referred by \field{classifier_id} differs,
+\item the supplied \field{action} is not supported in the capability VIRTIO_NET_FF_ACTION_CAP.
+\end{itemize}
+
+When the flow filter directs a packet to the virtqueue identified by
+\field{vq_index} and if the receive virtqueue is reset, the device
+MUST drop such packets.
+
+Upon applying a flow filter rule to a packet, the device MUST STOP any further
+application of rules and cease applying any other steering configurations.
+
+For multiple flow filter groups, the device MUST apply the rules from
+the group with the highest priority. If any rule from this group is applied,
+the device MUST ignore the remaining groups. If none of the rules from the
+highest priority group match, the device MUST apply the rules from
+the group with the next highest priority, until either a rule matches or
+all groups have been attempted.
+
+The device MUST apply the rules within the group from the highest to the
+lowest priority until a rule matches the packet, and the device MUST take
+the action. If an action is taken, the device MUST not take any other
+action for this packet.
+
+The device MAY apply the rules with the same \field{rule_priority} in any
+order within the group.
+
+The device MUST process incoming packets in the following order:
+\begin{itemize}
+\item apply the steering configuration received using control virtqueue
+ commands VIRTIO_NET_CTRL_RX, VIRTIO_NET_CTRL_MAC, and
+ VIRTIO_NET_CTRL_VLAN.
+\item apply flow filter rules if any.
+\item if no filter rule is applied, apply the steering configuration
+ received using the command VIRTIO_NET_CTRL_MQ_RSS_CONFIG
+ or according to automatic receive steering.
+\end{itemize}
+
+When processing an incoming packet, if the packet is dropped at any stage, the device
+MUST skip further processing.
+
+When the device drops the packet due to the configuration done using the control
+virtqueue commands VIRTIO_NET_CTRL_RX or VIRTIO_NET_CTRL_MAC or VIRTIO_NET_CTRL_VLAN,
+the device MUST skip flow filter rules for this packet.
+
+When the device performs flow filter match operations and if the operation
+result did not have any match in all the groups, the receive packet processing
+continues to next level, i.e. to apply configuration done using
+VIRTIO_NET_CTRL_MQ_RSS_CONFIG command.
+
+The device MUST support the creation of flow filter classifier objects
+using the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE with \field{flags}
+set to VIRTIO_NET_FF_MASK_F_PARTIAL_MASK;
+this support is required even if all the bits of the masks are set for
+a field in \field{selectors}, provided that partial masking is supported
+for the selectors.
+
+\drivernormative{\paragraph}{Flow filter}{Device Types / Network Device / Device Operation / Flow filter}
+
+The driver MUST enable VIRTIO_NET_FF_RESOURCE_CAP, VIRTIO_NET_FF_SELECTOR_CAP,
+and VIRTIO_NET_FF_ACTION_CAP capabilities to use flow filter.
+
+The driver SHOULD NOT remove a flow filter group using the command
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY when one or more flow filter rules
+depend on that group. The driver SHOULD only destroy the group after
+all the associated rules have been destroyed.
+
+The driver SHOULD NOT remove a flow filter classifier using the command
+VIRTIO_ADMIN_CMD_RESOURCE_OBJ_DESTROY when one or more flow filter rules
+depend on the classifier. The driver SHOULD only destroy the classifier
+after all the associated rules have been destroyed.
+
+The driver SHOULD NOT add multiple flow filter rules with the same
+\field{rule_priority} within a flow filter group, as these rules MAY match
+the same packet. The driver SHOULD assign different \field{rule_priority}
+values to different flow filter rules if multiple rules may match a single
+packet.
+
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE, when creating a resource
+of \field{type} VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER, the driver MUST set:
+\begin{itemize}
+\item \field{selectors[0].type} to VIRTIO_NET_FF_MASK_TYPE_ETH.
+\item \field{selectors[1].type} to VIRTIO_NET_FF_MASK_TYPE_IPV4 or
+ VIRTIO_NET_FF_MASK_TYPE_IPV6 when \field{count} is more than 1,
+\item \field{selectors[2].type} VIRTIO_NET_FF_MASK_TYPE_UDP or
+ VIRTIO_NET_FF_MASK_TYPE_TCP when \field{count} is more than 2.
+\end{itemize}
+
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE, when creating a resource
+of \field{type} VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER, the driver MUST set:
+\begin{itemize}
+\item \field{selectors[0].mask} bytes to all 1s for the \field{EtherType}
+ when \field{count} is 2 or more.
+\item \field{selectors[1].mask} bytes to all 1s for \field{Protocol} or \field{Next Header}
+ when \field{selector[1].type} is VIRTIO_NET_FF_MASK_TYPE_IPV4 or VIRTIO_NET_FF_MASK_TYPE_IPV6,
+ and when \field{count} is more than 2.
+\end{itemize}
+
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE, the resource \field{type}
+VIRTIO_NET_RESOURCE_OBJ_FF_RULE, if the corresponding classifier object's
+\field{count} is 2 or more, the driver MUST SET the \field{keys} bytes of
+\field{EtherType} in accordance with
+\hyperref[intro:IEEE 802 Ethertypes]{IEEE 802 Ethertypes}
+for either VIRTIO_NET_FF_MASK_TYPE_IPV4 or VIRTIO_NET_FF_MASK_TYPE_IPV6.
+
+For the command VIRTIO_ADMIN_CMD_RESOURCE_OBJ_CREATE, when creating a resource of
+\field{type} VIRTIO_NET_RESOURCE_OBJ_FF_RULE, if the corresponding classifier
+object's \field{count} is more than 2, and the \field{selector[1].type} is either
+VIRTIO_NET_FF_MASK_TYPE_IPV4 or VIRTIO_NET_FF_MASK_TYPE_IPV6, the driver MUST
+set the \field{keys} bytes for the \field{Protocol} or \field{Next Header}
+according to \hyperref[intro:IANA Protocol Numbers]{IANA Protocol Numbers} respectively.
+
+The driver SHOULD set all the bits for a field in the mask of a selector in both the
+capability and the classifier object, unless the VIRTIO_NET_FF_MASK_F_PARTIAL_MASK
+is enabled.
+
\subsubsection{Legacy Interface: Framing Requirements}\label{sec:Device
Types / Network Device / Legacy Interface: Framing Requirements}
diff --git a/device-types/net/device-conformance.tex b/device-types/net/device-conformance.tex
index c71341e..d88484c 100644
--- a/device-types/net/device-conformance.tex
+++ b/device-types/net/device-conformance.tex
@@ -17,4 +17,5 @@
\item \ref{devicenormative:Device Types / Network Device / Device Operation / Control Virtqueue / Inner Header Hash}
\item \ref{devicenormative:Device Types / Network Device / Device Operation / Control Virtqueue / Device Statistics}
\item \ref{devicenormative:Device Types / Network Device / Device Operation / Control Virtqueue / RSS Context}
+\item \ref{devicenormative:Device Types / Network Device / Device Operation / Flow filter}
\end{itemize}
diff --git a/device-types/net/driver-conformance.tex b/device-types/net/driver-conformance.tex
index 7081ec3..d346b88 100644
--- a/device-types/net/driver-conformance.tex
+++ b/device-types/net/driver-conformance.tex
@@ -17,4 +17,5 @@
\item \ref{drivernormative:Device Types / Network Device / Device Operation / Control Virtqueue / Inner Header Hash}
\item \ref{drivernormative:Device Types / Network Device / Device Operation / Control Virtqueue / Device Statistics}
\item \ref{drivernormative:Device Types / Network Device / Device Operation / Control Virtqueue / RSS Context}
+\item \ref{drivernormative:Device Types / Network Device / Device Operation / Flow filter}
\end{itemize}
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 12/13] newdevice: Improve the appendix chapter heading to reflect the content
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (10 preceding siblings ...)
2024-06-04 13:29 ` [PATCH v11 11/13] virtio-net: Add flow filter device and driver requirements Parav Pandit
@ 2024-06-04 13:29 ` Parav Pandit
2024-06-04 13:29 ` [PATCH v11 13/13] newdevice: Extend informative guidance on capability, resource objects Parav Pandit
` (2 subsequent siblings)
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:29 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Current appendix chapter already covers useful notes for creating
new device types and also for extending the device in
'device improvements' section.
The chapter heading was not reflecting the notation for extending the
existing device. This sometimes creates confusion/misinterpretation to readers.
Hence fix the heading to reflect the written sections.
While at it, remove the empty lines at the end of the file.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
---
newdevice.tex | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/newdevice.tex b/newdevice.tex
index ed0124b..4f43554 100644
--- a/newdevice.tex
+++ b/newdevice.tex
@@ -1,9 +1,9 @@
-\chapter{Creating New Device Types}\label{sec:Creating New Device Types}
+\chapter{Creating New Device Types or Extending the Device}\label{sec:Creating New Device Types or Extending the Device}
Various considerations are necessary when creating a new device
-type.
+type or when extending the device functionality.
-\section{How Many Virtqueues?}\label{sec:Creating New Device Types / How Many Virtqueues?}
+\section{How Many Virtqueues?}\label{sec:Creating New Device Types or Extending the Device / How Many Virtqueues?}
It is possible that a very simple device will operate entirely
through its device configuration space, but most will need at least one
@@ -13,7 +13,7 @@ \section{How Many Virtqueues?}\label{sec:Creating New Device Types / How Many Vi
receive input, and one which the driver places buffers to
transmit output.
-\section{What Device Configuration Space Layout?}\label{sec:Creating New Device Types / What Device Configuration Space Layout?}
+\section{What Device Configuration Space Layout?}\label{sec:Creating New Device Types or Extending the Device / What Device Configuration Space Layout?}
Device configuration space should only be used for initialization-time
parameters. It is a limited resource with no synchronization between
@@ -26,7 +26,7 @@ \section{What Device Configuration Space Layout?}\label{sec:Creating New Device
writable by the driver. Therefore, no writeable field which triggers an
action ought to be wider than 32 bits.
-\section{What Device Number?}\label{sec:Creating New Device Types / What Device Number?}
+\section{What Device Number?}\label{sec:Creating New Device Types or Extending the Device / What Device Number?}
Device numbers can be reserved by the OASIS committee: email
virtio-comment@lists.linux.dev (after subscribing through
@@ -34,7 +34,7 @@ \section{What Device Number?}\label{sec:Creating New Device Types / What Device
Meanwhile for experimental drivers, use 65535 and work backwards.
-\section{How many MSI-X vectors? (for PCI)}\label{sec:Creating New Device Types / How many MSI-X vectors? (for PCI)}
+\section{How many MSI-X vectors? (for PCI)}\label{sec:Creating New Device Types or Extending the Device / How many MSI-X vectors? (for PCI)}
Using the optional MSI-X capability devices can speed up
interrupt processing by removing the need to read ISR Status
@@ -52,7 +52,7 @@ \section{How many MSI-X vectors? (for PCI)}\label{sec:Creating New Device Types
number of vectors as possible, or disabling MSI-X capability
altogether.
-\section{Device Improvements}\label{sec:Creating New Device Types / Device Improvements}
+\section{Device Improvements}\label{sec:Creating New Device Types or Extending the Device / Device Improvements}
Any change to device configuration space, or new virtqueues, or
behavioural changes, should be indicated by negotiation of a new
@@ -64,5 +64,3 @@ \section{Device Improvements}\label{sec:Creating New Device Types / Device Impro
can use a single bit, but if one feature makes sense without the
others they should not be gratuitously grouped together to
conserve feature bits.
-
-
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PATCH v11 13/13] newdevice: Extend informative guidance on capability, resource objects
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (11 preceding siblings ...)
2024-06-04 13:29 ` [PATCH v11 12/13] newdevice: Improve the appendix chapter heading to reflect the content Parav Pandit
@ 2024-06-04 13:29 ` Parav Pandit
2024-06-04 17:16 ` [EXTERNAL] [PATCH v11 00/13] flow filter using basic facilities of capability and " Satananda Burla
[not found] ` <691016c0-b8e4-48f0-a26b-45296102f501@davidwei.uk>
14 siblings, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2024-06-04 13:29 UTC (permalink / raw)
To: virtio-comment, mst, cohuck
Cc: hengqi, sburla, shahafs, si-wei.liu, peter.hilber, jasowang,
xuanzhuo, Parav Pandit
Add few informative guidance/notes about which use cases to use
device and driver capabilities and device resource objects.
Fixes: https://github.com/oasis-tcs/virtio-spec/issues/179
Signed-off-by: Parav Pandit <parav@nvidia.com>
---
internal changelog:
- only sending last patch-12 to avoid the flood
- added back resource limit sentence along with resource object
- replaced administrative -> administration
- replaced admin virtqueue -> administration virtqueue
- replaced admin -> administration
- replaced utilize -> use
changelog:
v9->v10:
- updated examples
v7->v8:
- improved the examples and text for usage of device capabilities
and device resources
- added more Q&A to clarify the resources and capabilities
---
newdevice.tex | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/newdevice.tex b/newdevice.tex
index 4f43554..c18689f 100644
--- a/newdevice.tex
+++ b/newdevice.tex
@@ -26,6 +26,27 @@ \section{What Device Configuration Space Layout?}\label{sec:Creating New Device
writable by the driver. Therefore, no writeable field which triggers an
action ought to be wider than 32 bits.
+\section{When to use device resource object?}\label{sec:Creating New Device Types or Extending the Device / When to use device resource object?}
+Device resource objects are best suited to represent device resources used
+dynamically by the driver. Limits on resource usage appear as limit
+fields in a device capability.
+
+\section{When to use the capabilities?}\label{sec:Creating New Device Types or Extending the Device / When to use the capabilities?}
+Capabilities allow the device and the driver to negotiate support and resources
+used for specific functionality. For example, for a networking device, a
+capability can represent the limit on the number of flow filter groups. In
+another example, a capability can represent the allowed flow filter classifiers.
+
+\section{When to use administration virtqueue vs control virtqueue?}\label{sec:Creating New Device Types or Extending the Device / When to use administration virtqueue vs control virtqueue?}
+Any new device configuration, through device capabilities and resources as
+either implicit or driver-created resource objects, should preferably use
+administration commands via the administration virtqueue. Furthermore, even for devices with a
+control virtqueue for configuration, implementing new functionality using
+administration commands that leverage generic infrastructure is desirable.
+
+Future enhancements may involve provisioning member devices using
+standardized administration commands that reuse existing capability structures.
+
\section{What Device Number?}\label{sec:Creating New Device Types or Extending the Device / What Device Number?}
Device numbers can be reserved by the OASIS committee: email
--
2.34.1
^ permalink raw reply related [flat|nested] 20+ messages in thread* RE: [EXTERNAL] [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects
2024-06-04 13:28 [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects Parav Pandit
` (12 preceding siblings ...)
2024-06-04 13:29 ` [PATCH v11 13/13] newdevice: Extend informative guidance on capability, resource objects Parav Pandit
@ 2024-06-04 17:16 ` Satananda Burla
[not found] ` <691016c0-b8e4-48f0-a26b-45296102f501@davidwei.uk>
14 siblings, 0 replies; 20+ messages in thread
From: Satananda Burla @ 2024-06-04 17:16 UTC (permalink / raw)
To: Parav Pandit, virtio-comment@lists.linux.dev, mst@redhat.com,
cohuck@redhat.com
Cc: hengqi@linux.alibaba.com, shahafs@nvidia.com,
si-wei.liu@oracle.com, peter.hilber@opensynergy.com,
jasowang@redhat.com, xuanzhuo@linux.alibaba.com
> -----Original Message-----
> From: Parav Pandit <parav@nvidia.com>
> Sent: Tuesday, June 4, 2024 6:29 AM
> To: virtio-comment@lists.linux.dev; mst@redhat.com; cohuck@redhat.com
> Cc: hengqi@linux.alibaba.com; Satananda Burla <sburla@marvell.com>;
> shahafs@nvidia.com; si-wei.liu@oracle.com; peter.hilber@opensynergy.com;
> jasowang@redhat.com; xuanzhuo@linux.alibaba.com; Parav Pandit
> <parav@nvidia.com>
> Subject: [EXTERNAL] [PATCH v11 00/13] flow filter using basic facilities
> of capability and resource objects
>
> Prioritize security for external emails: Confirm sender and content
> safety before clicking links or opening attachments
>
> ----------------------------------------------------------------------
> Summary:
> ========
> This series improves virtio net receive packet steering to
> direct packets to a specific RQ.
>
> This basic functionality will enable Linux ethtool steering,
> and accelerated receive flow steering (ARFS) as a starting point,
> and more use cases in future.
>
> It is using new virtio basic facilities of capability and
> resource objects described later in this cover letter.
>
> Those interested only in the capability and resource object facilities
> can jump in the cover leter to "Overview of capability and resource
> objects".
>
> Net device problem statement:
> =============================
> Currently packet allow/drop interface has few limitations.
>
> 1. Driver cannot add or delete an individual entry for mac and vlan.
> 2. Driver cannot select mac+vlan combination for which
> to allow/drop packet.
> 3. Driver cannot not use other commonly used packet match fields
> such as IP header fields, TCP, UDP, SCP header fields to direct a
> packet.
> 4. Driver cannot direct specific packets based on the match
> fields to specific receiveq.
> 5. Driver do not have multiple or dedicated virtqueues to
> perform flow filter requests in accelerated manner in
> the device.
>
> Solution:
> =========
> Flow filter as a generic framework to overcome above limitations.
>
> Overview:
> =========
> A flow filter defines the flow based on one or more match fields of the
> packet, defines an action like drop/direct to RQ.
>
> The flow filters are organized in flow filter groups so that their
> processing can be prioritized when multiple applications wants to use
> it.
> For example, user supplied flow filter rules to take precedence over
> kernel stack created rules.
>
> Many a time large number of flow filter rules have selection mask.
> This is facilitated by a flow filter classifier which defines the packet
> selector fields using a mask; a flow rule depends on the flow filter.
>
> Flow filters are handled as resource objects using administration
> commands.
> Flow filters current usage is in-between of control path and data path.
> i.e.
> a. ethtool will operate at few hundred cmds/sec.
> b. ARFS at few thousands cmds/sec.
> c. In future ARFS and connection tracking(CT) may do few millions/sec.
>
> For b and c in future, few options are present.
> 1. Dedicated flow filter rules management to a specific AQ so that it
> can
> be accelerated by fast path. This can be possibly done using group
> level
> or AQ level service class or both
> 2. Define different admin command format for fast path
> 3. Special type of new virtqueue for CT driven requests
>
> While a general BPF offload might be a superset of this functionality
> and
> might be desirable, it does not look feasible, in particular, from
> discussions
> with multiple hardware vendors it is clear that hardware will not have
> such
> capability in short to medium term.
>
> Fixes: https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__github.com_oasis-2Dtcs_virtio-
> 2Dspec_issues_179&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=NHDPsfcAYlN2z-
> NXHHG4WB09qqS0voo_nf6_kGS625A&m=Gj1in7ZCbX1gs76rVBdr3f0K9GwIPTDRuLgZxgCf
> irV2iCVbv92rM0J-
> G8qxrI3j&s=v66iK_00WpoV9ezR_V4SYUmL4lWsukiLoaj0Jghe3cs&e=
>
> Overview of capability and resource objects:
> ============================================
> Config space has few advantages as below.
> 1. extendible
> 2. common way for each device to keep expanding it
> 3. provisioning to supply offset, value to set fields
>
> However, the combination of feature bits + common config space +
> device config space + cvq creates four different communication
> channel between driver and device, each with a varied degree of
> limitations and complexities listed below.
>
> 1. Feature bits cannot be modified at later stage in the driver.
> 2. Feature bits are boolean; it cannot communicate amount of resources
> and
> configuration details. For this yet another config space or cvq is
> needed.
> 3. Making configuration space writable and also synchronizing it with
> device
> operation is very hard.
> 4. Modifying and controlling the device operation using cvq largely
> works but
> limited to specific device type and requires per device type cvq.
> 5. To provision features, resources from the owner device, one
> still needs new admin commands.
> 6. It is hard to maintain and access variable length array in config
> space.
> We have to add the fields at the tail, this means if we start with
> foo1
> bar1
> later, to add foo2 it becomes
> foo1
> bar1
> foo2
> We end up with structure with mix of unrelated fields spoiling the
> readability/aestethics/maintainability.
> 7. Any writeable config space is a problem; for example very
> inefficient on pci as you have to read after write. It also
> lacks atomicity across multiple fields. So to avoid writable
> config space, and to use VQ, things spread around read_only
> config space and VQ for read-write fields, creating more mess.
> 8. It is not uncommon to have some driver resource and number
> of resources would normally be in config space. But to write them
> to use VQ, and without proper resource definition it leads to
> overflow
> for example, the overflow we experience with mac table.
> 9. Extending config space and having it accessible even before
> negotiating
> features when the device does not know if it will be used or not
> makes it
> hard to build the devices.
>
> Above limitations are overcome using new basic facilities as:
> a. capability
> b. resource objects
>
> Capability and resource objects are an evolution of the (a) feature
> bits,
> (b, c) common and device configuration space and (d) controlvq
> mechanism; this new
> basic facilities are intended for managing a large number of diverse
> functionality in a uniform and extensible manner.
>
> a. Capability:
> ==============
> (1) It consists of device and driver resource limits.
> (2) It can be modified anytime using admin command.
> (3) Owner and member follows same format to get/set using a selector;
> simplifying the provisioning and migration.
> (4) Accessing capability via the command interface makes it friendly to
> both software and hardware based devices; possibly to operate even
> without admin vq.
>
> b. Resource objects:
> ====================
> (1) Define device controls in a unified way instead of ad-hoc cvq
> commands.
> (2) Can create diverse type of resources dynamically.
> (3) Ability to define common and device specific resources.
>
> This series defines flow filter related capability.
> This series defines three resource objects as flow filter group,
> classifier and rule
> to implement receive packet directing facility.
>
> Limitations/Disadvantages:
> ===========================
> 1. Device side configuration change notifications are not covered in
> capability and resource objects yet as both controls are driven by the
> driver;
> however in future we should be able to add it to query the changes.
> In an alternative when notifications are frequent or multiple
> outstanding,
> it is better to come up with generic eventq or notificationq like how
> it is needed for alarm feature of RTC in [1], though RTC may proceed
> in short term with its own queue for other reasons.
>
> 2. It can be used only after DRIVER_OK phase at present, but when needed
> it can be extended to have admin command interface to be accessible
> after FEATURE_OK and before DRIVER_OK.
> So presently capability cannot affect features, but any attempt will
> probably run in some corner case.
>
> 3. It is more plumbing than config space and cvq; however it is one time
> generic work that paves the road for mulitiple device types to use in
> common manner, reuse for provisioning and migration. This series itself
> uses common framework for 3 control operations of group, classifier
> and rule.
>
> 4. Current series is unable to provision the device, but a new
> command such as VIRTIO_ADMIN_CMD_DEV_CAP_SET utilizing all the
> structures,
> infrastructure can be done in future.
>
> Future uses of resource objects:
> ================================
> 1. Dynamically create VQs much after DRIVER_OK phase with multiple
> attributes such as multiple page addresses, header data split queues
> for net, with PASID, inline header size.
>
> 2. Create dynamic counter resources for specific usage
>
> 3. RSS context creation
>
> 4. net device with timestamping capability
>
> 5. RDMA device resources
>
> 6. May be more.
>
> Patch summary:
> ==============
> Patches 1 to 7 cover capabilities and resources.
>
> patch-1 adds self group for admin commands
> patch-2 make legacy spec section name better to follow this series
> patch-3 adds theory of operation for capabilities
> patch-4 make table readable across multiple pages
> patch-5 adds capabilities admin commands
> patch-6 adds theory of operation for resource objects
> patch-7 adds resources admin commands
>
> Patches 8 to 11 uses capabilities and resources to introduce flow
> filters.
>
> patch-8 adds theory of operation for flow filter
> patch-9 adds device capability
> patch-10 adds flow filter group, classifier and rule resource objects
> patch-11 adds flow filter device and driver requirements
>
> patch-12 clarifies the newdevice section
> patch-13 describes the use of capability and resource extension
>
> Please review.
>
> This series is on top of branch 1.4 with patch [2] cherrypicked from
> master branch.
>
> [1] https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.oasis-
> 2Dopen.org_archives_virtio-
> 2Dcomment_202312_msg00110.html&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=NHDPs
> fcAYlN2z-
> NXHHG4WB09qqS0voo_nf6_kGS625A&m=Gj1in7ZCbX1gs76rVBdr3f0K9GwIPTDRuLgZxgCf
> irV2iCVbv92rM0J-G8qxrI3j&s=ltV_2-
> SVkcPmABK4gaIO6q7X1ohLEFbDmzH7r0a3gGE&e=
> [2] https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__lore.kernel.org_virtio-
> 2Dcomment_te6tzbegqky7uz4skrag3yowet3phtq6nn7tegyrillgb4juwn-
> 40m4gi5ohfuk7m_T_-
> 23m25e8e7bfd2e4d9e2fc42ab36750715a272b419bb&d=DwIDAg&c=nKjWec2b6R0mOyPaz
> 7xtfQ&r=NHDPsfcAYlN2z-
> NXHHG4WB09qqS0voo_nf6_kGS625A&m=Gj1in7ZCbX1gs76rVBdr3f0K9GwIPTDRuLgZxgCf
> irV2iCVbv92rM0J-
> G8qxrI3j&s=YWVkb830i_2sqHWh2asiBtdpUbQkTT1aiJly4Yvg4C8&e=
>
> Changelog:
> ==========
> v10->v11:
> - fixes comments from Satananda
> - improved driver normative for two resource objects with same ID
> - fixed the field name to not have 'per_group' in it as it
> applies to all flow rules
> v9->v10:
> - rephrase the self group description
> - removed duplicate description sentence in self group
> - replaced 'functionalities' to 'functionality'
> - added missing article 'the'
> - inserted patch for legacy commands to follow new commands format style
> - replaced capabilities to capability
> - rephrase for listing for device type specific capabilities
> - rephrase the first para description of capabilities
> - removed white space at end of line
> - squashed the dedicated patch of status codes with the usage patch
> - renamed read/write caps to device_get_cap/driver_set_cap
> - restrict get and set command to only self group
> - supported_caps renamed to cap_id query
> - removed length from the get/set/query commands as it can be derived
> from buffer
> - renamed cid to id as its part of the cap command structure
> - grammar corrections with article and others
> - renamed rid to just id as it is part of the resource related structs
> - removed length field from the commands as it can be derived
> - rephrase for group_member_id
> - squashed the patch that added the error codes
> - removed num_types field
> - used singular capability
> - updated example to have rtc for net device
> - introduced mask object that improves the flow rule efficiency and
> removed fields_bmap per field type bitmap
>
> v8->v9:
> - changed command name from read_data/read_result to
> query_data/query_result
> to match the opcode name and description
> - added fields_bmap bitmap to support future support of optional fields
> in the resources without inventing new set of commands, for example
> multiple pages in the VQ, PASID in VQ, flow counter id in flow filter
> rule
> etc.
> - fixed spelling from 'destroyd' to 'destroyed'
> - fixed 'upto' to 'up to'
> v7->v8:
> - updated commit messages
> - updated newdevice.tex for more Q&A around capabilities, resources,
> administration queues
> - updated resource text as non data path operations
> v6->v7:
> - fixed plenty of grammar suggestions from Cornelia
> - introduced device/driver capabilities and device resources generic
> framework
> - rebased flow filter to use capabilities and resources
> v5->v6:
> - pick next unique bit 65 as to avoid conflict with rss context feature
> - fixed missing conformance links
> - removed white spaces at end of line
> v3->v5:
> - removed left over dependencies of flow filter virtqueues
> - removed partial sentence
> v2->v3:
> - removed dependency on dynamic queue infrastucture which is
> not yet ready
> v1->v2:
> - addressed comments from Satananda
> - squashed with match fields definition patch of v1
> - added length to the flexible array definition struct to benefit
> from future runtime length bound checkers listed in
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__people.kernel.org_kees_bounded-2Dflexible-2Darrays-2Din-
> 2Dc&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=NHDPsfcAYlN2z-
> NXHHG4WB09qqS0voo_nf6_kGS625A&m=Gj1in7ZCbX1gs76rVBdr3f0K9GwIPTDRuLgZxgCf
> irV2iCVbv92rM0J-
> G8qxrI3j&s=Keh0MQpI4WCrc9erzTza0ajxx5lENMEfITacf3dc66Y&e=
> - renamed value to key
> - addressed comments from Satananda
> - merged destination and action to one struct
> - added vlan type match field
> - kept space for types between l2, l3, l4 header match types
> - renamed mask to mask_supported with shorter width
> - made more fields reserved for future
> - addressed comments from Heng
> - grammar correction
> - added field to indicate supported number of actions per flow
> filter match entry
> - added missing documentation for max_flow_priorities_per_group
> - fixed comments from Heng
> - grammar corrections
> - spelling corrections
> - fixed spelling from initializaton to initialization
> - added more requirements for multiple actions
>
> v0->v1:
> - addressed comments from Satananda
> - added device requirement to return non zero value in fields_bmap
> - added device requirement to not repeat filter type in response
> - added driver requirement to order filter match field as it
> appears in the packet
> - added device requirement to fail group delete command on existing
> flow entries
> - added mask field in the type to indicate supported mask by device
> and also in later patch to use it to indicate mask on adding
> flow filter. As a result removed the mask_supported capability
> field
>
> Parav Pandit (13):
> admin: Introduce self group
> admin: Use already defined names for the legacy commands
> admin: Add theory of operation for capability admin commands
> admin: Prepare table for multipage listing
> admin: Add capability admin commands
> admin: Add theory of operation for device resource objects
> admin: Add device resource objects admin commands
> virtio-net: Add theory of operation for flow filter
> virtio-net: Add flow filter capability
> virtio-net: Add flow filter group, classifier and rule resource
> objects
> virtio-net: Add flow filter device and driver requirements
> newdevice: Improve the appendix chapter heading to reflect the content
> newdevice: Extend informative guidance on capability, resource objects
>
> admin-cmds-capabilities.tex | 233 +++++++++
> admin-cmds-legacy-interface.tex | 24 +-
> admin-cmds-resource-objects.tex | 268 +++++++++++
> admin.tex | 51 +-
> conformance.tex | 4 +
> device-types/net/description.tex | 609 ++++++++++++++++++++++++
> device-types/net/device-conformance.tex | 1 +
> device-types/net/driver-conformance.tex | 1 +
> introduction.tex | 21 +
> newdevice.tex | 37 +-
> virtio.tex | 2 +
> 11 files changed, 1222 insertions(+), 29 deletions(-)
> create mode 100644 admin-cmds-capabilities.tex
> create mode 100644 admin-cmds-resource-objects.tex
For the series:
Acked-by: Satananda Burla <sburla@marvell.com>
Regards
Satananda
^ permalink raw reply [flat|nested] 20+ messages in thread[parent not found: <691016c0-b8e4-48f0-a26b-45296102f501@davidwei.uk>]
* Re: [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects
[not found] ` <691016c0-b8e4-48f0-a26b-45296102f501@davidwei.uk>
@ 2025-03-03 19:59 ` Michael S. Tsirkin
[not found] ` <8aafe201-db57-4ab0-868e-2216b2d03987@davidwei.uk>
2025-03-04 3:48 ` Parav Pandit
1 sibling, 1 reply; 20+ messages in thread
From: Michael S. Tsirkin @ 2025-03-03 19:59 UTC (permalink / raw)
To: David Wei
Cc: Parav Pandit, virtio-comment, cohuck, hengqi, sburla, shahafs,
si-wei.liu, peter.hilber, jasowang, xuanzhuo
On Mon, Mar 03, 2025 at 11:10:12AM -0800, David Wei wrote:
> On 2024-06-04 06:28, Parav Pandit wrote:
> > Summary:
> > ========
> > This series improves virtio net receive packet steering to
> > direct packets to a specific RQ.
> >
> > This basic functionality will enable Linux ethtool steering,
> > and accelerated receive flow steering (ARFS) as a starting point,
> > and more use cases in future.
> >
> > It is using new virtio basic facilities of capability and
> > resource objects described later in this cover letter.
> >
> > Those interested only in the capability and resource object facilities
> > can jump in the cover leter to "Overview of capability and resource objects".
> >
>
> Hi folks, what is the state of this virtio spec update adding flow
> steering?
>
> I added io_uring zero copy receive which got merged recently. This
> feature requires hardware flow steering and RSS contexts to work. I'm
> targeting bnxt and mlx5 for real hardware support but would also like to
> add it to virtio. This will be useful for VMs as well as testing w/o
> needing real hardware.
>
> I checked https://github.com/oasis-tcs/virtio-spec but don't see the
> patches committed.
>
> Thanks,
> David
Given no one objects, the thing to do is to ask for a vote.
--
MST
^ permalink raw reply [flat|nested] 20+ messages in thread* RE: [PATCH v11 00/13] flow filter using basic facilities of capability and resource objects
[not found] ` <691016c0-b8e4-48f0-a26b-45296102f501@davidwei.uk>
2025-03-03 19:59 ` Michael S. Tsirkin
@ 2025-03-04 3:48 ` Parav Pandit
1 sibling, 0 replies; 20+ messages in thread
From: Parav Pandit @ 2025-03-04 3:48 UTC (permalink / raw)
To: David Wei, virtio-comment@lists.linux.dev, mst@redhat.com,
cohuck@redhat.com
Cc: hengqi@linux.alibaba.com, sburla@marvell.com, Shahaf Shuler,
si-wei.liu@oracle.com, peter.hilber@opensynergy.com,
jasowang@redhat.com, xuanzhuo@linux.alibaba.com, Dan Jurgens
Hi David,
> From: David Wei <dw@davidwei.uk>
> Sent: Tuesday, March 4, 2025 12:40 AM
>
> On 2024-06-04 06:28, Parav Pandit wrote:
> > Summary:
> > ========
> > This series improves virtio net receive packet steering to direct
> > packets to a specific RQ.
> >
> > This basic functionality will enable Linux ethtool steering, and
> > accelerated receive flow steering (ARFS) as a starting point, and more
> > use cases in future.
> >
> > It is using new virtio basic facilities of capability and resource
> > objects described later in this cover letter.
> >
> > Those interested only in the capability and resource object facilities
> > can jump in the cover leter to "Overview of capability and resource objects".
> >
>
> Hi folks, what is the state of this virtio spec update adding flow steering?
>
> I added io_uring zero copy receive which got merged recently. This feature
> requires hardware flow steering and RSS contexts to work. I'm targeting bnxt
> and mlx5 for real hardware support but would also like to add it to virtio. This
> will be useful for VMs as well as testing w/o needing real hardware.
>
This will be very useful.
> I checked
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithu
> b.com%2Foasis-tcs%2Fvirtio-
> spec&data=05%7C02%7Cparav%40nvidia.com%7Cddb23076787347ae48940
> 8dd5a8707e9%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C6387
> 66258240661610%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRyd
> WUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D
> %3D%7C0%7C%7C%7C&sdata=%2Fuqc2fDBoKTCwyo%2BHfri4q4Ep2cR1gVbr
> NUdu%2BvI1so%3D&reserved=0 but don't see the patches committed.
>
It is merged to v 1.4 branch at [1]
[1] https://github.com/oasis-tcs/virtio-spec/tree/virtio-1.4
We are presently internally reviewing the vnet driver series to enable flow steering to RQ using this infrastructure discussed here.
Expect Daniel Jurgens to post it in few weeks.
Added him to cc.
^ permalink raw reply [flat|nested] 20+ messages in thread