[PATCH v3] doc: add steps to configure VF interface as trusted

Mon, 28 Feb 2022 00:11:45 -0800 

Trusted VF is needed to offload rules with rte_flow to a group
that is bigger than 0.
The configuration is done in two parts: driver and FW.

This patch adds the needed steps to configure a VF to be trusted.

Signed-off-by: Asaf Penso <as...@nvidia.com>
Reviewed-by: Raslan Darawsheh <rasl...@nvidia.com>
---
v3: cleanup the patches
v2: added new line at the end of the file - comment from Stephen Hemminger
---
 doc/guides/nics/mlx5.rst | 50 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index c31a154181..a28b31d751 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -1613,3 +1613,53 @@ both the meters in hierarchy on that flow.
    add port meter policy 0 2 g_actions meter mtr_id M / end y_actions end 
r_actions drop / end
    create port meter 0 N 2 2 yes 0xffff 1 0
    flow create 0 ingress group 1 pattern eth / end actions meter mtr_id N / end
+
+How to configure a VF as trusted
+--------------------------------
+
+This section demonstrates how to configure a virtual function (VF) interface 
as trusted.
+Trusted VF is needed to offload rules with rte_flow to a group that is bigger 
than 0.
+The configuration is done in two parts: driver and FW.
+
+The procedure below is an example of using a ConnectX-5 adapter card (pf0) 
with 2 VFs:
+
+#. Create 2 VFs on the PF pf0 when in Legacy SR-IOV mode::
+
+   $ echo 2 > /sys/class/net/pf0/device/mlx5_num_vfs
+
+#. Verify the VFs are created:
+
+   .. code-block:: console
+
+      $ lspci | grep Mellanox
+      82:00.0 Ethernet controller: Mellanox Technologies MT27800 Family 
[ConnectX-5]
+      82:00.1 Ethernet controller: Mellanox Technologies MT27800 Family 
[ConnectX-5]
+      82:00.2 Ethernet controller: Mellanox Technologies MT27800 Family 
[ConnectX-5 Virtual Function]
+      82:00.3 Ethernet controller: Mellanox Technologies MT27800 Family 
[ConnectX-5 Virtual Function]
+
+#. Unbind all VFs. For each VF PCIe, using the following command to unbind the 
driver::
+
+   $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/unbind
+
+#. Set the VFs to be trusted for the kernel by using one of the methods below:
+      - Using sysfs file::
+
+        $ echo ON | tee /sys/class/net/pf0/device/sriov/0/trust
+        $ echo ON | tee /sys/class/net/pf0/device/sriov/1/trust
+
+      - Using “ip link” command::
+
+        $ ip link set p0 vf 0 trust on
+        $ ip link set p0 vf 1 trust on
+
+#. Configure all VFs using mlxreg::
+
+   $ mlxreg -d /dev/mst/mt4121_pciconf0 --reg_name VHCA_TRUST_LEVEL --yes 
--set "all_vhca=0x1,trust_level=0x1"
+
+   .. note::
+
+      Firmware version used must be >= xx.29.1016 and MFT >= 4.18
+
+#. For each VF PCIe, using the following command to bind the driver::
+
+   $ echo "0000:82:00.2" >> /sys/bus/pci/drivers/mlx5_core/bind
-- 
2.18.2

Reply via email to