| Message ID | 20210703115705.1034112-5-vladimir.oltean@nxp.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | Allow forwarding for the software bridge data path to be offloaded to capable devices | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 6 of 6 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 14 this patch: 14 |
| netdev/kdoc | success | Errors and warnings before: 3 this patch: 3 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | warning | WARNING: line length of 82 exceeds 80 columns |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 12 this patch: 12 |
| netdev/header_inline | success | Link |
On 03/07/2021 14:56, Vladimir Oltean wrote: > From: Tobias Waldekranz <tobias@waldekranz.com> > > Allow switchdevs to forward frames from the CPU in accordance with the > bridge configuration in the same way as is done between bridge > ports. This means that the bridge will only send a single skb towards > one of the ports under the switchdev's control, and expects the driver > to deliver the packet to all eligible ports in its domain. > > Primarily this improves the performance of multicast flows with > multiple subscribers, as it allows the hardware to perform the frame > replication. > > The basic flow between the driver and the bridge is as follows: > > - The switchdev accepts the offload by returning a non-null pointer > from .ndo_dfwd_add_station when the port is added to the bridge. > > - The bridge sends offloadable skbs to one of the ports under the > switchdev's control using dev_queue_xmit_accel. > > - The switchdev notices the offload by checking for a non-NULL > "sb_dev" in the core's call to .ndo_select_queue. Sry, I could be missing smth. Is there any possibility to just mark skb itself as "fwd_offload" (or smth), so driver can just check it and decide what to do. Following you series: - BR itself will send packet only once to one port if fwd offload possible and supported - switchdev driver can check/negotiate BR_FWD_OFFLOAD flag In our case, TI CPSW can send directed packet (default now), by specifying port_id if DMA desc or keep port_id == 0 which will allow HW to process packet internally, including MC duplication. Sry, again, but necessity to add 3 callbacks and manipulate with "virtual" queue to achieve MC offload (seems like one of the primary goals) from BR itself looks a bit over-complicated :( > > v1->v2: > - convert br_input_skb_cb::fwd_hwdoms to a plain unsigned long > - introduce a static key "br_switchdev_fwd_offload_used" to minimize the > impact of the newly introduced feature on all the setups which don't > have hardware that can make use of it > - introduce a check for nbp->flags & BR_FWD_OFFLOAD to optimize cache > line access > - reorder nbp_switchdev_frame_mark_accel() and br_handle_vlan() in > __br_forward() > - do not strip VLAN on egress if forwarding offload on VLAN-aware bridge > is being used > - propagate errors from .ndo_dfwd_add_station() if not EOPNOTSUPP > > Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com> > Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> > --- > include/linux/if_bridge.h | 1 + > net/bridge/br_forward.c | 18 +++++++- > net/bridge/br_private.h | 24 +++++++++++ > net/bridge/br_switchdev.c | 87 +++++++++++++++++++++++++++++++++++++-- [...]
Hi Grygorii, On Fri, Jul 09, 2021 at 04:16:13PM +0300, Grygorii Strashko wrote: > On 03/07/2021 14:56, Vladimir Oltean wrote: > > From: Tobias Waldekranz <tobias@waldekranz.com> > > > > Allow switchdevs to forward frames from the CPU in accordance with the > > bridge configuration in the same way as is done between bridge > > ports. This means that the bridge will only send a single skb towards > > one of the ports under the switchdev's control, and expects the driver > > to deliver the packet to all eligible ports in its domain. > > > > Primarily this improves the performance of multicast flows with > > multiple subscribers, as it allows the hardware to perform the frame > > replication. > > > > The basic flow between the driver and the bridge is as follows: > > > > - The switchdev accepts the offload by returning a non-null pointer > > from .ndo_dfwd_add_station when the port is added to the bridge. > > > > - The bridge sends offloadable skbs to one of the ports under the > > switchdev's control using dev_queue_xmit_accel. > > > > - The switchdev notices the offload by checking for a non-NULL > > "sb_dev" in the core's call to .ndo_select_queue. > > Sry, I could be missing smth. > > Is there any possibility to just mark skb itself as "fwd_offload" (or smth), so driver can > just check it and decide what to do. Following you series: > - BR itself will send packet only once to one port if fwd offload possible and supported > - switchdev driver can check/negotiate BR_FWD_OFFLOAD flag > > In our case, TI CPSW can send directed packet (default now), by specifying port_id if DMA desc > or keep port_id == 0 which will allow HW to process packet internally, including MC duplication. > > Sry, again, but necessity to add 3 callbacks and manipulate with "virtual" queue to achieve > MC offload (seems like one of the primary goals) from BR itself looks a bit over-complicated :( After cutting my teeth myself with Tobias' patches, I tend to agree with the idea that the macvlan offload framework is not a great fit for the software bridge data plane TX offloading. Some reasons: - the sb_dev pointer is necessary for macvlan because you can have multiple macvlan uppers and you need to know which one this packet came from. Whereas in the case of a bridge, any given switchdev net device can have a single bridge upper. So a single bit per skb, possibly even skb->offload_fwd_mark, could be used to encode this bit of information: please look up your FDB for this packet and forward/replicate it accordingly. - I am a bit on the fence about the "net: allow ndo_select_queue to go beyond dev->num_real_tx_queues" and "net: extract helpers for binding a subordinate device to TX queues" patches, they look like the wrong approach overall, just to shoehorn our use case into a framework that was not meant to cover it. - most importantly: Ido asked about the possibility for a switchdev to accelerate the data plane for a bridge port that is a LAG upper. In the current design, where the bridge attempts to call the .ndo_dfwd_add_station method of the bond/team driver, this will not work. Traditionally, switchdev has migrated away from ndo's towards notifiers because of the ability for a switchdev to intercept the notifier emitted by the bridge for the bonding interface, and to treat it by itself. So, logically speaking, it would make more sense to introduce a new switchdev notifier for TX data plane offloading per port. Actually, now that I'm thinking even more about this, it would be great not only if we could migrate towards notifiers, but if the notification could be emitted by the switchdev driver itself, at bridge join time. Once upon a time I had an RFC patch that changed all switchdev drivers to inform the bridge that they are capable of offloading the RX data plane: https://patchwork.kernel.org/project/netdevbpf/patch/20210318231829.3892920-17-olteanv@gmail.com/ That patch was necessary because the bridge, when it sees a bridge port that is a LAG, and the LAG is on top of a switchdev, will assign the port hwdom based on the devlink switch ID of the switchdev. This is wrong because it assumes that the switchdev offloads the LAG, but in the vast majority of cases this is false, only a handful of switchdev drivers have LAG offload right now. So the expectation is that the bridge can do software forwarding between such LAG comprised of two switchdev interfaces, and a third (standalone) switchdev interface, but it doesn't do that, because to the bridge, all ports have the same hwdom. Now it seems common sense that I pick up this patch again and make the switchdev drivers give 2 pieces of information: (a) can I offload the RX data path (b) can I offload the TX data path I can try to draft another RFC with these changes.
On Fri, Jul 09, 2021 at 14:09, Vladimir Oltean <vladimir.oltean@nxp.com> wrote: > Hi Grygorii, > > On Fri, Jul 09, 2021 at 04:16:13PM +0300, Grygorii Strashko wrote: >> On 03/07/2021 14:56, Vladimir Oltean wrote: >> > From: Tobias Waldekranz <tobias@waldekranz.com> >> > >> > Allow switchdevs to forward frames from the CPU in accordance with the >> > bridge configuration in the same way as is done between bridge >> > ports. This means that the bridge will only send a single skb towards >> > one of the ports under the switchdev's control, and expects the driver >> > to deliver the packet to all eligible ports in its domain. >> > >> > Primarily this improves the performance of multicast flows with >> > multiple subscribers, as it allows the hardware to perform the frame >> > replication. >> > >> > The basic flow between the driver and the bridge is as follows: >> > >> > - The switchdev accepts the offload by returning a non-null pointer >> > from .ndo_dfwd_add_station when the port is added to the bridge. >> > >> > - The bridge sends offloadable skbs to one of the ports under the >> > switchdev's control using dev_queue_xmit_accel. >> > >> > - The switchdev notices the offload by checking for a non-NULL >> > "sb_dev" in the core's call to .ndo_select_queue. >> >> Sry, I could be missing smth. >> >> Is there any possibility to just mark skb itself as "fwd_offload" (or smth), so driver can >> just check it and decide what to do. Following you series: >> - BR itself will send packet only once to one port if fwd offload possible and supported >> - switchdev driver can check/negotiate BR_FWD_OFFLOAD flag >> >> In our case, TI CPSW can send directed packet (default now), by specifying port_id if DMA desc >> or keep port_id == 0 which will allow HW to process packet internally, including MC duplication. >> >> Sry, again, but necessity to add 3 callbacks and manipulate with "virtual" queue to achieve >> MC offload (seems like one of the primary goals) from BR itself looks a bit over-complicated :( > > After cutting my teeth myself with Tobias' patches, I tend to agree with > the idea that the macvlan offload framework is not a great fit for the > software bridge data plane TX offloading. Some reasons: I agree. I was trying to find an API that would not require adding new .ndos or other infrastructure. You can see in my original RFC cover that this was something I wrestled with. > - the sb_dev pointer is necessary for macvlan because you can have > multiple macvlan uppers and you need to know which one this packet > came from. Whereas in the case of a bridge, any given switchdev net > device can have a single bridge upper. So a single bit per skb, > possibly even skb->offload_fwd_mark, could be used to encode this bit > of information: please look up your FDB for this packet and > forward/replicate it accordingly. In fact, in the version I was about to publish, I reused skb->offload_fwd_mark to encode precisely this property. It works really well. Maybe I should just publish it, even with the issues regarding mv88e6xxx. Let me know if you want to take a look at it. > - I am a bit on the fence about the "net: allow ndo_select_queue to go > beyond dev->num_real_tx_queues" and "net: extract helpers for binding > a subordinate device to TX queues" patches, they look like the wrong > approach overall, just to shoehorn our use case into a framework that > was not meant to cover it. Yep. > - most importantly: Ido asked about the possibility for a switchdev to > accelerate the data plane for a bridge port that is a LAG upper. In the > current design, where the bridge attempts to call the > .ndo_dfwd_add_station method of the bond/team driver, this will not > work. Traditionally, switchdev has migrated away from ndo's towards > notifiers because of the ability for a switchdev to intercept the > notifier emitted by the bridge for the bonding interface, and to treat > it by itself. So, logically speaking, it would make more sense to > introduce a new switchdev notifier for TX data plane offloading per > port. Actually, now that I'm thinking even more about this, it would > be great not only if we could migrate towards notifiers, but if the > notification could be emitted by the switchdev driver itself, at I added pass-through implementations of these .ndos to make it work on top of LAGs, but a notifier is much cleaner. > bridge join time. Once upon a time I had an RFC patch that changed all > switchdev drivers to inform the bridge that they are capable of > offloading the RX data plane: > https://patchwork.kernel.org/project/netdevbpf/patch/20210318231829.3892920-17-olteanv@gmail.com/ Really like this approach! It also opens up the possibility of disabling it manually (something like `ethtool -K swp0 bridge-{rx, tx} off`). This will allow you to run a DPI firewall on a specific port in a LAN, for example. > That patch was necessary because the bridge, when it sees a bridge > port that is a LAG, and the LAG is on top of a switchdev, will assign > the port hwdom based on the devlink switch ID of the switchdev. This > is wrong because it assumes that the switchdev offloads the LAG, but > in the vast majority of cases this is false, only a handful of > switchdev drivers have LAG offload right now. So the expectation is > that the bridge can do software forwarding between such LAG comprised > of two switchdev interfaces, and a third (standalone) switchdev > interface, but it doesn't do that, because to the bridge, all ports > have the same hwdom. > Now it seems common sense that I pick up this patch again and make the > switchdev drivers give 2 pieces of information: > (a) can I offload the RX data path > (b) can I offload the TX data path > > I can try to draft another RFC with these changes.
On Mon, Jul 12, 2021 at 02:28:42PM +0200, Tobias Waldekranz wrote: > > After cutting my teeth myself with Tobias' patches, I tend to agree with > > the idea that the macvlan offload framework is not a great fit for the > > software bridge data plane TX offloading. Some reasons: > > I agree. I was trying to find an API that would not require adding new > .ndos or other infrastructure. You can see in my original RFC cover that > this was something I wrestled with. > > > - the sb_dev pointer is necessary for macvlan because you can have > > multiple macvlan uppers and you need to know which one this packet > > came from. Whereas in the case of a bridge, any given switchdev net > > device can have a single bridge upper. So a single bit per skb, > > possibly even skb->offload_fwd_mark, could be used to encode this bit > > of information: please look up your FDB for this packet and > > forward/replicate it accordingly. > > In fact, in the version I was about to publish, I reused > skb->offload_fwd_mark to encode precisely this property. It works really > well. Maybe I should just publish it, even with the issues regarding > mv88e6xxx. Let me know if you want to take a look at it. I am on it already, I have a 25-patch series that is currently undergoing testing (yes, it changes all switchdev drivers to call switchdev_bridge_port_offload() and switchdev_bridge_port_unoffload(), and it also moves the switchdev object replay helpers to push mode, and only then it hooks a "bool tx_fwd_offload" argument to the switchdev_bridge_port_offload() call). If all goes well and I still have some time today I will publish it for review. Naturally the final submissions, when net-next reopens, will be in much smaller chunks.
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index b651c5e32a28..a47b86ab7f96 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -57,6 +57,7 @@ struct br_ip_list { #define BR_MRP_AWARE BIT(17) #define BR_MRP_LOST_CONT BIT(18) #define BR_MRP_LOST_IN_CONT BIT(19) +#define BR_FWD_OFFLOAD BIT(20) #define BR_DEFAULT_AGEING_TIME (300 * HZ) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index 07856362538f..919246a2c7eb 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -32,6 +32,8 @@ static inline int should_deliver(const struct net_bridge_port *p, int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) { + struct net_device *sb_dev = NULL; + skb_push(skb, ETH_HLEN); if (!is_skb_forwardable(skb->dev, skb)) goto drop; @@ -48,7 +50,14 @@ int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb skb_set_network_header(skb, depth); } - dev_queue_xmit(skb); + if (br_switchdev_accels_skb(skb)) { + sb_dev = BR_INPUT_SKB_CB(skb)->brdev; + + WARN_ON_ONCE(br_vlan_enabled(sb_dev) && + !skb_vlan_tag_present(skb)); + } + + dev_queue_xmit_accel(skb, sb_dev); return 0; @@ -76,6 +85,11 @@ static void __br_forward(const struct net_bridge_port *to, struct net *net; int br_hook; + /* Mark the skb for forwarding offload early so that br_handle_vlan() + * can know whether to pop the VLAN header on egress or keep it. + */ + nbp_switchdev_frame_mark_accel(to, skb); + vg = nbp_vlan_group_rcu(to); skb = br_handle_vlan(to->br, to, vg, skb); if (!skb) @@ -174,6 +188,8 @@ static struct net_bridge_port *maybe_deliver( if (!should_deliver(p, skb)) return prev; + nbp_switchdev_frame_mark_fwd(p, skb); + if (!prev) goto out; diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 9ff09a32e3f8..655212df57f7 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -332,6 +332,7 @@ struct net_bridge_port { #endif #ifdef CONFIG_NET_SWITCHDEV int hwdom; + void *accel_priv; #endif u16 group_fwd_mask; u16 backup_redirected_cnt; @@ -508,7 +509,9 @@ struct br_input_skb_cb { #endif #ifdef CONFIG_NET_SWITCHDEV + u8 fwd_accel:1; int src_hwdom; + unsigned long fwd_hwdoms; #endif }; @@ -1647,6 +1650,12 @@ static inline void br_sysfs_delbr(struct net_device *dev) { return; } /* br_switchdev.c */ #ifdef CONFIG_NET_SWITCHDEV +bool br_switchdev_accels_skb(struct sk_buff *skb); + +void nbp_switchdev_frame_mark_accel(const struct net_bridge_port *p, + struct sk_buff *skb); +void nbp_switchdev_frame_mark_fwd(const struct net_bridge_port *p, + struct sk_buff *skb); void nbp_switchdev_frame_mark(const struct net_bridge_port *p, struct sk_buff *skb); bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p, @@ -1669,6 +1678,21 @@ static inline void br_switchdev_frame_unmark(struct sk_buff *skb) skb->offload_fwd_mark = 0; } #else +static inline bool br_switchdev_accels_skb(struct sk_buff *skb) +{ + return false; +} + +static inline void nbp_switchdev_frame_mark_accel(const struct net_bridge_port *p, + struct sk_buff *skb) +{ +} + +static inline void nbp_switchdev_frame_mark_fwd(const struct net_bridge_port *p, + struct sk_buff *skb) +{ +} + static inline void nbp_switchdev_frame_mark(const struct net_bridge_port *p, struct sk_buff *skb) { diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index f3120f13c293..8653d9a540a1 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -8,6 +8,40 @@ #include "br_private.h" +static struct static_key_false br_switchdev_fwd_offload_used; + +static bool nbp_switchdev_can_accel(const struct net_bridge_port *p, + const struct sk_buff *skb) +{ + if (!static_branch_unlikely(&br_switchdev_fwd_offload_used)) + return false; + + return (p->flags & BR_FWD_OFFLOAD) && + (p->hwdom != BR_INPUT_SKB_CB(skb)->src_hwdom); +} + +bool br_switchdev_accels_skb(struct sk_buff *skb) +{ + if (!static_branch_unlikely(&br_switchdev_fwd_offload_used)) + return false; + + return BR_INPUT_SKB_CB(skb)->fwd_accel; +} + +void nbp_switchdev_frame_mark_accel(const struct net_bridge_port *p, + struct sk_buff *skb) +{ + if (nbp_switchdev_can_accel(p, skb)) + BR_INPUT_SKB_CB(skb)->fwd_accel = true; +} + +void nbp_switchdev_frame_mark_fwd(const struct net_bridge_port *p, + struct sk_buff *skb) +{ + if (nbp_switchdev_can_accel(p, skb)) + set_bit(p->hwdom, &BR_INPUT_SKB_CB(skb)->fwd_hwdoms); +} + void nbp_switchdev_frame_mark(const struct net_bridge_port *p, struct sk_buff *skb) { @@ -18,8 +52,10 @@ void nbp_switchdev_frame_mark(const struct net_bridge_port *p, bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p, const struct sk_buff *skb) { - return !skb->offload_fwd_mark || - BR_INPUT_SKB_CB(skb)->src_hwdom != p->hwdom; + struct br_input_skb_cb *cb = BR_INPUT_SKB_CB(skb); + + return !test_bit(p->hwdom, &cb->fwd_hwdoms) && + (!skb->offload_fwd_mark || cb->src_hwdom != p->hwdom); } /* Flags that can be offloaded to hardware */ @@ -125,6 +161,39 @@ int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid) return switchdev_port_obj_del(dev, &v.obj); } +static int nbp_switchdev_fwd_offload_add(struct net_bridge_port *p) +{ + void *priv; + + if (!(p->dev->features & NETIF_F_HW_L2FW_DOFFLOAD)) + return 0; + + priv = p->dev->netdev_ops->ndo_dfwd_add_station(p->dev, p->br->dev); + if (IS_ERR(priv)) { + int err = PTR_ERR(priv); + + return err == -EOPNOTSUPP ? 0 : err; + } + + p->accel_priv = priv; + p->flags |= BR_FWD_OFFLOAD; + static_branch_inc(&br_switchdev_fwd_offload_used); + + return 0; +} + +static void nbp_switchdev_fwd_offload_del(struct net_bridge_port *p) +{ + if (!p->accel_priv) + return; + + p->dev->netdev_ops->ndo_dfwd_del_station(p->dev, p->accel_priv); + + p->accel_priv = NULL; + p->flags &= ~BR_FWD_OFFLOAD; + static_branch_dec(&br_switchdev_fwd_offload_used); +} + static int nbp_switchdev_hwdom_set(struct net_bridge_port *joining) { struct net_bridge *br = joining->br; @@ -176,13 +245,25 @@ int nbp_switchdev_add(struct net_bridge_port *p) return err; } - return nbp_switchdev_hwdom_set(p); + err = nbp_switchdev_hwdom_set(p); + if (err) + return err; + + if (p->hwdom) { + err = nbp_switchdev_fwd_offload_add(p); + if (err) + return err; + } + + return 0; } void nbp_switchdev_del(struct net_bridge_port *p) { ASSERT_RTNL(); + nbp_switchdev_fwd_offload_del(p); + if (p->hwdom) nbp_switchdev_hwdom_put(p); } diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index a08e9f193009..bf014efa5851 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -457,7 +457,15 @@ struct sk_buff *br_handle_vlan(struct net_bridge *br, u64_stats_update_end(&stats->syncp); } - if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) + /* If the skb will be sent using forwarding offload, the assumption is + * that the switchdev will inject the packet into hardware together + * with the bridge VLAN, so that it can be forwarded according to that + * VLAN. The switchdev should deal with popping the VLAN header in + * hardware on each egress port as appropriate. So only strip the VLAN + * header if forwarding offload is not being used. + */ + if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED && + !br_switchdev_accels_skb(skb)) __vlan_hwaccel_clear_tag(skb); if (p && (p->flags & BR_VLAN_TUNNEL) &&