From 624d96d108ed98474d7f0512e3e4cf0ab2b8a541 Mon Sep 17 00:00:00 2001
From: Frank Du <frank.du@intel.com>
Date: Fri, 3 Nov 2023 08:49:01 +0800
Subject: [PATCH] script/nicctl: add create_tvf command (#563)

To create trusted VFs

Signed-off-by: Frank Du <frank.du@intel.com>
---
 doc/run.md       | 24 +++++++++++++++++++-----
 script/nicctl.sh | 30 +++++++++++++++++++++++-------
 2 files changed, 42 insertions(+), 12 deletions(-)

diff --git a/doc/run.md b/doc/run.md
index 657f7508e..5b4dc6c9e 100644
--- a/doc/run.md
+++ b/doc/run.md
@@ -494,13 +494,27 @@ sudo ./script/nicctl.sh bind_kernel 0000:af:00.0
 sudo ./script/nicctl.sh bind_pmd 0000:af:00.0
 ```
 
-### 8.9 How to find the BDF number for NICs
+### 8.9 Create trusted VFs
+
+To allow privileged usage in use cases that require Trusted Virtual Functions (VFs), you can utilize the following command:
+
+```bash
+sudo ./script/nicctl.sh create_tvf 0000:af:00.0
+```
+
+If you need to control the Trusted setting on a per-VF basis, you can use the following example command:
+
+```bash
+sudo ip link set enp24s0f0 vf 0 trust on
+```
+
+### 8.10 How to find the BDF number for NICs
 
 ```bash
 dpdk-devbind.py -s
 ```
 
-### 8.10 How to find the BDF number which is ready for IMTL usage
+### 8.11 How to find the BDF number which is ready for IMTL usage
 
 ```bash
 dpdk-devbind.py -s
@@ -519,7 +533,7 @@ Network devices using DPDK-compatible driver
 0000:af:01.5 'Ethernet Adaptive Virtual Function 1889' drv=vfio-pci unused=iavf
 ```
 
-### 8.11 Lower fps if ptp4l&phc2sys is enabled
+### 8.12 Lower fps if ptp4l&phc2sys is enabled
 
 You may have noticed a similar epoch drop log, which is likely caused by both NTP and phc2sys adjusting the system. To address this issue, please disable the NTP service.
 
@@ -533,7 +547,7 @@ MT: TX_VIDEO_SESSION(0,0): mismatch epoch troffset 275
 MT: TX_VIDEO_SESSION(0,0): epoch drop 275
 ```
 
-### 8.12 NO-IOMMU mode for vfio
+### 8.13 NO-IOMMU mode for vfio
 
 The VFIO driver can run without the IOMMU feature, enable it with below command to bypass IOMMU. As the name suggests, `enable_unsafe_noiommu_mode` is considered unsafe, and should only be used if you understand the risks.
 
@@ -541,7 +555,7 @@ The VFIO driver can run without the IOMMU feature, enable it with below command
 sudo bash -c 'echo 1 > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode'
 ```
 
-### 8.12 Fail to loading shared libraries
+### 8.13 Fail to loading shared libraries
 
 If you get below similar message when runing the RxTxApp, it's likely a ld library path problem.
 
diff --git a/script/nicctl.sh b/script/nicctl.sh
index 760fba7f4..27544e402 100755
--- a/script/nicctl.sh
+++ b/script/nicctl.sh
@@ -11,9 +11,10 @@ if [ $# -lt 2 ]; then
     echo "Commands:"
     echo "   bind_pmd                 bind driver to DPDK PMD driver"
     echo "   bind_kernel              bind driver to kernel driver"
-    echo "   create_vf                create VF and bind to VFIO"
-    echo "   create_kvf               create VF and bind to kernel driver"
-    echo "   create_dcf_vf            create DCF VF and bind to VFIO"
+    echo "   create_vf                create VFs and bind to VFIO"
+    echo "   create_kvf               create VFs and bind to kernel driver"
+    echo "   create_tvf               create trusted VFs and bind to VFIO"
+    echo "   create_dcf_vf            create DCF VFs and bind to VFIO"
     echo "   disable_vf               Disable VF"
     echo "   status                   List the DPDK port status"
     exit 0
@@ -85,8 +86,10 @@ create_vf() {
         if [ -n "$vfif" ]; then
             ip link set "$vfif" down
         fi
-        #enable trust
-        #ip link set $port vf $i trust on
+        if [ "$2" == "trusted" ]; then
+            # enable trust
+            ip link set "$inf" vf $i trust on
+        fi
         if [ $bifurcated_driver -eq 0 ]; then
             if dpdk-devbind.py -b vfio-pci "$vfport"; then
                 echo "Bind $vfport($vfif) to vfio-pci success"
@@ -109,7 +112,7 @@ create_kvf() {
     done
 }
 
-cmdlist=("bind_kernel" "create_vf" "create_kvf" "disable_vf" "bind_pmd" "create_dcf_vf" "status")
+cmdlist=("bind_kernel" "create_vf" "create_kvf" "create_tvf" "disable_vf" "bind_pmd" "create_dcf_vf" "status")
 
 for c in "${cmdlist[@]}"; do
    if [ "$c" == "$1" ]; then
@@ -194,7 +197,20 @@ if [ "$cmd" == "create_vf" ]; then
     modprobe vfio-pci
     disable_vf
     create_vf $numvfs
-    echo "Create VFs on PF bdf: $bdf $inf succ"
+    echo "Create $numvfs VFs on PF bdf: $bdf $inf succ"
+fi
+
+if [ "$cmd" == "create_tvf" ]; then
+    if [ -n "$3" ]; then
+        numvfs=$(($3+0))
+    else
+        # default VF number
+        numvfs=6
+    fi
+    modprobe vfio-pci
+    disable_vf
+    create_vf $numvfs trusted
+    echo "Create trusted $numvfs VFs on PF bdf: $bdf $inf succ"
 fi
 
 if [ "$cmd" == "create_kvf" ]; then