Changes and New Feature History

Warning

This section includes history of changes and new feature of 3 major releases back. For older releases history, please refer to the relevant firmware versions.

Warning

Firmware version 28.38.1900 (together with MLNX_OFED v23.07-0.5.1.2) should be used by InfiniBand customers.

Feature/Change

Description

28.38.1900

QKEY Mitigation in the Kernel

QKEY creation with the MSB set is available now for non-privileged users as well.

To allow non-privileged users to create QKEY with MSB set, the below new module parameter was added to ib_uverbs module:

  • Module Parameter: enforce_qkey_check

  • Description: Force QKEY MSB check for non-privileged user on UD QP creation

  • Default: 0 (disabled)

Note: In this release, this module parameter is disabled by default to ensure backward compatibility and give customers the opportunity to update their applications accordingly. In the upcoming release, it will be enabled by default, and later on deprecated.

Feature/Change

Description

28.38.1002

Header Modification

Added support to the metadata reg_c 8-11 (packet fields) for matching and modifying the header, and Advanced Steering Operation (ASO) actions.

INT Packets

Added support for forwarding INT packets to the user application for monitoring purposes by matching the BTH acknowledge request bit (bth_a).

Get Electrical Sensor, NC-SI

Implemented NVIDIA NC-SI OEM Commands:

  • Get Electrical Sensor Count (command 0x13, parameter 0x6)

  • Gel Electrical Sensor (command 0x13, parameter 0x7)

  • Get Electrical Sensors (command 0x13, parameter 0x8)

IPsec CPS Bulk Allocation

Improved the IPsec CPS by using bulk allocation.

For cases in which log_obj_range == 0, single IPSEC object will be allocated and initialized as before keeping backward compatibility.

For better performance, it is recommended to work with IPsec bulk allocation and to initialize IPsec ASO context not via the firmware but via the hardware using ASO WQE.

DPA PROCESS ERROR

Added support for a new value for coredump_type field in DPA_PROCESS_COREDUMP, [FIRST_ERROR_THREAD_DUMP (1).].

Device Attestation

Attestation is a mechanism in which a host/platform automatically verifies the authenticity and integrity of the hardware and software state of a device. The mechanism is based on a HW RoT and utilizes SPDM messages that handle the attestation, measurement collection, and trust between device and platform BMC or platform RoT (usually host BMC). This provides the added value of increased security and assurance that the host/platform of device is not being tampered with and has the proper software running on it.

A CoRIM is comprised of one or more CoMIDs , with each CoMID providing the reference claims about hardware and firmware for a device. The CoRIM and CoMIDs are encoded in CBOR format. Signed CoRIMs use COSE signatures.

For further information, see "NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing".

QKEY Mitigation in the Kernel

Non-privileged users are now blocked by default from setting controlled/privileged QKEYs (QKEY with MSB set).

Bug Fixes

See Bug Fixes in this Firmware Version section.

Feature/Change

Description

28.37.1014

Mergeable Buffer

Added mergeable buffer support (VIRTIO_NET_F_MRG_RXBUF in virtio spec) for VDPA kernel mode to improve performance in case of large MTU such as 9K. The feature is disabled by default and must be manually enabled while creating or modifying the virtio device.

Note: For best performance, it is NOT recommended to enable the feature if the VDPA MTU is set to the default value (1500).

Monitoring Cloud Guest RoCE Statistics on Cloud Provider

This new capability enables the VM to track and limit its Vport's activity. This is done using the new q_counters counter which enables aggregation of other Vport's from PF GVMI.

Linux Bridge Offload

Added a flow rule that enables offloading of multicast traffic by broadcasting it to multi-Flow-Table in FDB.

Selective Repeat

Selective repeat improves network utilization in case of a lossy fabric. This features is enabled by default.

Dynamic VF MSIX Allocation

Added support for dynamic MSIX modification on a VF NVME device emulation.

If a PF NVME device emulation is created with dynamic_vf_msix_control = 1, then the dynamic_vf_msix_reset can set the PF device emulation's VF MSIX number to 0. The num_msix is used in the modified VF device emulation to modify the MSIX number of the VF device emulation.

InfiniBand Congestion Control (IB CC)

Enabled IB CC per Service Level (SL) for RC/UC on the HCA side.

Now different SLs can be configured to be CC on/off according to the bitmask decided by the software.

ATS/ATC

Optimizes the ATC configuration dynamically based on the returned pages of the ATS translation requests that have been made.

PCC Algorithms

Enables a smooth and statically switch between PCC algorithms. In addition, the user can now switch between PCC algorithms while running traffic.

Hardware Steering: Bulk Allocation

Added support for 32 actions in the header modify pattern using bulk allocation.

InfiniBand Congestion Control - RTT Response Service Level

The software can explicitly set the SL of an RTT response packet, instead of it being taken from the RTT request packet's SL.

The RTT response packet SL may be set/queried via the CONGESTION_CONTROL_HCA_NP_PARAMETER MAD.

Bug Fixes

See Bug Fixes in this Firmware Version section.

Feature/Change

Description

28.36.1700

Bug Fixes

See Bug Fixes in this Firmware Version section.

© Copyright 2023, NVIDIA. Last updated on Dec 11, 2023.