Changes and New Features

Linux Kernel Upstream Release Notes v5.17

Customer Affecting Change



Creating a QKEY with an MSB Set

To allow non-privileged users to create a QKEY with an MSB set, a new module parameter was added. For details, please see “QKEY Mitigation in the Kernel“ under New Features.


IRQ Naming

IRQ renaming is no longer done when bringing the interface up/down. The IRQ name is now constant and is not affected by the interface state.

RPM Packages Verification Key

RPM_GPG-KEY-Mellanox (or its variants) is no longer the public key that verifies RPM packages of MLNX_OFED. Instead, the RPM_GPG-KEY-Mellanox file on the top-level directory of the ISO should be used.

Hairpin sysfs Support

Hairpin sysfs support was restricted to physical and virtual functions only.

mlx5_core node_guid Module Parameter

Removed a non-functional mlx5_core node_guid module parameter.

OpenSM Init

Starting from this release, the opensm init service moves from init.d (/etc/init.d/opensmd start) to systemd (# service opensmd start).

Apt Signing Key

Starting from this release, the public key that signed the apt repository of MLNX_OFED is included in the ISO in a format that can be used directly by the apt for repository signatures verification.

IPoIB ULP Mode Deprecation

Starting from this release, MLNX_OFED supports IPoIB enhanced mode only. The ability to switch back to ULP mode using ipoib_enhanced module parameter is not supported. For more information about the enhanced mode, please refer to the OFED user manual, example: Enhanced IP over InfiniBand.

Pre-notification: Deprecation of OFED Public Power PC Installation

Starting from next release, MLNX_OFED releases for Power PC will no longer be available for download from the public Download Center web page.

The following are the new features and changes that were added in this version. The supported adapter cards are specified as follows:

Supported Cards


All HCAs

Supported in the following adapter cards unless specifically stated otherwise:

ConnectX-4/ConnectX-4 Lx/ConnectX-5/ConnectX-6/ConnectX-6 Dx/ConnectX-6 Lx/ConnectX-7/BlueField-2

ConnectX-6 Dx and above

Supported in the following adapter cards unless specifically stated otherwise:

ConnectX-6 Dx/ConnectX-6 Lx/ConnectX-7/BlueField-2

ConnectX-6 and above

Supported in the following adapter cards unless specifically stated otherwise:

ConnectX-6/ConnectX-6 Dx/ConnectX-6 Lx/ConnectX-7/BlueField-2

ConnectX-5 and above

Supported in the following adapter cards unless specifically stated otherwise:

ConnectX-5/ConnectX-6/ConnectX-6 Dx/ConnectX-6 Lx/ConnectX-7/BlueField-2

ConnectX-4 and above

Supported in the following adapter cards unless specifically stated otherwise:

ConnectX-4/ConnectX-4 Lx/ConnectX-5/ConnectX-6/ConnectX-6 Dx/ConnectX-6 Lx/ConnectX-7/BlueField-2




RDMA Features

QKEY Mitigation in the Kernel

QKEY creation with the MSB set is available now for non-privileged users as well.

To allow non-privileged users to create QKEY with MSB set, the below new module parameter was added to ib_uverbs module:

  • Module Parameter: enforce_qkey_check

  • Description: Force QKEY MSB check for non-privileged user on UD QP creation

  • Default: 0 (disabled)

Note: In this release, this module parameter is disabled by default to ensure backward compatibility and give customers the opportunity to update their applications accordingly. In the upcoming release, it will be enabled by default, and later on deprecated.


ASAP2 Features

Header Rewrite and CT Support

[BlueField-2] Added support for offloading CT rules with header rewrite of L3.

CT UDP Unidirectional Traffic Offload

[All HCAs] Added support for offloading long-running unidirectional UDP connection with Conntrack.

CT Rules with NAT and Mirror Offload

[BlueField-2] Added support for offloading CT rules with NAT and mirror.

Core Features

Embedded CPU Virtual Functions

[Bluefield-2] Added the ability to create virtual functions within the ARM.

Full Chip Reset on BlueField-2

[BlueField-2] Full chip reset in DPU mode is now supported on BlueField-2 when using mlxfwreset with the "--sync 1" option. During this flow, the ARM is rebooted and the firmware is reloaded.

Firmware Page Limit via VHCA_ICM_CTRL

[ConnectX-5 and above] Added the ability to expose page limit via the VHCA_ICM_CTRL FW register. The expected behavior is similar to the previous page limit, except for the firmware size limitation. The new max limit is 2^32-1, which represents 'no limit'.

PRE_COPY State Support in the mlx5-vfio Driver

[ConnectX-6 Dx and above] Added support for PRE_COPY migration. The optional PRE_COPY state opens the saving data transfer FD before reaching STOP_COPY, and thereby helps reducing the downtime of the VM.

Lightweight Local SFs

[ConnectX-5 and above] Added a feature that decreases the amount of time needed to probe and configure SFs (s ub-functions) by reducing the time of Devlink reload of the SF.

QEMU Live Migration Support

[ConnectX-6 Dx and above] Added support for QEMU VM migration with an assigned VF from one source host to another destination host. This is achieved as part of the general QEMU migration flow, which involves suspending the VF on the source host, transferring all its data to the destination host, and resuming the VF on the destination.

Note: This migration feature includes basic functionality only, and does not yet support advanced features such as dirty page tracking or pre-copy.

4 Ports VF LAG Support

[ConnectX-7] Added support for VF LAG over 4 ports HCAs.

Note: Only LAGs with all HCA ports are supported. Meaning, with a 4-port HCA, only 4 port LAG is supported. A 2-port or a 3-port LAG is not supported.


FIPS Compliance

[All HCAs] Starting from v23.07, OFED is FIPS (Federal Information Processing Standard) compliant for the RH8.8, RH9.2 and SLES15.5 operating systems. The following limitations should be considered:

  • OFED Installation with FIPS support requires a manual firmware upgrade.

  • OFED Installation with add-kernel-support will result in the removal of the FIPS support.

NetDev Features

Enhanced CQE Compression

[ConnectX-5 and above] Added support for the enhanced version of the RX CQE compression hardware feature. By compressing the RX CQEs, the PCI bandwidth utilization is improved and the load on it is reduced. The enhanced version of this device feature has improved latency and CPU utilization.

256 Bit Keys with kTLS Offload Support

[BlueField-2] Added support for kTLS offload with a 256 bit key size.

Improving Affinity Hints according to Numa Distances

[All HCAs] Updated the binary NUMA preference for the system to consider actual distances. Following the update, remote NUMA nodes with shorter distances are preferred over further ones, rather than relying solely on local/remote distinctions.

Flow Steering Decoupling

[All HCAs] Added the ability to decouple flow steering into a separate module, making it loosely coupled and thus easier to read, maintain and debug.

RDMA Features

Reducing Storage IO Latency for a Large Number of RDMACM Connections

[All HCAs] Reduced the storage IO latency that occurred while establishing a large number of RDMACM (RDMA Connection Manager) connections by setting the RDMACM RoCE static rate to 0.

QKEY Mitigation in the Kernel

[All HCAs] By default, non-privileged users are blocked from setting controlled/privileged QKEYs (QKEY with MSB set).


Fast Update Encryption Key Support

[ConnectX-6 Dx and above] Enhanced the performance of DEK operations by introducing a DEK pool that serves the same key purpose and utilizes bulk allocation, destruction and invalidation provided by the firmware. Users can now retrieve a DEK object from the pool, and update it with a key using the modify_DEK command.

Software Steering

Matching over BTH Acknowledge Bit Support

[Connect-6 DX, Connect-7 and BlueField-2] Added support for matching over BTH acknowledge bit using the mlx5dv_dr API.


Bug fixes

For additional information on the new features, please refer to the MLNX_OFED User Manual.

MLNX_OFED Verbs API Migration

As of MLNX_OFED v5.0 release (Q1 of the year 2020), MLNX_OFED Verbs API have migrated from the legacy version of user space verbs libraries (libibervs, libmlx5, etc.) to the Upstream version rdma-core.

For the list of MLNX_OFED verbs APIs that have been migrated, refer to Migration to RDMA-Core document.

© Copyright 2023, NVIDIA. Last updated on Nov 27, 2023.