openwrt/staging/blogic.git
6 years agos390/qeth: allocate skb from NAPI cache
Julian Wiedmann [Fri, 9 Mar 2018 17:12:57 +0000 (18:12 +0100)]
s390/qeth: allocate skb from NAPI cache

napi_alloc_skb() doesn't need to disable IRQs during the allocation,
and thus may save us a few cycles.
Doing so requires a small fix-up in the HiperTransport path, which
currently assumes a fixed NET_SKB_PAD headroom padding. napi_alloc_skb()
adds an additional NET_IP_ALIGN padding, so use the proper helper for
setting up the mac_header offset.

Use this opportunity to convert the non-NAPI path to netdev_alloc_skb(),
which means that skb->dev is now always set-up during allocation and
doesn't need to be assigned manually.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agos390/qeth: pass correct length to header_ops->create()
Julian Wiedmann [Fri, 9 Mar 2018 17:12:56 +0000 (18:12 +0100)]
s390/qeth: pass correct length to header_ops->create()

We need to pass the *payload* length, not the L2 address length.
For qeth (using eth_header()) this is merely a cosmetic change:
the parameter only matters when building headers for ETH_P_802_2
or ETH_P_802_3, whereas our fake headers are built with
ETH_P_IP / ETH_P_IPV6 / 0.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agos390/qeth: advertise IFF_UNICAST_FLT
Julian Wiedmann [Fri, 9 Mar 2018 17:12:55 +0000 (18:12 +0100)]
s390/qeth: advertise IFF_UNICAST_FLT

qeth implements HW-based Unicast Filtering (via SETVMAC) on L2 devices.
Tell the stack, so it knows that receiving traffic for secondary
addresses doesn't require full-blown promiscuous mode.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agos390/qeth: support SG for more device types
Julian Wiedmann [Fri, 9 Mar 2018 17:12:54 +0000 (18:12 +0100)]
s390/qeth: support SG for more device types

NETIF_F_SG support is currently limited to OSA (and for L2 even OSD)
devices. Advertise it for some more device types (OSM, L2 OSX, z/VM OSA)
that share the same code paths. For now, keep it switched off by
default on these devices.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agos390/qeth: remove outdated portname debug msg
Julian Wiedmann [Fri, 9 Mar 2018 17:12:53 +0000 (18:12 +0100)]
s390/qeth: remove outdated portname debug msg

The 'portname' attribute is deprecated and setting it has no effect.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agos390/qeth: use __ipa_cmd() for casting an IPA cmd buffer
Julian Wiedmann [Fri, 9 Mar 2018 17:12:52 +0000 (18:12 +0100)]
s390/qeth: use __ipa_cmd() for casting an IPA cmd buffer

"s390/qeth: fix SETIP command handling" introduced a new helper, apply
it driver-wide.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: introduce IFF_NO_RX_HANDLER
Paolo Abeni [Fri, 9 Mar 2018 09:39:24 +0000 (10:39 +0100)]
net: introduce IFF_NO_RX_HANDLER

Some network devices - notably ipvlan slave - are not compatible with
any kind of rx_handler. Currently the hook can be installed but any
configuration (bridge, bond, macsec, ...) is nonfunctional.

This change allocates a priv_flag bit to mark such devices and explicitly
forbid installing a rx_handler if such bit is set. The new bit is used
by ipvlan slave device.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agocxgb4: increase max tx rate limit to 100 Gbps
Ganesh Goudar [Fri, 9 Mar 2018 07:30:52 +0000 (13:00 +0530)]
cxgb4: increase max tx rate limit to 100 Gbps

T6 cards can support up to 100 G speeds. So, increase
max programmable tx rate limit to 100 Gbps.

Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agopktgen: Remove VLA usage
Gustavo A. R. Silva [Fri, 9 Mar 2018 05:43:40 +0000 (23:43 -0600)]
pktgen: Remove VLA usage

In preparation to enabling -Wvla, remove VLA usage and replace it
with a fixed-length array instead.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agodrivers: vhost: vsock: fixed a brace coding style issue
Vaibhav Murkute [Fri, 9 Mar 2018 02:56:03 +0000 (08:26 +0530)]
drivers: vhost: vsock: fixed a brace coding style issue

Fixed a coding style issue.

Signed-off-by: Vaibhav Murkute <vaibhavmurkute88@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'hns3-fixes-for-configuration-lost-problems'
David S. Miller [Fri, 9 Mar 2018 16:33:15 +0000 (11:33 -0500)]
Merge branch 'hns3-fixes-for-configuration-lost-problems'

Peng Li says:

====================
fixes for configuration lost problems

This patchset refactors some functions and some bugs in order
to fix the configuration loss problem when resetting and
setting channel number.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix for coal configuation lost when setting the channel
Yunsheng Lin [Fri, 9 Mar 2018 02:37:04 +0000 (10:37 +0800)]
net: hns3: fix for coal configuation lost when setting the channel

This patch fixes the coalesce configuation lost problem when
setting the channel number by restoring all vectors's coalesce
configuation to vector 0's, because all vectors belonging to
the same netdev have the same coalesce configuation for now.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: refactor the coalesce related struct
Yunsheng Lin [Fri, 9 Mar 2018 02:37:03 +0000 (10:37 +0800)]
net: hns3: refactor the coalesce related struct

This patch refoctors the coalesce related struct by introducing
the hns3_enet_coalesce struct, in order to fix the coalesce
configuation lost problem when changing the channel number.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix for coalesce configuration lost during reset
Yunsheng Lin [Fri, 9 Mar 2018 02:37:02 +0000 (10:37 +0800)]
net: hns3: fix for coalesce configuration lost during reset

Coalesce configuration will be set to default value by
hns3_nic_init_vector_data during reset, which causes the
coalesce configuration loss problem.

This patch fixes it by setting the default value in
hns3_nic_alloc_vector_data, which will not be called in the
reset process.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: refactor the get/put_vector function
Yunsheng Lin [Fri, 9 Mar 2018 02:37:01 +0000 (10:37 +0800)]
net: hns3: refactor the get/put_vector function

There is a get_vector function, which allocate the vectors
for a client, but there is not a put_vector to free the
vector.

This patch introduces the put_vector function in order to
fix the coalesce configuration lost problem during reset
process.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix for use-after-free when setting ring parameter
Yunsheng Lin [Fri, 9 Mar 2018 02:37:00 +0000 (10:37 +0800)]
net: hns3: fix for use-after-free when setting ring parameter

In hns3_set_ringparam, hns3_uninit_all_ring frees the
memory pointed by priv->ring_data[i].ring, and
hns3_change_all_ring_bd_num use that pointer without mallocing,
which will cause a use-after-free problem.

The patch fixes it by not freeing the memory in
hns3_uninit_all_ring, and uses hns3_put_ring_config to free it
when necessary.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix for pause configuration lost during reset
Yunsheng Lin [Fri, 9 Mar 2018 02:36:59 +0000 (10:36 +0800)]
net: hns3: fix for pause configuration lost during reset

Pause configuration will be set to default value by hclge_tm_schd_init
during reset, which causes the RSS configuration loss problem.

This patch fixes it by calling hclge_tm_init_hw during reset process
, which will set the pause configuration to default value.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix for RSS configuration loss problem during reset
Yunsheng Lin [Fri, 9 Mar 2018 02:36:58 +0000 (10:36 +0800)]
net: hns3: fix for RSS configuration loss problem during reset

RSS configuration will be set to default value by hclge_rss_init_hw
during reset, which causes the RSS configuration loss problem.

This patch fixes it by setting the default value in
hclge_rss_init_cfg function, which will not be called in the reset
process.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: refactor the hclge_get/set_rss_tuple function
Yunsheng Lin [Fri, 9 Mar 2018 02:36:57 +0000 (10:36 +0800)]
net: hns3: refactor the hclge_get/set_rss_tuple function

This patch refactors the hclge_get/set_rss_tuple function
in order to fix the rss configuration loss problem during
reset process.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: refactor the hclge_get/set_rss function
Yunsheng Lin [Fri, 9 Mar 2018 02:36:56 +0000 (10:36 +0800)]
net: hns3: refactor the hclge_get/set_rss function

This patch refactors the hclge_get/set_rss function in
order to fix the rss configuration loss problem during
reset process.

Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'sched-action-events'
David S. Miller [Fri, 9 Mar 2018 16:25:12 +0000 (11:25 -0500)]
Merge branch 'sched-action-events'

Roman Mashak says:

====================
Fix event generation for actions batch Add/Delete mode

When adding or deleting a batch of entries, the kernel sends upto
TCA_ACT_MAX_PRIO entries in an event to user space. However it does not
consider that the action sizes may vary and require different skb sizes.

For example :

% cat tc-batch.sh
TC="sudo /mnt/iproute2.git/tc/tc"

$TC actions flush action gact
for i in `seq 1 $1`;
do
   cmd="action pass index $i "
   args=$args$cmd
done
$TC actions add $args
%
% ./tc-batch.sh 32
Error: Failed to fill netlink attributes while adding TC action.
We have an error talking to the kernel
%

This patchset introduces new callback in tc_action_ops, which calculates
the action size, and passes size to tcf_add_notify()/tcf_del_notify(). The
patch fixes act_gact, and the rest of actions will be updated in the
follow-up patches.

v3:
   Fixed tcf_action_fill_size() to return shared attrs length when
   action ->get_fill_size() isn't implemented.
v2:
   Restructured patches to make them bisectable.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet sched actions: implement get_fill_size routine in act_gact
Roman Mashak [Thu, 8 Mar 2018 21:59:20 +0000 (16:59 -0500)]
net sched actions: implement get_fill_size routine in act_gact

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet sched actions: calculate add/delete event message size
Roman Mashak [Thu, 8 Mar 2018 21:59:19 +0000 (16:59 -0500)]
net sched actions: calculate add/delete event message size

Introduce routines to calculate size of the shared tc netlink attributes
and the full message size including netlink header and tc service header.

Update add/delete action logic to have the size for event messages,
the size is passed to tcf_add_notify() and tcf_del_notify() where the
notification message is being allocated and constructed.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet sched actions: add new tc_action_ops callback
Roman Mashak [Thu, 8 Mar 2018 21:59:18 +0000 (16:59 -0500)]
net sched actions: add new tc_action_ops callback

Add a new callback in tc_action_ops, it will be needed by the tc actions
to compute its size when a ADD/DELETE notification message is constructed.
This routine has to take into account optional/variable size TLVs specific
per action.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet sched actions: update Add/Delete action API with new argument
Roman Mashak [Thu, 8 Mar 2018 21:59:17 +0000 (16:59 -0500)]
net sched actions: update Add/Delete action API with new argument

Introduce a new function argument to carry total attributes size for
correct allocation of skb in event messages.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: do not create fallback tunnels for non-default namespaces
Eric Dumazet [Thu, 8 Mar 2018 20:51:41 +0000 (12:51 -0800)]
net: do not create fallback tunnels for non-default namespaces

fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.

These tunnels are also automatically created when a new network
namespace is created, at a great cost.

In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)

Add a new sysctl so that we can opt-out from this automatic creation.

Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.

Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
 (for j in `seq 1 100` ; do  unshare -n /bin/true >/dev/null ; done) &
done
wait

lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh

real 0m37.521s
user 0m0.886s
sys 7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh

real 0m4.761s
user 0m0.851s
sys 1m8.343s
lpk43:~#

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agotools: tc-testing: Can pause just before post-suite
Brenda J. Butler [Thu, 8 Mar 2018 20:28:03 +0000 (15:28 -0500)]
tools: tc-testing: Can pause just before post-suite

With option -P, the test script will pause just before
the post_suite functions are called.  This allows the tester to
inspect the system before it is torn down.

Signed-off-by: Brenda J. Butler <bjb@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agotools: tc-testing: Can refer to $TESTID in test spec
Brenda J. Butler [Thu, 8 Mar 2018 20:27:44 +0000 (15:27 -0500)]
tools: tc-testing: Can refer to $TESTID in test spec

When processing the commands in the test cases, substitute
the test id for $TESTID.  This helps to make more flexible
tests.  For example, the testid can be given as a command
line argument.

As an example, if we wish to save the test output to a file
named for the test case, we can write in the test case:

"cmdUnderTest": "some test command | tee -a $TESTID.out"

Signed-off-by: Brenda J. Butler <bjb@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: dsa: mv88e6xxx: Fix irq free'ing
Andrew Lunn [Thu, 8 Mar 2018 20:21:36 +0000 (21:21 +0100)]
net: dsa: mv88e6xxx: Fix irq free'ing

Call the common irq free function, rather than going recursive and
blowing away the stack, followed by the machine.

Fixes: 294d711ee8c0 ("net: dsa: mv88e6xxx: Poll when no interrupt defined")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agotc-testing: add csum tests
Roman Mashak [Thu, 8 Mar 2018 19:56:43 +0000 (14:56 -0500)]
tc-testing: add csum tests

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Tested-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: usb: asix88179_178a: de-duplicate code
Alexander Kurz [Thu, 8 Mar 2018 11:19:54 +0000 (11:19 +0000)]
net: usb: asix88179_178a: de-duplicate code

Remove the duplicated code for asix88179_178a bind and reset methods.

Signed-off-by: Alexander Kurz <akurz@blala.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: usb: asix88179_178a: set permanent address once only
Alexander Kurz [Thu, 8 Mar 2018 11:19:53 +0000 (11:19 +0000)]
net: usb: asix88179_178a: set permanent address once only

The permanent address of asix88179_178a devices is read at probe time
and should not be overwritten later. Otherwise it may be overwritten
unintentionally with a configured address.

Signed-off-by: Alexander Kurz <akurz@blala.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'ntuple-filters-with-RSS'
David S. Miller [Fri, 9 Mar 2018 02:54:52 +0000 (21:54 -0500)]
Merge branch 'ntuple-filters-with-RSS'

Edward Cree says:

====================
ntuple filters with RSS

This series introduces the ability to mark an ethtool steering filter to use
 RSS spreading, and the ability to create and configure multiple RSS contexts
 with different indirection tables, hash keys, and hash fields.
An implementation for the sfc driver (for 7000-series and later SFC NICs) is
 included in patch 2/2.

The anticipated use case of this feature is for steering traffic destined for
 a container (or virtual machine) to the subset of CPUs on which processes in
 the container (or the VM's vCPUs) are bound, while retaining the scalability
 of RSS spreading from the viewpoint inside the container.
The use of both a base queue number (ring_cookie) and indirection table is
 intended to allow re-use of a single RSS context to target multiple sets of
 CPUs.  For instance, if an 8-core system is hosting three containers on CPUs
 [1,2], [3,4] and [6,7], then a single RSS context with an equal-weight [0,1]
 indirection table could be used to target all three containers by setting
 ring_cookie to 1, 3 and 6 on the respective filters.

v2: Initialised ctx in efx_ef10_filter_insert() to avoid (false positive) gcc
 warning.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agosfc: support RSS spreading of ethtool ntuple filters
Edward Cree [Thu, 8 Mar 2018 15:45:17 +0000 (15:45 +0000)]
sfc: support RSS spreading of ethtool ntuple filters

Use a linked list to associate user-facing context IDs with FW-facing
 context IDs (since the latter can change after an MC reset).

Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: ethtool: extend RXNFC API to support RSS spreading of filter matches
Edward Cree [Thu, 8 Mar 2018 15:45:03 +0000 (15:45 +0000)]
net: ethtool: extend RXNFC API to support RSS spreading of filter matches

We use a two-step process to configure a filter with RSS spreading.  First,
 the RSS context is allocated and configured using ETHTOOL_SRSSH; this
 returns an identifier (rss_context) which can then be passed to subsequent
 invocations of ETHTOOL_SRXCLSRLINS to specify that the offset from the RSS
 indirection table lookup should be added to the queue number (ring_cookie)
 when delivering the packet.  Drivers for devices which can only use the
 indirection table entry directly (not add it to a base queue number)
 should reject rule insertions combining RSS with a nonzero ring_cookie.

Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agords: rds_info_from_znotifier() can be static
kbuild test robot [Thu, 8 Mar 2018 11:37:30 +0000 (19:37 +0800)]
rds: rds_info_from_znotifier() can be static

Fixes: 9426bbc6de99 ("rds: use list structure to track information for zerocopy completion notification")
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agords: rds_message_zcopy_from_user() can be static
kbuild test robot [Thu, 8 Mar 2018 10:56:14 +0000 (18:56 +0800)]
rds: rds_message_zcopy_from_user() can be static

Fixes: d40a126b16ea ("rds: refactor zcopy code into rds_message_zcopy_from_user")
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet/ncsi: unlock on error in ncsi_set_interface_nl()
Dan Carpenter [Thu, 8 Mar 2018 09:36:28 +0000 (12:36 +0300)]
net/ncsi: unlock on error in ncsi_set_interface_nl()

There are two error paths which are missing unlocks in this function.

Fixes: 955dc68cb9b2 ("net/ncsi: Add generic netlink family")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet/ncsi: use kfree_skb() instead of kfree()
Dan Carpenter [Thu, 8 Mar 2018 09:36:04 +0000 (12:36 +0300)]
net/ncsi: use kfree_skb() instead of kfree()

We're supposed to use kfree_skb() to free these sk_buffs.

Fixes: 955dc68cb9b2 ("net/ncsi: Add generic netlink family")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoliquidio: avoid doing useless work
Prasad Kanneganti [Thu, 8 Mar 2018 06:23:32 +0000 (22:23 -0800)]
liquidio: avoid doing useless work

Avoid doing useless work by making sure that the response_list is not empty
before scheduling work to process it.

Signed-off-by: Prasad Kanneganti <prasad.kanneganti@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoliquidio: Resolved mbox read issue while reading more than one 64bit data
Intiyaz Basha [Thu, 8 Mar 2018 06:12:24 +0000 (22:12 -0800)]
liquidio: Resolved mbox read issue while reading more than one 64bit data

Corrected length check when data received in the mbox is more than one
64 bit data value

Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge tag 'mlx5-updates-2018-02-28-2' of git://git.kernel.org/pub/scm/linux/kernel...
David S. Miller [Thu, 8 Mar 2018 19:43:48 +0000 (14:43 -0500)]
Merge tag 'mlx5-updates-2018-02-28-2' of git://git./linux/kernel/git/mellanox/linux

Saeed Mahameed says:

====================
mlx5-updates-2018-02-28-2 (IPSec-2)

This series follows our previous one to lay out the foundations for IPSec
in user-space and extend current kernel netdev IPSec support. As noted in
our previous pull request cover letter "mlx5-updates-2018-02-28-1 (IPSec-1)",
the IPSec mechanism will be supported through our flow steering mechanism.
Therefore, we need to change the initialization order. Furthermore, IPsec
is also supported in both egress and ingress. Since our current flow
steering is egress only, we add an empty (only implemented through FPGA
steering ops) egress namespace to handle that case. We also implement
the required flow steering callbacks and logic in our FPGA driver.

We extend the FPGA support for ESN and modifying a xfrm too. Therefore, we
add support for some new FPGA command interface that supports them. The
other required bits are added too. The new features and requirements are
advertised via cap bits.

Last but not least, we revise our driver's accel_esp API. This API will be
shared between our netdev and IB driver, so we need to have all the required
functionality from both worlds.

Regards,
Aviad and Matan
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'ibmvnic-Clean-up-net-close-and-fix-reset-bug'
David S. Miller [Thu, 8 Mar 2018 17:51:46 +0000 (12:51 -0500)]
Merge branch 'ibmvnic-Clean-up-net-close-and-fix-reset-bug'

Thomas Falcon says:

====================
ibmvnic: Clean up net close and fix reset bug

This patch set cleans up and reorganizes the driver's net_device
close function and leverages that to fix up a bug that can occur
during some device resets. Some reset cases require the backing
adapter to be disabled before continuing, but other cases, such as
during a device failover or partition migration, do not require this
step. Since the device will not be initialized at this stage and
its command-processing queue is closed, do not send the request to
disable the device as it could result in an error or timeout
disrupting the reset.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoibmvnic: Do not disable device during failover or partition migration
Thomas Falcon [Wed, 7 Mar 2018 23:51:47 +0000 (17:51 -0600)]
ibmvnic: Do not disable device during failover or partition migration

During a device failover or partition migration reset, it is not
necessary to disable the backing adapter since it should not be
running yet and its Command-Response Queue is closed. Sending
device commands during this time could result in an error or
timeout disrupting the reset process. In these cases, just halt
transmissions, clean up resources, and continue with reset.

Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoibmvnic: Reorganize device close
Thomas Falcon [Wed, 7 Mar 2018 23:51:46 +0000 (17:51 -0600)]
ibmvnic: Reorganize device close

Introduce a function to halt network operations and clean up any
unused or outstanding socket buffers. Then, during device close,
disable backing adapter before halting all queues and performing
cleanup. This ensures all backing device operations will be
stopped before the driver cleans up shared resources.

Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoibmvnic: Clean up device close
Thomas Falcon [Wed, 7 Mar 2018 23:51:45 +0000 (17:51 -0600)]
ibmvnic: Clean up device close

Remove some dead code now that RX pools are being cleaned. This
was included to wait until any pending RX queue interrupts are
processed, but NAPI polling should be disabled by this point.

Another minor change is to use the net device parameter for any
print functions instead of accessing it from the adapter structure.

Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoopenvswitch: fix vport packet length check.
William Tu [Wed, 7 Mar 2018 23:38:48 +0000 (15:38 -0800)]
openvswitch: fix vport packet length check.

When sending a packet to a tunnel device, the dev's hard_header_len
could be larger than the skb->len in function packet_length().
In the case of ip6gretap/erspan, hard_header_len = LL_MAX_HEADER + t_hlen,
which is around 180, and an ARP packet sent to this tunnel has
skb->len = 42.  This causes the 'unsign int length' to become super
large because it is negative value, causing the later ovs_vport_send
to drop it due to over-mtu size.  The patch fixes it by setting it to 0.

Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'pernet-convert-part5'
David S. Miller [Thu, 8 Mar 2018 17:36:46 +0000 (12:36 -0500)]
Merge branch 'pernet-convert-part5'

Kirill Tkhai says:

====================
Converting pernet_operations (part #5)

this series continues to review and to convert pernet_operations
to make them possible to be executed in parallel for several
net namespaces in the same time. There are mostly netfilter
operations (and they should be the last netfilter's), also
there are two patches touching pktgen and xfrm.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convet ipv6_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:41:23 +0000 (12:41 +0300)]
net: Convet ipv6_net_ops

These pernet_operations are similar to ipv4_net_ops.
They are safe to be async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert ipv4_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:41:16 +0000 (12:41 +0300)]
net: Convert ipv4_net_ops

These pernet_operations register and unregister bunch
of nf_conntrack_l4proto. Exit method unregisters related
sysctl, init method calls init_net and get_net_proto.
The whole builtin_l4proto4 array has pretty simple
init_net and get_net_proto methods. The first one register
sysctl table, the second one is just RO memory dereference.
So, these pernet_operations are safe to be marked as async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert iptable_security_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:41:07 +0000 (12:41 +0300)]
net: Convert iptable_security_net_ops

These pernet_operations unregister net::ipv4::iptable_security table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert iptable_raw_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:58 +0000 (12:40 +0300)]
net: Convert iptable_raw_net_ops

These pernet_operations unregister net::ipv4::iptable_raw table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert iptable_nat_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:45 +0000 (12:40 +0300)]
net: Convert iptable_nat_net_ops

These pernet_operations unregister net::ipv4::nat_table table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert iptable_mangle_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:36 +0000 (12:40 +0300)]
net: Convert iptable_mangle_net_ops

These pernet_operations unregister net::ipv4::iptable_mangle table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert arptable_filter_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:28 +0000 (12:40 +0300)]
net: Convert arptable_filter_net_ops

These pernet_operations unregister net::ipv4::arptable_filter.
Another net/pernet_operations do not send arp packets to foreign
net namespaces. So, we mark them async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert pg_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:19 +0000 (12:40 +0300)]
net: Convert pg_net_ops

These pernet_operations create per-net pktgen threads
and /proc entries. These pernet subsys looks closed
in itself, and there are no pernet_operations outside
this file, which are interested in the threads.
Init and/or exit methods look safe to be executed
in parallel.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert nfnl_queue_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:09 +0000 (12:40 +0300)]
net: Convert nfnl_queue_net_ops

These pernet_operations register and unregister net::nf::queue_handler
and /proc entry. The handler is accessed only under RCU, so this looks
safe to convert them.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert nfnl_log_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:40:00 +0000 (12:40 +0300)]
net: Convert nfnl_log_net_ops

These pernet_operations create and destroy /proc entries.
Also, exit method unsets nfulnl_logger. The logger is not
set by default, and it becomes bound via userspace request.
So, they look safe to be made async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert cttimeout_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:39:51 +0000 (12:39 +0300)]
net: Convert cttimeout_ops

These pernet_operations also look closed in themself.
Exit method touch only per-net structures, so it's
safe to execute them for several net namespaces in parallel.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert nfnl_acct_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:39:42 +0000 (12:39 +0300)]
net: Convert nfnl_acct_ops

These pernet_operations look closed in themself,
and there are no other users of net::nfnl_acct_list
outside. They are safe to be executed for several
net namespaces in parallel.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert nfnetlink_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:39:33 +0000 (12:39 +0300)]
net: Convert nfnetlink_net_ops

These pernet_operations create and destroy net::nfnl
socket of NETLINK_NETFILTER code. There are no other
places, where such type the socket is created, except
these pernet_operations. It seem other pernet_operations
depending on CONFIG_NETFILTER_NETLINK send messages
to this socket. So, we mark it async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert nf_tables_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:39:23 +0000 (12:39 +0300)]
net: Convert nf_tables_net_ops

These pernet_operations looks nicely separated per-net.
Exit method unregisters net's nf tables objects.
We allow them be executed in parallel.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert xfrm_user_net_ops
Kirill Tkhai [Wed, 7 Mar 2018 09:39:14 +0000 (12:39 +0300)]
net: Convert xfrm_user_net_ops

These pernet_operations create and destroy net::xfrm::nlsk
socket of NETLINK_XFRM. There is only entry point, where
it's dereferenced, it's xfrm_user_rcv_msg(). There is no
in-kernel senders to this socket.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: Convert ip6 tables pernet_operations
Kirill Tkhai [Wed, 7 Mar 2018 09:39:06 +0000 (12:39 +0300)]
net: Convert ip6 tables pernet_operations

The pernet_operations:

    ip6table_filter_net_ops
    ip6table_mangle_net_ops
    ip6table_nat_net_ops
    ip6table_raw_net_ops
    ip6table_security_net_ops

have exit methods, which call ip6t_unregister_table().
ip6table_filter_net_ops has init method registering
filter table.

Since there must not be in-flight ipv6 packets at the time
of pernet_operations execution and since pernet_operations
don't send ipv6 packets each other, these pernet_operations
are safe to be async.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet/sched: cls_flower: Add support to handle first frag as match field
Pieter Jansen van Vuuren [Tue, 6 Mar 2018 17:11:14 +0000 (18:11 +0100)]
net/sched: cls_flower: Add support to handle first frag as match field

Allow setting firstfrag as matching option in tc flower classifier.

 # tc filter add dev eth0 protocol ip parent ffff: \
     flower indev eth0 \
        ip_flags firstfrag
     action mirred egress redirect dev eth1

Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'hns3-next'
David S. Miller [Thu, 8 Mar 2018 16:23:38 +0000 (11:23 -0500)]
Merge branch 'hns3-next'

Peng Li says:

====================
fix some bugs for hns3 driver

This patchset fix some bugs for hns3 driver.
[Patch 1/6 - Patch 3/6] fix bugs related about VF driver.
[Patch 3/6 - Patch 6/6] fix the bugs about ethtool_ops.set_channels.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info
Peng Li [Thu, 8 Mar 2018 11:41:55 +0000 (19:41 +0800)]
net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info

This patch adds support for VF driver inner interface
hclgevf_ops.get_tqps_and_rss_info. This interface will be
used in the initialization process.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: set the max ring num when alloc netdev
Peng Li [Thu, 8 Mar 2018 11:41:54 +0000 (19:41 +0800)]
net: hns3: set the max ring num when alloc netdev

HNS3 driver should alloc netdev with max support ring num, as
driver support change netdev count by ethtool -L.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix the queue id for tqp enable&&reset
Peng Li [Thu, 8 Mar 2018 11:41:53 +0000 (19:41 +0800)]
net: hns3: fix the queue id for tqp enable&&reset

Command HCLGE_OPC_CFG_COM_TQP_QUEUE should use queue id in the
function, but command HCLGE_OPC_RESET_TQP_QUEUE should use global
queue id.
This patch fixes the queue id about queue enable/disable/reset.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: fix endian issue when PF get mbx message flag
Peng Li [Thu, 8 Mar 2018 11:41:52 +0000 (19:41 +0800)]
net: hns3: fix endian issue when PF get mbx message flag

This patch fixes the endian issue when PF get mbx message flag.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: set the cmdq out_vld bit to 0 after used
Peng Li [Thu, 8 Mar 2018 11:41:51 +0000 (19:41 +0800)]
net: hns3: set the cmdq out_vld bit to 0 after used

Driver check the out_vld bit when get a new cmdq BD, if the bit is 1,
the BD is valid. driver Should set the bit 0 after used and hw will
set the bit 1 if get a valid BD.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: hns3: VF should get the real rss_size instead of rss_size_max
Peng Li [Thu, 8 Mar 2018 11:41:50 +0000 (19:41 +0800)]
net: hns3: VF should get the real rss_size instead of rss_size_max

VF driver should get the real rss_size which is assigned
by host PF, not rss_size_max.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agodevlink: Change dpipe/resource get privileges
Arkadi Sharshevsky [Thu, 8 Mar 2018 10:52:25 +0000 (12:52 +0200)]
devlink: Change dpipe/resource get privileges

Let dpipe/resource be retrieved by unprivileged users.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoselftests/net: enable fragments for fib-onlink-tests
Anders Roxell [Thu, 8 Mar 2018 10:17:23 +0000 (11:17 +0100)]
selftests/net: enable fragments for fib-onlink-tests

We miss CONFIG_* fragments so test fib-onlink-tests.sh can do:
ip li add lisa type vrf table 1101
ip li add veth1 type veth peer name veth2

And the follow message occurs if it isn't enabled:
Configuring interfaces
RTNETLINK answers: Operation not supported

This enables for NET_NRF (and friends) and VETH so we can create a vrf
table and veth.

Fixes: 153e1b84f477 ("selftests: Add FIB onlink tests")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoipvlan: properly annotate rx_handler access
Paolo Abeni [Thu, 8 Mar 2018 09:29:30 +0000 (10:29 +0100)]
ipvlan: properly annotate rx_handler access

The rx_handler field is rcu-protected, but I forgot to use the
proper accessor while refactoring netif_is_ipvlan_port(). Such
function only check the rx_handler value, so it is safe, but we need
to properly read rx_handler via rcu_access_pointer() to avoid sparse
warnings.

Fixes: 1ec54cb44e67 ("net: unpollute priv_flags space")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet/mlx5: Fix wrongly assigned CQ reference counter
Leon Romanovsky [Wed, 28 Feb 2018 09:18:13 +0000 (11:18 +0200)]
net/mlx5: Fix wrongly assigned CQ reference counter

The kernel compiled with CONFIG_REFCOUNT_FULL produces the following
error. The reason to it that initial value of refcount_t is supposed
to be more than 0, change it.

[    3.106634] ------------[ cut here ]------------
[    3.107756] refcount_t: increment on 0; use-after-free.
[    3.109130] WARNING: CPU: 0 PID: 1 at lib/refcount.c:153 refcount_inc+0x27/0x30
[    3.110085] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.0-rc1-00028-gf683e04bdccc #137
[    3.110085] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[    3.110085] RIP: 0010:refcount_inc+0x27/0x30
[    3.110085] RSP: 0000:ffffaa620000fba0 EFLAGS: 00010286
[    3.110085] RAX: 0000000000000000 RBX: ffff9a6d1a1821c8 RCX: ffffffff98a50f48
[    3.110085] RDX: 0000000000000001 RSI: 0000000000000086 RDI: 0000000000000246
[    3.110085] RBP: ffff9a6d1ac800a0 R08: 0000000000000289 R09: 000000000000000a
[    3.110085] R10: fffff03bc0682840 R11: ffffffff9949856d R12: ffff9a6d1b4a4000
[    3.110085] R13: 0000000000000000 R14: ffff9a6d1a0a6c00 R15: ffffaa620000fc5c
[    3.110085] FS:  0000000000000000(0000) GS:ffff9a6d1fc00000(0000) knlGS:0000000000000000
[    3.110085] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    3.110085] CR2: 0000000000000000 CR3: 000000000ba0a000 CR4: 00000000000006b0
[    3.110085] Call Trace:
[    3.110085]  mlx5_core_create_cq+0xde/0x250
[    3.110085]  ? __kmalloc+0x1ce/0x1e0
[    3.110085]  mlx5e_create_cq+0x15c/0x1e0
[    3.110085]  mlx5e_open_drop_rq+0xea/0x190
[    3.110085]  mlx5e_attach_netdev+0x53/0x140
[    3.110085]  mlx5e_attach+0x3d/0x60
[    3.110085]  mlx5e_add+0x11d/0x2f0
[    3.110085]  mlx5_add_device+0x77/0x170
[    3.110085]  mlx5_register_interface+0x74/0xc0
[    3.110085]  ? set_debug_rodata+0x11/0x11
[    3.110085]  init+0x67/0x72
[    3.110085]  ? mlx4_en_init_ptys2ethtool_map+0x346/0x346
[    3.110085]  do_one_initcall+0x98/0x147
[    3.110085]  ? set_debug_rodata+0x11/0x11
[    3.110085]  kernel_init_freeable+0x164/0x1e0
[    3.110085]  ? rest_init+0xb0/0xb0
[    3.110085]  kernel_init+0xa/0x100
[    3.110085]  ret_from_fork+0x35/0x40
[    3.110085] Code: 00 00 00 00 e8 ab ff ff ff 84 c0 74 02 f3 c3 80 3d 3b c3 64 01 00 75 f5 48 c7 c7 68 0b 81 98 c6 05 2b c3 64 01 01 e8 79 d7 a3 ff <0f> ff c3 66 0f 1f 44 00 00 8b 06 83 f8 ff 74 39 31 c9 39 f8 89
[    3.110085] ---[ end trace a0068e1c68438a74 ]---

Fixes: f105b45bf77c ("net/mlx5: CQ hold/put API")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: IPSec, Add support for ESN
Aviad Yehezkel [Thu, 18 Jan 2018 14:02:17 +0000 (16:02 +0200)]
net/mlx5: IPSec, Add support for ESN

Currently ESN is not supported with IPSec device offload.

This patch adds ESN support to IPsec device offload.
Implementing new xfrm device operation to synchronize offloading device
ESN with xfrm received SN. New QP command to update SA state at the
following:

           ESN 1                    ESN 2                  ESN 3
|-----------*-----------|-----------*-----------|-----------*
^           ^           ^           ^           ^           ^

^ - marks where QP command invoked to update the SA ESN state
    machine.
| - marks the start of the ESN scope (0-2^32-1). At this point move SA
    ESN overlap bit to zero and increment ESN.
* - marks the middle of the ESN scope (2^31). At this point move SA
    ESN overlap bit to one.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5e: Added common function for to_ipsec_sa_entry
Aviad Yehezkel [Thu, 18 Jan 2018 14:31:55 +0000 (16:31 +0200)]
net/mlx5e: Added common function for to_ipsec_sa_entry

New function for getting driver internal sa entry from xfrm state.
All checks are done in one function.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: Add flow-steering commands for FPGA IPSec implementation
Aviad Yehezkel [Sun, 18 Feb 2018 13:07:20 +0000 (15:07 +0200)]
net/mlx5: Add flow-steering commands for FPGA IPSec implementation

In order to add a context to the FPGA, we need to get both the software
transform context (which includes the keys, etc) and the
source/destination IPs (which are included in the steering
rule). Therefore, we register new set of firmware like commands for
the FPGA. Each time a rule is added, the steering core infrastructure
calls the FPGA command layer. If the rule is intended for the FPGA,
it combines the IPs information with the software transformation
context and creates the respective hardware transform.
Afterwards, it calls the standard steering command layer.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: Refactor accel IPSec code
Aviad Yehezkel [Thu, 18 Jan 2018 11:05:48 +0000 (13:05 +0200)]
net/mlx5: Refactor accel IPSec code

The current code has one layer that executed FPGA commands and
the Ethernet part directly used this code. Since downstream patches
introduces support for IPSec in mlx5_ib, we need to provide some
abstractions. This patch refactors the accel code into one layer
that creates a software IPSec transformation and another one which
creates the actual hardware context.
The internal command implementation is now hidden in the FPGA
core layer. The code also adds the ability to share FPGA hardware
contexts. If two contexts are the same, only a reference count
is taken.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: Added required metadata capability for ipsec
Aviad Yehezkel [Wed, 17 Jan 2018 09:20:33 +0000 (11:20 +0200)]
net/mlx5: Added required metadata capability for ipsec

Currently our device requires additional metadata in packet
to perform ipsec crypto offload.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: Export ipsec capabilities
Aviad Yehezkel [Mon, 29 Jan 2018 13:05:50 +0000 (15:05 +0200)]
net/mlx5: Export ipsec capabilities

We will need that for ipsec verbs.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: IPSec, Add command V2 support
Aviad Yehezkel [Tue, 16 Jan 2018 14:12:22 +0000 (16:12 +0200)]
net/mlx5: IPSec, Add command V2 support

This patch adds V2 command support.
New fpga devices support extended features (udp encap, esn etc...), this
features require new hardware sadb format therefore we have a new version
of commands to manipulate it.

Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5e: IPSec, Add support for ESP trailer removal by hardware
Yossi Kuperman [Sun, 22 Oct 2017 16:45:45 +0000 (19:45 +0300)]
net/mlx5e: IPSec, Add support for ESP trailer removal by hardware

Current hardware decrypts and authenticates incoming ESP packets.
Subsequently, the software extracts the nexthdr field, truncates the
trailer and adjusts csum accordingly.

With this patch and a capable device, the trailer is being removed
by the hardware and the nexthdr field is conveyed via PET. This way
we avoid both the need to access the trailer (cache miss) and to
compute its relative checksum, which significantly improve
the performance.

Experiment shows that trailer removal improves the performance by
2Gbps, (netperf). Both forwarding and host-to-host configurations.

Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: IPSec, Generalize sandbox QP commands
Yossi Kuperman [Sun, 22 Oct 2017 16:43:58 +0000 (19:43 +0300)]
net/mlx5: IPSec, Generalize sandbox QP commands

The current code assume only SA QP commands.
Refactor in order to pave the way for new QP commands:
1. Generic cmd response format.
2. SA cmd checks are in dedicated functions.
3. Aligned debug prints.

Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
6 years agonet/mlx5: Use MLX5_IPSEC_DEV macro for ipsec caps
Saeed Mahameed [Wed, 7 Mar 2018 23:44:48 +0000 (15:44 -0800)]
net/mlx5: Use MLX5_IPSEC_DEV macro for ipsec caps

Fix build break of mlx5_accel_ipsec_device_caps is not defined when
MLX5_ACCEL is not selected, use MLX5_IPSEC_DEV instead which handles
such case.

Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Reported-by: Doug Ledford <dledford@redhat.com>
6 years agoip6mr: remove synchronize_rcu() in favor of SOCK_RCU_FREE
Eric Dumazet [Wed, 7 Mar 2018 16:43:19 +0000 (08:43 -0800)]
ip6mr: remove synchronize_rcu() in favor of SOCK_RCU_FREE

Kirill found that recently added synchronize_rcu() call in
ip6mr_sk_done()
was slowing down netns dismantle and posted a patch to use it only if
the socket
was found.

I instead suggested to get rid of this call, and use instead
SOCK_RCU_FREE

We might later change IPv4 side to use the same technique and unify
both stacks. IPv4 does not use synchronize_rcu() but has a call_rcu()
that could be replaced by SOCK_RCU_FREE.

Tested:
 time for i in {1..1000}; do unshare -n /bin/false;done

 Before : real 7m18.911s
 After : real 10.187s

Fixes: 8571ab479a6e ("ip6mr: Make mroute_sk rcu-based")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Yuval Mintz <yuvalm@mellanox.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'RDS-zerocopy-code-enhancements'
David S. Miller [Wed, 7 Mar 2018 23:05:57 +0000 (18:05 -0500)]
Merge branch 'RDS-zerocopy-code-enhancements'

Sowmini Varadhan says:

====================
RDS: zerocopy code enhancements

A couple of enhancements to the rds zerocop code
- patch 1 refactors rds_message_copy_from_user to pull the zcopy logic
  into its own function
- patch 2 drops the usage sk_buff to track MSG_ZEROCOPY cookies and
  uses a simple linked list (enhancement suggested by willemb during
  code review)
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agords: use list structure to track information for zerocopy completion notification
Sowmini Varadhan [Tue, 6 Mar 2018 15:22:34 +0000 (07:22 -0800)]
rds: use list structure to track information for zerocopy completion notification

Commit 401910db4cd4 ("rds: deliver zerocopy completion notification
with data") removes support fo r zerocopy completion notification
on the sk_error_queue, thus we no longer need to track the cookie
information in sk_buff structures.

This commit removes the struct sk_buff_head rs_zcookie_queue by
a simpler list that results in a smaller memory footprint as well
as more efficient memory_allocation time.

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agords: refactor zcopy code into rds_message_zcopy_from_user
Sowmini Varadhan [Tue, 6 Mar 2018 15:22:33 +0000 (07:22 -0800)]
rds: refactor zcopy code into rds_message_zcopy_from_user

Move the large block of code predicated on zcopy from
rds_message_copy_from_user into a new function,
rds_message_zcopy_from_user()

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agocxgb3: remove VLA usage
Gustavo A. R. Silva [Wed, 7 Mar 2018 18:03:33 +0000 (12:03 -0600)]
cxgb3: remove VLA usage

Remove VLA usage and change the 'len' argument to a u8 and use a 256
byte buffer on the stack. Notice that these lengths are limited by the
encoding field in the VPD structure, which is a u8 [1].

[1] https://marc.info/?l=linux-netdev&m=152044354814024&w=2

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agosock: Fix SO_ZEROCOPY switch case
Jesus Sanchez-Palencia [Wed, 7 Mar 2018 17:40:57 +0000 (09:40 -0800)]
sock: Fix SO_ZEROCOPY switch case

Fix the SO_ZEROCOPY switch case on sock_setsockopt() avoiding the
ret values to be overwritten by the one set on the default case.

Fixes: 28190752c7092 ("sock: permit SO_ZEROCOPY on PF_RDS socket")
Signed-off-by: Jesus Sanchez-Palencia <jesus.sanchez-palencia@intel.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge branch 'mvpp2-ucast-filter'
David S. Miller [Wed, 7 Mar 2018 20:53:39 +0000 (15:53 -0500)]
Merge branch 'mvpp2-ucast-filter'

Maxime Chevallier says:

====================
net: mvpp2: Add Unicast filtering capabilities

This series adds unicast filtering support to the Marvell PPv2 controller.

This is implemented using the header parser cababilities of the PPv2,
which allows for generic packet filtering based on matching patterns in
the packet headers.

PPv2 controller only has 256 of these entries, and we need to share them
with other features, such as VLAN filtering.

For each interface, we have 5 entries dedicated to unicast filtering (the
controller's own address, and 4 other), and 21 to multicast filtering.

When this number is reached, the controller switches to unicast or
multicast promiscuous mode.

The first patch reworks the function that adds and removes addresses to the
filter. This is preparatory work to ease UC filter implementation.

The second patch adds the UC filtering feature.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: mvpp2: Add support for unicast filtering
Maxime Chevallier [Wed, 7 Mar 2018 14:18:04 +0000 (15:18 +0100)]
net: mvpp2: Add support for unicast filtering

Marvell PPv2 controller can be used to implement packet filtering based
on the destination MAC address. This is already used to implement
multicast filtering. This patch adds support for Unicast filtering.

Filtering is based on so-called "TCAM entries" to implement filtering.
Due to their limited number and the fact that these are also used for
other purposes, we reserve 80 entries for both unicast and multicast
filters. On top of the broadcast address, and each interface's own MAC
address, we reserve 25 entries per port, 4 for unicast filters, 21 for
multicast.

Whenever unicast or multicast range for one port is full, the filtering
is disabled and port goes into promiscuous mode for the given type of
addresses.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: mvpp2: Simplify MAC filtering function parameters
Maxime Chevallier [Wed, 7 Mar 2018 14:18:03 +0000 (15:18 +0100)]
net: mvpp2: Simplify MAC filtering function parameters

The mvpp2_prs_mac_da_accept function takes into parameter both the
struct representing the controller and the port id. This is meaningful
when we want to create TCAM entries for non-initialized ports, but in
this case we expect the port to be initialized before starting adding or
removing MAC addresses to the per-port filter.

This commit changes the function so that it takes struct mvpp2_port as
a parameter instead.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoselftests: forwarding: fix flags passed to first drop rule in gact_drop_and_ok_test
Jiri Pirko [Wed, 7 Mar 2018 12:58:00 +0000 (13:58 +0100)]
selftests: forwarding: fix flags passed to first drop rule in gact_drop_and_ok_test

Fix copy&paste error and pass proper flags.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoselftests: forwarding: fix "ok" action test
Jiri Pirko [Wed, 7 Mar 2018 12:57:59 +0000 (13:57 +0100)]
selftests: forwarding: fix "ok" action test

Fix the "ok" action test so it checks that packet that is okayed does not
continue to be processed by other rules. Fix error message as well.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: cdc_eem: clean up bind error path
Johan Hovold [Wed, 7 Mar 2018 09:46:58 +0000 (10:46 +0100)]
net: cdc_eem: clean up bind error path

Drop bogus call to usb_driver_release_interface() from an error path in
the usbnet bind() callback, which is called during interface probe. At
this point the interface is not bound and usb_driver_release_interface()
returns early.

Also remove the bogus call to clear the interface data, which is owned
by the usbnet driver and would not even have been set by the time bind()
is called.

Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agonet: kalmia: clean up bind error path
Johan Hovold [Wed, 7 Mar 2018 09:46:57 +0000 (10:46 +0100)]
net: kalmia: clean up bind error path

Drop bogus call to usb_driver_release_interface() from an error path in
the usbnet bind() callback, which is called during interface probe. At
this point the interface is not bound and usb_driver_release_interface()
returns early.

Also remove the bogus call to clear the interface data, which is owned
by the usbnet driver and would not even have been set by the time bind()
is called.

Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
6 years agoMerge tag 'mlx5-updates-2018-02-28-1' of git://git.kernel.org/pub/scm/linux/kernel...
David S. Miller [Wed, 7 Mar 2018 20:28:13 +0000 (15:28 -0500)]
Merge tag 'mlx5-updates-2018-02-28-1' of git://git./linux/kernel/git/mellanox/linux

Saeed Mahameed says:

====================
mlx5-updates-2018-02-28-1 (IPSec-1)

This series consists of some fixes and refactors for the mlx5 drivers,
especially around the FPGA and flow steering. Most of them are trivial
fixes and are the foundation of allowing IPSec acceleration from user-space.

We use flow steering abstraction in order to accelerate IPSec packets.
When a user creates a steering rule, [s]he states that we'll carry an
encrypt/decrypt flow action (using a specific configuration) for every
packet which conforms to a certain match. Since currently offloading these
packets is done via FPGA, we'll add another set of flow steering ops.
These ops will execute the required FPGA commands and then call the
standard steering ops.

In order to achieve this, we need that the commands will get all the
required information. Therefore, we pass the fte object and embed the
flow_action struct inside the fte. In addition, we add the shim layer
that will later be used for alternating between the standard and the
FPGA steering commands.

Some fixes, like " net/mlx5e: Wait for FPGA command responses with a timeout"
are very relevant for user-space applications, as these applications could
be killed, but we still want to wait for the FPGA and update the kernel's
database.

Regards,
Aviad and Matan
====================

Signed-off-by: David S. Miller <davem@davemloft.net>