Julian Wiedmann [Fri, 9 Mar 2018 17:13:00 +0000 (18:13 +0100)]
s390/qeth: restructure IP notification handlers
Extract a helper that does the actual work & returns the right NOTIFY_*
responses, and start putting the temporary ipaddr container objects
on the stack rather than kmalloc'ing them. They are small, and this
reduces the confusion of which objects actually get added to qeth's
IP tables.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:59 +0000 (18:12 +0100)]
s390/qeth: reset NAPI context during queue init
init_qdio_queues() resets the Input Queue's overall QDIO state, and
positions the buffer cursor back to 0. So this is the obvious place to
also reset the queue's NAPI context (in contrast to doing it rather
randomly in the middle of the big set_online() path).
No functional change.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:58 +0000 (18:12 +0100)]
s390/qeth: reduce RX skb setup
Newly-allocated skbs default to PACKET_HOST, and eth_type_trans() is
smart enough to determine any other packet type from the frame's
destination address.
So except for the IQD sniffer case, there is no need to set up
skb->pkt_type manually.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:57 +0000 (18:12 +0100)]
s390/qeth: allocate skb from NAPI cache
napi_alloc_skb() doesn't need to disable IRQs during the allocation,
and thus may save us a few cycles.
Doing so requires a small fix-up in the HiperTransport path, which
currently assumes a fixed NET_SKB_PAD headroom padding. napi_alloc_skb()
adds an additional NET_IP_ALIGN padding, so use the proper helper for
setting up the mac_header offset.
Use this opportunity to convert the non-NAPI path to netdev_alloc_skb(),
which means that skb->dev is now always set-up during allocation and
doesn't need to be assigned manually.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:56 +0000 (18:12 +0100)]
s390/qeth: pass correct length to header_ops->create()
We need to pass the *payload* length, not the L2 address length.
For qeth (using eth_header()) this is merely a cosmetic change:
the parameter only matters when building headers for ETH_P_802_2
or ETH_P_802_3, whereas our fake headers are built with
ETH_P_IP / ETH_P_IPV6 / 0.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:55 +0000 (18:12 +0100)]
s390/qeth: advertise IFF_UNICAST_FLT
qeth implements HW-based Unicast Filtering (via SETVMAC) on L2 devices.
Tell the stack, so it knows that receiving traffic for secondary
addresses doesn't require full-blown promiscuous mode.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:54 +0000 (18:12 +0100)]
s390/qeth: support SG for more device types
NETIF_F_SG support is currently limited to OSA (and for L2 even OSD)
devices. Advertise it for some more device types (OSM, L2 OSX, z/VM OSA)
that share the same code paths. For now, keep it switched off by
default on these devices.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:53 +0000 (18:12 +0100)]
s390/qeth: remove outdated portname debug msg
The 'portname' attribute is deprecated and setting it has no effect.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Wiedmann [Fri, 9 Mar 2018 17:12:52 +0000 (18:12 +0100)]
s390/qeth: use __ipa_cmd() for casting an IPA cmd buffer
"s390/qeth: fix SETIP command handling" introduced a new helper, apply
it driver-wide.
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paolo Abeni [Fri, 9 Mar 2018 09:39:24 +0000 (10:39 +0100)]
net: introduce IFF_NO_RX_HANDLER
Some network devices - notably ipvlan slave - are not compatible with
any kind of rx_handler. Currently the hook can be installed but any
configuration (bridge, bond, macsec, ...) is nonfunctional.
This change allocates a priv_flag bit to mark such devices and explicitly
forbid installing a rx_handler if such bit is set. The new bit is used
by ipvlan slave device.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ganesh Goudar [Fri, 9 Mar 2018 07:30:52 +0000 (13:00 +0530)]
cxgb4: increase max tx rate limit to 100 Gbps
T6 cards can support up to 100 G speeds. So, increase
max programmable tx rate limit to 100 Gbps.
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gustavo A. R. Silva [Fri, 9 Mar 2018 05:43:40 +0000 (23:43 -0600)]
pktgen: Remove VLA usage
In preparation to enabling -Wvla, remove VLA usage and replace it
with a fixed-length array instead.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vaibhav Murkute [Fri, 9 Mar 2018 02:56:03 +0000 (08:26 +0530)]
drivers: vhost: vsock: fixed a brace coding style issue
Fixed a coding style issue.
Signed-off-by: Vaibhav Murkute <vaibhavmurkute88@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 9 Mar 2018 16:33:15 +0000 (11:33 -0500)]
Merge branch 'hns3-fixes-for-configuration-lost-problems'
Peng Li says:
====================
fixes for configuration lost problems
This patchset refactors some functions and some bugs in order
to fix the configuration loss problem when resetting and
setting channel number.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:37:04 +0000 (10:37 +0800)]
net: hns3: fix for coal configuation lost when setting the channel
This patch fixes the coalesce configuation lost problem when
setting the channel number by restoring all vectors's coalesce
configuation to vector 0's, because all vectors belonging to
the same netdev have the same coalesce configuation for now.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:37:03 +0000 (10:37 +0800)]
net: hns3: refactor the coalesce related struct
This patch refoctors the coalesce related struct by introducing
the hns3_enet_coalesce struct, in order to fix the coalesce
configuation lost problem when changing the channel number.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:37:02 +0000 (10:37 +0800)]
net: hns3: fix for coalesce configuration lost during reset
Coalesce configuration will be set to default value by
hns3_nic_init_vector_data during reset, which causes the
coalesce configuration loss problem.
This patch fixes it by setting the default value in
hns3_nic_alloc_vector_data, which will not be called in the
reset process.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:37:01 +0000 (10:37 +0800)]
net: hns3: refactor the get/put_vector function
There is a get_vector function, which allocate the vectors
for a client, but there is not a put_vector to free the
vector.
This patch introduces the put_vector function in order to
fix the coalesce configuration lost problem during reset
process.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:37:00 +0000 (10:37 +0800)]
net: hns3: fix for use-after-free when setting ring parameter
In hns3_set_ringparam, hns3_uninit_all_ring frees the
memory pointed by priv->ring_data[i].ring, and
hns3_change_all_ring_bd_num use that pointer without mallocing,
which will cause a use-after-free problem.
The patch fixes it by not freeing the memory in
hns3_uninit_all_ring, and uses hns3_put_ring_config to free it
when necessary.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:36:59 +0000 (10:36 +0800)]
net: hns3: fix for pause configuration lost during reset
Pause configuration will be set to default value by hclge_tm_schd_init
during reset, which causes the RSS configuration loss problem.
This patch fixes it by calling hclge_tm_init_hw during reset process
, which will set the pause configuration to default value.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:36:58 +0000 (10:36 +0800)]
net: hns3: fix for RSS configuration loss problem during reset
RSS configuration will be set to default value by hclge_rss_init_hw
during reset, which causes the RSS configuration loss problem.
This patch fixes it by setting the default value in
hclge_rss_init_cfg function, which will not be called in the reset
process.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:36:57 +0000 (10:36 +0800)]
net: hns3: refactor the hclge_get/set_rss_tuple function
This patch refactors the hclge_get/set_rss_tuple function
in order to fix the rss configuration loss problem during
reset process.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yunsheng Lin [Fri, 9 Mar 2018 02:36:56 +0000 (10:36 +0800)]
net: hns3: refactor the hclge_get/set_rss function
This patch refactors the hclge_get/set_rss function in
order to fix the rss configuration loss problem during
reset process.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 9 Mar 2018 16:25:12 +0000 (11:25 -0500)]
Merge branch 'sched-action-events'
Roman Mashak says:
====================
Fix event generation for actions batch Add/Delete mode
When adding or deleting a batch of entries, the kernel sends upto
TCA_ACT_MAX_PRIO entries in an event to user space. However it does not
consider that the action sizes may vary and require different skb sizes.
For example :
% cat tc-batch.sh
TC="sudo /mnt/iproute2.git/tc/tc"
$TC actions flush action gact
for i in `seq 1 $1`;
do
cmd="action pass index $i "
args=$args$cmd
done
$TC actions add $args
%
% ./tc-batch.sh 32
Error: Failed to fill netlink attributes while adding TC action.
We have an error talking to the kernel
%
This patchset introduces new callback in tc_action_ops, which calculates
the action size, and passes size to tcf_add_notify()/tcf_del_notify(). The
patch fixes act_gact, and the rest of actions will be updated in the
follow-up patches.
v3:
Fixed tcf_action_fill_size() to return shared attrs length when
action ->get_fill_size() isn't implemented.
v2:
Restructured patches to make them bisectable.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Roman Mashak [Thu, 8 Mar 2018 21:59:20 +0000 (16:59 -0500)]
net sched actions: implement get_fill_size routine in act_gact
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Roman Mashak [Thu, 8 Mar 2018 21:59:19 +0000 (16:59 -0500)]
net sched actions: calculate add/delete event message size
Introduce routines to calculate size of the shared tc netlink attributes
and the full message size including netlink header and tc service header.
Update add/delete action logic to have the size for event messages,
the size is passed to tcf_add_notify() and tcf_del_notify() where the
notification message is being allocated and constructed.
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Roman Mashak [Thu, 8 Mar 2018 21:59:18 +0000 (16:59 -0500)]
net sched actions: add new tc_action_ops callback
Add a new callback in tc_action_ops, it will be needed by the tc actions
to compute its size when a ADD/DELETE notification message is constructed.
This routine has to take into account optional/variable size TLVs specific
per action.
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Roman Mashak [Thu, 8 Mar 2018 21:59:17 +0000 (16:59 -0500)]
net sched actions: update Add/Delete action API with new argument
Introduce a new function argument to carry total attributes size for
correct allocation of skb in event messages.
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 8 Mar 2018 20:51:41 +0000 (12:51 -0800)]
net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.
These tunnels are also automatically created when a new network
namespace is created, at a great cost.
In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)
Add a new sysctl so that we can opt-out from this automatic creation.
Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.
Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
(for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
done
wait
lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m37.521s
user 0m0.886s
sys 7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m4.761s
user 0m0.851s
sys 1m8.343s
lpk43:~#
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Brenda J. Butler [Thu, 8 Mar 2018 20:28:03 +0000 (15:28 -0500)]
tools: tc-testing: Can pause just before post-suite
With option -P, the test script will pause just before
the post_suite functions are called. This allows the tester to
inspect the system before it is torn down.
Signed-off-by: Brenda J. Butler <bjb@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Brenda J. Butler [Thu, 8 Mar 2018 20:27:44 +0000 (15:27 -0500)]
tools: tc-testing: Can refer to $TESTID in test spec
When processing the commands in the test cases, substitute
the test id for $TESTID. This helps to make more flexible
tests. For example, the testid can be given as a command
line argument.
As an example, if we wish to save the test output to a file
named for the test case, we can write in the test case:
"cmdUnderTest": "some test command | tee -a $TESTID.out"
Signed-off-by: Brenda J. Butler <bjb@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Andrew Lunn [Thu, 8 Mar 2018 20:21:36 +0000 (21:21 +0100)]
net: dsa: mv88e6xxx: Fix irq free'ing
Call the common irq free function, rather than going recursive and
blowing away the stack, followed by the machine.
Fixes:
294d711ee8c0 ("net: dsa: mv88e6xxx: Poll when no interrupt defined")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Roman Mashak [Thu, 8 Mar 2018 19:56:43 +0000 (14:56 -0500)]
tc-testing: add csum tests
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Tested-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexander Kurz [Thu, 8 Mar 2018 11:19:54 +0000 (11:19 +0000)]
net: usb: asix88179_178a: de-duplicate code
Remove the duplicated code for asix88179_178a bind and reset methods.
Signed-off-by: Alexander Kurz <akurz@blala.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexander Kurz [Thu, 8 Mar 2018 11:19:53 +0000 (11:19 +0000)]
net: usb: asix88179_178a: set permanent address once only
The permanent address of asix88179_178a devices is read at probe time
and should not be overwritten later. Otherwise it may be overwritten
unintentionally with a configured address.
Signed-off-by: Alexander Kurz <akurz@blala.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 9 Mar 2018 02:54:52 +0000 (21:54 -0500)]
Merge branch 'ntuple-filters-with-RSS'
Edward Cree says:
====================
ntuple filters with RSS
This series introduces the ability to mark an ethtool steering filter to use
RSS spreading, and the ability to create and configure multiple RSS contexts
with different indirection tables, hash keys, and hash fields.
An implementation for the sfc driver (for 7000-series and later SFC NICs) is
included in patch 2/2.
The anticipated use case of this feature is for steering traffic destined for
a container (or virtual machine) to the subset of CPUs on which processes in
the container (or the VM's vCPUs) are bound, while retaining the scalability
of RSS spreading from the viewpoint inside the container.
The use of both a base queue number (ring_cookie) and indirection table is
intended to allow re-use of a single RSS context to target multiple sets of
CPUs. For instance, if an 8-core system is hosting three containers on CPUs
[1,2], [3,4] and [6,7], then a single RSS context with an equal-weight [0,1]
indirection table could be used to target all three containers by setting
ring_cookie to 1, 3 and 6 on the respective filters.
v2: Initialised ctx in efx_ef10_filter_insert() to avoid (false positive) gcc
warning.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Edward Cree [Thu, 8 Mar 2018 15:45:17 +0000 (15:45 +0000)]
sfc: support RSS spreading of ethtool ntuple filters
Use a linked list to associate user-facing context IDs with FW-facing
context IDs (since the latter can change after an MC reset).
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Edward Cree [Thu, 8 Mar 2018 15:45:03 +0000 (15:45 +0000)]
net: ethtool: extend RXNFC API to support RSS spreading of filter matches
We use a two-step process to configure a filter with RSS spreading. First,
the RSS context is allocated and configured using ETHTOOL_SRSSH; this
returns an identifier (rss_context) which can then be passed to subsequent
invocations of ETHTOOL_SRXCLSRLINS to specify that the offset from the RSS
indirection table lookup should be added to the queue number (ring_cookie)
when delivering the packet. Drivers for devices which can only use the
indirection table entry directly (not add it to a base queue number)
should reject rule insertions combining RSS with a nonzero ring_cookie.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
kbuild test robot [Thu, 8 Mar 2018 11:37:30 +0000 (19:37 +0800)]
rds: rds_info_from_znotifier() can be static
Fixes:
9426bbc6de99 ("rds: use list structure to track information for zerocopy completion notification")
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
kbuild test robot [Thu, 8 Mar 2018 10:56:14 +0000 (18:56 +0800)]
rds: rds_message_zcopy_from_user() can be static
Fixes:
d40a126b16ea ("rds: refactor zcopy code into rds_message_zcopy_from_user")
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Thu, 8 Mar 2018 09:36:28 +0000 (12:36 +0300)]
net/ncsi: unlock on error in ncsi_set_interface_nl()
There are two error paths which are missing unlocks in this function.
Fixes:
955dc68cb9b2 ("net/ncsi: Add generic netlink family")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Thu, 8 Mar 2018 09:36:04 +0000 (12:36 +0300)]
net/ncsi: use kfree_skb() instead of kfree()
We're supposed to use kfree_skb() to free these sk_buffs.
Fixes:
955dc68cb9b2 ("net/ncsi: Add generic netlink family")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Prasad Kanneganti [Thu, 8 Mar 2018 06:23:32 +0000 (22:23 -0800)]
liquidio: avoid doing useless work
Avoid doing useless work by making sure that the response_list is not empty
before scheduling work to process it.
Signed-off-by: Prasad Kanneganti <prasad.kanneganti@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Intiyaz Basha [Thu, 8 Mar 2018 06:12:24 +0000 (22:12 -0800)]
liquidio: Resolved mbox read issue while reading more than one 64bit data
Corrected length check when data received in the mbox is more than one
64 bit data value
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 8 Mar 2018 19:43:48 +0000 (14:43 -0500)]
Merge tag 'mlx5-updates-2018-02-28-2' of git://git./linux/kernel/git/mellanox/linux
Saeed Mahameed says:
====================
mlx5-updates-2018-02-28-2 (IPSec-2)
This series follows our previous one to lay out the foundations for IPSec
in user-space and extend current kernel netdev IPSec support. As noted in
our previous pull request cover letter "mlx5-updates-2018-02-28-1 (IPSec-1)",
the IPSec mechanism will be supported through our flow steering mechanism.
Therefore, we need to change the initialization order. Furthermore, IPsec
is also supported in both egress and ingress. Since our current flow
steering is egress only, we add an empty (only implemented through FPGA
steering ops) egress namespace to handle that case. We also implement
the required flow steering callbacks and logic in our FPGA driver.
We extend the FPGA support for ESN and modifying a xfrm too. Therefore, we
add support for some new FPGA command interface that supports them. The
other required bits are added too. The new features and requirements are
advertised via cap bits.
Last but not least, we revise our driver's accel_esp API. This API will be
shared between our netdev and IB driver, so we need to have all the required
functionality from both worlds.
Regards,
Aviad and Matan
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 8 Mar 2018 17:51:46 +0000 (12:51 -0500)]
Merge branch 'ibmvnic-Clean-up-net-close-and-fix-reset-bug'
Thomas Falcon says:
====================
ibmvnic: Clean up net close and fix reset bug
This patch set cleans up and reorganizes the driver's net_device
close function and leverages that to fix up a bug that can occur
during some device resets. Some reset cases require the backing
adapter to be disabled before continuing, but other cases, such as
during a device failover or partition migration, do not require this
step. Since the device will not be initialized at this stage and
its command-processing queue is closed, do not send the request to
disable the device as it could result in an error or timeout
disrupting the reset.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Wed, 7 Mar 2018 23:51:47 +0000 (17:51 -0600)]
ibmvnic: Do not disable device during failover or partition migration
During a device failover or partition migration reset, it is not
necessary to disable the backing adapter since it should not be
running yet and its Command-Response Queue is closed. Sending
device commands during this time could result in an error or
timeout disrupting the reset process. In these cases, just halt
transmissions, clean up resources, and continue with reset.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Wed, 7 Mar 2018 23:51:46 +0000 (17:51 -0600)]
ibmvnic: Reorganize device close
Introduce a function to halt network operations and clean up any
unused or outstanding socket buffers. Then, during device close,
disable backing adapter before halting all queues and performing
cleanup. This ensures all backing device operations will be
stopped before the driver cleans up shared resources.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Wed, 7 Mar 2018 23:51:45 +0000 (17:51 -0600)]
ibmvnic: Clean up device close
Remove some dead code now that RX pools are being cleaned. This
was included to wait until any pending RX queue interrupts are
processed, but NAPI polling should be disabled by this point.
Another minor change is to use the net device parameter for any
print functions instead of accessing it from the adapter structure.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
William Tu [Wed, 7 Mar 2018 23:38:48 +0000 (15:38 -0800)]
openvswitch: fix vport packet length check.
When sending a packet to a tunnel device, the dev's hard_header_len
could be larger than the skb->len in function packet_length().
In the case of ip6gretap/erspan, hard_header_len = LL_MAX_HEADER + t_hlen,
which is around 180, and an ARP packet sent to this tunnel has
skb->len = 42. This causes the 'unsign int length' to become super
large because it is negative value, causing the later ovs_vport_send
to drop it due to over-mtu size. The patch fixes it by setting it to 0.
Signed-off-by: William Tu <u9012063@gmail.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 8 Mar 2018 17:36:46 +0000 (12:36 -0500)]
Merge branch 'pernet-convert-part5'
Kirill Tkhai says:
====================
Converting pernet_operations (part #5)
this series continues to review and to convert pernet_operations
to make them possible to be executed in parallel for several
net namespaces in the same time. There are mostly netfilter
operations (and they should be the last netfilter's), also
there are two patches touching pktgen and xfrm.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:41:23 +0000 (12:41 +0300)]
net: Convet ipv6_net_ops
These pernet_operations are similar to ipv4_net_ops.
They are safe to be async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:41:16 +0000 (12:41 +0300)]
net: Convert ipv4_net_ops
These pernet_operations register and unregister bunch
of nf_conntrack_l4proto. Exit method unregisters related
sysctl, init method calls init_net and get_net_proto.
The whole builtin_l4proto4 array has pretty simple
init_net and get_net_proto methods. The first one register
sysctl table, the second one is just RO memory dereference.
So, these pernet_operations are safe to be marked as async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:41:07 +0000 (12:41 +0300)]
net: Convert iptable_security_net_ops
These pernet_operations unregister net::ipv4::iptable_security table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:58 +0000 (12:40 +0300)]
net: Convert iptable_raw_net_ops
These pernet_operations unregister net::ipv4::iptable_raw table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:45 +0000 (12:40 +0300)]
net: Convert iptable_nat_net_ops
These pernet_operations unregister net::ipv4::nat_table table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:36 +0000 (12:40 +0300)]
net: Convert iptable_mangle_net_ops
These pernet_operations unregister net::ipv4::iptable_mangle table.
Another net/pernet_operations do not send ipv4 packets to foreign
net namespaces. So, we mark them async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:28 +0000 (12:40 +0300)]
net: Convert arptable_filter_net_ops
These pernet_operations unregister net::ipv4::arptable_filter.
Another net/pernet_operations do not send arp packets to foreign
net namespaces. So, we mark them async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:19 +0000 (12:40 +0300)]
net: Convert pg_net_ops
These pernet_operations create per-net pktgen threads
and /proc entries. These pernet subsys looks closed
in itself, and there are no pernet_operations outside
this file, which are interested in the threads.
Init and/or exit methods look safe to be executed
in parallel.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:09 +0000 (12:40 +0300)]
net: Convert nfnl_queue_net_ops
These pernet_operations register and unregister net::nf::queue_handler
and /proc entry. The handler is accessed only under RCU, so this looks
safe to convert them.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:40:00 +0000 (12:40 +0300)]
net: Convert nfnl_log_net_ops
These pernet_operations create and destroy /proc entries.
Also, exit method unsets nfulnl_logger. The logger is not
set by default, and it becomes bound via userspace request.
So, they look safe to be made async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:39:51 +0000 (12:39 +0300)]
net: Convert cttimeout_ops
These pernet_operations also look closed in themself.
Exit method touch only per-net structures, so it's
safe to execute them for several net namespaces in parallel.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:39:42 +0000 (12:39 +0300)]
net: Convert nfnl_acct_ops
These pernet_operations look closed in themself,
and there are no other users of net::nfnl_acct_list
outside. They are safe to be executed for several
net namespaces in parallel.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:39:33 +0000 (12:39 +0300)]
net: Convert nfnetlink_net_ops
These pernet_operations create and destroy net::nfnl
socket of NETLINK_NETFILTER code. There are no other
places, where such type the socket is created, except
these pernet_operations. It seem other pernet_operations
depending on CONFIG_NETFILTER_NETLINK send messages
to this socket. So, we mark it async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:39:23 +0000 (12:39 +0300)]
net: Convert nf_tables_net_ops
These pernet_operations looks nicely separated per-net.
Exit method unregisters net's nf tables objects.
We allow them be executed in parallel.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:39:14 +0000 (12:39 +0300)]
net: Convert xfrm_user_net_ops
These pernet_operations create and destroy net::xfrm::nlsk
socket of NETLINK_XFRM. There is only entry point, where
it's dereferenced, it's xfrm_user_rcv_msg(). There is no
in-kernel senders to this socket.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Tkhai [Wed, 7 Mar 2018 09:39:06 +0000 (12:39 +0300)]
net: Convert ip6 tables pernet_operations
The pernet_operations:
ip6table_filter_net_ops
ip6table_mangle_net_ops
ip6table_nat_net_ops
ip6table_raw_net_ops
ip6table_security_net_ops
have exit methods, which call ip6t_unregister_table().
ip6table_filter_net_ops has init method registering
filter table.
Since there must not be in-flight ipv6 packets at the time
of pernet_operations execution and since pernet_operations
don't send ipv6 packets each other, these pernet_operations
are safe to be async.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pieter Jansen van Vuuren [Tue, 6 Mar 2018 17:11:14 +0000 (18:11 +0100)]
net/sched: cls_flower: Add support to handle first frag as match field
Allow setting firstfrag as matching option in tc flower classifier.
# tc filter add dev eth0 protocol ip parent ffff: \
flower indev eth0 \
ip_flags firstfrag
action mirred egress redirect dev eth1
Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 8 Mar 2018 16:23:38 +0000 (11:23 -0500)]
Merge branch 'hns3-next'
Peng Li says:
====================
fix some bugs for hns3 driver
This patchset fix some bugs for hns3 driver.
[Patch 1/6 - Patch 3/6] fix bugs related about VF driver.
[Patch 3/6 - Patch 6/6] fix the bugs about ethtool_ops.set_channels.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Li [Thu, 8 Mar 2018 11:41:55 +0000 (19:41 +0800)]
net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info
This patch adds support for VF driver inner interface
hclgevf_ops.get_tqps_and_rss_info. This interface will be
used in the initialization process.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Li [Thu, 8 Mar 2018 11:41:54 +0000 (19:41 +0800)]
net: hns3: set the max ring num when alloc netdev
HNS3 driver should alloc netdev with max support ring num, as
driver support change netdev count by ethtool -L.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Li [Thu, 8 Mar 2018 11:41:53 +0000 (19:41 +0800)]
net: hns3: fix the queue id for tqp enable&&reset
Command HCLGE_OPC_CFG_COM_TQP_QUEUE should use queue id in the
function, but command HCLGE_OPC_RESET_TQP_QUEUE should use global
queue id.
This patch fixes the queue id about queue enable/disable/reset.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Li [Thu, 8 Mar 2018 11:41:52 +0000 (19:41 +0800)]
net: hns3: fix endian issue when PF get mbx message flag
This patch fixes the endian issue when PF get mbx message flag.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Li [Thu, 8 Mar 2018 11:41:51 +0000 (19:41 +0800)]
net: hns3: set the cmdq out_vld bit to 0 after used
Driver check the out_vld bit when get a new cmdq BD, if the bit is 1,
the BD is valid. driver Should set the bit 0 after used and hw will
set the bit 1 if get a valid BD.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Li [Thu, 8 Mar 2018 11:41:50 +0000 (19:41 +0800)]
net: hns3: VF should get the real rss_size instead of rss_size_max
VF driver should get the real rss_size which is assigned
by host PF, not rss_size_max.
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Arkadi Sharshevsky [Thu, 8 Mar 2018 10:52:25 +0000 (12:52 +0200)]
devlink: Change dpipe/resource get privileges
Let dpipe/resource be retrieved by unprivileged users.
Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Anders Roxell [Thu, 8 Mar 2018 10:17:23 +0000 (11:17 +0100)]
selftests/net: enable fragments for fib-onlink-tests
We miss CONFIG_* fragments so test fib-onlink-tests.sh can do:
ip li add lisa type vrf table 1101
ip li add veth1 type veth peer name veth2
And the follow message occurs if it isn't enabled:
Configuring interfaces
RTNETLINK answers: Operation not supported
This enables for NET_NRF (and friends) and VETH so we can create a vrf
table and veth.
Fixes:
153e1b84f477 ("selftests: Add FIB onlink tests")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paolo Abeni [Thu, 8 Mar 2018 09:29:30 +0000 (10:29 +0100)]
ipvlan: properly annotate rx_handler access
The rx_handler field is rcu-protected, but I forgot to use the
proper accessor while refactoring netif_is_ipvlan_port(). Such
function only check the rx_handler value, so it is safe, but we need
to properly read rx_handler via rcu_access_pointer() to avoid sparse
warnings.
Fixes:
1ec54cb44e67 ("net: unpollute priv_flags space")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Leon Romanovsky [Wed, 28 Feb 2018 09:18:13 +0000 (11:18 +0200)]
net/mlx5: Fix wrongly assigned CQ reference counter
The kernel compiled with CONFIG_REFCOUNT_FULL produces the following
error. The reason to it that initial value of refcount_t is supposed
to be more than 0, change it.
[ 3.106634] ------------[ cut here ]------------
[ 3.107756] refcount_t: increment on 0; use-after-free.
[ 3.109130] WARNING: CPU: 0 PID: 1 at lib/refcount.c:153 refcount_inc+0x27/0x30
[ 3.110085] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
4.16.0-rc1-00028-gf683e04bdccc #137
[ 3.110085] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[ 3.110085] RIP: 0010:refcount_inc+0x27/0x30
[ 3.110085] RSP: 0000:
ffffaa620000fba0 EFLAGS:
00010286
[ 3.110085] RAX:
0000000000000000 RBX:
ffff9a6d1a1821c8 RCX:
ffffffff98a50f48
[ 3.110085] RDX:
0000000000000001 RSI:
0000000000000086 RDI:
0000000000000246
[ 3.110085] RBP:
ffff9a6d1ac800a0 R08:
0000000000000289 R09:
000000000000000a
[ 3.110085] R10:
fffff03bc0682840 R11:
ffffffff9949856d R12:
ffff9a6d1b4a4000
[ 3.110085] R13:
0000000000000000 R14:
ffff9a6d1a0a6c00 R15:
ffffaa620000fc5c
[ 3.110085] FS:
0000000000000000(0000) GS:
ffff9a6d1fc00000(0000) knlGS:
0000000000000000
[ 3.110085] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 3.110085] CR2:
0000000000000000 CR3:
000000000ba0a000 CR4:
00000000000006b0
[ 3.110085] Call Trace:
[ 3.110085] mlx5_core_create_cq+0xde/0x250
[ 3.110085] ? __kmalloc+0x1ce/0x1e0
[ 3.110085] mlx5e_create_cq+0x15c/0x1e0
[ 3.110085] mlx5e_open_drop_rq+0xea/0x190
[ 3.110085] mlx5e_attach_netdev+0x53/0x140
[ 3.110085] mlx5e_attach+0x3d/0x60
[ 3.110085] mlx5e_add+0x11d/0x2f0
[ 3.110085] mlx5_add_device+0x77/0x170
[ 3.110085] mlx5_register_interface+0x74/0xc0
[ 3.110085] ? set_debug_rodata+0x11/0x11
[ 3.110085] init+0x67/0x72
[ 3.110085] ? mlx4_en_init_ptys2ethtool_map+0x346/0x346
[ 3.110085] do_one_initcall+0x98/0x147
[ 3.110085] ? set_debug_rodata+0x11/0x11
[ 3.110085] kernel_init_freeable+0x164/0x1e0
[ 3.110085] ? rest_init+0xb0/0xb0
[ 3.110085] kernel_init+0xa/0x100
[ 3.110085] ret_from_fork+0x35/0x40
[ 3.110085] Code: 00 00 00 00 e8 ab ff ff ff 84 c0 74 02 f3 c3 80 3d 3b c3 64 01 00 75 f5 48 c7 c7 68 0b 81 98 c6 05 2b c3 64 01 01 e8 79 d7 a3 ff <0f> ff c3 66 0f 1f 44 00 00 8b 06 83 f8 ff 74 39 31 c9 39 f8 89
[ 3.110085] ---[ end trace
a0068e1c68438a74 ]---
Fixes:
f105b45bf77c ("net/mlx5: CQ hold/put API")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Thu, 18 Jan 2018 14:02:17 +0000 (16:02 +0200)]
net/mlx5: IPSec, Add support for ESN
Currently ESN is not supported with IPSec device offload.
This patch adds ESN support to IPsec device offload.
Implementing new xfrm device operation to synchronize offloading device
ESN with xfrm received SN. New QP command to update SA state at the
following:
ESN 1 ESN 2 ESN 3
|-----------*-----------|-----------*-----------|-----------*
^ ^ ^ ^ ^ ^
^ - marks where QP command invoked to update the SA ESN state
machine.
| - marks the start of the ESN scope (0-2^32-1). At this point move SA
ESN overlap bit to zero and increment ESN.
* - marks the middle of the ESN scope (2^31). At this point move SA
ESN overlap bit to one.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Thu, 18 Jan 2018 14:31:55 +0000 (16:31 +0200)]
net/mlx5e: Added common function for to_ipsec_sa_entry
New function for getting driver internal sa entry from xfrm state.
All checks are done in one function.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Sun, 18 Feb 2018 13:07:20 +0000 (15:07 +0200)]
net/mlx5: Add flow-steering commands for FPGA IPSec implementation
In order to add a context to the FPGA, we need to get both the software
transform context (which includes the keys, etc) and the
source/destination IPs (which are included in the steering
rule). Therefore, we register new set of firmware like commands for
the FPGA. Each time a rule is added, the steering core infrastructure
calls the FPGA command layer. If the rule is intended for the FPGA,
it combines the IPs information with the software transformation
context and creates the respective hardware transform.
Afterwards, it calls the standard steering command layer.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Thu, 18 Jan 2018 11:05:48 +0000 (13:05 +0200)]
net/mlx5: Refactor accel IPSec code
The current code has one layer that executed FPGA commands and
the Ethernet part directly used this code. Since downstream patches
introduces support for IPSec in mlx5_ib, we need to provide some
abstractions. This patch refactors the accel code into one layer
that creates a software IPSec transformation and another one which
creates the actual hardware context.
The internal command implementation is now hidden in the FPGA
core layer. The code also adds the ability to share FPGA hardware
contexts. If two contexts are the same, only a reference count
is taken.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Wed, 17 Jan 2018 09:20:33 +0000 (11:20 +0200)]
net/mlx5: Added required metadata capability for ipsec
Currently our device requires additional metadata in packet
to perform ipsec crypto offload.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Mon, 29 Jan 2018 13:05:50 +0000 (15:05 +0200)]
net/mlx5: Export ipsec capabilities
We will need that for ipsec verbs.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Aviad Yehezkel [Tue, 16 Jan 2018 14:12:22 +0000 (16:12 +0200)]
net/mlx5: IPSec, Add command V2 support
This patch adds V2 command support.
New fpga devices support extended features (udp encap, esn etc...), this
features require new hardware sadb format therefore we have a new version
of commands to manipulate it.
Signed-off-by: Yossef Efraim <yossefe@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Yossi Kuperman [Sun, 22 Oct 2017 16:45:45 +0000 (19:45 +0300)]
net/mlx5e: IPSec, Add support for ESP trailer removal by hardware
Current hardware decrypts and authenticates incoming ESP packets.
Subsequently, the software extracts the nexthdr field, truncates the
trailer and adjusts csum accordingly.
With this patch and a capable device, the trailer is being removed
by the hardware and the nexthdr field is conveyed via PET. This way
we avoid both the need to access the trailer (cache miss) and to
compute its relative checksum, which significantly improve
the performance.
Experiment shows that trailer removal improves the performance by
2Gbps, (netperf). Both forwarding and host-to-host configurations.
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Yossi Kuperman [Sun, 22 Oct 2017 16:43:58 +0000 (19:43 +0300)]
net/mlx5: IPSec, Generalize sandbox QP commands
The current code assume only SA QP commands.
Refactor in order to pave the way for new QP commands:
1. Generic cmd response format.
2. SA cmd checks are in dedicated functions.
3. Aligned debug prints.
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Saeed Mahameed [Wed, 7 Mar 2018 23:44:48 +0000 (15:44 -0800)]
net/mlx5: Use MLX5_IPSEC_DEV macro for ipsec caps
Fix build break of mlx5_accel_ipsec_device_caps is not defined when
MLX5_ACCEL is not selected, use MLX5_IPSEC_DEV instead which handles
such case.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Reported-by: Doug Ledford <dledford@redhat.com>
Eric Dumazet [Wed, 7 Mar 2018 16:43:19 +0000 (08:43 -0800)]
ip6mr: remove synchronize_rcu() in favor of SOCK_RCU_FREE
Kirill found that recently added synchronize_rcu() call in
ip6mr_sk_done()
was slowing down netns dismantle and posted a patch to use it only if
the socket
was found.
I instead suggested to get rid of this call, and use instead
SOCK_RCU_FREE
We might later change IPv4 side to use the same technique and unify
both stacks. IPv4 does not use synchronize_rcu() but has a call_rcu()
that could be replaced by SOCK_RCU_FREE.
Tested:
time for i in {1..1000}; do unshare -n /bin/false;done
Before : real 7m18.911s
After : real 10.187s
Fixes:
8571ab479a6e ("ip6mr: Make mroute_sk rcu-based")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Yuval Mintz <yuvalm@mellanox.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 7 Mar 2018 23:05:57 +0000 (18:05 -0500)]
Merge branch 'RDS-zerocopy-code-enhancements'
Sowmini Varadhan says:
====================
RDS: zerocopy code enhancements
A couple of enhancements to the rds zerocop code
- patch 1 refactors rds_message_copy_from_user to pull the zcopy logic
into its own function
- patch 2 drops the usage sk_buff to track MSG_ZEROCOPY cookies and
uses a simple linked list (enhancement suggested by willemb during
code review)
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Sowmini Varadhan [Tue, 6 Mar 2018 15:22:34 +0000 (07:22 -0800)]
rds: use list structure to track information for zerocopy completion notification
Commit
401910db4cd4 ("rds: deliver zerocopy completion notification
with data") removes support fo r zerocopy completion notification
on the sk_error_queue, thus we no longer need to track the cookie
information in sk_buff structures.
This commit removes the struct sk_buff_head rs_zcookie_queue by
a simpler list that results in a smaller memory footprint as well
as more efficient memory_allocation time.
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sowmini Varadhan [Tue, 6 Mar 2018 15:22:33 +0000 (07:22 -0800)]
rds: refactor zcopy code into rds_message_zcopy_from_user
Move the large block of code predicated on zcopy from
rds_message_copy_from_user into a new function,
rds_message_zcopy_from_user()
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gustavo A. R. Silva [Wed, 7 Mar 2018 18:03:33 +0000 (12:03 -0600)]
cxgb3: remove VLA usage
Remove VLA usage and change the 'len' argument to a u8 and use a 256
byte buffer on the stack. Notice that these lengths are limited by the
encoding field in the VPD structure, which is a u8 [1].
[1] https://marc.info/?l=linux-netdev&m=
152044354814024&w=2
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jesus Sanchez-Palencia [Wed, 7 Mar 2018 17:40:57 +0000 (09:40 -0800)]
sock: Fix SO_ZEROCOPY switch case
Fix the SO_ZEROCOPY switch case on sock_setsockopt() avoiding the
ret values to be overwritten by the one set on the default case.
Fixes:
28190752c7092 ("sock: permit SO_ZEROCOPY on PF_RDS socket")
Signed-off-by: Jesus Sanchez-Palencia <jesus.sanchez-palencia@intel.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 7 Mar 2018 20:53:39 +0000 (15:53 -0500)]
Merge branch 'mvpp2-ucast-filter'
Maxime Chevallier says:
====================
net: mvpp2: Add Unicast filtering capabilities
This series adds unicast filtering support to the Marvell PPv2 controller.
This is implemented using the header parser cababilities of the PPv2,
which allows for generic packet filtering based on matching patterns in
the packet headers.
PPv2 controller only has 256 of these entries, and we need to share them
with other features, such as VLAN filtering.
For each interface, we have 5 entries dedicated to unicast filtering (the
controller's own address, and 4 other), and 21 to multicast filtering.
When this number is reached, the controller switches to unicast or
multicast promiscuous mode.
The first patch reworks the function that adds and removes addresses to the
filter. This is preparatory work to ease UC filter implementation.
The second patch adds the UC filtering feature.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Maxime Chevallier [Wed, 7 Mar 2018 14:18:04 +0000 (15:18 +0100)]
net: mvpp2: Add support for unicast filtering
Marvell PPv2 controller can be used to implement packet filtering based
on the destination MAC address. This is already used to implement
multicast filtering. This patch adds support for Unicast filtering.
Filtering is based on so-called "TCAM entries" to implement filtering.
Due to their limited number and the fact that these are also used for
other purposes, we reserve 80 entries for both unicast and multicast
filters. On top of the broadcast address, and each interface's own MAC
address, we reserve 25 entries per port, 4 for unicast filters, 21 for
multicast.
Whenever unicast or multicast range for one port is full, the filtering
is disabled and port goes into promiscuous mode for the given type of
addresses.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Maxime Chevallier [Wed, 7 Mar 2018 14:18:03 +0000 (15:18 +0100)]
net: mvpp2: Simplify MAC filtering function parameters
The mvpp2_prs_mac_da_accept function takes into parameter both the
struct representing the controller and the port id. This is meaningful
when we want to create TCAM entries for non-initialized ports, but in
this case we expect the port to be initialized before starting adding or
removing MAC addresses to the per-port filter.
This commit changes the function so that it takes struct mvpp2_port as
a parameter instead.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Wed, 7 Mar 2018 12:58:00 +0000 (13:58 +0100)]
selftests: forwarding: fix flags passed to first drop rule in gact_drop_and_ok_test
Fix copy&paste error and pass proper flags.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Wed, 7 Mar 2018 12:57:59 +0000 (13:57 +0100)]
selftests: forwarding: fix "ok" action test
Fix the "ok" action test so it checks that packet that is okayed does not
continue to be processed by other rules. Fix error message as well.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>