- 22 Jun, 2020 15 commits
-
-
David S. Miller authored
Jarod Wilson says: ==================== bonding: initial support for hardware crypto offload This is an initial functional implementation for doing pass-through of hardware encryption from bonding device to capable slaves, in active-backup bond setups. This was developed and tested using ixgbe-driven Intel x520 interfaces with libreswan and a transport mode connection, primarily using netperf, with assorted connection failures forced during transmission. The failover works quite well in my testing, and overall performance is right on par with offload when running on a bare interface, no bond involved. Caveats: this is ONLY enabled for active-backup, because I'm not sure how one would manage multiple offload handles for different devices all running at the same time in the same xfrm, and it relies on some minor changes to both the xfrm code and slave device driver code to get things to behave, and I don't have immediate access to any other hardware that could function similarly, but the NIC driver changes are minimal and straight-forward enough that I've included what I think ought to be enough for mlx5 devices too. v2: reordered patches, switched (back) to using CONFIG_XFRM_OFFLOAD to wrap the code additions and wrapped overlooked additions. v3: rebase w/net-next open, add proper cc list to cover letter ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
Jarod Wilson authored
Currently, this support is limited to active-backup mode, as I'm not sure about the feasilibity of mapping an xfrm_state's offload handle to multiple hardware devices simultaneously, and we rely on being able to pass some hints to both the xfrm and NIC driver about whether or not they're operating on a slave device. I've tested this atop an Intel x520 device (ixgbe) using libreswan in transport mode, succesfully achieving ~4.3Gbps throughput with netperf (more or less identical to throughput on a bare NIC in this system), as well as successful failover and recovery mid-netperf. v2: just use CONFIG_XFRM_OFFLOAD for wrapping, isolate more code with it CC: Jay Vosburgh <j.vosburgh@gmail.com> CC: Veaceslav Falico <vfalico@gmail.com> CC: Andy Gospodarek <andy@greyhouse.net> CC: "David S. Miller" <davem@davemloft.net> CC: Jeff Kirsher <jeffrey.t.kirsher@intel.com> CC: Jakub Kicinski <kuba@kernel.org> CC: Steffen Klassert <steffen.klassert@secunet.com> CC: Herbert Xu <herbert@gondor.apana.org.au> CC: netdev@vger.kernel.org CC: intel-wired-lan@lists.osuosl.org Signed-off-by:
Jarod Wilson <jarod@redhat.com> Signed-off-by:
-
Jarod Wilson authored
I've been unable to get my hands on suitable supported hardware to date, but I believe this ought to be all that is needed to enable the mlx5 driver to also work with bonding active-backup crypto offload passthru. CC: Boris Pismenny <borisp@mellanox.com> CC: Saeed Mahameed <saeedm@mellanox.com> CC: Leon Romanovsky <leon@kernel.org> CC: Jay Vosburgh <j.vosburgh@gmail.com> CC: Veaceslav Falico <vfalico@gmail.com> CC: Andy Gospodarek <andy@greyhouse.net> CC: "David S. Miller" <davem@davemloft.net> CC: Jeff Kirsher <jeffrey.t.kirsher@intel.com> CC: Jakub Kicinski <kuba@kernel.org> CC: Steffen Klassert <steffen.klassert@secunet.com> CC: Herbert Xu <herbert@gondor.apana.org.au> CC: netdev@vger.kernel.org Signed-off-by:
-
Jarod Wilson authored
Slave devices in a bond doing hardware encryption also need to be aware that they're slaves, so we operate on the slave instead of the bonding master to do the actual hardware encryption offload bits. CC: Jay Vosburgh <j.vosburgh@gmail.com> CC: Veaceslav Falico <vfalico@gmail.com> CC: Andy Gospodarek <andy@greyhouse.net> CC: "David S. Miller" <davem@davemloft.net> CC: Jeff Kirsher <jeffrey.t.kirsher@intel.com> CC: Jakub Kicinski <kuba@kernel.org> CC: Steffen Klassert <steffen.klassert@secunet.com> CC: Herbert Xu <herbert@gondor.apana.org.au> CC: netdev@vger.kernel.org CC: intel-wired-lan@lists.osuosl.org Acked-by:
Jeff Kirsher <Jeffrey.t.kirsher@intel.com> Signed-off-by:
-
Jarod Wilson authored
This is prep work for initial support of bonding hardware encryption pass-through support. The bonding driver will fill in the slave_dev pointer, and we use that to know not to skb_push() again on a given skb that was already processed on the bond device. CC: Jay Vosburgh <j.vosburgh@gmail.com> CC: Veaceslav Falico <vfalico@gmail.com> CC: Andy Gospodarek <andy@greyhouse.net> CC: "David S. Miller" <davem@davemloft.net> CC: Jeff Kirsher <jeffrey.t.kirsher@intel.com> CC: Jakub Kicinski <kuba@kernel.org> CC: Steffen Klassert <steffen.klassert@secunet.com> CC: Herbert Xu <herbert@gondor.apana.org.au> CC: netdev@vger.kernel.org CC: intel-wired-lan@lists.osuosl.org Signed-off-by:
-
David S. Miller authored
Parav Pandit says: ==================== devlink: Support get,set mac address of a port function Currently, ip link set dev <pfndev> vf <vf_num> <param> <value> has below few limitations. 1. Command is limited to set VF parameters only. It cannot set the default MAC address for the PCI PF. 2. It can be set only on system where PCI SR-IOV capability exists. In smartnic based system, eswitch of a NIC resides on a different embedded cpu which has the VF and PF representors for the SR-IOV functions of a host system in which this smartnic is plugged-in. 3. It cannot setup the function attributes of sub-function described in detail in comprehensive RFC [1] and [2]. This series covers the first small part to let user query and set MAC address (hardware address) of a PCI PF/VF which is represented by devlink port pcipf, pcivf port flavours respectively. Whenever a devlink port manages a function connected to a devlink port, it allows to query and set its hardware address. Driver implements necessary get/set callback functions if it supports port function for a given port type. Patch summary: Patch-1 Prepares devlink port fill routines for extack Patch-2 and 3 extended devlink interface to get/set port function attributes, mainly hardware address to start with. Patch-2 Extended port dump command to query port function hardware address Patch-3 Introduces a command to set the hardware address of a port function Patch-4 to 9 refactors and implement devlink callbacks in mlx5_core driver. Patch-4 Constify the mac address pointer in set routines Patch-5 Introduces eswich check helper to use in devlink facing callbacks Patch-6 Moves port index, port number conversion routine to eswitch header file Patch-7 Implements port function query devlink callback Patch-8 Refactors mac address setting routine to uniformly use state_lock Patch-9 Implements port function set devlink callback [1] https://lore.kernel.org/netdev/20200519092258.GF4655@nanopsycho/ [2] https://marc.info/?l=linux-netdev&m=158555928517777&w=2 ==================== Signed-off-by:
-
Parav Pandit authored
Enable user to set mac address of the PCI PF and VF port function. Signed-off-by:
Parav Pandit <parav@mellanox.com> Reviewed-by:
Roi Dayan <roid@mellanox.com> Acked-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
Parav Pandit authored
Refactor mac address setting function to let caller hold the necessary state_lock mutex, so that subsequent patch and use this helper routine. Signed-off-by:
-
Parav Pandit authored
Support querying mac address of the eswitch devlink port function. Signed-off-by:
-
Parav Pandit authored
To use port number to port index conversion at eswitch level, move it to eswitch header. Signed-off-by:
-
Parav Pandit authored
Introduce an helper routine to get esw from a devlink device and use it at eswitch callbacks and in subsequent patch. Signed-off-by:
-
Parav Pandit authored
Since none of the functions need to modify the input mac address, constify them. Signed-off-by:
-
Parav Pandit authored
PCI PF and VF devlink port can manage the function represented by a devlink port. Allow users to set port function's hardware address. Example of a PCI VF port which supports a port function: $ devlink port show pci/0000:06:00.0/2 pci/0000:06:00.0/2: type eth netdev enp6s0pf0vf1 flavour pcivf pfnum 0 vfnum 1 function: hw_addr 00:00:00:00:00:00 $ devlink port function set pci/0000:06:00.0/2 hw_addr 00:11:22:33:44:55 $ devlink port show pci/0000:06:00.0/2 pci/0000:06:00.0/2: type eth netdev enp6s0pf0vf1 flavour pcivf pfnum 0 vfnum 1 function: hw_addr 00:11:22:33:44:55 Signed-off-by: -
Parav Pandit authored
PCI PF and VF devlink port can manage the function represented by a devlink port. Enable users to query port function's hardware address. Example of a PCI VF port which supports a port function: $ devlink port show pci/0000:06:00.0/2 pci/0000:06:00.0/2: type eth netdev enp6s0pf0vf1 flavour pcivf pfnum 0 vfnum 1 function: hw_addr 00:11:22:33:44:66 $ devlink port show pci/0000:06:00.0/2 -jp { "port": { "pci/0000:06:00.0/2": { "type": "eth", "netdev": "enp6s0pf0vf1", "flavour": "pcivf", "pfnum": 0, "vfnum": 1, "function": { "hw_addr": "00:11:22:33:44:66" } } } } Signed-off-by: -
Parav Pandit authored
Prepare devlink port related functions to optionally fill up the extack information which will be used in subsequent patch by port function attribute(s). Signed-off-by:
-
- 21 Jun, 2020 25 commits
-
-
David S. Miller authored
Russell King says: ==================== Marvell mvpp2 improvements This series primarily cleans up mvpp2, but also fixes a left-over from 91a208f2 ("net: phylink: propagate resolved link config via mac_link_up()"). Patch 1 introduces some port helpers: mvpp2_port_supports_xlg() - does the port support the XLG MAC mvpp2_port_supports_rgmii() - does the port support RGMII modes Patch 2 introduces mvpp2_phylink_to_port(), rather than having repeated open coding of container_of(). Patch 3 introduces mvpp2_modify(), which reads-modifies-writes a register - I've converted the phylink specific code to use this helper. Patch 4 moves the hardware control of the pause modes from mvpp2_xlg_config() (which is called via the phylink_config method) to mvpp2_mac_link_up() - a change that was missed in the above referenced commit. v2: remove "inline" in patch 2. ==================== Signed-off-by:
-
Russell King authored
Set the flow control settings in mvpp2_mac_link_up() for 10G links just as we do for 1G and slower links. This is now the preferred location. Signed-off-by:
Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by:
-
Russell King authored
Add a helper to read-modify-write a register, and use it in the phylink helpers. Signed-off-by:
-
Russell King authored
Add a helper to convert the struct phylink_config pointer passed in from phylink to the drivers internal struct mvpp2_port. Signed-off-by:
-
Russell King authored
The mvpp2 code has tests scattered amongst the code to determine whether the port supports the XLG, and whether the port supports RGMII mode. Rather than having these tests scattered, provide a couple of helper functions, so that future additions can ensure that they get these tests correct. Signed-off-by:
-
Gaurav Singh authored
Remove the redundant null check for skb. Signed-off-by:
Gaurav Singh <gaurav1086@gmail.com> Signed-off-by:
-
David S. Miller authored
Eric Dumazet says: ==================== tcp: remove two indirect calls from xmit path __tcp_transmit_skb() does two indirect calls per packet, lets get rid of them. ==================== Signed-off-by: -
Eric Dumazet authored
Mitigate RETPOLINE costs in __tcp_transmit_skb() by using INDIRECT_CALL_INET() wrapper. Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
Eric Dumazet authored
Mitigate RETPOLINE costs in __tcp_transmit_skb() by using INDIRECT_CALL_INET() wrapper. Signed-off-by:
-
Tao Ren authored
Replace assignment "=" with OR "|=" for "phy->dev_flags" so "dev_flags" configured in phy probe() function can be preserved. The idea is similar to commit e7312efb ("net: phy: modify assignment to OR for dev_flags in phy_attach_direct"). Signed-off-by:
Tao Ren <rentao.bupt@gmail.com> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Signed-off-by:
-
Amritha Nambiar authored
This will be useful to allow busy poll for tunneled traffic. In case of busy poll for sessions over tunnels, the underlying physical device's queues need to be polled. Tunnels schedule NAPI either via netif_rx() for backlog queue or schedule the gro_cell_poll(). netif_rx() propagates the valid skb->napi_id to the socket. OTOH, gro_cell_poll() stamps the skb->napi_id again by calling skb_mark_napi_id() with the tunnel NAPI which is not a busy poll candidate. This was preventing tunneled traffic to use busy poll. A valid NAPI ID in the skb indicates it was already marked for busy poll by a NAPI driver and hence needs to be copied into the socket. Signed-off-by:
Amritha Nambiar <amritha.nambiar@intel.com> Reviewed-by:
-
Gaurav Singh authored
parent cannot be NULL here since its in the else part of the if (parent == NULL) condition. Remove the extra check on parent pointer. Signed-off-by:
-
David S. Miller authored
Vladimir Oltean says: ==================== Ocelot/Felix driver cleanup Some of the code in the mscc felix and ocelot drivers was added while in a bit of a hurry. Let's take a moment and put things in relative order. First 3 patches are sparse warning fixes. Patches 4-9 perform some further splitting between mscc_felix, mscc_ocelot, and the common hardware library they share. Meaning that some code is being moved from the library into just the mscc_ocelot module. Patches 10-12 refactor the naming conventions in the existing VCAP code (for tc-flower offload), since we're going to be adding some more code for VCAP IS1 (previous tentatives already submitted here: https://patchwork.ozlabs.org/project/netdev/cover/20200602051828.5734-1-xiaoliang.yang_1@nxp.com/), and that code would be confusing to read and maintain using current naming conventions. No functional modification is intended. I checked that the VCAP IS2 code still works by applying a tc ingress filter with an EtherType key and 'drop' action. ==================== Signed-off-by:
-
Vladimir Oltean authored
Remove the function prototypes from ocelot_police.h and make these functions static. We need to move them above their callers. Note that moving the implementations to ocelot_police.c is not trivially possible due to dependency on is2_entry_set() which is static to ocelot_vcap.c. Signed-off-by:
Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by:
-
Vladimir Oltean authored
Access Control Lists (and their respective Access Control Entries) are specifically entries in the VCAP IS2, the security enforcement block, according to the documentation. Let's rename the structures and functions to something more generic, so that VCAP IS1 structures (which would otherwise have to be called Ingress Classification Entries) can reuse the same code without confusion. Some renaming that was done: struct ocelot_ace_rule -> struct ocelot_vcap_filter struct ocelot_acl_block -> struct ocelot_vcap_block enum ocelot_ace_type -> enum ocelot_vcap_key_type struct ocelot_ace_vlan -> struct ocelot_vcap_key_vlan enum ocelot_ace_action -> enum ocelot_vcap_action struct ocelot_ace_stats -> struct ocelot_vcap_stats enum ocelot_ace_type -> enum ocelot_vcap_key_type struct ocelot_ace_frame_* -> struct ocelot_vcap_key_* No functional change is intended. Signed-off-by:
-
Vladimir Oltean authored
Access Control Lists (and their respective Access Control Entries) are specifically entries in the VCAP IS2, the security enforcement block, according to the documentation. Let's rename the files that deal with generic operations on the VCAP TCAM, so that VCAP IS1 and ES0 can reuse the same code without confusion. Signed-off-by:
-
Vladimir Oltean authored
The ocelot hardware library shouldn't contain too much net_device specific code, since it is shared with DSA which abstracts that structure away. So much as much of this code as possible into the mscc_ocelot driver and outside of the common library. We're making an exception for MDB and LAG code. That is not yet exported to DSA, but when it will, most of the code that's already in ocelot.c will remain there. So, there's no point in moving code to ocelot_net.c just to move it back later. We could have moved all net_device code to ocelot_vsc7514.c directly, but let's operate under the assumption that if a new switchdev ocelot driver gets added, it'll define its SoC-specific stuff in a new ocelot_vsc*.c file and it'll reuse the rest of the code. Signed-off-by:
-
Vladimir Oltean authored
ocelot_regs.c actually shouldn't be part of the common library. It describes the register map of the VSC7514 switch. The way ocelot switches work, they'll have highly optimized register maps, so another SoC will likely have the same registers but laid out completely different in memory (so there's little room for reusing this structure). So move it to ocelot_vsc7514.c instead. Signed-off-by:
-
Vladimir Oltean authored
Putting 'ocelot' in the config's name twice just to say that 'it's the ocelot driver running on the ocelot SoC' is a bit confusing. Instead, it's just the ocelot driver. Now that we've renamed the previous symbol that was holding the MSCC_OCELOT_SWITCH_OCELOT into *_LIB (because that's what it is), we're free to use this name for the driver. Signed-off-by:
-
Vladimir Oltean authored
Hide the CONFIG_MSCC_OCELOT_SWITCH option from users. It is meant to be only a hardware library which is selected by the drivers that use it (ocelot, felix). Since it is "selected" from Kconfig, all its dependencies are manually transferred to the driver that selects it. This is because "select" in Kconfig language is a bit of a mess, and doesn't handle dependencies of selected options quite right. Signed-off-by:
-
Vladimir Oltean authored
mscc_ocelot is a slightly better name for a module than ocelot_board or ocelot_vsc7514 is, so let's use that. Signed-off-by:
-
Vladimir Oltean authored
To follow the model of felix and seville where we have one platform-specific file, rename this file to the actual SoC it serves. Signed-off-by:
-
Vladimir Oltean authored
Get rid of sparse "cast to restricted __be16" warnings. Signed-off-by:
-
Vladimir Oltean authored
sparse is rightfully complaining about the fact that: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] 26 | __builtin_constant_p((l) > (h)), (l) > (h), 0))) | ^ note: in expansion of macro ‘GENMASK_INPUT_CHECK’ 39 | (GENMASK_INPUT_CHECK(h, l) + __GENMASK(h, l)) | ^~~~~~~~~~~~~~~~~~~ note: in expansion of macro ‘GENMASK’ 127 | mask = GENMASK(width, 0); | ^~~~~~~ So replace the variables that go into GENMASK with plain, signed integer types. Signed-off-by: -
Vladimir Oltean authored
Get rid of some sparse warnings. Signed-off-by:
-
