1. 23 Oct, 2018 40 commits
    • David S. Miller's avatar
      Merge branch 'netsec-fixes' · 6b7a02f7
      David S. Miller authored
      Masahisa Kojima says:
      
      ====================
      Bugfix for the netsec driver
      
      This patch series include bugfix for the netsec ethernet
      controller driver, fix the problem in interface down/up.
      
      changes in v2:
       - change the place to perform the PHY power down
       - use the MACROs defiend in include/uapi/linux/mii.h
       - update commit comment
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b7a02f7
    • Masahisa Kojima's avatar
      net: socionext: Reset tx queue in ndo_stop · 8d5b0bf6
      Masahisa Kojima authored
      We observed that packets and bytes count are not reset
      when user performs interface down. Eventually, tx queue is
      exhausted and packets will not be sent out.
      To avoid this problem, resets tx queue in ndo_stop.
      
      Fixes: 533dd11a ("net: socionext: Add Synquacer NetSec driver")
      Signed-off-by: default avatarMasahisa Kojima <masahisa.kojima@linaro.org>
      Signed-off-by: default avatarYoshitoyo Osaki <osaki.yoshitoyo@socionext.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8d5b0bf6
    • Masahisa Kojima's avatar
      net: socionext: Add dummy PHY register read in phy_write() · a3241a91
      Masahisa Kojima authored
      There is a compatibility issue between RTL8211E implemented
      in Developerbox and netsec ethernet controller IP.
      
      Our MDIO controller stops MDC clock right after the write
      access, but RTL8211E expects MDC clock must be kept toggling
      for several clock cycle with MDIO high before entering
      the IDLE state. Without keeping clock after write access,
      write access is not correctly handled and register is not
      updated.
      
      To meet this requirement, netsec driver needs to issue dummy
      read(e.g. read PHYID1(offset 0x2) register) right after write
      access, to keep MDC clock.
      
      We think this compatibility issue is a problem specific to
      our MDIO controller and RTL8211E.
      
      Fixes: 533dd11a ("net: socionext: Add Synquacer NetSec driver")
      Signed-off-by: default avatarMasahisa Kojima <masahisa.kojima@linaro.org>
      Signed-off-by: default avatarYoshitoyo Osaki <osaki.yoshitoyo@socionext.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3241a91
    • Masahisa Kojima's avatar
      net: socionext: Stop PHY before resetting netsec · 8e850f25
      Masahisa Kojima authored
      In ndo_stop, driver resets the netsec ethernet controller IP.
      When the netsec IP is reset, HW running mode turns to NRM mode
      and driver has to wait until this mode transition completes.
      
      But mode transition to NRM will not complete if the PHY is
      in normal operation state. Netsec IP requires PHY is in
      power down state when it is reset.
      
      This modification stops the PHY before resetting netsec.
      
      Together with this modification, phy_addr is stored in netsec_priv
      structure because ndev->phydev is not yet ready in ndo_init.
      
      Fixes: 533dd11a ("net: socionext: Add Synquacer NetSec driver")
      Signed-off-by: default avatarMasahisa Kojima <masahisa.kojima@linaro.org>
      Signed-off-by: default avatarYoshitoyo Osaki <osaki.yoshitoyo@socionext.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8e850f25
    • Thor Thayer's avatar
      net: stmmac: Set OWN bit for jumbo frames · 487e2e22
      Thor Thayer authored
      Ping with Jumbo packet does not reply and get a watchdog timeout
      
      [   46.059616] ------------[ cut here ]------------
      [   46.064268] NETDEV WATCHDOG: eth0 (socfpga-dwmac): transmit queue 0 timed out
      [   46.071471] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:461 dev_watchdog+0x2cc/0x2d8
      [   46.079708] Modules linked in:
      [   46.082761] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.18.0-00115-gc262be665854-dirty #264
      [   46.091082] Hardware name: SoCFPGA Stratix 10 SoCDK (DT)
      [   46.096377] pstate: 20000005 (nzCv daif -PAN -UAO)
      [   46.101152] pc : dev_watchdog+0x2cc/0x2d8
      [   46.105149] lr : dev_watchdog+0x2cc/0x2d8
      [   46.109144] sp : ffff00000800bd80
      [   46.112447] x29: ffff00000800bd80 x28: ffff80007a9b4940
      [   46.117744] x27: 00000000ffffffff x26: ffff80007aa183b0
      [   46.123040] x25: 0000000000000001 x24: 0000000000000140
      [   46.128336] x23: ffff80007aa1839c x22: ffff80007aa17fb0
      [   46.133632] x21: ffff80007aa18000 x20: ffff0000091a7000
      [   46.138927] x19: 0000000000000000 x18: ffffffffffffffff
      [   46.144223] x17: 0000000000000000 x16: 0000000000000000
      [   46.149519] x15: ffff0000091a96c8 x14: 07740775076f0720
      [   46.154814] x13: 07640765076d0769 x12: 0774072007300720
      [   46.160110] x11: 0765077507650775 x10: 0771072007740769
      [   46.165406] x9 : 076d0773076e0761 x8 : 077207740720073a
      [   46.170702] x7 : 072907630761076d x6 : ffff80007ff9a0c0
      [   46.175997] x5 : ffff80007ff9a0c0 x4 : 0000000000000002
      [   46.181293] x3 : 0000000000000000 x2 : ffff0000091ac180
      [   46.186589] x1 : e6a742ebe628e800 x0 : 0000000000000000
      [   46.191885] Call trace:
      [   46.194326]  dev_watchdog+0x2cc/0x2d8
      [   46.197980]  call_timer_fn+0x20/0x78
      [   46.201544]  expire_timers+0xa4/0xb0
      [   46.205108]  run_timer_softirq+0xe4/0x198
      [   46.209107]  __do_softirq+0x114/0x210
      [   46.212760]  irq_exit+0xd0/0xd8
      [   46.215895]  __handle_domain_irq+0x60/0xb0
      [   46.219977]  gic_handle_irq+0x58/0xa8
      [   46.223628]  el1_irq+0xb0/0x128
      [   46.226761]  arch_cpu_idle+0x10/0x18
      [   46.230326]  do_idle+0x1d4/0x288
      [   46.233544]  cpu_startup_entry+0x24/0x28
      [   46.237457]  secondary_start_kernel+0x17c/0x1c0
      [   46.241971] ---[ end trace 57048cd1372cd828 ]---
      
      Inspection of queue showed Jumbo packets were not sent out.
      The ring Jumbo packet function needs to set the OWN bit so
      the packet is sent.
      Signed-off-by: default avatarThor Thayer <thor.thayer@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      487e2e22
    • Thor Thayer's avatar
      arm64: dts: stratix10: Support Ethernet Jumbo frame · a27460c9
      Thor Thayer authored
      Properly specify the RX and TX FIFO size which is important
      for Jumbo frames.
      Update the max-frame-size to support Jumbo frames.
      Signed-off-by: default avatarThor Thayer <thor.thayer@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a27460c9
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 807192de
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree:
      
      1) rbtree lookup from control plane returns the left-hand side element
         of the range when the interval end flag is set on.
      
      2) osf extension is not supported from the input path, reject this from
         the control plane, from Fernando Fernandez Mancera.
      
      3) xt_TEE is leaving output interface unset due to a recent incorrect
         netns rework, from Taehee Yoo.
      
      4) xt_TEE allows to select an interface which does not belong to this
         netnamespace, from Taehee Yoo.
      
      5) Zero private extension area in nft_compat, just like we do in x_tables,
         otherwise we leak kernel memory to userspace.
      
      6) Missing .checkentry and .destroy entries in new DNAT extensions breaks
         it since we never load nf_conntrack dependencies, from Paolo Abeni.
      
      7) Do not remove flowtable hook from netns exit path, the netdevice handler
         already deals with this, also from Taehee Yoo.
      
      8) Only cleanup flowtable entries that reside in this netnamespace, also
         from Taehee Yoo.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      807192de
    • Dave Watson's avatar
      tls: Add maintainers · e929ceb6
      Dave Watson authored
      Add John and Daniel as additional tls co-maintainers to help review
      patches and fix syzbot reports.
      Acked-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e929ceb6
    • Ivan Khoronzhuk's avatar
      net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode · 9737cc99
      Ivan Khoronzhuk authored
      After flushing all mcast entries from the table, the ones contained in
      mc list of ndev are not restored when promisc mode is toggled off,
      because they are considered as synched with ALE, thus, in order to
      restore them after promisc mode - reset syncing info. This fix
      touches only switch mode devices, including single port boards
      like Beagle Bone.
      
      Fixes: commit 5da19489
      ("net: ethernet: ti: cpsw: fix lost of mcast packets while rx_mode update")
      Signed-off-by: default avatarIvan Khoronzhuk <ivan.khoronzhuk@linaro.org>
      Reviewed-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9737cc99
    • David S. Miller's avatar
      Merge branch 'octeontx2-af-NPC-parser-and-NIX-blocks-initialization' · 1fad1fe4
      David S. Miller authored
      Sunil Goutham says:
      
      ====================
      octeontx2-af: NPC parser and NIX blocks initialization
      
      This patchset is a continuation to earlier submitted two patch
      series to add a new driver for Marvell's OcteonTX2 SOC's
      Resource virtualization unit (RVU) admin function driver.
      
      1. octeontx2-af: Add RVU Admin Function driver
         https://www.spinics.net/lists/netdev/msg528272.html
      2. octeontx2-af: NPA and NIX blocks initialization
         https://www.spinics.net/lists/netdev/msg529163.html
      
      This patch series adds more NIX block configuration logic
      and additionally adds NPC block parser profile configuration.
      In brief below is what this series adds.
      NIX block:
      - Support for PF/VF to allocate/free transmit scheduler queues,
        maintenance and their configuration.
      - Adds support for packet replication lists, only broadcast
        packets is covered for now.
      - Defines few RSS flow algorithms for HW to distribute packets.
        This is not the hash algorithsm (i.e toeplitz or crc32), here SW
        defines what fields in packet should HW take and calculate the hash.
      - Support for PF/VF to configure VTAG strip and capture capabilities.
      - Reset NIXLF statastics.
      
      NPC block:
      This block has multiple parser engines which support packet parsing
      at multiple layers and generates a parse result which is further used
      to generate a key. Based on packet field offsets in the key, SW can
      install packet forwarding rules.
      This patch series adds
      - Initial parser profile to be programmed into parser engines.
      - Default forwarding rules to forward packets to different logical
        interfaces having a NIXLF attached.
      - Support for promiscuous and multicast modes.
      
      Changes from v1:
       1 Fixed kernel build failure when compiled with BIG_ENDIAN enabled.
         - Reported by Kbuild test robot
       2 Fixed a warning observed when kernel is built with -Wunused-but-set-variable
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1fad1fe4
    • Sunil Goutham's avatar
      octeontx2-af: Support for NIXLF's UCAST/PROMISC/ALLMULTI modes · d6f092ca
      Sunil Goutham authored
      By default NIXLF is set in UCAST mode. This patch adds a new
      mailbox message which when sent by a RVU PF changes this default
      mode. When promiscuous mode is needed, the reserved promisc entry
      for each of RVU PF is setup to match against ingress channel number
      only, so that all pkts on that channel are accepted and forwarded
      to the mode change requesting PF_FUNC's NIXLF.
      
      PROMISC and ALLMULTI modes are supported only for PFs, for VFs only
      UCAST mode is supported.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d6f092ca
    • Sunil Goutham's avatar
      octeontx2-af: Support for setting MAC address · 6f03cf10
      Sunil Goutham authored
      Added a new mailbox message for a PF/VF to set/update
      it's NIXLF's MAC address. Also updates unicast NPC
      MCAM entry with this address as matching DMAC.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6f03cf10
    • Sunil Goutham's avatar
      octeontx2-af: Support for changing RSS algorithm · cc96b0e9
      Sunil Goutham authored
      This patch adds support for a RVU PF/VF to change
      NIX Rx flowkey algorithm index in NPC RX RSS_ACTION.
      eg: a ethtool command changing RSS algorithm for a netdev
      interface would trigger this change in NPC.
      
      If PF/VF doesn't specify any MCAM entry index then default
      UCAST entry of the NIXLF attached to PF/VF will be updated
      with RSS_ACTION and flowkey index.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc96b0e9
    • Sunil Goutham's avatar
      octeontx2-af: NIX Rx flowkey configuration for RSS · 41a7aa7b
      Sunil Goutham authored
      Configure NIX RX flowkey algorithm configuration to support
      RSS (receive side scaling). Currently support for only L3/L4
      2-tuple and 4-tuple hash of IPv4/v6/TCP/UDP/SCTP is added.
      HW supports upto 32 different flowkey algorithms which SW
      can define, this patch defines 9. NPC RX ACTION has to point
      to one of these flowkey indices for RSS to work.
      
      The configuration is dependent on NPC parse result's layer
      info. So if NPC KPU profile changes suchthat LID/LTYPE values
      of above said protocols change then this configuration will
      most likely be effected.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      41a7aa7b
    • Sunil Goutham's avatar
      octeontx2-af: Install ucast and bcast pkt forwarding rules · 75900140
      Sunil Goutham authored
      Upon NIXLF_ALLOC install a unicast forwarding rule in NPC MCAM
      like below
       - Match pkt DMAC with NIXLF attached PF/VF's MAC address.
       - Ingress channel
       - Action is UCAST
       - Forward to PF_FUNC of this NIXLF
      And broadcast pkt forwarding rule as
       - Match L2B bit in MCAM search key
       - Ingress channel
       - Action is UCAST, for now, later it will be changed to MCAST.
      Only PFs can install this rule
      
      Upon NIXLF_FREE disable all MCAM entries in use by that NIXLF.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      75900140
    • Stanislaw Kardach's avatar
      octeontx2-af: Add LMAC channel info to NIXLF_ALLOC response · f5721f76
      Stanislaw Kardach authored
      Add LMAC channel info like Rx/Tx channel base and count to
      NIXLF_ALLOC mailbox message response. This info is used by
      NIXLF attached RVU PF/VF to configure SQ's default channel,
      TL3_TL2_LINKX_CFG and to install MCAM rules in NPC based
      on matching ingress channel number.
      Signed-off-by: default avatarStanislaw Kardach <skardach@marvell.com>
      Signed-off-by: default avatarTomasz Duszynski <tduszynski@marvell.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f5721f76
    • Sunil Goutham's avatar
      octeontx2-af: NPC MCAM and LDATA extract minimal configuration · fefefd99
      Sunil Goutham authored
      This patch adds some minimal configuration for NPC MCAM and
      LDATA extraction which is sufficient enough to install
      ucast/bcast/promiscuous forwarding rules. Below is the
      config done
      - LDATA extraction config to extract DMAC from pkt
        to offset 64bit in MCAM search key.
      - Set MCAM lookup keysize to 224bits
      - Set MCAM TX miss action to UCAST_DEFAULT
      - Set MCAM RX miss action to DROP
      
      Also inorder to have guaranteed space in MCAM to install
      ucast forwarding rule for each of RVU PF/VF, reserved
      one MCAM entry for each of NIXLF for ucast rule. And two
      entries for each of RVU PF. One for bcast pkt replication
      and other for promiscuous mode which allows all pkts
      received on a HW CGX/LBK channel.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fefefd99
    • Sunil Goutham's avatar
      octeontx2-af: Enable packet length and csum validation · 6b3321ba
      Sunil Goutham authored
      Config NPC layer info from KPU profile into protocol
      checker to identify outer L2/IPv4/TCP/UDP headers in a
      packet. And enable IPv4 checksum validation.
      
      L3/L4 and L4 CSUM validation will be enabled by PF/VF
      drivers by configuring NIX_AF_LF(0..127)_RX_CFG via mbox
      i.e 'nix_lf_alloc_req->rx_cfg'
      
      Also enable setting of NPC_RESULT_S[L2B] when an outer
      L2 broadcast address is detected. This will help in
      installing NPC MCAM rules for broadcast packets.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b3321ba
    • Vamsi Attunuru's avatar
      octeontx2-af: Support for VTAG strip and capture · d02913d9
      Vamsi Attunuru authored
      Added support for PF/VF drivers to configure NIX to
      capture and/or strip VLAN tag from ingress packets.
      Signed-off-by: default avatarVamsi Attunuru <vamsi.attunuru@marvell.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d02913d9
    • Sunil Goutham's avatar
      octeontx2-af: Update bcast list upon NIXLF alloc/free · 4b05528e
      Sunil Goutham authored
      Upon NIXLF ALLOC/FREE, add or remove corresponding PF_FUNC from
      the broadcast packet replication list of the CGX LMAC mapped
      RVU PF.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4b05528e
    • Sunil Goutham's avatar
      octeontx2-af: Broadcast packet replication support · 52d3d327
      Sunil Goutham authored
      Allocate memory for mcast/bcast/mirror replication entry
      contexts, replication buffers (used by HW) and config HW
      with corresponding memory bases. Added support for installing
      MCEs via NIX AQ mbox.
      
      For now support is restricted to broadcast pkt replication,
      hence MCE table size and number of replication buffers
      allocated are less. Each CGX LMAC mapped RVU PF is assigned
      a MCE table of size 'num VFs of that PF + PF'.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52d3d327
    • Geetha sowjanya's avatar
      octeontx2-af: Config pkind for CGX mapped PFs · 94d942c5
      Geetha sowjanya authored
      For each CGX LMAC that is mapped to a RVU PF, allocate
      a pkind and config the same in CGX. For a received packet
      at CGX LMAC interface this pkind is used by NPC block
      to start parsing of packet.
      Signed-off-by: default avatarGeetha sowjanya <gakula@marvell.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      94d942c5
    • Sunil Goutham's avatar
      octeontx2-af: Config NPC KPU engines with parser profile · 23923ea4
      Sunil Goutham authored
      This patch configures all 16 KPUs and iKPU (pkinds) with
      the KPU parser profile defined in npc_profile.h. Each KPU
      engine has a 128 entry CAM, only CAM entries which are listed
      in the profile are enabled and rest are left disabled.
      
      Also
      - Memory is allocated for pkind's bitmap and PFFUNC, interface
        channel mapping.
      - Added all CSR offsets of NPC HW block.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      23923ea4
    • Hao Zheng's avatar
      octeontx2-af: Add NPC KPU profile · 21e6699e
      Hao Zheng authored
      NPC block is responsible for parsing and forwarding
      packets to different NIXLFs. NPC has 16 KPU engines
      (Kangaroo parse engine) and one iKPU which represents
      pkinds. Each physical port either CGX/LBK is assigned
      a pkind and upon receiving a packet HW takes that port's
      pkind and starts parsing as per the KPU engines config.
      
      This patch adds header files which contain configuration
      profile/array for each of the iKPU and 16 KPU engines.
      Signed-off-by: default avatarHao Zheng <hao.zheng@marvell.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      21e6699e
    • Vamsi Attunuru's avatar
      octeontx2-af: Reset NIXLF's Rx/Tx stats · 42349661
      Vamsi Attunuru authored
      This patch adds a new mailbox message to reset
      a NIXLF's receive and transmit HW stats.
      Signed-off-by: default avatarVamsi Attunuru <vamsi.attunuru@marvell.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      42349661
    • Sunil Goutham's avatar
      octeontx2-af: NIX Tx scheduler queue config support · b279bbb3
      Sunil Goutham authored
      This patch adds support for a PF/VF driver to configure
      NIX transmit scheduler queues via mbox. Since PF/VF doesn't
      know the absolute HW index of the NIXLF attached to it, AF
      traps the register config and overwrites with the correct
      NIXLF index.
      
      HW supports shaping, colouring and policing of packets with
      these multilevel traffic scheduler queues. Instead of
      introducing different mbox message formats for different
      configurations and making both AF & PF/VF driver implementation
      cumbersome, access to the scheduler queue's CSRs is provided
      via mbox. AF checks whether the sender PF/VF has the
      corresponding queue allocated or not and dumps the config
      to HW. With a single mbox msg 20 registers can be configured.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b279bbb3
    • Sunil Goutham's avatar
      octeontx2-af: NIX Tx scheduler queues alloc/free · a3e7121c
      Sunil Goutham authored
      Added support for a PF/VF to allocate or free NIX transmit
      scheduler queues via mbox. For setting up pkt transmission
      priorities between queues, the scheduler queues have to be
      contiguous w.r.t their HW indices. So both contiguous and
      non-contiguous allocations are supported.
      
      Upon receiving NIX_TXSCH_FREE mbox msg all scheduler queues
      allocated to sending PFFUNC (PF/VF) will be freed. Selective
      free is not supported.
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarNithin Dabilpuram <ndabilpuram@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3e7121c
    • Eric Dumazet's avatar
      llc: do not use sk_eat_skb() · 604d415e
      Eric Dumazet authored
      syzkaller triggered a use-after-free [1], caused by a combination of
      skb_get() in llc_conn_state_process() and usage of sk_eat_skb()
      
      sk_eat_skb() is assuming the skb about to be freed is only used by
      the current thread. TCP/DCCP stacks enforce this because current
      thread holds the socket lock.
      
      llc_conn_state_process() wants to make sure skb does not disappear,
      and holds a reference on the skb it manipulates. But as soon as this
      skb is added to socket receive queue, another thread can consume it.
      
      This means that llc must use regular skb_unlink() and kfree_skb()
      so that both producer and consumer can safely work on the same skb.
      
      [1]
      BUG: KASAN: use-after-free in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
      BUG: KASAN: use-after-free in refcount_read include/linux/refcount.h:43 [inline]
      BUG: KASAN: use-after-free in skb_unref include/linux/skbuff.h:967 [inline]
      BUG: KASAN: use-after-free in kfree_skb+0xb7/0x580 net/core/skbuff.c:655
      Read of size 4 at addr ffff8801d1f6fba4 by task ksoftirqd/1/18
      
      CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc8+ #295
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x1c4/0x2b6 lib/dump_stack.c:113
       print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
       kasan_report_error mm/kasan/report.c:354 [inline]
       kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
       check_memory_region_inline mm/kasan/kasan.c:260 [inline]
       check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
       kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272
       atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
       refcount_read include/linux/refcount.h:43 [inline]
       skb_unref include/linux/skbuff.h:967 [inline]
       kfree_skb+0xb7/0x580 net/core/skbuff.c:655
       llc_sap_state_process+0x9b/0x550 net/llc/llc_sap.c:224
       llc_sap_rcv+0x156/0x1f0 net/llc/llc_sap.c:297
       llc_sap_handler+0x65e/0xf80 net/llc/llc_sap.c:438
       llc_rcv+0x79e/0xe20 net/llc/llc_input.c:208
       __netif_receive_skb_one_core+0x14d/0x200 net/core/dev.c:4913
       __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5023
       process_backlog+0x218/0x6f0 net/core/dev.c:5829
       napi_poll net/core/dev.c:6249 [inline]
       net_rx_action+0x7c5/0x1950 net/core/dev.c:6315
       __do_softirq+0x30c/0xb03 kernel/softirq.c:292
       run_ksoftirqd+0x94/0x100 kernel/softirq.c:653
       smpboot_thread_fn+0x68b/0xa00 kernel/smpboot.c:164
       kthread+0x35a/0x420 kernel/kthread.c:246
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
      
      Allocated by task 18:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:448
       set_track mm/kasan/kasan.c:460 [inline]
       kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
       kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490
       kmem_cache_alloc_node+0x144/0x730 mm/slab.c:3644
       __alloc_skb+0x119/0x770 net/core/skbuff.c:193
       alloc_skb include/linux/skbuff.h:995 [inline]
       llc_alloc_frame+0xbc/0x370 net/llc/llc_sap.c:54
       llc_station_ac_send_xid_r net/llc/llc_station.c:52 [inline]
       llc_station_rcv+0x1dc/0x1420 net/llc/llc_station.c:111
       llc_rcv+0xc32/0xe20 net/llc/llc_input.c:220
       __netif_receive_skb_one_core+0x14d/0x200 net/core/dev.c:4913
       __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5023
       process_backlog+0x218/0x6f0 net/core/dev.c:5829
       napi_poll net/core/dev.c:6249 [inline]
       net_rx_action+0x7c5/0x1950 net/core/dev.c:6315
       __do_softirq+0x30c/0xb03 kernel/softirq.c:292
      
      Freed by task 16383:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:448
       set_track mm/kasan/kasan.c:460 [inline]
       __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521
       kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
       __cache_free mm/slab.c:3498 [inline]
       kmem_cache_free+0x83/0x290 mm/slab.c:3756
       kfree_skbmem+0x154/0x230 net/core/skbuff.c:582
       __kfree_skb+0x1d/0x20 net/core/skbuff.c:642
       sk_eat_skb include/net/sock.h:2366 [inline]
       llc_ui_recvmsg+0xec2/0x1610 net/llc/af_llc.c:882
       sock_recvmsg_nosec net/socket.c:794 [inline]
       sock_recvmsg+0xd0/0x110 net/socket.c:801
       ___sys_recvmsg+0x2b6/0x680 net/socket.c:2278
       __sys_recvmmsg+0x303/0xb90 net/socket.c:2390
       do_sys_recvmmsg+0x181/0x1a0 net/socket.c:2466
       __do_sys_recvmmsg net/socket.c:2484 [inline]
       __se_sys_recvmmsg net/socket.c:2480 [inline]
       __x64_sys_recvmmsg+0xbe/0x150 net/socket.c:2480
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      The buggy address belongs to the object at ffff8801d1f6fac0
       which belongs to the cache skbuff_head_cache of size 232
      The buggy address is located 228 bytes inside of
       232-byte region [ffff8801d1f6fac0, ffff8801d1f6fba8)
      The buggy address belongs to the page:
      page:ffffea000747dbc0 count:1 mapcount:0 mapping:ffff8801d9be7680 index:0xffff8801d1f6fe80
      flags: 0x2fffc0000000100(slab)
      raw: 02fffc0000000100 ffffea0007346e88 ffffea000705b108 ffff8801d9be7680
      raw: ffff8801d1f6fe80 ffff8801d1f6f0c0 000000010000000b 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff8801d1f6fa80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
       ffff8801d1f6fb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      >ffff8801d1f6fb80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
                                     ^
       ffff8801d1f6fc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff8801d1f6fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      604d415e
    • Mathias Thore's avatar
      net/wan/fsl_ucc_hdlc: error counters · ba59d570
      Mathias Thore authored
      Extract error information from rx and tx buffer descriptors,
      and update error counters.
      Signed-off-by: default avatarMathias Thore <mathias.thore@infinera.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba59d570
    • Wolfram Sang's avatar
      net: dsa: legacy: simplify getting .driver_data · 2af1ccd5
      Wolfram Sang authored
      We should get 'driver_data' from 'struct device' directly. Going via
      platform_device is an unneeded step back and forth.
      Signed-off-by: default avatarWolfram Sang <wsa+renesas@sang-engineering.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2af1ccd5
    • Wolfram Sang's avatar
      ptp: ptp_dte: simplify getting .driver_data · c0bfdae0
      Wolfram Sang authored
      We should get 'driver_data' from 'struct device' directly. Going via
      platform_device is an unneeded step back and forth.
      Signed-off-by: default avatarWolfram Sang <wsa+renesas@sang-engineering.com>
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0bfdae0
    • Arthur Kiyanovski's avatar
      net: ena: fix compilation error in xtensa architecture · 00f17a82
      Arthur Kiyanovski authored
      linux/prefetch.h is never explicitly included in ena_com, although
      functions from it, such as prefetchw(), are used throughout ena_com.
      This is an inclusion bug, and we fix it here by explicitly including
      linux/prefetch.h. The bug was exposed when the driver was compiled
      for the xtensa architecture.
      
      Fixes: 689b2bda ("net: ena: add functions for handling Low Latency Queues in ena_com")
      Fixes: 8c590f97 ("ena: Fix Kconfig dependency on X86")
      Signed-off-by: default avatarArthur Kiyanovski <akiyano@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00f17a82
    • Vito Caputo's avatar
      af_unix.h: trivial whitespace cleanup · 424c22fb
      Vito Caputo authored
      Replace spurious spaces with a tab and remove superfluous tab from
      unix_sock struct.
      Signed-off-by: default avatarVito Caputo <vcaputo@pengaru.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      424c22fb
    • Dan Carpenter's avatar
      net/mlx5: Allocate enough space for the FDB sub-namespaces · cc3a4cd3
      Dan Carpenter authored
      FDB_MAX_CHAIN is three.  We wanted to allocate enough memory to hold four
      structs but there are missing parentheses so we only allocate enough
      memory for three structs and the first byte of the fourth one.
      
      Fixes: 328edb49 ("net/mlx5: Split FDB fast path prio to multiple namespaces")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Reviewed-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc3a4cd3
    • David S. Miller's avatar
      Merge branch 'forbid-goto_chain-fallback' · ec7f0ee2
      David S. Miller authored
      Davide Caratti says:
      
      ====================
      net/sched: forbid 'goto_chain' on fallback actions
      
      the following command:
      
       # tc actions add action police rate 1mbit burst 1k conform-exceed \
       > pass / goto chain 42
      
      generates a NULL pointer dereference when packets exceed the configured
      rate. Similarly, the following command:
      
       # tc actions add action pass random determ goto chain 42 2
      
      makes the kernel crash with NULL dereference when the first packet does
      not match the 'pass' action.
      
      gact and police allow users to specify a fallback control action, that is
      stored in the action private data. 'goto chain x' never worked for these
      cases, since a->goto_chain handle was never initialized. There is only one
      goto_chain handle per TC action, and it is designed to be non-NULL only if
      tcf_action contains a 'goto chain' command. So, let's forbid 'goto chain'
      on fallback actions.
      
      Patch 1/4 and 2/4 change the .init() functions of police and gact, to let
      them return an error when users try to set 'goto chain x' in the fallback
      action. Patch 3/4 and 4/4 add TDC selftest coverage to this new behavior.
      ====================
      Acked-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec7f0ee2
    • Davide Caratti's avatar
      tc-tests: test denial of 'goto chain' for exceed traffic in police.json · 246e886d
      Davide Caratti authored
      add test to verify if act_police forbids 'goto chain' control actions for
      'exceed' traffic.
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      246e886d
    • Davide Caratti's avatar
      tc-tests: test denial of 'goto chain' on 'random' traffic in gact.json · 88c2e3b4
      Davide Caratti authored
      add test to verify if act_gact forbids 'goto chain' control actions on
      'random' traffic in gact.json.
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      88c2e3b4
    • Davide Caratti's avatar
      net/sched: act_police: disallow 'goto chain' on fallback control action · c08f5ed5
      Davide Caratti authored
      in the following command:
      
       # tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2>
      
      'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
      crash with NULL pointer dereference, since TC core doesn't initialize the
      chain handle.
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c08f5ed5
    • Davide Caratti's avatar
      net/sched: act_gact: disallow 'goto chain' on fallback control action · 9469f375
      Davide Caratti authored
      in the following command:
      
       # tc action add action <c1> random <rand_type> <c2> <rand_param>
      
      'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
      crash with NULL pointer dereference, since TC core doesn't initialize the
      chain handle.
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9469f375
    • Andrew Lunn's avatar
      net: phy: phy_support_sym_pause: Clear Asym Pause · 92c9d562
      Andrew Lunn authored
      When indicating the MAC supports Symmetric Pause, clear the Asymmetric
      Pause bit, which could of been already set is the PHY supports it.
      Reported-by: default avatarLabbe Corentin <clabbe@baylibre.com>
      Fixes: c306ad36 ("net: ethernet: Add helper for MACs which support pause")
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Tested-by: default avatarCorentin Labbe <clabbe@baylibre.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      92c9d562