- 14 Jan, 2020 29 commits
-
-
David S. Miller authored
Antoine Tenart says: ==================== net: macsec: initial support for hardware offloading This series intends to add support for offloading MACsec transformations to hardware enabled devices. The series adds the necessary infrastructure for offloading MACsec configurations to hardware drivers, in patches 1 to 5; then introduces MACsec offloading support in the Microsemi MSCC PHY driver, in patches 6 to 10. The series can also be found at: https://github.com/atenart/linux/tree/net-next/macsec IProute2 modifications can be found at: https://github.com/atenart/iproute2/tree/macsec MACsec hardware offloading infrastructure ----------------------------------------- Linux has a software implementation of the MACsec standard. There are hardware engines supporting MACsec operations, such as the Intel ixgbe NIC and some Microsemi PHYs (the one we use in this series). This means the MACsec offloading infrastructure should support networking PHY and MAC drivers. Note that MAC driver preliminary support is part of this series, but should not be merged before we actually have a provider for this. We do intend in this series to re-use the logic, netlink API and data structures of the existing MACsec software implementation. This allows not to duplicate definitions and structure storing the same information; as well as using the same userspace tools to configure both software or hardware offloaded MACsec flows (with `ip macsec`). When adding a new MACsec virtual interface the existing logic is kept: offloading is disabled by default. A user driven configuration choice is needed to switch to offloading mode (a patch in iproute2 is needed for this). A single MACsec interface can be offloaded for now, and some limitations are there: no flow can be moved from one implementation to the other so the decision needs to be done before configuring the interface. MACsec offloading ops are called in 2 steps: a preparation one, and a commit one. The first step is allowed to fail and should be used to check if a provided configuration is compatible with a given MACsec capable hardware. The second step is not allowed to fail and should only be used to enable a given MACsec configuration. A limitation as of now is the counters and statistics are not reported back from the hardware to the software MACsec implementation. This isn't an issue when using offloaded MACsec transformations, but it should be added in the future so that the MACsec state can be reported to the user (which would also improve the debug). Microsemi PHY MACsec support ---------------------------- In order to add support for the MACsec offloading feature in the Microsemi MSCC PHY driver, the __phy_read_page and __phy_write_page helpers had to be exported. This is because the initialization of the PHY is done while holding the MDIO bus lock, and we need to change the page to configure the MACsec block. The support itself is then added in three patches. The first one adds support for configuring the MACsec block within the PHY, so that it is up, running and available for future configuration, but is not doing any modification on the traffic passing through the PHY. The second patch implements the phy_device MACsec ops in the Microsemi MSCC PHY driver, and introduce helpers to configure MACsec transformations and flows to match specific packets. The last one adds support for PN rollover. Thanks! Antoine Since v5: - Fixed a compilation issue due to an inclusion from an UAPI header. - Added an EXPORT_SYMBOL_GPL for the PN rollover helper, to fix module compilation issues. - Added a dependency for the MSCC driver on MACSEC || MACSEC=n. - Removed the patches including the MAC offloading support as they are not to be applied for now. Since v4: - Reworked the MACsec read and write functions in the MSCC PHY driver to remove the conditional locking. Since v3: - Fixed a check when enabling offloading that was too restrictive. - Fixed the propagation of the changelink event to the underlying device drivers. Since v2: - Allow selection the offloading from userspace, defaulting to the software implementation when adding a new MACsec interface. The offloading mode is now also reported through netlink. - Added support for letting MKA packets in and out when using MACsec (there are rules to let them bypass the MACsec h/w engine within the PHY). - Added support for PN rollover (following what's currently done in the software implementation: the flow is disabled). - Split patches to remove MAC offloading support for now, as there are no current provider for this (patches are still included). - Improved a few parts of the MACsec support within the MSCC PHY driver (e.g. default rules now block non-MACsec traffic, depending on the configuration). - Many cosmetic fixes & small improvements. Since v1: - Reworked the MACsec offloading API, moving from a single helper called for all MACsec configuration operations, to a per-operation function that is provided by the underlying hardware drivers. - Those functions now contain a verb to describe the configuration action they're offloading. - Improved the error handling in the MACsec genl helpers to revert the configuration to its previous state when the offloading call failed. - Reworked the file inclusions. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch adds support for handling MACsec PN rollover in the mscc PHY driver. When a flow rolls over, an interrupt is fired. This patch adds the logic to check all flows and identify the one rolling over in the handle_interrupt PHY helper, then disables the flow and report the event to the MACsec core. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
Allow to call macsec_pn_wrapped from hardware drivers to notify when a PN rolls over. Some drivers might used an interrupt to implement this. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch adds MACsec offloading support to some Microsemi PHYs, to configure flows and transformations so that matched packets can be processed by the MACsec engine, either at egress, or at ingress. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch adds support for initializing the MACsec engine found within some Microsemi PHYs. The engine is initialized in a passthrough mode and does not modify any incoming or outgoing packet. But thanks to this it now can be configured to perform MACsec transformations on packets, which will be supported by a future patch. The MACsec read and write functions are wrapped into two versions: one called during the init phase, and the other one later on. This is because the init functions in the Microsemi PHY driver are called while the MDIO bus lock is taken. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
MACsec offloading to underlying hardware devices is disabled by default (the software implementation is used). This patch adds support for changing this setting through the MACsec netlink interface. Many checks are done when enabling offloading on a given MACsec interface as there are limitations (it must be supported by the hardware, only a single interface can be offloaded on a given physical device at a time, rules can't be moved for now). Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch introduces the MACsec hardware offloading infrastructure. The main idea here is to re-use the logic and data structures of the software MACsec implementation. This allows not to duplicate definitions and structure storing the same kind of information. It also allows to use a unified genlink interface for both MACsec implementations (so that the same userspace tool, `ip macsec`, is used with the same arguments). The MACsec offloading support cannot be disabled if an interface supports it at the moment. The MACsec configuration is passed to device drivers supporting it through macsec_ops which are called from the MACsec genl helpers. Those functions call the macsec ops of PHY and Ethernet drivers in two steps: a preparation one, and a commit one. The first step is allowed to fail and should be used to check if a provided configuration is compatible with the features provided by a MACsec engine, while the second step is not allowed to fail and should only be used to enable a given MACsec configuration. Two extra calls are made: when a virtual MACsec interface is created and when it is deleted, so that the hardware driver can stay in sync. The Rx and TX handlers are modified to take in account the special case were the MACsec transformation happens in the hardware, whether in a PHY or in a MAC, as the packets seen by the networking stack on both the physical and MACsec virtual interface are exactly the same. This leads to some limitations: the hardware and software implementations can't be used on the same physical interface, as the policies would be impossible to fulfill (such as strict validation of the frames). Also only a single virtual MACsec interface can be offloaded to a physical port supporting hardware offloading as it would be impossible to guess onto which interface a given packet should go (for ingress traffic). Another limitation as of now is that the counters and statistics are not reported back from the hardware to the software MACsec implementation. This isn't an issue when using offloaded MACsec transformations, but it should be added in the future so that the MACsec state can be reported to the user (which would also improve the debug). Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch adds a reference to MACsec ops in the phy_device, to allow PHYs to support offloading MACsec operations. The phydev lock will be held while calling those helpers. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch introduces MACsec ops for drivers to support offloading MACsec operations. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch introduces the macsec_context structure. It will be used in the kernel to exchange information between the common MACsec implementation (macsec.c) and the MACsec hardware offloading implementations. This structure contains pointers to MACsec specific structures which contain the actual MACsec configuration, and to the underlying device (phydev for now). Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Antoine Tenart authored
This patch moves some structure, type and identifier definitions into a MACsec specific header. This patch does not modify how the MACsec code is running and only move things around. This is a preparation for the future MACsec hardware offloading support, which will re-use those definitions outside macsec.c. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Guillaume Nault says: ==================== netns: Optimise netns ID lookups Netns ID lookups can be easily protected by RCU, rather than by holding a spinlock. Patch 1 prepares the code, patch 2 does the RCU conversion, and finally patch 3 stops disabling BHs on updates (patch 2 makes that unnecessary). ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Guillaume Nault authored
When peernet2id() had to lock "nsid_lock" before iterating through the nsid table, we had to disable BHs, because VXLAN can call peernet2id() from the xmit path: vxlan_xmit() -> vxlan_fdb_miss() -> vxlan_fdb_notify() -> __vxlan_fdb_notify() -> vxlan_fdb_info() -> peernet2id(). Now that peernet2id() uses RCU protection, "nsid_lock" isn't used in BH context anymore. Therefore, we can safely use plain spin_lock()/spin_unlock() and let BHs run when holding "nsid_lock". Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Guillaume Nault authored
__peernet2id() can be protected by RCU as it only calls idr_for_each(), which is RCU-safe, and never modifies the nsid table. rtnl_net_dumpid() can also do lockless lookups. It does two nested idr_for_each() calls on nsid tables (one direct call and one indirect call because of rtnl_net_dumpid_one() calling __peernet2id()). The netnsid tables are never updated. Therefore it is safe to not take the nsid_lock and run within an RCU-critical section instead. Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Guillaume Nault authored
__peernet2id_alloc() was used for both plain lookups and for netns ID allocations (depending the value of '*alloc'). Let's separate lookups from allocations instead. That is, integrate the lookup code into __peernet2id() and make peernet2id_alloc() responsible for allocating new netns IDs when necessary. This makes it clear that __peernet2id() doesn't modify the idr and prepares the code for lockless lookups. Also, mark the 'net' argument of __peernet2id() as 'const', since we're modifying this line. Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Geert Uytterhoeven authored
Convert mdiobus_register_reset() from open-coded DT-only optional reset handling to reset_control_get_optional_exclusive(). This not only simplifies the code, but also adds support for lookup-based resets on non-DT systems. Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
The information about the PHY attached to the PHYLINK instance is useful but is missing the IRQ prints that phy_attached_info() adds. phy_attached_info() is a bit long and it would not be possible to use phylink_info() anyway. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Jose Abreu says: ==================== net: stmmac: ETF support This series adds the support for ETF scheduler in stmmac. 1) Starts adding the support by implementing Enhanced Descriptors in stmmac main core. This is needed for ETF feature in XGMAC and QoS cores. 2) Integrates the ETF logic into stmmac TC core. 3) and 4) adds the HW specific support for ETF in XGMAC and QoS cores. The IP feature is called TBS (Time Based Scheduling). 5) Enables ETF in GMAC5 IPK PCI entry for all Queues except Queue 0. 6) Adds the new TBS feature and even more information into the debugFS HW features file. ==================== Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Add a new test for TBS feature which is used in ETF scheduler. In this test, we send a packet with a launch time specified as now + 500ms and check if the packet was transmitted on that time frame. Changes from v2: - Use the TBS bitfield - Remove debug message Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
In the upcoming commit for TBS selftest we will need to send a packet on a specific Queue. As stmmac fallsback to netdev_pick_tx() on the select Queue callback, we need to switch all selftests logic to dev_direct_xmit() so that we can send the given SKB on a specific Queue. Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Adds more information regarding HW Capabilities in the corresponding DebugFS file. Changes from v2: - Remove the TX/RX queues in use (Jakub) Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Enable TBS support on GMAC5 PCI entry for all Queues except Queue 0. Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Adds all the necessary HW hooks to support TBS feature in QoS cores. Changes from v1: - Remove unneeded LT shift as the IP already does this. Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Adds all the necessary HW hooks to support TBS feature in XGMAC cores. Changes from v1: - Remove unneeded LT shift as the IP already does this. Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Adds the support for ETF scheduler using TBS feature which is available in XGMAC and QoS IPs. Changes from v2: - Fix checkpatch issues (Jakub) - Use the TBS bitfield Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jose Abreu authored
Adds the initial hooks for TBS support. This needs a 32 byte descriptor in order for it to work with current HW. Adds all the logic for Enhanced Descriptors in main core but no HW related logic for now. Changes from v2: - Use bitfield for TBS status / support (Jakub) - Remove unneeded cache alignment (Jakub) - Fix checkpatch issues Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Chen Zhou authored
The conversion to bool is not needed, remove it. Signed-off-by: Chen Zhou <chenzhou10@huawei.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jesper Dangaard Brouer authored
Commit 0bf7800f ("ptr_ring: try vmalloc() when kmalloc() fails") started to use kvmalloc_array and kvfree, which are defined in mm.h, the previous functions kcalloc and kfree, which are defined in slab.h. Add the missing include of linux/mm.h. This went unnoticed as other include files happened to include mm.h. Fixes: 0bf7800f ("ptr_ring: try vmalloc() when kmalloc() fails") Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Lorenzo Bianconi authored
With 'commit 44768dec ("page_pool: handle page recycle for NUMA_NO_NODE condition")' we can safely change nid to NUMA_NO_NODE and accommodate future NUMA aware hardware using mvneta network interface Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 13 Jan, 2020 3 commits
-
-
Zhang Xiaoxu authored
Fix sparse warning: drivers/net/ethernet/sfc/ethtool_common.c warning: symbol 'efx_fill_test' was not declared. Should it be static? warning: symbol 'efx_fill_loopback_test' was not declared. Should it be static? warning: symbol 'efx_describe_per_queue_stats' was not declared. Should it be static? Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Reviewed-by: Martin Habets <mhabets@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Geert Uytterhoeven authored
Use the print_hex_dump_debug() helper, instead of open-coding the same operations. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Geert Uytterhoeven authored
Remove unused fields, copied from the Sun LANCE driver eons ago. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 12 Jan, 2020 8 commits
-
-
Jakub Kicinski authored
Linus Walleij says: ==================== IXP4xx networking cleanups This is a patch series which jams together Arnds and mine cleanups for the IXP4xx networking. I also have patches for device tree support but that requires more elaborate work, this series is some of mine and some of Arnds patches that is a good foundation for his multiplatform work and my device tree work. These are for application to the networking tree so that can be taken in one separate sweep. I have tested the patches for a bit using zeroday builds and some boots on misc IXP4xx devices and haven't run into any major problems. We might find some new stuff as a result from the new compiler coverage. I had to depromote enabling compiler coverage at one point in the v2 set because it depended on other patches making the code more generic. The change in v3 was simply dropping one offending patch hardcoding base addresses into the driver. The change in v4 drops a stable@ tag that was unnecessary. This v5 is a rebase of the v4 patch set on top of net-next. ==================== Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
Use the netdevice struct device .parent field when calling dma_pool_create(): the .dma_coherent_mask and .dma_mask pertains to the bus device on the hardware (platform) bus in this case, not the struct device inside the network device. This makes the pool allocation work. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
In order to probe this ethernet interface from the device tree all physical MMIO regions must be passed as resources. Begin this rewrite by first passing the port base address as a resource for all platforms using this driver, remap it in the driver and avoid using any reference of the statically mapped virtual address in the driver. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
Simplify and correct a bunch of messages using printk directly to use the netdev_* macros. I have not changed all of them, just the low-hanging fruit. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
Use "ndev" for the struct net_device and "dev" for the struct device in probe() and remove(). Add the local "dev" pointer for later use in refactoring. Take this opportunity to fix inverse christmas tree coding style. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
The IXP4xx driver was initializing the MDIO bus before even probing, in the callbacks supposed to be used for setting up the module itself, and with the side effect of trying to register the MDIO bus as soon as this module was loaded or compiled into the kernel whether the device was discovered or not. This does not work with multiplatform environments. To get rid of this: set up the MDIO bus from the probe() callback and remove it in the remove() callback. Rename the probe() and remove() calls to reflect the most common conventions. Since there is a bit of checking for the ethernet feature to be present in the MDIO registering function, making the whole module not even be registered if we can't find an MDIO bus, we need something similar: register the MDIO bus when the corresponding ethernet is probed, and return -EPROBE_DEFER on the other interfaces until this happens. If no MDIO bus is present on any of the registered interfaces we will eventually bail out. None of the platforms I've seen has e.g. MDIO on EthB and only uses EthC, there is always a Ethernet hardware on the NPE (B, C) that has the MDIO bus, we just might have to wait for it. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Arnd Bergmann authored
The platform data is needed to compile the driver as standalone, so move it to a global location along with similar files. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Arnd Bergmann authored
The ixp46x ptp driver has a somewhat unusual setup, where the ptp driver and the ethernet driver are in different directories but access the same registers that are defined a platform specific header file. Moving everything into drivers/net/ makes it look more like most other ptp drivers and allows compile-testing this driver on other targets. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-