1. 15 Jan, 2020 17 commits
  2. 14 Jan, 2020 23 commits
    • Tian Tao's avatar
      nfc: No need to set .owner platform_driver_register · a4d35e77
      Tian Tao authored
      the i2c_add_driver will set the .owner to THIS_MODULE
      Signed-off-by: default avatarTian Tao <tiantao6@hisilicon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4d35e77
    • David S. Miller's avatar
      Merge branch 'skb_list_walk_safe-refactoring' · 2b133adf
      David S. Miller authored
      Jason A. Donenfeld says:
      
      ====================
      skb_list_walk_safe refactoring for net/*'s skb_gso_segment usage
      
      This patchset adjusts all return values of skb_gso_segment in net/* to
      use the new skb_list_walk_safe helper.
      
      First we fix a minor bug in the helper macro that didn't come up in the
      last patchset's uses. Then we adjust several cases throughout net/. The
      xfrm changes were a bit hairy, but doable. Reading and thinking about
      the code in mac80211 indicates a memory leak, which the commit
      addresses. All the other cases were pretty trivial.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2b133adf
    • Jason A. Donenfeld's avatar
      net: mac80211: use skb_list_walk_safe helper for gso segments · 9f3ef3d7
      Jason A. Donenfeld authored
      This is a conversion case for the new function, keeping the flow of the
      existing code as intact as possible. We also switch over to using
      skb_mark_not_on_list instead of a null write to skb->next.
      
      Finally, this code appeared to have a memory leak in the case where
      header building fails before the last gso segment. In that case, the
      remaining segments are not freed. So this commit also adds the proper
      kfree_skb_list call for the remainder of the skbs.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f3ef3d7
    • Jason A. Donenfeld's avatar
      net: netfilter: use skb_list_walk_safe helper for gso segments · 2670ee77
      Jason A. Donenfeld authored
      This is a straight-forward conversion case for the new function, keeping
      the flow of the existing code as intact as possible.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2670ee77
    • Jason A. Donenfeld's avatar
      net: ipv4: use skb_list_walk_safe helper for gso segments · 88bebdf5
      Jason A. Donenfeld authored
      This is a straight-forward conversion case for the new function, keeping
      the flow of the existing code as intact as possible.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      88bebdf5
    • Jason A. Donenfeld's avatar
      net: sched: use skb_list_walk_safe helper for gso segments · b950d8a5
      Jason A. Donenfeld authored
      This is a straight-forward conversion case for the new function, keeping
      the flow of the existing code as intact as possible.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b950d8a5
    • Jason A. Donenfeld's avatar
      net: openvswitch: use skb_list_walk_safe helper for gso segments · 2cec4448
      Jason A. Donenfeld authored
      This is a straight-forward conversion case for the new function, keeping
      the flow of the existing code as intact as possible.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2cec4448
    • Jason A. Donenfeld's avatar
      net: xfrm: use skb_list_walk_safe helper for gso segments · c3b18e0d
      Jason A. Donenfeld authored
      This is converts xfrm segment iteration to use the new function, keeping
      the flow of the existing code as intact as possible. One case is very
      straight-forward, whereas the other case has some more subtle code that
      likes to peak at ->next and relink skbs. By keeping the variables the
      same as before, we can upgrade this code with minimal surgery required.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c3b18e0d
    • Jason A. Donenfeld's avatar
      net: udp: use skb_list_walk_safe helper for gso segments · 1a186c14
      Jason A. Donenfeld authored
      This is a straight-forward conversion case for the new function,
      iterating over the return value from udp_rcv_segment, which actually is
      a wrapper around skb_gso_segment.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1a186c14
    • Jason A. Donenfeld's avatar
      net: skbuff: disambiguate argument and member for skb_list_walk_safe helper · 5eee7bd7
      Jason A. Donenfeld authored
      This worked before, because we made all callers name their next pointer
      "next". But in trying to be more "drop-in" ready, the silliness here is
      revealed. This commit fixes the problem by making the macro argument and
      the member use different names.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5eee7bd7
    • David S. Miller's avatar
      Merge branch 'macsec-hw-offload' · ec22ab00
      David S. Miller authored
      Antoine Tenart says:
      
      ====================
      net: macsec: initial support for hardware offloading
      
      This series intends to add support for offloading MACsec transformations
      to hardware enabled devices. The series adds the necessary
      infrastructure for offloading MACsec configurations to hardware drivers,
      in patches 1 to 5; then introduces MACsec offloading support in the
      Microsemi MSCC PHY driver, in patches 6 to 10.
      
      The series can also be found at:
      https://github.com/atenart/linux/tree/net-next/macsec
      
      IProute2 modifications can be found at:
      https://github.com/atenart/iproute2/tree/macsec
      
      MACsec hardware offloading infrastructure
      -----------------------------------------
      
      Linux has a software implementation of the MACsec standard. There are
      hardware engines supporting MACsec operations, such as the Intel ixgbe
      NIC and some Microsemi PHYs (the one we use in this series). This means
      the MACsec offloading infrastructure should support networking PHY and
      MAC drivers. Note that MAC driver preliminary support is part of this
      series, but should not be merged before we actually have a provider for
      this.
      
      We do intend in this series to re-use the logic, netlink API and data
      structures of the existing MACsec software implementation. This allows
      not to duplicate definitions and structure storing the same information;
      as well as using the same userspace tools to configure both software or
      hardware offloaded MACsec flows (with `ip macsec`).
      
      When adding a new MACsec virtual interface the existing logic is kept:
      offloading is disabled by default. A user driven configuration choice is
      needed to switch to offloading mode (a patch in iproute2 is needed for
      this). A single MACsec interface can be offloaded for now, and some
      limitations are there: no flow can be moved from one implementation to
      the other so the decision needs to be done before configuring the
      interface.
      
      MACsec offloading ops are called in 2 steps: a preparation one, and a
      commit one. The first step is allowed to fail and should be used to
      check if a provided configuration is compatible with a given MACsec
      capable hardware. The second step is not allowed to fail and should
      only be used to enable a given MACsec configuration.
      
      A limitation as of now is the counters and statistics are not reported
      back from the hardware to the software MACsec implementation. This
      isn't an issue when using offloaded MACsec transformations, but it
      should be added in the future so that the MACsec state can be reported
      to the user (which would also improve the debug).
      
      Microsemi PHY MACsec support
      ----------------------------
      
      In order to add support for the MACsec offloading feature in the
      Microsemi MSCC PHY driver, the __phy_read_page and __phy_write_page
      helpers had to be exported. This is because the initialization of the
      PHY is done while holding the MDIO bus lock, and we need to change the
      page to configure the MACsec block.
      
      The support itself is then added in three patches. The first one adds
      support for configuring the MACsec block within the PHY, so that it is
      up, running and available for future configuration, but is not doing any
      modification on the traffic passing through the PHY. The second patch
      implements the phy_device MACsec ops in the Microsemi MSCC PHY driver,
      and introduce helpers to configure MACsec transformations and flows to
      match specific packets. The last one adds support for PN rollover.
      
      Thanks!
      Antoine
      
      Since v5:
        - Fixed a compilation issue due to an inclusion from an UAPI header.
        - Added an EXPORT_SYMBOL_GPL for the PN rollover helper, to fix module
          compilation issues.
        - Added a dependency for the MSCC driver on MACSEC || MACSEC=n.
        - Removed the patches including the MAC offloading support as they are
          not to be applied for now.
      
      Since v4:
        - Reworked the MACsec read and write functions in the MSCC PHY driver
          to remove the conditional locking.
      
      Since v3:
        - Fixed a check when enabling offloading that was too restrictive.
        - Fixed the propagation of the changelink event to the underlying
          device drivers.
      
      Since v2:
        - Allow selection the offloading from userspace, defaulting to the
          software implementation when adding a new MACsec interface. The
          offloading mode is now also reported through netlink.
        - Added support for letting MKA packets in and out when using MACsec
          (there are rules to let them bypass the MACsec h/w engine within the
          PHY).
        - Added support for PN rollover (following what's currently done in
          the software implementation: the flow is disabled).
        - Split patches to remove MAC offloading support for now, as there are
          no current provider for this (patches are still included).
        - Improved a few parts of the MACsec support within the MSCC PHY
          driver (e.g. default rules now block non-MACsec traffic, depending
          on the configuration).
        - Many cosmetic fixes & small improvements.
      
      Since v1:
        - Reworked the MACsec offloading API, moving from a single helper
          called for all MACsec configuration operations, to a per-operation
          function that is provided by the underlying hardware drivers.
        - Those functions now contain a verb to describe the configuration
          action they're offloading.
        - Improved the error handling in the MACsec genl helpers to revert
          the configuration to its previous state when the offloading call
          failed.
        - Reworked the file inclusions.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec22ab00
    • Antoine Tenart's avatar
      net: phy: mscc: PN rollover support · 781449a4
      Antoine Tenart authored
      This patch adds support for handling MACsec PN rollover in the mscc PHY
      driver. When a flow rolls over, an interrupt is fired. This patch adds
      the logic to check all flows and identify the one rolling over in the
      handle_interrupt PHY helper, then disables the flow and report the event
      to the MACsec core.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      781449a4
    • Antoine Tenart's avatar
      net: macsec: PN wrap callback · 5c937de7
      Antoine Tenart authored
      Allow to call macsec_pn_wrapped from hardware drivers to notify when a
      PN rolls over. Some drivers might used an interrupt to implement this.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c937de7
    • Antoine Tenart's avatar
      net: phy: mscc: macsec support · 28c5107a
      Antoine Tenart authored
      This patch adds MACsec offloading support to some Microsemi PHYs, to
      configure flows and transformations so that matched packets can be
      processed by the MACsec engine, either at egress, or at ingress.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28c5107a
    • Antoine Tenart's avatar
      net: phy: mscc: macsec initialization · 1bbe0ecc
      Antoine Tenart authored
      This patch adds support for initializing the MACsec engine found within
      some Microsemi PHYs. The engine is initialized in a passthrough mode and
      does not modify any incoming or outgoing packet. But thanks to this it
      now can be configured to perform MACsec transformations on packets,
      which will be supported by a future patch.
      
      The MACsec read and write functions are wrapped into two versions: one
      called during the init phase, and the other one later on. This is
      because the init functions in the Microsemi PHY driver are called while
      the MDIO bus lock is taken.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1bbe0ecc
    • Antoine Tenart's avatar
      net: macsec: add nla support for changing the offloading selection · dcb780fb
      Antoine Tenart authored
      MACsec offloading to underlying hardware devices is disabled by default
      (the software implementation is used). This patch adds support for
      changing this setting through the MACsec netlink interface. Many checks
      are done when enabling offloading on a given MACsec interface as there
      are limitations (it must be supported by the hardware, only a single
      interface can be offloaded on a given physical device at a time, rules
      can't be moved for now).
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dcb780fb
    • Antoine Tenart's avatar
      net: macsec: hardware offloading infrastructure · 3cf3227a
      Antoine Tenart authored
      This patch introduces the MACsec hardware offloading infrastructure.
      
      The main idea here is to re-use the logic and data structures of the
      software MACsec implementation. This allows not to duplicate definitions
      and structure storing the same kind of information. It also allows to
      use a unified genlink interface for both MACsec implementations (so that
      the same userspace tool, `ip macsec`, is used with the same arguments).
      The MACsec offloading support cannot be disabled if an interface
      supports it at the moment.
      
      The MACsec configuration is passed to device drivers supporting it
      through macsec_ops which are called from the MACsec genl helpers. Those
      functions call the macsec ops of PHY and Ethernet drivers in two steps:
      a preparation one, and a commit one. The first step is allowed to fail
      and should be used to check if a provided configuration is compatible
      with the features provided by a MACsec engine, while the second step is
      not allowed to fail and should only be used to enable a given MACsec
      configuration. Two extra calls are made: when a virtual MACsec interface
      is created and when it is deleted, so that the hardware driver can stay
      in sync.
      
      The Rx and TX handlers are modified to take in account the special case
      were the MACsec transformation happens in the hardware, whether in a PHY
      or in a MAC, as the packets seen by the networking stack on both the
      physical and MACsec virtual interface are exactly the same. This leads
      to some limitations: the hardware and software implementations can't be
      used on the same physical interface, as the policies would be impossible
      to fulfill (such as strict validation of the frames). Also only a single
      virtual MACsec interface can be offloaded to a physical port supporting
      hardware offloading as it would be impossible to guess onto which
      interface a given packet should go (for ingress traffic).
      
      Another limitation as of now is that the counters and statistics are not
      reported back from the hardware to the software MACsec implementation.
      This isn't an issue when using offloaded MACsec transformations, but it
      should be added in the future so that the MACsec state can be reported
      to the user (which would also improve the debug).
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3cf3227a
    • Antoine Tenart's avatar
      net: phy: add MACsec ops in phy_device · 2e181358
      Antoine Tenart authored
      This patch adds a reference to MACsec ops in the phy_device, to allow
      PHYs to support offloading MACsec operations. The phydev lock will be
      held while calling those helpers.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e181358
    • Antoine Tenart's avatar
      net: macsec: introduce MACsec ops · 0830e20b
      Antoine Tenart authored
      This patch introduces MACsec ops for drivers to support offloading
      MACsec operations.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0830e20b
    • Antoine Tenart's avatar
      net: macsec: introduce the macsec_context structure · 76564261
      Antoine Tenart authored
      This patch introduces the macsec_context structure. It will be used
      in the kernel to exchange information between the common MACsec
      implementation (macsec.c) and the MACsec hardware offloading
      implementations. This structure contains pointers to MACsec specific
      structures which contain the actual MACsec configuration, and to the
      underlying device (phydev for now).
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      76564261
    • Antoine Tenart's avatar
      net: macsec: move some definitions in a dedicated header · c0e4eadf
      Antoine Tenart authored
      This patch moves some structure, type and identifier definitions into a
      MACsec specific header. This patch does not modify how the MACsec code
      is running and only move things around. This is a preparation for the
      future MACsec hardware offloading support, which will re-use those
      definitions outside macsec.c.
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0e4eadf
    • David S. Miller's avatar
      Merge branch 'netns-Optimise-netns-ID-lookups' · 169af346
      David S. Miller authored
      Guillaume Nault says:
      
      ====================
      netns: Optimise netns ID lookups
      
      Netns ID lookups can be easily protected by RCU, rather than by holding
      a spinlock.
      
      Patch 1 prepares the code, patch 2 does the RCU conversion, and finally
      patch 3 stops disabling BHs on updates (patch 2 makes that unnecessary).
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      169af346
    • Guillaume Nault's avatar
      netns: don't disable BHs when locking "nsid_lock" · 8d7e5dee
      Guillaume Nault authored
      When peernet2id() had to lock "nsid_lock" before iterating through the
      nsid table, we had to disable BHs, because VXLAN can call peernet2id()
      from the xmit path:
        vxlan_xmit() -> vxlan_fdb_miss() -> vxlan_fdb_notify()
          -> __vxlan_fdb_notify() -> vxlan_fdb_info() -> peernet2id().
      
      Now that peernet2id() uses RCU protection, "nsid_lock" isn't used in BH
      context anymore. Therefore, we can safely use plain
      spin_lock()/spin_unlock() and let BHs run when holding "nsid_lock".
      Signed-off-by: default avatarGuillaume Nault <gnault@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8d7e5dee