1. 15 May, 2023 19 commits
  2. 13 May, 2023 14 commits
  3. 12 May, 2023 7 commits
    • David S. Miller's avatar
      Merge branch 'sfc-decap' · ba79e9a7
      David S. Miller authored
      Edward Cree says:
      
      ====================
      sfc: more flexible encap matches on TC decap rules
      
      This series extends the TC offload support on EF100 to support optionally
       matching on the IP ToS and UDP source port of the outer header in rules
       performing tunnel decapsulation.  Both of these fields allow masked
       matches if the underlying hardware supports it (current EF100 hardware
       supports masking on ToS, but only exact-match on source port).
      Given that the source port is typically populated from a hash of inner
       header entropy, it's not clear whether filtering on it is useful, but
       since we can support it we may as well expose the capability.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba79e9a7
    • Edward Cree's avatar
      sfc: support TC decap rules matching on enc_src_port · b6583d5e
      Edward Cree authored
      Allow efx_tc_encap_match entries to include a udp_sport and a
       udp_sport_mask.  As with enc_ip_tos, use pseudos to enforce that all
       encap matches within a given <src_ip,dst_ip,udp_dport> tuple have
       the same udp_sport_mask.
      Note that since we use a single layer of pseudos for both fields, two
       matches that differ in (say) udp_sport value aren't permitted to have
       different ip_tos_mask, even though this would technically be safe.
      Current userland TC does not support setting enc_src_port; this patch
       was tested with an iproute2 patched to support it.
      Signed-off-by: default avatarEdward Cree <ecree.xilinx@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6583d5e
    • Edward Cree's avatar
      sfc: support TC decap rules matching on enc_ip_tos · 3c9561c0
      Edward Cree authored
      Allow efx_tc_encap_match entries to include an ip_tos and ip_tos_mask.
      To avoid partially-overlapping Outer Rules (which can lead to undefined
       behaviour in the hardware), store extra "pseudo" entries in our
       encap_match hashtable, which are used to enforce that all Outer Rule
       entries within a given <src_ip,dst_ip,udp_dport> tuple (or IPv6
       equivalent) have the same ip_tos_mask.
      The "direct" encap_match entry takes a reference on the "pseudo",
       allowing it to be destroyed when all "direct" entries using it are
       removed.
      efx_tc_em_pseudo_type is an enum rather than just a bool because in
       future an additional pseudo-type will be added to support Conntrack
       offload.
      Signed-off-by: default avatarEdward Cree <ecree.xilinx@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c9561c0
    • Edward Cree's avatar
      sfc: populate enc_ip_tos matches in MAE outer rules · 56beb35d
      Edward Cree authored
      Currently tc.c will block them before they get here, but following
       patch will change that.
      Use the extack message from efx_mae_check_encap_match_caps() instead
       of writing a new one, since there's now more being fed in than just
       an IP version.
      Signed-off-by: default avatarEdward Cree <ecree.xilinx@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      56beb35d
    • Edward Cree's avatar
      sfc: release encap match in efx_tc_flow_free() · 28fa3ac4
      Edward Cree authored
      When force-freeing leftover entries from our match_action_ht, call
       efx_tc_delete_rule(), which releases all the rule's resources, rather
       than open-coding it.  The open-coded version was missing a call to
       release the rule's encap match (if any).
      It probably doesn't matter as everything's being torn down anyway, but
       it's cleaner this way and prevents further error messages potentially
       being logged by efx_tc_encap_match_free() later on.
      Move efx_tc_flow_free() further down the file to avoid introducing a
       forward declaration of efx_tc_delete_rule().
      
      Fixes: 17654d84 ("sfc: add offloading of 'foreign' TC (decap) rules")
      Signed-off-by: default avatarEdward Cree <ecree.xilinx@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28fa3ac4
    • wuych's avatar
      net: liquidio: lio_main: Remove unnecessary (void*) conversions · d3616dc7
      wuych authored
      Pointer variables of void * type do not require type cast.
      Signed-off-by: default avatarwuych <yunchuan@nfschina.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3616dc7
    • Alexander Mikhalitsyn's avatar
      sctp: add bpf_bypass_getsockopt proto callback · 2598619e
      Alexander Mikhalitsyn authored
      Implement ->bpf_bypass_getsockopt proto callback and filter out
      SCTP_SOCKOPT_PEELOFF, SCTP_SOCKOPT_PEELOFF_FLAGS and SCTP_SOCKOPT_CONNECTX3
      socket options from running eBPF hook on them.
      
      SCTP_SOCKOPT_PEELOFF and SCTP_SOCKOPT_PEELOFF_FLAGS options do fd_install(),
      and if BPF_CGROUP_RUN_PROG_GETSOCKOPT hook returns an error after success of
      the original handler sctp_getsockopt(...), userspace will receive an error
      from getsockopt syscall and will be not aware that fd was successfully
      installed into a fdtable.
      
      As pointed by Marcelo Ricardo Leitner it seems reasonable to skip
      bpf getsockopt hook for SCTP_SOCKOPT_CONNECTX3 sockopt too.
      Because internaly, it triggers connect() and if error is masked
      then userspace will be confused.
      
      This patch was born as a result of discussion around a new SCM_PIDFD interface:
      https://lore.kernel.org/all/20230413133355.350571-3-aleksandr.mikhalitsyn@canonical.com/
      
      Fixes: 0d01da6a ("bpf: implement getsockopt and setsockopt hooks")
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Stanislav Fomichev <sdf@google.com>
      Cc: Neil Horman <nhorman@tuxdriver.com>
      Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Cc: Xin Long <lucien.xin@gmail.com>
      Cc: linux-sctp@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Suggested-by: default avatarStanislav Fomichev <sdf@google.com>
      Acked-by: default avatarStanislav Fomichev <sdf@google.com>
      Signed-off-by: default avatarAlexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
      Acked-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2598619e