- 29 Jan, 2020 1 commit
-
-
Manish Mandlik authored
There is no lock preventing both l2cap_sock_release() and chan->ops->close() from running at the same time. If we consider Thread A running l2cap_chan_timeout() and Thread B running l2cap_sock_release(), expected behavior is: A::l2cap_chan_timeout()->l2cap_chan_close()->l2cap_sock_teardown_cb() A::l2cap_chan_timeout()->l2cap_sock_close_cb()->l2cap_sock_kill() B::l2cap_sock_release()->sock_orphan() B::l2cap_sock_release()->l2cap_sock_kill() where, sock_orphan() clears "sk->sk_socket" and l2cap_sock_teardown_cb() marks socket as SOCK_ZAPPED. In l2cap_sock_kill(), there is an "if-statement" that checks if both sock_orphan() and sock_teardown() has been run i.e. sk->sk_socket is NULL and socket is marked as SOCK_ZAPPED. Socket is killed if the condition is satisfied. In the race condition, following occurs: A::l2cap_chan_timeout()->l2cap_chan_close()->l2cap_sock_teardown_cb() B::l2cap_sock_release()->sock_orphan() B::l2cap_sock_release()->l2cap_sock_kill() A::l2cap_chan_timeout()->l2cap_sock_close_cb()->l2cap_sock_kill() In this scenario, "if-statement" is true in both B::l2cap_sock_kill() and A::l2cap_sock_kill() and we hit "refcount: underflow; use-after-free" bug. Similar condition occurs at other places where teardown/sock_kill is happening: l2cap_disconnect_rsp()->l2cap_chan_del()->l2cap_sock_teardown_cb() l2cap_disconnect_rsp()->l2cap_sock_close_cb()->l2cap_sock_kill() l2cap_conn_del()->l2cap_chan_del()->l2cap_sock_teardown_cb() l2cap_conn_del()->l2cap_sock_close_cb()->l2cap_sock_kill() l2cap_disconnect_req()->l2cap_chan_del()->l2cap_sock_teardown_cb() l2cap_disconnect_req()->l2cap_sock_close_cb()->l2cap_sock_kill() l2cap_sock_cleanup_listen()->l2cap_chan_close()->l2cap_sock_teardown_cb() l2cap_sock_cleanup_listen()->l2cap_sock_kill() Protect teardown/sock_kill and orphan/sock_kill by adding hold_lock on l2cap channel to ensure that the socket is killed only after marked as zapped and orphan. Signed-off-by:
Manish Mandlik <mmandlik@google.com> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org>
-
- 28 Jan, 2020 1 commit
-
-
Christophe JAILLET authored
Salts are 16 bytes long. Remove some extra and erroneous '0' in the human readable format used in comments. Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
-
- 27 Jan, 2020 38 commits
-
-
David S. Miller authored
Michal Kalderon says: ==================== qed*: Utilize FW 8.42.2.0 This FW contains several fixes and features, main ones listed below. We have taken into consideration past comments on previous FW versions that were uploaded and tried to separate this one to smaller patches to ease review. - RoCE - SRIOV support - Fixes in following flows: - latency optimization flow for inline WQEs - iwarp OOO packed DDPs flow - tx-dif workaround calculations flow - XRC-SRQ exceed cache num - iSCSI - Fixes: - iSCSI TCP out-of-order handling. - iscsi retransmit flow - Fcoe - Fixes: - upload + cleanup flows - Debug - Better handling of extracting data during traffic - ILT Dump -> dumping host memory used by chip - MDUMP -> collect debug data on system crash and extract after reboot Patches prefixed with FW 8.42.2.0 are required to work with binary 8.42.2.0 FW where as the rest are FW related but do not require the binary. Changes from V2 --------------- - Move FW version to the start of the series to maintain minimal compatibility - Fix some kbuild errors: - frame size larger than 1024 (Queue Manager patch - remove redundant field from struct) - sparse warning on endianity (Dmae patch fix - wrong use of __le32 for field used only on host, should be u32) - static should be used for some functions (Debug feature ilt and mdump) Reported-by:
kbuild test robot <lkp@intel.com> Changes from V1 --------------- - Remove epoch + kernel version from device debug dump - don't bump driver version ==================== Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Michal Kalderon authored
Add to debug dump more information on the platform it was collected from (pci func, path id). Provide human readable reg fifo erros. Removed static debug arrays from HSI Functions, and move them to the hwfn. Some structures were slightly changed (removing reserved chip id for example) which lead to many long initializations being modified with one parameter less during initialization. This leads to some long diffs that don't really change anything. Signed-off-by:
Ariel Elior <ariel.elior@marvell.com> Signed-off-by:
Michal Kalderon <michal.kalderon@marvell.com> Signed-off-by:
-
Michal Kalderon authored
The QM phase init tool can be invoked multiple times during the driver lifetime. Part of the init comes from the runtime array. The logic for setting the values did not init all values, basically assuming the runtime array was all zeroes. But if it was invoked multiple times, nobody was zeroing it after the first time. In this change we zero the runtime array right after using it. Signed-off-by:
-
Michal Kalderon authored
Part of the FW drop includes new debug capabilities implemented in the qed_debug file. This patch dumps additional information during ethtool -d for better debugging. The data dumped is the ilt (internal logical table) and information gathered by the management firmware incase there was a crash and driver was not able to extract the information (mdump). Signed-off-by:
-
Michal Kalderon authored
This feature enables the FW to page out FW code when required Signed-off-by:
-
Michal Kalderon authored
This patch contains several HSI changes. The changes are part of features like RDMA VF and OVS, the patch also contains a fix to how the init code determines if the dmae is ready to be used. Signed-off-by:
-
Michal Kalderon authored
- Remove struct iscsi_slow_path_hdr and field fw_cid from several structs - Remove struct iscsi_spe_func_dstry - Remove fields pbe_page_size_log and pbl_page_size_log from struct iscsi_conn_offload_param Signed-off-by:
Manish Rangankar <manish.rangankar@marvell.com> Signed-off-by:
Saurav Kashyap <saurav.kashyap@marvell.com> Signed-off-by:
-
Michal Kalderon authored
The number of BTB blocks was modified to be different between the two chip flavors supported (BB/K2) as a result, this lead to a re-write of selecting the default hsi value based on the chip. This patch creates a lookup table for hsi values per chip rather than ask again and again for every value. Signed-off-by:
-
Michal Kalderon authored
LL2 queues were a limited resource due to FW constraints. This FW introduced a new resource which is a context based ll2 queue (memory on host). The additional ll2 queues are required for RDMA SRIOV. The code refers to the previous ll2 queues as ram-based or legacy, and the new queues as ctx-based. This change decreased the "legacy" ram-based queues therefore the first ll2 queue used for iWARP was converted to the ctx-based ll2 queue. This feature also exposed a bug in the DIRECT_REG_WR64 macro implementation which didn't have an effect in other use cases. Signed-off-by:
-
Michal Kalderon authored
There are several wide-bus registers written to by the fw_funcs that require using the dmae for atomicity. Therefore using the dmae channel functionality was added to the fw_funcs file, since the code is very similar to the previously used code, the structures used were moved to qed_hsi. Due to FW conventions, the names of the flags in the struct changed. Since this required slight modification in the places that set the flags the code was modified to use GET/SET FIELD macros. Signed-off-by:
-
Michal Kalderon authored
Convert storm ram line to regpair rather than two distinct u32 to better represent the u64 width of the ram. Convert some defines to be hex instead of negative values these values also changed by FW from previous value. Signed-off-by:
-
Michal Kalderon authored
This patch contains changes in initialization and usage of the QM blocks. Instead of setting a rate limiter per vport the rate limiters are now a global resource and set independentaly. The patch also contains a field name change: vport_wfq which is part of vport_params was renamed to wfq as the vport prefix is redundant. Signed-off-by:
-
Michal Kalderon authored
This patch contains register initialization related changes. - Modifications to the runtime offsets - these are defines used by the driver or firmware functions to set values that are used by the initialization functions to set device register values. - Global window values changes to provide different device register ranges. - Additional device registers addresses were added to the register file, used in later stages. Signed-off-by:
-
Michal Kalderon authored
IRO stands for internal RAM offsets. Updating the FW binary produces different iro offsets. This file contains the different values, and a new representation of the values. Update the FW version Signed-off-by:
-
David S. Miller authored
Sunil Goutham says: ==================== octeontx2-pf: Add network driver for physical function OcteonTX2 SOC's resource virtualization unit (RVU) supports multiple physical and virtual functions. Each of the PF's functionality is determined by what kind of resources are attached to it. If NPA and NIX blocks are attached to a PF it can function as a highly capable network device. This patch series add a network driver for the PF. Initial set of patches adds mailbox communication with admin function (RVU AF) and configuration of queues. Followed by Rx and tx pkts NAPI handler and then support for HW offloads like RSS, TSO, Rxhash etc. Ethtool support to extract stats, config RSS, queue sizes, queue count is also added. Added documentation to give a high level overview of HW and different drivers which will be upstreamed and how they interact. Changes from v5: * Fixed otx2_atomic64_add() non ARM64 fallback definition. - Suggested by David Miller Changes from v4: * Replaced pci_set_dma_mask and pci_set_consistent_dma_mask fn()s with dma_set_mask_and_coherent(). * Some additonal code cleanup. * Fixed receive buffer segmnetation logic in otx2_alloc_rbuf() * Removed all unused BIG_ENDIAN structure definitions. * Removed unnecessary memory barriers - Sugested by Jakub Kicinski * Fixed mailbox initalization failure handling * Removed unused function parameter in otx2_skb_add_frag() - Suggested by Maciej Fijalkowski Changes from v3: * Fixed receive side scaling reinitialization during interface DOWN and UP to retain user configured settings, if any. * Removed driver version from ethtool. * Fixed otx2_set_rss_hash_opts() to return error incase RSS is not enabled. - Sugested by Jakub Kicinski Changes from v2: * Removed frames, bytes, dropped packet stats from ethtool to avoid duplication of same stats in netlink and ethtool. - Sugested by Jakub Kicinski * Removed number of channels and ringparam upper bound checking in ethtool support. * Fixed RSS hash option setting to reject unsupported config. - Suggested by Michal Kubecek Changes from v1: * Made driver dependent on 64bit, to fix build errors related to non availability of writeq/readq APIs for 32bit platforms. - Reported by kbuild test robot ==================== Signed-off-by: -
Sunil Goutham authored
Added maintainers entry for Marvell OcteonTX2 SOC's physical function NIC driver. Signed-off-by:
Sunil Goutham <sgoutham@marvell.com> Signed-off-by:
-
Sunil Goutham authored
Added high level overview of OcteonTx2 RVU HW and functionality of various drivers which will be upstreamed. Signed-off-by:
-
Sunil Goutham authored
Added support to show or configure RSS hash key, indirection table, 2,4 tuple via ethtool. Also added debug msg_level support to dump messages when HW reports errors in packet received or transmitted. Signed-off-by:
Prakash Brahmajyosyula <bprakash@marvell.com> Signed-off-by:
-
Christina Jacob authored
This patch adds ethtool support for - Driver stats, Tx/Rx perqueue and CGX LMAC stats - Set/show Rx/Tx queue count - Set/show Rx/Tx ring sizes - Set/show IRQ coalescing parameters Signed-off-by:
Christina Jacob <cjacob@marvell.com> Signed-off-by:
-
Geetha sowjanya authored
Added ndo_get_stats64 which returns stats maintained by HW. Signed-off-by:
Geetha sowjanya <gakula@marvell.com> Signed-off-by:
-
Sunil Goutham authored
Adds TCP segmentation offload (TSO) support. First version of the silicon didn't support TSO offload, for this driver level TSO support is added. Signed-off-by:
-
Sunil Goutham authored
Adds receive side scaling (RSS) support to distribute pkts/flows across multiple queues. Sets up key, indirection table etc. Also added extraction of HW calculated rxhash and adding to same to SKB ie NETIF_F_RXHASH offload support. Signed-off-by:
-
Geetha sowjanya authored
HW reports many errors on the receive and transmit paths. Such as incorrect queue configuration, pkt transmission errors, LMTST instruction errors, transmit queue full etc. These are reported via QINT interrupt. Most of the errors are fatal and needs reinitialization. Also added support to allocate receive buffers in non-atomic context when allocation fails in NAPI context. Signed-off-by:
Aleksey Makarov <amakarov@marvell.com> Signed-off-by:
-
Sunil Goutham authored
This patch addes support to change interface MTU, MAC address retrieval and config, RX mode ie unicast, multicast and promiscuous. Also added link loopback support Signed-off-by:
Tomasz Duszynski <tduszynski@marvell.com> Signed-off-by:
Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by:
-
Linu Cherian authored
PF and AF (admin function) shares 64KB of reserved memory region for communication. This region is shared for - Messages sent by PF and responses sent by AF. - Notifications sent by AF and ACKs sent by PF. This patch adds infrastructure to handle notifications sent by AF and adds handlers to process them. One of the main usecase of notifications from AF is physical link changes. So this patch adds registration of PF with AF to receive link status change notifications and also adds the handler for that notification. Signed-off-by:
Linu Cherian <lcherian@marvell.com> Signed-off-by:
-
Sunil Goutham authored
This patch adds the packet transmission support. For a given skb prepares send queue descriptors (SQEs) and pushes them to HW. Here driver doesn't maintain it's own SQ rings, SQEs are pushed to HW using a silicon specific operations called LMTST. From the instuction HW derives the transmit queue number and queues the SQE to that queue. These LMTST instructions are designed to avoid queue maintenance in SW and lockless behavior ie when multiple cores are trying to add SQEs to same queue then HW will takecare of serialization, no need for SW to hold locks. Also supports scatter/gather. Co-developed-by:
-
Sunil Goutham authored
Added receive packet handling (NAPI) support, error stats, RX_ALL capability config option to passon error pkts to stack upon user request. In subsequent patches these error stats will be added to ethttool. Signed-off-by:
-
Sunil Goutham authored
Completion queue (CQ) is the one with which HW notifies SW on a packet reception or transmission. Each of the RQ and SQ are mapped to a unique CQ and again both CQs are mapped to same interrupt ie the CINT. So that each core has one interrupt source in whose handler both Rx and Tx notifications are processed. Also - Registered a NAPI handler for the CINT. - Setup coalescing parameters. - IRQ affinity hints etc Signed-off-by:
-
Sunil Goutham authored
This patch does the initialization of all queues ie the receive buffer pools, receive and transmit queues, completion or notification queues etc. Allocates all required resources (eg transmit schedulers, receive buffers etc) and configures them for proper functioning of queues. Also sets up receive queue's RED dropping levels. Co-developed-by:
-
Sunil Goutham authored
For a PF to function as a NIC, NPA (for Rx buffers, Tx descriptors etc) and NIX (for rcv, send and completion queues) are the minimum resources needed. So request admin function (AF) to attach one each of NIX and NPA block LFs (local functions). Only AF can configure a LF's contexts, so request AF to allocate memory for NPA aura/pool and NIX RQ/SQ/CQ HW contexts. Upon receiving response, save some of the HW constants like number of pointers per stack page, size of send queue buffer (SQBs, where SQEs are queued by HW) e.t.c which are later used to initialize queues. A HW context here is like a state machine maintained for a descriptor queue. eg size, head/tail pointers, irq etc etc. HW maintains this in memory. Signed-off-by:
-
Sunil Goutham authored
In the resource virtualization unit (RVU) each of the PF and AF (admin function) share a 64KB of reserved memory region for communication. This patch initializes PF <=> AF mailbox IRQs, registers handlers for processing these communication messages. Also adds support to process these messages in both directions ie responses to PF initiated DOWN (PF => AF) messages and AF initiated UP messages (AF => PF). Mbox communication APIs and message formats are defined in AF driver (drivers/net/ethernet/marvell/octeontx2/af), mbox.h from AF driver is included here to avoid duplication. Signed-off-by:
-
Sunil Goutham authored
This patch adds template for the Marvell's OcteonTX2 network controller's physical function driver. Just the probe, PCI specific initialization and netdev registration. Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextDavid S. Miller authored
Daniel Borkmann says: ==================== pull-request: bpf-next 2020-01-27 The following pull-request contains BPF updates for your *net-next* tree. We've added 20 non-merge commits during the last 5 day(s) which contain a total of 24 files changed, 433 insertions(+), 104 deletions(-). The main changes are: 1) Make BPF trampolines and dispatcher aware for the stack unwinder, from Jiri Olsa. 2) Improve handling of failed CO-RE relocations in libbpf, from Andrii Nakryiko. 3) Several fixes to BPF sockmap and reuseport selftests, from Lorenz Bauer. 4) Various cleanups in BPF devmap's XDP flush code, from John Fastabend. 5) Fix BPF flow dissector when used with port ranges, from Yoshiki Komachi. 6) Fix bpffs' map_seq_next callback to always inc position index, from Vasily Averin. 7) Allow overriding LLVM tooling for runqslower utility, from Andrey Ignatov. 8) Silence false-positive lockdep splats in devmap hash lookup, from Amol Grover. 9) Fix fentry/fexit selftests to initialize a variable before use, from John Sperbeck. ==================== Signed-off-by: -
David S. Miller authored
This reverts commit 7786a1af. It causes build failures on 32-bit, for example: net/core/pktgen.o: In function `mod_cur_headers': >> pktgen.c:(.text.mod_cur_headers+0xba0): undefined reference to `__umoddi3' Signed-off-by:
-
Leon Romanovsky authored
In order to stop useless driver version bumps and unify output presented by ethtool -i, let's set default version string. As Linus said in [1]: "Things are supposed to be backwards and forwards compatible, because we don't accept breakage in user space anyway. So versioning is pointless, and only causes problems." They cause problems when users start to see version changes and expect specific set of features which will be different for stable@, vanilla and distribution kernels. Distribution kernels are based on some kernel version with extra patches on top, for example, in RedHat world this "extra" is a lot and for them your driver version say nothing. Users who run vanilla kernels won't use driver version information too, because running such kernels requires knowledge and understanding. Another set of problems are related to difference in versioning scheme and such doesn't allow to write meaningful automation which will work sanely on all ethtool capable devices. Before this change: [leonro@erver ~]$ ethtool -i eth0 driver: virtio_net version: 1.0.0 After this change and once ->version assignment will be deleted from virtio_net: [leonro@server ~]$ ethtool -i eth0 driver: virtio_net version: 5.5.0-rc6+ Link: https://lore.kernel.org/ksummit-discuss/CA+55aFx9A=5cc0QZ7CySC4F2K7eYaEfzkdYEc9JaNgCcV25=rg@mail.gmail.com/ Link: https://lore.kernel.org/linux-rdma/20200122152627.14903-1-michal.kalderon@marvell.com/T/#md460ff8f976c532a89d6860411c3c50bb811038b Link: https://lore.kernel.org/linux-rdma/20200127060835.GA570@unicorn.suse.czSigned-off-by:
Leon Romanovsky <leonro@mellanox.com> Acked-by:
Shannon Nelson <snelson@pensando.io> Signed-off-by:
-
David S. Miller authored
Alex Maftei says: ==================== sfc: refactor mcdi filtering code Splitting final bits of the driver code into different files, which will later be used in another driver for a new product. This is a continuation to my previous patch series. (three of them) Refactoring will be concluded with this series, for now. As instructed, split the renaming and moving into different patches. Removed stray spaces before tabs... twice. Minor refactoring was done with the renaming, as explained in the first patch. ==================== Signed-off-by: -
Alex Maftei (amaftei) authored
Signed-off-by:
Alexandru-Mihai Maftei <amaftei@solarflare.com> Signed-off-by:
-
Alex Maftei (amaftei) authored
Moved structs, enums, and added function prototypes. The affected functions are no longer static. Signed-off-by:
-
