[PATCH net-next 0/2] ethtool: use the rss context XArray in ring deactivation safety-check

[PATCH net-next 0/2] ethtool: use the rss context XArray in ring deactivation safety-check

[Jakub Kicinski]

Now that we have an XArray storing information about all extra
RSS contexts - use it to extend checks already performed using
ethtool_get_max_rxfh_channel().

Jakub Kicinski (2):
  ethtool: fail closed if we can't get max channel used in indirection
    tables
  ethtool: use the rss context XArray in ring deactivation safety-check

 net/ethtool/channels.c |  6 ++---
 net/ethtool/common.c   | 51 +++++++++++++++++++++++++++++++++---------
 net/ethtool/common.h   |  2 +-
 net/ethtool/ioctl.c    |  4 +---
 4 files changed, 44 insertions(+), 19 deletions(-)

-- 
2.45.2

[PATCH net-next 1/2] ethtool: fail closed if we can't get max channel used in indirection tables

[Jakub Kicinski]

Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with
active RSS contexts") proves that allowing indirection table to contain
channels with out of bounds IDs may lead to crashes. Currently the
max channel check in the core gets skipped if driver can't fetch
the indirection table or when we can't allocate memory.

Both of those conditions should be extremely rare but if they do
happen we should try to be safe and fail the channel change.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
 net/ethtool/channels.c |  6 ++----
 net/ethtool/common.c   | 26 +++++++++++++++-----------
 net/ethtool/common.h   |  2 +-
 net/ethtool/ioctl.c    |  4 +---
 4 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/net/ethtool/channels.c b/net/ethtool/channels.c
index 7b4bbd674bae..cee188da54f8 100644
--- a/net/ethtool/channels.c
+++ b/net/ethtool/channels.c
@@ -171,11 +171,9 @@ ethnl_set_channels(struct ethnl_req_info *req_info, struct genl_info *info)
 	 */
 	if (ethtool_get_max_rxnfc_channel(dev, &max_rxnfc_in_use))
 		max_rxnfc_in_use = 0;
-	if (!netif_is_rxfh_configured(dev) ||
-	    ethtool_get_max_rxfh_channel(dev, &max_rxfh_in_use))
-		max_rxfh_in_use = 0;
+	max_rxfh_in_use = ethtool_get_max_rxfh_channel(dev);
 	if (channels.combined_count + channels.rx_count <= max_rxfh_in_use) {
-		GENL_SET_ERR_MSG(info, "requested channel counts are too low for existing indirection table settings");
+		GENL_SET_ERR_MSG_FMT(info, "requested channel counts are too low for existing indirection table (%d)", max_rxfh_in_use);
 		return -EINVAL;
 	}
 	if (channels.combined_count + channels.rx_count <= max_rxnfc_in_use) {
diff --git a/net/ethtool/common.c b/net/ethtool/common.c
index 6b2a360dcdf0..8a62375ebd1f 100644
--- a/net/ethtool/common.c
+++ b/net/ethtool/common.c
@@ -587,35 +587,39 @@ int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max)
 	return err;
 }
 
-int ethtool_get_max_rxfh_channel(struct net_device *dev, u32 *max)
+u32 ethtool_get_max_rxfh_channel(struct net_device *dev)
 {
 	struct ethtool_rxfh_param rxfh = {};
-	u32 dev_size, current_max = 0;
+	u32 dev_size, current_max;
 	int ret;
 
+	if (!netif_is_rxfh_configured(dev))
+		return 0;
+
 	if (!dev->ethtool_ops->get_rxfh_indir_size ||
 	    !dev->ethtool_ops->get_rxfh)
-		return -EOPNOTSUPP;
+		return 0;
 	dev_size = dev->ethtool_ops->get_rxfh_indir_size(dev);
 	if (dev_size == 0)
-		return -EOPNOTSUPP;
+		return 0;
 
 	rxfh.indir = kcalloc(dev_size, sizeof(rxfh.indir[0]), GFP_USER);
 	if (!rxfh.indir)
-		return -ENOMEM;
+		return U32_MAX;
 
 	ret = dev->ethtool_ops->get_rxfh(dev, &rxfh);
-	if (ret)
-		goto out;
+	if (ret) {
+		current_max = U32_MAX;
+		goto out_free;
+	}
 
+	current_max = 0;
 	while (dev_size--)
 		current_max = max(current_max, rxfh.indir[dev_size]);
 
-	*max = current_max;
-
-out:
+out_free:
 	kfree(rxfh.indir);
-	return ret;
+	return current_max;
 }
 
 int ethtool_check_ops(const struct ethtool_ops *ops)
diff --git a/net/ethtool/common.h b/net/ethtool/common.h
index 28b8aaaf9bcb..b55705a9ad5a 100644
--- a/net/ethtool/common.h
+++ b/net/ethtool/common.h
@@ -42,7 +42,7 @@ int __ethtool_get_link(struct net_device *dev);
 bool convert_legacy_settings_to_link_ksettings(
 	struct ethtool_link_ksettings *link_ksettings,
 	const struct ethtool_cmd *legacy_settings);
-int ethtool_get_max_rxfh_channel(struct net_device *dev, u32 *max);
+u32 ethtool_get_max_rxfh_channel(struct net_device *dev);
 int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max);
 int __ethtool_get_ts_info(struct net_device *dev, struct ethtool_ts_info *info);
 
diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
index d72b0fec89af..615812ff8974 100644
--- a/net/ethtool/ioctl.c
+++ b/net/ethtool/ioctl.c
@@ -2049,9 +2049,7 @@ static noinline_for_stack int ethtool_set_channels(struct net_device *dev,
 	 * indirection table/rxnfc settings */
 	if (ethtool_get_max_rxnfc_channel(dev, &max_rxnfc_in_use))
 		max_rxnfc_in_use = 0;
-	if (!netif_is_rxfh_configured(dev) ||
-	    ethtool_get_max_rxfh_channel(dev, &max_rxfh_in_use))
-		max_rxfh_in_use = 0;
+	max_rxfh_in_use = ethtool_get_max_rxfh_channel(dev);
 	if (channels.combined_count + channels.rx_count <=
 	    max_t(u64, max_rxnfc_in_use, max_rxfh_in_use))
 		return -EINVAL;
-- 
2.45.2

[PATCH net-next 2/2] ethtool: use the rss context XArray in ring deactivation safety-check

[Jakub Kicinski]

ethtool_get_max_rxfh_channel() gets called when user requests
deactivating Rx channels. Check the additional RSS contexts, too.

While we do track whether RSS context has an indirection
table explicitly set by the user, no driver looks at that bit.
Assume drivers won't auto-regenerate the additional tables,
to be safe.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
 net/ethtool/common.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/net/ethtool/common.c b/net/ethtool/common.c
index 8a62375ebd1f..7bda9600efcf 100644
--- a/net/ethtool/common.c
+++ b/net/ethtool/common.c
@@ -587,21 +587,47 @@ int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max)
 	return err;
 }
 
+static u32 ethtool_get_max_rss_ctx_channel(struct net_device *dev)
+{
+	struct ethtool_rxfh_context *ctx;
+	unsigned long context;
+	u32 max_ring = 0;
+
+	mutex_lock(&dev->ethtool->rss_lock);
+	xa_for_each(&dev->ethtool->rss_ctx, context, ctx) {
+		u32 i, *tbl;
+
+		tbl = ethtool_rxfh_context_indir(ctx);
+		for (i = 0; i < ctx->indir_size; i++)
+			max_ring = max(max_ring, tbl[i]);
+	}
+	mutex_unlock(&dev->ethtool->rss_lock);
+
+	return max_ring;
+}
+
 u32 ethtool_get_max_rxfh_channel(struct net_device *dev)
 {
 	struct ethtool_rxfh_param rxfh = {};
 	u32 dev_size, current_max;
 	int ret;
 
+	/* While we do track whether RSS context has an indirection
+	 * table explicitly set by the user, no driver looks at that bit.
+	 * Assume drivers won't auto-regenerate the additional tables,
+	 * to be safe.
+	 */
+	current_max = ethtool_get_max_rss_ctx_channel(dev);
+
 	if (!netif_is_rxfh_configured(dev))
-		return 0;
+		return current_max;
 
 	if (!dev->ethtool_ops->get_rxfh_indir_size ||
 	    !dev->ethtool_ops->get_rxfh)
-		return 0;
+		return current_max;
 	dev_size = dev->ethtool_ops->get_rxfh_indir_size(dev);
 	if (dev_size == 0)
-		return 0;
+		return current_max;
 
 	rxfh.indir = kcalloc(dev_size, sizeof(rxfh.indir[0]), GFP_USER);
 	if (!rxfh.indir)
@@ -613,7 +639,6 @@ u32 ethtool_get_max_rxfh_channel(struct net_device *dev)
 		goto out_free;
 	}
 
-	current_max = 0;
 	while (dev_size--)
 		current_max = max(current_max, rxfh.indir[dev_size]);
 
-- 
2.45.2

Re: [PATCH net-next 1/2] ethtool: fail closed if we can't get max channel used in indirection tables

[Jacob Keller]

On 7/10/2024 10:40 AM, Jakub Kicinski wrote:
> Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with
> active RSS contexts") proves that allowing indirection table to contain
> channels with out of bounds IDs may lead to crashes. Currently the
> max channel check in the core gets skipped if driver can't fetch
> the indirection table or when we can't allocate memory.
> 

Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>

Nice. Fixing this in the core for all drivers is better than having to
patch each driver to avoid crashing. Reducing ring counts with active
RSS has caused issues on Intel drivers in the past too.

> Both of those conditions should be extremely rare but if they do
> happen we should try to be safe and fail the channel change.
> 
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---
>  net/ethtool/channels.c |  6 ++----
>  net/ethtool/common.c   | 26 +++++++++++++++-----------
>  net/ethtool/common.h   |  2 +-
>  net/ethtool/ioctl.c    |  4 +---
>  4 files changed, 19 insertions(+), 19 deletions(-)
> 
> diff --git a/net/ethtool/channels.c b/net/ethtool/channels.c
> index 7b4bbd674bae..cee188da54f8 100644
> --- a/net/ethtool/channels.c
> +++ b/net/ethtool/channels.c
> @@ -171,11 +171,9 @@ ethnl_set_channels(struct ethnl_req_info *req_info, struct genl_info *info)
>  	 */
>  	if (ethtool_get_max_rxnfc_channel(dev, &max_rxnfc_in_use))
>  		max_rxnfc_in_use = 0;
> -	if (!netif_is_rxfh_configured(dev) ||
> -	    ethtool_get_max_rxfh_channel(dev, &max_rxfh_in_use))
> -		max_rxfh_in_use = 0;
> +	max_rxfh_in_use = ethtool_get_max_rxfh_channel(dev);

We explicitly call ethtool_get_max_rxfh_channel here now.

>  	if (channels.combined_count + channels.rx_count <= max_rxfh_in_use) {
> -		GENL_SET_ERR_MSG(info, "requested channel counts are too low for existing indirection table settings");
> +		GENL_SET_ERR_MSG_FMT(info, "requested channel counts are too low for existing indirection table (%d)", max_rxfh_in_use);
>  		return -EINVAL;
>  	}
>  	if (channels.combined_count + channels.rx_count <= max_rxnfc_in_use) {
> diff --git a/net/ethtool/common.c b/net/ethtool/common.c
> index 6b2a360dcdf0..8a62375ebd1f 100644
> --- a/net/ethtool/common.c
> +++ b/net/ethtool/common.c
> @@ -587,35 +587,39 @@ int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max)
>  	return err;
>  }
>  
> -int ethtool_get_max_rxfh_channel(struct net_device *dev, u32 *max)
> +u32 ethtool_get_max_rxfh_channel(struct net_device *dev)
>  {
>  	struct ethtool_rxfh_param rxfh = {};
> -	u32 dev_size, current_max = 0;
> +	u32 dev_size, current_max;
>  	int ret;
>  
> +	if (!netif_is_rxfh_configured(dev))
> +		return 0;
> +

Because now it will return something sensible.

>  	if (!dev->ethtool_ops->get_rxfh_indir_size ||
>  	    !dev->ethtool_ops->get_rxfh)
> -		return -EOPNOTSUPP;
> +		return 0;
>  	dev_size = dev->ethtool_ops->get_rxfh_indir_size(dev);
>  	if (dev_size == 0)
> -		return -EOPNOTSUPP;
> +		return 0;
>  
>  	rxfh.indir = kcalloc(dev_size, sizeof(rxfh.indir[0]), GFP_USER);
>  	if (!rxfh.indir)
> -		return -ENOMEM;
> +		return U32_MAX;
>  

And we return U32_MAX to indicate catastrophic errors such as no table,
or a failure from the driver. This forces it to fail the configuration
change.

Nice.

>  	ret = dev->ethtool_ops->get_rxfh(dev, &rxfh);
> -	if (ret)
> -		goto out;
> +	if (ret) {
> +		current_max = U32_MAX;
> +		goto out_free;
> +	}
>  
> +	current_max = 0;
>  	while (dev_size--)
>  		current_max = max(current_max, rxfh.indir[dev_size]);
>  
> -	*max = current_max;
> -
> -out:
> +out_free:
>  	kfree(rxfh.indir);
> -	return ret;
> +	return current_max;
>  }
>  
>  int ethtool_check_ops(const struct ethtool_ops *ops)
> diff --git a/net/ethtool/common.h b/net/ethtool/common.h
> index 28b8aaaf9bcb..b55705a9ad5a 100644
> --- a/net/ethtool/common.h
> +++ b/net/ethtool/common.h
> @@ -42,7 +42,7 @@ int __ethtool_get_link(struct net_device *dev);
>  bool convert_legacy_settings_to_link_ksettings(
>  	struct ethtool_link_ksettings *link_ksettings,
>  	const struct ethtool_cmd *legacy_settings);
> -int ethtool_get_max_rxfh_channel(struct net_device *dev, u32 *max);
> +u32 ethtool_get_max_rxfh_channel(struct net_device *dev);
>  int ethtool_get_max_rxnfc_channel(struct net_device *dev, u64 *max);
>  int __ethtool_get_ts_info(struct net_device *dev, struct ethtool_ts_info *info);
>  
> diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
> index d72b0fec89af..615812ff8974 100644
> --- a/net/ethtool/ioctl.c
> +++ b/net/ethtool/ioctl.c
> @@ -2049,9 +2049,7 @@ static noinline_for_stack int ethtool_set_channels(struct net_device *dev,
>  	 * indirection table/rxnfc settings */
>  	if (ethtool_get_max_rxnfc_channel(dev, &max_rxnfc_in_use))
>  		max_rxnfc_in_use = 0;
> -	if (!netif_is_rxfh_configured(dev) ||
> -	    ethtool_get_max_rxfh_channel(dev, &max_rxfh_in_use))
> -		max_rxfh_in_use = 0;
> +	max_rxfh_in_use = ethtool_get_max_rxfh_channel(dev);
>  	if (channels.combined_count + channels.rx_count <=
>  	    max_t(u64, max_rxnfc_in_use, max_rxfh_in_use))
>  		return -EINVAL;

Re: [PATCH net-next 2/2] ethtool: use the rss context XArray in ring deactivation safety-check

[Jacob Keller]

On 7/10/2024 10:40 AM, Jakub Kicinski wrote:
> ethtool_get_max_rxfh_channel() gets called when user requests
> deactivating Rx channels. Check the additional RSS contexts, too.
> 
> While we do track whether RSS context has an indirection
> table explicitly set by the user, no driver looks at that bit.
> Assume drivers won't auto-regenerate the additional tables,
> to be safe.
> 
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---

Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>

Re: [PATCH net-next 0/2] ethtool: use the rss context XArray in ring deactivation safety-check

[patchwork-bot+netdevbpf]

Hello:

This series was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Wed, 10 Jul 2024 10:40:41 -0700 you wrote:
> Now that we have an XArray storing information about all extra
> RSS contexts - use it to extend checks already performed using
> ethtool_get_max_rxfh_channel().
> 
> Jakub Kicinski (2):
>   ethtool: fail closed if we can't get max channel used in indirection
>     tables
>   ethtool: use the rss context XArray in ring deactivation safety-check
> 
> [...]

Here is the summary with links:
  - [net-next,1/2] ethtool: fail closed if we can't get max channel used in indirection tables
    https://git.kernel.org/netdev/net-next/c/2899d58462ba
  - [net-next,2/2] ethtool: use the rss context XArray in ring deactivation safety-check
    https://git.kernel.org/netdev/net-next/c/24ac7e544081

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html