* Re: [PATCH net] ipv6: Prevent ipv6_find_hdr() from returning ENOENT for valid non-first fragments
From: Rahul Sharma @ 2015-01-07 20:48 UTC (permalink / raw)
To: Hannes Frederic Sowa
Cc: Pablo Neira Ayuso, netdev, linux-kernel, netfilter-devel
In-Reply-To: <1420627396.26870.36.camel@stressinduktion.org>
Hi Hannes,
On Wed, Jan 7, 2015 at 4:13 PM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
> Hi,
>
> On Mi, 2015-01-07 at 11:11 +0530, Rahul Sharma wrote:
>> On Wed, Jan 7, 2015 at 4:17 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>> > On Wed, Jan 07, 2015 at 03:03:20AM +0530, Rahul Sharma wrote:
>> >> ipv6_find_hdr() currently assumes that the next-header field in the
>> >> fragment header of the non-first fragment is the "protocol number of
>> >> the last header" (here last header excludes any extension header
>> >> protocol numbers ) which is incorrect as per RFC2460. The next-header
>> >> value is the first header of the fragmentable part of the original
>> >> packet (which can be extension header as well).
>> >> This can create reassembly problems. For example: Fragmented
>> >> authenticated OSPFv3 packets (where AH header is inserted before the
>> >> protocol header). For the second fragment, the next header value in
>> >> the fragment header will be NEXTHDR_AUTH which is correct but
>> >> ipv6_find_hdr will return ENOENT since AH is an extension header
>> >> resulting in second fragment getting dropped. This check for the
>> >> presence of non-extension header needs to be removed.
>> >>
>> >> Signed-off-by: Rahul Sharma <rsharma@arista.com>
>> >> ---
>> >> --- linux-3.18.1/net/ipv6/exthdrs_core.c.orig 2015-01-06
>> >> 10:25:36.411419863 -0800
>> >> +++ linux-3.18.1/net/ipv6/exthdrs_core.c 2015-01-06
>> >> 10:51:45.819364986 -0800
>> >> @@ -171,10 +171,11 @@ EXPORT_SYMBOL_GPL(ipv6_find_tlv);
>> >> * If the first fragment doesn't contain the final protocol header or
>> >> * NEXTHDR_NONE it is considered invalid.
>> >> *
>> >> - * Note that non-1st fragment is special case that "the protocol number
>> >> - * of last header" is "next header" field in Fragment header. In this case,
>> >> - * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
>> >> - * isn't NULL.
>> >> + * Note that non-1st fragment is special case that "the protocol number of the
>> >> + * first header of the fragmentable part of the original packet" is
>> >> + * "next header" field in the Fragment header. In this case, *offset is
>> >> + * meaningless and fragment offset is stored in *fragoff if fragoff isn't
>> >> + * NULL.
>> >> *
>> >> * if flags is not NULL and it's a fragment, then the frag flag
>> >> * IP6_FH_F_FRAG will be set. If it's an AH header, the
>> >> @@ -250,9 +251,7 @@ int ipv6_find_hdr(const struct sk_buff *
>> >>
>> >> _frag_off = ntohs(*fp) & ~0x7;
>> >> if (_frag_off) {
>> >> - if (target < 0 &&
>> >> - ((!ipv6_ext_hdr(hp->nexthdr)) ||
>> >
>> > This check assumes that the following headers cannot show up in the
>> > fragmented part of the IPv6 packet:
>> >
>> > 12 bool ipv6_ext_hdr(u8 nexthdr)
>> > 13 {
>> > 14 /*
>> > 15 * find out if nexthdr is an extension header or a protocol
>> > 16 */
>> > 17 return (nexthdr == NEXTHDR_HOP) ||
>> > 18 (nexthdr == NEXTHDR_ROUTING) ||
>> > 19 (nexthdr == NEXTHDR_FRAGMENT) ||
>> > 20 (nexthdr == NEXTHDR_AUTH) ||
>> > 21 (nexthdr == NEXTHDR_NONE) ||
>> > 22 (nexthdr == NEXTHDR_DEST);
>> >
>> >> - hp->nexthdr == NEXTHDR_NONE)) {
>> >> + if (target < 0) {
>> >> if (fragoff)
>> >> *fragoff = _frag_off;
>> >> return hp->nexthdr;
>> >> --
>> >> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> >> the body of a message to majordomo@vger.kernel.org
>> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>> I think this is incorrect. Authentication header shows up in the
>> fragmentable part of the original IPv6 packet. So, for the non-first
>> fragments the next-header field value can be NEXTHDR_AUTH.
>
> Pablo's mail got me thinking again.
>
> In general, IPv6 extension headers can appear in any order and stacks
> must be process them. Fragmentation adds a limitation, that some
> extension headers do not make sense and don't have any effect if they
> appear after a fragmentation header (HbH and ROUTING).
>
> Looking at the rest of the function we don't check for HBHHDR or RTHDR
> following a fragmentation header either if we process the first fragment
> (core stack only processes HBH if directly following the ipv6 header
> anyway).
>
> So, in my opinion, it is safe to completely remove this check and it
> would align if the rest of the extension processing logic. The callers
> all seem fine with that.
>
> Pablo, what do you think?
>
> Anyway, the patch does not apply cleanly, the patch header is mangled.
> Could you check and send again?
>
> Thanks,
> Hannes
>
>
I am not sure if replying on the thread with a patch is a good idea
(or should I send a new email). Anyway, let me know if this is works.
Signed-off-by: Rahul Sharma <rsharma@arista.com>
---
net/ipv6/exthdrs_core.c | 13 ++++++-------
1 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c
index 8af3eb5..5949f87 100644
--- a/net/ipv6/exthdrs_core.c
+++ b/net/ipv6/exthdrs_core.c
@@ -171,10 +171,11 @@ EXPORT_SYMBOL_GPL(ipv6_find_tlv);
* If the first fragment doesn't contain the final protocol header or
* NEXTHDR_NONE it is considered invalid.
*
- * Note that non-1st fragment is special case that "the protocol number
- * of last header" is "next header" field in Fragment header. In this case,
- * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
- * isn't NULL.
+ * Note that non-1st fragment is special case that "the protocol number of the
+ * first header of the fragmentable part of the original packet" is
+ * "next header" field in the Fragment header. In this case, *offset is
+ * meaningless and fragment offset is stored in *fragoff if fragoff isn't
+ * NULL.
*
* if flags is not NULL and it's a fragment, then the frag flag
* IP6_FH_F_FRAG will be set. If it's an AH header, the
@@ -250,9 +251,7 @@ int ipv6_find_hdr(const struct sk_buff *skb,
unsigned int *offset,
_frag_off = ntohs(*fp) & ~0x7;
if (_frag_off) {
- if (target < 0 &&
- ((!ipv6_ext_hdr(hp->nexthdr)) ||
- hp->nexthdr == NEXTHDR_NONE)) {
+ if (target < 0) {
if (fragoff)
*fragoff = _frag_off;
return hp->nexthdr;
--
1.7.4.4
^ permalink raw reply related
* Re: TCP connection issues against Amazon S3
From: Erik Grinaker @ 2015-01-07 20:37 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Yuchung Cheng, linux-kernel@vger.kernel.org, netdev
In-Reply-To: <1420646284.5947.19.camel@edumazet-glaptop2.roam.corp.google.com>
On 07 Jan 2015, at 15:58, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Wed, 2015-01-07 at 13:31 +0000, Erik Grinaker wrote:
>> On 06 Jan 2015, at 22:00, Yuchung Cheng <ycheng@google.com> wrote:
>>> On Tue, Jan 6, 2015 at 1:04 PM, Erik Grinaker <erik@bengler.no> wrote:
>>>>
>>>>> On 06 Jan 2015, at 20:26, Erik Grinaker <erik@bengler.no> wrote:
>>>> This still doesn’t explain why it works with older kernels, but not newer ones. I’m thinking it’s
>>> probably some minor change, which gets amplified by the lack of SACKs
>>> on the loadbalancer. Anyway, I’ll bring it up with Amazon.
>>> can you post traces with the older kernels?
>>
>> Here is a dump using 3.11.10 against a non-SACK-enabled loadbalancer:
>>
>> http://abstrakt.bengler.no/tcp-issues-s3-nosack-3.11.10.pcap.bz2
>>
>> The transfer shows lots of DUPACKs and retransmits, but this does not
>> seem to have as bad an effect as it did with the failing transfer we
>> saw on newer kernels:
>>
>> http://abstrakt.bengler.no/tcp-issues-s3-failure.pcap.bz2
>>
>> One big difference, which Rick touched on earlier, is that the newer
>> kernels keep sending TCP window updates as it’s going through the
>> retransmits. The older kernel does not do this.
>
> The new kernel is the receiver : It does no retransmits.
>
> Increasing window in ACK packets should not prevent sender into
> retransmitting missing packets.
>
> Sender is not a linux host and is very buggy IMO : If receiver
> advertises a too big window, sender decides to not retransmit in some
> cases.
I agree. I have contacted Amazon about this, but am not too hopeful for a quick fix; they have been promising SACK-support on their loadbalancers since 2006, for example.
That said, since this change breaks a service as popular as S3, it might be worth reconsidering.
> You can play with /proc/sys/net/ipv4/tcp_rmem and adopt very low values
> to work around the sender bug.
>
> ( Or use SO_RCVBUF in receiver application)
Thanks, setting SO_RCVBUF seems like a reasonable workaround.--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply
* RE: [net v2 2/3] i40e: Fix Rx checksum error counter
From: Singhai, Anjali @ 2015-01-07 20:14 UTC (permalink / raw)
To: Tom Herbert, Kirsher, Jeffrey T
Cc: David Miller, Linux Netdev List, nhorman@redhat.com,
sassmann@redhat.com, jogreene@redhat.com, Rose, Gregory V
In-Reply-To: <CA+mtBx-VgUCCxnkayoqR6AwYXu_mfzbtGZzH+oeT3wrOznzWGg@mail.gmail.com>
On Tue, 6 Jan 2015 21:43:57 -0800
Tom Herbert <therbert@google.com> wrote:
> > @@ -1337,15 +1335,19 @@ static inline void i40e_rx_checksum(struct i40e_vsi *vsi,
> > skb->protocol == htons(ETH_P_8021AD))
> > ? VLAN_HLEN : 0;
> >
> > - rx_udp_csum = udp_csum(skb);
> > - iph = ip_hdr(skb);
> > - csum = csum_tcpudp_magic(
> > - iph->saddr, iph->daddr,
> > - (skb->len - skb_transport_offset(skb)),
> > - IPPROTO_UDP, rx_udp_csum);
> > + if ((ip_hdr(skb)->protocol == IPPROTO_UDP) &&
> > + (udp_hdr(skb)->check != 0)) {
> > + rx_udp_csum = udp_csum(skb);
>
> Doesn't this compute the whole checksum of the packet making the fact
> that device verified inner checksum pretty much irrelevant? It would
> probably be just as well to return CHECKSUM_NONE and let the stack
> deal with it and remove all this complexity.
This is only calculating outer UDP csum, inner csums are offloaded and so is the outer IP csum. Overall this is less work than asking the stack to do all of those by marking it as CHECKSUM_UNNECESSARY. We do have a patch in line to use csum_level but I believe even with that we would be asking the stack to do more work than necessary if we indicate that only inner checksums are offloaded. With our HW we are able to offload 3 out of 4 csums.
^ permalink raw reply
* Re: [PATCH iproute2 3/3] ip netns: Delete all netns
From: Vadim Kochan @ 2015-01-07 19:55 UTC (permalink / raw)
To: Brian Haley; +Cc: Vadim Kochan, netdev
In-Reply-To: <54AD8BC3.2070609@hp.com>
On Wed, Jan 07, 2015 at 02:40:51PM -0500, Brian Haley wrote:
> On 01/07/2015 01:11 PM, Vadim Kochan wrote:
> > On Wed, Jan 07, 2015 at 07:36:40PM +0200, Vadim Kochan wrote:
> >> On Wed, Jan 07, 2015 at 10:44:24AM -0500, Brian Haley wrote:
> >>> On 01/07/2015 06:04 AM, Vadim Kochan wrote:
> >>>> From: Vadim Kochan <vadim4j@gmail.com>
> >>>>
> >>>> Allow delete all namespace names by:
> >>>>
> >>>> $ ip netns del all
> >>>
> >>> So I can still create a namespace called 'all', but can't exec in it or delete
> >>> it independently with this change. Perhaps you need to block that as well?
> >>> Unless there's some other patch I'm missing?
> >>>
> >>> -Brian
> >> Hm, I did not take it into account ...
> >> I will look if I can find another way ...
> >>
> >> Thanks,
> >
> > what about this ?
> >
> > $ ip netns exec / ip link
> > $ ip netns del /
> >
> > so it make a sense to be as root directory of bound ns names in /var/run/netns/ ?
> > what do you think ?
>
> I think using / is confusing. And something like -a[ll] as an option doesn't
> seem right either.
>
> Or you just trap the name "all" in the add case and don't allow it.
>
> Just my opinion.
>
> -Brian
So I think that do not allow to add netns "all" can be a solution, I'd
like to hear from other people if it might be OK.
Thanks,
^ permalink raw reply
* Re: [PATCH net-next v5 0/7]: ixgbevf: Allow querying VFs RSS indirection table and key
From: Jeff Kirsher @ 2015-01-07 20:03 UTC (permalink / raw)
To: Vlad Zolotarov; +Cc: netdev, gleb, avi
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
[-- Attachment #1: Type: text/plain, Size: 3347 bytes --]
On Wed, 2015-01-07 at 21:26 +0200, Vlad Zolotarov wrote:
> Add the ethtool ops to VF driver to allow querying the RSS indirection
> table
> and RSS Random Key.
>
> On some devices VFs share the RSS Redirection Table and Hash Key with
> a PF and letting
> the VF query this information may introduce some security risks.
> Therefore we disable this
> feature by default for such devices (e.g. 82599) and allow it for
> those where there isn't any
> possible risk (e.g. on x550). The new netdev op is going to allow a
> system administrator to
> change the default behaviour with "ip link set" command.
>
> - netdev: Add a new netdev op to allow/block VF from querying RSS
> Indirection Table and
> RSS Hash Key.
> - PF driver: Add new VF-PF channel commands.
> - VF driver: Utilize these new commands and add the corresponding
> ethtool callbacks.
>
> New in v5:
> - Added a new netdev op to allow/block VF from querying RSS
> Indirection Table and
> RSS Hash Key.
> - Let VF query the RSS info only if VF is allowed to.
>
> New in v4:
> - Forgot to run checkpatch on v3 and there were a few styling
> things to fix. ;)
>
> New in v3:
> - Added a missing support for x550 devices.
> - Mask the indirection table values according to PSRTYPE[n].RQPL.
> - Minimized the number of added VF-PF commands.
>
> New in v2:
> - Added a detailed description to patches 4 and 5.
>
> New in v1 (compared to RFC):
> - Use "if-else" statement instead of a "switch-case" for a single
> option case.
> More specifically: in cases where the newly added API version is
> the only one
> allowed. We may consider using a "switch-case" back again when
> the list of
> allowed API versions in these specific places grows up.
>
> Vlad Zolotarov (7):
> if_link: Add an additional parameter to ifla_vf_info for RSS
> querying
> ixgbe: Add a new netdev op to allow/prevent a VF from querying an
> RSS
> info
> ixgbe: Add a RETA query command to VF-PF channel API
> ixgbevf: Add a RETA query code
> ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set
> ixgbevf: Add RSS Key query code
> ixgbevf: Add the appropriate ethtool ops to query RSS indirection
> table and key
>
> drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 7 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 10 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 119
> +++++++++++++++++++
> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 +
> drivers/net/ethernet/intel/ixgbevf/ethtool.c | 42 +++++++
> drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +-
> drivers/net/ethernet/intel/ixgbevf/mbx.h | 10 ++
> drivers/net/ethernet/intel/ixgbevf/vf.c | 132
> ++++++++++++++++++++++
> drivers/net/ethernet/intel/ixgbevf/vf.h | 2 +
> include/linux/if_link.h | 1 +
> include/linux/netdevice.h | 8 ++
> include/uapi/linux/if_link.h | 8 ++
> net/core/rtnetlink.c | 33 +++++-
> 14 files changed, 372 insertions(+), 7 deletions(-)
Thanks Vlad, I will add your patches to my queue.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply
* Re: [patch iproute2 2/2] tc: add support for BPF based actions
From: Cong Wang @ 2015-01-07 19:58 UTC (permalink / raw)
To: Jiri Pirko; +Cc: netdev, David Miller, Jamal Hadi Salim, Stephen Hemminger
In-Reply-To: <20150107195233.GA1898@nanopsycho.orion>
On Wed, Jan 7, 2015 at 11:52 AM, Jiri Pirko <jiri@resnulli.us> wrote:
> Wed, Jan 07, 2015 at 07:50:47PM CET, cwang@twopensource.com wrote:
>>On Wed, Jan 7, 2015 at 8:47 AM, Jiri Pirko <jiri@resnulli.us> wrote:
>>> + fprintf(stderr, "Usage: ... bpf ...\n");
>>> + fprintf(stderr, "\n");
>>> + fprintf(stderr, " [inline]: run bytecode BPF_BYTECODE\n");
>>> + fprintf(stderr, " [from file]: run bytecode-file FILE\n");
>>> + fprintf(stderr, "\n");
>>> + fprintf(stderr, "Where BPF_BYTECODE := \'s,c t f k,c t f k,c t f k,...\'\n");
>>> + fprintf(stderr, " c,t,f,k and s are decimals; s denotes number of 4-tuples\n");
>>> + fprintf(stderr, "Where FILE points to a file containing the BPF_BYTECODE string\n");
>>> + fprintf(stderr, "\nACTION_SPEC := ... look at individual actions\n");
>>> + fprintf(stderr, "NOTE: CLASSID is parsed as hexadecimal input.\n");
>>
>>Can we just use BPF transparently for gact?
>
> Why to squash it there? I think it is much clearer to do this
> separatelly.
>
Because they are both intended to drop/pass/pipe packets,
we don't have to make a separated one just because one is
using BPF one isn't.
>>It is never user-friendly to
>>use this kind of bytecode even though I know there is a tool to "compile"
>>BPF.
>
> Please see cls_bpf. It's already in-tree for some time. act_bpf just
> completes this.
Yeah, that is what I hate too.
^ permalink raw reply
* Re: [patch iproute2 2/2] tc: add support for BPF based actions
From: Jiri Pirko @ 2015-01-07 19:52 UTC (permalink / raw)
To: Cong Wang; +Cc: netdev, David Miller, Jamal Hadi Salim, Stephen Hemminger
In-Reply-To: <CAHA+R7Pk31fjLm-ksUF-8hQ3+tkqQ-Z820Bayj2n6DTFjNcCsQ@mail.gmail.com>
Wed, Jan 07, 2015 at 07:50:47PM CET, cwang@twopensource.com wrote:
>On Wed, Jan 7, 2015 at 8:47 AM, Jiri Pirko <jiri@resnulli.us> wrote:
>> + fprintf(stderr, "Usage: ... bpf ...\n");
>> + fprintf(stderr, "\n");
>> + fprintf(stderr, " [inline]: run bytecode BPF_BYTECODE\n");
>> + fprintf(stderr, " [from file]: run bytecode-file FILE\n");
>> + fprintf(stderr, "\n");
>> + fprintf(stderr, "Where BPF_BYTECODE := \'s,c t f k,c t f k,c t f k,...\'\n");
>> + fprintf(stderr, " c,t,f,k and s are decimals; s denotes number of 4-tuples\n");
>> + fprintf(stderr, "Where FILE points to a file containing the BPF_BYTECODE string\n");
>> + fprintf(stderr, "\nACTION_SPEC := ... look at individual actions\n");
>> + fprintf(stderr, "NOTE: CLASSID is parsed as hexadecimal input.\n");
>
>Can we just use BPF transparently for gact?
Why to squash it there? I think it is much clearer to do this
separatelly.
>It is never user-friendly to
>use this kind of bytecode even though I know there is a tool to "compile"
>BPF.
Please see cls_bpf. It's already in-tree for some time. act_bpf just
completes this.
^ permalink raw reply
* Re: [PATCH net-next v5 0/7]: ixgbevf: Allow querying VFs RSS indirection table and key
From: Greg Rose @ 2015-01-07 19:46 UTC (permalink / raw)
To: Vlad Zolotarov; +Cc: netdev, Gleb Natapov, Avi Kivity, jeffrey.t.kirsher
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
On Wed, Jan 7, 2015 at 11:26 AM, Vlad Zolotarov
<vladz@cloudius-systems.com> wrote:
> Add the ethtool ops to VF driver to allow querying the RSS indirection table
> and RSS Random Key.
>
> On some devices VFs share the RSS Redirection Table and Hash Key with a PF and letting
> the VF query this information may introduce some security risks. Therefore we disable this
> feature by default for such devices (e.g. 82599) and allow it for those where there isn't any
> possible risk (e.g. on x550). The new netdev op is going to allow a system administrator to
> change the default behaviour with "ip link set" command.
>
> - netdev: Add a new netdev op to allow/block VF from querying RSS Indirection Table and
> RSS Hash Key.
> - PF driver: Add new VF-PF channel commands.
> - VF driver: Utilize these new commands and add the corresponding
> ethtool callbacks.
>
> New in v5:
> - Added a new netdev op to allow/block VF from querying RSS Indirection Table and
> RSS Hash Key.
> - Let VF query the RSS info only if VF is allowed to.
>
> New in v4:
> - Forgot to run checkpatch on v3 and there were a few styling things to fix. ;)
>
> New in v3:
> - Added a missing support for x550 devices.
> - Mask the indirection table values according to PSRTYPE[n].RQPL.
> - Minimized the number of added VF-PF commands.
>
> New in v2:
> - Added a detailed description to patches 4 and 5.
>
> New in v1 (compared to RFC):
> - Use "if-else" statement instead of a "switch-case" for a single option case.
> More specifically: in cases where the newly added API version is the only one
> allowed. We may consider using a "switch-case" back again when the list of
> allowed API versions in these specific places grows up.
>
> Vlad Zolotarov (7):
> if_link: Add an additional parameter to ifla_vf_info for RSS querying
> ixgbe: Add a new netdev op to allow/prevent a VF from querying an RSS
> info
> ixgbe: Add a RETA query command to VF-PF channel API
> ixgbevf: Add a RETA query code
> ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set
> ixgbevf: Add RSS Key query code
> ixgbevf: Add the appropriate ethtool ops to query RSS indirection
> table and key
>
> drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
> drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 7 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 10 ++
> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 119 +++++++++++++++++++
> drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 +
> drivers/net/ethernet/intel/ixgbevf/ethtool.c | 42 +++++++
> drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +-
> drivers/net/ethernet/intel/ixgbevf/mbx.h | 10 ++
> drivers/net/ethernet/intel/ixgbevf/vf.c | 132 ++++++++++++++++++++++
> drivers/net/ethernet/intel/ixgbevf/vf.h | 2 +
> include/linux/if_link.h | 1 +
> include/linux/netdevice.h | 8 ++
> include/uapi/linux/if_link.h | 8 ++
> net/core/rtnetlink.c | 33 +++++-
> 14 files changed, 372 insertions(+), 7 deletions(-)
The series looks good to me with the addition of the ability to set
policy via the new netdev op.
Thanks Vlad!
Acked-By: Greg Rose <gregory.v.rose@intel.com>
- Greg
>
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Fw: iproute2: segfault with ip link show dev
From: Stephen Hemminger @ 2015-01-07 19:42 UTC (permalink / raw)
To: netdev
[-- Attachment #1: Type: text/plain, Size: 1996 bytes --]
Looks like one VF info changes broke old code
Begin forwarded message:
Date: Wed, 7 Jan 2015 04:06:53 -0800
From: William Dauchy <william@gandi.net>
To: "stephen@networkplumber.org" <stephen@networkplumber.org>
Subject: iproute2: segfault with ip link show dev
Hi,
I was using iproute2 3.15.
My network card in using igb driver with VF enable, e.g igb.max_vfs=2
After upgrading to 3.16, I have now a segfault while doing a
usual `ip link show dev eth1`.
Disabling VFS make the segafult disappear.
Here is the gdb trace even if it does not contain much info.
The segfault occurs when at the VF step.
(gdb) break print_linkinfo
Breakpoint 1 at 0x40782d
(gdb) set args link show dev eth1
(gdb) r
Starting program: /sbin/ip link show dev eth1
Breakpoint 1, 0x000000000040782d in print_linkinfo ()
(gdb) n
Single stepping until exit from function print_linkinfo,
which has no line number information.
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP
mode DEFAULT group default qlen 10000
link/ether 00:26:6c:ff:b5:c1 brd ff:ff:ff:ff:ff:ff
Program received signal SIGSEGV, Segmentation fault.
0x00000000004070eb in print_vfinfo ()
(gdb) bt
#0 0x00000000004070eb in print_vfinfo ()
#1 0x0000000000407f9f in print_linkinfo ()
#2 0x000000000041f266 in iplink_get ()
#3 0x0000000000409c69 in ipaddr_list_flush_or_save ()
#4 0x000000000040a113 in ipaddr_list_link ()
#5 0x00000000004203f6 in do_iplink ()
#6 0x0000000000405a07 in do_cmd ()
#7 0x000000000040621e in main ()
The expected output is for example:
# ip link show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 10000
link/ether 00:26:6c:ff:b3:8d brd ff:ff:ff:ff:ff:ff
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
I'm using my own kernel build, a stable v3.14.x
Regards,
--
William
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply
* Re: [PATCH iproute2 3/3] ip netns: Delete all netns
From: Brian Haley @ 2015-01-07 19:40 UTC (permalink / raw)
To: Vadim Kochan; +Cc: netdev
In-Reply-To: <20150107181112.GA24241@angus-think.lan>
On 01/07/2015 01:11 PM, Vadim Kochan wrote:
> On Wed, Jan 07, 2015 at 07:36:40PM +0200, Vadim Kochan wrote:
>> On Wed, Jan 07, 2015 at 10:44:24AM -0500, Brian Haley wrote:
>>> On 01/07/2015 06:04 AM, Vadim Kochan wrote:
>>>> From: Vadim Kochan <vadim4j@gmail.com>
>>>>
>>>> Allow delete all namespace names by:
>>>>
>>>> $ ip netns del all
>>>
>>> So I can still create a namespace called 'all', but can't exec in it or delete
>>> it independently with this change. Perhaps you need to block that as well?
>>> Unless there's some other patch I'm missing?
>>>
>>> -Brian
>> Hm, I did not take it into account ...
>> I will look if I can find another way ...
>>
>> Thanks,
>
> what about this ?
>
> $ ip netns exec / ip link
> $ ip netns del /
>
> so it make a sense to be as root directory of bound ns names in /var/run/netns/ ?
> what do you think ?
I think using / is confusing. And something like -a[ll] as an option doesn't
seem right either.
Or you just trap the name "all" in the add case and don't allow it.
Just my opinion.
-Brian
^ permalink raw reply
* [PATCH RESEND 2/2] wlcore: align member-assigns in a structure-copy block
From: Giel van Schijndel @ 2015-01-07 19:38 UTC (permalink / raw)
To: linux-kernel
Cc: Giel van Schijndel, Kalle Valo, Eliad Peller, John W. Linville,
Arik Nemtsov, open list:TI WILINK WIRELES...,
open list:NETWORKING DRIVERS
In-Reply-To: <1420659525-22975-1-git-send-email-me@mortis.eu>
This highlights the differences (e.g. the bug fixed in the previous
commit).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
---
drivers/net/wireless/ti/wlcore/acx.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/net/wireless/ti/wlcore/acx.c b/drivers/net/wireless/ti/wlcore/acx.c
index f28fa3b..93a2fa8 100644
--- a/drivers/net/wireless/ti/wlcore/acx.c
+++ b/drivers/net/wireless/ti/wlcore/acx.c
@@ -1715,17 +1715,17 @@ int wl12xx_acx_config_hangover(struct wl1271 *wl)
goto out;
}
- acx->recover_time = cpu_to_le32(conf->recover_time);
- acx->hangover_period = conf->hangover_period;
- acx->dynamic_mode = conf->dynamic_mode;
- acx->early_termination_mode = conf->early_termination_mode;
- acx->max_period = conf->max_period;
- acx->min_period = conf->min_period;
- acx->increase_delta = conf->increase_delta;
- acx->decrease_delta = conf->decrease_delta;
- acx->quiet_time = conf->quiet_time;
- acx->increase_time = conf->increase_time;
- acx->window_size = conf->window_size;
+ acx->recover_time = cpu_to_le32(conf->recover_time);
+ acx->hangover_period = conf->hangover_period;
+ acx->dynamic_mode = conf->dynamic_mode;
+ acx->early_termination_mode = conf->early_termination_mode;
+ acx->max_period = conf->max_period;
+ acx->min_period = conf->min_period;
+ acx->increase_delta = conf->increase_delta;
+ acx->decrease_delta = conf->decrease_delta;
+ acx->quiet_time = conf->quiet_time;
+ acx->increase_time = conf->increase_time;
+ acx->window_size = conf->window_size;
ret = wl1271_cmd_configure(wl, ACX_CONFIG_HANGOVER, acx,
sizeof(*acx));
--
2.1.4
^ permalink raw reply related
* [PATCH RESEND 1/2] wlcore: fix copy-paste bug: assign from src struct not dest
From: Giel van Schijndel @ 2015-01-07 19:38 UTC (permalink / raw)
To: linux-kernel
Cc: Giel van Schijndel, Kalle Valo, John W. Linville, Eliad Peller,
Arik Nemtsov, open list:TI WILINK WIRELES...,
open list:NETWORKING DRIVERS
In-Reply-To: <1420394427-19509-1-git-send-email-me@mortis.eu>
Signed-off-by: Giel van Schijndel <me@mortis.eu>
Reported-at: http://www.viva64.com/en/b/0299/
---
drivers/net/wireless/ti/wlcore/acx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ti/wlcore/acx.c b/drivers/net/wireless/ti/wlcore/acx.c
index b924cea..f28fa3b 100644
--- a/drivers/net/wireless/ti/wlcore/acx.c
+++ b/drivers/net/wireless/ti/wlcore/acx.c
@@ -1725,7 +1725,7 @@ int wl12xx_acx_config_hangover(struct wl1271 *wl)
acx->decrease_delta = conf->decrease_delta;
acx->quiet_time = conf->quiet_time;
acx->increase_time = conf->increase_time;
- acx->window_size = acx->window_size;
+ acx->window_size = conf->window_size;
ret = wl1271_cmd_configure(wl, ACX_CONFIG_HANGOVER, acx,
sizeof(*acx));
--
2.1.4
^ permalink raw reply related
* Fw: [Bug 90901] New: No traffic when connected to SSL vpn (bisected)
From: Stephen Hemminger @ 2015-01-07 19:38 UTC (permalink / raw)
To: netdev
Begin forwarded message:
Date: Wed, 7 Jan 2015 09:56:45 -0800
From: "bugzilla-daemon@bugzilla.kernel.org" <bugzilla-daemon@bugzilla.kernel.org>
To: "stephen@networkplumber.org" <stephen@networkplumber.org>
Subject: [Bug 90901] New: No traffic when connected to SSL vpn (bisected)
https://bugzilla.kernel.org/show_bug.cgi?id=90901
Bug ID: 90901
Summary: No traffic when connected to SSL vpn (bisected)
Product: Networking
Version: 2.5
Kernel Version: 3.19rc1 - 3.19rc3
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: shemminger@linux-foundation.org
Reporter: wshuman3@gmail.com
Regression: No
When I connect to our Juniper SSL vpn, I can not do anything. Let me know if
you need anymore information.
e0b46d0ee9c240c7430a47e9b0365674d4a04522 is the first bad commit
commit e0b46d0ee9c240c7430a47e9b0365674d4a04522
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri Nov 7 21:22:23 2014 +0800
tun: Use iovec iterators
This patch removes the use of skb_copy_datagram_const_iovec in
favour of the iovec iterator-based skb_copy_datagram_iter.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply
* [PATCH net-next v5 0/7]: ixgbevf: Allow querying VFs RSS indirection table and key
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
Add the ethtool ops to VF driver to allow querying the RSS indirection table
and RSS Random Key.
On some devices VFs share the RSS Redirection Table and Hash Key with a PF and letting
the VF query this information may introduce some security risks. Therefore we disable this
feature by default for such devices (e.g. 82599) and allow it for those where there isn't any
possible risk (e.g. on x550). The new netdev op is going to allow a system administrator to
change the default behaviour with "ip link set" command.
- netdev: Add a new netdev op to allow/block VF from querying RSS Indirection Table and
RSS Hash Key.
- PF driver: Add new VF-PF channel commands.
- VF driver: Utilize these new commands and add the corresponding
ethtool callbacks.
New in v5:
- Added a new netdev op to allow/block VF from querying RSS Indirection Table and
RSS Hash Key.
- Let VF query the RSS info only if VF is allowed to.
New in v4:
- Forgot to run checkpatch on v3 and there were a few styling things to fix. ;)
New in v3:
- Added a missing support for x550 devices.
- Mask the indirection table values according to PSRTYPE[n].RQPL.
- Minimized the number of added VF-PF commands.
New in v2:
- Added a detailed description to patches 4 and 5.
New in v1 (compared to RFC):
- Use "if-else" statement instead of a "switch-case" for a single option case.
More specifically: in cases where the newly added API version is the only one
allowed. We may consider using a "switch-case" back again when the list of
allowed API versions in these specific places grows up.
Vlad Zolotarov (7):
if_link: Add an additional parameter to ifla_vf_info for RSS querying
ixgbe: Add a new netdev op to allow/prevent a VF from querying an RSS
info
ixgbe: Add a RETA query command to VF-PF channel API
ixgbevf: Add a RETA query code
ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set
ixgbevf: Add RSS Key query code
ixgbevf: Add the appropriate ethtool ops to query RSS indirection
table and key
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 7 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 10 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 119 +++++++++++++++++++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 +
drivers/net/ethernet/intel/ixgbevf/ethtool.c | 42 +++++++
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +-
drivers/net/ethernet/intel/ixgbevf/mbx.h | 10 ++
drivers/net/ethernet/intel/ixgbevf/vf.c | 132 ++++++++++++++++++++++
drivers/net/ethernet/intel/ixgbevf/vf.h | 2 +
include/linux/if_link.h | 1 +
include/linux/netdevice.h | 8 ++
include/uapi/linux/if_link.h | 8 ++
net/core/rtnetlink.c | 33 +++++-
14 files changed, 372 insertions(+), 7 deletions(-)
--
2.1.0
^ permalink raw reply
* [PATCH net-next v5 7/7] ixgbevf: Add the appropriate ethtool ops to query RSS indirection table and key
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
Added get_rxfh_indir_size, get_rxfh_key_size and get_rxfh ethtool_ops callbacks
implementations.
This enables the ethtool's "-x" and "-n rx-flow-hash" options for 82599 VF devices.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
New in v4:
- Removed not needed braces in if-statement in ixgbevf_get_rxfh_indir_size().
New in v3:
- Added a proper support for x550 devices: return the correct redirection table size.
New in v2:
- Added a detailed description to the patch.
---
drivers/net/ethernet/intel/ixgbevf/ethtool.c | 42 ++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbevf/ethtool.c b/drivers/net/ethernet/intel/ixgbevf/ethtool.c
index cc0e5b7..ddf2d82 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ethtool.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ethtool.c
@@ -792,6 +792,45 @@ static int ixgbevf_set_coalesce(struct net_device *netdev,
return 0;
}
+static u32 ixgbevf_get_rxfh_indir_size(struct net_device *netdev)
+{
+ struct ixgbevf_adapter *adapter = netdev_priv(netdev);
+
+ if (adapter->hw.mac.type >= ixgbe_mac_X550_vf)
+ return 64;
+ else
+ return 128;
+}
+
+static u32 ixgbevf_get_rxfh_key_size(struct net_device *netdev)
+{
+ return 40;
+}
+
+static int ixgbevf_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
+ u8 *hfunc)
+{
+ struct ixgbevf_adapter *adapter = netdev_priv(netdev);
+ int err;
+
+ if (hfunc)
+ *hfunc = ETH_RSS_HASH_TOP;
+
+ if (indir) {
+ err = ixgbevf_get_reta(&adapter->hw, indir);
+ if (err)
+ return err;
+ }
+
+ if (key) {
+ err = ixgbevf_get_rss_key(&adapter->hw, key);
+ if (err)
+ return err;
+ }
+
+ return 0;
+}
+
static const struct ethtool_ops ixgbevf_ethtool_ops = {
.get_settings = ixgbevf_get_settings,
.get_drvinfo = ixgbevf_get_drvinfo,
@@ -809,6 +848,9 @@ static const struct ethtool_ops ixgbevf_ethtool_ops = {
.get_ethtool_stats = ixgbevf_get_ethtool_stats,
.get_coalesce = ixgbevf_get_coalesce,
.set_coalesce = ixgbevf_set_coalesce,
+ .get_rxfh_indir_size = ixgbevf_get_rxfh_indir_size,
+ .get_rxfh_key_size = ixgbevf_get_rxfh_key_size,
+ .get_rxfh = ixgbevf_get_rxfh,
};
void ixgbevf_set_ethtool_ops(struct net_device *netdev)
--
2.1.0
^ permalink raw reply related
* [PATCH net-next v5 6/7] ixgbevf: Add RSS Key query code
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
Add the ixgbevf_get_rss_key() function that queries the PF for an RSS Random Key
using a new VF-PF channel IXGBE_VF_GET_RSS_KEY command.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
New in v2:
- Added a more detailed patch description.
New in v1 (compared to RFC):
- Use "if-else" statement instead of a "switch-case" for a single option case
(in ixgbevf_get_rss_key()).
---
drivers/net/ethernet/intel/ixgbevf/mbx.h | 2 ++
drivers/net/ethernet/intel/ixgbevf/vf.c | 44 ++++++++++++++++++++++++++++++++
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
3 files changed, 47 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbevf/mbx.h b/drivers/net/ethernet/intel/ixgbevf/mbx.h
index 951a506..f79432e 100644
--- a/drivers/net/ethernet/intel/ixgbevf/mbx.h
+++ b/drivers/net/ethernet/intel/ixgbevf/mbx.h
@@ -118,6 +118,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_RETA_SZ 1 /* Number of RETA DWs to bring */
#define IXGBE_VF_RETA_OFFSET 2 /* Offset in RETA */
+#define IXGBE_VF_GET_RSS_KEY 0x0b /* get RSS hash key */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c
index cb5a4cf..f42a67d 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.c
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.c
@@ -292,6 +292,50 @@ static inline int _ixgbevf_get_reta(struct ixgbe_hw *hw, u32 *msgbuf,
}
/**
+ * ixgbevf_get_rss_key - get the RSS Random Key
+ * @hw: pointer to the HW structure
+ * @reta: buffer to fill with RETA contents.
+ *
+ * The "rss_key" buffer should be big enough to contain 10 registers.
+ *
+ * Returns: 0 on success.
+ * if API doesn't support this operation - (-EPERM).
+ */
+int ixgbevf_get_rss_key(struct ixgbe_hw *hw, u8 *rss_key)
+{
+ int err;
+ u32 msgbuf[IXGBE_VFMAILBOX_SIZE];
+
+ /* Return and error if API doesn't support RSS Random Key retrieval */
+ if (hw->api_version != ixgbe_mbox_api_12)
+ return -EPERM;
+
+ msgbuf[0] = IXGBE_VF_GET_RSS_KEY;
+ err = hw->mbx.ops.write_posted(hw, msgbuf, 1);
+
+ if (err)
+ return err;
+
+ err = hw->mbx.ops.read_posted(hw, msgbuf, 11);
+
+ if (err)
+ return err;
+
+ msgbuf[0] &= ~IXGBE_VT_MSGTYPE_CTS;
+
+ /* If we didn't get an ACK there must have been
+ * some sort of mailbox error so we should treat it
+ * as such.
+ */
+ if (msgbuf[0] != (IXGBE_VF_GET_RSS_KEY | IXGBE_VT_MSGTYPE_ACK))
+ return IXGBE_ERR_MBX;
+
+ memcpy(rss_key, msgbuf + 1, 40);
+
+ return 0;
+}
+
+/**
* ixgbevf_get_reta - get the RSS redirection table (RETA) contents.
* @hw: pointer to the HW structure
* @reta: buffer to fill with RETA contents.
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h
index 73c1b33..54f53f2b8 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.h
@@ -209,5 +209,6 @@ int ixgbevf_negotiate_api_version(struct ixgbe_hw *hw, int api);
int ixgbevf_get_queues(struct ixgbe_hw *hw, unsigned int *num_tcs,
unsigned int *default_tc);
int ixgbevf_get_reta(struct ixgbe_hw *hw, u32 *reta);
+int ixgbevf_get_rss_key(struct ixgbe_hw *hw, u8 *rss_key);
#endif /* __IXGBE_VF_H__ */
--
2.1.0
^ permalink raw reply related
* [PATCH net-next v5 4/7] ixgbevf: Add a RETA query code
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
- Added a new API version support.
- Added the query implementation in the ixgbevf.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
New in v3:
- Adjusted to the new interface IXGBE_VF_GET_RETA command.
- Added a proper support for x550 devices.
New in v1 (compared to RFC):
- Use "if-else" statement instead of a "switch-case" for a single option case
(in ixgbevf_get_reta()).
---
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 +-
drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 +++
drivers/net/ethernet/intel/ixgbevf/vf.c | 88 +++++++++++++++++++++++
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
4 files changed, 100 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index 62a0d8e..ba6ab61 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -1880,7 +1880,8 @@ static void ixgbevf_init_last_counter_stats(struct ixgbevf_adapter *adapter)
static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter)
{
struct ixgbe_hw *hw = &adapter->hw;
- int api[] = { ixgbe_mbox_api_11,
+ int api[] = { ixgbe_mbox_api_12,
+ ixgbe_mbox_api_11,
ixgbe_mbox_api_10,
ixgbe_mbox_api_unknown };
int err = 0, idx = 0;
@@ -3525,6 +3526,7 @@ static int ixgbevf_change_mtu(struct net_device *netdev, int new_mtu)
switch (adapter->hw.api_version) {
case ixgbe_mbox_api_11:
+ case ixgbe_mbox_api_12:
max_possible_frame = IXGBE_MAX_JUMBO_FRAME_SIZE;
break;
default:
diff --git a/drivers/net/ethernet/intel/ixgbevf/mbx.h b/drivers/net/ethernet/intel/ixgbevf/mbx.h
index 0bc3005..951a506 100644
--- a/drivers/net/ethernet/intel/ixgbevf/mbx.h
+++ b/drivers/net/ethernet/intel/ixgbevf/mbx.h
@@ -86,6 +86,7 @@ enum ixgbe_pfvf_api_rev {
ixgbe_mbox_api_10, /* API version 1.0, linux/freebsd VF driver */
ixgbe_mbox_api_20, /* API version 2.0, solaris Phase1 VF driver */
ixgbe_mbox_api_11, /* API version 1.1, linux/freebsd VF driver */
+ ixgbe_mbox_api_12, /* API version 1.2, linux/freebsd VF driver */
/* This value should always be last */
ixgbe_mbox_api_unknown, /* indicates that API version is not known */
};
@@ -110,6 +111,13 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_TRANS_VLAN 3 /* Indication of port vlan */
#define IXGBE_VF_DEF_QUEUE 4 /* Default queue offset */
+/* mailbox API, version 1.2 VF requests */
+#define IXGBE_VF_GET_RETA 0x0a /* VF request for RETA */
+
+/* GET_RETA request data indices within the mailbox */
+#define IXGBE_VF_RETA_SZ 1 /* Number of RETA DWs to bring */
+#define IXGBE_VF_RETA_OFFSET 2 /* Offset in RETA */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c
index cdb53be..cb5a4cf 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.c
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.c
@@ -258,6 +258,93 @@ static s32 ixgbevf_set_uc_addr_vf(struct ixgbe_hw *hw, u32 index, u8 *addr)
return ret_val;
}
+static inline int _ixgbevf_get_reta(struct ixgbe_hw *hw, u32 *msgbuf,
+ u32 *reta, u32 reta_offset_dw, u32 dwords)
+{
+ int err;
+
+ msgbuf[0] = IXGBE_VF_GET_RETA;
+ msgbuf[IXGBE_VF_RETA_SZ] = dwords;
+ msgbuf[IXGBE_VF_RETA_OFFSET] = reta_offset_dw;
+
+ err = hw->mbx.ops.write_posted(hw, msgbuf, 3);
+
+ if (err)
+ return err;
+
+ err = hw->mbx.ops.read_posted(hw, msgbuf, 1 + dwords);
+
+ if (err)
+ return err;
+
+ msgbuf[0] &= ~IXGBE_VT_MSGTYPE_CTS;
+
+ /* If we didn't get an ACK there must have been
+ * some sort of mailbox error so we should treat it
+ * as such.
+ */
+ if (msgbuf[0] != (IXGBE_VF_GET_RETA | IXGBE_VT_MSGTYPE_ACK))
+ return IXGBE_ERR_MBX;
+
+ memcpy(reta + reta_offset_dw, msgbuf + 1, 4 * dwords);
+
+ return 0;
+}
+
+/**
+ * ixgbevf_get_reta - get the RSS redirection table (RETA) contents.
+ * @hw: pointer to the HW structure
+ * @reta: buffer to fill with RETA contents.
+ *
+ * The "reta" buffer should be big enough to contain 32 registers.
+ *
+ * Returns: 0 on success.
+ * if API doesn't support this operation - (-EPERM).
+ */
+int ixgbevf_get_reta(struct ixgbe_hw *hw, u32 *reta)
+{
+ int err;
+ u32 msgbuf[IXGBE_VFMAILBOX_SIZE];
+
+ /* Return an error if API doesn't RETA querying. */
+ if (hw->api_version != ixgbe_mbox_api_12)
+ return -EPERM;
+
+ /* x550 devices have a separate RETA for each VF: 64 bytes each.
+ *
+ * We'll get it in 2 steps due to mailbox size limitation - we can bring
+ * up to 15 dwords every time. Therefore we'll bring 12 and 4 dwords.
+ *
+ * Older devices share a RETA table with the PF: 128 bytes.
+ *
+ * For them we do it in 3 steps. Therefore we'll bring it in 3 steps:
+ * 12, 12 and 8 dwords in each step correspondingly.
+ */
+
+ /* RETA[0..11] */
+ err = _ixgbevf_get_reta(hw, msgbuf, reta, 0, 12);
+ if (err)
+ return err;
+
+ if (hw->mac.type >= ixgbe_mac_X550_vf) {
+ /* RETA[12..15] */
+ err = _ixgbevf_get_reta(hw, msgbuf, reta, 12, 4);
+ if (err)
+ return err;
+
+ } else {
+ /* RETA[12..23] */
+ err = _ixgbevf_get_reta(hw, msgbuf, reta, 12, 12);
+ if (err)
+ return err;
+
+ /* RETA[24..31] */
+ err = _ixgbevf_get_reta(hw, msgbuf, reta, 24, 8);
+ }
+
+ return err;
+}
+
/**
* ixgbevf_set_rar_vf - set device MAC address
* @hw: pointer to hardware structure
@@ -545,6 +632,7 @@ int ixgbevf_get_queues(struct ixgbe_hw *hw, unsigned int *num_tcs,
/* do nothing if API doesn't support ixgbevf_get_queues */
switch (hw->api_version) {
case ixgbe_mbox_api_11:
+ case ixgbe_mbox_api_12:
break;
default:
return 0;
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h
index 5b17242..73c1b33 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.h
@@ -208,5 +208,6 @@ void ixgbevf_rlpml_set_vf(struct ixgbe_hw *hw, u16 max_size);
int ixgbevf_negotiate_api_version(struct ixgbe_hw *hw, int api);
int ixgbevf_get_queues(struct ixgbe_hw *hw, unsigned int *num_tcs,
unsigned int *default_tc);
+int ixgbevf_get_reta(struct ixgbe_hw *hw, u32 *reta);
#endif /* __IXGBE_VF_H__ */
--
2.1.0
^ permalink raw reply related
* [PATCH net-next v5 5/7] ixgbe: Add GET_RSS_KEY command to VF-PF channel commands set
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
For 82599 and x540 VFs and PF share the same RSS Key. Therefore we will return
the same RSS key for all VFs.
x550 on the other hand has a separate RSS Key for every pool.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
New in v5:
- Use a newly added netdev op to allow/prevent the RSS Hash Key querying on a per-VF
basis.
New in v3:
- Added a support for x550 devices.
New in v1 (compared to RFC):
- Use "if-else" statement instead of a "switch-case" for a single option case
(in ixgbe_get_vf_rss_key()).
---
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 2 ++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 27 ++++++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index f9b5eae..3f14373 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -105,6 +105,8 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_RETA_SZ 1 /* Number of RETA DWs to bring */
#define IXGBE_VF_RETA_OFFSET 2 /* Offset in RETA */
+#define IXGBE_VF_GET_RSS_KEY 0x0b /* get RSS key */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 4b7246f..cb7403f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1019,6 +1019,30 @@ static int ixgbe_get_vf_reta(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
return 0;
}
+static int ixgbe_get_vf_rss_key(struct ixgbe_adapter *adapter,
+ u32 *msgbuf, u32 vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ int i;
+ u32 *rss_key = &msgbuf[1];
+
+ /* verify the PF is supporting the correct API */
+ if (!adapter->vfinfo[vf].rss_query_enabled ||
+ (adapter->vfinfo[vf].vf_api != ixgbe_mbox_api_12))
+ return -EPERM;
+
+ /* Read the RSS KEY */
+ if (hw->mac.type >= ixgbe_mac_X550) {
+ for (i = 0; i < 10; i++)
+ rss_key[i] = IXGBE_READ_REG(hw,
+ IXGBE_PFVFRSSRK(i, vf));
+ } else
+ for (i = 0; i < 10; i++)
+ rss_key[i] = IXGBE_READ_REG(hw, IXGBE_RSSRK(i));
+
+ return 0;
+}
+
static int ixgbe_rcv_msg_from_vf(struct ixgbe_adapter *adapter, u32 vf)
{
u32 mbx_size = IXGBE_VFMAILBOX_SIZE;
@@ -1078,6 +1102,9 @@ static int ixgbe_rcv_msg_from_vf(struct ixgbe_adapter *adapter, u32 vf)
case IXGBE_VF_GET_RETA:
retval = ixgbe_get_vf_reta(adapter, msgbuf, vf);
break;
+ case IXGBE_VF_GET_RSS_KEY:
+ retval = ixgbe_get_vf_rss_key(adapter, msgbuf, vf);
+ break;
default:
e_err(drv, "Unhandled Msg %8.8x\n", msgbuf[0]);
retval = IXGBE_ERR_MBX;
--
2.1.0
^ permalink raw reply related
* [PATCH net-next v5 3/7] ixgbe: Add a RETA query command to VF-PF channel API
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
82599 and x540 VFs and PF share the same RSS redirection table (RETA). Therefore we
just return it for all VFs. x550 on the other hand provides a separate redirection
table for each VF (there is a per-pool RETA table).
For 82599 and x540 RETA table is an array of 32 registers (128 bytes) and the maximum number of
registers that may be delivered in a single VF-PF channel command is 15. Therefore
we will deliver the whole table in 3 steps: 12, 12 and 8 registers in each
step correspondingly.
For x550 VFs RETA is a 64 byte array, so we may deliver it in two steps: 12 and 4 registers
correspondingly.
Thus this patch does the following:
- Adds a new API version (to specify a new commands set).
- Adds the IXGBE_VF_GET_RETA command to the VF-PF commands set.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
New in v5:
- Use the newly added netdev op to allow/prevent the RETA query on a per-VF basis.
New in v4:
- Deleted an empty line in ixgbe_get_vf_reta() switch-case.
New in v3:
- Pass the number of dwords and offset in RETA in the IXGBE_VF_GET_RETA request message.
This allows to reduce the added command set to a single command.
- Added a support for all devices supported by the ixgbe driver that have
SR-IOV functions support: 82599, x540 and x550. The original code supported
only 82599 and x540.
- Added the masking of the RETA entries according to the PSRTYPE[n].RQPL
value.
New in v1 (compared to RFC):
- Use "if-else" statement instead of a "switch-case" for a single option case
(in ixgbe_get_vf_reta()).
---
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 8 ++++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 65 ++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
index a5cb755..f9b5eae 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h
@@ -73,6 +73,7 @@ enum ixgbe_pfvf_api_rev {
ixgbe_mbox_api_10, /* API version 1.0, linux/freebsd VF driver */
ixgbe_mbox_api_20, /* API version 2.0, solaris Phase1 VF driver */
ixgbe_mbox_api_11, /* API version 1.1, linux/freebsd VF driver */
+ ixgbe_mbox_api_12, /* API version 1.2, linux/freebsd VF driver */
/* This value should always be last */
ixgbe_mbox_api_unknown, /* indicates that API version is not known */
};
@@ -97,6 +98,13 @@ enum ixgbe_pfvf_api_rev {
#define IXGBE_VF_TRANS_VLAN 3 /* Indication of port vlan */
#define IXGBE_VF_DEF_QUEUE 4 /* Default queue offset */
+/* mailbox API, version 1.2 VF requests */
+#define IXGBE_VF_GET_RETA 0x0a /* VF request for RETA */
+
+/* GET_RETA request data indices within the mailbox */
+#define IXGBE_VF_RETA_SZ 1 /* Number of RETA DWs to bring */
+#define IXGBE_VF_RETA_OFFSET 2 /* Offset in RETA */
+
/* length of permanent address message returned from PF */
#define IXGBE_VF_PERMADDR_MSG_LEN 4
/* word in permanent address message with the current multicast type */
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index c903ab2..4b7246f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -440,6 +440,7 @@ static s32 ixgbe_set_vf_lpe(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
#endif /* CONFIG_FCOE */
switch (adapter->vfinfo[vf].vf_api) {
case ixgbe_mbox_api_11:
+ case ixgbe_mbox_api_12:
/*
* Version 1.1 supports jumbo frames on VFs if PF has
* jumbo frames enabled which means legacy VFs are
@@ -907,6 +908,7 @@ static int ixgbe_negotiate_vf_api(struct ixgbe_adapter *adapter,
switch (api) {
case ixgbe_mbox_api_10:
case ixgbe_mbox_api_11:
+ case ixgbe_mbox_api_12:
adapter->vfinfo[vf].vf_api = api;
return 0;
default:
@@ -930,6 +932,7 @@ static int ixgbe_get_vf_queues(struct ixgbe_adapter *adapter,
switch (adapter->vfinfo[vf].vf_api) {
case ixgbe_mbox_api_20:
case ixgbe_mbox_api_11:
+ case ixgbe_mbox_api_12:
break;
default:
return -1;
@@ -957,6 +960,65 @@ static int ixgbe_get_vf_queues(struct ixgbe_adapter *adapter,
return 0;
}
+static int ixgbe_get_vf_reta(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
+{
+ struct ixgbe_hw *hw = &adapter->hw;
+ int i, j;
+ u32 *reta = &msgbuf[1];
+ u32 mask = 0;
+ u32 psrtype;
+ u32 reta_offset_dw = msgbuf[IXGBE_VF_RETA_OFFSET];
+ u32 dwords = msgbuf[IXGBE_VF_RETA_SZ];
+
+ /* verify the PF is supporting the correct API */
+ if (!adapter->vfinfo[vf].rss_query_enabled ||
+ (adapter->vfinfo[vf].vf_api != ixgbe_mbox_api_12))
+ return -EPERM;
+
+ psrtype = IXGBE_READ_REG(hw, IXGBE_PSRTYPE(vf));
+
+ /* The redirection table is composed as follows:
+ * 82598: 128 (8 bit wide) entries containing pair of 4 bit RSS indices
+ * 82599/X540: 128 (8 bit wide) entries containing 4 bit RSS index X550:
+ * 512 (8 bit wide) entries containing 6 bit RSS index
+ *
+ * PSRTYPE[n].RQPL defines if 0, 1 or 2 bits from the redirection table
+ * value should be used.
+ */
+
+ if ((psrtype & (1 << 29)) == (1 << 29))
+ mask = 0x01010101;
+ else if ((psrtype & (2 << 29)) == (2 << 29))
+ mask = 0x03030303;
+ else
+ mask = 0;
+
+ switch (hw->mac.type) {
+ case ixgbe_mac_82599EB:
+ case ixgbe_mac_X540:
+ /* Read the appropriate portion of RETA */
+ for (i = 0; i < dwords; i++)
+ reta[i] = IXGBE_READ_REG(hw,
+ IXGBE_RETA(i + reta_offset_dw));
+ break;
+ case ixgbe_mac_X550:
+ case ixgbe_mac_X550EM_x:
+ /* X550 has a per-VF RETA */
+ for (i = 0, j = reta_offset_dw; i < dwords; i++, j++)
+ reta[i] = IXGBE_READ_REG(hw,
+ IXGBE_PFVFRETA(j, vf));
+ break;
+ default:
+ return -1;
+ }
+
+ /* Mask the relevant bits */
+ for (i = 0; i < dwords; i++)
+ reta[i] &= mask;
+
+ return 0;
+}
+
static int ixgbe_rcv_msg_from_vf(struct ixgbe_adapter *adapter, u32 vf)
{
u32 mbx_size = IXGBE_VFMAILBOX_SIZE;
@@ -1013,6 +1075,9 @@ static int ixgbe_rcv_msg_from_vf(struct ixgbe_adapter *adapter, u32 vf)
case IXGBE_VF_GET_QUEUES:
retval = ixgbe_get_vf_queues(adapter, msgbuf, vf);
break;
+ case IXGBE_VF_GET_RETA:
+ retval = ixgbe_get_vf_reta(adapter, msgbuf, vf);
+ break;
default:
e_err(drv, "Unhandled Msg %8.8x\n", msgbuf[0]);
retval = IXGBE_ERR_MBX;
--
2.1.0
^ permalink raw reply related
* [PATCH net-next v5 2/7] ixgbe: Add a new netdev op to allow/prevent a VF from querying an RSS info
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
Implements the new netdev op to allow user to enable/disable the ability
of a specific VF to query its RSS Indirection Table and an RSS Hash Key.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 7 +++++++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 27 ++++++++++++++++++++++++++
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h | 2 ++
4 files changed, 37 insertions(+)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 38fc64c..5e3ff3e 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -149,6 +149,7 @@ struct vf_data_storage {
u16 tx_rate;
u16 vlan_count;
u8 spoofchk_enabled;
+ bool rss_query_enabled;
unsigned int vf_api;
};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 2ed2c7d..0074e63 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -3569,6 +3569,12 @@ static void ixgbe_configure_virtualization(struct ixgbe_adapter *adapter)
if (!adapter->vfinfo[i].spoofchk_enabled)
ixgbe_ndo_set_vf_spoofchk(adapter->netdev, i, false);
}
+
+ /* Enable/Disable RSS query feature */
+ for (i = 0; i < adapter->num_vfs; i++)
+ ixgbe_ndo_set_vf_rss_query_en(adapter->netdev, i,
+ adapter->vfinfo[i].rss_query_enabled);
+
}
static void ixgbe_set_rx_buffer_len(struct ixgbe_adapter *adapter)
@@ -7955,6 +7961,7 @@ static const struct net_device_ops ixgbe_netdev_ops = {
.ndo_set_vf_vlan = ixgbe_ndo_set_vf_vlan,
.ndo_set_vf_rate = ixgbe_ndo_set_vf_bw,
.ndo_set_vf_spoofchk = ixgbe_ndo_set_vf_spoofchk,
+ .ndo_set_vf_rss_query_en = ixgbe_ndo_set_vf_rss_query_en,
.ndo_get_vf_config = ixgbe_ndo_get_vf_config,
.ndo_get_stats64 = ixgbe_get_stats64,
#ifdef CONFIG_IXGBE_DCB
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index c76ba90..c903ab2 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -111,6 +111,19 @@ static int __ixgbe_enable_sriov(struct ixgbe_adapter *adapter)
/* enable spoof checking for all VFs */
for (i = 0; i < adapter->num_vfs; i++)
adapter->vfinfo[i].spoofchk_enabled = true;
+
+ /* by default:
+ * - Enable RSS query for x550 devices. x550 VFs don't share
+ * RSS Redirection Table and RSS Hash Key with a PF, so
+ * there isn't any possible security threat in allowing them
+ * to query this information.
+ * - disable - for all the rest since they do share it with a
+ * PF.
+ */
+ for (i = 0; i < adapter->num_vfs; i++)
+ adapter->vfinfo[i].rss_query_enabled =
+ (adapter->hw.mac.type >= ixgbe_mac_X550);
+
return 0;
}
@@ -1330,6 +1343,19 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting)
return 0;
}
+int ixgbe_ndo_set_vf_rss_query_en(struct net_device *netdev, int vf,
+ bool setting)
+{
+ struct ixgbe_adapter *adapter = netdev_priv(netdev);
+
+ if (vf >= adapter->num_vfs)
+ return -EINVAL;
+
+ adapter->vfinfo[vf].rss_query_enabled = setting;
+
+ return 0;
+}
+
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi)
{
@@ -1343,5 +1369,6 @@ int ixgbe_ndo_get_vf_config(struct net_device *netdev,
ivi->vlan = adapter->vfinfo[vf].pf_vlan;
ivi->qos = adapter->vfinfo[vf].pf_qos;
ivi->spoofchk = adapter->vfinfo[vf].spoofchk_enabled;
+ ivi->rss_query_en = adapter->vfinfo[vf].rss_query_enabled;
return 0;
}
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
index 32c26d5..2c197e6 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.h
@@ -47,6 +47,8 @@ int ixgbe_ndo_set_vf_vlan(struct net_device *netdev, int queue, u16 vlan,
int ixgbe_ndo_set_vf_bw(struct net_device *netdev, int vf, int min_tx_rate,
int max_tx_rate);
int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting);
+int ixgbe_ndo_set_vf_rss_query_en(struct net_device *netdev, int vf,
+ bool setting);
int ixgbe_ndo_get_vf_config(struct net_device *netdev,
int vf, struct ifla_vf_info *ivi);
void ixgbe_check_vf_rate_limit(struct ixgbe_adapter *adapter);
--
2.1.0
^ permalink raw reply related
* [PATCH net-next v5 1/7] if_link: Add an additional parameter to ifla_vf_info for RSS querying
From: Vlad Zolotarov @ 2015-01-07 19:26 UTC (permalink / raw)
To: netdev; +Cc: gleb, avi, jeffrey.t.kirsher, Vlad Zolotarov
In-Reply-To: <1420658802-18061-1-git-send-email-vladz@cloudius-systems.com>
Add configuration setting for drivers to allow/block an RSS Redirection Table and
a Hash Key querying for discrete VFs.
On some devices VF share the mentioned above information with PF and querying it may
adduce a theoretical security risk. We want to let a system administrator to decide if he/she
wants to take this risk or not.
Signed-off-by: Vlad Zolotarov <vladz@cloudius-systems.com>
---
include/linux/if_link.h | 1 +
include/linux/netdevice.h | 8 ++++++++
include/uapi/linux/if_link.h | 8 ++++++++
net/core/rtnetlink.c | 33 +++++++++++++++++++++++++++------
4 files changed, 44 insertions(+), 6 deletions(-)
diff --git a/include/linux/if_link.h b/include/linux/if_link.h
index 119130e..da49299 100644
--- a/include/linux/if_link.h
+++ b/include/linux/if_link.h
@@ -14,5 +14,6 @@ struct ifla_vf_info {
__u32 linkstate;
__u32 min_tx_rate;
__u32 max_tx_rate;
+ __u32 rss_query_en;
};
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 679e6e9..52d734e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -873,6 +873,11 @@ typedef u16 (*select_queue_fallback_t)(struct net_device *dev,
* int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int link_state);
* int (*ndo_set_vf_port)(struct net_device *dev, int vf,
* struct nlattr *port[]);
+ *
+ * Enable or disable the VF ability to query its RSS Redirection Table and
+ * Hash Key. This is needed since on some devices VF share this information
+ * with PF and querying it may adduce a theoretical security risk.
+ * int (*ndo_set_vf_rss_query_en)(struct net_device *dev, int vf, bool setting);
* int (*ndo_get_vf_port)(struct net_device *dev, int vf, struct sk_buff *skb);
* int (*ndo_setup_tc)(struct net_device *dev, u8 tc)
* Called to setup 'tc' number of traffic classes in the net device. This
@@ -1094,6 +1099,9 @@ struct net_device_ops {
struct nlattr *port[]);
int (*ndo_get_vf_port)(struct net_device *dev,
int vf, struct sk_buff *skb);
+ int (*ndo_set_vf_rss_query_en)(
+ struct net_device *dev,
+ int vf, bool setting);
int (*ndo_setup_tc)(struct net_device *dev, u8 tc);
#if IS_ENABLED(CONFIG_FCOE)
int (*ndo_fcoe_enable)(struct net_device *dev);
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index f7d0d2d..adb2842 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -454,6 +454,9 @@ enum {
IFLA_VF_SPOOFCHK, /* Spoof Checking on/off switch */
IFLA_VF_LINK_STATE, /* link state enable/disable/auto switch */
IFLA_VF_RATE, /* Min and Max TX Bandwidth Allocation */
+ IFLA_VF_RSS_QUERY_EN, /* RSS Redirection Table and Hash Key query
+ * on/off switch
+ */
__IFLA_VF_MAX,
};
@@ -498,6 +501,11 @@ struct ifla_vf_link_state {
__u32 link_state;
};
+struct ifla_vf_rss_query_en {
+ __u32 vf;
+ __u32 setting;
+};
+
/* VF ports management section
*
* Nested layout of set/get msg is:
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 6a6cdad..a3b9b29 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -818,7 +818,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev,
nla_total_size(sizeof(struct ifla_vf_vlan)) +
nla_total_size(sizeof(struct ifla_vf_spoofchk)) +
nla_total_size(sizeof(struct ifla_vf_rate)) +
- nla_total_size(sizeof(struct ifla_vf_link_state)));
+ nla_total_size(sizeof(struct ifla_vf_link_state)) +
+ nla_total_size(sizeof(struct ifla_vf_rss_query_en)));
return size;
} else
return 0;
@@ -1110,14 +1111,16 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
struct ifla_vf_tx_rate vf_tx_rate;
struct ifla_vf_spoofchk vf_spoofchk;
struct ifla_vf_link_state vf_linkstate;
+ struct ifla_vf_rss_query_en vf_rss_query_en;
/*
* Not all SR-IOV capable drivers support the
- * spoofcheck query. Preset to -1 so the user
- * space tool can detect that the driver didn't
- * report anything.
+ * spoofcheck and "RSS query enable" query. Preset to
+ * -1 so the user space tool can detect that the driver
+ * didn't report anything.
*/
ivi.spoofchk = -1;
+ ivi.rss_query_en = -1;
memset(ivi.mac, 0, sizeof(ivi.mac));
/* The default value for VF link state is "auto"
* IFLA_VF_LINK_STATE_AUTO which equals zero
@@ -1130,7 +1133,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
vf_rate.vf =
vf_tx_rate.vf =
vf_spoofchk.vf =
- vf_linkstate.vf = ivi.vf;
+ vf_linkstate.vf =
+ vf_rss_query_en.vf = ivi.vf;
memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac));
vf_vlan.vlan = ivi.vlan;
@@ -1140,6 +1144,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
vf_rate.max_tx_rate = ivi.max_tx_rate;
vf_spoofchk.setting = ivi.spoofchk;
vf_linkstate.link_state = ivi.linkstate;
+ vf_rss_query_en.setting = ivi.rss_query_en;
vf = nla_nest_start(skb, IFLA_VF_INFO);
if (!vf) {
nla_nest_cancel(skb, vfinfo);
@@ -1154,7 +1159,10 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
nla_put(skb, IFLA_VF_SPOOFCHK, sizeof(vf_spoofchk),
&vf_spoofchk) ||
nla_put(skb, IFLA_VF_LINK_STATE, sizeof(vf_linkstate),
- &vf_linkstate))
+ &vf_linkstate) ||
+ nla_put(skb, IFLA_VF_RSS_QUERY_EN,
+ sizeof(vf_rss_query_en),
+ &vf_rss_query_en))
goto nla_put_failure;
nla_nest_end(skb, vf);
}
@@ -1260,6 +1268,8 @@ static const struct nla_policy ifla_vf_policy[IFLA_VF_MAX+1] = {
.len = sizeof(struct ifla_vf_rate) },
[IFLA_VF_LINK_STATE] = { .type = NLA_BINARY,
.len = sizeof(struct ifla_vf_link_state) },
+ [IFLA_VF_RSS_QUERY_EN] = { .type = NLA_BINARY,
+ .len = sizeof(struct ifla_vf_rss_query_en) },
};
static const struct nla_policy ifla_port_policy[IFLA_PORT_MAX+1] = {
@@ -1472,6 +1482,17 @@ static int do_setvfinfo(struct net_device *dev, struct nlattr *attr)
ivl->link_state);
break;
}
+ case IFLA_VF_RSS_QUERY_EN: {
+ struct ifla_vf_rss_query_en *ivrssq_en;
+
+ ivrssq_en = nla_data(vf);
+ err = -EOPNOTSUPP;
+ if (ops->ndo_set_vf_rss_query_en)
+ err = ops->ndo_set_vf_rss_query_en(dev,
+ ivrssq_en->vf,
+ ivrssq_en->setting);
+ break;
+ }
default:
err = -EINVAL;
break;
--
2.1.0
^ permalink raw reply related
* Re: [PATCH 2/2] Fix copy-paste bug: assign from src struct not dest
From: Giel van Schijndel @ 2015-01-07 19:18 UTC (permalink / raw)
To: Johannes Berg, Andy Shevchenko
Cc: linux-kernel, Kalle Valo, Eliad Peller, John W. Linville,
Arik Nemtsov, open list:TI WILINK WIRELES...,
open list:NETWORKING DRIVERS
In-Reply-To: <1420451671.9459.1.camel@sipsolutions.net>
[-- Attachment #1: Type: text/plain, Size: 1949 bytes --]
On Mon, Jan 05, 2015 at 10:54:31 +0100, Johannes Berg wrote:
> On Sun, 2015-01-04 at 19:00 +0100, Giel van Schijndel wrote:
>> ---
>> drivers/net/wireless/ti/wlcore/acx.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/wireless/ti/wlcore/acx.c b/drivers/net/wireless/ti/wlcore/acx.c
>> index beb354c..93a2fa8 100644
>> --- a/drivers/net/wireless/ti/wlcore/acx.c
>> +++ b/drivers/net/wireless/ti/wlcore/acx.c
>> @@ -1725,7 +1725,7 @@ int wl12xx_acx_config_hangover(struct wl1271 *wl)
>> acx->decrease_delta = conf->decrease_delta;
>> acx->quiet_time = conf->quiet_time;
>> acx->increase_time = conf->increase_time;
>> - acx->window_size = acx->window_size;
>> + acx->window_size = conf->window_size;
>
> It would be far better to fix the bug *first*, that way the bugfix can
> be cherry-picked/applied to trees that don't have the alignment.
I agree on the ordering.
As for:
> (And anyway I question the value of the alignment - if you really want
> to make this bug disappear you could perhaps use a macro)
And:
On Wed, Jan 07, 2015 at 20:40:57 +0200, Andy Shevchenko wrote:
> On Sun, Jan 4, 2015 at 8:00 PM, Giel van Schijndel <me@mortis.eu> wrote:
> > This highlights the differences (errors).
>
> Seems like patch for the patch. Just fix an error like it's done here:
> http://www.spinics.net/lists/linux-wireless/msg131667.html
IMO the aligned block of code has the significant advantage of taking
advantage of humans' ability to spot things that break a pattern. Which
in this case becomes *very* visible when properly aligned, because
without the alignment there is no (visual) pattern (or at least not one
very suitable for my "visual processing system", I know the same applies
to at least some others).
--
Met vriendelijke groet,
With kind regards,
Giel van Schijndel
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply
* Greetings From China
From: Mr. Chiang @ 2015-01-07 18:47 UTC (permalink / raw)
To: Recipients
Good day and how do you do? I'm Mr.Chiang, and I work with Bank of China. I need your assistance in moving a sum of $28 Million USDollars. Kindly get back if interested.
^ permalink raw reply
* [PATCH RESEND] isdn: fix NUL (\0 or \x00) specification in string
From: Giel van Schijndel @ 2015-01-07 19:10 UTC (permalink / raw)
To: linux-kernel
Cc: David Sterba, Giel van Schijndel, Armin Schindler, Karsten Keil,
open list:ISDN SUBSYSTEM
In-Reply-To: <1420394722-20197-1-git-send-email-me@mortis.eu>
In C one can either use '\0' or '\x00' (or '\000') to add a NUL byte to
a string. '\0x00' isn't part of these and will in fact result in a
single NUL followed by "x00". This fixes that.
Signed-off-by: Giel van Schijndel <me@mortis.eu>
Reported-at: http://www.viva64.com/en/b/0299/
---
drivers/isdn/hardware/eicon/message.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/isdn/hardware/eicon/message.c b/drivers/isdn/hardware/eicon/message.c
index a82e542..0b38060 100644
--- a/drivers/isdn/hardware/eicon/message.c
+++ b/drivers/isdn/hardware/eicon/message.c
@@ -4880,7 +4880,7 @@ static void sig_ind(PLCI *plci)
byte SS_Ind[] = "\x05\x02\x00\x02\x00\x00"; /* Hold_Ind struct*/
byte CF_Ind[] = "\x09\x02\x00\x06\x00\x00\x00\x00\x00\x00";
byte Interr_Err_Ind[] = "\x0a\x02\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- byte CONF_Ind[] = "\x09\x16\x00\x06\x00\x00\0x00\0x00\0x00\0x00";
+ byte CONF_Ind[] = "\x09\x16\x00\x06\x00\x00\x00\x00\x00\x00";
byte force_mt_info = false;
byte dir;
dword d;
--
2.1.4
^ permalink raw reply related
* [bisected] no traffic on ssl vpn with 3.19rc1 - 3.19rc3
From: Billy Shuman @ 2015-01-07 19:10 UTC (permalink / raw)
To: netdev
Hi,
Since 3.19rc1 I get 100% packet loss through SSL vpn. I bisected with
the following result:
0b46d0ee9c240c7430a47e9b0365674d4a04522 is the first bad commit
commit e0b46d0ee9c240c7430a47e9b0365674d4a04522
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri Nov 7 21:22:23 2014 +0800
tun: Use iovec iterators
This patch removes the use of skb_copy_datagram_const_iovec in
favour of the iovec iterator-based skb_copy_datagram_iter.
https://bugzilla.kernel.org/show_bug.cgi?id=90901
Thanks,
Billy Shuman
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox