Netdev List
 help / color / mirror / Atom feed
* Re: [EXTERNAL] Re: [REGRESSION] Discussion on "xfrm: Duplicate SPI Handling"
From: Antony Antony @ 2026-04-16  5:51 UTC (permalink / raw)
  To: Yan Yan
  Cc: antony.antony, Aakash Kumar Shankarappa, Nathan Harold,
	Tobias Brunner, Steffen Klassert, paul@nohats.ca,
	netdev@vger.kernel.org, Herbert Xu, David S . Miller,
	Eric Dumazet, Jakub Kicinski, pabeni@redhat.com, horms@kernel.org,
	akamluddin@marvell.com, greg@kroah.com
In-Reply-To: <CADHa2dA+Yq_K2A=Pk131yYYOX3Btncbp4Q+9UoTu_7egLPJhQg@mail.gmail.com>


On Wed, Apr 08, 2026 at 15:49:00 -0700, Yan Yan wrote:
>    Hi Antony,
>    The patch looks good to me, and I verified that it fixes the
>    regression.

I rebased the patch to ipsec and sent as RFC ipsec. I am sending it as
Fix, instead of ipsec-next.

I could not test it easily both.  
Aakash and Yan would you like to test it and may be send tag, that may motivate Steffen to accept it instead of waiting for me to test it.

regards,
-antony

> 
>    On Tue, Mar 31, 2026 at 3:47 AM Antony Antony
>    <[1]antony.antony@secunet.com> wrote:
> 
>      Hi,
>      I have tweaked the patch a bit more, uniqueness is only when
>      x->dir == XFRM_SA_DIR_IN. See the attached patch.
>      I have added tags Fixes:
>      and
>      Reported-by: Yan Yan <[2]evitayan@google.com>
>      Yan, are you ok with this?
>      So fart I don't have any tests for this, so more tags welcome:)
>      regards,
>      -antony
>      PS: recent libreswan is setting direction. Thta should not be
>      problem.
>      On Mon, Mar 30, 2026 at 20:34:07 +0000, Aakash Kumar Shankarappa
>      wrote:
>      >    Hi Antony,
>      >
>      >    Thanks for the patch. Yes the x->dir based gating approach
>      looks good
>      >    to me and it works for Marvell.
>      >
>      >    Also this seems like the right direction. It preserves backward
>      >    compatibility for existing users, while still allowing strict
>      RFC 4301
>      >    complaint SPI uniqueness as an opt-in feature. Anybody who
>      wants the
>      >    stricter behaviour can upgrade to Strongswan 6.0.0+ and
>      leverage
>      >    XFRM_SA_DIR_IN.
>      >
>      >    Thanks, Aakash
>      >
>      >    From: Antony Antony <[3]antony.antony@secunet.com>
>      >    Date: Monday, 30 March 2026 at 10:24 PM
>      >    To: Yan Yan <[4]evitayan@google.com>
>      >    Cc: Nathan Harold <[5]nharold@google.com>, Tobias Brunner
>      >    <[6]tobias@strongswan.org>, [7]antony.antony@secunet.com
>      >    <[8]antony.antony@secunet.com>, Steffen Klassert
>      >    <[9]steffen.klassert@secunet.com>, [10]paul@nohats.ca
>      <[11]paul@nohats.ca>,
>      >    [12]netdev@vger.kernel.org <[13]netdev@vger.kernel.org>,
>      Herbert Xu
>      >    <[14]herbert@gondor.apana.org.au>, David S . Miller
>      <[15]davem@davemloft.net>,
>      >    Eric Dumazet <[16]edumazet@google.com>, Jakub Kicinski
>      <[17]kuba@kernel.org>,
>      >    [18]pabeni@redhat.com <[19]pabeni@redhat.com>,
>      [20]horms@kernel.org
>      >    <[21]horms@kernel.org>, Aakash Kumar Shankarappa
>      >    <[22]saakashkumar@marvell.com>, [23]akamluddin@marvell.com
>      >    <[24]akamluddin@marvell.com>, [25]greg@kroah.com
>      <[26]greg@kroah.com>
>      >    Subject: [EXTERNAL] Re: [REGRESSION] Discussion on "xfrm:
>      Duplicate SPI
>      >    Handling"
>      >    Prioritize security for external emails:
>      >    Confirm sender and content safety before clicking links or
>      opening
>      >    attachments
>      >    [1]Report Suspicious
>      >
>      >
>      >    Hi, I looked into this. I feel a simple solution is use x->dir
>      as
>      >    Nathan proposed. When dir is not set we get pre commit
>      94f39804d891
>      >    ("xfrm: Duplicate SPI Handling") behaviour. When XFRM_SA_DIR is
>      set
>      >    alloc_spi() returns per direction unique spi. Another benfit
>      is, this
>      >    would also keep PF_KEY use case as it was before that comit.
>      Here is
>      >    simple RFC patch attached. How does this look? strongswan
>      6.0.0, from
>      >    Dec 2024, sets x->dir. Aakash would this work for for marvell?
>      regads,
>      >    -antony On Fri, Mar 27, 2026 at 17:05:13 -0700, Yan Yan wrote:
>      > Hi
>      >    all, > I wanted to send a friendly ping to see if we are
>      aligning on
>      >    making > the strict global SPI uniqueness requirement optional,
>      perhaps
>      >    via a > toggle or by leveraging the XFRM_SA_DIR attribute as
>      previously
>      >    > discussed. > Are there any other questions or concerns
>      regarding this
>      >    approach, or > anything else we should clarify to ensure
>      backward
>      >    compatibility while > meeting the needs of modern standards? >
>      Best, >
>      >    Yan > > On Tue, Feb 24, 2026 at 3:53 PM Nathan Harold
>      >    <[1][27]nharold@google.com> > wrote: > > > That should still be
>      allowed
>      >    when using the intended APIs (i.e. > ALLOCSPI > > for the
>      inbound and
>      >    NEWSA for the outbound SA). ALLOCSPI might > enforce > > a
>      unique SPI
>      >    without considering the address, as that's intended > for > >
>      local,
>      >    inbound SAs, where the kernel has full control (looking at >
>      the > >
>      >    the patch, it's certainly not ideal, as it goes through all >
>      installed
>      >    > > SAs to find a duplicate and it prevents an inbound SPI that
>      >
>      >    matches an > > existing outbound SPI - I guess that could be
>      resolved
>      >    by using > separate > > tables for in- and outbound SAs). But
>      that must
>      >    not prevent > installing > > outbound SAs with the same SPI to
>      another
>      >    peer using NEWSA, which > still > > uses a hash that includes
>      the
>      >    destination address (that must > always be > > the case because
>      peers
>      >    are free to allocate whatever SPI they > want). > Agreed that
>      there are
>      >    some unfortunate limitations with the current > patch. Keying
>      off the
>      >    inclusion of XFRM_SA_DIR would resolve the > issue > you noted
>      >    (conflating inbound and outbound SPIs) and function as an >
>      opt-in for
>      >    this enforcement. Whatever the mechanism though, the new >
>      behavior
>      >    should be opt-in rather than opt-out in order to maintain >
>      backwards
>      >    compatibility. > > In my opinion, you are using the API
>      incorrectly...
>      >    I also > > don't think there are any benefits in that
>      "consistent
>      >    larval > lifecycle" > > (if you found any, please let us know).
>      > The
>      >    Android architecture is multi-tenant and allows userspace apps
>      > to >
>      >    establish SAs. At the time we designed it, this felt like the >
>      >    cleanest > way to facilitate leak-free resource management
>      because the
>      >    chain of > associations between kernel resources could be
>      symmetrical
>      >    (and > managing them was already quite complicated). Mea culpa
>      >    (Nathan). > But, > correctly or not, it has/had worked for many
>      years.
>      >    > > By the way, are you using the min/max option for inbound
>      SAs as >
>      >    well, > > with an SPI generated in userland? That would seem
>      like a >
>      >    violation of > > the intention of the API as well (i.e. letting
>      the
>      >    kernel control > the > > local SPIs). > We provide following
>      two
>      >    Android APIs for app developers: >
>      >
>      [2][2][28]https://urldefense.proofpoint.com/v2/url?u=https-3A__devel
>      oper.an
>      >
>      droid.com_reference_android_net_IpSecManager-23&d=DwIDaQ&c=nKjWec2b6
>      R0m
>      >
>      OyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKyp
>      JWI
>      >
>      SL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=9txNFXC-wFiRF
>      V_Q
>      >    JlIQLW2AWSbERIOWcGHJfuQP2ZA&e= >
>      >    allocateSecurityParameterIndex(java.net.InetAddress) >
>      >
>      [3][3][29]https://urldefense.proofpoint.com/v2/url?u=https-3A__devel
>      oper.an
>      >
>      droid.com_reference_android_net_IpSecManager-23&d=DwIDaQ&c=nKjWec2b6
>      R0m
>      >
>      OyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKyp
>      JWI
>      >
>      SL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=9txNFXC-wFiRF
>      V_Q
>      >    JlIQLW2AWSbERIOWcGHJfuQP2ZA&e= >
>      >    allocateSecurityParameterIndex(java.net.InetAddress,%20int) >
>      Indeed,
>      >    allocateSecurityParameterIndex is direction-agnostic; both >
>      overloads
>      >    are implemented internally by including the min and max >
>      values in
>      >    ALLOCSPI. For the variant where app developers provide a >
>      specific SPI
>      >    (which is also useful in testing), Android simply sets > both
>      the min
>      >    and max parameters to that exact value. Our > understanding >
>      of
>      >    #xfrm_alloc_spi is that min/max are required for ALLOCSPI, and
>      >
>      >    otherwise ENOENT will be returned. > Note that we also use the
>      DADDR as
>      >    a mandatory part of the tuple > because of the issue mentioned
>      above:
>      >    SPIs are only unique in > conjunction with a DADDR, regardless
>      of
>      >    direction, and accordingly, > that’s how Android is expecting
>      the
>      >    uniqueness requirement be > enforced. In this way, 5 duplicate
>      SPIs can
>      >    be used on 5 unique IP > addresses on the same machine;
>      therefore, a
>      >    strict "SPI only" > interpretation for ALLOCSPI (or SPI
>      handling in
>      >    general) is curious. > We feel that ALLOCSPI should really
>      enforce the
>      >    same uniqueness > requirements as the SAD. > Best, > Nathan and
>      Yan >
>      >    -Nathan > On Wed, Feb 18, 2026 at 12:42 AM Tobias Brunner >
>      >    <[4][30]tobias@strongswan.org> wrote: > > > > Hi Yan, > > > > >
>      For every
>      >    inbound SA, we allocate SPIs before negotiation. For > > >
>      outbound
>      >    SAs, we allocate SPIs once requested by the peer. We > only > >
>      >
>      >    require the (SPI, destination address) combo to be unique.
>      Thus, > we >
>      >    > > may have an inbound and outbound SA sharing an SPI with >
>      different
>      >    > > > destinations, or multiple outbound SAs to different peers
>      >
>      >    sharing an > > > SPI. > > > > That should still be allowed when
>      using
>      >    the intended APIs (i.e. > ALLOCSPI > > for the inbound and
>      NEWSA for
>      >    the outbound SA). ALLOCSPI might > enforce > > a unique SPI
>      without
>      >    considering the address, as that's intended > for > > local,
>      inbound
>      >    SAs, where the kernel has full control (looking at > the > >
>      the patch,
>      >    it's certainly not ideal, as it goes through all > installed >
>      > SAs to
>      >    find a duplicate and it prevents an inbound SPI that > matches
>      an > >
>      >    existing outbound SPI - I guess that could be resolved by using
>      >
>      >    separate > > tables for in- and outbound SAs). But that must
>      not
>      >    prevent > installing > > outbound SAs with the same SPI to
>      another peer
>      >    using NEWSA, which > still > > uses a hash that includes the
>      >    destination address (that must > always be > > the case because
>      peers
>      >    are free to allocate whatever SPI they > want). > > > > >> If
>      so, why
>      >    would you use ALLOCSPI and not just install the > outbound SA?
>      Is it to
>      >    avoid differences for in- and outbound SAs > (ALLOCSPI+UPDSA
>      vs.
>      >    NEWSA)?" > > > > > > Exactly—it is primarily for code symmetry.
>      By
>      >    using ALLOCSPI + > UPDSA > > > for both directions, we maintain
>      a
>      >    consistent larval lifecycle > and > > > make it easier to
>      maintain. > >
>      >    > > In my opinion, you are using the API incorrectly. ALLOCSPI
>      is >
>      >    intended > > to allocate a free local SPI for an inbound SA.
>      That is,
>      >    reserve > it > > before and while the details of the SA are
>      negotiated
>      >    with the > peer > > using IKE. This step isn't necessary for
>      outbound
>      >    SAs and forcing > such > > an allocation, after all the details
>      are
>      >    known, to the responder's > SPI > > (which I assume you do via
>      min/max
>      >    option) doesn't feel right. I > also > > don't think there are
>      any
>      >    benefits in that "consistent larval > lifecycle" > > (if you
>      found any,
>      >    please let us know). And the difference > between > > UPDSA and
>      NEWSA
>      >    is the nlmsg_type (there are some attributes that > are > >
>      different
>      >    for in- and outbound SAs, especially if you set the > direction
>      > > in
>      >    newer kernels, but that's the case regardless of the message >
>      type). >
>      >    > > > By the way, are you using the min/max option for inbound
>      SAs as >
>      >    well, > > with an SPI generated in userland? That would seem
>      like a >
>      >    violation of > > the intention of the API as well (i.e. letting
>      the
>      >    kernel control > the > > local SPIs). > > > > As the XFRM API
>      basically
>      >    mirrors PF_KEYv2 here, you can find more > about > > the two
>      ways to
>      >    install SAs in RFC 2367 (SADB_GETSPI/UPDATE vs. > SADB_ADD). >
>      > > >
>      >    Regards, > > Tobias > > > > -- > > -- > Best, > Yan > >
>      References > >
>      >    1. mailto:[31]nharold@google.com > 2.
>      >
>      [4][32]https://urldefense.proofpoint.com/v2/url?u=https-3A__develope
>      r.andro
>      >
>      id.com_reference_android_net_IpSecManager-23allocateSecurityParamete
>      rIn
>      >
>      dex-28java.net.InetAddress-29&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=r6
>      Wzn
>      >
>      5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkfA2yD1_H
>      51r
>      >
>      d5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=UtpwkuoswT-6aK0he6dSS-0dvZfIcRj
>      bfj
>      >    _Eu4A-c6E&e= > 3.
>      >
>      [5][33]https://urldefense.proofpoint.com/v2/url?u=https-3A__develope
>      r.andro
>      >
>      id.com_reference_android_net_IpSecManager-23allocateSecurityParamete
>      rIn
>      >
>      dex-28java.net.InetAddress&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=r6Wzn
>      5Ln
>      >
>      Vsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkfA2yD1_H51r
>      d5M
>      >
>      6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=fVmYoLIpyuMX3AtAkU7ejR1dno_8QtnhCK
>      LMD
>      >    4BmURc&e=, int) > 4. mailto:[34]tobias@strongswan.org
>      >
>      > References
>      >
>      >    Visible links:
>      >    1.
>      [35]https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!tG3Tv5d
>      8inv1_6DXc1X1B4ctthRq2qCkR8nIF_n_SOJiXQ-SqG_LUk--J5LZEwV9jGdXABQriDr
>      uLYnPEg$
>      >    2.
>      [36]https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.a
>      ndroid.com_reference_android_net_IpSecManager-23&d=DwIDaQ&c=nKjWec2b
>      6R0mOyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNM
>      KKypJWISL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=9txNFX
>      C-wFiRFV_QJlIQLW2AWSbERIOWcGHJfuQP2ZA&e=
>      >    3.
>      [37]https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.a
>      ndroid.com_reference_android_net_IpSecManager-23&d=DwIDaQ&c=nKjWec2b
>      6R0mOyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNM
>      KKypJWISL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=9txNFX
>      C-wFiRFV_QJlIQLW2AWSbERIOWcGHJfuQP2ZA&e=
>      >    4.
>      [38]https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.a
>      ndroid.com_reference_android_net_IpSecManager-23allocateSecurityPara
>      meterIndex-28java.net.InetAddress-29&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xt
>      fQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5Bb
>      GkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=UtpwkuoswT-6aK0he6
>      dSS-0dvZfIcRjbfj_Eu4A-c6E&e=
>      >    5.
>      [39]https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.a
>      ndroid.com_reference_android_net_IpSecManager-23allocateSecurityPara
>      meterIndex-28java.net.InetAddress&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&
>      r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkf
>      A2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=fVmYoLIpyuMX3AtAkU7ej
>      R1dno_8QtnhCKLMD4BmURc&e=
>      >
>      >    Hidden links:
>      >    7. [40]https://aka.ms/GetOutlookForMac
> 
>    --
> 
>    --
>    Best,
>    Yan
> 
> References
> 
>    1. mailto:antony.antony@secunet.com
>    2. mailto:evitayan@google.com
>    3. mailto:antony.antony@secunet.com
>    4. mailto:evitayan@google.com
>    5. mailto:nharold@google.com
>    6. mailto:tobias@strongswan.org
>    7. mailto:antony.antony@secunet.com
>    8. mailto:antony.antony@secunet.com
>    9. mailto:steffen.klassert@secunet.com
>   10. mailto:paul@nohats.ca
>   11. mailto:paul@nohats.ca
>   12. mailto:netdev@vger.kernel.org
>   13. mailto:netdev@vger.kernel.org
>   14. mailto:herbert@gondor.apana.org.au
>   15. mailto:davem@davemloft.net
>   16. mailto:edumazet@google.com
>   17. mailto:kuba@kernel.org
>   18. mailto:pabeni@redhat.com
>   19. mailto:pabeni@redhat.com
>   20. mailto:horms@kernel.org
>   21. mailto:horms@kernel.org
>   22. mailto:saakashkumar@marvell.com
>   23. mailto:akamluddin@marvell.com
>   24. mailto:akamluddin@marvell.com
>   25. mailto:greg@kroah.com
>   26. mailto:greg@kroah.com
>   27. mailto:nharold@google.com
>   28. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.an
>   29. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.an
>   30. mailto:tobias@strongswan.org
>   31. mailto:nharold@google.com
>   32. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.andro
>   33. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.andro
>   34. mailto:tobias@strongswan.org
>   35. https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!tG3Tv5d8inv1_6DXc1X1B4ctthRq2qCkR8nIF_n_SOJiXQ-SqG_LUk--J5LZEwV9jGdXABQriDruLYnPEg$
>   36. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.android.com_reference_android_net_IpSecManager-23&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=9txNFXC-wFiRFV_QJlIQLW2AWSbERIOWcGHJfuQP2ZA&e=
>   37. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.android.com_reference_android_net_IpSecManager-23&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=9txNFXC-wFiRFV_QJlIQLW2AWSbERIOWcGHJfuQP2ZA&e=
>   38. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.android.com_reference_android_net_IpSecManager-23allocateSecurityParameterIndex-28java.net.InetAddress-29&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=UtpwkuoswT-6aK0he6dSS-0dvZfIcRjbfj_Eu4A-c6E&e=
>   39. https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.android.com_reference_android_net_IpSecManager-23allocateSecurityParameterIndex-28java.net.InetAddress&d=DwIDaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=r6Wzn5LnVsk7Tgc5x4l_c04I_Hr_8TYqFn-YFi_gjqI&m=JsnNMKKypJWISL5BbGkfA2yD1_H51rd5M6YO4NG3WpRdteRwP5OdfTJFNEK0Xiec&s=fVmYoLIpyuMX3AtAkU7ejR1dno_8QtnhCKLMD4BmURc&e=
>   40. https://aka.ms/GetOutlookForMac

^ permalink raw reply

* RE: [Intel-wired-lan] [PATCH net v3 5/5] iavf: refactor virtchnl polling into single function
From: Jose Ignacio Tornos Martinez @ 2026-04-16  5:51 UTC (permalink / raw)
  To: aleksandr.loktionov
  Cc: anthony.l.nguyen, davem, edumazet, intel-wired-lan,
	jesse.brandeburg, jtornosm, kuba, netdev, pabeni,
	przemyslaw.kitszel
In-Reply-To: <IA3PR11MB8986843CDCC4F6DC6CD015FDE5252@IA3PR11MB8986.namprd11.prod.outlook.com>

Hello Aleksandr,

Thank you for your comments.
I wanted to link this patch in some way with patch 3/5, but you are right,
perhaps as a refactoring, better for net-next.
Anyway, I am going to wait for Przemek and
"iavf: add iavf_poll_virtchnl_response()" merge, after that I will rebase
and I will create another version of the series, dropping this for now.

Best regards
Jose Ignacio


^ permalink raw reply

* Re: [net-next v1 1/3] net: phy: motorcomm: Add yt8531_set_ds() mdio_locked bool parameter
From: Minda Chen @ 2026-04-16  6:03 UTC (permalink / raw)
  To: Andrew Lunn
  Cc: Frank, Andrew Lunn, Heiner Kallweit, David S . Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
In-Reply-To: <f308dd00-e589-48e8-8edb-d3b9ed5565e6@lunn.ch>



> 
> On Wed, Apr 15, 2026 at 05:26:52PM +0800, Minda Chen wrote:
> > yt8531_set_ds() default set register with mdio lock and only called
> > with YT8531 PHY. But new type YT8531s support RGMII and has the same
> > pin strength setting with YT8531, YT8531s need to call yt8531_set_ds()
> > setting pin drive strength. But Its config init function
> > yt8521_config_init() already get the mdio lock with phy_select_page().
> >
> > Need to add ytphy API without lock in yt8531_set_ds() and a new bool
> > parameter for YT8531s RGMII case.
> 
> This is ugly.
> 
> Please try to modify the code so that both PHYs can call
> yt8531_set_ds() in the same locking context. You then don't need the
> mdio_locked parameter.
> 
>     Andrew
> 
> ---
> pw-bot: cr

Okay Thanks Andrew.

Hi Frank
   Could you review patch3? Thanks.

^ permalink raw reply

* RE: [net-next,v3,06/13] net: renesas: rswitch: add forwarding rules for gwca
From: Michael Dege @ 2026-04-16  6:19 UTC (permalink / raw)
  To: Paolo Abeni
  Cc: paul@pbarker.dev, niklas.soderlund, kuba@kernel.org,
	Yoshihiro Shimoda, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, edumazet@google.com,
	linux-renesas-soc@vger.kernel.org, andrew+netdev@lunn.ch,
	davem@davemloft.net
In-Reply-To: <20260402125933.234477-1-pabeni@redhat.com>

Hello Paolo,

Thank you very much for your review.

> -----Original Message-----
> From: Paolo Abeni <pabeni@redhat.com>
> Sent: Thursday, April 2, 2026 3:00 PM
> To: Michael Dege <michael.dege@renesas.com>
> Cc: paul@pbarker.dev; niklas.soderlund <niklas.soderlund@ragnatech.se>; kuba@kernel.org; Yoshihiro
> Shimoda <yoshihiro.shimoda.uh@renesas.com>; netdev@vger.kernel.org; linux-kernel@vger.kernel.org;
> edumazet@google.com; pabeni@redhat.com; linux-renesas-soc@vger.kernel.org; andrew+netdev@lunn.ch;
> davem@davemloft.net
> Subject: Re: [net-next,v3,06/13] net: renesas: rswitch: add forwarding rules for gwca
>
> This is an AI-generated review of your patch. The human sending this email has considered the AI
> review valid, or at least plausible.
>
> For local reproduction steps see
> https://netdev-ai.bots.linux.dev/ai-
> local.html&data=05%7C02%7Cmichael.dege%40renesas.com%7Cce95b7b1d9df4483358208de90b7b638%7C53d82571da19
> 47e49cb4625a166a4a2a%7C0%7C0%7C639107315865778020%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYi
> OiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dee%2F%2Bmcpl10Pk%
> 2BHTcL0u75PN%2F4FFyv9xB2kWqnwj%2B9Q%3D&reserved=0
> ---
> net: renesas: rswitch: add forwarding rules for gwca
>
> Add rules to forward packets from the Ethernet ports to the CPU port (GWCA) using L2 forwarding
> instead of port forwarding.
>
> > diff --git a/drivers/net/ethernet/renesas/rswitch_l2.c
> > b/drivers/net/ethernet/renesas/rswitch_l2.c
> > index 709524c8a5c4..cabf1f92ad0c 100644
> > --- a/drivers/net/ethernet/renesas/rswitch_l2.c
> > +++ b/drivers/net/ethernet/renesas/rswitch_l2.c
> > @@ -93,10 +93,32 @@ static void rswitch_update_l2_hw_forwarding(struct rswitch_private *priv)
> >     }
> >  }
> >
> > +static void rswitch_update_l2_hw_forwarding_gwca(struct
> > +rswitch_private *priv) {
> > +   struct rswitch_device *rdev;
> > +   u32 fwpc0_set, fwpc0_clr, fwpc2_set, fwpc2_clr;
> > +
> > +   fwpc0_clr = FWPC0_MACSSA | FWPC0_MACDSA | FWPC0_MACRUDA;
> > +   fwpc0_set = fwpc0_clr;
> > +   fwpc2_clr = FIELD_PREP(FWPC2_LTWFW, BIT(AGENT_INDEX_GWCA));
> > +   fwpc2_set = fwpc2_clr;
> > +
> > +   (priv->offload_brdev) ? (fwpc0_clr = 0, fwpc2_set = 0)
> > +                         : (fwpc0_set = 0, fwpc2_set = 0);
> >                                             ^^^^^^^^^^^
>
> Does the false branch have a copy-paste error? Looking at the ternary
> operator:
>
> The TRUE branch (when offload_brdev is set) assigns:
>     fwpc0_clr = 0
>     fwpc2_set = 0
>
> The FALSE branch (when offload_brdev is NULL) assigns:
>     fwpc0_set = 0
>     fwpc2_set = 0   <- assigns to fwpc2_set
>
> Both branches assign to fwpc2_set, leaving fwpc2_clr unchanged with the initialized value
> FIELD_PREP(FWPC2_LTWFW, BIT(AGENT_INDEX_GWCA)).
>
> This appears to break the logic for non-offloaded mode. The FALSE branch passes fwpc2_clr with the
> GWCA bit set to rswitch_modify(), which clears the GWCA bit from the FWPC2 registers. Is this the
> intended behavior when bridge offload is disabled?
>
> The symmetric pattern in the TRUE branch suggests the FALSE branch should be (fwpc0_set = 0, fwpc2_clr
> = 0) instead.

Good catch, this is indeed a copy paste error. I fixed it for the next version.

Best regards,

Michael
>
> > +
> > +   rswitch_modify(priv->addr, FWPC0(AGENT_INDEX_GWCA), fwpc0_clr,
> > +fwpc0_set);
> > +
> > +   rswitch_for_all_ports(priv, rdev) {
> > +           rswitch_modify(priv->addr, FWPC2(rdev->etha->index),
> > +                          fwpc2_clr, fwpc2_set);
> > +   }
> > +}
> > +
> >  void rswitch_update_l2_offload(struct rswitch_private *priv)  {
> >     rswitch_update_l2_hw_learning(priv);
> >     rswitch_update_l2_hw_forwarding(priv);
> > +   rswitch_update_l2_hw_forwarding_gwca(priv);
> >  }
>
> [ ... ]


^ permalink raw reply

* Re: [PATCH net-next 5/6] net: stmmac: move PHY handling out of __stmmac_open()/release()
From: Alexander Stein @ 2026-04-16  6:20 UTC (permalink / raw)
  To: Russell King (Oracle)
  Cc: Andrew Lunn, Heiner Kallweit, Alexandre Torgue, Andrew Lunn,
	David S. Miller, Eric Dumazet, Jakub Kicinski, linux-arm-kernel,
	linux-stm32, Maxime Coquelin, netdev, Paolo Abeni
In-Reply-To: <ad-LtOBrKREM1tCk@shell.armlinux.org.uk>

Am Mittwoch, 15. April 2026, 14:59:32 CEST schrieb Russell King (Oracle):
> On Wed, Apr 15, 2026 at 08:08:40AM +0200, Alexander Stein wrote:
> > Hi,
> > 
> > Am Dienstag, 23. September 2025, 13:26:19 CEST schrieb Russell King (Oracle):
> > > Move the PHY attachment/detachment from the network driver out of
> > > __stmmac_open() and __stmmac_release() into stmmac_open() and
> > > stmmac_release() where these actions will only happen when the
> > > interface is administratively brought up or down. It does not make
> > > sense to detach and re-attach the PHY during a change of MTU.
> > 
> > Sorry for coming up now. But I recently noticed this commit breaks changing
> > the MTU on i.MX8MP. Once I simply change the MTU I run into some DMA error:
> > $ ip link set dev end1 mtu 1400
> > imx-dwmac 30bf0000.ethernet end1: Register MEM_TYPE_PAGE_POOL RxQ-0
> > imx-dwmac 30bf0000.ethernet end1: Register MEM_TYPE_PAGE_POOL RxQ-1
> > imx-dwmac 30bf0000.ethernet end1: Register MEM_TYPE_PAGE_POOL RxQ-2
> > imx-dwmac 30bf0000.ethernet end1: Register MEM_TYPE_PAGE_POOL RxQ-3
> > imx-dwmac 30bf0000.ethernet end1: Register MEM_TYPE_PAGE_POOL RxQ-4
> > imx-dwmac 30bf0000.ethernet end1: Link is Down
> > imx-dwmac 30bf0000.ethernet end1: Failed to reset the dma
> > imx-dwmac 30bf0000.ethernet end1: stmmac_hw_setup: DMA engine initialization failed
> 
> This basically means that a clock is missing. Please provide more
> information:
> 
> - what kernel version are you using?

Currently I am using v6.18.22.
$ ethtool -i end1
driver: st_gmac
version: 6.18.22
firmware-version: 
expansion-rom-version: 
bus-info: 30bf0000.ethernet
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: no

> - has EEE been negotiated?

No. It is marked as not supported

$ ethtool --show-eee end1
EEE settings for end1:
        EEE status: not supported

> - does the problem persist when EEE is disabled?

As EEE is not supported the problem occurs even with EEE disabled.

> - which PHY is attached to stmmac?

It is a TI DP83867.

imx-dwmac 30bf0000.ethernet eth1: PHY [stmmac-1:03] driver [TI DP83867] (irq=136)

> - which PHY interface mode is being used to connect the PHY to stmmac?

For this interface
> phy-mode = "rgmii-id";
is set.

In case it is helpful. My platform is arch/arm64/boot/dts/freescale/imx8mp-tqma8mpql-mba8mpxl.dts
Thanks for assisting. If there a further questions, don't hesitate to ask.

Thanks and best regards
Alexander
-- 
TQ-Systems GmbH | Mühlstraße 2, Gut Delling | 82229 Seefeld, Germany
Amtsgericht München, HRB 105018
Geschäftsführer: Detlef Schneider, Rüdiger Stahl, Stefan Schneider
http://www.tq-group.com/




^ permalink raw reply

* Re: [net,PATCH v3 1/2] net: ks8851: Reinstate disabling of BHs around IRQ handler
From: Sebastian Andrzej Siewior @ 2026-04-16  6:21 UTC (permalink / raw)
  To: Marek Vasut
  Cc: netdev, stable, David S. Miller, Andrew Lunn, Eric Dumazet,
	Jakub Kicinski, Nicolai Buchwitz, Paolo Abeni, Ronald Wahl,
	Yicong Hui, linux-kernel
In-Reply-To: <7734527a-d08b-49fa-b258-c37c5ae2da55@nabladev.com>

On 2026-04-16 01:14:35 [+0200], Marek Vasut wrote:
> > spin_unlock_bh(&ks->statelock)? After that unlock, the softirq must be
> > processed and __netdev_alloc_skb() _could_ observe pending softirqs but
> > not from ks8851.
> Because __netdev_alloc_skb() also enables/disables BH , see the "else"

Yes. But there is no softirq raised in that part. That softirq is raised
by netif_wake_queue() within a bh disabled section. Therefore upon the
unlock the softirq must be invoked.
After that, rhe allocation later on may invoke softirqs which were
raised but I don't see how ks8851 can be part of it.
Before commit 0913ec336a6c0 ("net: ks8851: Fix deadlock with the SPI
chip variant") there was no _bh around it meaning the softirq was raised
but not invoked immediately. This happened on the bh unlock during
memory allocation. Therefore I am saying this backtrace is from an older
kernel.

If there is a flaw in my the theory please explain _how_ you managed
that get that backtrace. I am sure it must have from an older kernel and
_now_ this lockup also happens on !RT kernels (except for the SPI
platform).

Sebastian

^ permalink raw reply

* [PATCH] selftests: net: add RDMA CM observability and regression scripts
From: Chenguang Zhao @ 2026-04-16  6:22 UTC (permalink / raw)
  To: Shuah Khan, Andrew Lunn, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni
  Cc: Chenguang Zhao, netdev, linux-kselftest

Add a minimal RDMA CM selftest suite that captures observability
baselines and runs trace, counter-delta, and fault-injection oriented
checks, plus a review-loop helper for repeated validation rounds.

Usage (client side):
- export
  CM_WORKLOAD_CMD='ib_send_bw -d <dev> -i <port> -R -g <gid> <server_ip>'
  (User can customize CM_WORKLOAD_CMD)
- sudo -E make -C tools/testing/selftests
  TARGETS=drivers/net/rdma run_tests

Signed-off-by: Chenguang Zhao <zhaochenguang@kylinos.cn>
---
  The first patch adds a focused RDMA CM selftest suite under
  kselftest to make CM behavior easier to observe and validate
  in routine regression runs.

  It introduces baseline collection, trace-sequence checks,
  counter-delta checks, and failslab-based recovery checks, plus
  a review-loop script for one-shot serial execution. It also
  registers drivers/net/rdma in the top-level selftests TARGETS,
  so the suite runs through standard kselftest flow
  (make ... TARGETS=drivers/net/rdma run_tests) instead of requiring
  manual script-by-script execution.
---
 tools/testing/selftests/Makefile              |   1 +
 .../selftests/drivers/net/rdma/Makefile       |  13 ++
 .../selftests/drivers/net/rdma/README.md      | 168 ++++++++++++++++++
 .../drivers/net/rdma/rdma_cm_baseline.sh      |  58 ++++++
 .../drivers/net/rdma/rdma_cm_counter_delta.sh |  72 ++++++++
 .../net/rdma/rdma_cm_fault_injection.sh       |  95 ++++++++++
 .../drivers/net/rdma/rdma_cm_review_loop.sh   |  35 ++++
 .../net/rdma/rdma_cm_trace_sequence.sh        |  83 +++++++++
 .../selftests/drivers/net/rdma/rdma_common.sh | 126 +++++++++++++
 9 files changed, 651 insertions(+)
 create mode 100644 tools/testing/selftests/drivers/net/rdma/Makefile
 create mode 100644 tools/testing/selftests/drivers/net/rdma/README.md
 create mode 100755 tools/testing/selftests/drivers/net/rdma/rdma_cm_baseline.sh
 create mode 100755 tools/testing/selftests/drivers/net/rdma/rdma_cm_counter_delta.sh
 create mode 100755 tools/testing/selftests/drivers/net/rdma/rdma_cm_fault_injection.sh
 create mode 100755 tools/testing/selftests/drivers/net/rdma/rdma_cm_review_loop.sh
 create mode 100755 tools/testing/selftests/drivers/net/rdma/rdma_cm_trace_sequence.sh
 create mode 100755 tools/testing/selftests/drivers/net/rdma/rdma_common.sh

diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
index 984abb6d42ab..0df7034f46b2 100644
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -22,6 +22,7 @@ TARGETS += drivers/ntsync
 TARGETS += drivers/s390x/uvdevice
 TARGETS += drivers/net
 TARGETS += drivers/net/bonding
+TARGETS += drivers/net/rdma
 TARGETS += drivers/net/netconsole
 TARGETS += drivers/net/team
 TARGETS += drivers/net/virtio_net
diff --git a/tools/testing/selftests/drivers/net/rdma/Makefile b/tools/testing/selftests/drivers/net/rdma/Makefile
new file mode 100644
index 000000000000..42d042aac1f0
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/Makefile
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: GPL-2.0
+
+TEST_PROGS := \
+	rdma_cm_baseline.sh \
+	rdma_cm_trace_sequence.sh \
+	rdma_cm_counter_delta.sh \
+	rdma_cm_fault_injection.sh
+
+TEST_FILES := \
+	rdma_common.sh \
+	rdma_cm_review_loop.sh
+
+include ../../../lib.mk
diff --git a/tools/testing/selftests/drivers/net/rdma/README.md b/tools/testing/selftests/drivers/net/rdma/README.md
new file mode 100644
index 000000000000..a9caca638b20
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/README.md
@@ -0,0 +1,168 @@
+# RDMA CM Selftests Usage Guide
+
+These scripts provide baseline observability and regression checks for RDMA/CM
+paths under the Linux `kselftest` framework.
+
+Files:
+
+- `rdma_cm_baseline.sh`
+- `rdma_cm_trace_sequence.sh`
+- `rdma_cm_counter_delta.sh`
+- `rdma_cm_fault_injection.sh`
+- `rdma_cm_review_loop.sh`
+- `rdma_common.sh`
+
+The scripts use a fixed test flow and only require workload commands from
+environment variables.
+
+## 1. Use Cases
+
+- CM main-flow observability checks (REQ/REP/RTU)
+- CM counter delta validation
+- Recovery validation after fault injection (`failslab`)
+- One-shot serial regression run
+
+## 2. Requirements
+
+- root privileges
+- Reachable client/server network path
+- Perftest command available on the remote side (default: `ib_send_bw -R`)
+- For fault injection: kernel support for `failslab` and access to
+  `/sys/kernel/debug/failslab`
+
+## 3. Recommended Execution Order
+
+```bash
+./rdma_cm_baseline.sh
+./rdma_cm_trace_sequence.sh
+./rdma_cm_counter_delta.sh
+./rdma_cm_fault_injection.sh
+```
+
+Or run all in sequence:
+
+```bash
+./rdma_cm_review_loop.sh
+```
+
+## 4. Quick Start (Two Hosts)
+
+### 4.1 Server side (recommended: loop and keep listening)
+
+```bash
+while true; do
+  ib_send_bw -d <server_ibdev> -i <server_port> -R
+  sleep 1
+done
+```
+
+### 4.2 Client side (set workload command)
+
+```bash
+export CM_WORKLOAD_CMD='ib_send_bw -d rocep1s0f0 -i 1 -R -g 3 192.168.1.22'
+export CM_VALIDATE_RECOVERY_CMD="${CM_WORKLOAD_CMD}"
+
+./rdma_cm_review_loop.sh
+```
+
+### 4.3 Run through kselftest harness
+
+```bash
+sudo -E make -C tools/testing/selftests TARGETS=drivers/net/rdma run_tests
+```
+
+`sudo -E` keeps exported workload variables for test scripts.
+
+### 4.4 Run a single script directly
+
+```bash
+cd tools/testing/selftests/drivers/net/rdma
+sudo -E ./rdma_cm_counter_delta.sh
+```
+
+## 5. Configuration Parameters
+
+Only workload command variables are supported:
+
+- `CM_WORKLOAD_CMD`: required; workload command used by trace/counter/fault tests
+- `CM_VALIDATE_RECOVERY_CMD`: optional; command for recovery stage in fault
+  injection test (falls back to `CM_WORKLOAD_CMD`)
+
+Fixed internal settings:
+
+- Counter pre-wait: `2s`
+- Recovery pre-wait: `2s`
+- Failslab path: `/sys/kernel/debug/failslab`
+- Failslab knobs: `task-filter=1`, `probability=1`, `interval=100`, `times=1`
+- Counter limits: `cm_rx_duplicates.* <= 10`, `cm_tx_retries.* <= 10`
+- Trace log path: `/tmp/rdma_cm_trace.<timestamp>.log`
+
+## 6. Exit Codes
+
+- `0`: pass
+- `4`: skip (environment not ready, e.g. missing tracefs/failslab/counters)
+- other non-zero: fail
+
+## 7. Result Interpretation
+
+When running with kselftest (`make ... run_tests`), TAP output looks like:
+
+```text
+ok 1 selftests: drivers/net/rdma: rdma_cm_baseline.sh
+ok 2 selftests: drivers/net/rdma: rdma_cm_trace_sequence.sh
+not ok 3 selftests: drivers/net/rdma: rdma_cm_counter_delta.sh # exit=1
+```
+
+- `ok N ...`: that script passed
+- `not ok N ... # exit=1`: that script failed
+- `not ok N ... # exit=4`: that script was skipped by environment checks
+
+When running `rdma_cm_review_loop.sh` directly, check the final summary block:
+
+```text
+==== summary ====
+baseline=0
+trace=0
+counters=1
+fault_injection=0
+```
+
+Each value is the corresponding script return code.
+
+## 8. Common Issues
+
+### 8.1 `cm counters are unavailable under /sys/class/infiniband`
+
+The script did not find `cm_tx_msgs` (and related) counters. Check:
+
+- whether `cm_tx_msgs` exists under any available RDMA port path
+
+### 8.2 `missing CM send trace events (req/rep/rtu)`
+
+This usually means workload did not create a CM handshake. Verify
+`CM_WORKLOAD_CMD` and remote server readiness.
+
+### 8.3 `Unexpected CM event ... 8`
+
+Usually means the server was not ready for the next connection. Try:
+
+- keep server in a listening loop
+- ensure the remote server is still listening before the recovery stage
+
+### 8.4 `failslab is unavailable`
+
+Expected skip when failslab is not exposed by kernel/debugfs. Check:
+
+```bash
+mount | grep debugfs
+ls /sys/kernel/debug/failslab
+```
+
+## 9. Minimal Regression Profile
+
+```bash
+export CM_WORKLOAD_CMD='ib_send_bw -d <client_ibdev> -i 1 -R -g <gid_idx> <server_ip>'
+export CM_VALIDATE_RECOVERY_CMD="${CM_WORKLOAD_CMD}"
+
+./rdma_cm_review_loop.sh
+```
diff --git a/tools/testing/selftests/drivers/net/rdma/rdma_cm_baseline.sh b/tools/testing/selftests/drivers/net/rdma/rdma_cm_baseline.sh
new file mode 100755
index 000000000000..b0d8b3e46470
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/rdma_cm_baseline.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "${SCRIPT_DIR}/rdma_common.sh"
+
+require_root
+require_cmd date
+require_cmd uname
+
+trace_dir="$(tracefs_dir || true)"
+counter_root="$(find_cm_counter_root || true)"
+out_dir="/tmp/rdma_cm_baseline.$(date +%s)"
+dmesg_lines=400
+dmesg_pattern="ib_cm|infiniband|rdma|roce|mlx|hns_roce|irdma|siw|rxe"
+
+mkdir -p "${out_dir}"
+
+log_info "writing baseline to ${out_dir}"
+
+{
+	echo "timestamp=$(date -u +%FT%TZ)"
+	echo "kernel=$(uname -r)"
+	echo "hostname=$(uname -n)"
+	echo "dmesg_lines=${dmesg_lines}"
+	echo "dmesg_pattern=${dmesg_pattern}"
+} >"${out_dir}/env.txt"
+
+if [[ -n "${trace_dir}" && -d "${trace_dir}/events/ib_cma" ]]; then
+	find "${trace_dir}/events/ib_cma" -maxdepth 2 -name enable -print \
+		>"${out_dir}/trace_events.list" 2>/dev/null || true
+else
+	log_warn "tracefs or ib_cma trace events are unavailable"
+fi
+
+if [[ -n "${counter_root}" ]]; then
+	{
+		echo "counter_root=${counter_root}"
+		for group in "${RDMA_COUNTER_GROUPS[@]}"; do
+			for attr in "${RDMA_COUNTER_ATTRS[@]}"; do
+				value="$(read_cm_counter "${counter_root}" "${group}" "${attr}")"
+				echo "${group}.${attr}=${value}"
+			done
+		done
+	} >"${out_dir}/cm_counters.before"
+else
+	log_warn "cm counters are unavailable under /sys/class/infiniband"
+fi
+
+if command -v dmesg >/dev/null 2>&1; then
+	dmesg | tail -n "${dmesg_lines}" | grep -E "${dmesg_pattern}" \
+		>"${out_dir}/dmesg.rdma.tail" || true
+fi
+
+log_info "baseline collection completed"
+exit 0
diff --git a/tools/testing/selftests/drivers/net/rdma/rdma_cm_counter_delta.sh b/tools/testing/selftests/drivers/net/rdma/rdma_cm_counter_delta.sh
new file mode 100755
index 000000000000..060adf9fe78a
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/rdma_cm_counter_delta.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "${SCRIPT_DIR}/rdma_common.sh"
+
+require_root
+counter_root="$(find_cm_counter_root || true)"
+counter_wait_sec=2
+
+if [[ -z "${counter_root}" ]]; then
+	log_warn "cm counters are unavailable under /sys/class/infiniband"
+	exit "${ksft_skip}"
+fi
+
+declare -A before after
+
+for group in "${RDMA_COUNTER_GROUPS[@]}"; do
+	for attr in "${RDMA_COUNTER_ATTRS[@]}"; do
+		key="${group}.${attr}"
+		before["${key}"]="$(read_cm_counter "${counter_root}" "${group}" "${attr}")"
+	done
+done
+
+if [[ "${counter_wait_sec}" != "0" ]]; then
+	log_info "waiting ${counter_wait_sec}s before workload"
+	sleep "${counter_wait_sec}"
+fi
+
+workload_rc=0
+run_workload || workload_rc=$?
+if [[ "${workload_rc}" -eq "${ksft_skip}" ]]; then
+	exit "${ksft_skip}"
+fi
+if [[ "${workload_rc}" -ne 0 ]]; then
+	log_err "workload failed with rc=${workload_rc}"
+	exit "${workload_rc}"
+fi
+
+for group in "${RDMA_COUNTER_GROUPS[@]}"; do
+	for attr in "${RDMA_COUNTER_ATTRS[@]}"; do
+		key="${group}.${attr}"
+		after["${key}"]="$(read_cm_counter "${counter_root}" "${group}" "${attr}")"
+		delta=$((after["${key}"] - before["${key}"]))
+		echo "${key}.delta=${delta}"
+		if ((delta < 0)); then
+			log_err "counter regressed: ${key}"
+			exit 1
+		fi
+	done
+done
+
+dup_limit=10
+retry_limit=10
+
+for attr in "${RDMA_COUNTER_ATTRS[@]}"; do
+	dup_delta=$((after["cm_rx_duplicates.${attr}"] - before["cm_rx_duplicates.${attr}"]))
+	retry_delta=$((after["cm_tx_retries.${attr}"] - before["cm_tx_retries.${attr}"]))
+
+	if ((dup_delta > dup_limit)); then
+		log_err "duplicate counter exceeds limit: ${attr}=${dup_delta}"
+		exit 1
+	fi
+	if ((retry_delta > retry_limit)); then
+		log_err "retry counter exceeds limit: ${attr}=${retry_delta}"
+		exit 1
+	fi
+done
+
+exit 0
diff --git a/tools/testing/selftests/drivers/net/rdma/rdma_cm_fault_injection.sh b/tools/testing/selftests/drivers/net/rdma/rdma_cm_fault_injection.sh
new file mode 100755
index 000000000000..0202ee901386
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/rdma_cm_fault_injection.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "${SCRIPT_DIR}/rdma_common.sh"
+
+require_root
+
+debugfs_fail="/sys/kernel/debug/failslab"
+recovery_wait_sec=2
+if [[ ! -d "${debugfs_fail}" ]]; then
+	log_warn "failslab is unavailable: ${debugfs_fail}"
+	exit "${ksft_skip}"
+fi
+
+for knob in probability interval times task-filter; do
+	if [[ ! -f "${debugfs_fail}/${knob}" ]]; then
+		log_warn "failslab knob missing: ${knob}"
+		exit "${ksft_skip}"
+	fi
+done
+
+orig_probability="$(cat "${debugfs_fail}/probability")"
+orig_interval="$(cat "${debugfs_fail}/interval")"
+orig_times="$(cat "${debugfs_fail}/times")"
+orig_task_filter="$(cat "${debugfs_fail}/task-filter")"
+
+restore_knobs()
+{
+	echo "${orig_probability}" >"${debugfs_fail}/probability" || true
+	echo "${orig_interval}" >"${debugfs_fail}/interval" || true
+	echo "${orig_times}" >"${debugfs_fail}/times" || true
+	echo "${orig_task_filter}" >"${debugfs_fail}/task-filter" || true
+}
+
+trap restore_knobs EXIT
+
+log_failslab_state()
+{
+	local state="$1"
+	local task_filter probability interval times
+
+	task_filter="$(cat "${debugfs_fail}/task-filter")"
+	probability="$(cat "${debugfs_fail}/probability")"
+	interval="$(cat "${debugfs_fail}/interval")"
+	times="$(cat "${debugfs_fail}/times")"
+
+	log_info "failslab ${state}: task-filter=${task_filter} probability=${probability}"
+	log_info "failslab ${state}: interval=${interval} times=${times}"
+}
+
+echo 1 >"${debugfs_fail}/task-filter"
+echo 1 >"${debugfs_fail}/probability"
+echo 100 >"${debugfs_fail}/interval"
+echo 1 >"${debugfs_fail}/times"
+log_failslab_state "enabled"
+
+if [[ -z "${CM_WORKLOAD_CMD:-}" && -n "${CM_VALIDATE_RECOVERY_CMD:-}" ]]; then
+	CM_WORKLOAD_CMD="${CM_VALIDATE_RECOVERY_CMD}"
+	log_warn "CM_WORKLOAD_CMD is not set; fallback to CM_VALIDATE_RECOVERY_CMD"
+fi
+
+injected_rc=0
+run_workload || injected_rc=$?
+if [[ "${injected_rc}" -eq "${ksft_skip}" ]]; then
+	exit "${ksft_skip}"
+fi
+log_info "workload rc under injection=${injected_rc}"
+
+echo 0 >"${debugfs_fail}/probability"
+echo 0 >"${debugfs_fail}/times"
+echo 0 >"${debugfs_fail}/task-filter"
+log_failslab_state "disabled"
+
+recovery_cmd="${CM_VALIDATE_RECOVERY_CMD:-${CM_WORKLOAD_CMD:-}}"
+if [[ -z "${recovery_cmd}" ]]; then
+	log_warn "CM_VALIDATE_RECOVERY_CMD and CM_WORKLOAD_CMD are both unset"
+	exit "${ksft_skip}"
+fi
+
+if [[ "${recovery_wait_sec}" != "0" ]]; then
+	log_info "waiting ${recovery_wait_sec}s before recovery workload"
+	sleep "${recovery_wait_sec}"
+fi
+
+log_info "running recovery workload: ${recovery_cmd}"
+if ! bash -c "${recovery_cmd}"; then
+	log_err "recovery workload failed after disabling fault injection"
+	log_err "hint: ensure remote server is restarted and listening for a second connection"
+	exit 1
+fi
+
+exit 0
diff --git a/tools/testing/selftests/drivers/net/rdma/rdma_cm_review_loop.sh b/tools/testing/selftests/drivers/net/rdma/rdma_cm_review_loop.sh
new file mode 100755
index 000000000000..c156090b17e3
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/rdma_cm_review_loop.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+cd "${SCRIPT_DIR}"
+
+declare -A rc
+
+run_step()
+{
+	local name="$1"
+	local cmd="$2"
+
+	echo "==== ${name} ===="
+	if bash -c "${cmd}"; then
+		rc["${name}"]=0
+	else
+		rc["${name}"]=$?
+	fi
+	echo "==== ${name} rc=${rc["${name}"]} ===="
+}
+
+run_step baseline "./rdma_cm_baseline.sh"
+run_step trace "./rdma_cm_trace_sequence.sh"
+run_step counters "./rdma_cm_counter_delta.sh"
+run_step fault_injection "./rdma_cm_fault_injection.sh"
+
+echo "==== summary ===="
+for name in baseline trace counters fault_injection; do
+	echo "${name}=${rc["${name}"]}"
+done
+
+exit 0
diff --git a/tools/testing/selftests/drivers/net/rdma/rdma_cm_trace_sequence.sh b/tools/testing/selftests/drivers/net/rdma/rdma_cm_trace_sequence.sh
new file mode 100755
index 000000000000..7e68289345e8
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/rdma_cm_trace_sequence.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+source "${SCRIPT_DIR}/rdma_common.sh"
+
+require_root
+require_cmd bash
+require_cmd grep
+
+trace_dir="$(tracefs_dir || true)"
+if [[ -z "${trace_dir}" ]]; then
+	log_warn "tracefs is unavailable"
+	exit "${ksft_skip}"
+fi
+
+if [[ ! -d "${trace_dir}/events/ib_cma" ]]; then
+	log_warn "ib_cma trace events are unavailable"
+	exit "${ksft_skip}"
+fi
+
+workload_rc=0
+
+cleanup_trace()
+{
+	local event
+
+	for event in icm_send_req icm_send_rep icm_send_rtu icm_recv_unknown_attr; do
+		[[ -f "${trace_dir}/events/ib_cma/${event}/enable" ]] && \
+			echo 0 >"${trace_dir}/events/ib_cma/${event}/enable"
+	done
+	[[ -f "${trace_dir}/events/ib_cma/enable" ]] && echo 0 >"${trace_dir}/events/ib_cma/enable"
+	echo 0 >"${trace_dir}/tracing_on"
+}
+
+trap cleanup_trace EXIT
+
+echo 0 >"${trace_dir}/tracing_on"
+echo >"${trace_dir}/trace"
+echo 1 >"${trace_dir}/events/ib_cma/enable"
+
+for event in icm_send_req icm_send_rep icm_send_rtu; do
+	if [[ -f "${trace_dir}/events/ib_cma/${event}/enable" ]]; then
+		echo 1 >"${trace_dir}/events/ib_cma/${event}/enable"
+	fi
+done
+
+echo 1 >"${trace_dir}/tracing_on"
+run_workload || workload_rc=$?
+echo 0 >"${trace_dir}/tracing_on"
+
+if [[ "${workload_rc}" -eq "${ksft_skip}" ]]; then
+	exit "${ksft_skip}"
+fi
+
+trace_log="/tmp/rdma_cm_trace.$(date +%s).log"
+cat "${trace_dir}/trace" >"${trace_log}"
+log_info "captured trace at ${trace_log}"
+
+if ! grep -Eq "icm_send_(req|rep|rtu)" "${trace_log}"; then
+	log_err "missing CM send trace events (req/rep/rtu)"
+	exit 1
+fi
+
+err_lines="$(grep "icm_.*_err" "${trace_log}" || true)"
+if [[ -n "${err_lines}" ]]; then
+	# DREP send failure while already in TIMEWAIT is a common teardown
+	# race and is tolerated for this smoke-style validation script.
+	untolerated_err_lines="$(
+		printf '%s\n' "${err_lines}" | \
+			grep -Ev "icm_send_drep_err: .*state=TIMEWAIT" || true
+	)"
+	if [[ -n "${untolerated_err_lines}" ]]; then
+		log_err "error trace event detected in ib_cma path"
+		printf '%s\n' "${untolerated_err_lines}" >&2
+		exit 1
+	fi
+	log_warn "only tolerated TIMEWAIT drep errors observed"
+fi
+
+exit 0
diff --git a/tools/testing/selftests/drivers/net/rdma/rdma_common.sh b/tools/testing/selftests/drivers/net/rdma/rdma_common.sh
new file mode 100755
index 000000000000..ee3d8b0d86b2
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/rdma/rdma_common.sh
@@ -0,0 +1,126 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+ksft_skip=4
+RET=0
+
+RDMA_COUNTER_GROUPS=(
+	cm_tx_msgs
+	cm_tx_retries
+	cm_rx_msgs
+	cm_rx_duplicates
+)
+
+RDMA_COUNTER_ATTRS=(
+	req
+	mra
+	rej
+	rep
+	rtu
+	dreq
+	drep
+	sidr_req
+	sidr_rep
+	lap
+	apr
+)
+
+log_info()
+{
+	echo "INFO: $*"
+}
+
+log_warn()
+{
+	echo "WARN: $*" >&2
+}
+
+log_err()
+{
+	echo "ERROR: $*" >&2
+}
+
+require_root()
+{
+	if [[ "$(id -u)" -ne 0 ]]; then
+		log_warn "this test requires root privileges"
+		exit "${ksft_skip}"
+	fi
+}
+
+require_cmd()
+{
+	local cmd="$1"
+
+	command -v "${cmd}" >/dev/null 2>&1 || {
+		log_warn "missing required command: ${cmd}"
+		exit "${ksft_skip}"
+	}
+}
+
+tracefs_dir()
+{
+	if [[ -d /sys/kernel/tracing ]]; then
+		echo /sys/kernel/tracing
+	elif [[ -d /sys/kernel/debug/tracing ]]; then
+		echo /sys/kernel/debug/tracing
+	else
+		return 1
+	fi
+}
+
+find_cm_counter_root()
+{
+	local base
+	local port
+	local candidate
+
+	for base in /sys/class/infiniband/*; do
+		[[ -d "${base}" ]] || continue
+
+		for port in "${base}"/ports/*; do
+			[[ -d "${port}" ]] || continue
+			# RoCE / newer sysfs: cm_* groups live directly under ports/<N>/
+			if [[ -d "${port}/cm_tx_msgs" ]]; then
+				echo "${port}"
+				return 0
+			fi
+			# Legacy layout: under counters/ or hw_counters/
+			for candidate in "${port}/counters" "${port}/hw_counters"; do
+				[[ -d "${candidate}/cm_tx_msgs" ]] || continue
+				echo "${candidate}"
+				return 0
+			done
+		done
+	done
+
+	return 1
+}
+
+read_cm_counter()
+{
+	local root="$1"
+	local group="$2"
+	local attr="$3"
+	local path="${root}/${group}/${attr}"
+
+	if [[ -f "${path}" ]]; then
+		cat "${path}" 2>/dev/null
+	else
+		echo 0
+	fi
+}
+
+run_workload()
+{
+	local cmd="${CM_WORKLOAD_CMD:-}"
+
+	if [[ -z "${cmd}" ]]; then
+		log_warn "CM_WORKLOAD_CMD is not set"
+		return "${ksft_skip}"
+	fi
+
+	log_info "running workload: ${cmd}"
+	bash -c "${cmd}"
+}
+
-- 
2.25.1


^ permalink raw reply related

* Re: [PATCH v3 4/4] rust_binder: report netlink transactions
From: Alice Ryhl @ 2026-04-16  7:00 UTC (permalink / raw)
  To: Andrew Lunn
  Cc: Miguel Ojeda, Boqun Feng, Gary Guo, Björn Roy Baron,
	Benno Lossin, Andreas Hindborg, Trevor Gross, Danilo Krummrich,
	Donald Hunter, Jakub Kicinski, David S. Miller, Eric Dumazet,
	Paolo Abeni, Simon Horman, Greg Kroah-Hartman,
	Arve Hjønnevåg, Todd Kjos, Christian Brauner,
	Carlos Llamas, linux-kernel, rust-for-linux, netdev
In-Reply-To: <96fff93c-c7ae-4480-8e0e-9f72c02a7b34@lunn.ch>

On Thu, Apr 16, 2026 at 02:46:18AM +0200, Andrew Lunn wrote:
> On Wed, Apr 15, 2026 at 09:37:54AM +0000, Alice Ryhl wrote:
> > From: Carlos Llamas <cmllamas@google.com>
> > 
> > The Android Binder driver supports a netlink API that reports
> > transaction *failures* to a userapce daemon. This allows devices to
> 
> userspace ?

Good catch, thanks.

Alice

^ permalink raw reply

* RE: [net-next,v3,13/13] net: renesas: rswitch: add vlan aware switching
From: Michael Dege @ 2026-04-16  7:04 UTC (permalink / raw)
  To: Paolo Abeni
  Cc: paul@pbarker.dev, niklas.soderlund, kuba@kernel.org,
	Yoshihiro Shimoda, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, edumazet@google.com,
	linux-renesas-soc@vger.kernel.org, andrew+netdev@lunn.ch,
	davem@davemloft.net
In-Reply-To: <20260402125946.234499-1-pabeni@redhat.com>

Hello Paolo,

Thank you for your review comments.

> -----Original Message-----
> From: Paolo Abeni <pabeni@redhat.com>
> Sent: Thursday, April 2, 2026 3:00 PM
> To: Michael Dege <michael.dege@renesas.com>
> Cc: paul@pbarker.dev; niklas.soderlund <niklas.soderlund@ragnatech.se>; kuba@kernel.org; Yoshihiro
> Shimoda <yoshihiro.shimoda.uh@renesas.com>; netdev@vger.kernel.org; linux-kernel@vger.kernel.org;
> edumazet@google.com; pabeni@redhat.com; linux-renesas-soc@vger.kernel.org; andrew+netdev@lunn.ch;
> davem@davemloft.net
> Subject: Re: [net-next,v3,13/13] net: renesas: rswitch: add vlan aware switching
>
> This is an AI-generated review of your patch. The human sending this email has considered the AI
> review valid, or at least plausible.
>
> For local reproduction steps see
> https://netdev-ai.bots.linux.dev/ai-
> local.html&data=05%7C02%7Cmichael.dege%40renesas.com%7C10d1c680d41c4e17dc2408de90b7bf4a%7C53d82571da19
> 47e49cb4625a166a4a2a%7C0%7C0%7C639107316024723538%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYi
> OiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=KVia3Rm%2FIDae%2Fq
> NCrKk08fsOpcv%2FnSMZoApYSZsLCYI%3D&reserved=0
> ---
> net: renesas: rswitch: add vlan aware switching
>
> This commit adds vlan support to the L2 HW bridge, with limited support on R-Car S4 (not fully 802.1Q
> compliant).
>
> > diff --git a/drivers/net/ethernet/renesas/Kconfig
> > b/drivers/net/ethernet/renesas/Kconfig
> > index 9b7559c88bee..2494ff60e8c2 100644
> > --- a/drivers/net/ethernet/renesas/Kconfig
> > +++ b/drivers/net/ethernet/renesas/Kconfig
>
> [ ... ]
>
> > diff --git a/drivers/net/ethernet/renesas/rswitch_l2.c
> > b/drivers/net/ethernet/renesas/rswitch_l2.c
> > index ea95a87ed234..b7d0e7f94ecd 100644
> > --- a/drivers/net/ethernet/renesas/rswitch_l2.c
> > +++ b/drivers/net/ethernet/renesas/rswitch_l2.c
>
> [ ... ]
>
> > @@ -212,61 +197,397 @@ static int rswitch_netdevice_event(struct
> > notifier_block *nb,
>
> [ ... ]
>
> > +static int rswitch_handle_port_obj_add(struct net_device *ndev,
> > +                                  struct notifier_block *nb,
> > +                                  struct switchdev_notifier_port_obj_info *info) {
> > +   struct switchdev_obj_port_vlan *p_vlan = SWITCHDEV_OBJ_PORT_VLAN(info->obj);
> > +   struct rswitch_private *priv;
> > +   int err;
> > +
> > +   priv = container_of(nb, struct rswitch_private,
> > +rswitch_switchdev_blocking_nb);
> > +
> > +   if ((p_vlan->flags & BRIDGE_VLAN_INFO_MASTER) ||
> > +       (p_vlan->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) ||
> > +       (p_vlan->flags & BRIDGE_VLAN_INFO_RANGE_END) ||
> > +       (p_vlan->flags & BRIDGE_VLAN_INFO_ONLY_OPTS))
> > +           return NOTIFY_DONE;
> > +
> > +   switch (info->obj->id) {
> > +   case SWITCHDEV_OBJ_ID_PORT_VLAN:
>
> Can the flag checks access the wrong memory? The code casts info->obj to switchdev_obj_port_vlan
> before checking info->obj->id. When the notifier delivers a non-VLAN object (such as
> SWITCHDEV_OBJ_ID_PORT_MDB for multicast group changes), SWITCHDEV_OBJ_PORT_VLAN() performs an
> incorrect container_of cast, and p_vlan->flags reads bytes from a different struct type.
>
> For switchdev_obj_port_mdb, the p_vlan->flags field overlaps with the first
> 2 bytes of the addr[ETH_ALEN] MAC address field. Multicast MAC addresses always have bit 0 of the
> first byte set, which matches BRIDGE_VLAN_INFO_MASTER (1<<0), causing the function to return
> NOTIFY_DONE instead of falling through to the default case that returns -EOPNOTSUPP.
>
> Other switchdev drivers (lan966x, mlxsw, cpsw) perform the SWITCHDEV_OBJ_PORT_VLAN cast inside the
> SWITCHDEV_OBJ_ID_PORT_VLAN case, not before the type switch.
>
> The same issue exists in rswitch_handle_port_obj_del().

Thank you this makes sense, I changed it.

Best regards,

Michael
>
> > +           if (!is_rdev(ndev))
> > +                   err = rswitch_port_obj_do_add_gwca(ndev, priv, p_vlan);
> > +           else
> > +                   err = rswitch_port_obj_do_add(ndev, p_vlan);
> > +
> > +           if (err < 0)
> > +                   return err;
> > +
> > +           break;
> > +   default:
> > +           return -EOPNOTSUPP;
> > +   }
> > +
> > +   info->handled = true;
> > +
> > +   return NOTIFY_DONE;
> > +}
> > +
> > +static int rswitch_handle_port_obj_del(struct net_device *ndev,
> > +                                  struct notifier_block *nb,
> > +                                  struct switchdev_notifier_port_obj_info *info) {
> > +   struct switchdev_obj_port_vlan *p_vlan = SWITCHDEV_OBJ_PORT_VLAN(info->obj);
> > +   struct rswitch_private *priv;
> > +   int err;
> > +
> > +   priv = container_of(nb, struct rswitch_private,
> > +rswitch_switchdev_blocking_nb);
> > +
> > +   if ((p_vlan->flags & BRIDGE_VLAN_INFO_MASTER) ||
> > +       (p_vlan->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) ||
> > +       (p_vlan->flags & BRIDGE_VLAN_INFO_RANGE_END) ||
> > +       (p_vlan->flags & BRIDGE_VLAN_INFO_ONLY_OPTS))
> > +           return NOTIFY_DONE;
> > +
> > +   switch (info->obj->id) {
> > +   case SWITCHDEV_OBJ_ID_PORT_VLAN:
> > +           if (!is_rdev(ndev))
> > +                   err = rswitch_port_obj_do_del_gwca(ndev, priv, p_vlan);
> > +           else
> > +                   err = rswitch_port_obj_do_del(ndev, p_vlan);
> > +
> > +           if (err < 0)
> > +                   return err;
> > +
> > +           break;
> > +   default:
> > +           return -EOPNOTSUPP;
> > +   }
> > +
> > +   info->handled = true;
> > +
> > +   return NOTIFY_DONE;
> > +}
>
> [ ... ]


^ permalink raw reply

* [syzbot ci] Re: net: tunnel: fix stale transport header after GRE/TEB decap
From: syzbot ci @ 2026-04-16  7:04 UTC (permalink / raw)
  To: davem, dsahern, edumazet, horms, jiayuan.chen, kuba, linux-kernel,
	netdev, pabeni, pshelar, syzbot, tom
  Cc: syzbot, syzkaller-bugs
In-Reply-To: <20260416034610.8873-1-jiayuan.chen@linux.dev>

syzbot ci has tested the following series

[v1] net: tunnel: fix stale transport header after GRE/TEB decap
https://lore.kernel.org/all/20260416034610.8873-1-jiayuan.chen@linux.dev
* [PATCH net v1 1/2] net: tunnel: fix stale transport header after GRE/TEB decap
* [PATCH net-next v1 2/2] net: add DEBUG_NET_WARN_ON_ONCE for negative transport offset

and found the following issue:
WARNING in udpv6_err

Full report is available here:
https://ci.syzbot.org/series/3886f2f1-a6d5-4c5c-8dc8-bc1cec577567

***

WARNING in udpv6_err

tree:      net
URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/netdev/net.git
base:      1f5ffc672165ff851063a5fd044b727ab2517ae3
arch:      amd64
compiler:  Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
config:    https://ci.syzbot.org/builds/06cf41a2-60fe-4f9b-8f68-57eb6d1e48cc/config

------------[ cut here ]------------
off < 0
WARNING: ./include/linux/skbuff.h:3239 at udpv6_err+0x1521/0x16d0, CPU#0: kworker/u9:2/51
Modules linked in:

CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker

RIP: 0010:udpv6_err+0x1521/0x16d0
Code: f7 b0 01 89 44 24 30 49 bf 00 00 00 00 00 fc ff df e9 ea ef ff ff e8 8e f2 66 f7 90 0f 0b 90 e9 2a f9 ff ff e8 80 f2 66 f7 90 <0f> 0b 90 e9 bb f9 ff ff e8 72 f2 66 f7 90 0f 0b 90 e9 1a fa ff ff
RSP: 0018:ffffc900000074e0 EFLAGS: 00010246

RAX: ffffffff8a5e6c30 RBX: 0000000080000000 RCX: ffff888106e91d80
RDX: 0000000000000100 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90000007670 R08: ffff88810be30ae0 R09: 000000000000234e
R10: 000000000000003c R11: ffffffff8a5e5710 R12: ffff888116513390
R13: ffff888114c38900 R14: fffffffffffffff8 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88818dc43000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555561513898 CR3: 000000016fad2000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
 icmpv6_notify+0x407/0x850
 icmpv6_rcv+0x13b0/0x1d80
 ip6_protocol_deliver_rcu+0xe37/0x1610
 ip6_input_finish+0x191/0x370
 NF_HOOK+0x336/0x3c0
 ip6_input+0x16a/0x270
 NF_HOOK+0x336/0x3c0
 process_backlog+0x7dd/0x1950
 __napi_poll+0xae/0x340
 net_rx_action+0x627/0xf70
 handle_softirqs+0x22a/0x840
 do_softirq+0x76/0xd0
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130
 wg_socket_send_skb_to_peer+0x16b/0x1d0
 wg_packet_handshake_send_worker+0x203/0x350
 process_scheduled_works+0xb5d/0x1860


***

If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
  Tested-by: syzbot@syzkaller.appspotmail.com

---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzkaller@googlegroups.com.

To test a patch for this bug, please reply with `#syz test`
(should be on a separate line).

The patch should be attached to the email.
Note: arguments like custom git repos and branches are not supported.

^ permalink raw reply

* Re: [PATCH net 00/14] Netfilter/IPVS fixes for net
From: Pablo Neira Ayuso @ 2026-04-16  7:25 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba, pabeni, edumazet, fw, horms
In-Reply-To: <20260416013101.221555-1-pablo@netfilter.org>

Hi,

I am preparing a v2 to address so AI generated comment, I should be
ready in a few hours.

Thanks.

On Thu, Apr 16, 2026 at 03:30:47AM +0200, Pablo Neira Ayuso wrote:
> Hi,
> 
> The following patchset contains Netfilter/IPVS fixes for net: Mostly
> addressing very old bugs in the SIP conntrack helper string parser,
> unsafe arp_tables match support with legacy IEEE1394, restrict xt_realm
> to IPv4 and incorrect use of RCU lists in nat core and nftables. This
> batch also includes one IPVS MTU fix. The exception is a fix for a
> recent issue related to broken double-tagged vlan in the flowtable.
> 
> 1) Fix possible stack recursion in nft_fwd_netdev from egress path,
>    from Weiming Shi.
> 
> 2) Fix unsafe port parser in SIP helper, from Jenny Guanni Qu.
> 
> 3) Fix arp_tables match with IEEE1394 ARP payload, allowing to
>    reach bytes off the skb boundary, from Weiming Shi.
> 
> 4) Reject unsafe nfnetlink_osf configurations from control plane,
>    this is addressing a possible division by zero, from Xiang Mei.
> 
> 5) nft_osf actually only supports IPv4, restrict it.
> 
> 6) Fix double-tagged-vlan support (again) in the flowtable, from
>    Eric Woudstra.
> 
> 7) Remove unsafe use of sprintf to fix possible buffer overflow
>    in the SIP NAT helper, from Florian Westphal.
> 
> 8) Restrict xt_mac, xt_owner and xt_physdev to inet families only;
>    xt_realm is only for ipv4, otherwise null-pointer-deref is possible.
> 
> 9) Use kfree_rcu() in nat core to release hooks, this can be an issue
>    once nfnetlink_hook gets support to dump NAT hook information,
>    not currently a real issue but better fix it now.
> 
> 10) Fix MTU checks in IPVS, from Yingnan Zhang.
> 
> 11) Use list_del_rcu() in chain and flowtable hook unregistration,
>     concurrent RCU reader could be walking over the hook list,
>     from Florian Westphal.
> 
> 12) Add list_splice_rcu(), this is required to fix unsafe
>     splice to RCU protected hook list. Reviewed by Paul McKenney.
> 
> 13) Use list_splice_rcu() to splice new chain and flowtable hooks.
> 
> 14) Add shim nft_trans_hook object to track chain and flowtable
>     hook deletions and flag them as removed, instead of unsafely
>     moving around hooks in the RCU-protected hook list. This allows
>     to restore the previous state from the abort path.
> 
> Please, pull these changes from:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-26-04-16
> 
> Thanks.
> 
> ----------------------------------------------------------------
> 
> The following changes since commit 2dddb34dd0d07b01fa770eca89480a4da4f13153:
> 
>   net: ethernet: mtk_eth_soc: initialize PPE per-tag-layer MTU registers (2026-04-12 15:22:58 -0700)
> 
> are available in the Git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-26-04-16
> 
> for you to fetch changes up to e349f90da812aeddd22c3914a2cc639b51e4eb48:
> 
>   netfilter: nf_tables: add hook transactions for device deletions (2026-04-16 02:47:58 +0200)
> 
> ----------------------------------------------------------------
> netfilter pull request 26-04-16
> 
> ----------------------------------------------------------------
> Eric Woudstra (1):
>       netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()
> 
> Florian Westphal (2):
>       netfilter: conntrack: remove sprintf usage
>       netfilter: nf_tables: use list_del_rcu for netlink hooks
> 
> Jenny Guanni Qu (1):
>       netfilter: nf_conntrack_sip: add bounds-checked port parsing helper
> 
> Pablo Neira Ayuso (6):
>       netfilter: nft_osf: restrict it to ipv4
>       netfilter: xtables: restrict several matches to inet family
>       netfilter: nat: use kfree_rcu to release ops
>       rculist: add list_splice_rcu() for private lists
>       netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
>       netfilter: nf_tables: add hook transactions for device deletions
> 
> Weiming Shi (2):
>       netfilter: nft_fwd_netdev: use recursion counter in neigh egress path
>       netfilter: arp_tables: fix IEEE1394 ARP payload parsing in arp_packet_match()
> 
> Xiang Mei (1):
>       netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
> 
> Yingnan Zhang (1):
>       ipvs: fix MTU check for GSO packets in tunnel mode
> 
>  include/linux/rculist.h               |  29 ++++++
>  include/net/netfilter/nf_dup_netdev.h |  13 +++
>  include/net/netfilter/nf_tables.h     |  13 +++
>  net/ipv4/netfilter/arp_tables.c       |  14 ++-
>  net/ipv4/netfilter/iptable_nat.c      |   2 +-
>  net/ipv6/netfilter/ip6table_nat.c     |   2 +-
>  net/netfilter/ipvs/ip_vs_xmit.c       |  19 +++-
>  net/netfilter/nf_conntrack_sip.c      |  80 +++++++++++-----
>  net/netfilter/nf_dup_netdev.c         |  16 ----
>  net/netfilter/nf_flow_table_ip.c      |  25 ++++-
>  net/netfilter/nf_nat_amanda.c         |   2 +-
>  net/netfilter/nf_nat_core.c           |  10 +-
>  net/netfilter/nf_nat_sip.c            |  33 ++++---
>  net/netfilter/nf_tables_api.c         | 168 ++++++++++++++++++++++++----------
>  net/netfilter/nfnetlink_osf.c         |   4 +
>  net/netfilter/nft_fwd_netdev.c        |   7 ++
>  net/netfilter/nft_osf.c               |   6 +-
>  net/netfilter/xt_mac.c                |  34 ++++---
>  net/netfilter/xt_owner.c              |  37 +++++---
>  net/netfilter/xt_physdev.c            |  29 ++++--
>  net/netfilter/xt_realm.c              |   2 +-
>  21 files changed, 393 insertions(+), 152 deletions(-)
> 

^ permalink raw reply

* [PATCH net v3 0/3] net: airoha: Fix airoha_qdma_cleanup_tx_queue() processing
From: Lorenzo Bianconi @ 2026-04-16  7:27 UTC (permalink / raw)
  To: Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Lorenzo Bianconi, Simon Horman
  Cc: linux-arm-kernel, linux-mediatek, netdev

Add missing bits in airoha_qdma_cleanup_tx_queue routine.
Fix airoha_qdma_cleanup_tx_queue processing errors intorduced in commit
'3f47e67dff1f7 ("net: airoha: Add the capability to consume out-of-order
DMA tx descriptors")'.

---
Changes in v3:
- Move ndesc initialization fix in a dedicated patch.
- Add patch 2/3 to move entries to queue head in case of DMA mapping
  failure in airoha_dev_xmit().
- Cosmetics.
- Link to v2: https://lore.kernel.org/r/20260414-airoha_qdma_cleanup_tx_queue-fix-net-v2-1-875de57cc022@kernel.org

Changes in v2:
- Move q->ndesc initialization at end of airoha_qdma_init_tx routine in
  order to avoid any possible NULL pointer dereference in
  airoha_qdma_cleanup_tx_queue()
- Check if q->tx_list is empty in airoha_qdma_cleanup_tx_queue()
- Link to v1: https://lore.kernel.org/r/20260410-airoha_qdma_cleanup_tx_queue-fix-net-v1-1-b7171c8f1e78@kernel.org

---
Lorenzo Bianconi (3):
      net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()
      net: airoha: Move entries to queue head in case of DMA mapping failure in airoha_dev_xmit()
      net: airoha: Add missing bits in airoha_qdma_cleanup_tx_queue()

 drivers/net/ethernet/airoha/airoha_eth.c | 42 ++++++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 7 deletions(-)
---
base-commit: 3f20012a3964f487ae1e9ff942e2f35d4e9595bf
change-id: 20260410-airoha_qdma_cleanup_tx_queue-fix-net-93375f5ee80f

Best regards,
-- 
Lorenzo Bianconi <lorenzo@kernel.org>


^ permalink raw reply

* [PATCH net v3 1/3] net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()
From: Lorenzo Bianconi @ 2026-04-16  7:27 UTC (permalink / raw)
  To: Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Lorenzo Bianconi, Simon Horman
  Cc: linux-arm-kernel, linux-mediatek, netdev
In-Reply-To: <20260416-airoha_qdma_cleanup_tx_queue-fix-net-v3-0-2b69f5788580@kernel.org>

If queue entry list allocation fails in airoha_qdma_init_tx_queue routine,
airoha_qdma_cleanup_tx_queue() will trigger a NULL pointer dereference
accessing the queue entry array. The issue is due to the early ndesc
initialization in airoha_qdma_init_tx_queue(). Fix the issue moving ndesc
initialization at end of airoha_qdma_init_tx routine.

Fixes: 3f47e67dff1f7 ("net: airoha: Add the capability to consume out-of-order DMA tx descriptors")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 drivers/net/ethernet/airoha/airoha_eth.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/airoha/airoha_eth.c b/drivers/net/ethernet/airoha/airoha_eth.c
index e1ab15f1ee7d..690bfaf8d7d9 100644
--- a/drivers/net/ethernet/airoha/airoha_eth.c
+++ b/drivers/net/ethernet/airoha/airoha_eth.c
@@ -954,27 +954,27 @@ static int airoha_qdma_init_tx_queue(struct airoha_queue *q,
 	dma_addr_t dma_addr;
 
 	spin_lock_init(&q->lock);
-	q->ndesc = size;
 	q->qdma = qdma;
 	q->free_thr = 1 + MAX_SKB_FRAGS;
 	INIT_LIST_HEAD(&q->tx_list);
 
-	q->entry = devm_kzalloc(eth->dev, q->ndesc * sizeof(*q->entry),
+	q->entry = devm_kzalloc(eth->dev, size * sizeof(*q->entry),
 				GFP_KERNEL);
 	if (!q->entry)
 		return -ENOMEM;
 
-	q->desc = dmam_alloc_coherent(eth->dev, q->ndesc * sizeof(*q->desc),
+	q->desc = dmam_alloc_coherent(eth->dev, size * sizeof(*q->desc),
 				      &dma_addr, GFP_KERNEL);
 	if (!q->desc)
 		return -ENOMEM;
 
-	for (i = 0; i < q->ndesc; i++) {
+	for (i = 0; i < size; i++) {
 		u32 val = FIELD_PREP(QDMA_DESC_DONE_MASK, 1);
 
 		list_add_tail(&q->entry[i].list, &q->tx_list);
 		WRITE_ONCE(q->desc[i].ctrl, cpu_to_le32(val));
 	}
+	q->ndesc = size;
 
 	/* xmit ring drop default setting */
 	airoha_qdma_set(qdma, REG_TX_RING_BLOCKING(qid),

-- 
2.53.0


^ permalink raw reply related

* [PATCH net v3 2/3] net: airoha: Move entries to queue head in case of DMA mapping failure in airoha_dev_xmit()
From: Lorenzo Bianconi @ 2026-04-16  7:27 UTC (permalink / raw)
  To: Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Lorenzo Bianconi, Simon Horman
  Cc: linux-arm-kernel, linux-mediatek, netdev
In-Reply-To: <20260416-airoha_qdma_cleanup_tx_queue-fix-net-v3-0-2b69f5788580@kernel.org>

In order to respect the original descriptor order and avoid any
potential IOMMU fault or memory corruption, move pending queue entries
to the head of hw queue tx_list if the DMA mapping of current inflight
packet fails in airoha_dev_xmit routine.

Fixes: 3f47e67dff1f7 ("net: airoha: Add the capability to consume out-of-order DMA tx descriptors")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 drivers/net/ethernet/airoha/airoha_eth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/airoha/airoha_eth.c b/drivers/net/ethernet/airoha/airoha_eth.c
index 690bfaf8d7d9..dfe8a0bd2abd 100644
--- a/drivers/net/ethernet/airoha/airoha_eth.c
+++ b/drivers/net/ethernet/airoha/airoha_eth.c
@@ -2053,7 +2053,7 @@ static netdev_tx_t airoha_dev_xmit(struct sk_buff *skb,
 		dma_unmap_single(dev->dev.parent, e->dma_addr, e->dma_len,
 				 DMA_TO_DEVICE);
 		e->dma_addr = 0;
-		list_move_tail(&e->list, &q->tx_list);
+		list_move(&e->list, &q->tx_list);
 	}
 
 	spin_unlock_bh(&q->lock);

-- 
2.53.0


^ permalink raw reply related

* [PATCH net v3 3/3] net: airoha: Add missing bits in airoha_qdma_cleanup_tx_queue()
From: Lorenzo Bianconi @ 2026-04-16  7:27 UTC (permalink / raw)
  To: Andrew Lunn, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Lorenzo Bianconi, Simon Horman
  Cc: linux-arm-kernel, linux-mediatek, netdev
In-Reply-To: <20260416-airoha_qdma_cleanup_tx_queue-fix-net-v3-0-2b69f5788580@kernel.org>

Similar to airoha_qdma_cleanup_rx_queue(), reset DMA TX descriptors in
airoha_qdma_cleanup_tx_queue routine. Moreover, reset TX_DMA_IDX to
TX_CPU_IDX to notify the NIC the QDMA TX ring is empty.

Fixes: 23020f0493270 ("net: airoha: Introduce ethernet support for EN7581 SoC")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 drivers/net/ethernet/airoha/airoha_eth.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/airoha/airoha_eth.c b/drivers/net/ethernet/airoha/airoha_eth.c
index dfe8a0bd2abd..903682e88e89 100644
--- a/drivers/net/ethernet/airoha/airoha_eth.c
+++ b/drivers/net/ethernet/airoha/airoha_eth.c
@@ -1039,12 +1039,15 @@ static int airoha_qdma_init_tx(struct airoha_qdma *qdma)
 
 static void airoha_qdma_cleanup_tx_queue(struct airoha_queue *q)
 {
-	struct airoha_eth *eth = q->qdma->eth;
-	int i;
+	struct airoha_qdma *qdma = q->qdma;
+	struct airoha_eth *eth = qdma->eth;
+	int i, qid = q - &qdma->q_tx[0];
+	u16 index = 0;
 
 	spin_lock_bh(&q->lock);
 	for (i = 0; i < q->ndesc; i++) {
 		struct airoha_queue_entry *e = &q->entry[i];
+		struct airoha_qdma_desc *desc = &q->desc[i];
 
 		if (!e->dma_addr)
 			continue;
@@ -1055,8 +1058,33 @@ static void airoha_qdma_cleanup_tx_queue(struct airoha_queue *q)
 		e->dma_addr = 0;
 		e->skb = NULL;
 		list_add_tail(&e->list, &q->tx_list);
+
+		/* Reset DMA descriptor */
+		WRITE_ONCE(desc->ctrl, 0);
+		WRITE_ONCE(desc->addr, 0);
+		WRITE_ONCE(desc->data, 0);
+		WRITE_ONCE(desc->msg0, 0);
+		WRITE_ONCE(desc->msg1, 0);
+		WRITE_ONCE(desc->msg2, 0);
+
 		q->queued--;
 	}
+
+	if (!list_empty(&q->tx_list)) {
+		struct airoha_queue_entry *e;
+
+		e = list_first_entry(&q->tx_list, struct airoha_queue_entry,
+				     list);
+		index = e - q->entry;
+	}
+	/* Set TX_DMA_IDX to TX_CPU_IDX to notify the hw the QDMA TX ring is
+	 * empty.
+	 */
+	airoha_qdma_rmw(qdma, REG_TX_CPU_IDX(qid), TX_RING_CPU_IDX_MASK,
+			FIELD_PREP(TX_RING_CPU_IDX_MASK, index));
+	airoha_qdma_rmw(qdma, REG_TX_DMA_IDX(qid), TX_RING_DMA_IDX_MASK,
+			FIELD_PREP(TX_RING_DMA_IDX_MASK, index));
+
 	spin_unlock_bh(&q->lock);
 }
 

-- 
2.53.0


^ permalink raw reply related

* Re: [PATCH net] net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops
From: Maxime Chevallier @ 2026-04-16  7:34 UTC (permalink / raw)
  To: Stanislav Fomichev, netdev
  Cc: davem, edumazet, kuba, pabeni, andrew, olteanv, horms, sdf,
	linux-kernel
In-Reply-To: <20260414231035.1917035-1-sdf@fomichev.me>

Hi Stanislav,

On 15/04/2026 01:10, Stanislav Fomichev wrote:
> DSA replaces the conduit (master) device's ethtool_ops with its own
> wrappers that aggregate stats from both the conduit and DSA switch
> ports. Taking the lock again inside the DSA wrappers causes a deadlock.
> 
> Stumbled upon this when booting qemu with fbnic and CONFIG_NET_DSA_LOOP=y
> (which looks like some kind of testing device that auto-populates the ports
> of eth0). `ethtool -i` is enough to deadlock. This means we have basically zero
> coverage for DSA stuff with real ops locked devs.

True, indeed I don't have physical devices here with locked ops, looking
at the current devices that use it (fbnic, bnxt, gve, mlx5, bnge) that's
not too surprising, I don't think these are often used with DSA.

> 
> Remove the redundant netdev_lock_ops()/netdev_unlock_ops() calls from
> the DSA conduit ethtool wrappers.
> 
> Cc: Maxime Chevallier <maxime.chevallier@bootlin.com>
> Fixes: 2bcf4772e45a ("net: ethtool: try to protect all callback with netdev instance lock")
> Signed-off-by: Stanislav Fomichev <sdf@fomichev.me>
> (cherry picked from commit 1538c00ab3212273240112bd53692d54d95f2dd5)

Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com>

Maxime
> ---
>  net/dsa/conduit.c | 16 +---------------
>  1 file changed, 1 insertion(+), 15 deletions(-)
> 
> diff --git a/net/dsa/conduit.c b/net/dsa/conduit.c
> index a1b044467bd6..8398d72d7e4d 100644
> --- a/net/dsa/conduit.c
> +++ b/net/dsa/conduit.c
> @@ -27,9 +27,7 @@ static int dsa_conduit_get_regs_len(struct net_device *dev)
>  	int len;
>  
>  	if (ops && ops->get_regs_len) {
> -		netdev_lock_ops(dev);
>  		len = ops->get_regs_len(dev);
> -		netdev_unlock_ops(dev);
>  		if (len < 0)
>  			return len;
>  		ret += len;
> @@ -60,15 +58,11 @@ static void dsa_conduit_get_regs(struct net_device *dev,
>  	int len;
>  
>  	if (ops && ops->get_regs_len && ops->get_regs) {
> -		netdev_lock_ops(dev);
>  		len = ops->get_regs_len(dev);
> -		if (len < 0) {
> -			netdev_unlock_ops(dev);
> +		if (len < 0)
>  			return;
> -		}
>  		regs->len = len;
>  		ops->get_regs(dev, regs, data);
> -		netdev_unlock_ops(dev);
>  		data += regs->len;
>  	}
>  
> @@ -115,10 +109,8 @@ static void dsa_conduit_get_ethtool_stats(struct net_device *dev,
>  	int count, mcount = 0;
>  
>  	if (ops && ops->get_sset_count && ops->get_ethtool_stats) {
> -		netdev_lock_ops(dev);
>  		mcount = ops->get_sset_count(dev, ETH_SS_STATS);
>  		ops->get_ethtool_stats(dev, stats, data);
> -		netdev_unlock_ops(dev);
>  	}
>  
>  	list_for_each_entry(dp, &dst->ports, list) {
> @@ -149,10 +141,8 @@ static void dsa_conduit_get_ethtool_phy_stats(struct net_device *dev,
>  		if (count >= 0)
>  			phy_ethtool_get_stats(dev->phydev, stats, data);
>  	} else if (ops && ops->get_sset_count && ops->get_ethtool_phy_stats) {
> -		netdev_lock_ops(dev);
>  		count = ops->get_sset_count(dev, ETH_SS_PHY_STATS);
>  		ops->get_ethtool_phy_stats(dev, stats, data);
> -		netdev_unlock_ops(dev);
>  	}
>  
>  	if (count < 0)
> @@ -176,13 +166,11 @@ static int dsa_conduit_get_sset_count(struct net_device *dev, int sset)
>  	struct dsa_switch_tree *dst = cpu_dp->dst;
>  	int count = 0;
>  
> -	netdev_lock_ops(dev);
>  	if (sset == ETH_SS_PHY_STATS && dev->phydev &&
>  	    (!ops || !ops->get_ethtool_phy_stats))
>  		count = phy_ethtool_get_sset_count(dev->phydev);
>  	else if (ops && ops->get_sset_count)
>  		count = ops->get_sset_count(dev, sset);
> -	netdev_unlock_ops(dev);
>  
>  	if (count < 0)
>  		count = 0;
> @@ -239,7 +227,6 @@ static void dsa_conduit_get_strings(struct net_device *dev, u32 stringset,
>  	struct dsa_switch_tree *dst = cpu_dp->dst;
>  	int count, mcount = 0;
>  
> -	netdev_lock_ops(dev);
>  	if (stringset == ETH_SS_PHY_STATS && dev->phydev &&
>  	    !ops->get_ethtool_phy_stats) {
>  		mcount = phy_ethtool_get_sset_count(dev->phydev);
> @@ -253,7 +240,6 @@ static void dsa_conduit_get_strings(struct net_device *dev, u32 stringset,
>  			mcount = 0;
>  		ops->get_strings(dev, stringset, data);
>  	}
> -	netdev_unlock_ops(dev);
>  
>  	list_for_each_entry(dp, &dst->ports, list) {
>  		if (!dsa_port_is_dsa(dp) && !dsa_port_is_cpu(dp))


^ permalink raw reply

* Re: [syzbot ci] Re: net: tunnel: fix stale transport header after GRE/TEB decap
From: Jiayuan Chen @ 2026-04-16  7:49 UTC (permalink / raw)
  To: davem, dsahern, edumazet, horms, kuba, linux-kernel, netdev,
	pabeni, pshelar, syzbot, tom
  Cc: syzkaller-bugs
In-Reply-To: <69e08a0a.a70a0220.259bc5.0019.GAE@google.com>


On 4/16/26 3:04 PM, syzbot ci wrote:
> syzbot ci has tested the following series
>
> [v1] net: tunnel: fix stale transport header after GRE/TEB decap
> https://lore.kernel.org/all/20260416034610.8873-1-jiayuan.chen@linux.dev
> * [PATCH net v1 1/2] net: tunnel: fix stale transport header after GRE/TEB decap
> * [PATCH net-next v1 2/2] net: add DEBUG_NET_WARN_ON_ONCE for negative transport offset
>
> and found the following issue:
> WARNING in udpv6_err
>
> Full report is available here:
> https://ci.syzbot.org/series/3886f2f1-a6d5-4c5c-8dc8-bc1cec577567
>
> ***
>
> WARNING in udpv6_err
>
> tree:      net
> URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/netdev/net.git
> base:      1f5ffc672165ff851063a5fd044b727ab2517ae3
> arch:      amd64
> compiler:  Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> config:    https://ci.syzbot.org/builds/06cf41a2-60fe-4f9b-8f68-57eb6d1e48cc/config
>
> ------------[ cut here ]------------
> off < 0
> WARNING: ./include/linux/skbuff.h:3239 at udpv6_err+0x1521/0x16d0, CPU#0: kworker/u9:2/51
> Modules linked in:


icmpv6_rcv
   pskb_pull ==> skb_transport_offset() = -8
   icmpv6_notify
     udpv6_err
       __udp6_lib_err_encap(skb) ==> WARNING



^ permalink raw reply

* [PATCH bpf-next v4 0/6] bpf: decap flags and GSO state updates
From: Nick Hudson @ 2026-04-16  7:55 UTC (permalink / raw)
  To: bpf, netdev, Willem de Bruijn, Martin KaFai Lau
  Cc: Nick Hudson, Max Tottenham, Anna Glasgall

This series extends bpf_skb_adjust_room() with decapsulation-specific
flags and tunnel GSO state updates for decap use cases.

Motivation
----------

When BPF decapsulates tunneled packets, skb GSO state needs to be updated
to match the removed tunnel layer. This includes clearing the corresponding
tunnel GSO type bits and resetting encapsulation state once no tunnel GSO
flags remain.

Series Overview
---------------

- Name the adjust_room flag enum for CO-RE lookups.
- Refactor adjust_room helper masks for maintainable validation logic.
- Add new DECAP flags to UAPI.
- Add guard rails for incompatible/invalid decap flag combinations.
- Implement decap GSO flag clearing.
- Add selftests to validate decap GSO state transitions.

Changes v3 -> v4:
- Patch 5: drop SKB_GSO_TUNNEL_REMCSUM handling from this series.
- Patch 5: clear encap_hdr_csum and remcsum_offload directly on UDP decap.

Changes v2 -> v3:
- Add a new selftests patch to validate decap GSO state behavior.
- Reorder the series so helper-mask refactoring precedes UAPI DECAP flag additions.
- Refresh patch 2 and patch 3 split to keep refactoring behavior-neutral.
- Patch 5: add decap tunnel GSO-state checks in
  "bpf: clear decap tunnel GSO state in skb_adjust_room" (per Gemini/sashiko).

Changes v1 -> v2:
- Patch 3: decap flag acceptance intentionally remains L3-only while adding helper masks.
- Patch 4: decap with L4/IPXIP support enabled with guard rails.

Co-developed-by: Max Tottenham <mtottenh@akamai.com>
Signed-off-by: Max Tottenham <mtottenh@akamai.com>
Co-developed-by: Anna Glasgall <aglasgal@akamai.com>
Signed-off-by: Anna Glasgall <aglasgal@akamai.com>
Signed-off-by: Nick Hudson <nhudson@akamai.com>

Nick Hudson (6):
  bpf: name the enum for BPF_FUNC_skb_adjust_room flags
  bpf: refactor masks for ADJ_ROOM flags and encap validation
  bpf: add BPF_F_ADJ_ROOM_DECAP_* flags for tunnel decapsulation
  bpf: allow new DECAP flags and add guard rails
  bpf: clear decap tunnel GSO state in skb_adjust_room
  selftests/bpf: tc_tunnel validate decap GSO state

 include/uapi/linux/bpf.h                      |  36 +++++-
 net/core/filter.c                             | 118 +++++++++++++++---
 tools/include/uapi/linux/bpf.h                |  36 +++++-
 .../selftests/bpf/progs/test_tc_tunnel.c      |  58 +++++++++
 4 files changed, 225 insertions(+), 23 deletions(-)

-- 
2.34.1


^ permalink raw reply

* [PATCH bpf-next v4 2/6] bpf: refactor masks for ADJ_ROOM flags and encap validation
From: Nick Hudson @ 2026-04-16  7:55 UTC (permalink / raw)
  To: bpf, netdev, Willem de Bruijn, Martin KaFai Lau
  Cc: Nick Hudson, Max Tottenham, Anna Glasgall, Daniel Borkmann,
	Alexei Starovoitov, Andrii Nakryiko, Eduard Zingerman,
	Kumar Kartikeya Dwivedi, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, linux-kernel
In-Reply-To: <20260416075514.927101-1-nhudson@akamai.com>

Refactor the helper masks for bpf_skb_adjust_room() flags to simplify
validation logic and introduce:

- BPF_F_ADJ_ROOM_ENCAP_MASK
- BPF_F_ADJ_ROOM_DECAP_MASK

Refactor existing validation checks in bpf_skb_net_shrink()
and bpf_skb_adjust_room() to use the new masks (no behavior change).

This is in preparation for supporting the new decap flags.

Co-developed-by: Max Tottenham <mtottenh@akamai.com>
Signed-off-by: Max Tottenham <mtottenh@akamai.com>
Co-developed-by: Anna Glasgall <aglasgal@akamai.com>
Signed-off-by: Anna Glasgall <aglasgal@akamai.com>
Signed-off-by: Nick Hudson <nhudson@akamai.com>
---
---
 net/core/filter.c | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/net/core/filter.c b/net/core/filter.c
index 78b548158fb0..4e860da4381d 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3490,14 +3490,19 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
 #define BPF_F_ADJ_ROOM_DECAP_L3_MASK	(BPF_F_ADJ_ROOM_DECAP_L3_IPV4 | \
 					 BPF_F_ADJ_ROOM_DECAP_L3_IPV6)
 
-#define BPF_F_ADJ_ROOM_MASK		(BPF_F_ADJ_ROOM_FIXED_GSO | \
-					 BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
+#define BPF_F_ADJ_ROOM_ENCAP_MASK	(BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
 					 BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \
 					 BPF_F_ADJ_ROOM_ENCAP_L4_UDP | \
 					 BPF_F_ADJ_ROOM_ENCAP_L2_ETH | \
 					 BPF_F_ADJ_ROOM_ENCAP_L2( \
-					  BPF_ADJ_ROOM_ENCAP_L2_MASK) | \
-					 BPF_F_ADJ_ROOM_DECAP_L3_MASK)
+					  BPF_ADJ_ROOM_ENCAP_L2_MASK))
+
+#define BPF_F_ADJ_ROOM_DECAP_MASK	(BPF_F_ADJ_ROOM_DECAP_L3_MASK)
+
+#define BPF_F_ADJ_ROOM_MASK		(BPF_F_ADJ_ROOM_FIXED_GSO | \
+					 BPF_F_ADJ_ROOM_ENCAP_MASK | \
+					 BPF_F_ADJ_ROOM_DECAP_MASK | \
+					 BPF_F_ADJ_ROOM_NO_CSUM_RESET)
 
 static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
 			    u64 flags)
@@ -3618,8 +3623,8 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff,
 {
 	int ret;
 
-	if (unlikely(flags & ~(BPF_F_ADJ_ROOM_FIXED_GSO |
-			       BPF_F_ADJ_ROOM_DECAP_L3_MASK |
+	if (unlikely(flags & ~(BPF_F_ADJ_ROOM_DECAP_MASK |
+			       BPF_F_ADJ_ROOM_FIXED_GSO |
 			       BPF_F_ADJ_ROOM_NO_CSUM_RESET)))
 		return -EINVAL;
 
@@ -3715,8 +3720,7 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 	u32 off;
 	int ret;
 
-	if (unlikely(flags & ~(BPF_F_ADJ_ROOM_MASK |
-			       BPF_F_ADJ_ROOM_NO_CSUM_RESET)))
+	if (unlikely(flags & ~BPF_F_ADJ_ROOM_MASK))
 		return -EINVAL;
 	if (unlikely(len_diff_abs > 0xfffU))
 		return -EFAULT;
@@ -3735,20 +3739,20 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 		return -ENOTSUPP;
 	}
 
-	if (flags & BPF_F_ADJ_ROOM_DECAP_L3_MASK) {
+	if (flags & BPF_F_ADJ_ROOM_DECAP_MASK) {
 		if (!shrink)
 			return -EINVAL;
 
-		switch (flags & BPF_F_ADJ_ROOM_DECAP_L3_MASK) {
-		case BPF_F_ADJ_ROOM_DECAP_L3_IPV4:
+		/* Reject mutually exclusive decap flag pairs. */
+		if ((flags & BPF_F_ADJ_ROOM_DECAP_L3_MASK) ==
+		    BPF_F_ADJ_ROOM_DECAP_L3_MASK)
+			return -EINVAL;
+
+		if (flags & BPF_F_ADJ_ROOM_DECAP_L3_IPV4)
 			len_min = sizeof(struct iphdr);
-			break;
-		case BPF_F_ADJ_ROOM_DECAP_L3_IPV6:
+
+		if (flags & BPF_F_ADJ_ROOM_DECAP_L3_IPV6)
 			len_min = sizeof(struct ipv6hdr);
-			break;
-		default:
-			return -EINVAL;
-		}
 	}
 
 	len_cur = skb->len - skb_network_offset(skb);
-- 
2.34.1


^ permalink raw reply related

* [PATCH bpf-next v4 5/6] bpf: clear decap tunnel GSO state in skb_adjust_room
From: Nick Hudson @ 2026-04-16  7:55 UTC (permalink / raw)
  To: bpf, netdev, Willem de Bruijn, Martin KaFai Lau
  Cc: Nick Hudson, Max Tottenham, Anna Glasgall, Daniel Borkmann,
	Alexei Starovoitov, Andrii Nakryiko, Eduard Zingerman,
	Kumar Kartikeya Dwivedi, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, linux-kernel
In-Reply-To: <20260416075514.927101-1-nhudson@akamai.com>

On shrink in bpf_skb_adjust_room(), clear tunnel-specific GSO flags
according to the decapsulation flags:

- BPF_F_ADJ_ROOM_DECAP_L4_UDP clears SKB_GSO_UDP_TUNNEL{,_CSUM}
- BPF_F_ADJ_ROOM_DECAP_L4_GRE clears SKB_GSO_GRE{,_CSUM}
- BPF_F_ADJ_ROOM_DECAP_IPXIP4 clears SKB_GSO_IPXIP4
- BPF_F_ADJ_ROOM_DECAP_IPXIP6 clears SKB_GSO_IPXIP6

When all tunnel-related GSO bits are cleared, also clear
skb->encapsulation.

Handle the ESP inside a UDP tunnel case where encapsulation should remain
set.

If UDP decap is performed, clear encap_hdr_csum and remcsum_offload.

Co-developed-by: Max Tottenham <mtottenh@akamai.com>
Signed-off-by: Max Tottenham <mtottenh@akamai.com>
Co-developed-by: Anna Glasgall <aglasgal@akamai.com>
Signed-off-by: Anna Glasgall <aglasgal@akamai.com>
Signed-off-by: Nick Hudson <nhudson@akamai.com>
---
 net/core/filter.c | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/net/core/filter.c b/net/core/filter.c
index 7f8d43420afb..e113ae2f3f14 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3667,6 +3667,44 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff,
 		if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
 			skb_increase_gso_size(shinfo, len_diff);
 
+		/* Selective GSO flag clearing based on decap type.
+		 * Only clear the flags for the tunnel layer being removed.
+		 */
+		if ((flags & BPF_F_ADJ_ROOM_DECAP_L4_UDP) &&
+		    (shinfo->gso_type & (SKB_GSO_UDP_TUNNEL |
+					 SKB_GSO_UDP_TUNNEL_CSUM)))
+			shinfo->gso_type &= ~(SKB_GSO_UDP_TUNNEL |
+					      SKB_GSO_UDP_TUNNEL_CSUM);
+		if ((flags & BPF_F_ADJ_ROOM_DECAP_L4_GRE) &&
+		    (shinfo->gso_type & (SKB_GSO_GRE | SKB_GSO_GRE_CSUM)))
+			shinfo->gso_type &= ~(SKB_GSO_GRE |
+					      SKB_GSO_GRE_CSUM);
+		if ((flags & BPF_F_ADJ_ROOM_DECAP_IPXIP4) &&
+		    (shinfo->gso_type & SKB_GSO_IPXIP4))
+			shinfo->gso_type &= ~SKB_GSO_IPXIP4;
+		if ((flags & BPF_F_ADJ_ROOM_DECAP_IPXIP6) &&
+		    (shinfo->gso_type & SKB_GSO_IPXIP6))
+			shinfo->gso_type &= ~SKB_GSO_IPXIP6;
+
+		/* Clear encapsulation flag only when no tunnel GSO flags remain */
+		if (flags & (BPF_F_ADJ_ROOM_DECAP_L4_MASK |
+			     BPF_F_ADJ_ROOM_DECAP_IPXIP_MASK)) {
+			if (!(shinfo->gso_type & (SKB_GSO_UDP_TUNNEL |
+						  SKB_GSO_UDP_TUNNEL_CSUM |
+						  SKB_GSO_GRE |
+						  SKB_GSO_GRE_CSUM |
+						  SKB_GSO_IPXIP4 |
+						  SKB_GSO_IPXIP6 |
+						  SKB_GSO_ESP)))
+				if (skb->encapsulation)
+					skb->encapsulation = 0;
+
+			if (flags & BPF_F_ADJ_ROOM_DECAP_L4_UDP) {
+				skb->encap_hdr_csum = 0;
+				skb->remcsum_offload = 0;
+			}
+		}
+
 		/* Header must be checked, and gso_segs recomputed. */
 		shinfo->gso_type |= SKB_GSO_DODGY;
 		shinfo->gso_segs = 0;
-- 
2.34.1


^ permalink raw reply related

* Re: [PATCH v12 net-next 00/11] nbl driver for Nebulamatrix NICs
From: Paolo Abeni @ 2026-04-16  8:01 UTC (permalink / raw)
  To: illusion.wang, netdev; +Cc: open list
In-Reply-To: <20260415033608.2438-1-illusion.wang@nebula-matrix.com>

On 4/15/26 10:29 AM, illusion.wang wrote:
> This patch series represents the first phase. We plan to integrate it in
> two phases: the first phase covers mailbox and chip configuration,
> while the second phase involves net dev configuration.
> Together, they will provide basic PF-based Ethernet port transmission and
> reception capabilities.
> 
> After that, we will consider other features, such as ethtool support,
> flow management, adminq messaging, VF support, debugfs support, etc.
> 
> changes v11->v12
> Link to v10:https://lore.kernel.org/netdev/20260408093739.56001-1-illusion.wang@nebula-matrix.com/
> AI review issues
> changes v10->v11
> Link to v10:https://lore.kernel.org/netdev/20260401022318.28550-1-illusion.wang@nebula-matrix.com/
> 1.Issues found by Mohsin
> 2.AI review issues
> changes v9->v10
> Link to v9:https://lore.kernel.org/netdev/20260325040048.2313-1-illusion.wang@nebula-matrix.com/
> 1.Issues found by Jakub
> 2.AI review issue
> changes v8->v9
> Link to v8:https://lore.kernel.org/netdev/20260317034533.5600-1-illusion.wang@nebula-matrix.com/
> 1.Issues found by Jakub
> 2.AI review issue
> Changes v7→v8
> Link to v7:https://lore.kernel.org/netdev/20260310120959.22015-1-illusion.wang@nebula-matrix.com/
> 1.Issues found by Paolo
> Changes v6->v7
> Link to v6:https://lore.kernel.org/netdev/20260306033451.5196-1-illusion.wang@nebula-matrix.com/
> 1.Issue found by Jakub
> 2.AI review issue
> Changes v5->v6
> Link to V5:https://lore.kernel.org/netdev/20260226073840.3222-1-illusion.wang@nebula-matrix.com/
> 1.put all standard linux includes files the .c file which needs it & others
> --Andrew
> 2.AI review issue
> Changes v4->v5
> Link to V4:https://lore.kernel.org/netdev/20260206021608.85381-1-illusion.wang@nebula-matrix.com/
> 1.change nbl_core to nbl & change ** pointers to *pointers & others
> --Andrew
> 2.AI review issue
> Changes v3->v4
> Link to v3: https://lore.kernel.org/netdev/20260123011804.31263-1-illusion.wang@nebula-matrix.com
> 1.cut down to part of a mini driver(mailbox and chip init)
> --Jakub Kicinski Simon Horman(some sort of staged approached)
> 2.modify issues found by ai.
> 3. Reverse Christmas tree/nbl_err/devm_kfree/remove some macros/
> void type to real type/others
> --Andrew Lunn
> 4.change deprecated pci_enable_msix_range to pci_alloc_irq_vectors
> 5.delete service layer
> 6.the style of kconfig---Randy Dunlap
> 7.add to Documentation/networking/device_drivers/ethernet/index.rst
> --Simon Horman
> Changes v2 →v3
> Link to v2: https://lore.kernel.org/netdev/20260109100146.63569-1-illusion.wang@nebula-matrix.com/
> 1.cut down to a mini driver:
>     delete vf support
>     use promisc mode to cut down flow management
>     drop patch15 in v2
>     delete adminq msg
>     delete abnormal handling
>     delete some unimportant interfaces
> 2.modify issues found by ai review
> Changes v1->v2
> Link to v1: https://lore.kernel.org/netdev/20251223035113.31122-1-illusion.wang@nebula-matrix.com/
> 1.Format Issues and Compilation Issues
> - Paolo Abeni
> 2.add sysfs patch and drop coexisting patch
> - Andrew Lunn
> 3.delete some unimportant ndo operations
> 4.add machine generated headers patch
> 5.Modify the issues found in patch1-2 and apply the same fixes to other
> patches
> 6.modify issues found by nipa

## Form letter - net-next-closed

We have already submitted our pull request with net-next material for
v7.1, and therefore net-next is closed for new drivers, features, code
refactoring and optimizations. We are currently accepting bug fixes only.

Please repost when net-next reopens after Apr 26th.

RFC patches sent for review only are obviously welcome at any time.

See:
https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle


^ permalink raw reply

* Re: [PATCH net-next v7 0/7] net: bcmgenet: add XDP support
From: Paolo Abeni @ 2026-04-16  8:06 UTC (permalink / raw)
  To: Nicolai Buchwitz, netdev
  Cc: Justin Chen, Simon Horman, Mohsin Bashir, Doug Berger,
	Florian Fainelli, Broadcom internal kernel review list,
	Andrew Lunn, Eric Dumazet, Alexei Starovoitov, Daniel Borkmann,
	David S. Miller, Jakub Kicinski, Jesper Dangaard Brouer,
	John Fastabend, Stanislav Fomichev, bpf
In-Reply-To: <20260416054743.1289191-1-nb@tipi-net.de>

On 4/16/26 7:47 AM, Nicolai Buchwitz wrote:
> Add XDP support to the bcmgenet driver, covering XDP_PASS, XDP_DROP,
> XDP_TX, XDP_REDIRECT, and ndo_xdp_xmit.
> 
> The first patch converts the RX path from the existing kmalloc-based
> allocation to page_pool, which is a prerequisite for XDP. The remaining
> patches incrementally add XDP functionality and per-action statistics.
> 
> Tested on Raspberry Pi CM4 (BCM2711, bcmgenet, 1Gbps link):
> - XDP_PASS: 943 Mbit/s TX, 935 Mbit/s RX (no regression vs baseline)
> - XDP_PASS latency: 0.164ms avg, 0% packet loss
> - XDP_DROP: all inbound traffic blocked as expected
> - XDP_TX: TX counter increments (packet reflection working)
> - Link flap with XDP attached: no errors
> - Program swap under iperf3 load: no errors
> - Upstream XDP selftests (xdp.py): pass_sb, drop_sb, tx_sb passing
> - XDP-based EtherCAT master (~37 kHz cycle rate, all packet processing
>   in BPF/XDP), stable over multiple days

## Form letter - net-next-closed

We have already submitted our pull request with net-next material for
v7.1, and therefore net-next is closed for new drivers, features, code
refactoring and optimizations. We are currently accepting bug fixes only.

Please repost when net-next reopens after Apr 26th.

RFC patches sent for review only are obviously welcome at any time.

See:
https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle


^ permalink raw reply

* Re: [PATCHv3] selftests: Use ktap helpers for runner.sh
From: Qingfang Deng @ 2026-04-16  8:07 UTC (permalink / raw)
  To: Hangbin Liu; +Cc: Brendan Jackman, Shuah Khan, linux-kselftest, netdev

Hi, Hangbin

This patch broke selftests run with `make -C tools/testing/selftests` as 
make uses /bin/sh by default:

/bin/sh: 5: 
/home/qf/linux-next/tools/testing/selftests/kselftest/runner.sh: Bad 
substitution

Add `SHELL := /bin/bash` to the start of lib.mk to fix this.

^ permalink raw reply

* Re: [PATCH net 1/3] octeontx2-af: npc: cn20k: Handle npc_mcam_idx_2_key_type() failures
From: Dan Carpenter @ 2026-04-16  8:08 UTC (permalink / raw)
  To: Ratheesh Kannoth
  Cc: netdev, linux-kernel, sgoutham, davem, edumazet, kuba, pabeni,
	andrew+netdev, dan.carpenter
In-Reply-To: <20260416035352.333808-2-rkannoth@marvell.com>

On Thu, Apr 16, 2026 at 09:23:50AM +0530, Ratheesh Kannoth wrote:
> npc_mcam_idx_2_key_type() can fail; ignoring its return value left
> kw_type unchecked in MCAM enable, configure, copy, and read paths.
> Return early on error so we do not program or interpret MCAM state
> with an invalid key type.
> 
> CC: Dan Carpenter <error27@gmail.com>
> Fixes: 6d1e70282f76 ("octeontx2-af: npc: cn20k: Use common APIs")
> Link: https://lore.kernel.org/netdev/adiQJvuKlEhq2ILx@stanley.mountain/
> Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>

Thanks.  That silences the uninitialized variable warning.

regards,
dan carpenter


^ permalink raw reply

* Re: [PATCH net,v2 1/1] net: stmmac: Update default_an_inband before passing value to phylink_config
From: Paolo Abeni @ 2026-04-16  8:12 UTC (permalink / raw)
  To: KhaiWenTan, andrew+netdev, davem, edumazet, kuba, mcoquelin.stm32,
	alexandre.torgue, rmk+kernel, maxime.chevallier, ovidiu.panait.rb,
	vladimir.oltean
  Cc: netdev, linux-stm32, linux-arm-kernel, linux-kernel,
	yoong.siang.song, hong.aun.looi, khai.wen.tan
In-Reply-To: <20260413020339.68426-1-khai.wen.tan@linux.intel.com>

On 4/13/26 4:03 AM, KhaiWenTan wrote:
> get_interfaces() will update both the plat->phy_interfaces and
> mdio_bus_data->default_an_inband based on reading a SERDES register. As
> get_interfaces() will be called after default_an_inband had already been
> read, dwmac-intel regressed as a result with incorrect default_an_inband
> value in phylink_config.
> 
> Therefore, we moved the priv->plat->get_interfaces() to be executed first
> before assigning mdio_bus_data->default_an_inband to
> config->default_an_inband to ensure default_an_inband is in correct value.
> 
> Fixes: d3836052fe09 ("net: stmmac: intel: convert speed_mode_2500() to get_interfaces()")
> Signed-off-by: KhaiWenTan <khai.wen.tan@linux.intel.com>

Since Jakub sent the net-next PR and forwarded the trees, this patch
does not apply anymore. Please rebase and repost. You can retain
Russell's reviewed-by tag.

Thanks,

Paolo


^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox