Revision tags: v6.6.25, v6.6.24, v6.6.23 |
|
#
6312d88f |
| 12-Mar-2024 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: Allow UDP encapsulation only in offload modes
[ Upstream commit 773bb766ca4a05bf363203030b72b10088869224 ]
The missing check of x->encap caused to the situation where GSO packets were created
xfrm: Allow UDP encapsulation only in offload modes
[ Upstream commit 773bb766ca4a05bf363203030b72b10088869224 ]
The missing check of x->encap caused to the situation where GSO packets were created with UDP encapsulation.
As a solution return the encap check for non-offloaded SA.
Fixes: 983a73da1f99 ("xfrm: Pass UDP encapsulation in TX packet offload") Closes: https://lore.kernel.org/all/a650221ae500f0c7cf496c61c96c1b103dcb6f67.camel@redhat.com Reported-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v6.6.16, v6.6.15, v6.6.14 |
|
#
f6edcad5 |
| 24-Jan-2024 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: Pass UDP encapsulation in TX packet offload
[ Upstream commit 983a73da1f996faee9997149eb05b12fa7bd8cbf ]
In addition to citied commit in Fixes line, allow UDP encapsulation in TX path too.
F
xfrm: Pass UDP encapsulation in TX packet offload
[ Upstream commit 983a73da1f996faee9997149eb05b12fa7bd8cbf ]
In addition to citied commit in Fixes line, allow UDP encapsulation in TX path too.
Fixes: 89edf40220be ("xfrm: Support UDP encapsulation in packet offload mode") CC: Steffen Klassert <steffen.klassert@secunet.com> Reported-by: Mike Yu <yumike@google.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39 |
|
#
89edf402 |
| 19-Jul-2023 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: Support UDP encapsulation in packet offload mode
Since mlx5 supports UDP encapsulation in packet offload, change the XFRM core to allow users to configure it.
Signed-off-by: Leon Romanovsky <
xfrm: Support UDP encapsulation in packet offload mode
Since mlx5 supports UDP encapsulation in packet offload, change the XFRM core to allow users to configure it.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
show more ...
|
Revision tags: v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33 |
|
#
d457a0e3 |
| 08-Jun-2023 |
Eric Dumazet <edumazet@google.com> |
net: move gso declarations and functions to their own files
Move declarations into include/net/gso.h and code into net/core/gso.c
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Stanislav Fom
net: move gso declarations and functions to their own files
Move declarations into include/net/gso.h and code into net/core/gso.c
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Stanislav Fomichev <sdf@google.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: David Ahern <dsahern@kernel.org> Link: https://lore.kernel.org/r/20230608191738.3947077-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25 |
|
#
ec8f32ad |
| 19-Apr-2023 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: Fix leak of dev tracker
At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call.
Fixes: 919e43fad516 ("xfrm: add an interfa
xfrm: Fix leak of dev tracker
At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call.
Fixes: 919e43fad516 ("xfrm: add an interface to offload policy") Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v6.1.24, v6.1.23, v6.1.22 |
|
#
3e1c957f |
| 30-Mar-2023 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: don't require advance ESN callback for packet offload
In packet offload mode, the hardware is responsible to manage replay window and advance ESN. In that mode, there won't any call to .xdo_de
xfrm: don't require advance ESN callback for packet offload
In packet offload mode, the hardware is responsible to manage replay window and advance ESN. In that mode, there won't any call to .xdo_dev_state_advance_esn callback.
So relax current check for existence of that callback.
Link: https://lore.kernel.org/r/9f3dfc3fef2cfcd191f0c5eee7cf0aa74e7f7786.1680162300.git.leonro@nvidia.com Reviewed-by: Raed Salem <raeds@nvidia.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
show more ...
|
Revision tags: v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9 |
|
#
028fb19c |
| 31-Jan-2023 |
Leon Romanovsky <leonro@nvidia.com> |
netlink: provide an ability to set default extack message
In netdev common pattern, extack pointer is forwarded to the drivers to be filled with error message. However, the caller can easily overwri
netlink: provide an ability to set default extack message
In netdev common pattern, extack pointer is forwarded to the drivers to be filled with error message. However, the caller can easily overwrite the filled message.
Instead of adding multiple "if (!extack->_msg)" checks before any NL_SET_ERR_MSG() call, which appears after call to the driver, let's add new macro to common code.
[1] https://lore.kernel.org/all/Y9Irgrgf3uxOjwUm@unreal Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Link: https://lore.kernel.org/r/6993fac557a40a1973dfa0095107c3d03d40bec1.1675171790.git.leon@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
7681a4f5 |
| 24-Jan-2023 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: extend add state callback to set failure reason
Almost all validation logic is in the drivers, but they are missing reliable way to convey failure reason to userspace applications.
Let's use
xfrm: extend add state callback to set failure reason
Almost all validation logic is in the drivers, but they are missing reliable way to convey failure reason to userspace applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
#
3089386d |
| 24-Jan-2023 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: extend add policy callback to set failure reason
Almost all validation logic is in the drivers, but they are missing reliable way to convey failure reason to userspace applications.
Let's use
xfrm: extend add policy callback to set failure reason
Almost all validation logic is in the drivers, but they are missing reliable way to convey failure reason to userspace applications.
Let's use extack to return this information to users.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12 |
|
#
abe2343d |
| 07-Dec-2022 |
Colin Ian King <colin.i.king@gmail.com> |
xfrm: Fix spelling mistake "oflload" -> "offload"
There is a spelling mistake in a NL_SET_ERR_MSG message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Steffen Klas
xfrm: Fix spelling mistake "oflload" -> "offload"
There is a spelling mistake in a NL_SET_ERR_MSG message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
f8a70afa |
| 02-Dec-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: add TX datapath support for IPsec packet offload mode
In IPsec packet mode, the device is going to encrypt and encapsulate packets that are associated with offloaded policy. After successful p
xfrm: add TX datapath support for IPsec packet offload mode
In IPsec packet mode, the device is going to encrypt and encapsulate packets that are associated with offloaded policy. After successful policy lookup to indicate if packets should be offloaded or not, the stack forwards packets to the device to do the magic.
Signed-off-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Huy Nguyen <huyn@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
919e43fa |
| 02-Dec-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: add an interface to offload policy
Extend netlink interface to add and delete XFRM policy from the device. This functionality is a first step to implement packet IPsec offload solution.
Signe
xfrm: add an interface to offload policy
Extend netlink interface to add and delete XFRM policy from the device. This functionality is a first step to implement packet IPsec offload solution.
Signed-off-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
62f6eca5 |
| 02-Dec-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: allow state packet offload mode
Allow users to configure xfrm states with packet offload mode. The packet mode must be requested both for policy and state, and such requires us to do not imple
xfrm: allow state packet offload mode
Allow users to configure xfrm states with packet offload mode. The packet mode must be requested both for policy and state, and such requires us to do not implement fallback.
We explicitly return an error if requested packet mode can't be configured.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
d14f28b8 |
| 02-Dec-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: add new packet offload flag
In the next patches, the xfrm core code will be extended to support new type of offload - packet offload. In that mode, both policy and state should be specially co
xfrm: add new packet offload flag
In the next patches, the xfrm core code will be extended to support new type of offload - packet offload. In that mode, both policy and state should be specially configured in order to perform whole offloaded data path.
Full offload takes care of encryption, decryption, encapsulation and other operations with headers.
As this mode is new for XFRM policy flow, we can "start fresh" with flag bits and release first and second bit for future use.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3 |
|
#
4b549ccc |
| 17-Oct-2022 |
Christian Langrock <christian.langrock@secunet.com> |
xfrm: replay: Fix ESN wrap around for GSO
When using GSO it can happen that the wrong seq_hi is used for the last packets before the wrap around. This can lead to double usage of a sequence number.
xfrm: replay: Fix ESN wrap around for GSO
When using GSO it can happen that the wrong seq_hi is used for the last packets before the wrap around. This can lead to double usage of a sequence number. To avoid this, we should serialize this last GSO packet.
Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading") Co-developed-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Christian Langrock <christian.langrock@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68 |
|
#
adb5c33e |
| 14-Sep-2022 |
Sabrina Dubroca <sd@queasysnail.net> |
xfrm: add extack support to xfrm_dev_state_add
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
Revision tags: v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61, v5.15.60, v5.15.59, v5.19, v5.15.58, v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46 |
|
#
d62607c3 |
| 07-Jun-2022 |
Jakub Kicinski <kuba@kernel.org> |
net: rename reference+tracking helpers
Netdev reference helpers have a dev_ prefix for historic reasons. Renaming the old helpers would be too much churn but we can rename the tracking ones which ar
net: rename reference+tracking helpers
Netdev reference helpers have a dev_ prefix for historic reasons. Renaming the old helpers would be too much churn but we can rename the tracking ones which are relatively recent and should be the default for new code.
Rename: dev_hold_track() -> netdev_hold() dev_put_track() -> netdev_put() dev_replace_track() -> netdev_ref_replace()
Link: https://lore.kernel.org/r/20220608043955.919359-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18, v5.15.41, v5.15.40, v5.15.39, v5.15.38 |
|
#
254c4a82 |
| 05-May-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: drop not needed flags variable in XFRM offload struct
After drivers were converted to rely on direction, the flags is not used anymore and can be removed.
Reviewed-by: Raed Salem <raeds@nvidi
xfrm: drop not needed flags variable in XFRM offload struct
After drivers were converted to rely on direction, the flags is not used anymore and can be removed.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
482db2f1 |
| 05-May-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: store and rely on direction to construct offload flags
XFRM state doesn't need anything from flags except to understand direction, so store it separately. For future patches, such change will
xfrm: store and rely on direction to construct offload flags
XFRM state doesn't need anything from flags except to understand direction, so store it separately. For future patches, such change will allow us to reuse xfrm_dev_offload for policy offload too, which has three possible directions instead of two.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
87e0a94e |
| 05-May-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: rename xfrm_state_offload struct to allow reuse
The struct xfrm_state_offload has all fields needed to hold information for offloaded policies too. In order to do not create new struct with sa
xfrm: rename xfrm_state_offload struct to allow reuse
The struct xfrm_state_offload has all fields needed to hold information for offloaded policies too. In order to do not create new struct with same fields, let's rename existing one and reuse it later.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
#
a36708e6 |
| 05-May-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: delete not used number of external headers
num_exthdrs is set but never used, so delete it.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Acked
xfrm: delete not used number of external headers
num_exthdrs is set but never used, so delete it.
Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v5.15.37, v5.15.36, v5.15.35, v5.15.34, v5.15.33, v5.15.32, v5.15.31, v5.17, v5.15.30, v5.15.29, v5.15.28 |
|
#
625788b5 |
| 10-Mar-2022 |
Eric Dumazet <edumazet@google.com> |
net: add per-cpu storage and net->core_stats
Before adding yet another possibly contended atomic_long_t, it is time to add per-cpu storage for existing ones: dev->tx_dropped, dev->rx_dropped, and d
net: add per-cpu storage and net->core_stats
Before adding yet another possibly contended atomic_long_t, it is time to add per-cpu storage for existing ones: dev->tx_dropped, dev->rx_dropped, and dev->rx_nohandler
Because many devices do not have to increment such counters, allocate the per-cpu storage on demand, so that dev_get_stats() does not have to spend considerable time folding zero counters.
Note that some drivers have abused these counters which were supposed to be only used by core networking stack.
v4: should use per_cpu_ptr() in dev_get_stats() (Jakub) v3: added a READ_ONCE() in netdev_core_stats_alloc() (Paolo) v2: add a missing include (reported by kernel test robot <lkp@intel.com>) Change in netdev_core_stats_alloc() (Jakub)
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: jeffreyji <jeffreyji@google.com> Reviewed-by: Brian Vazquez <brianvv@google.com> Reviewed-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20220311051420.2608812-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|
Revision tags: v5.15.27, v5.15.26, v5.15.25, v5.15.24, v5.15.23, v5.15.22 |
|
#
7c76ecd9 |
| 08-Feb-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: enforce validity of offload input flags
struct xfrm_user_offload has flags variable that received user input, but kernel didn't check if valid bits were provided. It caused a situation where n
xfrm: enforce validity of offload input flags
struct xfrm_user_offload has flags variable that received user input, but kernel didn't check if valid bits were provided. It caused a situation where not sanitized input was forwarded directly to the drivers.
For example, XFRM_OFFLOAD_IPV6 define that was exposed, was used by strongswan, but not implemented in the kernel at all.
As a solution, check and sanitize input flags to forward XFRM_OFFLOAD_INBOUND to the drivers.
Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v5.15.21, v5.15.20, v5.15.19 |
|
#
2ecda181 |
| 01-Feb-2022 |
Leon Romanovsky <leonro@nvidia.com> |
xfrm: delete duplicated functions that calls same xfrm_api_check()
The xfrm_dev_register() and xfrm_dev_feat_change() have same implementation of one call to xfrm_api_check(). Instead of doing such
xfrm: delete duplicated functions that calls same xfrm_api_check()
The xfrm_dev_register() and xfrm_dev_feat_change() have same implementation of one call to xfrm_api_check(). Instead of doing such indirection, call to xfrm_api_check() directly and delete duplicated functions.
Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
show more ...
|
Revision tags: v5.15.18, v5.15.17, v5.4.173, v5.15.16, v5.15.15, v5.16, v5.15.10, v5.15.9, v5.15.8 |
|
#
e1b539bd |
| 09-Dec-2021 |
Eric Dumazet <edumazet@google.com> |
xfrm: add net device refcount tracker to struct xfrm_state_offload
Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kern
xfrm: add net device refcount tracker to struct xfrm_state_offload
Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kernel.org/r/20211209154451.4184050-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
show more ...
|