1. 12 Oct, 2021 21 commits
    • David S. Miller's avatar
      Merge branch 'Managed-Neighbor-Entries' · 2ed08b5e
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      Managed Neighbor Entries
      
      This series adds a couple of fixes related to NTF_EXT_LEARNED and NTF_USE
      neighbor flags, extends the UAPI with a new NDA_FLAGS_EXT netlink attribute
      in order to be able to add new neighbor flags from user space given all
      current struct ndmsg / ndm_flags bits are used up. Finally, the core of this
      series adds a new NTF_EXT_MANAGED flag to neighbors, which allows user space
      control planes to add 'managed' neighbor entries. Meaning, user space may
      either transition existing entries or can push down new L3 entries without
      lladdr into the kernel where the latter will periodically try to keep such
      NTF_EXT_MANAGED managed entries in reachable state. Main use case for this
      series are XDP / tc BPF load-balancers which make use of the bpf_fib_lookup()
      helper for backends. For more details, please see individual patches. Thanks!
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2ed08b5e
    • Daniel Borkmann's avatar
      net, neigh: Add NTF_MANAGED flag for managed neighbor entries · 7482e384
      Daniel Borkmann authored
      Allow a user space control plane to insert entries with a new NTF_EXT_MANAGED
      flag. The flag then indicates to the kernel that the neighbor entry should be
      periodically probed for keeping the entry in NUD_REACHABLE state iff possible.
      
      The use case for this is targeting XDP or tc BPF load-balancers which use
      the bpf_fib_lookup() BPF helper in order to piggyback on neighbor resolution
      for their backends. Given they cannot be resolved in fast-path, a control
      plane inserts the L3 (without L2) entries manually into the neighbor table
      and lets the kernel do the neighbor resolution either on the gateway or on
      the backend directly in case the latter resides in the same L2. This avoids
      to deal with L2 in the control plane and to rebuild what the kernel already
      does best anyway.
      
      NTF_EXT_MANAGED can be combined with NTF_EXT_LEARNED in order to avoid GC
      eviction. The kernel then adds NTF_MANAGED flagged entries to a per-neighbor
      table which gets triggered by the system work queue to periodically call
      neigh_event_send() for performing the resolution. The implementation allows
      migration from/to NTF_MANAGED neighbor entries, so that already existing
      entries can be converted by the control plane if needed. Potentially, we could
      make the interval for periodically calling neigh_event_send() configurable;
      right now it's set to DELAY_PROBE_TIME which is also in line with mlxsw which
      has similar driver-internal infrastructure c723c735 ("mlxsw: spectrum_router:
      Periodically update the kernel's neigh table"). In future, the latter could
      possibly reuse the NTF_MANAGED neighbors as well.
      
      Example:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 managed extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a managed extern_learn REACHABLE
        [...]
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarRoopa Prabhu <roopa@nvidia.com>
      Link: https://linuxplumbersconf.org/event/11/contributions/953/Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7482e384
    • Roopa Prabhu's avatar
      net, neigh: Extend neigh->flags to 32 bit to allow for extensions · 2c611ad9
      Roopa Prabhu authored
      Currently, all bits in struct ndmsg's ndm_flags are used up with the most
      recent addition of 435f2e7c ("net: bridge: add support for sticky fdb
      entries"). This makes it impossible to extend the neighboring subsystem
      with new NTF_* flags:
      
        struct ndmsg {
          __u8   ndm_family;
          __u8   ndm_pad1;
          __u16  ndm_pad2;
          __s32  ndm_ifindex;
          __u16  ndm_state;
          __u8   ndm_flags;
          __u8   ndm_type;
        };
      
      There are ndm_pad{1,2} attributes which are not used. However, due to
      uncareful design, the kernel does not enforce them to be zero upon new
      neighbor entry addition, and given they've been around forever, it is
      not possible to reuse them today due to risk of breakage. One option to
      overcome this limitation is to add a new NDA_FLAGS_EXT attribute for
      extended flags.
      
      In struct neighbour, there is a 3 byte hole between protocol and ha_lock,
      which allows neigh->flags to be extended from 8 to 32 bits while still
      being on the same cacheline as before. This also allows for all future
      NTF_* flags being in neigh->flags rather than yet another flags field.
      Unknown flags in NDA_FLAGS_EXT will be rejected by the kernel.
      Co-developed-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarRoopa Prabhu <roopa@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c611ad9
    • Daniel Borkmann's avatar
      net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE · 3dc20f47
      Daniel Borkmann authored
      Currently, it is not possible to migrate a neighbor entry between NUD_PERMANENT
      state and NTF_USE flag with a dynamic NUD state from a user space control plane.
      Similarly, it is not possible to add/remove NTF_EXT_LEARNED flag from an existing
      neighbor entry in combination with NTF_USE flag.
      
      This is due to the latter directly calling into neigh_event_send() without any
      meta data updates as happening in __neigh_update(). Thus, to enable this use
      case, extend the latter with a NEIGH_UPDATE_F_USE flag where we break the
      NUD_PERMANENT state in particular so that a latter neigh_event_send() is able
      to re-resolve a neighbor entry.
      
      Before fix, NUD_PERMANENT -> NUD_* & NTF_USE:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a PERMANENT
        [...]
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a PERMANENT
        [...]
      
      As can be seen, despite the admin-triggered replace, the entry remains in the
      NUD_PERMANENT state.
      
      After fix, NUD_PERMANENT -> NUD_* & NTF_USE:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a PERMANENT
        [...]
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a extern_learn REACHABLE
        [...]
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a extern_learn STALE
        [...]
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a PERMANENT
        [...]
      
      After the fix, the admin-triggered replace switches to a dynamic state from
      the NTF_USE flag which triggered a new neighbor resolution. Likewise, we can
      transition back from there, if needed, into NUD_PERMANENT.
      
      Similar before/after behavior can be observed for below transitions:
      
      Before fix, NTF_USE -> NTF_USE | NTF_EXT_LEARNED -> NTF_USE:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a REACHABLE
        [...]
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a REACHABLE
        [...]
      
      After fix, NTF_USE -> NTF_USE | NTF_EXT_LEARNED -> NTF_USE:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a REACHABLE
        [...]
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a extern_learn REACHABLE
        [...]
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a REACHABLE
        [..]
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarRoopa Prabhu <roopa@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3dc20f47
    • Daniel Borkmann's avatar
      net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE · e4400bbf
      Daniel Borkmann authored
      The NTF_EXT_LEARNED neigh flag is usually propagated back to user space
      upon dump of the neighbor table. However, when used in combination with
      NTF_USE flag this is not the case despite exempting the entry from the
      garbage collector. This results in inconsistent state since entries are
      typically marked in neigh->flags with NTF_EXT_LEARNED, but here they are
      not. Fix it by propagating the creation flag to ___neigh_create().
      
      Before fix:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a REACHABLE
        [...]
      
      After fix:
      
        # ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
        # ./ip/ip n
        192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a extern_learn REACHABLE
        [...]
      
      Fixes: 9ce33e46 ("neighbour: support for NTF_EXT_LEARNED flag")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarRoopa Prabhu <roopa@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e4400bbf
    • Len Baker's avatar
      net: hns: Prefer struct_size over open coded arithmetic · 7bb39a39
      Len Baker authored
      As noted in the "Deprecated Interfaces, Language Features, Attributes,
      and Conventions" documentation [1], size calculations (especially
      multiplication) should not be performed in memory allocator (or similar)
      function arguments due to the risk of them overflowing. This could lead
      to values wrapping around and a smaller allocation being made than the
      caller was expecting. Using those allocations could lead to linear
      overflows of heap memory and other misbehaviors.
      
      So, take the opportunity to refactor the hnae_handle structure to switch
      the last member to flexible array, changing the code accordingly. Also,
      fix the comment in the hnae_vf_cb structure to inform that the ae_handle
      member must be the last member.
      
      Then, use the struct_size() helper to do the arithmetic instead of the
      argument "size + count * size" in the kzalloc() function.
      
      This code was detected with the help of Coccinelle and audited and fixed
      manually.
      
      [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-argumentsSigned-off-by: default avatarLen Baker <len.baker@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bb39a39
    • David S. Miller's avatar
      Merge branch 'mlxsw-ECN-mirroring' · 249ae949
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: Add support for ECN mirroring
      
      Petr says:
      
      Patches in this set have been floating around for some time now together
      with trap_fwd support. That will however need more work, time for which is
      nowhere to be found, apparently. Instead, this patchset enables offload of
      only packet mirroring on RED mark qevent, enabling mirroring of ECN-marked
      packets.
      
      Formally it enables offload of filters added to blocks bound to the RED
      qevent mark if:
      
      - The switch ASIC is Spectrum-2 or above.
      - Only a single filter is attached at the block, at chain 0 (the default),
        and its classifier is matchall.
      - The filter has hw_stats set to disabled.
      - The filter has a single action, which is mirror.
      
      This differs from early_drop qevent offload, which supports mirroring and
      trapping. However trapping in context of ECN-marked packets is not
      suitable, because the HW does not drop the packet, as the trap action
      implies. And there is as of now no way to express only the part of trapping
      that transfers the packet to the SW datapath, sans the HW-datapath drop.
      
      The patchset progresses as follows:
      
      Patch #1 is an extack propagation.
      
      Mirroring of ECN-marked packets is configured in the ASIC through an ECN
      trigger, which is considered "egress", unlike the EARLY_DROP trigger.
      In patch #2, add a helper to classify triggers as ingress.
      
      As clarified above, traps cannot be offloaded on mark qevent. Similarly,
      given a trap_fwd action, it would not be offloadable on early_drop qevent.
      In patch #3, introduce support for tracking actions permissible on a given
      block.
      
      Patch #4 actually adds the mark qevent offload.
      
      In patch #5, fix a small style issue in one of the selftests, and in
      patch #6 add mark offload selftests.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      249ae949
    • Petr Machata's avatar
      selftests: mlxsw: RED: Add selftests for the mark qevent · 0cd6fa99
      Petr Machata authored
      Add do_mark_test(), which is to do_ecn_test() like do_drop_test() is to
      do_red_test(): meant to test that actions on the RED mark qevent block are
      offloaded, and executed on ECN-marked packets.
      
      The test splits install_qdisc() into its constituents, install_root_qdisc()
      and install_qdisc_tcX(). This is in order to test that when mirroring is
      enabled on one TC, the other TC does not mirror.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0cd6fa99
    • Petr Machata's avatar
      selftests: mlxsw: sch_red_core: Drop two unused variables · a703b517
      Petr Machata authored
      These variables are cut'n'pasted from other functions in the file and not
      actually used.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a703b517
    • Petr Machata's avatar
      mlxsw: spectrum_qdisc: Offload RED qevent mark · 9c18eaf2
      Petr Machata authored
      The RED "mark" qevent can be offloaded under similar conditions as the RED
      "early_drop" qevent. Therefore recognize its binding type in the
      TC_SETUP_BLOCK handler and translate to the right SPAN trigger, with the
      right set of supported actions.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9c18eaf2
    • Petr Machata's avatar
      mlxsw: spectrum_qdisc: Track permissible actions per binding · 099bf89d
      Petr Machata authored
      One block can be bound to several qevents. The qevent type that the block
      is bound to determines which actions make sense in a given context. In the
      particular case of mlxsw, trap cannot be offloaded on a RED mark qevent,
      because the trap contract specifies that the packet is dropped in the HW
      datapath, and the HW trigger that the action is offloaded to is always
      forwarding the packet (in addition to marking in).
      
      Therefore keep track of which actions are permissible at each binding
      block. When an attempt is made to bind a certain action at a binding point
      where it is not supported, bounce the request.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      099bf89d
    • Petr Machata's avatar
      mlxsw: spectrum_qdisc: Distinguish between ingress and egress triggers · 0908e42a
      Petr Machata authored
      The following patches will configure the MLXSW_SP_SPAN_TRIGGER_ECN
      mirroring trigger. This trigger is considered "egress", unlike the
      previously-offloaded _EARLY_DROP. Add a helper to spectrum_span,
      mlxsw_sp_span_trigger_is_ingress(), to classify triggers to ingress and
      egress. Pass result of this instead of hardcoding true when calling
      mlxsw_sp_span_analyzed_port_get()/_put().
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0908e42a
    • Petr Machata's avatar
      mlxsw: spectrum_qdisc: Pass extack to mlxsw_sp_qevent_entry_configure() · a34dda72
      Petr Machata authored
      This function will report a new failure in the following patches.
      Pass extack so that the failure is explicable.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a34dda72
    • Jakub Kicinski's avatar
      Merge branch 'nfc-minor-printk-cleanup' · ff7f0e4e
      Jakub Kicinski authored
      Krzysztof Kozlowski says:
      
      ====================
      nfc: minor printk cleanup
      
      v2: Correct SPDX license in patch 2/7 (as Joe pointed out).
      v1: Remove unused variable in pn533 (reported by kbuild).
      ====================
      
      Link: https://lore.kernel.org/r/20211011133835.236347-1-krzysztof.kozlowski@canonical.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      ff7f0e4e
    • Krzysztof Kozlowski's avatar
      nfc: microread: drop unneeded debug prints · f41e137a
      Krzysztof Kozlowski authored
      ftrace is a preferred and standard way to debug entering and exiting
      functions so drop useless debug prints.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f41e137a
    • Krzysztof Kozlowski's avatar
      nfc: trf7970a: drop unneeded debug prints · f0563ebe
      Krzysztof Kozlowski authored
      ftrace is a preferred and standard way to debug entering and exiting
      functions so drop useless debug prints.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Acked-by: default avatarMark Greer <mgreer@animalcreek.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f0563ebe
    • Krzysztof Kozlowski's avatar
      nfc: st21nfca: drop unneeded debug prints · e52cc2a6
      Krzysztof Kozlowski authored
      ftrace is a preferred and standard way to debug entering and exiting
      functions so drop useless debug prints.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e52cc2a6
    • Krzysztof Kozlowski's avatar
      nfc: st-nci: drop unneeded debug prints · 84910319
      Krzysztof Kozlowski authored
      ftrace is a preferred and standard way to debug entering and exiting
      functions so drop useless debug prints.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      84910319
    • Krzysztof Kozlowski's avatar
      nfc: s3fwrn5: simplify dereferencing pointer to struct device · edfa5366
      Krzysztof Kozlowski authored
      Simplify the code dereferencing several pointers to reach the struct
      device.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      edfa5366
    • Krzysztof Kozlowski's avatar
      nfc: nci: replace GPLv2 boilerplate with SPDX · f141cfe3
      Krzysztof Kozlowski authored
      Replace standard GPLv2 license text with SPDX tag.  Although the comment
      mentions GPLv2-only, it refers to the full license file which allows
      later GPL versions.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f141cfe3
    • Krzysztof Kozlowski's avatar
      nfc: drop unneeded debug prints · 5b25a5bf
      Krzysztof Kozlowski authored
      ftrace is a preferred and standard way to debug entering and exiting
      functions so drop useless debug prints.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5b25a5bf
  2. 11 Oct, 2021 19 commits