Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.2.y 2022-12-05T09:32:44Z 2022-12-05T09:32:44Z Leon Romanovsky leonro@nvidia.com 2022-12-02T18:41:28Z urn:sha1:62f6eca5de103c6823f6ca2abbf2ee242e132207 Allow users to configure xfrm states with packet offload mode. The packet mode must be requested both for policy and state, and such requires us to do not implement fallback. We explicitly return an error if requested packet mode can't be configured. Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2022-05-06T06:32:52Z Leon Romanovsky leonro@nvidia.com 2022-05-05T10:06:42Z urn:sha1:0c05ab78e3f2105de0f7be56e244906b1e8d176d Convert the ixgbe driver to rely on XFRM offload state direction instead of flags bits that were not checked at all. Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2021-11-17T16:07:42Z Radoslaw Tyl radoslawx.tyl@intel.com 2021-06-30T08:15:32Z urn:sha1:339f28964147db9cb5c45d84a9b9d86a8ceb9260 Provide improved mailbox communication, between PF and VF, which is defined as API version 1.5. Signed-off-by: Radoslaw Tyl <radoslawx.tyl@intel.com> Tested-by: Tony Brelinski <tony.brelinski@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> 2021-11-17T16:07:42Z Radoslaw Tyl radoslawx.tyl@intel.com 2021-06-30T08:15:31Z urn:sha1:c869259881a36fa86086efe661c74a6a9de5b169 Improve reliability of the mailbox communication and remove its potential flaws that may lead to the undefined or faulty behavior. Recently some users reported issues on ESX with 10G Intel NICs which were found to be caused by incorrect implementation of the PF-VF mailbox communication. Technical investigation highlighted areas to improve in the communication between PF or VF that wants to send the message (sender) and the other part which receives the message (receiver): - Locking the mailbox when the sender wants to send a message - Releasing the mailbox when the communication ends - Returning the result of the mailbox message execution Signed-off-by: Radoslaw Tyl <radoslawx.tyl@intel.com> Tested-by: Tony Brelinski <tony.brelinski@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> 2021-11-17T16:07:42Z Radoslaw Tyl radoslawx.tyl@intel.com 2021-06-30T08:15:28Z urn:sha1:0edbecd5705728e803a56d646194f4ccdef5845f There is name similarity within IXGBE_VT_MSGTYPE_ACK and PFMAILBOX.ACK / VFMAILBOX.ACK. MSGTYPE macros are renamed to SUCCESS and FAILURE because they are not specified in datasheet and now will be easily distinguishable. Signed-off-by: Radoslaw Tyl <radoslawx.tyl@intel.com> Tested-by: Tony Brelinski <tony.brelinski@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> 2021-07-06T17:36:59Z Taehee Yoo ap420073@gmail.com 2021-07-05T15:38:09Z urn:sha1:2de7e4f67599affc97132bd07e30e3bd59d0b777 There are two pointers in struct xfrm_state_offload, *dev, *real_dev. These are used in callback functions of struct xfrmdev_ops. The *dev points whether bonding interface or real interface. If bonding ipsec offload is used, it points bonding interface If not, it points real interface. And real_dev always points real interface. So, ixgbevf should always use real_dev instead of dev. Of course, real_dev always not be null. Test commands: ip link add bond0 type bond #eth0 is ixgbevf interface ip link set eth0 master bond0 ip link set bond0 up ip x s add proto esp dst 14.1.1.1 src 15.1.1.1 spi 0x07 mode \ transport reqid 0x07 replay-window 32 aead 'rfc4106(gcm(aes))' \ 0x44434241343332312423222114131211f4f3f2f1 128 sel src 14.0.0.52/24 \ dst 14.0.0.70/24 proto tcp offload dev bond0 dir in Splat looks like: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 688 Comm: ip Not tainted 5.13.0-rc3+ #1168 RIP: 0010:ixgbevf_ipsec_find_empty_idx+0x28/0x1b0 [ixgbevf] Code: 00 00 0f 1f 44 00 00 55 53 48 89 fb 48 83 ec 08 40 84 f6 0f 84 9c 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 01 0f 8e 4c 01 00 00 66 81 3b 00 04 0f RSP: 0018:ffff8880089af390 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff8880089af4f8 R08: 0000000000000003 R09: fffffbfff4287e11 R10: 0000000000000001 R11: ffff888005de8908 R12: 0000000000000000 R13: ffff88810936a000 R14: ffff88810936a000 R15: ffff888004d78040 FS: 00007fdf9883a680(0000) GS:ffff88811a400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055bc14adbf40 CR3: 000000000b87c005 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ixgbevf_ipsec_add_sa+0x1bf/0x9c0 [ixgbevf] ? rcu_read_lock_sched_held+0x91/0xc0 ? ixgbevf_ipsec_parse_proto_keys.isra.9+0x280/0x280 [ixgbevf] ? lock_acquire+0x191/0x720 ? bond_ipsec_add_sa+0x48/0x350 [bonding] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 ? rcu_read_lock_held+0x91/0xa0 ? rcu_read_lock_sched_held+0xc0/0xc0 bond_ipsec_add_sa+0x193/0x350 [bonding] xfrm_dev_state_add+0x2a9/0x770 ? memcpy+0x38/0x60 xfrm_add_sa+0x2278/0x3b10 [xfrm_user] ? xfrm_get_policy+0xaa0/0xaa0 [xfrm_user] ? register_lock_class+0x1750/0x1750 xfrm_user_rcv_msg+0x331/0x660 [xfrm_user] ? rcu_read_lock_sched_held+0x91/0xc0 ? xfrm_user_state_lookup.constprop.39+0x320/0x320 [xfrm_user] ? find_held_lock+0x3a/0x1c0 ? mutex_lock_io_nested+0x1210/0x1210 ? sched_clock_cpu+0x18/0x170 netlink_rcv_skb+0x121/0x350 [ ... ] Fixes: 272c2330adc9 ("xfrm: bail early on slave pass over skb") Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-04T19:05:05Z Antony Antony antony@phenome.org 2020-10-14T14:17:48Z urn:sha1:d785e1fec60179f534fbe8d006c890e5ad186e51 Based on talks and indirect references ixgbe IPsec offlod do not support IPsec tunnel mode offload. It can only support IPsec transport mode offload. Now explicitly fail when creating non transport mode SA with offload to avoid false performance expectations. Fixes: 63a67fe229ea ("ixgbe: add ipsec offload add and remove SA") Signed-off-by: Antony Antony <antony@phenome.org> Acked-by: Shannon Nelson <snelson@pensando.io> Tested-by: Tony Brelinski <tonyx.brelinski@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> 2018-12-19T19:21:38Z Florian Westphal fw@strlen.de 2018-12-18T16:15:26Z urn:sha1:a84e3f533324e40e4a99f50dee2188bf140d8098 secpath_set is a wrapper for secpath_dup that will not perform an allocation if the secpath attached to the skb has a reference count of one, i.e., it doesn't need to be COW'ed. Also, secpath_dup doesn't attach the secpath to the skb, it leaves this to the caller. Use secpath_set in places that immediately assign the return value to skb. This allows to remove skb->sp without touching these spots again. secpath_dup can eventually be removed in followup patch. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net> 2018-12-19T19:21:37Z Florian Westphal fw@strlen.de 2018-12-18T16:15:21Z urn:sha1:2fdb435bc0d7492b8137d4c9db6a465511154e29 Use skb_sec_path and secpath_exists helpers where possible. This reduces noise in followup patch that removes skb->sp pointer. v2: no changes, preseve acks from v1. Acked-by: Shannon Nelson <shannon.lee.nelson@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net> 2018-10-03T19:29:34Z Dan Carpenter dan.carpenter@oracle.com 2018-09-19T10:35:29Z urn:sha1:617cc646a7a09c7abf507981a81f441fc79b0511 The ipsec->tx_tbl[] array has IXGBE_IPSEC_MAX_SA_COUNT elements so the > should be a >=. Fixes: 0062e7cc955e ("ixgbevf: add VF IPsec offload code") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>