From: Jakub Kicinski Date: Fri, 12 Sep 2025 00:37:09 +0000 (-0700) Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=fc3a2810412c163b5df1b377d332e048860f45db;p=users%2Fhch%2Fmisc.git Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Cross-merge networking fixes after downstream PR (net-6.17-rc6). Conflicts: net/netfilter/nft_set_pipapo.c net/netfilter/nft_set_pipapo_avx2.c c4eaca2e1052 ("netfilter: nft_set_pipapo: don't check genbit from packetpath lookups") 84c1da7b38d9 ("netfilter: nft_set_pipapo: use avx2 algorithm for insertions too") Only trivial adjacent changes (in a doc and a Makefile). Signed-off-by: Jakub Kicinski --- fc3a2810412c163b5df1b377d332e048860f45db diff --cc Documentation/networking/mptcp.rst index fdc7bfd5d5c5,2e31038d6462..b6753ffb9c9a --- a/Documentation/networking/mptcp.rst +++ b/Documentation/networking/mptcp.rst @@@ -60,13 -60,13 +60,13 @@@ address announcements. Typically, it i and the server side that announces additional addresses via the ``ADD_ADDR`` and ``REMOVE_ADDR`` options. - Path managers are controlled by the ``net.mptcp.pm_type`` sysctl knob -- see - mptcp-sysctl.rst. There are two types: the in-kernel one (type ``0``) where the - same rules are applied for all the connections (see: ``ip mptcp``) ; and the - userspace one (type ``1``), controlled by a userspace daemon (i.e. `mptcpd + Path managers are controlled by the ``net.mptcp.path_manager`` sysctl knob -- + see mptcp-sysctl.rst. There are two types: the in-kernel one (``kernel``) where + the same rules are applied for all the connections (see: ``ip mptcp``) ; and the + userspace one (``userspace``), controlled by a userspace daemon (i.e. `mptcpd `_) where different rules can be applied for each connection. The path managers can be controlled via a Netlink API; see -netlink_spec/mptcp_pm.rst. +../netlink/specs/mptcp_pm.rst. To be able to use multiple IP addresses on a host to create multiple *subflows* (paths), the default in-kernel MPTCP path-manager needs to know which IP diff --cc net/netfilter/nft_set_pipapo.c index 4b64c3bd8e70,793790d79d13..a7b8fa8cab7c --- a/net/netfilter/nft_set_pipapo.c +++ b/net/netfilter/nft_set_pipapo.c @@@ -562,7 -539,7 +578,7 @@@ nft_pipapo_lookup(const struct net *net const struct nft_pipapo_elem *e; m = rcu_dereference(priv->match); - e = pipapo_get_slow(m, (const u8 *)key, genmask, get_jiffies_64()); - e = pipapo_get(m, (const u8 *)key, NFT_GENMASK_ANY, get_jiffies_64()); ++ e = pipapo_get_slow(m, (const u8 *)key, NFT_GENMASK_ANY, get_jiffies_64()); return e ? &e->ext : NULL; } diff --cc net/netfilter/nft_set_pipapo_avx2.c index 7559306d0aed,c0884fa68c79..27dab3667548 --- a/net/netfilter/nft_set_pipapo_avx2.c +++ b/net/netfilter/nft_set_pipapo_avx2.c @@@ -1226,75 -1241,28 +1226,74 @@@ next_match #undef NFT_SET_PIPAPO_AVX2_LOOKUP - if (ret < 0) - goto out; + if (ret < 0) { + scratch->map_index = map_index; + kernel_fpu_end(); + __local_unlock_nested_bh(&scratch->bh_lock); + return NULL; + } if (last) { - const struct nft_set_ext *e = &f->mt[ret].e->ext; + struct nft_pipapo_elem *e; - if (unlikely(nft_set_elem_expired(e))) + e = f->mt[ret].e; + if (unlikely(__nft_set_elem_expired(&e->ext, tstamp) || + !nft_set_elem_active(&e->ext, genmask))) goto next_match; - ext = e; - goto out; + scratch->map_index = map_index; + kernel_fpu_end(); + __local_unlock_nested_bh(&scratch->bh_lock); + return e; } + map_index = !map_index; swap(res, fill); - rp += NFT_PIPAPO_GROUPS_PADDED_SIZE(f); + data += NFT_PIPAPO_GROUPS_PADDED_SIZE(f); } -out: - if (i % 2) - scratch->map_index = !map_index; kernel_fpu_end(); + __local_unlock_nested_bh(&scratch->bh_lock); + return NULL; +} + +/** + * nft_pipapo_avx2_lookup() - Dataplane frontend for AVX2 implementation + * @net: Network namespace + * @set: nftables API set representation + * @key: nftables API element representation containing key data + * + * This function is called from the data path. It will search for + * an element matching the given key in the current active copy using + * the AVX2 routines if the FPU is usable or fall back to the generic + * implementation of the algorithm otherwise. + * + * Return: nftables API extension pointer or NULL if no match. + */ +const struct nft_set_ext * +nft_pipapo_avx2_lookup(const struct net *net, const struct nft_set *set, + const u32 *key) +{ + struct nft_pipapo *priv = nft_set_priv(set); - u8 genmask = nft_genmask_cur(net); + const struct nft_pipapo_match *m; + const u8 *rp = (const u8 *)key; + const struct nft_pipapo_elem *e; + + local_bh_disable(); + + if (unlikely(!irq_fpu_usable())) { + const struct nft_set_ext *ext; + + ext = nft_pipapo_lookup(net, set, key); + + local_bh_enable(); + return ext; + } + + m = rcu_dereference(priv->match); + - e = pipapo_get_avx2(m, rp, genmask, get_jiffies_64()); ++ e = pipapo_get_avx2(m, rp, NFT_GENMASK_ANY, get_jiffies_64()); local_bh_enable(); - return ext; + return e ? &e->ext : NULL; } diff --cc tools/testing/selftests/net/Makefile index 08db9f0e5810,2b31d4a93ad7..ae1afe75bc86 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@@ -117,19 -116,15 +117,20 @@@ TEST_PROGS += skf_net_off.s TEST_GEN_FILES += skf_net_off TEST_GEN_FILES += tfo TEST_PROGS += tfo_passive.sh + TEST_PROGS += broadcast_ether_dst.sh TEST_PROGS += broadcast_pmtu.sh TEST_PROGS += ipv6_force_forwarding.sh +TEST_GEN_PROGS += ipv6_fragmentation +TEST_PROGS += route_hint.sh # YNL files, must be before "include ..lib.mk" -YNL_GEN_FILES := busy_poller netlink-dumps +YNL_GEN_FILES := busy_poller +YNL_GEN_PROGS := netlink-dumps TEST_GEN_FILES += $(YNL_GEN_FILES) +TEST_GEN_PROGS += $(YNL_GEN_PROGS) TEST_FILES := settings +TEST_FILES += fcnal-test.sh TEST_FILES += in_netns.sh lib.sh setup_loopback.sh setup_veth.sh TEST_GEN_FILES += $(patsubst %.c,%.o,$(wildcard *.bpf.c))