Pavel Skripkin [Mon, 1 Nov 2021 07:12:12 +0000 (10:12 +0300)]
Bluetooth: stop proccessing malicious adv data
Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.
We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.
Zijun Hu [Tue, 16 Nov 2021 08:51:38 +0000 (16:51 +0800)]
Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf()
it is erroneous to calculate padding by subtracting length of type
indication from skb->len, it will cause data analysis error for
alignment which is greater than 1, so fixed by adding length of type
indication with skb->len.
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Joseph Hwang [Tue, 2 Nov 2021 07:19:29 +0000 (15:19 +0800)]
Bluetooth: aosp: Support AOSP Bluetooth Quality Report
This patch adds the support of the AOSP Bluetooth Quality Report
(BQR) events.
Multiple vendors have supported the AOSP Bluetooth Quality Report.
When a Bluetooth controller supports the capability, it can enable
the aosp capability through hci_set_aosp_capable. Then hci_core will
set up the hdev->aosp_set_quality_report callback through aosp_do_open
if the controller responds to support the quality report capability.
Note that Intel also supports a distinct telemetry quality report
specification. Intel sets up the hdev->set_quality_report callback
in the btusb driver module.
Joseph Hwang [Tue, 2 Nov 2021 07:19:28 +0000 (15:19 +0800)]
Bluetooth: Add struct of reading AOSP vendor capabilities
This patch adds the struct of reading AOSP vendor capabilities.
New capabilities are added incrementally. Note that the
version_supported octets will be used to determine whether a
capability has been defined for the version.
Signed-off-by: Joseph Hwang <josephsih@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Mon, 1 Nov 2021 22:14:41 +0000 (15:14 -0700)]
Bluetooth: hci_sync: Fix not setting adv set duration
10bbffa3e88e attempted to fix the use of rotation duration as
advertising duration but it didn't change the if condition which still
uses the duration instead of the timeout.
Fixes: 10bbffa3e88e ("Bluetooth: Fix using advertising instance duration as timeout") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Mon, 1 Nov 2021 16:52:40 +0000 (09:52 -0700)]
Bluetooth: hci_sync: Fix missing static warnings
This fixes the following warnings:
>> net/bluetooth/hci_sync.c:1333:5: warning: no previous prototype for
'hci_scan_disable_sync' [-Wmissing-prototypes]
1333 | int hci_scan_disable_sync(struct hci_dev *hdev, bool rpa_le_conn)
| ^~~~~~~~~~~~~~~~~~~~~
>> net/bluetooth/hci_sync.c:1762:5: warning: no previous prototype for
'hci_passive_scan_sync' [-Wmissing-prototypes]
1762 | int hci_passive_scan_sync(struct hci_dev *hdev)
| ^~~~~~~~~~~~~~~~~~~~~
Fixes: e8907f76544f ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 3") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Wed, 27 Oct 2021 23:59:00 +0000 (16:59 -0700)]
Bluetooth: hci_sync: Rework hci_suspend_notifier
This makes hci_suspend_notifier use the hci_*_sync which can be
executed synchronously which is allowed in the suspend_notifier and
simplifies a lot of the handling since the status of each command can
be checked inline so no other work need to be scheduled thus can be
performed without using of a state machine.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Wed, 27 Oct 2021 23:58:59 +0000 (16:58 -0700)]
Bluetooth: hci_sync: Rework init stages
This moves the init stages to use the hci_sync infra and in addition
to that have the stages as function tables so it is easier to change
the command sequence.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
mgmt-test paths:
Set powered on - Privacy and Advertising
Set Advertising on - Success 2
Set Advertising on - Appearance 1
Set Advertising on - Local name 1
Set Advertising on - Name + Appear 1
Add Advertising - Success 4
Add Advertising - Success 5
Add Ext Advertising - Success 4
Add Ext Advertising - Success 5
Signed-off-by: Brian Gix <brian.gix@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
mgmt-test paths:
Read Local OOB Ext Data - Invalid index
Read Local OOB Ext Data - Legacy pairing
Read Local OOB Ext Data - Success SSP
Read Local OOB Ext Data - Success SC
Signed-off-by: Brian Gix <brian.gix@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This function requires all of the data from the cmd cmplt event
to be passed up to the caller via the skb.
mgmt-tester paths:
Read Local OOB Data - Not powered
Read Local OOB Data - Legacy pairing
Read Local OOB Data - Success SSP
Read Local OOB Data - Success SC
Signed-off-by: Brian Gix <brian.gix@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This make use of hci_cmd_sync_queue for MGMT_OP_START_DISCOVERY,
MGMT_OP_START_SERVICE_DISCOVERY and MGMT_OP_STOP_DISCOVERY to use
hci_cmd_sync_queue so they no longer depend on hdev->discov_update work
to send any commands.
Luiz Augusto von Dentz [Wed, 27 Oct 2021 23:58:44 +0000 (16:58 -0700)]
Bluetooth: hci_sync: Convert MGMT_SET_POWERED
This make use of hci_cmd_sync_queue when MGMT_SET_POWERED is used so all
commands are run within hdev->cmd_sync_work instead of
hdev->power_on_work and hdev->power_off_work.
In addition to that the power on sequence now takes into account if
local IRK needs to be programmed in the resolving list.
Tested with:
tools/mgmt-tester -s "Set powered"
Test Summary
------------
Set powered on - Success Passed
Set powered on - Invalid parameters 1 Passed
Set powered on - Invalid parameters 2 Passed
Set powered on - Invalid parameters 3 Passed
Set powered on - Invalid index Passed
Set powered on - Privacy and Advertising Passed
Set powered off - Success Passed
Set powered off - Class of Device Passed
Set powered off - Invalid parameters 1 Passed
Set powered off - Invalid parameters 2 Passed
Set powered off - Invalid parameters 3 Passed
Total: 11, Passed: 11 (100.0%), Failed: 0, Not Run: 0
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Wed, 27 Oct 2021 23:58:43 +0000 (16:58 -0700)]
Bluetooth: hci_sync: Rework background scan
This replaces the use of hci_update_background_scan with
hci_update_passive_scan which runs from cmd_work_sync and deal properly
with resolving list when LL privacy is enabled.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Wed, 27 Oct 2021 23:58:42 +0000 (16:58 -0700)]
Bluetooth: hci_sync: Enable advertising when LL privacy is enabled
This enables advertising when LL privacy is enabled and changes the
command sequence when resolving list is updated to also account for when
advertising is enabled using the following sequence:
If there are devices to scan:
Disable Scanning -> Update Accept List ->
use_ll_privacy((Disable Advertising) -> Disable Resolving List ->
Update Resolving List -> Enable Resolving List -> (Enable Advertising)) ->
Enable Scanning
Otherwise:
Disable Scanning
Errors during the Update Accept List stage are handled gracefully by
restoring any previous state (e.g. advertising) and disabling the use of
accept list as either accept list or resolving list could not be
updated.
Luiz Augusto von Dentz [Wed, 27 Oct 2021 23:58:39 +0000 (16:58 -0700)]
Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 1
This make use of hci_cmd_sync_queue for the following MGMT commands:
Set Device Class
Set Device ID
Add UUID
Remove UUID
tools/mgmt-tester -s "Set Device Class"
Test Summary
------------
Set Device Class - Success 1 Passed
Set Device Class - Success 2 Passed
Set Device Class - Invalid parameters 1 Passed
Total: 3, Passed: 3 (100.0%), Failed: 0, Not Run: 0
Overall execution time: 0.0599 seconds
tools/mgmt-tester -s "Set Device ID"
Test Summary
------------
Set Device ID - Success 1 Passed
Set Device ID - Success 2 Passed
Set Device ID - Disable Passed
Set Device ID - Power off and Power on Passed
Set Device ID - SSP off and Power on Passed
Set Device ID - Invalid Parameter Passed
Total: 6, Passed: 6 (100.0%), Failed: 0, Not Run: 0
Overall execution time: 0.107 seconds
Marcel Holtmann [Wed, 27 Oct 2021 23:58:38 +0000 (16:58 -0700)]
Bluetooth: Add helper for serialized HCI command execution
The usage of __hci_cmd_sync() within the hdev->setup() callback allows for
a nice and simple serialized execution of HCI commands. More importantly
it allows for result processing before issueing the next command.
With the current usage of hci_req_run() it is possible to batch up
commands and execute them, but it is impossible to react to their
results or errors.
This is an attempt to generalize the hdev->setup() handling and provide
a simple way of running multiple HCI commands from a single function
context.
There are multiple struct work that are decdicated to certain tasks
already used right now. It is add a lot of bloat to hci_dev struct and
extra handling code. So it might be possible to put all of these behind
a common HCI command infrastructure and just execute the HCI commands
from the same work context in a serialized fashion.
For example updating the white list and resolving list can be done now
without having to know the list size ahead of time. Also preparing for
suspend or resume shouldn't require a state machine anymore. There are
other tasks that should be simplified as well.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Archie Pusaka [Thu, 28 Oct 2021 11:17:25 +0000 (19:17 +0800)]
Bluetooth: Fix removing adv when processing cmd complete
If we remove one instance of adv using Set Extended Adv Enable, there
is a possibility of issue occurs when processing the Command Complete
event. Especially, the adv_info might not be found since we already
remove it in hci_req_clear_adv_instance() -> hci_remove_adv_instance().
If that's the case, we will mistakenly proceed to remove all adv
instances instead of just one single instance.
This patch fixes the issue by checking the content of the HCI command
instead of checking whether the adv_info is found.
Signed-off-by: Archie Pusaka <apusaka@chromium.org> Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Mark-yw Chen [Mon, 18 Oct 2021 21:30:19 +0000 (05:30 +0800)]
Bluetooth: btmtksdio: transmit packet according to status TX_EMPTY
Each packet should be sent out until the device emits the TX_EMPTY signal
to the host, that is firmware people suggested to add to meet the actual
firmware behavior and that is compatible among all the devices.
Co-developed-by: Sean Wang <sean.wang@mediatek.com> Signed-off-by: Sean Wang <sean.wang@mediatek.com> Signed-off-by: Mark-yw Chen <mark-yw.chen@mediatek.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Sean Wang [Mon, 18 Oct 2021 21:30:16 +0000 (05:30 +0800)]
Bluetooth: btmtksdio: move interrupt service to work
btmtksdio belongs to WIFI/BT combo chip that would serve two radios in one
sdio_irq so that we have to move interrupt service to worker to ensure ISR
as short as possible.
The worker would serve the both Tx and Rx in a batch to effectively reduce
many interrupts to the host and to avoid excessive sdio lock contention
between various context (even from WiFi driver) and help to be more
efficient to complete command/event transation.
Co-developed-by: Mark-yw Chen <mark-yw.chen@mediatek.com> Signed-off-by: Mark-yw Chen <mark-yw.chen@mediatek.com> Signed-off-by: Sean Wang <sean.wang@mediatek.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hovold [Mon, 25 Oct 2021 11:39:44 +0000 (13:39 +0200)]
Bluetooth: bfusb: fix division by zero in send path
Add the missing bulk-out endpoint sanity check to probe() to avoid
division by zero in bfusb_send_frame() in case a malicious device has
broken descriptors (or when doing descriptor fuzz testing).
Note that USB core will reject URBs submitted for endpoints with zero
wMaxPacketSize but that drivers doing packet-size calculations still
need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip
endpoint descriptors with maxpacket=0")).
Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
If cmtp_init_sockets() in cmtp_init() fails, cmtp_init() still returns
success. This will cause a kernel bug when accessing uncreated ctmp
related data when the module exits.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Thu, 21 Oct 2021 18:44:35 +0000 (11:44 -0700)]
Bluetooth: vhci: Fix checking of msft_opcode
msft_opcode shall be use a vendor ogf (0x3f) but the check was
swifting the bits in the wrong order due to a missing parantesis
over val & 0xffff, but since the code already checks for values over
0xffff it shall not be necessary to perform that operation it now just
removes which makes it work properly when setting opcodes like 0xfce1.
Fixes: b8f5482c9638 ("Bluetooth: vhci: Add support for setting msft_opcode and aosp_capable") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Kyle Copperfield [Wed, 20 Oct 2021 13:00:22 +0000 (13:00 +0000)]
Bluetooth: btsdio: Do not bind to non-removable BCM4345 and BCM43455
BCM4345 and BCM43455 devices soldered onto the PCB (non-removable),
use an UART connection for Bluetooth, such as in the Pinebook Pro,
and the advertised btsdio support as an SDIO function is ignored.
Soenke Huster [Wed, 20 Oct 2021 08:14:44 +0000 (10:14 +0200)]
Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle()
On the reception of packets with an invalid packet type, the memory of
the allocated socket buffers is never freed. Add a default case that frees
these to avoid a memory leak.
Fixes: afd2daa26c7a ("Bluetooth: Add support for virtio transport driver") Signed-off-by: Soenke Huster <soenke.huster@eknoes.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
hci_alloc_dev() do not init the device's flag. And hci_free_dev()
using put_device() to free the memory allocated for this device,
but it calls just put_device(dev) only in case of HCI_UNREGISTER
flag is set, So any error handing before hci_register_dev() success
will cause memory leak.
To avoid this behaviour we can using kfree() to release dev before
hci_register_dev() success.
Kiran K [Wed, 13 Oct 2021 08:05:11 +0000 (13:35 +0530)]
Bluetooth: btintel: Fix bdaddress comparison with garbage value
Intel Read Verision(TLV) data is parsed into a local structure variable
and it contains a field for bd address. Bd address is returned only in
bootloader mode and hence bd address in TLV structure needs to be validated
only if controller is present in boot loader mode.
Signed-off-by: Kiran K <kiran.k@intel.com> Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
David Yang [Wed, 13 Oct 2021 00:56:33 +0000 (08:56 +0800)]
Bluetooth: btusb: Fix application of sizeof to pointer
The coccinelle check report:
"./drivers/bluetooth/btusb.c:2239:36-42:
ERROR: application of sizeof to pointer".
Using the real size to fix it.
Fixes: 5a87679ffd443 ("Bluetooth: btusb: Support public address configuration for MediaTek Chip.") Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: David Yang <davidcomponentone@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Thu, 7 Oct 2021 20:26:25 +0000 (13:26 -0700)]
Bluetooth: L2CAP: Fix not initializing sk_peer_pid
In order to group sockets being connected using L2CAP_MODE_EXT_FLOWCTL
the pid is used but sk_peer_pid was not being initialized as it is
currently only done for af_unix.
Fixes: b48596d1dc25 ("Bluetooth: L2CAP: Add get_peer_pid callback") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Bluetooth: hci_sock: purge socket queues in the destruct() callback
The receive path may take the socket right before hci_sock_release(),
but it may enqueue the packets to the socket queues after the call to
skb_queue_purge(), therefore the socket can be destroyed without clear
its queues completely.
Moving these skb_queue_purge() to the hci_sock_destruct() will fix this
issue, because nothing is referencing the socket at this point.
This patch fixes the controller index in the Experimental Features
Changed event for the offload_codec and the quality_report features to
use the actual hdev index instead of non-controller index(0xffff) so the
client can receive the event and know which controller the event is for.
Fixes: ad93315183285 ("Bluetooth: Add offload feature under experimental flag") Fixes: ae7d925b5c043 ("Bluetooth: Support the quality report events") Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Kiran K [Tue, 5 Oct 2021 14:45:56 +0000 (20:15 +0530)]
Bluetooth: Read codec capabilities only if supported
Read codec capabilities only if HCI_READ_LOCAL_CODEC_CAPABILITIES
command is supported. If capablities are not supported, then
cache codec data without caps.
Signed-off-by: Kiran K <kiran.k@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Luiz Augusto von Dentz [Wed, 6 Oct 2021 01:09:34 +0000 (18:09 -0700)]
Bluetooth: Fix handling of SUSPEND_DISCONNECTING
When SUSPEND_DISCONNECTING bit is set that means Disconnect is pending
but the code was evaluating if the list is empty before calling
hci_conn_del which does the actual cleanup and remove the connection
from the list thus the bit is never cleared causing the suspend
procedure to always timeout when there are connections to be
disconnected:
Suspend/Resume - Success 5 (Pairing - Legacy) - waiting done
Set the system into Suspend via force_suspend
= mgmt-tester: Suspend/Resume - Success 5 (Pairing -.. 17:03:13.200458
= mgmt-tester: Set the system into Suspend via force_suspend 17:03:13.205812
< HCI Command: Write Scan E.. (0x03|0x001a) plen 1 #122 [hci0] 17:03:13.213561
Scan enable: No Scans (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #123 [hci0] 17:03:13.214710
Write Scan Enable (0x03|0x001a) ncmd 1
Status: Success (0x00)
< HCI Command: Disconnect (0x01|0x0006) plen 3 #124 [hci0] 17:03:13.215830
Handle: 42
Reason: Remote Device Terminated due to Power Off (0x15)
> HCI Event: Command Status (0x0f) plen 4 #125 [hci0] 17:03:13.216602
Disconnect (0x01|0x0006) ncmd 1
Status: Success (0x00)
> HCI Event: Disconnect Complete (0x05) plen 4 #126 [hci0] 17:03:13.217342
Status: Success (0x00)
Handle: 42
Reason: Remote Device Terminated due to Power Off (0x15)
@ MGMT Event: Device Disconn.. (0x000c) plen 8 {0x0002} [hci0] 17:03:13.217688
BR/EDR Address: 00:AA:01:01:00:00 (Intel Corporation)
Reason: Connection terminated by local host for suspend (0x05)
@ MGMT Event: Device Disconn.. (0x000c) plen 8 {0x0001} [hci0] 17:03:13.217688
BR/EDR Address: 00:AA:01:01:00:00 (Intel Corporation)
Reason: Connection terminated by local host for suspend (0x05)
Suspend/Resume - Success 5 (Pairing - Legacy) - test timed out
= mgmt-tester: Suspend/Resume - Success 5 (Pairing -.. 17:03:13.939317
Suspend/Resume - Success 5 (Pairing - Legacy) - teardown
= mgmt-tester: Suspend/Resume - Success 5 (Pairing -.. 17:03:13.947267
[ 13.284291] Bluetooth: hci0: Timed out waiting for suspend events
[ 13.287324] Bluetooth: hci0: Suspend timeout bit: 6
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Jakub Kicinski [Tue, 5 Oct 2021 14:41:14 +0000 (07:41 -0700)]
Merge tag 'for-net-next-2021-10-01' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Luiz Augusto von Dentz says:
====================
bluetooth-next pull request for net-next:
- Add support for MediaTek MT7922 and MT7921
- Enable support for AOSP extention in Qualcomm WCN399x and Realtek
8822C/8852A.
- Add initial support for link quality and audio/codec offload.
- Rework of sockets sendmsg to avoid locking issues.
- Add vhci suspend/resume emulation.
In theory addr_len may not be ETH_ALEN, but we don't expect
non-Ethernet devices to live under this directory, and only
the following cases of setting addr_len exist:
- cxgb4 for mgmt device,
and the drivers which set it to ETH_ALEN: s2io, mlx4, vxge.
Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 5 Oct 2021 12:15:35 +0000 (13:15 +0100)]
Merge branch 'mlx4-const-dev_addr'
Jakub Kicinski says:
====================
mlx4: prep for constant dev->dev_addr
This patch converts mlx4 for dev->dev_addr being const. It converts
to use of common helpers but also removes some seemingly unnecessary
idiosyncrasies.
Please review.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Mon, 4 Oct 2021 19:14:45 +0000 (12:14 -0700)]
mlx4: remove custom dev_addr clearing
mlx4_en_u64_to_mac() takes the dev->dev_addr pointer and writes
to it byte by byte. It also clears the two bytes _after_ ETH_ALEN
which seems unnecessary. dev->addr_len is set to ETH_ALEN just
before the call.
Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Mon, 4 Oct 2021 19:14:43 +0000 (12:14 -0700)]
mlx4: replace mlx4_mac_to_u64() with ether_addr_to_u64()
mlx4_mac_to_u64() predates and opencodes ether_addr_to_u64().
It doesn't make the argument constant so it'll be problematic
when dev->dev_addr becomes a const. Convert to the generic helper.
Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Florian Westphal [Tue, 5 Oct 2021 11:52:42 +0000 (13:52 +0200)]
netlink: remove netlink_broadcast_filtered
No users in tree since commit a3498436b3a0 ("netns: restrict uevents"),
so remove this functionality.
Cc: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 5 Oct 2021 10:42:38 +0000 (11:42 +0100)]
Merge tag 'mlx5-updates-2021-10-04' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
Saeed Mahameed says:
====================
mlx5-updates-2021-10-04
Misc updates for mlx5 driver
1) Add TX max rate support for MQPRIO channel mode
2) Trivial TC action and modify header refactoring
3) TC support for accept action in fdb offloads
4) Allow single IRQ for PCI functions
5) Bridge offload: Pop PVID VLAN header on egress miss
Vlad Buslov says:
=================
With current architecture of mlx5 bridge offload it is possible for a
packet to match in ingress table by source MAC (resulting VLAN header push
in case of port with configured PVID) and then miss in egress table when
destination MAC is not in FDB. Due to the lack of hardware learning in
NICs, this, in turn, results packet going to software data path with PVID
VLAN already added by hardware. This doesn't break software bridge since it
accepts either untagged packets or packets with any provisioned VLAN on
ports with PVID, but can break ingress TC, if affected part of Ethernet
header is matched by classifier.
Improve compatibility with software TC by restoring the packet header on
egress miss. Effectively, this change implements atomicity of mlx5 bridge
offload implementation - packet is either modified and redirected to
destination port or appears unmodified in software.
=================
=================
Signed-off-by: David S. Miller <davem@davemloft.net>
Rafał Miłecki [Sat, 2 Oct 2021 17:58:12 +0000 (19:58 +0200)]
net: bgmac: support MDIO described in DT
Check ethernet controller DT node for "mdio" subnode and use it with
of_mdiobus_register() when present. That allows specifying MDIO and its
PHY devices in a standard DT based way.
This is required for BCM53573 SoC support. That family is sometimes
called Northstar (by marketing?) but is quite different from it. It uses
different CPU(s) and many different hw blocks.
One of shared blocks in BCM53573 is Ethernet controller. Switch however
is not SRAB accessible (as it Northstar) but is MDIO attached.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Tue, 5 Oct 2021 01:11:14 +0000 (18:11 -0700)]
ethernet: ehea: add missing cast
We need to cast the pointer, unlike memcpy() eth_hw_addr_set()
does not take void *. The driver already casts &port->mac_addr
to u8 * in other places.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Fixes: a96d317fb1a3 ("ethernet: use eth_hw_addr_set()") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Shay Drory [Thu, 19 Aug 2021 13:18:57 +0000 (16:18 +0300)]
net/mlx5: Shift control IRQ to the last index
Control IRQ is the first IRQ vector. This complicates handling of
completion irqs as we need to offset them by one.
in the next patch, there are scenarios where completion and control EQs
will share the same irq. for example: functions with single IRQ. To ease
such scenarios, we shift control IRQ to the end of the irq array.
Create lowest priority flow group in egress table with single rule that
matches on special reg_c1 value that is set on ingress VLAN push with
single action that pops VLAN. The flow destination is skip table that is
used to skip any further processing of packet in FDB bridge priority.
On ingress VLAN push also assign value 0x7FE to reg_c1 tunnel id+opts
bits (tunnel id 0, which is not a valid tunnel id, and option 0x7FE which
was reserved by one of previous patches in the series). In following patch
the reg value is matched on egress miss to restore the packet to its
original state by removing the VLAN before passing it to the software data
path.
net/mlx5: Bridge, extract VLAN pop code to dedicated functions
Following patches in series need to pop VLAN when packet misses on egress.
To reuse existing bridge VLAN pop handling code, extract it to dedicated
helpers mlx5_esw_bridge_pkt_reformat_vlan_pop_supported() and
mlx5_esw_bridge_pkt_reformat_vlan_pop_create().
Several functions in bridge.c excessively obtain pointer to parent eswitch
instance by dereferencing br_offloads->esw on every usage and following
patches in this series add even more usages of eswitch. Introduce local
variable 'esw' and use it instead.
Support TC generic 'accept' action in mlx5 by introducing
MLX5_ESW_ATTR_FLAG_ACCEPT attribute flag. Flag has similar semantics to
existing MLX5_ESW_ATTR_FLAG_SLOW_PATH flag, however, dedicated flag is
required because existing 'slow path' flag can be flipped by tunneling
subsystem when neighbor changes state.
Introduce new helper function mlx5_esw_attr_flags_skip() to check whether
attribute flags for 'slow path' or 'accept' action are set and use it in
eswitch code instead of direct bit manipulation.
Signed-off-by: Vlad Buslov <vladbu@nvidia.com> Reviewed-by: Paul Blakey <paulb@nvidia.com> Reviewed-by: Roi Dayan <roid@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Chris Mi [Sun, 26 Sep 2021 09:17:49 +0000 (17:17 +0800)]
net/mlx5e: Specify out ifindex when looking up encap route
There is a use case that the local and remote VTEPs are in the same
host. Currently, the out ifindex is not specified when looking up the
encap route for offloads. So in this case, a local route is returned
and the route dev is lo.
Actual tunnel interface can be created with a parameter "dev" [1],
which specifies the physical device to use for tunnel endpoint
communication. Pass this parameter to driver when looking up encap
route for offloads. So that a unicast route will be returned.
[1] ip link add name vxlan1 type vxlan id 100 dev enp4s0f0 remote 1.1.1.1 dstport 4789
Signed-off-by: Chris Mi <cmi@nvidia.com> Reviewed-by: Maor Dickman <maord@nvidia.com> Reviewed-by: Roi Dayan <roid@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Roi Dayan [Sun, 15 Aug 2021 10:36:01 +0000 (13:36 +0300)]
net/mlx5e: Move parse fdb check into actions_match_supported_fdb()
The parse fdb/nic actions funcs parse the actions and then call
actions_match_supported() for final check.
Move related check in parse_tc_fdb_actions() into
actions_match_supported_fdb() for more organized code.
Roi Dayan [Sun, 15 Aug 2021 09:53:13 +0000 (12:53 +0300)]
net/mlx5e: Split actions_match_supported() into a sub function
There will probably be more checks, some for nic flows, some for fdb
flows and some are shared checks. Split it for fdb and nic to avoid
the function getting too big.
Roi Dayan [Tue, 14 Sep 2021 08:32:51 +0000 (11:32 +0300)]
net/mlx5e: TC, Refactor sample offload error flow
Refactor sample unoffload to be symmetric to sample offload.
Use the existing del_post_rule() to release the post rule.
Also mlx5e_tc_sample_unoffload() should not return post_rule
which is NULL when post actions are supported.
Sample offload works with this NULL because many places of the
code use IS_ERR() instead of IS_ERR_OR_NULL() to check rule is valid
and when rule is detected as sample offload the code is not using the
rule. Let's be persistent and avoid returning NULL anyway and return the
pre rule, like in CT case, which is not NULL.
Signed-off-by: Roi Dayan <roid@nvidia.com> Reviewed-by: Chris Mi <cmi@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Tariq Toukan [Wed, 18 Aug 2021 11:17:33 +0000 (14:17 +0300)]
net/mlx5e: Specify SQ stats struct for mlx5e_open_txqsq()
Let the caller of mlx5e_open_txqsq() directly pass the SQ stats
structure pointer.
This replaces logic involving the qos_queue_group_id parameter,
and helps generalizing its role in the next patch.
David S. Miller [Mon, 4 Oct 2021 12:50:05 +0000 (13:50 +0100)]
Merge branch 'phy-10g-mode-helper'
Russell King says:
====================
Add phylink helper for 10G modes
During the last cycle, there was discussion about adding a helper
to set the 10G link modes for phylink, which resulted in these two
patches introduce such a helper.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
MichelleJin [Sat, 2 Oct 2021 22:33:32 +0000 (22:33 +0000)]
net: ipv6: fix use after free of struct seg6_pernet_data
sdata->tun_src should be freed before sdata is freed
because sdata->tun_src is allocated after sdata allocation.
So, kfree(sdata) and kfree(rcu_dereference_raw(sdata->tun_src)) are
changed code order.
Fixes: f04ed7d277e8 ("net: ipv6: check return value of rhashtable_init") Signed-off-by: MichelleJin <shjy180909@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 4 Oct 2021 11:55:49 +0000 (12:55 +0100)]
Merge branch 'qed-new-fw'
Prabhakar Kushwaha says:
====================
qed: new firmware version 8.59.1.0 support
This series integrate new firmware version 8.59.1.0, along with updated
HSI (hardware software interface) to use the FW, into the family of
qed drivers (fastlinq devices). This FW does not reside in the NVRAM.
It needs to be programmed to device during driver load as the part of
initialization sequence.
Similar to previous FW support series, this FW is tightly linked to
software and pf function driver. This means FW release is not backward
compatible, and driver should always run with the FW it was designed
against.
FW binary blob is already submitted & accepted in linux-firmware repo.
Patches in the series include:
patch 1 - qed: Fix kernel-doc warnings
patch 2 - qed: Remove e4_ and _e4 from FW HSI
patch 3 - qed: split huge qed_hsi.h header file
patch 4-8 - HSI (hardware software interface) changes
patch 9 - qed: Add '_GTT' suffix to the IRO RAM macros
patch 10 - qed: Update debug related changes
patch 11 - qed: rdma: Update TCP silly-window-syndrome timeout
patch 12 - qed: Update the TCP active termination 2 MSL timer
patch 13 - qed: fix ll2 establishment during load of RDMA driver
In addition, this patch series also fixes existing checkpatch warnings
and checks which are missing.
Changes for v2:
- Incorporated Jakub's comments.
- New patch introduced to fix all kernel-doc issue in qed driver.
- Fixed warning: ‘qed_mfw_ext_20g’ defined but not used.
- Fixed warning related to kernel-doc wrt to this series.
- Removed inline function declaration.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Nikolay Assa [Mon, 4 Oct 2021 06:58:49 +0000 (09:58 +0300)]
qed: Update TCP silly-window-syndrome timeout for iwarp, scsi
Update TCP silly-window-syndrome timeout, for the cases where
initiator's small TCP window size prevents FW from transmitting
packets on the connection. Timeout causes FW to retransmit
window probes if needed, preventing I/O stall if initiator ignores
first window probe.
Reviewed-by: Manish Rangankar <mrangankar@marvell.com> Signed-off-by: Nikolay Assa <nassa@marvell.com> Signed-off-by: Ariel Elior <aelior@marvell.com> Signed-off-by: Shai Malin <smalin@marvell.com> Signed-off-by: Omkar Kulkarni <okulkarni@marvell.com> Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Prabhakar Kushwaha [Mon, 4 Oct 2021 06:58:48 +0000 (09:58 +0300)]
qed: Update debug related changes
qed_debug features are updated to support FW version 8.59.1.0 along
with few enhancements.
- Removal of _BB_K2 from register defines.
- Add new condition cond14.
- Add dump of new area sw-platform, epoch, iscsi_task_pages,
fcoe_task_pages, roce_task_pages and eth_task_pages.
- Introduced new functions qed_dbg_phy_size().
- Update in qed_mcp_nvm_rd_cmd() declaration.
- Allow QED to control init/exit at pf level.
- Dump partial "ILT-dump" if buffer size is not sufficient.
This patch also fixes the existing checkpatch warnings and few important
checks.
Signed-off-by: Ariel Elior <aelior@marvell.com> Signed-off-by: Shai Malin <smalin@marvell.com> Signed-off-by: Omkar Kulkarni <okulkarni@marvell.com> Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Prabhakar Kushwaha [Mon, 4 Oct 2021 06:58:47 +0000 (09:58 +0300)]
qed: Add '_GTT' suffix to the IRO RAM macros
GTT (Global translation table) is a fast-access window in the BAR into
the register space, which only maps certain register addresses.
This change helps enforce that only those addresses which are indeed
mapped by the GTT are being accessed through it.
Adding the '_GTT' suffix to the IRO FW memory (“RAM”) macros that
access GTT-able region in FW memories (“RAM”) and use GTT macros
to access RAM BAR from drivers.
Signed-off-by: Ariel Elior <aelior@marvell.com> Signed-off-by: Omkar Kulkarni <okulkarni@marvell.com> Signed-off-by: Shai Malin <smalin@marvell.com> Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Omkar Kulkarni [Mon, 4 Oct 2021 06:58:46 +0000 (09:58 +0300)]
qed: Update FW init functions to support FW 8.59.1.0
The qed_init_fw_func.c and qed_init_ops.c updated to support FW
version 8.59.1.0.
- Support 16-bit VPORT WFQ (weighted fair queueing) weights.
- Support WFQ (weighted fair queueing) weight per VPORT + TC.
- Support allocation of Tx PQs(physical queues) per PF,VF.
- Modify Global RL (rate limiter) upper bound configuration.
- Update FW operation functions.
- Update iro_arr[] array.
This patch also fixes the existing checkpatch warnings and few important
checks.
Signed-off-by: Ariel Elior <aelior@marvell.com> Signed-off-by: Shai Malin <smalin@marvell.com> Signed-off-by: Omkar Kulkarni <okulkarni@marvell.com> Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
projects / nvme.git / log