--- /dev/null
+From 13ba794397e45e52893cfc21d7a69cb5f341b407 Mon Sep 17 00:00:00 2001
+From: Somnath Kotur <somnath.kotur@broadcom.com>
+Date: Mon, 2 May 2022 21:13:10 -0400
+Subject: bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
+
+From: Somnath Kotur <somnath.kotur@broadcom.com>
+
+commit 13ba794397e45e52893cfc21d7a69cb5f341b407 upstream.
+
+bnxt_open() can fail in this code path, especially on a VF when
+it fails to reserve default rings:
+
+bnxt_open()
+ __bnxt_open_nic()
+ bnxt_clear_int_mode()
+ bnxt_init_dflt_ring_mode()
+
+RX rings would be set to 0 when we hit this error path.
+
+It is possible for a subsequent bnxt_open() call to potentially succeed
+with a code path like this:
+
+bnxt_open()
+ bnxt_hwrm_if_change()
+ bnxt_fw_init_one()
+ bnxt_fw_init_one_p3()
+ bnxt_set_dflt_rfs()
+ bnxt_rfs_capable()
+ bnxt_hwrm_reserve_rings()
+
+On older chips, RFS is capable if we can reserve the number of vnics that
+is equal to RX rings + 1. But since RX rings is still set to 0 in this
+code path, we may mistakenly think that RFS is supported for 0 RX rings.
+
+Later, when the default RX rings are reserved and we try to enable
+RFS, it would fail and cause bnxt_open() to fail unnecessarily.
+
+We fix this in 2 places. bnxt_rfs_capable() will always return false if
+RX rings is not yet set. bnxt_init_dflt_ring_mode() will call
+bnxt_set_dflt_rfs() which will always clear the RFS flags if RFS is not
+supported.
+
+Fixes: 20d7d1c5c9b1 ("bnxt_en: reliably allocate IRQ table on reset to avoid crash")
+Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
+Signed-off-by: Michael Chan <michael.chan@broadcom.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+@@ -10453,7 +10453,7 @@ static bool bnxt_rfs_capable(struct bnxt
+
+ if (bp->flags & BNXT_FLAG_CHIP_P5)
+ return bnxt_rfs_supported(bp);
+- if (!(bp->flags & BNXT_FLAG_MSIX_CAP) || !bnxt_can_reserve_rings(bp))
++ if (!(bp->flags & BNXT_FLAG_MSIX_CAP) || !bnxt_can_reserve_rings(bp) || !bp->rx_nr_rings)
+ return false;
+
+ vnics = 1 + bp->rx_nr_rings;
+@@ -12481,10 +12481,9 @@ static int bnxt_init_dflt_ring_mode(stru
+ goto init_dflt_ring_err;
+
+ bp->tx_nr_rings_per_tc = bp->tx_nr_rings;
+- if (bnxt_rfs_supported(bp) && bnxt_rfs_capable(bp)) {
+- bp->flags |= BNXT_FLAG_RFS;
+- bp->dev->features |= NETIF_F_NTUPLE;
+- }
++
++ bnxt_set_dflt_rfs(bp);
++
+ init_dflt_ring_err:
+ bnxt_ulp_irq_restart(bp, rc);
+ return rc;
--- /dev/null
+From 195af57914d15229186658ed26dab24b9ada4122 Mon Sep 17 00:00:00 2001
+From: Michael Chan <michael.chan@broadcom.com>
+Date: Mon, 2 May 2022 21:13:12 -0400
+Subject: bnxt_en: Fix unnecessary dropping of RX packets
+
+From: Michael Chan <michael.chan@broadcom.com>
+
+commit 195af57914d15229186658ed26dab24b9ada4122 upstream.
+
+In bnxt_poll_p5(), we first check cpr->has_more_work. If it is true,
+we are in NAPI polling mode and we will call __bnxt_poll_cqs() to
+continue polling. It is possible to exhanust the budget again when
+__bnxt_poll_cqs() returns.
+
+We then enter the main while loop to check for new entries in the NQ.
+If we had previously exhausted the NAPI budget, we may call
+__bnxt_poll_work() to process an RX entry with zero budget. This will
+cause packets to be dropped unnecessarily, thinking that we are in the
+netpoll path. Fix it by breaking out of the while loop if we need
+to process an RX NQ entry with no budget left. We will then exit
+NAPI and stay in polling mode.
+
+Fixes: 389a877a3b20 ("bnxt_en: Process the NQ under NAPI continuous polling.")
+Reviewed-by: Andy Gospodarek <andrew.gospodarek@broadcom.com>
+Signed-off-by: Michael Chan <michael.chan@broadcom.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+@@ -2575,6 +2575,10 @@ static int bnxt_poll_p5(struct napi_stru
+ u32 idx = le32_to_cpu(nqcmp->cq_handle_low);
+ struct bnxt_cp_ring_info *cpr2;
+
++ /* No more budget for RX work */
++ if (budget && work_done >= budget && idx == BNXT_RX_HDL)
++ break;
++
+ cpr2 = cpr->cp_ring_arr[idx];
+ work_done += __bnxt_poll_work(bp, cpr2,
+ budget - work_done);
--- /dev/null
+From 52b2abef450a78e25d485ac61e32f4ce86a87701 Mon Sep 17 00:00:00 2001
+From: Qiao Ma <mqaio@linux.alibaba.com>
+Date: Thu, 28 Apr 2022 20:30:16 +0800
+Subject: hinic: fix bug of wq out of bound access
+
+From: Qiao Ma <mqaio@linux.alibaba.com>
+
+commit 52b2abef450a78e25d485ac61e32f4ce86a87701 upstream.
+
+If wq has only one page, we need to check wqe rolling over page by
+compare end_idx and curr_idx, and then copy wqe to shadow wqe to
+avoid out of bound access.
+This work has been done in hinic_get_wqe, but missed for hinic_read_wqe.
+This patch fixes it, and removes unnecessary MASKED_WQE_IDX().
+
+Fixes: 7dd29ee12865 ("hinic: add sriov feature support")
+Signed-off-by: Qiao Ma <mqaio@linux.alibaba.com>
+Reviewed-by: Xunlei Pang <xlpang@linux.alibaba.com>
+Link: https://lore.kernel.org/r/282817b0e1ae2e28fdf3ed8271a04e77f57bf42e.1651148587.git.mqaio@linux.alibaba.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
++++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
+@@ -771,7 +771,7 @@ struct hinic_hw_wqe *hinic_get_wqe(struc
+ /* If we only have one page, still need to get shadown wqe when
+ * wqe rolling-over page
+ */
+- if (curr_pg != end_pg || MASKED_WQE_IDX(wq, end_prod_idx) < *prod_idx) {
++ if (curr_pg != end_pg || end_prod_idx < *prod_idx) {
+ void *shadow_addr = &wq->shadow_wqe[curr_pg * wq->max_wqe_size];
+
+ copy_wqe_to_shadow(wq, shadow_addr, num_wqebbs, *prod_idx);
+@@ -841,7 +841,10 @@ struct hinic_hw_wqe *hinic_read_wqe(stru
+
+ *cons_idx = curr_cons_idx;
+
+- if (curr_pg != end_pg) {
++ /* If we only have one page, still need to get shadown wqe when
++ * wqe rolling-over page
++ */
++ if (curr_pg != end_pg || end_cons_idx < curr_cons_idx) {
+ void *shadow_addr = &wq->shadow_wqe[curr_pg * wq->max_wqe_size];
+
+ copy_wqe_to_shadow(wq, shadow_addr, num_wqebbs, *cons_idx);
--- /dev/null
+From 3122257c02afd9f199a8fc84ae981e1fc4958532 Mon Sep 17 00:00:00 2001
+From: Ido Schimmel <idosch@nvidia.com>
+Date: Mon, 2 May 2022 11:45:07 +0300
+Subject: selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+commit 3122257c02afd9f199a8fc84ae981e1fc4958532 upstream.
+
+In emulated environments, the bridge ports enslaved to br1 get a carrier
+before changing br1's PVID. This means that by the time the PVID is
+changed, br1 is already operational and configured with an IPv6
+link-local address.
+
+When the test is run with netdevs registered by mlxsw, changing the PVID
+is vetoed, as changing the VID associated with an existing L3 interface
+is forbidden. This restriction is similar to the 8021q driver's
+restriction of changing the VID of an existing interface.
+
+Fix this by taking br1 down and bringing it back up when it is fully
+configured.
+
+With this fix, the test reliably passes on top of both the SW and HW
+data paths (emulated or not).
+
+Fixes: 239e754af854 ("selftests: forwarding: Test mirror-to-gretap w/ UL 802.1q")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Petr Machata <petrm@nvidia.com>
+Link: https://lore.kernel.org/r/20220502084507.364774-1-idosch@nvidia.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q.sh | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q.sh
++++ b/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q.sh
+@@ -61,9 +61,12 @@ setup_prepare()
+
+ vrf_prepare
+ mirror_gre_topo_create
++ # Avoid changing br1's PVID while it is operational as a L3 interface.
++ ip link set dev br1 down
+
+ ip link set dev $swp3 master br1
+ bridge vlan add dev br1 vid 555 pvid untagged self
++ ip link set dev br1 up
+ ip address add dev br1 192.0.2.129/28
+ ip address add dev br1 2001:db8:2::1/64
+
--- /dev/null
+From 5a7c5f70c743c6cf32b44b05bd6b19d4ad82f49d Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Tue, 3 May 2022 15:14:28 +0300
+Subject: selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer
+
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+
+commit 5a7c5f70c743c6cf32b44b05bd6b19d4ad82f49d upstream.
+
+As discussed here with Ido Schimmel:
+https://patchwork.kernel.org/project/netdevbpf/patch/20220224102908.5255-2-jianbol@nvidia.com/
+
+the default conform-exceed action is "reclassify", for a reason we don't
+really understand.
+
+The point is that hardware can't offload that police action, so not
+specifying "conform-exceed" was always wrong, even though the command
+used to work in hardware (but not in software) until the kernel started
+adding validation for it.
+
+Fix the command used by the selftest by making the policer drop on
+exceed, and pass the packet to the next action (goto) on conform.
+
+Fixes: 8cd6b020b644 ("selftests: ocelot: add some example VCAP IS1, IS2 and ES0 tc offloads")
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+Reviewed-by: Ido Schimmel <idosch@nvidia.com>
+Link: https://lore.kernel.org/r/20220503121428.842906-1-vladimir.oltean@nxp.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh
++++ b/tools/testing/selftests/drivers/net/ocelot/tc_flower_chains.sh
+@@ -185,7 +185,7 @@ setup_prepare()
+
+ tc filter add dev $eth0 ingress chain $(IS2 0 0) pref 1 \
+ protocol ipv4 flower skip_sw ip_proto udp dst_port 5201 \
+- action police rate 50mbit burst 64k \
++ action police rate 50mbit burst 64k conform-exceed drop/pipe \
+ action goto chain $(IS2 1 0)
+ }
+
net-stmmac-dwmac-sun8i-add-missing-of_node_put-in-sun8i_dwmac_register_mdio_mux.patch
net-cpsw-add-missing-of_node_put-in-cpsw_probe_dt.patch
net-emaclite-add-error-handling-for-of_address_to_resource.patch
+hinic-fix-bug-of-wq-out-of-bound-access.patch
+selftests-mirror_gre_bridge_1q-avoid-changing-pvid-while-interface-is-operational.patch
+bnxt_en-fix-possible-bnxt_open-failure-caused-by-wrong-rfs-flag.patch
+bnxt_en-fix-unnecessary-dropping-of-rx-packets.patch
+selftests-ocelot-tc_flower_chains-specify-conform-exceed-action-for-policer.patch
+smsc911x-allow-using-irq0.patch
--- /dev/null
+From 5ef9b803a4af0f5e42012176889b40bb2a978b18 Mon Sep 17 00:00:00 2001
+From: Sergey Shtylyov <s.shtylyov@omp.ru>
+Date: Mon, 2 May 2022 23:14:09 +0300
+Subject: smsc911x: allow using IRQ0
+
+From: Sergey Shtylyov <s.shtylyov@omp.ru>
+
+commit 5ef9b803a4af0f5e42012176889b40bb2a978b18 upstream.
+
+The AlphaProject AP-SH4A-3A/AP-SH4AD-0A SH boards use IRQ0 for their SMSC
+LAN911x Ethernet chip, so the networking on them must have been broken by
+commit 965b2aa78fbc ("net/smsc911x: fix irq resource allocation failure")
+which filtered out 0 as well as the negative error codes -- it was kinda
+correct at the time, as platform_get_irq() could return 0 on of_irq_get()
+failure and on the actual 0 in an IRQ resource. This issue was fixed by
+me (back in 2016!), so we should be able to fix this driver to allow IRQ0
+usage again...
+
+When merging this to the stable kernels, make sure you also merge commit
+e330b9a6bb35 ("platform: don't return 0 from platform_get_irq[_byname]()
+on error") -- that's my fix to platform_get_irq() for the DT platforms...
+
+Fixes: 965b2aa78fbc ("net/smsc911x: fix irq resource allocation failure")
+Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
+Link: https://lore.kernel.org/r/656036e4-6387-38df-b8a7-6ba683b16e63@omp.ru
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/smsc/smsc911x.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/smsc/smsc911x.c
++++ b/drivers/net/ethernet/smsc/smsc911x.c
+@@ -2422,7 +2422,7 @@ static int smsc911x_drv_probe(struct pla
+ if (irq == -EPROBE_DEFER) {
+ retval = -EPROBE_DEFER;
+ goto out_0;
+- } else if (irq <= 0) {
++ } else if (irq < 0) {
+ pr_warn("Could not allocate irq resource\n");
+ retval = -ENODEV;
+ goto out_0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
