--- /dev/null
+From 5af385f5f4cddf908f663974847a4083b2ff2c79 Mon Sep 17 00:00:00 2001
+From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
+Date: Mon, 29 Apr 2024 15:47:51 +0100
+Subject: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Matthew Wilcox (Oracle) <willy@infradead.org>
+
+commit 5af385f5f4cddf908f663974847a4083b2ff2c79 upstream.
+
+bits_per() rounds up to the next power of two when passed a power of
+two. This causes crashes on some machines and configurations.
+
+Reported-by: Михаил Новоселов <m.novosyolov@rosalinux.ru>
+Tested-by: Ильфат Гаптрахманов <i.gaptrakhmanov@rosalinux.ru>
+Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3347
+Link: https://lore.kernel.org/all/1c978cf1-2934-4e66-e4b3-e81b04cb3571@rosalinux.ru/
+Fixes: f2d5dcb48f7b (bounds: support non-power-of-two CONFIG_NR_CPUS)
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
+Cc: Rik van Riel <riel@surriel.com>
+Cc: Mel Gorman <mgorman@techsingularity.net>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/bounds.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/bounds.c
++++ b/kernel/bounds.c
+@@ -19,7 +19,7 @@ int main(void)
+ DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS);
+ DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES);
+ #ifdef CONFIG_SMP
+- DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS));
++ DEFINE(NR_CPUS_BITS, order_base_2(CONFIG_NR_CPUS));
+ #endif
+ DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t));
+ #ifdef CONFIG_LRU_GEN
--- /dev/null
+From stable+bounces-41782-greg=kroah.com@vger.kernel.org Tue Apr 30 02:45:07 2024
+From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Date: Mon, 29 Apr 2024 17:44:23 -0700
+Subject: macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst
+To: stable@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, bpoirier@nvidia.com, cratiu@nvidia.com, kuba@kernel.org, sd@queasysnail.net, Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Message-ID: <20240430004439.299386-3-rrameshbabu@nvidia.com>
+
+From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+
+commit 642c984dd0e37dbaec9f87bd1211e5fac1f142bf upstream.
+
+Can now correctly identify where the packets should be delivered by using
+md_dst or its absence on devices that provide it.
+
+This detection is not possible without device drivers that update md_dst. A
+fallback pattern should be used for supporting such device drivers. This
+fallback mode causes multicast messages to be cloned to both the non-macsec
+and macsec ports, independent of whether the multicast message received was
+encrypted over MACsec or not. Other non-macsec traffic may also fail to be
+handled correctly for devices in promiscuous mode.
+
+Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/
+Cc: Sabrina Dubroca <sd@queasysnail.net>
+Cc: stable@vger.kernel.org
+Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support")
+Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Reviewed-by: Benjamin Poirier <bpoirier@nvidia.com>
+Reviewed-by: Cosmin Ratiu <cratiu@nvidia.com>
+Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
+Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/macsec.c | 44 +++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 37 insertions(+), 7 deletions(-)
+
+--- a/drivers/net/macsec.c
++++ b/drivers/net/macsec.c
+@@ -1007,10 +1007,12 @@ static enum rx_handler_result handle_not
+ struct metadata_dst *md_dst;
+ struct macsec_rxh_data *rxd;
+ struct macsec_dev *macsec;
++ bool is_macsec_md_dst;
+
+ rcu_read_lock();
+ rxd = macsec_data_rcu(skb->dev);
+ md_dst = skb_metadata_dst(skb);
++ is_macsec_md_dst = md_dst && md_dst->type == METADATA_MACSEC;
+
+ list_for_each_entry_rcu(macsec, &rxd->secys, secys) {
+ struct sk_buff *nskb;
+@@ -1021,10 +1023,42 @@ static enum rx_handler_result handle_not
+ * the SecTAG, so we have to deduce which port to deliver to.
+ */
+ if (macsec_is_offloaded(macsec) && netif_running(ndev)) {
+- if (md_dst && md_dst->type == METADATA_MACSEC &&
+- (!find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci)))
++ const struct macsec_ops *ops;
++
++ ops = macsec_get_ops(macsec, NULL);
++
++ if (ops->rx_uses_md_dst && !is_macsec_md_dst)
+ continue;
+
++ if (is_macsec_md_dst) {
++ struct macsec_rx_sc *rx_sc;
++
++ /* All drivers that implement MACsec offload
++ * support using skb metadata destinations must
++ * indicate that they do so.
++ */
++ DEBUG_NET_WARN_ON_ONCE(!ops->rx_uses_md_dst);
++ rx_sc = find_rx_sc(&macsec->secy,
++ md_dst->u.macsec_info.sci);
++ if (!rx_sc)
++ continue;
++ /* device indicated macsec offload occurred */
++ skb->dev = ndev;
++ skb->pkt_type = PACKET_HOST;
++ eth_skb_pkt_type(skb, ndev);
++ ret = RX_HANDLER_ANOTHER;
++ goto out;
++ }
++
++ /* This datapath is insecure because it is unable to
++ * enforce isolation of broadcast/multicast traffic and
++ * unicast traffic with promiscuous mode on the macsec
++ * netdev. Since the core stack has no mechanism to
++ * check that the hardware did indeed receive MACsec
++ * traffic, it is possible that the response handling
++ * done by the MACsec port was to a plaintext packet.
++ * This violates the MACsec protocol standard.
++ */
+ if (ether_addr_equal_64bits(hdr->h_dest,
+ ndev->dev_addr)) {
+ /* exact match, divert skb to this port */
+@@ -1040,11 +1074,7 @@ static enum rx_handler_result handle_not
+ break;
+
+ nskb->dev = ndev;
+- if (ether_addr_equal_64bits(hdr->h_dest,
+- ndev->broadcast))
+- nskb->pkt_type = PACKET_BROADCAST;
+- else
+- nskb->pkt_type = PACKET_MULTICAST;
++ eth_skb_pkt_type(nskb, ndev);
+
+ __netif_rx(nskb);
+ }
--- /dev/null
+From stable+bounces-41779-greg=kroah.com@vger.kernel.org Tue Apr 30 02:45:02 2024
+From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Date: Mon, 29 Apr 2024 17:44:21 -0700
+Subject: macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads
+To: stable@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, bpoirier@nvidia.com, cratiu@nvidia.com, kuba@kernel.org, sd@queasysnail.net, Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Message-ID: <20240430004439.299386-1-rrameshbabu@nvidia.com>
+
+From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+
+commit 475747a19316b08e856c666a20503e73d7ed67ed upstream.
+
+Omit rx_use_md_dst comment in upstream commit since macsec_ops is not
+documented.
+
+Cannot know whether a Rx skb missing md_dst is intended for MACsec or not
+without knowing whether the device is able to update this field during an
+offload. Assume that an offload to a MACsec device cannot support updating
+md_dst by default. Capable devices can advertise that they do indicate that
+an skb is related to a MACsec offloaded packet using the md_dst.
+
+Cc: Sabrina Dubroca <sd@queasysnail.net>
+Cc: stable@vger.kernel.org
+Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support")
+Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Reviewed-by: Benjamin Poirier <bpoirier@nvidia.com>
+Reviewed-by: Cosmin Ratiu <cratiu@nvidia.com>
+Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
+Link: https://lore.kernel.org/r/20240423181319.115860-2-rrameshbabu@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/macsec.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/net/macsec.h
++++ b/include/net/macsec.h
+@@ -302,6 +302,7 @@ struct macsec_ops {
+ int (*mdo_get_tx_sa_stats)(struct macsec_context *ctx);
+ int (*mdo_get_rx_sc_stats)(struct macsec_context *ctx);
+ int (*mdo_get_rx_sa_stats)(struct macsec_context *ctx);
++ bool rx_uses_md_dst;
+ };
+
+ void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);
--- /dev/null
+From stable+bounces-41780-greg=kroah.com@vger.kernel.org Tue Apr 30 02:45:06 2024
+From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Date: Mon, 29 Apr 2024 17:44:24 -0700
+Subject: net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec
+To: stable@vger.kernel.org
+Cc: gregkh@linuxfoundation.org, bpoirier@nvidia.com, cratiu@nvidia.com, kuba@kernel.org, sd@queasysnail.net, Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Message-ID: <20240430004439.299386-4-rrameshbabu@nvidia.com>
+
+From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+
+commit 39d26a8f2efcb8b5665fe7d54a7dba306a8f1dff upstream.
+
+mlx5 Rx flow steering and CQE handling enable the driver to be able to
+update an skb's md_dst attribute as MACsec when MACsec traffic arrives when
+a device is configured for offloading. Advertise this to the core stack to
+take advantage of this capability.
+
+Cc: stable@vger.kernel.org
+Fixes: b7c9400cbc48 ("net/mlx5e: Implement MACsec Rx data path using MACsec skb_metadata_dst")
+Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
+Reviewed-by: Benjamin Poirier <bpoirier@nvidia.com>
+Reviewed-by: Cosmin Ratiu <cratiu@nvidia.com>
+Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
+Link: https://lore.kernel.org/r/20240423181319.115860-5-rrameshbabu@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+@@ -1703,6 +1703,7 @@ static const struct macsec_ops macsec_of
+ .mdo_add_secy = mlx5e_macsec_add_secy,
+ .mdo_upd_secy = mlx5e_macsec_upd_secy,
+ .mdo_del_secy = mlx5e_macsec_del_secy,
++ .rx_uses_md_dst = true,
+ };
+
+ bool mlx5e_macsec_handle_tx_skb(struct mlx5e_macsec *macsec, struct sk_buff *skb)
riscv-fix-task_size-on-64-bit-nommu.patch
phy-ti-tusb1210-resolve-charger-det-crash-if-charger.patch
i2c-smbus-fix-null-function-pointer-dereference.patch
+bounds-use-the-right-number-of-bits-for-power-of-two-config_nr_cpus.patch
+macsec-enable-devices-to-advertise-whether-they-update-sk_buff-md_dst-during-offloads.patch
+macsec-detect-if-rx-skb-is-macsec-related-for-offloading-devices-that-update-md_dst.patch
+net-mlx5e-advertise-mlx5-ethernet-driver-updates-sk_buff-md_dst-for-macsec.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
