From: Greg Kroah-Hartman Date: Mon, 25 Nov 2019 13:28:30 +0000 (+0100) Subject: 5.3-stable patches X-Git-Tag: v4.4.203~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a0815c336ab852a9a2c7c4c3ee6ce81e83659805;p=thirdparty%2Fkernel%2Fstable-queue.git 5.3-stable patches added patches: ipv6-route-return-if-there-is-no-fib_nh_gw_family.patch mdio_bus-fix-mdio_register_device-when-reset_controller-is-disabled.patch mlxsw-spectrum_router-fix-determining-underlay-for-a-gre-tunnel.patch net-ipv4-fix-sysctl-max-for-fib_multipath_hash_policy.patch net-mlx4_en-fix-mlx4-ethtool-n-insertion.patch net-mlx4_en-fix-wrong-limitation-for-number-of-tx-rings.patch net-mlx5-fix-auto-group-size-calculation.patch net-mlx5-update-the-list-of-the-pci-supported-devices.patch net-mlx5e-do-not-use-non-ext-link-modes-in-ext-mode.patch net-mlx5e-fix-error-flow-cleanup-in-mlx5e_tc_tun_create_header_ipv4-6.patch net-mlx5e-fix-set-vf-link-state-error-flow.patch net-mlxfw-verify-fsm-error-code-translation-doesn-t-exceed-array-size.patch net-rtnetlink-prevent-underflows-in-do_setvfinfo.patch net-sched-act_pedit-fix-warn-in-the-traffic-path.patch net-sched-ensure-opts_len-ip_tunnel_opts_max-in-act_tunnel_key.patch net-tls-enable-sk_msg-redirect-to-tls-socket-egress.patch sfc-only-cancel-the-pps-workqueue-if-it-exists.patch taprio-don-t-reject-same-mqprio-settings.patch --- diff --git a/queue-5.3/ipv6-route-return-if-there-is-no-fib_nh_gw_family.patch b/queue-5.3/ipv6-route-return-if-there-is-no-fib_nh_gw_family.patch new file mode 100644 index 00000000000..06472ec6142 --- /dev/null +++ b/queue-5.3/ipv6-route-return-if-there-is-no-fib_nh_gw_family.patch @@ -0,0 +1,34 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Hangbin Liu +Date: Wed, 20 Nov 2019 15:39:06 +0800 +Subject: ipv6/route: return if there is no fib_nh_gw_family + +From: Hangbin Liu + +[ Upstream commit 004b39427f945696db30abb2c4e1a3856ffff819 ] + +Previously we will return directly if (!rt || !rt->fib6_nh.fib_nh_gw_family) +in function rt6_probe(), but after commit cc3a86c802f0 +("ipv6: Change rt6_probe to take a fib6_nh"), the logic changed to +return if there is fib_nh_gw_family. + +Fixes: cc3a86c802f0 ("ipv6: Change rt6_probe to take a fib6_nh") +Signed-off-by: Hangbin Liu +Reviewed-by: David Ahern +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/route.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -634,7 +634,7 @@ static void rt6_probe(struct fib6_nh *fi + * Router Reachability Probe MUST be rate-limited + * to no more than one per minute. + */ +- if (fib6_nh->fib_nh_gw_family) ++ if (!fib6_nh->fib_nh_gw_family) + return; + + nh_gw = &fib6_nh->fib_nh_gw6; diff --git a/queue-5.3/mdio_bus-fix-mdio_register_device-when-reset_controller-is-disabled.patch b/queue-5.3/mdio_bus-fix-mdio_register_device-when-reset_controller-is-disabled.patch new file mode 100644 index 00000000000..9674c4e97b7 --- /dev/null +++ b/queue-5.3/mdio_bus-fix-mdio_register_device-when-reset_controller-is-disabled.patch @@ -0,0 +1,52 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: "Marek Behún" +Date: Mon, 18 Nov 2019 19:15:05 +0100 +Subject: mdio_bus: fix mdio_register_device when RESET_CONTROLLER is disabled + +From: "Marek Behún" + +[ Upstream commit 075e238d12c21c8bde700d21fb48be7a3aa80194 ] + +When CONFIG_RESET_CONTROLLER is disabled, the +devm_reset_control_get_exclusive function returns -ENOTSUPP. This is not +handled in subsequent check and then the mdio device fails to probe. + +When CONFIG_RESET_CONTROLLER is enabled, its code checks in OF for reset +device, and since it is not present, returns -ENOENT. -ENOENT is handled. +Add -ENOTSUPP also. + +This happened to me when upgrading kernel on Turris Omnia. You either +have to enable CONFIG_RESET_CONTROLLER or use this patch. + +Signed-off-by: Marek Behún +Fixes: 71dd6c0dff51b ("net: phy: add support for reset-controller") +Cc: Dmitry Torokhov +Cc: Andrew Lunn +Cc: Andy Shevchenko +Reviewed-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/phy/mdio_bus.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/net/phy/mdio_bus.c ++++ b/drivers/net/phy/mdio_bus.c +@@ -68,11 +68,12 @@ static int mdiobus_register_reset(struct + if (mdiodev->dev.of_node) + reset = devm_reset_control_get_exclusive(&mdiodev->dev, + "phy"); +- if (PTR_ERR(reset) == -ENOENT || +- PTR_ERR(reset) == -ENOTSUPP) +- reset = NULL; +- else if (IS_ERR(reset)) +- return PTR_ERR(reset); ++ if (IS_ERR(reset)) { ++ if (PTR_ERR(reset) == -ENOENT || PTR_ERR(reset) == -ENOTSUPP) ++ reset = NULL; ++ else ++ return PTR_ERR(reset); ++ } + + mdiodev->reset_ctrl = reset; + diff --git a/queue-5.3/mlxsw-spectrum_router-fix-determining-underlay-for-a-gre-tunnel.patch b/queue-5.3/mlxsw-spectrum_router-fix-determining-underlay-for-a-gre-tunnel.patch new file mode 100644 index 00000000000..726edd22b58 --- /dev/null +++ b/queue-5.3/mlxsw-spectrum_router-fix-determining-underlay-for-a-gre-tunnel.patch @@ -0,0 +1,70 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Petr Machata +Date: Mon, 18 Nov 2019 09:18:42 +0200 +Subject: mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel + +From: Petr Machata + +[ Upstream commit 1fc1657775dc1b19e9ac1d46b4054ed8ae5d99ab ] + +The helper mlxsw_sp_ipip_dev_ul_tb_id() determines the underlay VRF of a +GRE tunnel. For a tunnel without a bound device, it uses the same VRF that +the tunnel is in. However in Linux, a GRE tunnel without a bound device +uses the main VRF as the underlay. Fix the function accordingly. + +mlxsw further assumed that moving a tunnel to a different VRF could cause +conflict in local tunnel endpoint address, which cannot be offloaded. +However, the only way that an underlay could be changed by moving the +tunnel device itself is if the tunnel device does not have a bound device. +But in that case the underlay is always the main VRF, so there is no +opportunity to introduce a conflict by moving such device. Thus this check +constitutes a dead code, and can be removed, which do. + +Fixes: 6ddb7426a7d4 ("mlxsw: spectrum_router: Introduce loopback RIFs") +Signed-off-by: Petr Machata +Signed-off-by: Ido Schimmel +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 19 ------------------ + 1 file changed, 1 insertion(+), 18 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c +@@ -994,7 +994,7 @@ u32 mlxsw_sp_ipip_dev_ul_tb_id(const str + if (d) + return l3mdev_fib_table(d) ? : RT_TABLE_MAIN; + else +- return l3mdev_fib_table(ol_dev) ? : RT_TABLE_MAIN; ++ return RT_TABLE_MAIN; + } + + static struct mlxsw_sp_rif * +@@ -1598,27 +1598,10 @@ static int mlxsw_sp_netdevice_ipip_ol_vr + { + struct mlxsw_sp_ipip_entry *ipip_entry = + mlxsw_sp_ipip_entry_find_by_ol_dev(mlxsw_sp, ol_dev); +- enum mlxsw_sp_l3proto ul_proto; +- union mlxsw_sp_l3addr saddr; +- u32 ul_tb_id; + + if (!ipip_entry) + return 0; + +- /* For flat configuration cases, moving overlay to a different VRF might +- * cause local address conflict, and the conflicting tunnels need to be +- * demoted. +- */ +- ul_tb_id = mlxsw_sp_ipip_dev_ul_tb_id(ol_dev); +- ul_proto = mlxsw_sp->router->ipip_ops_arr[ipip_entry->ipipt]->ul_proto; +- saddr = mlxsw_sp_ipip_netdev_saddr(ul_proto, ol_dev); +- if (mlxsw_sp_ipip_demote_tunnel_by_saddr(mlxsw_sp, ul_proto, +- saddr, ul_tb_id, +- ipip_entry)) { +- mlxsw_sp_ipip_entry_demote_tunnel(mlxsw_sp, ipip_entry); +- return 0; +- } +- + return __mlxsw_sp_ipip_entry_update_tunnel(mlxsw_sp, ipip_entry, + true, false, false, extack); + } diff --git a/queue-5.3/net-ipv4-fix-sysctl-max-for-fib_multipath_hash_policy.patch b/queue-5.3/net-ipv4-fix-sysctl-max-for-fib_multipath_hash_policy.patch new file mode 100644 index 00000000000..bed0647b87b --- /dev/null +++ b/queue-5.3/net-ipv4-fix-sysctl-max-for-fib_multipath_hash_policy.patch @@ -0,0 +1,38 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Marcelo Ricardo Leitner +Date: Mon, 18 Nov 2019 09:46:09 -0300 +Subject: net/ipv4: fix sysctl max for fib_multipath_hash_policy + +From: Marcelo Ricardo Leitner + +[ Upstream commit ca749bbb108c24a876014c804f9777c545be4d59 ] + +Commit eec4844fae7c ("proc/sysctl: add shared variables for range +check") did: +- .extra2 = &two, ++ .extra2 = SYSCTL_ONE, +here, which doesn't seem to be intentional, given the changelog. +This patch restores it to the previous, as the value of 2 still makes +sense (used in fib_multipath_hash()). + +Fixes: eec4844fae7c ("proc/sysctl: add shared variables for range check") +Cc: Matteo Croce +Signed-off-by: Marcelo Ricardo Leitner +Acked-by: Matteo Croce +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/sysctl_net_ipv4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/sysctl_net_ipv4.c ++++ b/net/ipv4/sysctl_net_ipv4.c +@@ -1028,7 +1028,7 @@ static struct ctl_table ipv4_net_table[] + .mode = 0644, + .proc_handler = proc_fib_multipath_hash_policy, + .extra1 = SYSCTL_ZERO, +- .extra2 = SYSCTL_ONE, ++ .extra2 = &two, + }, + #endif + { diff --git a/queue-5.3/net-mlx4_en-fix-mlx4-ethtool-n-insertion.patch b/queue-5.3/net-mlx4_en-fix-mlx4-ethtool-n-insertion.patch new file mode 100644 index 00000000000..7ebe4ca52d7 --- /dev/null +++ b/queue-5.3/net-mlx4_en-fix-mlx4-ethtool-n-insertion.patch @@ -0,0 +1,35 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Luigi Rizzo +Date: Fri, 15 Nov 2019 12:12:25 -0800 +Subject: net/mlx4_en: fix mlx4 ethtool -N insertion + +From: Luigi Rizzo + +[ Upstream commit 34e59836565e36fade1464e054a3551c1a0364be ] + +ethtool expects ETHTOOL_GRXCLSRLALL to set ethtool_rxnfc->data with the +total number of entries in the rx classifier table. Surprisingly, mlx4 +is missing this part (in principle ethtool could still move forward and +try the insert). + +Tested: compiled and run command: + phh13:~# ethtool -N eth1 flow-type udp4 queue 4 + Added rule with ID 255 + +Signed-off-by: Luigi Rizzo +Reviewed-by: Tariq Toukan +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c ++++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +@@ -1745,6 +1745,7 @@ static int mlx4_en_get_rxnfc(struct net_ + err = mlx4_en_get_flow(dev, cmd, cmd->fs.location); + break; + case ETHTOOL_GRXCLSRLALL: ++ cmd->data = MAX_NUM_OF_FS_RULES; + while ((!err || err == -ENOENT) && priority < cmd->rule_cnt) { + err = mlx4_en_get_flow(dev, cmd, i); + if (!err) diff --git a/queue-5.3/net-mlx4_en-fix-wrong-limitation-for-number-of-tx-rings.patch b/queue-5.3/net-mlx4_en-fix-wrong-limitation-for-number-of-tx-rings.patch new file mode 100644 index 00000000000..d5a330809c3 --- /dev/null +++ b/queue-5.3/net-mlx4_en-fix-wrong-limitation-for-number-of-tx-rings.patch @@ -0,0 +1,75 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Tariq Toukan +Date: Mon, 18 Nov 2019 11:41:04 +0200 +Subject: net/mlx4_en: Fix wrong limitation for number of TX rings + +From: Tariq Toukan + +[ Upstream commit 2744bf42680f64ebf2ee8a00354897857c073331 ] + +XDP_TX rings should not be limited by max_num_tx_rings_p_up. +To make sure total number of TX rings never exceed MAX_TX_RINGS, +add similar check in mlx4_en_alloc_tx_queue_per_tc(), where +a new value is assigned for num_up. + +Fixes: 7e1dc5e926d5 ("net/mlx4_en: Limit the number of TX rings") +Signed-off-by: Tariq Toukan +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 8 ++++---- + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 9 +++++++++ + 2 files changed, 13 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c ++++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +@@ -1812,6 +1812,7 @@ static int mlx4_en_set_channels(struct n + struct mlx4_en_dev *mdev = priv->mdev; + struct mlx4_en_port_profile new_prof; + struct mlx4_en_priv *tmp; ++ int total_tx_count; + int port_up = 0; + int xdp_count; + int err = 0; +@@ -1826,13 +1827,12 @@ static int mlx4_en_set_channels(struct n + + mutex_lock(&mdev->state_lock); + xdp_count = priv->tx_ring_num[TX_XDP] ? channel->rx_count : 0; +- if (channel->tx_count * priv->prof->num_up + xdp_count > +- priv->mdev->profile.max_num_tx_rings_p_up * priv->prof->num_up) { ++ total_tx_count = channel->tx_count * priv->prof->num_up + xdp_count; ++ if (total_tx_count > MAX_TX_RINGS) { + err = -EINVAL; + en_err(priv, + "Total number of TX and XDP rings (%d) exceeds the maximum supported (%d)\n", +- channel->tx_count * priv->prof->num_up + xdp_count, +- MAX_TX_RINGS); ++ total_tx_count, MAX_TX_RINGS); + goto out; + } + +--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c ++++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c +@@ -91,6 +91,7 @@ int mlx4_en_alloc_tx_queue_per_tc(struct + struct mlx4_en_dev *mdev = priv->mdev; + struct mlx4_en_port_profile new_prof; + struct mlx4_en_priv *tmp; ++ int total_count; + int port_up = 0; + int err = 0; + +@@ -104,6 +105,14 @@ int mlx4_en_alloc_tx_queue_per_tc(struct + MLX4_EN_NUM_UP_HIGH; + new_prof.tx_ring_num[TX] = new_prof.num_tx_rings_p_up * + new_prof.num_up; ++ total_count = new_prof.tx_ring_num[TX] + new_prof.tx_ring_num[TX_XDP]; ++ if (total_count > MAX_TX_RINGS) { ++ err = -EINVAL; ++ en_err(priv, ++ "Total number of TX and XDP rings (%d) exceeds the maximum supported (%d)\n", ++ total_count, MAX_TX_RINGS); ++ goto out; ++ } + err = mlx4_en_try_alloc_resources(priv, tmp, &new_prof, true); + if (err) + goto out; diff --git a/queue-5.3/net-mlx5-fix-auto-group-size-calculation.patch b/queue-5.3/net-mlx5-fix-auto-group-size-calculation.patch new file mode 100644 index 00000000000..3555659d358 --- /dev/null +++ b/queue-5.3/net-mlx5-fix-auto-group-size-calculation.patch @@ -0,0 +1,74 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Maor Gottlieb +Date: Thu, 5 Sep 2019 09:56:10 +0300 +Subject: net/mlx5: Fix auto group size calculation + +From: Maor Gottlieb + +[ Upstream commit 97fd8da281f80e7e69e0114bc906575734d4dfaf ] + +Once all the large flow groups (defined by the user when the flow table +is created - max_num_groups) were created, then all the following new +flow groups will have only one flow table entry, even though the flow table +has place to larger groups. +Fix the condition to prefer large flow group. + +Fixes: f0d22d187473 ("net/mlx5_core: Introduce flow steering autogrouped flow table") +Signed-off-by: Maor Gottlieb +Signed-off-by: Saeed Mahameed +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 10 ++++++---- + drivers/net/ethernet/mellanox/mlx5/core/fs_core.h | 1 + + 2 files changed, 7 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c +@@ -549,7 +549,7 @@ static void del_sw_flow_group(struct fs_ + + rhashtable_destroy(&fg->ftes_hash); + ida_destroy(&fg->fte_allocator); +- if (ft->autogroup.active) ++ if (ft->autogroup.active && fg->max_ftes == ft->autogroup.group_size) + ft->autogroup.num_groups--; + err = rhltable_remove(&ft->fgs_hash, + &fg->hash, +@@ -1095,6 +1095,8 @@ mlx5_create_auto_grouped_flow_table(stru + + ft->autogroup.active = true; + ft->autogroup.required_groups = max_num_groups; ++ /* We save place for flow groups in addition to max types */ ++ ft->autogroup.group_size = ft->max_fte / (max_num_groups + 1); + + return ft; + } +@@ -1297,8 +1299,7 @@ static struct mlx5_flow_group *alloc_aut + return ERR_PTR(-ENOENT); + + if (ft->autogroup.num_groups < ft->autogroup.required_groups) +- /* We save place for flow groups in addition to max types */ +- group_size = ft->max_fte / (ft->autogroup.required_groups + 1); ++ group_size = ft->autogroup.group_size; + + /* ft->max_fte == ft->autogroup.max_types */ + if (group_size == 0) +@@ -1325,7 +1326,8 @@ static struct mlx5_flow_group *alloc_aut + if (IS_ERR(fg)) + goto out; + +- ft->autogroup.num_groups++; ++ if (group_size == ft->autogroup.group_size) ++ ft->autogroup.num_groups++; + + out: + return fg; +--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h +@@ -137,6 +137,7 @@ struct mlx5_flow_table { + struct { + bool active; + unsigned int required_groups; ++ unsigned int group_size; + unsigned int num_groups; + } autogroup; + /* Protect fwd_rules */ diff --git a/queue-5.3/net-mlx5-update-the-list-of-the-pci-supported-devices.patch b/queue-5.3/net-mlx5-update-the-list-of-the-pci-supported-devices.patch new file mode 100644 index 00000000000..c3e0b165f1d --- /dev/null +++ b/queue-5.3/net-mlx5-update-the-list-of-the-pci-supported-devices.patch @@ -0,0 +1,30 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Shani Shapp +Date: Tue, 12 Nov 2019 15:10:00 +0200 +Subject: net/mlx5: Update the list of the PCI supported devices + +From: Shani Shapp + +[ Upstream commit b7eca940322f47fd30dafb70da04d193a0154090 ] + +Add the upcoming ConnectX-6 LX device ID. + +Fixes: 85327a9c4150 ("net/mlx5: Update the list of the PCI supported devices") +Signed-off-by: Shani Shapp +Reviewed-by: Eran Ben Elisha +Signed-off-by: Saeed Mahameed +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c +@@ -1552,6 +1552,7 @@ static const struct pci_device_id mlx5_c + { PCI_VDEVICE(MELLANOX, 0x101c), MLX5_PCI_DEV_IS_VF}, /* ConnectX-6 VF */ + { PCI_VDEVICE(MELLANOX, 0x101d) }, /* ConnectX-6 Dx */ + { PCI_VDEVICE(MELLANOX, 0x101e), MLX5_PCI_DEV_IS_VF}, /* ConnectX Family mlx5Gen Virtual Function */ ++ { PCI_VDEVICE(MELLANOX, 0x101f) }, /* ConnectX-6 LX */ + { PCI_VDEVICE(MELLANOX, 0xa2d2) }, /* BlueField integrated ConnectX-5 network controller */ + { PCI_VDEVICE(MELLANOX, 0xa2d3), MLX5_PCI_DEV_IS_VF}, /* BlueField integrated ConnectX-5 network controller VF */ + { PCI_VDEVICE(MELLANOX, 0xa2d6) }, /* BlueField-2 integrated ConnectX-6 Dx network controller */ diff --git a/queue-5.3/net-mlx5e-do-not-use-non-ext-link-modes-in-ext-mode.patch b/queue-5.3/net-mlx5e-do-not-use-non-ext-link-modes-in-ext-mode.patch new file mode 100644 index 00000000000..f86519d9f68 --- /dev/null +++ b/queue-5.3/net-mlx5e-do-not-use-non-ext-link-modes-in-ext-mode.patch @@ -0,0 +1,71 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Eran Ben Elisha +Date: Sun, 17 Nov 2019 15:17:05 +0200 +Subject: net/mlx5e: Do not use non-EXT link modes in EXT mode + +From: Eran Ben Elisha + +[ Upstream commit 24960574505c49b102ca1dfa6bf109669bca2a66 ] + +On some old Firmwares, connector type value was not supported, and value +read from FW was 0. For those, driver used link mode in order to set +connector type in link_ksetting. + +After FW exposed the connector type, driver translated the value to ethtool +definitions. However, as 0 is a valid value, before returning PORT_OTHER, +driver run the check of link mode in order to maintain backward +compatibility. + +Cited patch added support to EXT mode. With both features (connector type +and EXT link modes) ,if connector_type read from FW is 0 and EXT mode is +set, driver mistakenly compare EXT link modes to non-EXT link mode. +Fixed that by skipping this comparison if we are in EXT mode, as connector +type value is valid in this scenario. + +Fixes: 6a897372417e ("net/mlx5: ethtool, Add ethtool support for 50Gbps per lane link modes") +Signed-off-by: Eran Ben Elisha +Reviewed-by: Aya Levin +Signed-off-by: Saeed Mahameed +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c +@@ -708,9 +708,9 @@ static int get_fec_supported_advertised( + + static void ptys2ethtool_supported_advertised_port(struct ethtool_link_ksettings *link_ksettings, + u32 eth_proto_cap, +- u8 connector_type) ++ u8 connector_type, bool ext) + { +- if (!connector_type || connector_type >= MLX5E_CONNECTOR_TYPE_NUMBER) { ++ if ((!connector_type && !ext) || connector_type >= MLX5E_CONNECTOR_TYPE_NUMBER) { + if (eth_proto_cap & (MLX5E_PROT_MASK(MLX5E_10GBASE_CR) + | MLX5E_PROT_MASK(MLX5E_10GBASE_SR) + | MLX5E_PROT_MASK(MLX5E_40GBASE_CR4) +@@ -842,9 +842,9 @@ static int ptys2connector_type[MLX5E_CON + [MLX5E_PORT_OTHER] = PORT_OTHER, + }; + +-static u8 get_connector_port(u32 eth_proto, u8 connector_type) ++static u8 get_connector_port(u32 eth_proto, u8 connector_type, bool ext) + { +- if (connector_type && connector_type < MLX5E_CONNECTOR_TYPE_NUMBER) ++ if ((connector_type || ext) && connector_type < MLX5E_CONNECTOR_TYPE_NUMBER) + return ptys2connector_type[connector_type]; + + if (eth_proto & +@@ -945,9 +945,9 @@ int mlx5e_ethtool_get_link_ksettings(str + eth_proto_oper = eth_proto_oper ? eth_proto_oper : eth_proto_cap; + + link_ksettings->base.port = get_connector_port(eth_proto_oper, +- connector_type); ++ connector_type, ext); + ptys2ethtool_supported_advertised_port(link_ksettings, eth_proto_admin, +- connector_type); ++ connector_type, ext); + get_lp_advertising(mdev, eth_proto_lp, link_ksettings); + + if (an_status == MLX5_AN_COMPLETE) diff --git a/queue-5.3/net-mlx5e-fix-error-flow-cleanup-in-mlx5e_tc_tun_create_header_ipv4-6.patch b/queue-5.3/net-mlx5e-fix-error-flow-cleanup-in-mlx5e_tc_tun_create_header_ipv4-6.patch new file mode 100644 index 00000000000..41429e1cf3e --- /dev/null +++ b/queue-5.3/net-mlx5e-fix-error-flow-cleanup-in-mlx5e_tc_tun_create_header_ipv4-6.patch @@ -0,0 +1,61 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Eli Cohen +Date: Thu, 31 Oct 2019 09:00:43 +0200 +Subject: net/mlx5e: Fix error flow cleanup in mlx5e_tc_tun_create_header_ipv4/6 + +From: Eli Cohen + +[ Upstream commit a86db2269fca8019074b720baf2e0a35cddac4e9 ] + +Be sure to release the neighbour in case of failures after successful +route lookup. + +Fixes: 101f4de9dd52 ("net/mlx5e: Move TC tunnel offloading code to separate source file") +Signed-off-by: Eli Cohen +Reviewed-by: Roi Dayan +Signed-off-by: Saeed Mahameed +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c +@@ -232,12 +232,15 @@ int mlx5e_tc_tun_create_header_ipv4(stru + if (max_encap_size < ipv4_encap_size) { + mlx5_core_warn(priv->mdev, "encap size %d too big, max supported is %d\n", + ipv4_encap_size, max_encap_size); +- return -EOPNOTSUPP; ++ err = -EOPNOTSUPP; ++ goto out; + } + + encap_header = kzalloc(ipv4_encap_size, GFP_KERNEL); +- if (!encap_header) +- return -ENOMEM; ++ if (!encap_header) { ++ err = -ENOMEM; ++ goto out; ++ } + + /* used by mlx5e_detach_encap to lookup a neigh hash table + * entry in the neigh hash table when a user deletes a rule +@@ -348,12 +351,15 @@ int mlx5e_tc_tun_create_header_ipv6(stru + if (max_encap_size < ipv6_encap_size) { + mlx5_core_warn(priv->mdev, "encap size %d too big, max supported is %d\n", + ipv6_encap_size, max_encap_size); +- return -EOPNOTSUPP; ++ err = -EOPNOTSUPP; ++ goto out; + } + + encap_header = kzalloc(ipv6_encap_size, GFP_KERNEL); +- if (!encap_header) +- return -ENOMEM; ++ if (!encap_header) { ++ err = -ENOMEM; ++ goto out; ++ } + + /* used by mlx5e_detach_encap to lookup a neigh hash table + * entry in the neigh hash table when a user deletes a rule diff --git a/queue-5.3/net-mlx5e-fix-set-vf-link-state-error-flow.patch b/queue-5.3/net-mlx5e-fix-set-vf-link-state-error-flow.patch new file mode 100644 index 00000000000..e501bfd5de5 --- /dev/null +++ b/queue-5.3/net-mlx5e-fix-set-vf-link-state-error-flow.patch @@ -0,0 +1,32 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Roi Dayan +Date: Wed, 13 Nov 2019 14:42:00 +0200 +Subject: net/mlx5e: Fix set vf link state error flow + +From: Roi Dayan + +[ Upstream commit 751021218f7e66ee9bbaa2be23056e447cd75ec4 ] + +Before this commit the ndo always returned success. +Fix that. + +Fixes: 1ab2068a4c66 ("net/mlx5: Implement vports admin state backup/restore") +Signed-off-by: Roi Dayan +Reviewed-by: Vlad Buslov +Signed-off-by: Saeed Mahameed +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c +@@ -2044,7 +2044,7 @@ int mlx5_eswitch_set_vport_state(struct + + unlock: + mutex_unlock(&esw->state_lock); +- return 0; ++ return err; + } + + int mlx5_eswitch_get_vport_config(struct mlx5_eswitch *esw, diff --git a/queue-5.3/net-mlxfw-verify-fsm-error-code-translation-doesn-t-exceed-array-size.patch b/queue-5.3/net-mlxfw-verify-fsm-error-code-translation-doesn-t-exceed-array-size.patch new file mode 100644 index 00000000000..841ce05c9db --- /dev/null +++ b/queue-5.3/net-mlxfw-verify-fsm-error-code-translation-doesn-t-exceed-array-size.patch @@ -0,0 +1,34 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Eran Ben Elisha +Date: Sun, 17 Nov 2019 10:18:59 +0200 +Subject: net/mlxfw: Verify FSM error code translation doesn't exceed array size + +From: Eran Ben Elisha + +[ Upstream commit 30e9e0550bf693c94bc15827781fe42dd60be634 ] + +Array mlxfw_fsm_state_err_str contains value to string translation, when +values are provided by mlxfw_dev. If value is larger than +MLXFW_FSM_STATE_ERR_MAX, return "unknown error" as expected instead of +reading an address than exceed array size. + +Fixes: 410ed13cae39 ("Add the mlxfw module for Mellanox firmware flash process") +Signed-off-by: Eran Ben Elisha +Acked-by: Jiri Pirko +Signed-off-by: Saeed Mahameed +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c ++++ b/drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c +@@ -66,6 +66,8 @@ retry: + return err; + + if (fsm_state_err != MLXFW_FSM_STATE_ERR_OK) { ++ fsm_state_err = min_t(enum mlxfw_fsm_state_err, ++ fsm_state_err, MLXFW_FSM_STATE_ERR_MAX); + pr_err("Firmware flash failed: %s\n", + mlxfw_fsm_state_err_str[fsm_state_err]); + NL_SET_ERR_MSG_MOD(extack, "Firmware flash failed"); diff --git a/queue-5.3/net-rtnetlink-prevent-underflows-in-do_setvfinfo.patch b/queue-5.3/net-rtnetlink-prevent-underflows-in-do_setvfinfo.patch new file mode 100644 index 00000000000..cfe239a2533 --- /dev/null +++ b/queue-5.3/net-rtnetlink-prevent-underflows-in-do_setvfinfo.patch @@ -0,0 +1,189 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Dan Carpenter +Date: Wed, 20 Nov 2019 15:34:38 +0300 +Subject: net: rtnetlink: prevent underflows in do_setvfinfo() + +From: Dan Carpenter + +[ Upstream commit d658c8f56ec7b3de8051a24afb25da9ba3c388c5 ] + +The "ivm->vf" variable is a u32, but the problem is that a number of +drivers cast it to an int and then forget to check for negatives. An +example of this is in the cxgb4 driver. + +drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c + 2890 static int cxgb4_mgmt_get_vf_config(struct net_device *dev, + 2891 int vf, struct ifla_vf_info *ivi) + ^^^^^^ + 2892 { + 2893 struct port_info *pi = netdev_priv(dev); + 2894 struct adapter *adap = pi->adapter; + 2895 struct vf_info *vfinfo; + 2896 + 2897 if (vf >= adap->num_vfs) + ^^^^^^^^^^^^^^^^^^^ + 2898 return -EINVAL; + 2899 vfinfo = &adap->vfinfo[vf]; + ^^^^^^^^^^^^^^^^^^^^^^^^^^ + +There are 48 functions affected. + +drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:8435 hclge_set_vf_vlan_filter() warn: can 'vfid' underflow 's32min-2147483646' +drivers/net/ethernet/freescale/enetc/enetc_pf.c:377 enetc_pf_set_vf_mac() warn: can 'vf' underflow 's32min-2147483646' +drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2899 cxgb4_mgmt_get_vf_config() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2960 cxgb4_mgmt_set_vf_rate() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3019 cxgb4_mgmt_set_vf_rate() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3038 cxgb4_mgmt_set_vf_vlan() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3086 cxgb4_mgmt_set_vf_link_state() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/chelsio/cxgb/cxgb2.c:791 get_eeprom() warn: can 'i' underflow 's32min-(-4),0,4-s32max' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:82 bnxt_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:164 bnxt_set_vf_trust() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:186 bnxt_get_vf_config() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:228 bnxt_set_vf_mac() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:264 bnxt_set_vf_vlan() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:293 bnxt_set_vf_bw() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:333 bnxt_set_vf_link_state() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:2595 bnx2x_vf_op_prep() warn: can 'vfidx' underflow 's32min-63' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:2595 bnx2x_vf_op_prep() warn: can 'vfidx' underflow 's32min-63' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2281 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2285 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2286 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2292 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' +drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2297 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63' +drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1832 qlcnic_sriov_set_vf_mac() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1864 qlcnic_sriov_set_vf_tx_rate() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1937 qlcnic_sriov_set_vf_vlan() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:2005 qlcnic_sriov_get_vf_config() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:2036 qlcnic_sriov_set_vf_spoofchk() warn: can 'vf' underflow 's32min-254' +drivers/net/ethernet/emulex/benet/be_main.c:1914 be_get_vf_config() warn: can 'vf' underflow 's32min-65534' +drivers/net/ethernet/emulex/benet/be_main.c:1915 be_get_vf_config() warn: can 'vf' underflow 's32min-65534' +drivers/net/ethernet/emulex/benet/be_main.c:1922 be_set_vf_tvt() warn: can 'vf' underflow 's32min-65534' +drivers/net/ethernet/emulex/benet/be_main.c:1951 be_clear_vf_tvt() warn: can 'vf' underflow 's32min-65534' +drivers/net/ethernet/emulex/benet/be_main.c:2063 be_set_vf_tx_rate() warn: can 'vf' underflow 's32min-65534' +drivers/net/ethernet/emulex/benet/be_main.c:2091 be_set_vf_link_state() warn: can 'vf' underflow 's32min-65534' +drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:2609 ice_set_vf_port_vlan() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3050 ice_get_vf_cfg() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3103 ice_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3181 ice_set_vf_mac() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3237 ice_set_vf_trust() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3286 ice_set_vf_link_state() warn: can 'vf_id' underflow 's32min-65534' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:3919 i40e_validate_vf() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:3957 i40e_ndo_set_vf_mac() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4104 i40e_ndo_set_vf_port_vlan() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4263 i40e_ndo_set_vf_bw() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4309 i40e_ndo_get_vf_config() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4371 i40e_ndo_set_vf_link_state() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4441 i40e_ndo_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4441 i40e_ndo_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-2147483646' +drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4504 i40e_ndo_set_vf_trust() warn: can 'vf_id' underflow 's32min-2147483646' + +Signed-off-by: Dan Carpenter +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/core/rtnetlink.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -2195,6 +2195,8 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_MAC]) { + struct ifla_vf_mac *ivm = nla_data(tb[IFLA_VF_MAC]); + ++ if (ivm->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_set_vf_mac) + err = ops->ndo_set_vf_mac(dev, ivm->vf, +@@ -2206,6 +2208,8 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_VLAN]) { + struct ifla_vf_vlan *ivv = nla_data(tb[IFLA_VF_VLAN]); + ++ if (ivv->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_set_vf_vlan) + err = ops->ndo_set_vf_vlan(dev, ivv->vf, ivv->vlan, +@@ -2238,6 +2242,8 @@ static int do_setvfinfo(struct net_devic + if (len == 0) + return -EINVAL; + ++ if (ivvl[0]->vf >= INT_MAX) ++ return -EINVAL; + err = ops->ndo_set_vf_vlan(dev, ivvl[0]->vf, ivvl[0]->vlan, + ivvl[0]->qos, ivvl[0]->vlan_proto); + if (err < 0) +@@ -2248,6 +2254,8 @@ static int do_setvfinfo(struct net_devic + struct ifla_vf_tx_rate *ivt = nla_data(tb[IFLA_VF_TX_RATE]); + struct ifla_vf_info ivf; + ++ if (ivt->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_get_vf_config) + err = ops->ndo_get_vf_config(dev, ivt->vf, &ivf); +@@ -2266,6 +2274,8 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_RATE]) { + struct ifla_vf_rate *ivt = nla_data(tb[IFLA_VF_RATE]); + ++ if (ivt->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_set_vf_rate) + err = ops->ndo_set_vf_rate(dev, ivt->vf, +@@ -2278,6 +2288,8 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_SPOOFCHK]) { + struct ifla_vf_spoofchk *ivs = nla_data(tb[IFLA_VF_SPOOFCHK]); + ++ if (ivs->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_set_vf_spoofchk) + err = ops->ndo_set_vf_spoofchk(dev, ivs->vf, +@@ -2289,6 +2301,8 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_LINK_STATE]) { + struct ifla_vf_link_state *ivl = nla_data(tb[IFLA_VF_LINK_STATE]); + ++ if (ivl->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_set_vf_link_state) + err = ops->ndo_set_vf_link_state(dev, ivl->vf, +@@ -2302,6 +2316,8 @@ static int do_setvfinfo(struct net_devic + + err = -EOPNOTSUPP; + ivrssq_en = nla_data(tb[IFLA_VF_RSS_QUERY_EN]); ++ if (ivrssq_en->vf >= INT_MAX) ++ return -EINVAL; + if (ops->ndo_set_vf_rss_query_en) + err = ops->ndo_set_vf_rss_query_en(dev, ivrssq_en->vf, + ivrssq_en->setting); +@@ -2312,6 +2328,8 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_TRUST]) { + struct ifla_vf_trust *ivt = nla_data(tb[IFLA_VF_TRUST]); + ++ if (ivt->vf >= INT_MAX) ++ return -EINVAL; + err = -EOPNOTSUPP; + if (ops->ndo_set_vf_trust) + err = ops->ndo_set_vf_trust(dev, ivt->vf, ivt->setting); +@@ -2322,15 +2340,18 @@ static int do_setvfinfo(struct net_devic + if (tb[IFLA_VF_IB_NODE_GUID]) { + struct ifla_vf_guid *ivt = nla_data(tb[IFLA_VF_IB_NODE_GUID]); + ++ if (ivt->vf >= INT_MAX) ++ return -EINVAL; + if (!ops->ndo_set_vf_guid) + return -EOPNOTSUPP; +- + return handle_vf_guid(dev, ivt, IFLA_VF_IB_NODE_GUID); + } + + if (tb[IFLA_VF_IB_PORT_GUID]) { + struct ifla_vf_guid *ivt = nla_data(tb[IFLA_VF_IB_PORT_GUID]); + ++ if (ivt->vf >= INT_MAX) ++ return -EINVAL; + if (!ops->ndo_set_vf_guid) + return -EOPNOTSUPP; + diff --git a/queue-5.3/net-sched-act_pedit-fix-warn-in-the-traffic-path.patch b/queue-5.3/net-sched-act_pedit-fix-warn-in-the-traffic-path.patch new file mode 100644 index 00000000000..d9c759457b1 --- /dev/null +++ b/queue-5.3/net-sched-act_pedit-fix-warn-in-the-traffic-path.patch @@ -0,0 +1,96 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Davide Caratti +Date: Tue, 19 Nov 2019 23:47:33 +0100 +Subject: net/sched: act_pedit: fix WARN() in the traffic path + +From: Davide Caratti + +[ Upstream commit f67169fef8dbcc1ac6a6a109ecaad0d3b259002c ] + +when configuring act_pedit rules, the number of keys is validated only on +addition of a new entry. This is not sufficient to avoid hitting a WARN() +in the traffic path: for example, it is possible to replace a valid entry +with a new one having 0 extended keys, thus causing splats in dmesg like: + + pedit BUG: index 42 + WARNING: CPU: 2 PID: 4054 at net/sched/act_pedit.c:410 tcf_pedit_act+0xc84/0x1200 [act_pedit] + [...] + RIP: 0010:tcf_pedit_act+0xc84/0x1200 [act_pedit] + Code: 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 48 8b 44 24 10 48 c7 c7 a0 c4 e4 c0 8b 70 18 e8 1c 30 95 ea <0f> 0b e9 a0 fa ff ff e8 00 03 f5 ea e9 14 f4 ff ff 48 89 58 40 e9 + RSP: 0018:ffff888077c9f320 EFLAGS: 00010286 + RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffac2983a2 + RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888053927bec + RBP: dffffc0000000000 R08: ffffed100a726209 R09: ffffed100a726209 + R10: 0000000000000001 R11: ffffed100a726208 R12: ffff88804beea780 + R13: ffff888079a77400 R14: ffff88804beea780 R15: ffff888027ab2000 + FS: 00007fdeec9bd740(0000) GS:ffff888053900000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007ffdb3dfd000 CR3: 000000004adb4006 CR4: 00000000001606e0 + Call Trace: + tcf_action_exec+0x105/0x3f0 + tcf_classify+0xf2/0x410 + __dev_queue_xmit+0xcbf/0x2ae0 + ip_finish_output2+0x711/0x1fb0 + ip_output+0x1bf/0x4b0 + ip_send_skb+0x37/0xa0 + raw_sendmsg+0x180c/0x2430 + sock_sendmsg+0xdb/0x110 + __sys_sendto+0x257/0x2b0 + __x64_sys_sendto+0xdd/0x1b0 + do_syscall_64+0xa5/0x4e0 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + RIP: 0033:0x7fdeeb72e993 + Code: 48 8b 0d e0 74 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 0d d6 2c 00 00 75 13 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 4b cc 00 00 48 89 04 24 + RSP: 002b:00007ffdb3de8a18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c + RAX: ffffffffffffffda RBX: 000055c81972b700 RCX: 00007fdeeb72e993 + RDX: 0000000000000040 RSI: 000055c81972b700 RDI: 0000000000000003 + RBP: 00007ffdb3dea130 R08: 000055c819728510 R09: 0000000000000010 + R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040 + R13: 000055c81972b6c0 R14: 000055c81972969c R15: 0000000000000080 + +Fix this moving the check on 'nkeys' earlier in tcf_pedit_init(), so that +attempts to install rules having 0 keys are always rejected with -EINVAL. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Davide Caratti +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/act_pedit.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +--- a/net/sched/act_pedit.c ++++ b/net/sched/act_pedit.c +@@ -43,7 +43,7 @@ static struct tcf_pedit_key_ex *tcf_pedi + int err = -EINVAL; + int rem; + +- if (!nla || !n) ++ if (!nla) + return NULL; + + keys_ex = kcalloc(n, sizeof(*k), GFP_KERNEL); +@@ -170,6 +170,10 @@ static int tcf_pedit_init(struct net *ne + } + + parm = nla_data(pattr); ++ if (!parm->nkeys) { ++ NL_SET_ERR_MSG_MOD(extack, "Pedit requires keys to be passed"); ++ return -EINVAL; ++ } + ksize = parm->nkeys * sizeof(struct tc_pedit_key); + if (nla_len(pattr) < sizeof(*parm) + ksize) { + NL_SET_ERR_MSG_ATTR(extack, pattr, "Length of TCA_PEDIT_PARMS or TCA_PEDIT_PARMS_EX pedit attribute is invalid"); +@@ -183,12 +187,6 @@ static int tcf_pedit_init(struct net *ne + index = parm->index; + err = tcf_idr_check_alloc(tn, &index, a, bind); + if (!err) { +- if (!parm->nkeys) { +- tcf_idr_cleanup(tn, index); +- NL_SET_ERR_MSG_MOD(extack, "Pedit requires keys to be passed"); +- ret = -EINVAL; +- goto out_free; +- } + ret = tcf_idr_create(tn, index, est, a, + &act_pedit_ops, bind, false); + if (ret) { diff --git a/queue-5.3/net-sched-ensure-opts_len-ip_tunnel_opts_max-in-act_tunnel_key.patch b/queue-5.3/net-sched-ensure-opts_len-ip_tunnel_opts_max-in-act_tunnel_key.patch new file mode 100644 index 00000000000..95a37293d2d --- /dev/null +++ b/queue-5.3/net-sched-ensure-opts_len-ip_tunnel_opts_max-in-act_tunnel_key.patch @@ -0,0 +1,50 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Xin Long +Date: Mon, 18 Nov 2019 17:39:34 +0800 +Subject: net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key + +From: Xin Long + +[ Upstream commit 4f0e97d070984d487df027f163e52bb72d1713d8 ] + +info->options_len is 'u8' type, and when opts_len with a value > +IP_TUNNEL_OPTS_MAX, 'info->options_len = opts_len' will cast int +to u8 and set a wrong value to info->options_len. + +Kernel crashed in my test when doing: + + # opts="0102:80:00800022" + # for i in {1..99}; do opts="$opts,0102:80:00800022"; done + # ip link add name geneve0 type geneve dstport 0 external + # tc qdisc add dev eth0 ingress + # tc filter add dev eth0 protocol ip parent ffff: \ + flower indev eth0 ip_proto udp action tunnel_key \ + set src_ip 10.0.99.192 dst_ip 10.0.99.193 \ + dst_port 6081 id 11 geneve_opts $opts \ + action mirred egress redirect dev geneve0 + +So we should do the similar check as cls_flower does, return error +when opts_len > IP_TUNNEL_OPTS_MAX in tunnel_key_copy_opts(). + +Fixes: 0ed5269f9e41 ("net/sched: add tunnel option support to act_tunnel_key") +Signed-off-by: Xin Long +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/act_tunnel_key.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/sched/act_tunnel_key.c ++++ b/net/sched/act_tunnel_key.c +@@ -135,6 +135,10 @@ static int tunnel_key_copy_opts(const st + if (opt_len < 0) + return opt_len; + opts_len += opt_len; ++ if (opts_len > IP_TUNNEL_OPTS_MAX) { ++ NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size"); ++ return -EINVAL; ++ } + if (dst) { + dst_len -= opt_len; + dst += opt_len; diff --git a/queue-5.3/net-tls-enable-sk_msg-redirect-to-tls-socket-egress.patch b/queue-5.3/net-tls-enable-sk_msg-redirect-to-tls-socket-egress.patch new file mode 100644 index 00000000000..5f8379e5b4c --- /dev/null +++ b/queue-5.3/net-tls-enable-sk_msg-redirect-to-tls-socket-egress.patch @@ -0,0 +1,76 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Willem de Bruijn +Date: Mon, 18 Nov 2019 10:40:51 -0500 +Subject: net/tls: enable sk_msg redirect to tls socket egress + +From: Willem de Bruijn + +[ Upstream commit d4ffb02dee2fcb20e0c8086a8d1305bf885820bb ] + +Bring back tls_sw_sendpage_locked. sk_msg redirection into a socket +with TLS_TX takes the following path: + + tcp_bpf_sendmsg_redir + tcp_bpf_push_locked + tcp_bpf_push + kernel_sendpage_locked + sock->ops->sendpage_locked + +Also update the flags test in tls_sw_sendpage_locked to allow flag +MSG_NO_SHARED_FRAGS. bpf_tcp_sendmsg sets this. + +Link: https://lore.kernel.org/netdev/CA+FuTSdaAawmZ2N8nfDDKu3XLpXBbMtcCT0q4FntDD2gn8ASUw@mail.gmail.com/T/#t +Link: https://github.com/wdebruij/kerneltools/commits/icept.2 +Fixes: 0608c69c9a80 ("bpf: sk_msg, sock{map|hash} redirect through ULP") +Fixes: f3de19af0f5b ("Revert \"net/tls: remove unused function tls_sw_sendpage_locked\"") +Signed-off-by: Willem de Bruijn +Acked-by: John Fastabend +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + include/net/tls.h | 2 ++ + net/tls/tls_main.c | 1 + + net/tls/tls_sw.c | 11 +++++++++++ + 3 files changed, 14 insertions(+) + +--- a/include/net/tls.h ++++ b/include/net/tls.h +@@ -364,6 +364,8 @@ int tls_set_sw_offload(struct sock *sk, + void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx); + void tls_sw_strparser_done(struct tls_context *tls_ctx); + int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); ++int tls_sw_sendpage_locked(struct sock *sk, struct page *page, ++ int offset, size_t size, int flags); + int tls_sw_sendpage(struct sock *sk, struct page *page, + int offset, size_t size, int flags); + void tls_sw_cancel_work_tx(struct tls_context *tls_ctx); +--- a/net/tls/tls_main.c ++++ b/net/tls/tls_main.c +@@ -852,6 +852,7 @@ static int __init tls_register(void) + { + tls_sw_proto_ops = inet_stream_ops; + tls_sw_proto_ops.splice_read = tls_sw_splice_read; ++ tls_sw_proto_ops.sendpage_locked = tls_sw_sendpage_locked, + + #ifdef CONFIG_TLS_DEVICE + tls_device_init(); +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -1204,6 +1204,17 @@ sendpage_end: + return copied ? copied : ret; + } + ++int tls_sw_sendpage_locked(struct sock *sk, struct page *page, ++ int offset, size_t size, int flags) ++{ ++ if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | ++ MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY | ++ MSG_NO_SHARED_FRAGS)) ++ return -ENOTSUPP; ++ ++ return tls_sw_do_sendpage(sk, page, offset, size, flags); ++} ++ + int tls_sw_sendpage(struct sock *sk, struct page *page, + int offset, size_t size, int flags) + { diff --git a/queue-5.3/series b/queue-5.3/series new file mode 100644 index 00000000000..8dcc1974b4a --- /dev/null +++ b/queue-5.3/series @@ -0,0 +1,18 @@ +mlxsw-spectrum_router-fix-determining-underlay-for-a-gre-tunnel.patch +net-mlx4_en-fix-mlx4-ethtool-n-insertion.patch +net-mlx4_en-fix-wrong-limitation-for-number-of-tx-rings.patch +net-rtnetlink-prevent-underflows-in-do_setvfinfo.patch +net-sched-act_pedit-fix-warn-in-the-traffic-path.patch +net-sched-ensure-opts_len-ip_tunnel_opts_max-in-act_tunnel_key.patch +sfc-only-cancel-the-pps-workqueue-if-it-exists.patch +net-mlxfw-verify-fsm-error-code-translation-doesn-t-exceed-array-size.patch +net-mlx5e-fix-set-vf-link-state-error-flow.patch +net-mlx5-fix-auto-group-size-calculation.patch +net-tls-enable-sk_msg-redirect-to-tls-socket-egress.patch +ipv6-route-return-if-there-is-no-fib_nh_gw_family.patch +mdio_bus-fix-mdio_register_device-when-reset_controller-is-disabled.patch +taprio-don-t-reject-same-mqprio-settings.patch +net-ipv4-fix-sysctl-max-for-fib_multipath_hash_policy.patch +net-mlx5e-fix-error-flow-cleanup-in-mlx5e_tc_tun_create_header_ipv4-6.patch +net-mlx5e-do-not-use-non-ext-link-modes-in-ext-mode.patch +net-mlx5-update-the-list-of-the-pci-supported-devices.patch diff --git a/queue-5.3/sfc-only-cancel-the-pps-workqueue-if-it-exists.patch b/queue-5.3/sfc-only-cancel-the-pps-workqueue-if-it-exists.patch new file mode 100644 index 00000000000..630ecf84f02 --- /dev/null +++ b/queue-5.3/sfc-only-cancel-the-pps-workqueue-if-it-exists.patch @@ -0,0 +1,32 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Martin Habets +Date: Thu, 21 Nov 2019 17:52:15 +0000 +Subject: sfc: Only cancel the PPS workqueue if it exists + +From: Martin Habets + +[ Upstream commit 723eb53690041740a13ac78efeaf6804f5d684c9 ] + +The workqueue only exists for the primary PF. For other functions +we hit a WARN_ON in kernel/workqueue.c. + +Fixes: 7c236c43b838 ("sfc: Add support for IEEE-1588 PTP") +Signed-off-by: Martin Habets +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/sfc/ptp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/sfc/ptp.c ++++ b/drivers/net/ethernet/sfc/ptp.c +@@ -1531,7 +1531,8 @@ void efx_ptp_remove(struct efx_nic *efx) + (void)efx_ptp_disable(efx); + + cancel_work_sync(&efx->ptp_data->work); +- cancel_work_sync(&efx->ptp_data->pps_work); ++ if (efx->ptp_data->pps_workwq) ++ cancel_work_sync(&efx->ptp_data->pps_work); + + skb_queue_purge(&efx->ptp_data->rxq); + skb_queue_purge(&efx->ptp_data->txq); diff --git a/queue-5.3/taprio-don-t-reject-same-mqprio-settings.patch b/queue-5.3/taprio-don-t-reject-same-mqprio-settings.patch new file mode 100644 index 00000000000..b5db1baf3ea --- /dev/null +++ b/queue-5.3/taprio-don-t-reject-same-mqprio-settings.patch @@ -0,0 +1,90 @@ +From foo@baz Mon 25 Nov 2019 02:27:19 PM CET +From: Ivan Khoronzhuk +Date: Tue, 19 Nov 2019 02:23:12 +0200 +Subject: taprio: don't reject same mqprio settings + +From: Ivan Khoronzhuk + +[ Upstream commit b5a0faa3572ac70bd374bd66190ac3ad4fddab20 ] + +The taprio qdisc allows to set mqprio setting but only once. In case +if mqprio settings are provided next time the error is returned as +it's not allowed to change traffic class mapping in-flignt and that +is normal. But if configuration is absolutely the same - no need to +return error. It allows to provide same command couple times, +changing only base time for instance, or changing only scheds maps, +but leaving mqprio setting w/o modification. It more corresponds the +message: "Changing the traffic mapping of a running schedule is not +supported", so reject mqprio if it's really changed. + +Also corrected TC_BITMASK + 1 for consistency, as proposed. + +Fixes: a3d43c0d56f1 ("taprio: Add support adding an admin schedule") +Reviewed-by: Vladimir Oltean +Tested-by: Vladimir Oltean +Acked-by: Vinicius Costa Gomes +Signed-off-by: Ivan Khoronzhuk +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/sch_taprio.c | 28 ++++++++++++++++++++++++++-- + 1 file changed, 26 insertions(+), 2 deletions(-) + +--- a/net/sched/sch_taprio.c ++++ b/net/sched/sch_taprio.c +@@ -842,7 +842,7 @@ static int taprio_parse_mqprio_opt(struc + } + + /* Verify priority mapping uses valid tcs */ +- for (i = 0; i < TC_BITMASK + 1; i++) { ++ for (i = 0; i <= TC_BITMASK; i++) { + if (qopt->prio_tc_map[i] >= qopt->num_tc) { + NL_SET_ERR_MSG(extack, "Invalid traffic class in priority to traffic class mapping"); + return -EINVAL; +@@ -1014,6 +1014,26 @@ static void setup_txtime(struct taprio_s + } + } + ++static int taprio_mqprio_cmp(const struct net_device *dev, ++ const struct tc_mqprio_qopt *mqprio) ++{ ++ int i; ++ ++ if (!mqprio || mqprio->num_tc != dev->num_tc) ++ return -1; ++ ++ for (i = 0; i < mqprio->num_tc; i++) ++ if (dev->tc_to_txq[i].count != mqprio->count[i] || ++ dev->tc_to_txq[i].offset != mqprio->offset[i]) ++ return -1; ++ ++ for (i = 0; i <= TC_BITMASK; i++) ++ if (dev->prio_tc_map[i] != mqprio->prio_tc_map[i]) ++ return -1; ++ ++ return 0; ++} ++ + static int taprio_change(struct Qdisc *sch, struct nlattr *opt, + struct netlink_ext_ack *extack) + { +@@ -1065,6 +1085,10 @@ static int taprio_change(struct Qdisc *s + admin = rcu_dereference(q->admin_sched); + rcu_read_unlock(); + ++ /* no changes - no new mqprio settings */ ++ if (!taprio_mqprio_cmp(dev, mqprio)) ++ mqprio = NULL; ++ + if (mqprio && (oper || admin)) { + NL_SET_ERR_MSG(extack, "Changing the traffic mapping of a running schedule is not supported"); + err = -ENOTSUPP; +@@ -1132,7 +1156,7 @@ static int taprio_change(struct Qdisc *s + mqprio->offset[i]); + + /* Always use supplied priority mappings */ +- for (i = 0; i < TC_BITMASK + 1; i++) ++ for (i = 0; i <= TC_BITMASK; i++) + netdev_set_prio_tc_map(dev, i, + mqprio->prio_tc_map[i]); + }