Fixes for 6.6

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-6.6/alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch b/queue-6.6/alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch
new file mode 100644 (file)
index 0000000..5bbd764
--- /dev/null
+++ b/queue-6.6/alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch
@@ -0,0 +1,58 @@
+From 2eef5f45d0c40ca72367d7bef92ca4838f80a73b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 9 Feb 2024 09:20:44 +0100
+Subject: ALSA: hda/cs35l56: select intended config FW_CS_DSP
+
+From: Lukas Bulwahn <lukas.bulwahn@gmail.com>
+
+[ Upstream commit e5aa6d51a2ef8c7ef7e3fe76bebe530fb68e7f08 ]
+
+Commit 73cfbfa9caea ("ALSA: hda/cs35l56: Add driver for Cirrus Logic
+CS35L56 amplifier") adds configs SND_HDA_SCODEC_CS35L56_{I2C,SPI},
+which selects the non-existing config CS_DSP. Note the renaming in
+commit d7cfdf17cb9d ("firmware: cs_dsp: Rename KConfig symbol CS_DSP ->
+FW_CS_DSP"), though.
+
+Select the intended config FW_CS_DSP.
+
+This broken select command probably was not noticed as the configs also
+select SND_HDA_CS_DSP_CONTROLS and this then selects FW_CS_DSP. So, the
+select FW_CS_DSP could actually be dropped, but we will keep this
+redundancy in place as the author originally also intended to have this
+redundancy of selects in place.
+
+Fixes: 73cfbfa9caea ("ALSA: hda/cs35l56: Add driver for Cirrus Logic CS35L56 amplifier")
+Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
+Reviewed-by: Simon Trimmer <simont@opensource.cirrus.com>
+Link: https://lore.kernel.org/r/20240209082044.3981-1-lukas.bulwahn@gmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/hda/Kconfig | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sound/pci/hda/Kconfig b/sound/pci/hda/Kconfig
+index 0d7502d6e060..21046f72cdca 100644
+--- a/sound/pci/hda/Kconfig
++++ b/sound/pci/hda/Kconfig
+@@ -140,7 +140,7 @@ config SND_HDA_SCODEC_CS35L56_I2C
+       depends on I2C
+       depends on ACPI || COMPILE_TEST
+       depends on SND_SOC
+-      select CS_DSP
++      select FW_CS_DSP
+       select SND_HDA_GENERIC
+       select SND_SOC_CS35L56_SHARED
+       select SND_HDA_SCODEC_CS35L56
+@@ -154,7 +154,7 @@ config SND_HDA_SCODEC_CS35L56_SPI
+       depends on SPI_MASTER
+       depends on ACPI || COMPILE_TEST
+       depends on SND_SOC
+-      select CS_DSP
++      select FW_CS_DSP
+       select SND_HDA_GENERIC
+       select SND_SOC_CS35L56_SHARED
+       select SND_HDA_SCODEC_CS35L56
+-- 
+2.43.0
+

diff --git a/queue-6.6/asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch b/queue-6.6/asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch
new file mode 100644 (file)
index 0000000..99417db
--- /dev/null
+++ b/queue-6.6/asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch
@@ -0,0 +1,39 @@
+From cb4fc0497683bfa48b26ecdc834675bd906634b3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 11 Feb 2024 12:58:34 +0300
+Subject: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
+
+From: Alexey Khoroshilov <khoroshilov@ispras.ru>
+
+[ Upstream commit 6ef5d5b92f7117b324efaac72b3db27ae8bb3082 ]
+
+There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex
+is left locked forever. That may lead to deadlock
+when rt5645_jack_detect_work() is called for the second time.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: cdba4301adda ("ASoC: rt5650: add mutex to avoid the jack detection failure")
+Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Link: https://lore.kernel.org/r/1707645514-21196-1-git-send-email-khoroshilov@ispras.ru
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/rt5645.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
+index edcb85bd8ea7..ea08b7cfc31d 100644
+--- a/sound/soc/codecs/rt5645.c
++++ b/sound/soc/codecs/rt5645.c
+@@ -3314,6 +3314,7 @@ static void rt5645_jack_detect_work(struct work_struct *work)
+                                   report, SND_JACK_HEADPHONE);
+               snd_soc_jack_report(rt5645->mic_jack,
+                                   report, SND_JACK_MICROPHONE);
++              mutex_unlock(&rt5645->jd_mutex);
+               return;
+       case 4:
+               val = snd_soc_component_read(rt5645->component, RT5645_A_JD_CTRL1) & 0x0020;
+-- 
+2.43.0
+

diff --git a/queue-6.6/asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch b/queue-6.6/asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch
new file mode 100644 (file)
index 0000000..000cbf3
--- /dev/null
+++ b/queue-6.6/asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch
@@ -0,0 +1,124 @@
+From 90bb4b538217d1e59dc46522661541b9471a0778 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 15:34:32 +0200
+Subject: ASoC: SOF: ipc3-topology: Fix pipeline tear down logic
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
+
+[ Upstream commit d7332c4a4f1a7d16f054c6357fb65c597b6a86a7 ]
+
+With the change in the widget free logic to power down the cores only
+when the scheduler widgets are freed, we need to ensure that the
+scheduler widget is freed only after all the widgets associated with the
+scheduler are freed. This is to ensure that the secondary core that the
+scheduler is scheduled to run on is kept powered on until all widgets
+that need them are in use. While this works well for dynamic pipelines,
+in the case of static pipelines the current logic does not take this into
+account and frees all widgets in the order they occur in the
+widget_list. So, modify this to ensure that the scheduler widgets are freed
+only after all other types of widgets in the widget_list are freed.
+
+Link: https://github.com/thesofproject/linux/issues/4807
+Fixes: 31ed8da1c8e5 ("ASoC: SOF: sof-audio: Modify logic for enabling/disabling topology cores")
+Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
+Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
+Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
+Link: https://lore.kernel.org/r/20240208133432.1688-1-peter.ujfalusi@linux.intel.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/sof/ipc3-topology.c | 55 ++++++++++++++++++++++++++---------
+ 1 file changed, 41 insertions(+), 14 deletions(-)
+
+diff --git a/sound/soc/sof/ipc3-topology.c b/sound/soc/sof/ipc3-topology.c
+index 2c7a5e7a364c..d96555438c6b 100644
+--- a/sound/soc/sof/ipc3-topology.c
++++ b/sound/soc/sof/ipc3-topology.c
+@@ -2309,27 +2309,16 @@ static int sof_tear_down_left_over_pipelines(struct snd_sof_dev *sdev)
+       return 0;
+ }
+ 
+-/*
+- * For older firmware, this function doesn't free widgets for static pipelines during suspend.
+- * It only resets use_count for all widgets.
+- */
+-static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verify)
++static int sof_ipc3_free_widgets_in_list(struct snd_sof_dev *sdev, bool include_scheduler,
++                                       bool *dyn_widgets, bool verify)
+ {
+       struct sof_ipc_fw_version *v = &sdev->fw_ready.version;
+       struct snd_sof_widget *swidget;
+-      struct snd_sof_route *sroute;
+-      bool dyn_widgets = false;
+       int ret;
+ 
+-      /*
+-       * This function is called during suspend and for one-time topology verification during
+-       * first boot. In both cases, there is no need to protect swidget->use_count and
+-       * sroute->setup because during suspend all running streams are suspended and during
+-       * topology loading the sound card unavailable to open PCMs.
+-       */
+       list_for_each_entry(swidget, &sdev->widget_list, list) {
+               if (swidget->dynamic_pipeline_widget) {
+-                      dyn_widgets = true;
++                      *dyn_widgets = true;
+                       continue;
+               }
+ 
+@@ -2344,11 +2333,49 @@ static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verif
+                       continue;
+               }
+ 
++              if (include_scheduler && swidget->id != snd_soc_dapm_scheduler)
++                      continue;
++
++              if (!include_scheduler && swidget->id == snd_soc_dapm_scheduler)
++                      continue;
++
+               ret = sof_widget_free(sdev, swidget);
+               if (ret < 0)
+                       return ret;
+       }
+ 
++      return 0;
++}
++
++/*
++ * For older firmware, this function doesn't free widgets for static pipelines during suspend.
++ * It only resets use_count for all widgets.
++ */
++static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verify)
++{
++      struct sof_ipc_fw_version *v = &sdev->fw_ready.version;
++      struct snd_sof_widget *swidget;
++      struct snd_sof_route *sroute;
++      bool dyn_widgets = false;
++      int ret;
++
++      /*
++       * This function is called during suspend and for one-time topology verification during
++       * first boot. In both cases, there is no need to protect swidget->use_count and
++       * sroute->setup because during suspend all running streams are suspended and during
++       * topology loading the sound card unavailable to open PCMs. Do not free the scheduler
++       * widgets yet so that the secondary cores do not get powered down before all the widgets
++       * associated with the scheduler are freed.
++       */
++      ret = sof_ipc3_free_widgets_in_list(sdev, false, &dyn_widgets, verify);
++      if (ret < 0)
++              return ret;
++
++      /* free all the scheduler widgets now */
++      ret = sof_ipc3_free_widgets_in_list(sdev, true, &dyn_widgets, verify);
++      if (ret < 0)
++              return ret;
++
+       /*
+        * Tear down all pipelines associated with PCMs that did not get suspended
+        * and unset the prepare flag so that they can be set up again during resume.
+-- 
+2.43.0
+

diff --git a/queue-6.6/bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch b/queue-6.6/bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch
new file mode 100644 (file)
index 0000000..757f14e
--- /dev/null
+++ b/queue-6.6/bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch
@@ -0,0 +1,60 @@
+From 0ffcfb250a35afe2189d8d36dc4116db893e96c3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 7 Feb 2024 09:47:36 +0100
+Subject: bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Magnus Karlsson <magnus.karlsson@intel.com>
+
+[ Upstream commit 9b0ed890ac2ae233efd8b27d11aee28a19437bb8 ]
+
+Do not report the XDP capability NETDEV_XDP_ACT_XSK_ZEROCOPY as the
+bonding driver does not support XDP and AF_XDP in zero-copy mode even
+if the real NIC drivers do.
+
+Note that the driver used to report everything as supported before a
+device was bonded. Instead of just masking out the zero-copy support
+from this, have the driver report that no XDP feature is supported
+until a real device is bonded. This seems to be more truthful as it is
+the real drivers that decide what XDP features are supported.
+
+Fixes: cb9e6e584d58 ("bonding: add xdp_features support")
+Reported-by: Prashant Batra <prbatra.mail@gmail.com>
+Link: https://lore.kernel.org/all/CAJ8uoz2ieZCopgqTvQ9ZY6xQgTbujmC6XkMTamhp68O-h_-rLg@mail.gmail.com/T/
+Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
+Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
+Link: https://lore.kernel.org/r/20240207084737.20890-1-magnus.karlsson@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/bonding/bond_main.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
+index 8e6cc0e133b7..6cf7f364704e 100644
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -1819,6 +1819,8 @@ void bond_xdp_set_features(struct net_device *bond_dev)
+       bond_for_each_slave(bond, slave, iter)
+               val &= slave->dev->xdp_features;
+ 
++      val &= ~NETDEV_XDP_ACT_XSK_ZEROCOPY;
++
+       xdp_set_features_flag(bond_dev, val);
+ }
+ 
+@@ -5934,9 +5936,6 @@ void bond_setup(struct net_device *bond_dev)
+       if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP)
+               bond_dev->features |= BOND_XFRM_FEATURES;
+ #endif /* CONFIG_XFRM_OFFLOAD */
+-
+-      if (bond_xdp_check(bond))
+-              bond_dev->xdp_features = NETDEV_XDP_ACT_MASK;
+ }
+ 
+ /* Destroy a bonding device.
+-- 
+2.43.0
+

diff --git a/queue-6.6/devlink-fix-command-annotation-documentation.patch b/queue-6.6/devlink-fix-command-annotation-documentation.patch
new file mode 100644 (file)
index 0000000..5b6a3bb
--- /dev/null
+++ b/queue-6.6/devlink-fix-command-annotation-documentation.patch
@@ -0,0 +1,39 @@
+From e04fd1123488ec28487cf89bc4d7a520d9adb9e2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 18:17:17 +0200
+Subject: devlink: Fix command annotation documentation
+
+From: Parav Pandit <parav@nvidia.com>
+
+[ Upstream commit 4ab18af47a2c2a80ac11674122935700caf80cc6 ]
+
+Command example string is not read as command.
+Fix command annotation.
+
+Fixes: a8ce7b26a51e ("devlink: Expose port function commands to control migratable")
+Signed-off-by: Parav Pandit <parav@nvidia.com>
+Reviewed-by: Jiri Pirko <jiri@nvidia.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://lore.kernel.org/r/20240206161717.466653-1-parav@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ Documentation/networking/devlink/devlink-port.rst | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Documentation/networking/devlink/devlink-port.rst b/Documentation/networking/devlink/devlink-port.rst
+index e33ad2401ad7..562f46b41274 100644
+--- a/Documentation/networking/devlink/devlink-port.rst
++++ b/Documentation/networking/devlink/devlink-port.rst
+@@ -126,7 +126,7 @@ Users may also set the RoCE capability of the function using
+ `devlink port function set roce` command.
+ 
+ Users may also set the function as migratable using
+-'devlink port function set migratable' command.
++`devlink port function set migratable` command.
+ 
+ Users may also set the IPsec crypto capability of the function using
+ `devlink port function set ipsec_crypto` command.
+-- 
+2.43.0
+

diff --git a/queue-6.6/drm-msm-gem-fix-double-resv-lock-aquire.patch b/queue-6.6/drm-msm-gem-fix-double-resv-lock-aquire.patch
new file mode 100644 (file)
index 0000000..608b206
--- /dev/null
+++ b/queue-6.6/drm-msm-gem-fix-double-resv-lock-aquire.patch
@@ -0,0 +1,53 @@
+From 0d6109e7f99b9cd76270aa31af34a26154deb98b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 31 Jan 2024 07:08:54 -0800
+Subject: drm/msm/gem: Fix double resv lock aquire
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rob Clark <robdclark@chromium.org>
+
+[ Upstream commit 03facb39d6c6433a78d0f79c7a146b1e6a61943e ]
+
+Since commit 79e2cf2e7a19 ("drm/gem: Take reservation lock for vmap/vunmap
+operations"), the resv lock is already held in the prime vmap path, so
+don't try to grab it again.
+
+v2: This applies to vunmap path as well
+v3: Fix fixes commit
+
+Fixes: 79e2cf2e7a19 ("drm/gem: Take reservation lock for vmap/vunmap operations")
+Signed-off-by: Rob Clark <robdclark@chromium.org>
+Acked-by: Christian König <christian.koenig@amd.com>
+Patchwork: https://patchwork.freedesktop.org/patch/576642/
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/msm/msm_gem_prime.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/msm/msm_gem_prime.c b/drivers/gpu/drm/msm/msm_gem_prime.c
+index 5f68e31a3e4e..0915f3b68752 100644
+--- a/drivers/gpu/drm/msm/msm_gem_prime.c
++++ b/drivers/gpu/drm/msm/msm_gem_prime.c
+@@ -26,7 +26,7 @@ int msm_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map)
+ {
+       void *vaddr;
+ 
+-      vaddr = msm_gem_get_vaddr(obj);
++      vaddr = msm_gem_get_vaddr_locked(obj);
+       if (IS_ERR(vaddr))
+               return PTR_ERR(vaddr);
+       iosys_map_set_vaddr(map, vaddr);
+@@ -36,7 +36,7 @@ int msm_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map)
+ 
+ void msm_gem_prime_vunmap(struct drm_gem_object *obj, struct iosys_map *map)
+ {
+-      msm_gem_put_vaddr(obj);
++      msm_gem_put_vaddr_locked(obj);
+ }
+ 
+ struct drm_gem_object *msm_gem_prime_import_sg_table(struct drm_device *dev,
+-- 
+2.43.0
+

diff --git a/queue-6.6/i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch b/queue-6.6/i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch
new file mode 100644 (file)
index 0000000..4d04e53
--- /dev/null
+++ b/queue-6.6/i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch
@@ -0,0 +1,124 @@
+From 666c6c7fdb521cc97d08d7c2fc35bc13c1494c2a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 10:03:33 -0800
+Subject: i40e: Do not allow untrusted VF to remove administratively set MAC
+
+From: Ivan Vecera <ivecera@redhat.com>
+
+[ Upstream commit 73d9629e1c8c1982f13688c4d1019c3994647ccc ]
+
+Currently when PF administratively sets VF's MAC address and the VF
+is put down (VF tries to delete all MACs) then the MAC is removed
+from MAC filters and primary VF MAC is zeroed.
+
+Do not allow untrusted VF to remove primary MAC when it was set
+administratively by PF.
+
+Reproducer:
+1) Create VF
+2) Set VF interface up
+3) Administratively set the VF's MAC
+4) Put VF interface down
+
+[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs
+[root@host ~]# ip link set enp2s0f0v0 up
+[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d
+[root@host ~]# ip link show enp2s0f0
+23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
+    link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff
+    vf 0     link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off
+[root@host ~]# ip link set enp2s0f0v0 down
+[root@host ~]# ip link show enp2s0f0
+23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
+    link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff
+    vf 0     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off
+
+Fixes: 700bbf6c1f9e ("i40e: allow VF to remove any MAC filter")
+Fixes: ceb29474bbbc ("i40e: Add support for VF to specify its primary MAC address")
+Signed-off-by: Ivan Vecera <ivecera@redhat.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Link: https://lore.kernel.org/r/20240208180335.1844996-1-anthony.l.nguyen@intel.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../ethernet/intel/i40e/i40e_virtchnl_pf.c    | 38 ++++++++++++++++---
+ 1 file changed, 33 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+index cc4c53470db2..082c09920999 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+@@ -2848,6 +2848,24 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg)
+                                     (u8 *)&stats, sizeof(stats));
+ }
+ 
++/**
++ * i40e_can_vf_change_mac
++ * @vf: pointer to the VF info
++ *
++ * Return true if the VF is allowed to change its MAC filters, false otherwise
++ */
++static bool i40e_can_vf_change_mac(struct i40e_vf *vf)
++{
++      /* If the VF MAC address has been set administratively (via the
++       * ndo_set_vf_mac command), then deny permission to the VF to
++       * add/delete unicast MAC addresses, unless the VF is trusted
++       */
++      if (vf->pf_set_mac && !vf->trusted)
++              return false;
++
++      return true;
++}
++
+ #define I40E_MAX_MACVLAN_PER_HW 3072
+ #define I40E_MAX_MACVLAN_PER_PF(num_ports) (I40E_MAX_MACVLAN_PER_HW / \
+       (num_ports))
+@@ -2907,8 +2925,8 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf,
+                * The VF may request to set the MAC address filter already
+                * assigned to it so do not return an error in that case.
+                */
+-              if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps) &&
+-                  !is_multicast_ether_addr(addr) && vf->pf_set_mac &&
++              if (!i40e_can_vf_change_mac(vf) &&
++                  !is_multicast_ether_addr(addr) &&
+                   !ether_addr_equal(addr, vf->default_lan_addr.addr)) {
+                       dev_err(&pf->pdev->dev,
+                               "VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n");
+@@ -3114,19 +3132,29 @@ static int i40e_vc_del_mac_addr_msg(struct i40e_vf *vf, u8 *msg)
+                       ret = -EINVAL;
+                       goto error_param;
+               }
+-              if (ether_addr_equal(al->list[i].addr, vf->default_lan_addr.addr))
+-                      was_unimac_deleted = true;
+       }
+       vsi = pf->vsi[vf->lan_vsi_idx];
+ 
+       spin_lock_bh(&vsi->mac_filter_hash_lock);
+       /* delete addresses from the list */
+-      for (i = 0; i < al->num_elements; i++)
++      for (i = 0; i < al->num_elements; i++) {
++              const u8 *addr = al->list[i].addr;
++
++              /* Allow to delete VF primary MAC only if it was not set
++               * administratively by PF or if VF is trusted.
++               */
++              if (ether_addr_equal(addr, vf->default_lan_addr.addr) &&
++                  i40e_can_vf_change_mac(vf))
++                      was_unimac_deleted = true;
++              else
++                      continue;
++
+               if (i40e_del_mac_filter(vsi, al->list[i].addr)) {
+                       ret = -EINVAL;
+                       spin_unlock_bh(&vsi->mac_filter_hash_lock);
+                       goto error_param;
+               }
++      }
+ 
+       spin_unlock_bh(&vsi->mac_filter_hash_lock);
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch b/queue-6.6/i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch
new file mode 100644 (file)
index 0000000..20678d2
--- /dev/null
+++ b/queue-6.6/i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch
@@ -0,0 +1,41 @@
+From 472f8711f214764f3b9c1d3ed7ebaa71adeeed8a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Nov 2023 17:01:03 +0100
+Subject: i40e: Fix waiting for queues of all VSIs to be disabled
+
+From: Ivan Vecera <ivecera@redhat.com>
+
+[ Upstream commit c73729b64bb692186da080602cd13612783f52ac ]
+
+The function i40e_pf_wait_queues_disabled() iterates all PF's VSIs
+up to 'pf->hw.func_caps.num_vsis' but this is incorrect because
+the real number of VSIs can be up to 'pf->num_alloc_vsi' that
+can be higher. Fix this loop.
+
+Fixes: 69129dc39fac ("i40e: Modify Tx disable wait flow in case of DCB reconfiguration")
+Signed-off-by: Ivan Vecera <ivecera@redhat.com>
+Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
+Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
+Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
+index aad39ebff4ab..9d37c0374c75 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
+@@ -5351,7 +5351,7 @@ static int i40e_pf_wait_queues_disabled(struct i40e_pf *pf)
+ {
+       int v, ret = 0;
+ 
+-      for (v = 0; v < pf->hw.func_caps.num_vsis; v++) {
++      for (v = 0; v < pf->num_alloc_vsi; v++) {
+               if (pf->vsi[v]) {
+                       ret = i40e_vsi_wait_queues_disabled(pf->vsi[v]);
+                       if (ret)
+-- 
+2.43.0
+

diff --git a/queue-6.6/kvm-selftests-avoid-infinite-loop-in-hyperv_features.patch b/queue-6.6/kvm-selftests-avoid-infinite-loop-in-hyperv_features.patch
new file mode 100644 (file)
index 0000000..13fadae
--- /dev/null
+++ b/queue-6.6/kvm-selftests-avoid-infinite-loop-in-hyperv_features.patch
@@ -0,0 +1,76 @@
+From faf78843f99b0bb36eeb414dc8f4afacd880babd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 29 Jan 2024 09:58:46 +0100
+Subject: KVM: selftests: Avoid infinite loop in hyperv_features when invtsc is
+ missing
+
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+[ Upstream commit 8ad4855273488c9bd5320b3fee80f66f0023f326 ]
+
+When X86_FEATURE_INVTSC is missing, guest_test_msrs_access() was supposed
+to skip testing dependent Hyper-V invariant TSC feature. Unfortunately,
+'continue' does not lead to that as stage is not incremented. Moreover,
+'vm' allocated with vm_create_with_one_vcpu() is not freed and the test
+runs out of available file descriptors very quickly.
+
+Fixes: bd827bd77537 ("KVM: selftests: Test Hyper-V invariant TSC control")
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Link: https://lore.kernel.org/r/20240129085847.2674082-1-vkuznets@redhat.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/kvm/x86_64/hyperv_features.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/tools/testing/selftests/kvm/x86_64/hyperv_features.c b/tools/testing/selftests/kvm/x86_64/hyperv_features.c
+index 9f28aa276c4e..a726831b8024 100644
+--- a/tools/testing/selftests/kvm/x86_64/hyperv_features.c
++++ b/tools/testing/selftests/kvm/x86_64/hyperv_features.c
+@@ -454,7 +454,7 @@ static void guest_test_msrs_access(void)
+               case 44:
+                       /* MSR is not available when CPUID feature bit is unset */
+                       if (!has_invtsc)
+-                              continue;
++                              goto next_stage;
+                       msr->idx = HV_X64_MSR_TSC_INVARIANT_CONTROL;
+                       msr->write = false;
+                       msr->fault_expected = true;
+@@ -462,7 +462,7 @@ static void guest_test_msrs_access(void)
+               case 45:
+                       /* MSR is vailable when CPUID feature bit is set */
+                       if (!has_invtsc)
+-                              continue;
++                              goto next_stage;
+                       vcpu_set_cpuid_feature(vcpu, HV_ACCESS_TSC_INVARIANT);
+                       msr->idx = HV_X64_MSR_TSC_INVARIANT_CONTROL;
+                       msr->write = false;
+@@ -471,7 +471,7 @@ static void guest_test_msrs_access(void)
+               case 46:
+                       /* Writing bits other than 0 is forbidden */
+                       if (!has_invtsc)
+-                              continue;
++                              goto next_stage;
+                       msr->idx = HV_X64_MSR_TSC_INVARIANT_CONTROL;
+                       msr->write = true;
+                       msr->write_val = 0xdeadbeef;
+@@ -480,7 +480,7 @@ static void guest_test_msrs_access(void)
+               case 47:
+                       /* Setting bit 0 enables the feature */
+                       if (!has_invtsc)
+-                              continue;
++                              goto next_stage;
+                       msr->idx = HV_X64_MSR_TSC_INVARIANT_CONTROL;
+                       msr->write = true;
+                       msr->write_val = 1;
+@@ -513,6 +513,7 @@ static void guest_test_msrs_access(void)
+                       return;
+               }
+ 
++next_stage:
+               stage++;
+               kvm_vm_free(vm);
+       }
+-- 
+2.43.0
+

diff --git a/queue-6.6/kvm-selftests-delete-superfluous-unused-stage-variab.patch b/queue-6.6/kvm-selftests-delete-superfluous-unused-stage-variab.patch
new file mode 100644 (file)
index 0000000..a14a1e8
--- /dev/null
+++ b/queue-6.6/kvm-selftests-delete-superfluous-unused-stage-variab.patch
@@ -0,0 +1,56 @@
+From 4180fe93689109212f66fd7b3a66d60b3f826647 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 9 Jan 2024 14:03:02 -0800
+Subject: KVM: selftests: Delete superfluous, unused "stage" variable in AMX
+ test
+
+From: Sean Christopherson <seanjc@google.com>
+
+[ Upstream commit 46fee9e38995af9ae16a8cc7d05031486d44cf35 ]
+
+Delete the AMX's tests "stage" counter, as the counter is no longer used,
+which makes clang unhappy:
+
+  x86_64/amx_test.c:224:6: error: variable 'stage' set but not used
+          int stage, ret;
+              ^
+  1 error generated.
+
+Note, "stage" was never really used, it just happened to be dumped out by
+a (failed) assertion on run->exit_reason, i.e. the AMX test has no concept
+of stages, the code was likely copy+pasted from a different test.
+
+Fixes: c96f57b08012 ("KVM: selftests: Make vCPU exit reason test assertion common")
+Reviewed-by: Jim Mattson <jmattson@google.com>
+Link: https://lore.kernel.org/r/20240109220302.399296-1-seanjc@google.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/kvm/x86_64/amx_test.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/testing/selftests/kvm/x86_64/amx_test.c b/tools/testing/selftests/kvm/x86_64/amx_test.c
+index 11329e5ff945..309ee5c72b46 100644
+--- a/tools/testing/selftests/kvm/x86_64/amx_test.c
++++ b/tools/testing/selftests/kvm/x86_64/amx_test.c
+@@ -221,7 +221,7 @@ int main(int argc, char *argv[])
+       vm_vaddr_t amx_cfg, tiledata, xstate;
+       struct ucall uc;
+       u32 amx_offset;
+-      int stage, ret;
++      int ret;
+ 
+       /*
+        * Note, all off-by-default features must be enabled before anything
+@@ -263,7 +263,7 @@ int main(int argc, char *argv[])
+       memset(addr_gva2hva(vm, xstate), 0, PAGE_SIZE * DIV_ROUND_UP(XSAVE_SIZE, PAGE_SIZE));
+       vcpu_args_set(vcpu, 3, amx_cfg, tiledata, xstate);
+ 
+-      for (stage = 1; ; stage++) {
++      for (;;) {
+               vcpu_run(vcpu);
+               TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO);
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/kvm-selftests-fix-a-semaphore-imbalance-in-the-dirty.patch b/queue-6.6/kvm-selftests-fix-a-semaphore-imbalance-in-the-dirty.patch
new file mode 100644 (file)
index 0000000..fb404e3
--- /dev/null
+++ b/queue-6.6/kvm-selftests-fix-a-semaphore-imbalance-in-the-dirty.patch
@@ -0,0 +1,183 @@
+From 250102ac2b6a209a73394c2a6c12508f6baaedda Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 2 Feb 2024 15:18:31 -0800
+Subject: KVM: selftests: Fix a semaphore imbalance in the dirty ring logging
+ test
+
+From: Sean Christopherson <seanjc@google.com>
+
+[ Upstream commit ba58f873cdeec30b6da48e28dd5782c5a3e1371b ]
+
+When finishing the final iteration of dirty_log_test testcase, set
+host_quit _before_ the final "continue" so that the vCPU worker doesn't
+run an extra iteration, and delete the hack-a-fix of an extra "continue"
+from the dirty ring testcase.  This fixes a bug where the extra post to
+sem_vcpu_cont may not be consumed, which results in failures in subsequent
+runs of the testcases.  The bug likely was missed during development as
+x86 supports only a single "guest mode", i.e. there aren't any subsequent
+testcases after the dirty ring test, because for_each_guest_mode() only
+runs a single iteration.
+
+For the regular dirty log testcases, letting the vCPU run one extra
+iteration is a non-issue as the vCPU worker waits on sem_vcpu_cont if and
+only if the worker is explicitly told to stop (vcpu_sync_stop_requested).
+But for the dirty ring test, which needs to periodically stop the vCPU to
+reap the dirty ring, letting the vCPU resume the guest _after_ the last
+iteration means the vCPU will get stuck without an extra "continue".
+
+However, blindly firing off an post to sem_vcpu_cont isn't guaranteed to
+be consumed, e.g. if the vCPU worker sees host_quit==true before resuming
+the guest.  This results in a dangling sem_vcpu_cont, which leads to
+subsequent iterations getting out of sync, as the vCPU worker will
+continue on before the main task is ready for it to resume the guest,
+leading to a variety of asserts, e.g.
+
+  ==== Test Assertion Failure ====
+  dirty_log_test.c:384: dirty_ring_vcpu_ring_full
+  pid=14854 tid=14854 errno=22 - Invalid argument
+     1  0x00000000004033eb: dirty_ring_collect_dirty_pages at dirty_log_test.c:384
+     2  0x0000000000402d27: log_mode_collect_dirty_pages at dirty_log_test.c:505
+     3   (inlined by) run_test at dirty_log_test.c:802
+     4  0x0000000000403dc7: for_each_guest_mode at guest_modes.c:100
+     5  0x0000000000401dff: main at dirty_log_test.c:941 (discriminator 3)
+     6  0x0000ffff9be173c7: ?? ??:0
+     7  0x0000ffff9be1749f: ?? ??:0
+     8  0x000000000040206f: _start at ??:?
+  Didn't continue vcpu even without ring full
+
+Alternatively, the test could simply reset the semaphores before each
+testcase, but papering over hacks with more hacks usually ends in tears.
+
+Reported-by: Shaoqin Huang <shahuang@redhat.com>
+Fixes: 84292e565951 ("KVM: selftests: Add dirty ring buffer test")
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Shaoqin Huang <shahuang@redhat.com>
+Link: https://lore.kernel.org/r/20240202231831.354848-1-seanjc@google.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/kvm/dirty_log_test.c | 50 +++++++++++---------
+ 1 file changed, 27 insertions(+), 23 deletions(-)
+
+diff --git a/tools/testing/selftests/kvm/dirty_log_test.c b/tools/testing/selftests/kvm/dirty_log_test.c
+index 936f3a8d1b83..e96fababd3f0 100644
+--- a/tools/testing/selftests/kvm/dirty_log_test.c
++++ b/tools/testing/selftests/kvm/dirty_log_test.c
+@@ -376,7 +376,10 @@ static void dirty_ring_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
+ 
+       cleared = kvm_vm_reset_dirty_ring(vcpu->vm);
+ 
+-      /* Cleared pages should be the same as collected */
++      /*
++       * Cleared pages should be the same as collected, as KVM is supposed to
++       * clear only the entries that have been harvested.
++       */
+       TEST_ASSERT(cleared == count, "Reset dirty pages (%u) mismatch "
+                   "with collected (%u)", cleared, count);
+ 
+@@ -415,12 +418,6 @@ static void dirty_ring_after_vcpu_run(struct kvm_vcpu *vcpu, int ret, int err)
+       }
+ }
+ 
+-static void dirty_ring_before_vcpu_join(void)
+-{
+-      /* Kick another round of vcpu just to make sure it will quit */
+-      sem_post(&sem_vcpu_cont);
+-}
+-
+ struct log_mode {
+       const char *name;
+       /* Return true if this mode is supported, otherwise false */
+@@ -433,7 +430,6 @@ struct log_mode {
+                                    uint32_t *ring_buf_idx);
+       /* Hook to call when after each vcpu run */
+       void (*after_vcpu_run)(struct kvm_vcpu *vcpu, int ret, int err);
+-      void (*before_vcpu_join) (void);
+ } log_modes[LOG_MODE_NUM] = {
+       {
+               .name = "dirty-log",
+@@ -452,7 +448,6 @@ struct log_mode {
+               .supported = dirty_ring_supported,
+               .create_vm_done = dirty_ring_create_vm_done,
+               .collect_dirty_pages = dirty_ring_collect_dirty_pages,
+-              .before_vcpu_join = dirty_ring_before_vcpu_join,
+               .after_vcpu_run = dirty_ring_after_vcpu_run,
+       },
+ };
+@@ -513,14 +508,6 @@ static void log_mode_after_vcpu_run(struct kvm_vcpu *vcpu, int ret, int err)
+               mode->after_vcpu_run(vcpu, ret, err);
+ }
+ 
+-static void log_mode_before_vcpu_join(void)
+-{
+-      struct log_mode *mode = &log_modes[host_log_mode];
+-
+-      if (mode->before_vcpu_join)
+-              mode->before_vcpu_join();
+-}
+-
+ static void generate_random_array(uint64_t *guest_array, uint64_t size)
+ {
+       uint64_t i;
+@@ -719,6 +706,7 @@ static void run_test(enum vm_guest_mode mode, void *arg)
+       struct kvm_vm *vm;
+       unsigned long *bmap;
+       uint32_t ring_buf_idx = 0;
++      int sem_val;
+ 
+       if (!log_mode_supported()) {
+               print_skip("Log mode '%s' not supported",
+@@ -788,12 +776,22 @@ static void run_test(enum vm_guest_mode mode, void *arg)
+       /* Start the iterations */
+       iteration = 1;
+       sync_global_to_guest(vm, iteration);
+-      host_quit = false;
++      WRITE_ONCE(host_quit, false);
+       host_dirty_count = 0;
+       host_clear_count = 0;
+       host_track_next_count = 0;
+       WRITE_ONCE(dirty_ring_vcpu_ring_full, false);
+ 
++      /*
++       * Ensure the previous iteration didn't leave a dangling semaphore, i.e.
++       * that the main task and vCPU worker were synchronized and completed
++       * verification of all iterations.
++       */
++      sem_getvalue(&sem_vcpu_stop, &sem_val);
++      TEST_ASSERT_EQ(sem_val, 0);
++      sem_getvalue(&sem_vcpu_cont, &sem_val);
++      TEST_ASSERT_EQ(sem_val, 0);
++
+       pthread_create(&vcpu_thread, NULL, vcpu_worker, vcpu);
+ 
+       while (iteration < p->iterations) {
+@@ -819,15 +817,21 @@ static void run_test(enum vm_guest_mode mode, void *arg)
+               assert(host_log_mode == LOG_MODE_DIRTY_RING ||
+                      atomic_read(&vcpu_sync_stop_requested) == false);
+               vm_dirty_log_verify(mode, bmap);
+-              sem_post(&sem_vcpu_cont);
+ 
+-              iteration++;
++              /*
++               * Set host_quit before sem_vcpu_cont in the final iteration to
++               * ensure that the vCPU worker doesn't resume the guest.  As
++               * above, the dirty ring test may stop and wait even when not
++               * explicitly request to do so, i.e. would hang waiting for a
++               * "continue" if it's allowed to resume the guest.
++               */
++              if (++iteration == p->iterations)
++                      WRITE_ONCE(host_quit, true);
++
++              sem_post(&sem_vcpu_cont);
+               sync_global_to_guest(vm, iteration);
+       }
+ 
+-      /* Tell the vcpu thread to quit */
+-      host_quit = true;
+-      log_mode_before_vcpu_join();
+       pthread_join(vcpu_thread, NULL);
+ 
+       pr_info("Total bits checked: dirty (%"PRIu64"), clear (%"PRIu64"), "
+-- 
+2.43.0
+

diff --git a/queue-6.6/lan966x-fix-crash-when-adding-interface-under-a-lag.patch b/queue-6.6/lan966x-fix-crash-when-adding-interface-under-a-lag.patch
new file mode 100644 (file)
index 0000000..5893578
--- /dev/null
+++ b/queue-6.6/lan966x-fix-crash-when-adding-interface-under-a-lag.patch
@@ -0,0 +1,67 @@
+From fec09cbc0db8092724257979dd2e5cd5e81bc64e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 13:30:54 +0100
+Subject: lan966x: Fix crash when adding interface under a lag
+
+From: Horatiu Vultur <horatiu.vultur@microchip.com>
+
+[ Upstream commit 15faa1f67ab405d47789d4702f587ec7df7ef03e ]
+
+There is a crash when adding one of the lan966x interfaces under a lag
+interface. The issue can be reproduced like this:
+ip link add name bond0 type bond miimon 100 mode balance-xor
+ip link set dev eth0 master bond0
+
+The reason is because when adding a interface under the lag it would go
+through all the ports and try to figure out which other ports are under
+that lag interface. And the issue is that lan966x can have ports that are
+NULL pointer as they are not probed. So then iterating over these ports
+it would just crash as they are NULL pointers.
+The fix consists in actually checking for NULL pointers before accessing
+something from the ports. Like we do in other places.
+
+Fixes: cabc9d49333d ("net: lan966x: Add lag support for lan966x")
+Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
+Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://lore.kernel.org/r/20240206123054.3052966-1-horatiu.vultur@microchip.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c b/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c
+index 41fa2523d91d..5f2cd9a8cf8f 100644
+--- a/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c
++++ b/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c
+@@ -37,19 +37,24 @@ static void lan966x_lag_set_aggr_pgids(struct lan966x *lan966x)
+ 
+       /* Now, set PGIDs for each active LAG */
+       for (lag = 0; lag < lan966x->num_phys_ports; ++lag) {
+-              struct net_device *bond = lan966x->ports[lag]->bond;
++              struct lan966x_port *port = lan966x->ports[lag];
+               int num_active_ports = 0;
++              struct net_device *bond;
+               unsigned long bond_mask;
+               u8 aggr_idx[16];
+ 
+-              if (!bond || (visited & BIT(lag)))
++              if (!port || !port->bond || (visited & BIT(lag)))
+                       continue;
+ 
++              bond = port->bond;
+               bond_mask = lan966x_lag_get_mask(lan966x, bond);
+ 
+               for_each_set_bit(p, &bond_mask, lan966x->num_phys_ports) {
+                       struct lan966x_port *port = lan966x->ports[p];
+ 
++                      if (!port)
++                              continue;
++
+                       lan_wr(ANA_PGID_PGID_SET(bond_mask),
+                              lan966x, ANA_PGID(p));
+                       if (port->lag_tx_active)
+-- 
+2.43.0
+

diff --git a/queue-6.6/mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch b/queue-6.6/mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch
new file mode 100644 (file)
index 0000000..468ef96
--- /dev/null
+++ b/queue-6.6/mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch
@@ -0,0 +1,54 @@
+From b171fcbbf7875af61064f3c0a748e82443f43eef Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 11 Feb 2024 08:08:37 -0800
+Subject: MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+[ Upstream commit d55347bfe4e66dce2e1e7501e5492f4af3e315f8 ]
+
+After 'lib: checksum: Use aligned accesses for ip_fast_csum and
+csum_ipv6_magic tests' was applied, the test_csum_ipv6_magic unit test
+started failing for all mips platforms, both little and bit endian.
+Oddly enough, adding debug code into test_csum_ipv6_magic() made the
+problem disappear.
+
+The gcc manual says:
+
+"The "memory" clobber tells the compiler that the assembly code performs
+ memory reads or writes to items other than those listed in the input
+ and output operands (for example, accessing the memory pointed to by one
+ of the input parameters)
+"
+
+This is definitely the case for csum_ipv6_magic(). Indeed, adding the
+'memory' clobber fixes the problem.
+
+Cc: Charlie Jenkins <charlie@rivosinc.com>
+Cc: Palmer Dabbelt <palmer@rivosinc.com>
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/include/asm/checksum.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/mips/include/asm/checksum.h b/arch/mips/include/asm/checksum.h
+index 4044eaf989ac..0921ddda11a4 100644
+--- a/arch/mips/include/asm/checksum.h
++++ b/arch/mips/include/asm/checksum.h
+@@ -241,7 +241,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
+       "       .set    pop"
+       : "=&r" (sum), "=&r" (tmp)
+       : "r" (saddr), "r" (daddr),
+-        "0" (htonl(len)), "r" (htonl(proto)), "r" (sum));
++        "0" (htonl(len)), "r" (htonl(proto)), "r" (sum)
++      : "memory");
+ 
+       return csum_fold(sum);
+ }
+-- 
+2.43.0
+

diff --git a/queue-6.6/mm-memory-use-exception-ip-to-search-exception-table.patch b/queue-6.6/mm-memory-use-exception-ip-to-search-exception-table.patch
new file mode 100644 (file)
index 0000000..ec6d30c
--- /dev/null
+++ b/queue-6.6/mm-memory-use-exception-ip-to-search-exception-table.patch
@@ -0,0 +1,51 @@
+From b9594d8287727fa1868c50b1acaa2109993eb55f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 2 Feb 2024 12:30:28 +0000
+Subject: mm/memory: Use exception ip to search exception tables
+
+From: Jiaxun Yang <jiaxun.yang@flygoat.com>
+
+[ Upstream commit 8fa5070833886268e4fb646daaca99f725b378e9 ]
+
+On architectures with delay slot, instruction_pointer() may differ
+from where exception was triggered.
+
+Use exception_ip we just introduced to search exception tables to
+get rid of the problem.
+
+Fixes: 4bce37a68ff8 ("mips/mm: Convert to using lock_mm_and_find_vma()")
+Reported-by: Xi Ruoyao <xry111@xry111.site>
+Link: https://lore.kernel.org/r/75e9fd7b08562ad9b456a5bdaacb7cc220311cc9.camel@xry111.site/
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ mm/memory.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mm/memory.c b/mm/memory.c
+index dccf9203dd53..b3be18f1f120 100644
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -5315,7 +5315,7 @@ static inline bool get_mmap_lock_carefully(struct mm_struct *mm, struct pt_regs
+               return true;
+ 
+       if (regs && !user_mode(regs)) {
+-              unsigned long ip = instruction_pointer(regs);
++              unsigned long ip = exception_ip(regs);
+               if (!search_exception_tables(ip))
+                       return false;
+       }
+@@ -5340,7 +5340,7 @@ static inline bool upgrade_mmap_lock_carefully(struct mm_struct *mm, struct pt_r
+ {
+       mmap_read_unlock(mm);
+       if (regs && !user_mode(regs)) {
+-              unsigned long ip = instruction_pointer(regs);
++              unsigned long ip = exception_ip(regs);
+               if (!search_exception_tables(ip))
+                       return false;
+       }
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-handshake-fix-handshake_req_destroy_test1.patch b/queue-6.6/net-handshake-fix-handshake_req_destroy_test1.patch
new file mode 100644 (file)
index 0000000..c718b07
--- /dev/null
+++ b/queue-6.6/net-handshake-fix-handshake_req_destroy_test1.patch
@@ -0,0 +1,60 @@
+From 4570bf878d4bce144074f6edb9d8c2277e0d5b99 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 14:16:31 -0500
+Subject: net/handshake: Fix handshake_req_destroy_test1
+
+From: Chuck Lever <chuck.lever@oracle.com>
+
+[ Upstream commit 4e1d71cabb19ec2586827adfc60d68689c68c194 ]
+
+Recently, handshake_req_destroy_test1 started failing:
+
+Expected handshake_req_destroy_test == req, but
+    handshake_req_destroy_test == 0000000000000000
+    req == 0000000060f99b40
+not ok 11 req_destroy works
+
+This is because "sock_release(sock)" was replaced with "fput(filp)"
+to address a memory leak. Note that sock_release() is synchronous
+but fput() usually delays the final close and clean-up.
+
+The delay is not consequential in the other cases that were changed
+but handshake_req_destroy_test1 is testing that handshake_req_cancel()
+followed by closing the file actually does call the ->hp_destroy
+method. Thus the PTR_EQ test at the end has to be sure that the
+final close is complete before it checks the pointer.
+
+We cannot use a completion here because if ->hp_destroy is never
+called (ie, there is an API bug) then the test will hang.
+
+Reported by: Guenter Roeck <linux@roeck-us.net>
+Closes: https://lore.kernel.org/netdev/ZcKDd1to4MPANCrn@tissot.1015granger.net/T/#mac5c6299f86799f1c71776f3a07f9c566c7c3c40
+Fixes: 4a0f07d71b04 ("net/handshake: Fix memory leak in __sock_create() and sock_alloc_file()")
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Reviewed-by: Hannes Reinecke <hare@suse.de>
+Link: https://lore.kernel.org/r/170724699027.91401.7839730697326806733.stgit@oracle-102.nfsv4bat.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/handshake/handshake-test.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/net/handshake/handshake-test.c b/net/handshake/handshake-test.c
+index 16ed7bfd29e4..34fd1d9b2db8 100644
+--- a/net/handshake/handshake-test.c
++++ b/net/handshake/handshake-test.c
+@@ -471,7 +471,10 @@ static void handshake_req_destroy_test1(struct kunit *test)
+       handshake_req_cancel(sock->sk);
+ 
+       /* Act */
+-      fput(filp);
++      /* Ensure the close/release/put process has run to
++       * completion before checking the result.
++       */
++      __fput_sync(filp);
+ 
+       /* Assert */
+       KUNIT_EXPECT_PTR_EQ(test, handshake_req_destroy_test, req);
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-openvswitch-limit-the-number-of-recursions-from-.patch b/queue-6.6/net-openvswitch-limit-the-number-of-recursions-from-.patch
new file mode 100644 (file)
index 0000000..a304be4
--- /dev/null
+++ b/queue-6.6/net-openvswitch-limit-the-number-of-recursions-from-.patch
@@ -0,0 +1,214 @@
+From 3136c8ebb7896bf91474a3c64e862159a8d5d52b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 7 Feb 2024 08:24:15 -0500
+Subject: net: openvswitch: limit the number of recursions from action sets
+
+From: Aaron Conole <aconole@redhat.com>
+
+[ Upstream commit 6e2f90d31fe09f2b852de25125ca875aabd81367 ]
+
+The ovs module allows for some actions to recursively contain an action
+list for complex scenarios, such as sampling, checking lengths, etc.
+When these actions are copied into the internal flow table, they are
+evaluated to validate that such actions make sense, and these calls
+happen recursively.
+
+The ovs-vswitchd userspace won't emit more than 16 recursion levels
+deep.  However, the module has no such limit and will happily accept
+limits larger than 16 levels nested.  Prevent this by tracking the
+number of recursions happening and manually limiting it to 16 levels
+nested.
+
+The initial implementation of the sample action would track this depth
+and prevent more than 3 levels of recursion, but this was removed to
+support the clone use case, rather than limited at the current userspace
+limit.
+
+Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use cases")
+Signed-off-by: Aaron Conole <aconole@redhat.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://lore.kernel.org/r/20240207132416.1488485-2-aconole@redhat.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/openvswitch/flow_netlink.c | 49 +++++++++++++++++++++++-----------
+ 1 file changed, 33 insertions(+), 16 deletions(-)
+
+diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
+index 88965e2068ac..ebc5728aab4e 100644
+--- a/net/openvswitch/flow_netlink.c
++++ b/net/openvswitch/flow_netlink.c
+@@ -48,6 +48,7 @@ struct ovs_len_tbl {
+ 
+ #define OVS_ATTR_NESTED -1
+ #define OVS_ATTR_VARIABLE -2
++#define OVS_COPY_ACTIONS_MAX_DEPTH 16
+ 
+ static bool actions_may_change_flow(const struct nlattr *actions)
+ {
+@@ -2545,13 +2546,15 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+                                 const struct sw_flow_key *key,
+                                 struct sw_flow_actions **sfa,
+                                 __be16 eth_type, __be16 vlan_tci,
+-                                u32 mpls_label_count, bool log);
++                                u32 mpls_label_count, bool log,
++                                u32 depth);
+ 
+ static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
+                                   const struct sw_flow_key *key,
+                                   struct sw_flow_actions **sfa,
+                                   __be16 eth_type, __be16 vlan_tci,
+-                                  u32 mpls_label_count, bool log, bool last)
++                                  u32 mpls_label_count, bool log, bool last,
++                                  u32 depth)
+ {
+       const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
+       const struct nlattr *probability, *actions;
+@@ -2602,7 +2605,8 @@ static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
+               return err;
+ 
+       err = __ovs_nla_copy_actions(net, actions, key, sfa,
+-                                   eth_type, vlan_tci, mpls_label_count, log);
++                                   eth_type, vlan_tci, mpls_label_count, log,
++                                   depth + 1);
+ 
+       if (err)
+               return err;
+@@ -2617,7 +2621,8 @@ static int validate_and_copy_dec_ttl(struct net *net,
+                                    const struct sw_flow_key *key,
+                                    struct sw_flow_actions **sfa,
+                                    __be16 eth_type, __be16 vlan_tci,
+-                                   u32 mpls_label_count, bool log)
++                                   u32 mpls_label_count, bool log,
++                                   u32 depth)
+ {
+       const struct nlattr *attrs[OVS_DEC_TTL_ATTR_MAX + 1];
+       int start, action_start, err, rem;
+@@ -2660,7 +2665,8 @@ static int validate_and_copy_dec_ttl(struct net *net,
+               return action_start;
+ 
+       err = __ovs_nla_copy_actions(net, actions, key, sfa, eth_type,
+-                                   vlan_tci, mpls_label_count, log);
++                                   vlan_tci, mpls_label_count, log,
++                                   depth + 1);
+       if (err)
+               return err;
+ 
+@@ -2674,7 +2680,8 @@ static int validate_and_copy_clone(struct net *net,
+                                  const struct sw_flow_key *key,
+                                  struct sw_flow_actions **sfa,
+                                  __be16 eth_type, __be16 vlan_tci,
+-                                 u32 mpls_label_count, bool log, bool last)
++                                 u32 mpls_label_count, bool log, bool last,
++                                 u32 depth)
+ {
+       int start, err;
+       u32 exec;
+@@ -2694,7 +2701,8 @@ static int validate_and_copy_clone(struct net *net,
+               return err;
+ 
+       err = __ovs_nla_copy_actions(net, attr, key, sfa,
+-                                   eth_type, vlan_tci, mpls_label_count, log);
++                                   eth_type, vlan_tci, mpls_label_count, log,
++                                   depth + 1);
+       if (err)
+               return err;
+ 
+@@ -3063,7 +3071,7 @@ static int validate_and_copy_check_pkt_len(struct net *net,
+                                          struct sw_flow_actions **sfa,
+                                          __be16 eth_type, __be16 vlan_tci,
+                                          u32 mpls_label_count,
+-                                         bool log, bool last)
++                                         bool log, bool last, u32 depth)
+ {
+       const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
+       struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
+@@ -3111,7 +3119,8 @@ static int validate_and_copy_check_pkt_len(struct net *net,
+               return nested_acts_start;
+ 
+       err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
+-                                   eth_type, vlan_tci, mpls_label_count, log);
++                                   eth_type, vlan_tci, mpls_label_count, log,
++                                   depth + 1);
+ 
+       if (err)
+               return err;
+@@ -3124,7 +3133,8 @@ static int validate_and_copy_check_pkt_len(struct net *net,
+               return nested_acts_start;
+ 
+       err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
+-                                   eth_type, vlan_tci, mpls_label_count, log);
++                                   eth_type, vlan_tci, mpls_label_count, log,
++                                   depth + 1);
+ 
+       if (err)
+               return err;
+@@ -3152,12 +3162,16 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+                                 const struct sw_flow_key *key,
+                                 struct sw_flow_actions **sfa,
+                                 __be16 eth_type, __be16 vlan_tci,
+-                                u32 mpls_label_count, bool log)
++                                u32 mpls_label_count, bool log,
++                                u32 depth)
+ {
+       u8 mac_proto = ovs_key_mac_proto(key);
+       const struct nlattr *a;
+       int rem, err;
+ 
++      if (depth > OVS_COPY_ACTIONS_MAX_DEPTH)
++              return -EOVERFLOW;
++
+       nla_for_each_nested(a, attr, rem) {
+               /* Expected argument lengths, (u32)-1 for variable length. */
+               static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
+@@ -3355,7 +3369,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+                       err = validate_and_copy_sample(net, a, key, sfa,
+                                                      eth_type, vlan_tci,
+                                                      mpls_label_count,
+-                                                     log, last);
++                                                     log, last, depth);
+                       if (err)
+                               return err;
+                       skip_copy = true;
+@@ -3426,7 +3440,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+                       err = validate_and_copy_clone(net, a, key, sfa,
+                                                     eth_type, vlan_tci,
+                                                     mpls_label_count,
+-                                                    log, last);
++                                                    log, last, depth);
+                       if (err)
+                               return err;
+                       skip_copy = true;
+@@ -3440,7 +3454,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+                                                             eth_type,
+                                                             vlan_tci,
+                                                             mpls_label_count,
+-                                                            log, last);
++                                                            log, last,
++                                                            depth);
+                       if (err)
+                               return err;
+                       skip_copy = true;
+@@ -3450,7 +3465,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+               case OVS_ACTION_ATTR_DEC_TTL:
+                       err = validate_and_copy_dec_ttl(net, a, key, sfa,
+                                                       eth_type, vlan_tci,
+-                                                      mpls_label_count, log);
++                                                      mpls_label_count, log,
++                                                      depth);
+                       if (err)
+                               return err;
+                       skip_copy = true;
+@@ -3495,7 +3511,8 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
+ 
+       (*sfa)->orig_len = nla_len(attr);
+       err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
+-                                   key->eth.vlan.tci, mpls_label_count, log);
++                                   key->eth.vlan.tci, mpls_label_count, log,
++                                   0);
+       if (err)
+               ovs_nla_free_flow_actions(*sfa);
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch b/queue-6.6/net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch
new file mode 100644 (file)
index 0000000..b6f591d
--- /dev/null
+++ b/queue-6.6/net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch
@@ -0,0 +1,244 @@
+From 03ac3d9f3c7438cfb95a1d14890e6e1334d34569 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 9 Feb 2024 01:55:18 -0800
+Subject: net: sysfs: Fix /sys/class/net/<iface> path for statistics
+
+From: Breno Leitao <leitao@debian.org>
+
+[ Upstream commit 5b3fbd61b9d1f4ed2db95aaf03f9adae0373784d ]
+
+The Documentation/ABI/testing/sysfs-class-net-statistics documentation
+is pointing to the wrong path for the interface.  Documentation is
+pointing to /sys/class/<iface>, instead of /sys/class/net/<iface>.
+
+Fix it by adding the `net/` directory before the interface.
+
+Fixes: 6044f9700645 ("net: sysfs: document /sys/class/net/statistics/*")
+Signed-off-by: Breno Leitao <leitao@debian.org>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../ABI/testing/sysfs-class-net-statistics    | 48 +++++++++----------
+ 1 file changed, 24 insertions(+), 24 deletions(-)
+
+diff --git a/Documentation/ABI/testing/sysfs-class-net-statistics b/Documentation/ABI/testing/sysfs-class-net-statistics
+index 55db27815361..53e508c6936a 100644
+--- a/Documentation/ABI/testing/sysfs-class-net-statistics
++++ b/Documentation/ABI/testing/sysfs-class-net-statistics
+@@ -1,4 +1,4 @@
+-What:         /sys/class/<iface>/statistics/collisions
++What:         /sys/class/net/<iface>/statistics/collisions
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -6,7 +6,7 @@ Description:
+               Indicates the number of collisions seen by this network device.
+               This value might not be relevant with all MAC layers.
+ 
+-What:         /sys/class/<iface>/statistics/multicast
++What:         /sys/class/net/<iface>/statistics/multicast
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -14,7 +14,7 @@ Description:
+               Indicates the number of multicast packets received by this
+               network device.
+ 
+-What:         /sys/class/<iface>/statistics/rx_bytes
++What:         /sys/class/net/<iface>/statistics/rx_bytes
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -23,7 +23,7 @@ Description:
+               See the network driver for the exact meaning of when this
+               value is incremented.
+ 
+-What:         /sys/class/<iface>/statistics/rx_compressed
++What:         /sys/class/net/<iface>/statistics/rx_compressed
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -32,7 +32,7 @@ Description:
+               network device. This value might only be relevant for interfaces
+               that support packet compression (e.g: PPP).
+ 
+-What:         /sys/class/<iface>/statistics/rx_crc_errors
++What:         /sys/class/net/<iface>/statistics/rx_crc_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -41,7 +41,7 @@ Description:
+               by this network device. Note that the specific meaning might
+               depend on the MAC layer used by the interface.
+ 
+-What:         /sys/class/<iface>/statistics/rx_dropped
++What:         /sys/class/net/<iface>/statistics/rx_dropped
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -51,7 +51,7 @@ Description:
+               packet processing. See the network driver for the exact
+               meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_errors
++What:         /sys/class/net/<iface>/statistics/rx_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -59,7 +59,7 @@ Description:
+               Indicates the number of receive errors on this network device.
+               See the network driver for the exact meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_fifo_errors
++What:         /sys/class/net/<iface>/statistics/rx_fifo_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -68,7 +68,7 @@ Description:
+               network device. See the network driver for the exact
+               meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_frame_errors
++What:         /sys/class/net/<iface>/statistics/rx_frame_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -78,7 +78,7 @@ Description:
+               on the MAC layer protocol used. See the network driver for
+               the exact meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_length_errors
++What:         /sys/class/net/<iface>/statistics/rx_length_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -87,7 +87,7 @@ Description:
+               error, oversized or undersized. See the network driver for the
+               exact meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_missed_errors
++What:         /sys/class/net/<iface>/statistics/rx_missed_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -96,7 +96,7 @@ Description:
+               due to lack of capacity in the receive side. See the network
+               driver for the exact meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_nohandler
++What:         /sys/class/net/<iface>/statistics/rx_nohandler
+ Date:         February 2016
+ KernelVersion:        4.6
+ Contact:      netdev@vger.kernel.org
+@@ -104,7 +104,7 @@ Description:
+               Indicates the number of received packets that were dropped on
+               an inactive device by the network core.
+ 
+-What:         /sys/class/<iface>/statistics/rx_over_errors
++What:         /sys/class/net/<iface>/statistics/rx_over_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -114,7 +114,7 @@ Description:
+               (e.g: larger than MTU). See the network driver for the exact
+               meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/rx_packets
++What:         /sys/class/net/<iface>/statistics/rx_packets
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -122,7 +122,7 @@ Description:
+               Indicates the total number of good packets received by this
+               network device.
+ 
+-What:         /sys/class/<iface>/statistics/tx_aborted_errors
++What:         /sys/class/net/<iface>/statistics/tx_aborted_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -132,7 +132,7 @@ Description:
+               a medium collision). See the network driver for the exact
+               meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/tx_bytes
++What:         /sys/class/net/<iface>/statistics/tx_bytes
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -143,7 +143,7 @@ Description:
+               transmitted packets or all packets that have been queued for
+               transmission.
+ 
+-What:         /sys/class/<iface>/statistics/tx_carrier_errors
++What:         /sys/class/net/<iface>/statistics/tx_carrier_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -152,7 +152,7 @@ Description:
+               because of carrier errors (e.g: physical link down). See the
+               network driver for the exact meaning of this value.
+ 
+-What:         /sys/class/<iface>/statistics/tx_compressed
++What:         /sys/class/net/<iface>/statistics/tx_compressed
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -161,7 +161,7 @@ Description:
+               this might only be relevant for devices that support
+               compression (e.g: PPP).
+ 
+-What:         /sys/class/<iface>/statistics/tx_dropped
++What:         /sys/class/net/<iface>/statistics/tx_dropped
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -170,7 +170,7 @@ Description:
+               See the driver for the exact reasons as to why the packets were
+               dropped.
+ 
+-What:         /sys/class/<iface>/statistics/tx_errors
++What:         /sys/class/net/<iface>/statistics/tx_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -179,7 +179,7 @@ Description:
+               a network device. See the driver for the exact reasons as to
+               why the packets were dropped.
+ 
+-What:         /sys/class/<iface>/statistics/tx_fifo_errors
++What:         /sys/class/net/<iface>/statistics/tx_fifo_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -188,7 +188,7 @@ Description:
+               FIFO error. See the driver for the exact reasons as to why the
+               packets were dropped.
+ 
+-What:         /sys/class/<iface>/statistics/tx_heartbeat_errors
++What:         /sys/class/net/<iface>/statistics/tx_heartbeat_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -197,7 +197,7 @@ Description:
+               reported as heartbeat errors. See the driver for the exact
+               reasons as to why the packets were dropped.
+ 
+-What:         /sys/class/<iface>/statistics/tx_packets
++What:         /sys/class/net/<iface>/statistics/tx_packets
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+@@ -206,7 +206,7 @@ Description:
+               device. See the driver for whether this reports the number of all
+               attempted or successful transmissions.
+ 
+-What:         /sys/class/<iface>/statistics/tx_window_errors
++What:         /sys/class/net/<iface>/statistics/tx_window_errors
+ Date:         April 2005
+ KernelVersion:        2.6.12
+ Contact:      netdev@vger.kernel.org
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-tls-factor-out-tls_-crypt_async_wait.patch b/queue-6.6/net-tls-factor-out-tls_-crypt_async_wait.patch
new file mode 100644 (file)
index 0000000..9338e1d
--- /dev/null
+++ b/queue-6.6/net-tls-factor-out-tls_-crypt_async_wait.patch
@@ -0,0 +1,189 @@
+From 666bba7d99678b8ddab98f4c11564296b8a5f0ab Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:18 -0800
+Subject: net: tls: factor out tls_*crypt_async_wait()
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+[ Upstream commit c57ca512f3b68ddcd62bda9cc24a8f5584ab01b1 ]
+
+Factor out waiting for async encrypt and decrypt to finish.
+There are already multiple copies and a subsequent fix will
+need more. No functional changes.
+
+Note that crypto_wait_req() returns wait->err
+
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tls/tls_sw.c | 96 +++++++++++++++++++++++-------------------------
+ 1 file changed, 45 insertions(+), 51 deletions(-)
+
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index 3c176776e912..12c3635c2b3e 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -230,6 +230,20 @@ static void tls_decrypt_done(void *data, int err)
+       spin_unlock_bh(&ctx->decrypt_compl_lock);
+ }
+ 
++static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx)
++{
++      int pending;
++
++      spin_lock_bh(&ctx->decrypt_compl_lock);
++      reinit_completion(&ctx->async_wait.completion);
++      pending = atomic_read(&ctx->decrypt_pending);
++      spin_unlock_bh(&ctx->decrypt_compl_lock);
++      if (pending)
++              crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
++
++      return ctx->async_wait.err;
++}
++
+ static int tls_do_decryption(struct sock *sk,
+                            struct scatterlist *sgin,
+                            struct scatterlist *sgout,
+@@ -495,6 +509,28 @@ static void tls_encrypt_done(void *data, int err)
+               schedule_delayed_work(&ctx->tx_work.work, 1);
+ }
+ 
++static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx)
++{
++      int pending;
++
++      spin_lock_bh(&ctx->encrypt_compl_lock);
++      ctx->async_notify = true;
++
++      pending = atomic_read(&ctx->encrypt_pending);
++      spin_unlock_bh(&ctx->encrypt_compl_lock);
++      if (pending)
++              crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
++      else
++              reinit_completion(&ctx->async_wait.completion);
++
++      /* There can be no concurrent accesses, since we have no
++       * pending encrypt operations
++       */
++      WRITE_ONCE(ctx->async_notify, false);
++
++      return ctx->async_wait.err;
++}
++
+ static int tls_do_encryption(struct sock *sk,
+                            struct tls_context *tls_ctx,
+                            struct tls_sw_context_tx *ctx,
+@@ -984,7 +1020,6 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
+       int num_zc = 0;
+       int orig_size;
+       int ret = 0;
+-      int pending;
+ 
+       if (!eor && (msg->msg_flags & MSG_EOR))
+               return -EINVAL;
+@@ -1163,24 +1198,12 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
+       if (!num_async) {
+               goto send_end;
+       } else if (num_zc) {
+-              /* Wait for pending encryptions to get completed */
+-              spin_lock_bh(&ctx->encrypt_compl_lock);
+-              ctx->async_notify = true;
+-
+-              pending = atomic_read(&ctx->encrypt_pending);
+-              spin_unlock_bh(&ctx->encrypt_compl_lock);
+-              if (pending)
+-                      crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+-              else
+-                      reinit_completion(&ctx->async_wait.completion);
+-
+-              /* There can be no concurrent accesses, since we have no
+-               * pending encrypt operations
+-               */
+-              WRITE_ONCE(ctx->async_notify, false);
++              int err;
+ 
+-              if (ctx->async_wait.err) {
+-                      ret = ctx->async_wait.err;
++              /* Wait for pending encryptions to get completed */
++              err = tls_encrypt_async_wait(ctx);
++              if (err) {
++                      ret = err;
+                       copied = 0;
+               }
+       }
+@@ -1229,7 +1252,6 @@ void tls_sw_splice_eof(struct socket *sock)
+       ssize_t copied = 0;
+       bool retrying = false;
+       int ret = 0;
+-      int pending;
+ 
+       if (!ctx->open_rec)
+               return;
+@@ -1264,22 +1286,7 @@ void tls_sw_splice_eof(struct socket *sock)
+       }
+ 
+       /* Wait for pending encryptions to get completed */
+-      spin_lock_bh(&ctx->encrypt_compl_lock);
+-      ctx->async_notify = true;
+-
+-      pending = atomic_read(&ctx->encrypt_pending);
+-      spin_unlock_bh(&ctx->encrypt_compl_lock);
+-      if (pending)
+-              crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+-      else
+-              reinit_completion(&ctx->async_wait.completion);
+-
+-      /* There can be no concurrent accesses, since we have no pending
+-       * encrypt operations
+-       */
+-      WRITE_ONCE(ctx->async_notify, false);
+-
+-      if (ctx->async_wait.err)
++      if (tls_encrypt_async_wait(ctx))
+               goto unlock;
+ 
+       /* Transmit if any encryptions have completed */
+@@ -2109,16 +2116,10 @@ int tls_sw_recvmsg(struct sock *sk,
+ 
+ recv_end:
+       if (async) {
+-              int ret, pending;
++              int ret;
+ 
+               /* Wait for all previously submitted records to be decrypted */
+-              spin_lock_bh(&ctx->decrypt_compl_lock);
+-              reinit_completion(&ctx->async_wait.completion);
+-              pending = atomic_read(&ctx->decrypt_pending);
+-              spin_unlock_bh(&ctx->decrypt_compl_lock);
+-              ret = 0;
+-              if (pending)
+-                      ret = crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
++              ret = tls_decrypt_async_wait(ctx);
+               __skb_queue_purge(&ctx->async_hold);
+ 
+               if (ret) {
+@@ -2435,16 +2436,9 @@ void tls_sw_release_resources_tx(struct sock *sk)
+       struct tls_context *tls_ctx = tls_get_ctx(sk);
+       struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
+       struct tls_rec *rec, *tmp;
+-      int pending;
+ 
+       /* Wait for any pending async encryptions to complete */
+-      spin_lock_bh(&ctx->encrypt_compl_lock);
+-      ctx->async_notify = true;
+-      pending = atomic_read(&ctx->encrypt_pending);
+-      spin_unlock_bh(&ctx->encrypt_compl_lock);
+-
+-      if (pending)
+-              crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
++      tls_encrypt_async_wait(ctx);
+ 
+       tls_tx_records(sk, -1);
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-tls-fix-returned-read-length-with-async-decrypt.patch b/queue-6.6/net-tls-fix-returned-read-length-with-async-decrypt.patch
new file mode 100644 (file)
index 0000000..1434115
--- /dev/null
+++ b/queue-6.6/net-tls-fix-returned-read-length-with-async-decrypt.patch
@@ -0,0 +1,40 @@
+From 2a656062e0d30d5a9a767f339fc77ccb2343212c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:24 -0800
+Subject: net: tls: fix returned read length with async decrypt
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+[ Upstream commit ac437a51ce662364062f704e321227f6728e6adc ]
+
+We double count async, non-zc rx data. The previous fix was
+lucky because if we fully zc async_copy_bytes is 0 so we add 0.
+Decrypted already has all the bytes we handled, in all cases.
+We don't have to adjust anything, delete the erroneous line.
+
+Fixes: 4d42cd6bc2ac ("tls: rx: fix return value for async crypto")
+Co-developed-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tls/tls_sw.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index 2af8b0873da6..e1f8ff6e9a73 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -2132,7 +2132,6 @@ int tls_sw_recvmsg(struct sock *sk,
+               else
+                       err = process_rx_list(ctx, msg, &control, 0,
+                                             async_copy_bytes, is_peek);
+-              decrypted += max(err, 0);
+       }
+ 
+       copied += decrypted;
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-tls-fix-use-after-free-with-partial-reads-and-as.patch b/queue-6.6/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
new file mode 100644 (file)
index 0000000..0bee6e3
--- /dev/null
+++ b/queue-6.6/net-tls-fix-use-after-free-with-partial-reads-and-as.patch
@@ -0,0 +1,64 @@
+From bb2489d2136b70298909a60a58603f6b7b6684fd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:22 -0800
+Subject: net: tls: fix use-after-free with partial reads and async decrypt
+
+From: Sabrina Dubroca <sd@queasysnail.net>
+
+[ Upstream commit 32b55c5ff9103b8508c1e04bfa5a08c64e7a925f ]
+
+tls_decrypt_sg doesn't take a reference on the pages from clear_skb,
+so the put_page() in tls_decrypt_done releases them, and we trigger
+a use-after-free in process_rx_list when we try to read from the
+partially-read skb.
+
+Fixes: fd31f3996af2 ("tls: rx: decrypt into a fresh skb")
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tls/tls_sw.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index c32fce6f3563..2af8b0873da6 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -63,6 +63,7 @@ struct tls_decrypt_ctx {
+       u8 iv[MAX_IV_SIZE];
+       u8 aad[TLS_MAX_AAD_SIZE];
+       u8 tail;
++      bool free_sgout;
+       struct scatterlist sg[];
+ };
+ 
+@@ -187,7 +188,6 @@ static void tls_decrypt_done(void *data, int err)
+       struct aead_request *aead_req = data;
+       struct crypto_aead *aead = crypto_aead_reqtfm(aead_req);
+       struct scatterlist *sgout = aead_req->dst;
+-      struct scatterlist *sgin = aead_req->src;
+       struct tls_sw_context_rx *ctx;
+       struct tls_decrypt_ctx *dctx;
+       struct tls_context *tls_ctx;
+@@ -224,7 +224,7 @@ static void tls_decrypt_done(void *data, int err)
+       }
+ 
+       /* Free the destination pages if skb was not decrypted inplace */
+-      if (sgout != sgin) {
++      if (dctx->free_sgout) {
+               /* Skip the first S/G entry as it points to AAD */
+               for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) {
+                       if (!sg)
+@@ -1583,6 +1583,7 @@ static int tls_decrypt_sg(struct sock *sk, struct iov_iter *out_iov,
+       } else if (out_sg) {
+               memcpy(sgout, out_sg, n_sgout * sizeof(*sgout));
+       }
++      dctx->free_sgout = !!pages;
+ 
+       /* Prepare and submit AEAD request */
+       err = tls_do_decryption(sk, sgin, sgout, dctx->iv,
+-- 
+2.43.0
+

diff --git a/queue-6.6/net-tls-handle-backlogging-of-crypto-requests.patch b/queue-6.6/net-tls-handle-backlogging-of-crypto-requests.patch
new file mode 100644 (file)
index 0000000..a2791b8
--- /dev/null
+++ b/queue-6.6/net-tls-handle-backlogging-of-crypto-requests.patch
@@ -0,0 +1,93 @@
+From 2afd78478004f105354e0cbc4be08ce1809fae42 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:21 -0800
+Subject: net: tls: handle backlogging of crypto requests
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+[ Upstream commit 8590541473188741055d27b955db0777569438e3 ]
+
+Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
+requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
+ -EBUSY instead of -EINPROGRESS in valid situations. For example, when
+the cryptd queue for AESNI is full (easy to trigger with an
+artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
+to the backlog but still processed. In that case, the async callback
+will also be called twice: first with err == -EINPROGRESS, which it
+seems we can just ignore, then with err == 0.
+
+Compared to Sabrina's original patch this version uses the new
+tls_*crypt_async_wait() helpers and converts the EBUSY to
+EINPROGRESS to avoid having to modify all the error handling
+paths. The handling is identical.
+
+Fixes: a54667f6728c ("tls: Add support for encryption using async offload accelerator")
+Fixes: 94524d8fc965 ("net/tls: Add support for async decryption of tls records")
+Co-developed-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Link: https://lore.kernel.org/netdev/9681d1febfec295449a62300938ed2ae66983f28.1694018970.git.sd@queasysnail.net/
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tls/tls_sw.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index 0b47acfd6a7f..c32fce6f3563 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -196,6 +196,17 @@ static void tls_decrypt_done(void *data, int err)
+       struct sock *sk;
+       int aead_size;
+ 
++      /* If requests get too backlogged crypto API returns -EBUSY and calls
++       * ->complete(-EINPROGRESS) immediately followed by ->complete(0)
++       * to make waiting for backlog to flush with crypto_wait_req() easier.
++       * First wait converts -EBUSY -> -EINPROGRESS, and the second one
++       * -EINPROGRESS -> 0.
++       * We have a single struct crypto_async_request per direction, this
++       * scheme doesn't help us, so just ignore the first ->complete().
++       */
++      if (err == -EINPROGRESS)
++              return;
++
+       aead_size = sizeof(*aead_req) + crypto_aead_reqsize(aead);
+       aead_size = ALIGN(aead_size, __alignof__(*dctx));
+       dctx = (void *)((u8 *)aead_req + aead_size);
+@@ -269,6 +280,10 @@ static int tls_do_decryption(struct sock *sk,
+       }
+ 
+       ret = crypto_aead_decrypt(aead_req);
++      if (ret == -EBUSY) {
++              ret = tls_decrypt_async_wait(ctx);
++              ret = ret ?: -EINPROGRESS;
++      }
+       if (ret == -EINPROGRESS) {
+               if (darg->async)
+                       return 0;
+@@ -449,6 +464,9 @@ static void tls_encrypt_done(void *data, int err)
+       struct sk_msg *msg_en;
+       struct sock *sk;
+ 
++      if (err == -EINPROGRESS) /* see the comment in tls_decrypt_done() */
++              return;
++
+       msg_en = &rec->msg_encrypted;
+ 
+       sk = rec->sk;
+@@ -553,6 +571,10 @@ static int tls_do_encryption(struct sock *sk,
+       atomic_inc(&ctx->encrypt_pending);
+ 
+       rc = crypto_aead_encrypt(aead_req);
++      if (rc == -EBUSY) {
++              rc = tls_encrypt_async_wait(ctx);
++              rc = rc ?: -EINPROGRESS;
++      }
+       if (!rc || rc != -EINPROGRESS) {
+               atomic_dec(&ctx->encrypt_pending);
+               sge->offset -= prot->prepend_size;
+-- 
+2.43.0
+

diff --git a/queue-6.6/nouveau-svm-fix-kvcalloc-argument-order.patch b/queue-6.6/nouveau-svm-fix-kvcalloc-argument-order.patch
new file mode 100644 (file)
index 0000000..f775aa9
--- /dev/null
+++ b/queue-6.6/nouveau-svm-fix-kvcalloc-argument-order.patch
@@ -0,0 +1,46 @@
+From cce7864f69d58878b4e06b244a92d1cf0314cdf7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 12 Feb 2024 12:22:17 +0100
+Subject: nouveau/svm: fix kvcalloc() argument order
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+[ Upstream commit 2c80a2b715df75881359d07dbaacff8ad411f40e ]
+
+The conversion to kvcalloc() mixed up the object size and count
+arguments, causing a warning:
+
+drivers/gpu/drm/nouveau/nouveau_svm.c: In function 'nouveau_svm_fault_buffer_ctor':
+drivers/gpu/drm/nouveau/nouveau_svm.c:1010:40: error: 'kvcalloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
+ 1010 |         buffer->fault = kvcalloc(sizeof(*buffer->fault), buffer->entries, GFP_KERNEL);
+      |                                        ^
+drivers/gpu/drm/nouveau/nouveau_svm.c:1010:40: note: earlier argument should specify number of elements, later size of each element
+
+The behavior is still correct aside from the warning, but fixing it avoids
+the warnings and can help the compiler track the individual objects better.
+
+Fixes: 71e4bbca070e ("nouveau/svm: Use kvcalloc() instead of kvzalloc()")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Danilo Krummrich <dakr@redhat.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240212112230.1117284-1-arnd@kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/nouveau/nouveau_svm.c b/drivers/gpu/drm/nouveau/nouveau_svm.c
+index 186351ecf72f..ec9f307370fa 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_svm.c
++++ b/drivers/gpu/drm/nouveau/nouveau_svm.c
+@@ -1011,7 +1011,7 @@ nouveau_svm_fault_buffer_ctor(struct nouveau_svm *svm, s32 oclass, int id)
+       if (ret)
+               return ret;
+ 
+-      buffer->fault = kvcalloc(sizeof(*buffer->fault), buffer->entries, GFP_KERNEL);
++      buffer->fault = kvcalloc(buffer->entries, sizeof(*buffer->fault), GFP_KERNEL);
+       if (!buffer->fault)
+               return -ENOMEM;
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/of-property-improve-finding-the-consumer-of-a-remote.patch b/queue-6.6/of-property-improve-finding-the-consumer-of-a-remote.patch
new file mode 100644 (file)
index 0000000..830f0b0
--- /dev/null
+++ b/queue-6.6/of-property-improve-finding-the-consumer-of-a-remote.patch
@@ -0,0 +1,116 @@
+From 50f2cf2a8400d8e3ac14d6e71753bd7b15c3839e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:00 -0800
+Subject: of: property: Improve finding the consumer of a remote-endpoint
+ property
+
+From: Saravana Kannan <saravanak@google.com>
+
+[ Upstream commit f4653ec9861cd96a1a6a3258c4a807898ee8cf3c ]
+
+We have a more accurate function to find the right consumer of a
+remote-endpoint property instead of searching for a parent with
+compatible string property. So, use that instead. While at it, make the
+code to find the consumer a bit more flexible and based on the property
+being parsed.
+
+Fixes: f7514a663016 ("of: property: fw_devlink: Add support for remote-endpoint")
+Signed-off-by: Saravana Kannan <saravanak@google.com>
+Link: https://lore.kernel.org/r/20240207011803.2637531-2-saravanak@google.com
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/of/property.c | 47 +++++++++----------------------------------
+ 1 file changed, 10 insertions(+), 37 deletions(-)
+
+diff --git a/drivers/of/property.c b/drivers/of/property.c
+index cf8dacf3e3b8..4411a08fccb3 100644
+--- a/drivers/of/property.c
++++ b/drivers/of/property.c
+@@ -1062,36 +1062,6 @@ of_fwnode_device_get_match_data(const struct fwnode_handle *fwnode,
+       return of_device_get_match_data(dev);
+ }
+ 
+-static struct device_node *of_get_compat_node(struct device_node *np)
+-{
+-      of_node_get(np);
+-
+-      while (np) {
+-              if (!of_device_is_available(np)) {
+-                      of_node_put(np);
+-                      np = NULL;
+-              }
+-
+-              if (of_property_present(np, "compatible"))
+-                      break;
+-
+-              np = of_get_next_parent(np);
+-      }
+-
+-      return np;
+-}
+-
+-static struct device_node *of_get_compat_node_parent(struct device_node *np)
+-{
+-      struct device_node *parent, *node;
+-
+-      parent = of_get_parent(np);
+-      node = of_get_compat_node(parent);
+-      of_node_put(parent);
+-
+-      return node;
+-}
+-
+ static void of_link_to_phandle(struct device_node *con_np,
+                             struct device_node *sup_np)
+ {
+@@ -1221,10 +1191,10 @@ static struct device_node *parse_##fname(struct device_node *np,            \
+  * @parse_prop.prop_name: Name of property holding a phandle value
+  * @parse_prop.index: For properties holding a list of phandles, this is the
+  *                  index into the list
++ * @get_con_dev: If the consumer node containing the property is never converted
++ *             to a struct device, implement this ops so fw_devlink can use it
++ *             to find the true consumer.
+  * @optional: Describes whether a supplier is mandatory or not
+- * @node_not_dev: The consumer node containing the property is never converted
+- *              to a struct device. Instead, parse ancestor nodes for the
+- *              compatible property to find a node corresponding to a device.
+  *
+  * Returns:
+  * parse_prop() return values are
+@@ -1235,8 +1205,8 @@ static struct device_node *parse_##fname(struct device_node *np,      \
+ struct supplier_bindings {
+       struct device_node *(*parse_prop)(struct device_node *np,
+                                         const char *prop_name, int index);
++      struct device_node *(*get_con_dev)(struct device_node *np);
+       bool optional;
+-      bool node_not_dev;
+ };
+ 
+ DEFINE_SIMPLE_PROP(clocks, "clocks", "#clock-cells")
+@@ -1350,7 +1320,10 @@ static const struct supplier_bindings of_supplier_bindings[] = {
+       { .parse_prop = parse_pinctrl6, },
+       { .parse_prop = parse_pinctrl7, },
+       { .parse_prop = parse_pinctrl8, },
+-      { .parse_prop = parse_remote_endpoint, .node_not_dev = true, },
++      {
++              .parse_prop = parse_remote_endpoint,
++              .get_con_dev = of_graph_get_port_parent,
++      },
+       { .parse_prop = parse_pwms, },
+       { .parse_prop = parse_resets, },
+       { .parse_prop = parse_leds, },
+@@ -1400,8 +1373,8 @@ static int of_link_property(struct device_node *con_np, const char *prop_name)
+               while ((phandle = s->parse_prop(con_np, prop_name, i))) {
+                       struct device_node *con_dev_np;
+ 
+-                      con_dev_np = s->node_not_dev
+-                                      ? of_get_compat_node_parent(con_np)
++                      con_dev_np = s->get_con_dev
++                                      ? s->get_con_dev(con_np)
+                                       : of_node_get(con_np);
+                       matched = true;
+                       i++;
+-- 
+2.43.0
+

diff --git a/queue-6.6/of-property-improve-finding-the-supplier-of-a-remote.patch b/queue-6.6/of-property-improve-finding-the-supplier-of-a-remote.patch
new file mode 100644 (file)
index 0000000..9e0328d
--- /dev/null
+++ b/queue-6.6/of-property-improve-finding-the-supplier-of-a-remote.patch
@@ -0,0 +1,58 @@
+From 6b4eefe89be8aa5dd7e4194257a32d853e17296d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:01 -0800
+Subject: of: property: Improve finding the supplier of a remote-endpoint
+ property
+
+From: Saravana Kannan <saravanak@google.com>
+
+[ Upstream commit 782bfd03c3ae2c0e6e01b661b8e18f1de50357be ]
+
+After commit 4a032827daa8 ("of: property: Simplify of_link_to_phandle()"),
+remote-endpoint properties created a fwnode link from the consumer device
+to the supplier endpoint. This is a tiny bit inefficient (not buggy) when
+trying to create device links or detecting cycles. So, improve this the
+same way we improved finding the consumer of a remote-endpoint property.
+
+Fixes: 4a032827daa8 ("of: property: Simplify of_link_to_phandle()")
+Signed-off-by: Saravana Kannan <saravanak@google.com>
+Link: https://lore.kernel.org/r/20240207011803.2637531-3-saravanak@google.com
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/of/property.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/of/property.c b/drivers/of/property.c
+index 4411a08fccb3..d9b3c8769fa7 100644
+--- a/drivers/of/property.c
++++ b/drivers/of/property.c
+@@ -1231,7 +1231,6 @@ DEFINE_SIMPLE_PROP(pinctrl5, "pinctrl-5", NULL)
+ DEFINE_SIMPLE_PROP(pinctrl6, "pinctrl-6", NULL)
+ DEFINE_SIMPLE_PROP(pinctrl7, "pinctrl-7", NULL)
+ DEFINE_SIMPLE_PROP(pinctrl8, "pinctrl-8", NULL)
+-DEFINE_SIMPLE_PROP(remote_endpoint, "remote-endpoint", NULL)
+ DEFINE_SIMPLE_PROP(pwms, "pwms", "#pwm-cells")
+ DEFINE_SIMPLE_PROP(resets, "resets", "#reset-cells")
+ DEFINE_SIMPLE_PROP(leds, "leds", NULL)
+@@ -1296,6 +1295,17 @@ static struct device_node *parse_interrupts(struct device_node *np,
+       return of_irq_parse_one(np, index, &sup_args) ? NULL : sup_args.np;
+ }
+ 
++static struct device_node *parse_remote_endpoint(struct device_node *np,
++                                               const char *prop_name,
++                                               int index)
++{
++      /* Return NULL for index > 0 to signify end of remote-endpoints. */
++      if (!index || strcmp(prop_name, "remote-endpoint"))
++              return NULL;
++
++      return of_graph_get_remote_port_parent(np);
++}
++
+ static const struct supplier_bindings of_supplier_bindings[] = {
+       { .parse_prop = parse_clocks, },
+       { .parse_prop = parse_interconnects, },
+-- 
+2.43.0
+

diff --git a/queue-6.6/of-unittest-fix-compile-in-the-non-dynamic-case.patch b/queue-6.6/of-unittest-fix-compile-in-the-non-dynamic-case.patch
new file mode 100644 (file)
index 0000000..57f94bf
--- /dev/null
+++ b/queue-6.6/of-unittest-fix-compile-in-the-non-dynamic-case.patch
@@ -0,0 +1,68 @@
+From 8d262123843626b9c6cb90ed0b1397b520081742 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 29 Jan 2024 20:25:56 +0100
+Subject: of: unittest: Fix compile in the non-dynamic case
+
+From: Christian A. Ehrhardt <lk@c--e.de>
+
+[ Upstream commit 607aad1e4356c210dbef9022955a3089377909b2 ]
+
+If CONFIG_OF_KOBJ is not set, a device_node does not contain a
+kobj and attempts to access the embedded kobj via kref_read break
+the compile.
+
+Replace affected kref_read calls with a macro that reads the
+refcount if it exists and returns 1 if there is no embedded kobj.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Closes: https://lore.kernel.org/oe-kbuild-all/202401291740.VP219WIz-lkp@intel.com/
+Fixes: 4dde83569832 ("of: Fix double free in of_parse_phandle_with_args_map")
+Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
+Link: https://lore.kernel.org/r/20240129192556.403271-1-lk@c--e.de
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/of/unittest.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
+index f278def7ef03..4f58345b5c68 100644
+--- a/drivers/of/unittest.c
++++ b/drivers/of/unittest.c
+@@ -50,6 +50,12 @@ static struct unittest_results {
+       failed; \
+ })
+ 
++#ifdef CONFIG_OF_KOBJ
++#define OF_KREF_READ(NODE) kref_read(&(NODE)->kobj.kref)
++#else
++#define OF_KREF_READ(NODE) 1
++#endif
++
+ /*
+  * Expected message may have a message level other than KERN_INFO.
+  * Print the expected message only if the current loglevel will allow
+@@ -570,7 +576,7 @@ static void __init of_unittest_parse_phandle_with_args_map(void)
+                       pr_err("missing testcase data\n");
+                       return;
+               }
+-              prefs[i] = kref_read(&p[i]->kobj.kref);
++              prefs[i] = OF_KREF_READ(p[i]);
+       }
+ 
+       rc = of_count_phandle_with_args(np, "phandle-list", "#phandle-cells");
+@@ -693,9 +699,9 @@ static void __init of_unittest_parse_phandle_with_args_map(void)
+       unittest(rc == -EINVAL, "expected:%i got:%i\n", -EINVAL, rc);
+ 
+       for (i = 0; i < ARRAY_SIZE(p); ++i) {
+-              unittest(prefs[i] == kref_read(&p[i]->kobj.kref),
++              unittest(prefs[i] == OF_KREF_READ(p[i]),
+                        "provider%d: expected:%d got:%d\n",
+-                       i, prefs[i], kref_read(&p[i]->kobj.kref));
++                       i, prefs[i], OF_KREF_READ(p[i]));
+               of_node_put(p[i]);
+       }
+ }
+-- 
+2.43.0
+

diff --git a/queue-6.6/perf-cxl-fix-mismatched-cpmu-event-opcode.patch b/queue-6.6/perf-cxl-fix-mismatched-cpmu-event-opcode.patch
new file mode 100644 (file)
index 0000000..c0605f6
--- /dev/null
+++ b/queue-6.6/perf-cxl-fix-mismatched-cpmu-event-opcode.patch
@@ -0,0 +1,38 @@
+From f89de2c0d462f1eac8ec1ca5e20ed812fd5766a4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 10:34:15 +0900
+Subject: perf: CXL: fix mismatched cpmu event opcode
+
+From: Hojin Nam <hj96.nam@samsung.com>
+
+[ Upstream commit 719da04f2d1285922abca72b074fb6fa75d464ea ]
+
+S2M NDR BI-ConflictAck opcode is described as 4 in the CXL
+r3.0 3.3.9 Table 3.43. However, it is defined as 3 in macro definition.
+
+Fixes: 5d7107c72796 ("perf: CXL Performance Monitoring Unit driver")
+Signed-off-by: Hojin Nam <hj96.nam@samsung.com>
+Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Link: https://lore.kernel.org/r/20240208013415epcms2p2904187c8a863f4d0d2adc980fb91a2dc@epcms2p2
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/perf/cxl_pmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/perf/cxl_pmu.c b/drivers/perf/cxl_pmu.c
+index 365d964b0f6a..bc0d414a6aff 100644
+--- a/drivers/perf/cxl_pmu.c
++++ b/drivers/perf/cxl_pmu.c
+@@ -419,7 +419,7 @@ static struct attribute *cxl_pmu_event_attrs[] = {
+       CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_cmp,                     CXL_PMU_GID_S2M_NDR, BIT(0)),
+       CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_cmps,                    CXL_PMU_GID_S2M_NDR, BIT(1)),
+       CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_cmpe,                    CXL_PMU_GID_S2M_NDR, BIT(2)),
+-      CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_biconflictack,           CXL_PMU_GID_S2M_NDR, BIT(3)),
++      CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_biconflictack,           CXL_PMU_GID_S2M_NDR, BIT(4)),
+       /* CXL rev 3.0 Table 3-46 S2M DRS opcodes */
+       CXL_PMU_EVENT_CXL_ATTR(s2m_drs_memdata,                 CXL_PMU_GID_S2M_DRS, BIT(0)),
+       CXL_PMU_EVENT_CXL_ATTR(s2m_drs_memdatanxm,              CXL_PMU_GID_S2M_DRS, BIT(1)),
+-- 
+2.43.0
+

diff --git a/queue-6.6/ptrace-introduce-exception_ip-arch-hook.patch b/queue-6.6/ptrace-introduce-exception_ip-arch-hook.patch
new file mode 100644 (file)
index 0000000..b4b5db4
--- /dev/null
+++ b/queue-6.6/ptrace-introduce-exception_ip-arch-hook.patch
@@ -0,0 +1,83 @@
+From d08eb6c87fecbfabd803dd10b67d05806d192c09 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 2 Feb 2024 12:30:26 +0000
+Subject: ptrace: Introduce exception_ip arch hook
+
+From: Jiaxun Yang <jiaxun.yang@flygoat.com>
+
+[ Upstream commit 11ba1728be3edb6928791f4c622f154ebe228ae6 ]
+
+On architectures with delay slot, architecture level instruction
+pointer (or program counter) in pt_regs may differ from where
+exception was triggered.
+
+Introduce exception_ip hook to invoke architecture code and determine
+actual instruction pointer to the exception.
+
+Link: https://lore.kernel.org/lkml/00d1b813-c55f-4365-8d81-d70258e10b16@app.fastmail.com/
+Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Stable-dep-of: 8fa507083388 ("mm/memory: Use exception ip to search exception tables")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/include/asm/ptrace.h | 2 ++
+ arch/mips/kernel/ptrace.c      | 7 +++++++
+ include/linux/ptrace.h         | 4 ++++
+ 3 files changed, 13 insertions(+)
+
+diff --git a/arch/mips/include/asm/ptrace.h b/arch/mips/include/asm/ptrace.h
+index daf3cf244ea9..701a233583c2 100644
+--- a/arch/mips/include/asm/ptrace.h
++++ b/arch/mips/include/asm/ptrace.h
+@@ -154,6 +154,8 @@ static inline long regs_return_value(struct pt_regs *regs)
+ }
+ 
+ #define instruction_pointer(regs) ((regs)->cp0_epc)
++extern unsigned long exception_ip(struct pt_regs *regs);
++#define exception_ip(regs) exception_ip(regs)
+ #define profile_pc(regs) instruction_pointer(regs)
+ 
+ extern asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall);
+diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
+index d9df543f7e2c..59288c13b581 100644
+--- a/arch/mips/kernel/ptrace.c
++++ b/arch/mips/kernel/ptrace.c
+@@ -31,6 +31,7 @@
+ #include <linux/seccomp.h>
+ #include <linux/ftrace.h>
+ 
++#include <asm/branch.h>
+ #include <asm/byteorder.h>
+ #include <asm/cpu.h>
+ #include <asm/cpu-info.h>
+@@ -48,6 +49,12 @@
+ #define CREATE_TRACE_POINTS
+ #include <trace/events/syscalls.h>
+ 
++unsigned long exception_ip(struct pt_regs *regs)
++{
++      return exception_epc(regs);
++}
++EXPORT_SYMBOL(exception_ip);
++
+ /*
+  * Called by kernel/ptrace.c when detaching..
+  *
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
+index eaaef3ffec22..90507d4afcd6 100644
+--- a/include/linux/ptrace.h
++++ b/include/linux/ptrace.h
+@@ -393,6 +393,10 @@ static inline void user_single_step_report(struct pt_regs *regs)
+ #define current_user_stack_pointer() user_stack_pointer(current_pt_regs())
+ #endif
+ 
++#ifndef exception_ip
++#define exception_ip(x) instruction_pointer(x)
++#endif
++
+ extern int task_current_syscall(struct task_struct *target, struct syscall_info *info);
+ 
+ extern void sigaction_compat_abi(struct k_sigaction *act, struct k_sigaction *oact);
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-bridge_mdb-use-mdb-get-instead-of-dump.patch b/queue-6.6/selftests-bridge_mdb-use-mdb-get-instead-of-dump.patch
new file mode 100644 (file)
index 0000000..abe3386
--- /dev/null
+++ b/queue-6.6/selftests-bridge_mdb-use-mdb-get-instead-of-dump.patch
@@ -0,0 +1,475 @@
+From 83b612f99d3869afcc533f3473b86c6a26f7b31a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 25 Oct 2023 15:30:19 +0300
+Subject: selftests: bridge_mdb: Use MDB get instead of dump
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+[ Upstream commit e8bba9e83c88ea951dafd3319c97c55a52b3637d ]
+
+Test the new MDB get functionality by converting dump and grep to MDB
+get.
+
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Stable-dep-of: dd6b34589441 ("selftests: forwarding: Suppress grep warnings")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../selftests/net/forwarding/bridge_mdb.sh    | 184 +++++++-----------
+ 1 file changed, 71 insertions(+), 113 deletions(-)
+
+diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+index 529a56adbb88..ebeb43f6606c 100755
+--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh
++++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+@@ -145,14 +145,14 @@ cfg_test_host_common()
+ 
+       # Check basic add, replace and delete behavior.
+       bridge mdb add dev br0 port br0 grp $grp $state vid 10
+-      bridge mdb show dev br0 vid 10 | grep -q "$grp"
++      bridge mdb get dev br0 grp $grp vid 10 &> /dev/null
+       check_err $? "Failed to add $name host entry"
+ 
+       bridge mdb replace dev br0 port br0 grp $grp $state vid 10 &> /dev/null
+       check_fail $? "Managed to replace $name host entry"
+ 
+       bridge mdb del dev br0 port br0 grp $grp $state vid 10
+-      bridge mdb show dev br0 vid 10 | grep -q "$grp"
++      bridge mdb get dev br0 grp $grp vid 10 &> /dev/null
+       check_fail $? "Failed to delete $name host entry"
+ 
+       # Check error cases.
+@@ -200,7 +200,7 @@ cfg_test_port_common()
+ 
+       # Check basic add, replace and delete behavior.
+       bridge mdb add dev br0 port $swp1 $grp_key permanent vid 10
+-      bridge mdb show dev br0 vid 10 | grep -q "$grp_key"
++      bridge mdb get dev br0 $grp_key vid 10 &> /dev/null
+       check_err $? "Failed to add $name entry"
+ 
+       bridge mdb replace dev br0 port $swp1 $grp_key permanent vid 10 \
+@@ -208,31 +208,31 @@ cfg_test_port_common()
+       check_err $? "Failed to replace $name entry"
+ 
+       bridge mdb del dev br0 port $swp1 $grp_key permanent vid 10
+-      bridge mdb show dev br0 vid 10 | grep -q "$grp_key"
++      bridge mdb get dev br0 $grp_key vid 10 &> /dev/null
+       check_fail $? "Failed to delete $name entry"
+ 
+       # Check default protocol and replacement.
+       bridge mdb add dev br0 port $swp1 $grp_key permanent vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | grep -q "static"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "static"
+       check_err $? "$name entry not added with default \"static\" protocol"
+ 
+       bridge mdb replace dev br0 port $swp1 $grp_key permanent vid 10 \
+               proto 123
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | grep -q "123"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "123"
+       check_err $? "Failed to replace protocol of $name entry"
+       bridge mdb del dev br0 port $swp1 $grp_key permanent vid 10
+ 
+       # Check behavior when VLAN is not specified.
+       bridge mdb add dev br0 port $swp1 $grp_key permanent
+-      bridge mdb show dev br0 vid 10 | grep -q "$grp_key"
++      bridge mdb get dev br0 $grp_key vid 10 &> /dev/null
+       check_err $? "$name entry with VLAN 10 not added when VLAN was not specified"
+-      bridge mdb show dev br0 vid 20 | grep -q "$grp_key"
++      bridge mdb get dev br0 $grp_key vid 20 &> /dev/null
+       check_err $? "$name entry with VLAN 20 not added when VLAN was not specified"
+ 
+       bridge mdb del dev br0 port $swp1 $grp_key permanent
+-      bridge mdb show dev br0 vid 10 | grep -q "$grp_key"
++      bridge mdb get dev br0 $grp_key vid 10 &> /dev/null
+       check_fail $? "$name entry with VLAN 10 not deleted when VLAN was not specified"
+-      bridge mdb show dev br0 vid 20 | grep -q "$grp_key"
++      bridge mdb get dev br0 $grp_key vid 20 &> /dev/null
+       check_fail $? "$name entry with VLAN 20 not deleted when VLAN was not specified"
+ 
+       # Check behavior when bridge port is down.
+@@ -298,21 +298,21 @@ __cfg_test_port_ip_star_g()
+       RET=0
+ 
+       bridge mdb add dev br0 port $swp1 grp $grp vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "exclude"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "exclude"
+       check_err $? "Default filter mode is not \"exclude\""
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+ 
+       # Check basic add and delete behavior.
+       bridge mdb add dev br0 port $swp1 grp $grp vid 10 filter_mode exclude \
+               source_list $src1
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q -v "src"
++      bridge -d mdb get dev br0 grp $grp vid 10 &> /dev/null
+       check_err $? "(*, G) entry not created"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src1"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 &> /dev/null
+       check_err $? "(S, G) entry not created"
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q -v "src"
++      bridge -d mdb get dev br0 grp $grp vid 10 &> /dev/null
+       check_fail $? "(*, G) entry not deleted"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src1"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 &> /dev/null
+       check_fail $? "(S, G) entry not deleted"
+ 
+       ## State (permanent / temp) tests.
+@@ -321,18 +321,15 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp permanent vid 10 \
+               filter_mode exclude source_list $src1
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "permanent"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "permanent"
+       check_err $? "(*, G) entry not added as \"permanent\" when should"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | \
+               grep -q "permanent"
+       check_err $? "(S, G) entry not added as \"permanent\" when should"
+ 
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00"
+       check_err $? "(*, G) \"permanent\" entry has a pending group timer"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "\/0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00"
+       check_err $? "\"permanent\" source entry has a pending source timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -342,18 +339,14 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode exclude source_list $src1
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "temp"
+       check_err $? "(*, G) EXCLUDE entry not added as \"temp\" when should"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "temp"
+       check_err $? "(S, G) \"blocked\" entry not added as \"temp\" when should"
+ 
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00"
+       check_fail $? "(*, G) EXCLUDE entry does not have a pending group timer"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "\/0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00"
+       check_err $? "\"blocked\" source entry has a pending source timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -363,18 +356,14 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode include source_list $src1
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "temp"
+       check_err $? "(*, G) INCLUDE entry not added as \"temp\" when should"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "temp"
+       check_err $? "(S, G) entry not added as \"temp\" when should"
+ 
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00"
+       check_err $? "(*, G) INCLUDE entry has a pending group timer"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "\/0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00"
+       check_fail $? "Source entry does not have a pending source timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -383,8 +372,7 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode include source_list $src1
+ 
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 grp $grp src $src1 vid 10 | grep -q " 0.00"
+       check_err $? "(S, G) entry has a pending group timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -396,11 +384,9 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp vid 10 \
+               filter_mode include source_list $src1
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "include"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "include"
+       check_err $? "(*, G) INCLUDE not added with \"include\" filter mode"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "blocked"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "blocked"
+       check_fail $? "(S, G) entry marked as \"blocked\" when should not"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -410,11 +396,9 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp vid 10 \
+               filter_mode exclude source_list $src1
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "exclude"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "exclude"
+       check_err $? "(*, G) EXCLUDE not added with \"exclude\" filter mode"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "blocked"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "blocked"
+       check_err $? "(S, G) entry not marked as \"blocked\" when should"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -426,11 +410,9 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp1 grp $grp vid 10 \
+               filter_mode exclude source_list $src1 proto zebra
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "zebra"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "zebra"
+       check_err $? "(*, G) entry not added with \"zebra\" protocol"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "zebra"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "zebra"
+       check_err $? "(S, G) entry not marked added with \"zebra\" protocol"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -443,20 +425,16 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp permanent vid 10 \
+               filter_mode exclude source_list $src1
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "permanent"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "permanent"
+       check_err $? "(*, G) entry not marked as \"permanent\" after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "permanent"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "permanent"
+       check_err $? "(S, G) entry not marked as \"permanent\" after replace"
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode exclude source_list $src1
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "temp"
+       check_err $? "(*, G) entry not marked as \"temp\" after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "temp"
+       check_err $? "(S, G) entry not marked as \"temp\" after replace"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -467,20 +445,16 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode include source_list $src1
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "include"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "include"
+       check_err $? "(*, G) not marked with \"include\" filter mode after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "blocked"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "blocked"
+       check_fail $? "(S, G) marked as \"blocked\" after replace"
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode exclude source_list $src1
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "exclude"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "exclude"
+       check_err $? "(*, G) not marked with \"exclude\" filter mode after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "blocked"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "blocked"
+       check_err $? "(S, G) not marked as \"blocked\" after replace"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -491,20 +465,20 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode exclude source_list $src1,$src2,$src3
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src1"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 &> /dev/null
+       check_err $? "(S, G) entry for source $src1 not created after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src2"
++      bridge -d mdb get dev br0 grp $grp src $src2 vid 10 &> /dev/null
+       check_err $? "(S, G) entry for source $src2 not created after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src3"
++      bridge -d mdb get dev br0 grp $grp src $src3 vid 10 &> /dev/null
+       check_err $? "(S, G) entry for source $src3 not created after replace"
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode exclude source_list $src1,$src3
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src1"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 &> /dev/null
+       check_err $? "(S, G) entry for source $src1 not created after second replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src2"
++      bridge -d mdb get dev br0 grp $grp src $src2 vid 10 &> /dev/null
+       check_fail $? "(S, G) entry for source $src2 created after second replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -q "src $src3"
++      bridge -d mdb get dev br0 grp $grp src $src3 vid 10 &> /dev/null
+       check_err $? "(S, G) entry for source $src3 not created after second replace"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -515,11 +489,9 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge mdb replace dev br0 port $swp1 grp $grp temp vid 10 \
+               filter_mode exclude source_list $src1 proto bgp
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep -v "src" | \
+-              grep -q "bgp"
++      bridge -d mdb get dev br0 grp $grp vid 10 | grep -q "bgp"
+       check_err $? "(*, G) protocol not changed to \"bgp\" after replace"
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp" | grep "src" | \
+-              grep -q "bgp"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep -q "bgp"
+       check_err $? "(S, G) protocol not changed to \"bgp\" after replace"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -532,8 +504,8 @@ __cfg_test_port_ip_star_g()
+       bridge mdb add dev br0 port $swp2 grp $grp vid 10 \
+               filter_mode include source_list $src1
+       bridge mdb add dev br0 port $swp1 grp $grp vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$swp1" | grep "$grp" | \
+-              grep "$src1" | grep -q "added_by_star_ex"
++      bridge -d mdb get dev br0 grp $grp src $src1 vid 10 | grep "$swp1" | \
++              grep -q "added_by_star_ex"
+       check_err $? "\"added_by_star_ex\" entry not created after adding (*, G) entry"
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+       bridge mdb del dev br0 port $swp2 grp $grp src $src1 vid 10
+@@ -606,27 +578,23 @@ __cfg_test_port_ip_sg()
+       RET=0
+ 
+       bridge mdb add dev br0 port $swp1 $grp_key vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | grep -q "include"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "include"
+       check_err $? "Default filter mode is not \"include\""
+       bridge mdb del dev br0 port $swp1 $grp_key vid 10
+ 
+       # Check that entries can be added as both permanent and temp and that
+       # group timer is set correctly.
+       bridge mdb add dev br0 port $swp1 $grp_key permanent vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q "permanent"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "permanent"
+       check_err $? "Entry not added as \"permanent\" when should"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 $grp_key vid 10 | grep -q " 0.00"
+       check_err $? "\"permanent\" entry has a pending group timer"
+       bridge mdb del dev br0 port $swp1 $grp_key vid 10
+ 
+       bridge mdb add dev br0 port $swp1 $grp_key temp vid 10
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "temp"
+       check_err $? "Entry not added as \"temp\" when should"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 $grp_key vid 10 | grep -q " 0.00"
+       check_fail $? "\"temp\" entry has an unpending group timer"
+       bridge mdb del dev br0 port $swp1 $grp_key vid 10
+ 
+@@ -650,24 +618,19 @@ __cfg_test_port_ip_sg()
+       # Check that we can replace available attributes.
+       bridge mdb add dev br0 port $swp1 $grp_key vid 10 proto 123
+       bridge mdb replace dev br0 port $swp1 $grp_key vid 10 proto 111
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q "111"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "111"
+       check_err $? "Failed to replace protocol"
+ 
+       bridge mdb replace dev br0 port $swp1 $grp_key vid 10 permanent
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q "permanent"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "permanent"
+       check_err $? "Entry not marked as \"permanent\" after replace"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 $grp_key vid 10 | grep -q " 0.00"
+       check_err $? "Entry has a pending group timer after replace"
+ 
+       bridge mdb replace dev br0 port $swp1 $grp_key vid 10 temp
+-      bridge -d mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q "temp"
++      bridge -d mdb get dev br0 $grp_key vid 10 | grep -q "temp"
+       check_err $? "Entry not marked as \"temp\" after replace"
+-      bridge -d -s mdb show dev br0 vid 10 | grep "$grp_key" | \
+-              grep -q " 0.00"
++      bridge -d -s mdb get dev br0 $grp_key vid 10 | grep -q " 0.00"
+       check_fail $? "Entry has an unpending group timer after replace"
+       bridge mdb del dev br0 port $swp1 $grp_key vid 10
+ 
+@@ -675,7 +638,7 @@ __cfg_test_port_ip_sg()
+       # (*, G) ports need to be added to it.
+       bridge mdb add dev br0 port $swp2 grp $grp vid 10
+       bridge mdb add dev br0 port $swp1 $grp_key vid 10
+-      bridge mdb show dev br0 vid 10 | grep "$grp_key" | grep $swp2 | \
++      bridge mdb get dev br0 $grp_key vid 10 | grep $swp2 | \
+               grep -q "added_by_star_ex"
+       check_err $? "\"added_by_star_ex\" entry not created after adding (S, G) entry"
+       bridge mdb del dev br0 port $swp1 $grp_key vid 10
+@@ -1136,7 +1099,7 @@ ctrl_igmpv3_is_in_test()
+       $MZ $h1.10 -c 1 -a own -b 01:00:5e:01:01:01 -A 192.0.2.1 -B 239.1.1.1 \
+               -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep 239.1.1.1 | grep -q 192.0.2.2
++      bridge mdb get dev br0 grp 239.1.1.1 src 192.0.2.2 vid 10 &> /dev/null
+       check_fail $? "Permanent entry affected by IGMP packet"
+ 
+       # Replace the permanent entry with a temporary one and check that after
+@@ -1149,12 +1112,10 @@ ctrl_igmpv3_is_in_test()
+       $MZ $h1.10 -a own -b 01:00:5e:01:01:01 -c 1 -A 192.0.2.1 -B 239.1.1.1 \
+               -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep 239.1.1.1 | grep -v "src" | \
+-              grep -q 192.0.2.2
++      bridge -d mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q 192.0.2.2
+       check_err $? "Source not add to source list"
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep 239.1.1.1 | \
+-              grep -q "src 192.0.2.2"
++      bridge mdb get dev br0 grp 239.1.1.1 src 192.0.2.2 vid 10 &> /dev/null
+       check_err $? "(S, G) entry not created for new source"
+ 
+       bridge mdb del dev br0 port $swp1 grp 239.1.1.1 vid 10
+@@ -1176,8 +1137,7 @@ ctrl_mldv2_is_in_test()
+       $MZ -6 $h1.10 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
+               -t ip hop=1,next=0,p="$p" -q
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep ff0e::1 | \
+-              grep -q 2001:db8:1::2
++      bridge mdb get dev br0 grp ff0e::1 src 2001:db8:1::2 vid 10 &> /dev/null
+       check_fail $? "Permanent entry affected by MLD packet"
+ 
+       # Replace the permanent entry with a temporary one and check that after
+@@ -1190,12 +1150,10 @@ ctrl_mldv2_is_in_test()
+       $MZ -6 $h1.10 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
+               -t ip hop=1,next=0,p="$p" -q
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep ff0e::1 | grep -v "src" | \
+-              grep -q 2001:db8:1::2
++      bridge -d mdb get dev br0 grp ff0e::1 vid 10 | grep -q 2001:db8:1::2
+       check_err $? "Source not add to source list"
+ 
+-      bridge -d mdb show dev br0 vid 10 | grep ff0e::1 | \
+-              grep -q "src 2001:db8:1::2"
++      bridge mdb get dev br0 grp ff0e::1 src 2001:db8:1::2 vid 10 &> /dev/null
+       check_err $? "(S, G) entry not created for new source"
+ 
+       bridge mdb del dev br0 port $swp1 grp ff0e::1 vid 10
+@@ -1212,8 +1170,8 @@ ctrl_test()
+       ctrl_mldv2_is_in_test
+ }
+ 
+-if ! bridge mdb help 2>&1 | grep -q "replace"; then
+-      echo "SKIP: iproute2 too old, missing bridge mdb replace support"
++if ! bridge mdb help 2>&1 | grep -q "get"; then
++      echo "SKIP: iproute2 too old, missing bridge mdb get support"
+       exit $ksft_skip
+ fi
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-forwarding-fix-bridge-locked-port-test-fla.patch b/queue-6.6/selftests-forwarding-fix-bridge-locked-port-test-fla.patch
new file mode 100644 (file)
index 0000000..abfe9b8
--- /dev/null
+++ b/queue-6.6/selftests-forwarding-fix-bridge-locked-port-test-fla.patch
@@ -0,0 +1,67 @@
+From b97a547d80db3677d32a1514535cdc081dbbb7b8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 17:55:29 +0200
+Subject: selftests: forwarding: Fix bridge locked port test flakiness
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+[ Upstream commit f97f1fcc96908c97a240ff6cb4474e155abfa0d7 ]
+
+The redirection test case fails in the netdev CI on debug kernels
+because an FDB entry is learned despite the presence of a tc filter that
+redirects incoming traffic [1].
+
+I am unable to reproduce the failure locally, but I can see how it can
+happen given that learning is first enabled and only then the ingress tc
+filter is configured. On debug kernels the time window between these two
+operations is longer compared to regular kernels, allowing random
+packets to be transmitted and trigger learning.
+
+Fix by reversing the order and configure the ingress tc filter before
+enabling learning.
+
+[1]
+[...]
+ # TEST: Locked port MAB redirect                                      [FAIL]
+ # Locked entry created for redirected traffic
+
+Fixes: 38c43a1ce758 ("selftests: forwarding: Add test case for traffic redirection from a locked port")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
+Link: https://lore.kernel.org/r/20240208155529.1199729-5-idosch@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/forwarding/bridge_locked_port.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+index 9af9f6964808..c62331b2e006 100755
+--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
++++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+@@ -327,10 +327,10 @@ locked_port_mab_redirect()
+       RET=0
+       check_port_mab_support || return 0
+ 
+-      bridge link set dev $swp1 learning on locked on mab on
+       tc qdisc add dev $swp1 clsact
+       tc filter add dev $swp1 ingress protocol all pref 1 handle 101 flower \
+               action mirred egress redirect dev $swp2
++      bridge link set dev $swp1 learning on locked on mab on
+ 
+       ping_do $h1 192.0.2.2
+       check_err $? "Ping did not work with redirection"
+@@ -349,8 +349,8 @@ locked_port_mab_redirect()
+       check_err $? "Locked entry not created after deleting filter"
+ 
+       bridge fdb del `mac_get $h1` vlan 1 dev $swp1 master
+-      tc qdisc del dev $swp1 clsact
+       bridge link set dev $swp1 learning off locked off mab off
++      tc qdisc del dev $swp1 clsact
+ 
+       log_test "Locked port MAB redirect"
+ }
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-forwarding-fix-bridge-mdb-test-flakiness.patch b/queue-6.6/selftests-forwarding-fix-bridge-mdb-test-flakiness.patch
new file mode 100644 (file)
index 0000000..b6165ae
--- /dev/null
+++ b/queue-6.6/selftests-forwarding-fix-bridge-mdb-test-flakiness.patch
@@ -0,0 +1,70 @@
+From 6c39c771c33a683019b8a9f308104b661fc10fec Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 17:55:27 +0200
+Subject: selftests: forwarding: Fix bridge MDB test flakiness
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+[ Upstream commit 7399e2ce4d424f426417496eb289458780eea985 ]
+
+After enabling a multicast querier on the bridge (like the test is
+doing), the bridge will wait for the Max Response Delay before starting
+to forward according to its MDB in order to let Membership Reports
+enough time to be received and processed.
+
+Currently, the test is waiting for exactly the default Max Response
+Delay (10 seconds) which is racy and leads to failures [1].
+
+Fix by reducing the Max Response Delay to 1 second.
+
+[1]
+ [...]
+ # TEST: IPv4 host entries forwarding tests                            [FAIL]
+ # Packet locally received after flood
+
+Fixes: b6d00da08610 ("selftests: forwarding: Add bridge MDB test")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
+Link: https://lore.kernel.org/r/20240208155529.1199729-3-idosch@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/forwarding/bridge_mdb.sh | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+index d0c6c499d5da..529a56adbb88 100755
+--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh
++++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+@@ -1102,14 +1102,17 @@ fwd_test()
+       echo
+       log_info "# Forwarding tests"
+ 
++      # Set the Max Response Delay to 100 centiseconds (1 second) so that the
++      # bridge will start forwarding according to its MDB soon after a
++      # multicast querier is enabled.
++      ip link set dev br0 type bridge mcast_query_response_interval 100
++
+       # Forwarding according to MDB entries only takes place when the bridge
+       # detects that there is a valid querier in the network. Set the bridge
+       # as the querier and assign it a valid IPv6 link-local address to be
+       # used as the source address for MLD queries.
+       ip -6 address add fe80::1/64 nodad dev br0
+       ip link set dev br0 type bridge mcast_querier 1
+-      # Wait the default Query Response Interval (10 seconds) for the bridge
+-      # to determine that there are no other queriers in the network.
+       sleep 10
+ 
+       fwd_test_host
+@@ -1117,6 +1120,7 @@ fwd_test()
+ 
+       ip link set dev br0 type bridge mcast_querier 0
+       ip -6 address del fe80::1/64 dev br0
++      ip link set dev br0 type bridge mcast_query_response_interval 1000
+ }
+ 
+ ctrl_igmpv3_is_in_test()
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-forwarding-fix-layer-2-miss-test-flakiness.patch b/queue-6.6/selftests-forwarding-fix-layer-2-miss-test-flakiness.patch
new file mode 100644 (file)
index 0000000..226975d
--- /dev/null
+++ b/queue-6.6/selftests-forwarding-fix-layer-2-miss-test-flakiness.patch
@@ -0,0 +1,70 @@
+From fca5dafd09ab44c29c6940bd78aa72568670e133 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 17:55:26 +0200
+Subject: selftests: forwarding: Fix layer 2 miss test flakiness
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+[ Upstream commit 93590849a05edffaefa11695fab98f621259ded2 ]
+
+After enabling a multicast querier on the bridge (like the test is
+doing), the bridge will wait for the Max Response Delay before starting
+to forward according to its MDB in order to let Membership Reports
+enough time to be received and processed.
+
+Currently, the test is waiting for exactly the default Max Response
+Delay (10 seconds) which is racy and leads to failures [1].
+
+Fix by reducing the Max Response Delay to 1 second.
+
+[1]
+ [...]
+ # TEST: L2 miss - Multicast (IPv4)                                    [FAIL]
+ # Unregistered multicast filter was hit after adding MDB entry
+
+Fixes: 8c33266ae26a ("selftests: forwarding: Add layer 2 miss test cases")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
+Link: https://lore.kernel.org/r/20240208155529.1199729-2-idosch@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../testing/selftests/net/forwarding/tc_flower_l2_miss.sh | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
+index 20a7cb7222b8..c2420bb72c12 100755
+--- a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
++++ b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
+@@ -209,14 +209,17 @@ test_l2_miss_multicast()
+       # both registered and unregistered multicast traffic.
+       bridge link set dev $swp2 mcast_router 2
+ 
++      # Set the Max Response Delay to 100 centiseconds (1 second) so that the
++      # bridge will start forwarding according to its MDB soon after a
++      # multicast querier is enabled.
++      ip link set dev br1 type bridge mcast_query_response_interval 100
++
+       # Forwarding according to MDB entries only takes place when the bridge
+       # detects that there is a valid querier in the network. Set the bridge
+       # as the querier and assign it a valid IPv6 link-local address to be
+       # used as the source address for MLD queries.
+       ip link set dev br1 type bridge mcast_querier 1
+       ip -6 address add fe80::1/64 nodad dev br1
+-      # Wait the default Query Response Interval (10 seconds) for the bridge
+-      # to determine that there are no other queriers in the network.
+       sleep 10
+ 
+       test_l2_miss_multicast_ipv4
+@@ -224,6 +227,7 @@ test_l2_miss_multicast()
+ 
+       ip -6 address del fe80::1/64 dev br1
+       ip link set dev br1 type bridge mcast_querier 0
++      ip link set dev br1 type bridge mcast_query_response_interval 1000
+       bridge link set dev $swp2 mcast_router 1
+ }
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-forwarding-suppress-grep-warnings.patch b/queue-6.6/selftests-forwarding-suppress-grep-warnings.patch
new file mode 100644 (file)
index 0000000..212cc00
--- /dev/null
+++ b/queue-6.6/selftests-forwarding-suppress-grep-warnings.patch
@@ -0,0 +1,72 @@
+From 1d3e2e9b99a76f861a38d281e4a80098c01ef44a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 17:55:28 +0200
+Subject: selftests: forwarding: Suppress grep warnings
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+[ Upstream commit dd6b34589441f2ad4698dd88a664811550148b41 ]
+
+Suppress the following grep warnings:
+
+[...]
+INFO: # Port group entries configuration tests - (*, G)
+TEST: Common port group entries configuration tests (IPv4 (*, G))   [ OK ]
+TEST: Common port group entries configuration tests (IPv6 (*, G))   [ OK ]
+grep: warning: stray \ before /
+grep: warning: stray \ before /
+grep: warning: stray \ before /
+TEST: IPv4 (*, G) port group entries configuration tests            [ OK ]
+grep: warning: stray \ before /
+grep: warning: stray \ before /
+grep: warning: stray \ before /
+TEST: IPv6 (*, G) port group entries configuration tests            [ OK ]
+[...]
+
+They do not fail the test, but do clutter the output.
+
+Fixes: b6d00da08610 ("selftests: forwarding: Add bridge MDB test")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
+Link: https://lore.kernel.org/r/20240208155529.1199729-4-idosch@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/forwarding/bridge_mdb.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+index ebeb43f6606c..a3678dfe5848 100755
+--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh
++++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+@@ -329,7 +329,7 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00"
+       check_err $? "(*, G) \"permanent\" entry has a pending group timer"
+-      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "/0.00"
+       check_err $? "\"permanent\" source entry has a pending source timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -346,7 +346,7 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00"
+       check_fail $? "(*, G) EXCLUDE entry does not have a pending group timer"
+-      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "/0.00"
+       check_err $? "\"blocked\" source entry has a pending source timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+@@ -363,7 +363,7 @@ __cfg_test_port_ip_star_g()
+ 
+       bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00"
+       check_err $? "(*, G) INCLUDE entry has a pending group timer"
+-      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00"
++      bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "/0.00"
+       check_fail $? "Source entry does not have a pending source timer"
+ 
+       bridge mdb del dev br0 port $swp1 grp $grp vid 10
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-landlock-fix-fs_test-build-with-old-libc.patch b/queue-6.6/selftests-landlock-fix-fs_test-build-with-old-libc.patch
new file mode 100644 (file)
index 0000000..52375a3
--- /dev/null
+++ b/queue-6.6/selftests-landlock-fix-fs_test-build-with-old-libc.patch
@@ -0,0 +1,65 @@
+From 135ef65e83ecddd55e9f075b226108f78ecc72de Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 24 Jan 2024 10:29:08 +0800
+Subject: selftests/landlock: Fix fs_test build with old libc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Hu Yadi <hu.yadi@h3c.com>
+
+[ Upstream commit 40b7835e74e0383be308d528c5e0e41b3bf72ade ]
+
+One issue comes up while building selftest/landlock/fs_test on my side
+(gcc 7.3/glibc-2.28/kernel-4.19).
+
+gcc -Wall -O2 -isystem   fs_test.c -lcap -o selftests/landlock/fs_test
+fs_test.c:4575:9: error: initializer element is not constant
+  .mnt = mnt_tmp,
+         ^~~~~~~
+
+Signed-off-by: Hu Yadi <hu.yadi@h3c.com>
+Suggested-by: Jiao <jiaoxupo@h3c.com>
+Reviewed-by: Berlin <berlin@h3c.com>
+Link: https://lore.kernel.org/r/20240124022908.42100-1-hu.yadi@h3c.com
+Fixes: 04f9070e99a4 ("selftests/landlock: Add tests for pseudo filesystems")
+[mic: Factor out mount's data string and make mnt_tmp static]
+Signed-off-by: Mickaël Salaün <mic@digikod.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/landlock/fs_test.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
+index 251594306d40..720bafa0f87b 100644
+--- a/tools/testing/selftests/landlock/fs_test.c
++++ b/tools/testing/selftests/landlock/fs_test.c
+@@ -241,9 +241,11 @@ struct mnt_opt {
+       const char *const data;
+ };
+ 
+-const struct mnt_opt mnt_tmp = {
++#define MNT_TMP_DATA "size=4m,mode=700"
++
++static const struct mnt_opt mnt_tmp = {
+       .type = "tmpfs",
+-      .data = "size=4m,mode=700",
++      .data = MNT_TMP_DATA,
+ };
+ 
+ static int mount_opt(const struct mnt_opt *const mnt, const char *const target)
+@@ -4523,7 +4525,10 @@ FIXTURE_VARIANT(layout3_fs)
+ /* clang-format off */
+ FIXTURE_VARIANT_ADD(layout3_fs, tmpfs) {
+       /* clang-format on */
+-      .mnt = mnt_tmp,
++      .mnt = {
++              .type = "tmpfs",
++              .data = MNT_TMP_DATA,
++      },
+       .file_path = file1_s1d1,
+ };
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-net-convert-test_bridge_backup_port.sh-to-.patch b/queue-6.6/selftests-net-convert-test_bridge_backup_port.sh-to-.patch
new file mode 100644 (file)
index 0000000..2ce509a
--- /dev/null
+++ b/queue-6.6/selftests-net-convert-test_bridge_backup_port.sh-to-.patch
@@ -0,0 +1,683 @@
+From 32588cd8b00c7e3f72a8292f94ec46dd71a5e982 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 6 Dec 2023 15:07:53 +0800
+Subject: selftests/net: convert test_bridge_backup_port.sh to run it in unique
+ namespace
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+[ Upstream commit 4624a78c18c62da815f3253966b7a87995f77e1b ]
+
+There is no h1 h2 actually. Remove it. Here is the test result after
+conversion.
+
+]# ./test_bridge_backup_port.sh
+
+Backup port
+-----------
+TEST: Forwarding out of swp1                                        [ OK ]
+TEST: No forwarding out of vx0                                      [ OK ]
+TEST: swp1 carrier off                                              [ OK ]
+TEST: No forwarding out of swp1                                     [ OK ]
+...
+Backup nexthop ID - ping
+------------------------
+TEST: Ping with backup nexthop ID                                   [ OK ]
+TEST: Ping after disabling backup nexthop ID                        [ OK ]
+
+Backup nexthop ID - torture test
+--------------------------------
+TEST: Torture test                                                  [ OK ]
+
+Tests passed:  83
+Tests failed:   0
+
+Acked-by: David Ahern <dsahern@kernel.org>
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Reviewed-by: Ido Schimmel <idosch@nvidia.com>
+Tested-by: Ido Schimmel <idosch@nvidia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Stable-dep-of: 38ee0cb2a2e2 ("selftests: net: Fix bridge backup port test flakiness")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../selftests/net/test_bridge_backup_port.sh  | 371 +++++++++---------
+ 1 file changed, 182 insertions(+), 189 deletions(-)
+
+diff --git a/tools/testing/selftests/net/test_bridge_backup_port.sh b/tools/testing/selftests/net/test_bridge_backup_port.sh
+index 112cfd8a10ad..70a7d87ba2d2 100755
+--- a/tools/testing/selftests/net/test_bridge_backup_port.sh
++++ b/tools/testing/selftests/net/test_bridge_backup_port.sh
+@@ -35,9 +35,8 @@
+ # | sw1                                | | sw2                                |
+ # +------------------------------------+ +------------------------------------+
+ 
++source lib.sh
+ ret=0
+-# Kselftest framework requirement - SKIP code is 4.
+-ksft_skip=4
+ 
+ # All tests in this script. Can be overridden with -t option.
+ TESTS="
+@@ -132,9 +131,6 @@ setup_topo_ns()
+ {
+       local ns=$1; shift
+ 
+-      ip netns add $ns
+-      ip -n $ns link set dev lo up
+-
+       ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
+       ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1
+       ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0
+@@ -145,13 +141,14 @@ setup_topo()
+ {
+       local ns
+ 
+-      for ns in sw1 sw2; do
++      setup_ns sw1 sw2
++      for ns in $sw1 $sw2; do
+               setup_topo_ns $ns
+       done
+ 
+       ip link add name veth0 type veth peer name veth1
+-      ip link set dev veth0 netns sw1 name veth0
+-      ip link set dev veth1 netns sw2 name veth0
++      ip link set dev veth0 netns $sw1 name veth0
++      ip link set dev veth1 netns $sw2 name veth0
+ }
+ 
+ setup_sw_common()
+@@ -190,7 +187,7 @@ setup_sw_common()
+ 
+ setup_sw1()
+ {
+-      local ns=sw1
++      local ns=$sw1
+       local local_addr=192.0.2.33
+       local remote_addr=192.0.2.34
+       local veth_addr=192.0.2.49
+@@ -203,7 +200,7 @@ setup_sw1()
+ 
+ setup_sw2()
+ {
+-      local ns=sw2
++      local ns=$sw2
+       local local_addr=192.0.2.34
+       local remote_addr=192.0.2.33
+       local veth_addr=192.0.2.50
+@@ -229,11 +226,7 @@ setup()
+ 
+ cleanup()
+ {
+-      local ns
+-
+-      for ns in h1 h2 sw1 sw2; do
+-              ip netns del $ns &> /dev/null
+-      done
++      cleanup_ns $sw1 $sw2
+ }
+ 
+ ################################################################################
+@@ -248,85 +241,85 @@ backup_port()
+       echo "Backup port"
+       echo "-----------"
+ 
+-      run_cmd "tc -n sw1 qdisc replace dev swp1 clsact"
+-      run_cmd "tc -n sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
++      run_cmd "tc -n $sw1 qdisc replace dev swp1 clsact"
++      run_cmd "tc -n $sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
+ 
+-      run_cmd "tc -n sw1 qdisc replace dev vx0 clsact"
+-      run_cmd "tc -n sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
++      run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
++      run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
+ 
+-      run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10"
++      run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10"
+ 
+       # Initial state - check that packets are forwarded out of swp1 when it
+       # has a carrier and not forwarded out of any port when it does not have
+       # a carrier.
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 1
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 1
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 0
++      tc_check_packets $sw1 "dev vx0 egress" 101 0
+       log_test $? 0 "No forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 1
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 1
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 0
++      tc_check_packets $sw1 "dev vx0 egress" 101 0
+       log_test $? 0 "No forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier on"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier on"
+       log_test $? 0 "swp1 carrier on"
+ 
+       # Configure vx0 as the backup port of swp1 and check that packets are
+       # forwarded out of swp1 when it has a carrier and out of vx0 when swp1
+       # does not have a carrier.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\""
+       log_test $? 0 "vx0 configured as backup port of swp1"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 2
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 2
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 0
++      tc_check_packets $sw1 "dev vx0 egress" 101 0
+       log_test $? 0 "No forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 2
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 2
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "Forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier on"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier on"
+       log_test $? 0 "swp1 carrier on"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 3
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 3
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       # Remove vx0 as the backup port of swp1 and check that packets are no
+       # longer forwarded out of vx0 when swp1 does not have a carrier.
+-      run_cmd "bridge -n sw1 link set dev swp1 nobackup_port"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\""
++      run_cmd "bridge -n $sw1 link set dev swp1 nobackup_port"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\""
+       log_test $? 1 "vx0 not configured as backup port of swp1"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 4
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 4
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "No forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 4
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 4
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "No forwarding out of vx0"
+ }
+ 
+@@ -339,125 +332,125 @@ backup_nhid()
+       echo "Backup nexthop ID"
+       echo "-----------------"
+ 
+-      run_cmd "tc -n sw1 qdisc replace dev swp1 clsact"
+-      run_cmd "tc -n sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
++      run_cmd "tc -n $sw1 qdisc replace dev swp1 clsact"
++      run_cmd "tc -n $sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
+ 
+-      run_cmd "tc -n sw1 qdisc replace dev vx0 clsact"
+-      run_cmd "tc -n sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
++      run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
++      run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
+ 
+-      run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 2 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 10 group 1/2 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 2 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 10 group 1/2 fdb"
+ 
+-      run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10"
+-      run_cmd "bridge -n sw1 fdb replace $dmac dev vx0 self static dst 192.0.2.36 src_vni 10010"
++      run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10"
++      run_cmd "bridge -n $sw1 fdb replace $dmac dev vx0 self static dst 192.0.2.36 src_vni 10010"
+ 
+-      run_cmd "ip -n sw2 address replace 192.0.2.36/32 dev lo"
++      run_cmd "ip -n $sw2 address replace 192.0.2.36/32 dev lo"
+ 
+       # The first filter matches on packets forwarded using the backup
+       # nexthop ID and the second filter matches on packets forwarded using a
+       # regular VXLAN FDB entry.
+-      run_cmd "tc -n sw2 qdisc replace dev vx0 clsact"
+-      run_cmd "tc -n sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass"
+-      run_cmd "tc -n sw2 filter replace dev vx0 ingress pref 1 handle 102 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.36 action pass"
++      run_cmd "tc -n $sw2 qdisc replace dev vx0 clsact"
++      run_cmd "tc -n $sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass"
++      run_cmd "tc -n $sw2 filter replace dev vx0 ingress pref 1 handle 102 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.36 action pass"
+ 
+       # Configure vx0 as the backup port of swp1 and check that packets are
+       # forwarded out of swp1 when it has a carrier and out of vx0 when swp1
+       # does not have a carrier. When packets are forwarded out of vx0, check
+       # that they are forwarded by the VXLAN FDB entry.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\""
+       log_test $? 0 "vx0 configured as backup port of swp1"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 1
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 1
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 0
++      tc_check_packets $sw1 "dev vx0 egress" 101 0
+       log_test $? 0 "No forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 1
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 1
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 0
++      tc_check_packets $sw2 "dev vx0 ingress" 101 0
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      tc_check_packets sw2 "dev vx0 ingress" 102 1
++      tc_check_packets $sw2 "dev vx0 ingress" 102 1
+       log_test $? 0 "Forwarding using VXLAN FDB entry"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier on"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier on"
+       log_test $? 0 "swp1 carrier on"
+ 
+       # Configure nexthop ID 10 as the backup nexthop ID of swp1 and check
+       # that when packets are forwarded out of vx0, they are forwarded using
+       # the backup nexthop ID.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 10\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 10\""
+       log_test $? 0 "nexthop ID 10 configured as backup nexthop ID of swp1"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 2
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 2
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "No forwarding out of vx0"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 2
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 2
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 2
++      tc_check_packets $sw1 "dev vx0 egress" 101 2
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "Forwarding using backup nexthop ID"
+-      tc_check_packets sw2 "dev vx0 ingress" 102 1
++      tc_check_packets $sw2 "dev vx0 ingress" 102 1
+       log_test $? 0 "No forwarding using VXLAN FDB entry"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier on"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier on"
+       log_test $? 0 "swp1 carrier on"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 3
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 3
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 2
++      tc_check_packets $sw1 "dev vx0 egress" 101 2
+       log_test $? 0 "No forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      tc_check_packets sw2 "dev vx0 ingress" 102 1
++      tc_check_packets $sw2 "dev vx0 ingress" 102 1
+       log_test $? 0 "No forwarding using VXLAN FDB entry"
+ 
+       # Reset the backup nexthop ID to 0 and check that packets are no longer
+       # forwarded using the backup nexthop ID when swp1 does not have a
+       # carrier and are instead forwarded by the VXLAN FDB.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 0"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 0"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid\""
+       log_test $? 1 "No backup nexthop ID configured for swp1"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 4
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 4
+       log_test $? 0 "Forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 2
++      tc_check_packets $sw1 "dev vx0 egress" 101 2
+       log_test $? 0 "No forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      tc_check_packets sw2 "dev vx0 ingress" 102 1
++      tc_check_packets $sw2 "dev vx0 ingress" 102 1
+       log_test $? 0 "No forwarding using VXLAN FDB entry"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 4
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 4
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 3
++      tc_check_packets $sw1 "dev vx0 egress" 101 3
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      tc_check_packets sw2 "dev vx0 ingress" 102 2
++      tc_check_packets $sw2 "dev vx0 ingress" 102 2
+       log_test $? 0 "Forwarding using VXLAN FDB entry"
+ }
+ 
+@@ -475,109 +468,109 @@ backup_nhid_invalid()
+       # is forwarded out of the VXLAN port, but dropped by the VXLAN driver
+       # and does not crash the host.
+ 
+-      run_cmd "tc -n sw1 qdisc replace dev swp1 clsact"
+-      run_cmd "tc -n sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
++      run_cmd "tc -n $sw1 qdisc replace dev swp1 clsact"
++      run_cmd "tc -n $sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
+ 
+-      run_cmd "tc -n sw1 qdisc replace dev vx0 clsact"
+-      run_cmd "tc -n sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
++      run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact"
++      run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass"
+       # Drop all other Tx traffic to avoid changes to Tx drop counter.
+-      run_cmd "tc -n sw1 filter replace dev vx0 egress pref 2 handle 102 proto all matchall action drop"
++      run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 2 handle 102 proto all matchall action drop"
+ 
+-      tx_drop=$(ip -n sw1 -s -j link show dev vx0 | jq '.[]["stats64"]["tx"]["dropped"]')
++      tx_drop=$(ip -n $sw1 -s -j link show dev vx0 | jq '.[]["stats64"]["tx"]["dropped"]')
+ 
+-      run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 2 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 10 group 1/2 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 2 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 10 group 1/2 fdb"
+ 
+-      run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10"
++      run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10"
+ 
+-      run_cmd "tc -n sw2 qdisc replace dev vx0 clsact"
+-      run_cmd "tc -n sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass"
++      run_cmd "tc -n $sw2 qdisc replace dev vx0 clsact"
++      run_cmd "tc -n $sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass"
+ 
+       # First, check that redirection works.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\""
+       log_test $? 0 "vx0 configured as backup port of swp1"
+ 
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 10\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 10\""
+       log_test $? 0 "Valid nexthop as backup nexthop"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+       log_test $? 0 "swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 0
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 0
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 1
++      tc_check_packets $sw1 "dev vx0 egress" 101 1
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "Forwarding using backup nexthop ID"
+-      run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $tx_drop'"
++      run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $tx_drop'"
+       log_test $? 0 "No Tx drop increase"
+ 
+       # Use a non-existent nexthop ID.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 20"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 20\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 20"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 20\""
+       log_test $? 0 "Non-existent nexthop as backup nexthop"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 0
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 0
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 2
++      tc_check_packets $sw1 "dev vx0 egress" 101 2
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 1))'"
++      run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 1))'"
+       log_test $? 0 "Tx drop increased"
+ 
+       # Use a blckhole nexthop.
+-      run_cmd "ip -n sw1 nexthop replace id 30 blackhole"
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 30"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 30\""
++      run_cmd "ip -n $sw1 nexthop replace id 30 blackhole"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 30"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 30\""
+       log_test $? 0 "Blackhole nexthop as backup nexthop"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 0
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 0
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 3
++      tc_check_packets $sw1 "dev vx0 egress" 101 3
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 2))'"
++      run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 2))'"
+       log_test $? 0 "Tx drop increased"
+ 
+       # Non-group FDB nexthop.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 1"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 1\""
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 1"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 1\""
+       log_test $? 0 "Non-group FDB nexthop as backup nexthop"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 0
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 0
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 4
++      tc_check_packets $sw1 "dev vx0 egress" 101 4
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 3))'"
++      run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 3))'"
+       log_test $? 0 "Tx drop increased"
+ 
+       # IPv6 address family nexthop.
+-      run_cmd "ip -n sw1 nexthop replace id 100 via 2001:db8:100::1 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 200 via 2001:db8:100::1 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 300 group 100/200 fdb"
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 300"
+-      run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 300\""
++      run_cmd "ip -n $sw1 nexthop replace id 100 via 2001:db8:100::1 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 200 via 2001:db8:100::1 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 300 group 100/200 fdb"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 300"
++      run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 300\""
+       log_test $? 0 "IPv6 address family nexthop as backup nexthop"
+ 
+-      run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+-      tc_check_packets sw1 "dev swp1 egress" 101 0
++      run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
++      tc_check_packets $sw1 "dev swp1 egress" 101 0
+       log_test $? 0 "No forwarding out of swp1"
+-      tc_check_packets sw1 "dev vx0 egress" 101 5
++      tc_check_packets $sw1 "dev vx0 egress" 101 5
+       log_test $? 0 "Forwarding out of vx0"
+-      tc_check_packets sw2 "dev vx0 ingress" 101 1
++      tc_check_packets $sw2 "dev vx0 ingress" 101 1
+       log_test $? 0 "No forwarding using backup nexthop ID"
+-      run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 4))'"
++      run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 4))'"
+       log_test $? 0 "Tx drop increased"
+ }
+ 
+@@ -591,44 +584,44 @@ backup_nhid_ping()
+       echo "------------------------"
+ 
+       # Test bidirectional traffic when traffic is redirected in both VTEPs.
+-      sw1_mac=$(ip -n sw1 -j -p link show br0.10 | jq -r '.[]["address"]')
+-      sw2_mac=$(ip -n sw2 -j -p link show br0.10 | jq -r '.[]["address"]')
++      sw1_mac=$(ip -n $sw1 -j -p link show br0.10 | jq -r '.[]["address"]')
++      sw2_mac=$(ip -n $sw2 -j -p link show br0.10 | jq -r '.[]["address"]')
+ 
+-      run_cmd "bridge -n sw1 fdb replace $sw2_mac dev swp1 master static vlan 10"
+-      run_cmd "bridge -n sw2 fdb replace $sw1_mac dev swp1 master static vlan 10"
++      run_cmd "bridge -n $sw1 fdb replace $sw2_mac dev swp1 master static vlan 10"
++      run_cmd "bridge -n $sw2 fdb replace $sw1_mac dev swp1 master static vlan 10"
+ 
+-      run_cmd "ip -n sw1 neigh replace 192.0.2.66 lladdr $sw2_mac nud perm dev br0.10"
+-      run_cmd "ip -n sw2 neigh replace 192.0.2.65 lladdr $sw1_mac nud perm dev br0.10"
++      run_cmd "ip -n $sw1 neigh replace 192.0.2.66 lladdr $sw2_mac nud perm dev br0.10"
++      run_cmd "ip -n $sw2 neigh replace 192.0.2.65 lladdr $sw1_mac nud perm dev br0.10"
+ 
+-      run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw2 nexthop replace id 1 via 192.0.2.33 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 10 group 1 fdb"
+-      run_cmd "ip -n sw2 nexthop replace id 10 group 1 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw2 nexthop replace id 1 via 192.0.2.33 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 10 group 1 fdb"
++      run_cmd "ip -n $sw2 nexthop replace id 10 group 1 fdb"
+ 
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0"
+-      run_cmd "bridge -n sw2 link set dev swp1 backup_port vx0"
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10"
+-      run_cmd "bridge -n sw2 link set dev swp1 backup_nhid 10"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0"
++      run_cmd "bridge -n $sw2 link set dev swp1 backup_port vx0"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10"
++      run_cmd "bridge -n $sw2 link set dev swp1 backup_nhid 10"
+ 
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
+-      run_cmd "ip -n sw2 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      run_cmd "ip -n $sw2 link set dev swp1 carrier off"
+ 
+-      run_cmd "ip netns exec sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66"
++      run_cmd "ip netns exec $sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66"
+       log_test $? 0 "Ping with backup nexthop ID"
+ 
+       # Reset the backup nexthop ID to 0 and check that ping fails.
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 0"
+-      run_cmd "bridge -n sw2 link set dev swp1 backup_nhid 0"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 0"
++      run_cmd "bridge -n $sw2 link set dev swp1 backup_nhid 0"
+ 
+-      run_cmd "ip netns exec sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66"
++      run_cmd "ip netns exec $sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66"
+       log_test $? 1 "Ping after disabling backup nexthop ID"
+ }
+ 
+ backup_nhid_add_del_loop()
+ {
+       while true; do
+-              ip -n sw1 nexthop del id 10
+-              ip -n sw1 nexthop replace id 10 group 1/2 fdb
++              ip -n $sw1 nexthop del id 10
++              ip -n $sw1 nexthop replace id 10 group 1/2 fdb
+       done >/dev/null 2>&1
+ }
+ 
+@@ -648,19 +641,19 @@ backup_nhid_torture()
+       # deleting the group. The test is considered successful if nothing
+       # crashed.
+ 
+-      run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 2 via 192.0.2.34 fdb"
+-      run_cmd "ip -n sw1 nexthop replace id 10 group 1/2 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 2 via 192.0.2.34 fdb"
++      run_cmd "ip -n $sw1 nexthop replace id 10 group 1/2 fdb"
+ 
+-      run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10"
++      run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10"
+ 
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0"
+-      run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10"
+-      run_cmd "ip -n sw1 link set dev swp1 carrier off"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0"
++      run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10"
++      run_cmd "ip -n $sw1 link set dev swp1 carrier off"
+ 
+       backup_nhid_add_del_loop &
+       pid1=$!
+-      ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 0 &
++      ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 0 &
+       pid2=$!
+ 
+       sleep 30
+-- 
+2.43.0
+

diff --git a/queue-6.6/selftests-net-fix-bridge-backup-port-test-flakiness.patch b/queue-6.6/selftests-net-fix-bridge-backup-port-test-flakiness.patch
new file mode 100644 (file)
index 0000000..af90c5c
--- /dev/null
+++ b/queue-6.6/selftests-net-fix-bridge-backup-port-test-flakiness.patch
@@ -0,0 +1,162 @@
+From 39dc3f6ba0a1944819427994075ad7c99ed1b64a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 14:31:10 +0200
+Subject: selftests: net: Fix bridge backup port test flakiness
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+[ Upstream commit 38ee0cb2a2e2ade077442085638eb181b0562971 ]
+
+The test toggles the carrier of a bridge port in order to test the
+bridge backup port feature.
+
+Due to the linkwatch delayed work the carrier change is not always
+reflected fast enough to the bridge driver and packets are not forwarded
+as the test expects, resulting in failures [1].
+
+Fix by busy waiting on the bridge port state until it changes to the
+desired state following the carrier change.
+
+[1]
+ # Backup port
+ # -----------
+ [...]
+ # TEST: swp1 carrier off                                              [ OK ]
+ # TEST: No forwarding out of swp1                                     [FAIL]
+ [  641.995910] br0: port 1(swp1) entered disabled state
+ # TEST: No forwarding out of vx0                                      [ OK ]
+
+Fixes: b408453053fb ("selftests: net: Add bridge backup port and backup nexthop ID test")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Petr Machata <petrm@nvidia.com>
+Acked-by: Paolo Abeni <pabeni@redhat.com>
+Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
+Link: https://lore.kernel.org/r/20240208123110.1063930-1-idosch@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../selftests/net/test_bridge_backup_port.sh  | 23 +++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/tools/testing/selftests/net/test_bridge_backup_port.sh b/tools/testing/selftests/net/test_bridge_backup_port.sh
+index 70a7d87ba2d2..1b3f89e2b86e 100755
+--- a/tools/testing/selftests/net/test_bridge_backup_port.sh
++++ b/tools/testing/selftests/net/test_bridge_backup_port.sh
+@@ -124,6 +124,16 @@ tc_check_packets()
+       [[ $pkts == $count ]]
+ }
+ 
++bridge_link_check()
++{
++      local ns=$1; shift
++      local dev=$1; shift
++      local state=$1; shift
++
++      bridge -n $ns -d -j link show dev $dev | \
++              jq -e ".[][\"state\"] == \"$state\"" &> /dev/null
++}
++
+ ################################################################################
+ # Setup
+ 
+@@ -259,6 +269,7 @@ backup_port()
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -268,6 +279,7 @@ backup_port()
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier on"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding
+       log_test $? 0 "swp1 carrier on"
+ 
+       # Configure vx0 as the backup port of swp1 and check that packets are
+@@ -284,6 +296,7 @@ backup_port()
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -293,6 +306,7 @@ backup_port()
+       log_test $? 0 "Forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier on"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding
+       log_test $? 0 "swp1 carrier on"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -314,6 +328,7 @@ backup_port()
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -369,6 +384,7 @@ backup_nhid()
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -382,6 +398,7 @@ backup_nhid()
+       log_test $? 0 "Forwarding using VXLAN FDB entry"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier on"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding
+       log_test $? 0 "swp1 carrier on"
+ 
+       # Configure nexthop ID 10 as the backup nexthop ID of swp1 and check
+@@ -398,6 +415,7 @@ backup_nhid()
+       log_test $? 0 "No forwarding out of vx0"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -411,6 +429,7 @@ backup_nhid()
+       log_test $? 0 "No forwarding using VXLAN FDB entry"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier on"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding
+       log_test $? 0 "swp1 carrier on"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -441,6 +460,7 @@ backup_nhid()
+       log_test $? 0 "No forwarding using VXLAN FDB entry"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -497,6 +517,7 @@ backup_nhid_invalid()
+       log_test $? 0 "Valid nexthop as backup nexthop"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       log_test $? 0 "swp1 carrier off"
+ 
+       run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1"
+@@ -604,7 +625,9 @@ backup_nhid_ping()
+       run_cmd "bridge -n $sw2 link set dev swp1 backup_nhid 10"
+ 
+       run_cmd "ip -n $sw1 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled
+       run_cmd "ip -n $sw2 link set dev swp1 carrier off"
++      busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw2 swp1 disabled
+ 
+       run_cmd "ip netns exec $sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66"
+       log_test $? 0 "Ping with backup nexthop ID"
+-- 
+2.43.0
+

diff --git a/queue-6.6/series b/queue-6.6/series
index 6250b58b9c32dcfceb4ee24fe5dec791cac702ed..64f98ab2ac5cb97bf3db6829b77950e4f833b3f2 100644 (file)
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -10,3 +10,45 @@ btrfs-don-t-reserve-space-for-checksums-when-writing-to-nocow-files.patch
 btrfs-reject-encoded-write-if-inode-has-nodatasum-flag-set.patch
 btrfs-don-t-drop-extent_map-for-free-space-inode-on-write-error.patch
 driver-core-fix-device_link_flag_is_sync_state_only.patch
+selftests-landlock-fix-fs_test-build-with-old-libc.patch
+kvm-selftests-delete-superfluous-unused-stage-variab.patch
+kvm-selftests-avoid-infinite-loop-in-hyperv_features.patch
+of-unittest-fix-compile-in-the-non-dynamic-case.patch
+drm-msm-gem-fix-double-resv-lock-aquire.patch
+spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch
+kvm-selftests-fix-a-semaphore-imbalance-in-the-dirty.patch
+wifi-iwlwifi-fix-some-error-codes.patch
+wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch
+asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch
+net-handshake-fix-handshake_req_destroy_test1.patch
+bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch
+devlink-fix-command-annotation-documentation.patch
+of-property-improve-finding-the-consumer-of-a-remote.patch
+of-property-improve-finding-the-supplier-of-a-remote.patch
+alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch
+perf-cxl-fix-mismatched-cpmu-event-opcode.patch
+selftests-net-convert-test_bridge_backup_port.sh-to-.patch
+selftests-net-fix-bridge-backup-port-test-flakiness.patch
+selftests-forwarding-fix-layer-2-miss-test-flakiness.patch
+selftests-forwarding-fix-bridge-mdb-test-flakiness.patch
+selftests-bridge_mdb-use-mdb-get-instead-of-dump.patch
+selftests-forwarding-suppress-grep-warnings.patch
+selftests-forwarding-fix-bridge-locked-port-test-fla.patch
+net-openvswitch-limit-the-number-of-recursions-from-.patch
+lan966x-fix-crash-when-adding-interface-under-a-lag.patch
+tls-extract-context-alloc-initialization-out-of-tls_.patch
+net-tls-factor-out-tls_-crypt_async_wait.patch
+tls-fix-race-between-async-notify-and-socket-close.patch
+tls-fix-race-between-tx-work-scheduling-and-socket-c.patch
+net-tls-handle-backlogging-of-crypto-requests.patch
+net-tls-fix-use-after-free-with-partial-reads-and-as.patch
+net-tls-fix-returned-read-length-with-async-decrypt.patch
+spi-ppc4xx-drop-write-only-variable.patch
+asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch
+net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch
+nouveau-svm-fix-kvcalloc-argument-order.patch
+mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch
+ptrace-introduce-exception_ip-arch-hook.patch
+mm-memory-use-exception-ip-to-search-exception-table.patch
+i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch
+i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch

diff --git a/queue-6.6/spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch b/queue-6.6/spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch
new file mode 100644 (file)
index 0000000..4fa0e7b
--- /dev/null
+++ b/queue-6.6/spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch
@@ -0,0 +1,62 @@
+From e780ecb063493c40e80df63bdf21addcfa03864c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 4 Feb 2024 17:19:12 +0800
+Subject: spi: imx: fix the burst length at DMA mode and CPU mode
+
+From: Carlos Song <carlos.song@nxp.com>
+
+[ Upstream commit c712c05e46c8ce550842951e9e2606e24dbf0475 ]
+
+For DMA mode, the bus width of the DMA is equal to the size of data
+word, so burst length should be configured as bits per word.
+
+For CPU mode, because of the spi transfer len is in byte, so calculate
+the total number of words according to spi transfer len and bits per
+word, burst length should be configured as total data bits.
+
+Signed-off-by: Carlos Song <carlos.song@nxp.com>
+Reviewed-by: Clark Wang <xiaoning.wang@nxp.com>
+Fixes: e9b220aeacf1 ("spi: spi-imx: correctly configure burst length when using dma")
+Fixes: 5f66db08cbd3 ("spi: imx: Take in account bits per word instead of assuming 8-bits")
+Link: https://lore.kernel.org/r/20240204091912.36488-1-carlos.song@nxp.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/spi/spi-imx.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
+index 272bc871a848..e2d3e3ec1378 100644
+--- a/drivers/spi/spi-imx.c
++++ b/drivers/spi/spi-imx.c
+@@ -2,6 +2,7 @@
+ // Copyright 2004-2007 Freescale Semiconductor, Inc. All Rights Reserved.
+ // Copyright (C) 2008 Juergen Beisert
+ 
++#include <linux/bits.h>
+ #include <linux/clk.h>
+ #include <linux/completion.h>
+ #include <linux/delay.h>
+@@ -660,15 +661,15 @@ static int mx51_ecspi_prepare_transfer(struct spi_imx_data *spi_imx,
+                       << MX51_ECSPI_CTRL_BL_OFFSET;
+       else {
+               if (spi_imx->usedma) {
+-                      ctrl |= (spi_imx->bits_per_word *
+-                              spi_imx_bytes_per_word(spi_imx->bits_per_word) - 1)
++                      ctrl |= (spi_imx->bits_per_word - 1)
+                               << MX51_ECSPI_CTRL_BL_OFFSET;
+               } else {
+                       if (spi_imx->count >= MX51_ECSPI_CTRL_MAX_BURST)
+-                              ctrl |= (MX51_ECSPI_CTRL_MAX_BURST - 1)
++                              ctrl |= (MX51_ECSPI_CTRL_MAX_BURST * BITS_PER_BYTE - 1)
+                                               << MX51_ECSPI_CTRL_BL_OFFSET;
+                       else
+-                              ctrl |= (spi_imx->count * spi_imx->bits_per_word - 1)
++                              ctrl |= spi_imx->count / DIV_ROUND_UP(spi_imx->bits_per_word,
++                                              BITS_PER_BYTE) * spi_imx->bits_per_word
+                                               << MX51_ECSPI_CTRL_BL_OFFSET;
+               }
+       }
+-- 
+2.43.0
+

diff --git a/queue-6.6/spi-ppc4xx-drop-write-only-variable.patch b/queue-6.6/spi-ppc4xx-drop-write-only-variable.patch
new file mode 100644 (file)
index 0000000..60ca448
--- /dev/null
+++ b/queue-6.6/spi-ppc4xx-drop-write-only-variable.patch
@@ -0,0 +1,55 @@
+From 8bb5891872fe2ad1f87f356538dde762bfb3eed7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 10 Feb 2024 17:40:08 +0100
+Subject: spi: ppc4xx: Drop write-only variable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+
+[ Upstream commit b3aa619a8b4706f35cb62f780c14e68796b37f3f ]
+
+Since commit 24778be20f87 ("spi: convert drivers to use
+bits_per_word_mask") the bits_per_word variable is only written to. The
+check that was there before isn't needed any more as the spi core
+ensures that only 8 bit transfers are used, so the variable can go away
+together with all assignments to it.
+
+Fixes: 24778be20f87 ("spi: convert drivers to use bits_per_word_mask")
+Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Link: https://lore.kernel.org/r/20240210164006.208149-8-u.kleine-koenig@pengutronix.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/spi/spi-ppc4xx.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/drivers/spi/spi-ppc4xx.c b/drivers/spi/spi-ppc4xx.c
+index 03aab661be9d..e982d3189fdc 100644
+--- a/drivers/spi/spi-ppc4xx.c
++++ b/drivers/spi/spi-ppc4xx.c
+@@ -166,10 +166,8 @@ static int spi_ppc4xx_setupxfer(struct spi_device *spi, struct spi_transfer *t)
+       int scr;
+       u8 cdm = 0;
+       u32 speed;
+-      u8 bits_per_word;
+ 
+       /* Start with the generic configuration for this device. */
+-      bits_per_word = spi->bits_per_word;
+       speed = spi->max_speed_hz;
+ 
+       /*
+@@ -177,9 +175,6 @@ static int spi_ppc4xx_setupxfer(struct spi_device *spi, struct spi_transfer *t)
+        * the transfer to overwrite the generic configuration with zeros.
+        */
+       if (t) {
+-              if (t->bits_per_word)
+-                      bits_per_word = t->bits_per_word;
+-
+               if (t->speed_hz)
+                       speed = min(t->speed_hz, spi->max_speed_hz);
+       }
+-- 
+2.43.0
+

diff --git a/queue-6.6/tls-extract-context-alloc-initialization-out-of-tls_.patch b/queue-6.6/tls-extract-context-alloc-initialization-out-of-tls_.patch
new file mode 100644 (file)
index 0000000..1e24187
--- /dev/null
+++ b/queue-6.6/tls-extract-context-alloc-initialization-out-of-tls_.patch
@@ -0,0 +1,133 @@
+From 1270cded1c129231c86dc94e11fcd56d363e6ce7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Oct 2023 22:50:46 +0200
+Subject: tls: extract context alloc/initialization out of tls_set_sw_offload
+
+From: Sabrina Dubroca <sd@queasysnail.net>
+
+[ Upstream commit 615580cbc99af0da2d1c7226fab43a3d5003eb97 ]
+
+Simplify tls_set_sw_offload a bit.
+
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tls/tls_sw.c | 86 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 51 insertions(+), 35 deletions(-)
+
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index dba523cdc73d..3c176776e912 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -2597,6 +2597,48 @@ void tls_update_rx_zc_capable(struct tls_context *tls_ctx)
+               tls_ctx->prot_info.version != TLS_1_3_VERSION;
+ }
+ 
++static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct sock *sk)
++{
++      struct tls_sw_context_tx *sw_ctx_tx;
++
++      if (!ctx->priv_ctx_tx) {
++              sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL);
++              if (!sw_ctx_tx)
++                      return NULL;
++      } else {
++              sw_ctx_tx = ctx->priv_ctx_tx;
++      }
++
++      crypto_init_wait(&sw_ctx_tx->async_wait);
++      spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
++      INIT_LIST_HEAD(&sw_ctx_tx->tx_list);
++      INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler);
++      sw_ctx_tx->tx_work.sk = sk;
++
++      return sw_ctx_tx;
++}
++
++static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx)
++{
++      struct tls_sw_context_rx *sw_ctx_rx;
++
++      if (!ctx->priv_ctx_rx) {
++              sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL);
++              if (!sw_ctx_rx)
++                      return NULL;
++      } else {
++              sw_ctx_rx = ctx->priv_ctx_rx;
++      }
++
++      crypto_init_wait(&sw_ctx_rx->async_wait);
++      spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
++      init_waitqueue_head(&sw_ctx_rx->wq);
++      skb_queue_head_init(&sw_ctx_rx->rx_list);
++      skb_queue_head_init(&sw_ctx_rx->async_hold);
++
++      return sw_ctx_rx;
++}
++
+ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
+ {
+       struct tls_context *tls_ctx = tls_get_ctx(sk);
+@@ -2618,48 +2660,22 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
+       }
+ 
+       if (tx) {
+-              if (!ctx->priv_ctx_tx) {
+-                      sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL);
+-                      if (!sw_ctx_tx) {
+-                              rc = -ENOMEM;
+-                              goto out;
+-                      }
+-                      ctx->priv_ctx_tx = sw_ctx_tx;
+-              } else {
+-                      sw_ctx_tx =
+-                              (struct tls_sw_context_tx *)ctx->priv_ctx_tx;
+-              }
+-      } else {
+-              if (!ctx->priv_ctx_rx) {
+-                      sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL);
+-                      if (!sw_ctx_rx) {
+-                              rc = -ENOMEM;
+-                              goto out;
+-                      }
+-                      ctx->priv_ctx_rx = sw_ctx_rx;
+-              } else {
+-                      sw_ctx_rx =
+-                              (struct tls_sw_context_rx *)ctx->priv_ctx_rx;
+-              }
+-      }
++              ctx->priv_ctx_tx = init_ctx_tx(ctx, sk);
++              if (!ctx->priv_ctx_tx)
++                      return -ENOMEM;
+ 
+-      if (tx) {
+-              crypto_init_wait(&sw_ctx_tx->async_wait);
+-              spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
++              sw_ctx_tx = ctx->priv_ctx_tx;
+               crypto_info = &ctx->crypto_send.info;
+               cctx = &ctx->tx;
+               aead = &sw_ctx_tx->aead_send;
+-              INIT_LIST_HEAD(&sw_ctx_tx->tx_list);
+-              INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler);
+-              sw_ctx_tx->tx_work.sk = sk;
+       } else {
+-              crypto_init_wait(&sw_ctx_rx->async_wait);
+-              spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
+-              init_waitqueue_head(&sw_ctx_rx->wq);
++              ctx->priv_ctx_rx = init_ctx_rx(ctx);
++              if (!ctx->priv_ctx_rx)
++                      return -ENOMEM;
++
++              sw_ctx_rx = ctx->priv_ctx_rx;
+               crypto_info = &ctx->crypto_recv.info;
+               cctx = &ctx->rx;
+-              skb_queue_head_init(&sw_ctx_rx->rx_list);
+-              skb_queue_head_init(&sw_ctx_rx->async_hold);
+               aead = &sw_ctx_rx->aead_recv;
+       }
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/tls-fix-race-between-async-notify-and-socket-close.patch b/queue-6.6/tls-fix-race-between-async-notify-and-socket-close.patch
new file mode 100644 (file)
index 0000000..ccbe11a
--- /dev/null
+++ b/queue-6.6/tls-fix-race-between-async-notify-and-socket-close.patch
@@ -0,0 +1,171 @@
+From 5ee79eed742557ae89c6c32cff86ac89edd7940c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:19 -0800
+Subject: tls: fix race between async notify and socket close
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+[ Upstream commit aec7961916f3f9e88766e2688992da6980f11b8d ]
+
+The submitting thread (one which called recvmsg/sendmsg)
+may exit as soon as the async crypto handler calls complete()
+so any code past that point risks touching already freed data.
+
+Try to avoid the locking and extra flags altogether.
+Have the main thread hold an extra reference, this way
+we can depend solely on the atomic ref counter for
+synchronization.
+
+Don't futz with reiniting the completion, either, we are now
+tightly controlling when completion fires.
+
+Reported-by: valis <sec@valis.email>
+Fixes: 0cada33241d9 ("net/tls: fix race condition causing kernel panic")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/net/tls.h |  5 -----
+ net/tls/tls_sw.c  | 43 ++++++++++---------------------------------
+ 2 files changed, 10 insertions(+), 38 deletions(-)
+
+diff --git a/include/net/tls.h b/include/net/tls.h
+index a2b44578dcb7..5fdd5dd251df 100644
+--- a/include/net/tls.h
++++ b/include/net/tls.h
+@@ -96,9 +96,6 @@ struct tls_sw_context_tx {
+       struct tls_rec *open_rec;
+       struct list_head tx_list;
+       atomic_t encrypt_pending;
+-      /* protect crypto_wait with encrypt_pending */
+-      spinlock_t encrypt_compl_lock;
+-      int async_notify;
+       u8 async_capable:1;
+ 
+ #define BIT_TX_SCHEDULED      0
+@@ -135,8 +132,6 @@ struct tls_sw_context_rx {
+       struct tls_strparser strp;
+ 
+       atomic_t decrypt_pending;
+-      /* protect crypto_wait with decrypt_pending*/
+-      spinlock_t decrypt_compl_lock;
+       struct sk_buff_head async_hold;
+       struct wait_queue_head wq;
+ };
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index 12c3635c2b3e..650080d5fd72 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -224,22 +224,15 @@ static void tls_decrypt_done(void *data, int err)
+ 
+       kfree(aead_req);
+ 
+-      spin_lock_bh(&ctx->decrypt_compl_lock);
+-      if (!atomic_dec_return(&ctx->decrypt_pending))
++      if (atomic_dec_and_test(&ctx->decrypt_pending))
+               complete(&ctx->async_wait.completion);
+-      spin_unlock_bh(&ctx->decrypt_compl_lock);
+ }
+ 
+ static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx)
+ {
+-      int pending;
+-
+-      spin_lock_bh(&ctx->decrypt_compl_lock);
+-      reinit_completion(&ctx->async_wait.completion);
+-      pending = atomic_read(&ctx->decrypt_pending);
+-      spin_unlock_bh(&ctx->decrypt_compl_lock);
+-      if (pending)
++      if (!atomic_dec_and_test(&ctx->decrypt_pending))
+               crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
++      atomic_inc(&ctx->decrypt_pending);
+ 
+       return ctx->async_wait.err;
+ }
+@@ -267,6 +260,7 @@ static int tls_do_decryption(struct sock *sk,
+               aead_request_set_callback(aead_req,
+                                         CRYPTO_TFM_REQ_MAY_BACKLOG,
+                                         tls_decrypt_done, aead_req);
++              DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->decrypt_pending) < 1);
+               atomic_inc(&ctx->decrypt_pending);
+       } else {
+               aead_request_set_callback(aead_req,
+@@ -455,7 +449,6 @@ static void tls_encrypt_done(void *data, int err)
+       struct sk_msg *msg_en;
+       bool ready = false;
+       struct sock *sk;
+-      int pending;
+ 
+       msg_en = &rec->msg_encrypted;
+ 
+@@ -494,12 +487,8 @@ static void tls_encrypt_done(void *data, int err)
+                       ready = true;
+       }
+ 
+-      spin_lock_bh(&ctx->encrypt_compl_lock);
+-      pending = atomic_dec_return(&ctx->encrypt_pending);
+-
+-      if (!pending && ctx->async_notify)
++      if (atomic_dec_and_test(&ctx->encrypt_pending))
+               complete(&ctx->async_wait.completion);
+-      spin_unlock_bh(&ctx->encrypt_compl_lock);
+ 
+       if (!ready)
+               return;
+@@ -511,22 +500,9 @@ static void tls_encrypt_done(void *data, int err)
+ 
+ static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx)
+ {
+-      int pending;
+-
+-      spin_lock_bh(&ctx->encrypt_compl_lock);
+-      ctx->async_notify = true;
+-
+-      pending = atomic_read(&ctx->encrypt_pending);
+-      spin_unlock_bh(&ctx->encrypt_compl_lock);
+-      if (pending)
++      if (!atomic_dec_and_test(&ctx->encrypt_pending))
+               crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+-      else
+-              reinit_completion(&ctx->async_wait.completion);
+-
+-      /* There can be no concurrent accesses, since we have no
+-       * pending encrypt operations
+-       */
+-      WRITE_ONCE(ctx->async_notify, false);
++      atomic_inc(&ctx->encrypt_pending);
+ 
+       return ctx->async_wait.err;
+ }
+@@ -577,6 +553,7 @@ static int tls_do_encryption(struct sock *sk,
+ 
+       /* Add the record in tx_list */
+       list_add_tail((struct list_head *)&rec->list, &ctx->tx_list);
++      DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->encrypt_pending) < 1);
+       atomic_inc(&ctx->encrypt_pending);
+ 
+       rc = crypto_aead_encrypt(aead_req);
+@@ -2604,7 +2581,7 @@ static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct soc
+       }
+ 
+       crypto_init_wait(&sw_ctx_tx->async_wait);
+-      spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
++      atomic_set(&sw_ctx_tx->encrypt_pending, 1);
+       INIT_LIST_HEAD(&sw_ctx_tx->tx_list);
+       INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler);
+       sw_ctx_tx->tx_work.sk = sk;
+@@ -2625,7 +2602,7 @@ static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx)
+       }
+ 
+       crypto_init_wait(&sw_ctx_rx->async_wait);
+-      spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
++      atomic_set(&sw_ctx_rx->decrypt_pending, 1);
+       init_waitqueue_head(&sw_ctx_rx->wq);
+       skb_queue_head_init(&sw_ctx_rx->rx_list);
+       skb_queue_head_init(&sw_ctx_rx->async_hold);
+-- 
+2.43.0
+

diff --git a/queue-6.6/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch b/queue-6.6/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch
new file mode 100644 (file)
index 0000000..d565a3d
--- /dev/null
+++ b/queue-6.6/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch
@@ -0,0 +1,67 @@
+From 1e4b5ed9005b79e859000208a04b27960a63c449 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Feb 2024 17:18:20 -0800
+Subject: tls: fix race between tx work scheduling and socket close
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+[ Upstream commit e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb ]
+
+Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
+may exit as soon as the async crypto handler calls complete().
+Reorder scheduling the work before calling complete().
+This seems more logical in the first place, as it's
+the inverse order of what the submitting thread will do.
+
+Reported-by: valis <sec@valis.email>
+Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tls/tls_sw.c | 16 ++++++----------
+ 1 file changed, 6 insertions(+), 10 deletions(-)
+
+diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
+index 650080d5fd72..0b47acfd6a7f 100644
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -447,7 +447,6 @@ static void tls_encrypt_done(void *data, int err)
+       struct tls_rec *rec = data;
+       struct scatterlist *sge;
+       struct sk_msg *msg_en;
+-      bool ready = false;
+       struct sock *sk;
+ 
+       msg_en = &rec->msg_encrypted;
+@@ -483,19 +482,16 @@ static void tls_encrypt_done(void *data, int err)
+               /* If received record is at head of tx_list, schedule tx */
+               first_rec = list_first_entry(&ctx->tx_list,
+                                            struct tls_rec, list);
+-              if (rec == first_rec)
+-                      ready = true;
++              if (rec == first_rec) {
++                      /* Schedule the transmission */
++                      if (!test_and_set_bit(BIT_TX_SCHEDULED,
++                                            &ctx->tx_bitmask))
++                              schedule_delayed_work(&ctx->tx_work.work, 1);
++              }
+       }
+ 
+       if (atomic_dec_and_test(&ctx->encrypt_pending))
+               complete(&ctx->async_wait.completion);
+-
+-      if (!ready)
+-              return;
+-
+-      /* Schedule the transmission */
+-      if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask))
+-              schedule_delayed_work(&ctx->tx_work.work, 1);
+ }
+ 
+ static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx)
+-- 
+2.43.0
+

diff --git a/queue-6.6/wifi-iwlwifi-fix-some-error-codes.patch b/queue-6.6/wifi-iwlwifi-fix-some-error-codes.patch
new file mode 100644 (file)
index 0000000..e0902c8
--- /dev/null
+++ b/queue-6.6/wifi-iwlwifi-fix-some-error-codes.patch
@@ -0,0 +1,83 @@
+From 20ac443fb1838232da61cf4c21c803ff8dfd44e6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 13:17:06 +0300
+Subject: wifi: iwlwifi: Fix some error codes
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+[ Upstream commit c6ebb5b67641994de8bc486b33457fe0b681d6fe ]
+
+This saves the error as PTR_ERR(wifi_pkg).  The problem is that
+"wifi_pkg" is a valid pointer, not an error pointer.  Set the error code
+to -EINVAL instead.
+
+Fixes: 2a8084147bff ("iwlwifi: acpi: support reading and storing WRDS revision 1 and 2")
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Link: https://msgid.link/9620bb77-2d7c-4d76-b255-ad824ebf8e35@moroto.mountain
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+index b26f90e52256..6f1919234f3f 100644
+--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
++++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+@@ -618,7 +618,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt)
+                                        &tbl_rev);
+       if (!IS_ERR(wifi_pkg)) {
+               if (tbl_rev != 2) {
+-                      ret = PTR_ERR(wifi_pkg);
++                      ret = -EINVAL;
+                       goto out_free;
+               }
+ 
+@@ -634,7 +634,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt)
+                                        &tbl_rev);
+       if (!IS_ERR(wifi_pkg)) {
+               if (tbl_rev != 1) {
+-                      ret = PTR_ERR(wifi_pkg);
++                      ret = -EINVAL;
+                       goto out_free;
+               }
+ 
+@@ -650,7 +650,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt)
+                                        &tbl_rev);
+       if (!IS_ERR(wifi_pkg)) {
+               if (tbl_rev != 0) {
+-                      ret = PTR_ERR(wifi_pkg);
++                      ret = -EINVAL;
+                       goto out_free;
+               }
+ 
+@@ -707,7 +707,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt)
+                                        &tbl_rev);
+       if (!IS_ERR(wifi_pkg)) {
+               if (tbl_rev != 2) {
+-                      ret = PTR_ERR(wifi_pkg);
++                      ret = -EINVAL;
+                       goto out_free;
+               }
+ 
+@@ -723,7 +723,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt)
+                                        &tbl_rev);
+       if (!IS_ERR(wifi_pkg)) {
+               if (tbl_rev != 1) {
+-                      ret = PTR_ERR(wifi_pkg);
++                      ret = -EINVAL;
+                       goto out_free;
+               }
+ 
+@@ -739,7 +739,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt)
+                                        &tbl_rev);
+       if (!IS_ERR(wifi_pkg)) {
+               if (tbl_rev != 0) {
+-                      ret = PTR_ERR(wifi_pkg);
++                      ret = -EINVAL;
+                       goto out_free;
+               }
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.6/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch b/queue-6.6/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch
new file mode 100644 (file)
index 0000000..cf2a658
--- /dev/null
+++ b/queue-6.6/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch
@@ -0,0 +1,40 @@
+From f23e885410e68dd22d740e271ea6426ba00d936f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Feb 2024 13:17:31 +0300
+Subject: wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+[ Upstream commit 65c6ee90455053cfd3067c17aaa4a42b0c766543 ]
+
+This is an error path and Smatch complains that "tbl_rev" is uninitialized
+on this path.  All the other functions follow this same patter where they
+set the error code and goto out_free so that's probably what was intended
+here as well.
+
+Fixes: e8e10a37c51c ("iwlwifi: acpi: move ppag code from mvm to fw/acpi")
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Link: https://msgid.link/09900c01-6540-4a32-9451-563da0029cb6@moroto.mountain
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+index 6f1919234f3f..359397a61715 100644
+--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
++++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+@@ -1088,6 +1088,9 @@ int iwl_acpi_get_ppag_table(struct iwl_fw_runtime *fwrt)
+               goto read_table;
+       }
+ 
++      ret = PTR_ERR(wifi_pkg);
++      goto out_free;
++
+ read_table:
+       fwrt->ppag_ver = tbl_rev;
+       flags = &wifi_pkg->package.elements[1];
+-- 
+2.43.0
+