Ray Kinsella [Wed, 6 May 2020 15:41:05 +0000 (16:41 +0100)]
doc: fix default symbol binding in ABI guide
The document abi_versioning.rst incorrectly instructs the developer to
add BIND_DEFAULT_SYMBOL to the public header, not the source file. This
commit fixes the issue and adds some clarifications.
The commit also clarifies the use of use_function_versioning in the
meson/ninja build system, and does some minor re-organization of the
document.
Fixes: f1ef9794f9bd ("doc: add ABI guidelines") Cc: stable@dpdk.org Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Ray Kinsella [Tue, 5 May 2020 08:56:48 +0000 (09:56 +0100)]
doc: add reason for three-part ABI versioning
Clarify the reasons behind the three part version numbering scheme.
Documents the fixes made in f26c2b3.
Fixes: f26c2b39b271 ("build: fix soname info for 19.11 compatibility") Cc: stable@dpdk.org Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Xuan Ding [Mon, 18 May 2020 13:17:04 +0000 (14:17 +0100)]
vhost: fix potential fd leak
Vhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD
message. Malicious guest can send endless this message to drain out the
resource of host.
When receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the
file created during the last handling of this message.
CVE-2020-10726 Fixes: d87f1a1cb7b666550 ("vhost: support inflight info sharing") Cc: stable@dpdk.org Signed-off-by: Xuan Ding <xuan.ding@intel.com> Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Xiaolong Ye [Mon, 18 May 2020 13:17:03 +0000 (14:17 +0100)]
vhost: fix potential memory space leak
A malicious container which has direct access to the vhost-user socket
can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause
leaking resources until resulting a DOS. Fix it by unmapping the
dev->inflight_info->addr before assigning new mapped addr to it.
CVE-2020-10726 Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing") Cc: stable@dpdk.org Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Marvin Liu [Mon, 18 May 2020 13:17:02 +0000 (14:17 +0100)]
vhost: fix translated address not checked
Malicious guest can construct desc with invalid address and zero buffer
length. That will request vhost to check both translated address and
translated data length. This patch will add missed address check.
CVE-2020-10725 Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue") Fixes: ef861692c398 ("vhost: add packed ring batch enqueue") Cc: stable@dpdk.org Signed-off-by: Marvin Liu <yong.liu@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Maxime Coquelin [Mon, 18 May 2020 13:17:01 +0000 (14:17 +0100)]
vhost/crypto: validate keys lengths
transform_cipher_param() and transform_chain_param() handle
the payload data for the VHOST_USER_CRYPTO_CREATE_SESS
message. These payloads have to be validated, since it
could come from untrusted sources.
Two buffers and their lengths are defined in this payload,
one the the auth key and one for the cipher key. But above
functions do not validate the key length inputs, which could
lead to read out of bounds, as buffers have static sizes of
64 bytes for the cipher key and 512 bytes for the auth key.
This patch adds necessary checks on the key length field
before being used.
CVE-2020-10724 Fixes: e80a98708166 ("vhost/crypto: add session message handler") Cc: stable@dpdk.org Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com> Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Maxime Coquelin [Mon, 18 May 2020 13:17:00 +0000 (14:17 +0100)]
vhost: fix vring index check
vhost_user_check_and_alloc_queue_pair() is used to extract
a vring index from a payload. This function validates the
index and is called early on in when performing message
handling. Most message handlers depend on it correctly
validating the vring index.
Depending on the message type the vring index is in
different parts of the payload. The function contains a
switch/case for each type and copies the index. This is
stored in a uint16. This index is then validated. Depending
on the message, the source index is an unsigned int. If
integer truncation occurs (uint->uint16) the top 16 bits
of the index are never validated.
When they are used later on (e.g. in
vhost_user_set_vring_num() or vhost_user_set_vring_addr())
it can lead to out of bound indexing. The out of bound
indexed data gets written to, and hence this can cause
memory corruption.
This patch fixes this vulnerability by declaring vring
index as an unsigned int in
vhost_user_check_and_alloc_queue_pair().
CVE-2020-10723 Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") Cc: stable@dpdk.org Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com> Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Maxime Coquelin [Mon, 18 May 2020 13:16:59 +0000 (14:16 +0100)]
vhost: check log mmap offset and size overflow
vhost_user_set_log_base() is a message handler that is
called to handle the VHOST_USER_SET_LOG_BASE message.
Its payload contains a 64 bit size and offset. Both are
added up and used as a size when calling mmap().
There is no integer overflow check. If an integer overflow
occurs a smaller memory map would be created than
requested. Since the returned mapping is mapped as writable
and used for logging, a memory corruption could occur.
CVE-2020-10722 Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address") Cc: stable@dpdk.org Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com> Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Kevin Traynor [Thu, 14 May 2020 13:18:57 +0000 (14:18 +0100)]
build: disable gcc 10 zero-length-bounds warning
gcc 10 issues warnings about the use of rearm_data marker
from struct rte_mbuf.
e.g.
../drivers/net/enic/enic_rxtx_vec_avx2.c: In function ‘rx_one’:
../drivers/net/enic/enic_rxtx_vec_avx2.c:21:2:
warning:
array subscript 0 is outside the bounds of an interior zero-length array
‘RTE_MARKER64’ {aka ‘long unsigned int[0]’} [-Wzero-length-bounds]
21 | *(uint64_t *)&mb->rearm_data = enic->mbuf_initializer;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../lib/librte_mbuf/rte_mbuf.h:45,
from ../drivers/net/enic/enic_rxtx_vec_avx2.c:6:
../lib/librte_mbuf/rte_mbuf_core.h:484:15:
note: while referencing ‘rearm_data’
484 | RTE_MARKER64 rearm_data;
|
Disable this warning for gcc 10 in order to allow v20.05 to build
without changes to struct rte_mbuf.
Bugzilla ID: 396 Cc: stable@dpdk.org Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Reviewed-by: David Marchand <david.marchand@redhat.com>
Kevin Traynor [Fri, 15 May 2020 14:28:08 +0000 (15:28 +0100)]
hash: fix gcc 10 maybe-uninitialized warning
gcc 10.1.1 reports a warning for the ext_bkt_id variable:
../lib/librte_hash/rte_cuckoo_hash.c:
In function ‘__rte_hash_add_key_with_hash’:
../lib/librte_hash/rte_cuckoo_hash.c:1104:29:
warning: ‘ext_bkt_id’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
1104 | (h->buckets_ext[ext_bkt_id - 1]).sig_current[0] = short_sig;
| ~~~~~~~~~~~^~~
The return value of rte_ring_sc_dequeue_elem() is already checked,
but also initialize ext_bkt_id to zero (invalid value) and check
that it also overwritten.
Fixes: fbfe568103b0 ("hash: use 32-bit elements rings to save memory") Cc: stable@dpdk.org Signed-off-by: Kevin Traynor <ktraynor@redhat.com> Acked-by: Yipeng Wang <yipeng1.wang@intel.com>
Session configure should return -ENOTSUP in case of unsupported xform
requests. Moving the validation of combinations out of cpt, as the
feature support will not be same across OCTEON TX and OCTEON TX2.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Apeksha Gupta [Fri, 15 May 2020 17:24:22 +0000 (22:54 +0530)]
test/crypto: fix statistics case
The test case - test_stats is directly accessing the
cryptodev and its dev_ops which are internal to library
and should not be used directly by the application.
However, the test case is also missing to check for the
error ENOTSUP. It should skip the case if the API returns
ENOTSUP. This patch fixes these two issues.
Fixes: 202d375c60bc ("app/test: add cryptodev unit and performance tests") Cc: stable@dpdk.org Signed-off-by: Apeksha Gupta <apeksha.gupta@nxp.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Akhil Goyal [Wed, 13 May 2020 11:50:26 +0000 (17:20 +0530)]
drivers/crypto: fix build with -fno-common
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This patch fixes the blunt workaround in the following commit.
Older GCC(~4) complains about uninitialized 'dip'
var though all the lanes of the vec register are set.
Hence this patch explicitly initializes vec register
to fix the issue.
In file included from ip4_lookup.c:34:0:
ip4_lookup_neon.h: n function ‘ip4_lookup_node_process’: \
ip4_lookup_neon.h:25:12: error: ‘dip’ may be used uninitialized in \
this function [-Werror=maybe-uninitialized]
int32x4_t dip;
^
Fixes: 16df6a2c6671 ("node: add IPv4 lookup for arm64") Reported-by: David Marchand <david.marchand@redhat.com> Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com> Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com> Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Dekel Peled [Wed, 6 May 2020 17:13:38 +0000 (20:13 +0300)]
net/mlx5: support match on GTP flags
This patch adds to MLX5 PMD the support of matching on
GTP header item v_pt_rsv_flags.
This item is contained in 1 byte of the format:
-------------------------------------------
| bit | 0 - 2 | 3 | 4 | 5 | 6 | 7 |
|-----------------------------------------|
| value | Version | PT | Res | E | S | PN |
-------------------------------------------
Matching is supported only for GTP flags E, S, PN.
Therefore values 0 to 7 are supported.
Mask must be set accordingly:
... gtp v_pt_rsv_flags is 1 v_pt_rsv_flags mask 0x07 ...
Program received signal SIGSEGV, Segmentation fault.
0x00000000008ef7c4 in mlx5_tx_queue_release (dpdk_txq=0x17ce01680) at
drivers/net/mlx5/mlx5_txq.c:302
301 mlx5_txq_release(ETH_DEV(priv), i);
302 DRV_LOG(DEBUG, "port %u removing Tx queue %u from list",
303 PORT_ID(priv), txq->idx);
The problem is txq is freed inside the mlx5_txq_release() function
and no longer valid in the debug log right after this invocation.
Move the debug log before the mlx5_txq_release() function to fix this.
Fixes: a6d83b6a9209 ("net/mlx5: standardize on negative errno values") Cc: stable@dpdk.org Signed-off-by: Alexander Kozyrev <akozyrev@mellanox.com> Acked-by: Matan Azrad <matan@mellanox.com>
Michael Baum [Wed, 6 May 2020 16:24:06 +0000 (16:24 +0000)]
net/mlx5: fix meter color register consideration
The mlx5_flow_get_reg_id() function translates tag ID to register
from the registers that are supported and available for use. The
user does not know which register is available at a time and therefore
there is an array that represents mapping to the available registers.
Usually the free registers are continuous in the flow_mreg_c array but
sometimes the mtr_color_reg register is between them and it must be
skipped and the next register returned, in which case the function
returns the mapping of the next entity in the array.
When the function reads from the next entity in the array, it does not
check whether such an entity exists and in some situation invalid access
to memory occurs beyond the array boundaries.
So, when all the registers are valid from HW perspective and the meter
color register is not the default, the tag id 5 causes an out of bound
access.
Validate registers availability when meter color register is not the
default.
When creating flow rule with zero specs it will cause
matching all UDP packets like following:
eth / ipv4 / udp / vxlan / end
Such rule will match all udp packets.
This change the behavior to match the dv flow engine
which will automatically set the match on relative
outer UDP port if the user didn't specify any.
Dekel Peled [Tue, 5 May 2020 12:57:54 +0000 (15:57 +0300)]
net/mlx5: fix match on empty VLAN item in DV mode
In existing implementation, using wild card VLAN item is not allowed.
A VLAN item in flow pattern must include VLAN ID (vid) value.
This obligation contradict the flow API specification [1].
This patch updates the VLAN item validation and translation, to allow
wild card VLAN item, without VLAN ID value.
User guide and release notes are updated accordingly.
Xiaolong Ye [Fri, 8 May 2020 08:48:23 +0000 (16:48 +0800)]
doc: remove Intel PMD examples in flow bifurcation guide
Now this feature is no longer supported by kernel side, (i40e kernel
driver doesn't support it from v2.3.2 and ixgbe kernel driver isn't
guaranteed to support this feature as well in the future), so remove the
Intel PMD examples to avoid confusion.
Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Gaetan Rivet [Wed, 6 May 2020 18:09:49 +0000 (20:09 +0200)]
net/ring: fix device pointer on allocation
When a net_ring device is allocated, its device pointer is not set
before calling rte_eth_dev_probing_finish, which is incorrect.
The following:
commit 96cb19521147 ("net/ring: use EAL APIs in PMD specific API")
commit a6992e961050 ("net/ring: set ethernet device field")
already fixed the same issue in 17.08, which was fine at the time.
Adding the hook rte_eth_dev_probing_finish() however created this bug,
as the eth_dev exposed when this hook is executed is expected to be
complete.
Remove the prior attempts to fix the issue in rte_pmd_ring_probe() and
write the pointer properly in do_eth_dev_ring_create().
Raslan Darawsheh [Sun, 10 May 2020 12:23:47 +0000 (15:23 +0300)]
net/tap: fix build for glibc < 2.24
When trying to compile with glibc < 2.24 that doesn't
support SOL_NETLINK it will cause compilation failure:
drivers/net/tap/tap_netlink.c:70:17: error:
'SOL_NETLINK' undeclared (first use in this function)
setsockopt(fd, SOL_NETLINK, NETLINK_EXT_ACK, &one, sizeof(one));
Sunil Kumar Kori [Mon, 11 May 2020 06:21:56 +0000 (11:51 +0530)]
net/octeontx2: fix minimum length to SMQ config
NIX exposes NIX_AF_SMQ(0..511)_CFG to configure minimum length
of the packet which is being used for zero padding if packet is
less than configured value.
Setting it to default minimum length i.e. 60 bytes.
Fixes: ec8ddd4fb1be ("net/octeontx2: restructure TM helper functions") Signed-off-by: Sunil Kumar Kori <skori@marvell.com> Acked-by: Jerin Jacob <jerinj@marvell.com>
Rasesh Mody [Tue, 5 May 2020 03:08:12 +0000 (20:08 -0700)]
net/bnx2x: add Rx descriptor MTU segment limitation
Add Rx descriptor limit for number of segments per MTU.
PMD doesn't support Jumbo Rx scatter gather hence set 1 segment per
MTU. Some applications can adjust mbuf_size based on this value.
For others PMD detects the condition where Rx packet length cannot
be held by configured mbuf size and logs the message.
Signed-off-by: Rasesh Mody <rmody@marvell.com> Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
Wei Zhao [Thu, 7 May 2020 01:15:41 +0000 (09:15 +0800)]
net/ice/base: fix PPPoE-IPv6 dummy packet
The dummy packet for pppoe-ipv6 has an error, we should
use 0x3b for next header in ipv6 header in the dummy packet,
or some case can not be download, such as:
"eth / pppoes seid is 3 / pppoe_proto_id is 0x0057 /
end actions vf id 1 / end"
Jeff Guo [Fri, 8 May 2020 20:58:30 +0000 (16:58 -0400)]
net/iavf: fix flow API error logs
When processing a rte flow, such as creating a parse engine, or
creating or destroying a RSS rule, if they are failed, they all
need to construct the flow error structure before return the error
message back to app. If not so, it will cause app crash when
app printing the message out of a flow error.
Fixes: 7be10c3004be ("net/iavf: add RSS configuration for VF") Fixes: ff2d0c345c3b ("net/iavf: support generic flow API") Signed-off-by: Jeff Guo <jia.guo@intel.com> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Phil Yang [Fri, 8 May 2020 10:28:27 +0000 (18:28 +0800)]
net/ixgbe: fix link state timing on fiber ports
In ixgbe_dev_link_update_share(), if the media type is fiber and the
link is down, a flag (IXGBE_FLAG_NEED_LINK_CONFIG) is set. A callback
to ixgbe_dev_setup_link_thread_handler() is scheduled which should
try to set up the link and clear the flag afterwards. This flag works
as a guard variable between threads.
To avoid potential race condition between threads, set the
IXGBE_FLAG_NEED_LINK_CONFIG flag only when there is no link thread
running.
Bugzilla ID: 388 Fixes: 819d0d1d57f1 ("net/ixgbe: fix blocking system events") Cc: stable@dpdk.org Signed-off-by: Phil Yang <phil.yang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>
Jeff Guo [Sat, 9 May 2020 19:29:34 +0000 (15:29 -0400)]
net/iavf: fix input set for RSS hash
Since some specific RSS hash type need to combine with the protocol
hash type when configure a RSS hash rule, so add the corresponding
input set to support these case for iavf hash.
Fixes: 7be10c3004be ("net/iavf: add RSS configuration for VF") Signed-off-by: Jeff Guo <jia.guo@intel.com> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Jun Yang [Fri, 8 May 2020 13:02:09 +0000 (18:32 +0530)]
net/dpaa2: fix congestion ID for multiple traffic classes
When using a single TC, flow id is same as congestion group id.
However in case of multiple traffic classes, same flow id values
are used within each traffic class, which causes incorrect
traffic behavior e.g. halting of traffic.
This patches changes to use the cgid as the index which works
for single as well as multiple traffic classes.
Fixes: 13b856ac02a8 ("net/dpaa2: support taildrop on frame count basis") Cc: stable@dpdk.org Signed-off-by: Jun Yang <jun.yang@nxp.com> Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Nipun Gupta [Fri, 8 May 2020 13:02:04 +0000 (18:32 +0530)]
net/dpaa2: do not prefetch annotation for physical mode
When IOVA is physical address do not prefetch the annotation
of the next frame, as there is a cost involved there to convert
the physical address to virtual address.
Rohit Raj [Fri, 8 May 2020 13:02:03 +0000 (18:32 +0530)]
net/dpaa2: fix 10G port negotiation
Fixed 10G port negotiation issue with another 10G/non 10G port.
When running testpmd with 10G interfaces on 10BaseT interface
on LS2088ARDB, the ports were showing link as down.
This was identified to be caused by the setting of link as down
during config.
Also, the line rate was not being updated in device link params,
thus having the incorrect link speed in status (as 0).
Fixes: c5acbb5ea20e ("net/dpaa2: support link status event") Cc: stable@dpdk.org Signed-off-by: Rohit Raj <rohit.raj@nxp.com> Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Simei Su [Fri, 8 May 2020 01:36:50 +0000 (09:36 +0800)]
net/ice/base: fix flow director rule completion report
IAVF FDIR needs to check program status from FD completion descriptors
for both successful and failed case, rather than only ask for completion
on error. This patch corrects completion report value so that the called
can determine whether to report completion on error or other cases.
Fixes: 55daca4e45fc ("net/ice/base: change function to static") Signed-off-by: Simei Su <simei.su@intel.com> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Fix a buffer overrun issue spotted by coverity while accessing
the array ulp_device_params.
Note that the issue was observed in an internal Coverity scan.
Fixes: 313ac35ac701 ("net/bnxt: support ULP session manager init") Signed-off-by: Kishore Padmanabha <kishore.padmanabha@broadcom.com> Reviewed-by: Mike Baucom <michael.baucom@broadcom.com> Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Marvin Liu [Wed, 6 May 2020 06:47:37 +0000 (14:47 +0800)]
net/virtio: fix 32-bit build with clang 6
Clang 6.0.0 will undefine function _mm512_maskz_set1_epi64 on i686
target. Fix it by replacing the function with _mm512_set4_epi64 when
doing 32-bit build.
Warning message during build:
../drivers/net/virtio/virtio_rxtx_packed_avx.c:385:19: warning:
implicit declaration of function '_mm512_maskz_set1_epi64' is invalid
in C99 [-Wimplicit-function-declaration]
Fixes: 77d66da83834 ("net/virtio: add vectorized packed ring Rx") Signed-off-by: Marvin Liu <yong.liu@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Marvin Liu [Wed, 6 May 2020 15:07:24 +0000 (23:07 +0800)]
net/virtio: fix crash when device reconnecting
When doing virtio device initialization, virtqueues will be reset in
server mode if ring type is packed. It will cause issue because queues
have been freed in the beginning of device initialization.
Fix this issue by checking whether device has been initialized before
reset. If device hasn't been initialized, there's no need to reset
queues.
Fixes: 6ebbf4109f35 ("net/virtio-user: fix packed ring server mode") Cc: stable@dpdk.org Signed-off-by: Marvin Liu <yong.liu@intel.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Dekel Peled [Sun, 3 May 2020 07:17:22 +0000 (10:17 +0300)]
doc: refine ethernet and VLAN flow rule items
Specified pattern may be translated in different manner.
For example the pattern "eth / ipv4" can be translated to match
untagged packets only, since the pattern doesn't specify a VLAN item.
It can also be translated to match both tagged and untagged packets,
for the same reason.
This patch updates the rte_flow documentation to clearly specify the
required pattern to use.
For example:
To match tagged ipv4 packets, the pattern "eth / vlan / ipv4 / end"
should be used.
To match untagged ipv4 packets, the pattern "eth / ipv4 / end"
should be used.
To match all IPV4 packets, both tagged and untagged, need to apply
two rules with the patterns above.
To match both tagged and untagged packets of any type, the pattern
"eth / end" should be used.
Signed-off-by: Dekel Peled <dekelp@mellanox.com> Acked-by: Andrew Rybchenko <arybchenko@solarflare.com> Acked-by: Ori Kam <orika@mellanox.com>
Kalesh AP [Wed, 6 May 2020 06:27:10 +0000 (11:57 +0530)]
net/bnxt: fix TQM ring context memory size
The current formulas to calculate the TQM slow path and fast path ring
context memory sizes are not quite correct. TQM slow path entry is
array index 0 of ctx->tqm_mem[]. The other array entries are for fast
path. Fix these sizes according to firmware spec. for 57500 and newer
chips.
Kalesh AP [Wed, 6 May 2020 06:27:09 +0000 (11:57 +0530)]
net/bnxt: fix number of TQM ring
Newer firmware advertises the number of TQM rings to allocate
context memory for. Use the firmware specified value and fall back
to the old value derived from "bp->max_q" if it is not available.
Fixes: f8168ca0e690 ("net/bnxt: support thor controller") Cc: stable@dpdk.org Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com> Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com> Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
In recent Linux kernels, there is support for extended acknowledgment
to netlink messages. This is quite useful for diagnosing errors
in configuration in the kernel with TAP.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Acked-by: Keith Wiles <keith.wiles@intel.com>
Will also go to queue index 2. And also, we need to do tun_type
check, or the second rule of following can not be download because
of rejection from switch rule download function ice_aq_sw_rules().
"eth / ipv4 / esp spi is 1 / end actions queue index 5 / end"
"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"
Fixes: 4f11962fce84 ("net/ice/base: support AH ESP and NAT-T on switch") Fixes: 99d8ba79efbe ("net/ice/base: force switch to use different recipe") Signed-off-by: Wei Zhao <wei.zhao1@intel.com> Tested-by: Qi Fu <qi.fu@intel.com> Acked-by: Qi Zhang <qi.z.zhang@intel.com>
We see a stack smashing as a result of defensive code missing. Once the
nb_pkts is less than RTE_BNXT_DESCS_PER_LOOP, it will be modified to
zero after doing a floor align, and we can not exit the following
receiving packets loop. And the buffers will be overwrite, then the
stack frame was ruined.
Fix the problem by adding defensive code, once the nb_pkts is zero, just
directly return with no packets.
If number of tx queues is greater than the number of rx queues;
the driver ends up allocating more channels than rx queues.
The problem is that the RSS indirection table is programmed such
that some packets will end up on a channel that would never be
polled. The fix is to limit the RSS indirection table by number
of rx queues not channels.
Fixes: 92d23a57cafe ("net/netvsc: support configuring RSS parameters") Cc: stable@dpdk.org Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
With multiple channels, the primary channel may receive notification
that VF has been added or removed while secondary channel is in
process of doing receive or transmit. Resolve this race by converting
existing vf_lock to a reader/writer lock.
Users of lock (tx/rx/stats) acquire for read, and actions like
add/remove acquire it for write.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Since VF notifications are handled as VMBUS notifications on the
primary channel (and not as hotplug). The channel should be checked
before deciding to use VF for Rx or Tx.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
git.droids-corp.org / dpdk.git / log