Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v6.11.3 2024-08-16T08:59:32Z 2024-08-16T08:59:32Z Vladimir Oltean vladimir.oltean@nxp.com 2024-08-15T00:07:07Z urn:sha1:36dd1141be70b5966906919714dc504a24c65ddf I was revisiting the topic of 802.1ad treatment in the Ocelot switch [0] and realized that not only is its basic VLAN classification pipeline improper for offloading vlan_protocol 802.1ad bridges, but also improper for offloading regular 802.1Q bridges already. Namely, 802.1ad-tagged traffic should be treated as VLAN-untagged by bridged ports, but this switch treats it as if it was 802.1Q-tagged with the same VID as in the 802.1ad header. This is markedly different to what the Linux bridge expects; see the "other_tpid()" function in tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh. An idea came to me that the VCAP IS1 TCAM is more powerful than I'm giving it credit for, and that it actually overwrites the classified VID before the VLAN Table lookup takes place. In other words, it can be used even to save a packet from being dropped on ingress due to VLAN membership. Add a sophisticated TCAM rule hardcoded into the driver to force the switch to behave like a Linux bridge with vlan_filtering 1 vlan_protocol 802.1Q. Regarding the lifetime of the filter: eventually the bridge will disappear, and vlan_filtering on the port will be restored to 0 for standalone mode. Then the filter will be deleted. [0]: https://lore.kernel.org/netdev/20201009122947.nvhye4hvcha3tljh@skbuf/ Fixes: 7142529f1688 ("net: mscc: ocelot: add VLAN filtering") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2024-08-16T08:59:32Z Vladimir Oltean vladimir.oltean@nxp.com 2024-08-15T00:07:04Z urn:sha1:c5e12ac3beb0dd3a718296b2d8af5528e9ab728e As explained by Horatiu Vultur in commit 603ead96582d ("net: sparx5: Add spinlock for frame transmission from CPU") which is for a similar hardware design, multiple CPUs can simultaneously perform injection or extraction. There are only 2 register groups for injection and 2 for extraction, and the driver only uses one of each. So we'd better serialize access using spin locks, otherwise frame corruption is possible. Note that unlike in sparx5, FDMA in ocelot does not have this issue because struct ocelot_fdma_tx_ring already contains an xmit_lock. I guess this is mostly a problem for NXP LS1028A, as that is dual core. I don't think VSC7514 is. So I'm blaming the commit where LS1028A (aka the felix DSA driver) started using register-based packet injection and extraction. Fixes: 0a6f17c6ae21 ("net: dsa: tag_ocelot_8021q: add support for PTP timestamping") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2024-08-16T08:59:32Z Vladimir Oltean vladimir.oltean@nxp.com 2024-08-15T00:07:02Z urn:sha1:67c3ca2c5cfe6a50772514e3349b5e7b3b0fac03 Problem description ------------------- On an NXP LS1028A (felix DSA driver) with the following configuration: - ocelot-8021q tagging protocol - VLAN-aware bridge (with STP) spanning at least swp0 and swp1 - 8021q VLAN upper interfaces on swp0 and swp1: swp0.700, swp1.700 - ptp4l on swp0.700 and swp1.700 we see that the ptp4l instances do not see each other's traffic, and they all go to the grand master state due to the ANNOUNCE_RECEIPT_TIMEOUT_EXPIRES condition. Jumping to the conclusion for the impatient ------------------------------------------- There is a zero-day bug in the ocelot switchdev driver in the way it handles VLAN-tagged packet injection. The correct logic already exists in the source code, in function ocelot_xmit_get_vlan_info() added by commit 5ca721c54d86 ("net: dsa: tag_ocelot: set the classified VLAN during xmit"). But it is used only for normal NPI-based injection with the DSA "ocelot" tagging protocol. The other injection code paths (register-based and FDMA-based) roll their own wrong logic. This affects and was noticed on the DSA "ocelot-8021q" protocol because it uses register-based injection. By moving ocelot_xmit_get_vlan_info() to a place that's common for both the DSA tagger and the ocelot switch library, it can also be called from ocelot_port_inject_frame() in ocelot.c. We need to touch the lines with ocelot_ifh_port_set()'s prototype anyway, so let's rename it to something clearer regarding what it does, and add a kernel-doc. ocelot_ifh_set_basic() should do. Investigation notes ------------------- Debugging reveals that PTP event (aka those carrying timestamps, like Sync) frames injected into swp0.700 (but also swp1.700) hit the wire with two VLAN tags: 00000000: 01 1b 19 00 00 00 00 01 02 03 04 05 81 00 02 bc ~~~~~~~~~~~ 00000010: 81 00 02 bc 88 f7 00 12 00 2c 00 00 02 00 00 00 ~~~~~~~~~~~ 00000020: 00 00 00 00 00 00 00 00 00 00 00 01 02 ff fe 03 00000030: 04 05 00 01 00 04 00 00 00 00 00 00 00 00 00 00 00000040: 00 00 The second (unexpected) VLAN tag makes felix_check_xtr_pkt() -> ptp_classify_raw() fail to see these as PTP packets at the link partner's receiving end, and return PTP_CLASS_NONE (because the BPF classifier is not written to expect 2 VLAN tags). The reason why packets have 2 VLAN tags is because the transmission code treats VLAN incorrectly. Neither ocelot switchdev, nor felix DSA, declare the NETIF_F_HW_VLAN_CTAG_TX feature. Therefore, at xmit time, all VLANs should be in the skb head, and none should be in the hwaccel area. This is done by: static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, netdev_features_t features) { if (skb_vlan_tag_present(skb) && !vlan_hw_offload_capable(features, skb->vlan_proto)) skb = __vlan_hwaccel_push_inside(skb); return skb; } But ocelot_port_inject_frame() handles things incorrectly: ocelot_ifh_port_set(ifh, port, rew_op, skb_vlan_tag_get(skb)); void ocelot_ifh_port_set(struct sk_buff *skb, void *ifh, int port, u32 rew_op) { (...) if (vlan_tag) ocelot_ifh_set_vlan_tci(ifh, vlan_tag); (...) } The way __vlan_hwaccel_push_inside() pushes the tag inside the skb head is by calling: static inline void __vlan_hwaccel_clear_tag(struct sk_buff *skb) { skb->vlan_present = 0; } which does _not_ zero out skb->vlan_tci as seen by skb_vlan_tag_get(). This means that ocelot, when it calls skb_vlan_tag_get(), sees (and uses) a residual skb->vlan_tci, while the same VLAN tag is _already_ in the skb head. The trivial fix for double VLAN headers is to replace the content of ocelot_ifh_port_set() with: if (skb_vlan_tag_present(skb)) ocelot_ifh_set_vlan_tci(ifh, skb_vlan_tag_get(skb)); but this would not be correct either, because, as mentioned, vlan_hw_offload_capable() is false for us, so we'd be inserting dead code and we'd always transmit packets with VID=0 in the injection frame header. I can't actually test the ocelot switchdev driver and rely exclusively on code inspection, but I don't think traffic from 8021q uppers has ever been injected properly, and not double-tagged. Thus I'm blaming the introduction of VLAN fields in the injection header - early driver code. As hinted at in the early conclusion, what we _want_ to happen for VLAN transmission was already described once in commit 5ca721c54d86 ("net: dsa: tag_ocelot: set the classified VLAN during xmit"). ocelot_xmit_get_vlan_info() intends to ensure that if the port through which we're transmitting is under a VLAN-aware bridge, the outer VLAN tag from the skb head is stripped from there and inserted into the injection frame header (so that the packet is processed in hardware through that actual VLAN). And in all other cases, the packet is sent with VID=0 in the injection frame header, since the port is VLAN-unaware and has logic to strip this VID on egress (making it invisible to the wire). Fixes: 08d02364b12f ("net: mscc: fix the injection header") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2024-07-19T19:39:34Z Linus Torvalds torvalds@linux-foundation.org 2024-07-19T19:39:34Z urn:sha1:12cc3d5389f313f07222b000fefa2cd8fc98c4f8 Pull sound updates from Takashi Iwai: "Lots of changes in this cycle, but mostly for cleanups and refactoring. Significant amount of changes are about DT schema conversions for ASoC at this time while we see other usual suspects, too. Some highlights below: Core: - Re-introduction of PCM sync ID support API - MIDI2 time-base extension in ALSA sequencer API ASoC: - Syncing of features between simple-audio-card and the two audio-graph cards - Support for specifying the order of operations for components within cards to allow quirking for unusual systems - Lots of DT schema conversions - Continued SOF/Intel updates for topology, SoundWire, IPC3/4 - New support for Asahi Kasei AK4619, Cirrus Logic CS530x, Everest Semiconductors ES8311, NXP i.MX95 and LPC32xx, Qualcomm LPASS v2.5 and WCD937x, Realtek RT1318 and RT1320 and Texas Instruments PCM5242 HD-audio: - More quirks, Intel PantherLake support, senarytech codec support - Refactoring of Cirrus codec component-binding Others: - ALSA control kselftest improvements, and fixes for input value checks in various drivers" * tag 'sound-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (349 commits) kselftest/alsa: Log the PCM ID in pcm-test kselftest/alsa: Use card name rather than number in test names ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop ALSA: seq: ump: Skip useless ports for static blocks ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused ALSA: usb: Use BIT() for bit values ALSA: usb: Fix UBSAN warning in parse_audio_unit() ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 ASoC: tas2781: Add new Kontrol to set tas2563 digital Volume ASoC: codecs: wcd937x: Remove separate handling for vdd-buck supply ASoC: codecs: wcd937x: Remove the string compare in MIC BIAS widget settings ASoC: codecs: wcd937x-sdw: Fix Unbalanced pm_runtime_enable ASoC: dt-bindings: cirrus,cs42xx8: Convert to dtschema ASoC: cs530x: Remove bclk from private structure ASoC: cs530x: Calculate proper bclk rate using TDM ASoC: dt-bindings: cirrus,cs4270: Convert to dtschema firmware: cs_dsp: Rename fw_ver to wmfw_ver firmware: cs_dsp: Clarify wmfw format version log message firmware: cs_dsp: Make wmfw and bin filename arguments const char * ... 2024-07-15T15:02:26Z Kory Maincent kory.maincent@bootlin.com 2024-07-09T13:53:38Z urn:sha1:2111375b85ad173d58e7b8604246a3de60950ac8 In prevision to add new UAPI for hwtstamp we will be limited to the struct ethtool_ts_info that is currently passed in fixed binary format through the ETHTOOL_GET_TS_INFO ethtool ioctl. It would be good if new kernel code already started operating on an extensible kernel variant of that structure, similar in concept to struct kernel_hwtstamp_config vs struct hwtstamp_config. Since struct ethtool_ts_info is in include/uapi/linux/ethtool.h, here we introduce the kernel-only structure in include/linux/ethtool.h. The manual copy is then made in the function called by ETHTOOL_GET_TS_INFO. Acked-by: Shannon Nelson <shannon.nelson@amd.com> Acked-by: Alexandra Winter <wintera@linux.ibm.com> Signed-off-by: Kory Maincent <kory.maincent@bootlin.com> Link: https://patch.msgid.link/20240709-feature_ptp_netnext-v17-6-b5317f50df2a@bootlin.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-07-04T11:24:59Z Herve Codina herve.codina@bootlin.com 2024-07-01T11:30:35Z urn:sha1:af8432b2e41abc0a20bdc01a3b144ea7b2f1ee09 No function in the QMC API is available to get the number of phandles present in a phandle list. Fill this lack introducing qmc_chan_count_phandles(). Signed-off-by: Herve Codina <herve.codina@bootlin.com> Link: https://patch.msgid.link/20240701113038.55144-9-herve.codina@bootlin.com Signed-off-by: Mark Brown <broonie@kernel.org> 2024-07-04T11:24:58Z Herve Codina herve.codina@bootlin.com 2024-07-01T11:30:34Z urn:sha1:37797c605da33445adc112561695f70bfaa11133 qmc_chan_get_byphandle() and the resource managed version retrieve a channel from a simple phandle. Extend the API and introduce qmc_chan_get_byphandles_index() and the resource managed version in order to retrieve a channel from a phandle list using the provided index to identify the phandle in the list. Also update qmc_chan_get_byphandle() and the resource managed version to use qmc_chan_get_byphandles_index() and so avoid code duplication. Signed-off-by: Herve Codina <herve.codina@bootlin.com> Link: https://patch.msgid.link/20240701113038.55144-8-herve.codina@bootlin.com Signed-off-by: Mark Brown <broonie@kernel.org> 2024-05-18T19:48:37Z Linus Torvalds torvalds@linux-foundation.org 2024-05-18T19:48:37Z urn:sha1:619b92b9c8fe5369503ae948ad4e0a9c195c2c4a Pull clk updates from Stephen Boyd: "I'm actually surprised this time. There aren't any new Qualcomm SoC clk drivers. And there's zero diff in the core clk framework. Instead we have new clk drivers for STM and Sophgo, with Samsung^WGoogle in third for the diffstat because they introduced HSI0 and HSI2 clk drivers for Google's GS101 SoC (high speed interface things like PCIe, UFS, and MMC). Beyond those big diffs there's the usual updates to various clk drivers for incorrect parent descriptions or mising MODULE_DEVICE_TABLE()s, etc. Nothing in particular stands out as super interesting here. New Drivers: - STM32MP257 SoC clk driver - Airoha EN7581 SoC clk driver - Sophgo CV1800B, CV1812H and SG2000 SoC clk driver - Loongson-2k0500 and Loongson-2k2000 SoC clk driver - Add HSI0 and HSI2 clock controllers for Google GS101 - Add i.MX95 BLK CTL clock driver Updates: - Allocate clk_ops dynamically for SCMI clk driver - Add support in qcom RCG and RCG2 for multiple configurations for the same frequency - Use above support for IPQ8074 NSS port 5 and 6 clocks to resolve issues - Fix the Qualcomm APSS IPQ5018 PLL to fix boot failures of some boards - Cleanups and fixes for Qualcomm Stromer PLLs - Reduce max CPU frequency on Qualcomm APSS IPQ5018 - Fix Kconfig dependencies of Qualcomm SM8650 GPU and SC8280XP camera clk drivers - Make Qualcomm MSM8998 Venus clocks functional - Cleanup downstream remnants related to DisplayPort across Qualcomm SM8450, SM6350, SM8550, and SM8650 - Reuse the Huayra APSS register map on Qualcomm MSM8996 CBF PLL - Use a specific Qualcomm QCS404 compatible for the otherwise generic HFPLL - Remove Qualcomm SM8150 CPUSS AHB clk as it is unused - Remove an unused field in the Qualcomm RPM clk driver - Add missing MODULE_DEVICE_TABLE to Qualcomm MSM8917 and MSM8953 global clock controller drivers - Allow choice of manual or firmware-driven control over PLLs, needed to fully implement CPU clock controllers on Exynos850 - Correct PLL clock IDs on ExynosAutov9 - Propagate certain clock rates to allow setting proper SPI clock rates on Google GS101 - Mark certain Google GS101 clocks critical - Convert old S3C64xx clock controller bindings to DT schema - Add new PLL rate and missing mux on Rockchip rk3568 - Add missing reset line on Rockchip rk3588 - Removal of an unused field in struct rockchip_mmc_clock - Amlogic s4/a1: add regmap maximum register for proper debugfs dump - Amlogic s4: add MODULE_DEVICE_TABLE() on pll and periph controllers - Amlogic pll driver: print clock name on lock error to help debug - Amlogic vclk: finish dsi clock path support - Amlogic license: fix occurence "GPL v2" as reported by checkpatch - Add PM runtime support to i.MX8MP Audiomix - Add DT schema for i.MX95 Display Master Block Control - Convert to platform remove callback returning void for i.MX8MP Audiomix - Add SPI (MSIOF) and external interrupt (INTC-EX) clocks on Renesas R-Car V4M - Add interrupt controller (PLIC) clock and reset on Renesas RZ/Five - Prepare power domain support for Renesas RZ/G2L family members, and add actual support on Renesas RZ/G3S SoC - Add thermal, serial (SCIF), and timer (CMT/TMU) clocks on Renesas R-Car V4M - Add additional constraints to Allwinner A64 PLL MIPI clock - Fix autoloading sunxi-ng clocks when build as a module" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (118 commits) clk: samsung: Don't register clkdev lookup for the fixed rate clocks clk, reset: microchip: mpfs: fix incorrect preprocessor conditions clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 clk: qcom: Fix SM_GPUCC_8650 dependencies clk: qcom: Fix SC_CAMCC_8280XP dependencies dt-bindings: clocks: stm32mp25: add access-controllers description clock, reset: microchip: move all mpfs reset code to the reset subsystem clk: samsung: gs101: drop unused HSI2 clock parent data clk: rockchip: rk3568: Add PLL rate for 724 MHz clk: rockchip: Remove an unused field in struct rockchip_mmc_clock dt-bindings: clock: fixed: Define a preferred node name clk: meson: s4: fix module autoloading clk: samsung: gs101: mark some apm UASC and XIU clocks critical clk: imx: imx8mp: Convert to platform remove callback returning void clk: imx: imx8mp: Switch to RUNTIME_PM_OPS() clk: bcm: rpi: Assign ->num before accessing ->hws clk: bcm: dvp: Assign ->num before accessing ->hws clk: samsung: gs101: add support for cmu_hsi2 clk: samsung: gs101: add support for cmu_hsi0 ... 2024-05-13T17:38:13Z Linus Torvalds torvalds@linux-foundation.org 2024-05-13T17:38:13Z urn:sha1:c024814828f72b1ae9cc2c338997b2d9826c80f6 Pull trusted keys updates from Jarkko Sakkinen: "This contains a new key type for the Data Co-Processor (DCP), which is an IP core built into many NXP SoCs such as i.mx6ull" * tag 'keys-trusted-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: docs: trusted-encrypted: add DCP as new trust source docs: document DCP-backed trusted keys kernel params MAINTAINERS: add entry for DCP-based trusted keys KEYS: trusted: Introduce NXP DCP-backed trusted keys KEYS: trusted: improve scalability of trust source config crypto: mxs-dcp: Add support for hardware-bound keys 2024-05-09T15:29:03Z David Gstir david@sigma-star.at 2024-04-03T07:21:17Z urn:sha1:3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 DCP (Data Co-Processor) is able to derive private keys for a fused random seed, which can be referenced by handle but not accessed by the CPU. Similarly, DCP is able to store arbitrary keys in four dedicated key slots located in its secure memory area (internal SRAM). These keys can be used to perform AES encryption. Expose these derived keys and key slots through the crypto API via their handle. The main purpose is to add DCP-backed trusted keys. Other use cases are possible too (see similar existing paes implementations), but these should carefully be evaluated as e.g. enabling AF_ALG will give userspace full access to use keys. In scenarios with untrustworthy userspace, this will enable en-/decryption oracles. Co-developed-by: Richard Weinberger <richard@nod.at> Signed-off-by: Richard Weinberger <richard@nod.at> Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at> Signed-off-by: David Gstir <david@sigma-star.at> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>