summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-06-15net: dsa: netc: add bridge mode supportWei Fang
Wire up the port_bridge_join, port_bridge_leave and port_vlan_filtering DSA callbacks to support both VLAN-unaware and VLAN-aware bridge modes. For VLAN-unaware bridges, each bridge instance is assigned a dedicated internal PVID via NETC_VLAN_UNAWARE_PVID(bridge.num), counting down from VID 4095. A VFT entry is created for this PVID with hardware MAC learning and flood-on-miss forwarding enabled. The CPU port is included as a VFT member so frames can reach the host. The reserved VID range is blocked in port_vlan_add to prevent user-space conflicts. Only one VLAN-aware bridge is supported at a time; this constraint is enforced in port_bridge_join and port_vlan_filtering. The per-port PVID is tracked in software and written to the BPDVR register whenever VLAN filtering is active. When a port leaves the bridge, its dynamic FDB entries are flushed right away in port_bridge_leave(), without waiting for the ageing cycle. When a link down event occurs on a port, netc_mac_link_down() will also clear the port's dynamic FDB entries via netc_port_remove_dynamic_entries(). Non-bridge ports have no dynamic FDB entries, so this call is always safe. Additionally, .port_fast_age() callback is added to flush the dynamic FDB entries associated to a port. Host flood rules are removed from the ingress port filter table when a port joins a bridge to avoid bypassing FDB lookup and MAC learning. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-9-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: netc: add VLAN filter table and egress treatment managementWei Fang
Implement the DSA .port_vlan_add and .port_vlan_del operations to enable VLAN-aware bridge offloading on the NETC switch. VLAN membership is maintained in the VLAN Filter Table (VFT). Adding the first port to a VLAN creates a new VFT entry with hardware MAC learning and flood-on-miss forwarding; subsequent ports update the existing entry's membership bitmap. Removing the last port deletes the entry. Egress tagging is handled through the Egress Treatment Table (ETT). Each VLAN is allocated a group of ETT entries, one per available port. Ports are assigned a sequential ett_offset during initialisation, used to address each port's entry within the group. Untagged ports configure the ETT to strip the outer VLAN tag; tagged ports pass frames through unmodified. Each ETT group is optionally paired with an Egress Counter Table (ECT) group for per-port frame counting, allocated on a best-effort basis. When the egress rule of an ETT entry changes, the counter of the corresponding ECT entry will be recounted to track the number of frames that match the new egress rule. A software shadow list serialised by vft_lock tracks active VLAN state across both port membership and egress tagging. VID 0 is used for single port mode and is ignored by both callbacks. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-8-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: enetc: add helpers to set/clear table bitmapWei Fang
NTMP index tables require software to allocate and manage entry IDs. Add two bitmap helper functions to facilitate this management: ntmp_lookup_free_eid(): finds the first zero bit in the given bitmap, sets it to mark the entry as in-use, and returns the corresponding entry ID. Returns NTMP_NULL_ENTRY_ID if no free entry is available. ntmp_clear_eid_bitmap(): clears the bit associated with the given entry ID in the bitmap to mark the entry as free. It is a no-op if the entry ID is NTMP_NULL_ENTRY_ID. Both functions are exported for use by other modules, such as the NETC switch driver which needs to manage group index bitmaps for the Egress Treatment Table (ETT) and Egress Count Table (ECT). Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-7-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: netc: initialize the group bitmap of ETT and ECTWei Fang
The Egress Treatment Table (ETT) and Egress Count Table (ECT) are both index tables whose entry IDs are allocated by software. Every num_ports entries form a group, where each entry in the group corresponds to one port. To facilitate group allocation and management, initialize the group index bitmaps for both tables based on hardware capabilities reported by ETTCAPR and ECTCAPR registers. The bitmap size per table is calculated as the total number of hardware entries divided by the number of available ports, which gives the number of groups available for software allocation. A set bit in the bitmap represents a group index that has been allocated. These bitmaps will be used by subsequent patches that add VLAN support. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-6-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: enetc: add "Update" operation to the egress count tableWei Fang
The egress count table is a static bounded index table, egress related statistics are maintained in this table. The table is implemented as a linear array of entries accessed using an index (0, 1, 2, ..., n) that uniquely identifies an entry within the array. Egress Counter Entry ID (EC_EID) is used as an index to an entry in this table. The EC_EID is specified in the egress treatment table. Egress count table entries are always present and enabled. The table only supports access via entry ID, which is assigned by the software. And it supports Update, Query and Query followed by Update operations. Currently, only Update operation is supported. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-5-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: enetc: add interfaces to manage egress treatment tableWei Fang
Each entry in the egress treatment table contains the egress packet processing actions to be applied to a grouping or scope of packets exiting on a particular egress port of the switch. A scope of packets, for example, could be the packets exiting a particular VLAN, matching a particular 802.1Q bridge forwarding entry or belonging to a stream identified at ingress. The egress treatment table is implemented as a linear array of entries accessed using an index (0,1, 2, ..., n) that uniquely identifies an entry within the array. The egress treatment table only supports access vid entry ID, which is assigned by the software. It supports Add, Update, Delete and Query operations. Note that only Query operation is not supported yet. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-4-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: enetc: add "Update" and "Delete" operations to VLAN filter tableWei Fang
Add two interfaces to manage entries in the VLAN filter table: ntmp_vft_update_entry(): Update the configuration element data of the specified VLAN filter entry based on the given VLAN ID. It uses the exact key access method to locate the entry. ntmp_vft_delete_entry(): Delete the VLAN filter entry corresponding to the specified VLAN ID. It also uses the exact key access method to identify the target entry. In addition, introduce struct vft_req_qd to describe the request data buffer format for Query and Delete actions of the VLAN filter table, which contains a common request data header and a VLAN access key. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-3-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: enetc: add interfaces to manage dynamic FDB entriesWei Fang
Add three interfaces to manage dynamic entries in the FDB table: ntmp_fdbt_update_activity_element(): Update the activity element of all dynamic FDB entries. For each entry, if its activity flag is not set, which means no packet has matched this entry since the last update, the activity counter is incremented. Otherwise, both the activity flag and activity counter are reset. The activity counter is used to track how long an FDB entry has been inactive, which is useful for implementing an ageing mechanism. ntmp_fdbt_delete_ageing_entries(): Delete all dynamic FDB entries whose activity flag is not set and whose activity counter is greater than or equal to the specified threshold. This is used to remove stale entries that have been inactive for too long. ntmp_fdbt_delete_port_dynamic_entries(): Delete all dynamic FDB entries associated with the specified switch port. This is typically called when a port goes down or is removed from a bridge. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-2-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15selftests/net/openvswitch: add SET action testMinxi Hou
Add test_action_set exercising OVS_ACTION_ATTR_SET with an ipv4 dst rewrite. The test verifies the SET action in three steps: first confirm normal forwarding, then apply set(ipv4(dst=10.0.0.99)) to rewrite the destination to an address nobody owns and verify ping fails, then restore normal forwarding and verify connectivity recovers. Signed-off-by: Minxi Hou <houminxi@gmail.com> Reviewed-by: Aaron Conole <aconole@redhat.com> Link: https://patch.msgid.link/20260612130503.311240-1-houminxi@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'net-sfp-extend-smbus-support'Jakub Kicinski
Jonas Jelonek says: ==================== net: sfp: extend SMBus support Today, the SFP driver only drives I2C adapters that advertise full I2C_FUNC_I2C, or SMBus-only adapters via single-byte transfers (with hwmon disabled). Several SoCs ship I2C/SMBus-only controllers that support more than just byte access -- e.g. word and I2C block -- and have SFP cages wired to them. Today, those adapters either work poorly or not at all. This series teaches the SFP driver to use the larger SMBus access modes when the adapter advertises them, and along the way starts honoring i2c_adapter quirks on read/write length so adapters that cap below the SFP block size are handled correctly. Patch 1 is a small prep doing only the quirks handling; patch 2 extends the SMBus path itself. Capability matrix supported by patch 2: - BYTE only: single-byte access (unchanged). - BYTE + WORD: word for >=2-byte chunks, byte tail. - I2C_BLOCK present: block as the universal transport. - WORD only (no BYTE/BLOCK): accepted with WARN_ONCE; works for even-length transfers, odd-length transfers will error at xfer time. Adapters with asymmetric R/W capabilities (e.g. only READ_I2C_BLOCK without WRITE_I2C_BLOCK) remain functionally correct but use the worse-supported direction's max for both directions, since i2c_max_block_size is a single field. No mainline I2C driver was seen advertising such asymmetry; per-direction sizes can be added later if needed. ==================== Link: https://patch.msgid.link/20260614133418.2068201-1-jelonek.jonas@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: sfp: extend SMBus supportJonas Jelonek
Commit 7662abf4db94 ("net: phy: sfp: Add support for SMBus module access") added SMBus access for SFP modules, but limited it to single-byte transfers. As a side effect, hwmon is disabled (16-bit reads cannot be guaranteed atomic) and a warning is printed. Many SMBus-only I2C controllers in the wild support more than just byte access, and SFP cages are often wired to such controllers rather than to a full-featured I2C controller -- e.g. the SMBus controllers in the Realtek longan and mango SoCs, which advertise word access and I2C block reads. Today, they cannot drive an SFP at all without falling back to the byte-only path. Extend sfp_smbus_read()/sfp_smbus_write() so that, in addition to the existing byte access, they also use SMBus word access and SMBus I2C block access whenever the adapter advertises them. Both directions are handled in a single read and a single write helper that pick the largest supported transfer per chunk and fall back as needed. I2C-block is preferred unconditionally when available: the protocol carries any length 1..32, so it can serve every chunk -- including the 1- and 2-byte tails -- without help from word or byte access. Note that this requires I2C_FUNC_SMBUS_I2C_BLOCK, which reads a caller-specified number of bytes. This deviates from the official SMBus Block Read (length is supplied by the slave) but is widely supported by Linux I2C controllers/drivers. Capability matrix this implementation supports: - BYTE only: works (unchanged behaviour); 1-byte xfers, hwmon disabled. - BYTE + WORD: word for >=2-byte chunks, byte for trailing odd byte. - I2C_BLOCK present (with or without BYTE/WORD): block as the universal transport for every chunk. - WORD only (no BYTE/BLOCK): accepted with WARN_ONCE. Even-length transfers work; odd-length transfers (e.g. the 3-byte cotsworks fixup write) hit the BYTE branch which the adapter does not implement, so the xfer returns an error and the operation is aborted. No mainline I2C driver was found to advertise WORD without BYTE; the warning lets us learn about it if it ever shows up. Adapters with asymmetric R/W capabilities (e.g. only READ_I2C_BLOCK but not WRITE_I2C_BLOCK) remain functionally correct -- the per-iteration fallback uses the direction-specific bits -- but the shared i2c_max_block_size is sized by the all-bits-set check, so a transfer in the better-supported direction is not upgraded. None of the mainline I2C bus drivers surveyed during review advertise such asymmetry; promoting i2c_max_block_size to per-direction sizes can be revisited if needed. Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com> Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20260614133418.2068201-3-jelonek.jonas@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: sfp: apply I2C adapter quirks to limit block sizeJonas Jelonek
The SFP driver assumes all I2C adapters support reading and writing the pre-defined block size SFP_EEPROM_BLOCK_SIZE of 16 bytes. This constant was probably chosen based on good guesses and known limitations of a range of I2C adapters and SFP modules. However, I2C adapters may even support less and usually need to specify this via I2C quirks. Theoretically, such an adapter may provide full functionality but only support a read and write length of e.g. 8 bytes. Currently, the SFP driver doesn't account for that. Add handling for I2C quirks in SFP I2C configuration taking the fields max_read_len and max_write_len in struct i2c_adapter_quirks into account to further limit the maximum block size if needed. Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com> Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20260614133418.2068201-2-jelonek.jonas@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge tag 'nf-next-26-06-14' of ↵Jakub Kicinski
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next The following patchset contains Netfilter/IPVS updates for net-next. More specifically, this contains conncount rework to address AI related reports, assorted Netfiter updates and two small incremental updates on IPVS: 1) Replace old obsolete workqueues (system_wq, system_unbound_wq) in IPVS, from Marco Crivellari. 2) Replace WARN_ON{_ONCE} by DEBUG_NET_WARN_ON_ONCE in nf_tables. In the recent years, reporters say that the use of WARN_ON{_ONCE} in conjunction with panic_on_warn=1 results in DoS. Let's replace it by DEBUG_NET_WARN_ON_ONCE so this is only exercised by test infrastructure and fuzzers, while also providing context to AI agents. From Fernando F. Mancera. Five patches from Florian Westphal to address AI reports in the conncount infrastructures: 3) Fix missing rcu read lock section when calling __ovs_ct_limit_get_zone_limit(). 4) Add a dedicate lock per rbtree tree, this increases memory usage but it should improve scalability. 5) Add a helper function to find the rbtree node, no functional changes are intented. 6) Add sequence counter to detect concurrent tree modifications and retry lookups. 7) Add locks to GC conncount walk and address other nitpicks. Then, several assorted updates: 8) Defensive Tree-wide addition of NULL checks for ct extensions. 9) Bail out if flowtable bypass cannot be fully set up from the flow offload expression, instead of lazy building a likely incomplete one. 10) Fix documentation for the new conn_max sysctl toggle in IPVS. 11) Add nf_dev_xmit_recursion*() helpers and use them, to address recent AI reports. * tag 'nf-next-26-06-14' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next: netfilter: nf_dup_netdev: add nf_dev_xmit_recursion*() helpers and use them ipvs: fix doc syntax for conn_max sysctl netfilter: flowtable: bail out if forward path cannot be discovered netfilter: conntrack: check NULL when retrieving ct extension netfilter: nf_conncount: gc and rcu fixes netfilter: nf_conncount: add sequence counter to detect tree modifications netfilter: nf_conncount: split count_tree_node rbtree walk into helper netfilter: nf_conncount: use per nf_conncount_data spinlocks netfilter: nf_conncount: callers must hold rcu read lock netfilter: nf_tables: use DEBUG_NET_WARN_ON_ONCE in packet and control paths ipvs: Replace use of system_unbound_wq with system_dfl_long_wq ==================== Link: https://patch.msgid.link/20260614114605.474783-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15mailmap: add entry for Jesse BrandeburgJesse Brandeburg
My Intel email address is no longer used, redirect it to my kernel.org address. Signed-off-by: Jesse Brandeburg <jbrandeburg@cloudflare.com> Link: https://patch.msgid.link/20260612224727.141614-1-jbrandeb@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'netdev-expose-page-pool-order-via-netlink'Jakub Kicinski
Dragos Tatulea says: ==================== netdev: expose page pool order via netlink This small series exposes io_uring's high order page configuration via the page_pool netlink interface and updates the appropriate selftest to check this value. ==================== Link: https://patch.msgid.link/20260612211709.1456966-2-dtatulea@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15io_uring/zcrx: selftests: verify rx_buf_len for large chunksDragos Tatulea
Check the newly added rx_buf_len page_pool field for io_uring in the existing large-chunks test after the receiver is up. Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com> Link: https://patch.msgid.link/20260612211709.1456966-4-dtatulea@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15netdev: expose io_uring rx_page_order order via netlinkDragos Tatulea
This adds observability for the io_uring zcrx rx-buf-len configuration. Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com> Reviewed-by: Yael Chemla <ychemla@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Acked-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://patch.msgid.link/20260612211709.1456966-3-dtatulea@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15perf tools: Document recent additions to the perf.data file headerThomas Falcon
Add documentation for recently added HEADER_E_MACHINE and HEADER_CLN_SIZE data to the perf.data file. Also fix a typo at the end of the header section. Reviewed-by: Ian Rogers <irogers@google.com> Signed-off-by: Thomas Falcon <thomas.falcon@intel.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Dapeng Mi <dapeng1.mi@linux.intel.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Clark <james.clark@linaro.org> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2026-06-15Merge branch 'selftests-vsock-improve-vng-version-and-quirk-handling'Jakub Kicinski
Bobby Eshleman says: ==================== selftests/vsock: improve vng version and quirk handling As vng has continued updating, there have been two things in our selftests that have been affected. One is that newer versions always emit the vng version warning, and two is that we have a workaround that is not needed in newer versions. This series just updates the version handling to allow all newer versions without warning and version-gates the workaround to only those versions that don't have the commit that fixed the root cause. Additionally, we add function for comparing major.minor versions which is used in both patches. -=================== Link: https://patch.msgid.link/20260612-vsock-test-update-v1-0-7d7eeed3ac8f@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15selftests/vsock: skip vng setsid workaround on >= 1.41Bobby Eshleman
virtme-ng 1.41 ships the upstream fix for the SIGTTOU hang (https://github.com/arighi/virtme-ng/pull/453), so the setsid wrapper in vng_dry_run() is no longer needed there. Gate the workaround on the vng version: setsid is used for vng < 1.41, and vng is invoked directly on >= 1.41. Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com> Link: https://patch.msgid.link/20260612-vsock-test-update-v1-2-7d7eeed3ac8f@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15selftests/vsock: accept vng 1.33 or >= 1.36Bobby Eshleman
The current vng version check uses a discrete allowlist of "1.33", "1.36", and "1.37", which forces a script update on every new release even though all post-1.36 releases work. Replace the discrete list with: "1.33", or any version >= 1.36. 1.34 and 1.35 are skipped because they were not tested. Add a version_lt() helper that compares MAJOR.MINOR numerically, so the check reads as a straightforward version comparison. Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com> Link: https://patch.msgid.link/20260612-vsock-test-update-v1-1-7d7eeed3ac8f@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15tcp: ipv6: clamp default adverting MSS to avoid GSO_BY_FRAGS (0xFFFF)Eric Dumazet
When MTU is large, ip6_default_advmss() can return IPV6_MAXPLEN (65535). This is interpreted by TCP as mss_clamp, allowing the MSS to reach 65535. However, 0xFFFF is also used as a magic value GSO_BY_FRAGS in the kernel. If a TCP packet with gso_size=0xFFFF is passed to skb_segment(), it will be mistakenly treated as GSO_BY_FRAGS, leading to a NULL pointer dereference because local TCP packets do not use frag_list. Fix this by returning min(IPV6_MAXPLEN, GSO_BY_FRAGS - 1) (65534) from ip6_default_advmss() when MTU is large. Also update the stale comment in ip6_default_advmss() which suggested that IPV6_MAXPLEN is returned to mean "any MSS". Fixes: 3953c46c3ac7 ("sk_buff: allow segmenting based on frag sizes") Reported-by: syzbot+ebdb22d461c904fc3cb2@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/6a2c3193.8812e0fc.3c3fa4.0001.GAE@google.com/T/#u Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com> Link: https://patch.msgid.link/20260612162517.83394-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15tipc: fix UAF in tipc_l2_send_msg()Eric Dumazet
Syzbot reported a slab-use-after-free in ipvlan_hard_header() when called from tipc_l2_send_msg(). The root cause is that tipc_disable_l2_media() calls synchronize_net() while b->media_ptr is still valid. This allows concurrent RCU readers to obtain the device pointer after synchronize_net() has finished. The pointer is cleared later in bearer_disable(), but without any subsequent synchronization, allowing the device to be freed while still in use by readers. Fix this by clearing b->media_ptr in tipc_disable_l2_media() before calling synchronize_net(). This is safe to do now because the call order in bearer_disable() was reversed in 0d051bf93c06 ("tipc: make bearer packet filtering generic") to call tipc_node_delete_links() (which needs the pointer) before disable_media(). Fixes: 282b3a056225 ("tipc: send out RESET immediately when link goes down") https: //lore.kernel.org/netdev/6a2c1007.428ffe26.258b27.015d.GAE@google.com/T/#u Reported-by: syzbot+64ec81389cbad56a8c35@syzkaller.appspotmail.com Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jon Maloy <jmaloy@redhat.com> Reviewed-by: Tung Nguyen <tung.quang.nguyen@est.tech> Link: https://patch.msgid.link/20260612135949.4010482-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'octeontx2-quiesce-stale-mailbox-irq-state-before-request_irq'Jakub Kicinski
Runyu Xiao says: ==================== octeontx2: quiesce stale mailbox IRQ state before request_irq() Both OTX2 mailbox registration paths currently install their IRQ handlers before clearing stale local mailbox interrupt state, even though the code comments already say that the clear is needed first to avoid spurious interrupts. This issue was found by our static analysis tool and manually audited on Linux v6.18.21. Directed QEMU no-device validation further showed that the real PF and VF mailbox handlers are already reachable in that pre-clear window and can touch the same mailbox and workqueue carrier before local quiesce has completed. This series keeps the change minimal: - clear stale mailbox interrupt state before request_irq() - keep interrupt enabling after the handler is installed That closes the early-IRQ window without introducing a new enable-before-handler window. Patch 1 fixes the PF mailbox registration path. Patch 2 fixes the VF mailbox registration path. Build-tested by compiling otx2_pf.o and otx2_vf.o. No OTX2 hardware was available for end-to-end runtime testing. ==================== Link: https://patch.msgid.link/20260611160014.3202224-1-runyu.xiao@seu.edu.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15octeontx2-vf: clear stale mailbox IRQ state before request_irq()Runyu Xiao
otx2vf_register_mbox_intr() currently installs the VF mailbox IRQ handler before clearing stale mailbox interrupt state. The code then says that local interrupt bits should be cleared first to avoid spurious interrupts, but that clear still happens only after request_irq() has already made the handler reachable. A running system can reach this during VF mailbox interrupt registration while stale or latched RVU_VF_INT state is still present. If delivery happens in the request_irq()-to-clear window, otx2vf_vfaf_mbox_intr_handler() can run before local quiesce and touch the same vf->mbox and vf->mbox_wq carrier that probe and teardown later reuse or destroy. Move the stale mailbox interrupt clear ahead of request_irq(), but keep interrupt enabling after the handler is installed. This closes the pre-clear early-IRQ window without creating a new enable-before-handler window. Fixes: 3184fb5ba96e ("octeontx2-vf: Virtual function driver support") Cc: stable@vger.kernel.org Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: Ratheesh Kannoth <rkannoth@marvell.com> Link: https://patch.msgid.link/20260611160014.3202224-3-runyu.xiao@seu.edu.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15octeontx2-pf: clear stale mailbox IRQ state before request_irq()Runyu Xiao
otx2_register_mbox_intr() currently installs the PF mailbox IRQ handler before clearing stale mailbox interrupt state. The function itself then comments that the local interrupt bits must be cleared first to avoid spurious interrupts, but that clear happens only after request_irq() has already exposed the handler to irq delivery. A running system can reach this during PF mailbox interrupt registration while stale or latched RVU_PF_INT state is still present. If delivery happens in the request_irq()-to-clear window, otx2_pfaf_mbox_intr_handler() can run before local quiesce and touch the same pf->mbox and pf->mbox_wq carrier that probe and teardown later reuse or destroy. Move the stale mailbox interrupt clear ahead of request_irq(), but keep interrupt enabling after the handler is installed. This closes the pre-clear early-IRQ window without creating a new enable-before-handler window. Fixes: 5a6d7c9daef3 ("octeontx2-pf: Mailbox communication with AF") Cc: stable@vger.kernel.org Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: Ratheesh Kannoth <rkannoth@marvell.com> Link: https://patch.msgid.link/20260611160014.3202224-2-runyu.xiao@seu.edu.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: phy: sfp: detect presence via I2C when no MOD_DEF0 GPIOGreg Patrick
An SFP cage (compatible "sff,sfp") whose MOD_DEF0 signal is not wired to a GPIO currently falls back to sff_gpio_get_state(), which unconditionally reports the module as present. An empty cage therefore fails its probe and is parked in SFP_MOD_ERROR forever; because SFP_F_PRESENT never deasserts there is no REMOVE event to recover the state machine, so a module inserted after boot is never detected, and empty cages spam -EIO at boot. This affects boards that route none of the cage presence signal to a software-readable input. On the NicGiga S100-0800S-M (RTL9303, 8x SFP+) the cage I2C bus is the switch's SMBus master; TX_DISABLE is driven via a PCA9534 I/O expander, but no MOD_ABS/MOD_DEF0 line reaches a readable GPIO (the RTL9303 gpio0 lines read stuck-low, the single PCA9534 is fully consumed by TX_DISABLE, and there is no RTL8231). The Horaco ZX-SW82TS-L2P (RTL9302D, 2x SFP+) is independently affected in the same way. For such an SFP cage, derive presence from a throttled single-byte I2C read of the module EEPROM instead: a successful read asserts SFP_F_PRESENT, R_PROBE_ABSENT consecutive failures clear it (to ride out a transient error on a live module). The existing poll then emits SFP_E_INSERT / SFP_E_REMOVE normally, giving working hot-plug and silencing the boot-time -EIO spam on empty cages. Presence is re-probed every T_PROBE_PRESENT, so insertion is detected within that interval and removal within T_PROBE_PRESENT * R_PROBE_ABSENT. A soldered-down module (compatible "sff,sff") has no presence signal and is genuinely always present, so it continues to use sff_gpio_get_state(); the new path is gated on the cage type advertising SFP_F_PRESENT. Signed-off-by: Greg Patrick <gregspatrick@hotmail.com> Tested-by: Manuel Stocker <mensi@mensi.ch> Reviewed-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Tested-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Link: https://patch.msgid.link/20260611175341.2223184-1-gregspatrick@hotmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'devlink-warn-on-resource-id-collision-with-parent_top'Jakub Kicinski
David Yang says: ==================== devlink: Warn on resource ID collision with PARENT_TOP Filter out the ambiguous case of enum { MY_RESOURCE_ID_A, /* == DEVLINK_RESOURCE_ID_PARENT_TOP ! */ MY_RESOURCE_ID_B, ... }; register(..., MY_RESOURCE_ID_A, DEVLINK_RESOURCE_ID_PARENT_TOP, ...); register(..., MY_RESOURCE_ID_B, MY_RESOURCE_ID_A, ...); ==================== Link: https://patch.msgid.link/20260611070856.889700-1-mmyangfl@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15devlink: Warn on resource ID collision with PARENT_TOPDavid Yang
ID 0 serves as the sentinel DEVLINK_RESOURCE_ID_PARENT_TOP to mark top-level resources. While it is technically possible to use 0 as a real resource ID, a user might be tempted to write: enum { MY_RESOURCE_ID_A, /* == DEVLINK_RESOURCE_ID_PARENT_TOP ! */ MY_RESOURCE_ID_B, MY_RESOURCE_ID_C, MY_RESOURCE_ID_D, ... }; register(..., MY_RESOURCE_ID_C, DEVLINK_RESOURCE_ID_PARENT_TOP, ...); register(..., MY_RESOURCE_ID_D, MY_RESOURCE_ID_C, ...); /* D is a child of C */ register(..., MY_RESOURCE_ID_A, DEVLINK_RESOURCE_ID_PARENT_TOP, ...); register(..., MY_RESOURCE_ID_B, MY_RESOURCE_ID_A, ...); /* Is B intentionally top-level, or is it actually a child of A? */ Add a WARN_ON() to catch this and prevent confusion. Signed-off-by: David Yang <mmyangfl@gmail.com> Link: https://patch.msgid.link/20260611070856.889700-6-mmyangfl@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: mv88e6xxx: Avoid devlink resource IDs collision with PARENT_TOPDavid Yang
The devlink resource ID for ATU collides with the sentinel DEVLINK_RESOURCE_ID_PARENT_TOP (0). As a result, ATU_bin_* are registered as in fact registered as top-level siblings, not as children of ATU. Whether intentional or unintentional, clarify it by keeping the real resource IDs starting at 1. Unfortunately ATU_bin_* are already registered at top-level, so keep their parent to PARENT_TOP. Signed-off-by: David Yang <mmyangfl@gmail.com> Link: https://patch.msgid.link/20260611070856.889700-5-mmyangfl@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: hellcreek: avoid devlink resource IDs collision with PARENT_TOPDavid Yang
This might not cause real problems, but the hellcreek devlink resource ID collides with the sentinel DEVLINK_RESOURCE_ID_PARENT_TOP (0). Avoid it by keeping the real resource IDs starting at 1. Signed-off-by: David Yang <mmyangfl@gmail.com> Acked-by: Kurt Kanzenbach <kurt@linutronix.de> Link: https://patch.msgid.link/20260611070856.889700-4-mmyangfl@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: b53: avoid devlink resource IDs collision with PARENT_TOPDavid Yang
This might not cause real problems, but the b53 devlink resource ID collides with the sentinel DEVLINK_RESOURCE_ID_PARENT_TOP (0). Avoid it by keeping the real resource IDs starting at 1. Signed-off-by: David Yang <mmyangfl@gmail.com> Link: https://patch.msgid.link/20260611070856.889700-3-mmyangfl@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: dsa_loop: avoid devlink resource IDs collision with PARENT_TOPDavid Yang
This might not cause real problems, but the dsa_loop devlink resource ID collides with the sentinel DEVLINK_RESOURCE_ID_PARENT_TOP (0). Avoid it by keeping the real resource IDs starting at 1. Signed-off-by: David Yang <mmyangfl@gmail.com> Link: https://patch.msgid.link/20260611070856.889700-2-mmyangfl@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15pmdomain: core: fix unused variable warning with !PM_GENERIC_DOMAINS_OFJohan Hovold
The genpd provider bus is really only used when CONFIG_PM_GENERIC_DOMAINS_OF is enabled, and since the recent deferred initialisation of domain parent devices, the root device pointer is otherwise unused. Fix the unused variable warning by moving the definition of the root device pointer inside the corresponding ifdef. Fixes: 92b69eff8012 ("pmdomain: core: fix early domain registration") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202606111746.kAxaAbwg-lkp@intel.com/ Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Ulf Hansson <ulfh@kernel.org>
2026-06-15NFSv4/pNFS: reject zero-length r_addr in nfs4_decode_mp_ds_addrMichael Bommarito
nfs4_decode_mp_ds_addr() decodes the r_netid and r_addr opaques of a netaddr4 from a GETDEVICEINFO multipath-DS body, then immediately calls strrchr(buf, '.') to locate the port separator. Both decodes use xdr_stream_decode_string_dup(), and the current code checks only "nlen < 0" / "rlen < 0" before dereferencing the returned string. When the on-wire opaque has length zero, xdr_stream_decode_opaque_inline() returns 0 and xdr_stream_decode_string_dup() falls through to its "*str = NULL; return ret" tail, leaving buf NULL with a return value of 0. The "< 0" check does not catch this, and the next line is strrchr(NULL, '.'), a kernel NULL pointer dereference reachable from any pNFS-flexfile client mounted against a malicious or compromised metadata server. Reject the zero-length cases explicitly so the decoder fails with -EBADMSG (treated as a malformed GETDEVICEINFO body) instead of panicking the client. Cc: stable@vger.kernel.org Fixes: 6b7f3cf96364 ("nfs41: pull decode_ds_addr from file layout to generic pnfs") Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Michael Bommarito <michael.bommarito@gmail.com> Signed-off-by: Anna Schumaker <anna.schumaker@hammerspace.com>
2026-06-15nfs: don't skip revalidate on directory delegation when attrs flagged staleTom Haynes
On a local directory mutation (rename/create/unlink) the client marks CHANGE / MTIME / CTIME as invalid in NFS_I(dir)->cache_validity. When a subsequent stat(2) enters __nfs_revalidate_inode() and finds a directory delegation held, the function currently early-exits and returns the cached (now stale) mtime to userspace without sending a GETATTR RPC. Keep the early-exit for the fast path, but take the RPC when CHANGE, MTIME, or CTIME are already marked invalid. The delegation alone is not a guarantee of cached-attr freshness once the code itself has flagged the cache as stale. Assisted-by: Claude:claude-opus-4-7 [bpftrace] [tshark] Signed-off-by: Tom Haynes <loghyr@gmail.com> [Anna: Use NFS_INO_INVALID_ATTR insteado of individual NFS_INO_INVALID_* flags] Signed-off-by: Anna Schumaker <anna@kernel.org>
2026-06-15dt-bindings: interrupt-controller: ti,irq-crossbar: Convert to DT schemaBhargav Joshi
Convert TI irq-crossbar binding from text format to DT schema. As part of conversion following changes are made: - Add '#interrupt-cells' as a required property which was missing in text binding - As irq-crossbar is interrupt-controller. Move binding from bindings/arm/omap to bindings/interrupt-controller Signed-off-by: Bhargav Joshi <j.bhargav.u@gmail.com> Link: https://patch.msgid.link/20260612-crossbar-v3-1-266747bc2e86@gmail.com Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
2026-06-15Merge branch 'ipv4-fib-remove-rtnl-in-fib_net_exit_batch'Jakub Kicinski
Kuniyuki Iwashima says: ==================== ipv4: fib: Remove RTNL in fib_net_exit_batch(). Currently, we flush all IPv4 routes at ->exit_batch() during netns dismantle, which requires an extra RTNL. IPv4 routes are not added from the fast path unlike IPv6, so we can flush routes before default_device_exit_batch(). However, there is implicit ordering between ip_fib_net_exit() and default_device_exit_batch(). This series detangles it and moves ip_fib_net_exit() to ->exit_rtnl() to save the RTNL dance. The same change for IPv6 will need more work. ==================== Link: https://patch.msgid.link/20260612063225.455191-1-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15ipv4: fib: Convert fib_net_exit_batch() to ->exit_rtnl().Kuniyuki Iwashima
Currently, IPv4 routes are flushed in ->exit_batch() after all devices are unregistered. Unlike IPv6, IPv4 routes are not added from the fast path, so we can flush routes before default_device_exit_batch(). Let's call ip_fib_net_exit() from ->exit_rtnl() to save one RTNL locking dance. ip_fib_net_exit() must use list_del_rcu() for fib_table for the fast path on dying dev. Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260612063225.455191-6-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15ipv4: fib: Avoid calling fib_trie_table() in fib_new_table() for dying net.Kuniyuki Iwashima
We will call ip_fib_net_exit() from ->exit_rtnl(). All fib_table will be destroyed before devices are unregistered. During device unregistration, inetdev_destroy() could call fib_del_ifaddr(), which calls fib_magic(RTM_DELROUTE). fib_magic() calls fib_new_table(), but we do not want to create a new table after ip_fib_net_exit() destroys all tables. As a prep, let's add check_net() before fib_trie_table() in fib_new_table(). fib_trie_table() is also called from fib_trie_unmerge(), but fib_get_table() fails first in fib_unmerge(), so the same problem does not occur there. Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260612063225.455191-5-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15ipv4: fib: Free net->ipv4.{fib_table_hash,notifier_ops} without RTNL.Kuniyuki Iwashima
We will call ip_fib_net_exit() from ->exit_rtnl(). However, some paths will still access net->ipv4.fib_table_hash after ->exit_rtnl(). For example, fib_flush() is called from fib_disable_ip() for NETDEV_UNREGISTER. Let's move kfree(net->ipv4.fib_table_hash) and fib4_notifier_exit() from ip_fib_net_exit() to its caller. Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260612063225.455191-4-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15ipv4: fib: Call fib_proc_exit() and nl_fib_lookup_exit() at ->pre_exit().Kuniyuki Iwashima
We will call ip_fib_net_exit() from ->exit_rtnl(). Since the exit callbacks are called in the following order, 1. ->pre_exit() ~~~ synchronize_rcu() ~~~ 2. ->exit_rtnl() : ip_fib_net_exit() 3. ->exit() : fib_proc_exit() / nl_fib_lookup_exit() 4. ->exit_batch() : fib4_semantics_exit() the reverse order of fib_net_init() would get messed up. Let's move fib_proc_exit() and nl_fib_lookup_exit() to ->pre_exit(). This is fine because procfs/netlink access from userspace cannot occur at this point and synchronize_rcu() is not needed. Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260612063225.455191-3-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15ipv4: fib: Flush all fib_info in fib_table_flush() during netns dismantle.Kuniyuki Iwashima
Even when fib_table_flush() is called with flush_all true, it does not flush all fib_info due to this condition: !(fi->fib_flags & RTNH_F_DEAD) && !fib_props[fa->fa_type].error) This creates an implicit ordering between default_device_exit_batch() and fib_net_exit_batch(). fib_table_flush(flush_all=true) must be called after all devices are NETDEV_UNREGISTERed, which is after nexthop_flush_dev() marks RTNH_F_DEAD. This would cause memory leak if the order were reversed. fib_table_flush() does not skip non-dead error routes when flush_all is true: !flush_all && !(fi->fib_flags & RTNH_F_DEAD) && fib_props[fa->fa_type].error Let's merge the two conditions not to skip all non-dead fib_info during netns dismantle. Note that we could further apply !flush_all to the basic table id check and the rtmsg_fib() call in the loop. Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260612063225.455191-2-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: hellcreek: replace kcalloc with struct_sizeRosen Penev
One fewer allocation for the priv struct. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kurt Kanzenbach <kurt@linutronix.de> Link: https://patch.msgid.link/20260608045640.5172-1-rosenp@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch ↵Jakub Kicinski
'net-mlx5-add-switchdev-mode-support-for-socket-direct-single-netdev-part-2-2' Tariq Toukan says: ==================== net/mlx5: Add switchdev mode support for Socket Direct single netdev, part 2/2 This is part 2. Find part 1 here: https://lore.kernel.org/all/20260531113954.395443-1-tariqt@nvidia.com/ This series enables Socket Direct single netdev to operate in switchdev mode with shared FDB. SD single netdev combines multiple PCI functions behind a single netdev interface. To support switchdev offloads, these functions must participate in virtual LAG (shared FDB). Design Rather than introducing a separate LAG instance for SD, this series integrates SD secondary devices into the existing LAG structure (priv.lag) created at probe time. Each lag_func entry carries a group_id field that identifies its SD group membership (0 means not part of any SD group). An xarray mark (XA_MARK_PORT) distinguishes physical port entries from SD secondaries, enabling a single unified iterator that filters by group: - MLX5_LAG_FILTER_PORTS: iterate port-level entries only (existing behavior, used by bonding, FW LAG commands, v2p_map) - MLX5_LAG_FILTER_ALL: iterate all devices including SD secondaries (used by MPESW shared FDB across all devices) - specific group_id: iterate only devices in that SD group (used by per-group SD shared FDB operations) Existing callers use mlx5_ldev_for_each() which maps to MLX5_LAG_FILTER_PORTS, preserving current behavior for non-SD configurations. Lifecycle and ownership The SD LAG lifecycle is tied to the SD group, not to bonding events: 1. At PCI probe, mlx5_lag_add_mdev() creates the LAG structure (priv.lag) for each LAG-capable PF. e.g.: SD primary devices 2. During mlx5_sd_init(), after the SD group is fully formed (primary and secondaries paired), sd_lag_init() registers the secondary devices into the primary's existing priv.lag by calling mlx5_ldev_add_mdev() with the SD group_id. The primary's lag_func also gets its group_id set. No separate LAG instance is created. 3. After all the devices in SD group transition to switchdev, mlx5_lag_shared_fdb_create() is invoked with the group_id to create a software-only shared FDB scoped to that SD group. This sets sd_fdb_active on all lag_func entries in the group. No FW LAG commands are issued since SD devices share the same physical port. 4. If MPESW (multi-port eswitch) is enabled on top of SD groups, the per-group SD shared FDB is torn down first, then MPESW shared FDB is created spanning all devices (ports + SD secondaries) using MLX5_LAG_FILTER_ALL. On MPESW disable, per-group SD shared FDB is restored. 5. On SD teardown (mlx5_sd_cleanup or device unbind), sd_lag_cleanup() removes secondaries from priv.lag and clears the primary's group_id. The LAG structure itself is not destroyed. The sd_fdb_active flag is set on all lag_func entries in a group (not just the primary), so any device can detect the SD shared FDB state during lag_disable_change teardown without needing to look up peer entries. SD shared FDB is a pure software construct -- unlike regular LAG modes (ROCE, SRIOV, MPESW), it does not issue FW create_lag/destroy_lag commands. The software vport LAG for SD is implemented via eswitch egress ACL bounce rules, managed by the IB layer through mlx5_eth_lag_init(). And the software LAG demux is implemented via steering rules that utilize new destination, VHCA_RX. Patches E-Switch preparation (patch 1): - Skip uplink IB rep load for SD secondary devices Devcom support (patches 2-3): - Expose locked variant of send_event - Add DEVCOM_CANT_FAIL for non-rollback events SD core hardening (patches 4-6): - Make primary/secondary role determination more robust - Add L2 table silent mode query support - Expand vport metadata for SD secondary devices SD switchdev transition (patches 7-8): - Support switchdev mode transition with shared FDB - Notify SD on eswitch disable LAG integration (patches 9-12): - Store demux resources per master lag_func - Disable both regular and SD LAG on lag_disable_change - Introduce software vport LAG implementation - Add MPESW over SD LAG support Deferred init (patches 13-14): - Tie rep load/unload to SD LAG state - Defer vport metadata init until SD is ready Enablement (patch 15): - Enable SD over ECPF and allow switchdev transition v2: https://lore.kernel.org/20260608135547.482825-1-tariqt@nvidia.com v1: https://lore.kernel.org/20260604114455.434711-1-tariqt@nvidia.com ==================== Link: https://patch.msgid.link/20260612113904.537595-1-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net/mlx5: SD, enable SD over ECPF and allow switchdev transitionShay Drory
Remove the restriction blocking SD on embedded CPU PFs (ECPF), enabling SD functionality on BlueField DPUs. Remove the blocker preventing SD devices from transitioning to switchdev mode. The infrastructure added in earlier patches properly handles this case. Signed-off-by: Shay Drory <shayd@nvidia.com> Reviewed-by: Mark Bloch <mbloch@nvidia.com> Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Link: https://patch.msgid.link/20260612113904.537595-16-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net/mlx5: SD, defer vport metadata init until SD is readyShay Drory
Allow SD devices to transition to switchdev before the SD group is fully up. Metadata allocation requires the SD group to be ready, so defer it from esw_offloads_enable() until SD shared-FDB activation. Add mlx5_esw_offloads_init_deferred_metadata() which allocates per-vport metadata and refreshes the ingress ACLs that were previously programmed with metadata=0. The helper is idempotent and can be called multiple times. Signed-off-by: Shay Drory <shayd@nvidia.com> Reviewed-by: Mark Bloch <mbloch@nvidia.com> Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Link: https://patch.msgid.link/20260612113904.537595-15-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net/mlx5: E-Switch, Tie rep load/unload to SD LAG stateShay Drory
On an SD device, vport representors are not functional until the SD group is combined and shared FDB is active. Skip the initial load and the reload paths in that window; reps are loaded as part of the SD LAG activation flow once it becomes active. In addition, explicitly unload representors when SD LAG is destroyed. Signed-off-by: Shay Drory <shayd@nvidia.com> Reviewed-by: Mark Bloch <mbloch@nvidia.com> Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Link: https://patch.msgid.link/20260612113904.537595-14-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net/mlx5: LAG, add MPESW over SD LAG supportShay Drory
Enable MPESW LAG creation over SD LAG members, forming a composite LAG hierarchy. This allows bonding multiple SD groups together under a single MPESW configuration with shared FDB. When enabling composite MPESW, the individual SD LAG shared FDB configurations are temporarily torn down and recreated when the composite LAG is disabled. Signed-off-by: Shay Drory <shayd@nvidia.com> Reviewed-by: Mark Bloch <mbloch@nvidia.com> Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Link: https://patch.msgid.link/20260612113904.537595-13-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net/mlx5: LAG, introduce software vport LAG implementationShay Drory
SD LAG is a virtual LAG without hardware LAG support, so it cannot use the firmware vport LAG commands. Implement a software-based vport LAG using egress ACL bounce rules. Add esw_set_slave_egress_rule() to create an egress ACL rule on the slave's manager vport that bounces traffic to the master's manager vport. This achieves the same traffic steering as hardware vport LAG. Redirect mlx5_cmd_create_vport_lag() and mlx5_cmd_destroy_vport_lag() to the software implementation when operating in SD LAG mode. In addition, adjust lag_demux creation to check SD LAG mode as well. Signed-off-by: Shay Drory <shayd@nvidia.com> Reviewed-by: Mark Bloch <mbloch@nvidia.com> Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Link: https://patch.msgid.link/20260612113904.537595-12-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>