Issue: 1. Not able to launch supplicant on second VF
2. When launching supplicant on VF1, MACSec link on VF0 is getting lost
Fix: Do not program CAR registers as part of OSD as the same is being
taken care by Server and also do not register for MACSec interrupts.
Same is being handled in Server
2. Enabled packet duplication for MultiCast frames when launching
supplicant
Bug 4824402
Change-Id: I7b26298da8c94df2da823e36476bc37acf6123cd
Signed-off-by: Sanath Kumar Gampa <sgampa@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3201116
Reviewed-by: Mahesh Patil <maheshp@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Nagaraj Annaiah <nannaiah@nvidia.com>
Reviewed-by: Ashutosh Jha <ajha@nvidia.com>
Issue: IOCTLs from supplicanta pplication are not reaching Nvidia
Ethernet driver in kernel 6.1
Fix: Filled the correct policy while registering with netlink. Added
Cipher Suite attribute to genl macsec policy
Ported from -
https://git-master.nvidia.com/r/c/nvethernet-docs/+/3126784
Bug 4316709
Change-Id: I7d0b86d14b1d5bb9aff34b79d635bfccd7443ebf
Issue:
L4T platforms on boot comes up with MTU as 1500.
However on changing the MTU to jumbo, the final
MTU which gets set accounts the MACSEC ICV tag
len and reduces the MTU by 34 bytes even though
the platform does not support MACSEC.
Fix:
Assign macsec allocated private data to NULL and
use the NULL check in ndo mtu change ioctl call
to reject MTU reduction if macsec is not supported.
Bug 4137597
Change-Id: Ica3003b54762dd5d240c9b0c5c012049b4e503b2
Signed-off-by: Sushil Kumar Singh <sushilkumars@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2928569
Reviewed-by: Revanth Kumar Uppala <ruppala@nvidia.com>
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Revanth Kumar Uppala <ruppala@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
Issue:
MGBE0 ASID is getting programmed for all the MAC instances
which inturn causing the data transfer failures.Macsec is not enable
and hence instance_id is not getting updated to the corresponding mac
instance number and hence all mac instance_id's are initialized with 0.
Since ASID programming is based on mac instance_id, all MACs are
programmed with MGBE0 MAC instance id.
Fix:
Moved reading of instance_id from DT out of macsec_probe and hence the
instance_id gets updated irrespective of MAC sec enable/disable.
Bug 4124937
Change-Id: I500ed8d3db402995488260af99ad190217ff6dd2
Signed-off-by: Revanth Kumar Uppala <ruppala@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2925252
Reviewed-by: Narayan Reddy <narayanr@nvidia.com>
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
Issue: If the supplicant is killed for some reason Data would flow
plain on that interface, this needs to be avoided
Fix: Update bypass LUT such that if the frames from the VF(on which
supplicant is launched) is received on MACSEC either authenticate the
same or drop. Along with this handles below items as well. All the VFs MACIDs
are obtained in OSI to update the bypass LUTs to decide on which VF frames
to be authenticated and which VF frames needs to be bypassed.
1. Remove osi_macsec_en API and have single API to init and deinit
2. Remove explicit command from supplicant to set control port and
set protected frames. Handle the same in osi_macsec_init
Bug 3984665
Change-Id: I8bc8aa95d1e21e99e992b471fb70ed58073163f7
Signed-off-by: Sanath Kumar Gampa <sgampa@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2878515
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Issue: If WOL is enabled after running "./ethtool -s eth0 wol g"
command there will not be any eapol frames transaction, hence macsec
will be disabled. As macsec is disabled before suspend we are not
enabling it back once resumed. Because of this eapol frames are also
sent with sec-tag as byp_lut is not programmed.
Fix: Instead of depending on the macsec state, check if there is any
supplicant running, if there is any supplicant then enable the macsec
post resume.
Bug 3577131
Change-Id: I6018b94411034eebba34f5f0a9520907305c573e
Signed-off-by: Sanath Kumar Gampa <sgampa@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2694446
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Bhadram Varka <vbhadram@nvidia.com>
Reviewed-by: Mahesh Patil <maheshp@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: svc_kernel_abi <svc_kernel_abi@nvidia.com>
Reviewed-by: Ashutosh Jha <ajha@nvidia.com>
GVS: Gerrit_Virtual_Submit
Issue: Name of the nl_family is nv_macsec for all the interfaces
hence even if the macsec is enabled for one interface and disabled for
other interfaces, supplicant can be launched for all the interfaces.
Fix: Use the interface name for the nl_family name hence supplicant can
check if macsec is enabled in DT before initializing supplicant for that
particular interface
Bug 3673434
Change-Id: I33d62a0ab2b74f7f53abcd8e6629c1b013eede86
Signed-off-by: Sanath Kumar Gampa <sgampa@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2726483
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Issue: To fix the MISRA/COVERITY defects in OSI
Some of the API names got changed
Fix: Update the OSD by using the new API name.
Addressed another issue where some of the unwanted
code is removed as MACSEC is always enabled for both
tx and Rx but not anyone of them
Bug 3460422
Change-Id: I21e64f7004fe1f7b09f863c7a68c36408198cbe2
Signed-off-by: Sanath Kumar Gampa <sgampa@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2618710
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
1) Add threaded interrupt handler function to call EPL API
to report error.
2) add hsi_enable sysfs interface to enable HSI feature at runtime
to enable:
echo enable > /sys/devices/platform/./nvethernet/hsi_enable
to disable:
echo disable > /sys/devices/platform/./nvethernet/hsi_enable
3) For mac RX CRC and checksum error, error reporting frequency is
every one second for HSI_ERROR_THRESHOLD error count
4) Added DT property “nvidia,hsi_err_time_threshold” to specify time
threshold for error reporting
5) Added DT property "nvidia,hsi_err_count_threshold" to specify
error count threshold for error reporting
Bug 3543410
Change-Id: I73ef1a674a846295e02deff7e07954e8dada9792
Signed-off-by: Om Prakash Singh <omp@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2675040
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: svc_kernel_abi <svc_kernel_abi@nvidia.com>
Reviewed-by: Narayan Reddy <narayanr@nvidia.com>
Reviewed-by: Rakesh Goyal <rgoyal@nvidia.com>
Reviewed-by: Ashutosh Jha <ajha@nvidia.com>
GVS: Gerrit_Virtual_Submit
Issue: If MTU is increased after Supplicant is initialized
we are not updating the MACSEC MTU so the frames will get
dropped as the MACSEC MTU is lesser than the frames received
Fix: Changes to update the MACSEC MTU along with MAC MTU
Bug 3577143
Change-Id: I8cdd8ce331cbf40139e6f486439113d5b29a0687
Signed-off-by: Sanath Kumar Gampa <sgampa@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2686289
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Issue: SID needs to be programmed through HV window
to get it reflected in controller register space.
Currently its programmed through RM window.
Fix: Get HV window base address from DT and program
in controller registers in non-hypervisor mode.
Store MAC instance ID to program the same ASID
values which are used in DT.
Bug 200761024
Change-Id: Ie9bcaebcba39f2d07438c9502591c0f51f22378f
Signed-off-by: Bhadram Varka <vbhadram@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2592481
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Update mac/macsec init programming
1. macsec clock and reset programming order at init and deinit
2. macsec SOT values as per macsec IAS
3. mac IPG values as per macsec IAS
Bug 3266535
Signed-off-by: Mahesh Patil <maheshp@nvidia.com>
Change-Id: I29c829c47d0ae7e3529464da79ba6a9a2bc68919
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2506487
Reviewed-by: Srinivas Ramachandran <srinivasra@nvidia.com>
Reviewed-by: Bhadram Varka <vbhadram@nvidia.com>
This commit adds the driver interface for the
MACsec controller. The driver interface is
invoked using generic netlink messages from
userspace MACsec key agreement agent.
Currently sysfs node is added to check the irq
stats for default macsec controller operation.
Bug 2913560
Change-Id: I07b0b778ba1c6674e87b103a3e68e158fea61c2c
Signed-off-by: Srinivas Ramachandran <srinivasra@nvidia.com>
