Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.12.9 2017-06-07T06:16:27+00:00 2017-06-07T06:16:27+00:00 Hangbin Liu liuhangbin@gmail.com 2017-06-01T06:57:56+00:00 urn:sha1:b81f884a547b5c264c13fdfaa3b65cf994bf1dcf In commit d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") we make xfrm_device.o only compiled when enable option CONFIG_XFRM_OFFLOAD. But this will make xfrm_dev_event() missing if we only enable default XFRM options. Then if we set down and unregister an interface with IPsec on it. there will no xfrm_garbage_collect(), which will cause dev usage count hold and get error like: unregister_netdevice: waiting for <dev> to become free. Usage count = 4 Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-05-04T05:30:59+00:00 Sabrina Dubroca sd@queasysnail.net 2017-05-03T14:43:19+00:00 urn:sha1:9b3eb54106cf6acd03f07cf0ab01c13676a226c2 When CONFIG_XFRM_SUB_POLICY=y, xfrm_dst stores a copy of the flowi for that dst. Unfortunately, the code that allocates and fills this copy doesn't care about what type of flowi (flowi, flowi4, flowi6) gets passed. In multiple code paths (from raw_sendmsg, from TCP when replying to a FIN, in vxlan, geneve, and gre), the flowi that gets passed to xfrm is actually an on-stack flowi4, so we end up reading stuff from the stack past the end of the flowi4 struct. Since xfrm_dst->origin isn't used anywhere following commit ca116922afa8 ("xfrm: Eliminate "fl" and "pol" args to xfrm_bundle_ok()."), just get rid of it. xfrm_dst->partner isn't used either, so get rid of that too. Fixes: 9d6ec938019c ("ipv4: Use flowi4 in public route lookup interfaces.") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-04-14T08:07:28+00:00 Steffen Klassert steffen.klassert@secunet.com 2017-04-14T08:07:28+00:00 urn:sha1:f6e27114a60a0afdec40db1bf7f6da37b565745a When we do IPsec offloading, we need a fallback for packets that were targeted to be IPsec offloaded but rerouted to a device that does not support IPsec offload. For that we add a function that checks the offloading features of the sending device and and flags the requirement of a fallback before it calls the IPsec output function. The IPsec output function adds the IPsec trailer and does encryption if needed. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-04-14T08:06:10+00:00 Steffen Klassert steffen.klassert@secunet.com 2017-04-14T08:06:10+00:00 urn:sha1:d77e38e612a017480157fe6d2c1422f42cb5b7e3 This patch adds all the bits that are needed to do IPsec hardware offload for IPsec states and ESP packets. We add xfrmdev_ops to the net_device. xfrmdev_ops has function pointers that are needed to manage the xfrm states in the hardware and to do a per packet offloading decision. Joint work with: Ilan Tayari <ilant@mellanox.com> Guy Shapiro <guysh@mellanox.com> Yossi Kuperman <yossiku@mellanox.com> Signed-off-by: Guy Shapiro <guysh@mellanox.com> Signed-off-by: Ilan Tayari <ilant@mellanox.com> Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-04-14T08:06:01+00:00 Steffen Klassert steffen.klassert@secunet.com 2017-04-14T08:06:01+00:00 urn:sha1:c35fe4106b928d0a5909cfdac53c1db559b24299 This patch adds a gso_segment and xmit callback for the xfrm_mode and implement these functions for tunnel and transport mode. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-04-14T08:05:53+00:00 Steffen Klassert steffen.klassert@secunet.com 2017-04-14T08:05:53+00:00 urn:sha1:21f42cc95f07c1d7827b339c04442e147411e44b This is needed for the upcomming IPsec device offloading. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-04-14T08:05:44+00:00 Steffen Klassert steffen.klassert@secunet.com 2017-04-14T08:05:44+00:00 urn:sha1:9d389d7f84bbb3a294eb05f7dfe2076e291fc150 We add a struct xfrm_type_offload so that we have the offloaded codepath separated to the non offloaded codepath. With this the non offloade and the offloaded codepath can coexist. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-03-27T05:04:14+00:00 Alexey Dobriyan adobriyan@gmail.com 2017-03-25T16:41:17+00:00 urn:sha1:6c786bcb29dd684533ec165057f437d5bb34a4b2 Current addr4_match() code has special test for /0 prefixes because of standard required undefined behaviour. However, it is possible to omit it on 64-bit because shifting can be done within a 64-bit register and then truncated to the expected value (which is 0 mask). Implicit truncation by htonl() fits nicely into R32-within-R64 model on x86-64. Space savings: none (coincidence) Branch savings: 1 Before: movzx eax,BYTE PTR [rdi+0x2a] # ->prefixlen_d test al,al jne xfrm_selector_match + 0x23f ... movzx eax,BYTE PTR [rbx+0x2b] # ->prefixlen_s test al,al je xfrm_selector_match + 0x1c7 After (no branches): mov r8d,0x20 mov rdx,0xffffffffffffffff mov esi,DWORD PTR [rsi+0x2c] mov ecx,r8d sub cl,BYTE PTR [rdi+0x2a] xor esi,DWORD PTR [rbx] mov rdi,rdx xor eax,eax shl rdi,cl bswap edi Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-03-24T06:03:12+00:00 Alexey Dobriyan adobriyan@gmail.com 2017-03-23T23:07:50+00:00 urn:sha1:e1b0048e18d4637603cf6f43b9b24345abdeec5c x86_64 is zero-extending arch so "unsigned int" is preferred over "int" for address calculations and extending to size_t. Space savings: add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-24 (-24) function old new delta xfrm_state_walk 708 696 -12 xfrm_selector_match 918 906 -12 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2017-03-24T06:03:12+00:00 Alexey Dobriyan adobriyan@gmail.com 2017-03-23T22:29:40+00:00 urn:sha1:1560875600b8aa88ff0f55f827a7741c026795ee Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>