summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-12-24bridge: use kobj_to_dev instead of to_devGeliang Tang1-2/+1
kobj_to_dev has been defined in linux/device.h, so I replace to_dev with it. Signed-off-by: Geliang Tang <geliangtang@163.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24bonding: drop unused to_dev macro in bond_sysfs.cGeliang Tang1-1/+0
to_dev is not used anymore so drop it. Signed-off-by: Geliang Tang <geliangtang@163.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24dsa: mv88e6xxx: Add Second back of statisticsAndrew Lunn2-109/+129
The 6320 family of switch chips has a second bank for statistics, but is missing three statistics in the port registers. Generalise and extend the code: * adding a field to the statistics table indicating the bank/register set where each statistics is. * add a function indicating if an individual statistics is available on this device * calculate at run time the sset_count. * return strings based on the available statistics of the device * return statistics based on the available statistics of the device * Add support for reading from the second bank. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24Merge branch 'sfc-vf'David S. Miller4-47/+288
Bert Kenward says: ==================== sfc: additional virtual function support​ This introduces the client side of a mechanism to defer authorisation of operations, for example multicast subscription. Although primarily aimed at SRIOV VFs this can also apply to unprivileged PFs. Also handle reboot ordering corner cases better and reduce the level of some logging. v2: remove #ifdef DEBUG around new WARN_ON in mcdi.c. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24sfc: Downgrade or remove some error messagesBert Kenward2-9/+18
Depending on configuration the NIC may return errors for unprivileged functions and/or VFs. Where these are expected and handled, reduce the level of any output. Signed-off-by: Bert Kenward <bkenward@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24sfc: Downgrade EPERM messages from MCDI to debugTomáš Pilař1-3/+4
When running in an unprivileged function we expect some MC commands to fail with permission errors. To avoid log spew downgrade these to debug only. Signed-off-by: Bert Kenward <bkenward@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24sfc: Make failed filter removal less noisyBert Kenward1-17/+31
There are situations - mostly reset related - where our view of the filter table differs from the hardware. In this case we may try and remove filters that aren't actually installed. This isn't that interesting in most situations, so downgrade the logging. Signed-off-by: Bert Kenward <bkenward@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24sfc: Handle MCDI proxy authorisationBert Kenward2-8/+155
For unprivileged functions operations can be authorised by an admin function. Extra steps are introduced to the MCDI protocol in this situation - the initial response from the MCDI tells us that the operation has been deferred, and we must retry when told. We then receive an event telling us to retry. Note that this provides only the functionality for the unprivileged functions, not the handling of the administrative side. Signed-off-by: Bert Kenward <bkenward@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24sfc: Retry MCDI after NO_EVB_PORT error on a VFBert Kenward2-15/+85
After reboot the vswitch configuration from the PF may not be complete before the VF attempts to restore filters. In that case we see NO_EVB_PORT errors from the MC. Retry up to a time limit or until a different result is seen. Signed-off-by: Bert Kenward <bkenward@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23Merge branch 'cxgb4-next'David S. Miller4-43/+121
Hariprasad Shenai says: ==================== Trivial enhancements for cxgb4 This series adds a debug message if adapter isn't inserted in right PCI slot. Changes naming conventions for iSCSI rx queues, use node info while allocating rx queue and use napi_complete_done() api in napi handler. This patch series has been created against net-next tree and includes patches on cxgb4 driver. We have included all the maintainers of respective drivers. Kindly review the change and let us know in case of any review comments. Thanks V2: Dropped 'dcb_info' debug entry patch, since the same can be achieved using lldp tool. Based on review comments by Or Gerlitz <gerlitz.or@gmail.com> and David Miller. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23cxgb4: Use napi_complete_done() api in napi handlerHariprasad Shenai1-1/+1
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23cxgb4: Use the node info to alloc_ring() for RX queuesHariprasad Shenai1-2/+4
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23cxgb4: get naming correct for iscsi queuesHariprasad Shenai4-38/+38
All the upper level protocols like rdma, iscsi have their own offload rx queues, so instead of using the generic naming convention be specific while naming them. Improves code readability Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23cxgb4: Warn if device doesn't have enough PCI bandwidthHariprasad Shenai1-2/+78
Check if the device get enough bandwidth from the entire PCI chain to satisfy its capabilities. This patch determines the PCIe device's bandwidth capabilities by reading its PCIe Link Capabilities registers and then call the pcie_get_minimum_link function to ensure that the adapter is hooked into a slot which is capable of providing the necessary bandwidth capabilities. Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23Merge branch 'bindtodevice_tw_rst'David S. Miller5-18/+34
Florian Westphal says: ==================== tcp: honour SO_BINDTODEVICE for TW_RST case too This is V2, this time as a small series since I followed Erics advice to split this into smaller chunks, I hope this makes it easier to review. First patch adds inet_sk_transparent helper. Second patch contains an if/else swap that I split from the original TW_RST v1 one. Third patch is the actual change without the superfluous sock_net change. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23tcp: honour SO_BINDTODEVICE for TW_RST case tooFlorian Westphal3-10/+15
Hannes points out that when we generate tcp reset for timewait sockets we pretend we found no socket and pass NULL sk to tcp_vX_send_reset(). Make it cope with inet tw sockets and then provide tw sk. This makes RSTs appear on correct interface when SO_BINDTODEVICE is used. Packetdrill test case: // want default route to be used, we rely on BINDTODEVICE `ip route del 192.0.2.0/24 via 192.168.0.2 dev tun0` 0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 // test case still works due to BINDTODEVICE 0.001 setsockopt(3, SOL_SOCKET, SO_BINDTODEVICE, "tun0", 4) = 0 0.100...0.200 connect(3, ..., ...) = 0 0.100 > S 0:0(0) <mss 1460,sackOK,nop,nop> 0.200 < S. 0:0(0) ack 1 win 32792 <mss 1460,sackOK,nop,nop> 0.200 > . 1:1(0) ack 1 0.210 close(3) = 0 0.210 > F. 1:1(0) ack 1 win 29200 0.300 < . 1:1(0) ack 2 win 46 // more data while in FIN_WAIT2, expect RST 1.300 < P. 1:1001(1000) ack 1 win 46 // fails without this change -- default route is used 1.301 > R 1:1(0) win 0 Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23tcp: send_reset: test for non-NULL sk firstFlorian Westphal2-9/+8
tcp_md5_do_lookup requires a full socket, so once we extend _send_reset() to also accept timewait socket we would have to change if (!sk && hash_location) to something like if ((!sk || !sk_fullsock(sk)) && hash_location) { ... } else { (sk && sk_fullsock(sk)) tcp_md5_do_lookup() } Switch the two branches: check if we have a socket first, then fall back to a listener lookup if we saw a md5 option (hash_location). Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23net: add inet_sk_transparent() helperFlorian Westphal2-1/+13
Avoids cluttering tcp_v4_send_reset when followup patch extends it to deal with timewait sockets. Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23mlxsw: core: Use devm_kzalloc to allocate mlxsw_hwmon structureJiri Pirko3-13/+2
KASan reported use-after-free for the hwmon structure. So fix this by using devm_kzalloc and let the core take care about freeing the memory during device dettach. Reported-by: Ido Schimmel <idosch@mellanox.com> Fixes: 89309da39 ("mlxsw: core: Implement temperature hwmon interface") Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23net: tcp: deal with listen sockets properly in tcp_abort.Lorenzo Colitti1-0/+5
When closing a listen socket, tcp_abort currently calls tcp_done without clearing the request queue. If the socket has a child socket that is established but not yet accepted, the child socket is then left without a parent, causing a leak. Fix this by setting the socket state to TCP_CLOSE and calling inet_csk_listen_stop with the socket lock held, like tcp_close does. Tested using net_test. With this patch, calling SOCK_DESTROY on a listen socket that has an established but not yet accepted child socket results in the parent and the child being closed, such that they no longer appear in sock_diag dumps. Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23mlxsw: core: Allow to reset temperature history via hwmon interfaceJiri Pirko1-1/+36
Add another sysfs hwmon attribute to expose possibility to reset temperature sensors history. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-22RDS: don't pretend to use cpu notifiersSebastian Andrzej Siewior1-25/+6
It looks like an attempt to use CPU notifier here which was never completed. Nobody tried to wire it up completely since 2k9. So I unwind this code and get rid of everything not required. Oh look! 19 lines were removed while code still does the same thing. Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Tested-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-22net-sysfs: use to_net_dev in net_namespace()Geliang Tang1-2/+2
Use to_net_dev() instead of open-coding it. Signed-off-by: Geliang Tang <geliangtang@163.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-22Merge branch '100GbE' of ↵David S. Miller12-118/+173
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 100GbE Intel Wired LAN Driver Updates 2015-12-22 This series contains updates to fm10k only. Bruce cleans up the initialization of fm10k_workqueue at the global level, which fixes a checkpatch.pl error. Made several other cleanups of the driver, like making structures that do not change constant, remove unused code, cleanup code comments and use boolean states true/false instead of an integer since a bool is all that is needed. Jacob fixed the TLV format for little endian structures which are 4 byte aligned copy, so add an additional __aligned(4) and __packed to ensure that these structures are actually 4 byte aligned and packed correctly. Updated the driver to use ether_addr_equal() instead of memcmp() to compare MAC addresses. Alex Duyck cleans up the exception handling so all of the paths result in a similar state if we fail. Specifically the driver will now unload the mailbox interrupt, free the queue vectors and MSI-X, and then detach the interface. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-22fm10k: IS_ENABLED() is not appropriate for boolean kconfig optionBruce Allan1-3/+3
Tri-states need 'if IS_ENABLED()', booleans should use 'ifdef'. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: cleanup mailbox code comments etcBruce Allan3-24/+34
Cleanup a number of issues with function header comments, lower-case acronyms (i.e. FIFO, TLV), duplicate comments and a stubbed-out header comment for fm10k_sm_mbx_init. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: use true/false for boolean get_host_stateBruce Allan1-3/+3
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: remove unused struct elementBruce Allan1-1/+0
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: constify fm10k_mac_ops, fm10k_iov_ops and fm10k_info structuresBruce Allan5-11/+11
These structures never change so declare them as const. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: address operator not needed when declaring function pointersBruce Allan2-48/+48
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: use ether_addr_equal instead of memcmpJacob Keller4-4/+4
When comparing MAC addresses, use ether_addr_equal instead of memcmp to ETH_ALEN length. Found and replaced using the following sed: sed -e 's/memcmp\x28\(.*\), ETH_ALEN\x29/!ether_addr_equal\x28\1\x29/' Reported-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: Cleanup exception handling for changing queuesAlexander Duyck2-16/+59
This patch is meant to cleanup the exception handling for the paths where we reset the interrupts and then reconfigure them. In all of these paths we had very different levels of exception handling. I have updated the driver so that all of the paths should result in a similar state if we fail. Specifically the driver will now unload the mailbox interrupt, free the queue vectors and MSI-X, and then detach the interface. In addition for any of the PCIe related resets I have added a check with the hw_ready function to just make sure the registers are in a readable state prior to reopening the interface. Signed-off-by: Alexander Duyck <aduyck@mirantis.com> Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: correctly pack TLV structures and explain reasoningJacob Keller1-4/+9
The TLV format for little endian structures is actually 4 byte aligned copy. To this end, we need to add an additional __aligned(4) marker along with __packed to ensure that these structures are actually 4 byte aligned and packed correctly. Use of just __packed will not work as this will result in 1byte alignment which is incorrect. Add a comment explaining the reasoning behind why these structures need the special treatment. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-22fm10k: don't initialize fm10k_workqueue at global levelBruce Allan1-4/+2
Cleans up checkpatch GLOBAL_INITIALIZERS error Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Krishneil Singh <Krishneil.k.singh@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-12-20ibmveth: consolidate kmalloc of array, memset 0 to kcallocNicholas Mc Guire1-3/+1
This is an API consolidation only. The use of kmalloc + memset to 0 is equivalent to kcalloc in this case as it is allocating an array of elements. Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19netcp: fix regression in receive processingArnd Bergmann1-3/+7
A cleanup patch I did was unfortunately wrong and introduced multiple serious bugs in the netcp rx processing, as indicated by these correct gcc warnings: drivers/net/ethernet/ti/netcp_core.c:776:14: warning: 'buf_ptr' may be used uninitialized in this function [-Wuninitialized] drivers/net/ethernet/ti/netcp_core.c:687:14: warning: 'ptr' may be used uninitialized in this function [-Wuninitialized] I have checked the patch once more and found that a call to get_pkt_info() accidentally got removed in netcp_free_rx_desc_chain, and netcp_process_one_rx_packet no longer retrieved the correct buffer length. This patch should fix all the known problems, but I did not test on real hardware. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 899077791403 ("netcp: try to reduce type confusion in descriptors") Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19asix: silence log message from oversize packetstephen hemminger1-1/+1
Since it is possible for an external system to send oversize packets at anytime, it is best for driver not to print a message and spam the log (potential external DoS). Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=109471 Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19tcp: diag: add support for request sockets to tcp_abort()Eric Dumazet1-0/+9
Adding support for SYN_RECV request sockets to tcp_abort() is quite easy after our tcp listener rewrite. Note that we also need to better handle listeners, or we might leak not yet accepted children, because of a missing inet_csk_listen_stop() call. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Lorenzo Colitti <lorenzo@google.com> Tested-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19Merge branch 'bpf-misc-updates'David S. Miller7-36/+208
Daniel Borkmann says: ==================== Misc BPF updates This series contains a couple of misc updates to the BPF code, besides others a new helper bpf_skb_load_bytes(), moving clearing of A/X to the classic converter, etc. Please see individual patches for details. Thanks! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19bpf, test: add couple of test casesDaniel Borkmann1-0/+120
Add couple of test cases for interpreter but also JITs, f.e. to test that when imm32 moves are being done, upper 32bits of the regs are being zero extended. Without JIT: [...] [ 1114.129301] test_bpf: #43 MOV REG64 jited:0 128 PASS [ 1114.130626] test_bpf: #44 MOV REG32 jited:0 139 PASS [ 1114.132055] test_bpf: #45 LD IMM64 jited:0 124 PASS [...] With JIT (generated code can as usual be nicely verified with the help of bpf_jit_disasm tool): [...] [ 1062.726782] test_bpf: #43 MOV REG64 jited:1 6 PASS [ 1062.726890] test_bpf: #44 MOV REG32 jited:1 6 PASS [ 1062.726993] test_bpf: #45 LD IMM64 jited:1 6 PASS [...] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19bpf, x86: detect/optimize loading 0 immediatesDaniel Borkmann1-0/+26
When sometimes structs or variables need to be initialized/'memset' to 0 in an eBPF C program, the x86 BPF JIT converts this to use immediates. We can however save a couple of bytes (f.e. even up to 7 bytes on a single emmission of BPF_LD | BPF_IMM | BPF_DW) in the image by detecting such case and use xor on the dst register instead. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19bpf: fix misleading comment in bpf_convert_filterDaniel Borkmann1-6/+0
Comment says "User BPF's register A is mapped to our BPF register 6", which is actually wrong as the mapping is on register 0. This can already be inferred from the code itself. So just remove it before someone makes assumptions based on that. Only code tells truth. ;) Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19bpf: move clearing of A/X into classic to eBPF migration prologueDaniel Borkmann5-29/+27
Back in the days where eBPF (or back then "internal BPF" ;->) was not exposed to user space, and only the classic BPF programs internally translated into eBPF programs, we missed the fact that for classic BPF A and X needed to be cleared. It was fixed back then via 83d5b7ef99c9 ("net: filter: initialize A and X registers"), and thus classic BPF specifics were added to the eBPF interpreter core to work around it. This added some confusion for JIT developers later on that take the eBPF interpreter code as an example for deriving their JIT. F.e. in f75298f5c3fe ("s390/bpf: clear correct BPF accumulator register"), at least X could leak stack memory. Furthermore, since this is only needed for classic BPF translations and not for eBPF (verifier takes care that read access to regs cannot be done uninitialized), more complexity is added to JITs as they need to determine whether they deal with migrations or native eBPF where they can just omit clearing A/X in their prologue and thus reduce image size a bit, see f.e. cde66c2d88da ("s390/bpf: Only clear A and X for converted BPF programs"). In other cases (x86, arm64), A and X is being cleared in the prologue also for eBPF case, which is unnecessary. Lets move this into the BPF migration in bpf_convert_filter() where it actually belongs as long as the number of eBPF JITs are still few. It can thus be done generically; allowing us to remove the quirk from __bpf_prog_run() and to slightly reduce JIT image size in case of eBPF, while reducing code duplication on this matter in current(/future) eBPF JITs. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Cc: Zi Shen Lim <zlim.lnx@gmail.com> Cc: Yang Shi <yang.shi@linaro.org> Acked-by: Yang Shi <yang.shi@linaro.org> Acked-by: Zi Shen Lim <zlim.lnx@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19bpf: add bpf_skb_load_bytes helperDaniel Borkmann2-1/+35
When hacking tc programs with eBPF, one of the issues that come up from time to time is to load addresses from headers. In eBPF as in classic BPF, we have BPF_LD | BPF_ABS | BPF_{B,H,W} instructions that extract a byte, half-word or word out of the skb data though helpers such as bpf_load_pointer() (interpreter case). F.e. extracting a whole IPv6 address could possibly look like ... union v6addr { struct { __u32 p1; __u32 p2; __u32 p3; __u32 p4; }; __u8 addr[16]; }; [...] a.p1 = htonl(load_word(skb, off)); a.p2 = htonl(load_word(skb, off + 4)); a.p3 = htonl(load_word(skb, off + 8)); a.p4 = htonl(load_word(skb, off + 12)); [...] /* access to a.addr[...] */ This work adds a complementary helper bpf_skb_load_bytes() (we also have bpf_skb_store_bytes()) as an alternative where the same call would look like from an eBPF program: ret = bpf_skb_load_bytes(skb, off, addr, sizeof(addr)); Same verifier restrictions apply as in ffeedafbf023 ("bpf: introduce current->pid, tgid, uid, gid, comm accessors") case, where stack memory access needs to be statically verified and thus guaranteed to be initialized in first use (otherwise verifier cannot tell whether a subsequent access to it is valid or not as it's runtime dependent). Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller66-342/+1062
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains the first batch of Netfilter updates for the upcoming 4.5 kernel. This batch contains userspace netfilter header compilation fixes, support for packet mangling in nf_tables, the new tracing infrastructure for nf_tables and cgroup2 support for iptables. More specifically, they are: 1) Two patches to include dependencies in our netfilter userspace headers to resolve compilation problems, from Mikko Rapeli. 2) Four comestic cleanup patches for the ebtables codebase, from Ian Morris. 3) Remove duplicate include in the netfilter reject infrastructure, from Stephen Hemminger. 4) Two patches to simplify the netfilter defragmentation code for IPv6, patch from Florian Westphal. 5) Fix root ownership of /proc/net netfilter for unpriviledged net namespaces, from Philip Whineray. 6) Get rid of unused fields in struct nft_pktinfo, from Florian Westphal. 7) Add mangling support to our nf_tables payload expression, from Patrick McHardy. 8) Introduce a new netlink-based tracing infrastructure for nf_tables, from Florian Westphal. 9) Change setter functions in nfnetlink_log to be void, from Rami Rosen. 10) Add netns support to the cttimeout infrastructure. 11) Add cgroup2 support to iptables, from Tejun Heo. 12) Introduce nfnl_dereference_protected() in nfnetlink, from Florian. 13) Add support for mangling pkttype in the nf_tables meta expression, also from Florian. BTW, I need that you pull net into net-next, I have another batch that requires changes that I don't yet see in net. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18nfp: call netif_carrier_off() during initJakub Kicinski1-0/+1
Netdevs default to carrier on, we should call netif_carrier_off() during initialization since we handle carrier state changes in the driver. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Rolf Neugebauer <rolf.neugebauer@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18Merge branch 'l3mdev-accept'David S. Miller9-5/+65
David Ahern says: ==================== net: Allow accepted sockets to be bound to l3mdev domain Allow accepted sockets to derive their sk_bound_dev_if setting from the l3mdev domain in which the packets originated. This version adds a sysctl to control whether the setting is inherited, making the functionality similar to sk_mark and its sysctl_tcp_fwmark_accept setting. This effectively allow a process to have a "VRF-global" listen socket, with child sockets bound to the VRF device in which the packet originated. A similar behavior can be achieved using sk_mark, but a solution using marks is incomplete as it does not handle duplicate addresses in different L3 domains/VRFs. Allowing sockets to inherit the sk_bound_dev_if from l3mdev domain provides a complete solution. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18net: Allow accepted sockets to be bound to l3mdev domainDavid Ahern8-5/+42
Allow accepted sockets to derive their sk_bound_dev_if setting from the l3mdev domain in which the packets originated. A sysctl setting is added to control the behavior which is similar to sk_mark and sysctl_tcp_fwmark_accept. This effectively allow a process to have a "VRF-global" listen socket, with child sockets bound to the VRF device in which the packet originated. A similar behavior can be achieved using sk_mark, but a solution using marks is incomplete as it does not handle duplicate addresses in different L3 domains/VRFs. Allowing sockets to inherit the sk_bound_dev_if from l3mdev domain provides a complete solution. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18net: l3mdev: Add master device lookup by indexDavid Ahern1-0/+23
Add helper to lookup l3mdev master index given a device index. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18ipv6: addrconf: use stable address generator for ARPHRD_NONEBjørn Mork2-6/+40
Add a new address generator mode, using the stable address generator with an automatically generated secret. This is intended as a default address generator mode for device types with no EUI64 implementation. The new generator is used for ARPHRD_NONE interfaces initially, adding default IPv6 autoconf support to e.g. tun interfaces. If the addrgenmode is set to 'random', either by default or manually, and no stable secret is available, then a random secret is used as input for the stable-privacy address generator. The secret can be read and modified like manually configured secrets, using the proc interface. Modifying the secret will change the addrgen mode to 'stable-privacy' to indicate that it operates on a known secret. Existing behaviour of the 'stable-privacy' mode is kept unchanged. If a known secret is available when the device is created, then the mode will default to 'stable-privacy' as before. The mode can be manually set to 'random' but it will behave exactly like 'stable-privacy' in this case. The secret will not change. Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: 吉藤英明 <hideaki.yoshifuji@miraclelinux.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>