Daniel Borkmann [Tue, 31 Dec 2013 11:40:05 +0000 (12:40 +0100)]
netfilter: nf_tables: fix type in parsing in nf_tables_set_alloc_name()
In nf_tables_set_alloc_name(), we are trying to find a new, unused
name for our new set and interate through the list of present sets.
As far as I can see, we're using format string %d to parse already
present names in order to mark their presence in a bitmap, so that
we can later on find the first 0 in that map to assign the new set
name to. We should rather use a temporary variable of type int to
store the result of sscanf() to, and for making sanity checks on.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 30 Dec 2013 14:09:18 +0000 (15:09 +0100)]
netfilter: add help information to new nf_tables Kconfig options
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Sun, 29 Dec 2013 11:28:14 +0000 (12:28 +0100)]
netfilter: nft_reject: support for IPv6 and TCP reset
This patch moves nft_reject_ipv4 to nft_reject and adds support
for IPv6 protocol. This patch uses functions included in nf_reject.h
to implement reject by TCP reset.
The code has to be build as a module if NF_TABLES_IPV6 is also a
module to avoid compilation error due to usage of IPv6 functions.
This has been done in Kconfig by using the construct:
depends on NF_TABLES_IPV6 || !NF_TABLES_IPV6
This seems a bit weird in terms of syntax but works perfectly.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Sun, 29 Dec 2013 11:28:13 +0000 (12:28 +0100)]
netfilter: REJECT: separate reusable code
This patch prepares the addition of TCP reset support in
the nft_reject module by moving reusable code into a header
file.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Sun, 29 Dec 2013 10:01:29 +0000 (11:01 +0100)]
netfilter: select NFNETLINK when enabling NF_TABLES
In Kconfig, nf_tables depends on NFNETLINK so building nf_tables as
a module or inside kernel depends on the state of NFNETLINK inside
the kernel config. If someone wants to build nf_tables inside the
kernel, it is necessary to also build NFNETLINK inside the kernel.
But NFNETLINK can not be set in the menu so it is necessary to
toggle other nfnetlink subsystems such as logging and nfacct to see
the nf_tables switch.
This patch changes the dependency from 'depend' to 'select' inside
Kconfig to allow to set the build of nftables as modules or inside
kernel independently.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sat, 28 Dec 2013 12:38:02 +0000 (13:38 +0100)]
netfilter: nf_tables: remove nft_meta_target
In
e035b77 ("netfilter: nf_tables: nft_meta module get/set ops"),
we got the meta target merged into the existing meta expression.
So let's get rid of this dead code now that we fully support that
feature.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Arturo Borrero Gonzalez [Thu, 26 Dec 2013 15:38:01 +0000 (16:38 +0100)]
netfilter: nf_tables: nft_meta module get/set ops
This patch adds kernel support for the meta expression in get/set
flavour. The set operation indicates that a given packet has to be
set with a property, currently one of mark, priority, nftrace.
The get op is what was currently working: evaluate the given
packet property.
In the nftrace case, the value is always 1. Such behaviour is copied
from net/netfilter/xt_TRACE.c
The NFTA_META_DREG and NFTA_META_SREG attributes are mutually
exclusives.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tomasz Bursztyka [Thu, 12 Dec 2013 13:00:42 +0000 (15:00 +0200)]
netfilter: nf_tables: Expose the table usage counter via netlink
Userspace can therefore know whether a table is in use or not, and
by how many chains. Suggested by Pablo Neira Ayuso.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Thu, 5 Dec 2013 23:24:13 +0000 (00:24 +0100)]
netfilter: nft: add queue module
This patch adds a new nft module named "nft_queue" which provides
a new nftables expression that allows you to enqueue packets to
userspace via the nfnetlink_queue subsystem. It provides the same
level of functionality as NFQUEUE and it shares some code with it.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Thu, 5 Dec 2013 23:24:12 +0000 (00:24 +0100)]
netfilter: xt_NFQUEUE: separate reusable code
This patch prepares the addition of nft_queue module by moving
reusable code into a header file.
This patch also converts NFQUEUE to use prandom_u32 to initialize
the random jhash seed as suggested by Florian Westphal.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Sat, 30 Nov 2013 10:56:17 +0000 (11:56 +0100)]
netfilter: nf_tables: fix issue with verdict support
The test on verdict was simply done on the value of the verdict
which is not correct as far as queue is concern. In fact, the test
of verdict test must be done with respect to the verdict mask for
verdicts which are not internal to nftables.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David S. Miller [Tue, 5 Nov 2013 07:34:57 +0000 (02:34 -0500)]
Merge branch 'for-davem' of git://git./linux/kernel/git/linville/wireless-next
John W. Linville says:
====================
Please accept the following pull request intended for the 3.13 tree...
I had intended to pass most of these to you as much as two weeks ago.
Unfortunately, I failed to account for the effects of bad Internet
connections and my own fatique/laziness while traveling. On the bright
side, at least these have been baking in linux-next for some time!
For the mac80211 bits, Johannes says:
"This time I have two fixes for P2P (which requires not using CCK rates)
and a workaround for APs with broken WMM information."
For the iwlwifi bits, Johannes says:
"I have a few fixes for warnings/issues: one from Alex, fixing scan
timings, one from Emmanuel fixing a WARN_ON in the DVM driver, one from
Stanislaw removing a trigger-happy WARN_ON in the MVM driver and a
change from myself to try to recover when the device isn't processing
commands quickly."
And:
"For this round, I have a lot of changes:
* power management improvements
* BT coexistence improvements/updates
* new device support
* VHT support
* IBSS support (though due to a small bug it requires new firmware)
* various other fixes/improvements."
For the Bluetooth bits, Gustavo says:
"More patches for 3.12, busy times for Bluetooth. More than a 100 commits since
the last pull. The bulk of work comes from Johan and Marcel, they are doing
fixes and improvements all over the Bluetooth subsystem, as the diffstat can
show."
For the ath10k and ath6kl bits, Kalle says:
"Bartosz added support to ath10k for our 10.x AP firmware branch, which
gives us AP specific features and fixes. We still support the main
firmware branch as well just like before, ath10k detects runtime what
firmware is used. Unfortunately the firmware interface in 10.x branch is
somewhat different so there was quite a lot of changes in ath10k for
this.
Michal and Sujith did some performance improvements in ath10k. Vladimir
fixed a compiler warning and Fengguang removed an extra semicolon."
For the NFC bits, Samuel says:
"It's a fairly big one, with the following highlights:
- NFC digital layer implementation: Most NFC chipsets implement the NFC
digital layer in firmware, but others have more basic functionalities
and expect the host to implement the digital layer. This layer sits
below the NFC core.
- Sony's port100 support: This is "soft" NFC USB dongle that expects the
digital layer to be implemented on the host. This is the first user of
our NFC digital stack implementation.
- Secure element API: We now provide a netlink API for enabling,
disabling and discovering NFC attached (embedded or UICC ones) secure
elements. With some userspace help, this allows us to support NFC
payments.
Only the pn544 driver currently supports that API.
- NCI SPI fixes and improvements: In order to support NCI devices over
SPI, we fixed and improved our NCI/SPI implementation. The currently
most deployed NFC NCI chipset, Broadcom's bcm2079x, supports that mode
and we're planning to use our NCI/SPI framework to implement a
driver for it.
- pn533 fragmentation support in target mode: This was the only missing
feature from our pn533 impementation. We now support fragmentation in
both Tx and Rx modes, in target mode."
On top of all that, brcmfmac and rt2x00 both get the usual flurry
of updates. A few other drivers get hit here or there as well.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Fri, 1 Nov 2013 06:07:48 +0000 (14:07 +0800)]
virtio-net: coalesce rx frags when possible during rx
Commit
2613af0ed18a11d5c566a81f9a6510b73180660a (virtio_net: migrate mergeable
rx buffers to page frag allocators) try to increase the payload/truesize for
MTU-sized traffic. But this will introduce the extra overhead for GSO packets
received because of the frag list. This commit tries to reduce this issue by
coalesce the possible rx frags when possible during rx. Test result shows the
about 15% improvement on full size GSO packet receiving (and even better than
before commit
2613af0ed18a11d5c566a81f9a6510b73180660a).
Before this commit:
./netperf -H 192.168.100.4
MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.100.4
() port 0 AF_INET : demo
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 10.00 20303.87
After this commit:
./netperf -H 192.168.100.4
MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.100.4
() port 0 AF_INET : demo
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec
87380 16384 16384 10.00 23841.26
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Michael Dalton <mwdalton@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Fri, 1 Nov 2013 06:07:47 +0000 (14:07 +0800)]
net: introduce skb_coalesce_rx_frag()
Sometimes we need to coalesce the rx frags to avoid frag list. One example is
virtio-net driver which tries to use small frags for both MTU sized packet and
GSO packet. So this patch introduce skb_coalesce_rx_frag() to do this.
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Michael Dalton <mwdalton@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Duan Jiong [Fri, 1 Nov 2013 05:09:43 +0000 (13:09 +0800)]
vxlan: Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(...))
trivial patch converting ERR_PTR(PTR_ERR()) into ERR_CAST().
No functional changes.
Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Dangaard Brouer [Thu, 31 Oct 2013 21:10:55 +0000 (22:10 +0100)]
net: codel: Avoid undefined behavior from signed overflow
As described in commit
5a581b367 (jiffies: Avoid undefined
behavior from signed overflow), according to the C standard
3.4.3p3, overflow of a signed integer results in undefined
behavior.
To fix this, do as the above commit, and do an unsigned
subtraction, and interpreting the result as a signed
two's-complement number. This is based on the theory from
RFC 1982 and is nicely described in wikipedia here:
https://en.wikipedia.org/wiki/Serial_number_arithmetic#General_Solution
A side-note, I have seen practical issues with the previous logic
when dealing with 16-bit, on a 64-bit machine (gcc version
4.4.5). This were 32-bit, which I have not observed issues with.
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jesper Dangaard Brouer <netoptimizer@brouer.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 5 Nov 2013 00:59:44 +0000 (19:59 -0500)]
Merge branch 'for-davem' of git://gitorious.org/linux-can/linux-can-next
Marc Kleine-Budde says:
====================
here's a pull request for net-next.
It includes a patch by Oliver Hartkopp et al. that adds documentation
for the broadcast manager to Documentation/networking/can.txt. Three
patches by me that clean up the netlink handling code in the CAN core.
And another patch that removes a not needed function from the ti_hecc
driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuchung Cheng [Thu, 31 Oct 2013 18:07:31 +0000 (11:07 -0700)]
tcp: properly handle stretch acks in slow start
Slow start now increases cwnd by 1 if an ACK acknowledges some packets,
regardless the number of packets. Consequently slow start performance
is highly dependent on the degree of the stretch ACKs caused by
receiver or network ACK compression mechanisms (e.g., delayed-ACK,
GRO, etc). But slow start algorithm is to send twice the amount of
packets of packets left so it should process a stretch ACK of degree
N as if N ACKs of degree 1, then exits when cwnd exceeds ssthresh. A
follow up patch will use the remainder of the N (if greater than 1)
to adjust cwnd in the congestion avoidance phase.
In addition this patch retires the experimental limited slow start
(LSS) feature. LSS has multiple drawbacks but questionable benefit. The
fractional cwnd increase in LSS requires a loop in slow start even
though it's rarely used. Configuring such an increase step via a global
sysctl on different BDPS seems hard. Finally and most importantly the
slow start overshoot concern is now better covered by the Hybrid slow
start (hystart) enabled by default.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuchung Cheng [Thu, 31 Oct 2013 16:19:32 +0000 (09:19 -0700)]
tcp: enable sockets to use MSG_FASTOPEN by default
Applications have started to use Fast Open (e.g., Chrome browser has
such an optional flag) and the feature has gone through several
generations of kernels since 3.7 with many real network tests. It's
time to enable this flag by default for applications to test more
conveniently and extensively.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 5 Nov 2013 00:48:57 +0000 (19:48 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/pablo/nftables
Pablo Neira Ayuso says:
====================
This batch contains fives nf_tables patches for your net-next tree,
they are:
* Fix possible use after free in the module removal path of the
x_tables compatibility layer, from Dan Carpenter.
* Add filter chain type for the bridge family, from myself.
* Fix Kconfig dependencies of the nf_tables bridge family with
the core, from myself.
* Fix sparse warnings in nft_nat, from Tomasz Bursztyka.
* Remove duplicated include in the IPv4 family support for nf_tables,
from Wei Yongjun.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 5 Nov 2013 00:46:58 +0000 (19:46 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
This is another batch containing Netfilter/IPVS updates for your net-next
tree, they are:
* Six patches to make the ipt_CLUSTERIP target support netnamespace,
from Gao feng.
* Two cleanups for the nf_conntrack_acct infrastructure, introducing
a new structure to encapsulate conntrack counters, from Holger
Eitzenberger.
* Fix missing verdict in SCTP support for IPVS, from Daniel Borkmann.
* Skip checksum recalculation in SCTP support for IPVS, also from
Daniel Borkmann.
* Fix behavioural change in xt_socket after IP early demux, from
Florian Westphal.
* Fix bogus large memory allocation in the bitmap port set type in ipset,
from Jozsef Kadlecsik.
* Fix possible compilation issues in the hash netnet set type in ipset,
also from Jozsef Kadlecsik.
* Define constants to identify netlink callback data in ipset dumps,
again from Jozsef Kadlecsik.
* Use sock_gen_put() in xt_socket to replace xt_socket_put_sk,
from Eric Dumazet.
* Improvements for the SH scheduler in IPVS, from Alexander Frolkin.
* Remove extra delay due to unneeded rcu barrier in IPVS net namespace
cleanup path, from Julian Anastasov.
* Save some cycles in ip6t_REJECT by skipping checksum validation in
packets leaving from our stack, from Stanislav Fomichev.
* Fix IPVS_CMD_ATTR_MAX definition in IPVS, larger that required, from
Julian Anastasov.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Mon, 4 Nov 2013 12:58:56 +0000 (15:58 +0300)]
netfilter: nft_compat: use _safe version of list_for_each
We need to use the _safe version of list_for_each_entry() here otherwise
we have a use after free bug.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David S. Miller [Mon, 4 Nov 2013 21:25:04 +0000 (16:25 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/jesse/openvswitch
Jesse Gross says:
====================
Open vSwitch
A set of updates for net-next/3.13. Major changes are:
* Restructure flow handling code to be more logically organized and
easier to read.
* Rehashing of the flow table is moved from a workqueue to flow
installation time. Before, heavy load could block the workqueue for
excessive periods of time.
* Additional debugging information is provided to help diagnose megaflows.
* It's now possible to match on TCP flags.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 4 Nov 2013 21:20:33 +0000 (16:20 -0500)]
Merge branch 'mlx4'
Or Gerlitz says:
====================
Mellanox driver updates
This patch set from Jack Morgenstein does the following:
1. Fix MAC/VLAN SRIOV implementation, and add wrapper functions for VLAN allocation
and de-allocation (patches 1-6).
2. Implements resource quotas when running under SRIOV (patches 7-10).
Patch 7 is a small bug fix, and patches 8-10 implement the quotas.
Quotas are implemented per resource type for VFs and the PF, to prevent
any entity from simply grabbing all the resources for itself and leaving
the other entities unable to obtain such resources.
The series is against net-next commit
ba48650 "ipv6: remove the unnecessary statement in find_match()"
changes from V0:
- dropped the 1st patch which needs to go to -stable and hence through net,
not net-next
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:25 +0000 (10:03 +0200)]
net/mlx4_core: Implement resource quota enforcement
Implements resource quota grant decision when resources are requested,
for the following resources: QPs, CQs, SRQs, MPTs, MTTs, vlans, MACs,
and Counters.
When granting a resource, the quota system increases the allocated-count
for that slave.
When the slave later frees the resource, its allocated-count is reduced.
A spinlock is used to protect the integrity of each resource's free-pool counter.
(One slave may be in the process of being granted a resource while another
slave has crashed, initiating cleanup of that slave's resource quotas).
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:24 +0000 (10:03 +0200)]
net/mlx4_core: Fix quota handling in the QUERY_FUNC_CAP wrapper
In current kernels, the mlx4 driver running on a VM does not
differentiate between max resource numbers for the HCA and
max quotas -- it simply takes the quota values passed to it
as max-resource values.
However, the driver actually requires the VFs to be aware of
the actual number of resources that the HCA was initialized with,
for QPs, CQs, SRQs and MPTs.
For QPs, CQs and SRQs, the reason is that in completion handling
the driver must know which of the 24 bits are the actual resource
number, and which are "padding" bits.
For MPTs, also, the driver assumes knowledge of the number of MPTs
in the system.
The previous commit fixes the quota logic on the VM for the quota values
passed to it by QUERY_FUNC_CAPS.
For QPs, CQs, SRQs, and MPTs, it takes the max resource numbers
from QUERY_HCA (and not QUERY_FUNC_CAPS). The quotas passed
in QUERY_FUNC_CAPS are used to report max resource number values
in the response to ib_query_device.
However, the Hypervisor driver must consider that VMs
may be running previous kernels, and compatibility must be preserved.
To resolve the incompatibility with previous kernels running on VMs,
we deprecated the quota fields in mlx4_QUERY_FUNC_CAP. In the
deprecated fields, we pass the max-resource values from INIT_HCA
The quota fields are moved to a new location, and the current kernel
driver takes the proper values from that location. There is
also a new flag in dword 0, bit 28 of the mlx4_QUERY_FUNC_CAP mailbox;
if this flag is set, the (VM) driver takes the quota values from the
new location.
VMs running previous kernels will work properly, except that the max resource
numbers reported in ib_query_device for these resources will be
too high. The Hypervisor driver will, however, enforce the quotas
for these VMs.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:23 +0000 (10:03 +0200)]
mlx4: Structures and init/teardown for VF resource quotas
This is step #1 for implementing SRIOV resource quotas for VFs.
Quotas are implemented per resource type for VFs and the PF, to prevent
any entity from simply grabbing all the resources for itself and leaving
the other entities unable to obtain such resources.
Resources which are allocated using quotas: QPs, CQs, SRQs, MPTs, MTTs, MAC,
VLAN, and Counters.
The quota system works as follows:
Each entity (VF or PF) is given a max number of a given resource (its quota),
and a guaranteed minimum number for each resource (starvation prevention).
For QPs, CQs, SRQs, MPTs and MTTs:
50% of the available quantity for the resource is divided equally among
the PF and all the active VFs (i.e., the number of VFs in the mlx4_core module
parameter "num_vfs"). This 50% represents the "guaranteed minimum" pool.
The other 50% is the "free pool", allocated on a first-come-first-serve basis.
For each VF/PF, resources are first allocated from its "guaranteed-minimum"
pool. When that pool is exhausted, the driver attempts to allocate from
the resource "free-pool".
The quota (i.e., max) for the VFs and the PF is:
The free-pool amount (50% of the real max) + the guaranteed minimum
For MACs:
Guarantee 2 MACs per VF/PF per port. As a result, since we have only
128 MACs per port, reduce the allowable number of VFs from 64 to 63.
Any remaining MACs are put into a free pool.
For VLANs:
For the PF, the per-port quota is 128 and guarantee is 64
(to allow the PF to register at least a VLAN per VF in VST mode).
For the VFs, the per-port quota is 64 and the guarantee is 0.
We assume that VGT VFs are trusted not to abuse the VLAN resource.
For Counters:
For all functions (PF and VFs), the quota is 128 and the guarantee is 0.
In this patch, we define the needed structures, which are added to the
resource-tracker struct. In addition, we do initialization
for the resource quota, and adjust the query_device response to use quotas
rather than resource maxima.
As part of the implementation, we introduce a new field in
mlx4_dev: quotas. This field holds the resource quotas used
to report maxima to the upper layers (ib_core, via query_device).
The HCA maxima of these values are passed to the VFs (via
QUERY_HCA) so that they may continue to use these in handling
QPs, CQs, SRQs and MPTs.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:22 +0000 (10:03 +0200)]
net/mlx4_core: Fix checking order in MR table init
In procedure mlx4_init_mr_table(), slaves should do no processing,
but should return success. This initialization is hypervisor-only.
However, the check for num_mpts being a power-of-2 was performed
before the check to return immediately if the driver is for a slave.
This resulted in spurious failures.
The order of performing the checks is reversed, so that if the
driver is for a slave, no processing is done and success is returned.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:21 +0000 (10:03 +0200)]
net/mlx4_core: Don't fail reg/unreg vlan for older guests
In upstream kernels under SRIOV, the vlan register/unregister calls
were NOPs (doing nothing and returning OK). We detect these old
calls from guests (via the comm channel), since previously the
port number in mlx4_register_vlan was passed (improperly) in the
out_param. This has been corrected so that the port number is now
passed in bits 8..15 of the in_modifier field.
For old calls, these bits will be zero, so if the passed port
number is zero, we can still look at the out_param field to see
if it contains a valid port number. If yes, the VM is running
an old driver.
Since for old drivers, the register/unregister_vlan wrappers were
NOPs, we continue this policy -- the reason being that upstream
had an additional bug in eth driver running on guests (where
procedure mlx4_en_vlan_rx_kill_vid() had the following code:
if (!mlx4_find_cached_vlan(mdev->dev, priv->port, vid, &idx))
mlx4_unregister_vlan(mdev->dev, priv->port, idx);
else
en_err(priv, "could not find vid %d in cache\n", vid);
On a VM, mlx4_find_cached_vlan() will always fail, since the
vlan cache is located on the Hypervisor; on guests it is empty.
Therefore, if we allow upstream guests to register vlans, we will
have vlan leakage since the unregister will never be performed.
Leaving vlan reg/unreg for old guest drivers as a NOP is not a
feature regression, since in upstream the register/unregister
vlan wrapper is a NOP.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:20 +0000 (10:03 +0200)]
net/mlx4_core: Resource tracker for reg/unreg vlans
Add resource tracker support for reg/unreg vlans calls done by VFs.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:19 +0000 (10:03 +0200)]
net/mlx4_en: Use vlan id instead of vlan index for unregistration
Use of vlan_index created problems unregistering vlans on guests.
In addition, tools delete vlan by tag, not by index, lets follow that.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:18 +0000 (10:03 +0200)]
net/mlx4_core: Fix reg/unreg vlan/mac to conform to the firmware spec
The functions mlx4_register_vlan, mlx4_unregister_vlan, mlx4_register_mac,
mlx4_unregister_mac all made illegal use of the out_param in multifunc mode
to pass the port number. The firmware spec specifies that the port number
should be passed in bits 8..15 of the input-modifier field for ALLOC_RES and
FREE_RES (sections 20.15.1 and 20.15.2).
For MAC register/unregister, this patch contains workarounds so that guests
running previous kernels continue to work on a new Hypervisor, and guests
running the new kernel will continue to work on old hypervisors.
Vlan registeration capability is still not operational in multifunction mode,
since the vlan wrapper functions are not implemented in this patch.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jack Morgenstein [Sun, 3 Nov 2013 08:03:17 +0000 (10:03 +0200)]
net/mlx4_core: Fix register/unreg vlan flow
The reg/unreg vlan code was broken:
1. a wrapped function called another wrapped function, causing a deadlock.
2. unregister_vlan called cmd_box instead of cmd_box_imm, leading to
incorrectly passed parameters.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sergei Shtylyov [Wed, 30 Oct 2013 20:30:19 +0000 (23:30 +0300)]
sh_eth: check platform data pointer
Check the platform data pointer before dereferencing it and error out of the
probe() method if it's NULL.
This has additional effect of preventing kernel oops with outdated platform data
containing zero PHY address instead (such as on SolutionEngine7710).
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Acked-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 4 Nov 2013 20:48:09 +0000 (15:48 -0500)]
Merge branch 'usbnet'
Bjørn Mork says:
====================
cdc_mbim + qmi_wwan trivial fixes
This series fixes three problems Oliver pointed out during the
review of the new huawei_cdc_ncm driver:
http://patchwork.ozlabs.org/patch/278903/
That innocent driver only used cdc_mbim as a blueprint, and
all the blame should really have gone to me....
I do have a similar fix for the manage_power issue in the
cdc-wdm USB class driver as well. It will be submitted to
linux-usb as soon as Greg opens up his mailbox again :-)
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 13:18:56 +0000 (14:18 +0100)]
net: cdc_mbim: fixup error return value
Reported-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 13:18:55 +0000 (14:18 +0100)]
net: cdc_mbim: no need to check for resume if suspend exists
Reported-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 13:18:54 +0000 (14:18 +0100)]
net: qmi_wwan: no need to check for resume if suspend exists
Reported-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 13:18:53 +0000 (14:18 +0100)]
net: qmi_wwan: manage_power should always set needs_remote_wakeup
Reported-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 13:18:52 +0000 (14:18 +0100)]
net: cdc_mbim: manage_power should always set needs_remote_wakeup
Reported-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 4 Nov 2013 20:33:53 +0000 (15:33 -0500)]
Merge branch 'qlcnic'
Himanshu Madhani says:
====================
qlcnic: Multiple Tx queue support and code refactoring
This Patch series contains following changes
o Refactored code to calculate, validate and assign Tx/SDS rings for various modes of driver.
o Enhanced ethtool statistics for multi Tx queue on all supported adapters.
o Enable multiple Tx queue for 83xx and 84xx Series adapters.
o Register netdev for failed device state.
changes from v1 -> v2
o Dropped patch to replace inappropriate usage of kzalloc() with vzalloc().
Please apply to net-next.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 4 Nov 2013 18:31:33 +0000 (13:31 -0500)]
qlcnic: update version to 5.3.52
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 4 Nov 2013 18:31:32 +0000 (13:31 -0500)]
qlcnic: Enable multiple Tx queue support for 83xx/84xx Series adapters.
o 83xx and 84xx firmware is capable of multiple Tx queues.
This patch will enable multiple Tx queues for 83xx/84xx
series adapters. Max number of Tx queues supported will be 8.
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 4 Nov 2013 18:31:31 +0000 (13:31 -0500)]
qlcnic: refactor Tx/SDS ring calculation and validation in driver.
o Current driver has duplicate code for validating user input
for changing Tx/SDS rings using set_channel ethtool interface.
This patch removes duplicate code and refactored Tx/SDS ring
validation for 82xx/83xx/84xx series adapter.
o Refactored code now calculates maximum Tx/Rx ring driver can
support based on Default, NPAR and SRIOV PF/VF mode of driver.
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 4 Nov 2013 18:31:30 +0000 (13:31 -0500)]
qlcnic: Enhance ethtool Statistics for Multiple Tx queue.
o Enhance ethtool statistics to display multiple Tx queue stats for
all supported adapters.
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sucheta Chakraborty [Mon, 4 Nov 2013 18:31:29 +0000 (13:31 -0500)]
qlcnic: Register netdev in FAILED state for 83xx/84xx
o Without failing probe, register netdev when device is in FAILED state.
o Device will come up with minimum functionality and allow diagnostics and
repair of the adapter.
Signed-off-by: Sucheta Chakraborty <sucheta.chakraborty@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Mon, 4 Nov 2013 16:10:27 +0000 (17:10 +0100)]
lib: crc32: reduce number of cases for crc32{, c}_combine
We can safely reduce the number of test cases by a tenth.
There is no particular need to run as many as we're running
now for crc32{,c}_combine, that gives us still ~8000 tests
we're doing if people run kernels with crc selftests enabled
which is perfectly fine.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Mon, 4 Nov 2013 16:10:26 +0000 (17:10 +0100)]
lib: crc32: conditionally resched when running testcases
Fengguang reports that when crc32 selftests are running on startup, on
some e.g. 32bit systems, we can get a CPU stall like "INFO: rcu_sched
self-detected stall on CPU { 0} (t=2101 jiffies g=
4294967081 c=
4294967080
q=41)". As this is not intended, add a cond_resched() at the end of a
test case to fix it. Introduced by
efba721f63 ("lib: crc32: add test cases
for crc32{, c}_combine routines").
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Mon, 4 Nov 2013 16:10:25 +0000 (17:10 +0100)]
net: checksum: fix warning in skb_checksum
This patch fixes a build warning in skb_checksum() by wrapping the
csum_partial() usage in skb_checksum(). The problem is that on a few
architectures, csum_partial is used with prefix asmlinkage whereas
on most architectures it's not. So fix this up generically as we did
with csum_block_add_ext() to match the signature. Introduced by
2817a336d4d ("net: skb_checksum: allow custom update/combine for
walking skb").
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Mon, 4 Nov 2013 19:51:28 +0000 (14:51 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-next into for-davem
Conflicts:
drivers/net/wireless/brcm80211/brcmfmac/sdio_host.h
John W. Linville [Mon, 4 Nov 2013 19:45:14 +0000 (14:45 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless
Conflicts:
drivers/net/wireless/iwlwifi/pcie/drv.c
David S. Miller [Mon, 4 Nov 2013 18:48:30 +0000 (13:48 -0500)]
Merge git://git./linux/kernel/git/davem/net
Conflicts:
drivers/net/ethernet/emulex/benet/be.h
drivers/net/netconsole.c
net/bridge/br_private.h
Three mostly trivial conflicts.
The net/bridge/br_private.h conflict was a function signature (argument
addition) change overlapping with the extern removals from Joe Perches.
In drivers/net/netconsole.c we had one change adjusting a printk message
whilst another changed "printk(KERN_INFO" into "pr_info(".
Lastly, the emulex change was a new inline function addition overlapping
with Joe Perches's extern removals.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Mon, 4 Nov 2013 14:40:55 +0000 (06:40 -0800)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"I'm sending a pull request of these lingering bug fixes for networking
before the normal merge window material because some of this stuff I'd
like to get to -stable ASAP"
1) cxgb3 stopped working on 32-bit machines, fix from Ben Hutchings.
2) Structures passed via netlink for netfilter logging are not fully
initialized. From Mathias Krause.
3) Properly unlink upper openvswitch device during notifications, from
Alexei Starovoitov.
4) Fix race conditions involving access to the IP compression scratch
buffer, from Michal Kubrecek.
5) We don't handle the expiration of MTU information contained in ipv6
routes sometimes, fix from Hannes Frederic Sowa.
6) With Fast Open we can miscompute the TCP SYN/ACK RTT, from Yuchung
Cheng.
7) Don't take TCP RTT sample when an ACK doesn't acknowledge new data,
also from Yuchung Cheng.
8) The decreased IPSEC garbage collection threshold causes problems for
some people, bump it back up. From Steffen Klassert.
9) Fix skb->truesize calculated by tcp_tso_segment(), from Eric
Dumazet.
10) flow_dissector doesn't validate packet lengths sufficiently, from
Jason Wang
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits)
net/mlx4_core: Fix call to __mlx4_unregister_mac
net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb
net: flow_dissector: fail on evil iph->ihl
xfrm: Fix null pointer dereference when decoding sessions
can: kvaser_usb: fix usb endpoints detection
can: c_can: Fix RX message handling, handle lost message before EOB
doc:net: Fix typo in Documentation/networking
bgmac: don't update slot on skb alloc/dma mapping error
ibm emac: Fix locking for enable/disable eob irq
ibm emac: Don't call napi_complete if napi_reschedule failed
virtio-net: correctly handle cpu hotplug notifier during resuming
bridge: pass correct vlan id to multicast code
net: x25: Fix dead URLs in Kconfig
netfilter: xt_NFQUEUE: fix --queue-bypass regression
xen-netback: use jiffies_64 value to calculate credit timeout
cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures
bnx2x: Disable VF access on PF removal
bnx2x: prevent FW assert on low mem during unload
tcp: gso: fix truesize tracking
xfrm: Increase the garbage collector threshold
...
Jack Morgenstein [Sun, 3 Nov 2013 08:04:07 +0000 (10:04 +0200)]
net/mlx4_core: Fix call to __mlx4_unregister_mac
In function mlx4_master_deactivate_admin_state() __mlx4_unregister_mac was
called using the MAC index. It should be called with the value of the MAC itself.
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 4 Nov 2013 05:48:00 +0000 (00:48 -0500)]
Merge branch 'fixes-for-3.12' of git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:
====================
I have two late fixes for the v3.12 release:
The first patch fixes a problem in the c_can's RX message handling, which can
lead to an endless interrupt loop under heavy load if messages are lost. The
second patch is by Olivier Sobrie and fixes the endpoint detection of the
kvaser_usb driver, which is needed for some devices.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Thu, 31 Oct 2013 08:13:32 +0000 (09:13 +0100)]
net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb
Introduced in
f9e42b853523 ("net: sctp: sideeffect: throw BUG if
primary_path is NULL"), we intended to find a buggy assoc that's
part of the assoc hash table with a primary_path that is NULL.
However, we better remove the BUG_ON for now and find a more
suitable place to assert for these things as Mark reports that
this also triggers the bug when duplication cookie processing
happens, and the assoc is not part of the hash table (so all
good in this case). Such a situation can for example easily be
reproduced by:
tc qdisc add dev eth0 root handle 1: prio bands 2 priomap 1 1 1 1 1 1
tc qdisc add dev eth0 parent 1:2 handle 20: netem loss 20%
tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match ip \
protocol 132 0xff match u8 0x0b 0xff at 32 flowid 1:2
This drops 20% of COOKIE-ACK packets. After some follow-up
discussion with Vlad we came to the conclusion that for now we
should still better remove this BUG_ON() assertion, and come up
with two follow-ups later on, that is, i) find a more suitable
place for this assertion, and possibly ii) have a special
allocator/initializer for such kind of temporary assocs.
Reported-by: Mark Thomas <Mark.Thomas@metaswitch.com>
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Arvid Brodin [Wed, 30 Oct 2013 20:10:47 +0000 (21:10 +0100)]
net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)
High-availability Seamless Redundancy ("HSR") provides instant failover
redundancy for Ethernet networks. It requires a special network topology where
all nodes are connected in a ring (each node having two physical network
interfaces). It is suited for applications that demand high availability and
very short reaction time.
HSR acts on the Ethernet layer, using a registered Ethernet protocol type to
send special HSR frames in both directions over the ring. The driver creates
virtual network interfaces that can be used just like any ordinary Linux
network interface, for IP/TCP/UDP traffic etc. All nodes in the network ring
must be HSR capable.
This code is a "best effort" to comply with the HSR standard as described in
IEC 62439-3:2010 (HSRv0).
Signed-off-by: Arvid Brodin <arvid.brodin@xdin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 30 Oct 2013 20:10:44 +0000 (13:10 -0700)]
net: extend net_device allocation to vmalloc()
Joby Poriyath provided a xen-netback patch to reduce the size of
xenvif structure as some netdev allocation could fail under
memory pressure/fragmentation.
This patch is handling the problem at the core level, allowing
any netdev structures to use vmalloc() if kmalloc() failed.
As vmalloc() adds overhead on a critical network path, add __GFP_REPEAT
to kzalloc() flags to do this fallback only when really needed.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Joby Poriyath <joby.poriyath@citrix.com>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 4 Nov 2013 04:05:16 +0000 (23:05 -0500)]
Merge branch 'sctp_csum'
Daniel Borkmann says:
====================
SCTP fix/updates
Please see patch 5 for the main description/motivation, the rest just
brings in the needed functionality for that. Although this is actually
a fix, I've based it against net-next as some additional work for
fixing it was needed.
====================
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Wed, 30 Oct 2013 10:50:52 +0000 (11:50 +0100)]
net: sctp: fix and consolidate SCTP checksumming code
This fixes an outstanding bug found through IPVS, where SCTP packets
with skb->data_len > 0 (non-linearized) and empty frag_list, but data
accumulated in frags[] member, are forwarded with incorrect checksum
letting SCTP initial handshake fail on some systems. Linearizing each
SCTP skb in IPVS to prevent that would not be a good solution as
this leads to an additional and unnecessary performance penalty on
the load-balancer itself for no good reason (as we actually only want
to update the checksum, and can do that in a different/better way
presented here).
The actual problem is elsewhere, namely, that SCTP's checksumming
in sctp_compute_cksum() does not take frags[] into account like
skb_checksum() does. So while we are fixing this up, we better reuse
the existing code that we have anyway in __skb_checksum() and use it
for walking through the data doing checksumming. This will not only
fix this issue, but also consolidates some SCTP code with core
sk_buff code, bringing it closer together and removing respectively
avoiding reimplementation of skb_checksum() for no good reason.
As crc32c() can use hardware implementation within the crypto layer,
we leave that intact (it wraps around / falls back to e.g. slice-by-8
algorithm in __crc32c_le() otherwise); plus use the __crc32c_le_combine()
combinator for crc32c blocks.
Also, we remove all other SCTP checksumming code, so that we only
have to use sctp_compute_cksum() from now on; for doing that, we need
to transform SCTP checkumming in output path slightly, and can leave
the rest intact.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Wed, 30 Oct 2013 10:50:51 +0000 (11:50 +0100)]
net: skb_checksum: allow custom update/combine for walking skb
Currently, skb_checksum walks over 1) linearized, 2) frags[], and
3) frag_list data and calculats the one's complement, a 32 bit
result suitable for feeding into itself or csum_tcpudp_magic(),
but unsuitable for SCTP as we're calculating CRC32c there.
Hence, in order to not re-implement the very same function in
SCTP (and maybe other protocols) over and over again, use an
update() + combine() callback internally to allow for walking
over the skb with different algorithms.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Wed, 30 Oct 2013 10:50:50 +0000 (11:50 +0100)]
lib: crc32: add test cases for crc32{, c}_combine routines
We already have 100 test cases for crcs itself, so split the test
buffer with a-prio known checksums, and test crc of two blocks
against crc of the whole block for the same results.
Output/result with CONFIG_CRC32_SELFTEST=y:
[ 2.687095] crc32: CRC_LE_BITS = 64, CRC_BE BITS = 64
[ 2.687097] crc32: self tests passed, processed 225944 bytes in 278177 nsec
[ 2.687383] crc32c: CRC_LE_BITS = 64
[ 2.687385] crc32c: self tests passed, processed 225944 bytes in 141708 nsec
[ 7.336771] crc32_combine: 113072 self tests passed
[ 12.050479] crc32c_combine: 113072 self tests passed
[ 17.633089] alg: No test for crc32 (crc32-pclmul)
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Wed, 30 Oct 2013 10:50:49 +0000 (11:50 +0100)]
lib: crc32: add functionality to combine two crc32{, c}s in GF(2)
This patch adds a combinator to merge two or more crc32{,c}s
into a new one. This is useful for checksum computations of
fragmented skbs that use crc32/crc32c as checksums.
The arithmetics for combining both in the GF(2) was taken and
slightly modified from zlib. Only passing two crcs is insufficient
as two crcs and the length of the second piece is needed for
merging. The code is made generic, so that only polynomials
need to be passed for crc32_le resp. crc32c_le.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Wed, 30 Oct 2013 10:50:48 +0000 (11:50 +0100)]
lib: crc32: clean up spacing in test cases
This is nothing more but a whitepace cleanup, as 80 chars is not a
hard but soft limit, and otherwise makes the test cases array really
look ugly. So fix it up.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 3 Nov 2013 23:41:51 +0000 (15:41 -0800)]
Linux 3.12
Wei Yongjun [Wed, 30 Oct 2013 05:31:30 +0000 (13:31 +0800)]
netfilter: nf_tables: remove duplicated include from nf_tables_ipv4.c
Remove duplicated include.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Holger Eitzenberger [Thu, 26 Sep 2013 15:31:52 +0000 (17:31 +0200)]
netfilter: ctnetlink: account both directions in one step
With the intent to dump other accounting data later.
This patch is a cleanup.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Holger Eitzenberger [Thu, 26 Sep 2013 15:31:51 +0000 (17:31 +0200)]
netfilter: introduce nf_conn_acct structure
Encapsulate counters for both directions into nf_conn_acct. During
that process also consistently name pointers to the extend 'acct',
not 'counters'. This patch is a cleanup.
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Linus Torvalds [Sun, 3 Nov 2013 19:36:41 +0000 (11:36 -0800)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus
Pull MIPS fixes from Ralf Baechle:
"Three fixes across arch/mips with the most complex one being the GIC
interrupt fix - at nine lines still not monster. I'm confident this
are the final MIPS patches even if there should go for an rc8"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: ralink: fix return value check in rt_timer_probe()
MIPS: malta: Fix GIC interrupt offsets
MIPS: Perf: Fix 74K cache map
Mathias Krause [Sun, 3 Nov 2013 11:36:28 +0000 (12:36 +0100)]
ipc, msg: forbid negative values for "msg{max,mnb,mni}"
Negative message lengths make no sense -- so don't do negative queue
lenghts or identifier counts. Prevent them from getting negative.
Also change the underlying data types to be unsigned to avoid hairy
surprises with sign extensions in cases where those variables get
evaluated in unsigned expressions with bigger data types, e.g size_t.
In case a user still wants to have "unlimited" sizes she could just use
INT_MAX instead.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 2 Nov 2013 17:27:29 +0000 (10:27 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/rusty/linux
Pull ARM kallsyms fix from Rusty Russell:
"Last minute perf unbreakage for ARM modules; spent a day in
linux-next"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
scripts/kallsyms: filter symbols not in kernel address space
Vineet Gupta [Sat, 2 Nov 2013 12:17:49 +0000 (17:47 +0530)]
ARC: Incorrect mm reference used in vmalloc fault handler
A vmalloc fault needs to sync up PGD/PTE entry from init_mm to current
task's "active_mm". ARC vmalloc fault handler however was using mm.
A vmalloc fault for non user task context (actually pre-userland, from
init thread's open for /dev/console) caused the handler to deref NULL mm
(for mm->pgd)
The reasons it worked so far is amazing:
1. By default (!SMP), vmalloc fault handler uses a cached value of PGD.
In SMP that MMU register is repurposed hence need for mm pointer deref.
2. In pre-3.12 SMP kernel, the problem triggering vmalloc didn't exist in
pre-userland code path - it was introduced with commit
20bafb3d23d108bc
"n_tty: Move buffers into n_tty_data"
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: Noam Camus <noamc@ezchip.com>
Cc: stable@vger.kernel.org #3.10 and 3.11
Cc: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jason Wang [Fri, 1 Nov 2013 07:01:10 +0000 (15:01 +0800)]
net: flow_dissector: fail on evil iph->ihl
We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
is evil (less than 5).
This issue were introduced by commit
ec5efe7946280d1e84603389a1030ccec0a767ae
(rps: support IPIP encapsulation).
Cc: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 2 Nov 2013 06:13:48 +0000 (02:13 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/klassert/ipsec-next
Conflicts:
net/xfrm/xfrm_policy.c
Minor merge conflict in xfrm_policy.c, consisting of overlapping
changes which were trivial to resolve.
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Fri, 1 Nov 2013 10:18:44 +0000 (13:18 +0300)]
bonding: bond_get_size() returns wrong size
There is an extra semi-colon so bond_get_size() doesn't return the
correct value.
Fixes: ec76aa49855f ('bonding: add Netlink support active_slave option')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Veaceslav Falico <vfalico@redhat.com>
Reviewed-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 2 Nov 2013 06:02:19 +0000 (02:02 -0400)]
Merge branch 'cdc_ncm'
Bjørn Mork says:
====================
cdc_ncm: many small and mostly trivial fixes
This series ended up longer than expected, and it is still not
complete. There is more to come when time allows...
Most changes are trivial. Notable non-trivial changes are
- removed filtering of identical speed notifications
- tx_max calulation is changed to count the pad byte if
necessary, and respect the device limit as an absolute
upper limit even if it is too low according to the spec
- remove the bug preventing SET_MAX_DATAGRAM_SIZE from having
any effect
- drop the pad-to-max if ZLPs are enabled
- the driver specific VERSION is dropped
- dev->hard_mtu is set to tx_max instead of max_datagram_size
causing usbnet to calculate the qlen based on the real max
size of tx skbs
This series has been tested, along with the previously posted
cdc_mbim series, on the NCM and MBIM devices I have:
- Ericsson F5521gw (NCM)
- Huawei E367 (MBIM)
- D-Link DWM-156 A7 (MBIM w/ too low dwNtb{In,Out}MaxSize bug)
- Sierra Wireless MC7710 (MBIM w/ ZLP and CDC Union bugs)
Apart from the D-Link modem dropping a lot less oversized
frames with the fix dedicated to it, there are no end user
noticable functional changes as a result of this series. But
all the non-trivial changes I listed above are of course
detectable by users looking at that specific area (except maybe
the removed speed notification, which requires a device sending
duplicates to be noticable - I don't have any such device).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:17:01 +0000 (11:17 +0100)]
net: cdc_ncm: no not set tx_max higher than the device supports
There are MBIM devices out there reporting
dwNtbInMaxSize=2048 dwNtbOutMaxSize=2048
and since the spec require a datagram max size of at least
2048, this means that a full sized datagram will never fit.
Still, sending larger NTBs than the device supports is not
going to help. We do not have any other options than either
a) refusing to bindi, or
b) respect the insanely low value.
Alternative b will at least make these devices work, so go
for it.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:17:00 +0000 (11:17 +0100)]
net: cdc_ncm: improve bind error debug messages
Make it a bit easier for users to figure out what goes
wrong when bind fails.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:59 +0000 (11:16 +0100)]
net: cdc_ncm: return proper error if setup fails
Most setup errors are ignored to ensure maximum firmware
compatibilty. But GET_NTB_PARAMETERS and the functional
descriptors are required. Use proper error codes and
log level if these fail.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:58 +0000 (11:16 +0100)]
net: cdc_ncm: refactoring cdc_ncm_setup
Rewriting the "set max datagram" part of dc_ncm_setup to
separate the selection and validatation of the size from
the code which optionally informs the device of this
value. This ensures that we use the correct value
regardless of device support for the get and set commands.
Removing some of the many indent levels while doing this
to make the code more readable.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:57 +0000 (11:16 +0100)]
net: cdc_ncm: drop "extern" from header declarations
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:56 +0000 (11:16 +0100)]
net: cdc_ncm: endian convert constants instead of variables
Converting the constants used in these comparisons at build
time instead of converting the variables for every received
frame at run time.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:55 +0000 (11:16 +0100)]
net: cdc_ncm: log signatures in hex
These signatures are well known bit patterns, mostly made up
of ascii characters. Mentally parsing works best if they
are printed in hex.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:54 +0000 (11:16 +0100)]
net: cdc_ncm: use netif_* and dev_* instead of pr_*
Take advantage of standard device name prefixing and
netdevice msglvl control where possible.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:53 +0000 (11:16 +0100)]
net: cdc_ncm: log the length we warn about
Fix cut'n'paste typo. Log the bogus length and not the
irrelevant signature.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:52 +0000 (11:16 +0100)]
net: cdc_ncm: set correct dev->hard_mtu
usbnet use the hard_mtu value for sizing the tx queue and nothing
else. We will be transmitting buffers of up to tx_max size, so
that's the proper value to give usbnet.
The individual datagram size is completely irrelevant here.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:51 +0000 (11:16 +0100)]
net: cdc_ncm: remove ethtool ops
No need to keep this code duplicated from usbnet.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:50 +0000 (11:16 +0100)]
net: cdc_ncm: remove probe and disconnect wrappers
These functions were merely wrappers around the usbnet
variants. Remove them.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:49 +0000 (11:16 +0100)]
net: cdc_ncm: no point in filling up the NTBs if we send ZLPs
Padding NTBs to max size is part of the support for devices
optimizing their DMA transfers. This optimization depends on
max sized NTBs not being ZLP terminated. So we are much better
off dropping the padding if we are going to send a ZLP anyway.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:48 +0000 (11:16 +0100)]
net: cdc_ncm: only the control intf can be probed
The probed interface must be the master/control interface of the
function. Make this explicit and simplify redundant tests.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:47 +0000 (11:16 +0100)]
net: cdc_ncm: remove descriptor pointers
header_desc was completely unused and union_desc was never used
outside cdc_ncm_bind_common.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:46 +0000 (11:16 +0100)]
net: cdc_ncm: fix SET_MAX_DATAGRAM_SIZE
We need to inform the device about the *new* value, not the
old one.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:45 +0000 (11:16 +0100)]
net: cdc_ncm: remove ncm_parm field
Moving the call to cdc_ncm_setup() after the endpoint
setup removes the last remaining reference to ncm_parm
outside cdc_ncm_setup.
Collecting all the ncm_parm based calculations in
cdc_ncm_setup improves readability.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:44 +0000 (11:16 +0100)]
net: cdc_ncm: remove tx_speed and rx_speed fields
These fields are only used to prevent printing the same speeds
multiple times if we receive multiple identical speed notifications.
The value of these printk's is questionable, and even more so when
we filter out some of the notifications sent us by the firmware. If
we are going to print any of these, then we should print them all.
Removing little used fields is a bonus.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:43 +0000 (11:16 +0100)]
net: cdc_ncm: remove unused udev field
We already use the usbnet udev field everywhere this could have
been used.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:42 +0000 (11:16 +0100)]
net: cdc_ncm: remove redundant netdev field
Too many pointers back and forth are likely to confuse developers,
creating subtle bugs whenever we forget to syncronize them all.
As a usbnet driver, we should stick with the standard struct
usbnet fields as much as possible. The netdevice is one such
field.
Cc: Greg Suarez <gsuarez@smithmicro.com>
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:41 +0000 (11:16 +0100)]
net: cdc_ncm: remove redundant endpoint pointers
No need to duplicate stuff already in the common usbnet
struct. We still need to keep our special find_endpoints
function because we need explicit control over the selected
altsetting.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:40 +0000 (11:16 +0100)]
net: cdc_ncm: remove redundant "intf" field
This is always a duplicate of the "control" field. It causes
confusion wrt intf_data updates and cleanups.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:39 +0000 (11:16 +0100)]
net: cdc_ncm: add include protection to cdc_ncm.h
This makes it a lot easier to test modified versions
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Fri, 1 Nov 2013 10:16:38 +0000 (11:16 +0100)]
net: cdc_ncm: simplify and optimize frame padding
We can avoid the costly division for the common case where
we pad the frame to tx_max size as long as we ensure that
tx_max is either the device specified dwNtbOutMaxSize or not
a multiplum of wMaxPacketSize.
Using the preconverted 'maxpacket' field avoids converting
wMaxPacketSize to CPU endianness for every transmitted frame
And since we only will hit the one byte padding rule for short
frames, we can drop testing the skb for tailroom.
The change means that tx_max now represents the real maximum
skb size, enabling us to allocate the correct size instead of
always making room for one extra byte.
Cc: Alexey Orishko <alexey.orishko@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>