openwrt/staging/blogic.git
8 years agobatman-adv: Use kref_get for batadv_gw_node_add
Sven Eckelmann [Sat, 5 Mar 2016 15:09:23 +0000 (16:09 +0100)]
batman-adv: Use kref_get for batadv_gw_node_add

batadv_gw_node_add requires that the caller already has a valid reference
for orig_node. It is therefore not possible that it has an reference
counter of 0 and was still given to this function

The kref_get function instead WARNs (with debug information) when the
reference counter would still be 0. This makes a bug in batman-adv better
visible because kref_get_unless_zero would have ignored this problem.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Use kref_get for batadv_gw_select
Sven Eckelmann [Sat, 5 Mar 2016 15:09:22 +0000 (16:09 +0100)]
batman-adv: Use kref_get for batadv_gw_select

batadv_gw_select requires that the caller already has a valid reference for
new_gw_node. It is therefore not possible that it has an reference counter
of 0 and was still given to this function

The kref_get function instead WARNs (with debug information) when the
reference counter would still be 0. This makes a bug in batman-adv better
visible because kref_get_unless_zero would have ignored this problem.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Use kref_get for batadv_nc_get_nc_node
Sven Eckelmann [Sat, 5 Mar 2016 15:09:21 +0000 (16:09 +0100)]
batman-adv: Use kref_get for batadv_nc_get_nc_node

batadv_nc_get_nc_node requires that the caller already has a valid
reference for orig_neigh_node. It is therefore not possible that it has an
reference counter of 0 and was still given to this function

The kref_get function instead WARNs (with debug information) when the
reference counter would still be 0. This makes a bug in batman-adv better
visible because kref_get_unless_zero would have ignored this problem.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Use kref_get for batadv_tvlv_container_get
Sven Eckelmann [Sat, 5 Mar 2016 15:09:20 +0000 (16:09 +0100)]
batman-adv: Use kref_get for batadv_tvlv_container_get

batadv_tvlv_container_get requires that tvlv.container_list_lock is held by
the caller. It is therefore not possible that an item in
tvlv.container_list has an reference counter of 0 and is still in the list

The kref_get function instead WARNs (with debug information) when the
reference counter would still be 0. This makes a bug in batman-adv better
visible because kref_get_unless_zero would have ignored this problem.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Increase hard_iface refcnt for ptype
Sven Eckelmann [Sat, 5 Mar 2016 15:09:18 +0000 (16:09 +0100)]
batman-adv: Increase hard_iface refcnt for ptype

The hard_iface is referenced in the packet_type for batman-adv. Increase
the refcounter of the hard_interface for it to have an explicit reference
for it in case this functionality gets refactorted and the currently
used implicit reference for it will be removed.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Check hard_iface refcnt when receiving skb
Sven Eckelmann [Sat, 5 Mar 2016 15:09:17 +0000 (16:09 +0100)]
batman-adv: Check hard_iface refcnt when receiving skb

The receive function may start processing an incoming packet while the
hard_iface is shut down in a different context. All called functions called
with the batadv_hard_iface object belonging to the incoming interface would
have to check whether the reference counter is still > 0.

This is rather error-prone because this check can be forgotten easily.
Instead check the reference counter when receiving the object to make sure
that all called functions have a valid reference.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Check hard_iface refcnt before calling function
Sven Eckelmann [Sat, 5 Mar 2016 15:09:16 +0000 (16:09 +0100)]
batman-adv: Check hard_iface refcnt before calling function

The batadv_hardif_list list is checked in many situations and the items
in this list are given to specialized functions to modify the routing
behavior. At the moment each of these called functions has to check
itself whether the received batadv_hard_iface has a refcount > 0 before
it can increase the reference counter and use it in other objects.

This can easily lead to problems because it is not easily visible where
all callers of a function got the batadv_hard_iface object from and
whether they already hold a valid reference.

Checking the reference counter directly before calling a subfunction
with a pointer from the batadv_hardif_list avoids this problem.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: add detection for complex bridge loops
Simon Wunderlich [Sat, 12 Mar 2016 09:49:33 +0000 (10:49 +0100)]
batman-adv: add detection for complex bridge loops

There are network setups where the current bridge loop avoidance can't
detect bridge loops. The minimal setup affected would consist of two
LANs and two separate meshes, connected in a ring like that:

   A...(mesh1)...B
   |             |
 (LAN1)        (LAN2)
   |             |
   C...(mesh2)...D

Since both the meshes and backbones are separate, the bridge loop
avoidance has not enough information to detect and avoid the loop
in this case. Even if these scenarios can't be fixed easily,
these kind of loops can be detected.

This patch implements a periodic check (running every 60 seconds for
now) which sends a broadcast frame with a random MAC address on
each backbone VLAN. If a broadcast frame with the same MAC address
is received shortly after on the mesh, we know that there must be a
loop and report that incident as well as throw an uevent to let others
handle that problem.

Signed-off-by: Simon Wunderlich <simon.wunderlich@open-mesh.com>
[sven@narfation.org: fix conflicts with current version]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Create batman soft interfaces within correct netns.
Andrew Lunn [Thu, 21 Apr 2016 10:57:27 +0000 (12:57 +0200)]
batman-adv: Create batman soft interfaces within correct netns.

When creating a soft interface, create it in the same netns as the
hard interface. Replace all references to init_net with the correct
name space for the interface being manipulated.

Suggested-by: Daniel Ehlers <danielehlers@mindeye.net>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: NETIF_F_NETNS_LOCAL feature to prevent netns moves
Andrew Lunn [Tue, 1 Mar 2016 21:19:05 +0000 (22:19 +0100)]
batman-adv: NETIF_F_NETNS_LOCAL feature to prevent netns moves

The batX soft interface should not be moved between network name
spaces. This is similar to bridges, bonds, tunnels, which are not
allowed to move between network namespaces.

Suggested-by: Daniel Ehlers <danielehlers@mindeye.net>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Antonio Quartulli <a@unstable.cc>
Reviewed-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Remove hdr_size skb size check in batadv_interface_rx
Sven Eckelmann [Sun, 28 Feb 2016 10:38:52 +0000 (11:38 +0100)]
batman-adv: Remove hdr_size skb size check in batadv_interface_rx

The callers of batadv_interface_rx have to make sure that enough data can
be pulled from the skb when they read the batman-adv header. The only two
functions using it are either calling pskb_may_pull with hdr_size directly
(batadv_recv_bcast_packet) or indirectly via batadv_check_unicast_packet
(batadv_recv_unicast_packet).

Reported-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agobatman-adv: Remove unused parameter recv_if of batadv_interface_rx
Sven Eckelmann [Sun, 28 Feb 2016 10:38:51 +0000 (11:38 +0100)]
batman-adv: Remove unused parameter recv_if of batadv_interface_rx

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
8 years agonetfilter: conntrack: remove uninitialized shadow variable
Arnd Bergmann [Mon, 9 May 2016 19:47:23 +0000 (21:47 +0200)]
netfilter: conntrack: remove uninitialized shadow variable

A recent commit introduced an unconditional use of an uninitialized
variable, as reported in this gcc warning:

net/netfilter/nf_conntrack_core.c: In function '__nf_conntrack_confirm':
net/netfilter/nf_conntrack_core.c:632:33: error: 'ctinfo' may be used uninitialized in this function [-Werror=maybe-uninitialized]
   bytes = atomic64_read(&counter[CTINFO2DIR(ctinfo)].bytes);
                                 ^
net/netfilter/nf_conntrack_core.c:628:26: note: 'ctinfo' was declared here
   enum ip_conntrack_info ctinfo;

The problem is that a local variable shadows the function parameter.
This removes the local variable, which looks like what Pablo originally
intended.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 71d8c47fc653 ("netfilter: conntrack: introduce clash resolution on insertion race")
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'ip6-tunnel-tx-fixes'
David S. Miller [Tue, 10 May 2016 04:39:28 +0000 (00:39 -0400)]
Merge branch 'ip6-tunnel-tx-fixes'

Tom Herbert says:

====================
ip6: Transmit tunneling fixes

Several fixes suggested by Alexander.

Tested: Running netperf TCP_STREAM with gretap and keyid configured.
Visually verified that MTU is correctly being set. Did not test HW
offload (Alexander plese try)
====================

Tested-by: Alexander Duyck <aduyck@mirantis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoip6_gre: Use correct flags for reading TUNNEL_SEQ
Tom Herbert [Tue, 10 May 2016 00:12:12 +0000 (17:12 -0700)]
ip6_gre: Use correct flags for reading TUNNEL_SEQ

Fix two spots where o_flags in a tunnel are being compared to GRE_SEQ
instead of TUNNEL_SEQ.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoip6: Don't set transport header in IPv6 tunneling
Tom Herbert [Tue, 10 May 2016 00:12:11 +0000 (17:12 -0700)]
ip6: Don't set transport header in IPv6 tunneling

We only need to reset network header here.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoip6_gre: Set inner protocol correctly in __gre6_xmit
Tom Herbert [Tue, 10 May 2016 00:12:10 +0000 (17:12 -0700)]
ip6_gre: Set inner protocol correctly in __gre6_xmit

Need to use adjusted protocol value for setting inner protocol.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agogre6: Fix flag translations
Tom Herbert [Tue, 10 May 2016 00:12:09 +0000 (17:12 -0700)]
gre6: Fix flag translations

GRE for IPv6 does not properly translate for GRE flags to tunnel
flags and vice versa. This patch fixes that.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoip6_gre: Fix MTU setting
Tom Herbert [Tue, 10 May 2016 00:12:08 +0000 (17:12 -0700)]
ip6_gre: Fix MTU setting

In ip6gre_tnl_link_config set t->tun_len and t->hlen correctly for the
configuration. For hard_header_len and mtu calculation include
IPv6 header and encapsulation overhead.

In ip6gre_tunnel_init_common set t->tun_len and t->hlen correctly for
the configuration. Revert to setting hard_header_len instead of
needed_headroom.

Tested:

./ip link add name tun8 type ip6gretap remote \
2401:db00:20:911a:face:0:27:0 local \
2401:db00:20:911a:face:0:25:0 ttl 225

Gives MTU of 1434. That is equal to 1500 - 40 - 14 - 4 - 8.

./ip link add name tun8 type ip6gretap remote \
2401:db00:20:911a:face:0:27:0 local \
2401:db00:20:911a:face:0:25:0 ttl 225 okey 123

Gives MTU of 1430. That is equal to 1500 - 40 - 14 - 4 - 8 - 4.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agostmmac: dwmac-socfpga: make socfpga_dwmac_pm_ops static
Joachim Eastwood [Sun, 8 May 2016 11:47:23 +0000 (13:47 +0200)]
stmmac: dwmac-socfpga: make socfpga_dwmac_pm_ops static

Fix the following sparse warning:
drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c:274:1: warning:
  symbol 'socfpga_dwmac_pm_ops' was not declared. Should it be static?

Signed-off-by: Joachim Eastwood <manabian@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'l3mdev-send-enslaved'
David S. Miller [Tue, 10 May 2016 02:33:53 +0000 (22:33 -0400)]
Merge branch 'l3mdev-send-enslaved'

David Ahern says:

====================
net: l3mdev: Allow send on enslaved interface

First patch preps for the second. The second is required for several use
cases such as ping on an interface and BFD that need to send packets on
a specific interface, including ones enslaved to a VRF device.

v2
- fixed brackets on both patches per comment from DaveM
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: l3mdev: Allow send on enslaved interface
David Ahern [Sat, 7 May 2016 23:49:00 +0000 (16:49 -0700)]
net: l3mdev: Allow send on enslaved interface

Allow udp and raw sockets to send by oif that is an enslaved interface
versus the l3mdev/VRF device. For example, this allows BFD to use ifindex
from IP_PKTINFO on a receive to send a response without the need to
convert to the VRF index. It also allows ping and ping6 to work when
specifying an enslaved interface (e.g., ping -I swp1 <ip>) which is
a natural use case.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: l3mdev: Move get_saddr and rt6_dst
David Ahern [Sat, 7 May 2016 23:48:59 +0000 (16:48 -0700)]
net: l3mdev: Move get_saddr and rt6_dst

Move l3mdev_rt6_dst_by_oif and l3mdev_get_saddr to l3mdev.c. Collapse
l3mdev_get_rt6_dst into l3mdev_rt6_dst_by_oif since it is the only
user and keep the l3mdev_get_rt6_dst name for consistency with other
hooks.

A follow-on patch adds more code to these functions making them long
for inlined functions.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agofjes: Fix unnecessary spinlock_irqsave
Taku Izumi [Tue, 10 May 2016 01:28:49 +0000 (10:28 +0900)]
fjes: Fix unnecessary spinlock_irqsave

commit-bd5a256 introduces a deadlock bug in fjes_change_mtu().
This spin_lock_irqsave() is obviously unnecessary.

This patch eliminates unnecessary spin_lock_irqsave() in
fjes_change_mtu()

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomlx5: Fix merge errors.
David S. Miller [Tue, 10 May 2016 02:05:13 +0000 (22:05 -0400)]
mlx5: Fix merge errors.

I accidently let Arnd's VXLAN dependency changes slip into net-next,
they are only appropriate for net.

Also the flow steering structural changes to mlx5e_priv got scrambled
during the merge resolution as well.

Fix that all up.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Mon, 9 May 2016 19:59:24 +0000 (15:59 -0400)]
Merge git://git./linux/kernel/git/davem/net

In netdevice.h we removed the structure in net-next that is being
changes in 'net'.  In macsec.c and rtnetlink.c we have overlaps
between fixes in 'net' and the u64 attribute changes in 'net-next'.

The mlx5 conflicts have to do with vxlan support dependencies.

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Linus Torvalds [Mon, 9 May 2016 19:24:19 +0000 (12:24 -0700)]
Merge branch 'linus' of git://git./linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
 "This fixes the following issues:

   - bug in ahash SG list walking that may lead to crashes

   - resource leak in qat

   - missing RSA dependency that causes it to fail"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: rsa - select crypto mgr dependency
  crypto: hash - Fix page length clamping in hash walk
  crypto: qat - fix adf_ctl_drv.c:undefined reference to adf_init_pf_wq
  crypto: qat - fix invalid pf2vf_resp_wq logic

8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Mon, 9 May 2016 19:11:37 +0000 (12:11 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Check klogctl failure correctly, from Colin Ian King.

 2) Prevent OOM when under memory pressure in flowcache, from Steffen
    Klassert.

 3) Fix info leak in llc and rtnetlink ifmap code, from Kangjie Lu.

 4) Memory barrier and multicast handling fixes in bnxt_en, from Michael
    Chan.

 5) Endianness bug in mlx5, from Daniel Jurgens.

 6) Fix disconnect handling in VSOCK, from Ian Campbell.

 7) Fix locking of netdev list walking in get_bridge_ifindices(), from
    Nikolay Aleksandrov.

 8) Bridge multicast MLD parser can look at wrong packet offsets, fix
    from Linus Lüssing.

 9) Fix chip hang in qede driver, from Sudarsana Reddy Kalluru.

10) Fix missing setting of encapsulation before inner handling completes
    in udp_offload code, from Jarno Rajahalme.

11) Missing rollbacks during LAG join and flood configuration failures
    in mlxsw driver, from Ido Schimmel.

12) Fix error code checks in netxen driver, from Dan Carpenter.

13) Fix key size in new macsec driver, from Sabrina Dubroca.

14) Fix mlx5/VXLAN dependencies, from Arnd Bergmann.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits)
  net/mlx5e: make VXLAN support conditional
  Revert "net/mlx5: Kconfig: Fix MLX5_EN/VXLAN build issue"
  macsec: key identifier is 128 bits, not 64
  Documentation/networking: more accurate LCO explanation
  macvtap: segmented packet is consumed
  tools: bpf_jit_disasm: check for klogctl failure
  qede: uninitialized variable in qede_start_xmit()
  netxen: netxen_rom_fast_read() doesn't return -1
  netxen: reversed condition in netxen_nic_set_link_parameters()
  netxen: fix error handling in netxen_get_flash_block()
  mlxsw: spectrum: Add missing rollback in flood configuration
  mlxsw: spectrum: Fix rollback order in LAG join failure
  udp_offload: Set encapsulation before inner completes.
  udp_tunnel: Remove redundant udp_tunnel_gro_complete().
  qede: prevent chip hang when increasing channels
  net: ipv6: tcp reset, icmp need to consider L3 domain
  bridge: fix igmp / mld query parsing
  net: bridge: fix old ioctl unlocked net device walk
  VSOCK: do not disconnect socket when peer has shutdown SEND only
  net/mlx4_en: Fix endianness bug in IPV6 csum calculation
  ...

8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
David S. Miller [Mon, 9 May 2016 19:02:58 +0000 (15:02 -0400)]
Merge git://git./linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following large patchset contains Netfilter updates for your
net-next tree. My initial intention was to send you this in two goes but
when I looked back twice I already had this burden on top of me.

Several updates for IPVS from Marco Angaroni:

1) Allow SIP connections originating from real-servers to be load
   balanced by the SIP persistence engine as is already implemented
   in the other direction.

2) Release connections immediately for One-packet-scheduling (OPS)
   in IPVS, instead of making it via timer and rcu callback.

3) Skip deleting conntracks for each one packet in OPS, and don't call
   nf_conntrack_alter_reply() since no reply is expected.

4) Enable drop on exhaustion for OPS + SIP persistence.

Miscelaneous conntrack updates from Florian Westphal, including fix for
hash resize:

5) Move conntrack generation counter out of conntrack pernet structure
   since this is only used by the init_ns to allow hash resizing.

6) Use get_random_once() from packet path to collect hash random seed
    instead of our compound.

7) Don't disable BH from ____nf_conntrack_find() for statistics,
   use NF_CT_STAT_INC_ATOMIC() instead.

8) Fix lookup race during conntrack hash resizing.

9) Introduce clash resolution on conntrack insertion for connectionless
   protocol.

Then, Florian's netns rework to get rid of per-netns conntrack table,
thus we use one single table for them all. There was consensus on this
change during the NFWS 2015 and, on top of that, it has recently been
pointed as a source of multiple problems from unpriviledged netns:

11) Use a single conntrack hashtable for all namespaces. Include netns
    in object comparisons and make it part of the hash calculation.
    Adapt early_drop() to consider netns.

12) Use single expectation and NAT hashtable for all namespaces.

13) Use a single slab cache for all namespaces for conntrack objects.

14) Skip full table scanning from nf_ct_iterate_cleanup() if the pernet
    conntrack counter tells us the table is empty (ie. equals zero).

Fixes for nf_tables interval set element handling, support to set
conntrack connlabels and allow set names up to 32 bytes.

15) Parse element flags from element deletion path and pass it up to the
    backend set implementation.

16) Allow adjacent intervals in the rbtree set type for dynamic interval
    updates.

17) Add support to set connlabel from nf_tables, from Florian Westphal.

18) Allow set names up to 32 bytes in nf_tables.

Several x_tables fixes and updates:

19) Fix incorrect use of IS_ERR_VALUE() in x_tables, original patch
    from Andrzej Hajda.

And finally, miscelaneous netfilter updates such as:

20) Disable automatic helper assignment by default. Note this proc knob
    was introduced by a9006892643a ("netfilter: nf_ct_helper: allow to
    disable automatic helper assignment") 4 years ago to start moving
    towards explicit conntrack helper configuration via iptables CT
    target.

21) Get rid of obsolete and inconsistent debugging instrumentation
    in x_tables.

22) Remove unnecessary check for null after ip6_route_output().
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agocompiler-gcc: require gcc 4.8 for powerpc __builtin_bswap16()
Josh Poimboeuf [Fri, 6 May 2016 14:22:25 +0000 (09:22 -0500)]
compiler-gcc: require gcc 4.8 for powerpc __builtin_bswap16()

gcc support for __builtin_bswap16() was supposedly added for powerpc in
gcc 4.6, and was then later added for other architectures in gcc 4.8.

However, Stephen Rothwell reported that attempting to use it on powerpc
in gcc 4.6 fails with:

  lib/vsprintf.c:160:2: error: initializer element is not constant
  lib/vsprintf.c:160:2: error: (near initialization for 'decpair[0]')
  lib/vsprintf.c:160:2: error: initializer element is not constant
  lib/vsprintf.c:160:2: error: (near initialization for 'decpair[1]')
  ...

I'm not entirely sure what those errors mean, but I don't see them on
gcc 4.8.  So let's consider gcc 4.8 to be the official starting point
for __builtin_bswap16().

Arnd Bergmann adds:
 "I found the commit in gcc-4.8 that replaced the powerpc-specific
  implementation of __builtin_bswap16 with an architecture-independent
  one.  Apparently the powerpc version (gcc-4.6 and 4.7) just mapped to
  the lhbrx/sthbrx instructions, so it ended up not being a constant,
  though the intent of the patch was mainly to add support for the
  builtin to x86:

    https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624

  has the patch that went into gcc-4.8 and more information."

Fixes: 7322dd755e7d ("byteswap: try to avoid __builtin_constant_p gcc bug")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Tested-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMerge branch 'dsa-mv88e6xxx-monolithic'
David S. Miller [Mon, 9 May 2016 18:26:14 +0000 (14:26 -0400)]
Merge branch 'dsa-mv88e6xxx-monolithic'

Vivien Didelot says:

====================
net: dsa: mv88e6xxx: turn into monolithic driver

This patchset merges all mv88e6* drivers supported by the shared
mv88e6xxx code into a single mv88e6xxx DSA switch driver.

Some flags are added to describe the capabilities of a switch model,
such as the presence of a PPU, EEPROM, some old or new registers, etc.

First these flags are used to conditionally support the same set of
functions in every driver, then specific driver files are removed in
favor of the common mv88e6xxx driver.

Only the merge of driver specific setup code assumes a few differences.
If these differences such as frames priorities are really needed for
some models, they can easily be brought back in a future patch.

Some inconsistencies might show up, such as the need for
MV88E6XXX_FLAG_PPU and MV88E6XXX_FLAG_PPU_ACTIVE flags. But this
patchset does not aim to fix them yet. A future patch can do that if
they end up being unwanted.

The patchset has been tested on interconnected 88E6352 and 88E6185.

Changes v1 -> v2:
  - add missing MV88E6XXX_FLAG_EEPROM flag checks
  - remove a few remaining _ prefixes
  - remove MV88E6XXX_FLAG_CORE_TAG_TYPE which is a specific default

Changes RFC -> v1:
  - introduce flags in a separate patch
  - do not refactor anything yet
  - do not add new functions prefixed with _
  - drop packet discarding and mentioned tested platforms
  - factorize family flags
  - update text for NET_DSA_MV88E6XXX Kconfig entry
====================

Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Tested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize the switch driver
Vivien Didelot [Mon, 9 May 2016 17:22:58 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize the switch driver

Now that all drivers support the same set of functions and the same
setup code, drop every model-specific DSA switch driver and replace them
with a common mv88e6xxx driver.

This merges the info tables into one, removes the function exports, the
model-specific files, and update the defconfigs.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6131: use EDSA tag protocol
Vivien Didelot [Mon, 9 May 2016 17:22:57 +0000 (13:22 -0400)]
net: dsa: mv88e6131: use EDSA tag protocol

6131 is the only driver to set the tag protocol to DSA_TAG_PROTO_DSA.
Since it works fine with DSA_TAG_PROTO_EDSA, change its value, like all
other mv88e6xxx drivers.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize switch setup
Vivien Didelot [Mon, 9 May 2016 17:22:56 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize switch setup

Provide a shared mv88e6xxx_setup function to the drivers.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6131: drop frames priorities setup
Vivien Didelot [Mon, 9 May 2016 17:22:55 +0000 (13:22 -0400)]
net: dsa: mv88e6131: drop frames priorities setup

6131 is the only driver which setups the priority of IGMP/MLD snoop
frames and ARP frames to the highest setting. Drop such change until we
figure out a common configuration for all switch models.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize GLOBAL_CONTROL_2 setup
Vivien Didelot [Mon, 9 May 2016 17:22:54 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize GLOBAL_CONTROL_2 setup

All switch models setup the GLOBAL_CONTROL_2 register with slightly
differences.

Since the cascade mode is valid even in a single chip setup, factorize
such configuration.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize GLOBAL_MONITOR_CONTROL setup
Vivien Didelot [Mon, 9 May 2016 17:22:53 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize GLOBAL_MONITOR_CONTROL setup

All switch drivers configure the GLOBAL_MONITOR_CONTROL register with
slightly changes.

Assume the setup of the upstream port, and configure it as the port to
which ingress and egress and ARP monitor frames are to be sent.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6131: drop VLAN Ethertype setup
Vivien Didelot [Mon, 9 May 2016 17:22:52 +0000 (13:22 -0400)]
net: dsa: mv88e6131: drop VLAN Ethertype setup

The 6131 switch models have a Core Tag Type register. Their setup code
is setting it to 0x8100, which is the reset default.

Drop this specific part which is correctly configured on reset anyway.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize GLOBAL_CONTROL setup
Vivien Didelot [Mon, 9 May 2016 17:22:51 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize GLOBAL_CONTROL setup

All switch models configure the GLOBAL_CONTROL register with slightly
differences.

Discarding packets with excessive collisions
(GLOBAL_CONTROL_DISCARD_EXCESS) is specific to 6352 and similar
switches, and setting a maximum frame size
(GLOBAL_CONTROL_MAX_FRAME_1632) is specific to 6185 and similar
switches.

As we are centralizing the chips setup, skip these settings and don't
discard any frames yet, until we found out that such discarding by the
hardware is necessary.

Assume a common setup to enable the PHY Polling Unit if present, don't
discard any packets, and mask all interrupt sources.

Tested on 88E6352 and 88E6185.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize global setup
Vivien Didelot [Mon, 9 May 2016 17:22:50 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize global setup

Every driver is calling mv88e6xxx_setup_global after
mv88e6xxx_setup_common. Call the former in the latter.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize switch reset
Vivien Didelot [Mon, 9 May 2016 17:22:49 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize switch reset

Add a MV88E6XXX_FLAG_PPU_ACTIVE flag to describe how to reset the
switch, and merge the reset call to the common setup code.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize ATU access
Vivien Didelot [Mon, 9 May 2016 17:22:48 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize ATU access

Add a MV88E6XXX_FLAG_ATU flag to identify switch models with an Address
Translation Unit.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize VTU access
Vivien Didelot [Mon, 9 May 2016 17:22:47 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize VTU access

Add a MV88E6XXX_FLAG_VTU flag to indentify switch models with a VLAN
Table Unit.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize bridge support
Vivien Didelot [Mon, 9 May 2016 17:22:46 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize bridge support

Add MV88E6XXX_FLAG_PORTSTATE and MV88E6XXX_FLAG_VLANTABLE flags to
identify switch models with required 802.1D operations.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6131: add registers access
Vivien Didelot [Mon, 9 May 2016 17:22:45 +0000 (13:22 -0400)]
net: dsa: mv88e6131: add registers access

Only 6131 was not supporting the port registers access yet. Assume such
support and use the unlock access routines in the meantime.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize EEE access
Vivien Didelot [Mon, 9 May 2016 17:22:44 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize EEE access

Add a MV88E6XXX_FLAG_EEE flag to describe switch models featuring Energy
Efficient Ethernet. Use it to conditionally support such access in the
common code.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize MAC address setting
Vivien Didelot [Mon, 9 May 2016 17:22:43 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize MAC address setting

Some switch models have a dedicated register for Switch MAC/WoF/WoL.
This register, when present, is used to indirectly set the switch MAC
address, instead of a direct write to 3 global registers.

Identify this feature and share a common mv88e6xxx_set_addr function.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize temperature access
Vivien Didelot [Mon, 9 May 2016 17:22:42 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize temperature access

Add MV88E6XXX_FLAG_TEMP and MV88E6XXX_FLAG_TEMP_LIMIT flags to describe
switch models featuring a temperature access. Use them to centralize the
access to the temperature feature.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize EEPROM access
Vivien Didelot [Mon, 9 May 2016 17:22:41 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize EEPROM access

Add a MV88E6XXX_FLAG_EEPROM flag to describe switch models featuring an
EEPROM and distribute the EEPROM access routines to all models.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize PHY indirect access
Vivien Didelot [Mon, 9 May 2016 17:22:40 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize PHY indirect access

Some switch has dedicated SMI PHY Command and Data registers, used to
indirectly access the PHYs, instead of direct access.

Identify these switch models and make mv88e6xxx_phy_{read,write} generic
enough to support every models.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: factorize PHY access with PPU
Vivien Didelot [Mon, 9 May 2016 17:22:39 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: factorize PHY access with PPU

Add a MV88E6XXX_FLAG_PPU flag to describe switch models with a PHY
Polling Unit. This allows to merge PPU specific PHY access code in the
share code.

Make the mv88e6xxx_ppu_disable and mv88e6xxx_phy_{read,write}_ppu
functions use unlocked register accesses in order to call them in
mv88e6xxx_phy_{read,write} in a locked context.

Since the PPU code is shared, also remove NET_DSA_MV88E6XXX_NEED_PPU.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: dsa: mv88e6xxx: add flags to info
Vivien Didelot [Mon, 9 May 2016 17:22:38 +0000 (13:22 -0400)]
net: dsa: mv88e6xxx: add flags to info

Add a flags bitmap to the info structure in order to identify features
supported or not by the different switch models.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonetfilter: conntrack: use single slab cache
Florian Westphal [Mon, 9 May 2016 14:24:32 +0000 (16:24 +0200)]
netfilter: conntrack: use single slab cache

An earlier patch changed lookup side to also net_eq() namespaces after
obtaining a reference on the conntrack, so a single kmemcache can be used.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: conntrack: use a single nat bysource table for all namespaces
Florian Westphal [Mon, 9 May 2016 14:24:31 +0000 (16:24 +0200)]
netfilter: conntrack: use a single nat bysource table for all namespaces

We already include netns address in the hash, so we only need to use
net_eq in find_appropriate_src and can then put all entries into
same table.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: conntrack: make netns address part of nat bysrc hash
Florian Westphal [Mon, 9 May 2016 14:24:30 +0000 (16:24 +0200)]
netfilter: conntrack: make netns address part of nat bysrc hash

Will be needed soon when we place all in the same hash table.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agoMerge branch 'mlx5-build-fix'
David S. Miller [Mon, 9 May 2016 04:21:13 +0000 (00:21 -0400)]
Merge branch 'mlx5-build-fix'

Saeed Mahameed says:

====================
net/mlx5e: Kconfig fixes for VxLAN

Reposting to net the build errors fixes posted by Arnd last week.

Originally Arnd posted those fixes to net-next, while the issue
is also seen in net.  For net-next a different approach is required
for fixing the issue as VXLAN and Device Drivers are no longer
dependent, but there is no harm for those fixes to get into net-next.

Optionally, once net is merged into net-next we can
Revert "net/mlx5e: make VXLAN support conditional" as the
CONFIG_MLX5_CORE_EN_VXLAN will no longer be required.

Applied on top: 288928658583 ('mlxsw: spectrum: Add missing rollback in flood configuration')
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet/mlx5e: make VXLAN support conditional
Arnd Bergmann [Sun, 8 May 2016 11:55:25 +0000 (14:55 +0300)]
net/mlx5e: make VXLAN support conditional

VXLAN can be disabled at compile-time or it can be a loadable
module while mlx5 is built-in, which leads to a link error:

drivers/net/built-in.o: In function `mlx5e_create_netdev':
ntb_netdev.c:(.text+0x106de4): undefined reference to `vxlan_get_rx_port'

This avoids the link error and makes the vxlan code optional,
like the other ethernet drivers do as well.

Link: https://patchwork.ozlabs.org/patch/589296/
Fixes: b3f63c3d5e2c ("net/mlx5e: Add netdev support for VXLAN tunneling")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoRevert "net/mlx5: Kconfig: Fix MLX5_EN/VXLAN build issue"
Arnd Bergmann [Sun, 8 May 2016 11:55:24 +0000 (14:55 +0300)]
Revert "net/mlx5: Kconfig: Fix MLX5_EN/VXLAN build issue"

This reverts commit 69976fb1045850a742deb9790ea49cbc6f497531.

We cannot select VXLAN when IPv4 support is disabled, that just gives
us additional build errors, including:

warning: (MLX5_CORE_EN) selects VXLAN which has unmet direct dependencies (NETDEVICES && NET_CORE && INET)
In file included from ../drivers/net/vxlan.c:36:0:
include/net/udp_tunnel.h: In function 'udp_tunnel_handle_offloads':
include/net/udp_tunnel.h:112:9: error: implicit declaration of function 'iptunnel_handle_offloads' [-Werror=implicit-function-declaration]
  return iptunnel_handle_offloads(skb, type);
         ^~~~~~~~~~~~~~~~~~~~~~~~

I'm sending a proper fix for the original bug in a separate patch.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'sh_eth-sw-reset'
David S. Miller [Mon, 9 May 2016 04:15:31 +0000 (00:15 -0400)]
Merge branch 'sh_eth-sw-reset'

Sergei Shtylyov says:

====================
sh_eth: couple of software reset bit cleanups

   Here's a set of 2 patches against DaveM's 'net-next.git' repo. We can save
on the repetitive chip reset code...

[1/2] sh_eth: call sh_eth_tsu_write() from sh_eth_chip_reset_giga()
[2/2] sh_eth: reuse sh_eth_chip_reset()
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agosh_eth: reuse sh_eth_chip_reset()
Sergei Shtylyov [Sat, 7 May 2016 21:09:01 +0000 (14:09 -0700)]
sh_eth: reuse sh_eth_chip_reset()

All the chip_reset() methods repeat the code writing to the ARSTR register
and delaying for 1 ms, so that we can reuse sh_eth_chip_reset() twice.

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agosh_eth: call sh_eth_tsu_write() from sh_eth_chip_reset_giga()
Sergei Shtylyov [Sat, 7 May 2016 21:08:05 +0000 (00:08 +0300)]
sh_eth: call sh_eth_tsu_write() from sh_eth_chip_reset_giga()

sh_eth_chip_reset_giga() doesn't really need to use direct iowrite32() when
writing  to the ARSTR register,  it can use sh_eth_tsu_write() as all other
chip_reset() methods.

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agopxa168_eth: mdiobus_scan() doesn't return NULL anymore
Sergei Shtylyov [Sat, 7 May 2016 19:53:40 +0000 (22:53 +0300)]
pxa168_eth: mdiobus_scan() doesn't return NULL anymore

Now that mdiobus_scan() doesn't return NULL on failure anymore, this driver
no  longer needs to check for it...

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
David S. Miller [Mon, 9 May 2016 04:10:00 +0000 (00:10 -0400)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth-next

Johan Hedberg says:

====================
pull request: bluetooth-next 2016-05-07

Here are a few more Bluetooth patches for the 4.7 kernel:

 - NULL pointer fix in hci_intel driver
 - New Intel Bluetooth controller id in btusb driver
 - Added device tree binding documentation for Marvel's bt-sd8xxx
 - Platform specific wakeup interrupt support for btmrvl driver

Please let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomacsec: key identifier is 128 bits, not 64
Sabrina Dubroca [Sat, 7 May 2016 18:19:29 +0000 (20:19 +0200)]
macsec: key identifier is 128 bits, not 64

The MACsec standard mentions a key identifier for each key, but
doesn't specify anything about it, so I arbitrarily chose 64 bits.

IEEE 802.1X-2010 specifies MKA (MACsec Key Agreement), and defines the
key identifier to be 128 bits (96 bits "member identifier" + 32 bits
"key number").

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agotcp: refactor struct tcp_skb_cb
Lawrence Brakmo [Sat, 7 May 2016 03:35:35 +0000 (20:35 -0700)]
tcp: refactor struct tcp_skb_cb

Refactor tcp_skb_cb to create two overlaping areas to store
state for incoming or outgoing skbs based on comments by
Neal Cardwell to tcp_nv patch:

   AFAICT this patch would not require an increase in the size of
   sk_buff cb[] if it were to take advantage of the fact that the
   tcp_skb_cb header.h4 and header.h6 fields are only used in the packet
   reception code path, and this in_flight field is only used on the
   transmit side.

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoifb: support more features
Eric Dumazet [Sat, 7 May 2016 01:19:59 +0000 (18:19 -0700)]
ifb: support more features

When using ifb+netem on ingress on SIT/IPIP/GRE traffic,
GRO packets are not properly processed.

Segmentation should not be forced, since ifb is already adding
quite a performance hit.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: make sch_handle_ingress() drop monitor ready
Eric Dumazet [Fri, 6 May 2016 22:55:50 +0000 (15:55 -0700)]
net: make sch_handle_ingress() drop monitor ready

TC_ACT_STOLEN is used when ingress traffic is mirred/redirected
to say ifb.

Packet is not dropped, but consumed.

Only TC_ACT_SHOT is a clear indication something went wrong.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoISDN: eicon: replace custom hex_asc_lo() / hex_pack_byte()
Andy Shevchenko [Fri, 6 May 2016 17:55:23 +0000 (20:55 +0300)]
ISDN: eicon: replace custom hex_asc_lo() / hex_pack_byte()

Instead of custom approach re-use generic helpers to convert byte to hex
format.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoDocumentation/networking: more accurate LCO explanation
Shmulik Ladkani [Fri, 6 May 2016 17:27:43 +0000 (20:27 +0300)]
Documentation/networking: more accurate LCO explanation

In few places the term "ones-complement sum" was used but the actual
meaning is "the complement of the ones-complement sum".

Also, avoid enclosing long statements with underscore, to ease
readability.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agofq_codel: add memory limitation per queue
Eric Dumazet [Fri, 6 May 2016 15:55:12 +0000 (08:55 -0700)]
fq_codel: add memory limitation per queue

On small embedded routers, one wants to control maximal amount of
memory used by fq_codel, instead of controlling number of packets or
bytes, since GRO/TSO make these not practical.

Assuming skb->truesize is accurate, we have to keep track of
skb->truesize sum for skbs in queue.

This patch adds a new TCA_FQ_CODEL_MEMORY_LIMIT attribute.

I chose a default value of 32 MBytes, which looks reasonable even
for heavy duty usages. (Prior fq_codel users should not be hurt
when they upgrade their kernels)

Two fields are added to tc_fq_codel_qd_stats to report :
 - Current memory usage
 - Number of drops caused by memory limits

# tc qd replace dev eth1 root est 1sec 4sec fq_codel memory_limit 4M
..
# tc -s -d qd sh dev eth1
qdisc fq_codel 8008: root refcnt 257 limit 10240p flows 1024
 quantum 1514 target 5.0ms interval 100.0ms memory_limit 4Mb ecn
 Sent 2083566791363 bytes 1376214889 pkt (dropped 4994406, overlimits 0
requeues 21705223)
 rate 9841Mbit 812549pps backlog 3906120b 376p requeues 21705223
  maxpacket 68130 drop_overlimit 4994406 new_flow_count 28855414
  ecn_mark 0 memory_used 4190048 drop_overmemory 4994406
  new_flows_len 1 old_flows_len 177

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Dave Täht <dave.taht@gmail.com>
Cc: Sebastian Möller <moeller0@gmx.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: Add Qualcomm IPC router
Courtney Cavin [Fri, 6 May 2016 14:09:08 +0000 (07:09 -0700)]
net: Add Qualcomm IPC router

Add an implementation of Qualcomm's IPC router protocol, used to
communicate with service providing remote processors.

Signed-off-by: Courtney Cavin <courtney.cavin@sonymobile.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
[bjorn: Cope with 0 being a valid node id and implement RTM_NEWADDR]
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agosoc: qcom: smd: Introduce compile stubs
Bjorn Andersson [Fri, 6 May 2016 14:09:07 +0000 (07:09 -0700)]
soc: qcom: smd: Introduce compile stubs

Introduce compile stubs for the SMD API, allowing consumers to be
compile tested.

Acked-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomacvtap: segmented packet is consumed
Eric Dumazet [Fri, 6 May 2016 12:58:21 +0000 (05:58 -0700)]
macvtap: segmented packet is consumed

If GSO packet is segmented and its segments are properly queued,
we call consume_skb() instead of kfree_skb() to be drop monitor
friendly.

Fixes: 3e4f8b7873709 ("macvtap: Perform GSO on forwarding path.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vlad Yasevich <vyasevic@redhat.com>
Reviewed-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agotools: bpf_jit_disasm: check for klogctl failure
Colin Ian King [Thu, 5 May 2016 22:39:33 +0000 (23:39 +0100)]
tools: bpf_jit_disasm: check for klogctl failure

klogctl can fail and return -ve len, so check for this and
return NULL to avoid passing a (size_t)-1 to malloc.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoqede: uninitialized variable in qede_start_xmit()
Dan Carpenter [Thu, 5 May 2016 13:21:30 +0000 (16:21 +0300)]
qede: uninitialized variable in qede_start_xmit()

"data_split" was never set to false.  It's just uninitialized.

Fixes: 2950219d87b0 ('qede: Add basic network device support')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoLinux 4.6-rc7
Linus Torvalds [Sun, 8 May 2016 21:38:32 +0000 (14:38 -0700)]
Linux 4.6-rc7

8 years agonetxen: netxen_rom_fast_read() doesn't return -1
Dan Carpenter [Thu, 5 May 2016 13:20:20 +0000 (16:20 +0300)]
netxen: netxen_rom_fast_read() doesn't return -1

The error handling is broken here.  netxen_rom_fast_read() returns zero
on success and -EIO on error.  It never returns -1.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonetxen: reversed condition in netxen_nic_set_link_parameters()
Dan Carpenter [Thu, 5 May 2016 13:19:44 +0000 (16:19 +0300)]
netxen: reversed condition in netxen_nic_set_link_parameters()

My static checker complains that we are using "autoneg" without
initializing it.  The problem is the ->phy_read() condition is reversed
so we only set this on error instead of success.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonetxen: fix error handling in netxen_get_flash_block()
Dan Carpenter [Thu, 5 May 2016 13:18:46 +0000 (16:18 +0300)]
netxen: fix error handling in netxen_get_flash_block()

My static checker complained that "v" can be used unintialized if
netxen_rom_fast_read() returns -EIO.  That function never actually
returns -1.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agocxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled
Hariprasad Shenai [Thu, 5 May 2016 05:35:39 +0000 (11:05 +0530)]
cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled

When cxgb4 is enabled with CONFIG_CHELSIO_T4_DCB set, VI enable command
gets called with DCB enabled. But when we have a back to back setup with
DCB enabled on one side and non-DCB on the Peer side. Firmware doesn't
send any DCB_L2_CFG, and DCB priority is never set for Tx queue.
But driver resets the queue priority and state machine whenever there
is a link down, this patch fixes it by adding a check to reset only if
cxgb4_dcb_enabled() returns true.

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge tag 'char-misc-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Sat, 7 May 2016 17:53:32 +0000 (10:53 -0700)]
Merge tag 'char-misc-4.6-rc7' of git://git./linux/kernel/git/gregkh/char-misc

Pull misc driver fixes from Gfreg KH:
 "Here are three small fixes for some driver problems that were
  reported.  Full details in the shortlog below.

  All of these have been in linux-next with no reported issues"

* tag 'char-misc-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  nvmem: mxs-ocotp: fix buffer overflow in read
  Drivers: hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read()
  misc: mic: Fix for double fetch security bug in VOP driver

8 years agoMerge tag 'staging-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Sat, 7 May 2016 17:50:48 +0000 (10:50 -0700)]
Merge tag 'staging-4.6-rc7' of git://git./linux/kernel/git/gregkh/staging

Pull IIO driver fixes from Grek KH:
 "It's really just IIO drivers here, some small fixes that resolve some
  'crash on boot' errors that have shown up in the -rc series, and other
  bugfixes that are required.

  All have been in linux-next with no reported problems"

* tag 'staging-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio: imu: mpu6050: Fix name/chip_id when using ACPI
  iio: imu: mpu6050: fix possible NULL dereferences
  iio:adc:at91-sama5d2: Repair crash on module removal
  iio: ak8975: fix maybe-uninitialized warning
  iio: ak8975: Fix NULL pointer exception on early interrupt

8 years agoMerge tag 'usb-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Sat, 7 May 2016 17:47:03 +0000 (10:47 -0700)]
Merge tag 'usb-4.6-rc7' of git://git./linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some last-remaining fixes for USB drivers to resolve issues
  that have shown up in testing.  And two new device ids as well.

  All of these have been in linux-next with no reported issues"

* tag 'usb-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  Revert "USB / PM: Allow USB devices to remain runtime-suspended when sleeping"
  usb: musb: jz4740: fix error check of usb_get_phy()
  Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half"
  usb: musb: gadget: nuke endpoint before setting its descriptor to NULL
  USB: serial: cp210x: add Straizona Focusers device ids
  USB: serial: cp210x: add ID for Link ECU

8 years agoMerge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm
Linus Torvalds [Sat, 7 May 2016 15:27:35 +0000 (08:27 -0700)]
Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm

Pull ARM fixes from Russell King:
 "These are a number of updates to fix a few problems found in the ARM
  nommu code over the last couple of years, caused mostly by changes on
  the mmu side"

* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
  ARM: 8573/1: domain: move {set,get}_domain under config guard
  ARM: 8572/1: nommu: change memory reserve for the vectors
  ARM: 8571/1: nommu: fix PMSAv7 setup

8 years agoMerge tag 'media/v4.6-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab...
Linus Torvalds [Sat, 7 May 2016 15:17:45 +0000 (08:17 -0700)]
Merge tag 'media/v4.6-5' of git://git./linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:

  - deadlock fixes on driver probe at exynos4-is and s43-camif drivers

  - a build breakage if media controller is enabled and USB or PCI is
   built as module.

* tag 'media/v4.6-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  [media] media-device: fix builds when USB or PCI is compiled as module
  [media] media: s3c-camif: fix deadlock on driver probe()
  [media] media: exynos4-is: fix deadlock on driver probe

8 years agoMerge branch 'for-4.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj...
Linus Torvalds [Sat, 7 May 2016 15:13:42 +0000 (08:13 -0700)]
Merge branch 'for-4.6-fixes' of git://git./linux/kernel/git/tj/libata

Pull libata fixes from Tejun Heo:
 "An ahci driver addition and updates to ahci port enable handling for
  some platform devices"

* 'for-4.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  ata: add AMD Seattle platform driver
  ARM: dts: apq8064: add ahci ports-implemented mask
  ata: ahci-platform: Add ports-implemented DT bindings.
  libahci: save port map for forced port map

8 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma
Linus Torvalds [Sat, 7 May 2016 15:10:08 +0000 (08:10 -0700)]
Merge tag 'for-linus' of git://git./linux/kernel/git/dledford/rdma

Pull rdma fix from Doug Ledford:
 "Fix for max sector calculation in iSER"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
  IB/iser: Fix max_sectors calculation

8 years agomlxsw: spectrum: Fix ordering in mlxsw_sp_fini
Jiri Pirko [Fri, 6 May 2016 20:20:59 +0000 (22:20 +0200)]
mlxsw: spectrum: Fix ordering in mlxsw_sp_fini

Fixes: 0f433fa0ec ("mlxsw: spectrum_buffers: Implement shared buffer configuration")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomlxsw: spectrum: Add missing rollback in flood configuration
Ido Schimmel [Fri, 6 May 2016 20:18:40 +0000 (22:18 +0200)]
mlxsw: spectrum: Add missing rollback in flood configuration

When we fail to set the flooding configuration for the broadcast and
unregistered multicast traffic, we should revert the flooding
configuration of the unknown unicast traffic.

Fixes: 0293038e0c36 ("mlxsw: spectrum: Add support for flood control")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomlxsw: spectrum: Fix rollback order in LAG join failure
Ido Schimmel [Fri, 6 May 2016 20:18:39 +0000 (22:18 +0200)]
mlxsw: spectrum: Fix rollback order in LAG join failure

Make the leave procedure in the error path symmetric to the join
procedure and first remove the port from the collector before
potentially destroying the LAG.

Fixes: 0d65fc13042f ("mlxsw: spectrum: Implement LAG port join/leave")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoudp_offload: Set encapsulation before inner completes.
Jarno Rajahalme [Tue, 3 May 2016 23:10:21 +0000 (16:10 -0700)]
udp_offload: Set encapsulation before inner completes.

UDP tunnel segmentation code relies on the inner offsets being set for
an UDP tunnel GSO packet, but the inner *_complete() functions will
set the inner offsets only if 'encapsulation' is set before calling
them.  Currently, udp_gro_complete() sets 'encapsulation' only after
the inner *_complete() functions are done.  This causes the inner
offsets having invalid values after udp_gro_complete() returns, which
in turn will make it impossible to properly segment the packet in case
it needs to be forwarded, which would be visible to the user either as
invalid packets being sent or as packet loss.

This patch fixes this by setting skb's 'encapsulation' in
udp_gro_complete() before calling into the inner complete functions,
and by making each possible UDP tunnel gro_complete() callback set the
inner_mac_header to the beginning of the tunnel payload.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Reviewed-by: Alexander Duyck <aduyck@mirantis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoudp_tunnel: Remove redundant udp_tunnel_gro_complete().
Jarno Rajahalme [Tue, 3 May 2016 23:10:20 +0000 (16:10 -0700)]
udp_tunnel: Remove redundant udp_tunnel_gro_complete().

The setting of the UDP tunnel GSO type is already performed by
udp[46]_gro_complete().

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomacvtap: add namespace support to the sysfs device class
Marc Angel [Thu, 5 May 2016 10:14:26 +0000 (12:14 +0200)]
macvtap: add namespace support to the sysfs device class

When creating macvtaps that are expected to have the same ifindex
in different network namespaces, only the first one will succeed.
The others will fail with a sysfs_warn_dup warning due to them trying
to create the following sysfs link (with 'NN' the ifindex of macvtapX):

/sys/class/macvtap/tapNN -> /sys/devices/virtual/net/macvtapX/tapNN

This is reproducible by running the following commands:

ip netns add ns1
ip netns add ns2
ip link add veth0 type veth peer name veth1
ip link set veth0 netns ns1
ip link set veth1 netns ns2
ip netns exec ns1 ip l add link veth0 macvtap0 type macvtap
ip netns exec ns2 ip l add link veth1 macvtap1 type macvtap

The last command will fail with "RTNETLINK answers: File exists" (along
with the kernel warning) but retrying it will work because the ifindex
was incremented.

The 'net' device class is isolated between network namespaces so each
one has its own hierarchy of net devices.
This isn't the case for the 'macvtap' device class.
The problem occurs half-way through the netdev registration, when
`macvtap_device_event` is called-back to create the 'tapNN' macvtap
class device under the 'macvtapX' net class device.

This patch adds namespace support to the 'macvtap' device class so
that /sys/class/macvtap is no longer shared between net namespaces.

However, making the macvtap sysfs class namespace-aware has the side
effect of changing /sys/devices/virtual/net/macvtapX/tapNN  into
/sys/devices/virtual/net/macvtapX/macvtap/tapNN.

This is due to Commit 24b1442 ("Driver-core: Always create class
directories for classses that support namespaces") and the fact that
class devices supporting namespaces are really not supposed to be placed
directly under other class devices.

To avoid breaking userland, a tapNN symlink pointing to macvtap/tapNN is
created inside the macvtapX directory.

Signed-off-by: Marc Angel <marc@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'for-linus' of git://git.kernel.dk/linux-block
Linus Torvalds [Fri, 6 May 2016 20:08:35 +0000 (13:08 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block

Pull writeback fix from Jens Axboe:
 "Just a single fix for domain aware writeback, fixing a regression that
  can cause balance_dirty_pages() to keep looping while not getting any
  work done"

* 'for-linus' of git://git.kernel.dk/linux-block:
  writeback: Fix performance regression in wb_over_bg_thresh()

8 years agoipv4: tcp: ip_send_unicast_reply() is not BH safe
Eric Dumazet [Fri, 6 May 2016 16:46:18 +0000 (09:46 -0700)]
ipv4: tcp: ip_send_unicast_reply() is not BH safe

I forgot that ip_send_unicast_reply() is not BH safe (yet).

Disabling preemption before calling it was not a good move.

Fixes: c10d9310edf5 ("tcp: do not assume TCP code is non preemptible")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andres Lagar-Cavilla <andreslc@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'bpf-direct-pkt-access'
David S. Miller [Fri, 6 May 2016 20:01:55 +0000 (16:01 -0400)]
Merge branch 'bpf-direct-pkt-access'

Alexei Starovoitov says:

====================
bpf: introduce direct packet access

This set of patches introduce 'direct packet access' from
cls_bpf and act_bpf programs (which are root only).

Current bpf programs use LD_ABS, LD_INS instructions which have
to do 'if (off < skb_headlen)' for every packet access.
It's ok for socket filters, but too slow for XDP, since single
LD_ABS insn consumes 3% of cpu. Therefore we have to amortize the cost
of length check over multiple packet accesses via direct access
to skb->data, data_end pointers.

The existing packet parser typically look like:
  if (load_half(skb, offsetof(struct ethhdr, h_proto)) != ETH_P_IP)
     return 0;
  if (load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol)) != IPPROTO_UDP ||
      load_byte(skb, ETH_HLEN) != 0x45)
     return 0;
  ...
with 'direct packet access' the bpf program becomes:
   void *data = (void *)(long)skb->data;
   void *data_end = (void *)(long)skb->data_end;
   struct eth_hdr *eth = data;
   struct iphdr *iph = data + sizeof(*eth);

   if (data + sizeof(*eth) + sizeof(*iph) + sizeof(*udp) > data_end)
      return 0;
   if (eth->h_proto != htons(ETH_P_IP))
      return 0;
   if (iph->protocol != IPPROTO_UDP || iph->ihl != 5)
      return 0;
   ...
which is more natural to write and significantly faster.
See patch 6 for performance tests:
21Mpps(old) vs 24Mpps(new) with just 5 loads.
For more complex parsers the performance gain is higher.

The other approach implemented in [1] was adding two new instructions
to interpreter and JITs and was too hard to use from llvm side.
The approach presented here doesn't need any instruction changes,
but the verifier has to work harder to check safety of the packet access.

Patch 1 prepares the code and Patch 2 adds new checks for direct
packet access and all of them are gated with 'env->allow_ptr_leaks'
which is true for root only.
Patch 3 improves search pruning for large programs.
Patch 4 wires in verifier's changes with net/core/filter side.
Patch 5 updates docs
Patches 6 and 7 add tests.

[1] https://git.kernel.org/cgit/linux/kernel/git/ast/bpf.git/?h=ld_abs_dw
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agosamples/bpf: add verifier tests
Alexei Starovoitov [Fri, 6 May 2016 02:49:15 +0000 (19:49 -0700)]
samples/bpf: add verifier tests

add few tests for "pointer to packet" logic of the verifier

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agosamples/bpf: add 'pointer to packet' tests
Alexei Starovoitov [Fri, 6 May 2016 02:49:14 +0000 (19:49 -0700)]
samples/bpf: add 'pointer to packet' tests

parse_simple.c - packet parser exapmle with single length check that
filters out udp packets for port 9

parse_varlen.c - variable length parser that understand multiple vlan headers,
ipip, ipip6 and ip options to filter out udp or tcp packets on port 9.
The packet is parsed layer by layer with multitple length checks.

parse_ldabs.c - classic style of packet parsing using LD_ABS instruction.
Same functionality as parse_simple.

simple = 24.1Mpps per core
varlen = 22.7Mpps
ldabs  = 21.4Mpps

Parser with LD_ABS instructions is slower than full direct access parser
which does more packet accesses and checks.

These examples demonstrate the choice bpf program authors can make between
flexibility of the parser vs speed.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobpf: add documentation for 'direct packet access'
Alexei Starovoitov [Fri, 6 May 2016 02:49:13 +0000 (19:49 -0700)]
bpf: add documentation for 'direct packet access'

explain how verifier checks safety of packet access
and update email addresses.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobpf: wire in data and data_end for cls_act_bpf
Alexei Starovoitov [Fri, 6 May 2016 02:49:12 +0000 (19:49 -0700)]
bpf: wire in data and data_end for cls_act_bpf

allow cls_bpf and act_bpf programs access skb->data and skb->data_end pointers.
The bpf helpers that change skb->data need to update data_end pointer as well.
The verifier checks that programs always reload data, data_end pointers
after calls to such bpf helpers.
We cannot add 'data_end' pointer to struct qdisc_skb_cb directly,
since it's embedded as-is by infiniband ipoib, so wrapper struct is needed.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>