1. 31 3月, 2014 3 次提交
    • D
      net: filter: move filter accounting to filter core · fbc907f0
      Daniel Borkmann 提交于
      This patch basically does two things, i) removes the extern keyword
      from the include/linux/filter.h file to be more consistent with the
      rest of Joe's changes, and ii) moves filter accounting into the filter
      core framework.
      
      Filter accounting mainly done through sk_filter_{un,}charge() take
      care of the case when sockets are being cloned through sk_clone_lock()
      so that removal of the filter on one socket won't result in eviction
      as it's still referenced by the other.
      
      These functions actually belong to net/core/filter.c and not
      include/net/sock.h as we want to keep all that in a central place.
      It's also not in fast-path so uninlining them is fine and even allows
      us to get rd of sk_filter_release_rcu()'s EXPORT_SYMBOL and a forward
      declaration.
      
      Joint work with Alexei Starovoitov.
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Cc: Pavel Emelyanov <xemul@parallels.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fbc907f0
    • D
      net: filter: keep original BPF program around · a3ea269b
      Daniel Borkmann 提交于
      In order to open up the possibility to internally transform a BPF program
      into an alternative and possibly non-trivial reversible representation, we
      need to keep the original BPF program around, so that it can be passed back
      to user space w/o the need of a complex decoder.
      
      The reason for that use case resides in commit a8fc9277 ("sk-filter:
      Add ability to get socket filter program (v2)"), that is, the ability
      to retrieve the currently attached BPF filter from a given socket used
      mainly by the checkpoint-restore project, for example.
      
      Therefore, we add two helpers sk_{store,release}_orig_filter for taking
      care of that. In the sk_unattached_filter_create() case, there's no such
      possibility/requirement to retrieve a loaded BPF program. Therefore, we
      can spare us the work in that case.
      
      This approach will simplify and slightly speed up both, sk_get_filter()
      and sock_diag_put_filterinfo() handlers as we won't need to successively
      decode filters anymore through sk_decode_filter(). As we still need
      sk_decode_filter() later on, we're keeping it around.
      
      Joint work with Alexei Starovoitov.
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Cc: Pavel Emelyanov <xemul@parallels.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a3ea269b
    • D
      net: filter: add jited flag to indicate jit compiled filters · f8bbbfc3
      Daniel Borkmann 提交于
      This patch adds a jited flag into sk_filter struct in order to indicate
      whether a filter is currently jited or not. The size of sk_filter is
      not being expanded as the 32 bit 'len' member allows upper bits to be
      reused since a filter can currently only grow as large as BPF_MAXINSNS.
      
      Therefore, there's enough room also for other in future needed flags to
      reuse 'len' field if necessary. The jited flag also allows for having
      alternative interpreter functions running as currently, we can only
      detect jit compiled filters by testing fp->bpf_func to not equal the
      address of sk_run_filter().
      
      Joint work with Alexei Starovoitov.
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f8bbbfc3
  2. 30 3月, 2014 22 次提交
  3. 29 3月, 2014 15 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 49d8137a
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) We've discovered a common error in several networking drivers, they
          put VLAN offload features into ->vlan_features, which would suggest
          that they support offloading 2 or more levels of VLAN encapsulation.
          Not only do these devices not do that, but we don't have the
          infrastructure yet to handle that at all.
      
          Fixes from Vlad Yasevich.
      
       2) Fix tcpdump crash with bridging and vlans, also from Vlad.
      
       3) Some MAINTAINERS updates for random32 and bonding.
      
       4) Fix late reseeds of prandom generator, from Sasha Levin.
      
       5) Bridge doesn't handle stacked vlans properly, fix from Toshiaki
          Makita.
      
       6) Fix deadlock in openvswitch, from Flavio Leitner.
      
       7) get_timewait4_sock() doesn't report delay times correctly, fix from
          Eric Dumazet.
      
       8) Duplicate address detection and addrconf verification need to run in
          contexts where RTNL can be obtained.  Move them to run from a
          workqueue.  From Hannes Frederic Sowa.
      
       9) Fix route refcount leaking in ip tunnels, from Pravin B Shelar.
      
      10) Don't return -EINTR from non-blocking recvmsg() on AF_UNIX sockets,
          from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (28 commits)
        vlan: Warn the user if lowerdev has bad vlan features.
        veth: Turn off vlan rx acceleration in vlan_features
        ifb: Remove vlan acceleration from vlan_features
        qlge: Do not propaged vlan tag offloads to vlans
        bridge: Fix crash with vlan filtering and tcpdump
        net: Account for all vlan headers in skb_mac_gso_segment
        MAINTAINERS: bonding: change email address
        MAINTAINERS: bonding: change email address
        ipv6: move DAD and addrconf_verify processing to workqueue
        tcp: fix get_timewait4_sock() delay computation on 64bit
        openvswitch: fix a possible deadlock and lockdep warning
        bridge: Fix handling stacked vlan tags
        bridge: Fix inabillity to retrieve vlan tags when tx offload is disabled
        vhost: validate vhost_get_vq_desc return value
        vhost: fix total length when packets are too short
        random32: avoid attempt to late reseed if in the middle of seeding
        random32: assign to network folks in MAINTAINERS
        net/mlx4_core: pass pci_device_id.driver_data to __mlx4_init_one during reset
        core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors
        vlan: Set hard_header_len according to available acceleration
        ...
      49d8137a
    • D
      Merge branch 'vlan_offloads' · 5f2feca2
      David S. Miller 提交于
      Vlad Yasevich says:
      
      ====================
      Audit all drivers for correct vlan_features.
      
      Some drivers set vlan acceleration features in vlan_features.  This causes
      issues with Q-in-Q/802.1ad configurations.
      
      Audit all the drivers for correct vlan_features.  Fix broken ones.
      Add a warning to vlan code to help catch future offenders.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5f2feca2
    • V
      vlan: Warn the user if lowerdev has bad vlan features. · 2adb956b
      Vlad Yasevich 提交于
      Some drivers incorrectly assign vlan acceleration features to
      vlan_features thus causing issues for Q-in-Q vlan configurations.
      Warn the user of such cases.
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2adb956b
    • V
      veth: Turn off vlan rx acceleration in vlan_features · 3f8c707b
      Vlad Yasevich 提交于
      For completeness, turn off vlan rx acceleration in vlan_features so
      that it doesn't show up on q-in-q setups.
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3f8c707b
    • V
      ifb: Remove vlan acceleration from vlan_features · 8dd6e147
      Vlad Yasevich 提交于
      Do not include vlan acceleration features in vlan_features as that
      precludes correct Q-in-Q operation.
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8dd6e147
    • V
      qlge: Do not propaged vlan tag offloads to vlans · f6d1ac4b
      Vlad Yasevich 提交于
      qlge driver turns off NETIF_F_HW_CTAG_FILTER, but forgets to
      turn off HW_CTAG_TX and HW_CTAG_RX on vlan devices.  With the
      current settings, q-in-q will only generate a single vlan header.
      Remember to mask off CTAG_TX and CTAG_RX features in vlan_features.
      
      CC: Shahed Shaikh <shahed.shaikh@qlogic.com>
      CC: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      CC: Ron Mercer <ron.mercer@qlogic.com>
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Acked-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f6d1ac4b
    • V
      bridge: Fix crash with vlan filtering and tcpdump · fc92f745
      Vlad Yasevich 提交于
      When the vlan filtering is enabled on the bridge, but
      the filter is not configured on the bridge device itself,
      running tcpdump on the bridge device will result in a
      an Oops with NULL pointer dereference.  The reason
      is that br_pass_frame_up() will bypass the vlan
      check because promisc flag is set.  It will then try
      to get the table pointer and process the packet based
      on the table.  Since the table pointer is NULL, we oops.
      Catch this special condition in br_handle_vlan().
      Reported-by: NToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      CC: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Acked-by: NToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fc92f745
    • V
      net: Account for all vlan headers in skb_mac_gso_segment · 53d6471c
      Vlad Yasevich 提交于
      skb_network_protocol() already accounts for multiple vlan
      headers that may be present in the skb.  However, skb_mac_gso_segment()
      doesn't know anything about it and assumes that skb->mac_len
      is set correctly to skip all mac headers.  That may not
      always be the case.  If we are simply forwarding the packet (via
      bridge or macvtap), all vlan headers may not be accounted for.
      
      A simple solution is to allow skb_network_protocol to return
      the vlan depth it has calculated.  This way skb_mac_gso_segment
      will correctly skip all mac headers.
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      53d6471c
    • V
      898602a0
    • J
      MAINTAINERS: bonding: change email address · 79b30750
      Jay Vosburgh 提交于
      Update my email address.
      Signed-off-by: NJay Vosburgh <fubar@us.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      79b30750
    • L
      Merge branch 'akpm' (patches from Andrew Morton) · bc53267e
      Linus Torvalds 提交于
      Merge two fixes from Andrew Morton:
       "The x86 fix should come from x86 guys but they appear to be
        conferencing or otherwise distracted.
      
        The ocfs2 fix is a bit of a mess - the code runs into an immediate
        NULL deref and we're trying to work out how this got through test and
        review, but we haven't heard from Goldwyn in the past few days.
        Sasha's patch fixes the oops, but the feature as a whole is probably
        broken.  So this is a stopgap for 3.14 - I'll aim to get the real
        fixes into 3.14.x"
      
      * emailed patches from Andrew Morton akpm@linux-foundation.org>:
        x86: fix boot on uniprocessor systems
        ocfs2: check if cluster name exists before deref
      bc53267e
    • A
      x86: fix boot on uniprocessor systems · 825600c0
      Artem Fetishev 提交于
      On x86 uniprocessor systems topology_physical_package_id() returns -1
      which causes rapl_cpu_prepare() to leave rapl_pmu variable uninitialized
      which leads to GPF in rapl_pmu_init().
      
      See arch/x86/kernel/cpu/perf_event_intel_rapl.c.
      
      It turns out that physical_package_id and core_id can actually be
      retreived for uniprocessor systems too.  Enabling them also fixes
      rapl_pmu code.
      Signed-off-by: NArtem Fetishev <artem_fetishev@epam.com>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      825600c0
    • S
      ocfs2: check if cluster name exists before deref · d9060742
      Sasha Levin 提交于
      Commit c74a3bdd ("ocfs2: add clustername to cluster connection") is
      trying to strlcpy a string which was explicitly passed as NULL in the
      very same patch, triggering a NULL ptr deref.
      
        BUG: unable to handle kernel NULL pointer dereference at           (null)
        IP: strlcpy (lib/string.c:388 lib/string.c:151)
        CPU: 19 PID: 19426 Comm: trinity-c19 Tainted: G        W     3.14.0-rc7-next-20140325-sasha-00014-g9476368-dirty #274
        RIP:  strlcpy (lib/string.c:388 lib/string.c:151)
        Call Trace:
         ocfs2_cluster_connect (fs/ocfs2/stackglue.c:350)
         ocfs2_cluster_connect_agnostic (fs/ocfs2/stackglue.c:396)
         user_dlm_register (fs/ocfs2/dlmfs/userdlm.c:679)
         dlmfs_mkdir (fs/ocfs2/dlmfs/dlmfs.c:503)
         vfs_mkdir (fs/namei.c:3467)
         SyS_mkdirat (fs/namei.c:3488 fs/namei.c:3472)
         tracesys (arch/x86/kernel/entry_64.S:749)
      
      akpm: this patch probably disables the feature.  A temporary thing to
      avoid triviel oopses.
      Signed-off-by: NSasha Levin <sasha.levin@oracle.com>
      Cc: Goldwyn Rodrigues <rgoldwyn@suse.com>
      Cc: Mark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d9060742
    • H
      ipv6: move DAD and addrconf_verify processing to workqueue · c15b1cca
      Hannes Frederic Sowa 提交于
      addrconf_join_solict and addrconf_join_anycast may cause actions which
      need rtnl locked, especially on first address creation.
      
      A new DAD state is introduced which defers processing of the initial
      DAD processing into a workqueue.
      
      To get rtnl lock we need to push the code paths which depend on those
      calls up to workqueues, specifically addrconf_verify and the DAD
      processing.
      
      (v2)
      addrconf_dad_failure needs to be queued up to the workqueue, too. This
      patch introduces a new DAD state and stop the DAD processing in the
      workqueue (this is because of the possible ipv6_del_addr processing
      which removes the solicited multicast address from the device).
      
      addrconf_verify_lock is removed, too. After the transition it is not
      needed any more.
      
      As we are not processing in bottom half anymore we need to be a bit more
      careful about disabling bottom half out when we lock spin_locks which are also
      used in bh.
      
      Relevant backtrace:
      [  541.030090] RTNL: assertion failed at net/core/dev.c (4496)
      [  541.031143] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G           O 3.10.33-1-amd64-vyatta #1
      [  541.031145] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
      [  541.031146]  ffffffff8148a9f0 000000000000002f ffffffff813c98c1 ffff88007c4451f8
      [  541.031148]  0000000000000000 0000000000000000 ffffffff813d3540 ffff88007fc03d18
      [  541.031150]  0000880000000006 ffff88007c445000 ffffffffa0194160 0000000000000000
      [  541.031152] Call Trace:
      [  541.031153]  <IRQ>  [<ffffffff8148a9f0>] ? dump_stack+0xd/0x17
      [  541.031180]  [<ffffffff813c98c1>] ? __dev_set_promiscuity+0x101/0x180
      [  541.031183]  [<ffffffff813d3540>] ? __hw_addr_create_ex+0x60/0xc0
      [  541.031185]  [<ffffffff813cfe1a>] ? __dev_set_rx_mode+0xaa/0xc0
      [  541.031189]  [<ffffffff813d3a81>] ? __dev_mc_add+0x61/0x90
      [  541.031198]  [<ffffffffa01dcf9c>] ? igmp6_group_added+0xfc/0x1a0 [ipv6]
      [  541.031208]  [<ffffffff8111237b>] ? kmem_cache_alloc+0xcb/0xd0
      [  541.031212]  [<ffffffffa01ddcd7>] ? ipv6_dev_mc_inc+0x267/0x300 [ipv6]
      [  541.031216]  [<ffffffffa01c2fae>] ? addrconf_join_solict+0x2e/0x40 [ipv6]
      [  541.031219]  [<ffffffffa01ba2e9>] ? ipv6_dev_ac_inc+0x159/0x1f0 [ipv6]
      [  541.031223]  [<ffffffffa01c0772>] ? addrconf_join_anycast+0x92/0xa0 [ipv6]
      [  541.031226]  [<ffffffffa01c311e>] ? __ipv6_ifa_notify+0x11e/0x1e0 [ipv6]
      [  541.031229]  [<ffffffffa01c3213>] ? ipv6_ifa_notify+0x33/0x50 [ipv6]
      [  541.031233]  [<ffffffffa01c36c8>] ? addrconf_dad_completed+0x28/0x100 [ipv6]
      [  541.031241]  [<ffffffff81075c1d>] ? task_cputime+0x2d/0x50
      [  541.031244]  [<ffffffffa01c38d6>] ? addrconf_dad_timer+0x136/0x150 [ipv6]
      [  541.031247]  [<ffffffffa01c37a0>] ? addrconf_dad_completed+0x100/0x100 [ipv6]
      [  541.031255]  [<ffffffff8105313a>] ? call_timer_fn.isra.22+0x2a/0x90
      [  541.031258]  [<ffffffffa01c37a0>] ? addrconf_dad_completed+0x100/0x100 [ipv6]
      
      Hunks and backtrace stolen from a patch by Stephen Hemminger.
      Reported-by: NStephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NStephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c15b1cca
    • E
      net: net: add a core netdev->tx_dropped counter · 015f0688
      Eric Dumazet 提交于
      Dropping packets in __dev_queue_xmit() when transmit queue
      is stopped (NIC TX ring buffer full or BQL limit reached) currently
      outputs a syslog message.
      
      It would be better to get a precise count of such events available in
      netdevice stats so that monitoring tools can have a clue.
      
      This extends the work done in caf586e5
      ("net: add a core netdev->rx_dropped counter")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      015f0688