1. 08 2月, 2019 13 次提交
  2. 04 2月, 2019 12 次提交
  3. 02 2月, 2019 13 次提交
    • J
      ethtool: add compat for devlink info · ddb6e99e
      Jakub Kicinski 提交于
      If driver did not fill the fw_version field, try to call into
      the new devlink get_info op and collect the versions that way.
      We assume ethtool was always reporting running versions.
      
      v4:
       - use IS_REACHABLE() to avoid problems with DEVLINK=m (kbuildbot).
      v3 (Jiri):
       - do a dump and then parse it instead of special handling;
       - concatenate all versions (well, all that fit :)).
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ddb6e99e
    • J
      devlink: add version reporting to devlink info API · fc6fae7d
      Jakub Kicinski 提交于
      ethtool -i has a few fixed-size fields which can be used to report
      firmware version and expansion ROM version. Unfortunately, modern
      hardware has more firmware components. There is usually some
      datapath microcode, management controller, PXE drivers, and a
      CPLD load. Running ethtool -i on modern controllers reveals the
      fact that vendors cram multiple values into firmware version field.
      
      Here are some examples from systems I could lay my hands on quickly:
      
      tg3:  "FFV20.2.17 bc 5720-v1.39"
      i40e: "6.01 0x800034a4 1.1747.0"
      nfp:  "0.0.3.5 0.25 sriov-2.1.16 nic"
      
      Add a new devlink API to allow retrieving multiple versions, and
      provide user-readable name for those versions.
      
      While at it break down the versions into three categories:
       - fixed - this is the board/fixed component version, usually vendors
                 report information like the board version in the PCI VPD,
                 but it will benefit from naming and common API as well;
       - running - this is the running firmware version;
       - stored - this is firmware in the flash, after firmware update
                  this value will reflect the flashed version, while the
                  running version may only be updated after reboot.
      
      v3:
       - add per-type helpers instead of using the special argument (Jiri).
      RFCv2:
       - remove the nesting in attr DEVLINK_ATTR_INFO_VERSIONS (now
         versions are mixed with other info attrs)l
       - have the driver report versions from the same callback as
         other info.
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fc6fae7d
    • J
      devlink: add device information API · f9cf2288
      Jakub Kicinski 提交于
      ethtool -i has served us well for a long time, but its showing
      its limitations more and more. The device information should
      also be reported per device not per-netdev.
      
      Lay foundation for a simple devlink-based way of reading device
      info. Add driver name and device serial number as initial pieces
      of information exposed via this new API.
      
      v3:
       - rename helpers (Jiri);
       - rename driver name attr (Jiri);
       - remove double spacing in commit message (Jiri).
      RFC v2:
       - wrap the skb into an opaque structure (Jiri);
       - allow the serial number of be any length (Jiri & Andrew);
       - add driver name (Jonathan).
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9cf2288
    • M
      ipconfig: add carrier_timeout kernel parameter · 3fc46fc9
      Martin Kepplinger 提交于
      commit 3fb72f1e ("ipconfig wait for carrier") added a
      "wait for carrier" policy, with a fixed worst case maximum wait
      of two minutes.
      
      Now make the wait for carrier timeout configurable on the kernel
      commandline and use the 120s as the default.
      
      The timeout messages introduced with
      commit 5e404cd6 ("ipconfig: add informative timeout messages while
      waiting for carrier") are done in a fixed interval of 20 seconds, just
      like they were before (240/12).
      Signed-off-by: NMartin Kepplinger <martin.kepplinger@ginzinger.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3fc46fc9
    • G
      ipv4: fib: use struct_size() in kzalloc() · 1f533ba6
      Gustavo A. R. Silva 提交于
      One of the more common cases of allocation size calculations is finding
      the size of a structure that has a zero-sized array at the end, along
      with memory for some number of elements for that array. For example:
      
      struct foo {
          int stuff;
          struct boo entry[];
      };
      
      instance = kzalloc(sizeof(struct foo) + count * sizeof(struct boo), GFP_KERNEL);
      
      Instead of leaving these open-coded and prone to type mistakes, we can
      now use the new struct_size() helper:
      
      instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
      
      This code was detected with the help of Coccinelle.
      Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1f533ba6
    • D
      net: tls: Set async_capable for tls zerocopy only if we see EINPROGRESS · 5b053e12
      Dave Watson 提交于
      Currently we don't zerocopy if the crypto framework async bit is set.
      However some crypto algorithms (such as x86 AESNI) support async,
      but in the context of sendmsg, will never run asynchronously.  Instead,
      check for actual EINPROGRESS return code before assuming algorithm is
      async.
      Signed-off-by: NDave Watson <davejwatson@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5b053e12
    • D
      net: tls: Add tls 1.3 support · 130b392c
      Dave Watson 提交于
      TLS 1.3 has minor changes from TLS 1.2 at the record layer.
      
      * Header now hardcodes the same version and application content type in
        the header.
      * The real content type is appended after the data, before encryption (or
        after decryption).
      * The IV is xored with the sequence number, instead of concatinating four
        bytes of IV with the explicit IV.
      * Zero-padding:  No exlicit length is given, we search backwards from the
        end of the decrypted data for the first non-zero byte, which is the
        content type.  Currently recv supports reading zero-padding, but there
        is no way for send to add zero padding.
      Signed-off-by: NDave Watson <davejwatson@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      130b392c
    • D
      net: tls: Refactor control message handling on recv · fedf201e
      Dave Watson 提交于
      For TLS 1.3, the control message is encrypted.  Handle control
      message checks after decryption.
      Signed-off-by: NDave Watson <davejwatson@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fedf201e
    • D
      net: tls: Refactor tls aad space size calculation · a2ef9b6a
      Dave Watson 提交于
      TLS 1.3 has a different AAD size, use a variable in the code to
      make TLS 1.3 support easy.
      Signed-off-by: NDave Watson <davejwatson@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a2ef9b6a
    • D
      net: tls: Support 256 bit keys · fb99bce7
      Dave Watson 提交于
      Wire up support for 256 bit keys from the setsockopt to the crypto
      framework
      Signed-off-by: NDave Watson <davejwatson@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fb99bce7
    • M
      xdp: Provide extack messages when prog attachment failed · 01dde20c
      Maciej Fijalkowski 提交于
      In order to provide more meaningful messages to user when the process of
      loading xdp program onto network interface failed, let's add extack
      messages within dev_change_xdp_fd.
      Suggested-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: NMaciej Fijalkowski <maciej.fijalkowski@intel.com>
      Acked-by: NJesper Dangaard Brouer <brouer@redhat.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      01dde20c
    • A
      bpf: introduce bpf_spin_lock · d83525ca
      Alexei Starovoitov 提交于
      Introduce 'struct bpf_spin_lock' and bpf_spin_lock/unlock() helpers to let
      bpf program serialize access to other variables.
      
      Example:
      struct hash_elem {
          int cnt;
          struct bpf_spin_lock lock;
      };
      struct hash_elem * val = bpf_map_lookup_elem(&hash_map, &key);
      if (val) {
          bpf_spin_lock(&val->lock);
          val->cnt++;
          bpf_spin_unlock(&val->lock);
      }
      
      Restrictions and safety checks:
      - bpf_spin_lock is only allowed inside HASH and ARRAY maps.
      - BTF description of the map is mandatory for safety analysis.
      - bpf program can take one bpf_spin_lock at a time, since two or more can
        cause dead locks.
      - only one 'struct bpf_spin_lock' is allowed per map element.
        It drastically simplifies implementation yet allows bpf program to use
        any number of bpf_spin_locks.
      - when bpf_spin_lock is taken the calls (either bpf2bpf or helpers) are not allowed.
      - bpf program must bpf_spin_unlock() before return.
      - bpf program can access 'struct bpf_spin_lock' only via
        bpf_spin_lock()/bpf_spin_unlock() helpers.
      - load/store into 'struct bpf_spin_lock lock;' field is not allowed.
      - to use bpf_spin_lock() helper the BTF description of map value must be
        a struct and have 'struct bpf_spin_lock anyname;' field at the top level.
        Nested lock inside another struct is not allowed.
      - syscall map_lookup doesn't copy bpf_spin_lock field to user space.
      - syscall map_update and program map_update do not update bpf_spin_lock field.
      - bpf_spin_lock cannot be on the stack or inside networking packet.
        bpf_spin_lock can only be inside HASH or ARRAY map value.
      - bpf_spin_lock is available to root only and to all program types.
      - bpf_spin_lock is not allowed in inner maps of map-in-map.
      - ld_abs is not allowed inside spin_lock-ed region.
      - tracing progs and socket filter progs cannot use bpf_spin_lock due to
        insufficient preemption checks
      
      Implementation details:
      - cgroup-bpf class of programs can nest with xdp/tc programs.
        Hence bpf_spin_lock is equivalent to spin_lock_irqsave.
        Other solutions to avoid nested bpf_spin_lock are possible.
        Like making sure that all networking progs run with softirq disabled.
        spin_lock_irqsave is the simplest and doesn't add overhead to the
        programs that don't use it.
      - arch_spinlock_t is used when its implemented as queued_spin_lock
      - archs can force their own arch_spinlock_t
      - on architectures where queued_spin_lock is not available and
        sizeof(arch_spinlock_t) != sizeof(__u32) trivial lock is used.
      - presence of bpf_spin_lock inside map value could have been indicated via
        extra flag during map_create, but specifying it via BTF is cleaner.
        It provides introspection for map key/value and reduces user mistakes.
      
      Next steps:
      - allow bpf_spin_lock in other map types (like cgroup local storage)
      - introduce BPF_F_LOCK flag for bpf_map_update() syscall and helper
        to request kernel to grab bpf_spin_lock before rewriting the value.
        That will serialize access to map elements.
      Acked-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      d83525ca
    • D
      ethtool: remove unnecessary check in ethtool_get_regs() · ef76c77a
      Dan Carpenter 提交于
      We recently changed this function in commit f9fc54d3 ("ethtool:
      check the return value of get_regs_len") such that if "reglen" is zero
      we return directly.  That means we can remove this condition as well.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ef76c77a
  4. 01 2月, 2019 2 次提交
    • J
      mac80211: fix missing/malformed documentation · 7d419463
      Johannes Berg 提交于
      Fix the missing and malformed documentation that kernel-doc and
      sphinx warn about. While at it, also add some things to the docs
      to fix missing links.
      
      Sadly, the only way I could find to fix this was to add some
      trailing whitespace.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      7d419463
    • J
      netlink: reduce NLA_POLICY_NESTED{,_ARRAY} arguments · 23323289
      Johannes Berg 提交于
      In typical cases, there's no need to pass both the maxattr
      and the policy array pointer, as the maxattr should just be
      ARRAY_SIZE(policy) - 1. Therefore, to be less error prone,
      just remove the maxattr argument from the default macros
      and deduce the size accordingly.
      
      Leave the original macros with a leading underscore to use
      here and in case somebody needs to pass a policy pointer
      where the policy isn't declared in the same place and thus
      ARRAY_SIZE() cannot be used.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      23323289