1. 10 11月, 2017 11 次提交
  2. 08 11月, 2017 15 次提交
  3. 06 11月, 2017 1 次提交
  4. 05 11月, 2017 13 次提交
    • D
      Merge branch 'eBPF-based-device-cgroup-controller' · 2798b80b
      David S. Miller 提交于
      Roman Gushchin says:
      
      ====================
      eBPF-based device cgroup controller
      
      This patchset introduces an eBPF-based device controller for cgroup v2.
      
      Patches (1) and (2) are a preparational work required to share some code
        with the existing device controller implementation.
      Patch (3) is the main patch, which introduces a new bpf prog type
        and all necessary infrastructure.
      Patch (4) moves cgroup_helpers.c/h to use them by patch (4).
      Patch (5) implements an example of eBPF program which controls access
        to device files and corresponding userspace test.
      
      v3:
        Renamed constants introduced by patch (3) to BPF_DEVCG_*
      
      v2:
        Added patch (1).
      
      v1:
        https://lkml.org/lkml/2017/11/1/363
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2798b80b
    • R
      selftests/bpf: add a test for device cgroup controller · 37f1ba09
      Roman Gushchin 提交于
      Add a test for device cgroup controller.
      
      The test loads a simple bpf program which logs all
      device access attempts using trace_printk() and forbids
      all operations except operations with /dev/zero and
      /dev/urandom.
      
      Then the test creates and joins a test cgroup, and attaches
      the bpf program to it.
      
      Then it tries to perform some simple device operations
      and checks the result:
      
        create /dev/null (should fail)
        create /dev/zero (should pass)
        copy data from /dev/urandom to /dev/zero (should pass)
        copy data from /dev/urandom to /dev/full (should fail)
        copy data from /dev/random to /dev/zero (should fail)
      Signed-off-by: NRoman Gushchin <guro@fb.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NTejun Heo <tj@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      37f1ba09
    • R
      bpf: move cgroup_helpers from samples/bpf/ to tools/testing/selftesting/bpf/ · 9d1f1594
      Roman Gushchin 提交于
      The purpose of this move is to use these files in bpf tests.
      Signed-off-by: NRoman Gushchin <guro@fb.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NTejun Heo <tj@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9d1f1594
    • R
      bpf, cgroup: implement eBPF-based device controller for cgroup v2 · ebc614f6
      Roman Gushchin 提交于
      Cgroup v2 lacks the device controller, provided by cgroup v1.
      This patch adds a new eBPF program type, which in combination
      of previously added ability to attach multiple eBPF programs
      to a cgroup, will provide a similar functionality, but with some
      additional flexibility.
      
      This patch introduces a BPF_PROG_TYPE_CGROUP_DEVICE program type.
      A program takes major and minor device numbers, device type
      (block/character) and access type (mknod/read/write) as parameters
      and returns an integer which defines if the operation should be
      allowed or terminated with -EPERM.
      Signed-off-by: NRoman Gushchin <guro@fb.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NTejun Heo <tj@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ebc614f6
    • R
      device_cgroup: prepare code for bpf-based device controller · ecf8fecb
      Roman Gushchin 提交于
      This is non-functional change to prepare the device cgroup code
      for adding eBPF-based controller for cgroups v2.
      
      The patch performs the following changes:
      1) __devcgroup_inode_permission() and devcgroup_inode_mknod()
         are moving to the device-cgroup.h and converting into static inline.
      2) __devcgroup_check_permission() is exported.
      3) devcgroup_check_permission() wrapper is introduced to be used
         by both existing and new bpf-based implementations.
      Signed-off-by: NRoman Gushchin <guro@fb.com>
      Acked-by: NTejun Heo <tj@kernel.org>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ecf8fecb
    • R
      device_cgroup: add DEVCG_ prefix to ACC_* and DEV_* constants · 67e306fd
      Roman Gushchin 提交于
      Rename device type and access type constants defined in
      security/device_cgroup.c by adding the DEVCG_ prefix.
      
      The reason behind this renaming is to make them global namespace
      friendly, as they will be moved to the corresponding header file
      by following patches.
      Signed-off-by: NRoman Gushchin <guro@fb.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      67e306fd
    • D
      Merge tag 'mlx5-updates-2017-11-04' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 488e5b30
      David S. Miller 提交于
      Saeed Mahameed says:
      
      ====================
      mlx5-updates-2017-11-04
      
      This series includes:
      
      From Huy: dscp to priority mapping for Ethernet packet.
      
      ===================================================
      First six patches enable differentiated services code point (dscp) to
      priority mapping for Ethernet packet. Once this feature is
      enabled, the packet is routed to the corresponding priority based on its
      dscp. User can combine this feature with priority flow control (pfc)
      feature to have priority flow control based on the dscp.
      
      Firmware interface:
      Mellanox firmware provides two control knobs for this feature:
        QPTS register allow changing the trust state between dscp and
        pcp mode. The default is pcp mode. Once in dscp mode, firmware will
        route the packet based on its dscp value if the dscp field exists.
      
        QPDPM register allow mapping a specific dscp (0 to 63) to a
        specific priority (0 to 7). By default, all the dscps are mapped to
        priority zero.
      
      Software interface:
      This feature is controlled via application priority TLV. IEEE
      specification P802.1Qcd/D2.1 defines priority selector id 5 for
      application priority TLV. This APP TLV selector defines DSCP to priority
      map. This APP TLV can be sent by the switch or can be set locally using
      software such as lldptool. In mlx5 drivers, we add the support for net
      dcb's getapp and setapp call back. Mlx5 driver only handles the selector
      id 5 application entry (dscp application priority application entry).
      If user sends multiple dscp to priority APP TLV entries on the same
      dscp, the last sent one will take effect. All the previous sent will be
      deleted.
      
      The firmware trust state (in QPTS register) is changed based on the
      number of dscp to priority application entries. When the first dscp to
      priority application entry is added by the user, the trust state is
      changed to dscp. When the last dscp to priority application entry is
      deleted by the user, the trust state is changed to pcp.
      
      When the port is in DSCP trust state, the transmit queue is selected
      based on the dscp of the skb.
      
      When the port is in DSCP trust state and vport inline mode is not NONE,
      firmware requires mlx5 driver to copy the IP header to the
      wqe ethernet segment inline header if the skb has it.
      This is done by changing the transmit queue sq's min inline mode to L3.
      Note that the min inline mode of sqs that belong to other features
      such as xdpsq, icosq are not modified.
      ===================================================
      
      Plus to the dscp series, some small misc changes are include as well:
      
      From Inbar, Ethtool msglvl support and some debug prints in DCBNL logic
      From Or Gerlitz, Enlarge the NIC TC offload table size
      From Rabie, Initialize destination_flow struct to 0
      From Feras, Add inner TTC table to IPoIB flow steering
      From Tal, Enable CQE based moderation on TX CQ
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      488e5b30
    • D
      Merge branch 'nfp-ethtool-and-related-improvements' · bfe26ba9
      David S. Miller 提交于
      Simon Horman says:
      
      ====================
      nfp: ethtool and related improvements
      
      Dirk van der Merwe says:
      
      This patch series throws a couple of loosely related items into a single
      series.
      
      Patch 1: Clang compilation fix reported by
        Matthias Kaehlcke <mka@chromium.org>
      
      Patch 2: Driver can now do MAC reinit on load when there has been a
        media override set in the NSP.
      
      Patch 3: Refactor the nfp_app_reprs_set API.
      
      Patch 4: Similar to vNICs, representors must be able to deal with media
        override changes in the NSP.
      
      Patch 5: Since representors can now handle media overrides, we can
        allocate the get/set link ndo's to them.
      
      Patch 6 & 7: Add support for FEC mode modification.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bfe26ba9
    • D
      nfp: implement ethtool FEC mode settings · 0d087093
      Dirk van der Merwe 提交于
      Add support in the driver ethtool ops to modify the NFP FEC modes.
      
      The FEC modes can be set for vNIC associated with physical ports or
      for MAC representor netdevs.
      Signed-off-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0d087093
    • D
      nfp: add helpers for FEC support · b471232e
      Dirk van der Merwe 提交于
      Implement helpers to determine and modify FEC modes via the NSP.
      The NSP advertises FEC capabilities on a per port basis and provides
      support for:
      * Auto mode selection
      * Reed Solomon
      * BaseR
      * None/Off
      Signed-off-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b471232e
    • D
      nfp: add get/set link settings ndos to representors · a564d30e
      Dirk van der Merwe 提交于
      Since it is now safe to modify link settings for representors, we can
      attach the get/set link settings ndos to it. The get/set link settings
      are nfp_port based operations.
      
      If a port becomes invalid, the representor will be removed in the same
      way a vnic would be.
      Signed-off-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a564d30e
    • D
      nfp: resync repr state when port table sync · 5fa27d59
      Dirk van der Merwe 提交于
      If the NSP port table has been refreshed, resync the representor state
      with the new port information. At the moment, this only entails looking
      for invalid ports and killing off representors associated with them.
      
      The repr instance becomes NULL which is safe since the app accessor
      function for reprs returns NULL when it cannot access a repr.
      Signed-off-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5fa27d59
    • D
      nfp: refactor nfp_app_reprs_set · 51ccc37d
      Dirk van der Merwe 提交于
      The criteria that reprs cannot be replaced with another new set of reprs
      has been removed. This check is not needed since the only use case that
      could exercise this at the moment, would be to modify the number of
      SRIOV VFs without first disabling them. This case is explicitly
      disallowed in any case and subsequent patches in this series
      need to be able to replace the running set of reprs.
      
      All cases where the return code used to be checked for the
      nfp_app_reprs_set function have been removed.
      As stated above, it is not possible for the current code to encounter a
      case where reprs exist and need to be replaced.
      Signed-off-by: NDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51ccc37d