1. 10 2月, 2015 27 次提交
  2. 09 2月, 2015 9 次提交
    • E
      net:rfs: adjust table size checking · 93c1af6c
      Eric Dumazet 提交于
      Make sure root user does not try something stupid.
      
      Also make sure mask field in struct rps_sock_flow_table
      does not share a cache line with the potentially often dirtied
      flow table.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Fixes: 567e4b79 ("net: rfs: add hash collision detection")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      93c1af6c
    • H
      cxgb4: Fix trace observed while dumping clip_tbl · acde2c2d
      Hariprasad Shenai 提交于
      Handle clip_tbl debugfs entry, when clip_tbl isn't allocated.
      In commit b5a02f50 ("cxgb4: Update ipv6 address handling api") wrong
      argument was passed for single_open for clip_tbl debugfs entry, which led to
      below trace. Fixing it.
      
      ======
      call Trace:
       [<ffffffffa073c606>] clip_tbl_open+0x16/0x30 [cxgb4]
       [<ffffffff8119e2fa>] do_dentry_open+0x21a/0x370
       [<ffffffff8119e499>] vfs_open+0x49/0x50
       [<ffffffff811b0d0e>] do_last+0x21e/0x800
       [<ffffffff811b1382>] path_openat+0x92/0x470
       [<ffffffff8110569f>] ? rb_reserve_next_event+0xaf/0x380
       [<ffffffff8110569f>] ? rb_reserve_next_event+0xaf/0x380
       [<ffffffff811b189a>] do_filp_open+0x4a/0xa0
       [<ffffffff811bdc5d>] ? __alloc_fd+0xcd/0x140
       [<ffffffff8119fa4a>] do_sys_open+0x11a/0x230
       [<ffffffff8101219f>] ? syscall_trace_enter_phase2+0xaf/0x1b0
       [<ffffffff8119fb9e>] SyS_open+0x1e/0x20
       [<ffffffff815bf6f0>] tracesys_phase2+0xd4/0xd9
      Code: 89 e5 66 66 66 66 90 48 8b 47 e0 48 8b 40 30 48 8b 40 58 c9 c3 66 0f 1f
      84 00 00 00 00 00 55 48 89 e5 66 66 66 66 90 48 8b 47 e0 <48> 8b 40 58 c9 c3 66
      66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48
      RIP  [<ffffffff8120898d>] PDE_DATA+0xd/0x20
       RSP <ffff8800b08c3c48>
      CR2: 0000000000000058
      
      =====
      Signed-off-by: NHariprasad Shenai <hariprasad@chelsio.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      acde2c2d
    • S
      61d7b097
    • S
      Driver: Vmxnet3: Change the hex constant to its decimal equivalent · dd83829e
      Shrikrishna Khare 提交于
      The hex constant chosen for VMXNET3_REV1_MAGIC is offensive,
      replace it with its decimal equivalent.
      Signed-off-by: NShrikrishna Khare <skhare@vmware.com>
      Reviewed-by: NShreyas Bhatewara <sbhatewara@vmware.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dd83829e
    • E
      net: rfs: add hash collision detection · 567e4b79
      Eric Dumazet 提交于
      Receive Flow Steering is a nice solution but suffers from
      hash collisions when a mix of connected and unconnected traffic
      is received on the host, when flow hash table is populated.
      
      Also, clearing flow in inet_release() makes RFS not very good
      for short lived flows, as many packets can follow close().
      (FIN , ACK packets, ...)
      
      This patch extends the information stored into global hash table
      to not only include cpu number, but upper part of the hash value.
      
      I use a 32bit value, and dynamically split it in two parts.
      
      For host with less than 64 possible cpus, this gives 6 bits for the
      cpu number, and 26 (32-6) bits for the upper part of the hash.
      
      Since hash bucket selection use low order bits of the hash, we have
      a full hash match, if /proc/sys/net/core/rps_sock_flow_entries is big
      enough.
      
      If the hash found in flow table does not match, we fallback to RPS (if
      it is enabled for the rxqueue).
      
      This means that a packet for an non connected flow can avoid the
      IPI through a unrelated/victim CPU.
      
      This also means we no longer have to clear the table at socket
      close time, and this helps short lived flows performance.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NTom Herbert <therbert@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      567e4b79
    • S
      net: fix a typo in skb_checksum_validate_zero_check · 096a4cfa
      Sabrina Dubroca 提交于
      Remove trailing underscore.
      Signed-off-by: NSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      096a4cfa
    • S
      gre/ipip: use be16 variants of netlink functions · 3e97fa70
      Sabrina Dubroca 提交于
      encap.sport and encap.dport are __be16, use nla_{get,put}_be16 instead
      of nla_{get,put}_u16.
      
      Fixes the sparse warnings:
      
      warning: incorrect type in assignment (different base types)
         expected restricted __be32 [addressable] [usertype] o_key
         got restricted __be16 [addressable] [usertype] i_flags
      warning: incorrect type in assignment (different base types)
         expected restricted __be16 [usertype] sport
         got unsigned short
      warning: incorrect type in assignment (different base types)
         expected restricted __be16 [usertype] dport
         got unsigned short
      warning: incorrect type in argument 3 (different base types)
         expected unsigned short [unsigned] [usertype] value
         got restricted __be16 [usertype] sport
      warning: incorrect type in argument 3 (different base types)
         expected unsigned short [unsigned] [usertype] value
         got restricted __be16 [usertype] dport
      Signed-off-by: NSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3e97fa70
    • J
      tipc: fix bug in socket reception function · 51a00daf
      Jon Paul Maloy 提交于
      In commit c637c103 ("tipc: resolve race
      problem at unicast message reception") we introduced a time limit
      for how long the function tipc_sk_eneque() would be allowed to execute
      its loop. Unfortunately, the test for when this limit is passed was put
      in the wrong place, resulting in a lost message when the test is true.
      
      We fix this by moving the test to before we dequeue the next buffer
      from the input queue.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51a00daf
    • M
      rt6_probe_deferred: Do not depend on struct ordering · 662f5533
      Michael Büsch 提交于
      rt6_probe allocates a struct __rt6_probe_work and schedules a work handler rt6_probe_deferred.
      But rt6_probe_deferred kfree's the struct work_struct instead of struct __rt6_probe_work.
      This works, because struct work_struct is the first element of struct __rt6_probe_work.
      
      Change it to kfree struct __rt6_probe_work to not implicitly depend on
      struct work_struct being the first element.
      
      This does not affect the generated code.
      Signed-off-by: NMichael Buesch <m@bues.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      662f5533
  3. 08 2月, 2015 4 次提交
    • D
      Merge branch 'tcp_ack_loops' · f06535c5
      David S. Miller 提交于
      Neal Cardwellsays:
      
      ====================
      tcp: mitigate TCP ACK loops due to out-of-window validation dupacks
      
      This patch series mitigates "ack loop" DoS scenarios by rate-limiting
      outgoing duplicate ACKs sent in response to incoming "out of window"
      segments.
      
      Background
      -----------
      
      There are several cases in which the TCP RFCs specify that a TCP
      endpoint should send a pure duplicate ACK in response to a pure
      duplicate ACK that appears to be invalid due to being "out of window":
      
      (1) RFC 793 (section 3.9, page 69) specifies that endpoints should
          send a duplicate ACK in response to an ACK when the incoming
          sequence number is invalid due to being outside the receive
          window: "If an incoming segment is not acceptable, an
          acknowledgment should be sent in reply".
      
      (2) RFC 793 (section 3.9, page 72) says: "If the ACK acknowledges
          something not yet sent (SEG.ACK > SND.NXT) then send an ACK".
      
      (3) RFC 1323 (section 4.2.1, page 18) specifies that endpoints should
          send a duplicate ACK in response to an ACK when the PAWS check for
          the incoming timestamp value fails: "If .... SEG.TSval < TS.Recent
          and if TS.Recent is valid ... Send an acknowledgement in reply"
      
      The problem
      ------------
      
      Normally, this is not a problem. However, a buggy middlebox or
      malicious man-in-the-middle can inject a few packets into the
      conversation that advance each endpoint's notion of the current window
      (sequence, ACK, or timestamp), without either side noticing. In this
      case, from then on each side can think the other is sending invalid
      segments. Thus an infinite feedback loop of duplicate ACKs can ensue,
      as each endpoint receives a duplicate ACK, decides that it is invalid
      (due to sequence number, ACK number, or timestamp), and then sends a
      dupack in reply, which the other side decides is invalid, responding
      with a dupack... ad infinitum. This ping-pong feedback loop can happen
      at a very high rate.
      
      This phenomenon can and does happen in practice. It has been seen in
      datacenter and Internet contexts at Google, and has been documented by
      Anil Agarwal in the Nov 2013 tcpm thread "TCP mismatched sequence
      numbers issue", and Avery Fay in the Feb 2015 Linux netdev thread
      "Invalid timestamp? causing tight ack loop (hundreds of thousands of
      packets / sec)".
      
      This patch series
      ------------------
      
      This patch series mitigates such ack loops by rate-limiting outgoing
      duplicate ACKs sent in response to incoming TCP packets that are for
      an existing connection but that are invalid due to any of the reasons
      mentioned above: sequence number (1), ACK field (2), or timestamp
      value (3). The rate limit for such duplicate ACKs is specified by a
      new sysctl, tcp_invalid_ratelimit, which specifies the minimal space
      between such outbound duplicate ACKs, in milliseconds. The default is
      500 (500ms), and 0 disables the mechanism.
      
      We rate-limit these duplicate ACK responses rather than blocking them
      entirely or resetting the connection, because legitimate connections
      can rely on dupacks in response to some out-of-window segments. For
      example, zero window probes are typically sent with a sequence number
      that is below the current window, and ZWPs thus expect to thus elicit
      a dupack in response.
      
      Testing: this approach has been in use at Google for a while.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f06535c5
    • N
      tcp: mitigate ACK loops for connections as tcp_timewait_sock · 4fb17a60
      Neal Cardwell 提交于
      Ensure that in state FIN_WAIT2 or TIME_WAIT, where the connection is
      represented by a tcp_timewait_sock, we rate limit dupacks in response
      to incoming packets (a) with TCP timestamps that fail PAWS checks, or
      (b) with sequence numbers that are out of the acceptable window.
      
      We do not send a dupack in response to out-of-window packets if it has
      been less than sysctl_tcp_invalid_ratelimit (default 500ms) since we
      last sent a dupack in response to an out-of-window packet.
      Reported-by: NAvery Fay <avery@mixpanel.com>
      Signed-off-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4fb17a60
    • N
      tcp: mitigate ACK loops for connections as tcp_sock · f2b2c582
      Neal Cardwell 提交于
      Ensure that in state ESTABLISHED, where the connection is represented
      by a tcp_sock, we rate limit dupacks in response to incoming packets
      (a) with TCP timestamps that fail PAWS checks, or (b) with sequence
      numbers or ACK numbers that are out of the acceptable window.
      
      We do not send a dupack in response to out-of-window packets if it has
      been less than sysctl_tcp_invalid_ratelimit (default 500ms) since we
      last sent a dupack in response to an out-of-window packet.
      
      There is already a similar (although global) rate-limiting mechanism
      for "challenge ACKs". When deciding whether to send a challence ACK,
      we first consult the new per-connection rate limit, and then the
      global rate limit.
      Reported-by: NAvery Fay <avery@mixpanel.com>
      Signed-off-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f2b2c582
    • N
      tcp: mitigate ACK loops for connections as tcp_request_sock · a9b2c06d
      Neal Cardwell 提交于
      In the SYN_RECV state, where the TCP connection is represented by
      tcp_request_sock, we now rate-limit SYNACKs in response to a client's
      retransmitted SYNs: we do not send a SYNACK in response to client SYN
      if it has been less than sysctl_tcp_invalid_ratelimit (default 500ms)
      since we last sent a SYNACK in response to a client's retransmitted
      SYN.
      
      This allows the vast majority of legitimate client connections to
      proceed unimpeded, even for the most aggressive platforms, iOS and
      MacOS, which actually retransmit SYNs 1-second intervals for several
      times in a row. They use SYN RTO timeouts following the progression:
      1,1,1,1,1,2,4,8,16,32.
      Reported-by: NAvery Fay <avery@mixpanel.com>
      Signed-off-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a9b2c06d