1. 25 10月, 2019 1 次提交
    • T
      net: core: add generic lockdep keys · ab92d68f
      Taehee Yoo 提交于
      Some interface types could be nested.
      (VLAN, BONDING, TEAM, MACSEC, MACVLAN, IPVLAN, VIRT_WIFI, VXLAN, etc..)
      These interface types should set lockdep class because, without lockdep
      class key, lockdep always warn about unexisting circular locking.
      
      In the current code, these interfaces have their own lockdep class keys and
      these manage itself. So that there are so many duplicate code around the
      /driver/net and /net/.
      This patch adds new generic lockdep keys and some helper functions for it.
      
      This patch does below changes.
      a) Add lockdep class keys in struct net_device
         - qdisc_running, xmit, addr_list, qdisc_busylock
         - these keys are used as dynamic lockdep key.
      b) When net_device is being allocated, lockdep keys are registered.
         - alloc_netdev_mqs()
      c) When net_device is being free'd llockdep keys are unregistered.
         - free_netdev()
      d) Add generic lockdep key helper function
         - netdev_register_lockdep_key()
         - netdev_unregister_lockdep_key()
         - netdev_update_lockdep_key()
      e) Remove unnecessary generic lockdep macro and functions
      f) Remove unnecessary lockdep code of each interfaces.
      
      After this patch, each interface modules don't need to maintain
      their lockdep keys.
      Signed-off-by: NTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ab92d68f
  2. 02 10月, 2019 1 次提交
    • F
      netfilter: drop bridge nf reset from nf_reset · 895b5c9f
      Florian Westphal 提交于
      commit 174e2381
      ("sk_buff: drop all skb extensions on free and skb scrubbing") made napi
      recycle always drop skb extensions.  The additional skb_ext_del() that is
      performed via nf_reset on napi skb recycle is not needed anymore.
      
      Most nf_reset() calls in the stack are there so queued skb won't block
      'rmmod nf_conntrack' indefinitely.
      
      This removes the skb_ext_del from nf_reset, and renames it to a more
      fitting nf_reset_ct().
      
      In a few selected places, add a call to skb_ext_reset to make sure that
      no active extensions remain.
      
      I am submitting this for "net", because we're still early in the release
      cycle.  The patch applies to net-next too, but I think the rename causes
      needless divergence between those trees.
      Suggested-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      895b5c9f
  3. 23 7月, 2019 1 次提交
    • S
      batman-adv: Replace usage of strlcpy with strscpy · 529a8f93
      Sven Eckelmann 提交于
      The strscpy was introduced to fix some API problems around strlcpy. And
      checkpatch started to report recently that strlcpy is deprecated and
      strscpy is preferred.
      
      The functionality introduced in commit 30035e45 ("string: provide
      strscpy()") improves following points compared to strlcpy:
      
      * it doesn't read from memory beyond (src + size)
      * provides an easy way to check for destination buffer overflow
      * robust against asynchronous source buffer changes
      
      Since batman-adv doesn't depend on any of the previously mentioned behavior
      changes, the usage of strlcpy can simply be replaced by strscpy to silence
      checkpatch.
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      529a8f93
  4. 25 5月, 2019 2 次提交
  5. 25 3月, 2019 2 次提交
  6. 13 2月, 2019 1 次提交
    • E
      batman-adv: fix uninit-value in batadv_interface_tx() · 4ffcbfac
      Eric Dumazet 提交于
      KMSAN reported batadv_interface_tx() was possibly using a
      garbage value [1]
      
      batadv_get_vid() does have a pskb_may_pull() call
      but batadv_interface_tx() does not actually make sure
      this did not fail.
      
      [1]
      BUG: KMSAN: uninit-value in batadv_interface_tx+0x908/0x1e40 net/batman-adv/soft-interface.c:231
      CPU: 0 PID: 10006 Comm: syz-executor469 Not tainted 4.20.0-rc7+ #5
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x173/0x1d0 lib/dump_stack.c:113
       kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613
       __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313
       batadv_interface_tx+0x908/0x1e40 net/batman-adv/soft-interface.c:231
       __netdev_start_xmit include/linux/netdevice.h:4356 [inline]
       netdev_start_xmit include/linux/netdevice.h:4365 [inline]
       xmit_one net/core/dev.c:3257 [inline]
       dev_hard_start_xmit+0x607/0xc40 net/core/dev.c:3273
       __dev_queue_xmit+0x2e42/0x3bc0 net/core/dev.c:3843
       dev_queue_xmit+0x4b/0x60 net/core/dev.c:3876
       packet_snd net/packet/af_packet.c:2928 [inline]
       packet_sendmsg+0x8306/0x8f30 net/packet/af_packet.c:2953
       sock_sendmsg_nosec net/socket.c:621 [inline]
       sock_sendmsg net/socket.c:631 [inline]
       __sys_sendto+0x8c4/0xac0 net/socket.c:1788
       __do_sys_sendto net/socket.c:1800 [inline]
       __se_sys_sendto+0x107/0x130 net/socket.c:1796
       __x64_sys_sendto+0x6e/0x90 net/socket.c:1796
       do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x63/0xe7
      RIP: 0033:0x441889
      Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007ffdda6fd468 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
      RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000441889
      RDX: 000000000000000e RSI: 00000000200000c0 RDI: 0000000000000003
      RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000216 R12: 00007ffdda6fd4c0
      R13: 00007ffdda6fd4b0 R14: 0000000000000000 R15: 0000000000000000
      
      Uninit was created at:
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline]
       kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158
       kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176
       kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:185
       slab_post_alloc_hook mm/slab.h:446 [inline]
       slab_alloc_node mm/slub.c:2759 [inline]
       __kmalloc_node_track_caller+0xe18/0x1030 mm/slub.c:4383
       __kmalloc_reserve net/core/skbuff.c:137 [inline]
       __alloc_skb+0x309/0xa20 net/core/skbuff.c:205
       alloc_skb include/linux/skbuff.h:998 [inline]
       alloc_skb_with_frags+0x1c7/0xac0 net/core/skbuff.c:5220
       sock_alloc_send_pskb+0xafd/0x10e0 net/core/sock.c:2083
       packet_alloc_skb net/packet/af_packet.c:2781 [inline]
       packet_snd net/packet/af_packet.c:2872 [inline]
       packet_sendmsg+0x661a/0x8f30 net/packet/af_packet.c:2953
       sock_sendmsg_nosec net/socket.c:621 [inline]
       sock_sendmsg net/socket.c:631 [inline]
       __sys_sendto+0x8c4/0xac0 net/socket.c:1788
       __do_sys_sendto net/socket.c:1800 [inline]
       __se_sys_sendto+0x107/0x130 net/socket.c:1796
       __x64_sys_sendto+0x6e/0x90 net/socket.c:1796
       do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x63/0xe7
      
      Fixes: c6c8fea2 ("net: Add batman-adv meshing protocol")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Cc:	Marek Lindner <mareklindner@neomailbox.ch>
      Cc:	Simon Wunderlich <sw@simonwunderlich.de>
      Cc:	Antonio Quartulli <a@unstable.cc>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4ffcbfac
  7. 09 2月, 2019 1 次提交
    • S
      batman-adv: Add gateway mesh genl configuration · e2d0d35b
      Sven Eckelmann 提交于
      The mesh/soft-interface can optimize the handling of DHCP packets. Instead
      of flooding them through the whole mesh, it can be forwarded as unicast to
      a specific gateway server. The originator which injects the packets in the
      mesh has to select (based on sel_class thresholds) a responsible gateway
      server. This is done by switching this originator to the gw_mode client.
      The servers announce their forwarding bandwidth (download/upload) when the
      gw_mode server was selected.
      
      The BATADV_CMD_SET_MESH/BATADV_CMD_GET_MESH commands allow to set/get the
      configuration of this feature using the attributes:
      
      * u8 BATADV_ATTR_GW_MODE (0 == off, 1 == client, 2 == server)
      * u32 BATADV_ATTR_GW_BANDWIDTH_DOWN (in 100 kbit/s steps)
      * u32 BATADV_ATTR_GW_BANDWIDTH_UP (in 100 kbit/s steps)
      * u32 BATADV_ATTR_GW_SEL_CLASS
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      e2d0d35b
  8. 04 1月, 2019 1 次提交
  9. 01 1月, 2019 1 次提交
    • S
      batman-adv: Force mac header to start of data on xmit · 9114daa8
      Sven Eckelmann 提交于
      The caller of ndo_start_xmit may not already have called
      skb_reset_mac_header. The returned value of skb_mac_header/eth_hdr
      therefore can be in the wrong position and even outside the current skbuff.
      This for example happens when the user binds to the device using a
      PF_PACKET-SOCK_RAW with enabled qdisc-bypass:
      
        int opt = 4;
        setsockopt(sock, SOL_PACKET, PACKET_QDISC_BYPASS, &opt, sizeof(opt));
      
      Since eth_hdr is used all over the codebase, the batadv_interface_tx
      function must always take care of resetting it.
      
      Fixes: c6c8fea2 ("net: Add batman-adv meshing protocol")
      Reported-by: syzbot+9d7405c7faa390e60b4e@syzkaller.appspotmail.com
      Reported-by: syzbot+7d20bc3f1ddddc0f9079@syzkaller.appspotmail.com
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      9114daa8
  10. 31 12月, 2018 1 次提交
    • L
      batman-adv: Snoop DHCPACKs for DAT · b61ec31c
      Linus Lüssing 提交于
      In a 1000 nodes mesh network (Freifunk Hamburg) we can still see
      30KBit/s of ARP traffic (equalling about 25% of all layer two
      specific overhead, remaining after some filtering) flooded through
      the mesh. These 30KBit/s are mainly ARP Requests from the
      gateways / DHCP servers.
      
      By snooping DHCPACKs we can learn about MAC/IP address pairs
      in the DHCP range without relying on ARP. This patch is in preparation
      to eliminate the need for mesh wide message flooding for IPv4 address
      resolution.
      
      Also this allows to quickly update a MAC/IP pair at least in the DHT when
      DHCP reassigns an IP address to a new host.
      Signed-off-by: NLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      b61ec31c
  11. 15 9月, 2018 2 次提交
    • S
      batman-adv: Enable LockLess TX for softif · a7ea49af
      Sven Eckelmann 提交于
      The batadv interfaces are virtual interfaces which just tunnel the traffic
      over other ethernet compatible interfaces. It doesn't need serialization
      during the tx phase and is using RCU for most of its internal
      datastructures. Since it doesn't have actual queues which could be locked
      independently, the throughput gets significantly reduced by the extra lock
      in the core net code.
      
      8 parallel TCP connections forwarded by an IPQ4019 based hardware over
      5GHz could reach:
      
      * without LLTX: 349 Mibit/s
      * with LLTX:    563 Mibit/s
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      a7ea49af
    • S
      batman-adv: Move OGM rebroadcast stats to orig_ifinfo · dee222c7
      Sven Eckelmann 提交于
      B.A.T.M.A.N. IV requires the number of rebroadcast from a neighboring
      originator. These statistics are gathered per interface which transmitted
      the OGM (and then received it again). Since an originator is not interface
      specific, a resizable array was used in each originator.
      
      This resizable array had an entry for each interface and had to be resizes
      (for all OGMs) when the number of active interface was modified. This could
      cause problems when a large number of interface is added and not enough
      continuous memory is available to allocate the array.
      
      There is already a per interface originator structure "batadv_orig_ifinfo"
      which can be used to store this information.
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      dee222c7
  12. 06 9月, 2018 1 次提交
    • S
      batman-adv: Prevent duplicated softif_vlan entry · 94cb82f5
      Sven Eckelmann 提交于
      The function batadv_softif_vlan_get is responsible for adding new
      softif_vlan to the softif_vlan_list. It first checks whether the entry
      already is in the list or not. If it is, then the creation of a new entry
      is aborted.
      
      But the lock for the list is only held when the list is really modified.
      This could lead to duplicated entries because another context could create
      an entry with the same key between the check and the list manipulation.
      
      The check and the manipulation of the list must therefore be in the same
      locked code section.
      
      Fixes: 5d2c05b2 ("batman-adv: add per VLAN interface attribute framework")
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      94cb82f5
  13. 26 4月, 2018 1 次提交
  14. 22 4月, 2018 1 次提交
  15. 27 2月, 2018 1 次提交
  16. 26 2月, 2018 1 次提交
  17. 22 12月, 2017 1 次提交
  18. 16 12月, 2017 4 次提交
  19. 12 10月, 2017 1 次提交
  20. 05 10月, 2017 1 次提交
  21. 28 9月, 2017 2 次提交
  22. 23 9月, 2017 1 次提交
  23. 08 6月, 2017 1 次提交
    • D
      net: Fix inconsistent teardown and release of private netdev state. · cf124db5
      David S. Miller 提交于
      Network devices can allocate reasources and private memory using
      netdev_ops->ndo_init().  However, the release of these resources
      can occur in one of two different places.
      
      Either netdev_ops->ndo_uninit() or netdev->destructor().
      
      The decision of which operation frees the resources depends upon
      whether it is necessary for all netdev refs to be released before it
      is safe to perform the freeing.
      
      netdev_ops->ndo_uninit() presumably can occur right after the
      NETDEV_UNREGISTER notifier completes and the unicast and multicast
      address lists are flushed.
      
      netdev->destructor(), on the other hand, does not run until the
      netdev references all go away.
      
      Further complicating the situation is that netdev->destructor()
      almost universally does also a free_netdev().
      
      This creates a problem for the logic in register_netdevice().
      Because all callers of register_netdevice() manage the freeing
      of the netdev, and invoke free_netdev(dev) if register_netdevice()
      fails.
      
      If netdev_ops->ndo_init() succeeds, but something else fails inside
      of register_netdevice(), it does call ndo_ops->ndo_uninit().  But
      it is not able to invoke netdev->destructor().
      
      This is because netdev->destructor() will do a free_netdev() and
      then the caller of register_netdevice() will do the same.
      
      However, this means that the resources that would normally be released
      by netdev->destructor() will not be.
      
      Over the years drivers have added local hacks to deal with this, by
      invoking their destructor parts by hand when register_netdevice()
      fails.
      
      Many drivers do not try to deal with this, and instead we have leaks.
      
      Let's close this hole by formalizing the distinction between what
      private things need to be freed up by netdev->destructor() and whether
      the driver needs unregister_netdevice() to perform the free_netdev().
      
      netdev->priv_destructor() performs all actions to free up the private
      resources that used to be freed by netdev->destructor(), except for
      free_netdev().
      
      netdev->needs_free_netdev is a boolean that indicates whether
      free_netdev() should be done at the end of unregister_netdevice().
      
      Now, register_netdevice() can sanely release all resources after
      ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
      and netdev->priv_destructor().
      
      And at the end of unregister_netdevice(), we invoke
      netdev->priv_destructor() and optionally call free_netdev().
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cf124db5
  24. 05 4月, 2017 1 次提交
  25. 03 4月, 2017 4 次提交
  26. 26 3月, 2017 1 次提交
  27. 17 3月, 2017 1 次提交
  28. 05 3月, 2017 1 次提交
    • S
      batman-adv: Initialize gw sel_class via batadv_algo · 1a9070ec
      Sven Eckelmann 提交于
      The gateway selection class variable is shared between different algorithm
      versions. But the interpretation of the content is algorithm specific. The
      initialization is therefore also algorithm specific.
      
      But this was implemented incorrectly and the initialization for BATMAN_V
      always overwrote the value previously written for BATMAN_IV. This could
      only be avoided when BATMAN_V was disabled during compile time.
      
      Using a special batadv_algo hook for this initialization avoids this
      problem.
      
      Fixes: 50164d8f ("batman-adv: B.A.T.M.A.N. V - implement GW selection logic")
      Signed-off-by: NSven Eckelmann <sven@narfation.org>
      Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
      1a9070ec
  29. 26 1月, 2017 2 次提交