1. 11 11月, 2017 3 次提交
    • J
      tipc: improve link resiliency when rps is activated · 8d6e79d3
      Jon Maloy 提交于
      Currently, the TIPC RPS dissector is based only on the incoming packets'
      source node address, hence steering all traffic from a node to the same
      core. We have seen that this makes the links vulnerable to starvation
      and unnecessary resets when we turn down the link tolerance to very low
      values.
      
      To reduce the risk of this happening, we exempt probe and probe replies
      packets from the convergence to one core per source node. Instead, we do
      the opposite, - we try to diverge those packets across as many cores as
      possible, by randomizing the flow selector key.
      
      To make such packets identifiable to the dissector, we add a new
      'is_keepalive' bit to word 0 of the LINK_PROTOCOL header. This bit is
      set both for PROBE and PROBE_REPLY messages, and only for those.
      
      It should be noted that these packets are not part of any flow anyway,
      and only constitute a minuscule fraction of all packets sent across a
      link. Hence, there is no risk that this will affect overall performance.
      Acked-by: NYing Xue <ying.xue@windriver.com>
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8d6e79d3
    • M
      net: ipv6: sysctl to specify IPv6 ND traffic class · 2210d6b2
      Maciej Żenczykowski 提交于
      Add a per-device sysctl to specify the default traffic class to use for
      kernel originated IPv6 Neighbour Discovery packets.
      
      Currently this includes:
      
        - Router Solicitation (ICMPv6 type 133)
          ndisc_send_rs() -> ndisc_send_skb() -> ip6_nd_hdr()
      
        - Neighbour Solicitation (ICMPv6 type 135)
          ndisc_send_ns() -> ndisc_send_skb() -> ip6_nd_hdr()
      
        - Neighbour Advertisement (ICMPv6 type 136)
          ndisc_send_na() -> ndisc_send_skb() -> ip6_nd_hdr()
      
        - Redirect (ICMPv6 type 137)
          ndisc_send_redirect() -> ndisc_send_skb() -> ip6_nd_hdr()
      
      and if the kernel ever gets around to generating RA's,
      it would presumably also include:
      
        - Router Advertisement (ICMPv6 type 134)
          (radvd daemon could pick up on the kernel setting and use it)
      
      Interface drivers may examine the Traffic Class value and translate
      the DiffServ Code Point into a link-layer appropriate traffic
      prioritization scheme.  An example of mapping IETF DSCP values to
      IEEE 802.11 User Priority values can be found here:
      
          https://tools.ietf.org/html/draft-ietf-tsvwg-ieee-802-11
      
      The expected primary use case is to properly prioritize ND over wifi.
      
      Testing:
        jzem22:~# cat /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        0
        jzem22:~# echo -1 > /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        -bash: echo: write error: Invalid argument
        jzem22:~# echo 256 > /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        -bash: echo: write error: Invalid argument
        jzem22:~# echo 0 > /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        jzem22:~# echo 255 > /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        jzem22:~# cat /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        255
        jzem22:~# echo 34 > /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        jzem22:~# cat /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        34
      
        jzem22:~# echo $[0xDC] > /proc/sys/net/ipv6/conf/eth0/ndisc_tclass
        jzem22:~# tcpdump -v -i eth0 icmp6 and src host jzem22.pgc and dst host fe80::1
        tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
        IP6 (class 0xdc, hlim 255, next-header ICMPv6 (58) payload length: 24)
        jzem22.pgc > fe80::1: [icmp6 sum ok] ICMP6, neighbor advertisement,
        length 24, tgt is jzem22.pgc, Flags [solicited]
      
      (based on original change written by Erik Kline, with minor changes)
      
      v2: fix 'suspicious rcu_dereference_check() usage'
          by explicitly grabbing the rcu_read_lock.
      
      Cc: Lorenzo Colitti <lorenzo@google.com>
      Signed-off-by: NErik Kline <ek@google.com>
      Signed-off-by: NMaciej Żenczykowski <maze@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2210d6b2
    • J
      bpf: add a bpf_override_function helper · dd0bb688
      Josef Bacik 提交于
      Error injection is sloppy and very ad-hoc.  BPF could fill this niche
      perfectly with it's kprobe functionality.  We could make sure errors are
      only triggered in specific call chains that we care about with very
      specific situations.  Accomplish this with the bpf_override_funciton
      helper.  This will modify the probe'd callers return value to the
      specified value and set the PC to an override function that simply
      returns, bypassing the originally probed function.  This gives us a nice
      clean way to implement systematic error injection for all of our code
      paths.
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NJosef Bacik <jbacik@fb.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dd0bb688
  2. 10 11月, 2017 5 次提交
  3. 09 11月, 2017 6 次提交
  4. 08 11月, 2017 10 次提交
  5. 07 11月, 2017 2 次提交
    • P
      netfilter: nf_tables: get set elements via netlink · ba0e4d99
      Pablo Neira Ayuso 提交于
      This patch adds a new get operation to look up for specific elements in
      a set via netlink interface. You can also use it to check if an interval
      already exists.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      ba0e4d99
    • T
      ALSA: seq: Avoid invalid lockdep class warning · 3510c7aa
      Takashi Iwai 提交于
      The recent fix for adding rwsem nesting annotation was using the given
      "hop" argument as the lock subclass key.  Although the idea itself
      works, it may trigger a kernel warning like:
        BUG: looking up invalid subclass: 8
        ....
      since the lockdep has a smaller number of subclasses (8) than we
      currently allow for the hops there (10).
      
      The current definition is merely a sanity check for avoiding the too
      deep delivery paths, and the 8 hops are already enough.  So, as a
      quick fix, just follow the max hops as same as the max lockdep
      subclasses.
      
      Fixes: 1f20f9ff ("ALSA: seq: Fix nested rwsem annotation for lockdep splat")
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      3510c7aa
  6. 06 11月, 2017 2 次提交
    • F
      netfilter: conntrack: don't cache nlattr_tuple_size result in nla_size · 5caaed15
      Florian Westphal 提交于
      We currently call ->nlattr_tuple_size() once at register time and
      cache result in l4proto->nla_size.
      
      nla_size is the only member that is written to, avoiding this would
      allow to make l4proto trackers const.
      
      We can use ->nlattr_tuple_size() at run time, and cache result in
      the individual trackers instead.
      
      This is an intermediate step, next patch removes nlattr_size()
      callback and computes size at compile time, then removes nla_size.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      5caaed15
    • T
      ALSA: timer: Limit max instances per timer · 9b7d869e
      Takashi Iwai 提交于
      Currently we allow unlimited number of timer instances, and it may
      bring the system hogging way too much CPU when too many timer
      instances are opened and processed concurrently.  This may end up with
      a soft-lockup report as triggered by syzkaller, especially when
      hrtimer backend is deployed.
      
      Since such insane number of instances aren't demanded by the normal
      use case of ALSA sequencer and it merely  opens a risk only for abuse,
      this patch introduces the upper limit for the number of instances per
      timer backend.  As default, it's set to 1000, but for the fine-grained
      timer like hrtimer, it's set to 100.
      
      Reported-by: syzbot
      Tested-by: NJérôme Glisse <jglisse@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      9b7d869e
  7. 05 11月, 2017 12 次提交