1. 23 3月, 2017 33 次提交
    • D
      sfc: cleanup a condition in efx_udp_tunnel_del() · c04ca616
      Dan Carpenter 提交于
      Presumably if there is an "add" function, there is also a "del"
      function.  But it causes a static checker warning because it looks like
      a common cut and paste bug.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: NJarod Wilson <jarod@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c04ca616
    • A
      Bluetooth: btqcomsmd: fix compile-test dependency · 6e9e6cc8
      Arnd Bergmann 提交于
      compile-testing fails when QCOM_SMD is a loadable module:
      
      drivers/bluetooth/built-in.o: In function `btqcomsmd_send':
      btqca.c:(.text+0xa8): undefined reference to `qcom_smd_send'
      drivers/bluetooth/built-in.o: In function `btqcomsmd_probe':
      btqca.c:(.text+0x3ec): undefined reference to `qcom_wcnss_open_channel'
      btqca.c:(.text+0x46c): undefined reference to `qcom_smd_set_drvdata'
      
      This clarifies the dependency to allow compile-testing only when
      SMD is completely disabled, otherwise the dependency on QCOM_SMD
      will make sure we can link against it.
      
      Fixes: e27ee2b1 ("Bluetooth: btqcomsmd: Allow driver to build if COMPILE_TEST is enabled")
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      [bjorn: Restructure and clarify dependency to QCOM_WCNSS_CTRL]
      Signed-off-by: NBjorn Andersson <bjorn.andersson@linaro.org>
      Acked-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6e9e6cc8
    • E
      inet: frag: release spinlock before calling icmp_send() · ec4fbd64
      Eric Dumazet 提交于
      Dmitry reported a lockdep splat [1] (false positive) that we can fix
      by releasing the spinlock before calling icmp_send() from ip_expire()
      
      This is a false positive because sending an ICMP message can not
      possibly re-enter the IP frag engine.
      
      [1]
      [ INFO: possible circular locking dependency detected ]
      4.10.0+ #29 Not tainted
      -------------------------------------------------------
      modprobe/12392 is trying to acquire lock:
       (_xmit_ETHER#2){+.-...}, at: [<ffffffff837a8182>] spin_lock
      include/linux/spinlock.h:299 [inline]
       (_xmit_ETHER#2){+.-...}, at: [<ffffffff837a8182>] __netif_tx_lock
      include/linux/netdevice.h:3486 [inline]
       (_xmit_ETHER#2){+.-...}, at: [<ffffffff837a8182>]
      sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180
      
      but task is already holding lock:
       (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>] spin_lock
      include/linux/spinlock.h:299 [inline]
       (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>]
      ip_expire+0x51/0x6c0 net/ipv4/ip_fragment.c:201
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #1 (&(&q->lock)->rlock){+.-...}:
             validate_chain kernel/locking/lockdep.c:2267 [inline]
             __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340
             lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755
             __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
             _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
             spin_lock include/linux/spinlock.h:299 [inline]
             ip_defrag+0x3a2/0x4130 net/ipv4/ip_fragment.c:669
             ip_check_defrag+0x4e3/0x8b0 net/ipv4/ip_fragment.c:713
             packet_rcv_fanout+0x282/0x800 net/packet/af_packet.c:1459
             deliver_skb net/core/dev.c:1834 [inline]
             dev_queue_xmit_nit+0x294/0xa90 net/core/dev.c:1890
             xmit_one net/core/dev.c:2903 [inline]
             dev_hard_start_xmit+0x16b/0xab0 net/core/dev.c:2923
             sch_direct_xmit+0x31f/0x6d0 net/sched/sch_generic.c:182
             __dev_xmit_skb net/core/dev.c:3092 [inline]
             __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358
             dev_queue_xmit+0x17/0x20 net/core/dev.c:3423
             neigh_resolve_output+0x6b9/0xb10 net/core/neighbour.c:1308
             neigh_output include/net/neighbour.h:478 [inline]
             ip_finish_output2+0x8b8/0x15a0 net/ipv4/ip_output.c:228
             ip_do_fragment+0x1d93/0x2720 net/ipv4/ip_output.c:672
             ip_fragment.constprop.54+0x145/0x200 net/ipv4/ip_output.c:545
             ip_finish_output+0x82d/0xe10 net/ipv4/ip_output.c:314
             NF_HOOK_COND include/linux/netfilter.h:246 [inline]
             ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404
             dst_output include/net/dst.h:486 [inline]
             ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124
             ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492
             ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512
             raw_sendmsg+0x26de/0x3a00 net/ipv4/raw.c:655
             inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:761
             sock_sendmsg_nosec net/socket.c:633 [inline]
             sock_sendmsg+0xca/0x110 net/socket.c:643
             ___sys_sendmsg+0x4a3/0x9f0 net/socket.c:1985
             __sys_sendmmsg+0x25c/0x750 net/socket.c:2075
             SYSC_sendmmsg net/socket.c:2106 [inline]
             SyS_sendmmsg+0x35/0x60 net/socket.c:2101
             do_syscall_64+0x2e8/0x930 arch/x86/entry/common.c:281
             return_from_SYSCALL_64+0x0/0x7a
      
      -> #0 (_xmit_ETHER#2){+.-...}:
             check_prev_add kernel/locking/lockdep.c:1830 [inline]
             check_prevs_add+0xa8f/0x19f0 kernel/locking/lockdep.c:1940
             validate_chain kernel/locking/lockdep.c:2267 [inline]
             __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340
             lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755
             __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
             _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
             spin_lock include/linux/spinlock.h:299 [inline]
             __netif_tx_lock include/linux/netdevice.h:3486 [inline]
             sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180
             __dev_xmit_skb net/core/dev.c:3092 [inline]
             __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358
             dev_queue_xmit+0x17/0x20 net/core/dev.c:3423
             neigh_hh_output include/net/neighbour.h:468 [inline]
             neigh_output include/net/neighbour.h:476 [inline]
             ip_finish_output2+0xf6c/0x15a0 net/ipv4/ip_output.c:228
             ip_finish_output+0xa29/0xe10 net/ipv4/ip_output.c:316
             NF_HOOK_COND include/linux/netfilter.h:246 [inline]
             ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404
             dst_output include/net/dst.h:486 [inline]
             ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124
             ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492
             ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512
             icmp_push_reply+0x372/0x4d0 net/ipv4/icmp.c:394
             icmp_send+0x156c/0x1c80 net/ipv4/icmp.c:754
             ip_expire+0x40e/0x6c0 net/ipv4/ip_fragment.c:239
             call_timer_fn+0x241/0x820 kernel/time/timer.c:1268
             expire_timers kernel/time/timer.c:1307 [inline]
             __run_timers+0x960/0xcf0 kernel/time/timer.c:1601
             run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614
             __do_softirq+0x31f/0xbe7 kernel/softirq.c:284
             invoke_softirq kernel/softirq.c:364 [inline]
             irq_exit+0x1cc/0x200 kernel/softirq.c:405
             exiting_irq arch/x86/include/asm/apic.h:657 [inline]
             smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:962
             apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:707
             __read_once_size include/linux/compiler.h:254 [inline]
             atomic_read arch/x86/include/asm/atomic.h:26 [inline]
             rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline]
             __rcu_is_watching kernel/rcu/tree.c:1133 [inline]
             rcu_is_watching+0x83/0x110 kernel/rcu/tree.c:1147
             rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:293
             radix_tree_deref_slot include/linux/radix-tree.h:238 [inline]
             filemap_map_pages+0x6d4/0x1570 mm/filemap.c:2335
             do_fault_around mm/memory.c:3231 [inline]
             do_read_fault mm/memory.c:3265 [inline]
             do_fault+0xbd5/0x2080 mm/memory.c:3370
             handle_pte_fault mm/memory.c:3600 [inline]
             __handle_mm_fault+0x1062/0x2cb0 mm/memory.c:3714
             handle_mm_fault+0x1e2/0x480 mm/memory.c:3751
             __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1397
             do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1460
             page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1011
      
      other info that might help us debug this:
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(&(&q->lock)->rlock);
                                     lock(_xmit_ETHER#2);
                                     lock(&(&q->lock)->rlock);
        lock(_xmit_ETHER#2);
      
       *** DEADLOCK ***
      
      10 locks held by modprobe/12392:
       #0:  (&mm->mmap_sem){++++++}, at: [<ffffffff81329758>]
      __do_page_fault+0x2b8/0xb60 arch/x86/mm/fault.c:1336
       #1:  (rcu_read_lock){......}, at: [<ffffffff8188cab6>]
      filemap_map_pages+0x1e6/0x1570 mm/filemap.c:2324
       #2:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<ffffffff81984a78>]
      spin_lock include/linux/spinlock.h:299 [inline]
       #2:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<ffffffff81984a78>]
      pte_alloc_one_map mm/memory.c:2944 [inline]
       #2:  (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<ffffffff81984a78>]
      alloc_set_pte+0x13b8/0x1b90 mm/memory.c:3072
       #3:  (((&q->timer))){+.-...}, at: [<ffffffff81627e72>]
      lockdep_copy_map include/linux/lockdep.h:175 [inline]
       #3:  (((&q->timer))){+.-...}, at: [<ffffffff81627e72>]
      call_timer_fn+0x1c2/0x820 kernel/time/timer.c:1258
       #4:  (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>] spin_lock
      include/linux/spinlock.h:299 [inline]
       #4:  (&(&q->lock)->rlock){+.-...}, at: [<ffffffff8389a4d1>]
      ip_expire+0x51/0x6c0 net/ipv4/ip_fragment.c:201
       #5:  (rcu_read_lock){......}, at: [<ffffffff8389a633>]
      ip_expire+0x1b3/0x6c0 net/ipv4/ip_fragment.c:216
       #6:  (slock-AF_INET){+.-...}, at: [<ffffffff839b3313>] spin_trylock
      include/linux/spinlock.h:309 [inline]
       #6:  (slock-AF_INET){+.-...}, at: [<ffffffff839b3313>] icmp_xmit_lock
      net/ipv4/icmp.c:219 [inline]
       #6:  (slock-AF_INET){+.-...}, at: [<ffffffff839b3313>]
      icmp_send+0x803/0x1c80 net/ipv4/icmp.c:681
       #7:  (rcu_read_lock_bh){......}, at: [<ffffffff838ab9a1>]
      ip_finish_output2+0x2c1/0x15a0 net/ipv4/ip_output.c:198
       #8:  (rcu_read_lock_bh){......}, at: [<ffffffff836d1dee>]
      __dev_queue_xmit+0x23e/0x1e60 net/core/dev.c:3324
       #9:  (dev->qdisc_running_key ?: &qdisc_running_key){+.....}, at:
      [<ffffffff836d3a27>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3423
      
      stack backtrace:
      CPU: 0 PID: 12392 Comm: modprobe Not tainted 4.10.0+ #29
      Hardware name: Google Google Compute Engine/Google Compute Engine,
      BIOS Google 01/01/2011
      Call Trace:
       <IRQ>
       __dump_stack lib/dump_stack.c:16 [inline]
       dump_stack+0x2ee/0x3ef lib/dump_stack.c:52
       print_circular_bug+0x307/0x3b0 kernel/locking/lockdep.c:1204
       check_prev_add kernel/locking/lockdep.c:1830 [inline]
       check_prevs_add+0xa8f/0x19f0 kernel/locking/lockdep.c:1940
       validate_chain kernel/locking/lockdep.c:2267 [inline]
       __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340
       lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755
       __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
       _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
       spin_lock include/linux/spinlock.h:299 [inline]
       __netif_tx_lock include/linux/netdevice.h:3486 [inline]
       sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180
       __dev_xmit_skb net/core/dev.c:3092 [inline]
       __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358
       dev_queue_xmit+0x17/0x20 net/core/dev.c:3423
       neigh_hh_output include/net/neighbour.h:468 [inline]
       neigh_output include/net/neighbour.h:476 [inline]
       ip_finish_output2+0xf6c/0x15a0 net/ipv4/ip_output.c:228
       ip_finish_output+0xa29/0xe10 net/ipv4/ip_output.c:316
       NF_HOOK_COND include/linux/netfilter.h:246 [inline]
       ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404
       dst_output include/net/dst.h:486 [inline]
       ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124
       ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492
       ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512
       icmp_push_reply+0x372/0x4d0 net/ipv4/icmp.c:394
       icmp_send+0x156c/0x1c80 net/ipv4/icmp.c:754
       ip_expire+0x40e/0x6c0 net/ipv4/ip_fragment.c:239
       call_timer_fn+0x241/0x820 kernel/time/timer.c:1268
       expire_timers kernel/time/timer.c:1307 [inline]
       __run_timers+0x960/0xcf0 kernel/time/timer.c:1601
       run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614
       __do_softirq+0x31f/0xbe7 kernel/softirq.c:284
       invoke_softirq kernel/softirq.c:364 [inline]
       irq_exit+0x1cc/0x200 kernel/softirq.c:405
       exiting_irq arch/x86/include/asm/apic.h:657 [inline]
       smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:962
       apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:707
      RIP: 0010:__read_once_size include/linux/compiler.h:254 [inline]
      RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:26 [inline]
      RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline]
      RIP: 0010:__rcu_is_watching kernel/rcu/tree.c:1133 [inline]
      RIP: 0010:rcu_is_watching+0x83/0x110 kernel/rcu/tree.c:1147
      RSP: 0000:ffff8801c391f120 EFLAGS: 00000a03 ORIG_RAX: ffffffffffffff10
      RAX: dffffc0000000000 RBX: ffff8801c391f148 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: 000055edd4374000 RDI: ffff8801dbe1ae0c
      RBP: ffff8801c391f1a0 R08: 0000000000000002 R09: 0000000000000000
      R10: dffffc0000000000 R11: 0000000000000002 R12: 1ffff10038723e25
      R13: ffff8801dbe1ae00 R14: ffff8801c391f680 R15: dffffc0000000000
       </IRQ>
       rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:293
       radix_tree_deref_slot include/linux/radix-tree.h:238 [inline]
       filemap_map_pages+0x6d4/0x1570 mm/filemap.c:2335
       do_fault_around mm/memory.c:3231 [inline]
       do_read_fault mm/memory.c:3265 [inline]
       do_fault+0xbd5/0x2080 mm/memory.c:3370
       handle_pte_fault mm/memory.c:3600 [inline]
       __handle_mm_fault+0x1062/0x2cb0 mm/memory.c:3714
       handle_mm_fault+0x1e2/0x480 mm/memory.c:3751
       __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1397
       do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1460
       page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1011
      RIP: 0033:0x7f83172f2786
      RSP: 002b:00007fffe859ae80 EFLAGS: 00010293
      RAX: 000055edd4373040 RBX: 00007f83175111c8 RCX: 000055edd4373238
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f8317510970
      RBP: 00007fffe859afd0 R08: 0000000000000009 R09: 0000000000000000
      R10: 0000000000000064 R11: 0000000000000000 R12: 000055edd4373040
      R13: 0000000000000000 R14: 00007fffe859afe8 R15: 0000000000000000
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ec4fbd64
    • E
      tcp: initialize icsk_ack.lrcvtime at session start time · 15bb7745
      Eric Dumazet 提交于
      icsk_ack.lrcvtime has a 0 value at socket creation time.
      
      tcpi_last_data_recv can have bogus value if no payload is ever received.
      
      This patch initializes icsk_ack.lrcvtime for active sessions
      in tcp_finish_connect(), and for passive sessions in
      tcp_create_openreq_child()
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      15bb7745
    • S
      genetlink: fix counting regression on ctrl_dumpfamily() · 1d2a6a5e
      Stanislaw Gruszka 提交于
      Commit 2ae0f17d ("genetlink: use idr to track families") replaced
      
      	if (++n < fams_to_skip)
      		continue;
      into:
      
      	if (n++ < fams_to_skip)
      		continue;
      
      This subtle change cause that on retry ctrl_dumpfamily() call we omit
      one family that failed to do ctrl_fill_info() on previous call, because
      cb->args[0] = n number counts also family that failed to do
      ctrl_fill_info().
      
      Patch fixes the problem and avoid confusion in the future just decrease
      n counter when ctrl_fill_info() fail.
      
      User visible problem caused by this bug is failure to get access to
      some genetlink family i.e. nl80211. However problem is reproducible
      only if number of registered genetlink families is big enough to
      cause second call of ctrl_dumpfamily().
      
      Cc: Xose Vazquez Perez <xose.vazquez@gmail.com>
      Cc: Larry Finger <Larry.Finger@lwfinger.net>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Fixes: 2ae0f17d ("genetlink: use idr to track families")
      Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
      Acked-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1d2a6a5e
    • D
      socket, bpf: fix sk_filter use after free in sk_clone_lock · a97e50cc
      Daniel Borkmann 提交于
      In sk_clone_lock(), we create a new socket and inherit most of the
      parent's members via sock_copy() which memcpy()'s various sections.
      Now, in case the parent socket had a BPF socket filter attached,
      then newsk->sk_filter points to the same instance as the original
      sk->sk_filter.
      
      sk_filter_charge() is then called on the newsk->sk_filter to take a
      reference and should that fail due to hitting max optmem, we bail
      out and release the newsk instance.
      
      The issue is that commit 278571ba ("net: filter: simplify socket
      charging") wrongly combined the dismantle path with the failure path
      of xfrm_sk_clone_policy(). This means, even when charging failed, we
      call sk_free_unlock_clone() on the newsk, which then still points to
      the same sk_filter as the original sk.
      
      Thus, sk_free_unlock_clone() calls into __sk_destruct() eventually
      where it tests for present sk_filter and calls sk_filter_uncharge()
      on it, which potentially lets sk_omem_alloc wrap around and releases
      the eBPF prog and sk_filter structure from the (still intact) parent.
      
      Fix it by making sure that when sk_filter_charge() failed, we reset
      newsk->sk_filter back to NULL before passing to sk_free_unlock_clone(),
      so that we don't mess with the parents sk_filter.
      
      Only if xfrm_sk_clone_policy() fails, we did reach the point where
      either the parent's filter was NULL and as a result newsk's as well
      or where we previously had a successful sk_filter_charge(), thus for
      that case, we do need sk_filter_uncharge() to release the prior taken
      reference on sk_filter.
      
      Fixes: 278571ba ("net: filter: simplify socket charging")
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a97e50cc
    • E
      ipv4: provide stronger user input validation in nl_fib_input() · c64c0b3c
      Eric Dumazet 提交于
      Alexander reported a KMSAN splat caused by reads of uninitialized
      field (tb_id_in) from user provided struct fib_result_nl
      
      It turns out nl_fib_input() sanity tests on user input is a bit
      wrong :
      
      User can pretend nlh->nlmsg_len is big enough, but provide
      at sendmsg() time a too small buffer.
      Reported-by: NAlexander Potapenko <glider@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c64c0b3c
    • A
      bpf: fix hashmap extra_elems logic · 8c290e60
      Alexei Starovoitov 提交于
      In both kmalloc and prealloc mode the bpf_map_update_elem() is using
      per-cpu extra_elems to do atomic update when the map is full.
      There are two issues with it. The logic can be misused, since it allows
      max_entries+num_cpus elements to be present in the map. And alloc_extra_elems()
      at map creation time can fail percpu alloc for large map values with a warn:
      WARNING: CPU: 3 PID: 2752 at ../mm/percpu.c:892 pcpu_alloc+0x119/0xa60
      illegal size (32824) or align (8) for percpu allocation
      
      The fixes for both of these issues are different for kmalloc and prealloc modes.
      For prealloc mode allocate extra num_possible_cpus elements and store
      their pointers into extra_elems array instead of actual elements.
      Hence we can use these hidden(spare) elements not only when the map is full
      but during bpf_map_update_elem() that replaces existing element too.
      That also improves performance, since pcpu_freelist_pop/push is avoided.
      Unfortunately this approach cannot be used for kmalloc mode which needs
      to kfree elements after rcu grace period. Therefore switch it back to normal
      kmalloc even when full and old element exists like it was prior to
      commit 6c905981 ("bpf: pre-allocate hash map elements").
      
      Add tests to check for over max_entries and large map values.
      Reported-by: NDave Jones <davej@codemonkey.org.uk>
      Fixes: 6c905981 ("bpf: pre-allocate hash map elements")
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8c290e60
    • G
      enic: update enic maintainers · dd1ef791
      Govindarajulu Varadarajan 提交于
      update enic maintainers
      Signed-off-by: NGovindarajulu Varadarajan <gvaradar@cisco.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dd1ef791
    • D
      net: bcmgenet: remove bcmgenet_internal_phy_setup() · 31739eae
      Doug Berger 提交于
      Commit 6ac3ce82 ("net: bcmgenet: Remove excessive PHY reset")
      removed the bcmgenet_mii_reset() function from bcmgenet_power_up() and
      bcmgenet_internal_phy_setup() functions.  In so doing it broke the reset
      of the internal PHY devices used by the GENETv1-GENETv3 which required
      this reset before the UniMAC was enabled.  It also broke the internal
      GPHY devices used by the GENETv4 because the config_init that installed
      the AFE workaround was no longer occurring after the reset of the GPHY
      performed by bcmgenet_phy_power_set() in bcmgenet_internal_phy_setup().
      In addition the code in bcmgenet_internal_phy_setup() related to the
      "enable APD" comment goes with the bcmgenet_mii_reset() so it should
      have also been removed.
      
      Commit bd4060a6 ("net: bcmgenet: Power on integrated GPHY in
      bcmgenet_power_up()") moved the bcmgenet_phy_power_set() call to the
      bcmgenet_power_up() function, but failed to remove it from the
      bcmgenet_internal_phy_setup() function.  Had it done so, the
      bcmgenet_internal_phy_setup() function would have been empty and could
      have been removed at that time.
      
      Commit 5dbebbb4 ("net: bcmgenet: Software reset EPHY after power on")
      was submitted to correct the functional problems introduced by
      commit 6ac3ce82 ("net: bcmgenet: Remove excessive PHY reset"). It
      was included in v4.4 and made available on 4.3-stable. Unfortunately,
      it didn't fully revert the commit because this bcmgenet_mii_reset()
      doesn't apply the soft reset to the internal GPHY used by GENETv4 like
      the previous one did. This prevents the restoration of the AFE work-
      arounds for internal GPHY devices after the bcmgenet_phy_power_set() in
      bcmgenet_internal_phy_setup().
      
      This commit takes the alternate approach of removing the unnecessary
      bcmgenet_internal_phy_setup() function which shouldn't have been in v4.3
      so that when bcmgenet_mii_reset() was restored it should have only gone
      into bcmgenet_power_up().  This will avoid the problems while also
      removing the redundancy (and hopefully some of the confusion).
      
      Fixes: 6ac3ce82 ("net: bcmgenet: Remove excessive PHY reset")
      Signed-off-by: NDoug Berger <opendmb@gmail.com>
      Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      31739eae
    • A
      ipv6: make sure to initialize sockc.tsflags before first use · d515684d
      Alexander Potapenko 提交于
      In the case udp_sk(sk)->pending is AF_INET6, udpv6_sendmsg() would
      jump to do_append_data, skipping the initialization of sockc.tsflags.
      Fix the problem by moving sockc.tsflags initialization earlier.
      
      The bug was detected with KMSAN.
      
      Fixes: c14ac945 ("sock: enable timestamping using control messages")
      Signed-off-by: NAlexander Potapenko <glider@google.com>
      Acked-by: NSoheil Hassas Yeganeh <soheil@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d515684d
    • D
      Merge branch 'fjes-fixes' · 1b33c0d2
      David S. Miller 提交于
      YASUAKI ISHIMATSU says:
      
      ====================
      fjes: Do not load fjes driver
      
      The fjes driver is used only by FUJITSU servers and almost of all
      servers in the world never use it. But currently if ACPI PNP0C02
      is defined in the ACPI table, the following message is always shown:
      
       "FUJITSU Extended Socket Network Device Driver - version 1.2
        - Copyright (c) 2015 FUJITSU LIMITED"
      
      The message makes users confused because there is no reason that
      the message is shown in other vendor servers.
      
      To avoid the confusion, the patch adds several checks.
      
      v3:
        - Rebase on latest net tree.
        - Add _STA method check to avoid loading fjes driver.
      
      v2:
        - Order local variable declarations from longest to shortest line
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1b33c0d2
    • Y
      fjes: Do not load fjes driver if extended socket device is not power on. · 2b396d30
      Yasuaki Ishimatsu 提交于
      The extended device socket cannot turn on/off while system is running.
      So when system boots up and the device is not power on, the fjes driver
      does not need be loaded.
      
      To check the status of the device, the patch adds ACPI _STA method check.
      Signed-off-by: NYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      CC: Taku Izumi <izumi.taku@jp.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2b396d30
    • Y
      fjes: Do not load fjes driver if system does not have extended socket device. · ac23d3ca
      Yasuaki Ishimatsu 提交于
      The fjes driver is used only by FUJITSU servers and almost of all
      servers in the world never use it. But currently if ACPI PNP0C02
      is defined in the ACPI table, the following message is always shown:
      
       "FUJITSU Extended Socket Network Device Driver - version 1.2
        - Copyright (c) 2015 FUJITSU LIMITED"
      
      The message makes users confused because there is no reason that
      the message is shown in other vendor servers.
      
      To avoid the confusion, the patch adds a check that the server
      has a extended socket device or not.
      Signed-off-by: NYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      CC: Taku Izumi <izumi.taku@jp.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ac23d3ca
    • D
      Merge branch 'mlx5-fixes' · efad54a1
      David S. Miller 提交于
      Saeed Mahameed says:
      
      ====================
      Mellanox mlx5 fixes 2017-03-21
      
      This series contains some mlx5 core and ethernet driver fixes.
      
      For -stable:
      net/mlx5e: Count LRO packets correctly (for kernel >= 4.2)
      net/mlx5e: Count GSO packets correctly (for kernel >= 4.2)
      net/mlx5: Increase number of max QPs in default profile (for kernel >= 4.0)
      net/mlx5e: Avoid supporting udp tunnel port ndo for VF reps (for kernel >= 4.10)
      net/mlx5e: Use the proper UAPI values when offloading TC vlan actions (for kernel >= v4.9)
      net/mlx5: E-Switch, Don't allow changing inline mode when flows are configured (for kernel >= 4.10)
      net/mlx5e: Change the TC offload rule add/del code path to be per NIC or E-Switch (for kernel >= 4.10)
      net/mlx5: Add missing entries for set/query rate limit commands (for kernel >= 4.8)
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      efad54a1
    • G
      net/mlx5e: Count LRO packets correctly · 8ab7e2ae
      Gal Pressman 提交于
      RX packets statistics ('rx_packets' counter) used to count LRO packets
      as one, even though it contains multiple segments.
      This patch will increment the counter by the number of segments, and
      align the driver with the behavior of other drivers in the stack.
      
      Note that no information is lost in this patch due to 'rx_lro_packets'
      counter existence.
      
      Before, ethtool showed:
      $ ethtool -S ens6 | egrep "rx_packets|rx_lro_packets"
           rx_packets: 435277
           rx_lro_packets: 35847
           rx_packets_phy: 1935066
      
      Now, we will see the more logical statistics:
      $ ethtool -S ens6 | egrep "rx_packets|rx_lro_packets"
           rx_packets: 1935066
           rx_lro_packets: 35847
           rx_packets_phy: 1935066
      
      Fixes: e586b3b0 ("net/mlx5: Ethernet Datapath files")
      Signed-off-by: NGal Pressman <galp@mellanox.com>
      Cc: kernel-team@fb.com
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8ab7e2ae
    • G
      net/mlx5e: Count GSO packets correctly · d3a4e4da
      Gal Pressman 提交于
      TX packets statistics ('tx_packets' counter) used to count GSO packets
      as one, even though it contains multiple segments.
      This patch will increment the counter by the number of segments, and
      align the driver with the behavior of other drivers in the stack.
      
      Note that no information is lost in this patch due to 'tx_tso_packets'
      counter existence.
      
      Before, ethtool showed:
      $ ethtool -S ens6 | egrep "tx_packets|tx_tso_packets"
           tx_packets: 61340
           tx_tso_packets: 60954
           tx_packets_phy: 2451115
      
      Now, we will see the more logical statistics:
      $ ethtool -S ens6 | egrep "tx_packets|tx_tso_packets"
           tx_packets: 2451115
           tx_tso_packets: 60954
           tx_packets_phy: 2451115
      
      Fixes: e586b3b0 ("net/mlx5: Ethernet Datapath files")
      Signed-off-by: NGal Pressman <galp@mellanox.com>
      Cc: kernel-team@fb.com
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d3a4e4da
    • M
      net/mlx5: Increase number of max QPs in default profile · 5f40b4ed
      Maor Gottlieb 提交于
      With ConnectX-4 sharing SRQs from the same space as QPs, we hit a
      limit preventing some applications to allocate needed QPs amount.
      Double the size to 256K.
      
      Fixes: e126ba97 ('mlx5: Add driver for Mellanox Connect-IB adapters')
      Signed-off-by: NMaor Gottlieb <maorg@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5f40b4ed
    • P
      net/mlx5e: Avoid supporting udp tunnel port ndo for VF reps · 1ad9a00a
      Paul Blakey 提交于
      This was added to allow the TC offloading code to identify offloading
      encap/decap vxlan rules.
      
      The VF reps are effectively related to the same mlx5 PCI device as the
      PF. Since the kernel invokes the (say) delete ndo for each netdev, the
      FW erred on multiple vxlan dst port deletes when the port was deleted
      from the system.
      
      We fix that by keeping the registration to be carried out only by the
      PF. Since the PF serves as the uplink device, the VF reps will look
      up a port there and realize if they are ok to offload that.
      
      Tested:
       <SETUP VFS>
       <SETUP switchdev mode to have representors>
       ip link add vxlan1 type vxlan id 44 dev ens5f0 dstport 9999
       ip link set vxlan1 up
       ip link del dev vxlan1
      
      Fixes: 4a25730e ('net/mlx5e: Add ndo_udp_tunnel_add to VF representors')
      Signed-off-by: NPaul Blakey <paulb@mellanox.com>
      Reviewed-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1ad9a00a
    • O
      net/mlx5e: Use the proper UAPI values when offloading TC vlan actions · 09c91ddf
      Or Gerlitz 提交于
      Currently we use the non UAPI values and we miss erring on
      the modify action which is not supported, fix that.
      
      Fixes: 8b32580d ('net/mlx5e: Add TC vlan action for SRIOV offloads')
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Reported-by: NPetr Machata <petrm@mellanox.com>
      Reviewed-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      09c91ddf
    • R
      net/mlx5: E-Switch, Don't allow changing inline mode when flows are configured · 375f51e2
      Roi Dayan 提交于
      Changing the eswitch inline mode can potentially cause already configured
      flows not to match the policy. E.g. set policy L4, add some L4 rules,
      set policy to L2 --> bad! Hence we disallow it.
      
      Keep track of how many offloaded rules are now set and refuse
      inline mode changes if this isn't zero.
      
      Fixes: bffaa916 ("net/mlx5: E-Switch, Add control for inline mode")
      Signed-off-by: NRoi Dayan <roid@mellanox.com>
      Reviewed-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      375f51e2
    • O
      net/mlx5e: Change the TC offload rule add/del code path to be per NIC or E-Switch · d85cdccb
      Or Gerlitz 提交于
      Refactor the code to deal with add/del TC rules to have handler per NIC/E-switch
      offloading use case, and push the latter into the e-switch code. This provides
      better separation and is to be used in down-stream patch for applying a fix.
      
      Fixes: bffaa916 ("net/mlx5: E-Switch, Add control for inline mode")
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Reviewed-by: NRoi Dayan <roid@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d85cdccb
    • O
      net/mlx5: Add missing entries for set/query rate limit commands · 1f30a86c
      Or Gerlitz 提交于
      The switch cases for the rate limit set and query commands were
      missing, which could get us wrong under fw error or driver reset
      flow, fix that.
      
      Fixes: 1466cc5b ('net/mlx5: Rate limit tables support')
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Reviewed-by: NHadar Hen Zion <hadarh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1f30a86c
    • D
      Merge tag 'wireless-drivers-for-davem-2017-03-21' of... · bf601fe5
      David S. Miller 提交于
      Merge tag 'wireless-drivers-for-davem-2017-03-21' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.11
      
      iwlwifi
      
      * fix a user reported warning in DQA
      
      mwifiex
      
      * fix a potential double free
      * fix lost early debug logs
      * fix init wakeup warning message from device framework
      * add Ganapathi and Xinming as maintainers
      
      ath10k
      
      * fix regression with QCA6174 during resume and firmware crash
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bf601fe5
    • Y
      tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe · 557d054c
      Ying Xue 提交于
      Until now, tipc_nametbl_unsubscribe() is called at subscriptions
      reference count cleanup. Usually the subscriptions cleanup is
      called at subscription timeout or at subscription cancel or at
      subscriber delete.
      
      We have ignored the possibility of this being called from other
      locations, which causes deadlock as we try to grab the
      tn->nametbl_lock while holding it already.
      
         CPU1:                             CPU2:
      ----------                     ----------------
      tipc_nametbl_publish
      spin_lock_bh(&tn->nametbl_lock)
      tipc_nametbl_insert_publ
      tipc_nameseq_insert_publ
      tipc_subscrp_report_overlap
      tipc_subscrp_get
      tipc_subscrp_send_event
                                   tipc_close_conn
                                   tipc_subscrb_release_cb
                                   tipc_subscrb_delete
                                   tipc_subscrp_put
      tipc_subscrp_put
      tipc_subscrp_kref_release
      tipc_nametbl_unsubscribe
      spin_lock_bh(&tn->nametbl_lock)
      <<grab nametbl_lock again>>
      
         CPU1:                              CPU2:
      ----------                     ----------------
      tipc_nametbl_stop
      spin_lock_bh(&tn->nametbl_lock)
      tipc_purge_publications
      tipc_nameseq_remove_publ
      tipc_subscrp_report_overlap
      tipc_subscrp_get
      tipc_subscrp_send_event
                                   tipc_close_conn
                                   tipc_subscrb_release_cb
                                   tipc_subscrb_delete
                                   tipc_subscrp_put
      tipc_subscrp_put
      tipc_subscrp_kref_release
      tipc_nametbl_unsubscribe
      spin_lock_bh(&tn->nametbl_lock)
      <<grab nametbl_lock again>>
      
      In this commit, we advance the calling of tipc_nametbl_unsubscribe()
      from the refcount cleanup to the intended callers.
      
      Fixes: d094c4d5 ("tipc: add subscription refcount to avoid invalid delete")
      Reported-by: NJohn Thompson <thompa.atl@gmail.com>
      Acked-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NYing Xue <ying.xue@windriver.com>
      Signed-off-by: NParthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      557d054c
    • X
      sctp: remove useless err from sctp_association_init · 58194778
      Xin Long 提交于
      This patch is to remove the unnecessary temporary variable 'err' from
      sctp_association_init.
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      58194778
    • X
      sctp: declare struct sctp_stream before using it · 1511949c
      Xin Long 提交于
      sctp_stream_free uses struct sctp_stream as a param, but struct sctp_stream
      is defined after it's declaration.
      
      This patch is to declare struct sctp_stream before sctp_stream_free.
      
      Fixes: a8386317 ("sctp: prepare asoc stream for stream reconf")
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1511949c
    • A
      cpsw/netcp: cpts depends on posix_timers · 07fef362
      Arnd Bergmann 提交于
      With posix timers having become optional, we get a build error with
      the cpts time sync option of the CPSW driver:
      
      drivers/net/ethernet/ti/cpts.c: In function 'cpts_find_ts':
      drivers/net/ethernet/ti/cpts.c:291:23: error: implicit declaration of function 'ptp_classify_raw';did you mean 'ptp_classifier_init'? [-Werror=implicit-function-declaration]
      
      This adds a hard dependency on PTP_CLOCK to avoid the problem, as
      building it without PTP support makes no sense anyway.
      
      Fixes: baa73d9e ("posix-timers: Make them configurable")
      Cc: Nicolas Pitre <nicolas.pitre@linaro.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Acked-by: NNicolas Pitre <nico@linaro.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      07fef362
    • A
      cpsw/netcp: work around reverse cpts dependency · be9ca0d3
      Arnd Bergmann 提交于
      The dependency is reversed: cpsw and netcp call into cpts,
      but cpts depends on the other two in Kconfig. This can lead
      to cpts being a loadable module and its callers built-in:
      
      drivers/net/ethernet/ti/cpsw.o: In function `cpsw_remove':
      cpsw.c:(.text.cpsw_remove+0xd0): undefined reference to `cpts_release'
      drivers/net/ethernet/ti/cpsw.o: In function `cpsw_rx_handler':
      cpsw.c:(.text.cpsw_rx_handler+0x2dc): undefined reference to `cpts_rx_timestamp'
      drivers/net/ethernet/ti/cpsw.o: In function `cpsw_tx_handler':
      cpsw.c:(.text.cpsw_tx_handler+0x7c): undefined reference to `cpts_tx_timestamp'
      drivers/net/ethernet/ti/cpsw.o: In function `cpsw_ndo_stop':
      
      As a workaround, I'm introducing another Kconfig symbol to
      control the compilation of cpts, while making the actual
      module controlled by a silent symbol that is =y when necessary.
      
      Fixes: 6246168b ("net: ethernet: ti: netcp: add support of cpts")
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Reviewed-by: NGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      be9ca0d3
    • D
      Merge branch 'r8152-rx-settings' · 8fb106b2
      David S. Miller 提交于
      Hayes Wang says:
      
      ====================
      r8152: fix the rx settings of RTL8153
      
      The RMS and the rx early size should base on the same rx size. However,
      the RMS is set to 9K bytes now and the rx early depends on mtu. For using
      the rx buffer effectively, sync the two settings according to the mtu.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8fb106b2
    • H
      r8152: fix the rx early size of RTL8153 · b20cb60e
      hayeswang 提交于
      revert commit a59e6d81 ("r8152: correct the rx early size") and
      fix the rx early size as
      
      	(rx buffer size - rx packet size - rx desc size - alignment) / 4
      Signed-off-by: NHayes Wang <hayeswang@realtek.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b20cb60e
    • H
      r8152: set the RMS of RTL8153 according to the mtu · 210c4f70
      hayeswang 提交于
      Set the received maximum size (RMS) according to the mtu size. It is
      unnecessary to receive a packet which is more than the size we could
      transmit. Besides, this could let the rx buffer be used effectively.
      Signed-off-by: NHayes Wang <hayeswang@realtek.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      210c4f70
    • T
      cgroup, net_cls: iterate the fds of only the tasks which are being migrated · a05d4fd9
      Tejun Heo 提交于
      The net_cls controller controls the classid field of each socket which
      is associated with the cgroup.  Because the classid is per-socket
      attribute, when a task migrates to another cgroup or the configured
      classid of the cgroup changes, the controller needs to walk all
      sockets and update the classid value, which was implemented by
      3b13758f ("cgroups: Allow dynamically changing net_classid").
      
      While the approach is not scalable, migrating tasks which have a lot
      of fds attached to them is rare and the cost is born by the ones
      initiating the operations.  However, for simplicity, both the
      migration and classid config change paths call update_classid() which
      scans all fds of all tasks in the target css.  This is an overkill for
      the migration path which only needs to cover a much smaller subset of
      tasks which are actually getting migrated in.
      
      On cgroup v1, this can lead to unexpected scalability issues when one
      tries to migrate a task or process into a net_cls cgroup which already
      contains a lot of fds.  Even if the migration traget doesn't have many
      to get scanned, update_classid() ends up scanning all fds in the
      target cgroup which can be extremely numerous.
      
      Unfortunately, on cgroup v2 which doesn't use net_cls, the problem is
      even worse.  Before bfc2cf6f ("cgroup: call subsys->*attach() only
      for subsystems which are actually affected by migration"), cgroup core
      would call the ->css_attach callback even for controllers which don't
      see actual migration to a different css.
      
      As net_cls is always disabled but still mounted on cgroup v2, whenever
      a process is migrated on the cgroup v2 hierarchy, net_cls sees
      identity migration from root to root and cgroup core used to call
      ->css_attach callback for those.  The net_cls ->css_attach ends up
      calling update_classid() on the root net_cls css to which all
      processes on the system belong to as the controller isn't used.  This
      makes any cgroup v2 migration O(total_number_of_fds_on_the_system)
      which is horrible and easily leads to noticeable stalls triggering RCU
      stall warnings and so on.
      
      The worst symptom is already fixed in upstream by bfc2cf6f
      ("cgroup: call subsys->*attach() only for subsystems which are
      actually affected by migration"); however, backporting that commit is
      too invasive and we want to avoid other cases too.
      
      This patch updates net_cls's cgrp_attach() to iterate fds of only the
      processes which are actually getting migrated.  This removes the
      surprising migration cost which is dependent on the total number of
      fds in the target cgroup.  As this leaves write_classid() the only
      user of update_classid(), open-code the helper into write_classid().
      Reported-by: NDavid Goode <dgoode@fb.com>
      Fixes: 3b13758f ("cgroups: Allow dynamically changing net_classid")
      Cc: stable@vger.kernel.org # v4.4+
      Cc: Nina Schiff <ninasc@fb.com>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a05d4fd9
  2. 22 3月, 2017 7 次提交