1. 29 3月, 2019 19 次提交
  2. 28 3月, 2019 21 次提交
    • D
      356d71e0
    • E
      inet: switch IP ID generator to siphash · df453700
      Eric Dumazet 提交于
      According to Amit Klein and Benny Pinkas, IP ID generation is too weak
      and might be used by attackers.
      
      Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
      having 64bit key and Jenkins hash is risky.
      
      It is time to switch to siphash and its 128bit keys.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NAmit Klein <aksecurity@gmail.com>
      Reported-by: NBenny Pinkas <benny@pinkas.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      df453700
    • C
      net: phy: mdio-bcm-unimac: remove redundant !timeout check · 180a8c3d
      Colin Ian King 提交于
      The check for zero timeout is always true at the end of the proceeding
      while loop; the only other exit path in the loop is if the unimac MDIO
      is not busy.  Remove the redundant zero timeout check and always
      return -ETIMEDOUT on this timeout return path.
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      180a8c3d
    • E
      tcp: fix zerocopy and notsent_lowat issues · 4f661542
      Eric Dumazet 提交于
      My recent patch had at least three problems :
      
      1) TX zerocopy wants notification when skb is acknowledged,
         thus we need to call skb_zcopy_clear() if the skb is
         cached into sk->sk_tx_skb_cache
      
      2) Some applications might expect precise EPOLLOUT
         notifications, so we need to update sk->sk_wmem_queued
         and call sk_mem_uncharge() from sk_wmem_free_skb()
         in all cases. The SOCK_QUEUE_SHRUNK flag must also be set.
      
      3) Reuse of saved skb should have used skb_cloned() instead
        of simply checking if the fast clone has been freed.
      
      Fixes: 472c2e07 ("tcp: add one skb cache for tx")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Willem de Bruijn <willemb@google.com>
      Cc: Soheil Hassas Yeganeh <soheil@google.com>
      Acked-by: NSoheil Hassas Yeganeh <soheil@google.com>
      Tested-by: NHolger Hoffstätte <holger@applied-asynchrony.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4f661542
    • N
      net: openvswitch: Add a new action check_pkt_len · 4d5ec89f
      Numan Siddique 提交于
      This patch adds a new action - 'check_pkt_len' which checks the
      packet length and executes a set of actions if the packet
      length is greater than the specified length or executes
      another set of actions if the packet length is lesser or equal to.
      
      This action takes below nlattrs
        * OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for
      
        * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER - Nested actions
          to apply if the packet length is greater than the specified 'pkt_len'
      
        * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL - Nested
          actions to apply if the packet length is lesser or equal to the
          specified 'pkt_len'.
      
      The main use case for adding this action is to solve the packet
      drops because of MTU mismatch in OVN virtual networking solution.
      When a VM (which belongs to a logical switch of OVN) sends a packet
      destined to go via the gateway router and if the nic which provides
      external connectivity, has a lesser MTU, OVS drops the packet
      if the packet length is greater than this MTU.
      
      With the help of this action, OVN will check the packet length
      and if it is greater than the MTU size, it will generate an
      ICMP packet (type 3, code 4) and includes the next hop mtu in it
      so that the sender can fragment the packets.
      
      Reported-at:
      https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.htmlSuggested-by: NBen Pfaff <blp@ovn.org>
      Signed-off-by: NNuman Siddique <nusiddiq@redhat.com>
      CC: Gregory Rose <gvrose8192@gmail.com>
      CC: Pravin B Shelar <pshelar@ovn.org>
      Acked-by: NPravin B Shelar <pshelar@ovn.org>
      Tested-by: NGreg Rose <gvrose8192@gmail.com>
      Reviewed-by: NGreg Rose <gvrose8192@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4d5ec89f
    • D
      Merge branch 'ethtool-add-support-for-Fast-Link-Down-as-new-PHY-tunable' · d7aa0338
      David S. Miller 提交于
      Heiner Kallweit says:
      
      ====================
      ethtool: add support for Fast Link Down as new PHY tunable
      
      This adds support for Fast Link Down as new PHY tunable.
      Fast Link Down reduces the time until a link down event is reported
      for 1000BaseT. According to the standard it's 750ms what is too long
      for several use cases.
      
      This is the kernel-related series, the ethtool userspace extension
      I'd submit once the kernel part has been applied.
      
      v2:
      - add describing comment in patch 1
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d7aa0338
    • H
      net: phy: marvell: add PHY tunable fast link down support for 88E1540 · 69f42be8
      Heiner Kallweit 提交于
      1000BaseT standard requires that a link is reported as down earliest
      after 750ms. Several use case however require a much faster detecion
      of a broken link. Fast Link Down supports this by intentionally
      violating a the standard. This patch exposes the Fast Link Down
      feature of 88E1540 and 88E6390. These PHY's can be found as internal
      PHY's in several switches: 88E6352, 88E6240, 88E6176, 88E6172,
      and 88E6390(X). Fast Link Down and EEE are mutually exclusive.
      Signed-off-by: NHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      69f42be8
    • H
      ethtool: add PHY Fast Link Down support · 3aeb0803
      Heiner Kallweit 提交于
      This adds support for Fast Link Down as new PHY tunable.
      Fast Link Down reduces the time until a link down event is reported
      for 1000BaseT. According to the standard it's 750ms what is too long
      for several use cases.
      
      v2:
      - add comment describing the constants
      Signed-off-by: NHeiner Kallweit <hkallweit1@gmail.com>
      Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: NMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3aeb0803
    • B
      net/core: Allow the compiler to verify declaration and definition consistency · 7b7ed885
      Bart Van Assche 提交于
      Instead of declaring a function in a .c file, declare it in a header
      file and include that header file from the source files that define
      and that use the function. That allows the compiler to verify
      consistency of declaration and definition. See also commit
      52267790 ("sock: add MSG_ZEROCOPY") # v4.14.
      
      Cc: Willem de Bruijn <willemb@google.com>
      Signed-off-by: NBart Van Assche <bvanassche@acm.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7b7ed885
    • B
      net/core: Fix rtnetlink kernel-doc headers · a986967e
      Bart Van Assche 提交于
      This patch avoids that the following warnings are reported when building
      with W=1:
      
      net/core/rtnetlink.c:3580: warning: Function parameter or member 'ndm' not described in 'ndo_dflt_fdb_add'
      net/core/rtnetlink.c:3580: warning: Function parameter or member 'tb' not described in 'ndo_dflt_fdb_add'
      net/core/rtnetlink.c:3580: warning: Function parameter or member 'dev' not described in 'ndo_dflt_fdb_add'
      net/core/rtnetlink.c:3580: warning: Function parameter or member 'addr' not described in 'ndo_dflt_fdb_add'
      net/core/rtnetlink.c:3580: warning: Function parameter or member 'vid' not described in 'ndo_dflt_fdb_add'
      net/core/rtnetlink.c:3580: warning: Function parameter or member 'flags' not described in 'ndo_dflt_fdb_add'
      net/core/rtnetlink.c:3718: warning: Function parameter or member 'ndm' not described in 'ndo_dflt_fdb_del'
      net/core/rtnetlink.c:3718: warning: Function parameter or member 'tb' not described in 'ndo_dflt_fdb_del'
      net/core/rtnetlink.c:3718: warning: Function parameter or member 'dev' not described in 'ndo_dflt_fdb_del'
      net/core/rtnetlink.c:3718: warning: Function parameter or member 'addr' not described in 'ndo_dflt_fdb_del'
      net/core/rtnetlink.c:3718: warning: Function parameter or member 'vid' not described in 'ndo_dflt_fdb_del'
      net/core/rtnetlink.c:3861: warning: Function parameter or member 'skb' not described in 'ndo_dflt_fdb_dump'
      net/core/rtnetlink.c:3861: warning: Function parameter or member 'cb' not described in 'ndo_dflt_fdb_dump'
      net/core/rtnetlink.c:3861: warning: Function parameter or member 'filter_dev' not described in 'ndo_dflt_fdb_dump'
      net/core/rtnetlink.c:3861: warning: Function parameter or member 'idx' not described in 'ndo_dflt_fdb_dump'
      net/core/rtnetlink.c:3861: warning: Excess function parameter 'nlh' description in 'ndo_dflt_fdb_dump'
      
      Cc: Hubert Sokolowski <hubert.sokolowski@intel.com>
      Signed-off-by: NBart Van Assche <bvanassche@acm.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a986967e
    • B
      net/core: Document __skb_flow_dissect() flags argument · d79b3baf
      Bart Van Assche 提交于
      This patch avoids that the following warning is reported when building
      with W=1:
      
      warning: Function parameter or member 'flags' not described in '__skb_flow_dissect'
      
      Cc: Tom Herbert <tom@herbertland.com>
      Fixes: cd79a238 ("flow_dissector: Add flags argument to skb_flow_dissector functions") # v4.3.
      Signed-off-by: NBart Van Assche <bvanassche@acm.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d79b3baf
    • B
      net/core: Document all dev_ioctl() arguments · b3c0fd61
      Bart Van Assche 提交于
      This patch avoids that the following warnings are reported when building
      with W=1:
      
      net/core/dev_ioctl.c:378: warning: Function parameter or member 'ifr' not described in 'dev_ioctl'
      net/core/dev_ioctl.c:378: warning: Function parameter or member 'need_copyout' not described in 'dev_ioctl'
      net/core/dev_ioctl.c:378: warning: Excess function parameter 'arg' description in 'dev_ioctl'
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Fixes: 44c02a2c ("dev_ioctl(): move copyin/copyout to callers") # v4.16.
      Signed-off-by: NBart Van Assche <bvanassche@acm.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b3c0fd61
    • B
      net/core: Document reuseport_add_sock() bind_inany argument · 37f3c421
      Bart Van Assche 提交于
      This patch avoids that the following warning is reported when building
      with W=1:
      
      warning: Function parameter or member 'bind_inany' not described in 'reuseport_add_sock'
      
      Cc: Martin KaFai Lau <kafai@fb.com>
      Fixes: 2dbb9b9e ("bpf: Introduce BPF_PROG_TYPE_SK_REUSEPORT") # v4.19.
      Signed-off-by: NBart Van Assche <bvanassche@acm.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      37f3c421
    • H
      net: dsa: mv88e6xxx: remove unneeded cmode initialization · 863d1a8d
      Heiner Kallweit 提交于
      This partially reverts ed8fe202 ("net: dsa: mv88e6xxx: prevent
      interrupt storm caused by mv88e6390x_port_set_cmode"). I missed
      that chip->ports[].cmode is overwritten anyway by the cmode
      caching in mv88e6xxx_setup().
      Signed-off-by: NHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      863d1a8d
    • S
      bnx2x: Utilize FW 7.13.11.0. · 32705592
      Sudarsana Reddy Kalluru 提交于
      Commit 8fcf0ec44c11f "bnx2x: Add FW 7.13.11.0" added said .bin FW to
      linux-firmware; This patch incorporates the FW in the bnx2x driver.
      This introduces few FW fixes and the support for Tx VLAN filtering.
      
      Please consider applying it to 'net-next' tree.
      Signed-off-by: NSudarsana Reddy Kalluru <skalluru@marvell.com>
      Signed-off-by: NAriel Elior <aelior@marvell.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      32705592
    • K
      fou: Support binding FoU socket · 1713cb37
      Kristian Evensen 提交于
      An FoU socket is currently bound to the wildcard-address. While this
      works fine, there are several use-cases where the use of the
      wildcard-address is not desirable. For example, I use FoU on some
      multi-homed servers and would like to use FoU on only one of the
      interfaces.
      
      This commit adds support for binding FoU sockets to a given source
      address/interface, as well as connecting the socket to a given
      destination address/port. udp_tunnel already provides the required
      infrastructure, so most of the code added is for exposing and setting
      the different attributes (local address, peer address, etc.).
      
      The lookups performed when we add, delete or get an FoU-socket has also
      been updated to compare all the attributes a user can set. Since the
      comparison now involves several elements, I have added a separate
      comparison-function instead of open-coding.
      
      In order to test the code and ensure that the new comparison code works
      correctly, I started by creating a wildcard socket bound to port 1234 on
      my machine. I then tried to create a non-wildcarded socket bound to the
      same port, as well as fetching and deleting the socket (including source
      address, peer address or interface index in the netlink request).  Both
      the create, fetch and delete request failed. Deleting/fetching the
      socket was only successful when my netlink request attributes matched
      those used to create the socket.
      
      I then repeated the tests, but with a socket bound to a local ip
      address, a socket bound to a local address + interface, and a bound
      socket that was also «connected» to a peer. Add only worked when no
      socket with the matching source address/interface (or wildcard) existed,
      while fetch/delete was only successful when all attributes matched.
      
      In addition to testing that the new code work, I also checked that the
      current behavior is kept. If none of the new attributes are provided,
      then an FoU-socket is configured as before (i.e., wildcarded).  If any
      of the new attributes are provided, the FoU-socket is configured as
      expected.
      
      v1->v2:
      * Fixed building with IPv6 disabled (kbuild).
      * Fixed a return type warning and make the ugly comparison function more
      readable (kbuild).
      * Describe more in detail what has been tested (thanks David Miller).
      * Make peer port required if peer address is specified.
      Signed-off-by: NKristian Evensen <kristian.evensen@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1713cb37
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 1a9df9e2
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
       "Fixes here and there, a couple new device IDs, as usual:
      
         1) Fix BQL race in dpaa2-eth driver, from Ioana Ciornei.
      
         2) Fix 64-bit division in iwlwifi, from Arnd Bergmann.
      
         3) Fix documentation for some eBPF helpers, from Quentin Monnet.
      
         4) Some UAPI bpf header sync with tools, also from Quentin Monnet.
      
         5) Set descriptor ownership bit at the right time for jumbo frames in
            stmmac driver, from Aaro Koskinen.
      
         6) Set IFF_UP properly in tun driver, from Eric Dumazet.
      
         7) Fix load/store doubleword instruction generation in powerpc eBPF
            JIT, from Naveen N. Rao.
      
         8) nla_nest_start() return value checks all over, from Kangjie Lu.
      
         9) Fix asoc_id handling in SCTP after the SCTP_*_ASSOC changes this
            merge window. From Marcelo Ricardo Leitner and Xin Long.
      
        10) Fix memory corruption with large MTUs in stmmac, from Aaro
            Koskinen.
      
        11) Do not use ipv4 header for ipv6 flows in TCP and DCCP, from Eric
            Dumazet.
      
        12) Fix topology subscription cancellation in tipc, from Erik Hugne.
      
        13) Memory leak in genetlink error path, from Yue Haibing.
      
        14) Valid control actions properly in packet scheduler, from Davide
            Caratti.
      
        15) Even if we get EEXIST, we still need to rehash if a shrink was
            delayed. From Herbert Xu.
      
        16) Fix interrupt mask handling in interrupt handler of r8169, from
            Heiner Kallweit.
      
        17) Fix leak in ehea driver, from Wen Yang"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (168 commits)
        dpaa2-eth: fix race condition with bql frame accounting
        chelsio: use BUG() instead of BUG_ON(1)
        net: devlink: skip info_get op call if it is not defined in dumpit
        net: phy: bcm54xx: Encode link speed and activity into LEDs
        tipc: change to check tipc_own_id to return in tipc_net_stop
        net: usb: aqc111: Extend HWID table by QNAP device
        net: sched: Kconfig: update reference link for PIE
        net: dsa: qca8k: extend slave-bus implementations
        net: dsa: qca8k: remove leftover phy accessors
        dt-bindings: net: dsa: qca8k: support internal mdio-bus
        dt-bindings: net: dsa: qca8k: fix example
        net: phy: don't clear BMCR in genphy_soft_reset
        bpf, libbpf: clarify bump in libbpf version info
        bpf, libbpf: fix version info and add it to shared object
        rxrpc: avoid clang -Wuninitialized warning
        tipc: tipc clang warning
        net: sched: fix cleanup NULL pointer exception in act_mirr
        r8169: fix cable re-plugging issue
        net: ethernet: ti: fix possible object reference leak
        net: ibm: fix possible object reference leak
        ...
      1a9df9e2
    • D
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · eec7e295
      David S. Miller 提交于
      Jeff Kirsher says:
      
      ====================
      100GbE Intel Wired LAN Driver Updates 2019-03-26
      
      This series contains more updates to the ice driver only.
      
      Jeremiah provides his first patch to the Linux kernel to clean up
      un-necessary newlines in driver log messages.
      
      Mitch updates the ice driver to use existing status codes in the iavf
      driver so that when errors occur, it will not report nonsensical
      results.  Adds support for VF admin queue interrupts by programming the
      VPINT_MBX_CTL register array.
      
      Brett adds a check for a bit that we set while preparing for a reset, to
      ensure we are prepared to do a proper reset.  Also implemented PCI error
      handling operations.  Went through and audited the hot path with pahole
      and made modifications based on the results since 2 structures were
      taking up more space than necessary due to cache alignment issues.
      Fixed an issue where when flow control was disabled, the state of flow
      control was being displayed as "Unknown".
      
      Anirudh fixes adaptive interrupt moderation changes by adding code that
      was missed, that should have been added in the initial patch to add that
      support.  Cleaned up a function prototype that was never implemented.
      Did additional code cleanup by removing unneeded braces and redundant
      code comments.
      
      Akeem fixes an issue that occurs when the VF is attempting to remove the
      default LAN/MAC address, which is programmed by the administrator by
      updating the error message to explicitly say that the VF cannot change
      the MAC programmed by the PF.
      
      Preethi fixes the driver to not fall into the error path when a added
      filter already exists, but instead continue to process the rest of the
      function and add appropriate checks after adding MAC filters.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      eec7e295
    • D
      Merge branch 'net-mvpp2-Classifier-updates-and-cleanups' · b0be25c5
      David S. Miller 提交于
      Maxime Chevallier says:
      
      ====================
      net: mvpp2: Classifier updates and cleanups
      
      In preparation for the future addition of classification offload
      support, this series cleans-up the current code dealing with the
      classification engines.
      
      As of today, the classification code only deals with RSS, which is a
      very narrow use-case when considering all of the classifier's features.
      
      This lead to design and naming decisions that don't really stand when
      considering using more classification features.
      
      This series therefore includes quite a lot a renaming of functions and
      macros, and tries to make the naming schemes more consistent and the
      code more readable.
      
      The debugfs interface that allows reading the various Parsing and
      Classification engines has been cleaned-up and made more generic,
      allowing to read the Flow Table and C2 engine hit counters on a
      per-entry basis.
      
      The Classifier itself has been made more robust by introducing the
      lu_type field in classification lookups, that prevents false-positive
      matches in the future. We also initialise the various engine in a more
      extensive and less error-prone way by assining default values to all
      entries in the C2 and Flow table.
      
      This is a pretty big series considering it's mostly cleanup, but my goal
      is to make the future series that will contain new big features easier
      to review, focusing on the real logic.
      
      Besides the debugfs interface, this series doesn't intend to introduce any
      new features or change in behaviours.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b0be25c5
    • M
      net: mvpp2: cls: Rework C2 engine macros · c2d3d8ee
      Maxime Chevallier 提交于
      The C2 classification engine has a 256 entry TCAM, used for ternary
      matches on an 8 byte Header Extracted Key. For now, we compute the
      various indices for classification and RSS that use this engine thanks
      to a set of macros.
      
      This commit mainly renames the macros used to make it clear that they
      should be used with the C2 engine, but also make use of the full 256
      entries in the engine. For now, the C2 entries are only used for RSS.
      
      These entries are put at the end of the TCAM range, in case we want to
      add higher priority matches later on.
      Signed-off-by: NMaxime Chevallier <maxime.chevallier@bootlin.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c2d3d8ee
    • M
      net: mvpp2: cls: Initialize lookup priorities for all entries in the flow · 693131db
      Maxime Chevallier 提交于
      When classifying a packet pertaining to a given flow, the classifier
      will issue multiple lookup commands until it finds one with the 'last'
      bit set. It expects all prorities to be assign continuously (although
      not necessarily in an ordered fashion) from 0 to the number of lookups.
      
      We can initialize this once, and make sure unused lookups are given an
      empty port map. This avoids having to maintain priorities and the
      information of which lookup is the last.
      Signed-off-by: NMaxime Chevallier <maxime.chevallier@bootlin.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      693131db