1. 16 6月, 2015 7 次提交
    • A
      bpf: introduce current->pid, tgid, uid, gid, comm accessors · ffeedafb
      Alexei Starovoitov 提交于
      eBPF programs attached to kprobes need to filter based on
      current->pid, uid and other fields, so introduce helper functions:
      
      u64 bpf_get_current_pid_tgid(void)
      Return: current->tgid << 32 | current->pid
      
      u64 bpf_get_current_uid_gid(void)
      Return: current_gid << 32 | current_uid
      
      bpf_get_current_comm(char *buf, int size_of_buf)
      stores current->comm into buf
      
      They can be used from the programs attached to TC as well to classify packets
      based on current task fields.
      
      Update tracex2 example to print histogram of write syscalls for each process
      instead of aggregated for all.
      Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ffeedafb
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · ada6c1de
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      This a bit large (and late) patchset that contains Netfilter updates for
      net-next. Most relevantly br_netfilter fixes, ipset RCU support, removal of
      x_tables percpu ruleset copy and rework of the nf_tables netdev support. More
      specifically, they are:
      
      1) Warn the user when there is a better protocol conntracker available, from
         Marcelo Ricardo Leitner.
      
      2) Fix forwarding of IPv6 fragmented traffic in br_netfilter, from Bernhard
         Thaler. This comes with several patches to prepare the change in first place.
      
      3) Get rid of special mtu handling of PPPoE/VLAN frames for br_netfilter. This
         is not needed anymore since now we use the largest fragment size to
         refragment, from Florian Westphal.
      
      4) Restore vlan tag when refragmenting in br_netfilter, also from Florian.
      
      5) Get rid of the percpu ruleset copy in x_tables, from Florian. Plus another
         follow up patch to refine it from Eric Dumazet.
      
      6) Several ipset cleanups, fixes and finally RCU support, from Jozsef Kadlecsik.
      
      7) Get rid of parens in Netfilter Kconfig files.
      
      8) Attach the net_device to the basechain as opposed to the initial per table
         approach in the nf_tables netdev family.
      
      9) Subscribe to netdev events to detect the removal and registration of a
         device that is referenced by a basechain.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ada6c1de
    • P
      netfilter: nf_tables_netdev: unregister hooks on net_device removal · 835b8033
      Pablo Neira Ayuso 提交于
      In case the net_device is gone, we have to unregister the hooks and put back
      the reference on the net_device object. Once it comes back, register them
      again. This also covers the device rename case.
      
      This patch also adds a new flag to indicate that the basechain is disabled, so
      their hooks are not registered. This flag is used by the netdev family to
      handle the case where the net_device object is gone. Currently this flag is not
      exposed to userspace.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      835b8033
    • P
      netfilter: nf_tables: add nft_register_basechain() and nft_unregister_basechain() · d8ee8f7c
      Pablo Neira Ayuso 提交于
      This wrapper functions take care of hook registration for basechains.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      d8ee8f7c
    • P
      netfilter: nf_tables: attach net_device to basechain · 2cbce139
      Pablo Neira Ayuso 提交于
      The device is part of the hook configuration, so instead of a global
      configuration per table, set it to each of the basechain that we create.
      
      This patch reworks ebddf1a8 ("netfilter: nf_tables: allow to bind table to
      net_device").
      
      Note that this adds a dev_name field in the nft_base_chain structure which is
      required the netdev notification subscription that follows up in a patch to
      handle gone net_devices.
      Suggested-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      2cbce139
    • E
      netfilter: x_tables: remove XT_TABLE_INFO_SZ and a dereference. · 711bdde6
      Eric Dumazet 提交于
      After Florian patches, there is no need for XT_TABLE_INFO_SZ anymore :
      Only one copy of table is kept, instead of one copy per cpu.
      
      We also can avoid a dereference if we put table data right after
      xt_table_info. It reduces register pressure and helps compiler.
      
      Then, we attempt a kmalloc() if total size is under order-3 allocation,
      to reduce TLB pressure, as in many cases, rules fit in 32 KB.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Florian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      711bdde6
    • P
      Merge branch 'master' of git://blackhole.kfki.hu/nf-next · 53b87627
      Pablo Neira Ayuso 提交于
      Jozsef Kadlecsik says:
      
      ====================
      ipset patches for nf-next
      
      Please consider to apply the next bunch of patches for ipset. First
      comes the small changes, then the bugfixes and at the end the RCU
      related patches.
      
      * Use MSEC_PER_SEC consistently instead of the number.
      * Use SET_WITH_*() helpers to test set extensions from Sergey Popovich.
      * Check extensions attributes before getting extensions from Sergey Popovich.
      * Permit CIDR equal to the host address CIDR in IPv6 from Sergey Popovich.
      * Make sure we always return line number on batch in the case of error
        from Sergey Popovich.
      * Check CIDR value only when attribute is given from Sergey Popovich.
      * Fix cidr handling for hash:*net* types, reported by Jonathan Johnson.
      * Fix parallel resizing and listing of the same set so that the original
        set is kept for the whole dumping.
      * Make sure listing doesn't grab a set which is just being destroyed.
      * Remove rbtree from ip_set_hash_netiface.c in order to introduce RCU.
      * Replace rwlock_t with spinlock_t in "struct ip_set", change the locking
        in the core and simplifications in the timeout routines.
      * Introduce RCU locking in bitmap:* types with a slight modification in the
        logic on how an element is added.
      * Introduce RCU locking in hash:* types. This is the most complex part of
        the changes.
      * Introduce RCU locking in list type where standard rculist is used.
      * Fix coding styles reported by checkpatch.pl.
      ====================
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      53b87627
  2. 15 6月, 2015 2 次提交
  3. 14 6月, 2015 16 次提交
  4. 13 6月, 2015 13 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c8d17b45
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix uninitialized struct station_info in cfg80211_wireless_stats(),
          from Johannes Berg.
      
       2) Revert commit attempt to fix ipv6 protocol resubmission, it adds
          regressions.
      
       3) Endless loops can be created in bridge port lists, fix from Nikolay
          Aleksandrov.
      
       4) Don't WARN_ON() if sk->sk_forward_alloc is non-zero in
          sk_clear_memalloc, it is a legal situation during swap deactivation.
          Fix from Mel Gorman.
      
       5) Fix order of disabling interrupts and unlocking NAPI in enic driver
          to avoid a race.  From Govindarajulu Varadarajan.
      
       6) High and low register writes are swapped when programming the start
          of periodic output in igb driver.  From Richard Cochran.
      
       7) Fix device rename handling in mpls stack, from Robert Shearman.
      
       8) Do not trigger compaction synchronously when optimistically trying
          to allocate an order 3 page in alloc_skb_with_frags() and
          skb_page_frag_refill().  From Shaohua Li.
      
       9) Authentication with COOKIE_ECHO is not handled properly in SCTP, fix
          from Marcelo Ricardo Leitner.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        Doc: networking: Fix URL for wiki.wireshark.org in udplite.txt
        sctp: allow authenticating DATA chunks that are bundled with COOKIE_ECHO
        net: don't wait for order-3 page allocation
        mpls: handle device renames for per-device sysctls
        net: igb: fix the start time for periodic output signals
        enic: fix memory leak in rq_clean
        enic: check return value for stat dump
        enic: unlock napi busy poll before unmasking intr
        net, swap: Remove a warning and clarify why sk_mem_reclaim is required when deactivating swap
        bridge: fix multicast router rlist endless loop
        tipc: disconnect socket directly after probe failure
        Revert "ipv6: Fix protocol resubmission"
        cfg80211: wext: clear sinfo struct before calling driver
      c8d17b45
    • E
      tcp: tcp_v6_connect() cleanup · a2f0fad3
      Eric Dumazet 提交于
      Remove dead code from tcp_v6_connect()
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a2f0fad3
    • E
      flow_dissector: fix ipv6 dst, hop-by-hop and routing ext hdrs · 1e98a0f0
      Eric Dumazet 提交于
      __skb_header_pointer() returns a pointer that must be checked.
      
      Fixes infinite loop reported by Alexei, and add __must_check to
      catch these errors earlier.
      
      Fixes: 6a74fcf4 ("flow_dissector: add support for dst, hop-by-hop and routing ext hdrs")
      Reported-by: NAlexei Starovoitov <alexei.starovoitov@gmail.com>
      Tested-by: NAlexei Starovoitov <alexei.starovoitov@gmail.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NTom Herbert <tom@herbertland.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1e98a0f0
    • R
      Fix Cavium Liquidio build related errors and warnings · 5b173cf9
      Raghu Vatsavayi 提交于
      1) Fixed following sparse warnings:
          lio_main.c:213:6: warning: symbol 'octeon_droq_bh' was not
          declared. Should it be static?
          lio_main.c:233:5: warning: symbol 'lio_wait_for_oq_pkts' was
          not declared. Should it be static?
          lio_main.c:3083:5: warning: symbol 'lio_nic_info' was not
          declared. Should it be static?
          lio_main.c:2618:16: warning: cast from restricted __be16
          octeon_device.c:466:6: warning: symbol 'oct_set_config_info'
          was not declared. Should it be static?
          octeon_device.c:573:25: warning: cast to restricted __be32
          octeon_device.c:582:29: warning: cast to restricted __be32
          octeon_device.c:584:39: warning: cast to restricted __be32
          octeon_device.c:594:13: warning: cast to restricted __be32
          octeon_device.c:596:25: warning: cast to restricted __be32
          octeon_device.c:613:25: warning: cast to restricted __be32
          octeon_device.c:614:29: warning: cast to restricted __be64
          octeon_device.c:615:29: warning: cast to restricted __be32
          octeon_device.c:619:37: warning: cast to restricted __be32
          octeon_device.c:623:33: warning: cast to restricted __be32
          cn66xx_device.c:540:6: warning: symbol
          'lio_cn6xxx_get_pcie_qlmport' was not declared. Should it be s
          octeon_mem_ops.c:181:16: warning: cast to restricted __be64
          octeon_mem_ops.c:190:16: warning: cast to restricted __be32
          octeon_mem_ops.c:196:17: warning: incorrect type in initializer
      2) Fix build errors corresponding to vmalloc on linux-next 4.1.
      3) Liquidio now supports 64 bit only, modified Kconfig accordingly.
      4) Fix some code alignment issues based on kernel build warnings.
      Signed-off-by: NDerek Chickles <derek.chickles@caviumnetworks.com>
      Signed-off-by: NSatanand Burla <satananda.burla@caviumnetworks.com>
      Signed-off-by: NFelix Manlunas <felix.manlunas@caviumnetworks.com>
      Signed-off-by: NRaghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5b173cf9
    • D
      Merge branch 'flow_dissector-next' · ea704770
      David S. Miller 提交于
      Tom Herbert says:
      
      ====================
      flow_dissector: Fix MPLS parsing and add ext hdr support
      
      Need to shift label. Added parsing of dst, hop-by-hop, and routing
      extension headers.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ea704770
    • T
      flow_dissector: add support for dst, hop-by-hop and routing ext hdrs · 6a74fcf4
      Tom Herbert 提交于
      If dst, hop-by-hop or routing extension headers are present determine
      length of the options and skip over them in flow dissection.
      Signed-off-by: NTom Herbert <tom@herbertland.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6a74fcf4
    • T
      flow_dissector: Fix MPLS entropy label handling in flow dissector · 611d23c5
      Tom Herbert 提交于
      Need to shift after masking to get label value for comparison.
      
      Fixes: b3baa0fb ("mpls: Add MPLS entropy label in flow_keys")
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NTom Herbert <tom@herbertland.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      611d23c5
    • M
      Doc: networking: Fix URL for wiki.wireshark.org in udplite.txt · b07d4961
      Masanari Iida 提交于
      This patch fix URL (http to https) for wiki.wireshark.org.
      Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b07d4961
    • F
      net: ipv4: un-inline ip_finish_output2 · b60f2f3d
      Florian Westphal 提交于
      text    data     bss     dec     hex filename
      old: 16527      44       0   16571    40bb net/ipv4/ip_output.o
      new: 14935      44       0   14979    3a83 net/ipv4/ip_output.o
      Suggested-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b60f2f3d
    • M
      sctp: allow authenticating DATA chunks that are bundled with COOKIE_ECHO · ae36806a
      Marcelo Ricardo Leitner 提交于
      Currently, we can ask to authenticate DATA chunks and we can send DATA
      chunks on the same packet as COOKIE_ECHO, but if you try to combine
      both, the DATA chunk will be sent unauthenticated and peer won't accept
      it, leading to a communication failure.
      
      This happens because even though the data was queued after it was
      requested to authenticate DATA chunks, it was also queued before we
      could know that remote peer can handle authenticating, so
      sctp_auth_send_cid() returns false.
      
      The fix is whenever we set up an active key, re-check send queue for
      chunks that now should be authenticated. As a result, such packet will
      now contain COOKIE_ECHO + AUTH + DATA chunks, in that order.
      Reported-by: NLiu Wei <weliu@redhat.com>
      Signed-off-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Acked-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ae36806a
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · b85dfd30
      Linus Torvalds 提交于
      Pull block layer fixes from Jens Axboe:
       "Remember about a week ago when I sent the last pull request for 4.1?
        Well, I lied.  Now, I don't want to shift the blame, but Dan, Ming,
        and Richard made a liar out of me.
      
        Here are three small patches that should go into 4.1.  More
        specifically, this pull request contains:
      
         - A Kconfig dependency for the pmem block driver, so it can't be
           selected if HAS_IOMEM isn't availble.  From Richard Weinberger.
      
         - A fix for genhd, making the ext_devt_lock softirq safe.  This makes
           lockdep happier, since we also end up grabbing this lock on release
           off the softirq path.  From Dan Williams.
      
         - A blk-mq software queue release fix from Ming Lei.
      
        Last two are headed to stable, first fixes an issue introduced in this
        cycle"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        block: pmem: Add dependency on HAS_IOMEM
        block: fix ext_dev_lock lockdep report
        blk-mq: free hctx->ctxs in queue's release handler
      b85dfd30
    • L
      Merge tag 'md/4.1-rc7-fixes' of git://neil.brown.name/md · 7b565d9d
      Linus Torvalds 提交于
      Pull three more md fixes from Neil Brown:
       "Hasn't been a good cycle for md has it :-(
      
        The main issue fixed here is a rare race which can result in two
        reshape threads running at once, which doesn't end well.
      
        Also a minor issue with a write to a sysfs file returning the wrong
        value.  Backports to 4.0-stable are indicated"
      
      * tag 'md/4.1-rc7-fixes' of git://neil.brown.name/md:
        md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync
        md: Close race when setting 'action' to 'idle'.
        md: don't return 0 from array_state_store
      7b565d9d
    • L
      Merge git://git.infradead.org/intel-iommu · c39f3bc6
      Linus Torvalds 提交于
      Pull VT-d hardware workarounds from David Woodhouse:
       "This contains a workaround for hardware issues which I *thought* were
        never going to be seen on production hardware.  I'm glad I checked
        that before the 4.1 release...
      
        Firstly, PASID support is so broken on existing chips that we're just
        going to declare the old capability bit 28 as 'reserved' and change
        the VT-d spec to move PASID support to another bit.  So any existing
        hardware doesn't support SVM; it only sets that (now) meaningless bit
        28.
      
        That patch *wasn't* imperative for 4.1 because we don't have PASID
        support yet.  But *even* the extended context tables are broken — if
        you just enable the wider tables and use none of the new bits in them,
        which is precisely what 4.1 does, you find that translations don't
        work.  It's this problem which I thought was caught in time to be
        fixed before production, but wasn't.
      
        To avoid triggering this issue, we now *only* enable the extended
        context tables on hardware which also advertises "we have PASID
        support and we actually tested it this time" with the new PASID
        feature bit.
      
        In addition, I've added an 'intel_iommu=ecs_off' command line
        parameter to allow us to disable it manually if we need to"
      
      * git://git.infradead.org/intel-iommu:
        iommu/vt-d: Only enable extended context tables if PASID is supported
        iommu/vt-d: Change PASID support to bit 40 of Extended Capability Register
      c39f3bc6
  5. 12 6月, 2015 2 次提交