1. 14 12月, 2017 1 次提交
  2. 09 11月, 2017 1 次提交
  3. 04 11月, 2017 1 次提交
  4. 29 10月, 2017 1 次提交
  5. 21 10月, 2017 3 次提交
  6. 20 10月, 2017 1 次提交
  7. 17 10月, 2017 1 次提交
  8. 29 9月, 2017 1 次提交
  9. 01 9月, 2017 1 次提交
    • C
      net_sched: add reverse binding for tc class · 07d79fc7
      Cong Wang 提交于
      TC filters when used as classifiers are bound to TC classes.
      However, there is a hidden difference when adding them in different
      orders:
      
      1. If we add tc classes before its filters, everything is fine.
         Logically, the classes exist before we specify their ID's in
         filters, it is easy to bind them together, just as in the current
         code base.
      
      2. If we add tc filters before the tc classes they bind, we have to
         do dynamic lookup in fast path. What's worse, this happens all
         the time not just once, because on fast path tcf_result is passed
         on stack, there is no way to propagate back to the one in tc filters.
      
      This hidden difference hurts performance silently if we have many tc
      classes in hierarchy.
      
      This patch intends to close this gap by doing the reverse binding when
      we create a new class, in this case we can actually search all the
      filters in its parent, match and fixup by classid. And because
      tcf_result is specific to each type of tc filter, we have to introduce
      a new ops for each filter to tell how to bind the class.
      
      Note, we still can NOT totally get rid of those class lookup in
      ->enqueue() because cgroup and flow filters have no way to determine
      the classid at setup time, they still have to go through dynamic lookup.
      
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      07d79fc7
  10. 26 8月, 2017 1 次提交
    • W
      net_sched: kill u32_node pointer in Qdisc · 3cd904ec
      WANG Cong 提交于
      It is ugly to hide a u32-filter-specific pointer inside Qdisc,
      this breaks the TC layers:
      
      1. Qdisc is a generic representation, should not have any specific
         data of any type
      
      2. Qdisc layer is above filter layer, should only save filters in
         the list of struct tcf_proto.
      
      This pointer is used as the head of the chain of u32 hash tables,
      that is struct tc_u_hnode, because u32 filter is very special,
      it allows to create multiple hash tables within one qdisc and
      across multiple u32 filters.
      
      Instead of using this ugly pointer, we can just save it in a global
      hash table key'ed by (dev ifindex, qdisc handle), therefore we can
      still treat it as a per qdisc basis data structure conceptually.
      
      Of course, because of network namespaces, this key is not unique
      at all, but it is fine as we already have a pointer to Qdisc in
      struct tc_u_common, we can just compare the pointers when collision.
      
      And this only affects slow paths, has no impact to fast path,
      thanks to the pointer ->tp_c.
      
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Cc: Jiri Pirko <jiri@resnulli.us>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Acked-by: NJamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3cd904ec
  11. 12 8月, 2017 1 次提交
  12. 08 8月, 2017 4 次提交
  13. 05 8月, 2017 1 次提交
  14. 08 6月, 2017 1 次提交
  15. 22 4月, 2017 1 次提交
    • W
      net_sched: move the empty tp check from ->destroy() to ->delete() · 763dbf63
      WANG Cong 提交于
      We could have a race condition where in ->classify() path we
      dereference tp->root and meanwhile a parallel ->destroy() makes it
      a NULL. Daniel cured this bug in commit d9363774
      ("net, sched: respect rcu grace period on cls destruction").
      
      This happens when ->destroy() is called for deleting a filter to
      check if we are the last one in tp, this tp is still linked and
      visible at that time. The root cause of this problem is the semantic
      of ->destroy(), it does two things (for non-force case):
      
      1) check if tp is empty
      2) if tp is empty we could really destroy it
      
      and its caller, if cares, needs to check its return value to see if it
      is really destroyed. Therefore we can't unlink tp unless we know it is
      empty.
      
      As suggested by Daniel, we could actually move the test logic to ->delete()
      so that we can safely unlink tp after ->delete() tells us the last one is
      just deleted and before ->destroy().
      
      Fixes: 1e052be6 ("net_sched: destroy proto tp when all filters are gone")
      Cc: Roi Dayan <roid@mellanox.com>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: John Fastabend <john.fastabend@gmail.com>
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      763dbf63
  16. 14 4月, 2017 1 次提交
  17. 18 2月, 2017 1 次提交
  18. 10 1月, 2017 1 次提交
  19. 20 9月, 2016 1 次提交
  20. 23 8月, 2016 1 次提交
  21. 09 6月, 2016 2 次提交
  22. 08 6月, 2016 3 次提交
  23. 17 5月, 2016 1 次提交
    • S
      net: cls_u32: Add support for skip-sw flag to tc u32 classifier. · d34e3e18
      Samudrala, Sridhar 提交于
      On devices that support TC U32 offloads, this flag enables a filter to be
      added only to HW. skip-sw and skip-hw are mutually exclusive flags. By
      default without any flags, the filter is added to both HW and SW, but no
      error checks are done in case of failure to add to HW. With skip-sw,
      failure to add to HW is treated as an error.
      
      Here is a sample script that adds 2 filters, one with skip-sw and the other
      with skip-hw flag.
      
         # add ingress qdisc
         tc qdisc add dev p4p1 ingress
      
         # enable hw tc offload.
         ethtool -K p4p1 hw-tc-offload on
      
         # add u32 filter with skip-sw flag.
         tc filter add dev p4p1 parent ffff: protocol ip prio 99 \
            handle 800:0:1 u32 ht 800: flowid 800:1 \
            skip-sw \
            match ip src 192.168.1.0/24 \
            action drop
      
         # add u32 filter with skip-hw flag.
         tc filter add dev p4p1 parent ffff: protocol ip prio 99 \
            handle 800:0:2 u32 ht 800: flowid 800:2 \
            skip-hw \
            match ip src 192.168.2.0/24 \
            action drop
      Signed-off-by: NSridhar Samudrala <sridhar.samudrala@intel.com>
      Acked-by: NJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d34e3e18
  24. 27 4月, 2016 1 次提交
  25. 02 3月, 2016 2 次提交
    • J
      net: sched: cls_u32 add bit to specify software only rules · 9e8ce79c
      John Fastabend 提交于
      In the initial implementation the only way to stop a rule from being
      inserted into the hardware table was via the device feature flag.
      However this doesn't work well when working on an end host system
      where packets are expect to hit both the hardware and software
      datapaths.
      
      For example we can imagine a rule that will match an IP address and
      increment a field. If we install this rule in both hardware and
      software we may increment the field twice. To date we have only
      added support for the drop action so we have been able to ignore
      these cases. But as we extend the action support we will hit this
      example plus more such cases. Arguably these are not even corner
      cases in many working systems these cases will be common.
      
      To avoid forcing the driver to always abort (i.e. the above example)
      this patch adds a flag to add a rule in software only. A careful
      user can use this flag to build software and hardware datapaths
      that work together. One example we have found particularly useful
      is to use hardware resources to set the skb->mark on the skb when
      the match may be expensive to run in software but a mark lookup
      in a hash table is cheap. The idea here is hardware can do in one
      lookup what the u32 classifier may need to traverse multiple lists
      and hash tables to compute. The flag is only passed down on inserts.
      On deletion to avoid stale references in hardware we always try
      to remove a rule if it exists.
      
      The flags field is part of the classifier specific options. Although
      it is tempting to lift this into the generic structure doing this
      proves difficult do to how the tc netlink attributes are implemented
      along with how the dump/change routines are called. There is also
      precedence for putting seemingly generic pieces in the specific
      classifier options such as TCA_U32_POLICE, TCA_U32_ACT, etc. So
      although not ideal I've left FLAGS in the u32 options as well as it
      simplifies the code greatly and user space has already learned how
      to manage these bits ala 'tc' tool.
      
      Another thing if trying to update a rule we require the flags to
      be unchanged. This is to force user space, software u32 and
      the hardware u32 to keep in sync. Thanks to Simon Horman for
      catching this case.
      Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e8ce79c
    • J
      net: sched: consolidate offload decision in cls_u32 · 6843e7a2
      John Fastabend 提交于
      The offload decision was originally very basic and tied to if the dev
      implemented the appropriate ndo op hook. The next step is to allow
      the user to more flexibly define if any paticular rule should be
      offloaded or not. In order to have this logic in one function lift
      the current check into a helper routine tc_should_offload().
      Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6843e7a2
  26. 17 2月, 2016 1 次提交
  27. 26 8月, 2015 1 次提交
  28. 10 3月, 2015 2 次提交
    • W
      net_sched: fix struct tc_u_hnode layout in u32 · 5778d39d
      WANG Cong 提交于
      We dynamically allocate divisor+1 entries for ->ht[] in tc_u_hnode:
      
        ht = kzalloc(sizeof(*ht) + divisor*sizeof(void *), GFP_KERNEL);
      
      So ->ht is supposed to be the last field of this struct, however
      this is broken, since an rcu head is appended after it.
      
      Fixes: 1ce87720 ("net: sched: make cls_u32 lockless")
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Cc: John Fastabend <john.fastabend@gmail.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5778d39d
    • C
      net_sched: destroy proto tp when all filters are gone · 1e052be6
      Cong Wang 提交于
      Kernel automatically creates a tp for each
      (kind, protocol, priority) tuple, which has handle 0,
      when we add a new filter, but it still is left there
      after we remove our own, unless we don't specify the
      handle (literally means all the filters under
      the tuple). For example this one is left:
      
        # tc filter show dev eth0
        filter parent 8001: protocol arp pref 49152 basic
      
      The user-space is hard to clean up these for kernel
      because filters like u32 are organized in a complex way.
      So kernel is responsible to remove it after all filters
      are gone.  Each type of filter has its own way to
      store the filters, so each type has to provide its
      way to check if all filters are gone.
      
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: NCong Wang <cwang@twopensource.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: Jamal Hadi Salim<jhs@mojatatu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1e052be6
  29. 10 12月, 2014 1 次提交
  30. 02 10月, 2014 1 次提交
    • W
      net_sched: avoid calling tcf_unbind_filter() in call_rcu callback · a0efb80c
      WANG Cong 提交于
      This fixes the following crash:
      
      [   63.976822] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
      [   63.980094] CPU: 1 PID: 15 Comm: ksoftirqd/1 Not tainted 3.17.0-rc6+ #648
      [   63.980094] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      [   63.980094] task: ffff880117dea690 ti: ffff880117dfc000 task.ti: ffff880117dfc000
      [   63.980094] RIP: 0010:[<ffffffff817e6d07>]  [<ffffffff817e6d07>] u32_destroy_key+0x27/0x6d
      [   63.980094] RSP: 0018:ffff880117dffcc0  EFLAGS: 00010202
      [   63.980094] RAX: ffff880117dea690 RBX: ffff8800d02e0820 RCX: 0000000000000000
      [   63.980094] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 6b6b6b6b6b6b6b6b
      [   63.980094] RBP: ffff880117dffcd0 R08: 0000000000000000 R09: 0000000000000000
      [   63.980094] R10: 00006c0900006ba8 R11: 00006ba100006b9d R12: 0000000000000001
      [   63.980094] R13: ffff8800d02e0898 R14: ffffffff817e6d4d R15: ffff880117387a30
      [   63.980094] FS:  0000000000000000(0000) GS:ffff88011a800000(0000) knlGS:0000000000000000
      [   63.980094] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      [   63.980094] CR2: 00007f07e6732fed CR3: 000000011665b000 CR4: 00000000000006e0
      [   63.980094] Stack:
      [   63.980094]  ffff88011a9cd300 ffffffff82051ac0 ffff880117dffce0 ffffffff817e6d68
      [   63.980094]  ffff880117dffd70 ffffffff810cb4c7 ffffffff810cb3cd ffff880117dfffd8
      [   63.980094]  ffff880117dea690 ffff880117dea690 ffff880117dfffd8 000000000000000a
      [   63.980094] Call Trace:
      [   63.980094]  [<ffffffff817e6d68>] u32_delete_key_freepf_rcu+0x1b/0x1d
      [   63.980094]  [<ffffffff810cb4c7>] rcu_process_callbacks+0x3bb/0x691
      [   63.980094]  [<ffffffff810cb3cd>] ? rcu_process_callbacks+0x2c1/0x691
      [   63.980094]  [<ffffffff817e6d4d>] ? u32_destroy_key+0x6d/0x6d
      [   63.980094]  [<ffffffff810780a4>] __do_softirq+0x142/0x323
      [   63.980094]  [<ffffffff810782a8>] run_ksoftirqd+0x23/0x53
      [   63.980094]  [<ffffffff81092126>] smpboot_thread_fn+0x203/0x221
      [   63.980094]  [<ffffffff81091f23>] ? smpboot_unpark_thread+0x33/0x33
      [   63.980094]  [<ffffffff8108e44d>] kthread+0xc9/0xd1
      [   63.980094]  [<ffffffff819e00ea>] ? do_wait_for_common+0xf8/0x125
      [   63.980094]  [<ffffffff8108e384>] ? __kthread_parkme+0x61/0x61
      [   63.980094]  [<ffffffff819e43ec>] ret_from_fork+0x7c/0xb0
      [   63.980094]  [<ffffffff8108e384>] ? __kthread_parkme+0x61/0x61
      
      tp could be freed in call_rcu callback too, the order is not guaranteed.
      
      John Fastabend says:
      
      ====================
      Its worth noting why this is safe. Any running schedulers will either
      read the valid class field or it will be zeroed.
      
      All schedulers today when the class is 0 do a lookup using the
      same call used by the tcf_exts_bind(). So even if we have a running
      classifier hit the null class pointer it will do a lookup and get
      to the same result. This is particularly fragile at the moment because
      the only way to verify this is to audit the schedulers call sites.
      ====================
      
      Cc: John Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: NJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a0efb80c