platform/kernel/linux-rpi3.git
9 years agoMerge branch 'eth_skb_pad'
David S. Miller [Tue, 9 Dec 2014 01:47:47 +0000 (20:47 -0500)]
Merge branch 'eth_skb_pad'

Alexander Duyck says:

====================
net: Add helper for padding short Ethernet frames

This patch series adds a pair of helpers to pad short Ethernet frames.  The
general idea is to clean up a number of code paths that were all writing
their own versions of the same or similar function.

An added advantage is that this will help to discourage introducing new
bugs as in at least one case I found the skb->len had been updated, but the
tail pointer update was overlooked.

v2: Added skb_put_padto for cases where length is not ETH_ZLEN
    Updated intel drivers and emulex driver to use skb_put_padto
    Updated eth_skb_pad to use skb_put_padto
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: Use eth_skb_pad function
Alexander Duyck [Wed, 3 Dec 2014 16:18:04 +0000 (08:18 -0800)]
r8169: Use eth_skb_pad function

Replace rtl_skb_pad with eth_skb_pad since they do the same thing.

Cc: Realtek linux nic maintainers <nic_swsd@realtek.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomyri10ge: use eth_skb_pad helper
Alexander Duyck [Wed, 3 Dec 2014 16:17:58 +0000 (08:17 -0800)]
myri10ge: use eth_skb_pad helper

Update myri10ge to use eth_skb_pad helper.  This also corrects a minor
issue as the driver was updating length without updating the tail pointer.

Cc: Hyong-Youb Kim <hykim@myri.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoniu: Use eth_skb_pad helper
Alexander Duyck [Wed, 3 Dec 2014 16:17:52 +0000 (08:17 -0800)]
niu: Use eth_skb_pad helper

Replace the standard layout for padding an ethernet frame with the
eth_skb_pad call.

Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoemulex: Use skb_put_padto instead of skb_padto() and skb->len assignment
Alexander Duyck [Wed, 3 Dec 2014 16:17:46 +0000 (08:17 -0800)]
emulex: Use skb_put_padto instead of skb_padto() and skb->len assignment

Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoethernet/intel: Use eth_skb_pad and skb_put_padto helpers
Alexander Duyck [Wed, 3 Dec 2014 16:17:39 +0000 (08:17 -0800)]
ethernet/intel: Use eth_skb_pad and skb_put_padto helpers

Update the Intel Ethernet drivers to use eth_skb_pad() and skb_put_padto
instead of doing their own implementations of the function.

Also this cleans up two other spots where skb_pad was called but the length
and tail pointers were being manipulated directly instead of just having
the padding length added via __skb_put.

Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: Add functions for handling padding frame and adding to length
Alexander Duyck [Wed, 3 Dec 2014 16:17:33 +0000 (08:17 -0800)]
net: Add functions for handling padding frame and adding to length

This patch adds two new helper functions skb_put_padto and eth_skb_pad.
These functions deviate from the standard skb_pad or skb_padto in that they
will also update the length and tail pointers so that they reflect the
padding added to the frame.

The eth_skb_pad helper is meant to be used with Ethernet devices to update
either Rx or Tx frames so that they report the correct size.  The
skb_put_padto helper is meant to be used primarily in the transmit path for
network devices that need frames to be padded up to some minimum size and
don't wish to simply update the length somewhere external to the frame.

The motivation behind this is that there are a number of implementations
throughout the network device drivers that are all doing the same thing,
but each a little bit differently and as a result several implementations
contain bugs such as updating the length without updating the tail offset
and other similar issues.

Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'mlx5-next'
David S. Miller [Tue, 9 Dec 2014 01:46:01 +0000 (20:46 -0500)]
Merge branch 'mlx5-next'

Eli Cohen says:

====================
mlx5 driver updates

The following series contains some fixes to mlx5 as well as update to the list
of supported devices.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomlx5: Fix error flow in add_keys
Eli Cohen [Tue, 2 Dec 2014 10:26:19 +0000 (12:26 +0200)]
mlx5: Fix error flow in add_keys

If mlx5_core_create_mkey fails, decrease the pending counter to undo the
previous increment.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomlx5: Fix sparse warnings
Eli Cohen [Tue, 2 Dec 2014 10:26:18 +0000 (12:26 +0200)]
mlx5: Fix sparse warnings

1. Add required __acquire/__release statements to balance spinlock usage.
2. Change the index parameter of begin_wqe() to be unsigned to match supplied
argument type.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Add more supported devices
Eli Cohen [Tue, 2 Dec 2014 10:26:17 +0000 (12:26 +0200)]
net/mlx5_core: Add more supported devices

Add ConnectX-4LX to the list of supported devices as well as their virtual
functions.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Clear outbox of dealloc uar
Majd Dibbiny [Tue, 2 Dec 2014 10:26:16 +0000 (12:26 +0200)]
net/mlx5_core: Clear outbox of dealloc uar

The outbox should be cleared before executing the command.

Signed-off-by: Majd Dibbiny <majd@mellanox.com>
Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Print resource number on QP/SRQ async events
Eli Cohen [Tue, 2 Dec 2014 10:26:15 +0000 (12:26 +0200)]
net/mlx5_core: Print resource number on QP/SRQ async events

Useful for debugging purposes.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Remove unused dev cap enum fields
Eli Cohen [Tue, 2 Dec 2014 10:26:14 +0000 (12:26 +0200)]
net/mlx5_core: Remove unused dev cap enum fields

These enumerations are not used so remove them.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Fix command queue size enforcement
Eli Cohen [Tue, 2 Dec 2014 10:26:13 +0000 (12:26 +0200)]
net/mlx5_core: Fix command queue size enforcement

Command queue descriptor page size is 4KB and not the page size used by the
kernel.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Fix min vectors value in mlx5_enable_msix
Eli Cohen [Tue, 2 Dec 2014 10:26:12 +0000 (12:26 +0200)]
net/mlx5_core: Fix min vectors value in mlx5_enable_msix

mlx5 requires at least one interrupt vector for completions so fix the minvec
argument to pci_enable_msix_range() accordingly.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx5_core: Request the mlx5 IB module on driver load
Eli Cohen [Tue, 2 Dec 2014 10:26:11 +0000 (12:26 +0200)]
net/mlx5_core: Request the mlx5 IB module on driver load

Call request module on mlx5_ib so it will be available for applications
requiring it, such as installers that require boot over IB.

Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'r8169-next'
David S. Miller [Tue, 9 Dec 2014 01:43:31 +0000 (20:43 -0500)]
Merge branch 'r8169-next'

Chunhao Lin says:

====================
r8169:change hardware setting

This patch series contains two hardware setting modification to prevent
hardware become abnormal.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169:disable rtl8168ep cmac engine
Chun-Hao Lin [Tue, 2 Dec 2014 08:48:31 +0000 (16:48 +0800)]
r8169:disable rtl8168ep cmac engine

Cmac engine is the bridge between driver and dash firmware.
Other os may not disable cmac when leave. And r8169 did not allocate any
resources for cmac engine. Disable it to prevent abnormal system behavior.

Signed-off-by: Chunhao Lin <hau@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169:prevent enable hardware tx/rx too early
Chun-Hao Lin [Tue, 2 Dec 2014 08:48:30 +0000 (16:48 +0800)]
r8169:prevent enable hardware tx/rx too early

For RTL8168G/GU/H/EP and RTL8411B remove enable tx/rx from its own hw_start
function. This will prevent enable tx/rx before complete hardware tx/rx
setting.

Tx/Rx will be enabled in the end of function rtl_hw_start_8168.

Signed-off-by: Chunhao Lin <hau@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'tipc-next'
David S. Miller [Tue, 9 Dec 2014 01:40:03 +0000 (20:40 -0500)]
Merge branch 'tipc-next'

Ying Xue says:

====================
tipc: convert name table read-write lock to RCU

Now TIPC name table is statically allocated and is protected with a
Read-Write lock. To enhance the performance of TIPC name table lookup,
we are going to involve RCU lock to protect the name table. As a
consequence, it becomes lockless to concurrently look up name table on
read side. However, before the conversion can be successfully made,
the following two things must be first done:

- change allocation way of name table from static to dynamic
- fix several incorrect locking policy issues
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: convert name table read-write lock to RCU
Ying Xue [Tue, 2 Dec 2014 07:00:30 +0000 (15:00 +0800)]
tipc: convert name table read-write lock to RCU

Convert tipc name table read-write lock to RCU. After this change,
a new spin lock is used to protect name table on write side while
RCU is applied on read side.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: remove unnecessary INIT_LIST_HEAD
Ying Xue [Tue, 2 Dec 2014 07:00:29 +0000 (15:00 +0800)]
tipc: remove unnecessary INIT_LIST_HEAD

When a list_head variable is seen as a new entry to be added to a
list head, it's unnecessary to be initialized with INIT_LIST_HEAD().

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: simplify relationship between name table lock and node lock
Ying Xue [Tue, 2 Dec 2014 07:00:28 +0000 (15:00 +0800)]
tipc: simplify relationship between name table lock and node lock

When tipc name sequence is published, name table lock is released
before name sequence buffer is delivered to remote nodes through its
underlying unicast links. However, when name sequence is withdrawn,
the name table lock is held until the transmission of the removal
message of name sequence is finished. During the process, node lock
is nested in name table lock. To prevent node lock from being nested
in name table lock, while withdrawing name, we should adopt the same
locking policy of publishing name sequence: name table lock should
be released before message is sent.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: any name table member must be protected under name table lock
Ying Xue [Tue, 2 Dec 2014 07:00:27 +0000 (15:00 +0800)]
tipc: any name table member must be protected under name table lock

As tipc_nametbl_lock is used to protect name_table structure, the lock
must be held while all members of name_table structure are accessed.
However, the lock is not obtained while a member of name_table
structure - local_publ_count is read in tipc_nametbl_publish(), as
a consequence, an inconsistent value of local_publ_count might be got.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: ensure all name sequences are properly protected with its lock
Ying Xue [Tue, 2 Dec 2014 07:00:26 +0000 (15:00 +0800)]
tipc: ensure all name sequences are properly protected with its lock

TIPC internally created a name table which is used to store name
sequences. Now there is a read-write lock - tipc_nametbl_lock to
protect the table, and each name sequence saved in the table is
protected with its private lock. When a name sequence is inserted
or removed to or from the table, its members might need to change.
Therefore, in normal case, the two locks must be held while TIPC
operates the table. However, there are still several places where
we only hold tipc_nametbl_lock without proprerly obtaining name
sequence lock, which might cause the corruption of name sequence.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: ensure all name sequences are released when name table is stopped
Ying Xue [Tue, 2 Dec 2014 07:00:25 +0000 (15:00 +0800)]
tipc: ensure all name sequences are released when name table is stopped

As TIPC subscriber server is terminated before name table, no user
depends on subscription list of name sequence when name table is
stopped. Therefore, all name sequences stored in name table should
be released whatever their subscriptions lists are empty or not,
otherwise, memory leak might happen.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: make name table allocated dynamically
Ying Xue [Tue, 2 Dec 2014 07:00:24 +0000 (15:00 +0800)]
tipc: make name table allocated dynamically

Name table locking policy is going to be adjusted from read-write
lock protection to RCU lock protection in the future commits. But
its essential precondition is to convert the allocation way of name
table from static to dynamic mode.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: remove size variable from publ_list struct
Ying Xue [Tue, 2 Dec 2014 07:00:23 +0000 (15:00 +0800)]
tipc: remove size variable from publ_list struct

The size variable is introduced in publ_list struct to help us exactly
calculate SKB buffer sizes needed by publications when all publications
in name table are delivered in bulk in named_distribute(). But if
publication SKB buffer size is assumed to MTU, the size variable in
publ_list struct can be completely eliminated at the cost of wasting
a bit memory space for last SKB.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Tero Aho <tero.aho@coriant.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoudp: Neaten and reduce size of compute_score functions
Joe Perches [Tue, 2 Dec 2014 04:29:06 +0000 (20:29 -0800)]
udp: Neaten and reduce size of compute_score functions

The compute_score functions are a bit difficult to read.

Neaten them a bit to reduce object sizes and make them a
bit more intelligible.

Return early to avoid indentation and avoid unnecessary
initializations.

(allyesconfig, but w/ -O2 and no profiling)

$ size net/ipv[46]/udp.o.*
   text    data     bss     dec     hex filename
  28680    1184      25   29889    74c1 net/ipv4/udp.o.new
  28756    1184      25   29965    750d net/ipv4/udp.o.old
  17600    1010       2   18612    48b4 net/ipv6/udp.o.new
  17632    1010       2   18644    48d4 net/ipv6/udp.o.old

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: bcmgenet: enable driver to work without a device tree
Petri Gynther [Tue, 2 Dec 2014 00:18:08 +0000 (16:18 -0800)]
net: bcmgenet: enable driver to work without a device tree

Modify bcmgenet driver so that it can be used on Broadcom 7xxx
MIPS-based STB platforms without a device tree.

Signed-off-by: Petri Gynther <pgynther@google.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agohyperv: Add support for vNIC hot removal
Haiyang Zhang [Mon, 1 Dec 2014 21:28:39 +0000 (13:28 -0800)]
hyperv: Add support for vNIC hot removal

This patch adds proper handling of the vNIC hot removal event, which includes
a rescind-channel-offer message from the host side that triggers vNIC close and
removal. In this case, the notices to the host during close and removal is not
necessary because the channel is rescinded. This patch blocks these unnecessary
messages, and lets vNIC removal process complete normally.

Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotest: bpf: expand DIV_KX to DIV_MOD_KX
Denis Kirjanov [Mon, 1 Dec 2014 10:12:25 +0000 (13:12 +0300)]
test: bpf: expand DIV_KX to DIV_MOD_KX

Expand DIV_KX to use BPF_MOD operation in the
DIV_KX bpf 'classic' test.

CC: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'tstamp-next'
David S. Miller [Tue, 9 Dec 2014 01:20:55 +0000 (20:20 -0500)]
Merge branch 'tstamp-next'

Willem de Bruijn says:

====================
timestamping updates

The main goal for this patchset is to allow correlating timestamps
with the egress interface. Also introduce a warning, as discussed
previously, and update the tests to verify the new feature.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet-timestamp: expand documentation and test
Willem de Bruijn [Mon, 1 Dec 2014 03:22:35 +0000 (22:22 -0500)]
net-timestamp: expand documentation and test

Documentation:
  expand explanation of timestamp counter

Test:
  new: flag -I requests and prints PKTINFO
  new: flag -x prints payload (possibly truncated)
  fix: remove pretty print that breaks common flag '-l 1'

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet-timestamp: allow reading recv cmsg on errqueue with origin tstamp
Willem de Bruijn [Mon, 1 Dec 2014 03:22:34 +0000 (22:22 -0500)]
net-timestamp: allow reading recv cmsg on errqueue with origin tstamp

Allow reading of timestamps and cmsg at the same time on all relevant
socket families. One use is to correlate timestamps with egress
device, by asking for cmsg IP_PKTINFO.

on AF_INET sockets, call the relevant function (ip_cmsg_recv). To
avoid changing legacy expectations, only do so if the caller sets a
new timestamping flag SOF_TIMESTAMPING_OPT_CMSG.

on AF_INET6 sockets, IPV6_PKTINFO and all other recv cmsg are already
returned for all origins. only change is to set ifindex, which is
not initialized for all error origins.

In both cases, only generate the pktinfo message if an ifindex is
known. This is not the case for ACK timestamps.

The difference between the protocol families is probably a historical
accident as a result of the different conditions for generating cmsg
in the relevant ip(v6)_recv_error function:

ipv4:        if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) {
ipv6:        if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) {

At one time, this was the same test bar for the ICMP/ICMP6
distinction. This is no longer true.

Signed-off-by: Willem de Bruijn <willemb@google.com>
----

Changes
  v1 -> v2
    large rewrite
    - integrate with existing pktinfo cmsg generation code
    - on ipv4: only send with new flag, to maintain legacy behavior
    - on ipv6: send at most a single pktinfo cmsg
    - on ipv6: initialize fields if not yet initialized

The recv cmsg interfaces are also relevant to the discussion of
whether looping packet headers is problematic. For v6, cmsgs that
identify many headers are already returned. This patch expands
that to v4. If it sounds reasonable, I will follow with patches

1. request timestamps without payload with SOF_TIMESTAMPING_OPT_TSONLY
   (http://patchwork.ozlabs.org/patch/366967/)
2. sysctl to conditionally drop all timestamps that have payload or
   cmsg from users without CAP_NET_RAW.
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoipv4: warn once on passing AF_INET6 socket to ip_recv_error
Willem de Bruijn [Mon, 1 Dec 2014 03:22:33 +0000 (22:22 -0500)]
ipv4: warn once on passing AF_INET6 socket to ip_recv_error

One line change, in response to catching an occurrence of this bug.
See also fix f4713a3dfad0 ("net-timestamp: make tcp_recvmsg call ...")

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'ebpf-next'
David S. Miller [Sat, 6 Dec 2014 05:47:48 +0000 (21:47 -0800)]
Merge branch 'ebpf-next'

Alexei Starovoitov says:

====================
allow eBPF programs to be attached to sockets

V1->V2:

fixed comments in sample code to state clearly that packet data is accessed
with LD_ABS instructions and not internal skb fields.
Also replaced constants in:
BPF_LD_ABS(BPF_B, 14 + 9 /* R0 = ip->proto */),
with:
BPF_LD_ABS(BPF_B, ETH_HLEN + offsetof(struct iphdr, protocol) /* R0 = ip->proto */),

V1 cover:

Introduce BPF_PROG_TYPE_SOCKET_FILTER type of eBPF programs that can be
attached to sockets with setsockopt().
Allow such programs to access maps via lookup/update/delete helpers.

This feature was previewed by bpf manpage in commit b4fc1a460f30("Merge branch 'bpf-next'")
Now it can actually run.

1st patch adds LD_ABS/LD_IND instruction verification and
2nd patch adds new setsockopt() flag.
Patches 3-6 are examples in assembler and in C.

Though native eBPF programs are way more powerful than classic filters
(attachable through similar setsockopt() call), they don't have skb field
accessors yet. Like skb->pkt_type, skb->dev->ifindex are not accessible.
There are sevaral ways to achieve that. That will be in the next set of patches.
So in this set native eBPF programs can only read data from packet and
access maps.

The most powerful example is sockex2_kern.c from patch 6 where ~200 lines of C
are compiled into ~300 of eBPF instructions.
It shows how quite complex packet parsing can be done.

LLVM used to build examples is at https://github.com/iovisor/llvm
which is fork of llvm trunk that I'm cleaning up for upstreaming.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agosamples: bpf: large eBPF program in C
Alexei Starovoitov [Mon, 1 Dec 2014 23:06:39 +0000 (15:06 -0800)]
samples: bpf: large eBPF program in C

sockex2_kern.c is purposefully large eBPF program in C.
llvm compiles ~200 lines of C code into ~300 eBPF instructions.

It's similar to __skb_flow_dissect() to demonstrate that complex packet parsing
can be done by eBPF.
Then it uses (struct flow_keys)->dst IP address (or hash of ipv6 dst) to keep
stats of number of packets per IP.
User space loads eBPF program, attaches it to loopback interface and prints
dest_ip->#packets stats every second.

Usage:
$sudo samples/bpf/sockex2
ip 127.0.0.1 count 19
ip 127.0.0.1 count 178115
ip 127.0.0.1 count 369437
ip 127.0.0.1 count 559841
ip 127.0.0.1 count 750539

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agosamples: bpf: trivial eBPF program in C
Alexei Starovoitov [Mon, 1 Dec 2014 23:06:38 +0000 (15:06 -0800)]
samples: bpf: trivial eBPF program in C

this example does the same task as previous socket example
in assembler, but this one does it in C.

eBPF program in kernel does:
    /* assume that packet is IPv4, load one byte of IP->proto */
    int index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol));
    long *value;

    value = bpf_map_lookup_elem(&my_map, &index);
    if (value)
        __sync_fetch_and_add(value, 1);

Corresponding user space reads map[tcp], map[udp], map[icmp]
and prints protocol stats every second

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agosamples: bpf: elf_bpf file loader
Alexei Starovoitov [Mon, 1 Dec 2014 23:06:37 +0000 (15:06 -0800)]
samples: bpf: elf_bpf file loader

simple .o parser and loader using BPF syscall.
.o is a standard ELF generated by LLVM backend

It parses elf file compiled by llvm .c->.o
- parses 'maps' section and creates maps via BPF syscall
- parses 'license' section and passes it to syscall
- parses elf relocations for BPF maps and adjusts BPF_LD_IMM64 insns
  by storing map_fd into insn->imm and marking such insns as BPF_PSEUDO_MAP_FD
- loads eBPF programs via BPF syscall

One ELF file can contain multiple BPF programs.

int load_bpf_file(char *path);
populates prog_fd[] and map_fd[] with FDs received from bpf syscall

bpf_helpers.h - helper functions available to eBPF programs written in C

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agosamples: bpf: example of stateful socket filtering
Alexei Starovoitov [Mon, 1 Dec 2014 23:06:36 +0000 (15:06 -0800)]
samples: bpf: example of stateful socket filtering

this socket filter example does:
- creates arraymap in kernel with key 4 bytes and value 8 bytes

- loads eBPF program which assumes that packet is IPv4 and loads one byte of
  IP->proto from the packet and uses it as a key in a map

  r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)];
  *(u32*)(fp - 4) = r0;
  value = bpf_map_lookup_elem(map_fd, fp - 4);
  if (value)
       (*(u64*)value) += 1;

- attaches this program to raw socket

- every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP]
  to see how many packets of given protocol were seen on loopback interface

Usage:
$sudo samples/bpf/sock_example
TCP 0 UDP 0 ICMP 0 packets
TCP 187600 UDP 0 ICMP 4 packets
TCP 376504 UDP 0 ICMP 8 packets
TCP 563116 UDP 0 ICMP 12 packets
TCP 753144 UDP 0 ICMP 16 packets

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: sock: allow eBPF programs to be attached to sockets
Alexei Starovoitov [Mon, 1 Dec 2014 23:06:35 +0000 (15:06 -0800)]
net: sock: allow eBPF programs to be attached to sockets

introduce new setsockopt() command:

setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd, sizeof(prog_fd))

where prog_fd was received from syscall bpf(BPF_PROG_LOAD, attr, ...)
and attr->prog_type == BPF_PROG_TYPE_SOCKET_FILTER

setsockopt() calls bpf_prog_get() which increments refcnt of the program,
so it doesn't get unloaded while socket is using the program.

The same eBPF program can be attached to multiple sockets.

User task exit automatically closes socket which calls sk_filter_uncharge()
which decrements refcnt of eBPF program

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobpf: verifier: add checks for BPF_ABS | BPF_IND instructions
Alexei Starovoitov [Mon, 1 Dec 2014 23:06:34 +0000 (15:06 -0800)]
bpf: verifier: add checks for BPF_ABS | BPF_IND instructions

introduce program type BPF_PROG_TYPE_SOCKET_FILTER that is used
for attaching programs to sockets where ctx == skb.

add verifier checks for ABS/IND instructions which can only be seen
in socket filters, therefore the check:
  if (env->prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER)
    verbose("BPF_LD_ABS|IND instructions are only allowed in socket filters\n");

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotun/macvtap: use consume_skb() instead of kfree_skb() when needed
Jason Wang [Mon, 1 Dec 2014 08:53:15 +0000 (16:53 +0800)]
tun/macvtap: use consume_skb() instead of kfree_skb() when needed

To be more friendly with drop monitor, we should only call kfree_skb() when
the packets were dropped and use consume_skb() in other cases.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet-PA Semi: Deletion of unnecessary checks before the function call "pci_dev_put"
Markus Elfring [Sat, 29 Nov 2014 17:55:40 +0000 (18:55 +0100)]
net-PA Semi: Deletion of unnecessary checks before the function call "pci_dev_put"

The pci_dev_put() function tests whether its argument is NULL
and then returns immediately. Thus the test around the call
is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Olof Johansson <olof@lixom.net>
Acked-by: Luis R. Rodriguez <mcgrof@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet-ipvlan: Deletion of an unnecessary check before the function call "free_percpu"
Markus Elfring [Sat, 29 Nov 2014 15:23:20 +0000 (16:23 +0100)]
net-ipvlan: Deletion of an unnecessary check before the function call "free_percpu"

The free_percpu() function tests whether its argument is NULL and then
returns immediately. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: cassini: Deletion of an unnecessary check before the function call "vfree"
Markus Elfring [Sat, 29 Nov 2014 13:34:59 +0000 (14:34 +0100)]
net: cassini: Deletion of an unnecessary check before the function call "vfree"

The vfree() function performs also input parameter validation.
Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: pci: allocate memory resources dynamically
Andy Shevchenko [Fri, 28 Nov 2014 13:40:56 +0000 (15:40 +0200)]
stmmac: pci: allocate memory resources dynamically

Instead of using global variables we are going to use dynamically allocated
memory. It allows to append a support of more than one ethernet adapter which
might have different settings simultaniously.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
David S. Miller [Sat, 6 Dec 2014 04:56:46 +0000 (20:56 -0800)]
Merge git://git./linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following batch contains netfilter updates for net-next. Basically,
enhancements for xt_recent, skip zeroing of timer in conntrack, fix
linking problem with recent redirect support for nf_tables, ipset
updates and a couple of cleanups. More specifically, they are:

1) Rise maximum number per IP address to be remembered in xt_recent
   while retaining backward compatibility, from Florian Westphal.

2) Skip zeroing timer area in nf_conn objects, also from Florian.

3) Inspect IPv4 and IPv6 traffic from the bridge to allow filtering using
   using meta l4proto and transport layer header, from Alvaro Neira.

4) Fix linking problems in the new redirect support when CONFIG_IPV6=n
   and IP6_NF_IPTABLES=n.

And ipset updates from Jozsef Kadlecsik:

5) Support updating element extensions when the set is full (fixes
   netfilter bugzilla id 880).

6) Fix set match with 32-bits userspace / 64-bits kernel.

7) Indicate explicitly when /0 networks are supported in ipset.

8) Simplify cidr handling for hash:*net* types.

9) Allocate the proper size of memory when /0 networks are supported.

10) Explicitly add padding elements to hash:net,net and hash:net,port,
    because the elements must be u32 sized for the used hash function.

Jozsef is also cooking ipset RCU conversion which should land soon if
they reach the merge window in time.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net...
David S. Miller [Sat, 6 Dec 2014 04:50:54 +0000 (20:50 -0800)]
Merge branch 'master' of git://git./linux/kernel/git/jkirsher/net-next

Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates 2014-12-05

This series contains updates to ixgbe and ixgbevf.

Alex provides a couple of patches to cleanup ixgbe.  First cleans up the
page reuse code getting it into a state where all the workarounds needed
are in place as well as cleaning up a few minor oversights such as using
__free_pages instead of put_page to drop a locally allocated page.  Then
cleans up the tail writes for the ixgbe descriptor queues.

Mark Peterson adds support to lookup MAC addresses in Open Firmware or
IDPROM.

Emil provides patches for ixgbe and ixgbevf to fix an issue on rmmod and
to add support for X550 in the VF driver.  First removes the read/write
operations to the CIAA/D registers since it can block access to the PCI
config space and make use of standard kernel functions for accessing the
PCI config space.  Then fixes an issue where the driver has logic to free
up used data in case any of the checks in ixgbe_probe() fail, however
there is a similar set of cleanups that can occur on driver unload in
ixgbe_remove() which can cause the rmmod command to crash.

Don provides the remaining patches in the series to complete the addition
of X550 support into the ixgbe driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoixgbevf: fix possible crashes in probe and remove
Emil Tantilov [Fri, 5 Dec 2014 04:32:44 +0000 (04:32 +0000)]
ixgbevf: fix possible crashes in probe and remove

This patch resolves couple of issues in ixgbevf_probe/remove():

1. Fix a case where adapter->state is tested after free_netdev() this is
same as the patch for ixgbe from Daniel Borkmann <dborkman@redhat.com>:
commit b5b2ffc0574e1f27 ("ixgbe: fix use after free adapter->state test in ixgbe_remove/ixgbe_probe")

2. Move pci_set_drvdata() after all the error checks in ixgbevf_probe() and
then add a check in ixgbevf_probe() to avoid running the cleanup functions
twice in cases where probe failed.

CC: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbevf: add support for X550 VFs
Emil Tantilov [Sat, 22 Nov 2014 07:59:56 +0000 (07:59 +0000)]
ixgbevf: add support for X550 VFs

This patch adds initial support for VFs on a new mac - X550.

The patch adds the basic structures and device IDs for the X550 VFs
that would allow the driver to load and pass traffic.

Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: fix crash on rmmod after probe fail
Emil Tantilov [Thu, 4 Dec 2014 03:03:38 +0000 (03:03 +0000)]
ixgbe: fix crash on rmmod after probe fail

The driver has logic to free up used data in case any of the checks in
ixgbe_probe() fail, however there is a similar set of cleanups that can
occur on driver unload in ixgbe_remove() which can cause the rmmod command
to crash.

This patch aims to fix the logic by moving pci_set_drvdata() after all error
checks and then adds a check in ixgbe_remove() to skip it altogether if
adapter comes up empty.

Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: bump version number
Don Skidmore [Sat, 29 Nov 2014 05:22:58 +0000 (05:22 +0000)]
ixgbe: bump version number

Since we now support X550 mac's bump the version number to reflect this.

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: Add X550 support function pointers
Don Skidmore [Fri, 5 Dec 2014 03:59:50 +0000 (03:59 +0000)]
ixgbe: Add X550 support function pointers

This patch extends the function pointer structure to include the new
X550 class MAC types. This creates a new file ixgbe_x550.c that contains
all of the new methods.  Because of similarities to the X540 part in
some cases we just use it's methods where they can be used without any
modification.  These exported functions are now defined in the new
ixgbe_x540.h file.

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: cleanup checksum to allow error results
Don Skidmore [Sat, 29 Nov 2014 05:22:48 +0000 (05:22 +0000)]
ixgbe: cleanup checksum to allow error results

Currently the shared code checksum calculation function only
returns a u16 and cannot return an error code. Unfortunately
a variety of errors can happen that completely prevent the
calculation of a checksum. So, change the function return value
from a u16 to an s32 and return a negative value on error, or the
positive checksum value when there is no error.

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: add methods for combined read and write operations
Don Skidmore [Sat, 29 Nov 2014 05:22:43 +0000 (05:22 +0000)]
ixgbe: add methods for combined read and write operations

Some X550 procedures will be using CS4227 PHY and need to
perform combined read and write operations.  This patch
adds those methods.

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: Add x550 SW/FW semaphore support
Don Skidmore [Sat, 29 Nov 2014 05:22:37 +0000 (05:22 +0000)]
ixgbe: Add x550 SW/FW semaphore support

The X550 hardware will use more bits in the mask, so change
the prototypes to match.  This larger mask will require changes
in callers which use the higher bits. Likewise since X550 will
use different semaphore mask values and will use the lan_id
value.  So save these values in the ixgbe_phy_info struct.

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: Add timeout parameter to ixgbe_host_interface_command
Don Skidmore [Sat, 29 Nov 2014 05:22:32 +0000 (05:22 +0000)]
ixgbe: Add timeout parameter to ixgbe_host_interface_command

Since on X550 we use host interface commands to read,write and erase
some commands require more time to complete. So this adds a timeout
parameter to ixgbe_host_interface_command as wells as a return_data
parameter allowing us to return with any data.

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: add support for X550 extended RSS support
Don Skidmore [Tue, 18 Nov 2014 09:35:08 +0000 (09:35 +0000)]
ixgbe: add support for X550 extended RSS support

The new X550 family of MAC's will have a larger RSS hash (16 -> 64).
It will also support individual VF to have their own independent RSS
hash key.  This patch will enable this functionality

Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: remove CIAA/D register reads from bad VF check
Emil Tantilov [Wed, 19 Nov 2014 03:18:19 +0000 (03:18 +0000)]
ixgbe: remove CIAA/D register reads from bad VF check

Accessing the CIAA/D register can block access to the PCI config space.

This patch removes the read/write operations to the CIAA/D registers
and makes use of standard kernel functions for accessing the PCI config
space.

In addition it moves ixgbevf_check_for_bad_vf() into the watchdog subtask
which reduces the frequency of the checks.

CC: Alex Williamson <alex.williamson@redhat.com>
Reported-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: Look up MAC address in Open Firmware or IDPROM
Martin K Petersen [Sat, 15 Nov 2014 14:24:51 +0000 (14:24 +0000)]
ixgbe: Look up MAC address in Open Firmware or IDPROM

Attempt to look up the MAC address in Open Firmware on systems that
support it. On SPARC resort to using the IDPROM if no OF address is
found.

Signed-off-by: Martin K Petersen <martin.petersen@oracle.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: Remove tail write abstraction and add missing barrier
Alexander Duyck [Fri, 14 Nov 2014 00:56:35 +0000 (00:56 +0000)]
ixgbe: Remove tail write abstraction and add missing barrier

This change cleans up the tail writes for the ixgbe descriptor queues.  The
current implementation had me confused as I wasn't sure if it was still
making use of the surprise remove logic or not.

It also adds the mmiowb which is needed on ia64, mips, and a couple other
architectures in order to synchronize the MMIO writes with the Tx queue
_xmit_lock spinlock.

Cc: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agoixgbe: Clean-up page reuse code
Alexander Duyck [Fri, 14 Nov 2014 00:56:29 +0000 (00:56 +0000)]
ixgbe: Clean-up page reuse code

This patch cleans up the page reuse code getting it into a state where all
the workarounds needed are in place as well as cleaning up a few minor
oversights such as using __free_pages instead of put_page to drop a locally
allocated page.

It also cleans up how we clear the descriptor status bits.  Previously they
were zeroed as a part of clearing the hdr_addr.  However the hdr_addr is a
64 bit field and 64 bit writes can be a bit more expensive on on 32 bit
systems.  Since we are no longer using the header split feature the upper
32 bits of the address no longer need to be cleared.  As a result we can
just clear the status bits and leave the length and VLAN fields as-is which
should provide more information in debugging.

Cc: Don Skidmore <donald.c.skidmore@intel.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
9 years agonetfilter: ipset: Explicitly add padding elements to hash:net, net and hash:net,...
Jozsef Kadlecsik [Sun, 30 Nov 2014 18:56:57 +0000 (19:56 +0100)]
netfilter: ipset: Explicitly add padding elements to hash:net, net and hash:net, port, net

The elements must be u32 sized for the used hash function.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ipset: Allocate the proper size of memory when /0 networks are supported
Jozsef Kadlecsik [Sun, 30 Nov 2014 18:56:56 +0000 (19:56 +0100)]
netfilter: ipset: Allocate the proper size of memory when /0 networks are supported

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ipset: Simplify cidr handling for hash:*net* types
Jozsef Kadlecsik [Sun, 30 Nov 2014 18:56:55 +0000 (19:56 +0100)]
netfilter: ipset: Simplify cidr handling for hash:*net* types

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ipset: Indicate when /0 networks are supported
Jozsef Kadlecsik [Sun, 30 Nov 2014 18:56:54 +0000 (19:56 +0100)]
netfilter: ipset: Indicate when /0 networks are supported

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ipset: Alignment problem between 64bit kernel 32bit userspace
Jozsef Kadlecsik [Sun, 30 Nov 2014 18:56:53 +0000 (19:56 +0100)]
netfilter: ipset: Alignment problem between 64bit kernel 32bit userspace

Sven-Haegar Koch reported the issue:

sims:~# iptables -A OUTPUT -m set --match-set testset src -j ACCEPT
iptables: Invalid argument. Run `dmesg' for more information.

In syslog:
x_tables: ip_tables: set.3 match: invalid size 48 (kernel) != (user) 32

which was introduced by the counter extension in ipset.

The patch fixes the alignment issue with introducing a new set match
revision with the fixed underlying 'struct ip_set_counter_match'
structure.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ipset: Support updating extensions when the set is full
Jozsef Kadlecsik [Sun, 30 Nov 2014 18:56:52 +0000 (19:56 +0100)]
netfilter: ipset: Support updating extensions when the set is full

When the set was full (hash type and maxelem reached), it was not
possible to update the extension part of already existing elements.
The patch removes this limitation.

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=880
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agotun: Fix GSO meta-data handling in tun_get_user
Herbert Xu [Sun, 30 Nov 2014 10:03:31 +0000 (18:03 +0800)]
tun: Fix GSO meta-data handling in tun_get_user

When we write the GSO meta-data in tun_get_user we end up advancing
the IO vector twice, thus exhausting the user buffer before we can
finish writing the packet.

Fixes: f5ff53b4d97c ("{macvtap,tun}_get_user(): switch to iov_iter")
Reported-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'rocker-next'
David S. Miller [Wed, 3 Dec 2014 04:01:31 +0000 (20:01 -0800)]
Merge branch 'rocker-next'

Jiri Pirko says:

====================
introduce rocker switch driver with hardware accelerated datapath api - phase 1: bridge fdb offload

This patchset is just the first phase of switch and switch-ish device
support api in kernel. Note that the api will extend.

So what this patchset includes:
- introduce switchdev api skeleton for implementing switch drivers
- introduce rocker switch driver which implements switchdev api fdb and
  bridge set/get link ndos

As to the discussion if there is need to have specific class of device
representing the switch itself, so far we found no need to introduce that.
But we are generally ok with the idea and when the time comes and it will
be needed, it can be easily introduced without any disturbance.

This patchset introduces switch id export through rtnetlink and sysfs,
which is similar to what we have for port id in SR-IOV. I will send iproute2
patchset for showing the switch id for port netdevs once this is applied.
This applies also for the PF_BRIDGE and fdb iproute2 patches.

iproute2 patches are now available here:
https://github.com/jpirko/iproute2-rocker

For detailed description and version history, please see individual patches.

In v4 I reordered the patches leaving rocker patches on the end of the patchset.

In v5 I only fixed whitespace issues of patch #13

We have a TODO for related items we want to work on in near future:
https://etherpad.wikimedia.org/p/netdev-swdev-todo
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: Use logical operators on booleans
Thomas Graf [Fri, 28 Nov 2014 13:34:32 +0000 (14:34 +0100)]
rocker: Use logical operators on booleans

Silences various sparse warnings

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: Add proper validation of Netlink attributes
Thomas Graf [Fri, 28 Nov 2014 13:34:31 +0000 (14:34 +0100)]
rocker: Add proper validation of Netlink attributes

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: add ndo_bridge_setlink/getlink support for learning policy
Scott Feldman [Fri, 28 Nov 2014 13:34:30 +0000 (14:34 +0100)]
rocker: add ndo_bridge_setlink/getlink support for learning policy

Rocker ports will use new "swdev" hwmode for bridge port offload policy.
Current supported policy settings are BR_LEARNING and BR_LEARNING_SYNC.
User can turn on/off device port FDB learning and syncing to bridge.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: implement ndo_fdb_dump
Jiri Pirko [Fri, 28 Nov 2014 13:34:29 +0000 (14:34 +0100)]
rocker: implement ndo_fdb_dump

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: implement L2 bridge offloading
Scott Feldman [Fri, 28 Nov 2014 13:34:28 +0000 (14:34 +0100)]
rocker: implement L2 bridge offloading

Add L2 bridge offloading support to rocker driver.  Here, the Linux bridge
driver is used to collect swdev ports into a tagged (or untagged) VLAN
bridge.  The switchdev will offload from the bridge driver the following L2
bridging functions:

 - Learning of neighbor MAC addresses on VLAN X  Learned mac/vlan is
installed in bridge FDB.  (And removed when device unlearns mac/vlan).
Learning must be turned off on each bridge port to disable the feature in
the bridge driver.

- Flooding of multicast/broadcast and unknown unicast pkts to (STP)
active ports in bridge.  The bridge driver is unaware of the flooding happening
at the device level.  Flooding must be turned off on each bridge port to
disable the feature on the bridge driver.

- STP port state is pushed down to driver/device.  The bridge still processes
STP BDPUs and maintains port STP state (for all VLANs in bridge), but
the driver/device must be notified of port STP state change to program
the device.

Multiple (VLAN) bridges are supported.  The device (implemented per
the OF-DPA spec) must use a portion of the VLAN namespace for
internal VLANs.  Right now, the upper 255 VLANs (0xf00 to 0xffe) are
used as internal VLAN IDs for untagged traffic and are not available
as port VLANs.

The driver uses the following interfaces:

1. To track VLAN add/del on ports in bridge:

.ndo_vlan_rx_add_vid
.ndo_vlan_rx_kill_vid

2. To track port add/del membership in bridge:

NETDEV_CHANGEUPPER netdevice notifier

3. To catch static FDB entries installed on bridge/vlan by user using netlink:

.ndo_fdb_add
.ndo_fdb_del

4. To be notified on port STP state change:

.ndo_switch_port_stp_update

5. To notify bridge driver on learned/forgotten mac/vlans on bridge port:

br_fdb_external_learn_add
br_fdb_external_learn_del

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: implement rocker ofdpa flow table manipulation
Scott Feldman [Fri, 28 Nov 2014 13:34:27 +0000 (14:34 +0100)]
rocker: implement rocker ofdpa flow table manipulation

The rocker driver maintains 4 hash tables: flows, groups, FDB, and VLANs.

Flow and group tables track the entries installed to OF-DPA tables,
per the OF-DPA spec.  See OF-DPA spec for full description of fields
in each flow and group table.  New table entries are pushed to the
device with ADD cmd.  Updated entries are pushed to the device with
MOD cmd.  For flow table entries, a crc32 key is made from fields of
the particular field.  For group table entries, the group_id is used
as the key.

The FDB table tracks fdb entries learned by the device or manually
pushed to the bridge by the user.  A crc32 key is made from the
port/mac/vlan tuple for the fdb entry.

The VLAN table tracks the ifindex-to-internal-vlan mapping for
untagged pkts.  On ingress, an untagged pkt is inserted with an
internal VLAN ID based on the input port's current internal VLAN ID.
The input port's internal VLAN will either be referenced by the port's
ifindex, if not bridged, or the containing bridge's ifindex, if
bridged.  Since the ifindex space isn't within a fixed range, uses a
hash table (with ifindex as key) to track internal VLAN ID for a given
ifindex.  The internal VLAN ID range is fixed and currently uses the
upper 255 VLAN IDs, starting at 0xf00.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorocker: introduce rocker switch driver
Jiri Pirko [Fri, 28 Nov 2014 13:34:26 +0000 (14:34 +0100)]
rocker: introduce rocker switch driver

This patch introduces the first driver to benefit from the switchdev
infrastructure and to implement newly introduced switch ndos. This is a
driver for emulated switch chip implemented in qemu:
https://github.com/sfeldma/qemu-rocker/

This patch is a result of joint work with Scott Feldman.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Reviewed-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: add brport flags to dflt bridge_getlink
Scott Feldman [Fri, 28 Nov 2014 13:34:25 +0000 (14:34 +0100)]
bridge: add brport flags to dflt bridge_getlink

To allow brport device to return current brport flags set on port.  Add
returned flags to nested IFLA_PROTINFO netlink msg built in dflt getlink.
With this change, netlink msg returned for bridge_getlink contains the port's
offloaded flag settings (the port's SELF settings).

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: add new hwmode swdev
Scott Feldman [Fri, 28 Nov 2014 13:34:24 +0000 (14:34 +0100)]
bridge: add new hwmode swdev

Current hwmode settings are "vepa" or "veb".  These are for NIC interfaces
with basic bridging function offloaded to HW.  Add new "swdev" for full
switch device offloads.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: add new brport flag LEARNING_SYNC
Scott Feldman [Fri, 28 Nov 2014 13:34:23 +0000 (14:34 +0100)]
bridge: add new brport flag LEARNING_SYNC

This policy flag controls syncing of learned FDB entries to bridge's FDB.  If
on, FDB entries learned on bridge port device will be synced.  If off, device
may still learn new FDB entries but they will not be synced with bridge's FDB.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: move private brport flags to if_bridge.h so port drivers can use flags
Scott Feldman [Fri, 28 Nov 2014 13:34:22 +0000 (14:34 +0100)]
bridge: move private brport flags to if_bridge.h so port drivers can use flags

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: add API to notify bridge driver of learned FBD on offloaded device
Scott Feldman [Fri, 28 Nov 2014 13:34:21 +0000 (14:34 +0100)]
bridge: add API to notify bridge driver of learned FBD on offloaded device

When the swdev device learns a new mac/vlan on a port, it sends some async
notification to the driver and the driver installs an FDB in the device.
To give a holistic system view, the learned mac/vlan should be reflected
in the bridge's FBD table, so the user, using normal iproute2 cmds, can view
what is currently learned by the device.  This API on the bridge driver gives
a way for the swdev driver to install an FBD entry in the bridge FBD table.
(And remove one).

This is equivalent to the device running these cmds:

  bridge fdb [add|del] <mac> dev <dev> vid <vlan id> master

This patch needs some extra eyeballs for review, in paricular around the
locking and contexts.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: call netdev_sw_port_stp_update when bridge port STP status changes
Scott Feldman [Fri, 28 Nov 2014 13:34:20 +0000 (14:34 +0100)]
bridge: call netdev_sw_port_stp_update when bridge port STP status changes

To notify switch driver of change in STP state of bridge port, add new
.ndo op and provide switchdev wrapper func to call ndo op. Use it in bridge
code then.

Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet-sysfs: expose physical switch id for particular device
Jiri Pirko [Fri, 28 Nov 2014 13:34:19 +0000 (14:34 +0100)]
net-sysfs: expose physical switch id for particular device

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Reviewed-by: Thomas Graf <tgraf@suug.ch>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agortnl: expose physical switch id for particular device
Jiri Pirko [Fri, 28 Nov 2014 13:34:18 +0000 (14:34 +0100)]
rtnl: expose physical switch id for particular device

The netdevice represents a port in a switch, it will expose
IFLA_PHYS_SWITCH_ID value via rtnl. Two netdevices with the same value
belong to one physical switch.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Reviewed-by: Thomas Graf <tgraf@suug.ch>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: introduce generic switch devices support
Jiri Pirko [Fri, 28 Nov 2014 13:34:17 +0000 (14:34 +0100)]
net: introduce generic switch devices support

The goal of this is to provide a possibility to support various switch
chips. Drivers should implement relevant ndos to do so. Now there is
only one ndo defined:
- for getting physical switch id is in place.

Note that user can use random port netdevice to access the switch.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Reviewed-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: rename netdev_phys_port_id to more generic name
Jiri Pirko [Fri, 28 Nov 2014 13:34:16 +0000 (14:34 +0100)]
net: rename netdev_phys_port_id to more generic name

So this can be reused for identification of other "items" as well.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Reviewed-by: Thomas Graf <tgraf@suug.ch>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: make vid as a parameter for ndo_fdb_add/ndo_fdb_del
Jiri Pirko [Fri, 28 Nov 2014 13:34:15 +0000 (14:34 +0100)]
net: make vid as a parameter for ndo_fdb_add/ndo_fdb_del

Do the work of parsing NDA_VLAN directly in rtnetlink code, pass simple
u16 vid to drivers from there.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: convert flags in fbd entry into bitfields
Jiri Pirko [Fri, 28 Nov 2014 13:34:14 +0000 (14:34 +0100)]
bridge: convert flags in fbd entry into bitfields

Suggested-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoneigh: sort Neighbor Cache Entry Flags
Jiri Pirko [Fri, 28 Nov 2014 13:34:13 +0000 (14:34 +0100)]
neigh: sort Neighbor Cache Entry Flags

Suggested-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobridge: rename fdb_*_hw to fdb_*_hw_addr to avoid confusion
Jiri Pirko [Fri, 28 Nov 2014 13:34:12 +0000 (14:34 +0100)]
bridge: rename fdb_*_hw to fdb_*_hw_addr to avoid confusion

The current name might seem that this actually offloads the fdb entry to
hw. So rename it to clearly present that this for hardware address
addition/removal.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonetpoll: delete defconfig references to obsolete NETPOLL_TRAP
Paul Gortmaker [Thu, 27 Nov 2014 15:28:16 +0000 (10:28 -0500)]
netpoll: delete defconfig references to obsolete NETPOLL_TRAP

In commit 9c62a68d13119a1ca9718381d97b0cb415ff4e9d ("netpoll:
Remove dead packet receive code (CONFIG_NETPOLL_TRAP)") this
Kconfig option was removed.  So remove references to it from
all defconfigs as well.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoipvlan: ipvlan depends on INET and IPV6
Mahesh Bandewar [Thu, 27 Nov 2014 05:13:45 +0000 (21:13 -0800)]
ipvlan: ipvlan depends on INET and IPV6

This driver uses ip_out_local() and ip6_route_output() which are
defined only if CONFIG_INET and CONFIG_IPV6 are enabled respectively.

Reported-by: Jim Davis <jim.epost@gmail.com>
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Sun, 30 Nov 2014 04:47:48 +0000 (20:47 -0800)]
Merge git://git./linux/kernel/git/davem/net

9 years agomacvlan: delay the header check for dodgy packets into lower device
Jason Wang [Wed, 26 Nov 2014 09:21:14 +0000 (17:21 +0800)]
macvlan: delay the header check for dodgy packets into lower device

We do header check twice for a dodgy packet. One is done before
macvlan_start_xmit(), another is done before lower device's
ndo_start_xmit(). The first one seems redundant so this patch tries to
delay header check until a packet reaches its lower device (or macvtap)
through always enabling NETIF_F_GSO_ROBUST for macvlan device.

Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 29 Nov 2014 18:49:24 +0000 (10:49 -0800)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull irq fixes from Thomas Gleixner:
 "Three fixlets from the ARM SoC camp:
   - correct irqdomain initialization for atmel-aic
   - correct error handling for device tree parsing in bcm controllers"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip: brcmstb-l2: Fix error handling of irq_of_parse_and_map
  irqchip: bcm7120-l2: Fix error handling of irq_of_parse_and_map
  irqchip: atmel-aic: Fix irqdomain initialization

9 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Sat, 29 Nov 2014 18:15:31 +0000 (10:15 -0800)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of ten fixes: 8 for UFS including four static checker
  warnings, a potential null deref in the voltage regulator code, a race
  on module unload, a ref counting fix on the well known LUNs which made
  it impossible to remove the ufs module and fix to correct the
  information in pwr_info.

  In addition to UFS, there's a blacklist for the Intel Multi-Flex array
  which chokes on report supported operation codes and a fix to an oops
  in bnx2fc caused by shared skbs"

[ For us non-SCSI people: "UFS" here is "Universal Flash Storage" not
  the filesystem.  - Linus ]

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  ufs: fix NULL dereference when no regulators are defined
  ufs: ensure clk gating work is finished before module unloading
  scsi: ufs: fix static checker warning in ufshcd_parse_clock_info
  scsi: ufs: fix static checker warning in __ufshcd_setup_clocks
  scsi: ufs: fix static checker warning in ufshcd_populate_vreg
  scsi: ufs: fix static checker errors in ufshcd_system_suspend
  ufs: fix power info after link start-up
  ufs: fix reference counting of W-LUs
  scsi: add Intel Multi-Flex to scsi scan blacklist
  bnx2fc: do not add shared skbs to the fcoe_rx_list