| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This adds the support of enabling MT7663S and MT7668S SDIO-based
Bluetooth function.
There are quite many differences between MT766[3,8]S and standard
Bluetooth SDIO devices such as Type-A and Type-B devices. For example,
MT766[3,8]S have its own SDIO registers layout, definition, SDIO packet
format, and the specific flow should be programmed on them to complete
the device initialization and low power control and so on.
Currently, there are many independent programming sequences from the
transport which are exactly the same as the ones in btusb.c about MediaTek
support [1] and btmtkuart.c. We can try to split the transport independent
Bluetooth setups on the advance, place them into the common files and allow
varous transport drivers to reuse them in the future.
[1] http://lists.infradead.org/pipermail/linux-mediatek/2019-January/017074.html
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The SDIO identifier for MediaTek Bluetooth devices were defined in the
MediaTek Bluetooth driver. Moving the definitions in MMC header file
seems common sense.
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
None of them have any external callers, make them static.
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
|
|
No external dependencies, might as well handle this directly.
xfrm_afinfo_policy is now 40 bytes on x86_64.
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
|
|
handle this directly, its only used by ipv6.
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
|
|
Only used by ipv4, we can read the fl4 tos value directly instead.
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
|
|
All we do is write the length/status and address bits to a DMA
descriptor only to write its contents into on-chip registers right
after, eliminate this unnecessary step.
Signed-off-by: Florian Fainelli <[email protected]>
Reviewed-by: Jakub Kicinski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When a bridge port is being deleted, do not dereference it later in
br_vlan_port_event() as it can result in a use-after-free [1] if the RCU
callback was executed before invoking the function.
[1]
[ 129.638551] ==================================================================
[ 129.646904] BUG: KASAN: use-after-free in br_vlan_port_event+0x53c/0x5fd
[ 129.654406] Read of size 8 at addr ffff8881e4aa1ae8 by task ip/483
[ 129.663008] CPU: 0 PID: 483 Comm: ip Not tainted 5.1.0-rc5-custom-02265-ga946bd73daac #1383
[ 129.672359] Hardware name: Mellanox Technologies Ltd. MSN2100-CB2FO/SA001017, BIOS 5.6.5 06/07/2016
[ 129.682484] Call Trace:
[ 129.685242] dump_stack+0xa9/0x10e
[ 129.689068] print_address_description.cold.2+0x9/0x25e
[ 129.694930] kasan_report.cold.3+0x78/0x9d
[ 129.704420] br_vlan_port_event+0x53c/0x5fd
[ 129.728300] br_device_event+0x2c7/0x7a0
[ 129.741505] notifier_call_chain+0xb5/0x1c0
[ 129.746202] rollback_registered_many+0x895/0xe90
[ 129.793119] unregister_netdevice_many+0x48/0x210
[ 129.803384] rtnl_delete_link+0xe1/0x140
[ 129.815906] rtnl_dellink+0x2a3/0x820
[ 129.844166] rtnetlink_rcv_msg+0x397/0x910
[ 129.868517] netlink_rcv_skb+0x137/0x3a0
[ 129.882013] netlink_unicast+0x49b/0x660
[ 129.900019] netlink_sendmsg+0x755/0xc90
[ 129.915758] ___sys_sendmsg+0x761/0x8e0
[ 129.966315] __sys_sendmsg+0xf0/0x1c0
[ 129.988918] do_syscall_64+0xa4/0x470
[ 129.993032] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 129.998696] RIP: 0033:0x7ff578104b58
...
[ 130.073811] Allocated by task 479:
[ 130.077633] __kasan_kmalloc.constprop.5+0xc1/0xd0
[ 130.083008] kmem_cache_alloc_trace+0x152/0x320
[ 130.088090] br_add_if+0x39c/0x1580
[ 130.092005] do_set_master+0x1aa/0x210
[ 130.096211] do_setlink+0x985/0x3100
[ 130.100224] __rtnl_newlink+0xc52/0x1380
[ 130.104625] rtnl_newlink+0x6b/0xa0
[ 130.108541] rtnetlink_rcv_msg+0x397/0x910
[ 130.113136] netlink_rcv_skb+0x137/0x3a0
[ 130.117538] netlink_unicast+0x49b/0x660
[ 130.121939] netlink_sendmsg+0x755/0xc90
[ 130.126340] ___sys_sendmsg+0x761/0x8e0
[ 130.130645] __sys_sendmsg+0xf0/0x1c0
[ 130.134753] do_syscall_64+0xa4/0x470
[ 130.138864] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 130.146195] Freed by task 0:
[ 130.149421] __kasan_slab_free+0x125/0x170
[ 130.154016] kfree+0xf3/0x310
[ 130.157349] kobject_put+0x1a8/0x4c0
[ 130.161363] rcu_core+0x859/0x19b0
[ 130.165175] __do_softirq+0x250/0xa26
[ 130.170956] The buggy address belongs to the object at ffff8881e4aa1ae8
which belongs to the cache kmalloc-1k of size 1024
[ 130.184972] The buggy address is located 0 bytes inside of
1024-byte region [ffff8881e4aa1ae8, ffff8881e4aa1ee8)
Fixes: 9c0ec2e7182a ("bridge: support binding vlan dev link state to vlan member bridge ports")
Signed-off-by: Ido Schimmel <[email protected]>
Cc: Mike Manning <[email protected]>
Acked-by: Nikolay Aleksandrov <[email protected]>
Acked-by: Mike Manning <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Without this patch the socket address family sporadically gets wrong
value ends up the dev_set_mac_address() fails to set the desired MAC
address.
Fixes: 25766271e42f ("r8152: Refresh MAC address during USBDEVFS_RESET")
Signed-off-by: Crag.Wang <[email protected]>
Reviewed-by: Jakub Kicinski <[email protected]>
Reviewed-By: Mario Limonciello <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Ido Schimmel says:
====================
mlxsw: Shared buffer improvements
This patchset includes two improvements with regards to shared buffer
configuration in mlxsw.
The first part of this patchset forbids the user from performing illegal
shared buffer configuration that can result in unnecessary packet loss.
In order to better communicate these configuration failures to the user,
extack is propagated from devlink towards drivers. This is done in
patches #1-#8.
The second part of the patchset deals with the shared buffer
configuration of the CPU port. When a packet is trapped by the device,
it is sent across the PCI bus to the attached host CPU. From the
device's perspective, it is as if the packet is transmitted through the
CPU port.
While testing traffic directed at the CPU it became apparent that for
certain packet sizes and certain burst sizes, the current shared buffer
configuration of the CPU port is inadequate and results in packet drops.
The configuration is adjusted by patches #9-#14 that create two new pools
- ingress & egress - which are dedicated for CPU traffic.
====================
Acked-by: Jakub Kicinski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Switch the CPU port to use the new dedicated egress pool instead the
previously used egress pool which was shared with normal front panel
ports.
Add per-port quotas for the amount of traffic that can be buffered for
the CPU port and also adjust the per-{port, TC} quotas.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The CPU port is used to transmit traffic that is trapped to the host
CPU. It is therefore irrelevant to define ingress quota for it.
Add a 'skip_ingress' argument to the function tasked with configuring
per-port quotas, so that ingress quotas could be skipped in case the
passed local port is the CPU port.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The function is used to set the per-port shared buffer quotas.
Currently, these quotas are only set for front panel ports, but a
subsequent patch will configure these quotas for the CPU port as well.
The configuration required for the CPU port is a bit different than that
of the front panel ports, so split the business logic into a separate
function which will be called with different parameters for the CPU
port.
No functional changes intended.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Use the new ingress pool that was added in the previous patch for
control packets (e.g., STP, LACP) that are trapped to the CPU.
The previous management pool is no longer necessary and therefore its
size is set to 0.
The maximum quota for traffic towards the CPU is increased to 50% of the
free space in the new ingress pool and therefore the reserved space is
reduced by half, to 10KB - in both the shared and headroom buffer. This
allows for more efficient utilization of the shared buffer as reserved
space cannot be used for other purposes.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Packets that are trapped to the CPU are transmitted through the CPU port
to the attached host. The CPU port is therefore like any other port and
needs to have shared buffer configuration.
The maximum quotas configured for the CPU are provided using dynamic
threshold and cannot be changed by the user. In order to make sure that
these thresholds are always valid, the configuration of the threshold
type of these pools is forbidden.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The code currently assumes that ingress pools have lower indices than
egress pools. This makes it impossible to add more ingress pools
without breaking user configuration that relies on a certain pool index
to correspond to an egress pool.
Remove such assumptions from the code, so that more ingress pools could
be added by subsequent patches.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Commit e83c045e53d7 ("mlxsw: spectrum_buffers: Configure MC pool")
configured the threshold of the multicast TCs as infinite so that the
admission of multicast packets is only depended on per-switch priority
threshold.
Forbid the user from changing the thresholds of these multicast TCs and
their binding to a different pool.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Multicast packets have three egress quotas:
* Per egress port
* Per egress port and traffic class
* Per switch priority
The limits on the switch priority are not exposed to the user and
specified as dynamic threshold on the first egress pool.
Forbid changing the threshold type of the first egress pool so that
these limits are always valid.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Commit e83c045e53d7 ("mlxsw: spectrum_buffers: Configure MC pool") added
a dedicated pool for multicast traffic. The pool is visible to the user
so that it would be possible to monitor its occupancy, but its
configuration should be forbidden in order to maintain its intended
operation.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Subsequent patches are going to need to veto changes in certain TCs'
binding and threshold configurations.
Add fields to the TC's struct that indicate if the TC can be bound to a
different pool and whether its threshold can change and enforce that.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Subsequent patches are going to need to veto changes in certain pools'
size and / or threshold type (mode).
Add two fields to the pool's struct that indicate if either of these
attributes is allowed to change and enforce that.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The pool indices are currently hard coded throughout the code, which
makes the code hard to follow and extend.
Overcome this by using defines for the pool indices.
Signed-off-by: Ido Schimmel <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Add extack messages to better communicate invalid configuration to the
user.
Example:
# devlink sb pool set pci/0000:01:00.0 pool 0 size 104857600 thtype dynamic
Error: mlxsw_spectrum: Exceeded shared buffer size.
devlink answers: Invalid argument
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Add extack to shared buffer set operations, so that meaningful error
messages could be propagated to the user.
Signed-off-by: Ido Schimmel <[email protected]>
Acked-by: Jiri Pirko <[email protected]>
Reviewed-by: Petr Machata <[email protected]>
Cc: Jakub Kicinski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
stmmac_check_ether_addr() checks the MAC address and assigns one in
driver open(). In many cases when we create slave netdevice, the dev
addr is inherited from master but the master dev addr maybe NULL at
that time, so move this call to driver probe so that address is
always valid.
Signed-off-by: Xiaofei Shen <[email protected]>
Tested-by: Xiaofei Shen <[email protected]>
Signed-off-by: Sneh Shah <[email protected]>
Signed-off-by: Vinod Koul <[email protected]>
Reviewed-by: Andrew Lunn <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Paul Gortmaker says:
====================
clean up needless use of module infrastructure
People can embed modular includes and modular exit functions into code
that never use any of it, and they won't get any errors or warnings.
Using modular infrastructure in non-modules might seem harmless, but some
of the downfalls this leads to are:
(1) it is easy to accidentally write unused module_exit removal code
(2) it can be misleading when reading the source, thinking a driver can
be modular when the Makefile and/or Kconfig prohibit it
(3) an unused include of the module.h header file will in turn
include nearly everything else; adding a lot to CPP overhead.
(4) it gets copied/replicated into other drivers and spreads quickly.
As a data point for #3 above, an empty C file that just includes the
module.h header generates over 750kB of CPP output. Repeating the same
experiment with init.h and the result is less than 12kB; with export.h
it is only about 1/2kB; with both it still is less than 12kB. One driver
in this series gets the module.h ---> init.h+export.h conversion.
Worse, are headers in include/linux that in turn include <linux/module.h>
as they can impact a whole fleet of drivers, or a whole subsystem, so
special care should be used in order to avoid that. Such headers should
only include what they need to be stand-alone; they should not be trying
to anticipate the various header needs of their possible end users.
In this series, four include/linux headers have module.h removed from
them because they don't strictly need it. Then three chunks of net
related code have modular infrastructure that isn't used, removed.
There are no runtime changes, so the biggest risk is a genuine consumer
of module.h content relying on implicitly getting it from one of the
include/linux instances removed here - thus resulting in a build fail.
With that in mind, allmodconfig build testing was done on x86-64, arm64,
x86-32, arm. powerpc, and mips on linux-next (and hence net-next).
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
The Kconfig currently controlling compilation of this code is:
net/strparser/Kconfig:config STREAM_PARSER
net/strparser/Kconfig: def_bool n
...meaning that it currently is not being built as a module by anyone.
Lets remove the modular code that is essentially orphaned, so that
when reading the driver there is no doubt it is builtin-only.
Since module_init translates to device_initcall in the non-modular
case, the init ordering remains unchanged with this commit. For
clarity, we change the fcn name mod_init to dev_init at the same time.
We replace module.h with init.h and export.h ; the latter since this
file exports some syms.
Cc: "David S. Miller" <[email protected]>
Cc: Alexei Starovoitov <[email protected]>
Cc: Daniel Borkmann <[email protected]>
Cc: Martin KaFai Lau <[email protected]>
Cc: Song Liu <[email protected]>
Cc: Yonghong Song <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The Kconfig controlling this code is:
bpfilter/Kconfig:menuconfig BPFILTER
bpfilter/Kconfig: bool "BPF based packet filtering framework (BPFILTER)"
Since it isn't a module, we shouldn't use module_init(). Instead we
use device_initcall() - which is exactly what module_init() defaults
to for non-modular code/builds.
We don't remove <linux/module.h> from the includes since this file does
a request_module() and hence is a valid user of that header file, even
though it is not modular itself.
Cc: "David S. Miller" <[email protected]>
Cc: Alexey Kuznetsov <[email protected]>
Cc: Hideaki YOSHIFUJI <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The Kconfig currently controlling compilation of this code is:
net/Kconfig:config CGROUP_NET_PRIO
net/Kconfig: bool "Network priority cgroup"
...meaning that it currently is not being built as a module by anyone,
as module support was discontinued in 2014.
We delete the MODULE_LICENSE tag since all that information is already
contained at the top of the file in the comments.
We don't delete module.h from the includes since it was no longer there
to begin with.
Cc: "David S. Miller" <[email protected]>
Cc: Tejun Heo <[email protected]>
Cc: "Rosen, Rami" <[email protected]>
Cc: Daniel Wagner <[email protected]>
Cc: [email protected]
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Ideally, header files under include/linux shouldn't be adding
includes of other headers, in anticipation of their consumers,
but just the headers needed for the header itself to pass
parsing with CPP.
The module.h is particularly bad in this sense, as it itself does
include a whole bunch of other headers, due to the complexity of
module support.
Since tc_ife.h is not going into a module struct looking for
specific fields, we can just let it know that module is a struct,
just like about 60 other include/linux headers already do.
Cc: Jamal Hadi Salim <[email protected]>
Cc: Cong Wang <[email protected]>
Cc: Jiri Pirko <[email protected]>
Cc: "David S. Miller" <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Ideally, header files under include/linux shouldn't be adding
includes of other headers, in anticipation of their consumers,
but just the headers needed for the header itself to pass
parsing with CPP.
The module.h is particularly bad in this sense, as it itself does
include a whole bunch of other headers, due to the complexity of
module support.
Since fib_notifier.h is not going into a module struct looking for
specific fields, we can just let it know that module is a struct,
just like about 60 other include/linux headers already do.
Cc: "David S. Miller" <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Ideally, header files under include/linux shouldn't be adding
includes of other headers, in anticipation of their consumers,
but just the headers needed for the header itself to pass
parsing with CPP.
The module.h is particularly bad in this sense, as it itself does
include a whole bunch of other headers, due to the complexity of
module support.
There doesn't appear to be anything in net/ife.h that is module
related, and build coverage doesn't appear to show any other
files/drivers relying implicitly on getting it from here.
So it appears we are simply free to just remove it in this case.
Cc: Yotam Gigi <[email protected]>
Cc: Jamal Hadi Salim <[email protected]>
Cc: "David S. Miller" <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Ideally, header files under include/linux shouldn't be adding
includes of other headers, in anticipation of their consumers,
but just the headers needed for the header itself to pass
parsing with CPP.
The module.h is particularly bad in this sense, as it itself does
include a whole bunch of other headers, due to the complexity of
module support.
There doesn't appear to be anything in psample.h that is module
related, and build coverage doesn't appear to show any other
files/drivers relying implicitly on getting it from here.
So it appears we are simply free to just remove it in this case.
Cc: Yotam Gigi <[email protected]>
Cc: "David S. Miller" <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The header contains rtnh_ macros so rename the file accordingly.
Allows a later patch to use the nexthop.h name for the new
nexthop code.
Signed-off-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
fib6_info_nh_lwt is no longer used; remove it.
Signed-off-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This patch makes trivial whitespace fix to the function
tcp_v4_check at include/net/tcp.h file.
It has stylistic issue, which is "space required after that ','"
and it can be confirmed with ./scripts/checkpatch.pl tool.
ERROR: space required after that ',' (ctx:VxV)
#29: FILE: include/net/tcp.h:1317:
+ return csum_tcpudp_magic(saddr,daddr,len,IPPROTO_TCP,base);
^
Signed-off-by: Daniel T. Lee <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Alexei Starovoitov says:
====================
pull-request: bpf-next 2019-04-22
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) allow stack/queue helpers from more bpf program types, from Alban.
2) allow parallel verification of root bpf programs, from Alexei.
3) introduce bpf sysctl hook for trusted root cases, from Andrey.
4) recognize var/datasec in btf deduplication, from Andrii.
5) cpumap performance optimizations, from Jesper.
6) verifier prep for alu32 optimization, from Jiong.
7) libbpf xsk cleanup, from Magnus.
8) other various fixes and cleanups.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
Pablo Neira Ayuso says:
====================
Netfilter/IPVS fixes for net
The following patchset contains Netfilter/IPVS fixes for your net tree:
1) Add a selftest for icmp packet too big errors with conntrack, from
Florian Westphal.
2) Validate inner header in ICMP error message does not lie to us
in conntrack, also from Florian.
3) Initialize ct->timeout to calm down KASAN, from Alexander Potapenko.
4) Skip ICMP error messages from tunnels in IPVS, from Julian Anastasov.
5) Use a hash to expose conntrack and expectation ID, from Florian Westphal.
6) Prevent shift wrap in nft_chain_parse_hook(), from Dan Carpenter.
7) Fix broken ICMP ID randomization with NAT, also from Florian.
8) Remove WARN_ON in ebtables compat that is reached via syzkaller,
from Florian Westphal.
9) Fix broken timestamps since fb420d5d91c1 ("tcp/fq: move back to
CLOCK_MONOTONIC"), from Florian.
10) Fix logging of invalid packets in conntrack, from Andrei Vagin.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
Alexei Starovoitov says:
====================
Allow the bpf verifier to run in parallel for root.
====================
Acked-by: Andrii Nakryiko <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
Drop bpf_verifier_lock for root to avoid being DoS-ed by unprivileged.
The BPF verifier is now fully parallel.
All unpriv users are still serialized by bpf_verifier_lock to avoid
exhausting kernel memory by running N parallel verifications.
Signed-off-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
Move three global variables protected by bpf_verifier_lock into
'struct bpf_verifier_env' to allow parallel verification.
Signed-off-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
Document the verifier limits.
Signed-off-by: Alexei Starovoitov <[email protected]>
Acked-by: Yonghong Song <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into mlx5-next
Linux 5.1-rc1
We forgot to reset the branch last merge window thus mlx5-next is outdated
and still based on 5.0-rc2. This merge commit is needed to sync mlx5-next
branch with 5.1-rc1.
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
When a blocked NFS lock is "awoken" we send a callback to the server and
then wake any hosts waiting on it. If a client attempts to get a lock
and then drops off the net, we could end up waiting for a long time
until we end up waking locks blocked on that request.
So, wake any other waiting lock requests before sending the callback.
Do this by calling locks_delete_block in a new "prepare" phase for
CB_NOTIFY_LOCK callbacks.
URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363
Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.")
Reported-by: Slawomir Pryczek <[email protected]>
Cc: Neil Brown <[email protected]>
Cc: [email protected]
Signed-off-by: Jeff Layton <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
After a blocked nfsd file_lock request is deleted, knfsd will send a
callback to the client and then free the request. Commit 16306a61d3b7
("fs/locks: always delete_block after waiting.") changed it such that
locks_delete_block is always called on a request after it is awoken,
but that patch missed fixing up blocked nfsd request handling.
Call locks_delete_block on the block to wake up any locks still blocked
on the nfsd lock request before freeing it. Some of its callers already
do this however, so just remove those calls.
URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363
Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.")
Reported-by: Slawomir Pryczek <[email protected]>
Cc: Neil Brown <[email protected]>
Cc: [email protected]
Signed-off-by: Jeff Layton <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
Pull MIPS fixes from Paul Burton:
"A couple more MIPS fixes:
- Fix indirect syscall tracing & seccomp filtering for big endian
MIPS64 kernels, which previously loaded the syscall number
incorrectly & would always use zero.
- Fix performance counter IRQ setup for Atheros/ath79 SoCs, allowing
perf to function on those systems.
And not really a fix, but a useful addition:
- Add a Broadcom mailing list to the MAINTAINERS entry for BMIPS
systems to allow relevant engineers to track patch submissions"
* tag 'mips_fixes_5.1_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
MIPS: perf: ath79: Fix perfcount IRQ assignment
MIPS: scall64-o32: Fix indirect syscall number load
MAINTAINERS: BMIPS: Add internal Broadcom mailing list
|
|
It doesn't log a packet if sysctl_log_invalid isn't equal to protonum
OR sysctl_log_invalid isn't equal to IPPROTO_RAW. This sentence is
always true. I believe we need to replace OR to AND.
Cc: Florian Westphal <[email protected]>
Fixes: c4f3db1595827 ("netfilter: conntrack: add and use nf_l4proto_log_invalid")
Signed-off-by: Andrei Vagin <[email protected]>
Acked-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
setting net.netfilter.nf_conntrack_timestamp=1 breaks xmit with fq
scheduler. skb->tstamp might be "refreshed" using ktime_get_real(),
but fq expects CLOCK_MONOTONIC.
This patch removes all places in netfilter that check/set skb->tstamp:
1. To fix the bogus "start" time seen with conntrack timestamping for
outgoing packets, never use skb->tstamp and always use current time.
2. In nfqueue and nflog, only use skb->tstamp for incoming packets,
as determined by current hook (prerouting, input, forward).
3. xt_time has to use system clock as well rather than skb->tstamp.
We could still use skb->tstamp for prerouting/input/foward, but
I see no advantage to make this conditional.
Fixes: fb420d5d91c1 ("tcp/fq: move back to CLOCK_MONOTONIC")
Cc: Eric Dumazet <[email protected]>
Reported-by: Michal Soltys <[email protected]>
Signed-off-by: Florian Westphal <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
It means userspace gave us a ruleset where there is some other
data after the ebtables target but before the beginning of the next rule.
Fixes: 81e675c227ec ("netfilter: ebtables: add CONFIG_COMPAT support")
Reported-by: [email protected]
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
The RTF_ADDRCONF flag filters out routes added by RA's in determining
which routes can be appended to an existing one to create a multipath
route. Restore the flag check and add a comment to document the RA piece.
Fixes: 4e54507ab1a9 ("ipv6: Simplify rt6_qualify_for_ecmp")
Signed-off-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|