565814 Commits

Author SHA1 Message Date
Joshua Henderson
26706d43b8 net: phy: Add support for SMSC LAN8740 PHY
LAN8740 has a different phy_id than LAN8710/LAN8720.

Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 23:13:24 -05:00
David S. Miller
7d7f5d04c2 brcmfmac
* query features through firmware command
 * ARP offload through inet notifier
 * force probe to succeed for debugging purposes
 * random mac support for scheduled scan
 * support wowl upon net detect
 
 iwlwifi
 
 * bug fixes and improvements for firmware debug system
 * advertise support for Rx A-MSDU in A-MPDU
 * support -20.ucode
 * fix WoWLAN for iwldvm
 * preparations towards multiple Rx queues
 * platform power improvements for GO mode when no clients are associated
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQEcBAABAgAGBQJWkMH7AAoJEG4XJFUm622bXN4H/3Iwgf/W7M4sSgB4chMAq9Rh
 qfJW0gsHHyTdwwrvFCExN/hFUb/wBwwEDSS5Ht+k//1iDX5ixtkBgo8uEaC06EkX
 HsJQFSWBhyihm/ZWxYX/meM9RXrm2S+4k/H67posOR9OhX2RNTRIWgE34JZh35sU
 sigADXHH3yz21boUxWCicyrjlNs01d3g4Q4ARpK5tet6uWnhpFRbd3kK/ZPd6mwC
 36XPW9aKram828DgmuCWXhUMJ+YNgHcTFDzUHPj2Rcr7YD32vrMjzC+b/WyHoJs0
 dlf2/vgBSQvQY5GbcdJslWG7HOvJyh0ZIK/chlY6pJVn6LzD2Qq4OVsetl0PWzU=
 =qCp/
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-next-for-davem-2016-01-09' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next

Kalle Valo says:

====================
brcmfmac

* query features through firmware command
* ARP offload through inet notifier
* force probe to succeed for debugging purposes
* random mac support for scheduled scan
* support wowl upon net detect

iwlwifi

* bug fixes and improvements for firmware debug system
* advertise support for Rx A-MSDU in A-MPDU
* support -20.ucode
* fix WoWLAN for iwldvm
* preparations towards multiple Rx queues
* platform power improvements for GO mode when no clients are associated
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 23:10:10 -05:00
Eric Dumazet
3e4006f0b8 ipv6: tcp: add rcu locking in tcp_v6_send_synack()
When first SYNACK is sent, we already hold rcu_read_lock(), but this
is not true if a SYNACK is retransmitted, as a timer (soft) interrupt
does not hold rcu_read_lock()

Fixes: 45f6fad84cc30 ("ipv6: add complete rcu protection around np->opt")
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:58:03 -05:00
Eric Dumazet
a78cb84c62 net: add scheduling point in recvmmsg/sendmmsg
Applications often have to reduce number of datagrams
they receive or send per system call to avoid starvation problems.

Really the kernel should take care of this by using cond_resched(),
so that applications can experiment bigger batch sizes.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:56:29 -05:00
Lubomir Rintel
3d171f3907 ipv6: always add flag an address that failed DAD with DADFAILED
The userspace needs to know why is the address being removed so that it can
perhaps obtain a new address.

Without the DADFAILED flag it's impossible to distinguish removal of a
temporary and tentative address due to DAD failure from other reasons (device
removed, manual address removal).

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:54:27 -05:00
Fabio Estevam
541b8e291f net: lpc_eth: Remove unused variables
Commit e7f4dc3536a400 ("mdio: Move allocation of interrupts into core")
introduced the following build warnings:

drivers/net/ethernet/nxp/lpc_eth.c: In function 'lpc_mii_init':
drivers/net/ethernet/nxp/lpc_eth.c:865:1: warning: label 'err_out_1' defined but not used [-Wunused-label]
drivers/net/ethernet/nxp/lpc_eth.c:826:20: warning: unused variable 'i' [-Wunused-variable]

Remove the unused variables to fix them.

Reported-by: Olof's autobuilder <build@lixom.net>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:50:14 -05:00
Sudip Mukherjee
fdffd2e8c7 bfin_mac: fix error path
While building blackfin defconfig we were getting a build warning:
warning: label 'out_err_irq_alloc' defined but not used.

Commit e7f4dc3536a4 ("mdio: Move allocation of interrupts into core")
removed the label out_err_mdiobus_register but then mistakenly jumped to
out_err_alloc. But it was actually supposed to jump to out_err_irq_alloc.

Fixes: e7f4dc3536a4 ("mdio: Move allocation of interrupts into core")
Cc: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:46:01 -05:00
Sudip Mukherjee
053842a8bf phy: fix blackfin build failure
The build of blackfin defconfig is failing with the error:
error: 'struct mii_bus' has no member named 'phy_map'

A new API mdiobus_get_phy() was introduced and phy_map was removed but
it was not changed here.

Fixes: 7f854420fbfe ("phy: Add API for {un}registering an mdio device to a bus.")
Cc: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:46:00 -05:00
Hariprasad Shenai
89e7a154e0 cxgb4: Fixes static checker warning in mps_tcam_show()
The commit 115b56af88b5 ("cxgb4: Update mps_tcam output to include T6
fields") from Dec 23, 2015, leads to the following static checker
warning:

        drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c:1735
mps_tcam_show()
        warn: we tested 'lookup_type' before and it was 'true'

Fixing it.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:42:03 -05:00
David S. Miller
1f76f7315d Merge branch 'emac-RK3036'
Xing Zheng says:

====================
Add support emac for the RK3036 SoC platform

  We have supported the emac for RK3066/RK3188, but the RK3036 have
some configuration different with them. We should let the driver of
emac_rockchip compatible with other Rockchip SoCs.

Changes in v2:
- Separate DTS from patch series.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:21:32 -05:00
Xing Zheng
af72261f33 net: ethernet: arc: Add support emac for RK3036
The RK3036's GRFs offset are different with RK3066/RK3188, and need to set
mac TX/RX clock before probe emac.

Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:21:31 -05:00
Xing Zheng
f4c9d3ee03 net: ethernet: arc: Keep emac compatibility for more Rockchip SoCs
On the RK3066/RK3188, there was fixed GRF offset configuration to set emac
and fixed DIV2 mac TX/RX clock. So, we need to easily set and fit to other
SoCs (RK3036) which maybe have different GRF offset, and need adjust mac
TX/RX clock.

Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:21:31 -05:00
Xing Zheng
c9bca2fe3c net: ethernet: arc: Probe emac after set RMII clock
After enter arc_emac_probe, emac will get_phy_id, phy_poll_reset and
other connecting PHY via mdiobus_read, so we need to set correct
ref clock rate for emac before probe emac.

Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:21:31 -05:00
David S. Miller
0652cb5b8b Merge branch 'bnxt_en-zeropad-fw-and-reset'
Michael Chan says:

====================
bnxt_en: Zero pad fw messages and add fw reset.

2 patches related to firmware for net-next.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:19:19 -05:00
Rob Swindell
d2d6318cb9 bnxt_en: Reset embedded processor after applying firmware upgrade
Use HWRM_FW_RESET command to request a self-reset of the embedded
processor(s) after successfully applying a firmware update. For boot
processor, the self-reset is currently deferred until the next PCIe reset.

Signed-off-by: Rob Swindell <swindell@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:19:19 -05:00
Michael Chan
d79979a103 bnxt_en: Zero pad firmware messages to 128 bytes.
For future compatibility, zero pad all messages that the driver sends
to the firmware to 128 bytes.  If these messages are extended in the
future with new byte enables, zero padding these messages now will
guarantee future compatibility.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:19:19 -05:00
Daniel Borkmann
1f211a1b92 net, sched: add clsact qdisc
This work adds a generalization of the ingress qdisc as a qdisc holding
only classifiers. The clsact qdisc works on ingress, but also on egress.
In both cases, it's execution happens without taking the qdisc lock, and
the main difference for the egress part compared to prior version of [1]
is that this can be applied with _any_ underlying real egress qdisc (also
classless ones).

Besides solving the use-case of [1], that is, allowing for more programmability
on assigning skb->priority for the mqprio case that is supported by most
popular 10G+ NICs, it also opens up a lot more flexibility for other tc
applications. The main work on classification can already be done at clsact
egress time if the use-case allows and state stored for later retrieval
f.e. again in skb->priority with major/minors (which is checked by most
classful qdiscs before consulting tc_classify()) and/or in other skb fields
like skb->tc_index for some light-weight post-processing to get to the
eventual classid in case of a classful qdisc. Another use case is that
the clsact egress part allows to have a central egress counterpart to
the ingress classifiers, so that classifiers can easily share state (e.g.
in cls_bpf via eBPF maps) for ingress and egress.

Currently, default setups like mq + pfifo_fast would require for this to
use, for example, prio qdisc instead (to get a tc_classify() run) and to
duplicate the egress classifier for each queue. With clsact, it allows
for leaving the setup as is, it can additionally assign skb->priority to
put the skb in one of pfifo_fast's bands and it can share state with maps.
Moreover, we can access the skb's dst entry (f.e. to retrieve tclassid)
w/o the need to perform a skb_dst_force() to hold on to it any longer. In
lwt case, we can also use this facility to setup dst metadata via cls_bpf
(bpf_skb_set_tunnel_key()) without needing a real egress qdisc just for
that (case of IFF_NO_QUEUE devices, for example).

The realization can be done without any changes to the scheduler core
framework. All it takes is that we have two a-priori defined minors/child
classes, where we can mux between ingress and egress classifier list
(dev->ingress_cl_list and dev->egress_cl_list, latter stored close to
dev->_tx to avoid extra cacheline miss for moderate loads). The egress
part is a bit similar modelled to handle_ing() and patched to a noop in
case the functionality is not used. Both handlers are now called
sch_handle_ingress() and sch_handle_egress(), code sharing among the two
doesn't seem practical as there are various minor differences in both
paths, so that making them conditional in a single handler would rather
slow things down.

Full compatibility to ingress qdisc is provided as well. Since both
piggyback on TC_H_CLSACT, only one of them (ingress/clsact) can exist
per netdevice, and thus ingress qdisc specific behaviour can be retained
for user space. This means, either a user does 'tc qdisc add dev foo ingress'
and configures ingress qdisc as usual, or the 'tc qdisc add dev foo clsact'
alternative, where both, ingress and egress classifier can be configured
as in the below example. ingress qdisc supports attaching classifier to any
minor number whereas clsact has two fixed minors for muxing between the
lists, therefore to not break user space setups, they are better done as
two separate qdiscs.

I decided to extend the sch_ingress module with clsact functionality so
that commonly used code can be reused, the module is being aliased with
sch_clsact so that it can be auto-loaded properly. Alternative would have been
to add a flag when initializing ingress to alter its behaviour plus aliasing
to a different name (as it's more than just ingress). However, the first would
end up, based on the flag, choosing the new/old behaviour by calling different
function implementations to handle each anyway, the latter would require to
register ingress qdisc once again under different alias. So, this really begs
to provide a minimal, cleaner approach to have Qdisc_ops and Qdisc_class_ops
by its own that share callbacks used by both.

Example, adding qdisc:

   # tc qdisc add dev foo clsact
   # tc qdisc show dev foo
   qdisc mq 0: root
   qdisc pfifo_fast 0: parent :1 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
   qdisc pfifo_fast 0: parent :2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
   qdisc pfifo_fast 0: parent :3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
   qdisc pfifo_fast 0: parent :4 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
   qdisc clsact ffff: parent ffff:fff1

Adding filters (deleting, etc works analogous by specifying ingress/egress):

   # tc filter add dev foo ingress bpf da obj bar.o sec ingress
   # tc filter add dev foo egress  bpf da obj bar.o sec egress
   # tc filter show dev foo ingress
   filter protocol all pref 49152 bpf
   filter protocol all pref 49152 bpf handle 0x1 bar.o:[ingress] direct-action
   # tc filter show dev foo egress
   filter protocol all pref 49152 bpf
   filter protocol all pref 49152 bpf handle 0x1 bar.o:[egress] direct-action

A 'tc filter show dev foo' or 'tc filter show dev foo parent ffff:' will
show an empty list for clsact. Either using the parent names (ingress/egress)
or specifying the full major/minor will then show the related filter lists.

Prior work on a mqprio prequeue() facility [1] was done mainly by John Fastabend.

  [1] http://patchwork.ozlabs.org/patch/512949/

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:13:15 -05:00
Andrew Lunn
ede5599753 ethernet: amd: au1000: Remove pointless warning
The warning about being able to read any MDIO device, not just the
attached ethernet devices PHY applies to all MDIO drivers. So remove
it. This also removes a reference to a member in phy_device which has
moved.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:06:59 -05:00
Andrew Lunn
3fe01e2406 staging: netlogic: Fix build error due to missed API change
Fix a number of build errors due to moving the phy_map and centralizing
interrupt allocation.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:06:58 -05:00
Guenter Roeck
e574f39816 net: ethernet: faraday: Use phy_find_first() instead of open coding it
Use phy_find_first() to find the first phy device instead of
open coding it.

Cc: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:05:30 -05:00
Guenter Roeck
ee64f08ea9 net: ethernet: broadcom: Fix build errors
Commit 7f854420fbfe ("phy: Add API for {un}registering an mdio device to
a bus") introduces an API to access mii_bus structures, but missed to
update the sb1250 driver. This results in the following build error.

drivers/net/ethernet/broadcom/sb1250-mac.c: In function 'sbmac_mii_probe':
drivers/net/ethernet/broadcom/sb1250-mac.c:2360:24: error:
	'struct mii_bus' has no member named 'phy_map'

Use phy_find_first() instead of open coding it.

Commit 2220943a21e2 ("phy: Centralise print about attached phy") introduces
the following build error.

drivers/net/ethernet/broadcom/sb1250-mac.c: In function 'sbmac_mii_probe':
drivers/net/ethernet/broadcom/sb1250-mac.c:2383:20: error: 'phydev' undeclared

Fixes: 7f854420fbfe ("phy: Add API for {un}registering an mdio device to a bus")
Fixes: 2220943a21e2 ("phy: Centralise print about attached phy")
Cc: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 22:05:30 -05:00
David S. Miller
5c721d561d Merge branch 'mdio-device-fixes'
Andrew Lunn says:

====================
Fix breakage from mdio device

These two patches fix MIPS platforms which got broken by
the recent mdio device patchset.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 18:03:47 -05:00
Andrew Lunn
0c129bf756 net: ethernet-rgmii.c: Fix breakage from moving phdev bus
The mdio device patches moved the bus member in phy_device into a
substructure. This driver got missed. Fix it.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 18:03:47 -05:00
Andrew Lunn
2a4fc4ea29 net: lantiq_etop.c: Use helper to find first phy
Make use of the helper to find the first phy device.
This also fixes the compile breakage.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 18:03:47 -05:00
Romain Perier
6c672c9bf4 stmmac: Don't exit mdio registration when mdio subnode is not found in the DTS
Originally, most of the platforms using this driver did not define an mdio subnode
in the devicetree. Commit e34d65 ("stmmac: create of compatible mdio bus for stmmac driver")
introduced a backward compatibily issue by using of_mdiobus_register explicitly
with an mdio subnode. This patch fixes the issue by calling the function
mdiobus_register, when mdio subnode is not found. The driver is now compatible
with both modes.

Fixes: e34d65696d2e ("stmmac: create of compatible mdio bus for stmmac driver")
Signed-off-by: Romain Perier <romain.perier@gmail.com>
Tested-by: Phil Reid <preid@electromag.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 18:02:33 -05:00
Linus Torvalds
afd2ff9b7e Linux 4.4 v4.4 2016-01-10 15:01:32 -08:00
Sasha Levin
320f1a4a17 net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory
proc_dostring() needs an initialized destination string, while the one
provided in proc_sctp_do_hmac_alg() contains stack garbage.

Thus, writing to cookie_hmac_alg would strlen() that garbage and end up
accessing invalid memory.

Fixes: 3c68198e7 ("sctp: Make hmac algorithm selection for cookie generation dynamic")
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 18:01:01 -05:00
Kristian Evensen
18715b2615 net: qmi_wwan: Add SIMCom 7230E
SIMCom 7230E is a QMI LTE module with support for most "normal" bands.
Manual testing has showed that only interface five works.

Cc: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:55:34 -05:00
David S. Miller
749f7df186 Merge branch 'bpf-next'
Daniel Borkmann says:

====================
BPF update

Fixes a csum issue on ingress. As mentioned previously, net-next
seems just fine imho. Later on, will follow up with couple of
replacements like ovs_skb_postpush_rcsum() etc.

Thanks!

v1 -> v2:
  - Added patch 1 with helper
  - Implemented Hannes' idea to just use csum_partial, thanks!
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:54:28 -05:00
Daniel Borkmann
f8ffad69c9 bpf: add skb_postpush_rcsum and fix dev_forward_skb occasions
Add a small helper skb_postpush_rcsum() and fix up redirect locations
that need CHECKSUM_COMPLETE fixups on ingress. dev_forward_skb() expects
a proper csum that covers also Ethernet header, f.e. since 2c26d34bbcc0
("net/core: Handle csum for CHECKSUM_COMPLETE VXLAN forwarding"), we
also do skb_postpull_rcsum() after pulling Ethernet header off via
eth_type_trans().

When using eBPF in a netns setup f.e. with vxlan in collect metadata mode,
I can trigger the following csum issue with an IPv6 setup:

  [  505.144065] dummy1: hw csum failure
  [...]
  [  505.144108] Call Trace:
  [  505.144112]  <IRQ>  [<ffffffff81372f08>] dump_stack+0x44/0x5c
  [  505.144134]  [<ffffffff81607cea>] netdev_rx_csum_fault+0x3a/0x40
  [  505.144142]  [<ffffffff815fee3f>] __skb_checksum_complete+0xcf/0xe0
  [  505.144149]  [<ffffffff816f0902>] nf_ip6_checksum+0xb2/0x120
  [  505.144161]  [<ffffffffa08c0e0e>] icmpv6_error+0x17e/0x328 [nf_conntrack_ipv6]
  [  505.144170]  [<ffffffffa0898eca>] ? ip6t_do_table+0x2fa/0x645 [ip6_tables]
  [  505.144177]  [<ffffffffa08c0725>] ? ipv6_get_l4proto+0x65/0xd0 [nf_conntrack_ipv6]
  [  505.144189]  [<ffffffffa06c9a12>] nf_conntrack_in+0xc2/0x5a0 [nf_conntrack]
  [  505.144196]  [<ffffffffa08c039c>] ipv6_conntrack_in+0x1c/0x20 [nf_conntrack_ipv6]
  [  505.144204]  [<ffffffff8164385d>] nf_iterate+0x5d/0x70
  [  505.144210]  [<ffffffff816438d6>] nf_hook_slow+0x66/0xc0
  [  505.144218]  [<ffffffff816bd302>] ipv6_rcv+0x3f2/0x4f0
  [  505.144225]  [<ffffffff816bca40>] ? ip6_make_skb+0x1b0/0x1b0
  [  505.144232]  [<ffffffff8160b77b>] __netif_receive_skb_core+0x36b/0x9a0
  [  505.144239]  [<ffffffff8160bdc8>] ? __netif_receive_skb+0x18/0x60
  [  505.144245]  [<ffffffff8160bdc8>] __netif_receive_skb+0x18/0x60
  [  505.144252]  [<ffffffff8160ccff>] process_backlog+0x9f/0x140
  [  505.144259]  [<ffffffff8160c4a5>] net_rx_action+0x145/0x320
  [...]

What happens is that on ingress, we push Ethernet header back in, either
from cls_bpf or right before skb_do_redirect(), but without updating csum.
The "hw csum failure" can be fixed by using the new skb_postpush_rcsum()
helper for the dev_forward_skb() case to correct the csum diff again.

Thanks to Hannes Frederic Sowa for the csum_partial() idea!

Fixes: 3896d655f4d4 ("bpf: introduce bpf_clone_redirect() helper")
Fixes: 27b29f63058d ("bpf: add bpf_redirect() helper")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:54:28 -05:00
Daniel Borkmann
fdc5432a7b net, sched: add skb_at_tc_ingress helper
Add a skb_at_tc_ingress() as this will be needed elsewhere as well and
can hide the ugly ifdef.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:54:28 -05:00
David S. Miller
4156afafcc Merge branch 'tcp-keepalive-namespaceify'
Nikolay Borisov says:

====================
Namespaceify tcp keepalive machinery

The following patch series enables the tcp keepalive mechanism
to be configured per net namespace. This is especially useful
if you have multiple containers hosted on one node and one of
them is under DoS-  in such situations one thing which could
be done is to configure the tcp keepalive settings such that
connections for that particular container are being reset
faster.

Another scenario where not being able to control those knob
comes per container is problematic is occurs the value of
net.netfilter.nf_conntrack_tcp_timeout_established is set
below the keepalive interval, in such situations the server won't
send an RST packet resulting in applications not trying to
reconnect and stale connection waiting. Changing the global
keepalive value is a possible solution but it might interfere
with other containers.

The three patches gradually convert each of the affected knobs
to be per netns. I thought it would be easier for review than
put everything in one patch. If people deem it more appropriate
to squash everything in one patch (maybe after review) I'd
be more than happy to do it.

The patches have been compile-tested on 4.4 and functionally
tested on 3.12 and they work as expected.

These are based off 4.4-rc8
====================

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:32:09 -05:00
Nikolay Borisov
b840d15d39 ipv4: Namespecify the tcp_keepalive_intvl sysctl knob
This is the final part required to namespaceify the tcp
keep alive mechanism.

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:32:09 -05:00
Nikolay Borisov
9bd6861bd4 ipv4: Namespecify tcp_keepalive_probes sysctl knob
This is required to have full tcp keepalive mechanism namespace
support.

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:32:09 -05:00
Nikolay Borisov
13b287e8d1 ipv4: Namespaceify tcp_keepalive_time sysctl knob
Different net namespaces might have different requirements as to
the keepalive time of tcp sockets. This might be required in cases
where different firewall rules are in place which require tcp
timeout sockets to be increased/decreased independently of the host.

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:32:09 -05:00
Hannes Frederic Sowa
787d7ac308 udp: restrict offloads to one namespace
udp tunnel offloads tend to aggregate datagrams based on inner
headers. gro engine gets notified by tunnel implementations about
possible offloads. The match is solely based on the port number.

Imagine a tunnel bound to port 53, the offloading will look into all
DNS packets and tries to aggregate them based on the inner data found
within. This could lead to data corruption and malformed DNS packets.

While this patch minimizes the problem and helps an administrator to find
the issue by querying ip tunnel/fou, a better way would be to match on
the specific destination ip address so if a user space socket is bound
to the same address it will conflict.

Cc: Tom Herbert <tom@herbertland.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 17:28:24 -05:00
David S. Miller
d3517f19f2 Merge branch 'mlxsw-layer2-multicast'
Jiri Pirko says:

====================
mlxsw: Adding layer 2 multicast

Elad says:

This patchset add Linux hardware reflection for L2 multicast offload and add
MC support in mlxsw. For every bridge MDB entry insertion, either by IGMP
snooping or by static insertion/removal, a switchdev ops is been called.
In mlxsw, a new multicast group (MID) is been created and ports are assigned.
When all ports are removed, the multicast group is been deleted.

---
v1->v2:
- GFP_ATOMIC->GFP_KERNEL change in patch 7/8
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
4f5590f8cd switchdev: Adding IGMP snooping documentation
Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
3a49b4fde2 mlxsw: Adding layer 2 multicast support
Add SWITCHDEV_OBJ_ID_PORT_MDB switchdev ops support. On first MDB insertion
creates a new multicast group (MID) and add members port to the MID. Also
add new MDB entry for the flooding-domain (fid-vid) and link the MDB entry
to the newly constructed MC group.

Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
e4b6f6931c mlxsw: Adding VID to FID translatation
Adding a generic function that translate VID to FID.

Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
53ae628316 mlxsw: Changing the maximum number of multicast group to a define
Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
fabe548322 mlxsw: reg: Adding SMID register
Adding back SMID register definition and packing. For each MC group a new
SMID entry will be generated.

Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
5230b25f06 mlxsw: reg: Add definition of multicast record for SFD register
Multicast-related records have specific format in SFD register.

Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
f1fecb1d10 bridge: Reflect MDB entries to hardware
Offload MDB changes per port to hardware

Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:21 -05:00
Elad Raz
4d41e12593 switchdev: Adding MDB entry offload
Define HW multicast entry: MAC and VID.
Using a MAC address simplifies support for both IPV4 and IPv6.

Signed-off-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 16:50:20 -05:00
Mickaël Salaün
3e46b25376 um: Use race-free temporary file creation
Open the memory mapped file with the O_TMPFILE flag when available.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Acked-by: Tristan Schmelcher <tschmelcher@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2016-01-10 21:49:50 +01:00
Mickaël Salaün
571d2f0c34 um: Do not set unsecure permission for temporary file
Remove the insecure 0777 mode for temporary file to prohibit other users
to change the executable mapped code.

An attacker could gain access to the mapped file descriptor from the
temporary file (before it is unlinked) in a read-only mode but it should
not be accessible in write mode to avoid arbitrary code execution.

To not change the hostfs behavior, the temporary file creation
permission now depends on the current umask(2) and the implementation of
mkstemp(3).

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Acked-by: Tristan Schmelcher <tschmelcher@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2016-01-10 21:49:50 +01:00
Mickaël Salaün
42d91f612c um: Fix build error and kconfig for i386
Fix build error by generating elfcore.o only when ELF_CORE (depending on
COREDUMP) is selected:

arch/x86/um/built-in.o: In function `elf_core_write_extra_phdrs':
(.text+0x3e62): undefined reference to `dump_emit'
arch/x86/um/built-in.o: In function `elf_core_write_extra_data':
(.text+0x3eef): undefined reference to `dump_emit'

Fixes: 5d2acfc7b974 ("kconfig: make allnoconfig disable options behind EMBEDDED and EXPERT")
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
2016-01-10 21:49:49 +01:00
Mickaël Salaün
c50b4659e4 um: Add seccomp support
This brings SECCOMP_MODE_STRICT and SECCOMP_MODE_FILTER support through
prctl(2) and seccomp(2) to User-mode Linux for i386 and x86_64
subarchitectures.

secure_computing() is called first in handle_syscall() so that the
syscall emulation will be aborted quickly if matching a seccomp rule.

This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Meredydd Luff <meredydd@senatehouse.org>
Cc: David Drysdale <drysdale@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Kees Cook <keescook@chromium.org>
2016-01-10 21:49:49 +01:00
Mickaël Salaün
d8f8b84456 um: Add full asm/syscall.h support
Add subarchitecture-independent implementation of asm-generic/syscall.h
allowing access to user system call parameters and results:
* syscall_get_nr()
* syscall_rollback()
* syscall_get_error()
* syscall_get_return_value()
* syscall_set_return_value()
* syscall_get_arguments()
* syscall_set_arguments()
* syscall_get_arch() provided by arch/x86/um/asm/syscall.h

This provides the necessary syscall helpers needed by
HAVE_ARCH_SECCOMP_FILTER plus syscall_get_error().

This is inspired from Meredydd Luff's patch
(https://gerrit.chromium.org/gerrit/21425).

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Will Drewry <wad@chromium.org>
Cc: Meredydd Luff <meredydd@senatehouse.org>
Cc: David Drysdale <drysdale@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Kees Cook <keescook@chromium.org>
2016-01-10 21:49:49 +01:00