- 04 Oct, 2020 29 commits
-
-
Andrew Lunn authored
Hide away from DSA drivers how devlink works. Signed-off-by:
Andrew Lunn <andrew@lunn.ch> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Reviewed-by:
Vladimir Oltean <olteanv@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Andrew Lunn authored
Allow DSA drivers to make use of devlink port regions, via simple wrappers. Reviewed-by:
-
Andrew Lunn authored
Allow regions to be registered to a devlink port. The same netlink API is used, but the port index is provided to indicate when a region is a port region as opposed to a device region. Reviewed-by:
-
Andrew Lunn authored
DSA drivers want to create regions on devlink ports as well as the devlink device instance, in order to export registers and other tables per port. To keep all this code together in the drivers, have the devlink ports registered early, so the setup() method can setup both device and port devlink regions. v3: Remove dp->setup Move common code out of switch statement. Fix wrong goto Signed-off-by:
-
Andrew Lunn authored
If a port is unused, still create a devlink port for it, but set the flavour to unused. This allows us to attach devlink regions to the port, etc. Reviewed-by:
-
Andrew Lunn authored
Not all ports of a switch need to be used, particularly in embedded systems. Add a port flavour for ports which physically exist in the switch, but are not connected to the front panel etc, and so are unused. By having unused ports present in devlink, it gives a more accurate representation of the hardware. It also allows regions to be associated to such ports, so allowing, for example, to determine unused ports are correctly powered off, or to compare probable reset defaults of unused ports to used ports experiences issues. Actually registering unused ports and setting the flavour to unused is optional. The DSA core will register all such switch ports, but such ports are expected to be limited in number. Bigger ASICs may decide not to list unused ports. v2: Expand the description about why it is useful Reviewed-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next: 1) Rename 'searched' column to 'clashres' in conntrack /proc/ stats to amend a recent patch, from Florian Westphal. 2) Remove unused nft_data_debug(), from YueHaibing. 3) Remove unused definitions in IPVS, also from YueHaibing. 4) Fix user data memleak in tables and objects, this is also amending a recent patch, from Jose M. Guisado. 5) Use nla_memdup() to allocate user data in table and objects, also from Jose M. Guisado 6) User data support for chains, from Jose M. Guisado 7) Remove unused definition in nf_tables_offload, from YueHaibing. 8) Use kvzalloc() in ip_set_alloc(), from Vasily Averin. 9) Fix false positive reported by lockdep in nfnetlink mutexes, from Florian Westphal. 10) Extend fast variant of cmp for neq operation, from Phil Sutter. 11) Implement fast bitwise variant, also from Phil Sutter. ==================== Signed-off-by: -
Phil Sutter authored
A typical use of bitwise expression is to mask out parts of an IP address when matching on the network part only. Optimize for this common use with a fast variant for NFT_BITWISE_BOOL-type expressions operating on 32bit-sized values. Signed-off-by:
Phil Sutter <phil@nwl.cc> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Phil Sutter authored
Add a boolean indicating NFT_CMP_NEQ. To include it into the match decision, it is sufficient to XOR it with the data comparison's result. While being at it, store the mask that is calculated during expression init and free the eval routine from having to recalculate it each time. Signed-off-by:
-
Florian Westphal authored
From time to time there are lockdep reports similar to this one: WARNING: possible circular locking dependency detected ------------------------------------------------------ 000000004f61aa56 (&table[i].mutex){+.+.}, at: nfnl_lock [nfnetlink] but task is already holding lock: [..] (&net->nft.commit_mutex){+.+.}, at: nf_tables_valid_genid [nf_tables] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&net->nft.commit_mutex){+.+.}: [..] nf_tables_valid_genid+0x18/0x60 [nf_tables] nfnetlink_rcv_batch+0x24c/0x620 [nfnetlink] nfnetlink_rcv+0x110/0x140 [nfnetlink] netlink_unicast+0x12c/0x1e0 [..] sys_sendmsg+0x18/0x40 linux_sparc_syscall+0x34/0x44 -> #0 (&table[i].mutex){+.+.}: [..] nfnl_lock+0x24/0x40 [nfnetlink] ip_set_nfnl_get_byindex+0x19c/0x280 [ip_set] set_match_v1_checkentry+0x14/0xc0 [xt_set] xt_check_match+0x238/0x260 [x_tables] __nft_match_init+0x160/0x180 [nft_compat] [..] sys_sendmsg+0x18/0x40 linux_sparc_syscall+0x34/0x44 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&net->nft.commit_mutex); lock(&table[i].mutex); lock(&net->nft.commit_mutex); lock(&table[i].mutex); Lockdep considers this an ABBA deadlock because the different nfnl subsys mutexes reside in the same lockdep class, but this is a false positive. CPU1 table[i] refers to the nftables subsys mutex, whereas CPU1 locks the ipset subsys mutex. Yi Che reported a similar lockdep splat, this time between ipset and ctnetlink subsys mutexes. Time to place them in distinct classes to avoid these warnings. Signed-off-by:Florian Westphal <fw@strlen.de> Signed-off-by:
-
Vasily Averin authored
Currently netadmin inside non-trusted container can quickly allocate whole node's memory via request of huge ipset hashtable. Other ipset-related memory allocations should be restricted too. v2: fixed typo ALLOC -> ACCOUNT Signed-off-by:
Vasily Averin <vvs@virtuozzo.com> Signed-off-by:
-
YueHaibing authored
commit 9a32669f ("netfilter: nf_tables_offload: support indr block call") left behind this. Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Signed-off-by:
-
Matthieu Baerts authored
The MPTCP ADD_ADDR suboption with echo-flag=1 has no HMAC, the size is smaller than the one initially sent without echo-flag=1. We then need to use the correct size everywhere when we need this echo bit. Before this patch, the wrong size was reserved but the correct amount of bytes were written (and read): the remaining bytes contained garbage. Fixes: 6a6c05a8 ("mptcp: send out ADD_ADDR with echo flag") Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/95Reported-and-tested-by:
Davide Caratti <dcaratti@redhat.com> Acked-by:
Geliang Tang <geliangtang@gmail.com> Signed-off-by:
Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by:
-
Kurt Kanzenbach authored
There is no such property as duplex-full. It's called full-duplex. Leading to reduced speed when using the example as base for a real device tree. Signed-off-by:
Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by:
-
Kurt Kanzenbach authored
The unit address should be 1e, because the unit address is supposed to be in hexadecimal. Suggested-by:
-
Vladimir Oltean authored
This is a strictly cosmetic change that renames some macros in sja1105_dynamic_config.c. They were copy-pasted in haste and this has resulted in them having the driver prefix twice. Signed-off-by:
Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by:
-
Gustavo A. R. Silva authored
Replace /* no break */ comments with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by:
-
Gustavo A. R. Silva authored
Replace /* Fallthrough... */ comment with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
-
Gustavo A. R. Silva authored
Replace /* !!! fall through !!! */ comments with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
-
Gustavo A. R. Silva authored
Replace // FALLTHROUGH comment with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
-
David S. Miller authored
Guillaume Nault says: ==================== net/sched: Add actions for MPLS L2 VPNs This patch series adds the necessary TC actions for supporting layer 2 MPLS VPNs (VPLS). The objective is to give the possibility to add an MPLS header right before an skb's mac header, then to prepend this MPLS packet with a new Ethernet header with the MAC address of the next hop. Patch 1 implements the actions for adding and removing the external Ethernet header. Patch 2 adds the possibility to push an MPLS header before the mac header. Most of the code already exists as these operations were first implemented in openvswitch. Practical example, with encap on Host-A and decap on Host-B: Host-A# tc filter add dev ethAx ingress matchall \ action mpls mac_push label 20 \ action vlan push_eth dst_mac 02:00:00:00:00:02 \ src_mac 02:00:00:00:00:01 \ action mirred egress redirect dev ethAy Host-B# tc filter add dev ethBx ingress protocol mpls_uc \ flower mpls_label 20 mpls_bos 1 \ action vlan pop_eth \ action mpls pop proto teb \ action mirred egress redirect dev ethBy ==================== Signed-off-by: -
Guillaume Nault authored
Define the MAC_PUSH action which pushes an MPLS LSE before the mac header (instead of between the mac and the network headers as the plain PUSH action does). The only special case is when the skb has an offloaded VLAN. In that case, it has to be inlined before pushing the MPLS header. Signed-off-by:
Guillaume Nault <gnault@redhat.com> Signed-off-by:
-
Guillaume Nault authored
Implement TCA_VLAN_ACT_POP_ETH and TCA_VLAN_ACT_PUSH_ETH, to respectively pop and push a base Ethernet header at the beginning of a frame. POP_ETH is just a matter of pulling ETH_HLEN bytes. VLAN tags, if any, must be stripped before calling POP_ETH. PUSH_ETH is restricted to skbs with no mac_header, and only the MAC addresses can be configured. The Ethertype is automatically set from skb->protocol. These restrictions ensure that all skb's fields remain consistent, so that this action can't confuse other part of the networking stack (like GSO). Since openvswitch already had these actions, consolidate the code in skbuff.c (like for vlan and mpls push/pop). Signed-off-by:
-
Colin Ian King authored
Currently the comparisons of u16 integers value and sopass_val with less than zero for error checking is always false because the values are unsigned. Fix this by making these variables int. This does not affect the shift and mask operations performed on these variables Addresses-Coverity: ("Unsigned compared against zero") Fixes: 49fc2301 ("net: phy: dp83869: support Wake on LAN") Signed-off-by:Colin Ian King <colin.king@canonical.com> Acked-by:
Dan Murphy <dmurphy@ti.com> Signed-off-by:
-
Karsten Graul authored
The check for old hardware versions that did not have SMCDv2 support was using suspicious pointer magic. Address the fields using an array. Signed-off-by:
Karsten Graul <kgraul@linux.ibm.com> Signed-off-by:
-
Karsten Graul authored
When building a CLC proposal message then the list of ISM devices does not need to contain multiple devices that have the same chid value, all these devices use the same function at the end. Improve smc_find_ism_v2_device_clnt() to collect only ISM devices that have unique chid values. Signed-off-by:
-
David S. Miller authored
Vladimir Oltean says: =================== Add Seville Ethernet switch to T1040RDB Seville is a DSA switch that is embedded inside the T1040 SoC, and supported by the mscc_seville DSA driver inside drivers/net/dsa/ocelot. This series adds this switch to the SoC's dtsi files and to the T1040RDB board file. I would like to send this series through net-next. There is no conflict with other patches submitted to T1040 device tree. Maybe this could at least get an ACK from devicetree maintainers. =================== Signed-off-by: -
Vladimir Oltean authored
Define the network interface names for the switch ports and hook them up to the 2 QSGMII PHYs that are onboard. A conscious decision was taken to go along with the numbers that are written on the front panel of the board and not with the hardware numbers of the switch chip ports. Signed-off-by:
Maxim Kochetkov <fido_max@inbox.ru> Reviewed-by:
-
Vladimir Oltean authored
Add the description of the embedded L2 switch inside the SoC dtsi file for NXP T1040. Signed-off-by:
-
- 03 Oct, 2020 11 commits
-
-
Yuchung Cheng authored
The retransmission refactoring patch 68698970 ("tcp: simplify tcp_mark_skb_lost") does not properly update the total lost packet counter which may break the policer mode in BBR. This patch fixes it. Fixes: 68698970 ("tcp: simplify tcp_mark_skb_lost") Reported-by:
Neal Cardwell <ncardwell@google.com> Signed-off-by:
Yuchung Cheng <ycheng@google.com> Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
David S. Miller authored
Julian Wiedmann says: ==================== net/iucv: updates 2020-10-01 Just two (rare) patches, and both deal with smatch warnings. ==================== Signed-off-by: -
Julian Wiedmann authored
smatch complains about net/iucv/iucv.c:1119 __iucv_message_receive() warn: inconsistent indenting While touching this line, also make the return logic consistent and thus get rid of a goto label. Signed-off-by:
Julian Wiedmann <jwi@linux.ibm.com> Reviewed-by:
-
Julian Wiedmann authored
smatch complains about net/iucv/af_iucv.c:624 iucv_sock_bind() error: memcpy() 'sa->siucv_user_id' too small (8 vs 9) Which is absolutely correct - the memcpy() takes 9 bytes (sizeof(uid)) from an 8-byte field (sa->siucv_user_id). Luckily the sockaddr_iucv struct contains more data after the .siucv_user_id field, and we checked the size of the passed data earlier on. So the memcpy() won't accidentally read from an invalid location. Fix the warning by reducing the size of the uid variable to what's actually needed, and thus reducing the amount of copied data. Signed-off-by:
-
Taehee Yoo authored
NETDEV_HW_ADDR_T_SLAVE is not used anymore, remove it. Signed-off-by:
Taehee Yoo <ap420073@gmail.com> Signed-off-by:
-
David S. Miller authored
Johannes Berg says: ==================== genetlink per-op policy export Here's a respin, now including Jakub's patch last so that it will do the right thing from the start. The first patch remains the same, of course; the others have mostly some rebasing going on, except for the actual export patch (patch 4) which is adjusted per Jakub's review comments about exporting the policy only if it's actually used for do/dump. To see that, the dump for "nlctrl" (i.e. the generic netlink control) is instructive, because the ops are this: { .cmd = CTRL_CMD_GETFAMILY, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .policy = ctrl_policy_family, .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, .doit = ctrl_getfamily, .dumpit = ctrl_dumpfamily, }, { .cmd = CTRL_CMD_GETPOLICY, .policy = ctrl_policy_policy, .maxattr = ARRAY_SIZE(ctrl_policy_policy) - 1, .start = ctrl_dumppolicy_start, .dumpit = ctrl_dumppolicy, .done = ctrl_dumppolicy_done, }, So we exercise both "don't have doit" and "GENL_DONT_VALIDATE_DUMP" parts, and get (with the current genl patch): $ genl ctrl policy name nlctrl ID: 0x10 op 3 policies: do=0 ID: 0x10 op 10 policies: dump=1 ID: 0x10 policy[0]:attr[1]: type=U16 range:[0,65535] ID: 0x10 policy[0]:attr[2]: type=NUL_STRING max len:15 ID: 0x10 policy[1]:attr[1]: type=U16 range:[0,65535] ID: 0x10 policy[1]:attr[2]: type=NUL_STRING max len:15 ID: 0x10 policy[1]:attr[10]: type=U32 range:[0,4294967295] ==================== Reviewed-by:Jakub Kicinski <kuba@kernel.org> Signed-off-by:
-
Jakub Kicinski authored
Right now CTRL_CMD_GETPOLICY can only dump the family-wide policy. Support dumping policy of a specific op. v3: - rebase after per-op policy export and handle that v2: - make cmd U32, just in case. v1: - don't echo op in the output in a naive way, this should make it cleaner to extend the output format for dumping policies for all the commands at once in the future. Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Johannes Berg authored
Add support for per-op policy dumping. The data is pretty much as before, except that now the assumption that the policy with index 0 is "the" policy no longer holds - you now need to look at the new CTRL_ATTR_OP_POLICY attribute which is a nested attr (indexed by op) containing attributes for do and dump policies. When a single op is requested, the CTRL_ATTR_OP_POLICY will be added in the same way, since do and dump policies may differ. v2: - conditionally advertise per-command policies only if there actually is a policy being used for the do/dump and it's present at all Signed-off-by:
-
Johannes Berg authored
We'll need this later for the per-op policy index dump. Reviewed-by:
-
Johannes Berg authored
Rework the policy dump code a bit to support adding multiple policies to a single dump, in order to e.g. support per-op policies in generic netlink. v2: - move kernel-doc to implementation [Jakub] - squash the first patch to not flip-flop on the prototype [Jakub] - merge netlink_policy_dump_get_policy_idx() with the old get_policy_idx() we already had - rebase without Jakub's patch to have per-op dump Signed-off-by:
-
Johannes Berg authored
The maxtype is really an integral part of the policy, and while we haven't gotten into a situation yet where this happens, it seems that some developer might eventually have two places pointing to identical policies, with different maxattr to exclude some attrs in one of the places. Even if not, it's really the right thing to compare both since the two data items fundamentally belong together. v2: - also do the proper comparison in get_policy_idx() Signed-off-by:
-
