1. 16 Oct, 2015 9 commits
  2. 15 Oct, 2015 2 commits
    • Pablo Neira's avatar
      netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity · 8cbc8708
      Pablo Neira authored
      Check that dependencies are fulfilled before updating the logger
      instance, otherwise we can leave things in intermediate state on errors
      in nfulnl_recv_config().
      
      [ Ken-ichirou reports that this is also fixing missing instance refcnt drop
        on error introduced in his patch 914eebf2 ("netfilter: nfnetlink_log:
        autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag"). ]
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Tested-by: default avatarKen-ichirou MATSUZAWA <chamaken@gmail.com>
      8cbc8708
    • Pablo Neira Ayuso's avatar
      netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config() · 336a3b3e
      Pablo Neira Ayuso authored
      This patch consolidates the check for valid logger instance once we have
      passed the command handling:
      
      The config message that we receive may contain the following info:
      
      1) Command only: We always get a valid instance pointer if we just
         created it. In case that the instance is being destroyed or the
         command is unknown, we jump to exit path of nfulnl_recv_config().
         This patch doesn't modify this handling.
      
      2) Config only: In this case, the instance must always exist since the
         user is asking for configuration updates. If the instance doesn't exist
         this returns -ENODEV.
      
      3) No command and no configs are specified: This case is rare. The
         user is sending us a config message with neither commands nor
         config options. In this case, we have to check if the instance exists
         and bail out otherwise. Before this patch, it was possible to send a
         config message with no command and no config updates for an
         unexisting instance without triggering an error. So this is the only
         case that changes.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Tested-by: default avatarKen-ichirou MATSUZAWA <chamaken@gmail.com>
      336a3b3e
  3. 14 Oct, 2015 2 commits
  4. 13 Oct, 2015 6 commits
  5. 12 Oct, 2015 6 commits
  6. 07 Oct, 2015 2 commits
    • Simon Horman's avatar
      ipvs: Remove possibly unused variables from ip_vs_conn_net_{init,cleanup} · 92240e8d
      Simon Horman authored
      If CONFIG_PROC_FS is undefined then the arguments of proc_create()
      and remove_proc_entry() are unused. As a result the net variables of
      ip_vs_conn_net_{init,cleanup} are unused.
      
      net/netfilter/ipvs//ip_vs_conn.c: In function ‘ip_vs_conn_net_init’:
      net/netfilter/ipvs//ip_vs_conn.c:1350:14: warning: unused variable ‘net’ [-Wunused-variable]
      net/netfilter/ipvs//ip_vs_conn.c: In function ‘ip_vs_conn_net_cleanup’:
      net/netfilter/ipvs//ip_vs_conn.c:1361:14: warning: unused variable ‘net’ [-Wunused-variable]
      ...
      
      Resolve this by dereferencing net as needed rather than storing it
      in a variable.
      
      Fixes: 3d993766 ("ipvs: Pass ipvs not net into ip_vs_control_net_(init|cleanup)")
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      92240e8d
    • David Ahern's avatar
      ipvs: Remove possibly unused variable from ip_vs_out · ed1c9f0e
      David Ahern authored
      Eric's net namespace changes in 1b75097d leaves net unreferenced if
      CONFIG_IP_VS_IPV6 is not enabled:
      
      ../net/netfilter/ipvs/ip_vs_core.c: In function ‘ip_vs_out’:
      ../net/netfilter/ipvs/ip_vs_core.c:1177:14: warning: unused variable ‘net’ [-Wunused-variable]
      
      After the net refactoring there is only 1 user; push the reference to the
      1 user. While the line length slightly exceeds 80 it seems to be the
      best change.
      
      Fixes: 1b75097d("ipvs: Pass ipvs into ip_vs_out")
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      [horms: updated subject]
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      ed1c9f0e
  7. 05 Oct, 2015 7 commits
  8. 04 Oct, 2015 2 commits
    • Pablo Neira Ayuso's avatar
      netfilter: rename nfnetlink_queue_core.c to nfnetlink_queue.c · 32f40c5f
      Pablo Neira Ayuso authored
      Now that we have integrated the ct glue code into nfnetlink_queue without
      introducing dependencies with the conntrack code.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      32f40c5f
    • Pablo Neira Ayuso's avatar
      netfilter: nfnetlink_queue: get rid of nfnetlink_queue_ct.c · b7bd1809
      Pablo Neira Ayuso authored
      The original intention was to avoid dependencies between nfnetlink_queue and
      conntrack without ifdef pollution. However, we can achieve this by moving the
      conntrack dependent code into ctnetlink and keep some glue code to access the
      nfq_ct indirection from nfqueue.
      
      After this patch, the nfq_ct indirection is always compiled in the netfilter
      core to avoid polluting nfqueue with ifdefs. Thus, if nf_conntrack is not
      compiled this results in only 8-bytes of memory waste in x86_64.
      
      This patch also adds ctnetlink_nfqueue_seqadj() to avoid that the nf_conn
      structure layout if exposed to nf_queue, which creates another dependency with
      nf_conntrack at compilation time.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      b7bd1809
  9. 03 Oct, 2015 4 commits
    • Eric Dumazet's avatar
      tcp/dccp: add SLAB_DESTROY_BY_RCU flag for request sockets · e96f78ab
      Eric Dumazet authored
      Before letting request sockets being put in TCP/DCCP regular
      ehash table, we need to add either :
      
      - SLAB_DESTROY_BY_RCU flag to their kmem_cache
      - add RCU grace period before freeing them.
      
      Since we carefully respected the SLAB_DESTROY_BY_RCU protocol
      like ESTABLISH and TIMEWAIT sockets, use it here.
      
      req_prot_init() being only used by TCP and DCCP, I did not add
      a new slab_flags into their rsk_prot, but reuse prot->slab_flags
      
      Since all reqsk_alloc() users are correctly dealing with a failure,
      add the __GFP_NOWARN flag to avoid traces under pressure.
      
      Fixes: 079096f1 ("tcp/dccp: install syn_recv requests into ehash table")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e96f78ab
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · 4236e2a1
      David S. Miller authored
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Updates 2015-09-30
      
      This series contains updates to i40e and i40evf only.
      
      Vasily Averin provides a couple of rtnl lock/unlock fixes for both i40e
      and i40evf.
      
      Shannon provides several updates and fixes, first fixes up a type clash
      in i40e_aq_rc_to_posix(), where the error codes are signed values, so we
      need to treat them as such.  Then fixes up a padding issue where an
      extra byte is added in i40e_aqc_get_cee_dcb_cfg_v1_resp to directly
      acknowledge the padding.  Updated i40e to keep debugfs register read
      and writes from accessing outside of the io-remapped space.  Added
      support and device id for another 20 GbE device.
      
      Jesse fixes the transmit hand workaround code for ARM that was causing
      Tx hangs to still occur occasionally when there really was no hang.  Then
      fixed the receive dropped counter to show up in netstat interface.
      Refactor the interrupt enable function since it was always making the
      caller add the base_vector from the VSI struct which is already passed
      to the function.  Fix kbuild warnings found in 0day build infrastructure
      by adding a harmless cast to a dev_info(), also fix 32 bit build
      warnings found by sparse.
      
      Greg fixed a configuration error that results if a port VLAN is set
      for a VF before the VF driver is loaded, so that when the VF driver is
      loaded the port VLAN is ignored.
      
      Mitch fixes the use of QOS field consistently in
      i40e_ndo_set_vf_port_vlan().  Modified the init timing of the driver
      to increase stability on load/unload and SR-IOV enable/disable cycles.
      
      Anjali updates i40e to not collect VEB stats if they are disabled in the
      hardware for performance reasons.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4236e2a1
    • David S. Miller's avatar
      Merge branch 'ravb-r8a7795' · 28117b08
      David S. Miller authored
      Simon Horman says:
      
      ====================
      ravb: Add support for r8a7795 SoC
      
      please consider this series for net-next.
      It enhances the ravb driver to support the r8a7795 SoC.
      
      Changes:
      
      * Dropped RFC prefix
      * Details in changelog of individual patches
      
      Base:
      
      * net-next/master
      
      Availability:
      
      To aid review of this in conjunction with other EtherAVB changes
      the following branches are available in my renesas tree on kernel.org.
      
      * me/r8a7795-ravb-driver-v4: this series
      * me/r8a7795-ravb-pfc-v2: r8a7795 sh-pfc update for EthernetAVB
      * me/r8a7795-ravb-integration-v4: enable EthernetAVB on r8a7795
      * me/r8a7795-ravb-driver-and-integration-v4.runtime:
            the above three branches with their runtime dependencies
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28117b08
    • Kazuya Mizuguchi's avatar
      ravb: Add support for r8a7795 SoC · 22d4df8f
      Kazuya Mizuguchi authored
      This patch supports the r8a7795 SoC by:
      - Using two interrupts
        + One for E-MAC
        + One for everything else
        + Both can be handled by the existing common interrupt handler, which
          affords a simpler update to support the new SoC. In future some
          consideration may be given to implementing multiple interrupt handlers
      - Limiting the phy speed to 100Mbit/s for the new SoC;
        at this time it is not clear how this restriction may be lifted
        but I hope it will be possible as more information comes to light
      Signed-off-by: default avatarKazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
      [horms: reworked]
      Signed-off-by: default avatarSimon Horman <horms+renesas@verge.net.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      22d4df8f