1. 08 Nov, 2016 4 commits
    • Florian Westphal's avatar
      netfilter: conntrack: refine gc worker heuristics · e0df8cae
      Florian Westphal authored
      Nicolas Dichtel says:
        After commit b87a2f91 ("netfilter: conntrack: add gc worker to
        remove timed-out entries"), netlink conntrack deletion events may be
        sent with a huge delay.
      
      Nicolas further points at this line:
      
        goal = min(nf_conntrack_htable_size / GC_MAX_BUCKETS_DIV, GC_MAX_BUCKETS);
      
      and indeed, this isn't optimal at all.  Rationale here was to ensure that
      we don't block other work items for too long, even if
      nf_conntrack_htable_size is huge.  But in order to have some guarantee
      about maximum time period where a scan of the full conntrack table
      completes we should always use a fixed slice size, so that once every
      N scans the full table has been examined at least once.
      
      We also need to balance this vs. the case where the system is either idle
      (i.e., conntrack table (almost) empty) or very busy (i.e. eviction happens
      from packet path).
      
      So, after some discussion with Nicolas:
      
      1. want hard guarantee that we scan entire table at least once every X s
      -> need to scan fraction of table (get rid of upper bound)
      
      2. don't want to eat cycles on idle or very busy system
      -> increase interval if we did not evict any entries
      
      3. don't want to block other worker items for too long
      -> make fraction really small, and prefer small scan interval instead
      
      4. Want reasonable short time where we detect timed-out entry when
      system went idle after a burst of traffic, while not doing scans
      all the time.
      -> Store next gc scan in worker, increasing delays when no eviction
      happened and shrinking delay when we see timed out entries.
      
      The old gc interval is turned into a max number, scans can now happen
      every jiffy if stale entries are present.
      
      Longest possible time period until an entry is evicted is now 2 minutes
      in worst case (entry expires right after it was deemed 'not expired').
      Reported-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Acked-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      e0df8cae
    • Florian Westphal's avatar
      netfilter: conntrack: fix CT target for UNSPEC helpers · 6114cc51
      Florian Westphal authored
      Thomas reports its not possible to attach the H.245 helper:
      
      iptables -t raw -A PREROUTING -p udp -j CT --helper H.245
      iptables: No chain/target/match by that name.
      xt_CT: No such helper "H.245"
      
      This is because H.245 registers as NFPROTO_UNSPEC, but the CT target
      passes NFPROTO_IPV4/IPV6 to nf_conntrack_helper_try_module_get.
      
      We should treat UNSPEC as wildcard and ignore the l3num instead.
      Reported-by: default avatarThomas Woerner <twoerner@redhat.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6114cc51
    • Florian Westphal's avatar
      netfilter: connmark: ignore skbs with magic untracked conntrack objects · fb9c9649
      Florian Westphal authored
      The (percpu) untracked conntrack entries can end up with nonzero connmarks.
      
      The 'untracked' conntrack objects are merely a way to distinguish INVALID
      (i.e. protocol connection tracker says payload doesn't meet some
      requirements or packet was never seen by the connection tracking code)
      from packets that are intentionally not tracked (some icmpv6 types such as
      neigh solicitation, or by using 'iptables -j CT --notrack' option).
      
      Untracked conntrack objects are implementation detail, we might as well use
      invalid magic address instead to tell INVALID and UNTRACKED apart.
      
      Check skb->nfct for untracked dummy and behave as if skb->nfct is NULL.
      Reported-by: default avatarXU Tianwen <evan.xu.tianwen@gmail.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      fb9c9649
    • WANG Cong's avatar
      ipvs: use IPVS_CMD_ATTR_MAX for family.maxattr · 8fbfef7f
      WANG Cong authored
      family.maxattr is the max index for policy[], the size of
      ops[] is determined with ARRAY_SIZE().
      Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Tested-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      8fbfef7f
  2. 31 Oct, 2016 2 commits
  3. 28 Oct, 2016 1 commit
    • Arnd Bergmann's avatar
      netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning · 57476202
      Arnd Bergmann authored
      Building the ip_vs_sync code with CONFIG_OPTIMIZE_INLINING on x86
      confuses the compiler to the point where it produces a rather
      dubious warning message:
      
      net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘opt.init_seq’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
        struct ip_vs_sync_conn_options opt;
                                       ^~~
      net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘opt.delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘opt.previous_delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘*((void *)&opt+12).init_seq’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘*((void *)&opt+12).delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      net/netfilter/ipvs/ip_vs_sync.c:1073:33: error: ‘*((void *)&opt+12).previous_delta’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      The problem appears to be a combination of a number of factors, including
      the __builtin_bswap32 compiler builtin being slightly odd, having a large
      amount of code inlined into a single function, and the way that some
      functions only get partially inlined here.
      
      I've spent way too much time trying to work out a way to improve the
      code, but the best I've come up with is to add an explicit memset
      right before the ip_vs_seq structure is first initialized here. When
      the compiler works correctly, this has absolutely no effect, but in the
      case that produces the warning, the warning disappears.
      
      In the process of analysing this warning, I also noticed that
      we use memcpy to copy the larger ip_vs_sync_conn_options structure
      over two members of the ip_vs_conn structure. This works because
      the layout is identical, but seems error-prone, so I'm changing
      this in the process to directly copy the two members. This change
      seemed to have no effect on the object code or the warning, but
      it deals with the same data, so I kept the two changes together.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      57476202
  4. 27 Oct, 2016 8 commits
    • Florian Westphal's avatar
      netfilter: conntrack: avoid excess memory allocation · cdb436d1
      Florian Westphal authored
      This is now a fixed-size extension, so we don't need to pass a variable
      alloc size.  This (harmless) error results in allocating 32 instead of
      the needed 16 bytes for this extension as the size gets passed twice.
      
      Fixes: 23014011 ("netfilter: conntrack: support a fixed size of 128 distinct labels")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      cdb436d1
    • John W. Linville's avatar
      netfilter: nf_tables: fix type mismatch with error return from nft_parse_u32_check · f1d505bb
      John W. Linville authored
      Commit 36b701fa ("netfilter: nf_tables: validate maximum value of
      u32 netlink attributes") introduced nft_parse_u32_check with a return
      value of "unsigned int", yet on error it returns "-ERANGE".
      
      This patch corrects the mismatch by changing the return value to "int",
      which happens to match the actual users of nft_parse_u32_check already.
      
      Found by Coverity, CID 1373930.
      
      Note that commit 21a9e0f1 ("netfilter: nft_exthdr: fix error
      handling in nft_exthdr_init()) attempted to address the issue, but
      did not address the return type of nft_parse_u32_check.
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Cc: Laura Garcia Liebana <nevola@gmail.com>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Fixes: 36b701fa ("netfilter: nf_tables: validate maximum value...")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      f1d505bb
    • Ulrich Weber's avatar
      netfilter: nf_conntrack_sip: extend request line validation · 444f9017
      Ulrich Weber authored
      on SIP requests, so a fragmented TCP SIP packet from an allow header starting with
       INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE,SUBSCRIBE
       Content-Length: 0
      
      will not bet interpreted as an INVITE request. Also Request-URI must start with an alphabetic character.
      
      Confirm with RFC 3261
       Request-Line   =  Method SP Request-URI SP SIP-Version CRLF
      
      Fixes: 30f33e6d ("[NETFILTER]: nf_conntrack_sip: support method specific request/response handling")
      Signed-off-by: default avatarUlrich Weber <ulrich.weber@riverbed.com>
      Acked-by: default avatarMarco Angaroni <marcoangaroni@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      444f9017
    • Liping Zhang's avatar
      netfilter: nf_tables: fix race when create new element in dynset · dab45060
      Liping Zhang authored
      Packets may race when create the new element in nft_hash_update:
             CPU0                 CPU1
        lookup_fast - fail     lookup_fast - fail
             new - ok             new - ok
           insert - ok         insert - fail(EEXIST)
      
      So when race happened, we reuse the existing element. Otherwise,
      these *racing* packets will not be handled properly.
      
      Fixes: 22fe54d5 ("netfilter: nf_tables: add support for dynamic set updates")
      Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      dab45060
    • Liping Zhang's avatar
      netfilter: nf_tables: fix *leak* when expr clone fail · 61f9e292
      Liping Zhang authored
      When nft_expr_clone failed, a series of problems will happen:
      
      1. module refcnt will leak, we call __module_get at the beginning but
         we forget to put it back if ops->clone returns fail
      2. memory will be leaked, if clone fail, we just return NULL and forget
         to free the alloced element
      3. set->nelems will become incorrect when set->size is specified. If
         clone fail, we should decrease the set->nelems
      
      Now this patch fixes these problems. And fortunately, clone fail will
      only happen on counter expression when memory is exhausted.
      
      Fixes: 086f3321 ("netfilter: nf_tables: add clone interface to expression operations")
      Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      61f9e292
    • Liping Zhang's avatar
      netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled · bb6a6e8e
      Liping Zhang authored
      When CONFIG_NFT_SET_HASH is not enabled and I input the following rule:
      "nft add rule filter output flow table test {ip daddr counter }", kernel
      panic happened on my system:
       BUG: unable to handle kernel NULL pointer dereference at (null)
       IP: [<          (null)>]           (null)
       [...]
       Call Trace:
       [<ffffffffa0590466>] ? nft_dynset_eval+0x56/0x100 [nf_tables]
       [<ffffffffa05851bb>] nft_do_chain+0xfb/0x4e0 [nf_tables]
       [<ffffffffa0432f01>] ? nf_conntrack_tuple_taken+0x61/0x210 [nf_conntrack]
       [<ffffffffa0459ea6>] ? get_unique_tuple+0x136/0x560 [nf_nat]
       [<ffffffffa043bca1>] ? __nf_ct_ext_add_length+0x111/0x130 [nf_conntrack]
       [<ffffffffa045a357>] ? nf_nat_setup_info+0x87/0x3b0 [nf_nat]
       [<ffffffff81761e27>] ? ipt_do_table+0x327/0x610
       [<ffffffffa045a6d7>] ? __nf_nat_alloc_null_binding+0x57/0x80 [nf_nat]
       [<ffffffffa059f21f>] nft_ipv4_output+0xaf/0xd0 [nf_tables_ipv4]
       [<ffffffff81702515>] nf_iterate+0x55/0x60
       [<ffffffff81702593>] nf_hook_slow+0x73/0xd0
      
      Because in rbtree type set, ops->update is not implemented. So just keep
      it simple, in such case, report -EOPNOTSUPP to the user space.
      
      Fixes: 22fe54d5 ("netfilter: nf_tables: add support for dynamic set updates")
      Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      bb6a6e8e
    • Mintz, Yuval's avatar
      MAINTAINERS: Update qlogic networking drivers · 67f0160f
      Mintz, Yuval authored
      Following Cavium's acquisition of qlogic we need to update all the qlogic
      drivers maintainer's entries to point to our new e-mail addresses,
      as well as update some of the driver's maintainers as those are no longer
      working for Cavium.
      
      I would like to thank Sony Chacko and Rajesh Borundia for their support
      and development of our various networking drivers.
      Signed-off-by: default avatarYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      67f0160f
    • Stephen Hemminger's avatar
      netvsc: fix incorrect receive checksum offloading · e52fed71
      Stephen Hemminger authored
      The Hyper-V netvsc driver was looking at the incorrect status bits
      in the checksum info. It was setting the receive checksum unnecessary
      flag based on the IP header checksum being correct. The checksum
      flag is skb is about TCP and UDP checksum status. Because of this
      bug, any packet received with bad TCP checksum would be passed
      up the stack and to the application causing data corruption.
      The problem is reproducible via netcat and netem.
      
      This had a side effect of not doing receive checksum offload
      on IPv6. The driver was also also always doing checksum offload
      independent of the checksum setting done via ethtool.
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e52fed71
  5. 26 Oct, 2016 4 commits
  6. 23 Oct, 2016 5 commits
    • David S. Miller's avatar
      Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth · 44060abe
      David S. Miller authored
      Johan Hedberg says:
      
      ====================
      pull request: bluetooth 2016-10-21
      
      Here are some more Bluetooth fixes for the 4.9 kernel:
      
       - Fix to btwilink driver probe function return value
       - Power management fix to hci_bcm
       - Fix to encoding name in scan response data
      
      Please let me know if there are any issues pulling. Thanks.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44060abe
    • Jiri Slaby's avatar
      net: sctp, forbid negative length · a4b8e71b
      Jiri Slaby authored
      Most of getsockopt handlers in net/sctp/socket.c check len against
      sizeof some structure like:
              if (len < sizeof(int))
                      return -EINVAL;
      
      On the first look, the check seems to be correct. But since len is int
      and sizeof returns size_t, int gets promoted to unsigned size_t too. So
      the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is
      false.
      
      Fix this in sctp by explicitly checking len < 0 before any getsockopt
      handler is called.
      
      Note that sctp_getsockopt_events already handled the negative case.
      Since we added the < 0 check elsewhere, this one can be removed.
      
      If not checked, this is the result:
      UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19
      shift exponent 52 is too large for 32-bit type 'int'
      CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
       0000000000000000 ffff88006d99f2a8 ffffffffb2f7bdea 0000000041b58ab3
       ffffffffb4363c14 ffffffffb2f7bcde ffff88006d99f2d0 ffff88006d99f270
       0000000000000000 0000000000000000 0000000000000034 ffffffffb5096422
      Call Trace:
       [<ffffffffb3051498>] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300
      ...
       [<ffffffffb273f0e4>] ? kmalloc_order+0x24/0x90
       [<ffffffffb27416a4>] ? kmalloc_order_trace+0x24/0x220
       [<ffffffffb2819a30>] ? __kmalloc+0x330/0x540
       [<ffffffffc18c25f4>] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp]
       [<ffffffffc18d2bcd>] ? sctp_getsockopt+0x10d/0x1b0 [sctp]
       [<ffffffffb37c1219>] ? sock_common_getsockopt+0xb9/0x150
       [<ffffffffb37be2f5>] ? SyS_getsockopt+0x1a5/0x270
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Cc: Vlad Yasevich <vyasevich@gmail.com>
      Cc: Neil Horman <nhorman@tuxdriver.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: linux-sctp@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4b8e71b
    • Fabio Estevam's avatar
      net: fec: Call swap_buffer() prior to IP header alignment · 235bde1e
      Fabio Estevam authored
      Commit 3ac72b7b ("net: fec: align IP header in hardware") breaks
      networking on mx28.
      
      There is an erratum on mx28 (ENGR121613 - ENET big endian mode
      not compatible with ARM little endian) that requires an additional
      byte-swap operation to workaround this problem.
      
      So call swap_buffer() prior to performing the IP header alignment
      to restore network functionality on mx28.
      
      Fixes: 3ac72b7b ("net: fec: align IP header in hardware")
      Reported-and-tested-by: default avatarHenri Roosen <henri.roosen@ginzinger.com>
      Signed-off-by: default avatarFabio Estevam <fabio.estevam@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      235bde1e
    • Jason A. Donenfeld's avatar
      ipv6: do not increment mac header when it's unset · b678aa57
      Jason A. Donenfeld authored
      Otherwise we'll overflow the integer. This occurs when layer 3 tunneled
      packets are handed off to the IPv6 layer.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b678aa57
    • Sudarsana Reddy Kalluru's avatar
      bnx2x: Use the correct divisor value for PHC clock readings. · a6e2846c
      Sudarsana Reddy Kalluru authored
      Time Sync (PTP) implementation uses the divisor/shift value for converting
      the clock ticks to nanoseconds. Driver currently defines shift value as 1,
      this results in the nanoseconds value to be calculated as half the actual
      value. Hence the user application fails to synchronize the device clock
      value with the PTP master device clock. Need to use the 'shift' value of 0.
      Signed-off-by: default avatarSony.Chacko <Sony.Chacko@cavium.com>
      Signed-off-by: default avatarSudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
      Signed-off-by: default avatarYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a6e2846c
  7. 22 Oct, 2016 13 commits
  8. 21 Oct, 2016 3 commits
    • WANG Cong's avatar
      ipv6: fix a potential deadlock in do_ipv6_setsockopt() · 8651be8f
      WANG Cong authored
      Baozeng reported this deadlock case:
      
             CPU0                    CPU1
             ----                    ----
        lock([  165.136033] sk_lock-AF_INET6);
                                     lock([  165.136033] rtnl_mutex);
                                     lock([  165.136033] sk_lock-AF_INET6);
        lock([  165.136033] rtnl_mutex);
      
      Similar to commit 87e9f031
      ("ipv4: fix a potential deadlock in mcast getsockopt() path")
      this is due to we still have a case, ipv6_sock_mc_close(),
      where we acquire sk_lock before rtnl_lock. Close this deadlock
      with the similar solution, that is always acquire rtnl lock first.
      
      Fixes: baf606d9 ("ipv4,ipv6: grab rtnl before locking the socket")
      Reported-by: default avatarBaozeng Ding <sploving1@gmail.com>
      Tested-by: default avatarBaozeng Ding <sploving1@gmail.com>
      Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Reviewed-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8651be8f
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 8dbad1a8
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Fix compilation warning in xt_hashlimit on m68k 32-bits, from
         Geert Uytterhoeven.
      
      2) Fix wrong timeout in set elements added from packet path via
         nft_dynset, from Anders K. Pedersen.
      
      3) Remove obsolete nf_conntrack_events_retry_timeout sysctl
         documentation, from Nicolas Dichtel.
      
      4) Ensure proper initialization of log flags via xt_LOG, from
         Liping Zhang.
      
      5) Missing alias to autoload ipcomp, also from Liping Zhang.
      
      6) Missing NFTA_HASH_OFFSET attribute validation, again from Liping.
      
      7) Wrong integer type in the new nft_parse_u32_check() function,
         from Dan Carpenter.
      
      8) Another wrong integer type declaration in nft_exthdr_init, also
         from Dan Carpenter.
      
      9) Fix insufficient mode validation in nft_range.
      
      10) Fix compilation warning in nft_range due to possible uninitialized
          value, from Arnd Bergmann.
      
      11) Zero nf_hook_ops allocated via xt_hook_alloc() in x_tables to
          calm down kmemcheck, from Florian Westphal.
      
      12) Schedule gc_worker() to run again if GC_MAX_EVICTS quota is reached,
          from Nicolas Dichtel.
      
      13) Fix nf_queue() after conversion to single-linked hook list, related
          to incorrect bypass flag handling and incorrect hook point of
          reinjection.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8dbad1a8
    • Florian Fainelli's avatar
      kexec: Export kexec_in_progress to modules · 97dcaa0f
      Florian Fainelli authored
      The bcm_sf2 driver uses kexec_in_progress to know whether it can power
      down an integrated PHY during shutdown, and can be built as a module.
      Other modules may be using this in the future, so export it.
      
      Fixes: 2399d614 ("net: dsa: bcm_sf2: Prevent GPHY shutdown for kexec'd kernels")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      97dcaa0f