1. 12 Apr, 2019 25 commits
  2. 11 Apr, 2019 15 commits
    • Stanislav Fomichev's avatar
      bpf: explicitly prohibit ctx_{in, out} in non-skb BPF_PROG_TEST_RUN · 947e8b59
      Stanislav Fomichev authored
      This should allow us later to extend BPF_PROG_TEST_RUN for non-skb case
      and be sure that nobody is erroneously setting ctx_{in,out}.
      
      Fixes: b0b9395d ("bpf: support input __sk_buff context in BPF_PROG_TEST_RUN")
      Reported-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarStanislav Fomichev <sdf@google.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      947e8b59
    • Daniel Borkmann's avatar
      tools: add smp_* barrier variants to include infrastructure · 6b7a2114
      Daniel Borkmann authored
      Add the definition for smp_rmb(), smp_wmb(), and smp_mb() to the
      tools include infrastructure: this patch adds the implementation
      for x86-64 and arm64, and have it fall back as currently is for
      other archs which do not have it implemented at this point. The
      x86-64 one uses lock + add combination for smp_mb() with address
      below red zone.
      
      This is on top of 09d62154 ("tools, perf: add and use optimized
      ring_buffer_{read_head, write_tail} helpers"), which didn't touch
      smp_* barrier implementations. Magnus recently rightfully reported
      however that the latter on x86-64 still wrongly falls back to sfence,
      lfence and mfence respectively, thus fix that for applications under
      tools making use of these to avoid such ugly surprises. The main
      header under tools (include/asm/barrier.h) will in that case not
      select the fallback implementation.
      Reported-by: default avatarMagnus Karlsson <magnus.karlsson@intel.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      6b7a2114
    • David S. Miller's avatar
      Merge branch 'ipv6-Refactor-nexthop-selection-helpers-during-a-fib-lookup' · 78f07ada
      David S. Miller authored
      David Ahern says:
      
      ====================
      ipv6: Refactor nexthop selection helpers during a fib lookup
      
      IPv6 has a fib6_nh embedded within each fib6_info and a separate
      fib6_info for each path in a multipath route. A side effect is that
      a fib6_info is passed all the way down the stack when selecting a path
      on a fib lookup. Refactor the fib lookup functions and associated
      helper functions to take a fib6_nh when appropriate to enable IPv6
      to work with nexthop objects where the fib6_nh is not directly part
      of a fib entry.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      78f07ada
    • David Ahern's avatar
      ipv6: Refactor __ip6_route_redirect · 0b34eb00
      David Ahern authored
      Move the nexthop evaluation of a fib entry to a helper that can be
      leveraged for each fib6_nh in a multipath nexthop object.
      
      In the move, 'continue' statements means the helper returns false
      (loop should continue) and 'break' means return true (found the entry
      of interest).
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0b34eb00
    • David Ahern's avatar
      ipv6: Refactor rt6_device_match · 0c59d006
      David Ahern authored
      Move the device and gateway checks in the fib6_next loop to a helper
      that can be called per fib6_nh entry.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0c59d006
    • David Ahern's avatar
      ipv6: Move fib6_multipath_select down in ip6_pol_route · d83009d4
      David Ahern authored
      Move the siblings and fib6_multipath_select after the null entry check
      since a null entry can not have siblings.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d83009d4
    • David Ahern's avatar
      ipv6: Be smarter with null_entry handling in ip6_pol_route_lookup · af52a52c
      David Ahern authored
      Clean up the fib6_null_entry handling in ip6_pol_route_lookup.
      rt6_device_match can return fib6_null_entry, but fib6_multipath_select
      can not. Consolidate the fib6_null_entry handling and on the final
      null_entry check set rt and goto out - no need to defer to a second
      check after rt6_find_cached_rt.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      af52a52c
    • David Ahern's avatar
      ipv6: Refactor find_rr_leaf · 30c15f03
      David Ahern authored
      find_rr_leaf has 3 loops over fib_entries calling find_match. The loops
      are very similar with differences in start point and whether the metric
      is evaluated:
          1. start at rr_head, no extra loop compare, check fib metric
          2. start at leaf, compare rt against rr_head, check metric
          3. start at cont (potential saved point from earlier loops), no
             extra loop compare, no metric check
      
      Create 1 loop that is called 3 different times. This will make a
      later change with multipath nexthop objects much simpler.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      30c15f03
    • David Ahern's avatar
      ipv6: Refactor find_match · 28679ed1
      David Ahern authored
      find_match primarily needs a fib6_nh (and fib6_flags which it passes
      through to rt6_score_route). Move fib6_check_expired up to the call
      sites so find_match is only called for relevant entries. Remove the
      match argument which is mostly a pass through and use the return
      boolean to decide if match gets set in the call sites.
      
      The end result is a helper that can be called per fib6_nh struct
      which is needed once fib entries reference nexthop objects that
      have more than one fib6_nh.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28679ed1
    • David Ahern's avatar
      ipv6: Pass fib6_nh and flags to rt6_score_route · 702cea56
      David Ahern authored
      rt6_score_route only needs the fib6_flags and nexthop data. Change
      it accordingly. Allows re-use later for nexthop based fib6_nh.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      702cea56
    • David Ahern's avatar
      ipv6: Change rt6_probe to take a fib6_nh · cc3a86c8
      David Ahern authored
      rt6_probe sends probes for gateways in a nexthop. As such it really
      depends on a fib6_nh, not a fib entry. Move last_probe to fib6_nh and
      update rt6_probe to a fib6_nh struct.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc3a86c8
    • David Ahern's avatar
      ipv6: Remove rt6_check_dev · 6e1809a5
      David Ahern authored
      rt6_check_dev is a simpler helper with only 1 caller. Fold the code
      into rt6_score_route.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6e1809a5
    • David Ahern's avatar
      ipv6: Only call rt6_check_neigh for nexthop with gateway · 1ba9a895
      David Ahern authored
      Change rt6_check_neigh to take a fib6_nh instead of a fib entry.
      Move the check on fib_flags and whether the nexthop has a gateway
      up to the one caller.
      
      Remove the inline from the definition as well. Not necessary.
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ba9a895
    • Colin Ian King's avatar
      dns: remove redundant zero length namelen check · 62720b12
      Colin Ian King authored
      The zero namelen check is redundant as it has already been checked
      for zero at the start of the function.  Remove the redundant check.
      
      Addresses-Coverity: ("Logically Dead Code")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      62720b12
    • Daniel Borkmann's avatar
      Merge branch 'bpf-l2-encap' · 94c59aab
      Daniel Borkmann authored
      Alan Maguire says:
      
      ====================
      Extend bpf_skb_adjust_room growth to mark inner MAC header so
      that L2 encapsulation can be used for tc tunnels.
      
      Patch #1 extends the existing test_tc_tunnel to support UDP
      encapsulation; later we want to be able to test MPLS over UDP
      and MPLS over GRE encapsulation.
      
      Patch #2 adds the BPF_F_ADJ_ROOM_ENCAP_L2(len) macro, which
      allows specification of inner mac length.  Other approaches were
      explored prior to taking this approach.  Specifically, I tried
      automatically computing the inner mac length on the basis of the
      specified flags (so inner maclen for GRE/IPv4 encap is the len_diff
      specified to bpf_skb_adjust_room minus GRE + IPv4 header length
      for example).  Problem with this is that we don't know for sure
      what form of GRE/UDP header we have; is it a full GRE header,
      or is it a FOU UDP header or generic UDP encap header? My fear
      here was we'd end up with an explosion of flags.  The other approach
      tried was to support inner L2 header marking as a separate room
      adjustment, i.e. adjust for L3/L4 encap, then call
      bpf_skb_adjust_room for L2 encap.  This can be made to work but
      because it imposed an order on operations, felt a bit clunky.
      
      Patch #3 syncs tools/ bpf.h.
      
      Patch #4 extends the tests again to support MPLSoverGRE,
      MPLSoverUDP, and transparent ethernet bridging (TEB) where
      the inner L2 header is an ethernet header.  Testing of BPF
      encap against tunnels is done for cases where configuration
      of such tunnels is possible (MPLSoverGRE[6], MPLSoverUDP,
      gre[6]tap), and skipped otherwise.  Testing of BPF encap/decap
      is always carried out.
      
      Changes since v2:
       - updated tools/testing/selftest/bpf/config with FOU/MPLS CONFIG
         variables (patches 1, 4)
       - reduced noise in patch 1 by avoiding unnecessary movement of code
       - eliminated inner_mac variable in bpf_skb_net_grow (patch 2)
      
      Changes since v1:
       - fixed formatting of commit references.
       - BPF_F_ADJ_ROOM_FIXED_GSO flag enabled on all variants (patch 1)
       - fixed fou6 options for UDP encap; checksum errors observed were
         due to the fact fou6 tunnel was not set up with correct ipproto
         options (41 -6).  0 checksums work fine (patch 1)
       - added definitions for mask and shift used in setting L2 length
         (patch 2)
       - allow udp encap with fixed GSO (patch 2)
       - changed "elen" to "l2_len" to be more descriptive (patch 4)
      ====================
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      94c59aab