- 04 Oct, 2020 25 commits
-
-
Andrew Lunn authored
If a port is unused, still create a devlink port for it, but set the flavour to unused. This allows us to attach devlink regions to the port, etc. Reviewed-by:
Vladimir Oltean <olteanv@gmail.com> Tested-by:
Andrew Lunn <andrew@lunn.ch> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Andrew Lunn authored
Not all ports of a switch need to be used, particularly in embedded systems. Add a port flavour for ports which physically exist in the switch, but are not connected to the front panel etc, and so are unused. By having unused ports present in devlink, it gives a more accurate representation of the hardware. It also allows regions to be associated to such ports, so allowing, for example, to determine unused ports are correctly powered off, or to compare probable reset defaults of unused ports to used ports experiences issues. Actually registering unused ports and setting the flavour to unused is optional. The DSA core will register all such switch ports, but such ports are expected to be limited in number. Bigger ASICs may decide not to list unused ports. v2: Expand the description about why it is useful Reviewed-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next: 1) Rename 'searched' column to 'clashres' in conntrack /proc/ stats to amend a recent patch, from Florian Westphal. 2) Remove unused nft_data_debug(), from YueHaibing. 3) Remove unused definitions in IPVS, also from YueHaibing. 4) Fix user data memleak in tables and objects, this is also amending a recent patch, from Jose M. Guisado. 5) Use nla_memdup() to allocate user data in table and objects, also from Jose M. Guisado 6) User data support for chains, from Jose M. Guisado 7) Remove unused definition in nf_tables_offload, from YueHaibing. 8) Use kvzalloc() in ip_set_alloc(), from Vasily Averin. 9) Fix false positive reported by lockdep in nfnetlink mutexes, from Florian Westphal. 10) Extend fast variant of cmp for neq operation, from Phil Sutter. 11) Implement fast bitwise variant, also from Phil Sutter. ==================== Signed-off-by: -
Phil Sutter authored
A typical use of bitwise expression is to mask out parts of an IP address when matching on the network part only. Optimize for this common use with a fast variant for NFT_BITWISE_BOOL-type expressions operating on 32bit-sized values. Signed-off-by:
Phil Sutter <phil@nwl.cc> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Phil Sutter authored
Add a boolean indicating NFT_CMP_NEQ. To include it into the match decision, it is sufficient to XOR it with the data comparison's result. While being at it, store the mask that is calculated during expression init and free the eval routine from having to recalculate it each time. Signed-off-by:
-
Florian Westphal authored
From time to time there are lockdep reports similar to this one: WARNING: possible circular locking dependency detected ------------------------------------------------------ 000000004f61aa56 (&table[i].mutex){+.+.}, at: nfnl_lock [nfnetlink] but task is already holding lock: [..] (&net->nft.commit_mutex){+.+.}, at: nf_tables_valid_genid [nf_tables] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&net->nft.commit_mutex){+.+.}: [..] nf_tables_valid_genid+0x18/0x60 [nf_tables] nfnetlink_rcv_batch+0x24c/0x620 [nfnetlink] nfnetlink_rcv+0x110/0x140 [nfnetlink] netlink_unicast+0x12c/0x1e0 [..] sys_sendmsg+0x18/0x40 linux_sparc_syscall+0x34/0x44 -> #0 (&table[i].mutex){+.+.}: [..] nfnl_lock+0x24/0x40 [nfnetlink] ip_set_nfnl_get_byindex+0x19c/0x280 [ip_set] set_match_v1_checkentry+0x14/0xc0 [xt_set] xt_check_match+0x238/0x260 [x_tables] __nft_match_init+0x160/0x180 [nft_compat] [..] sys_sendmsg+0x18/0x40 linux_sparc_syscall+0x34/0x44 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&net->nft.commit_mutex); lock(&table[i].mutex); lock(&net->nft.commit_mutex); lock(&table[i].mutex); Lockdep considers this an ABBA deadlock because the different nfnl subsys mutexes reside in the same lockdep class, but this is a false positive. CPU1 table[i] refers to the nftables subsys mutex, whereas CPU1 locks the ipset subsys mutex. Yi Che reported a similar lockdep splat, this time between ipset and ctnetlink subsys mutexes. Time to place them in distinct classes to avoid these warnings. Signed-off-by:Florian Westphal <fw@strlen.de> Signed-off-by:
-
Vasily Averin authored
Currently netadmin inside non-trusted container can quickly allocate whole node's memory via request of huge ipset hashtable. Other ipset-related memory allocations should be restricted too. v2: fixed typo ALLOC -> ACCOUNT Signed-off-by:
Vasily Averin <vvs@virtuozzo.com> Signed-off-by:
-
YueHaibing authored
commit 9a32669f ("netfilter: nf_tables_offload: support indr block call") left behind this. Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Signed-off-by:
-
Matthieu Baerts authored
The MPTCP ADD_ADDR suboption with echo-flag=1 has no HMAC, the size is smaller than the one initially sent without echo-flag=1. We then need to use the correct size everywhere when we need this echo bit. Before this patch, the wrong size was reserved but the correct amount of bytes were written (and read): the remaining bytes contained garbage. Fixes: 6a6c05a8 ("mptcp: send out ADD_ADDR with echo flag") Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/95Reported-and-tested-by:
Davide Caratti <dcaratti@redhat.com> Acked-by:
Geliang Tang <geliangtang@gmail.com> Signed-off-by:
Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by:
-
Kurt Kanzenbach authored
There is no such property as duplex-full. It's called full-duplex. Leading to reduced speed when using the example as base for a real device tree. Signed-off-by:
Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by:
-
Kurt Kanzenbach authored
The unit address should be 1e, because the unit address is supposed to be in hexadecimal. Suggested-by:
-
Vladimir Oltean authored
This is a strictly cosmetic change that renames some macros in sja1105_dynamic_config.c. They were copy-pasted in haste and this has resulted in them having the driver prefix twice. Signed-off-by:
Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by:
-
Gustavo A. R. Silva authored
Replace /* no break */ comments with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by:
-
Gustavo A. R. Silva authored
Replace /* Fallthrough... */ comment with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
-
Gustavo A. R. Silva authored
Replace /* !!! fall through !!! */ comments with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
-
Gustavo A. R. Silva authored
Replace // FALLTHROUGH comment with the new pseudo-keyword macro fallthrough[1]. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-throughSigned-off-by:
-
David S. Miller authored
Guillaume Nault says: ==================== net/sched: Add actions for MPLS L2 VPNs This patch series adds the necessary TC actions for supporting layer 2 MPLS VPNs (VPLS). The objective is to give the possibility to add an MPLS header right before an skb's mac header, then to prepend this MPLS packet with a new Ethernet header with the MAC address of the next hop. Patch 1 implements the actions for adding and removing the external Ethernet header. Patch 2 adds the possibility to push an MPLS header before the mac header. Most of the code already exists as these operations were first implemented in openvswitch. Practical example, with encap on Host-A and decap on Host-B: Host-A# tc filter add dev ethAx ingress matchall \ action mpls mac_push label 20 \ action vlan push_eth dst_mac 02:00:00:00:00:02 \ src_mac 02:00:00:00:00:01 \ action mirred egress redirect dev ethAy Host-B# tc filter add dev ethBx ingress protocol mpls_uc \ flower mpls_label 20 mpls_bos 1 \ action vlan pop_eth \ action mpls pop proto teb \ action mirred egress redirect dev ethBy ==================== Signed-off-by: -
Guillaume Nault authored
Define the MAC_PUSH action which pushes an MPLS LSE before the mac header (instead of between the mac and the network headers as the plain PUSH action does). The only special case is when the skb has an offloaded VLAN. In that case, it has to be inlined before pushing the MPLS header. Signed-off-by:
Guillaume Nault <gnault@redhat.com> Signed-off-by:
-
Guillaume Nault authored
Implement TCA_VLAN_ACT_POP_ETH and TCA_VLAN_ACT_PUSH_ETH, to respectively pop and push a base Ethernet header at the beginning of a frame. POP_ETH is just a matter of pulling ETH_HLEN bytes. VLAN tags, if any, must be stripped before calling POP_ETH. PUSH_ETH is restricted to skbs with no mac_header, and only the MAC addresses can be configured. The Ethertype is automatically set from skb->protocol. These restrictions ensure that all skb's fields remain consistent, so that this action can't confuse other part of the networking stack (like GSO). Since openvswitch already had these actions, consolidate the code in skbuff.c (like for vlan and mpls push/pop). Signed-off-by:
-
Colin Ian King authored
Currently the comparisons of u16 integers value and sopass_val with less than zero for error checking is always false because the values are unsigned. Fix this by making these variables int. This does not affect the shift and mask operations performed on these variables Addresses-Coverity: ("Unsigned compared against zero") Fixes: 49fc2301 ("net: phy: dp83869: support Wake on LAN") Signed-off-by:Colin Ian King <colin.king@canonical.com> Acked-by:
Dan Murphy <dmurphy@ti.com> Signed-off-by:
-
Karsten Graul authored
The check for old hardware versions that did not have SMCDv2 support was using suspicious pointer magic. Address the fields using an array. Signed-off-by:
Karsten Graul <kgraul@linux.ibm.com> Signed-off-by:
-
Karsten Graul authored
When building a CLC proposal message then the list of ISM devices does not need to contain multiple devices that have the same chid value, all these devices use the same function at the end. Improve smc_find_ism_v2_device_clnt() to collect only ISM devices that have unique chid values. Signed-off-by:
-
David S. Miller authored
Vladimir Oltean says: =================== Add Seville Ethernet switch to T1040RDB Seville is a DSA switch that is embedded inside the T1040 SoC, and supported by the mscc_seville DSA driver inside drivers/net/dsa/ocelot. This series adds this switch to the SoC's dtsi files and to the T1040RDB board file. I would like to send this series through net-next. There is no conflict with other patches submitted to T1040 device tree. Maybe this could at least get an ACK from devicetree maintainers. =================== Signed-off-by: -
Vladimir Oltean authored
Define the network interface names for the switch ports and hook them up to the 2 QSGMII PHYs that are onboard. A conscious decision was taken to go along with the numbers that are written on the front panel of the board and not with the hardware numbers of the switch chip ports. Signed-off-by:
Maxim Kochetkov <fido_max@inbox.ru> Reviewed-by:
-
Vladimir Oltean authored
Add the description of the embedded L2 switch inside the SoC dtsi file for NXP T1040. Signed-off-by:
-
- 03 Oct, 2020 15 commits
-
-
Yuchung Cheng authored
The retransmission refactoring patch 68698970 ("tcp: simplify tcp_mark_skb_lost") does not properly update the total lost packet counter which may break the policer mode in BBR. This patch fixes it. Fixes: 68698970 ("tcp: simplify tcp_mark_skb_lost") Reported-by:
Neal Cardwell <ncardwell@google.com> Signed-off-by:
Yuchung Cheng <ycheng@google.com> Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
David S. Miller authored
Julian Wiedmann says: ==================== net/iucv: updates 2020-10-01 Just two (rare) patches, and both deal with smatch warnings. ==================== Signed-off-by: -
Julian Wiedmann authored
smatch complains about net/iucv/iucv.c:1119 __iucv_message_receive() warn: inconsistent indenting While touching this line, also make the return logic consistent and thus get rid of a goto label. Signed-off-by:
Julian Wiedmann <jwi@linux.ibm.com> Reviewed-by:
-
Julian Wiedmann authored
smatch complains about net/iucv/af_iucv.c:624 iucv_sock_bind() error: memcpy() 'sa->siucv_user_id' too small (8 vs 9) Which is absolutely correct - the memcpy() takes 9 bytes (sizeof(uid)) from an 8-byte field (sa->siucv_user_id). Luckily the sockaddr_iucv struct contains more data after the .siucv_user_id field, and we checked the size of the passed data earlier on. So the memcpy() won't accidentally read from an invalid location. Fix the warning by reducing the size of the uid variable to what's actually needed, and thus reducing the amount of copied data. Signed-off-by:
-
Taehee Yoo authored
NETDEV_HW_ADDR_T_SLAVE is not used anymore, remove it. Signed-off-by:
Taehee Yoo <ap420073@gmail.com> Signed-off-by:
-
David S. Miller authored
Johannes Berg says: ==================== genetlink per-op policy export Here's a respin, now including Jakub's patch last so that it will do the right thing from the start. The first patch remains the same, of course; the others have mostly some rebasing going on, except for the actual export patch (patch 4) which is adjusted per Jakub's review comments about exporting the policy only if it's actually used for do/dump. To see that, the dump for "nlctrl" (i.e. the generic netlink control) is instructive, because the ops are this: { .cmd = CTRL_CMD_GETFAMILY, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .policy = ctrl_policy_family, .maxattr = ARRAY_SIZE(ctrl_policy_family) - 1, .doit = ctrl_getfamily, .dumpit = ctrl_dumpfamily, }, { .cmd = CTRL_CMD_GETPOLICY, .policy = ctrl_policy_policy, .maxattr = ARRAY_SIZE(ctrl_policy_policy) - 1, .start = ctrl_dumppolicy_start, .dumpit = ctrl_dumppolicy, .done = ctrl_dumppolicy_done, }, So we exercise both "don't have doit" and "GENL_DONT_VALIDATE_DUMP" parts, and get (with the current genl patch): $ genl ctrl policy name nlctrl ID: 0x10 op 3 policies: do=0 ID: 0x10 op 10 policies: dump=1 ID: 0x10 policy[0]:attr[1]: type=U16 range:[0,65535] ID: 0x10 policy[0]:attr[2]: type=NUL_STRING max len:15 ID: 0x10 policy[1]:attr[1]: type=U16 range:[0,65535] ID: 0x10 policy[1]:attr[2]: type=NUL_STRING max len:15 ID: 0x10 policy[1]:attr[10]: type=U32 range:[0,4294967295] ==================== Reviewed-by:Jakub Kicinski <kuba@kernel.org> Signed-off-by:
-
Jakub Kicinski authored
Right now CTRL_CMD_GETPOLICY can only dump the family-wide policy. Support dumping policy of a specific op. v3: - rebase after per-op policy export and handle that v2: - make cmd U32, just in case. v1: - don't echo op in the output in a naive way, this should make it cleaner to extend the output format for dumping policies for all the commands at once in the future. Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Johannes Berg authored
Add support for per-op policy dumping. The data is pretty much as before, except that now the assumption that the policy with index 0 is "the" policy no longer holds - you now need to look at the new CTRL_ATTR_OP_POLICY attribute which is a nested attr (indexed by op) containing attributes for do and dump policies. When a single op is requested, the CTRL_ATTR_OP_POLICY will be added in the same way, since do and dump policies may differ. v2: - conditionally advertise per-command policies only if there actually is a policy being used for the do/dump and it's present at all Signed-off-by:
-
Johannes Berg authored
We'll need this later for the per-op policy index dump. Reviewed-by:
-
Johannes Berg authored
Rework the policy dump code a bit to support adding multiple policies to a single dump, in order to e.g. support per-op policies in generic netlink. v2: - move kernel-doc to implementation [Jakub] - squash the first patch to not flip-flop on the prototype [Jakub] - merge netlink_policy_dump_get_policy_idx() with the old get_policy_idx() we already had - rebase without Jakub's patch to have per-op dump Signed-off-by:
-
Johannes Berg authored
The maxtype is really an integral part of the policy, and while we haven't gotten into a situation yet where this happens, it seems that some developer might eventually have two places pointing to identical policies, with different maxattr to exclude some attrs in one of the places. Even if not, it's really the right thing to compare both since the two data items fundamentally belong together. v2: - also do the proper comparison in get_policy_idx() Signed-off-by:
-
David S. Miller authored
Jakub Kicinski says: ==================== genetlink: support per-command policy dump The objective of this series is to dump ethtool policies to be able to tell which flags are supported by the kernel. Current release adds ETHTOOL_FLAG_STATS for dumping extra stats, but because of strict checking we need to make sure that the flag is actually supported before setting it in a request. Ethtool policies are per command, and so far only dumping family policies was supported. The series adds new set of "light" ops to genl families which don't have all the callbacks, and won't have the policy. Most of families are then moved to these ops. This gives us 4096B in savings on an allyesconfig build (not counting the growth that would have happened when policy is added): text data bss dec hex 244415581 227958581 78372980 550747142 20d3bc06 244415581 227962677 78372980 550751238 20d3cc06 Next 5 patches deal the dumping per-op policy. v3: The actually patch to dump per-op policy was taken out and will come in a series from Johannes, to make sure uAPI is consistent from the start. For dump-specific policies I think it should be fine to add a new pair of members to the "full" ops, and not overthink it. v2: - remove the stale comment in taskstats - split patch 8 -> 8, 9 - now the getfamily policy is also in the op - make cmd u32 v1: - replace remaining uses of "light" with "small" - fix dump (ops can't be on the stack there) - coding changes in patch 4 - new patch 7 - don't echo op in responses - to make dump all easier Dave - this series will cause a very trivial conflict with the patch I sent to net. Both sides add some kdoc to struct genl_ops so we'll need to keep it all. I'm sending this already because I also need to restructure ethool policies in time for 5.10 if we want to use it for the stats flag. ==================== Signed-off-by: -
Jakub Kicinski authored
In preparation for adding a new attribute to CTRL_CMD_GETPOLICY split the policies for getpolicy and getfamily apart. This will cause a slight user-visible change in that dumping the policies will switch from per family to per op, but supposedly sniffer-type applications (which are the main use case for policy dumping thus far) should support both, anyway. Signed-off-by:
Johannes Berg <johannes@sipsolutions.net> Signed-off-by:
-
Jakub Kicinski authored
Attributes are already parsed based on the policy specified in the family and ready-to-use in info->attrs. No need to call genlmsg_parse() again. Signed-off-by:
-
Jakub Kicinski authored
commit 3b0f31f2 ("genetlink: make policy common to family") had to work around removal of policy from ops by parsing in the pre_doit callback. Now that policy is back in full ops we can switch again. Set maxattr to actual size of the policies - both commands set GENL_DONT_VALIDATE_STRICT so out of range attributes will be silently ignored, anyway. v2: - remove stale comment Suggested-by:
-
