- 22 Oct, 2017 2 commits
-
-
Gustavo A. R. Silva authored
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Notice that in this particular case I placed a "fall through" comment on its own line, which is what GCC is expecting to find. Signed-off-by:
Gustavo A. R. Silva <garsilva@embeddedor.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Gustavo A. R. Silva authored
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Signed-off-by:
-
- 21 Oct, 2017 32 commits
-
-
Steve Lin authored
Moving generic devlink code (registration) out of VF-R code into new bnxt_devlink file, in preparation for future work to add additional devlink functionality to bnxt. Signed-off-by:
Steve Lin <steven.lin1@broadcom.com> Acked-by:
Andy Gospodarek <gospo@broadcom.com> Signed-off-by:
-
Jon Maloy authored
In commit ae236fb2 ("tipc: receive group membership events via member socket") we broke the tipc_poll() function by checking the state of the receive queue before the call to poll_sock_wait(), while relying that state afterwards, when it might have changed. We restore this in this commit. Signed-off-by:
Jon Maloy <jon.maloy@ericsson.com> Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== net: sched: convert cls ndo_setup_tc offload calls to per-block callbacks This patchset is a bit bigger, but most of the patches are doing the same changes in multiple classifiers and drivers. I could do some squashes, but I think it is better split. This is another dependency on the way to shared block implementation. The goal is to remove use of tp->q in classifiers code. Also, this provides drivers possibility to track binding of blocks to qdiscs. Legacy drivers which do not support shared block offloading. register one callback per binding. That maintains the current functionality we have with ndo_setup_tc. Drivers which support block sharing offload register one callback per block which safes overhead. Patches 1-4 introduce the binding notifications and per-block callbacks Patches 5-8 add block callbacks calls to classifiers Patches 9-17 do convert from ndo_setup_tc calls to block callbacks for classifier offloads in drivers Patches 18-20 do cleanup v1->v2: - patch1: - move new enum value to the end ==================== Signed-off-by: -
Jiri Pirko authored
These helpers are no longer in use by drivers, so remove them. Signed-off-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
Jiri Pirko authored
It is no longer used by the drivers, so remove it. Signed-off-by:
-
Jiri Pirko authored
All drivers are converted to use block callbacks for TC_SETUP_CLS*. So it is now safe to remove the calls to ndo_setup_tc from cls_* Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for matchall offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for bpf offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for flower offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for flower offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for u32 offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for flower and u32 offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for flower offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for flower offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for matchall and flower offloads to block callbacks. Signed-off-by:
-
Jiri Pirko authored
Use the newly introduced callbacks infrastructure and call block callbacks alongside with the existing per-netdev ndo_setup_tc. Signed-off-by:
-
Jiri Pirko authored
Use the newly introduced callbacks infrastructure and call block callbacks alongside with the existing per-netdev ndo_setup_tc. Signed-off-by:
-
Jiri Pirko authored
Signed-off-by:
-
Jiri Pirko authored
Use the newly introduced callbacks infrastructure and call block callbacks alongside with the existing per-netdev ndo_setup_tc. Signed-off-by:
-
Jiri Pirko authored
Extend the tc_setup_cb_call entrypoint function originally used only for action egress devices callbacks to call per-block callbacks as well. Signed-off-by:
-
Jiri Pirko authored
Introduce infrastructure that allows drivers to register callbacks that are called whenever tc would offload inserted rule for a specific block. Signed-off-by:
-
Jiri Pirko authored
Use previously introduced extended variants of block get and put functions. This allows to specify a binder types specific to clsact ingress/egress which is useful for drivers to distinguish who actually got the block. Signed-off-by:
-
Jiri Pirko authored
Introduce new type of ndo_setup_tc message to propage binding/unbinding of a block to driver. Call this ndo whenever qdisc gets/puts a block. Alongside with this, there's need to propagate binder type from qdisc code down to the notifier. So introduce extended variants of block_get/put in order to pass this info. Signed-off-by:
-
Paolo Abeni authored
The perf traces for ipv6 routing code show a relevant cost around trace_fib6_table_lookup(), even if no trace is enabled. This is due to the fib6_table de-referencing currently performed by the caller. Let's the tracing code pay this overhead, passing to the trace helper the table pointer. This gives small but measurable performance improvement under UDP flood. Signed-off-by:
Paolo Abeni <pabeni@redhat.com> Acked-by:
Steven Rostedt (VMware) <rostedt@goodmis.org> Acked-by:
David Ahern <dsa@cumulusnetworks.com> Acked-by:
Martin KaFai Lau <kafai@fb.com> Signed-off-by:
-
David S. Miller authored
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2017-10-19 Here's the first bluetooth-next pull request targeting the 4.15 kernel release. - Multiple fixes & improvements to the hci_bcm driver - DT improvements, e.g. new local-bd-address property - Fixes & improvements to ECDH usage. Private key is now generated by the crypto subsystem. - gcc-4.9 warning fixes Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by:
-
Eric Dumazet authored
ipv4_default_advmss() incorrectly uses the device MTU instead of the route provided one. IPv6 has the proper behavior, lets harmonize the two protocols. Signed-off-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
David S. Miller authored
Merge branch 'ieee802154-for-davem-2017-10-18' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next Stefan Schmidt says: ==================== pull-request: ieee802154 2017-10-18 Please find below a pull request from the ieee802154 subsystem for net-next. ==================== Signed-off-by:
-
David Ahern authored
Use container_of to convert the generic fib_notifier_info into the event specific data structure. Signed-off-by:
David Ahern <dsahern@gmail.com> Reviewed-by:
Ido Schimmel <idosch@mellanox.com> Acked-by:
-
Eric Dumazet authored
syn_data was allocated by sk_stream_alloc_skb(), meaning its destructor and _skb_refdst fields are mangled. We need to call tcp_skb_tsorted_anchor_cleanup() before calling kfree_skb() or kernel crashes. Bug was reported by syzkaller bot. Fixes: e2080072 ("tcp: new list for sent but unacked skbs for RACK recovery") Signed-off-by:
Dmitry Vyukov <dvyukov@google.com> Acked-by:
Yuchung Cheng <ycheng@google.com> Signed-off-by:
-
David S. Miller authored
Paolo Abeni says: ==================== ipv6: fixes for RTF_CACHE entries This series addresses 2 different but related issues with RTF_CACHE introduced by the recent refactory. patch 1 restore the gc timer for such routes patch 2 removes the aged out dst from the fib tree, properly coping with pMTU routes v1 -> v2: - dropped the for ip route show cache - avoid touching dst.obsolete when the dst is aged out v2 -> v3: - take care of pMTU exceptions ==================== Signed-off-by: -
Paolo Abeni authored
The commit 2b760fcf ("ipv6: hook up exception table to store dst cache") partially reverted the commit 1e2ea8ad ("ipv6: set dst.obsolete when a cached route has expired"). As a result, RTF_CACHE dst referenced outside the fib tree will not be removed until the next sernum change; dst_check() does not fail on aged-out dst, and dst->__refcnt can't decrease: the aged out dst will stay valid for a potentially unlimited time after the timeout expiration. This change explicitly removes RTF_CACHE dst from the fib tree when aged out. The rt6_remove_exception() logic will then obsolete the dst and other entities will drop the related reference on next dst_check(). pMTU exceptions are not aged-out, and are removed from the exception table only when the - usually considerably longer - ip6_rt_mtu_expires timeout expires. v1 -> v2: - do not touch dst.obsolete in rt6_remove_exception(), not needed v2 -> v3: - take care of pMTU exceptions, too Fixes: 2b760fcf ("ipv6: hook up exception table to store dst cache") Signed-off-by:
Wei Wang <weiwan@google.com> Acked-by:
-
Paolo Abeni authored
After the commit 2b760fcf ("ipv6: hook up exception table to store dst cache"), the fib6 gc is not started after the creation of a RTF_CACHE via a redirect or pmtu update, since fib6_add() isn't invoked anymore for such dsts. We need the fib6 gc to run periodically to clean the RTF_CACHE, or the dst will stay there forever. Fix it by explicitly calling fib6_force_start_gc() on successful exception creation. gc_args->more accounting will ensure that the gc timer will run for whatever time needed to properly clean the table. v2 -> v3: - clarified the commit message Fixes: 2b760fcf ("ipv6: hook up exception table to store dst cache") Signed-off-by:
-
- 20 Oct, 2017 6 commits
-
-
David S. Miller authored
Chenbo Feng says: ==================== bpf: security: New file mode and LSM hooks for eBPF object permission control Much like files and sockets, eBPF objects are accessed, controlled, and shared via a file descriptor (FD). Unlike files and sockets, the existing mechanism for eBPF object access control is very limited. Currently there are two options for granting accessing to eBPF operations: grant access to all processes, or only CAP_SYS_ADMIN processes. The CAP_SYS_ADMIN-only mode is not ideal because most users do not have this capability and granting a user CAP_SYS_ADMIN grants too many other security-sensitive permissions. It also unnecessarily allows all CAP_SYS_ADMIN processes access to eBPF functionality. Allowing all processes to access to eBPF objects is also undesirable since it has potential to allow unprivileged processes to consume kernel memory, and opens up attack surface to the kernel. Adding LSM hooks maintains the status quo for systems which do not use an LSM, preserving compatibility with userspace, while allowing security modules to choose how best to handle permissions on eBPF objects. Here is a possible use case for the lsm hooks with selinux module: The network-control daemon (netd) creates and loads an eBPF object for network packet filtering and analysis. It passes the object FD to an unprivileged network monitor app (netmonitor), which is not allowed to create, modify or load eBPF objects, but is allowed to read the traffic stats from the map. Selinux could use these hooks to grant the following permissions: allow netd self:bpf_map { create read write}; allow netmonitor netd:fd use; allow netmonitor netd:bpf_map read; In this patch series, A file mode is added to bpf map to store the accessing mode. With this file mode flags, the map can be obtained read only, write only or read and write. With the help of this file mode, several security hooks can be added to the eBPF syscall implementations to do permissions checks. These LSM hooks are mainly focused on checking the process privileges before it obtains the fd for a specific bpf object. No matter from a file location or from a eBPF id. Besides that, a general check hook is also implemented at the start of bpf syscalls so that each security module can have their own implementation on the reset of bpf object related functionalities. In order to store the ownership and security information about eBPF maps, a security field pointer is added to the struct bpf_map. And the last two patch set are implementation of selinux check on these hooks introduced, plus an additional check when eBPF object is passed between processes using unix socket as well as binder IPC. Change since V1: - Whitelist the new bpf flags in the map allocate check. - Added bpf selftest for the new flags. - Added two new security hooks for copying the security information from the bpf object security struct to file security struct - Simplified the checking action when bpf fd is passed between processes. Change since V2: - Fixed the line break problem for map flags check - Fixed the typo in selinux check of file mode. - Merge bpf_map and bpf_prog into one selinux class - Added bpf_type and bpf_sid into file security struct to store the security information when generate fd. - Add the hook to bpf_map_new_fd and bpf_prog_new_fd. Change since V3: - Return the actual error from security check instead of -EPERM - Move the hooks into anon_inode_getfd() to avoid get file again after bpf object file is installed with fd. - Removed the bpf_sid field inside file_scerity_struct to reduce the cache size. Change since V4: - Rename bpf av prog_use to prog_run to distinguish from fd_use. - Remove the bpf_type field inside file_scerity_struct and use bpf fops to indentify bpf object instead. Change since v5: - Fixed the incorrect selinux class name for SECCLASS_BPF Change since v7: - Fixed the build error caused by xt_bpf module. - Add flags check for bpf_obj_get() and bpf_map_get_fd_by_id() to make it uapi-wise. - Add the flags field to the bpf_obj_get_user function when BPF_SYSCALL is not configured. ==================== Signed-off-by: -
Chenbo Feng authored
Introduce a bpf object related check when sending and receiving files through unix domain socket as well as binder. It checks if the receiving process have privilege to read/write the bpf map or use the bpf program. This check is necessary because the bpf maps and programs are using a anonymous inode as their shared inode so the normal way of checking the files and sockets when passing between processes cannot work properly on eBPF object. This check only works when the BPF_SYSCALL is configured. Signed-off-by:
Chenbo Feng <fengc@google.com> Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by:
James Morris <james.l.morris@oracle.com> Signed-off-by:
-
Chenbo Feng authored
Implement the actual checks introduced to eBPF related syscalls. This implementation use the security field inside bpf object to store a sid that identify the bpf object. And when processes try to access the object, selinux will check if processes have the right privileges. The creation of eBPF object are also checked at the general bpf check hook and new cmd introduced to eBPF domain can also be checked there. Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Reviewed-by:
-
Chenbo Feng authored
Introduce several LSM hooks for the syscalls that will allow the userspace to access to eBPF object such as eBPF programs and eBPF maps. The security check is aimed to enforce a per object security protection for eBPF object so only processes with the right priviliges can read/write to a specific map or use a specific eBPF program. Besides that, a general security hook is added before the multiplexer of bpf syscall to check the cmd and the attribute used for the command. The actual security module can decide which command need to be checked and how the cmd should be checked. Signed-off-by:
-
Chenbo Feng authored
Two related tests are added into bpf selftest to test read only map and write only map. The tests verified the read only and write only flags are working on hash maps. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Signed-off-by:
-
Chenbo Feng authored
Introduce the map read/write flags to the eBPF syscalls that returns the map fd. The flags is used to set up the file mode when construct a new file descriptor for bpf maps. To not break the backward capability, the f_flags is set to O_RDWR if the flag passed by syscall is 0. Otherwise it should be O_RDONLY or O_WRONLY. When the userspace want to modify or read the map content, it will check the file mode to see if it is allowed to make the change. Signed-off-by:
-
