- 22 Mar, 2017 40 commits
-
-
Reshetova, Elena authored
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tobias Klauser authored
Do not open code getting the MAC address exclusively from the "local-mac-address" property, but instead use of_get_mac_address() which looks up the MAC address using the 3 typical property names. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Felix Manlunas authored
Fix Coverity scan errors by not dereferencing lio->glists_dma_base pointer if it's NULL. See http://marc.info/?l=linux-netdev&m=149002294305614&w=2Reported-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com> Signed-off-by: VSR Burru <veerasenareddy.burru@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gao Feng authored
When user_mss is zero, it means use the default value. But the current codes don't permit user set TCP_MAXSEG to the default value. It would return the -EINVAL when val is zero. Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Andy Zhou says: ==================== net-next sample action optimization v4 The sample action can be used for translating Openflow 'clone' action. However its implementation has not been sufficiently optimized for this use case. This series attempts to close the gap. Patch 3 commit message has more details on the specific optimizations implemented. --- v3->v4: Enhance patch 4. Fix two bugs pointed out by Pravin, Remove 'is_sample' variable. v2->v3: Enhance patch 4, Rafctor to move more common logic to clone_execute(). v1->v2: Address Pravin's comment, Refactor recirc and sample to share more common code ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
andy zhou authored
Added clone_execute() that both the sample and the recirc action implementation can use. Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
andy zhou authored
With the introduction of open flow 'clone' action, the OVS user space can now translate the 'clone' action into kernel datapath 'sample' action, with 100% probability, to ensure that the clone semantics, which is that the packet seen by the clone action is the same as the packet seen by the action after clone, is faithfully carried out in the datapath. While the sample action in the datpath has the matching semantics, its implementation is only optimized for its original use. Specifically, there are two limitation: First, there is a 3 level of nesting restriction, enforced at the flow downloading time. This limit turns out to be too restrictive for the 'clone' use case. Second, the implementation avoid recursive call only if the sample action list has a single userspace action. The main optimization implemented in this series removes the static nesting limit check, instead, implement the run time recursion limit check, and recursion avoidance similar to that of the 'recirc' action. This optimization solve both #1 and #2 issues above. One related optimization attempts to avoid copying flow key as long as the actions enclosed does not change the flow key. The detection is performed only once at the flow downloading time. Another related optimization is to rewrite the action list at flow downloading time in order to save the fast path from parsing the sample action list in its original form repeatedly. Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
andy zhou authored
The logic of allocating and copy key for each 'exec_actions_level' was specific to execute_recirc(). However, future patches will reuse as well. Refactor the logic into its own function clone_key(). Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
andy zhou authored
add_deferred_actions() API currently requires actions to be passed in as a fully encoded netlink message. So far both 'sample' and 'recirc' actions happens to carry actions as fully encoded netlink messages. However, this requirement is more restrictive than necessary, future patch will need to pass in action lists that are not fully encoded by themselves. Signed-off-by: Andy Zhou <azhou@ovn.org> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
David Ahern says: ==================== net: vrf: performance improvements Device based features for VRF such as qdisc, netfilter and packet captures are implemented by switching the dst on skbuffs to its per-VRF dst. This has the effect of controlling the output function which points a function in the VRF driver. [1] The skb proceeds down the stack with dst->dev pointing to the VRF device. Netfilter, qdisc and tc rules and network taps are evaluated based on this device. Finally, the skb makes it to the vrf_xmit function which resets the dst based on a FIB lookup. The feature comes at cost - between 5 and 10% depending on test (TCP vs UDP, stream vs RR and IPv4 vs IPv6). The main cost is requiring a FIB lookup in the VRF driver for each packet sent through it. The FIB lookup is required because the real dst gets dropped so that the skb can traverse the stack with dst->dev set to the VRF device. All of that is really driven by the qdisc and not replicating the processing of __dev_queue_xmit if a qdisc is set up on the device. But, VRF devices by default do not have a qdisc and really have no need for multiple Tx queues. This means the performance overhead is inflicted upon all users for the potential use case of a qdisc being configured. The overhead can be avoided by checking if the default configuration applies to a specific VRF device before switching the dst. If a device does not have a qdisc, the pass through netfilter hooks and packet taps can be done inline without dropping the dst and thus avoiding the performance penalty. With this change performance overhead of VRF drops to neglible (difference with run-over-run variance) to 3% depending on test type. netperf performance comparison for 3 cases: 1. L3_MASTER_DEVICE compiled out 2. VRF with this patch set 3. current VRF code IPv4 ---- no-l3mdev new-vrf old-vrf TCP_RR 28778 28938* 27169 TCP_CRR 10706 10490 9770 UDP_RR 30750 29813 29256 * Although higher in the final run used for submitting this patch set, I think what this really represents is a neglible performance overhead for VRF with this change (i.e, within the +-1% variance of runs). Most notably the FIB lookups in the Tx path are avoided for TCP_RR. IPv6 ---- no-l3mdev new-vrf old-vrf TCP_RR 29495 29432 27794 TCP_CRR 10520 10338 9870 UDP_RR 26137 27019* 26511 * UDP is consistently better with VRF for two reasons: 1. Source address selection with L3 domains is considering fewer addresses since only addresses on interfaces in the domain are considered for the selection. Specifically, perf-top shows shows ipv6_get_saddr_eval, ipv6_dev_get_saddr and __ipv6_dev_get_saddr running much lower with vrf than without. 2. The VRF table contains all routes (i.e, there are no separate local and main tables per VRF). That means ip6_pol_route_output only has 1 lookup for VRF where it does 2 without it (1 in the local table and 1 in the main table). [1] http://netdevconf.org/1.2/papers/ahern-what-is-l3mdev-paper.pdf ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Ahern authored
The VRF driver allows users to implement device based features for an entire domain. For example, a qdisc or netfilter rules can be attached to a VRF device or tcpdump can be used to view packets for all devices in the L3 domain. The device-based features come with a performance penalty, most notably in the Tx path. The VRF driver uses the l3mdev_l3_out hook to switch the dst on an skb to its private dst. This allows the skb to traverse the xmit stack with the device set to the VRF device which in turn enables the netfilter and qdisc features. The VRF driver then performs the FIB lookup again and reinserts the packet. This patch avoids the redirect for IPv6 packets if a qdisc has not been attached to a VRF device which is the default config. In this case the netfilter hooks and network taps are directly traversed in the l3mdev_l3_out handler. If a qdisc is attached to a VRF device, then the redirect using the vrf dst is done. Additional overhead is removed by only checking packet taps if a socket is open on the device (vrf_dev->ptype_all list is not empty). Packet sockets bound to any device will still get a copy of the packet via the real ingress or egress interface. The end result of this change is a decrease in the overhead of VRF for the default, baseline case (ie., no netfilter rules, no packet sockets, no qdisc) from a +3% improvement for UDP which has a lookup per packet (VRF being better than no l3mdev) to ~2% loss for TCP_CRR which connects a socket for each request-response. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Ahern authored
The VRF driver allows users to implement device based features for an entire domain. For example, a qdisc or netfilter rules can be attached to a VRF device or tcpdump can be used to view packets for all devices in the L3 domain. The device-based features come with a performance penalty, most notably in the Tx path. The VRF driver uses the l3mdev_l3_out hook to switch the dst on an skb to its private dst. This allows the skb to traverse the xmit stack with the device set to the VRF device which in turn enables the netfilter and qdisc features. The VRF driver then performs the FIB lookup again and reinserts the packet. This patch avoids the redirect for IPv4 packets if a qdisc has not been attached to a VRF device which is the default config. In this case the netfilter hooks and network taps are directly traversed in the l3mdev_l3_out handler. If a qdisc is attached to a VRF device, then the redirect using the vrf dst is done. Additional overhead is removed by only checking packet taps if a socket is open on the device (vrf_dev->ptype_all list is not empty). Packet sockets bound to any device will still get a copy of the packet via the real ingress or egress interface. The end result of this change is a decrease in the overhead of VRF for the default, baseline case (ie., no netfilter rules, no packet sockets, no qdisc) to ~3% for UDP which has a lookup per packet and < 1% overhead for connected sockets that leverage early demux and avoid FIB lookups. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Josh Hunt authored
Allows reading of SK_MEMINFO_VARS via socket option. This way an application can get all meminfo related information in single socket option call instead of multiple calls. Adds helper function, sk_get_meminfo(), and uses that for both getsockopt and sock_diag_put_meminfo(). Suggested by Eric Dumazet. Signed-off-by: Josh Hunt <johunt@akamai.com> Reviewed-by: Jason Baron <jbaron@akamai.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Colin Ian King authored
The arguments packets and bytes to call mlxsw_sp_acl_rule_get_stats are in the wrong order. Fix this by swapping them. Detected by CoverityScan, CID#1419705 ("Arguments in wrong order") Fixes: 7c1b8eb1 ("mlxsw: spectrum: Add support for TC flower offload statistics") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Ido Schimmel <idosch@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arjun Vynipadath authored
We are using the smallest padding boundary (8 bytes), which isn't smaller than the Memory Controller Read/Write Size We get best performance in 100G when the Packing Boundary is a multiple of the Maximum Payload Size. Its related to inefficient chopping of DMA packets by PCIe, that causes more overhead on bus. So driver is helping by making the starting address alignment to be MPS size. We will try to determine PCIE MaxPayloadSize capabiltiy and set IngPackBoundary based on this value. If cache line size is greater than MPS or determinig MPS fails, we will use cache line size to determine IngPackBoundary(as before). Signed-off-by: Arjun Vynipadath <arjun@chelsio.com> Signed-off-by: Casey Leedom <leedom@chelsio.com> Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arnd Bergmann authored
When building the driver as a module, we get a warning about the lack of a license: WARNING: modpost: missing MODULE_LICENSE() in drivers/net/ethernet/synopsys/dwc-xlgmac.o see include/linux/module.h for more information Curiously the text in the .c files only mentions GPLv2+, while the license tag in the PCI driver contains both GPL and BSD. I picked the license text as the more definite reference here and put a GPL tag in there. Fixes: 65e0ace2 ("net: dwc-xlgmac: Initial driver for DesignWare Enterprise Ethernet") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arnd Bergmann authored
Without this header, we can run into a build error: drivers/net/ethernet/synopsys/dwc-xlgmac-hw.c: In function 'xlgmac_config_queue_mapping': drivers/net/ethernet/synopsys/dwc-xlgmac-hw.c:1548:36: error: 'IEEE_8021QAZ_MAX_TCS' undeclared (first use in this function) prio_queues = min_t(unsigned int, IEEE_8021QAZ_MAX_TCS, Fixes: 65e0ace2 ("net: dwc-xlgmac: Initial driver for DesignWare Enterprise Ethernet") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Jie Deng <jiedeng@synopsys.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Roopa Prabhu authored
neigh notifications today carry pid 0 for nlmsg_pid in all cases. This patch fixes it to carry calling process pid when available. Applications (eg. quagga) rely on nlmsg_pid to ignore notifications generated by their own netlink operations. This patch follows the routing subsystem which already sets this correctly. Reported-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queueDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2017-03-21 This series contains updates to e1000, e1000e, igb, igbvf and ixgb. This finishes up the work Philippe Reynes did to update the Intel drivers to the new API for ethtool (get|set)_link_ksettings. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Yuval Mintz says: ==================== qed: IOV related clenaups This patch series targets IOV functionality [on both PF and VF]. Patches #2, #3 and #5 fix flows relating to malicious VFs, either by upgrading and aligning current safe-guards or by correcing racy flows. Patches #1 and #8 make some malicious/dysnfunctional VFs logging appear by default in logs. The rest of the patches either cleanup the existing code or else correct some possible [yet fairly insignicant] issues in VF behavior. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
The link information exists only on the leading hwfn, but some of its derivatives [e.g., min/max rate] need to be configured for each hwfn. When re-basing the VF link view, use the leading hwfn information as basis for all existing hwfns to allow said configurations to stick. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
Malicious VF existance should be interesting enough for the hyperuser. Change the PF indication that one of its child VF became malicious to appear by default. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
The PF<->VF interface allows for the VF to request multiple queues closure via a single message, but this has never been used by any official driver. We now deprecate this option, forcing each queue close to arrive via a different command; This would be required for future TLVs that are going to extend the queue TLVs with additional information on a per-queue basis. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
PF needs to validate the status of VF queues before asking firmware to configure anything for them, but that validation is done in various different forms - sometimes inadequate. Add auxillary functions that can be used for testing of the queue state and convert the various flows to use those instead of current existing flows; Also, add missing validations where needed. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
When starting the VF's vport, the PF would first configure the status blocks of the VF and then reset them. That would cause some of the configured information to be lost - specifically it would mean that all the VFs queues would use the Rx coalescing state-machine of the status block. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
When PF responds to the VF requests it also cleans the HW-channel indication in firmware to allow further VF messages to arrive, but the order currently applied is wrong - The PF is copying by DMAE the response the VF is polling on for completion, and only afterwards sets the HW-channel to ready state. This creates a race condition where the VF would be able to send an additional message to the PF before the channel would get ready again, causing the firmware to consider the VF as malicious. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
When a VF is considered malicious, driver handling of the VF FLR flow would clean said indication - but not if the FLR is part of an sriov-disable flow. That leads to further issues, as PF wouldn't re-enable the previously malicious VF when sriov is re-enabled. No reason for that - simply clean malicious indications in the sriov-disable flow as well. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mintz, Yuval authored
VFs are currently logging errors when communicating with their PFs in a too-low verbosity that wouldn't be shown by default. As timeouts and failed commands are crucial for VF operability, make them appear by default. Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andreas Gruenbacher authored
Add rhashtable_lookup_get_insert_fast for fixed keys, similar to rhashtable_lookup_get_insert_key for explicit keys. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Rick Farrington authored
Change to support host<->firmware command return value. Fix for vf mac addr state command. 1. Added support for firmware commands to return a value: - previously, the returned code overlapped with host codes, thus commands were only returning 0 (success) or -1 (interpreted as timeout) - per 'response_manager.h', the error codes are split into two fields (major/minor) now, firmware commands are grouped into their own 'major' group, separate from the host's 'major' group, which allow f/w commands to return any 16-bit value 2. The command to set vf mac addr was logging a success message even if command failed. Now command uses a callback function to log the status message. 3. The command to set vf mac addr was not logging a message when set via the host 'ip' command. Now, the callback function will log an appropriate message. Signed-off-by: Rick Farrington <ricardo.farrington@cavium.com> Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com> Signed-off-by: Derek Chickles <derek.chickles@cavium.com> Signed-off-by: Satanand Burla <satananda.burla@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Acked-by: Petko Manolov <petkan@nucleusys.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
John Allen says: ==================== ibmvnic: Initialization fixes and improvements These patches resolve issues with the ibmvnic initialization process. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Allen authored
When closing the ibmvnic device we need to release the resources used in communicating to the virtual I/O server. These need to be re-negotiated with the server at open time. This patch moves the releasing of resources a separate routine and updates the open and close handlers to release all resources at close and re-negotiate and allocate these resources at open. Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Allen authored
The intialization of the ibmvnic driver with respect to the virtual server it connects to should be moved to its own routine. This will alolow the driver to initiate this process from places outside of the drivers probe routine. Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Allen authored
Move the code that handles login and renegotiation of ibmvnic capabilities to its own routine. Signed-off-by: Nathan Fontenot <nfont@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Allen authored
VNIC server expects LINK_STATE_UP to be sent within 30s of the login. If we exceed the timeout, VNIC server will attempt to fail over. Since time between probe and open of the device is indeterminate, move login and queue negotiation into ibmvnic open so we can guarantee that login and sending LINK_STATE_UP occur within the 30s window. Signed-off-by: John Allen <jallen@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The function gem_begin_auto_negotiation dereference the pointer ep before testing if it's null. This patch add a check on ep before dereferencing it. Fixes: 92552fdd ("net: sun: sungem: use new api ethtool_{get|set}_link_ksettings") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Rick Farrington authored
Add timeout error message in lio_process_ordered_list(). Add host failure status in existing error message in if_cfg_callback(). Signed-off-by: Rick Farrington <ricardo.farrington@cavium.com> Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Satanand Burla authored
Remove code duplicated in PF and VF; define that code once only in a common header file included by PF and VF. Signed-off-by: Satanand Burla <satananda.burla@cavium.com> Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-