1. 19 Oct, 2013 28 commits
    • Hannes Frederic Sowa's avatar
      inet: split syncookie keys for ipv4 and ipv6 and initialize with net_get_random_once · b23a002f
      Hannes Frederic Sowa authored
      This patch splits the secret key for syncookies for ipv4 and ipv6 and
      initializes them with net_get_random_once. This change was the reason I
      did this series. I think the initialization of the syncookie_secret is
      way to early.
      
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b23a002f
    • Hannes Frederic Sowa's avatar
      net: introduce new macro net_get_random_once · a48e4292
      Hannes Frederic Sowa authored
      net_get_random_once is a new macro which handles the initialization
      of secret keys. It is possible to call it in the fast path. Only the
      initialization depends on the spinlock and is rather slow. Otherwise
      it should get used just before the key is used to delay the entropy
      extration as late as possible to get better randomness. It returns true
      if the key got initialized.
      
      The usage of static_keys for net_get_random_once is a bit uncommon so
      it needs some further explanation why this actually works:
      
      === In the simple non-HAVE_JUMP_LABEL case we actually have ===
      no constrains to use static_key_(true|false) on keys initialized with
      STATIC_KEY_INIT_(FALSE|TRUE). So this path just expands in favor of
      the likely case that the initialization is already done. The key is
      initialized like this:
      
      ___done_key = { .enabled = ATOMIC_INIT(0) }
      
      The check
      
                      if (!static_key_true(&___done_key))                     \
      
      expands into (pseudo code)
      
                      if (!likely(___done_key > 0))
      
      , so we take the fast path as soon as ___done_key is increased from the
      helper function.
      
      === If HAVE_JUMP_LABELs are available this depends ===
      on patching of jumps into the prepared NOPs, which is done in
      jump_label_init at boot-up time (from start_kernel). It is forbidden
      and dangerous to use net_get_random_once in functions which are called
      before that!
      
      At compilation time NOPs are generated at the call sites of
      net_get_random_once. E.g. net/ipv6/inet6_hashtable.c:inet6_ehashfn (we
      need to call net_get_random_once two times in inet6_ehashfn, so two NOPs):
      
            71:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
            76:       0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)
      
      Both will be patched to the actual jumps to the end of the function to
      call __net_get_random_once at boot time as explained above.
      
      arch_static_branch is optimized and inlined for false as return value and
      actually also returns false in case the NOP is placed in the instruction
      stream. So in the fast case we get a "return false". But because we
      initialize ___done_key with (enabled != (entries & 1)) this call-site
      will get patched up at boot thus returning true. The final check looks
      like this:
      
                      if (!static_key_true(&___done_key))                     \
                              ___ret = __net_get_random_once(buf,             \
      
      expands to
      
                      if (!!static_key_false(&___done_key))                     \
                              ___ret = __net_get_random_once(buf,             \
      
      So we get true at boot time and as soon as static_key_slow_inc is called
      on the key it will invert the logic and return false for the fast path.
      static_key_slow_inc will change the branch because it got initialized
      with .enabled == 0. After static_key_slow_inc is called on the key the
      branch is replaced with a nop again.
      
      === Misc: ===
      The helper defers the increment into a workqueue so we don't
      have problems calling this code from atomic sections. A seperate boolean
      (___done) guards the case where we enter net_get_random_once again before
      the increment happend.
      
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Jason Baron <jbaron@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a48e4292
    • Hannes Frederic Sowa's avatar
      x86/jump_label: expect default_nop if static_key gets enabled on boot-up · a8fab074
      Hannes Frederic Sowa authored
      net_get_random_once(intrduced in the next patch) uses static_keys in
      a way that they get enabled on boot-up instead of replaced with an
      ideal_nop. So check for default_nop on initial enabling.
      
      Other architectures don't check for this.
      
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Jason Baron <jbaron@redhat.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: x86@kernel.org
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a8fab074
    • Hannes Frederic Sowa's avatar
      static_key: WARN on usage before jump_label_init was called · c4b2c0c5
      Hannes Frederic Sowa authored
      Usage of the static key primitives to toggle a branch must not be used
      before jump_label_init() is called from init/main.c. jump_label_init
      reorganizes and wires up the jump_entries so usage before that could
      have unforeseen consequences.
      
      Following primitives are now checked for correct use:
      * static_key_slow_inc
      * static_key_slow_dec
      * static_key_slow_dec_deferred
      * jump_label_rate_limit
      
      The x86 architecture already checks this by testing if the default_nop
      was already replaced with an optimal nop or with a branch instruction. It
      will panic then. Other architectures don't check for this.
      
      Because we need to relax this check for the x86 arch to allow code to
      transition from default_nop to the enabled state and other architectures
      did not check for this at all this patch introduces checking on the
      static_key primitives in a non-arch dependent manner.
      
      All checked functions are considered slow-path so the additional check
      does no harm to performance.
      
      The warnings are best observed with earlyprintk.
      
      Based on a patch from Andi Kleen.
      
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Andi Kleen <andi@firstfloor.org>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c4b2c0c5
    • Hannes Frederic Sowa's avatar
      ipv6: split inet6_ehashfn to hash functions per compilation unit · b50026b5
      Hannes Frederic Sowa authored
      This patch splits the inet6_ehashfn into separate ones in
      ipv6/inet6_hashtables.o and ipv6/udp.o to ease the introduction of
      seperate secrets keys later.
      
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b50026b5
    • Hannes Frederic Sowa's avatar
      ipv4: split inet_ehashfn to hash functions per compilation unit · 65cd8033
      Hannes Frederic Sowa authored
      This duplicates a bit of code but let's us easily introduce
      separate secret keys later. The separate compilation units are
      ipv4/inet_hashtabbles.o, ipv4/udp.o and rds/connection.o.
      
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65cd8033
    • David S. Miller's avatar
      Merge branch 'ipip_gso' · 53481da3
      David S. Miller authored
      Eric Dumazet says:
      
      ====================
      net: Implement GSO/TSO support for IPIP
      
      This patch serie implements GSO/TSO support for IPIP
      
      David, please note it applies after "ipv4: gso: send_check() & segment() cleanups"
      ( http://patchwork.ozlabs.org/patch/284714/ )
      
      Broadcom bnx2x driver is now enabled for TSO support of IPIP traffic
      
      Before patch :
      
      lpq83:~# ./netperf -H 7.7.9.84 -Cc
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 7.7.9.84 () port 0 AF_INET
      Recv   Send    Send                          Utilization       Service Demand
      Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
      Size   Size    Size     Time     Throughput  local    remote   local   remote
      bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
      
       87380  16384  16384    10.00      3357.88   5.09     3.70     2.983   2.167
      
      After patch :
      
      lpq83:~# ./netperf -H 7.7.9.84 -Cc
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 7.7.9.84 () port 0 AF_INET
      Recv   Send    Send                          Utilization       Service Demand
      Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
      Size   Size    Size     Time     Throughput  local    remote   local   remote
      bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
      
       87380  16384  16384    10.00      8532.40   2.55     7.73     0.588   1.781
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      53481da3
    • Eric Dumazet's avatar
      bnx2x: add TSO support for IPIP · 117401ee
      Eric Dumazet authored
      bnx2x driver already handles TSO for GRE, current code
      is the same for IPIP.
      
      Performance results : (Note we are now limited by receiver,
      as it does not support GRO for IPIP yet)
      
      Before patch :
      
      lpq83:~# ./netperf -H 7.7.9.84 -Cc
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 7.7.9.84 () port 0 AF_INET
      Recv   Send    Send                          Utilization       Service Demand
      Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
      Size   Size    Size     Time     Throughput  local    remote   local   remote
      bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
      
       87380  16384  16384    10.00      7710.19   4.52     6.62     1.152   1.687
      
      After patch :
      
      lpq83:~# ./netperf -H 7.7.9.84 -Cc
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 7.7.9.84 () port 0 AF_INET
      Recv   Send    Send                          Utilization       Service Demand
      Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
      Size   Size    Size     Time     Throughput  local    remote   local   remote
      bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
      
       87380  16384  16384    10.00      8532.40   2.55     7.73     0.588   1.781
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      117401ee
    • Eric Dumazet's avatar
      ipip: add GSO/TSO support · cb32f511
      Eric Dumazet authored
      Now inet_gso_segment() is stackable, its relatively easy to
      implement GSO/TSO support for IPIP
      
      Performance results, when segmentation is done after tunnel
      device (as no NIC is yet enabled for TSO IPIP support) :
      
      Before patch :
      
      lpq83:~# ./netperf -H 7.7.9.84 -Cc
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 7.7.9.84 () port 0 AF_INET
      Recv   Send    Send                          Utilization       Service Demand
      Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
      Size   Size    Size     Time     Throughput  local    remote   local   remote
      bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
      
       87380  16384  16384    10.00      3357.88   5.09     3.70     2.983   2.167
      
      After patch :
      
      lpq83:~# ./netperf -H 7.7.9.84 -Cc
      MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 7.7.9.84 () port 0 AF_INET
      Recv   Send    Send                          Utilization       Service Demand
      Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
      Size   Size    Size     Time     Throughput  local    remote   local   remote
      bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
      
       87380  16384  16384    10.00      7710.19   4.52     6.62     1.152   1.687
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cb32f511
    • Eric Dumazet's avatar
      ipv4: gso: make inet_gso_segment() stackable · 3347c960
      Eric Dumazet authored
      In order to support GSO on IPIP, we need to make
      inet_gso_segment() stackable.
      
      It should not assume network header starts right after mac
      header.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3347c960
    • Eric Dumazet's avatar
      ipv4: generalize gre_handle_offloads · 2d26f0a3
      Eric Dumazet authored
      This patch makes gre_handle_offloads() more generic
      and rename it to iptunnel_handle_offloads()
      
      This will be used to add GSO/TSO support to IPIP tunnels.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d26f0a3
    • Eric Dumazet's avatar
      net: generalize skb_segment() · 030737bc
      Eric Dumazet authored
      While implementing GSO/TSO support for IPIP, I found skb_segment()
      was assuming network header was immediately following mac header.
      
      Its not really true in the case inet_gso_segment() is stacked :
      By the time tcp_gso_segment() is called, network header points
      to the inner IP header.
      
      Let's instead assume nothing and pick the current offsets found in
      original skb, we have skb_headers_offset_update() helper for that.
      
      Also move the csum_start update inside skb_headers_offset_update()
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      030737bc
    • Eric Dumazet's avatar
      ipv6: gso: remove redundant locking · b917eb15
      Eric Dumazet authored
      ipv6_gso_send_check() and ipv6_gso_segment() are called by
      skb_mac_gso_segment() under rcu lock, no need to use
      rcu_read_lock() / rcu_read_unlock()
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b917eb15
    • Ajit Khaparde's avatar
      be2net: Rework PCIe error report log messaging · ea58c180
      Ajit Khaparde authored
      Currently we log a message whenever pcie_enable_error_reporting fails.
      The message clutters up logs, especially when we don't support it for VFs.
      Instead enable this only for PFs and log a message when the call succeeds.
      Signed-off-by: default avatarAjit Khaparde <ajit.khaparde@emulex.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ea58c180
    • Joe Perches's avatar
      net: misc: Remove extern from function prototypes · c1b1203d
      Joe Perches authored
      There are a mix of function prototypes with and without extern
      in the kernel sources.  Standardize on not using extern for
      function prototypes.
      
      Function prototypes don't need to be written with extern.
      extern is assumed by the compiler.  Its use is as unnecessary as
      using auto to declare automatic/local variables in a block.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c1b1203d
    • Joe Perches's avatar
      net: ipv4/ipv6: Remove extern from function prototypes · 7e58487b
      Joe Perches authored
      There are a mix of function prototypes with and without extern
      in the kernel sources.  Standardize on not using extern for
      function prototypes.
      
      Function prototypes don't need to be written with extern.
      extern is assumed by the compiler.  Its use is as unnecessary as
      using auto to declare automatic/local variables in a block.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e58487b
    • Joe Perches's avatar
      net: dccp: Remove extern from function prototypes · a402a5aa
      Joe Perches authored
      There are a mix of function prototypes with and without extern
      in the kernel sources.  Standardize on not using extern for
      function prototypes.
      
      Function prototypes don't need to be written with extern.
      extern is assumed by the compiler.  Its use is as unnecessary as
      using auto to declare automatic/local variables in a block.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a402a5aa
    • Joe Perches's avatar
      net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes · 348662a1
      Joe Perches authored
      There are a mix of function prototypes with and without extern
      in the kernel sources.  Standardize on not using extern for
      function prototypes.
      
      Function prototypes don't need to be written with extern.
      extern is assumed by the compiler.  Its use is as unnecessary as
      using auto to declare automatic/local variables in a block.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      348662a1
    • Eric Dumazet's avatar
      ipv4: gso: send_check() & segment() cleanups · 47d27aad
      Eric Dumazet authored
      inet_gso_segment() and inet_gso_send_check() are called by
      skb_mac_gso_segment() under rcu lock, no need to use
      rcu_read_lock() / rcu_read_unlock()
      
      Avoid calling ip_hdr() twice per function.
      
      We can use ip_send_check() helper.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      47d27aad
    • David S. Miller's avatar
      bonding: Remove __exit tag from bond_netlink_fini(). · a729e83a
      David S. Miller authored
      It can be called from the module init function, so it cannot
      be in the exit section.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a729e83a
    • David S. Miller's avatar
      Merge branch 'bonding' · 97e592bd
      David S. Miller authored
      Jiri Pirko says:
      
      ====================
      bonding: introduce bonding options Netlink support
      
      This patchset basically allows "mode" and "active_slave" bonding options
      to be propagated and set up via standart RT Netlink interface.
      
      In future other options can be easily added as well.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      97e592bd
    • Jiri Pirko's avatar
      ec76aa49
    • Jiri Pirko's avatar
      bonding: add Netlink support mode option · 90af2311
      Jiri Pirko authored
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      90af2311
    • Jiri Pirko's avatar
    • Jiri Pirko's avatar
      bonding: remove bond_ioctl_change_active() · 080a06e1
      Jiri Pirko authored
      no longer needed since bond_option_active_slave_set() can be used
      instead.
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      080a06e1
    • Jiri Pirko's avatar
      bonding: move active_slave setting into separate function · d9e32b21
      Jiri Pirko authored
      Do a bit of refactoring on the way.
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d9e32b21
    • Jiri Pirko's avatar
      72be35fe
    • Jiri Pirko's avatar
      0a2a78c4
  2. 18 Oct, 2013 12 commits