1. 10 Mar, 2017 20 commits
  2. 09 Mar, 2017 20 commits
    • David S. Miller's avatar
      Merge branch 'bpf-htab-fixes' · 8ddbb312
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      bpf: htab fixes
      
      Two bpf hashtable fixes. See individual patches for details.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ddbb312
    • Alexei Starovoitov's avatar
      bpf: convert htab map to hlist_nulls · 4fe84359
      Alexei Starovoitov authored
      when all map elements are pre-allocated one cpu can delete and reuse htab_elem
      while another cpu is still walking the hlist. In such case the lookup may
      miss the element. Convert hlist to hlist_nulls to avoid such scenario.
      When bucket lock is taken there is no need to take such precautions,
      so only convert map_lookup and map_get_next to nulls.
      The race window is extremely small and only reproducible with explicit
      udelay() inside lookup_nulls_elem_raw()
      
      Similar to hlist add hlist_nulls_for_each_entry_safe() and
      hlist_nulls_entry_safe() helpers.
      
      Fixes: 6c905981 ("bpf: pre-allocate hash map elements")
      Reported-by: default avatarJonathan Perry <jonperry@fb.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4fe84359
    • Alexei Starovoitov's avatar
      bpf: fix struct htab_elem layout · 9f691549
      Alexei Starovoitov authored
      when htab_elem is removed from the bucket list the htab_elem.hash_node.next
      field should not be overridden too early otherwise we have a tiny race window
      between lookup and delete.
      The bug was discovered by manual code analysis and reproducible
      only with explicit udelay() in lookup_elem_raw().
      
      Fixes: 6c905981 ("bpf: pre-allocate hash map elements")
      Reported-by: default avatarJonathan Perry <jonperry@fb.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f691549
    • Dmitry V. Levin's avatar
      uapi: fix linux/packet_diag.h userspace compilation error · 745cb7f8
      Dmitry V. Levin authored
      Replace MAX_ADDR_LEN with its numeric value to fix the following
      linux/packet_diag.h userspace compilation error:
      
      /usr/include/linux/packet_diag.h:67:17: error: 'MAX_ADDR_LEN' undeclared here (not in a function)
        __u8 pdmc_addr[MAX_ADDR_LEN];
      
      This is not the first case in the UAPI where the numeric value
      of MAX_ADDR_LEN is used instead of symbolic one, uapi/linux/if_link.h
      already does the same:
      
      $ grep MAX_ADDR_LEN include/uapi/linux/if_link.h
      	__u8 mac[32]; /* MAX_ADDR_LEN */
      
      There are no UAPI headers besides these two that use MAX_ADDR_LEN.
      Signed-off-by: default avatarDmitry V. Levin <ldv@altlinux.org>
      Acked-by: default avatarPavel Emelyanov <xemul@virtuozzo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      745cb7f8
    • Paolo Abeni's avatar
      net/tunnel: set inner protocol in network gro hooks · 294acf1c
      Paolo Abeni authored
      The gso code of several tunnels type (gre and udp tunnels)
      takes for granted that the skb->inner_protocol is properly
      initialized and drops the packet elsewhere.
      
      On the forwarding path no one is initializing such field,
      so gro encapsulated packets are dropped on forward.
      
      Since commit 38720352 ("gre: Use inner_proto to obtain
      inner header protocol"), this can be reproduced when the
      encapsulated packets use gre as the tunneling protocol.
      
      The issue happens also with vxlan and geneve tunnels since
      commit 8bce6d7d ("udp: Generalize skb_udp_segment"), if the
      forwarding host's ingress nic has h/w offload for such tunnel
      and a vxlan/geneve device is configured on top of it, regardless
      of the configured peer address and vni.
      
      To address the issue, this change initialize the inner_protocol
      field for encapsulated packets in both ipv4 and ipv6 gro complete
      callbacks.
      
      Fixes: 38720352 ("gre: Use inner_proto to obtain inner header protocol")
      Fixes: 8bce6d7d ("udp: Generalize skb_udp_segment")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Acked-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      294acf1c
    • robert.foss@collabora.com's avatar
      qed: Fix copy of uninitialized memory · 8aad6f14
      robert.foss@collabora.com authored
      In qed_ll2_start_ooo() the ll2_info variable is uninitialized and then
      passed to qed_ll2_acquire_connection() where it is copied into a new
      memory space.
      
      This shouldn't cause any issue as long as non of the copied memory is
      every read.
      But the potential for a bug being introduced by reading this memory
      is real.
      
      Detected by CoverityScan, CID#1399632 ("Uninitialized scalar variable")
      Signed-off-by: default avatarRobert Foss <robert.foss@collabora.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8aad6f14
    • David S. Miller's avatar
      Merge branch 'thunderx-misc-fixes' · c021aaca
      David S. Miller authored
      Sunil Goutham says:
      
      ====================
      net: thunderx: Miscellaneous fixes
      
      This patch set fixes multiple issues such as IOMMU
      translation faults when kernel is booted with IOMMU enabled
      on host, incorrect MAC ID reading from ACPI tables and IPv6
      UDP packet drop due to failure of checksum validation.
      
      Changes from v1:
      - As suggested by David Miller, got rid of conditional
        calling of DMA map/unmap APIs. Also updated commit message
        in 'IOMMU translation faults' patch.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c021aaca
    • Thanneeru Srinivasulu's avatar
      net: thunderx: Allow IPv6 frames with zero UDP checksum · 36fa35d2
      Thanneeru Srinivasulu authored
      Do not consider IPv6 frames with zero UDP checksum as frames
      with bad checksum and drop them.
      Signed-off-by: default avatarThanneeru Srinivasulu <tsrinivasulu@cavium.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      36fa35d2
    • Sunil Goutham's avatar
      net: thunderx: Fix invalid mac addresses for node1 interfaces · 78aacb6f
      Sunil Goutham authored
      When booted with ACPI, random mac addresses are being
      assigned to node1 interfaces due to mismatch of bgx_id
      in BGX driver and ACPI tables.
      
      This patch fixes this issue by setting maximum BGX devices
      per node based on platform/soc instead of a macro. This
      change will set the bgx_id appropriately.
      Signed-off-by: default avatarSunil Goutham <sgoutham@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      78aacb6f
    • Sunil Goutham's avatar
      net: thunderx: Fix LMAC mode debug prints for QSGMII mode · 18de7ba9
      Sunil Goutham authored
      When BGX/LMACs are in QSGMII mode, for some LMACs, mode info is
      not being printed. This patch will fix that. With changes already
      done to not do any sort of serdes 2 lane mapping config calculation
      in kernel driver, we can get rid of this logic.
      Signed-off-by: default avatarSunil Goutham <sgoutham@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      18de7ba9
    • Sunil Goutham's avatar
      net: thunderx: Fix IOMMU translation faults · 83abb7d7
      Sunil Goutham authored
      ACPI support has been added to ARM IOMMU driver in 4.10 kernel
      and that has resulted in VNIC interfaces throwing translation
      faults when kernel is booted with ACPI as driver was not using
      DMA API. This patch fixes the issue by using DMA API which inturn
      will create translation tables when IOMMU is enabled.
      
      Also VNIC doesn't have a seperate receive buffer ring per receive
      queue, so there is no 1:1 descriptor index matching between CQE_RX
      and the index in buffer ring from where a buffer has been used for
      DMA'ing. Unlike other NICs, here it's not possible to maintain dma
      address to virt address mappings within the driver. This leaves us
      no other choice but to use IOMMU's IOVA address conversion API to
      get buffer's virtual address which can be given to network stack
      for processing.
      Signed-off-by: default avatarSunil Goutham <sgoutham@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      83abb7d7
    • Zhu Yanjun's avatar
      rds: ib: add error handle · 3b12f73a
      Zhu Yanjun authored
      In the function rds_ib_setup_qp, the error handle is missing. When some
      error occurs, it is possible that memory leak occurs. As such, error
      handle is added.
      
      Cc: Joe Jin <joe.jin@oracle.com>
      Reviewed-by: default avatarJunxiao Bi <junxiao.bi@oracle.com>
      Reviewed-by: default avatarGuanglei Li <guanglei.li@oracle.com>
      Signed-off-by: default avatarZhu Yanjun <yanjun.zhu@oracle.com>
      Acked-by: default avatarSantosh Shilimkar <santosh.shilimkar@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3b12f73a
    • VSR Burru's avatar
      liquidio: improve UDP TX performance · 67e303e0
      VSR Burru authored
      Improve UDP TX performance by:
      * reducing the ring size from 2K to 512
      * replacing the numerous streaming DMA allocations for info buffers and
        gather lists with one large consistent DMA allocation per ring
      
      BQL is not effective here.  We reduced the ring size because there is heavy
      overhead with dma_map_single every so often.  With iommu=on, dma_map_single
      in PF Tx data path was taking longer time (~700usec) for every ~250
      packets.  Debugged intel_iommu code, and found that PF driver is utilizing
      too many static IO virtual address mapping entries (for gather list entries
      and info buffers): about 100K entries for two PF's each using 8 rings.
      Also, finding an empty entry (in rbtree of device domain's iova mapping in
      kernel) during Tx path becomes a bottleneck every so often; the loop to
      find the empty entry goes through over 40K iterations; this is too costly
      and was the major overhead.  Overhead is low when this loop quits quickly.
      
      Netperf benchmark numbers before and after patch:
      
      PF UDP TX
      +--------+--------+------------+------------+---------+
      |        |        |  Before    |  After     |         |
      | Number |        |  Patch     |  Patch     |         |
      |  of    | Packet | Throughput | Throughput | Percent |
      | Flows  |  Size  |  (Gbps)    |  (Gbps)    | Change  |
      +--------+--------+------------+------------+---------+
      |        |   360  |   0.52     |   0.93     |  +78.9  |
      |   1    |  1024  |   1.62     |   2.84     |  +75.3  |
      |        |  1518  |   2.44     |   4.21     |  +72.5  |
      +--------+--------+------------+------------+---------+
      |        |   360  |   0.45     |   1.59     | +253.3  |
      |   4    |  1024  |   1.34     |   5.48     | +308.9  |
      |        |  1518  |   2.27     |   8.31     | +266.1  |
      +--------+--------+------------+------------+---------+
      |        |   360  |   0.40     |   1.61     | +302.5  |
      |   8    |  1024  |   1.64     |   4.24     | +158.5  |
      |        |  1518  |   2.87     |   6.52     | +127.2  |
      +--------+--------+------------+------------+---------+
      
      VF UDP TX
      +--------+--------+------------+------------+---------+
      |        |        |  Before    |  After     |         |
      | Number |        |  Patch     |  Patch     |         |
      |  of    | Packet | Throughput | Throughput | Percent |
      | Flows  |  Size  |  (Gbps)    |  (Gbps)    | Change  |
      +--------+--------+------------+------------+---------+
      |        |   360  |   1.28     |   1.49     |  +16.4  |
      |   1    |  1024  |   4.44     |   4.39     |   -1.1  |
      |        |  1518  |   6.08     |   6.51     |   +7.1  |
      +--------+--------+------------+------------+---------+
      |        |   360  |   2.35     |   2.35     |    0.0  |
      |   4    |  1024  |   6.41     |   8.07     |  +25.9  |
      |        |  1518  |   9.56     |   9.54     |   -0.2  |
      +--------+--------+------------+------------+---------+
      |        |   360  |   3.41     |   3.65     |   +7.0  |
      |   8    |  1024  |   9.35     |   9.34     |   -0.1  |
      |        |  1518  |   9.56     |   9.57     |   +0.1  |
      +--------+--------+------------+------------+---------+
      Signed-off-by: default avatarVSR Burru <veerasenareddy.burru@cavium.com>
      Signed-off-by: default avatarFelix Manlunas <felix.manlunas@cavium.com>
      Signed-off-by: default avatarDerek Chickles <derek.chickles@cavium.com>
      Signed-off-by: default avatarRaghu Vatsavayi <raghu.vatsavayi@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      67e303e0
    • David Ahern's avatar
      net: ipv6: Remove redundant RTA_OIF in multipath routes · 5be083ce
      David Ahern authored
      Dinesh reported that RTA_MULTIPATH nexthops are 8-bytes larger with IPv6
      than IPv4. The recent refactoring for multipath support in netlink
      messages does discriminate between non-multipath which needs the OIF
      and multipath which adds a rtnexthop struct for each hop making the
      RTA_OIF attribute redundant. Resolve by adding a flag to the info
      function to skip the oif for multipath.
      
      Fixes: beb1afac ("net: ipv6: Add support to dump multipath routes
             via RTA_MULTIPATH attribute")
      Reported-by: default avatarDinesh Dutt <ddutt@cumulusnetworks.com>
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5be083ce
    • Jiri Pirko's avatar
      mlxsw: spectrum_flower: Remove bogus warns in mlxsw_sp_flower_destroy · 713c43b3
      Jiri Pirko authored
      This warnings may be hit even in case they should not - in case user
      puts a TC-flower rule which failed to be offloaded. So just remove them.
      Reported-by: default avatarPetr Machata <petrm@mellanox.com>
      Reported-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Fixes: commit 7aa0f5aa ("mlxsw: spectrum: Implement TC flower offload")
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Acked-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      713c43b3
    • David Ahern's avatar
      vrf: Fix use-after-free in vrf_xmit · f7887d40
      David Ahern authored
      KASAN detected a use-after-free:
      
      [  269.467067] BUG: KASAN: use-after-free in vrf_xmit+0x7f1/0x827 [vrf] at addr ffff8800350a21c0
      [  269.467067] Read of size 4 by task ssh/1879
      [  269.467067] CPU: 1 PID: 1879 Comm: ssh Not tainted 4.10.0+ #249
      [  269.467067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
      [  269.467067] Call Trace:
      [  269.467067]  dump_stack+0x81/0xb6
      [  269.467067]  kasan_object_err+0x21/0x78
      [  269.467067]  kasan_report+0x2f7/0x450
      [  269.467067]  ? vrf_xmit+0x7f1/0x827 [vrf]
      [  269.467067]  ? ip_output+0xa4/0xdb
      [  269.467067]  __asan_load4+0x6b/0x6d
      [  269.467067]  vrf_xmit+0x7f1/0x827 [vrf]
      ...
      
      Which corresponds to the skb access after xmit handling. Fix by saving
      skb->len and using the saved value to update stats.
      
      Fixes: 193125db ("net: Introduce VRF device driver")
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f7887d40
    • Jarod Wilson's avatar
      team: use ETH_MAX_MTU as max mtu · 3331aa37
      Jarod Wilson authored
      This restores the ability to set a team device's mtu to anything higher
      than 1500. Similar to the reported issue with bonding, the team driver
      calls ether_setup(), which sets an initial max_mtu of 1500, while the
      underlying hardware can handle something much larger. Just set it to
      ETH_MAX_MTU to support all possible values, and the limitations of the
      underlying devices will prevent setting anything too large.
      
      Fixes: 91572088 ("net: use core MTU range checking in core net infra")
      CC: Cong Wang <xiyou.wangcong@gmail.com>
      CC: Jiri Pirko <jiri@resnulli.us>
      CC: netdev@vger.kernel.org
      Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3331aa37
    • David S. Miller's avatar
      net: Revert ksettings conversions. · aac1561a
      David S. Miller authored
      Those were supposed to go into the net-next tree not
      the net tree.  Oops...
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      aac1561a
    • Christian Lamparter's avatar
      net: ibm: emac: fix regression caused by emac_dt_phy_probe() · b793f081
      Christian Lamparter authored
      Julian Margetson reported a panic on his SAM460EX with Kernel 4.11-rc1:
      | Unable to handle kernel paging request for data at address 0x00000014
      | Oops: Kernel access of bad area, sig: 11 [#1]
      | PREEMPT
      | Canyonlands
      | Modules linked in:
      | CPU: 0 PID: 1 Comm: swapper Not tainted [...]
      | task: ea838000 task.stack: ea836000
      | NIP: c0599f5c LR: c0599dd8 CTR: 00000000
      | REGS: ea837c80 TRAP: 0300   Not tainted [...]
      | MSR: 00029000 <CE,EE,ME>
      |  CR: 24371242  XER: 20000000
      | DEAR: 00000014 ESR: 00000000
      | GPR00: c0599ce8 ea837d30 ea838000 c0e52dcc c0d56ffb [...]
      | NIP [c0599f5c] emac_probe+0xfb4/0x1304
      | LR [c0599dd8] emac_probe+0xe30/0x1304
      | Call Trace:
      | [ea837d30] [c0599ce8] emac_probe+0xd40/0x1304 (unreliable)
      | [ea837d80] [c0533504] platform_drv_probe+0x48/0x90
      | [ea837da0] [c0531c14] driver_probe_device+0x15c/0x2c4
      | [ea837dd0] [c0531e04] __driver_attach+0x88/0xb0
      | ---[ end trace ... ]---
      
      The problem is caused by emac_dt_phy_probe() returing success (0)
      for existing device-trees configurations that do not specify a
      "phy-handle" property. This caused the code to skip the existing
      phy probe and setup. Which led to essential phy related
      data-structures being uninitialized.
      
      This patch also removes the unused variable in emac_dt_phy_connect().
      
      Fixes: a577ca6b ("net: emac: add support for device-tree based PHY discovery and setup")
      Reported-by: default avatarJulian Margetson <runaway@candw.ms>
      Signed-off-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b793f081
    • Philippe Reynes's avatar
      net: toshiba: spider_net: use new api ethtool_{get|set}_link_ksettings · 50ad480e
      Philippe Reynes authored
      The ethtool api {get|set}_settings is deprecated.
      We move this driver to new api {get|set}_link_ksettings.
      
      As I don't have the hardware, I'd be very pleased if
      someone may test this patch.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50ad480e