Commit Graph

650840 Commits

Author SHA1 Message Date
Benjamin Poirier
bd4ce941c8 mlx4: Invoke softirqs after napi_reschedule
mlx4 may schedule napi from a workqueue. Afterwards, softirqs are not run
in a deterministic time frame and the following message may be logged:
NOHZ: local_softirq_pending 08

The problem is the same as what was described in commit ec13ee8014
("virtio_net: invoke softirqs after __napi_schedule") and this patch
applies the same fix to mlx4.

Fixes: 07841f9d94 ("net/mlx4_en: Schedule napi when RX buffers allocation fails")
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 12:50:43 -05:00
Arnd Bergmann
8d1fb01df8 mlxsw: add psample dependency for spectrum
When PSAMPLE is a loadable module, spectrum must not be built-in:

drivers/net/built-in.o: In function `mlxsw_sp_rx_listener_sample_func':
spectrum.c:(.text+0xe357e): undefined reference to `psample_sample_packet'

This adds a Kconfig dependency to enforce usable configurations.

Fixes: 98d0f7b9ac ("mlxsw: spectrum: Add packet sample offloading support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Yotam Gigi <yotamg@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 11:44:12 -05:00
Wei Yongjun
bb4005bae3 ipv6: sr: fix non static symbol warnings
Fixes the following sparse warnings:

net/ipv6/seg6_iptunnel.c:58:5: warning:
 symbol 'nla_put_srh' was not declared. Should it be static?
net/ipv6/seg6_iptunnel.c:238:5: warning:
 symbol 'seg6_input' was not declared. Should it be static?
net/ipv6/seg6_iptunnel.c:254:5: warning:
 symbol 'seg6_output' was not declared. Should it be static?

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 11:42:35 -05:00
Wei Yongjun
89d82452d1 net/sched: act_mirred: remove duplicated include from act_mirred.c
Remove duplicated include.

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 11:42:34 -05:00
Wei Yongjun
fee402211f net: wan: slic_ds26522: Remove .owner field for driver
Remove .owner field if calls are used which set it automatically.

Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 11:41:15 -05:00
Wei Yongjun
c3afa99553 net: wan: slic_ds26522: Use module_spi_driver to simplify the code
module_spi_driver() makes the code simpler by eliminating
boilerplate code.

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 11:41:15 -05:00
Eric Dumazet
69629464e0 udp: properly cope with csum errors
Dmitry reported that UDP sockets being destroyed would trigger the
WARN_ON(atomic_read(&sk->sk_rmem_alloc)); in inet_sock_destruct()

It turns out we do not properly destroy skb(s) that have wrong UDP
checksum.

Thanks again to syzkaller team.

Fixes : 7c13f97ffd ("udp: do fwd memory scheduling on dequeue")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 11:19:00 -05:00
David S. Miller
521613c568 Merge branch 'dsa2-pdata'
Florian Fainelli says:

====================
net: dsa: Support for pdata in dsa2

This is not exactly new, and was sent before, although back then, I did not
have an user of the pre-declared MDIO board information, but now we do. Note
that I have additional changes queued up to have b53 register platform data for
MIPS bcm47xx and bcm63xx.

Yes I know that we should have the Orion platforms eventually be converted to
Device Tree, but until that happens, I don't want any remaining users of the
old "dsa" platform device (hence the previous DTS submissions for ARM/mvebu)
and, there will be platforms out there that most likely won't never see DT
coming their way (BCM47xx is almost 100% sure, BCM63xx maybe not in a distant
future).

We would probably want the whole series to be merged via David Miller's tree
to simplify things.

Thanks!

Changes in v5:

- dropped changes to drivers/base/ because after more than a month, we cannot
  get any answer from Greg KH

Changes in v4:

- Changed device_find_class() to device_find_in_class_name()
- Added kerneldoc above device_find_in_class_name() to explain what it does
  and the calling convention regarding device reference counts
- Changed dev_to_net_device to device_to_net_device() added comments
  about what it does and the caller conventions regarding reference counts

Changes in v3:

- Tested EPROBE_DEFER from a mockup MDIO/DSA switch driver and everything
  is fine, once the driver finally probes we have access to platform data
  as expected

- added comment above dsa_port_is_valid() that port->name is mandatory
  for platform data cases

- added an extra check in dsa_parse_member() for a NULL pdata pointer

- fixed a bunch of checkpatch errors and warnings

Changes in v2:

- Rebased against latest net-next/master

- Moved dev_find_class() to device_find_class() into drivers/base/core.c

- Moved dev_to_net_device into net/core/dev.c

- Utilize dsa_chip_data directly instead of dsa_platform_data

- Augmented dsa_chip_data to be multi-CPU port ready

Changes from last submission (few months back):

- rebased against latest net-next

- do not introduce dsa2_platform_data which was overkill and was meant to
  allow us to do exaclty the same things with platform data and Device Tree
  we use the existing dsa_platform_data instead

- properly register MDIO devices when the MDIO bus is registered and associate
  platform_data with them

- add a change to the Orion platform code to demonstrate how this can be used

Thank you
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:51:48 -05:00
Florian Fainelli
575e93f7b5 ARM: orion: Register DSA switch as a MDIO device
Utilize the ability to pass board specific MDIO bus information towards a
particular MDIO device thus allowing us to provide the per-port switch layout
to the Marvell 88E6XXX switch driver.

Since we would end-up with conflicting registration paths, do not register the
"dsa" platform device anymore.

Note that the MDIO devices registered by code in net/dsa/dsa2.c does not
parse a dsa_platform_data, but directly take a dsa_chip_data (specific
to a single switch chip), so we update the different call sites to pass
this structure down to orion_ge00_switch_init().

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:51:47 -05:00
Florian Fainelli
648ea01340 net: phy: Allow pre-declaration of MDIO devices
Allow board support code to collect pre-declarations for MDIO devices by
registering them with mdiobus_register_board_info(). SPI and I2C buses
have a similar feature, we were missing this for MDIO devices, but this
is particularly useful for e.g: MDIO-connected switches which need to
provide their port layout (often board-specific) to a MDIO Ethernet
switch driver.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:51:46 -05:00
Florian Fainelli
71e0bbde0d net: dsa: Add support for platform data
Allow drivers to use the new DSA API with platform data. Most of the
code in net/dsa/dsa2.c does not rely so much on device_nodes and can get
the same information from platform_data instead.

We purposely do not support distributed configurations with platform
data, so drivers should be providing a pointer to a 'struct
dsa_chip_data' structure if they wish to communicate per-port layout.

Multiple CPUs port could potentially be supported and dsa_chip_data is
extended to receive up to one reference to an upstream network device
per port described by a dsa_chip_data structure.

dsa_dev_to_net_device() increments the network device's reference count,
so we intentionally call dev_put() to be consistent with the DT-enabled
path, until we have a generic notifier based solution.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:51:45 -05:00
Florian Fainelli
14b89f36ee net: dsa: Rename and export dev_to_net_device()
In preparation for using this function in net/dsa/dsa2.c, rename the function
to make its scope DSA specific, and export it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:51:45 -05:00
Andrew Lunn
a23b296198 net: dsa: mv88e6xxx: Refactor remaining port setup
Move the remaining port configuration code which varies per device
into port.c, using ops were necessary. This makes
mv88e6xxx_6185_family() and mv88e6xxx_6095_family() unused, so remove
them.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:48:06 -05:00
Andrew Lunn
cf3e80df13 net: dsa: mv88e6xxx: Implement Clause 45 access to SMI devices
The mv88e6390 MDIO bus controllers can support for clause 45 accesses.
The internal SERDES interfaces need this, and it is likely external
10GHz PHYs will be clause 45.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:47:11 -05:00
David S. Miller
8661a631e1 Merge branch 'mv88e6390-CMODE'
Andrew Lunn says:

====================
Set the CMODE for mv88e6390 ports

The mv88e6390 ports 9 & 10 allow there CMODE to be set. CMODE is part
of what linux defines as phy-mode. Add the needed phy-modes to linux,
and add code which will act upon the phy-mode property to configure
the switch port.

These patches have been posted before as part of a bigger patchset
which has now been broken up. I've added the received reviewed by
tags, and added device tree documentation.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:34:43 -05:00
Andrew Lunn
f39908d3b1 net: dsa: mv88e6xxx: Set the CMODE for mv88e6390 ports 9 & 10
Unlike most ports, ports 9 and 10 of the 6390X family have configurable
PHY modes. Set the mode as part of adjust_link().

Ordering is important, because the SERDES interfaces connected to
ports 9 and 10 can be split and assigned to other ports. The CMODE has
to be correctly set before the SERDES interface on another port can be
configured. Such configuration is likely to be performed in
port_enable() and port_disabled(), called on slave_open() and
slave_close().

The simple case is port 9 and 10 are used for 'CPU' or 'DSA'. In this
case, the CMODE is set via a phy-mode in dsa_cpu_dsa_setup(), which is
called early in the switch setup.

When ports 9 or 10 are used as user ports, and have a fixed-phy, when
the fixed fixed-phy is attached, dsa_slave_adjust_link() is called,
which results in the adjust_link function being called, setting the
cmode. The port_enable() will for other ports will be called much
later.

When ports 9 or 10 are used as user ports and have a real phy attached
which does not use all the available SERDES interface, e.g. a 1Gbps
SGMII, there is currently no mechanism in place to set the CMODE of
the port from software. It must be hoped the stripping resistors are
correct.

At the same time, add a function to get the cmode. This will be needed
when configuring the SERDES interfaces.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:34:43 -05:00
Andrew Lunn
55601a8806 net: phy: Add 2000base-x, 2500base-x and rxaui modes
The mv88e6390 ports 9 and 10 supports some additional PHY modes. Add
these modes to the PHY core so they can be used in the binding.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:34:42 -05:00
David S. Miller
6a413e269b Merge branch 'net-Fix-on-stack-USB-buffers'
Ben Hutchings says:

====================
net: Fix on-stack USB buffers

Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).  This
series fixes all the instances I could find where USB networking
drivers do that.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:07:03 -05:00
Ben Hutchings
2d6a0e9de0 catc: Use heap buffer for memory size test
Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:07:02 -05:00
Ben Hutchings
d41149145f catc: Combine failure cleanup code in catc_probe()
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:07:02 -05:00
Ben Hutchings
7926aff5c5 rtl8150: Use heap buffers for all register access
Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:07:02 -05:00
Ben Hutchings
5593523f96 pegasus: Use heap buffers for all register access
Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
References: https://bugs.debian.org/852556
Reported-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Tested-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:07:01 -05:00
David S. Miller
108d9c71dc Merge branch 'virtio_net-XDP-adjust_head'
John Fastabend says:

====================
XDP adjust head support for virtio

This series adds adjust head support for virtio. The following is my
test setup. I use qemu + virtio as follows,

./x86_64-softmmu/qemu-system-x86_64 \
  -hda /var/lib/libvirt/images/Fedora-test0.img \
  -m 4096  -enable-kvm -smp 2 -netdev tap,id=hn0,queues=4,vhost=on \
  -device virtio-net-pci,netdev=hn0,mq=on,guest_tso4=off,guest_tso6=off,guest_ecn=off,guest_ufo=off,vectors=9

In order to use XDP with virtio until LRO is supported TSO must be
turned off in the host. The important fields in the above command line
are the following,

  guest_tso4=off,guest_tso6=off,guest_ecn=off,guest_ufo=off

Also note it is possible to conusme more queues than can be supported
because when XDP is enabled for retransmit XDP attempts to use a queue
per cpu. My standard queue count is 'queues=4'.

After loading the VM I run the relevant XDP test programs in,

  ./sammples/bpf

For this series I tested xdp1, xdp2, and xdp_tx_iptunnel. I usually test
with iperf (-d option to get bidirectional traffic), ping, and pktgen.
I also have a modified xdp1 that returns XDP_PASS on any packet to ensure
the normal traffic path to the stack continues to work with XDP loaded.

It would be great to automate this soon. At the moment I do it by hand
which is starting to get tedious.

v2: original series dropped trace points after merge.
====================

Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:05:13 -05:00
John Fastabend
2de2f7f40e virtio_net: XDP support for adjust_head
Add support for XDP adjust head by allocating a 256B header region
that XDP programs can grow into. This is only enabled when a XDP
program is loaded.

In order to ensure that we do not have to unwind queue headroom push
queue setup below bpf_prog_add. It reads better to do a prog ref
unwind vs another queue setup call.

At the moment this code must do a full reset to ensure old buffers
without headroom on program add or with headroom on program removal
are not used incorrectly in the datapath. Ideally we would only
have to disable/enable the RX queues being updated but there is no
API to do this at the moment in virtio so use the big hammer. In
practice it is likely not that big of a problem as this will only
happen when XDP is enabled/disabled changing programs does not
require the reset. There is some risk that the driver may either
have an allocation failure or for some reason fail to correctly
negotiate with the underlying backend in this case the driver will
be left uninitialized. I have not seen this ever happen on my test
systems and for what its worth this same failure case can occur
from probe and other contexts in virtio framework.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:05:12 -05:00
John Fastabend
9fe7bfce8b virtio_net: refactor freeze/restore logic into virtnet reset logic
For XDP we will need to reset the queues to allow for buffer headroom
to be configured. In order to do this we need to essentially run the
freeze()/restore() code path. Unfortunately the locking requirements
between the freeze/restore and reset paths are different however so
we can not simply reuse the code.

This patch refactors the code path and adds a reset helper routine.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:05:12 -05:00
John Fastabend
722d82830a virtio_net: remove duplicate queue pair binding in XDP
Factor out qp assignment.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:05:11 -05:00
John Fastabend
0354e4d19c virtio_net: factor out xdp handler for readability
At this point the do_xdp_prog is mostly if/else branches handling
the different modes of virtio_net. So remove it and handle running
the program in the per mode handlers.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:05:11 -05:00
John Fastabend
473153291b virtio_net: wrap rtnl_lock in test for calling with lock already held
For XDP use case and to allow ethtool reset tests it is useful to be
able to use reset paths from contexts where rtnl lock is already
held.

This requries updating virtnet_set_queues and free_receive_bufs the
two places where rtnl_lock is taken in virtio_net. To do this we
use the following pattern,

	_foo(...) { do stuff }
	foo(...) { rtnl_lock(); _foo(...); rtnl_unlock()};

this allows us to use freeze()/restore() flow from both contexts.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-07 10:05:11 -05:00
David S. Miller
152bff3776 Merge branch 'bridge-improve-cache-utilization'
Nikolay Aleksandrov says:

====================
bridge: improve cache utilization

This is the first set which begins to deal with the bad bridge cache
access patterns. The first patch rearranges the bridge and port structs
a little so the frequently (and closely) accessed members are in the same
cache line. The second patch then moves the garbage collection to a
workqueue trying to improve system responsiveness under load (many fdbs)
and more importantly removes the need to check if the matched entry is
expired in __br_fdb_get which was a major source of false-sharing.
The third patch is a preparation for the final one which
If properly configured, i.e. ports bound to CPUs (thus updating "updated"
locally) then the bridge's HitM goes from 100% to 0%, but even without
binding we get a win because previously every lookup that iterated over
the hash chain caused false-sharing due to the first cache line being
used for both mac/vid and used/updated fields.

Some results from tests I've run:
(note that these were run in good conditions for the baseline, everything
 ran on a single NUMA node and there were only 3 fdbs)

1. baseline
100% Load HitM on the fdbs (between everyone who has done lookups and hit
                            one of the 3 hash chains of the communicating
                            src/dst fdbs)
Overall 5.06% Load HitM for the bridge, first place in the list

2. patched & ports bound to CPUs
0% Local load HitM, bridge is not even in the c2c report list
Also there's 3% consistent improvement in netperf tests.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:53:14 -05:00
Nikolay Aleksandrov
83a718d629 bridge: fdb: write to used and updated at most once per jiffy
Writing once per jiffy is enough to limit the bridge's false sharing.
After this change the bridge doesn't show up in the local load HitM stats.

Suggested-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:53:13 -05:00
Nikolay Aleksandrov
1214628cb1 bridge: move write-heavy fdb members in their own cache line
Fdb's used and updated fields are written to on every packet forward and
packet receive respectively. Thus if we are receiving packets from a
particular fdb, they'll cause false-sharing with everyone who has looked
it up (even if it didn't match, since mac/vid share cache line!). The
"used" field is even worse since it is updated on every packet forward
to that fdb, thus the standard config where X ports use a single gateway
results in 100% fdb false-sharing. Note that this patch does not prevent
the last scenario, but it makes it better for other bridge participants
which are not using that fdb (and are only doing lookups over it).
The point is with this move we make sure that only communicating parties
get the false-sharing, in a later patch we'll show how to avoid that too.

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:53:13 -05:00
Nikolay Aleksandrov
f7cdee8a79 bridge: move to workqueue gc
Move the fdb garbage collector to a workqueue which fires at least 10
milliseconds apart and cleans chain by chain allowing for other tasks
to run in the meantime. When having thousands of fdbs the system is much
more responsive. Most importantly remove the need to check if the
matched entry has expired in __br_fdb_get that causes false-sharing and
is completely unnecessary if we cleanup entries, at worst we'll get 10ms
of traffic for that entry before it gets deleted.

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:53:13 -05:00
Nikolay Aleksandrov
1f90c7f347 bridge: modify bridge and port to have often accessed fields in one cache line
Move around net_bridge so the vlan fields are in the beginning since
they're checked on every packet even if vlan filtering is disabled.
For the port move flags & vlan group to the beginning, so they're in the
same cache line with the port's state (both flags and state are checked
on each packet).

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:53:13 -05:00
William Tu
63dfef75ed bpf: enable verifier to add 0 to packet ptr
The patch fixes the case when adding a zero value to the packet
pointer.  The zero value could come from src_reg equals type
BPF_K or CONST_IMM.  The patch fixes both, otherwise the verifer
reports the following error:
  [...]
    R0=imm0,min_value=0,max_value=0
    R1=pkt(id=0,off=0,r=4)
    R2=pkt_end R3=fp-12
    R4=imm4,min_value=4,max_value=4
    R5=pkt(id=0,off=4,r=4)
  269: (bf) r2 = r0     // r2 becomes imm0
  270: (77) r2 >>= 3
  271: (bf) r4 = r1     // r4 becomes pkt ptr
  272: (0f) r4 += r2    // r4 += 0
  addition of negative constant to packet pointer is not allowed

Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Mihai Budiu <mbudiu@vmware.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:50:04 -05:00
David S. Miller
432d4f8ab0 Merge branch 'read-vnet_hdr_sz-once'
Willem de Bruijn says:

====================
read vnet_hdr_sz once

Tuntap devices allow concurrent use and update of field vnet_hdr_sz.
Read the field once to avoid TOCTOU.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:41:27 -05:00
Willem de Bruijn
837585a537 macvtap: read vnet_hdr_size once
When IFF_VNET_HDR is enabled, a virtio_net header must precede data.
Data length is verified to be greater than or equal to expected header
length tun->vnet_hdr_sz before copying.

Macvtap functions read the value once, but unless READ_ONCE is used,
the compiler may ignore this and read multiple times. Enforce a single
read and locally cached value to avoid updates between test and use.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:41:27 -05:00
Willem de Bruijn
e1edab87fa tun: read vnet_hdr_sz once
When IFF_VNET_HDR is enabled, a virtio_net header must precede data.
Data length is verified to be greater than or equal to expected header
length tun->vnet_hdr_sz before copying.

Read this value once and cache locally, as it can be updated between
the test and use (TOCTOU).

Signed-off-by: Willem de Bruijn <willemb@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
CC: Eric Dumazet <edumazet@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:41:27 -05:00
Eric Dumazet
ccf7abb93a tcp: avoid infinite loop in tcp_splice_read()
Splicing from TCP socket is vulnerable when a packet with URG flag is
received and stored into receive queue.

__tcp_splice_read() returns 0, and sk_wait_data() immediately
returns since there is the problematic skb in queue.

This is a nice way to burn cpu (aka infinite loop) and trigger
soft lockups.

Again, this gem was found by syzkaller tool.

Fixes: 9c55e01c0c ("[TCP]: Splice receive support.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov  <dvyukov@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:38:55 -05:00
Linus Torvalds
8b1b41ee74 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm fixes from Dan Williams:
 "None of these are showstoppers for 4.10 and could wait for 4.11 merge
  window, but they are low enough risk for this late in the cycle and
  the fixes have waiting users . They have received a build success
  notification from the 0day robot, pass the latest ndctl unit tests,
  and appeared in next:

   - Fix a crash that can result when SIGINT is sent to a process that
     is awaiting completion of an address range scrub command. We were
     not properly cleaning up the workqueue after
     wait_event_interruptible().

   - Fix a memory hotplug failure condition that results from not
     reserving enough space out of persistent memory for the memmap. By
     default we align to 2M allocations that the memory hotplug code
     assumes, but if the administrator specifies a non-default
     4K-alignment then we can fail to correctly size the reservation.

   - A one line fix to improve the predictability of libnvdimm block
     device names. A common operation is to reconfigure /dev/pmem0 into
     a different mode. For example, a reconfiguration might set a new
     mode that reserves some of the capacity for a struct page memmap
     array. It surprises users if the device name changes to
     "/dev/pmem0.1" after the mode change and then back to /dev/pmem0
     after a reboot.

   - Add 'const' to some function pointer tables"

* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  libnvdimm, pfn: fix memmap reservation size versus 4K alignment
  acpi, nfit: fix acpi_nfit_flush_probe() crash
  libnvdimm, namespace: do not delete namespace-id 0
  nvdimm: constify device_type structures
2017-02-06 19:36:04 -08:00
Josef Bacik
29200c199c bpf: test for AND edge cases
These two tests are based on the work done for f23cc643f9.  The first test is
just a basic one to make sure we don't allow AND'ing negative values, even if it
would result in a valid index for the array.  The second is a cleaned up version
of the original testcase provided by Jann Horn that resulted in the commit.

Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 22:35:58 -05:00
Linus Torvalds
f7d6040aa4 Power management fixes for v4.10-rc8
- Add an intel_pstate driver quirk to work around a firmware setting
    that leads to frequency scaling issues on desktop Intel Kaby Lake
    processors in some configurations if the hardware-managed P-states
    (HWP) feature is in use (Srinivas Pandruvada).
 
  - Fix up the recently added brcmstb-avs cpufreq driver: fix a bug
    related to system suspend and change the sysfs interface to match
    the user space expectations (Markus Mayer).
 
  - Modify the runtime PM framework to avoid false-positive warnings
    from the might_sleep_if() assertions in it (Rafael Wysocki).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJYmIOoAAoJEILEb/54YlRx2XgP/AjkxDOBep8mnY3xHNMvx887
 BjWWGkuO3qZiX/xFhkhlBuxx8zLfg3ie7NJiSpn1Lj0192M9ggwn4RrM61V1SBX6
 QTOeP68uueIIA/SCt2dw9DdEpepzyvwSJpUTqRmZubZAAYjcVHN+FLgNa5QzUdMb
 X73zORAXsOu4SAguS4MP3yvPvFfdsOwSexllfsK9IAd+eb5RSZYnNyHuwW+S8EK5
 zVCE+cwJOYU4SFh0speGpvUh7wXtWdYM3CV6mzrkiQqfvS6q29xillrxKWaEIk7Z
 5Y6sReFl6i/zIuFQnx0nKPNM5DUhiOY80ha5uaZzde+vRRR7EM7n6LaIQVp672A7
 mq6d0YxsJD8Z9Gx9r66oID/pfEkviRvRc4ejm0Xb187QN9jZvBhY85WD22X5p3KR
 B0B/mhN1zN8ruaLvitqKwXtTntq4ahLtjfxtsyYoH56kh8J6C5KNlJ985/q2hhLD
 8W1ZAaXPy+vyfODsnxdzfnYvkOgeY/XIg9NQ++QGdhXNwDBb1QZP34zdNsIF/YXR
 8A+usM8BAq4r2dDROFfxtCkIVH6JsMkqWVbrUPkM9hdIL2jF3IpRS9bXKBvDICMc
 ZsbDm4ihz+XtjVG4GxmrB5SZ2C3qPYwbmLBiu1CwfY7L6lN8azF0RmRJ0s2fpvAG
 d4nxEZa5ysPKEZfU6PyE
 =2NdR
 -----END PGP SIGNATURE-----

Merge tag 'pm-4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These add a quirk to intel_pstate to work around a firmware setting
  that leads to frequency scaling issues (discovered recently) on some
  Intel Kaby Lake processors, fix up the recently added brcmstb-avs
  cpufreq driver and avoid false-positive warnings from the runtime PM
  framework triggered by recent changes in i915.

  Specifics:

   - Add an intel_pstate driver quirk to work around a firmware setting
     that leads to frequency scaling issues on desktop Intel Kaby Lake
     processors in some configurations if the hardware-managed P-states
     (HWP) feature is in use (Srinivas Pandruvada)

   - Fix up the recently added brcmstb-avs cpufreq driver: fix a bug
     related to system suspend and change the sysfs interface to match
     the user space expectations (Markus Mayer)

   - Modify the runtime PM framework to avoid false-positive warnings
     from the might_sleep_if() assertions in it (Rafael Wysocki)"

* tag 'pm-4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PM / runtime: Avoid false-positive warnings from might_sleep_if()
  cpufreq: intel_pstate: Disable energy efficiency optimization
  cpufreq: brcmstb-avs-cpufreq: properly retrieve P-state upon suspend
  cpufreq: brcmstb-avs-cpufreq: extend sysfs entry brcm_avs_pmap
2017-02-06 15:11:04 -08:00
Linus Torvalds
50dcb6cdb7 - A fix for a race in .request_fn request-based DM request handling vs
DM device destruction
 
 - An RCU fix for dm-crypt's kernel keyring support that was included in
   4.10-rc1
 
 - A -Wbool-operation warning fix for DM multipath
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJYlKLnAAoJEMUj8QotnQNaUOcH/3OgBjsRuFpNmrW3bzzcpLUQ
 XH6R2YAc1/14BU6rUYY7vLA905n7Jw3VyyJGgl2cJUqaDqA/Qj6uBmwfOve019Fl
 xTzi8rMAas05zqs9b5SrRAtSt2z6eZnbpm8df+QjrFQZjsDzsl2+PLxR+emp9YIQ
 wXLAU4Re35v/jPUccoNB0Be0LARIh0dSPQYWCYPomYqFHBoioHinGBOJpeq8HXFp
 U+JRXPcjrFxs4zjKq8aRE1XhN7lqLt7uZ4gi43sRCgieWXApoOfmo634IINyZtCf
 WIjS92qbFeyZfMk65q+GzfUYM9ZdAvzwXMlHnECYSd+jfbz89DhKv7YOuyCf1CU=
 =RSQc
 -----END PGP SIGNATURE-----

Merge tag 'dm-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - a fix for a race in .request_fn request-based DM request handling vs
   DM device destruction

 - an RCU fix for dm-crypt's kernel keyring support that was included in
   4.10-rc1

 - a -Wbool-operation warning fix for DM multipath

* tag 'dm-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm crypt: replace RCU read-side section with rwsem
  dm rq: cope with DM device destruction while in dm_old_request_fn()
  dm mpath: cleanup -Wbool-operation warning in choose_pgpath()
2017-02-06 14:42:34 -08:00
Linus Torvalds
72df5eba70 media fixes for v4.10-rc8
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJYmJDxAAoJEAhfPr2O5OEVFtkQAJHHkcc4H139Fdp0ThGLLLf/
 1VWAwQqWb/WmXMqIrE2fIQdEty8za8GvX6gQMsgeDS06GTlxtprnBeH/ZKlwrNR3
 akq/mwQPtJhOUe5uuAmgcGUOrIUIRfO0kmY6hZY+92MyxHbUbmSvpV6YHe81eWV1
 Emkwc4cMrir3RaCAsn2FgRnFRRpB58oi9TCe89LtLI4zzCMuTzEvEfG7O9u5WCcO
 SrhMv05M5XWIvEywoZsKcUW+vBZxZ6QvbG970MY5czW2WRs5GIoOnwskNYpo/bxy
 ttKmcgDXD63Wa2JPuEImLm8imyHhquJMKXCFrCRDvSWVw5p+xKDx5lX56cMhJYmr
 ZHG32Z7dsG2bfVLY5+L/B+4QhnBYqEehhgh/8oDhrR8POw+71L40aWCq5gC9cHp4
 fjNBRxII11i6AEqyMA2Dv+aSyeW3LSYBxV11h5F/Zef5fpa+WMgtHLjKKxRMOnzF
 lt81OC5yg3XWBRb4s/4xXghOOmMPFMPCo8LUbo3wB5wGNBtguBBXssZ2HIolrSCA
 /NAD01Eb29dRhtRXEqQYAhEuSiuob6ETdn+FktbtUeZl5ZUg7JfZ+A5MqTmH1l1u
 Ezl8I42BnkMuSc2gdkWh1eBJfrzNEytiW7EOZO4TMfi00PzlshwusQkXtRTUC5aC
 DG5W41QC2PolZnV8XcXs
 =nEM8
 -----END PGP SIGNATURE-----

Merge tag 'media/v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:
 "A few documentation fixes at CEC (with got promoted from staging for
  4.10), and one fix on its core."

* tag 'media/v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  [media] cec: fix wrong last_la determination
  [media] cec-intro.rst: mention the v4l-utils package and CEC utilities
  [media] cec rst: remove "This API is not yet finalized" notice
2017-02-06 14:37:55 -08:00
Linus Torvalds
396bf4cd83 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:

 - use-after-free in algif_aead

 - modular aesni regression when pcbc is modular but absent

 - bug causing IO page faults in ccp

 - double list add in ccp

 - NULL pointer dereference in qat (two patches)

 - panic in chcr

 - NULL pointer dereference in chcr

 - out-of-bound access in chcr

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: chcr - Fix key length for RFC4106
  crypto: algif_aead - Fix kernel panic on list_del
  crypto: aesni - Fix failure when pcbc module is absent
  crypto: ccp - Fix double add when creating new DMA command
  crypto: ccp - Fix DMA operations when IOMMU is enabled
  crypto: chcr - Check device is allocated before use
  crypto: chcr - Fix panic on dma_unmap_sg
  crypto: qat - zero esram only for DH85x devices
  crypto: qat - fix bar discovery for c62x
2017-02-06 14:16:23 -08:00
David S. Miller
9172d2a026 Merge branch 'dsa-add-fabric-notifier'
Vivien Didelot says:

====================
net: dsa: add fabric notifier

When a switch fabric is composed of multiple switch chips, these chips
must be programmed accordingly when an event occurred on one of them.

Examples of such event include hardware bridging: when a Linux bridge
spans interconnected chips, they must be programmed to allow external
ports to ingress frames on their internal ports.

Another example is cross-chip hardware VLANs. Switch chips in-between
interconnected bridge ports must also configure a given VLAN to allow
packets to pass through them.

In order to support that, this patchset introduces a non-intrusive
notifier mechanism. It adds a notifier head in every DSA switch tree
(the said fabric), and a notifier block in every DSA switch chip.

When an even occurs, it is chained to all notifiers of the fabric.
Switch chips can react accordingly if they are cross-chip capable.

On a dynamic debug enabled system, bridging a port in a multi-chip
fabric will print something like this (ZII Rev B board):

    # brctl addif br0 lan3
    mv88e6085 0.1:00: crosschip DSA port 1.0 bridged to br0
    mv88e6085 0.4:00: crosschip DSA port 1.0 bridged to br0
    # brctl delif br0 lan3
    mv88e6085 0.1:00: crosschip DSA port 1.0 unbridged from br0
    mv88e6085 0.4:00: crosschip DSA port 1.0 unbridged from br0

Currently only bridging events are added. A patchset introducing support
for cross-chip hardware bridging configuration in mv88e6xxx will follow
right after. Then events for switchdev operations are next on the line.

We should note that non-switchdev events do not support rolling-back
switch-wide operations. We'll have to work on closer integration with
switchdev for that, like introducing new attributes or objects, to
benefit from the prepare and commit phases.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 16:53:30 -05:00
Vivien Didelot
04d3a4c6af net: dsa: introduce bridge notifier
A slave device will now notify the switch fabric once its port is
bridged or unbridged, instead of calling directly its switch operations.

This code allows propagating cross-chip bridging events in the fabric.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 16:53:29 -05:00
Vivien Didelot
f515f192ab net: dsa: add switch notifier
Add a notifier block per DSA switch, registered against a notifier head
in the switch fabric they belong to.

This infrastructure will allow to propagate fabric-wide events such as
port bridging, VLAN configuration, etc. If a DSA switch driver cares
about cross-chip configuration, such events can be caught.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 16:53:29 -05:00
Vivien Didelot
c5d35cb32c net: dsa: change state setter scope
The scope of the functions inside net/dsa/slave.c must be the slave
net_device pointer. Change to state setter helper accordingly to
simplify callers.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 16:53:29 -05:00
Vivien Didelot
9c26542685 net: dsa: rollback bridging on error
When an error is returned during the bridging of a port in a
NETDEV_CHANGEUPPER event, net/core/dev.c rolls back the operation.

Be consistent and unassign dp->bridge_dev when this happens.

In the meantime, add comments to document this behavior.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 16:53:28 -05:00
Vivien Didelot
8e92ab3a42 net: dsa: simplify netdevice events handling
Simplify the code handling the slave netdevice notifier call by
providing a dsa_slave_changeupper helper for NETDEV_CHANGEUPPER, and so
on (only this event is supported at the moment.)

Return NOTIFY_DONE when we did not care about an event, and NOTIFY_OK
when we were concerned but no error occurred, as the API suggests.

Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-06 16:53:28 -05:00