* Re: [net-next PATCH v3 00/12] Flow API
From: Pablo Neira Ayuso @ 2015-01-22 16:49 UTC (permalink / raw)
To: Thomas Graf
Cc: Jamal Hadi Salim, John Fastabend, simon.horman, sfeldma, netdev,
davem, gerlitz.or, andy, ast, Jiri Pirko
In-Reply-To: <20150122153727.GC25797@casper.infradead.org>
On Thu, Jan 22, 2015 at 03:37:27PM +0000, Thomas Graf wrote:
> On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
> > On 01/22/15 10:13, Thomas Graf wrote:
> >
> > >I don't follow this. John's proposal allows to decide on a case by
> > >case basis what we want to export. Just like with ethtool or
> > >RTNETLINK. There is no direct access to hardware. A user can only
> > >configure what is being exposed by the kernel.
> > >
> >
> > So if i am a vendor with my own driver, I can expose whatever i want.
>
> No. We will reject any driver change attempting to do so on this
> list.
I think those vendors do not want to push those driver changes
mainstream. They will likely use these new ndo's to fully expose their
vendor-specific capabilities distributed in proprietary blobs.
I remember to have seen one ugly patch for netfilter that added
several hook functions (not netfilter hooks) at different positions of
the NAT code, the goal was to offload NAT through hardware. I was told
the code that was using those ad-hoc hooks was distributed in a binary
blob.
> This is the whole point of this: Coming up with a model that allows
> to describe capabilities and offer flow programming capabilities
> in a Vendor neutral way. A "push_vlan" or "pop_vlan" action will work
> with any driver that supports it.
Right, we need an abstraction for actions too, and the infrastructure
should not provide any means to circunvent and expose vendor specific
details.
^ permalink raw reply
* Re: [net-next PATCH v3 00/12] Flow API
From: John Fastabend @ 2015-01-22 16:58 UTC (permalink / raw)
To: Thomas Graf
Cc: Jamal Hadi Salim, Pablo Neira Ayuso, simon.horman, sfeldma,
netdev, davem, gerlitz.or, andy, ast, Jiri Pirko
In-Reply-To: <20150122151316.GB25797@casper.infradead.org>
On 01/22/2015 07:13 AM, Thomas Graf wrote:
> On 01/22/15 at 10:00am, Jamal Hadi Salim wrote:
>> On 01/22/15 09:00, Pablo Neira Ayuso wrote:
>>
>>>
I'll try to unify the threads here
>>> +/* rocker specific action definitions */
>>> +struct net_flow_action_arg rocker_set_group_id_args[] = {
>>> + {
>>> + .name = "group_id",
>>> + .type = NFL_ACTION_ARG_TYPE_U32,
>>> + .value_u32 = 0,
>>> + },
>>>
In response to Pablo's observation,
Correct this is fully exposed to user space, but it is also self
contained inside the API meaning I can learn when to use it and what it
does by looking at the other operations tables the table graph and
supported headers. The assumption I am making that is not in the API
explicitly yet. Is that actions named "set_field_name" perform the
set operation on that field. We can and plan to extend the API to make
this assumption explicit in the API.
In this case I can "learn" that I can match on group_id in some tables
and then use the above action to set the group_id in others.
>>> that is retrieved via ndo_flow_get_actions and fully exposed to
>>> userspace.
>>>
>>
>> My main concern is along similar lines (I did express it earlier and
>> I think Jiri chimed in as well).
>> The API exposes direct access to hardware. I am sure this was a result
>> of trying to replace the ethtool interface (which was primitive).
>> By providing vendors direct access to the hardware - they do not need
>> to use any traditional Linux tooling/APIs.
>
> I don't follow this. John's proposal allows to decide on a case by
> case basis what we want to export. Just like with ethtool or
> RTNETLINK. There is no direct access to hardware. A user can only
> configure what is being exposed by the kernel.
>
> Pablo raises an interesting point though. How do we handle unique
> features like Rocker groups.
>
> Maybe Jiri and Scott can chime in and describe if we can map this to
> something more generic and avoid exporting anything Rocker specific.
>
Even though its a detail of the rocker world its easy enough for a
program on top of the API to learn how it works.
So in the rocker switch case if I want to rewrite an eth_dst adress I
have a couple choices. I can set the group_id in one of the tables
that support setting the group_id and then do the rewrite in one of the
tables that supports matching on group_id and setting the eth_dst mac.
The "choice" I make is a policy IMO and I don't want to hard code logic
in the kernel that picks tables and decides things like what should I
do if table x is full but table y could also be used should I overflow
into table y? Or is table y reserved for some other network function?
etc.
There are some actions and metadata though that _need_ to be
standardized. These are the metadata that is used outside the API. For
example ingress_port is metadata that is set outside the tables.
Similarly set_egress_port and set_egress_queue provide the forwarding
and queueing fields. No matter how hard you look at the model from the
API you can not learn how these are used.
> What would a rocker group map to in the tc world?
In the 'tc' world I would guess the easiest thing to do is simply bind
a 'tc' qdisc to the ACL table. It seems a good first approximation of
how to make this work. But the rocker world doesn't yet have any QOS so
it makes it difficult to "offload" anything but the fifo qdiscs.
>
>> I see this as a gaping hole
>> for vendor SDKs with their own definitions of their own hardware that
>> doesnt work with anyone else. i.e it seems to standardize proprietary
>> interfaces. Maybe thats what Pablo is alluding to.
>
> I will be the first to root for rejection if such patches appear.
>
Is it problematic if users define some unique header here and then
provide actions to set/pop/push/get operations on it?
For me this seems perfectly reasonable. We can pull it out of hardware
or a database in libvirt perhaps then feed it back into Linux nft,
ebpf, tc u32_filter, to create a unified view. I think ebpf, nft, and
u32 have been all about supporting vendor specific protocols?
I must be missing the point about proprietary interfaces. The FLOW API
would be the interface and if we create interesting tools/systems around
it and integration with other Linux sub-systems by choosing to use a
proprietary SDK you lose the goodness.
.John
--
John Fastabend Intel Corporation
^ permalink raw reply
* Re: [net-next PATCH v3 00/12] Flow API
From: John Fastabend @ 2015-01-22 17:10 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Thomas Graf, Jamal Hadi Salim, simon.horman, sfeldma, netdev,
davem, gerlitz.or, andy, ast, Jiri Pirko
In-Reply-To: <20150122164951.GA3417@salvia>
On 01/22/2015 08:49 AM, Pablo Neira Ayuso wrote:
> On Thu, Jan 22, 2015 at 03:37:27PM +0000, Thomas Graf wrote:
>> On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
>>> On 01/22/15 10:13, Thomas Graf wrote:
>>>
>>>> I don't follow this. John's proposal allows to decide on a case by
>>>> case basis what we want to export. Just like with ethtool or
>>>> RTNETLINK. There is no direct access to hardware. A user can only
>>>> configure what is being exposed by the kernel.
>>>>
>>>
>>> So if i am a vendor with my own driver, I can expose whatever i want.
>>
>> No. We will reject any driver change attempting to do so on this
>> list.
>
> I think those vendors do not want to push those driver changes
> mainstream. They will likely use these new ndo's to fully expose their
> vendor-specific capabilities distributed in proprietary blobs.
>
> I remember to have seen one ugly patch for netfilter that added
> several hook functions (not netfilter hooks) at different positions of
> the NAT code, the goal was to offload NAT through hardware. I was told
> the code that was using those ad-hoc hooks was distributed in a binary
> blob.
>
>> This is the whole point of this: Coming up with a model that allows
>> to describe capabilities and offer flow programming capabilities
>> in a Vendor neutral way. A "push_vlan" or "pop_vlan" action will work
>> with any driver that supports it.
>
> Right, we need an abstraction for actions too, and the infrastructure
> should not provide any means to circunvent and expose vendor specific
> details.
>
I'm not sure what a vendor specific detail is in the API now?
The API provides a mechanism to define the headers you support in a
vendor neutral way. Perhaps vendor X may be the only hardware to
support the packet type but the packets are not really vendor specific
if we have the packet layout we can generate code to create the packets
if we care to in software and find it useful.
Maybe the issue is the actions look like UIDs without any specification
as to what they do? The concern being as a vendor I could create an
action and call it my_vendor_specific_action and if I never tell anyone
how to use it then we are stuck.
I can add a set of specifier attributes to the get_action call that
describes actions using basic primitives to resolve this specific issue.
Actions should either 'set' fields, 'get' fields, 'dec' fields, 'inc'
fields, etc. Then you specify an action by providing the list of
operations it performs. So set_group_id is simply
'set_field uid=group_id_metadata'
More complicated actions exist like route() and such which will be a
list of operations that may set multiple fields in a single atomic step.
The table API also seems vendor neutral to me. I'm not sure what
specific details would be vendor specific here either.
.John
--
John Fastabend Intel Corporation
^ permalink raw reply
* Re: [PATCH net-next 1/2] tipc: fix excessive network event logging
From: Joe Perches @ 2015-01-22 17:24 UTC (permalink / raw)
To: erik.hugne; +Cc: richard.alpe, netdev, jon.maloy, ying.xue, tipc-discussion
In-Reply-To: <1421943032-29924-1-git-send-email-erik.hugne@ericsson.com>
On Thu, 2015-01-22 at 17:10 +0100, erik.hugne@ericsson.com wrote:
> From: Erik Hugne <erik.hugne@ericsson.com>
>
> If a large number of namespaces is spawned on a node and TIPC is
> enabled in each of these, the excessive printk tracing of network
> events will cause the system to grind down to a near halt.
> The traces are still of debug value, so instead of removing them
> completely we fix it by changing the link state and node availability
> logging debug traces.
Maybe some of these should be net_<level>_ratelimited(fmt, ...)
> diff --git a/net/tipc/link.c b/net/tipc/link.c
[]
> @@ -588,8 +588,8 @@ static void link_state_event(struct tipc_link *l_ptr, unsigned int event)
> l_ptr->fsm_msg_cnt++;
> link_set_timer(l_ptr, cont_intv / 4);
> } else { /* Link has failed */
> - pr_warn("%s<%s>, peer not responding\n",
> - link_rst_msg, l_ptr->name);
Like this one.
> + pr_debug("%s<%s>, peer not responding\n",
> + link_rst_msg, l_ptr->name);
> tipc_link_reset(l_ptr);
> l_ptr->state = RESET_UNKNOWN;
> l_ptr->fsm_msg_cnt = 0;
> @@ -380,8 +380,8 @@ static void node_lost_contact(struct tipc_node *n_ptr)
> char addr_string[16];
> u32 i;
>
> - pr_info("Lost contact with %s\n",
> - tipc_addr_string_fill(addr_string, n_ptr->addr));
> + pr_debug("Lost contact with %s\n",
> + tipc_addr_string_fill(addr_string, n_ptr->addr));
>
> /* Flush broadcast link info associated with lost node */
> if (n_ptr->bclink.recv_permitted) {
And maybe this one too.
^ permalink raw reply
* [PATCH net] net: sctp: fix slab corruption from use after free on INIT collisions
From: Daniel Borkmann @ 2015-01-22 17:26 UTC (permalink / raw)
To: davem; +Cc: vyasevich, netdev, linux-sctp
When hitting an INIT collision case during the 4WHS with AUTH enabled, as
already described in detail in commit 1be9a950c646 ("net: sctp: inherit
auth_capable on INIT collisions"), it can happen that we occasionally
still remotely trigger the following panic on server side which seems to
have been uncovered after the fix from commit 1be9a950c646 ...
[ 533.876389] BUG: unable to handle kernel paging request at 00000000ffffffff
[ 533.913657] IP: [<ffffffff811ac385>] __kmalloc+0x95/0x230
[ 533.940559] PGD 5030f2067 PUD 0
[ 533.957104] Oops: 0000 [#1] SMP
[ 533.974283] Modules linked in: sctp mlx4_en [...]
[ 534.939704] Call Trace:
[ 534.951833] [<ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0
[ 534.984213] [<ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0
[ 535.015025] [<ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170
[ 535.045661] [<ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0
[ 535.074593] [<ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50
[ 535.105239] [<ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp]
[ 535.138606] [<ffffffff814e43bd>] SyS_listen+0x9d/0xb0
[ 535.166848] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
... or depending on the the application, for example this one:
[ 1370.026490] BUG: unable to handle kernel paging request at 00000000ffffffff
[ 1370.026506] IP: [<ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0
[ 1370.054568] PGD 633c94067 PUD 0
[ 1370.070446] Oops: 0000 [#1] SMP
[ 1370.085010] Modules linked in: sctp kvm_amd kvm [...]
[ 1370.963431] Call Trace:
[ 1370.974632] [<ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960
[ 1371.000863] [<ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960
[ 1371.027154] [<ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170
[ 1371.054679] [<ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130
[ 1371.080183] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
With slab debugging enabled, we can see that the poison has been overwritten:
[ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten
[ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b
[ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494
[ 669.826424] __slab_alloc+0x4bf/0x566
[ 669.826433] __kmalloc+0x280/0x310
[ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp]
[ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp]
[ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp]
[ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...]
[ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494
[ 669.826635] __slab_free+0x39/0x2a8
[ 669.826643] kfree+0x1d6/0x230
[ 669.826650] kzfree+0x31/0x40
[ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp]
[ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp]
[ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp]
Since this only triggers in some collision-cases with AUTH, the problem at
heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice
when having refcnt 1, once directly in sctp_assoc_update() and yet again
from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on
the already kzfree'd memory, which is also consistent with the observation
of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected
at a later point in time when poison is checked on new allocation).
Reference counting of auth keys revisited:
Shared keys for AUTH chunks are being stored in endpoints and associations
in endpoint_shared_keys list. On endpoint creation, a null key is being
added; on association creation, all endpoint shared keys are being cached
and thus cloned over to the association. struct sctp_shared_key only holds
a pointer to the actual key bytes, that is, struct sctp_auth_bytes which
keeps track of users internally through refcounting. Naturally, on assoc
or enpoint destruction, sctp_shared_key are being destroyed directly and
the reference on sctp_auth_bytes dropped.
User space can add keys to either list via setsockopt(2) through struct
sctp_authkey and by passing that to sctp_auth_set_key() which replaces or
adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes
with refcount 1 and in case of replacement drops the reference on the old
sctp_auth_bytes. A key can be set active from user space through setsockopt()
on the id via sctp_auth_set_active_key(), which iterates through either
endpoint_shared_keys and in case of an assoc, invokes (one of various places)
sctp_auth_asoc_init_active_key().
sctp_auth_asoc_init_active_key() computes the actual secret from local's
and peer's random, hmac and shared key parameters and returns a new key
directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops
the reference if there was a previous one. The secret, which where we
eventually double drop the ref comes from sctp_auth_asoc_set_secret() with
intitial refcount of 1, which also stays unchanged eventually in
sctp_assoc_update(). This key is later being used for crypto layer to
set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac().
To close the loop: asoc->asoc_shared_key is freshly allocated secret
material and independant of the sctp_shared_key management keeping track
of only shared keys in endpoints and assocs. Hence, also commit 4184b2a79a76
("net: sctp: fix memory leak in auth key management") is independant of
this bug here since it concerns a different layer (though same structures
being used eventually). asoc->asoc_shared_key is reference dropped correctly
on assoc destruction in sctp_association_free() and when active keys are
being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount
of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is
to remove that sctp_auth_key_put() from there which fixes these panics.
Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
net/sctp/associola.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index f791edd..26d06db 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc,
asoc->peer.peer_hmacs = new->peer.peer_hmacs;
new->peer.peer_hmacs = NULL;
- sctp_auth_key_put(asoc->asoc_shared_key);
sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
}
--
1.7.11.7
^ permalink raw reply related
* Re: [PATCH] bpf: Call rcu_read_unlock() before copy_to_user()
From: Alexei Starovoitov @ 2015-01-22 17:27 UTC (permalink / raw)
To: Michael Holzheu
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
On Thu, Jan 22, 2015 at 7:57 AM, Michael Holzheu
<holzheu@linux.vnet.ibm.com> wrote:
> We must not hold locks when calling copy_to_user():
>
> BUG: sleeping function called from invalid context at mm/memory.c:3732
> in_atomic(): 0, irqs_disabled(): 0, pid: 671, name: test_maps
> 1 lock held by test_maps/671:
> #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
> Preemption disabled at:[<00000000001be3b6>] vprintk_default+0x56/0x68
>
> CPU: 0 PID: 671 Comm: test_maps Not tainted 3.19.0-rc5-00117-g5eb11d6-dirty #424
> 000000001e447bb0 000000001e447c40 0000000000000002 0000000000000000
> 000000001e447ce0 000000001e447c58 000000001e447c58 0000000000115c8a
> 0000000000000000 0000000000c08246 0000000000c27e8a 000000000000000b
> 000000001e447ca0 000000001e447c40 0000000000000000 0000000000000000
> 0000000000000000 0000000000115c8a 000000001e447c40 000000001e447ca0
> Call Trace:
> ([<0000000000115b7e>] show_trace+0x12e/0x150)
> [<0000000000115c40>] show_stack+0xa0/0x100
> [<00000000009b163c>] dump_stack+0x74/0xc8
> [<000000000017424a>] ___might_sleep+0x23a/0x248
> [<00000000002b58e8>] might_fault+0x70/0xe8
> [<0000000000264230>] map_lookup_elem+0x188/0x260
> [<0000000000264716>] SyS_bpf+0x20e/0x840
> [<00000000009bbe3a>] system_call+0xd6/0x24c
> [<000003fffd15f566>] 0x3fffd15f566
> 1 lock held by test_maps/671:
> #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
>
> So call rcu_read_unlock() before copy_to_user(). We can
> release the lock earlier because it is not needed for copy_to_user().
we cannot move the rcu unlock this way, since it protects the value.
So we need to copy the value while still under rcu.
I'm puzzled how I missed this warning.
I guess you have CONFIG_PREEMPT_RCU=y ?
and if (in_atomic()) return; as part of might_fault() hid it.
^ permalink raw reply
* Re: [PATCH net-next 2/2] flow_dissector: add tipc support
From: Eric Dumazet @ 2015-01-22 17:29 UTC (permalink / raw)
To: erik.hugne; +Cc: richard.alpe, netdev, jon.maloy, ying.xue, tipc-discussion
In-Reply-To: <1421943032-29924-2-git-send-email-erik.hugne@ericsson.com>
On Thu, 2015-01-22 at 17:10 +0100, erik.hugne@ericsson.com wrote:
> From: Erik Hugne <erik.hugne@ericsson.com>
>
> The flows are hashed on the sending node address, which allows us
> to spread out the TIPC link processing to RPS enabled cores. There
> is no point to include the destination address in the hash as that
> will always be the same for all inbound links. We have experimented
> with a 3-tuple hash over [srcnode, sport, dport], but this showed to
> give slightly lower performance because of increased lock contention
> when the same link was handled by multiple cores.
>
> Signed-off-by: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
> ---
> net/core/flow_dissector.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 4508493..beb83d1 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -178,6 +178,20 @@ ipv6:
> return false;
> }
> }
> + case htons(ETH_P_TIPC): {
> + struct {
> + __be32 pre[3];
> + __be32 srcnode;
> + } *hdr, _hdr;
Is this header defined somewhere in an include file ?
This looks a bit ugly to locally define the format...
^ permalink raw reply
* Re: [PATCH] samples/bpf: Fix test_maps/bpf_get_next_key() test
From: Alexei Starovoitov @ 2015-01-22 17:32 UTC (permalink / raw)
To: Michael Holzheu
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
On Thu, Jan 22, 2015 at 8:01 AM, Michael Holzheu
<holzheu@linux.vnet.ibm.com> wrote:
> Looks like the "test_maps" test case expects to get the keys in
> the wrong order when iterating over the elements:
>
> test_maps: samples/bpf/test_maps.c:79: test_hashmap_sanity: Assertion
> `bpf_get_next_key(map_fd, &key, &next_key) == 0 && next_key == 2' failed.
> Aborted
>
> Fix this and test for the correct order.
that will break this test on x86...
we need to understand first why the order of two elements
came out different on s390...
Could it be that jhash() produced different hash for the same
values on x86 vs s390 ?
The better fix for the test is probably not to assume AB or BA
order, but accept both.
^ permalink raw reply
* Re: [net-next PATCH v3 00/12] Flow API
From: Thomas Graf @ 2015-01-22 17:44 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Jamal Hadi Salim, John Fastabend, simon.horman, sfeldma, netdev,
davem, gerlitz.or, andy, ast, Jiri Pirko
In-Reply-To: <20150122164951.GA3417@salvia>
On 01/22/15 at 05:49pm, Pablo Neira Ayuso wrote:
> On Thu, Jan 22, 2015 at 03:37:27PM +0000, Thomas Graf wrote:
> > On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
> > > On 01/22/15 10:13, Thomas Graf wrote:
> > >
> > > >I don't follow this. John's proposal allows to decide on a case by
> > > >case basis what we want to export. Just like with ethtool or
> > > >RTNETLINK. There is no direct access to hardware. A user can only
> > > >configure what is being exposed by the kernel.
> > > >
> > >
> > > So if i am a vendor with my own driver, I can expose whatever i want.
> >
> > No. We will reject any driver change attempting to do so on this
> > list.
>
> I think those vendors do not want to push those driver changes
> mainstream. They will likely use these new ndo's to fully expose their
> vendor-specific capabilities distributed in proprietary blobs.
You can achieve the exact same thing with an out of tree tc action,
classifier or even a new link type. Nothing prevents an out of tree
driver to register a new rtnetlink link type and do vendor specific
crap.
Out of tree code can abuse any kernel API in any way it wants. Not
sure how much we can do about that.
That said, as we know, vendor specific SDKs for most of the chips in
question here already exist. I'm not sure why a vendor would want to
use this infrastructure (which is subject to constant internal API
changes) to implement vendor specific APIs if that vendor already has
an indepdendent out of tree SDK.
^ permalink raw reply
* [PATCH] net: macb: allow deffered probe of the driver
From: Nicolae Rosia @ 2015-01-22 17:31 UTC (permalink / raw)
To: netdev@vger.kernel.org, nicolas.ferre@atmel.com
The driver is trying to acquire clocks which maybe
are not available yet. Allow the driver to request
deffered probe by providing a probe function and
registering it with module_platform_driver. [1]
This patch is based on 3.19-rc5.
[1] https://lkml.org/lkml/2013/9/23/118
Signed-off-by: Nicolae Rosia <nicolae.rosia@certsign.ro>
---
drivers/net/ethernet/cadence/macb.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/cadence/macb.c
b/drivers/net/ethernet/cadence/macb.c
index 3767271..4dfcd66 100644
--- a/drivers/net/ethernet/cadence/macb.c
+++ b/drivers/net/ethernet/cadence/macb.c
@@ -2148,7 +2148,7 @@ static void macb_probe_queues(void __iomem *mem,
(*num_queues)++;
}
-static int __init macb_probe(struct platform_device *pdev)
+static int macb_probe(struct platform_device *pdev)
{
struct macb_platform_data *pdata;
struct resource *regs;
@@ -2386,7 +2386,7 @@ err_out:
return err;
}
-static int __exit macb_remove(struct platform_device *pdev)
+static int macb_remove(struct platform_device *pdev)
{
struct net_device *dev;
struct macb *bp;
@@ -2449,7 +2449,8 @@ static int macb_resume(struct device *dev)
static SIMPLE_DEV_PM_OPS(macb_pm_ops, macb_suspend, macb_resume);
static struct platform_driver macb_driver = {
- .remove = __exit_p(macb_remove),
+ .probe = macb_probe,
+ .remove = macb_remove,
.driver = {
.name = "macb",
.of_match_table = of_match_ptr(macb_dt_ids),
@@ -2457,7 +2458,7 @@ static struct platform_driver macb_driver = {
},
};
-module_platform_driver_probe(macb_driver, macb_probe);
+module_platform_driver(macb_driver);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Cadence MACB/GEM Ethernet driver");
--
2.1.0
^ permalink raw reply related
* Re: [PATCH net-next 0/3] openvswitch: Add STT support.
From: Vincent JARDIN @ 2015-01-22 17:51 UTC (permalink / raw)
To: Tom Herbert; +Cc: Jesse Gross, Pravin Shelar, David Miller, Linux Netdev List
In-Reply-To: <CA+mtBx9pnkJBVftqFTK6fcd-toAxsJrvB=drTxWQs_=5s9C0+A@mail.gmail.com>
On 22/01/2015 17:24, Tom Herbert wrote:
> STT is undoubtedly a creative and unique solution I'll give you that,
> but the potential repercussions of allowing this to be widely deployed
> are profound. IMO this needs to be fully explored before it can ever
> be allowed in the kernel. If there has already been discussion on this
> please forward a pointer (I didn't find anything in the IETF mailing
> list archives other than the draft posting announcements), but at the
> minimum these patches warrant a lot of scrutiny.
I share this concern of biased use of TCP, all the critics will be
valid. But anyone can hack TCP (so peer to peer software does or CDN
software does). So, I prefer the let the freedom to the sysadmin to
enable/disable it for their networks. Not having this feature into the
kernel prevent sysadmin from doing it. To be safe, it can be an
experimental feature of the Linux kernel.
Same: LRO/GRO is is bad features: it breaks many times networking (most
IP forwarders must disable it), but it helps for servers. Same for STT
in fact, it has its narrow set of use-cases which are valid.
Best regards,
Vincent
^ permalink raw reply
* Re: [PATCH net] net: sctp: fix slab corruption from use after free on INIT collisions
From: Vlad Yasevich @ 2015-01-22 17:52 UTC (permalink / raw)
To: Daniel Borkmann, davem; +Cc: netdev, linux-sctp
In-Reply-To: <1421947614-31407-1-git-send-email-dborkman@redhat.com>
On 01/22/2015 12:26 PM, Daniel Borkmann wrote:
> When hitting an INIT collision case during the 4WHS with AUTH enabled, as
> already described in detail in commit 1be9a950c646 ("net: sctp: inherit
> auth_capable on INIT collisions"), it can happen that we occasionally
> still remotely trigger the following panic on server side which seems to
> have been uncovered after the fix from commit 1be9a950c646 ...
>
> [ 533.876389] BUG: unable to handle kernel paging request at 00000000ffffffff
> [ 533.913657] IP: [<ffffffff811ac385>] __kmalloc+0x95/0x230
> [ 533.940559] PGD 5030f2067 PUD 0
> [ 533.957104] Oops: 0000 [#1] SMP
> [ 533.974283] Modules linked in: sctp mlx4_en [...]
> [ 534.939704] Call Trace:
> [ 534.951833] [<ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0
> [ 534.984213] [<ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0
> [ 535.015025] [<ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170
> [ 535.045661] [<ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0
> [ 535.074593] [<ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50
> [ 535.105239] [<ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp]
> [ 535.138606] [<ffffffff814e43bd>] SyS_listen+0x9d/0xb0
> [ 535.166848] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
>
> ... or depending on the the application, for example this one:
>
> [ 1370.026490] BUG: unable to handle kernel paging request at 00000000ffffffff
> [ 1370.026506] IP: [<ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0
> [ 1370.054568] PGD 633c94067 PUD 0
> [ 1370.070446] Oops: 0000 [#1] SMP
> [ 1370.085010] Modules linked in: sctp kvm_amd kvm [...]
> [ 1370.963431] Call Trace:
> [ 1370.974632] [<ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960
> [ 1371.000863] [<ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960
> [ 1371.027154] [<ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170
> [ 1371.054679] [<ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130
> [ 1371.080183] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
>
> With slab debugging enabled, we can see that the poison has been overwritten:
>
> [ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten
> [ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b
> [ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494
> [ 669.826424] __slab_alloc+0x4bf/0x566
> [ 669.826433] __kmalloc+0x280/0x310
> [ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp]
> [ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp]
> [ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp]
> [ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...]
> [ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494
> [ 669.826635] __slab_free+0x39/0x2a8
> [ 669.826643] kfree+0x1d6/0x230
> [ 669.826650] kzfree+0x31/0x40
> [ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp]
> [ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp]
> [ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp]
>
> Since this only triggers in some collision-cases with AUTH, the problem at
> heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice
> when having refcnt 1, once directly in sctp_assoc_update() and yet again
> from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on
> the already kzfree'd memory, which is also consistent with the observation
> of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected
> at a later point in time when poison is checked on new allocation).
>
> Reference counting of auth keys revisited:
>
> Shared keys for AUTH chunks are being stored in endpoints and associations
> in endpoint_shared_keys list. On endpoint creation, a null key is being
> added; on association creation, all endpoint shared keys are being cached
> and thus cloned over to the association. struct sctp_shared_key only holds
> a pointer to the actual key bytes, that is, struct sctp_auth_bytes which
> keeps track of users internally through refcounting. Naturally, on assoc
> or enpoint destruction, sctp_shared_key are being destroyed directly and
> the reference on sctp_auth_bytes dropped.
>
> User space can add keys to either list via setsockopt(2) through struct
> sctp_authkey and by passing that to sctp_auth_set_key() which replaces or
> adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes
> with refcount 1 and in case of replacement drops the reference on the old
> sctp_auth_bytes. A key can be set active from user space through setsockopt()
> on the id via sctp_auth_set_active_key(), which iterates through either
> endpoint_shared_keys and in case of an assoc, invokes (one of various places)
> sctp_auth_asoc_init_active_key().
>
> sctp_auth_asoc_init_active_key() computes the actual secret from local's
> and peer's random, hmac and shared key parameters and returns a new key
> directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops
> the reference if there was a previous one. The secret, which where we
> eventually double drop the ref comes from sctp_auth_asoc_set_secret() with
> intitial refcount of 1, which also stays unchanged eventually in
> sctp_assoc_update(). This key is later being used for crypto layer to
> set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac().
>
> To close the loop: asoc->asoc_shared_key is freshly allocated secret
> material and independant of the sctp_shared_key management keeping track
> of only shared keys in endpoints and assocs. Hence, also commit 4184b2a79a76
> ("net: sctp: fix memory leak in auth key management") is independant of
> this bug here since it concerns a different layer (though same structures
> being used eventually). asoc->asoc_shared_key is reference dropped correctly
> on assoc destruction in sctp_association_free() and when active keys are
> being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount
> of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is
> to remove that sctp_auth_key_put() from there which fixes these panics.
>
> Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
-vlad
> ---
> net/sctp/associola.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/net/sctp/associola.c b/net/sctp/associola.c
> index f791edd..26d06db 100644
> --- a/net/sctp/associola.c
> +++ b/net/sctp/associola.c
> @@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc,
> asoc->peer.peer_hmacs = new->peer.peer_hmacs;
> new->peer.peer_hmacs = NULL;
>
> - sctp_auth_key_put(asoc->asoc_shared_key);
> sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
> }
>
>
^ permalink raw reply
* Re: [PATCH] bpf: Call rcu_read_unlock() before copy_to_user()
From: Michael Holzheu @ 2015-01-22 17:54 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
In-Reply-To: <CAADnVQLnrAgk3vTppugqCtSsHL4XiZeQJrQi3cqhgLCCq1v8Pg@mail.gmail.com>
On Thu, 22 Jan 2015 09:27:21 -0800
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> On Thu, Jan 22, 2015 at 7:57 AM, Michael Holzheu
> <holzheu@linux.vnet.ibm.com> wrote:
> > We must not hold locks when calling copy_to_user():
> >
> > BUG: sleeping function called from invalid context at mm/memory.c:3732
> > in_atomic(): 0, irqs_disabled(): 0, pid: 671, name: test_maps
> > 1 lock held by test_maps/671:
> > #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
> > Preemption disabled at:[<00000000001be3b6>] vprintk_default+0x56/0x68
> >
> > CPU: 0 PID: 671 Comm: test_maps Not tainted 3.19.0-rc5-00117-g5eb11d6-dirty #424
> > 000000001e447bb0 000000001e447c40 0000000000000002 0000000000000000
> > 000000001e447ce0 000000001e447c58 000000001e447c58 0000000000115c8a
> > 0000000000000000 0000000000c08246 0000000000c27e8a 000000000000000b
> > 000000001e447ca0 000000001e447c40 0000000000000000 0000000000000000
> > 0000000000000000 0000000000115c8a 000000001e447c40 000000001e447ca0
> > Call Trace:
> > ([<0000000000115b7e>] show_trace+0x12e/0x150)
> > [<0000000000115c40>] show_stack+0xa0/0x100
> > [<00000000009b163c>] dump_stack+0x74/0xc8
> > [<000000000017424a>] ___might_sleep+0x23a/0x248
> > [<00000000002b58e8>] might_fault+0x70/0xe8
> > [<0000000000264230>] map_lookup_elem+0x188/0x260
> > [<0000000000264716>] SyS_bpf+0x20e/0x840
> > [<00000000009bbe3a>] system_call+0xd6/0x24c
> > [<000003fffd15f566>] 0x3fffd15f566
> > 1 lock held by test_maps/671:
> > #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
> >
> > So call rcu_read_unlock() before copy_to_user(). We can
> > release the lock earlier because it is not needed for copy_to_user().
>
> we cannot move the rcu unlock this way, since it protects the value.
> So we need to copy the value while still under rcu.
Ok, right. I assume you will provide the correct fix.
> I'm puzzled how I missed this warning.
> I guess you have CONFIG_PREEMPT_RCU=y ?
Yes.
Regards,
Michael
^ permalink raw reply
* [PATCH] net: phy: fix phy device autoneg wrong value
From: Nicolae Rosia @ 2015-01-22 17:56 UTC (permalink / raw)
To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
f.fainelli@gmail.com
In phy_device_create, autoneg is set to AUTONEG_ENABLE.
When using the generic phy driver (phy_device.c),
genphy_config_init reads BMSR and finds out if autonegotiation
is possible and sets the phy device features accordingly.
phy_sanitize_settings is supposed to set the right value of
autoneg, but it is never called if autonegotiation is enabled,
which is always the case.
Signed-off-by: Nicolae Rosia <nicolae.rosia@certsign.ro>
---
drivers/net/phy/phy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/phy/phy.c b/drivers/net/phy/phy.c
index 767cd11..9c35136 100644
--- a/drivers/net/phy/phy.c
+++ b/drivers/net/phy/phy.c
@@ -249,9 +249,6 @@ static void phy_sanitize_settings(struct phy_device
*phydev)
unsigned int idx;
/* Sanitize settings based on PHY capabilities */
- if ((features & SUPPORTED_Autoneg) == 0)
- phydev->autoneg = AUTONEG_DISABLE;
-
idx = phy_find_valid(phy_find_setting(phydev->speed, phydev->duplex),
features);
@@ -436,6 +433,9 @@ int phy_start_aneg(struct phy_device *phydev)
mutex_lock(&phydev->lock);
+ if ((phydev->supported & SUPPORTED_Autoneg) == 0)
+ phydev->autoneg = AUTONEG_DISABLE;
+
if (AUTONEG_DISABLE == phydev->autoneg)
phy_sanitize_settings(phydev);
--
2.1.0
^ permalink raw reply related
* Re: [net-next PATCH v3 00/12] Flow API
From: Thomas Graf @ 2015-01-22 17:58 UTC (permalink / raw)
To: Jiri Pirko
Cc: Jamal Hadi Salim, Pablo Neira Ayuso, John Fastabend, simon.horman,
sfeldma, netdev, davem, gerlitz.or, andy, ast
In-Reply-To: <20150122154840.GC1863@nanopsycho.orion>
On 01/22/15 at 04:48pm, Jiri Pirko wrote:
> Thu, Jan 22, 2015 at 04:37:27PM CET, tgraf@suug.ch wrote:
> >On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
> >> On 01/22/15 10:13, Thomas Graf wrote:
> >>
> >> >I don't follow this. John's proposal allows to decide on a case by
> >> >case basis what we want to export. Just like with ethtool or
> >> >RTNETLINK. There is no direct access to hardware. A user can only
> >> >configure what is being exposed by the kernel.
> >> >
> >>
> >> So if i am a vendor with my own driver, I can expose whatever i want.
> >
> >No. We will reject any driver change attempting to do so on this
> >list.
>
> That is not 100%, on contrary. If the infrastructure would be made to
> explicitly disallow that kind of behaviour, it would be much safer.
I'm very much in favour of that. Ideas?
^ permalink raw reply
* Re: [PATCH net 4/4] sh_eth: Fix serialisation of interrupt disable with interrupt & NAPI handlers
From: Ben Hutchings @ 2015-01-22 17:59 UTC (permalink / raw)
To: Sergei Shtylyov
Cc: David S.Miller, netdev, linux-kernel, Nobuhiro Iwamatsu,
Mitsuhiro Kimura, Hisashi Nakamura, Yoshihiro Kaneko
In-Reply-To: <54C126BA.4030807@cogentembedded.com>
On Thu, 2015-01-22 at 19:35 +0300, Sergei Shtylyov wrote:
> Hello.
>
> On 01/22/2015 06:06 PM, Ben Hutchings wrote:
>
> >>> In order to stop the RX path accessing the RX ring while it's being
> >>> stopped or resized, we clear the interrupt mask (EESIPR) and then call
> >>> free_irq() or synchronise_irq(). This is insufficient because the
> >>> interrupt handler or NAPI poller may set EESIPR again after we clear
> >>> it.
>
> >> Hm, how come the interrupt handler gets called when we have disabled all
> >> interrupts?
>
> > It may be running on another processor and racing with the function that
> > clears EESIPR.
>
> Ah, I didn't think about SMP... but then we need more spinlock protection
> instead, no?
That's what I tried first. As we need to serialise with NAPI as well,
and napi_disable() may sleep, we need to call that first, so I ended up
with:
napi_disable(&mdp->napi);
spin_lock_irq(&mdp->lock);
sh_eth_write(ndev, 0x0000, EESIPR);
spin_unlock_irq(&mdp->lock);
napi_enable(&mdp->napi);
But after napi_disable() sets the NAPI_STATE_DISABLE bit,
napi_schedule_prep() will return false and so the interrupt handler will
not clear the EESR_RX_CHECK bit any more. This can leave the interrupt
screaming and prevent the NAPI handler from ever completing, so the
system is livelocked.
> >> Is it unmaskable EESR.ECI interrupt? BTW, I'm not seeing where the
> >> interrupt handler enables interrupts again; only NAPI poller does that AFAIK.
>
> > Normally it only clears EESR_RX_CHECK, but as it cannot atomically clear
> > a single bit of EESIPR this can result in setting other bits.
>
> This is again only possible on SMP kernel, right?
Yes.
Ben.
^ permalink raw reply
* Re: [PATCH] bpf: Call rcu_read_unlock() before copy_to_user()
From: Alexei Starovoitov @ 2015-01-22 18:03 UTC (permalink / raw)
To: Michael Holzheu
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
On Thu, Jan 22, 2015 at 9:54 AM, Michael Holzheu
<holzheu@linux.vnet.ibm.com> wrote:
>> > So call rcu_read_unlock() before copy_to_user(). We can
>> > release the lock earlier because it is not needed for copy_to_user().
>>
>> we cannot move the rcu unlock this way, since it protects the value.
>> So we need to copy the value while still under rcu.
>
> Ok, right. I assume you will provide the correct fix.
sure :) will do.
^ permalink raw reply
* [PATCH] iproute2: can: Add support for CAN FD non-ISO feature
From: Oliver Hartkopp @ 2015-01-22 18:04 UTC (permalink / raw)
To: shemming, netdev; +Cc: Oliver Hartkopp
This patch makes CAN_CTRLMODE_FD_NON_ISO netlink feature configurable.
During the CAN FD standardization process within the ISO it turned out that
the failure detection capability has to be improved.
The CAN in Automation organization (CiA) defined the already implemented CAN
FD controllers as 'non-ISO' and the upcoming improved CAN FD controllers as
'ISO' compliant. See at http://www.can-cia.com/index.php?id=1937
Starting with the - currently non-ISO - driver for M_CAN v3.0.1 introduced in
Linux 3.18 this bit needs to be propagated to userspace. In future drivers this
bit will become configurable depending on the CAN FD controllers capabilities.
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
---
include/linux/can/netlink.h | 1 +
ip/iplink_can.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/include/linux/can/netlink.h b/include/linux/can/netlink.h
index 25fd52c..6d4ec2a 100644
--- a/include/linux/can/netlink.h
+++ b/include/linux/can/netlink.h
@@ -98,6 +98,7 @@ struct can_ctrlmode {
#define CAN_CTRLMODE_BERR_REPORTING 0x10 /* Bus-error reporting */
#define CAN_CTRLMODE_FD 0x20 /* CAN FD mode */
#define CAN_CTRLMODE_PRESUME_ACK 0x40 /* Ignore missing CAN ACKs */
+#define CAN_CTRLMODE_FD_NON_ISO 0x80 /* CAN FD in non-ISO mode */
/*
* CAN device statistics
diff --git a/ip/iplink_can.c b/ip/iplink_can.c
index fb50332..f1b089d 100644
--- a/ip/iplink_can.c
+++ b/ip/iplink_can.c
@@ -37,6 +37,7 @@ static void print_usage(FILE *f)
"\t[ one-shot { on | off } ]\n"
"\t[ berr-reporting { on | off } ]\n"
"\t[ fd { on | off } ]\n"
+ "\t[ fd-non-iso { on | off } ]\n"
"\t[ presume-ack { on | off } ]\n"
"\n"
"\t[ restart-ms TIME-MS ]\n"
@@ -100,6 +101,7 @@ static void print_ctrlmode(FILE *f, __u32 cm)
_PF(CAN_CTRLMODE_ONE_SHOT, "ONE-SHOT");
_PF(CAN_CTRLMODE_BERR_REPORTING, "BERR-REPORTING");
_PF(CAN_CTRLMODE_FD, "FD");
+ _PF(CAN_CTRLMODE_FD_NON_ISO, "FD-NON-ISO");
_PF(CAN_CTRLMODE_PRESUME_ACK, "PRESUME-ACK");
#undef _PF
if (cm)
@@ -203,6 +205,10 @@ static int can_parse_opt(struct link_util *lu, int argc, char **argv,
NEXT_ARG();
set_ctrlmode("fd", *argv, &cm,
CAN_CTRLMODE_FD);
+ } else if (matches(*argv, "fd-non-iso") == 0) {
+ NEXT_ARG();
+ set_ctrlmode("fd-non-iso", *argv, &cm,
+ CAN_CTRLMODE_FD_NON_ISO);
} else if (matches(*argv, "presume-ack") == 0) {
NEXT_ARG();
set_ctrlmode("presume-ack", *argv, &cm,
--
2.1.4
^ permalink raw reply related
* RE: [PATCH net-next 2/2] flow_dissector: add tipc support
From: Jon Maloy @ 2015-01-22 18:38 UTC (permalink / raw)
To: Eric Dumazet, Erik Hugne
Cc: Richard Alpe, netdev@vger.kernel.org, ying.xue@windriver.com,
tipc-discussion@lists.sourceforge.net
In-Reply-To: <1421947751.3471.12.camel@edumazet-glaptop2.roam.corp.google.com>
> -----Original Message-----
> From: Eric Dumazet [mailto:eric.dumazet@gmail.com]
> Sent: January-22-15 12:29 PM
> To: Erik Hugne
> Cc: Richard Alpe; netdev@vger.kernel.org; Jon Maloy;
> ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net
> Subject: Re: [PATCH net-next 2/2] flow_dissector: add tipc support
>
> On Thu, 2015-01-22 at 17:10 +0100, erik.hugne@ericsson.com wrote:
> > From: Erik Hugne <erik.hugne@ericsson.com>
> >
> > The flows are hashed on the sending node address, which allows us to
> > spread out the TIPC link processing to RPS enabled cores. There is no
> > point to include the destination address in the hash as that will
> > always be the same for all inbound links. We have experimented with a
> > 3-tuple hash over [srcnode, sport, dport], but this showed to give
> > slightly lower performance because of increased lock contention when
> > the same link was handled by multiple cores.
> >
> > Signed-off-by: Ying Xue <ying.xue@windriver.com>
> > Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
> > Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
> > ---
> > net/core/flow_dissector.c | 14 ++++++++++++++
> > 1 file changed, 14 insertions(+)
> >
> > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> > index 4508493..beb83d1 100644
> > --- a/net/core/flow_dissector.c
> > +++ b/net/core/flow_dissector.c
> > @@ -178,6 +178,20 @@ ipv6:
> > return false;
> > }
> > }
> > + case htons(ETH_P_TIPC): {
> > + struct {
> > + __be32 pre[3];
> > + __be32 srcnode;
> > + } *hdr, _hdr;
>
> Is this header defined somewhere in an include file ?
>
> This looks a bit ugly to locally define the format...
The header is defined in a file (msg.h) inside the TIPC
module code, and cannot be included from here. It is
also a lot more detailed, and comes with a number of
inline functions to manipulate the header. The point
with doing it this way is that we don't want to expose
this header file outside the module code, when it isn't
strictly necessary.
Defining it locally is also a way of making it clear that the
content of word 3 of the header is the only thing that
matters in this context, and that we want to keep the
rest private.
Regards
///jon
>
>
^ permalink raw reply
* Re: [PATCH net 0/2] net: marvell: Fix highmem support on non-TSO path
From: Ezequiel Garcia @ 2015-01-22 18:45 UTC (permalink / raw)
To: deang, Russell King - ARM Linux
Cc: netdev, David Miller, B38611, fabio.estevam
In-Reply-To: <54C1443C.80909@tpi.com>
On 01/22/2015 03:41 PM, Dean Gehnert wrote:
> On 01/21/2015 07:01 AM, Russell King - ARM Linux wrote:
>> On Wed, Jan 21, 2015 at 09:54:08AM -0300, Ezequiel Garcia wrote:
>>> These two commits are fixes to the issue reported by Russell King on
>>> mv643xx_eth. Namely, the introduction of a regression by commit
>>> 69ad0dd7af22
>>> which removed the support for highmem skb fragments. The guilty commit
>>> introduced the assumption of fragment's payload being located in
>>> lowmem pages.
>> I do wonder whether 69ad0dd7af22 is the real culpret, or whether there is
>> some other change in the netdev layer that we're missing. That commit is
>> in 3.16, but from what I remember, 3.17 works fine, it's 3.18 which
>> fails.
>>
>>> A similar pattern can be found in the original mvneta driver (in
>>> fact, the
>>> regression was introduced by copy-pasting the mvneta code).
>>>
>>> These fixes are for the non-TSO egress path in mvneta and mv643xx_eth
>>> drivers.
>>> The TSO path needs a more intrusive change, as the TSO API needs to
>>> be fixed
>>> (e.g. to make it work in skb fragments, instead of pointers to data).
>>>
>>> Russell, as I'm still unable to reproduce this, do you think you can
>>> give it a spin over there?
>> Sure - I think the only one I can test is mv643xx_eth, I don't think I
>> have any device which supports mv_neta.
>>
>> The test scenario is for a NFS mount (the Marvell device as the NFS
>> client) over IPv6.
>>
>> Initial testing looks good, I'll let it run for a while with various
>> builds on the NFS share (which iirc was one of the triggering
>> workloads).
>>
>> Thanks.
>>
> FYI, I found a way to reproduce the mv643xx_eth transmit corruption
> without using a network filesystem by using SOCAT (should also be able
> to use NETCAT or NC) and I have a bit more information about the
> corruption that looks like it is somehow related to the cache line size.
>
> 1) Create a "large" input file with known data on the target (saved to
> RAM disk or other storage):
> % php -r 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n", $x);
> }' > ExpectData.in
> or
> % perl -e 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n",
> $x); }' > ExpectData.in
> % md5sum ExpectData.in
> 4a4727232209b85badc1ca25ed4df222 ExpectData.in
> 2) Start SOCAT on the host system to perform Ethernet receive MD5
> checksum of the data:
> % socat -s -u TCP4-LISTEN:4000,fork,reuseaddr EXEC:md5sum
> 3) Enable TSO on the target:
> % ethtool -K eth0 tso on
> 4) Send the data file from the target to the host using SOCAT with a
> non-cache aligned block size:
> % socat -b$(((1024*10)+1)) -u ExpectData.in TCP:192.168.1.212:4000
> 5) The SOCAT running on the host system will report the MD5 checksum. If
> the MD5 is correct, it should be 4a4727232209b85badc1ca25ed4df222.
>
> What I am seeing is every now and then, there are 32-bits (4 bytes) of
> data in the transmit Ethernet stream that are corrupted. If I change the
> SOCAT block size to something that is Armada 300 (Kirkwood) cache line
> aligned (ie. -b$(((1024*10)+0)) or -b$(((1024*10)+8))), it works just
> fine... If you want to capture the actual file and look at it, you can
> use SOCAT:
> % socat -u TCP4-LISTEN:4000,fork,reuseaddr OPEN:ActualData.in,creat
> and since the data file is text, it is really easy to see the corruption
> (diff ExpectData.in ActualData.in | less).
>
> I can disable TSO (ethtool -K eth0 tso off) and re-run the tests and the
> corruption does not occur.
>
> I will give Ezequiel's latest patches a test a today and let you know if
> they change the behavior.
>
Sigh, this smells like a completely different bug. Which kernel version
are you testing?
--
Ezequiel García, Free Electrons
Embedded Linux, Kernel and Android Engineering
http://free-electrons.com
^ permalink raw reply
* Re: [PATCH net 2/2] net: cls_bpf: fix auto generation of per list handles
From: Alexei Starovoitov @ 2015-01-22 18:52 UTC (permalink / raw)
To: Daniel Borkmann
Cc: David S. Miller, Jiří Pírko,
netdev@vger.kernel.org
In-Reply-To: <1421919662-21066-3-git-send-email-dborkman@redhat.com>
On Thu, Jan 22, 2015 at 1:41 AM, Daniel Borkmann <dborkman@redhat.com> wrote:
> When creating a bpf classifier in tc with priority collisions and
> invoking automatic unique handle assignment, cls_bpf_grab_new_handle()
> will return a wrong handle id which in fact is non-unique. Usually
> altering of specific filters is being addressed over major id, but
> in case of collisions we result in a filter chain, where handle ids
> address individual cls_bpf_progs inside the classifier.
>
> Issue is, in cls_bpf_grab_new_handle() we probe for head->hgen handle
> in cls_bpf_get() and in case we found a free handle, we're supposed
> to use exactly head->hgen. In case of insufficient numbers of handles,
> we bail out later as handle id 0 is not allowed.
>
> Fixes: 7d1d65cb84e1 ("net: sched: cls_bpf: add BPF-based classifier")
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
> Acked-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
interesting bug. first time I'm looking at this bit and wondering
why everyone copy pasting such hgenerator instead of using idr...
^ permalink raw reply
* RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous mode control
From: Skidmore, Donald C @ 2015-01-22 19:00 UTC (permalink / raw)
To: David Laight, Hiroshi Shimamoto, Bjørn Mork
Cc: e1000-devel@lists.sourceforge.net, netdev@vger.kernel.org,
Choi, Sy Jong, linux-kernel@vger.kernel.org, Hayato Momma
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D1CAD0C8A@AcuExch.aculab.com>
> -----Original Message-----
> From: David Laight [mailto:David.Laight@ACULAB.COM]
> Sent: Thursday, January 22, 2015 1:50 AM
> To: Skidmore, Donald C; Hiroshi Shimamoto; Bjørn Mork
> Cc: e1000-devel@lists.sourceforge.net; netdev@vger.kernel.org; Choi, Sy
> Jong; linux-kernel@vger.kernel.org; Hayato Momma
> Subject: RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous
> mode control
>
> From: Skidmore, Donald C
> > > > From: Hiroshi Shimamoto
> > > > > My concern is what is the real issue that VF multicast
> > > > > promiscuous mode
> > > can cause.
> > > > > I think there is the 4k entries to filter multicast address, and
> > > > > the current ixgbe/ixgbevf can turn all bits on from VM. That is
> > > > > almost same as
> > > enabling multicast promiscuous mode.
> > > > > I mean that we can receive all multicast addresses by an onerous
> > > operation in untrusted VM.
> > > > > I think we should clarify what is real security issue in this context.
> > > >
> > > > If you are worried about passing un-enabled multicasts to users
> > > > then what about doing a software hash of received multicasts and
> > > > checking against an actual list of multicasts enabled for that hash entry.
> > > > Under normal conditions there is likely to be only a single address to
> check.
> > > >
> > > > It may (or may not) be best to use the same hash as any hashing
> > > > hardware filter uses.
> > >
> > > thanks for the comment. But I don't think that is the point.
> > >
> > > I guess, introducing VF multicast promiscuous mode seems to add new
> > > privilege to peek every multicast packet in VM and that doesn't look
> good.
> > > On the other hand, I think that there has been the same privilege in
> > > the current ixgbe/ixgbevf implementation already. Or I'm reading the
> > > code wrongly.
> > > I'd like to clarify what is the issue of allowing to receive all multicast
> packets.
> >
> > Allowing a VM to give itself the privilege of seeing every multicast
> > packet could be seen as a hole in VM isolation.
> > Now if the host system allows this policy I don't see this as an issue
> > as someone specifically allowed this to happen and then must not be
> concerned.
> > We could even log that it has occurred, which I believe your patch did do.
> > The issue is also further muddied, as you mentioned above, since some
> > of these multicast packets are leaking anyway (the HW currently uses a 12
> bit mask).
> > It's just that this change would greatly enlarge that hole from a
> > fraction to all multicast packets.
>
> Why does it have anything to do with VM isolation?
> Isn't is just the same as if the VM were connected directly to the ethernet
> cable?
>
> David
I do see your point. :)
My hang up is more related to: without the nob to enable it (off by default) we are letting one VF dictate policy for all the other VFs and the PF. If one VF needs to be in promiscuous multicast so is everyone else. Their stacks now needs to deal with all the extra multicast packets. As you point out this might not be a direct concern for isolation in that the VM could have 'chosen' to join any Multicast group and seen this traffic. My concern over isolation is one VF has chosen that all the other VM now have to see this multicast traffic.
This will effect performance as these packets will need to be replicated. So once again my issue is a VF is making the policy decision that doing this is ok for the entire system. That should be the PF's job.
Does this give you a better idea where my concerns lay?
^ permalink raw reply
* Re: [PATCH net 0/2] net: marvell: Fix highmem support on non-TSO path
From: Dean Gehnert @ 2015-01-22 19:01 UTC (permalink / raw)
To: Ezequiel Garcia, Russell King - ARM Linux
Cc: netdev, David Miller, B38611, fabio.estevam
In-Reply-To: <54C14564.7060408@free-electrons.com>
On 01/22/2015 10:45 AM, Ezequiel Garcia wrote:
> On 01/22/2015 03:41 PM, Dean Gehnert wrote:
>> On 01/21/2015 07:01 AM, Russell King - ARM Linux wrote:
>>> On Wed, Jan 21, 2015 at 09:54:08AM -0300, Ezequiel Garcia wrote:
>>>> These two commits are fixes to the issue reported by Russell King on
>>>> mv643xx_eth. Namely, the introduction of a regression by commit
>>>> 69ad0dd7af22
>>>> which removed the support for highmem skb fragments. The guilty commit
>>>> introduced the assumption of fragment's payload being located in
>>>> lowmem pages.
>>> I do wonder whether 69ad0dd7af22 is the real culpret, or whether there is
>>> some other change in the netdev layer that we're missing. That commit is
>>> in 3.16, but from what I remember, 3.17 works fine, it's 3.18 which
>>> fails.
>>>
>>>> A similar pattern can be found in the original mvneta driver (in
>>>> fact, the
>>>> regression was introduced by copy-pasting the mvneta code).
>>>>
>>>> These fixes are for the non-TSO egress path in mvneta and mv643xx_eth
>>>> drivers.
>>>> The TSO path needs a more intrusive change, as the TSO API needs to
>>>> be fixed
>>>> (e.g. to make it work in skb fragments, instead of pointers to data).
>>>>
>>>> Russell, as I'm still unable to reproduce this, do you think you can
>>>> give it a spin over there?
>>> Sure - I think the only one I can test is mv643xx_eth, I don't think I
>>> have any device which supports mv_neta.
>>>
>>> The test scenario is for a NFS mount (the Marvell device as the NFS
>>> client) over IPv6.
>>>
>>> Initial testing looks good, I'll let it run for a while with various
>>> builds on the NFS share (which iirc was one of the triggering
>>> workloads).
>>>
>>> Thanks.
>>>
>> FYI, I found a way to reproduce the mv643xx_eth transmit corruption
>> without using a network filesystem by using SOCAT (should also be able
>> to use NETCAT or NC) and I have a bit more information about the
>> corruption that looks like it is somehow related to the cache line size.
>>
>> 1) Create a "large" input file with known data on the target (saved to
>> RAM disk or other storage):
>> % php -r 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n", $x);
>> }' > ExpectData.in
>> or
>> % perl -e 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n",
>> $x); }' > ExpectData.in
>> % md5sum ExpectData.in
>> 4a4727232209b85badc1ca25ed4df222 ExpectData.in
>> 2) Start SOCAT on the host system to perform Ethernet receive MD5
>> checksum of the data:
>> % socat -s -u TCP4-LISTEN:4000,fork,reuseaddr EXEC:md5sum
>> 3) Enable TSO on the target:
>> % ethtool -K eth0 tso on
>> 4) Send the data file from the target to the host using SOCAT with a
>> non-cache aligned block size:
>> % socat -b$(((1024*10)+1)) -u ExpectData.in TCP:192.168.1.212:4000
>> 5) The SOCAT running on the host system will report the MD5 checksum. If
>> the MD5 is correct, it should be 4a4727232209b85badc1ca25ed4df222.
>>
>> What I am seeing is every now and then, there are 32-bits (4 bytes) of
>> data in the transmit Ethernet stream that are corrupted. If I change the
>> SOCAT block size to something that is Armada 300 (Kirkwood) cache line
>> aligned (ie. -b$(((1024*10)+0)) or -b$(((1024*10)+8))), it works just
>> fine... If you want to capture the actual file and look at it, you can
>> use SOCAT:
>> % socat -u TCP4-LISTEN:4000,fork,reuseaddr OPEN:ActualData.in,creat
>> and since the data file is text, it is really easy to see the corruption
>> (diff ExpectData.in ActualData.in | less).
>>
>> I can disable TSO (ethtool -K eth0 tso off) and re-run the tests and the
>> corruption does not occur.
>>
>> I will give Ezequiel's latest patches a test a today and let you know if
>> they change the behavior.
>>
> Sigh, this smells like a completely different bug. Which kernel version
> are you testing?
This was tested on v3.16.7 with all the patches forward to tip of tree
on the mv643xx_eth driver. We are still not devtree enabled, so v3.16.7
is where we are stuck until I get the Armada XP and MV-EBU enabled.
BTW, I did check and I already have all the latest NetDev patches for
the driver and the problem still occurs...
It is almost feeling like a low-level DMA issue being the root cause...
A bit off topic for the NetDev discussion, but we have also seen some
odd behavior with the Firewire OHCI driver in respect to the Kirkwood
platform and DMA... Not sure if they are could be related problems or not.
^ permalink raw reply
* Re: [PATCH net 2/2] net: cls_bpf: fix auto generation of per list handles
From: Daniel Borkmann @ 2015-01-22 19:02 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: David S. Miller, Jiří Pírko,
netdev@vger.kernel.org
In-Reply-To: <CAADnVQLn2QXJaDvbvothBrKZTnPD1sGjh7ZNPuUG=MH3ZJTU4A@mail.gmail.com>
On 01/22/2015 07:52 PM, Alexei Starovoitov wrote:
...
> interesting bug. first time I'm looking at this bit and wondering
> why everyone copy pasting such hgenerator instead of using idr...
I think we should abstract these bits into a helper function. ;)
Hmm, looking into git history tree, hgenerator came later than
idr, so I presume the overhead of idr was not worth it.
^ permalink raw reply
* make allyesconfig i386 build failure with next-20150122
From: Jim Davis @ 2015-01-22 19:10 UTC (permalink / raw)
To: Stephen Rothwell, linux-next, linux-kernel, Greg Kroah-Hartman,
devel, isdn, netdev
make ARCH=i386 allyesconfig fails with
drivers/staging/built-in.o: In function `reset':
(.text+0x2ae89d): multiple definition of `reset'
drivers/isdn/built-in.o:(.text+0x185dc2): first defined here
make[1]: *** [drivers/built-in.o] Error 1
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox