* Re: [PATCH v4 binutils] Add BPF support to binutils...
From: Alexei Starovoitov @ 2017-05-02 3:49 UTC (permalink / raw)
To: David Miller; +Cc: daniel, netdev, xdp-newbies
In-Reply-To: <20170430.120750.651845251226226775.davem@davemloft.net>
On 4/30/17 9:07 AM, David Miller wrote:
> This is mainly a synchronization point, I still need to look
> more deeply into Alexei's -g issue.
>
> New in this version from v3:
> - Remove tailcall from opcode table
> - Rearrange relocations so that numbers match with LLVM ones
> - Emit relocs properly so that dwarf2 debug info tests pass
> - Handle negative load/store offsets properly, add tests
>
> Signed-off-by: David S. Miller <davem@davemloft.net>
dwarf on little endian works now :)
$ /w/binutils-gdb/bld/binutils/objdump -S test.o
test.o: file format elf64-bpfle
Disassembly of section .text:
0000000000000000 <bpf_prog1>:
int bpf_prog1(void *ign)
{
volatile unsigned long t = 0x8983984739ull;
0: 18 01 00 00 39 47 98 83 ldimm64 r0, 590618314553
8: 00 00 00 00 89 00 00 00
10: 7b 1a f8 ff 00 00 00 00 stdw [r1+-8], r10
return *(unsigned long *)((0xffffffff8fff0002ull) + t);
18: 79 a1 f8 ff 00 00 00 00 lddw r10, [r1+-8]
This is great milestone.
Also I finally figured out how to enable native+bpf:
../configure --enable-targets=bpf-elf,x86_64-elf
having support for both in one binary is a big deal :)
Only 'gdb' warns with dual arch support:
"
warning: A handler for the OS ABI "GNU/Linux" is not built into this
configuration
of GDB. Attempting to continue with the default bpf settings.
"
(gdb) x/10i bpf_prog1
0x0 <bpf_prog1>: ldimm64 r0, 590618314553
0x10 <bpf_prog1+16>: stdw [r1+-8], r10
0x18 <bpf_prog1+24>: lddw r10, [r1+-8]
0x20 <bpf_prog1+32>: add r0, -1879113726
0x28 <bpf_prog1+40>: lddw r1, [r0+0]
0x30 <bpf_prog1+48>: exit
0x38: Cannot access memory at address 0x38
the last line also seems wrong. Off by 1 error?
^ permalink raw reply
* Re: [PATCH net-next iproute2 0/3] ip: Initial support for extack errors
From: Jakub Kicinski @ 2017-05-02 3:34 UTC (permalink / raw)
To: David Ahern; +Cc: netdev, stephen
In-Reply-To: <1493695105-9418-1-git-send-email-dsa@cumulusnetworks.com>
On Mon, 1 May 2017 20:18:22 -0700, David Ahern wrote:
> Introduce a new function, rtnl_ack_extack, to allow commands to flip
> to the new error reporting over time.
>
> Convert iplink_modify to use the new function to display error strings
> returned from ip link set commands.
Tested-by: Jakub Kicinski <jakub.kicinski@netronome.com>
^ permalink raw reply
* Re: sparc64 and ARM64 JIT bug
From: David Miller @ 2017-05-02 3:19 UTC (permalink / raw)
To: ast; +Cc: daniel, netdev, xi.wang, catalin.marinas
In-Reply-To: <20170501.230234.787989809925411599.davem@davemloft.net>
From: David Miller <davem@davemloft.net>
Date: Mon, 01 May 2017 23:02:34 -0400 (EDT)
> for (i = 0; i < prog->len; i++) {
> const struct bpf_insn *insn = &prog->insnsi[i];
> int ret;
>
> ret = build_insn(insn, ctx);
> ctx->offset[i] = ctx->idx;
>
> if (ret > 0) {
> i++;
> continue;
> }
> if (ret)
> return ret;
> }
Ok, the fix is to defer the ctx->offset[i] setting until after the
potential extra "i++" increment inside of the "if (ret > 0)" test.
This is how x86_64's JIT handles this.
I'm testing this fix on sparc64 now.
^ permalink raw reply
* [PATCH net-next iproute2 2/3] netlink: Add support for extended ack to rtnl_talk
From: David Ahern @ 2017-05-02 3:18 UTC (permalink / raw)
To: netdev, stephen; +Cc: jakub.kicinski, David Ahern
In-Reply-To: <1493695105-9418-1-git-send-email-dsa@cumulusnetworks.com>
Add support for extended ack error reporting.
Add a new function rtnl_talk_extack that takes a callback as an input
arg. If a netlink response contains extack attributes, the callback is
is invoked with the the err string, offset in the message and a pointer
to the message returned by the kernel.
Adding a new function allows commands to be moved over to the
extended error reporting over time.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
---
include/libnetlink.h | 6 ++++
lib/libnetlink.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 91 insertions(+), 7 deletions(-)
diff --git a/include/libnetlink.h b/include/libnetlink.h
index e7c46f1870aa..6b031454ce2b 100644
--- a/include/libnetlink.h
+++ b/include/libnetlink.h
@@ -71,6 +71,9 @@ typedef int (*rtnl_listen_filter_t)(const struct sockaddr_nl *,
struct rtnl_ctrl_data *,
struct nlmsghdr *n, void *);
+typedef int (*nl_ext_ack_fn_t)(const char *errmsg, __u32 off,
+ struct nlmsghdr *inner_nlh);
+
struct rtnl_dump_filter_arg {
rtnl_filter_t filter;
void *arg1;
@@ -87,6 +90,9 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth,
int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
struct nlmsghdr *answer, size_t len)
__attribute__((warn_unused_result));
+int rtnl_talk_extack(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t len, nl_ext_ack_fn_t errfn)
+ __attribute__((warn_unused_result));
int rtnl_talk_suppress_rtnl_errmsg(struct rtnl_handle *rtnl, struct nlmsghdr *n,
struct nlmsghdr *answer, size_t len)
__attribute__((warn_unused_result));
diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index b5ee751c6b86..f6451dec1332 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -32,6 +32,61 @@
int rcvbuf = 1024 * 1024;
+/* dump netlink extended ack error message */
+static int nl_dump_ext_err(struct nlmsghdr *nlh, nl_ext_ack_fn_t errfn)
+{
+ const struct nla_policy extack_policy[NLMSGERR_ATTR_MAX + 1] = {
+ [NLMSGERR_ATTR_MSG] = { .type = NLA_STRING },
+ [NLMSGERR_ATTR_OFFS] = { .type = NLA_U32 },
+ };
+ struct nlattr *tb[NLMSGERR_ATTR_MAX + 1], *attr;
+ struct nlmsghdr *err_nlh = NULL;
+ struct nlmsgerr *err;
+ char *errmsg = NULL;
+ int hlen, alen;
+ __u32 off = 0;
+
+ if (!errfn)
+ return 0;
+
+ /* no TLVs, nothing to do here */
+ if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
+ return 0;
+
+ err = (struct nlmsgerr *)NLMSG_DATA(nlh);
+ hlen = sizeof(*err);
+
+ /* if NLM_F_CAPPED is set then the inner err msg was capped */
+ if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
+ hlen += nlmsg_len(&err->msg);
+
+ attr = (struct nlattr *) ((void *) err + hlen);
+ alen = nlh->nlmsg_len - hlen;
+
+ if (nla_parse(tb, NLMSGERR_ATTR_MAX, attr, alen, extack_policy) != 0) {
+ fprintf(stderr,
+ "Failed to parse extended error attributes\n");
+ return 0;
+ }
+
+
+ if (tb[NLMSGERR_ATTR_MSG])
+ errmsg = (char *) nla_data(tb[NLMSGERR_ATTR_MSG]);
+
+ if (tb[NLMSGERR_ATTR_OFFS]) {
+ off = nla_get_u32(tb[NLMSGERR_ATTR_OFFS]);
+
+ if (off > nlh->nlmsg_len) {
+ fprintf(stderr,
+ "Invalid offset for NLMSGERR_ATTR_OFFS\n");
+ off = 0;
+ } else if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
+ err_nlh = &err->msg;
+ }
+
+ return errfn(errmsg, off, err_nlh);
+}
+
void rtnl_close(struct rtnl_handle *rth)
{
if (rth->fd >= 0) {
@@ -45,6 +100,7 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
{
socklen_t addr_len;
int sndbuf = 32768;
+ int one = 1;
memset(rth, 0, sizeof(*rth));
@@ -67,6 +123,11 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
return -1;
}
+ if (setsockopt(rth->fd, SOL_NETLINK, NETLINK_EXT_ACK,
+ &one, sizeof(one)) < 0) {
+ /* debug/verbose message that it is not supported */
+ }
+
memset(&rth->local, 0, sizeof(rth->local));
rth->local.nl_family = AF_NETLINK;
rth->local.nl_groups = subscriptions;
@@ -413,9 +474,19 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth,
return rtnl_dump_filter_l(rth, a);
}
+static void rtnl_talk_error(struct nlmsghdr *h, struct nlmsgerr *err,
+ nl_ext_ack_fn_t errfn)
+{
+ if (nl_dump_ext_err(h, errfn))
+ return;
+
+ fprintf(stderr, "RTNETLINK answers: %s\n",
+ strerror(-err->error));
+}
+
static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
struct nlmsghdr *answer, size_t maxlen,
- bool show_rtnl_err)
+ bool show_rtnl_err, nl_ext_ack_fn_t errfn)
{
int status;
unsigned int seq;
@@ -502,10 +573,10 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
return 0;
}
- if (rtnl->proto != NETLINK_SOCK_DIAG && show_rtnl_err)
- fprintf(stderr,
- "RTNETLINK answers: %s\n",
- strerror(-err->error));
+ if (rtnl->proto != NETLINK_SOCK_DIAG &&
+ show_rtnl_err)
+ rtnl_talk_error(h, err, errfn);
+
errno = -err->error;
return -1;
}
@@ -537,13 +608,20 @@ static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
struct nlmsghdr *answer, size_t maxlen)
{
- return __rtnl_talk(rtnl, n, answer, maxlen, true);
+ return __rtnl_talk(rtnl, n, answer, maxlen, true, NULL);
+}
+
+int rtnl_talk_extack(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t maxlen,
+ nl_ext_ack_fn_t errfn)
+{
+ return __rtnl_talk(rtnl, n, answer, maxlen, true, errfn);
}
int rtnl_talk_suppress_rtnl_errmsg(struct rtnl_handle *rtnl, struct nlmsghdr *n,
struct nlmsghdr *answer, size_t maxlen)
{
- return __rtnl_talk(rtnl, n, answer, maxlen, false);
+ return __rtnl_talk(rtnl, n, answer, maxlen, false, NULL);
}
int rtnl_listen_all_nsid(struct rtnl_handle *rth)
--
2.1.4
^ permalink raw reply related
* [PATCH net-next iproute2 3/3] ip link: Add extack handling for setlink
From: David Ahern @ 2017-05-02 3:18 UTC (permalink / raw)
To: netdev, stephen; +Cc: jakub.kicinski, David Ahern
In-Reply-To: <1493695105-9418-1-git-send-email-dsa@cumulusnetworks.com>
Flip iplink_modify to rtnl_talk_extack. For this first patch only
error messages returned from the kernel are displayed to the user.
Follow on patches can add parsing of the returned message and the
error offset to show which attribute caused an error.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
---
ip/iplink.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/ip/iplink.c b/ip/iplink.c
index ae1c70ebcc81..aad0220a63a7 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -861,6 +861,19 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req,
return ret - argc;
}
+static int iplink_extack(const char *errmsg, __u32 off,
+ struct nlmsghdr *err_nlh)
+{
+ int rc = 0;
+
+ if (errmsg) {
+ rc++;
+ fprintf(stderr, "Error: %s\n", errmsg);
+ }
+
+ return rc;
+}
+
static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
{
int len;
@@ -906,7 +919,8 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
req.i.ifi_index = 0;
addattr32(&req.n, sizeof(req), IFLA_GROUP, group);
- if (rtnl_talk(&rth, &req.n, NULL, 0) < 0)
+ if (rtnl_talk_extack(&rth, &req.n, NULL, 0,
+ iplink_extack) < 0)
return -2;
return 0;
}
@@ -1001,7 +1015,7 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
return -1;
}
- if (rtnl_talk(&rth, &req.n, NULL, 0) < 0)
+ if (rtnl_talk_extack(&rth, &req.n, NULL, 0, iplink_extack) < 0)
return -2;
return 0;
--
2.1.4
^ permalink raw reply related
* [PATCH net-next iproute2 1/3] netlink: import netlink message parsing from kernel
From: David Ahern @ 2017-05-02 3:18 UTC (permalink / raw)
To: netdev, stephen; +Cc: jakub.kicinski, David Ahern
In-Reply-To: <1493695105-9418-1-git-send-email-dsa@cumulusnetworks.com>
include/nlattr.h is pulled from include/net/netlink.h.
lib/nlattr.c is pulled from lib/nlattr.c
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
---
include/libnetlink.h | 8 +++
include/nlattr.h | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++
lib/Makefile | 2 +-
lib/libnetlink.c | 4 --
lib/nlattr.c | 145 +++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 316 insertions(+), 5 deletions(-)
create mode 100644 include/nlattr.h
create mode 100644 lib/nlattr.c
diff --git a/include/libnetlink.h b/include/libnetlink.h
index c43ab0a2d9d9..e7c46f1870aa 100644
--- a/include/libnetlink.h
+++ b/include/libnetlink.h
@@ -11,6 +11,11 @@
#include <linux/neighbour.h>
#include <linux/netconf.h>
#include <arpa/inet.h>
+#include "nlattr.h"
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b) ? (a) : (b))
+#endif
struct rtnl_handle {
int fd;
@@ -227,4 +232,7 @@ int rtnl_from_file(FILE *, rtnl_listen_filter_t handler,
* messages from dump file */
#define NLMSG_TSTAMP 15
+int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
+ int len, const struct nla_policy *policy);
+
#endif /* __LIBNETLINK_H__ */
diff --git a/include/nlattr.h b/include/nlattr.h
new file mode 100644
index 000000000000..0859b6ce686c
--- /dev/null
+++ b/include/nlattr.h
@@ -0,0 +1,162 @@
+#ifndef __NLATTR_H
+#define __NLATTR_H
+
+#include <linux/netlink.h>
+
+/**
+ * Standard attribute types to specify validation policy
+ */
+enum {
+ NLA_UNSPEC,
+ NLA_U8,
+ NLA_U16,
+ NLA_U32,
+ NLA_U64,
+ NLA_STRING,
+ NLA_FLAG,
+ NLA_MSECS,
+ NLA_NESTED,
+ NLA_NESTED_COMPAT,
+ NLA_NUL_STRING,
+ NLA_BINARY,
+ NLA_S8,
+ NLA_S16,
+ NLA_S32,
+ NLA_S64,
+ __NLA_TYPE_MAX,
+};
+
+#define NLA_TYPE_MAX (__NLA_TYPE_MAX - 1)
+
+/**
+ * nla_type - attribute type
+ * @nla: netlink attribute
+ */
+static inline int nla_type(const struct nlattr *nla)
+{
+ return nla->nla_type & NLA_TYPE_MASK;
+}
+
+/**
+ * nla_len - length of payload
+ * @nla: netlink attribute
+ */
+static inline int nla_len(const struct nlattr *nla)
+{
+ return nla->nla_len - NLA_HDRLEN;
+}
+
+/**
+ * struct nla_policy - attribute validation policy
+ * @type: Type of attribute or NLA_UNSPEC
+ * @len: Type specific length of payload
+ *
+ * Policies are defined as arrays of this struct, the array must be
+ * accessible by attribute type up to the highest identifier to be expected.
+ *
+ * Meaning of `len' field:
+ * NLA_STRING Maximum length of string
+ * NLA_NUL_STRING Maximum length of string (excluding NUL)
+ * NLA_FLAG Unused
+ * NLA_BINARY Maximum length of attribute payload
+ * NLA_NESTED Don't use `len' field -- length verification is
+ * done by checking len of nested header (or empty)
+ * NLA_NESTED_COMPAT Minimum length of structure payload
+ * NLA_U8, NLA_U16,
+ * NLA_U32, NLA_U64,
+ * NLA_S8, NLA_S16,
+ * NLA_S32, NLA_S64,
+ * NLA_MSECS Leaving the length field zero will verify the
+ * given type fits, using it verifies minimum length
+ * just like "All other"
+ * All other Minimum length of attribute payload
+ *
+ * Example:
+ * static const struct nla_policy my_policy[ATTR_MAX+1] = {
+ * [ATTR_FOO] = { .type = NLA_U16 },
+ * [ATTR_BAR] = { .type = NLA_STRING, .len = BARSIZ },
+ * [ATTR_BAZ] = { .len = sizeof(struct mystruct) },
+ * };
+ */
+struct nla_policy {
+ __u16 type;
+ __u16 len;
+};
+
+/**
+ * nla_ok - check if the netlink attribute fits into the remaining bytes
+ * @nla: netlink attribute
+ * @remaining: number of bytes remaining in attribute stream
+ */
+static inline int nla_ok(const struct nlattr *nla, int remaining)
+{
+ return remaining >= (int) sizeof(*nla) &&
+ nla->nla_len >= sizeof(*nla) &&
+ nla->nla_len <= remaining;
+}
+
+/**
+ * nla_next - next netlink attribute in attribute stream
+ * @nla: netlink attribute
+ * @remaining: number of bytes remaining in attribute stream
+ *
+ * Returns the next netlink attribute in the attribute stream and
+ * decrements remaining by the size of the current attribute.
+ */
+static inline struct nlattr *nla_next(const struct nlattr *nla, int *remaining)
+{
+ unsigned int totlen = NLA_ALIGN(nla->nla_len);
+
+ *remaining -= totlen;
+ return (struct nlattr *) ((char *) nla + totlen);
+}
+
+/**
+ * nla_for_each_attr - iterate over a stream of attributes
+ * @pos: loop counter, set to current attribute
+ * @head: head of attribute stream
+ * @len: length of attribute stream
+ * @rem: initialized to len, holds bytes currently remaining in stream
+ */
+#define nla_for_each_attr(pos, head, len, rem) \
+ for (pos = head, rem = len; \
+ nla_ok(pos, rem); \
+ pos = nla_next(pos, &(rem)))
+
+/**
+ * nla_data - head of payload
+ * @nla: netlink attribute
+ */
+static inline void *nla_data(const struct nlattr *nla)
+{
+ return (char *) nla + NLA_HDRLEN;
+}
+
+/**
+ * nla_get_u32 - return payload of u32 attribute
+ * @nla: u32 netlink attribute
+ */
+static inline __u32 nla_get_u32(const struct nlattr *nla)
+{
+ return *(__u32 *) nla_data(nla);
+}
+
+/**
+ * nla_get_u16 - return payload of u16 attribute
+ * @nla: u16 netlink attribute
+ */
+static inline __u16 nla_get_u16(const struct nlattr *nla)
+{
+ return *(__u16 *) nla_data(nla);
+}
+
+/**
+ * nlmsg_len - length of message payload
+ * @nlh: netlink message header
+ */
+static inline int nlmsg_len(const struct nlmsghdr *nlh)
+{
+ return nlh->nlmsg_len - NLMSG_HDRLEN;
+}
+
+#endif /* __NLATTR_H */
diff --git a/lib/Makefile b/lib/Makefile
index 1d24ca24b9a3..77fac8d59446 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -8,7 +8,7 @@ CFLAGS += -fPIC
UTILOBJ = utils.o rt_names.o ll_types.o ll_proto.o ll_addr.o \
inet_proto.o namespace.o json_writer.o \
- names.o color.o bpf.o exec.o fs.o
+ names.o color.o bpf.o exec.o fs.o nlattr.o
NLOBJ=libgenl.o ll_map.o libnetlink.o
diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index 5b75b2db4e0b..b5ee751c6b86 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -30,10 +30,6 @@
#define SOL_NETLINK 270
#endif
-#ifndef MIN
-#define MIN(a, b) ((a) < (b) ? (a) : (b))
-#endif
-
int rcvbuf = 1024 * 1024;
void rtnl_close(struct rtnl_handle *rth)
diff --git a/lib/nlattr.c b/lib/nlattr.c
new file mode 100644
index 000000000000..2a3a031fdb65
--- /dev/null
+++ b/lib/nlattr.c
@@ -0,0 +1,145 @@
+/*
+ * NETLINK Netlink attributes
+ *
+ * Authors: Thomas Graf <tgraf@suug.ch>
+ * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+ */
+
+#include <errno.h>
+#include "nlattr.h"
+#include "libnetlink.h"
+
+static const __u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
+ [NLA_U8] = sizeof(__u8),
+ [NLA_U16] = sizeof(__u16),
+ [NLA_U32] = sizeof(__u32),
+ [NLA_U64] = sizeof(__u64),
+ [NLA_MSECS] = sizeof(__u64),
+ [NLA_NESTED] = NLA_HDRLEN,
+ [NLA_S8] = sizeof(__s8),
+ [NLA_S16] = sizeof(__s16),
+ [NLA_S32] = sizeof(__s32),
+ [NLA_S64] = sizeof(__s64),
+};
+
+static int validate_nla(const struct nlattr *nla, int maxtype,
+ const struct nla_policy *policy)
+{
+ const struct nla_policy *pt;
+ int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla);
+
+ if (type <= 0 || type > maxtype)
+ return 0;
+
+ pt = &policy[type];
+
+ if (pt->type > NLA_TYPE_MAX)
+ return -EINVAL;
+
+ switch (pt->type) {
+ case NLA_FLAG:
+ if (attrlen > 0)
+ return -ERANGE;
+ break;
+
+ case NLA_NUL_STRING:
+ if (pt->len)
+ minlen = MIN(attrlen, pt->len + 1);
+ else
+ minlen = attrlen;
+
+ if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL)
+ return -EINVAL;
+ /* fall through */
+
+ case NLA_STRING:
+ if (attrlen < 1)
+ return -ERANGE;
+
+ if (pt->len) {
+ char *buf = nla_data(nla);
+
+ if (buf[attrlen - 1] == '\0')
+ attrlen--;
+
+ if (attrlen > pt->len)
+ return -ERANGE;
+ }
+ break;
+
+ case NLA_BINARY:
+ if (pt->len && attrlen > pt->len)
+ return -ERANGE;
+ break;
+
+ case NLA_NESTED_COMPAT:
+ if (attrlen < pt->len)
+ return -ERANGE;
+ if (attrlen < NLA_ALIGN(pt->len))
+ break;
+ if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN)
+ return -ERANGE;
+ nla = nla_data(nla) + NLA_ALIGN(pt->len);
+ if (attrlen < NLA_ALIGN(pt->len) + NLA_HDRLEN + nla_len(nla))
+ return -ERANGE;
+ break;
+ case NLA_NESTED:
+ /* a nested attributes is allowed to be empty; if its not,
+ * it must have a size of at least NLA_HDRLEN.
+ */
+ if (attrlen == 0)
+ break;
+ default:
+ if (pt->len)
+ minlen = pt->len;
+ else if (pt->type != NLA_UNSPEC)
+ minlen = nla_attr_minlen[pt->type];
+
+ if (attrlen < minlen)
+ return -ERANGE;
+ }
+
+ return 0;
+}
+
+/**
+ * nla_parse - Parse a stream of attributes into a tb buffer
+ * @tb: destination array with maxtype+1 elements
+ * @maxtype: maximum attribute type to be expected
+ * @head: head of attribute stream
+ * @len: length of attribute stream
+ * @policy: validation policy
+ *
+ * Parses a stream of attributes and stores a pointer to each attribute in
+ * the tb array accessible via the attribute type. Attributes with a type
+ * exceeding maxtype will be silently ignored for backwards compatibility
+ * reasons. policy may be set to NULL if no validation is required.
+ *
+ * Returns 0 on success or a negative error code.
+ */
+int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
+ int len, const struct nla_policy *policy)
+{
+ const struct nlattr *nla;
+ int rem, err;
+
+ memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
+
+ nla_for_each_attr(nla, head, len, rem) {
+ __u16 type = nla_type(nla);
+
+ if (type > 0 && type <= maxtype) {
+ if (policy) {
+ err = validate_nla(nla, maxtype, policy);
+ if (err < 0)
+ goto errout;
+ }
+
+ tb[type] = (struct nlattr *)nla;
+ }
+ }
+
+ err = 0;
+errout:
+ return err;
+}
--
2.1.4
^ permalink raw reply related
* [PATCH net-next iproute2 0/3] ip: Initial support for extack errors
From: David Ahern @ 2017-05-02 3:18 UTC (permalink / raw)
To: netdev, stephen; +Cc: jakub.kicinski, David Ahern
Introduce a new function, rtnl_ack_extack, to allow commands to flip
to the new error reporting over time.
Convert iplink_modify to use the new function to display error strings
returned from ip link set commands.
David Ahern (3):
netlink: import netlink message parsing from kernel
netlink: Add support for extended ack to rtnl_talk
ip link: Add extack handling for setlink
include/libnetlink.h | 14 +++++
include/nlattr.h | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++
ip/iplink.c | 18 +++++-
lib/Makefile | 2 +-
lib/libnetlink.c | 96 ++++++++++++++++++++++++++----
lib/nlattr.c | 145 +++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 423 insertions(+), 14 deletions(-)
create mode 100644 include/nlattr.h
create mode 100644 lib/nlattr.c
--
2.1.4
^ permalink raw reply
* Re: [PATCH v3 binutils] Add BPF support to binutils...
From: Alexei Starovoitov @ 2017-05-02 3:14 UTC (permalink / raw)
To: David Miller; +Cc: daniel, aconole, netdev, xdp-newbies
In-Reply-To: <20170501.230323.816591707269395321.davem@davemloft.net>
On 5/1/17 8:03 PM, David Miller wrote:
> From: Alexei Starovoitov <ast@fb.com>
> Date: Mon, 1 May 2017 19:49:21 -0700
>
>> On 4/30/17 11:21 AM, David Miller wrote:
>>> built with:
>>>
>>> clang -O2 -target bpfel -g -c x.c -o x.o
>>>
>>> readelf can see it just fine:
>>>
>>> [davem@localhost binutils]$ ./readelf --debug-dump=loc ./xel.o
>>> Contents of the .debug_loc section:
>>>
>>> Offset Begin End Expression
>>> 00000000 0000000000000000 0000000000000010 (DW_OP_reg1 (r1))
>>> 00000013 <End of list>
>>> 00000023 0000000000000010 0000000000000020 (DW_OP_constu:
>>> 590618314553; DW_OP_stack_value)
>>> 0000003d 0000000000000020 0000000000000030 (DW_OP_reg1 (r1))
>>> 00000050 <End of list>
>>>
>>> But with big-endian:
>>>
>>> [davem@localhost binutils]$ ./readelf --debug-dump=loc ./xeb.o
>>> readelf: Warning: Invalid pointer size (0) in compunit header, using 4
>>> instead
>>> readelf: Warning: Bogus end-of-siblings marker detected at offset 27
>>> in .debug_info section
>>> readelf: Warning: Bogus end-of-siblings marker detected at offset 28
>>> in .debug_info section
>>> readelf: Warning: DIE at offset 0x29 refers to abbreviation number 48
>>> which does not exist
>>> readelf: Warning: Unable to load/parse the .debug_info section, so
>>> cannot interpret the .debug_loc section.
>>
>> yeah. clang emitted dwarf for big-endian is broken.
>> This dwarf stuff is too complicated for normal human beings.
>> The tight packing making debugging it quite painful.
>
> But doesn't the CLANG DWARF2 emission code look at the target
> endianness?
it certainly does and on bpf backend side I'm not doing
anything special comparing to what other bi-endian architectures
like ppc and mips are doing. Obviously I missed something.
^ permalink raw reply
* Re: [PATCH v3 binutils] Add BPF support to binutils...
From: David Miller @ 2017-05-02 3:03 UTC (permalink / raw)
To: ast; +Cc: daniel, aconole, netdev, xdp-newbies
In-Reply-To: <b96ef138-9862-5091-9041-76516f852e48@fb.com>
From: Alexei Starovoitov <ast@fb.com>
Date: Mon, 1 May 2017 19:49:21 -0700
> On 4/30/17 11:21 AM, David Miller wrote:
>> built with:
>>
>> clang -O2 -target bpfel -g -c x.c -o x.o
>>
>> readelf can see it just fine:
>>
>> [davem@localhost binutils]$ ./readelf --debug-dump=loc ./xel.o
>> Contents of the .debug_loc section:
>>
>> Offset Begin End Expression
>> 00000000 0000000000000000 0000000000000010 (DW_OP_reg1 (r1))
>> 00000013 <End of list>
>> 00000023 0000000000000010 0000000000000020 (DW_OP_constu:
>> 590618314553; DW_OP_stack_value)
>> 0000003d 0000000000000020 0000000000000030 (DW_OP_reg1 (r1))
>> 00000050 <End of list>
>>
>> But with big-endian:
>>
>> [davem@localhost binutils]$ ./readelf --debug-dump=loc ./xeb.o
>> readelf: Warning: Invalid pointer size (0) in compunit header, using 4
>> instead
>> readelf: Warning: Bogus end-of-siblings marker detected at offset 27
>> in .debug_info section
>> readelf: Warning: Bogus end-of-siblings marker detected at offset 28
>> in .debug_info section
>> readelf: Warning: DIE at offset 0x29 refers to abbreviation number 48
>> which does not exist
>> readelf: Warning: Unable to load/parse the .debug_info section, so
>> cannot interpret the .debug_loc section.
>
> yeah. clang emitted dwarf for big-endian is broken.
> This dwarf stuff is too complicated for normal human beings.
> The tight packing making debugging it quite painful.
But doesn't the CLANG DWARF2 emission code look at the target
endianness?
^ permalink raw reply
* sparc64 and ARM64 JIT bug (was Re: LLVM 4.0 code generation bug)
From: David Miller @ 2017-05-02 3:02 UTC (permalink / raw)
To: ast; +Cc: daniel, netdev, xi.wang, catalin.marinas
In-Reply-To: <e75404e5-c68d-6f08-afdc-e57174b88a32@fb.com>
From: Alexei Starovoitov <ast@fb.com>
Date: Mon, 1 May 2017 19:39:33 -0700
> On 5/1/17 7:31 PM, David Miller wrote:
>>
>> If the last BPF instruction before exit is a ldimm64, branches to the
>> exit point at the wrong location.
>>
>> Here is what I get from test_pkt_access.c on sparc:
>>
>> 0000000000000000 <process>:
>> 0: b7 00 00 00 00 00 00 02 mov r0, 2
>> 8: 61 21 00 50 00 00 00 00 ldw r2, [r1+80]
>> 10: 61 11 00 4c 00 00 00 00 ldw r1, [r1+76]
>> 18: bf 41 00 00 00 00 00 00 mov r4, r1
>> 20: 07 40 00 00 00 00 00 0e add r4, 14
>> 28: 2d 42 00 25 00 00 00 00 jgt r4, r2, 148 <LBB0_11>
>> ...
>> 0000000000000148 <LBB0_11>:
>> 148: 18 00 00 00 ff ff ff ff ldimm64 r0, 4294967295
>> 150: 00 00 00 00 00 00 00 00
>>
>> 0000000000000158 <LBB0_12>:
>> 158: 95 00 00 00 00 00 00 00 exit
...
> looks fine to me. it jumps to 0x158,
> since offset 0 is the next insn after jump which is 0x30
> That's how classic bpf defined jumps.
Ok, it seems that both arm64 and sparc64's JIT handle the above
situation improperly.
They both work by recording the instruction offsets in an array which
is indexed off by one. It it built like this:
for (i = 0; i < prog->len; i++) {
const struct bpf_insn *insn = &prog->insnsi[i];
int ret;
ret = build_insn(insn, ctx);
ctx->offset[i] = ctx->idx;
if (ret > 0) {
i++;
continue;
}
if (ret)
return ret;
}
That is, we record the JIT'd instruction offset for BPF instruction
'idx' in array entry 'idx - 1'.
Then when we emit a relative branch, we lookup the destination offset
using "ctx->offset[this_insn_idx + insn->off]"
And this works most of the time. It doesn't work for the scenerio
above, because 'idx - 1' is not necessarily the index of the previous
BPF instruction. Instead, that might point to the second half of an
lddimm64 instruction.
This bug was introduced by commit
8eee539ddea09bccae2426f09b0ba6a18b72b691 ("arm64: bpf: fix
out-of-bounds read in bpf2a64_offset()") and I copied the logic into
sparc64 :-)
^ permalink raw reply
* Re: [PATCH v3 binutils] Add BPF support to binutils...
From: Alexei Starovoitov @ 2017-05-02 2:49 UTC (permalink / raw)
To: David Miller; +Cc: daniel, aconole, netdev, xdp-newbies
In-Reply-To: <20170430.142104.1845572453793505873.davem@davemloft.net>
On 4/30/17 11:21 AM, David Miller wrote:
> built with:
>
> clang -O2 -target bpfel -g -c x.c -o x.o
>
> readelf can see it just fine:
>
> [davem@localhost binutils]$ ./readelf --debug-dump=loc ./xel.o
> Contents of the .debug_loc section:
>
> Offset Begin End Expression
> 00000000 0000000000000000 0000000000000010 (DW_OP_reg1 (r1))
> 00000013 <End of list>
> 00000023 0000000000000010 0000000000000020 (DW_OP_constu: 590618314553; DW_OP_stack_value)
> 0000003d 0000000000000020 0000000000000030 (DW_OP_reg1 (r1))
> 00000050 <End of list>
>
> But with big-endian:
>
> [davem@localhost binutils]$ ./readelf --debug-dump=loc ./xeb.o
> readelf: Warning: Invalid pointer size (0) in compunit header, using 4 instead
> readelf: Warning: Bogus end-of-siblings marker detected at offset 27 in .debug_info section
> readelf: Warning: Bogus end-of-siblings marker detected at offset 28 in .debug_info section
> readelf: Warning: DIE at offset 0x29 refers to abbreviation number 48 which does not exist
> readelf: Warning: Unable to load/parse the .debug_info section, so cannot interpret the .debug_loc section.
yeah. clang emitted dwarf for big-endian is broken.
This dwarf stuff is too complicated for normal human beings.
The tight packing making debugging it quite painful.
^ permalink raw reply
* [PATCH net v2] net: hns: fix ethtool_get_strings overflow in hns driver
From: Timmy Li @ 2017-05-02 2:46 UTC (permalink / raw)
To: davem, huangdaode, lipeng321, yisen.zhuang, salil.mehta,
yankejian
Cc: mbrugger, netdev, linux-kernel, linuxarm, Timmy Li
hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated
is not enough for ethtool_get_strings(), which will cause random memory
corruption.
When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the
the following can be observed without this patch:
[ 43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=ffff801fb0b69030, len=80
[ 43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070.
[ 43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70)
[ 43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b ppe1_tx_pkt.kkkk
[ 43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b ppe1_tx_pkt_ok.k
[ 43.115218] Next obj: start=ffff801fb0b69098, len=80
[ 43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b.
[ 43.115229] Last user: [<ffff0000084b11b0>](acpi_os_release_object+0x28/0x38)
[ 43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f ty.kkkkkppe1_tx_
[ 43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69 pkt_err_csum_fai
Signed-off-by: Timmy Li <lixiaoping3@huawei.com>
---
Changelog:
v1 -> v2:
* Remove unnecessary parenthesis
---
drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +-
drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +-
drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +-
drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
index 3382441..310cc92 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
@@ -672,7 +672,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data)
static int hns_gmac_get_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS)
+ if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
return ARRAY_SIZE(g_gmac_stats_string);
return 0;
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
index 6ea8722..4ecb809 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
@@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb)
int hns_ppe_get_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS)
+ if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
return ETH_PPE_STATIC_NUM;
return 0;
}
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
index f0ed80d6..c176db0 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
@@ -799,7 +799,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data)
*/
int hns_rcb_get_ring_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS)
+ if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
return HNS_RING_STATIC_REG_NUM;
return 0;
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
index aae830a..faacab8 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
@@ -793,7 +793,7 @@ static void hns_xgmac_get_strings(u32 stringset, u8 *data)
*/
static int hns_xgmac_get_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS)
+ if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
return ARRAY_SIZE(g_xgmac_stats_string);
return 0;
--
1.9.1
^ permalink raw reply related
* those bpf binutils testsuite failures..
From: David Miller @ 2017-05-02 2:45 UTC (permalink / raw)
To: aconole; +Cc: netdev
I wonder if whatever tool you used to get rid of trailing whitespace
did so in the testsuite foo.d files too? That definitely is
undesirable :-)
^ permalink raw reply
* Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu
From: David Ahern @ 2017-05-02 2:44 UTC (permalink / raw)
To: Andrey Konovalov, Paul E. McKenney
Cc: David S. Miller, Alexey Kuznetsov, James Morris,
Hideaki YOSHIFUJI, Patrick McHardy, netdev, LKML, Josh Triplett,
Steven Rostedt, Mathieu Desnoyers, Lai Jiangshan, Eric Dumazet,
Cong Wang, Dmitry Vyukov, Kostya Serebryany, syzkaller
In-Reply-To: <CAAeHK+yzuh7mAmLR9DgHsLYBykqD8YhFcv=Nx6Az_f+PV_YMzw@mail.gmail.com>
On 4/26/17 9:15 AM, Andrey Konovalov wrote:
> +David
>
> I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get.
>
> Apparently the rcu warning is related to the fib6_del_route bug I've
> been trying to reproduce:
> https://groups.google.com/forum/#!msg/syzkaller/3SS80JbVPKA/2tfIAcW7DwAJ
>
> Adding David, who provided the fix:
> https://patchwork.ozlabs.org/patch/754913/
>
> I've managed to extract a reproducer, attached together with the
> .config that I used.
>
> On commit 5a7ad1146caa895ad718a534399e38bd2ba721b7 (4.11-rc8) with
> David's patch applied.
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5911 at lib/debugobjects.c:289
> debug_print_object+0x175/0x210
> ODEBUG: activate active (active state 1) object type: rcu_head hint:
> (null)
> Modules linked in:
> CPU: 1 PID: 5911 Comm: a.out Not tainted 4.11.0-rc8+ #271
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> Call Trace:
> __dump_stack lib/dump_stack.c:16
> dump_stack+0x192/0x22d lib/dump_stack.c:52
> __warn+0x19f/0x1e0 kernel/panic.c:549
> warn_slowpath_fmt+0xe0/0x120 kernel/panic.c:564
> debug_print_object+0x175/0x210 lib/debugobjects.c:286
> debug_object_activate+0x574/0x7e0 lib/debugobjects.c:442
> debug_rcu_head_queue kernel/rcu/rcu.h:75
> __call_rcu.constprop.76+0xff/0x9c0 kernel/rcu/tree.c:3229
> call_rcu_sched+0x12/0x20 kernel/rcu/tree.c:3288
> rt6_rcu_free net/ipv6/ip6_fib.c:158
> rt6_release+0x1ea/0x290 net/ipv6/ip6_fib.c:188
> fib6_del_route net/ipv6/ip6_fib.c:1461
I think I got to the bottom of this one.
With your config, ip6_tunnel is compiled in.
The program runs in a very tight loop, calling 'unshare -n' and then
spawns 2 sets of 14 threads running random ioctl calls. The networking
sequence:
1. New network namespace created via unshare -n
- ip6tnl0 device is created in down state
2. address added to ip6tnl0 (equivalent to ip -6 addr add dev ip6tnl0
fd00::bb/1)
- the host route is created and inserted into FIB
3. ip6tnl0 is brought up - starts DAD on the address
4. exit namespace
- teardown / cleanup sequence starts
- lo teardown appears to happen BEFORE teardown of ip6tunl0
+ removes host route from FIB
+ host route added to rcu callback list: call_rcu(&rt->dst.rcu_head,
dst_rcu_free);
+ rcu callback has not run yet, so rt is NOT on the gc list so it has
NOT been marked obsolete
5. worker_thread runs addrconf_dad_completed
- calls ipv6_ifa_notify which inserts the host route
All of that happens very quickly. The result is that a route that has
been deleted and added to the RCU list is re-inserted into the FIB. What
happens next depends on order -- in this case the exit namespace
eventually gets to cleaning up ip6tnl0 which removes the host route from
the FIB, calls the rcu function for cleanup -- and triggers the double
rcu trace.
I have a hack that flags this sequence and prevents the re-insertion
following DAD. That allows the command to run until it consumes all 2G
of memory the VM has -- about 600+ iterations without triggering any
stack traces.
^ permalink raw reply
* Re: LLVM 4.0 code generation bug
From: David Miller @ 2017-05-02 2:41 UTC (permalink / raw)
To: ast; +Cc: daniel, netdev
In-Reply-To: <e75404e5-c68d-6f08-afdc-e57174b88a32@fb.com>
From: Alexei Starovoitov <ast@fb.com>
Date: Mon, 1 May 2017 19:39:33 -0700
> On 5/1/17 7:31 PM, David Miller wrote:
>>
>> If the last BPF instruction before exit is a ldimm64, branches to the
>> exit point at the wrong location.
>>
>> Here is what I get from test_pkt_access.c on sparc:
>>
>> 0000000000000000 <process>:
>> 0: b7 00 00 00 00 00 00 02 mov r0, 2
>> 8: 61 21 00 50 00 00 00 00 ldw r2, [r1+80]
>> 10: 61 11 00 4c 00 00 00 00 ldw r1, [r1+76]
>> 18: bf 41 00 00 00 00 00 00 mov r4, r1
>> 20: 07 40 00 00 00 00 00 0e add r4, 14
>> 28: 2d 42 00 25 00 00 00 00 jgt r4, r2, 148 <LBB0_11>
>> ...
>> 0000000000000148 <LBB0_11>:
>> 148: 18 00 00 00 ff ff ff ff ldimm64 r0, 4294967295
>> 150: 00 00 00 00 00 00 00 00
>>
>> 0000000000000158 <LBB0_12>:
>> 158: 95 00 00 00 00 00 00 00 exit
>>
>> The offset field in the "jgt" instruction is 0x25 which multiplied by
>> 8 is 0x128, add 0x128 to the instruction location which is 0x28, and
>> we get 0x150, which is the second 64-bit chunk of the ldimm64
>> instruction.
>
> looks fine to me. it jumps to 0x158,
> since offset 0 is the next insn after jump which is 0x30
> That's how classic bpf defined jumps.
Ok, let me first fix the binutils disassembler :-)
^ permalink raw reply
* Re: LLVM 4.0 code generation bug
From: Alexei Starovoitov @ 2017-05-02 2:39 UTC (permalink / raw)
To: David Miller; +Cc: daniel, netdev
In-Reply-To: <20170501.223136.1311890506697006266.davem@davemloft.net>
On 5/1/17 7:31 PM, David Miller wrote:
>
> If the last BPF instruction before exit is a ldimm64, branches to the
> exit point at the wrong location.
>
> Here is what I get from test_pkt_access.c on sparc:
>
> 0000000000000000 <process>:
> 0: b7 00 00 00 00 00 00 02 mov r0, 2
> 8: 61 21 00 50 00 00 00 00 ldw r2, [r1+80]
> 10: 61 11 00 4c 00 00 00 00 ldw r1, [r1+76]
> 18: bf 41 00 00 00 00 00 00 mov r4, r1
> 20: 07 40 00 00 00 00 00 0e add r4, 14
> 28: 2d 42 00 25 00 00 00 00 jgt r4, r2, 148 <LBB0_11>
> ...
> 0000000000000148 <LBB0_11>:
> 148: 18 00 00 00 ff ff ff ff ldimm64 r0, 4294967295
> 150: 00 00 00 00 00 00 00 00
>
> 0000000000000158 <LBB0_12>:
> 158: 95 00 00 00 00 00 00 00 exit
>
> The offset field in the "jgt" instruction is 0x25 which multiplied by
> 8 is 0x128, add 0x128 to the instruction location which is 0x28, and
> we get 0x150, which is the second 64-bit chunk of the ldimm64
> instruction.
looks fine to me. it jumps to 0x158,
since offset 0 is the next insn after jump which is 0x30
That's how classic bpf defined jumps.
^ permalink raw reply
* LLVM 4.0 code generation bug
From: David Miller @ 2017-05-02 2:31 UTC (permalink / raw)
To: ast; +Cc: daniel, netdev
If the last BPF instruction before exit is a ldimm64, branches to the
exit point at the wrong location.
Here is what I get from test_pkt_access.c on sparc:
0000000000000000 <process>:
0: b7 00 00 00 00 00 00 02 mov r0, 2
8: 61 21 00 50 00 00 00 00 ldw r2, [r1+80]
10: 61 11 00 4c 00 00 00 00 ldw r1, [r1+76]
18: bf 41 00 00 00 00 00 00 mov r4, r1
20: 07 40 00 00 00 00 00 0e add r4, 14
28: 2d 42 00 25 00 00 00 00 jgt r4, r2, 148 <LBB0_11>
...
0000000000000148 <LBB0_11>:
148: 18 00 00 00 ff ff ff ff ldimm64 r0, 4294967295
150: 00 00 00 00 00 00 00 00
0000000000000158 <LBB0_12>:
158: 95 00 00 00 00 00 00 00 exit
The offset field in the "jgt" instruction is 0x25 which multiplied by
8 is 0x128, add 0x128 to the instruction location which is 0x28, and
we get 0x150, which is the second 64-bit chunk of the ldimm64
instruction.
At least this is what my JIT is interpreting this situation as, am I
off by one or something?
^ permalink raw reply
* RE: [PATCH net v3] driver: dummy: Fix one possbile memleak when fail to register_netdevice
From: Gao Feng @ 2017-05-02 2:15 UTC (permalink / raw)
To: 'David Miller'; +Cc: sd, phil, stephen, zhangshengju, netdev
In-Reply-To: <20170430.225336.754367857537363635.davem@davemloft.net>
> From: David Miller [mailto:davem@davemloft.net]
> Sent: Monday, May 1, 2017 10:54 AM
>
> Please, Gao, submit this as a proper, numbered, patch series with a proper
> header posting.
>
> That way you can explain why you took this strategy to fix this problem,
> compared to your original approach.
>
> Thanks.
OK, no problem.
Regards
Feng
^ permalink raw reply
* Re: [PATCH net] tcp: fix wraparound issue in tcp_lp
From: Eric Dumazet @ 2017-05-02 1:58 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: David Miller, netdev
In-Reply-To: <1493687087.31837.30.camel@edumazet-glaptop3.roam.corp.google.com>
On Mon, 2017-05-01 at 18:04 -0700, Eric Dumazet wrote:
>
> Simply to not perform (tcp_time_stamp - tp->rx_opt.rcv_tsecr) twice.
>
> jiffies being volatile, this can not be optimized by the compiler.
>
> I have a patch series (for linux-4.13) that will switch TCP stack to 1ms
> TS options, regardless of CONFIG_HZ value, and when cooking it I found
> this bug.
I forgot to say that after this upcoming patch series, tcp_time_stamp
will become a more expensive function, no longer a plain (u32)jiffies.
^ permalink raw reply
* Re: linux-next: build failure after merge of the block tree
From: Jens Axboe @ 2017-05-02 1:45 UTC (permalink / raw)
To: Stephen Rothwell
Cc: David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Josef Bacik, Johannes Berg, Linus
In-Reply-To: <20170502113720.0e5a6ab4@canb.auug.org.au>
On May 1, 2017, at 7:37 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi Jens,
>
>> On Mon, 1 May 2017 19:09:34 -0600 Jens Axboe <axboe@kernel.dk> wrote:
>>
>> Indeed, I have warned Linus about it. Thanks Stephen.
>
> Thanks.
>
> BTW, (unusually) I did not see your pull request(s) ...
I CC'ed linux-block, so they showed up there at least.
^ permalink raw reply
* Re: linux-next: build failure after merge of the block tree
From: Stephen Rothwell @ 2017-05-02 1:37 UTC (permalink / raw)
To: Jens Axboe
Cc: David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Josef Bacik, Johannes Berg, Linus
In-Reply-To: <5CC6C5A2-B648-45F4-ACD4-AB27CE9AF9BF@kernel.dk>
Hi Jens,
On Mon, 1 May 2017 19:09:34 -0600 Jens Axboe <axboe@kernel.dk> wrote:
>
> Indeed, I have warned Linus about it. Thanks Stephen.
Thanks.
BTW, (unusually) I did not see your pull request(s) ...
--
Cheers,
Stephen Rothwell
^ permalink raw reply
* Re: [PATCH] flower: check unused bits in MPLS fields
From: Jamal Hadi Salim @ 2017-05-02 1:37 UTC (permalink / raw)
To: Benjamin LaHaise, netdev
Cc: David Miller, Simon Horman, Jakub Kicinski, Jiri Pirko
In-Reply-To: <1493647120-17406-1-git-send-email-benjamin.lahaise@netronome.com>
On 17-05-01 09:58 AM, Benjamin LaHaise wrote:
> Since several of the the netlink attributes used to configure the flower
> classifier's MPLS TC, BOS and Label fields have additional bits which are
> unused, check those bits to ensure that they are actually 0 as suggested
> by Jamal.
>
> Signed-off-by: Benjamin LaHaise <benjamin.lahaise@netronome.com>
> Cc: David Miller <davem@davemloft.net>
> Cc: Jamal Hadi Salim <jhs@mojatatu.com>
> Cc: Simon Horman <simon.horman@netronome.com>
> Cc: Jakub Kicinski <kubakici@wp.pl>
> Cc: Jiri Pirko <jiri@resnulli.us>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
cheers,
jamal
^ permalink raw reply
* Re: [PATCH/RFC net-next 0/4] net/sched: cls_flower: avoid false matching of truncated packets
From: Jamal Hadi Salim @ 2017-05-02 1:35 UTC (permalink / raw)
To: Simon Horman
Cc: Jiri Pirko, Cong Wang, Dinan Gunawardena, netdev, oss-drivers
In-Reply-To: <20170501103645.GC24399@vergenet.net>
On 17-05-01 06:36 AM, Simon Horman wrote:
> On Sun, Apr 30, 2017 at 09:51:30AM -0400, Jamal Hadi Salim wrote:
>> On 17-04-28 10:14 AM, Simon Horman wrote:
[..]
>> minimal some flag should qualify it as "truncated".
>
> Would changing TCA_FLOWER_HEADER_PARSE_ERR_ACT to
> TCA_FLOWER_META_TRUNCATED help?
>
I think so - as long as you are able to recognize the truncated
vs real 0 port/type etc.
cheers,
jamal
^ permalink raw reply
* Re: [PATCH net-next] xdp: fix parameter kdoc for extack
From: David Miller @ 2017-05-02 1:30 UTC (permalink / raw)
To: jakub.kicinski; +Cc: netdev, kbuild-all, fengguang.wu
In-Reply-To: <20170501225343.22157-1-jakub.kicinski@netronome.com>
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Mon, 1 May 2017 15:53:43 -0700
> Fix kdoc parameter spelling from extact to extack.
>
> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Applied.
^ permalink raw reply
* Re: [PATCH net-next] bpf, samples: fix build warning in cookie_uid_helper_example
From: David Miller @ 2017-05-02 1:30 UTC (permalink / raw)
To: daniel; +Cc: alexei.starovoitov, netdev
In-Reply-To: <43325f50d66abec6b35439422b6c9b0211bd30e9.1493678555.git.daniel@iogearbox.net>
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Tue, 2 May 2017 00:47:09 +0200
> Fix the following warnings triggered by 51570a5ab2b7 ("A Sample of
> using socket cookie and uid for traffic monitoring"):
...
> Fixes: 51570a5ab2b7 ("A Sample of using socket cookie and uid for traffic monitoring")
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Applied.
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox