* [PATCH] ath10k: transmit queued frames after waking queues
From: Niklas Cassel @ 2018-05-17 23:15 UTC (permalink / raw)
To: Kalle Valo, David S. Miller
Cc: Niklas Cassel, ath10k, linux-wireless, netdev, linux-kernel
The following problem was observed when running iperf:
[ 3] 0.0- 1.0 sec 2.00 MBytes 16.8 Mbits/sec
[ 3] 1.0- 2.0 sec 3.12 MBytes 26.2 Mbits/sec
[ 3] 2.0- 3.0 sec 3.25 MBytes 27.3 Mbits/sec
[ 3] 3.0- 4.0 sec 655 KBytes 5.36 Mbits/sec
[ 3] 4.0- 5.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 5.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 6.0- 7.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 7.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 8.0- 9.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 9.0-10.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 0.0-10.3 sec 9.01 MBytes 7.32 Mbits/sec
There are frames in the ieee80211_txq and there are frames that have
been removed from from this queue, but haven't yet been sent on the wire
(num_pending_tx).
When num_pending_tx reaches max_num_pending_tx, we will stop the queues
by calling ieee80211_stop_queues().
As frames that have previously been sent for transmission
(num_pending_tx) are completed, we will decrease num_pending_tx and wake
the queues by calling ieee80211_wake_queue(). ieee80211_wake_queue()
does not call wake_tx_queue, so we might still have frames in the
queue at this point.
While the queues were stopped, the socket buffer might have filled up,
and in order for user space to write more, we need to free the frames
in the queue, since they are accounted to the socket. In order to free
them, we first need to transmit them.
In order to avoid trying to flush the queue every time we free a frame,
only do this when there are 3 or less frames pending, and while we
actually have frames in the queue. This logic was copied from
mt76_txq_schedule (mt76), one of few other drivers that are actually
using wake_tx_queue.
Suggested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Niklas Cassel <niklas.cassel@linaro.org>
---
drivers/net/wireless/ath/ath10k/txrx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/ath/ath10k/txrx.c b/drivers/net/wireless/ath/ath10k/txrx.c
index cda164f6e9f6..1d3b2d2c3fee 100644
--- a/drivers/net/wireless/ath/ath10k/txrx.c
+++ b/drivers/net/wireless/ath/ath10k/txrx.c
@@ -95,6 +95,9 @@ int ath10k_txrx_tx_unref(struct ath10k_htt *htt,
wake_up(&htt->empty_tx_wq);
spin_unlock_bh(&htt->tx_lock);
+ if (htt->num_pending_tx <= 3 && !list_empty(&ar->txqs))
+ ath10k_mac_tx_push_pending(ar);
+
dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
ath10k_report_offchan_tx(htt->ar, msdu);
--
2.17.0
^ permalink raw reply related
* Re: [PATCH bpf] bpf: fix truncated jump targets on heavy expansions
From: Alexei Starovoitov @ 2018-05-17 23:09 UTC (permalink / raw)
To: Daniel Borkmann; +Cc: netdev
In-Reply-To: <20180516234411.18122-1-daniel@iogearbox.net>
On Thu, May 17, 2018 at 01:44:11AM +0200, Daniel Borkmann wrote:
> Recently during testing, I ran into the following panic:
>
> Therefore it becomes necessary to detect and reject any such occasions
> in a generic way for native eBPF and cBPF to eBPF migrations. For
> the latter we can simply check bounds in the bpf_convert_filter()'s
> BPF_EMIT_JMP helper macro and bail out once we surpass limits. The
> bpf_patch_insn_single() for native eBPF (and cBPF to eBPF in case
> of subsequent hardening) is a bit more complex in that we need to
> detect such truncations before hitting the bpf_prog_realloc(). Thus
> the latter is split into an extra pass to probe problematic offsets
> on the original program in order to fail early. With that in place
> and carefully tested I no longer hit the panic and the rewrites are
> rejected properly. The above example panic I've seen on bpf-next,
> though the issue itself is generic in that a guard against this issue
> in bpf seems more appropriate in this case.
>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Nice catch! Applied.
^ permalink raw reply
* Re: [PATCH ghak81 V3 3/3] audit: collect audit task parameters
From: Paul Moore @ 2018-05-17 23:04 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: Linux-Audit Mailing List, LKML,
Linux NetDev Upstream Mailing List, Netfilter Devel List,
Linux Security Module list, Integrity Measurement Architecture,
SElinux list, Eric Paris, Steve Grubb, Ingo Molnar, David Howells
In-Reply-To: <fbed63483b5206009ee43ae889b30d43051f386c.1526430313.git.rgb@redhat.com>
On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> The audit-related parameters in struct task_struct should ideally be
> collected together and accessed through a standard audit API.
>
> Collect the existing loginuid, sessionid and audit_context together in a
> new struct audit_task_info called "audit" in struct task_struct.
>
> Use kmem_cache to manage this pool of memory.
> Un-inline audit_free() to be able to always recover that memory.
>
> See: https://github.com/linux-audit/audit-kernel/issues/81
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> include/linux/audit.h | 34 ++++++++++++++++++++++++----------
> include/linux/sched.h | 5 +----
> init/init_task.c | 3 +--
> init/main.c | 2 ++
> kernel/auditsc.c | 51 ++++++++++++++++++++++++++++++++++++++++++---------
> kernel/fork.c | 2 +-
> 6 files changed, 71 insertions(+), 26 deletions(-)
As discussed on-list and offline, I'm going to hold off on this change
until the audit container ID work is father along. That is the main
driver for this change, and until that is closer to ready I just can't
justify the extra overhead.
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 69c7847..4f824c4 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -216,8 +216,15 @@ static inline void audit_log_task_info(struct audit_buffer *ab,
>
> /* These are defined in auditsc.c */
> /* Public API */
> +struct audit_task_info {
> + kuid_t loginuid;
> + unsigned int sessionid;
> + struct audit_context *ctx;
> +};
> +extern struct audit_task_info init_struct_audit;
> +extern void __init audit_task_init(void);
> extern int audit_alloc(struct task_struct *task);
> -extern void __audit_free(struct task_struct *task);
> +extern void audit_free(struct task_struct *task);
> extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
> unsigned long a2, unsigned long a3);
> extern void __audit_syscall_exit(int ret_success, long ret_value);
> @@ -239,12 +246,15 @@ extern void audit_seccomp_actions_logged(const char *names,
>
> static inline void audit_set_context(struct task_struct *task, struct audit_context *ctx)
> {
> - task->audit_context = ctx;
> + task->audit->ctx = ctx;
> }
>
> static inline struct audit_context *audit_context(void)
> {
> - return current->audit_context;
> + if (current->audit)
> + return current->audit->ctx;
> + else
> + return NULL;
> }
>
> static inline bool audit_dummy_context(void)
> @@ -252,11 +262,7 @@ static inline bool audit_dummy_context(void)
> void *p = audit_context();
> return !p || *(int *)p;
> }
> -static inline void audit_free(struct task_struct *task)
> -{
> - if (unlikely(task->audit_context))
> - __audit_free(task);
> -}
> +
> static inline void audit_syscall_entry(int major, unsigned long a0,
> unsigned long a1, unsigned long a2,
> unsigned long a3)
> @@ -328,12 +334,18 @@ extern int auditsc_get_stamp(struct audit_context *ctx,
>
> static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
> {
> - return tsk->loginuid;
> + if (tsk->audit)
> + return tsk->audit->loginuid;
> + else
> + return INVALID_UID;
> }
>
> static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
> {
> - return tsk->sessionid;
> + if (tsk->audit)
> + return tsk->audit->sessionid;
> + else
> + return AUDIT_SID_UNSET;
> }
>
> extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
> @@ -458,6 +470,8 @@ static inline void audit_fanotify(unsigned int response)
> extern int audit_n_rules;
> extern int audit_signals;
> #else /* CONFIG_AUDITSYSCALL */
> +static inline void __init audit_task_init(void)
> +{ }
> static inline int audit_alloc(struct task_struct *task)
> {
> return 0;
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index b3d697f..6a5db0e 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -29,7 +29,6 @@
> #include <linux/task_io_accounting.h>
>
> /* task_struct member predeclarations (sorted alphabetically): */
> -struct audit_context;
> struct backing_dev_info;
> struct bio_list;
> struct blk_plug;
> @@ -832,10 +831,8 @@ struct task_struct {
>
> struct callback_head *task_works;
>
> - struct audit_context *audit_context;
> #ifdef CONFIG_AUDITSYSCALL
> - kuid_t loginuid;
> - unsigned int sessionid;
> + struct audit_task_info *audit;
> #endif
> struct seccomp seccomp;
>
> diff --git a/init/init_task.c b/init/init_task.c
> index 74f60ba..4058840 100644
> --- a/init/init_task.c
> +++ b/init/init_task.c
> @@ -119,8 +119,7 @@ struct task_struct init_task
> .thread_group = LIST_HEAD_INIT(init_task.thread_group),
> .thread_node = LIST_HEAD_INIT(init_signals.thread_head),
> #ifdef CONFIG_AUDITSYSCALL
> - .loginuid = INVALID_UID,
> - .sessionid = AUDIT_SID_UNSET,
> + .audit = &init_struct_audit,
> #endif
> #ifdef CONFIG_PERF_EVENTS
> .perf_event_mutex = __MUTEX_INITIALIZER(init_task.perf_event_mutex),
> diff --git a/init/main.c b/init/main.c
> index b795aa3..7ca3dfb 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -91,6 +91,7 @@
> #include <linux/cache.h>
> #include <linux/rodata_test.h>
> #include <linux/jump_label.h>
> +#include <linux/audit.h>
>
> #include <asm/io.h>
> #include <asm/bugs.h>
> @@ -720,6 +721,7 @@ asmlinkage __visible void __init start_kernel(void)
> nsfs_init();
> cpuset_init();
> cgroup_init();
> + audit_task_init();
> taskstats_init_early();
> delayacct_init();
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index ef3e189..4b1138a 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -841,7 +841,7 @@ static inline struct audit_context *audit_take_context(struct task_struct *tsk,
> int return_valid,
> long return_code)
> {
> - struct audit_context *context = tsk->audit_context;
> + struct audit_context *context = tsk->audit->ctx;
>
> if (!context)
> return NULL;
> @@ -926,6 +926,15 @@ static inline struct audit_context *audit_alloc_context(enum audit_state state)
> return context;
> }
>
> +static struct kmem_cache *audit_task_cache;
> +
> +void __init audit_task_init(void)
> +{
> + audit_task_cache = kmem_cache_create("audit_task",
> + sizeof(struct audit_task_info),
> + 0, SLAB_PANIC, NULL);
> +}
> +
> /**
> * audit_alloc - allocate an audit context block for a task
> * @tsk: task
> @@ -940,17 +949,28 @@ int audit_alloc(struct task_struct *tsk)
> struct audit_context *context;
> enum audit_state state;
> char *key = NULL;
> + struct audit_task_info *info;
> +
> + info = kmem_cache_zalloc(audit_task_cache, GFP_KERNEL);
> + if (!info)
> + return -ENOMEM;
> + info->loginuid = audit_get_loginuid(current);
> + info->sessionid = audit_get_sessionid(current);
> + tsk->audit = info;
>
> if (likely(!audit_ever_enabled))
> return 0; /* Return if not auditing. */
>
> state = audit_filter_task(tsk, &key);
> if (state == AUDIT_DISABLED) {
> + audit_set_context(tsk, NULL);
> clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
> return 0;
> }
>
> if (!(context = audit_alloc_context(state))) {
> + tsk->audit = NULL;
> + kmem_cache_free(audit_task_cache, info);
> kfree(key);
> audit_log_lost("out of memory in audit_alloc");
> return -ENOMEM;
> @@ -962,6 +982,12 @@ int audit_alloc(struct task_struct *tsk)
> return 0;
> }
>
> +struct audit_task_info init_struct_audit = {
> + .loginuid = INVALID_UID,
> + .sessionid = AUDIT_SID_UNSET,
> + .ctx = NULL,
> +};
> +
> static inline void audit_free_context(struct audit_context *context)
> {
> audit_free_names(context);
> @@ -1469,26 +1495,33 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
> }
>
> /**
> - * __audit_free - free a per-task audit context
> + * audit_free - free a per-task audit context
> * @tsk: task whose audit context block to free
> *
> * Called from copy_process and do_exit
> */
> -void __audit_free(struct task_struct *tsk)
> +void audit_free(struct task_struct *tsk)
> {
> struct audit_context *context;
> + struct audit_task_info *info;
>
> context = audit_take_context(tsk, 0, 0);
> - if (!context)
> - return;
> -
> /* Check for system calls that do not go through the exit
> * function (e.g., exit_group), then free context block.
> * We use GFP_ATOMIC here because we might be doing this
> * in the context of the idle thread */
> /* that can happen only if we are called from do_exit() */
> - if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT)
> + if (context && context->in_syscall &&
> + context->current_state == AUDIT_RECORD_CONTEXT)
> audit_log_exit(context, tsk);
> + /* Freeing the audit_task_info struct must be performed after
> + * audit_log_exit() due to need for loginuid and sessionid.
> + */
> + info = tsk->audit;
> + tsk->audit = NULL;
> + kmem_cache_free(audit_task_cache, info);
> + if (!context)
> + return;
> if (!list_empty(&context->killed_trees))
> audit_kill_trees(&context->killed_trees);
>
> @@ -2071,8 +2104,8 @@ int audit_set_loginuid(kuid_t loginuid)
> sessionid = (unsigned int)atomic_inc_return(&session_id);
> }
>
> - task->sessionid = sessionid;
> - task->loginuid = loginuid;
> + task->audit->sessionid = sessionid;
> + task->audit->loginuid = loginuid;
> out:
> audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid, sessionid, rc);
> return rc;
> diff --git a/kernel/fork.c b/kernel/fork.c
> index cd18448..92ab849 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1713,7 +1713,7 @@ static __latent_entropy struct task_struct *copy_process(
> p->start_time = ktime_get_ns();
> p->real_start_time = ktime_get_boot_ns();
> p->io_context = NULL;
> - audit_set_context(p, NULL);
> + p->audit = NULL;
> cgroup_fork(p);
> #ifdef CONFIG_NUMA
> p->mempolicy = mpol_dup(p->mempolicy);
> --
> 1.8.3.1
--
paul moore
www.paul-moore.com
^ permalink raw reply
* Re: [PATCH ghak81 V3 2/3] audit: normalize loginuid read access
From: Paul Moore @ 2018-05-17 23:02 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: Linux-Audit Mailing List, LKML,
Linux NetDev Upstream Mailing List, Netfilter Devel List,
Linux Security Module list, Integrity Measurement Architecture,
SElinux list, Eric Paris, Steve Grubb, Ingo Molnar, David Howells
In-Reply-To: <a50926963f4527a5273e0688275d1e9361e8d02e.1526430313.git.rgb@redhat.com>
On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> Recognizing that the loginuid is an internal audit value, use an access
> function to retrieve the audit loginuid value for the task rather than
> reaching directly into the task struct to get it.
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> kernel/auditsc.c | 24 +++++++++++++++---------
> 1 file changed, 15 insertions(+), 9 deletions(-)
Also merged into audit/next.
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index f3d3dc6..ef3e189 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -374,7 +374,7 @@ static int audit_field_compare(struct task_struct *tsk,
> case AUDIT_COMPARE_EGID_TO_OBJ_GID:
> return audit_compare_gid(cred->egid, name, f, ctx);
> case AUDIT_COMPARE_AUID_TO_OBJ_UID:
> - return audit_compare_uid(tsk->loginuid, name, f, ctx);
> + return audit_compare_uid(audit_get_loginuid(tsk), name, f, ctx);
> case AUDIT_COMPARE_SUID_TO_OBJ_UID:
> return audit_compare_uid(cred->suid, name, f, ctx);
> case AUDIT_COMPARE_SGID_TO_OBJ_GID:
> @@ -385,7 +385,8 @@ static int audit_field_compare(struct task_struct *tsk,
> return audit_compare_gid(cred->fsgid, name, f, ctx);
> /* uid comparisons */
> case AUDIT_COMPARE_UID_TO_AUID:
> - return audit_uid_comparator(cred->uid, f->op, tsk->loginuid);
> + return audit_uid_comparator(cred->uid, f->op,
> + audit_get_loginuid(tsk));
> case AUDIT_COMPARE_UID_TO_EUID:
> return audit_uid_comparator(cred->uid, f->op, cred->euid);
> case AUDIT_COMPARE_UID_TO_SUID:
> @@ -394,11 +395,14 @@ static int audit_field_compare(struct task_struct *tsk,
> return audit_uid_comparator(cred->uid, f->op, cred->fsuid);
> /* auid comparisons */
> case AUDIT_COMPARE_AUID_TO_EUID:
> - return audit_uid_comparator(tsk->loginuid, f->op, cred->euid);
> + return audit_uid_comparator(audit_get_loginuid(tsk), f->op,
> + cred->euid);
> case AUDIT_COMPARE_AUID_TO_SUID:
> - return audit_uid_comparator(tsk->loginuid, f->op, cred->suid);
> + return audit_uid_comparator(audit_get_loginuid(tsk), f->op,
> + cred->suid);
> case AUDIT_COMPARE_AUID_TO_FSUID:
> - return audit_uid_comparator(tsk->loginuid, f->op, cred->fsuid);
> + return audit_uid_comparator(audit_get_loginuid(tsk), f->op,
> + cred->fsuid);
> /* euid comparisons */
> case AUDIT_COMPARE_EUID_TO_SUID:
> return audit_uid_comparator(cred->euid, f->op, cred->suid);
> @@ -611,7 +615,8 @@ static int audit_filter_rules(struct task_struct *tsk,
> result = match_tree_refs(ctx, rule->tree);
> break;
> case AUDIT_LOGINUID:
> - result = audit_uid_comparator(tsk->loginuid, f->op, f->uid);
> + result = audit_uid_comparator(audit_get_loginuid(tsk),
> + f->op, f->uid);
> break;
> case AUDIT_LOGINUID_SET:
> result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val);
> @@ -2278,14 +2283,15 @@ int audit_signal_info(int sig, struct task_struct *t)
> {
> struct audit_aux_data_pids *axp;
> struct audit_context *ctx = audit_context();
> - kuid_t uid = current_uid(), t_uid = task_uid(t);
> + kuid_t uid = current_uid(), auid, t_uid = task_uid(t);
>
> if (auditd_test_task(t) &&
> (sig == SIGTERM || sig == SIGHUP ||
> sig == SIGUSR1 || sig == SIGUSR2)) {
> audit_sig_pid = task_tgid_nr(current);
> - if (uid_valid(current->loginuid))
> - audit_sig_uid = current->loginuid;
> + auid = audit_get_loginuid(current);
> + if (uid_valid(auid))
> + audit_sig_uid = auid;
> else
> audit_sig_uid = uid;
> security_task_getsecid(current, &audit_sig_sid);
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
^ permalink raw reply
* Re: [PATCH ghak81 V3 1/3] audit: use new audit_context access funciton for seccomp_actions_logged
From: Paul Moore @ 2018-05-17 23:00 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: Linux-Audit Mailing List, LKML,
Linux NetDev Upstream Mailing List, Netfilter Devel List,
Linux Security Module list, Integrity Measurement Architecture,
SElinux list, Eric Paris, Steve Grubb, Ingo Molnar, David Howells
In-Reply-To: <12a849e41468d761e0782c733e58db47d83b0d16.1526430313.git.rgb@redhat.com>
On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> On the rebase of the following commit on the new seccomp actions_logged
> function, one audit_context access was missed.
>
> commit cdfb6b341f0f2409aba24b84f3b4b2bba50be5c5
> ("audit: use inline function to get audit context")
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> kernel/auditsc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Merged into audit/next, thanks for the follow-up.
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index cbab0da..f3d3dc6 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -2497,7 +2497,7 @@ void audit_seccomp_actions_logged(const char *names, const char *old_names,
> if (!audit_enabled)
> return;
>
> - ab = audit_log_start(current->audit_context, GFP_KERNEL,
> + ab = audit_log_start(audit_context(), GFP_KERNEL,
> AUDIT_CONFIG_CHANGE);
> if (unlikely(!ab))
> return;
> --
> 1.8.3.1
--
paul moore
www.paul-moore.com
^ permalink raw reply
* Re: [patch net-next RFC 04/12] dsa: set devlink port attrs for dsa ports
From: Florian Fainelli @ 2018-05-17 22:45 UTC (permalink / raw)
To: Andrew Lunn
Cc: Jiri Pirko, netdev, davem, idosch, jakub.kicinski, mlxsw,
vivien.didelot, michael.chan, ganeshgr, saeedm, simon.horman,
pieter.jansenvanvuuren, john.hurley, dirk.vandermerwe,
alexander.h.duyck, ogerlitz, dsahern, vijaya.guvva,
satananda.burla, raghu.vatsavayi, felix.manlunas, gospo,
sathya.perla, vasundhara-v.volam, tariqt, eranbe,
jeffrey.t.kirsher
In-Reply-To: <20180517224017.GA3943@lunn.ch>
On 05/17/2018 03:40 PM, Andrew Lunn wrote:
> On Thu, May 17, 2018 at 03:06:36PM -0700, Florian Fainelli wrote:
>> On 05/17/2018 02:08 PM, Andrew Lunn wrote:
>>> On Thu, May 17, 2018 at 10:48:55PM +0200, Jiri Pirko wrote:
>>>> Thu, May 17, 2018 at 09:14:32PM CEST, f.fainelli@gmail.com wrote:
>>>>> On 05/17/2018 10:39 AM, Jiri Pirko wrote:
>>>>>>>> That is compiled inside "fixed_phy", isn't it?
>>>>>>>
>>>>>>> It matches what CONFIG_FIXED_PHY is, so if it's built-in it also becomes
>>>>>>> built-in, if is modular, it is also modular, this was fixed with
>>>>>>> 40013ff20b1beed31184935fc0aea6a859d4d4ef ("net: dsa: Fix functional
>>>>>>> dsa-loop dependency on FIXED_PHY")
>>>>>>
>>>>>> Now I have it compiled as module, and after modprobe dsa_loop I see:
>>>>>> [ 1168.129202] libphy: Fixed MDIO Bus: probed
>>>>>> [ 1168.222716] dsa-loop fixed-0:1f: DSA mockup driver: 0x1f
>>>>>>
>>>>>> This messages I did not see when I had fixed_phy compiled as buildin.
>>>>>>
>>>>>> But I still see no netdevs :/
>>>>>
>>>>> The platform data assumes there is a network device named "eth0" as the
>>>>
>>>> Oups, I missed, I created dummy device and modprobed again. Now I see:
>>>>
>>>> $ sudo devlink port
>>>> mdio_bus/fixed-0:1f/0: type eth netdev lan1
>>>> mdio_bus/fixed-0:1f/1: type eth netdev lan2
>>>> mdio_bus/fixed-0:1f/2: type eth netdev lan3
>>>> mdio_bus/fixed-0:1f/3: type eth netdev lan4
>>>> mdio_bus/fixed-0:1f/4: type notset
>>>> mdio_bus/fixed-0:1f/5: type notset
>>>> mdio_bus/fixed-0:1f/6: type notset
>>>> mdio_bus/fixed-0:1f/7: type notset
>>>> mdio_bus/fixed-0:1f/8: type notset
>>>> mdio_bus/fixed-0:1f/9: type notset
>>>> mdio_bus/fixed-0:1f/10: type notset
>>>> mdio_bus/fixed-0:1f/11: type notset
>>>>
>>>> I wonder why there are ports 4-11
>>>
>>> Hi Jiri
>>>
>>> ds = dsa_switch_alloc(&mdiodev->dev, DSA_MAX_PORTS);
>>>
>>> It is allocating a switch with 12 ports. However only 4 of them have
>>> names. So the core only creates slave devices for those 4.
>>>
>>> This is a useful test. Real hardware often has unused ports. A WiFi AP
>>> with a 7 port switch which only uses 6 ports is often seen.
>>
>> The following patch should fix this:
>>
>>
>> diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
>> index adf50fbc4c13..a06c29ec91f0 100644
>> --- a/net/dsa/dsa2.c
>> +++ b/net/dsa/dsa2.c
>> @@ -262,13 +262,14 @@ static int dsa_port_setup(struct dsa_port *dp)
>>
>> memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
>>
>> + if (dp->type == DSA_PORT_TYPE_UNUSED)
>> + return 0;
>> +
>> err = devlink_port_register(ds->devlink, &dp->devlink_port,
>> dp->index);
>
> Hi Florian, Jiri
>
> Maybe it is better to add a devlink port type unused?
The port does not exist on the switch, so it should not even be
registered IMHO.
--
Florian
^ permalink raw reply
* Re: [net-next PATCH v2 3/4] net-sysfs: Add interface for Rx queue map per Tx queue
From: Nambiar, Amritha @ 2018-05-17 22:43 UTC (permalink / raw)
To: Florian Fainelli, netdev, davem
Cc: alexander.h.duyck, sridhar.samudrala, edumazet, hannes, tom
In-Reply-To: <6f246cbf-f7e2-2931-4d42-68322dcd7c98@gmail.com>
On 5/17/2018 12:05 PM, Florian Fainelli wrote:
> On 05/15/2018 06:26 PM, Amritha Nambiar wrote:
>> Extend transmit queue sysfs attribute to configure Rx queue map
>> per Tx queue. By default no receive queues are configured for the
>> Tx queue.
>>
>> - /sys/class/net/eth0/queues/tx-*/xps_rxqs
>
> Please include an update to Documentation/ABI/testing/sysfs-class-net
> with your new attribute.
>
Will do in the next version.
Thanks.
^ permalink raw reply
* Re: [patch net-next RFC 04/12] dsa: set devlink port attrs for dsa ports
From: Andrew Lunn @ 2018-05-17 22:40 UTC (permalink / raw)
To: Florian Fainelli
Cc: Jiri Pirko, netdev, davem, idosch, jakub.kicinski, mlxsw,
vivien.didelot, michael.chan, ganeshgr, saeedm, simon.horman,
pieter.jansenvanvuuren, john.hurley, dirk.vandermerwe,
alexander.h.duyck, ogerlitz, dsahern, vijaya.guvva,
satananda.burla, raghu.vatsavayi, felix.manlunas, gospo,
sathya.perla, vasundhara-v.volam, tariqt, eranbe,
jeffrey.t.kirsher
In-Reply-To: <862a5fb4-7a3c-9c3f-bd50-f25bbcb2ca59@gmail.com>
On Thu, May 17, 2018 at 03:06:36PM -0700, Florian Fainelli wrote:
> On 05/17/2018 02:08 PM, Andrew Lunn wrote:
> > On Thu, May 17, 2018 at 10:48:55PM +0200, Jiri Pirko wrote:
> >> Thu, May 17, 2018 at 09:14:32PM CEST, f.fainelli@gmail.com wrote:
> >>> On 05/17/2018 10:39 AM, Jiri Pirko wrote:
> >>>>>> That is compiled inside "fixed_phy", isn't it?
> >>>>>
> >>>>> It matches what CONFIG_FIXED_PHY is, so if it's built-in it also becomes
> >>>>> built-in, if is modular, it is also modular, this was fixed with
> >>>>> 40013ff20b1beed31184935fc0aea6a859d4d4ef ("net: dsa: Fix functional
> >>>>> dsa-loop dependency on FIXED_PHY")
> >>>>
> >>>> Now I have it compiled as module, and after modprobe dsa_loop I see:
> >>>> [ 1168.129202] libphy: Fixed MDIO Bus: probed
> >>>> [ 1168.222716] dsa-loop fixed-0:1f: DSA mockup driver: 0x1f
> >>>>
> >>>> This messages I did not see when I had fixed_phy compiled as buildin.
> >>>>
> >>>> But I still see no netdevs :/
> >>>
> >>> The platform data assumes there is a network device named "eth0" as the
> >>
> >> Oups, I missed, I created dummy device and modprobed again. Now I see:
> >>
> >> $ sudo devlink port
> >> mdio_bus/fixed-0:1f/0: type eth netdev lan1
> >> mdio_bus/fixed-0:1f/1: type eth netdev lan2
> >> mdio_bus/fixed-0:1f/2: type eth netdev lan3
> >> mdio_bus/fixed-0:1f/3: type eth netdev lan4
> >> mdio_bus/fixed-0:1f/4: type notset
> >> mdio_bus/fixed-0:1f/5: type notset
> >> mdio_bus/fixed-0:1f/6: type notset
> >> mdio_bus/fixed-0:1f/7: type notset
> >> mdio_bus/fixed-0:1f/8: type notset
> >> mdio_bus/fixed-0:1f/9: type notset
> >> mdio_bus/fixed-0:1f/10: type notset
> >> mdio_bus/fixed-0:1f/11: type notset
> >>
> >> I wonder why there are ports 4-11
> >
> > Hi Jiri
> >
> > ds = dsa_switch_alloc(&mdiodev->dev, DSA_MAX_PORTS);
> >
> > It is allocating a switch with 12 ports. However only 4 of them have
> > names. So the core only creates slave devices for those 4.
> >
> > This is a useful test. Real hardware often has unused ports. A WiFi AP
> > with a 7 port switch which only uses 6 ports is often seen.
>
> The following patch should fix this:
>
>
> diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
> index adf50fbc4c13..a06c29ec91f0 100644
> --- a/net/dsa/dsa2.c
> +++ b/net/dsa/dsa2.c
> @@ -262,13 +262,14 @@ static int dsa_port_setup(struct dsa_port *dp)
>
> memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
>
> + if (dp->type == DSA_PORT_TYPE_UNUSED)
> + return 0;
> +
> err = devlink_port_register(ds->devlink, &dp->devlink_port,
> dp->index);
Hi Florian, Jiri
Maybe it is better to add a devlink port type unused?
Andrew
^ permalink raw reply
* Re: [PATCH iproute2] ip link: Do not call ll_name_to_index when creating a new link
From: Stephen Hemminger @ 2018-05-17 22:36 UTC (permalink / raw)
To: dsahern; +Cc: netdev, David Ahern
In-Reply-To: <20180517222237.72388-1-dsahern@kernel.org>
On Thu, 17 May 2018 16:22:37 -0600
dsahern@kernel.org wrote:
> From: David Ahern <dsahern@gmail.com>
>
> Using iproute2 to create a bridge and add 4094 vlans to it can take from
> 2 to 3 *minutes*. The reason is the extraneous call to ll_name_to_index.
> ll_name_to_index results in an ioctl(SIOCGIFINDEX) call which in turn
> invokes dev_load. If the index does not exist, which it won't when
> creating a new link, dev_load calls modprobe twice -- once for
> netdev-NAME and again for NAME. This is unnecessary overhead for each
> link create.
>
> When ip link is invoked for a new device, there is no reason to
> call ll_name_to_index for the new device. With this patch, creating
> a bridge and adding 4094 vlans takes less than 3 *seconds*.
>
> Signed-off-by: David Ahern <dsahern@gmail.com>
Yes this looks like a real problem.
Isn't the cache supposed to reduce this?
Don't like to make lots of special case flags.
^ permalink raw reply
* Re: [bpf PATCH v2 1/2] bpf: sockmap update rollback on error can incorrectly dec prog refcnt
From: Daniel Borkmann @ 2018-05-17 22:30 UTC (permalink / raw)
To: John Fastabend, ast; +Cc: netdev
In-Reply-To: <20180517210635.13283.94472.stgit@john-Precision-Tower-5810>
On 05/17/2018 11:06 PM, John Fastabend wrote:
> If the user were to only attach one of the parse or verdict programs
> then it is possible a subsequent sockmap update could incorrectly
> decrement the refcnt on the program. This happens because in the
> rollback logic, after an error, we have to decrement the program
> reference count when its been incremented. However, we only increment
> the program reference count if the user has both a verdict and a
> parse program. The reason for this is because, at least at the
> moment, both are required for any one to be meaningful. The problem
> fixed here is in the rollback path we decrement the program refcnt
> even if only one existing. But we never incremented the refcnt in
> the first place creating an imbalance.
>
> This patch fixes the error path to handle this case.
>
> Fixes: 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add multi-map support")
> Reported-by: Daniel Borkmann <daniel@iogearbox.net>
> Signed-off-by: John Fastabend <john.fastabend@gmail.com>
> Acked-by: Martin KaFai Lau <kafai@fb.com>
Applied to bpf tree, thanks!
^ permalink raw reply
* Re: [PATCH net] net: dsa: Do not register devlink for unused ports
From: Florian Fainelli @ 2018-05-17 22:29 UTC (permalink / raw)
To: netdev; +Cc: jiri, Andrew Lunn, Vivien Didelot, David S. Miller, open list
In-Reply-To: <20180517221626.13045-1-f.fainelli@gmail.com>
On 05/17/2018 03:16 PM, Florian Fainelli wrote:
> Even if commit 1d27732f411d ("net: dsa: setup and teardown ports") indicated
> that registering a devlink instance for unused ports is not a problem, and this
> is true, this can be confusing nonetheless, so let's not do it.
>
> Fixes: 1d27732f411d ("net: dsa: setup and teardown ports")
> Reported-by: Jiri Pirko <jiri@resnulli.us>
> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
> ---
> net/dsa/dsa2.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
> index adf50fbc4c13..cc45a8ca45fb 100644
> --- a/net/dsa/dsa2.c
> +++ b/net/dsa/dsa2.c
> @@ -262,13 +262,14 @@ static int dsa_port_setup(struct dsa_port *dp)
>
> memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
>
> + if (dp->type == DSA_PORT_TYPE_UNUSED)
> + return 0;
> +
> err = devlink_port_register(ds->devlink, &dp->devlink_port, dp->index);
> if (err)
> return err;
>
> switch (dp->type) {
> - case DSA_PORT_TYPE_UNUSED:
> - break;
> case DSA_PORT_TYPE_CPU:
> case DSA_PORT_TYPE_DSA:
> err = dsa_port_link_register_of(dp);
> @@ -293,11 +294,12 @@ static int dsa_port_setup(struct dsa_port *dp)
>
> static void dsa_port_teardown(struct dsa_port *dp)
> {
> + if (dp->type == DSA_PORT_TYPE_UNUSED)
> + return;
> +
> devlink_port_unregister(&dp->devlink_port);
>
> switch (dp->type) {
> - case DSA_PORT_TYPE_UNUSED:
> - break;
Actually those should be kept in there in order not to generate a
warning about DSA_PORT_TYPE_UNUSED not being handled by the switch()
case statement, I will resubmit that shortly, or we could even move the
registration until after, either way is likely fine.
--
Florian
^ permalink raw reply
* Re: [PATCH] ath10k: transmit queued frames after waking queues
From: Adrian Chadd @ 2018-05-17 22:26 UTC (permalink / raw)
To: niklas.cassel
Cc: Kalle Valo, David Miller, ath10k, linux-wireless, netdev,
Linux Kernel Mailing List
In-Reply-To: <20180517231512.13085-1-niklas.cassel@linaro.org>
On Thu, 17 May 2018 at 16:16, Niklas Cassel <niklas.cassel@linaro.org>
wrote:
> diff --git a/drivers/net/wireless/ath/ath10k/txrx.c
b/drivers/net/wireless/ath/ath10k/txrx.c
> index cda164f6e9f6..1d3b2d2c3fee 100644
> --- a/drivers/net/wireless/ath/ath10k/txrx.c
> +++ b/drivers/net/wireless/ath/ath10k/txrx.c
> @@ -95,6 +95,9 @@ int ath10k_txrx_tx_unref(struct ath10k_htt *htt,
> wake_up(&htt->empty_tx_wq);
> spin_unlock_bh(&htt->tx_lock);
> + if (htt->num_pending_tx <= 3 && !list_empty(&ar->txqs))
> + ath10k_mac_tx_push_pending(ar);
> +
Just sanity checking - what's protecting htt->num_pending_tx? or is it
serialised some other way?
> dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
> ath10k_report_offchan_tx(htt->ar, msdu);
> --
> 2.17.0
^ permalink raw reply
* Re: [PATCH bpf-next 3/3] bpf: Add mtu checking to FIB forwarding helper
From: Daniel Borkmann @ 2018-05-17 22:22 UTC (permalink / raw)
To: David Ahern, netdev, borkmann, ast; +Cc: davem
In-Reply-To: <20180517160930.25076-4-dsahern@gmail.com>
On 05/17/2018 06:09 PM, David Ahern wrote:
> Add check that egress MTU can handle packet to be forwarded. If
> the MTU is less than the packet lenght, return 0 meaning the
> packet is expected to continue up the stack for help - eg.,
> fragmenting the packet or sending an ICMP.
>
> Signed-off-by: David Ahern <dsahern@gmail.com>
> ---
> net/core/filter.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 6d0d1560bd70..c47c47a75d4b 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -4098,6 +4098,7 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> struct fib_nh *nh;
> struct flowi4 fl4;
> int err;
> + u32 mtu;
>
> dev = dev_get_by_index_rcu(net, params->ifindex);
> if (unlikely(!dev))
> @@ -4149,6 +4150,10 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> if (res.fi->fib_nhs > 1)
> fib_select_path(net, &res, &fl4, NULL);
>
> + mtu = ip_mtu_from_fib_result(&res, params->ipv4_dst);
> + if (params->tot_len > mtu)
> + return 0;
> +
> nh = &res.fi->fib_nh[res.nh_sel];
>
> /* do not handle lwt encaps right now */
> @@ -4188,6 +4193,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> struct flowi6 fl6;
> int strict = 0;
> int oif;
> + u32 mtu;
>
> /* link local addresses are never forwarded */
> if (rt6_need_strict(dst) || rt6_need_strict(src))
> @@ -4250,6 +4256,10 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> fl6.flowi6_oif, NULL,
> strict);
>
> + mtu = ip6_mtu_from_fib6(f6i, dst, src);
> + if (params->tot_len > mtu)
> + return 0;
> +
> if (f6i->fib6_nh.nh_lwtstate)
> return 0;
Could you elaborate how this interacts in tc BPF use case where you have e.g.
GSO packets and tot_len from aggregated packets would definitely be larger
than MTU (e.g. see is_skb_forwardable() as one example on such checks)? Should
this be an opt-in via a new flag for the helper?
Thanks,
Daniel
^ permalink raw reply
* [PATCH iproute2] ip link: Do not call ll_name_to_index when creating a new link
From: dsahern @ 2018-05-17 22:22 UTC (permalink / raw)
To: netdev, stephen; +Cc: David Ahern
From: David Ahern <dsahern@gmail.com>
Using iproute2 to create a bridge and add 4094 vlans to it can take from
2 to 3 *minutes*. The reason is the extraneous call to ll_name_to_index.
ll_name_to_index results in an ioctl(SIOCGIFINDEX) call which in turn
invokes dev_load. If the index does not exist, which it won't when
creating a new link, dev_load calls modprobe twice -- once for
netdev-NAME and again for NAME. This is unnecessary overhead for each
link create.
When ip link is invoked for a new device, there is no reason to
call ll_name_to_index for the new device. With this patch, creating
a bridge and adding 4094 vlans takes less than 3 *seconds*.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
ip/ip_common.h | 3 ++-
ip/iplink.c | 22 +++++++++++++---------
ip/iplink_vxcan.c | 3 ++-
ip/link_veth.c | 3 ++-
4 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 1b89795caa58..67f413474631 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -132,7 +132,8 @@ struct link_util {
struct link_util *get_link_kind(const char *kind);
-int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type);
+int iplink_parse(int argc, char **argv, struct iplink_req *req,
+ char **type, bool is_add_cmd);
/* iplink_bridge.c */
void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, size_t len);
diff --git a/ip/iplink.c b/ip/iplink.c
index e6bb4493120e..c8bf49ed3d24 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -571,7 +571,8 @@ static int iplink_parse_vf(int vf, int *argcp, char ***argvp,
return 0;
}
-int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
+int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type,
+ bool is_add_cmd)
{
char *name = NULL;
char *dev = NULL;
@@ -610,7 +611,8 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
name = *argv;
if (!dev) {
dev = name;
- dev_index = ll_name_to_index(dev);
+ if (!is_add_cmd)
+ dev_index = ll_name_to_index(dev);
}
} else if (strcmp(*argv, "index") == 0) {
NEXT_ARG();
@@ -919,7 +921,8 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
if (check_ifname(*argv))
invarg("\"dev\" not a valid ifname", *argv);
dev = *argv;
- dev_index = ll_name_to_index(dev);
+ if (!is_add_cmd)
+ dev_index = ll_name_to_index(dev);
}
argc--; argv++;
}
@@ -1011,7 +1014,8 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
return ret;
}
-static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
+static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv,
+ bool is_add_cmd)
{
char *type = NULL;
struct iplink_req req = {
@@ -1022,7 +1026,7 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
};
int ret;
- ret = iplink_parse(argc, argv, &req, &type);
+ ret = iplink_parse(argc, argv, &req, &type, is_add_cmd);
if (ret < 0)
return ret;
@@ -1630,18 +1634,18 @@ int do_iplink(int argc, char **argv)
if (matches(*argv, "add") == 0)
return iplink_modify(RTM_NEWLINK,
NLM_F_CREATE|NLM_F_EXCL,
- argc-1, argv+1);
+ argc-1, argv+1, true);
if (matches(*argv, "set") == 0 ||
matches(*argv, "change") == 0)
return iplink_modify(RTM_NEWLINK, 0,
- argc-1, argv+1);
+ argc-1, argv+1, false);
if (matches(*argv, "replace") == 0)
return iplink_modify(RTM_NEWLINK,
NLM_F_CREATE|NLM_F_REPLACE,
- argc-1, argv+1);
+ argc-1, argv+1, false);
if (matches(*argv, "delete") == 0)
return iplink_modify(RTM_DELLINK, 0,
- argc-1, argv+1);
+ argc-1, argv+1, false);
} else {
#if IPLINK_IOCTL_COMPAT
if (matches(*argv, "set") == 0)
diff --git a/ip/iplink_vxcan.c b/ip/iplink_vxcan.c
index 8b08c9a70c65..e30a784d9851 100644
--- a/ip/iplink_vxcan.c
+++ b/ip/iplink_vxcan.c
@@ -56,7 +56,8 @@ static int vxcan_parse_opt(struct link_util *lu, int argc, char **argv,
n->nlmsg_len += sizeof(struct ifinfomsg);
- err = iplink_parse(argc - 1, argv + 1, (struct iplink_req *)n, &type);
+ err = iplink_parse(argc - 1, argv + 1, (struct iplink_req *)n, &type,
+ false);
if (err < 0)
return err;
diff --git a/ip/link_veth.c b/ip/link_veth.c
index 33e8f2b102e7..68823931c0ec 100644
--- a/ip/link_veth.c
+++ b/ip/link_veth.c
@@ -54,7 +54,8 @@ static int veth_parse_opt(struct link_util *lu, int argc, char **argv,
n->nlmsg_len += sizeof(struct ifinfomsg);
- err = iplink_parse(argc - 1, argv + 1, (struct iplink_req *)n, &type);
+ err = iplink_parse(argc - 1, argv + 1, (struct iplink_req *)n, &type,
+ false);
if (err < 0)
return err;
--
2.11.0
^ permalink raw reply related
* [PATCH net] net: dsa: Do not register devlink for unused ports
From: Florian Fainelli @ 2018-05-17 22:16 UTC (permalink / raw)
To: netdev
Cc: jiri, Florian Fainelli, Andrew Lunn, Vivien Didelot,
David S. Miller, open list
Even if commit 1d27732f411d ("net: dsa: setup and teardown ports") indicated
that registering a devlink instance for unused ports is not a problem, and this
is true, this can be confusing nonetheless, so let's not do it.
Fixes: 1d27732f411d ("net: dsa: setup and teardown ports")
Reported-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
---
net/dsa/dsa2.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
index adf50fbc4c13..cc45a8ca45fb 100644
--- a/net/dsa/dsa2.c
+++ b/net/dsa/dsa2.c
@@ -262,13 +262,14 @@ static int dsa_port_setup(struct dsa_port *dp)
memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
+ if (dp->type == DSA_PORT_TYPE_UNUSED)
+ return 0;
+
err = devlink_port_register(ds->devlink, &dp->devlink_port, dp->index);
if (err)
return err;
switch (dp->type) {
- case DSA_PORT_TYPE_UNUSED:
- break;
case DSA_PORT_TYPE_CPU:
case DSA_PORT_TYPE_DSA:
err = dsa_port_link_register_of(dp);
@@ -293,11 +294,12 @@ static int dsa_port_setup(struct dsa_port *dp)
static void dsa_port_teardown(struct dsa_port *dp)
{
+ if (dp->type == DSA_PORT_TYPE_UNUSED)
+ return;
+
devlink_port_unregister(&dp->devlink_port);
switch (dp->type) {
- case DSA_PORT_TYPE_UNUSED:
- break;
case DSA_PORT_TYPE_CPU:
case DSA_PORT_TYPE_DSA:
dsa_port_link_unregister_of(dp);
--
2.14.1
^ permalink raw reply related
* Proposal
From: Miss Zeliha Omer Faruk @ 2018-05-17 22:15 UTC (permalink / raw)
Hello
Greetings to you please i have a business proposal for you contact me
for more detailes asap thanks.
Best Regards,
Miss.Zeliha ömer faruk
Esentepe Mahallesi Büyükdere
Caddesi Kristal Kule Binasi
No:215
Sisli - Istanbul, Turkey
^ permalink raw reply
* Re: [PATCH v3 net-next 3/6] tcp: add SACK compression
From: Yuchung Cheng @ 2018-05-17 22:14 UTC (permalink / raw)
To: Neal Cardwell
Cc: Eric Dumazet, David Miller, Netdev,
Toke Høiland-Jørgensen, Soheil Hassas Yeganeh,
Eric Dumazet
In-Reply-To: <CADVnQykUpdC+2e94_x9v9iX6RC7ro=bkvH5Q7-p0pbtBhHyU=A@mail.gmail.com>
On Thu, May 17, 2018 at 2:57 PM, Neal Cardwell <ncardwell@google.com> wrote:
> On Thu, May 17, 2018 at 5:47 PM Eric Dumazet <edumazet@google.com> wrote:
>
>> When TCP receives an out-of-order packet, it immediately sends
>> a SACK packet, generating network load but also forcing the
>> receiver to send 1-MSS pathological packets, increasing its
>> RTX queue length/depth, and thus processing time.
>
>> Wifi networks suffer from this aggressive behavior, but generally
>> speaking, all these SACK packets add fuel to the fire when networks
>> are under congestion.
>
>> This patch adds a high resolution timer and tp->compressed_ack counter.
>
>> Instead of sending a SACK, we program this timer with a small delay,
>> based on RTT and capped to 1 ms :
>
>> delay = min ( 5 % of RTT, 1 ms)
>
>> If subsequent SACKs need to be sent while the timer has not yet
>> expired, we simply increment tp->compressed_ack.
>
>> When timer expires, a SACK is sent with the latest information.
>> Whenever an ACK is sent (if data is sent, or if in-order
>> data is received) timer is canceled.
>
>> Note that tcp_sack_new_ofo_skb() is able to force a SACK to be sent
>> if the sack blocks need to be shuffled, even if the timer has not
>> expired.
>
>> A new SNMP counter is added in the following patch.
>
>> Two other patches add sysctls to allow changing the 1,000,000 and 44
>> values that this commit hard-coded.
>
>> Signed-off-by: Eric Dumazet <edumazet@google.com>
>> ---
>
> Very nice. I like the constants and the min(rcv_rtt, srtt).
>
> Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Great work. Hopefully this would save middle-boxes' from handling
TCP-ACK themselves.
>
> Thanks!
>
> neal
^ permalink raw reply
* Re: [patch net-next RFC 04/12] dsa: set devlink port attrs for dsa ports
From: Florian Fainelli @ 2018-05-17 22:06 UTC (permalink / raw)
To: Andrew Lunn, Jiri Pirko
Cc: netdev, davem, idosch, jakub.kicinski, mlxsw, vivien.didelot,
michael.chan, ganeshgr, saeedm, simon.horman,
pieter.jansenvanvuuren, john.hurley, dirk.vandermerwe,
alexander.h.duyck, ogerlitz, dsahern, vijaya.guvva,
satananda.burla, raghu.vatsavayi, felix.manlunas, gospo,
sathya.perla, vasundhara-v.volam, tariqt, eranbe,
jeffrey.t.kirsher
In-Reply-To: <20180517210856.GJ23601@lunn.ch>
On 05/17/2018 02:08 PM, Andrew Lunn wrote:
> On Thu, May 17, 2018 at 10:48:55PM +0200, Jiri Pirko wrote:
>> Thu, May 17, 2018 at 09:14:32PM CEST, f.fainelli@gmail.com wrote:
>>> On 05/17/2018 10:39 AM, Jiri Pirko wrote:
>>>>>> That is compiled inside "fixed_phy", isn't it?
>>>>>
>>>>> It matches what CONFIG_FIXED_PHY is, so if it's built-in it also becomes
>>>>> built-in, if is modular, it is also modular, this was fixed with
>>>>> 40013ff20b1beed31184935fc0aea6a859d4d4ef ("net: dsa: Fix functional
>>>>> dsa-loop dependency on FIXED_PHY")
>>>>
>>>> Now I have it compiled as module, and after modprobe dsa_loop I see:
>>>> [ 1168.129202] libphy: Fixed MDIO Bus: probed
>>>> [ 1168.222716] dsa-loop fixed-0:1f: DSA mockup driver: 0x1f
>>>>
>>>> This messages I did not see when I had fixed_phy compiled as buildin.
>>>>
>>>> But I still see no netdevs :/
>>>
>>> The platform data assumes there is a network device named "eth0" as the
>>
>> Oups, I missed, I created dummy device and modprobed again. Now I see:
>>
>> $ sudo devlink port
>> mdio_bus/fixed-0:1f/0: type eth netdev lan1
>> mdio_bus/fixed-0:1f/1: type eth netdev lan2
>> mdio_bus/fixed-0:1f/2: type eth netdev lan3
>> mdio_bus/fixed-0:1f/3: type eth netdev lan4
>> mdio_bus/fixed-0:1f/4: type notset
>> mdio_bus/fixed-0:1f/5: type notset
>> mdio_bus/fixed-0:1f/6: type notset
>> mdio_bus/fixed-0:1f/7: type notset
>> mdio_bus/fixed-0:1f/8: type notset
>> mdio_bus/fixed-0:1f/9: type notset
>> mdio_bus/fixed-0:1f/10: type notset
>> mdio_bus/fixed-0:1f/11: type notset
>>
>> I wonder why there are ports 4-11
>
> Hi Jiri
>
> ds = dsa_switch_alloc(&mdiodev->dev, DSA_MAX_PORTS);
>
> It is allocating a switch with 12 ports. However only 4 of them have
> names. So the core only creates slave devices for those 4.
>
> This is a useful test. Real hardware often has unused ports. A WiFi AP
> with a 7 port switch which only uses 6 ports is often seen.
The following patch should fix this:
diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
index adf50fbc4c13..a06c29ec91f0 100644
--- a/net/dsa/dsa2.c
+++ b/net/dsa/dsa2.c
@@ -262,13 +262,14 @@ static int dsa_port_setup(struct dsa_port *dp)
memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
+ if (dp->type == DSA_PORT_TYPE_UNUSED)
+ return 0;
+
err = devlink_port_register(ds->devlink, &dp->devlink_port,
dp->index);
if (err)
return err;
switch (dp->type) {
- case DSA_PORT_TYPE_UNUSED:
- break;
case DSA_PORT_TYPE_CPU:
case DSA_PORT_TYPE_DSA:
err = dsa_port_link_register_of(dp);
@@ -286,6 +287,8 @@ static int dsa_port_setup(struct dsa_port *dp)
else
devlink_port_type_eth_set(&dp->devlink_port,
dp->slave);
break;
+ default:
+ break;
}
return 0;
@@ -293,11 +296,12 @@ static int dsa_port_setup(struct dsa_port *dp)
static void dsa_port_teardown(struct dsa_port *dp)
{
+ if (dp->type == DSA_PORT_TYPE_UNUSED)
+ return;
+
devlink_port_unregister(&dp->devlink_port);
switch (dp->type) {
- case DSA_PORT_TYPE_UNUSED:
- break;
case DSA_PORT_TYPE_CPU:
case DSA_PORT_TYPE_DSA:
dsa_port_link_unregister_of(dp);
@@ -308,6 +312,8 @@ static void dsa_port_teardown(struct dsa_port *dp)
dp->slave = NULL;
}
break;
+ default:
+ break;
}
}
--
Florian
^ permalink raw reply related
* Re: [PATCH v3 net-next 6/6] tcp: add tcp_comp_sack_nr sysctl
From: Neal Cardwell @ 2018-05-17 22:01 UTC (permalink / raw)
To: Eric Dumazet
Cc: David Miller, Netdev, Toke Høiland-Jørgensen,
Yuchung Cheng, Soheil Hassas Yeganeh, Eric Dumazet
In-Reply-To: <20180517214729.186094-7-edumazet@google.com>
On Thu, May 17, 2018 at 5:47 PM Eric Dumazet <edumazet@google.com> wrote:
> This per netns sysctl allows for TCP SACK compression fine-tuning.
> This limits number of SACK that can be compressed.
> Using 0 disables SACK compression.
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
Acked-by: Neal Cardwell <ncardwell@google.com>
Thanks!
neal
^ permalink raw reply
* Re: [PATCH v3 net-next 5/6] tcp: add tcp_comp_sack_delay_ns sysctl
From: Neal Cardwell @ 2018-05-17 21:59 UTC (permalink / raw)
To: Eric Dumazet
Cc: David Miller, Netdev, Toke Høiland-Jørgensen,
Yuchung Cheng, Soheil Hassas Yeganeh, Eric Dumazet
In-Reply-To: <20180517214729.186094-6-edumazet@google.com>
On Thu, May 17, 2018 at 5:47 PM Eric Dumazet <edumazet@google.com> wrote:
> This per netns sysctl allows for TCP SACK compression fine-tuning.
> Its default value is 1,000,000, or 1 ms to meet TSO autosizing period.
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
Acked-by: Neal Cardwell <ncardwell@google.com>
Thanks!
neal
^ permalink raw reply
* Re: [PATCH v3 net-next 3/6] tcp: add SACK compression
From: Neal Cardwell @ 2018-05-17 21:57 UTC (permalink / raw)
To: Eric Dumazet
Cc: David Miller, Netdev, Toke Høiland-Jørgensen,
Yuchung Cheng, Soheil Hassas Yeganeh, Eric Dumazet
In-Reply-To: <20180517214729.186094-4-edumazet@google.com>
On Thu, May 17, 2018 at 5:47 PM Eric Dumazet <edumazet@google.com> wrote:
> When TCP receives an out-of-order packet, it immediately sends
> a SACK packet, generating network load but also forcing the
> receiver to send 1-MSS pathological packets, increasing its
> RTX queue length/depth, and thus processing time.
> Wifi networks suffer from this aggressive behavior, but generally
> speaking, all these SACK packets add fuel to the fire when networks
> are under congestion.
> This patch adds a high resolution timer and tp->compressed_ack counter.
> Instead of sending a SACK, we program this timer with a small delay,
> based on RTT and capped to 1 ms :
> delay = min ( 5 % of RTT, 1 ms)
> If subsequent SACKs need to be sent while the timer has not yet
> expired, we simply increment tp->compressed_ack.
> When timer expires, a SACK is sent with the latest information.
> Whenever an ACK is sent (if data is sent, or if in-order
> data is received) timer is canceled.
> Note that tcp_sack_new_ofo_skb() is able to force a SACK to be sent
> if the sack blocks need to be shuffled, even if the timer has not
> expired.
> A new SNMP counter is added in the following patch.
> Two other patches add sysctls to allow changing the 1,000,000 and 44
> values that this commit hard-coded.
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
Very nice. I like the constants and the min(rcv_rtt, srtt).
Acked-by: Neal Cardwell <ncardwell@google.com>
Thanks!
neal
^ permalink raw reply
* Re: [RFC PATCH ghak32 V2 01/13] audit: add container id
From: Richard Guy Briggs @ 2018-05-17 21:56 UTC (permalink / raw)
To: Steve Grubb
Cc: cgroups, containers, linux-api, Linux-Audit Mailing List,
linux-fsdevel, LKML, netdev, ebiederm, luto, jlayton, carlos,
dhowells, viro, simo, eparis, serge
In-Reply-To: <20180517170053.7d4afa87@ivy-bridge>
On 2018-05-17 17:00, Steve Grubb wrote:
> On Fri, 16 Mar 2018 05:00:28 -0400
> Richard Guy Briggs <rgb@redhat.com> wrote:
>
> > Implement the proc fs write to set the audit container ID of a
> > process, emitting an AUDIT_CONTAINER record to document the event.
> >
> > This is a write from the container orchestrator task to a proc entry
> > of the form /proc/PID/containerid where PID is the process ID of the
> > newly created task that is to become the first task in a container,
> > or an additional task added to a container.
> >
> > The write expects up to a u64 value (unset: 18446744073709551615).
> >
> > This will produce a record such as this:
> > type=CONTAINER msg=audit(1519903238.968:261): op=set pid=596 uid=0
> > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 auid=0
> > tty=pts0 ses=1 opid=596 old-contid=18446744073709551615 contid=123455
> > res=0
>
> The was one thing I was wondering about. Currently when we set the
> loginuid, the record is AUDIT_LOGINUID. The corollary is that when we
> set the container id, the event should be AUDIT_CONTAINERID or
> AUDIT_CONTAINER_ID.
The record type is actually AUDIT_LOGIN. The field type is
AUDIT_LOGINUID. Given that correction, I think we're fine and could
potentially violently agree. The existing naming is consistent.
> During syscall events, the path info is returned in a a record simply
> called AUDIT_PATH, cwd info is returned in AUDIT_CWD. So, rather than
> calling the record that gets attached to everything
> AUDIT_CONTAINER_INFO, how about simply AUDIT_CONTAINER.
Considering the container initiation record is different than the record
to document the container involved in an otherwise normal syscall, we
need two names. I don't have a strong opinion what they are.
I'd prefer AUDIT_CONTAINER and AUDIT_CONTAINER_INFO so that the two are
different enough to be visually distinct while leaving
AUDIT_CONTAINERID for the field type in patch 4 ("audit: add containerid
filtering")
> > The "op" field indicates an initial set. The "pid" to "ses" fields
> > are the orchestrator while the "opid" field is the object's PID, the
> > process being "contained". Old and new container ID values are given
> > in the "contid" fields, while res indicates its success.
> >
> > It is not permitted to self-set, unset or re-set the container ID. A
> > child inherits its parent's container ID, but then can be set only
> > once after.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/32
> >
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> > fs/proc/base.c | 37 ++++++++++++++++++++
> > include/linux/audit.h | 16 +++++++++
> > include/linux/init_task.h | 4 ++-
> > include/linux/sched.h | 1 +
> > include/uapi/linux/audit.h | 2 ++
> > kernel/auditsc.c | 84
> > ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 143
> > insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/proc/base.c b/fs/proc/base.c
> > index 60316b5..6ce4fbe 100644
> > --- a/fs/proc/base.c
> > +++ b/fs/proc/base.c
> > @@ -1299,6 +1299,41 @@ static ssize_t proc_sessionid_read(struct file
> > * file, char __user * buf, .read = proc_sessionid_read,
> > .llseek = generic_file_llseek,
> > };
> > +
> > +static ssize_t proc_containerid_write(struct file *file, const char
> > __user *buf,
> > + size_t count, loff_t *ppos)
> > +{
> > + struct inode *inode = file_inode(file);
> > + u64 containerid;
> > + int rv;
> > + struct task_struct *task = get_proc_task(inode);
> > +
> > + if (!task)
> > + return -ESRCH;
> > + if (*ppos != 0) {
> > + /* No partial writes. */
> > + put_task_struct(task);
> > + return -EINVAL;
> > + }
> > +
> > + rv = kstrtou64_from_user(buf, count, 10, &containerid);
> > + if (rv < 0) {
> > + put_task_struct(task);
> > + return rv;
> > + }
> > +
> > + rv = audit_set_containerid(task, containerid);
> > + put_task_struct(task);
> > + if (rv < 0)
> > + return rv;
> > + return count;
> > +}
> > +
> > +static const struct file_operations proc_containerid_operations = {
> > + .write = proc_containerid_write,
> > + .llseek = generic_file_llseek,
> > +};
> > +
> > #endif
> >
> > #ifdef CONFIG_FAULT_INJECTION
> > @@ -2961,6 +2996,7 @@ static int proc_pid_patch_state(struct seq_file
> > *m, struct pid_namespace *ns, #ifdef CONFIG_AUDITSYSCALL
> > REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations),
> > REG("sessionid", S_IRUGO, proc_sessionid_operations),
> > + REG("containerid", S_IWUSR, proc_containerid_operations),
> > #endif
> > #ifdef CONFIG_FAULT_INJECTION
> > REG("make-it-fail", S_IRUGO|S_IWUSR,
> > proc_fault_inject_operations), @@ -3355,6 +3391,7 @@ static int
> > proc_tid_comm_permission(struct inode *inode, int mask) #ifdef
> > CONFIG_AUDITSYSCALL REG("loginuid", S_IWUSR|S_IRUGO,
> > proc_loginuid_operations), REG("sessionid", S_IRUGO,
> > proc_sessionid_operations),
> > + REG("containerid", S_IWUSR, proc_containerid_operations),
> > #endif
> > #ifdef CONFIG_FAULT_INJECTION
> > REG("make-it-fail", S_IRUGO|S_IWUSR,
> > proc_fault_inject_operations), diff --git a/include/linux/audit.h
> > b/include/linux/audit.h index af410d9..fe4ba3f 100644
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -29,6 +29,7 @@
> >
> > #define AUDIT_INO_UNSET ((unsigned long)-1)
> > #define AUDIT_DEV_UNSET ((dev_t)-1)
> > +#define INVALID_CID AUDIT_CID_UNSET
> >
> > struct audit_sig_info {
> > uid_t uid;
> > @@ -321,6 +322,7 @@ static inline void audit_ptrace(struct
> > task_struct *t) extern int auditsc_get_stamp(struct audit_context
> > *ctx, struct timespec64 *t, unsigned int *serial);
> > extern int audit_set_loginuid(kuid_t loginuid);
> > +extern int audit_set_containerid(struct task_struct *tsk, u64
> > containerid);
> > static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
> > {
> > @@ -332,6 +334,11 @@ static inline unsigned int
> > audit_get_sessionid(struct task_struct *tsk) return tsk->sessionid;
> > }
> >
> > +static inline u64 audit_get_containerid(struct task_struct *tsk)
> > +{
> > + return tsk->containerid;
> > +}
> > +
> > extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
> > extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
> > gid_t gid, umode_t mode); extern void __audit_bprm(struct
> > linux_binprm *bprm); @@ -517,6 +524,10 @@ static inline unsigned int
> > audit_get_sessionid(struct task_struct *tsk) {
> > return -1;
> > }
> > +static inline kuid_t audit_get_containerid(struct task_struct *tsk)
> > +{
> > + return INVALID_CID;
> > +}
> > static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
> > { }
> > static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t
> > uid, @@ -581,6 +592,11 @@ static inline bool
> > audit_loginuid_set(struct task_struct *tsk) return
> > uid_valid(audit_get_loginuid(tsk)); }
> >
> > +static inline bool audit_containerid_set(struct task_struct *tsk)
> > +{
> > + return audit_get_containerid(tsk) != INVALID_CID;
> > +}
> > +
> > static inline void audit_log_string(struct audit_buffer *ab, const
> > char *buf) {
> > audit_log_n_string(ab, buf, strlen(buf));
> > diff --git a/include/linux/init_task.h b/include/linux/init_task.h
> > index 6a53262..046bd0a 100644
> > --- a/include/linux/init_task.h
> > +++ b/include/linux/init_task.h
> > @@ -18,6 +18,7 @@
> > #include <linux/sched/rt.h>
> > #include <linux/livepatch.h>
> > #include <linux/mm_types.h>
> > +#include <linux/audit.h>
> >
> > #include <asm/thread_info.h>
> >
> > @@ -120,7 +121,8 @@
> > #ifdef CONFIG_AUDITSYSCALL
> > #define INIT_IDS \
> > .loginuid = INVALID_UID, \
> > - .sessionid = (unsigned int)-1,
> > + .sessionid = (unsigned int)-1, \
> > + .containerid = INVALID_CID,
> > #else
> > #define INIT_IDS
> > #endif
> > diff --git a/include/linux/sched.h b/include/linux/sched.h
> > index d258826..1b82191 100644
> > --- a/include/linux/sched.h
> > +++ b/include/linux/sched.h
> > @@ -796,6 +796,7 @@ struct task_struct {
> > #ifdef CONFIG_AUDITSYSCALL
> > kuid_t loginuid;
> > unsigned int sessionid;
> > + u64 containerid;
> > #endif
> > struct seccomp seccomp;
> >
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index 4e61a9e..921a71f 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -71,6 +71,7 @@
> > #define AUDIT_TTY_SET 1017 /* Set TTY auditing
> > status */ #define AUDIT_SET_FEATURE 1018 /* Turn an
> > audit feature on or off */ #define AUDIT_GET_FEATURE
> > 1019 /* Get which features are enabled */ +#define
> > AUDIT_CONTAINER 1020 /* Define the container id
> > and information */ #define AUDIT_FIRST_USER_MSG 1100 /*
> > Userspace messages mostly uninteresting to kernel */ #define
> > AUDIT_USER_AVC 1107 /* We filter this
> > differently */ @@ -465,6 +466,7 @@ struct audit_tty_status { };
> >
> > #define AUDIT_UID_UNSET (unsigned int)-1
> > +#define AUDIT_CID_UNSET ((u64)-1)
> >
> > /* audit_rule_data supports filter rules with both integer and string
> > * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> > index 4e0a4ac..29c8482 100644
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -2073,6 +2073,90 @@ int audit_set_loginuid(kuid_t loginuid)
> > return rc;
> > }
> >
> > +static int audit_set_containerid_perm(struct task_struct *task, u64
> > containerid) +{
> > + struct task_struct *parent;
> > + u64 pcontainerid, ccontainerid;
> > +
> > + /* Don't allow to set our own containerid */
> > + if (current == task)
> > + return -EPERM;
> > + /* Don't allow the containerid to be unset */
> > + if (!cid_valid(containerid))
> > + return -EINVAL;
> > + /* if we don't have caps, reject */
> > + if (!capable(CAP_AUDIT_CONTROL))
> > + return -EPERM;
> > + /* if containerid is unset, allow */
> > + if (!audit_containerid_set(task))
> > + return 0;
> > + /* it is already set, and not inherited from the parent,
> > reject */
> > + ccontainerid = audit_get_containerid(task);
> > + rcu_read_lock();
> > + parent = rcu_dereference(task->real_parent);
> > + rcu_read_unlock();
> > + task_lock(parent);
> > + pcontainerid = audit_get_containerid(parent);
> > + task_unlock(parent);
> > + if (ccontainerid != pcontainerid)
> > + return -EPERM;
> > + return 0;
> > +}
> > +
> > +static void audit_log_set_containerid(struct task_struct *task, u64
> > oldcontainerid,
> > + u64 containerid, int rc)
> > +{
> > + struct audit_buffer *ab;
> > + uid_t uid;
> > + struct tty_struct *tty;
> > +
> > + if (!audit_enabled)
> > + return;
> > +
> > + ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONTAINER);
> > + if (!ab)
> > + return;
> > +
> > + uid = from_kuid(&init_user_ns, task_uid(current));
> > + tty = audit_get_tty(current);
> > +
> > + audit_log_format(ab, "op=set pid=%d uid=%u",
> > task_tgid_nr(current), uid);
> > + audit_log_task_context(ab);
> > + audit_log_format(ab, " auid=%u tty=%s ses=%u opid=%d
> > old-contid=%llu contid=%llu res=%d",
>
> The preferred ordering would be: op, opid, old-contid, contid, pid, uid,
> tty, ses, subj, comm, exe, res. This groups the searchable fields
> together using the most common ordering so that parsing is simple.
There has been a suggestion to make this a syscall-connected record, and
if that is the case, we'd simply drop all the fields that would be
duplicated by the syscall record. Otherwise, I'll use your suggested
order.
As you may recall this suggestion was also made for the AUDIT_LOGIN
record.
> Thanks,
> -Steve
>
> > + from_kuid(&init_user_ns,
> > audit_get_loginuid(current)),
> > + tty ? tty_name(tty) : "(none)",
> > audit_get_sessionid(current),
> > + task_tgid_nr(task), oldcontainerid,
> > containerid, !rc); +
> > + audit_put_tty(tty);
> > + audit_log_end(ab);
> > +}
> > +
> > +/**
> > + * audit_set_containerid - set current task's audit_context
> > containerid
> > + * @containerid: containerid value
> > + *
> > + * Returns 0 on success, -EPERM on permission failure.
> > + *
> > + * Called (set) from fs/proc/base.c::proc_containerid_write().
> > + */
> > +int audit_set_containerid(struct task_struct *task, u64 containerid)
> > +{
> > + u64 oldcontainerid;
> > + int rc;
> > +
> > + oldcontainerid = audit_get_containerid(task);
> > +
> > + rc = audit_set_containerid_perm(task, containerid);
> > + if (!rc) {
> > + task_lock(task);
> > + task->containerid = containerid;
> > + task_unlock(task);
> > + }
> > +
> > + audit_log_set_containerid(task, oldcontainerid, containerid,
> > rc);
> > + return rc;
> > +}
> > +
> > /**
> > * __audit_mq_open - record audit data for a POSIX MQ open
> > * @oflag: open flag
>
- RGB
--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
^ permalink raw reply
* [net PATCH] net: Fix a bug in removing queues from XPS map
From: Amritha Nambiar @ 2018-05-17 21:50 UTC (permalink / raw)
To: netdev, davem
Cc: alexander.h.duyck, f.fainelli, amritha.nambiar, sridhar.samudrala,
edumazet, hannes, tom
While removing queues from the XPS map, the individual CPU ID
alone was used to index the CPUs map, this should be changed to also
factor in the traffic class mapping for the CPU-to-queue lookup.
Fixes: 184c449f91fe ("net: Add support for XPS with QoS via traffic classes")
Signed-off-by: Amritha Nambiar <amritha.nambiar@intel.com>
Acked-by: Alexander Duyck <alexander.h.duyck@intel.com>
---
net/core/dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 9f43901..9397577 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2125,7 +2125,7 @@ static bool remove_xps_queue_cpu(struct net_device *dev,
int i, j;
for (i = count, j = offset; i--; j++) {
- if (!remove_xps_queue(dev_maps, cpu, j))
+ if (!remove_xps_queue(dev_maps, tci, j))
break;
}
^ permalink raw reply related
* Re: [PATCH net 0/7] net: ip6_gre: Fixes in headroom handling
From: Petr Machata @ 2018-05-17 21:53 UTC (permalink / raw)
To: David Miller; +Cc: netdev
In-Reply-To: <20180517.171816.2160600204640507047.davem@davemloft.net>
David Miller <davem@davemloft.net> writes:
> Luckily for you, your Fixes: tags went out before I pushed, so I could
> actually fix up the commit messages and add the tags.
I was hoping that would be the case.
Thanks,
Petr
^ permalink raw reply
* [PATCH v3 net-next 6/6] tcp: add tcp_comp_sack_nr sysctl
From: Eric Dumazet @ 2018-05-17 21:47 UTC (permalink / raw)
To: David S . Miller
Cc: netdev, Toke Høiland-Jørgensen, Neal Cardwell,
Yuchung Cheng, Soheil Hassas Yeganeh, Eric Dumazet, Eric Dumazet
In-Reply-To: <20180517214729.186094-1-edumazet@google.com>
This per netns sysctl allows for TCP SACK compression fine-tuning.
This limits number of SACK that can be compressed.
Using 0 disables SACK compression.
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
Documentation/networking/ip-sysctl.txt | 6 ++++++
include/net/netns/ipv4.h | 1 +
net/ipv4/sysctl_net_ipv4.c | 10 ++++++++++
net/ipv4/tcp_input.c | 3 ++-
net/ipv4/tcp_ipv4.c | 1 +
5 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 7ba952959bca0eee4ecf81fb5837e17790db0fde..924bd51327b7a8dff3503d7afccdd54e1eb5c29b 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -532,6 +532,12 @@ tcp_comp_sack_delay_ns - LONG INTEGER
Default : 1,000,000 ns (1 ms)
+tcp_comp_sack_nr - INTEGER
+ Max numer of SACK that can be compressed.
+ Using 0 disables SACK compression.
+
+ Detault : 44
+
tcp_slow_start_after_idle - BOOLEAN
If set, provide RFC2861 behavior and time out the congestion
window after an idle period. An idle period is defined at
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 927318243cfaa2ddd8eb423c6ba6e66253f771d3..661348f23ea5a3a9320b2cafcd17e23960214771 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -160,6 +160,7 @@ struct netns_ipv4 {
int sysctl_tcp_pacing_ca_ratio;
int sysctl_tcp_wmem[3];
int sysctl_tcp_rmem[3];
+ int sysctl_tcp_comp_sack_nr;
unsigned long sysctl_tcp_comp_sack_delay_ns;
struct inet_timewait_death_row tcp_death_row;
int sysctl_max_syn_backlog;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 11fbfdc1566eca95f91360522178295318277588..d2eed3ddcb0a1ad9778d96d46c685f6c60b93d8d 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -46,6 +46,7 @@ static int tcp_syn_retries_min = 1;
static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
static int ip_ping_group_range_min[] = { 0, 0 };
static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
+static int comp_sack_nr_max = 255;
/* obsolete */
static int sysctl_tcp_low_latency __read_mostly;
@@ -1158,6 +1159,15 @@ static struct ctl_table ipv4_net_table[] = {
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
},
+ {
+ .procname = "tcp_comp_sack_nr",
+ .data = &init_net.ipv4.sysctl_tcp_comp_sack_nr,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = &zero,
+ .extra2 = &comp_sack_nr_max,
+ },
{
.procname = "udp_rmem_min",
.data = &init_net.ipv4.sysctl_udp_rmem_min,
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 6a1dae38c9558c7bc9dd31e9f16c4e8ea8c78149..aebb29ab2fdf2ceaa182cd11928f145a886149ff 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5106,7 +5106,8 @@ static void __tcp_ack_snd_check(struct sock *sk, int ofo_possible)
return;
}
- if (!tcp_is_sack(tp) || tp->compressed_ack >= 44)
+ if (!tcp_is_sack(tp) ||
+ tp->compressed_ack >= sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr)
goto send_now;
tp->compressed_ack++;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a3f4647341db2eb5a63c3e9f1e8b93099aedadab..adbdb503db0c983ef4185f83b138aa51bafd15bf 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2573,6 +2573,7 @@ static int __net_init tcp_sk_init(struct net *net)
sizeof(init_net.ipv4.sysctl_tcp_wmem));
}
net->ipv4.sysctl_tcp_comp_sack_delay_ns = NSEC_PER_MSEC;
+ net->ipv4.sysctl_tcp_comp_sack_nr = 44;
net->ipv4.sysctl_tcp_fastopen = TFO_CLIENT_ENABLE;
spin_lock_init(&net->ipv4.tcp_fastopen_ctx_lock);
net->ipv4.sysctl_tcp_fastopen_blackhole_timeout = 60 * 60;
--
2.17.0.441.gb46fe60e1d-goog
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox