* [PATCH bpf-next 2/6] bpf, verifier: fix register type dump in xadd and st
From: Daniel Borkmann @ 2018-10-21 0:09 UTC (permalink / raw)
To: alexei.starovoitov; +Cc: netdev, Daniel Borkmann
In-Reply-To: <20181021000928.15705-1-daniel@iogearbox.net>
Using reg_type_str[insn->dst_reg] is incorrect since insn->dst_reg
contains the register number but not the actual register type. Add
a small reg_state() helper and use it to get to the type. Also fix
up the test_verifier test cases that have an incorrect errstr.
Fixes: 9d2be44a7f33 ("bpf: Reuse canonical string formatter for ctx errs")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
kernel/bpf/verifier.c | 19 +++++++++++++------
tools/testing/selftests/bpf/test_verifier.c | 10 +++++-----
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 7d6d9cf..64e0981 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1528,14 +1528,19 @@ static bool __is_pointer_value(bool allow_ptr_leaks,
return reg->type != SCALAR_VALUE;
}
+static struct bpf_reg_state *reg_state(struct bpf_verifier_env *env, int regno)
+{
+ return cur_regs(env) + regno;
+}
+
static bool is_pointer_value(struct bpf_verifier_env *env, int regno)
{
- return __is_pointer_value(env->allow_ptr_leaks, cur_regs(env) + regno);
+ return __is_pointer_value(env->allow_ptr_leaks, reg_state(env, regno));
}
static bool is_ctx_reg(struct bpf_verifier_env *env, int regno)
{
- const struct bpf_reg_state *reg = cur_regs(env) + regno;
+ const struct bpf_reg_state *reg = reg_state(env, regno);
return reg->type == PTR_TO_CTX ||
reg->type == PTR_TO_SOCKET;
@@ -1543,7 +1548,7 @@ static bool is_ctx_reg(struct bpf_verifier_env *env, int regno)
static bool is_pkt_reg(struct bpf_verifier_env *env, int regno)
{
- const struct bpf_reg_state *reg = cur_regs(env) + regno;
+ const struct bpf_reg_state *reg = reg_state(env, regno);
return type_is_pkt_pointer(reg->type);
}
@@ -1958,7 +1963,8 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins
if (is_ctx_reg(env, insn->dst_reg) ||
is_pkt_reg(env, insn->dst_reg)) {
verbose(env, "BPF_XADD stores into R%d %s is not allowed\n",
- insn->dst_reg, reg_type_str[insn->dst_reg]);
+ insn->dst_reg,
+ reg_type_str[reg_state(env, insn->dst_reg)->type]);
return -EACCES;
}
@@ -1983,7 +1989,7 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno,
int access_size, bool zero_size_allowed,
struct bpf_call_arg_meta *meta)
{
- struct bpf_reg_state *reg = cur_regs(env) + regno;
+ struct bpf_reg_state *reg = reg_state(env, regno);
struct bpf_func_state *state = func(env, reg);
int off, i, slot, spi;
@@ -5264,7 +5270,8 @@ static int do_check(struct bpf_verifier_env *env)
if (is_ctx_reg(env, insn->dst_reg)) {
verbose(env, "BPF_ST stores into R%d %s is not allowed\n",
- insn->dst_reg, reg_type_str[insn->dst_reg]);
+ insn->dst_reg,
+ reg_type_str[reg_state(env, insn->dst_reg)->type]);
return -EACCES;
}
diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
index f1ae8d0..769d68a 100644
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -3430,7 +3430,7 @@ static struct bpf_test tests[] = {
BPF_ST_MEM(BPF_DW, BPF_REG_1, offsetof(struct __sk_buff, mark), 0),
BPF_EXIT_INSN(),
},
- .errstr = "BPF_ST stores into R1 inv is not allowed",
+ .errstr = "BPF_ST stores into R1 ctx is not allowed",
.result = REJECT,
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
@@ -3442,7 +3442,7 @@ static struct bpf_test tests[] = {
BPF_REG_0, offsetof(struct __sk_buff, mark), 0),
BPF_EXIT_INSN(),
},
- .errstr = "BPF_XADD stores into R1 inv is not allowed",
+ .errstr = "BPF_XADD stores into R1 ctx is not allowed",
.result = REJECT,
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
@@ -5670,7 +5670,7 @@ static struct bpf_test tests[] = {
.errstr_unpriv = "R2 leaks addr into mem",
.result_unpriv = REJECT,
.result = REJECT,
- .errstr = "BPF_XADD stores into R1 inv is not allowed",
+ .errstr = "BPF_XADD stores into R1 ctx is not allowed",
},
{
"leak pointer into ctx 2",
@@ -5685,7 +5685,7 @@ static struct bpf_test tests[] = {
.errstr_unpriv = "R10 leaks addr into mem",
.result_unpriv = REJECT,
.result = REJECT,
- .errstr = "BPF_XADD stores into R1 inv is not allowed",
+ .errstr = "BPF_XADD stores into R1 ctx is not allowed",
},
{
"leak pointer into ctx 3",
@@ -12634,7 +12634,7 @@ static struct bpf_test tests[] = {
BPF_EXIT_INSN(),
},
.result = REJECT,
- .errstr = "BPF_XADD stores into R2 ctx",
+ .errstr = "BPF_XADD stores into R2 pkt is not allowed",
.prog_type = BPF_PROG_TYPE_XDP,
},
{
--
2.9.5
^ permalink raw reply related
* [PATCH bpf-next 0/6] Misc improvements and few minor fixes
From: Daniel Borkmann @ 2018-10-21 0:09 UTC (permalink / raw)
To: alexei.starovoitov; +Cc: netdev, Daniel Borkmann
Last batch of misc patches I had in queue: first one removes some left-over
bits from ULP, second is a fix in the verifier where we wrongly use register
number as type to fetch the string for the dump, third disables xadd on flow
keys and subsequent one removes the flow key type from check_helper_mem_access()
as they cannot be passed into any helper as of today. Next one lets map push,
pop, peek avoid having to go through retpoline, and last one has a couple of
minor fixes and cleanups for the ring buffer walk.
Thanks!
Daniel Borkmann (6):
ulp: remove uid and user_visible members
bpf, verifier: fix register type dump in xadd and st
bpf, verifier: reject xadd on flow key memory
bpf, verifier: remove unneeded flow key in check_helper_mem_access
bpf, verifier: avoid retpoline for map push/pop/peek operation
bpf, libbpf: simplify and cleanup perf ring buffer walk
include/net/tcp.h | 7 ---
kernel/bpf/verifier.c | 57 +++++++++++++++++++-----
net/tls/tls_main.c | 2 -
tools/bpf/bpftool/map_perf_ring.c | 10 +++--
tools/lib/bpf/libbpf.c | 67 +++++++++++++----------------
tools/lib/bpf/libbpf.h | 15 ++++---
tools/testing/selftests/bpf/test_verifier.c | 10 ++---
tools/testing/selftests/bpf/trace_helpers.c | 7 +--
8 files changed, 99 insertions(+), 76 deletions(-)
--
2.9.5
^ permalink raw reply
* [PATCH bpf-next 4/6] bpf, verifier: remove unneeded flow key in check_helper_mem_access
From: Daniel Borkmann @ 2018-10-21 0:09 UTC (permalink / raw)
To: alexei.starovoitov; +Cc: netdev, Daniel Borkmann
In-Reply-To: <20181021000928.15705-1-daniel@iogearbox.net>
They PTR_TO_FLOW_KEYS is not used today to be passed into a helper
as memory, so it can be removed from check_helper_mem_access().
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
kernel/bpf/verifier.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 0450ffc..4f727c9 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2077,8 +2077,6 @@ static int check_helper_mem_access(struct bpf_verifier_env *env, int regno,
case PTR_TO_PACKET_META:
return check_packet_access(env, regno, reg->off, access_size,
zero_size_allowed);
- case PTR_TO_FLOW_KEYS:
- return check_flow_keys_access(env, reg->off, access_size);
case PTR_TO_MAP_VALUE:
return check_map_access(env, regno, reg->off, access_size,
zero_size_allowed);
--
2.9.5
^ permalink raw reply related
* [PATCH bpf-next 3/6] bpf, verifier: reject xadd on flow key memory
From: Daniel Borkmann @ 2018-10-21 0:09 UTC (permalink / raw)
To: alexei.starovoitov; +Cc: netdev, Daniel Borkmann
In-Reply-To: <20181021000928.15705-1-daniel@iogearbox.net>
We should not enable xadd operation for flow key memory if not
needed there anyway. There is no such issue as described in the
commit f37a8cb84cce ("bpf: reject stores into ctx via st and xadd")
since there's no context rewriter for flow keys today, but it
also shouldn't become part of the user facing behavior to allow
for it. After patch:
0: (79) r7 = *(u64 *)(r1 +144)
1: (b7) r3 = 4096
2: (db) lock *(u64 *)(r7 +0) += r3
BPF_XADD stores into R7 flow_keys is not allowed
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
kernel/bpf/verifier.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 64e0981..0450ffc 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1553,6 +1553,14 @@ static bool is_pkt_reg(struct bpf_verifier_env *env, int regno)
return type_is_pkt_pointer(reg->type);
}
+static bool is_flow_key_reg(struct bpf_verifier_env *env, int regno)
+{
+ const struct bpf_reg_state *reg = reg_state(env, regno);
+
+ /* Separate to is_ctx_reg() since we still want to allow BPF_ST here. */
+ return reg->type == PTR_TO_FLOW_KEYS;
+}
+
static int check_pkt_ptr_alignment(struct bpf_verifier_env *env,
const struct bpf_reg_state *reg,
int off, int size, bool strict)
@@ -1961,7 +1969,8 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins
}
if (is_ctx_reg(env, insn->dst_reg) ||
- is_pkt_reg(env, insn->dst_reg)) {
+ is_pkt_reg(env, insn->dst_reg) ||
+ is_flow_key_reg(env, insn->dst_reg)) {
verbose(env, "BPF_XADD stores into R%d %s is not allowed\n",
insn->dst_reg,
reg_type_str[reg_state(env, insn->dst_reg)->type]);
--
2.9.5
^ permalink raw reply related
* [PATCH bpf-next 5/6] bpf, verifier: avoid retpoline for map push/pop/peek operation
From: Daniel Borkmann @ 2018-10-21 0:09 UTC (permalink / raw)
To: alexei.starovoitov; +Cc: netdev, Daniel Borkmann
In-Reply-To: <20181021000928.15705-1-daniel@iogearbox.net>
Extend prior work from 09772d92cd5a ("bpf: avoid retpoline for
lookup/update/delete calls on maps") to also apply to the recently
added map helpers that perform push/pop/peek operations so that
the indirect call can be avoided.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
kernel/bpf/verifier.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 4f727c9..98fa0be 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6178,7 +6178,10 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
if (prog->jit_requested && BITS_PER_LONG == 64 &&
(insn->imm == BPF_FUNC_map_lookup_elem ||
insn->imm == BPF_FUNC_map_update_elem ||
- insn->imm == BPF_FUNC_map_delete_elem)) {
+ insn->imm == BPF_FUNC_map_delete_elem ||
+ insn->imm == BPF_FUNC_map_push_elem ||
+ insn->imm == BPF_FUNC_map_pop_elem ||
+ insn->imm == BPF_FUNC_map_peek_elem)) {
aux = &env->insn_aux_data[i + delta];
if (bpf_map_ptr_poisoned(aux))
goto patch_call_imm;
@@ -6211,6 +6214,14 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
BUILD_BUG_ON(!__same_type(ops->map_update_elem,
(int (*)(struct bpf_map *map, void *key, void *value,
u64 flags))NULL));
+ BUILD_BUG_ON(!__same_type(ops->map_push_elem,
+ (int (*)(struct bpf_map *map, void *value,
+ u64 flags))NULL));
+ BUILD_BUG_ON(!__same_type(ops->map_pop_elem,
+ (int (*)(struct bpf_map *map, void *value))NULL));
+ BUILD_BUG_ON(!__same_type(ops->map_peek_elem,
+ (int (*)(struct bpf_map *map, void *value))NULL));
+
switch (insn->imm) {
case BPF_FUNC_map_lookup_elem:
insn->imm = BPF_CAST_CALL(ops->map_lookup_elem) -
@@ -6224,6 +6235,18 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
insn->imm = BPF_CAST_CALL(ops->map_delete_elem) -
__bpf_call_base;
continue;
+ case BPF_FUNC_map_push_elem:
+ insn->imm = BPF_CAST_CALL(ops->map_push_elem) -
+ __bpf_call_base;
+ continue;
+ case BPF_FUNC_map_pop_elem:
+ insn->imm = BPF_CAST_CALL(ops->map_pop_elem) -
+ __bpf_call_base;
+ continue;
+ case BPF_FUNC_map_peek_elem:
+ insn->imm = BPF_CAST_CALL(ops->map_peek_elem) -
+ __bpf_call_base;
+ continue;
}
goto patch_call_imm;
--
2.9.5
^ permalink raw reply related
* [PATCH bpf-next 6/6] bpf, libbpf: simplify and cleanup perf ring buffer walk
From: Daniel Borkmann @ 2018-10-21 0:09 UTC (permalink / raw)
To: alexei.starovoitov; +Cc: netdev, Daniel Borkmann
In-Reply-To: <20181021000928.15705-1-daniel@iogearbox.net>
Simplify bpf_perf_event_read_simple() a bit and fix up some minor
things along the way: the return code in the header is not of type
int but enum bpf_perf_event_ret instead. Once callback indicated
to break the loop walking event data, it also needs to be consumed
in data_tail since it has been processed already.
Moreover, bpf_perf_event_print_t callback should avoid void * as
we actually get a pointer to struct perf_event_header and thus
applications can make use of container_of() to have type checks.
The walk also doesn't have to use modulo op since the ring size is
required to be power of two.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
tools/bpf/bpftool/map_perf_ring.c | 10 +++--
tools/lib/bpf/libbpf.c | 67 +++++++++++++----------------
tools/lib/bpf/libbpf.h | 15 ++++---
tools/testing/selftests/bpf/trace_helpers.c | 7 +--
4 files changed, 47 insertions(+), 52 deletions(-)
diff --git a/tools/bpf/bpftool/map_perf_ring.c b/tools/bpf/bpftool/map_perf_ring.c
index 6d41323..bdaf406 100644
--- a/tools/bpf/bpftool/map_perf_ring.c
+++ b/tools/bpf/bpftool/map_perf_ring.c
@@ -50,15 +50,17 @@ static void int_exit(int signo)
stop = true;
}
-static enum bpf_perf_event_ret print_bpf_output(void *event, void *priv)
+static enum bpf_perf_event_ret
+print_bpf_output(struct perf_event_header *event, void *private_data)
{
- struct event_ring_info *ring = priv;
- struct perf_event_sample *e = event;
+ struct perf_event_sample *e = container_of(event, struct perf_event_sample,
+ header);
+ struct event_ring_info *ring = private_data;
struct {
struct perf_event_header header;
__u64 id;
__u64 lost;
- } *lost = event;
+ } *lost = (typeof(lost))event;
if (json_output) {
jsonw_start_object(json_wtr);
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 0c21355..b607be7 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -2415,56 +2415,47 @@ int bpf_prog_load_xattr(const struct bpf_prog_load_attr *attr,
}
enum bpf_perf_event_ret
-bpf_perf_event_read_simple(void *mem, unsigned long size,
- unsigned long page_size, void **buf, size_t *buf_len,
- bpf_perf_event_print_t fn, void *priv)
+bpf_perf_event_read_simple(void *mmap_mem, size_t mmap_size, size_t page_size,
+ void **copy_mem, size_t *copy_size,
+ bpf_perf_event_print_t fn, void *private_data)
{
- struct perf_event_mmap_page *header = mem;
+ struct perf_event_mmap_page *header = mmap_mem;
__u64 data_head = ring_buffer_read_head(header);
__u64 data_tail = header->data_tail;
- int ret = LIBBPF_PERF_EVENT_ERROR;
- void *base, *begin, *end;
-
- if (data_head == data_tail)
- return LIBBPF_PERF_EVENT_CONT;
-
- base = ((char *)header) + page_size;
-
- begin = base + data_tail % size;
- end = base + data_head % size;
-
- while (begin != end) {
- struct perf_event_header *ehdr;
-
- ehdr = begin;
- if (begin + ehdr->size > base + size) {
- long len = base + size - begin;
-
- if (*buf_len < ehdr->size) {
- free(*buf);
- *buf = malloc(ehdr->size);
- if (!*buf) {
+ void *base = ((__u8 *)header) + page_size;
+ int ret = LIBBPF_PERF_EVENT_CONT;
+ struct perf_event_header *ehdr;
+ size_t ehdr_size;
+
+ while (data_head != data_tail) {
+ ehdr = base + (data_tail & (mmap_size - 1));
+ ehdr_size = ehdr->size;
+
+ if (((void *)ehdr) + ehdr_size > base + mmap_size) {
+ void *copy_start = ehdr;
+ size_t len_first = base + mmap_size - copy_start;
+ size_t len_secnd = ehdr_size - len_first;
+
+ if (*copy_size < ehdr_size) {
+ free(*copy_mem);
+ *copy_mem = malloc(ehdr_size);
+ if (!*copy_mem) {
+ *copy_size = 0;
ret = LIBBPF_PERF_EVENT_ERROR;
break;
}
- *buf_len = ehdr->size;
+ *copy_size = ehdr_size;
}
- memcpy(*buf, begin, len);
- memcpy(*buf + len, base, ehdr->size - len);
- ehdr = (void *)*buf;
- begin = base + ehdr->size - len;
- } else if (begin + ehdr->size == base + size) {
- begin = base;
- } else {
- begin += ehdr->size;
+ memcpy(*copy_mem, copy_start, len_first);
+ memcpy(*copy_mem + len_first, base, len_secnd);
+ ehdr = *copy_mem;
}
- ret = fn(ehdr, priv);
+ ret = fn(ehdr, private_data);
+ data_tail += ehdr_size;
if (ret != LIBBPF_PERF_EVENT_CONT)
break;
-
- data_tail += ehdr->size;
}
ring_buffer_write_tail(header, data_tail);
diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
index 1354cc9..1f3468d 100644
--- a/tools/lib/bpf/libbpf.h
+++ b/tools/lib/bpf/libbpf.h
@@ -297,13 +297,14 @@ enum bpf_perf_event_ret {
LIBBPF_PERF_EVENT_CONT = -2,
};
-typedef enum bpf_perf_event_ret (*bpf_perf_event_print_t)(void *event,
- void *priv);
-LIBBPF_API int bpf_perf_event_read_simple(void *mem, unsigned long size,
- unsigned long page_size,
- void **buf, size_t *buf_len,
- bpf_perf_event_print_t fn,
- void *priv);
+struct perf_event_header;
+typedef enum bpf_perf_event_ret
+ (*bpf_perf_event_print_t)(struct perf_event_header *hdr,
+ void *private_data);
+LIBBPF_API enum bpf_perf_event_ret
+bpf_perf_event_read_simple(void *mmap_mem, size_t mmap_size, size_t page_size,
+ void **copy_mem, size_t *copy_size,
+ bpf_perf_event_print_t fn, void *private_data);
struct nlattr;
typedef int (*libbpf_dump_nlmsg_t)(void *cookie, void *msg, struct nlattr **tb);
diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
index a3d1dac..4cdb63b 100644
--- a/tools/testing/selftests/bpf/trace_helpers.c
+++ b/tools/testing/selftests/bpf/trace_helpers.c
@@ -125,10 +125,11 @@ struct perf_event_sample {
char data[];
};
-static enum bpf_perf_event_ret bpf_perf_event_print(void *event, void *priv)
+static enum bpf_perf_event_ret
+bpf_perf_event_print(struct perf_event_header *hdr, void *private_data)
{
- struct perf_event_sample *e = event;
- perf_event_print_fn fn = priv;
+ struct perf_event_sample *e = (struct perf_event_sample *)hdr;
+ perf_event_print_fn fn = private_data;
int ret;
if (e->header.type == PERF_RECORD_SAMPLE) {
--
2.9.5
^ permalink raw reply related
* Re: [GIT] Networking
From: Greg KH @ 2018-10-21 8:53 UTC (permalink / raw)
To: David Miller; +Cc: akpm, netdev, linux-kernel
In-Reply-To: <20181020.222645.1496129473806890473.davem@davemloft.net>
On Sat, Oct 20, 2018 at 10:26:45PM -0700, David Miller wrote:
> From: David Miller <davem@davemloft.net>
> Date: Sat, 20 Oct 2018 15:47:37 -0700 (PDT)
>
> >
> > A few straggler bug fixes:
> >
> > 1) Fix indexing of multi-pass dumps of ipv6 addresses, from David
> > Ahern.
> >
> > 2) Revert RCU locking change for bonding netpoll, causes worse problems
> > than it solves.
> >
> > 3) pskb_trim_rcsum_slow() doesn't handle odd trim offsets, resulting in
> > erroneous bad hw checksum triggers with CHECKSUM_COMPLETE devices.
> > From Dimitris Michailidis.
> >
> > Please pull, thanks a lot!
>
> Great, I appended one more bug fix to this pull request, a revert to
> some neighbour code changes that adjust notifications in a way that
> confuses some apps.
Now merged, thanks.
greg k-h
^ permalink raw reply
* [PATCH net] Revert "neighbour: force neigh_invalidate when NUD_FAILED update is from admin"
From: Roopa Prabhu @ 2018-10-21 1:09 UTC (permalink / raw)
To: davem; +Cc: netdev
From: Roopa Prabhu <roopa@cumulusnetworks.com>
This reverts commit 8e326289e3069dfc9fa9c209924668dd031ab8ef.
This patch results in unnecessary netlink notification when one
tries to delete a neigh entry already in NUD_FAILED state. Found
this with a buggy app that tries to delete a NUD_FAILED entry
repeatedly. While the notification issue can be fixed with more
checks, adding more complexity here seems unnecessary. Also,
recent tests with other changes in the neighbour code have
shown that the INCOMPLETE and PROBE checks are good enough for
the original issue.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
---
Dave, Sorry about the revert so late in the release. The issue
is not serious, but i think its better to revert before
it gets into a released kernel. I am happy to fix the
notification issue but seems unnecessary at this point.
Thanks.
net/core/neighbour.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 91592fc..4e07824 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1148,8 +1148,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
neigh->nud_state = new;
err = 0;
notify = old & NUD_VALID;
- if (((old & (NUD_INCOMPLETE | NUD_PROBE)) ||
- (flags & NEIGH_UPDATE_F_ADMIN)) &&
+ if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
(new & NUD_FAILED)) {
neigh_invalidate(neigh);
notify = 1;
--
2.1.4
^ permalink raw reply related
* [PATCH] af_unix.h: trivial whitespace cleanup
From: Vito Caputo @ 2018-10-21 11:33 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-kernel
Replace spurious spaces with a tab and remove superfluous tab from
unix_sock struct.
Signed-off-by: Vito Caputo <vcaputo@pengaru.com>
---
include/net/af_unix.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index a5ba41b3b867..e2695c4bf358 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -52,7 +52,7 @@ struct unix_skb_parms {
struct unix_sock {
/* WARNING: sk has to be the first member */
struct sock sk;
- struct unix_address *addr;
+ struct unix_address *addr;
struct path path;
struct mutex iolock, bindlock;
struct sock *peer;
@@ -63,7 +63,7 @@ struct unix_sock {
#define UNIX_GC_CANDIDATE 0
#define UNIX_GC_MAYBE_CYCLE 1
struct socket_wq peer_wq;
- wait_queue_entry_t peer_wake;
+ wait_queue_entry_t peer_wake;
};
static inline struct unix_sock *unix_sk(const struct sock *sk)
--
2.11.0
^ permalink raw reply related
* Re: [PATCH] net: socket: fix a missing-check bug
From: Florian Fainelli @ 2018-10-21 3:21 UTC (permalink / raw)
To: Wenwen Wang; +Cc: Kangjie Lu, David S. Miller, netdev, linux-kernel
In-Reply-To: <1540051091-16604-1-git-send-email-wang6495@umn.edu>
Hi Wenwen,
On October 20, 2018 8:58:10 AM PDT, Wenwen Wang <wang6495@umn.edu> wrote:
>In ethtool_ioctl(), the ioctl command is firstly obtained from the
>user-space buffer 'compat_rxnfc' through get_user() and saved to
>'ethcmd'.
>Then, 'ethcmd' is checked to see whether it is necessary to pre-process
>the
>ethool structure, because the structure ethtool_rxnfc is defined with
>padding, as mentioned in the comment. If yes, a user-space buffer
>'rxnfc'
>is allocated through compat_alloc_user_space() and then the data in the
>original buffer 'compat_rxnfc' is copied to 'rxnfc' through
>copy_in_user(),
>including the ioctl command. It is worth noting that after this copy,
>there
>is no check enforced on the copied ioctl command. That means it is
>possible
>that 'rxnfc->cmd' is different from 'ethcmd', because a malicious user
>can
>race to modify the ioctl command in 'compat_rxnfc' between these two
>copies. Eventually, the ioctl command in 'rxnfc' will be used in
>dev_ethtool(). This can cause undefined behavior of the kernel and
>introduce potential security risk.
>
>This patch avoids the above issue by rewriting 'rxnfc->cmd' using
>'ethcmd'
>after copy_in_user().
>
>Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Assuming these issues are found with some kind of automated analysis, can you also add in your work flow to provide a Fixes: tag such that this could be backported to stable kernels?
If this is found by a tool is this something that is open source and somehow available? I would also make it clear that these issues are typically named time TOCTOU which might be clearer for people who review those patches.
Thanks!
--
Florian
^ permalink raw reply
* [PATCH net-next 0/3] sctp: add support for sk_reuseport
From: Xin Long @ 2018-10-21 4:43 UTC (permalink / raw)
To: network dev, linux-sctp; +Cc: Marcelo Ricardo Leitner, Neil Horman, davem
sctp sk_reuseport allows multiple socks to listen on the same port and
addresses, as long as these socks have the same uid. This works pretty
much as TCP/UDP does, the only difference is that sctp is multi-homing
and all the bind_addrs in these socks will have to completely matched,
otherwise listen() will return err.
The below is when 5 sockets are listening on 172.16.254.254:6400 on a
server, 26 sockets on a client connect to 172.16.254.254:6400 and each
may be processed by a different socket on the server which is selected
by hash(lport, pport, paddr) in reuseport_select_sock():
# ss --sctp -nn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 172.16.254.254:6400 *:*
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.1:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.4:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.3:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.4:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.2:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.3:1234
LISTEN 0 10 172.16.254.254:6400 *:*
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.3:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.4:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.2:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.1:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.2:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.3:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.4:1234
LISTEN 0 10 172.16.254.254:6400 *:*
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.2:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.5:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.5:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.253.253:1234
LISTEN 0 10 172.16.254.254:6400 *:*
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.2:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.3:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.4:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.5:1234
LISTEN 0 10 172.16.254.254:6400 *:*
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.1:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.5:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.5:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.1:1234
`- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.1:1234
Xin Long (3):
sctp: do reuseport_select_sock in __sctp_rcv_lookup_endpoint
sctp: add sock_reuseport for the sock in __sctp_hash_endpoint
sctp: process sk_reuseport in sctp_get_port_local
include/net/sctp/sctp.h | 2 +-
include/net/sctp/structs.h | 6 ++-
net/core/sock_reuseport.c | 1 +
net/sctp/bind_addr.c | 28 ++++++++++
net/sctp/input.c | 129 ++++++++++++++++++++++++++++++++-------------
net/sctp/socket.c | 49 +++++++++++------
6 files changed, 162 insertions(+), 53 deletions(-)
--
2.1.0
^ permalink raw reply
* [PATCH net-next 1/3] sctp: do reuseport_select_sock in __sctp_rcv_lookup_endpoint
From: Xin Long @ 2018-10-21 4:43 UTC (permalink / raw)
To: network dev, linux-sctp; +Cc: Marcelo Ricardo Leitner, Neil Horman, davem
In-Reply-To: <cover.1540095102.git.lucien.xin@gmail.com>
This is a part of sk_reuseport support for sctp, and it selects a
sock by the hashkey of lport, paddr and dport by default. It will
work until sk_reuseport support is added in sctp_get_port_local()
in the next patch.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
net/sctp/input.c | 69 +++++++++++++++++++++++++++++++++-----------------------
1 file changed, 41 insertions(+), 28 deletions(-)
diff --git a/net/sctp/input.c b/net/sctp/input.c
index 5c36a99..60ede89 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -57,6 +57,7 @@
#include <net/sctp/checksum.h>
#include <net/net_namespace.h>
#include <linux/rhashtable.h>
+#include <net/sock_reuseport.h>
/* Forward declarations for internal helpers. */
static int sctp_rcv_ootb(struct sk_buff *);
@@ -65,8 +66,10 @@ static struct sctp_association *__sctp_rcv_lookup(struct net *net,
const union sctp_addr *paddr,
const union sctp_addr *laddr,
struct sctp_transport **transportp);
-static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(struct net *net,
- const union sctp_addr *laddr);
+static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(
+ struct net *net, struct sk_buff *skb,
+ const union sctp_addr *laddr,
+ const union sctp_addr *daddr);
static struct sctp_association *__sctp_lookup_association(
struct net *net,
const union sctp_addr *local,
@@ -171,7 +174,7 @@ int sctp_rcv(struct sk_buff *skb)
asoc = __sctp_rcv_lookup(net, skb, &src, &dest, &transport);
if (!asoc)
- ep = __sctp_rcv_lookup_endpoint(net, &dest);
+ ep = __sctp_rcv_lookup_endpoint(net, skb, &dest, &src);
/* Retrieve the common input handling substructure. */
rcvr = asoc ? &asoc->base : &ep->base;
@@ -770,16 +773,35 @@ void sctp_unhash_endpoint(struct sctp_endpoint *ep)
local_bh_enable();
}
+static inline __u32 sctp_hashfn(const struct net *net, __be16 lport,
+ const union sctp_addr *paddr, __u32 seed)
+{
+ __u32 addr;
+
+ if (paddr->sa.sa_family == AF_INET6)
+ addr = jhash(&paddr->v6.sin6_addr, 16, seed);
+ else
+ addr = (__force __u32)paddr->v4.sin_addr.s_addr;
+
+ return jhash_3words(addr, ((__force __u32)paddr->v4.sin_port) << 16 |
+ (__force __u32)lport, net_hash_mix(net), seed);
+}
+
/* Look up an endpoint. */
-static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(struct net *net,
- const union sctp_addr *laddr)
+static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(
+ struct net *net, struct sk_buff *skb,
+ const union sctp_addr *laddr,
+ const union sctp_addr *paddr)
{
struct sctp_hashbucket *head;
struct sctp_ep_common *epb;
struct sctp_endpoint *ep;
+ struct sock *sk;
+ __be32 lport;
int hash;
- hash = sctp_ep_hashfn(net, ntohs(laddr->v4.sin_port));
+ lport = laddr->v4.sin_port;
+ hash = sctp_ep_hashfn(net, ntohs(lport));
head = &sctp_ep_hashtable[hash];
read_lock(&head->lock);
sctp_for_each_hentry(epb, &head->chain) {
@@ -791,6 +813,15 @@ static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(struct net *net,
ep = sctp_sk(net->sctp.ctl_sock)->ep;
hit:
+ sk = ep->base.sk;
+ if (sk->sk_reuseport) {
+ __u32 phash = sctp_hashfn(net, lport, paddr, 0);
+
+ sk = reuseport_select_sock(sk, phash, skb,
+ sizeof(struct sctphdr));
+ if (sk)
+ ep = sctp_sk(sk)->ep;
+ }
sctp_endpoint_hold(ep);
read_unlock(&head->lock);
return ep;
@@ -829,35 +860,17 @@ static inline int sctp_hash_cmp(struct rhashtable_compare_arg *arg,
static inline __u32 sctp_hash_obj(const void *data, u32 len, u32 seed)
{
const struct sctp_transport *t = data;
- const union sctp_addr *paddr = &t->ipaddr;
- const struct net *net = sock_net(t->asoc->base.sk);
- __be16 lport = htons(t->asoc->base.bind_addr.port);
- __u32 addr;
-
- if (paddr->sa.sa_family == AF_INET6)
- addr = jhash(&paddr->v6.sin6_addr, 16, seed);
- else
- addr = (__force __u32)paddr->v4.sin_addr.s_addr;
- return jhash_3words(addr, ((__force __u32)paddr->v4.sin_port) << 16 |
- (__force __u32)lport, net_hash_mix(net), seed);
+ return sctp_hashfn(sock_net(t->asoc->base.sk),
+ htons(t->asoc->base.bind_addr.port),
+ &t->ipaddr, seed);
}
static inline __u32 sctp_hash_key(const void *data, u32 len, u32 seed)
{
const struct sctp_hash_cmp_arg *x = data;
- const union sctp_addr *paddr = x->paddr;
- const struct net *net = x->net;
- __be16 lport = x->lport;
- __u32 addr;
-
- if (paddr->sa.sa_family == AF_INET6)
- addr = jhash(&paddr->v6.sin6_addr, 16, seed);
- else
- addr = (__force __u32)paddr->v4.sin_addr.s_addr;
- return jhash_3words(addr, ((__force __u32)paddr->v4.sin_port) << 16 |
- (__force __u32)lport, net_hash_mix(net), seed);
+ return sctp_hashfn(x->net, x->lport, x->paddr, seed);
}
static const struct rhashtable_params sctp_hash_params = {
--
2.1.0
^ permalink raw reply related
* [PATCH net-next 2/3] sctp: add sock_reuseport for the sock in __sctp_hash_endpoint
From: Xin Long @ 2018-10-21 4:43 UTC (permalink / raw)
To: network dev, linux-sctp; +Cc: Marcelo Ricardo Leitner, Neil Horman, davem
In-Reply-To: <cover.1540095102.git.lucien.xin@gmail.com>
This is a part of sk_reuseport support for sctp. It defines a helper
sctp_bind_addrs_check() to check if the bind_addrs in two socks are
matched. It will add sock_reuseport if they are completely matched,
and return err if they are partly matched, and alloc sock_reuseport
if all socks are not matched at all.
It will work until sk_reuseport support is added in
sctp_get_port_local() in the next patch.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
include/net/sctp/sctp.h | 2 +-
include/net/sctp/structs.h | 2 ++
net/core/sock_reuseport.c | 1 +
net/sctp/bind_addr.c | 28 ++++++++++++++++++++++
net/sctp/input.c | 60 +++++++++++++++++++++++++++++++++++++++-------
net/sctp/socket.c | 3 +--
6 files changed, 85 insertions(+), 11 deletions(-)
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 8c2caa3..b8cd58d 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -152,7 +152,7 @@ int sctp_primitive_RECONF(struct net *net, struct sctp_association *asoc,
*/
int sctp_rcv(struct sk_buff *skb);
void sctp_v4_err(struct sk_buff *skb, u32 info);
-void sctp_hash_endpoint(struct sctp_endpoint *);
+int sctp_hash_endpoint(struct sctp_endpoint *ep);
void sctp_unhash_endpoint(struct sctp_endpoint *);
struct sock *sctp_err_lookup(struct net *net, int family, struct sk_buff *,
struct sctphdr *, struct sctp_association **,
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index a11f937..15d017f 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -1190,6 +1190,8 @@ int sctp_bind_addr_conflict(struct sctp_bind_addr *, const union sctp_addr *,
struct sctp_sock *, struct sctp_sock *);
int sctp_bind_addr_state(const struct sctp_bind_addr *bp,
const union sctp_addr *addr);
+int sctp_bind_addrs_check(struct sctp_sock *sp,
+ struct sctp_sock *sp2, int cnt2);
union sctp_addr *sctp_find_unmatch_addr(struct sctp_bind_addr *bp,
const union sctp_addr *addrs,
int addrcnt,
diff --git a/net/core/sock_reuseport.c b/net/core/sock_reuseport.c
index ba5cba5..d8fe3e5 100644
--- a/net/core/sock_reuseport.c
+++ b/net/core/sock_reuseport.c
@@ -187,6 +187,7 @@ int reuseport_add_sock(struct sock *sk, struct sock *sk2, bool bind_inany)
call_rcu(&old_reuse->rcu, reuseport_free_rcu);
return 0;
}
+EXPORT_SYMBOL(reuseport_add_sock);
void reuseport_detach_sock(struct sock *sk)
{
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 7df3704..78d0d93 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -337,6 +337,34 @@ int sctp_bind_addr_match(struct sctp_bind_addr *bp,
return match;
}
+int sctp_bind_addrs_check(struct sctp_sock *sp,
+ struct sctp_sock *sp2, int cnt2)
+{
+ struct sctp_bind_addr *bp2 = &sp2->ep->base.bind_addr;
+ struct sctp_bind_addr *bp = &sp->ep->base.bind_addr;
+ struct sctp_sockaddr_entry *laddr, *laddr2;
+ bool exist = false;
+ int cnt = 0;
+
+ rcu_read_lock();
+ list_for_each_entry_rcu(laddr, &bp->address_list, list) {
+ list_for_each_entry_rcu(laddr2, &bp2->address_list, list) {
+ if (sp->pf->af->cmp_addr(&laddr->a, &laddr2->a) &&
+ laddr->valid == laddr2->valid) {
+ exist = true;
+ goto next;
+ }
+ }
+ cnt = 0;
+ break;
+next:
+ cnt++;
+ }
+ rcu_read_unlock();
+
+ return (cnt == cnt2) ? 0 : (exist ? -EEXIST : 1);
+}
+
/* Does the address 'addr' conflict with any addresses in
* the bp.
*/
diff --git a/net/sctp/input.c b/net/sctp/input.c
index 60ede89..6bfeb10 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -723,43 +723,87 @@ static int sctp_rcv_ootb(struct sk_buff *skb)
}
/* Insert endpoint into the hash table. */
-static void __sctp_hash_endpoint(struct sctp_endpoint *ep)
+static int __sctp_hash_endpoint(struct sctp_endpoint *ep)
{
- struct net *net = sock_net(ep->base.sk);
- struct sctp_ep_common *epb;
+ struct sock *sk = ep->base.sk;
+ struct net *net = sock_net(sk);
struct sctp_hashbucket *head;
+ struct sctp_ep_common *epb;
epb = &ep->base;
-
epb->hashent = sctp_ep_hashfn(net, epb->bind_addr.port);
head = &sctp_ep_hashtable[epb->hashent];
+ if (sk->sk_reuseport) {
+ bool any = sctp_is_ep_boundall(sk);
+ struct sctp_ep_common *epb2;
+ struct list_head *list;
+ int cnt = 0, err = 1;
+
+ list_for_each(list, &ep->base.bind_addr.address_list)
+ cnt++;
+
+ sctp_for_each_hentry(epb2, &head->chain) {
+ struct sock *sk2 = epb2->sk;
+
+ if (!net_eq(sock_net(sk2), net) || sk2 == sk ||
+ !uid_eq(sock_i_uid(sk2), sock_i_uid(sk)) ||
+ !sk2->sk_reuseport)
+ continue;
+
+ err = sctp_bind_addrs_check(sctp_sk(sk2),
+ sctp_sk(sk), cnt);
+ if (!err) {
+ err = reuseport_add_sock(sk, sk2, any);
+ if (err)
+ return err;
+ break;
+ } else if (err < 0) {
+ return err;
+ }
+ }
+
+ if (err) {
+ err = reuseport_alloc(sk, any);
+ if (err)
+ return err;
+ }
+ }
+
write_lock(&head->lock);
hlist_add_head(&epb->node, &head->chain);
write_unlock(&head->lock);
+ return 0;
}
/* Add an endpoint to the hash. Local BH-safe. */
-void sctp_hash_endpoint(struct sctp_endpoint *ep)
+int sctp_hash_endpoint(struct sctp_endpoint *ep)
{
+ int err;
+
local_bh_disable();
- __sctp_hash_endpoint(ep);
+ err = __sctp_hash_endpoint(ep);
local_bh_enable();
+
+ return err;
}
/* Remove endpoint from the hash table. */
static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
{
- struct net *net = sock_net(ep->base.sk);
+ struct sock *sk = ep->base.sk;
struct sctp_hashbucket *head;
struct sctp_ep_common *epb;
epb = &ep->base;
- epb->hashent = sctp_ep_hashfn(net, epb->bind_addr.port);
+ epb->hashent = sctp_ep_hashfn(sock_net(sk), epb->bind_addr.port);
head = &sctp_ep_hashtable[epb->hashent];
+ if (rcu_access_pointer(sk->sk_reuseport_cb))
+ reuseport_detach_sock(sk);
+
write_lock(&head->lock);
hlist_del_init(&epb->node);
write_unlock(&head->lock);
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index fc0386e..44e7d8c 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7850,8 +7850,7 @@ static int sctp_listen_start(struct sock *sk, int backlog)
}
sk->sk_max_ack_backlog = backlog;
- sctp_hash_endpoint(ep);
- return 0;
+ return sctp_hash_endpoint(ep);
}
/*
--
2.1.0
^ permalink raw reply related
* [PATCH net-next 3/3] sctp: process sk_reuseport in sctp_get_port_local
From: Xin Long @ 2018-10-21 4:43 UTC (permalink / raw)
To: network dev, linux-sctp; +Cc: Marcelo Ricardo Leitner, Neil Horman, davem
In-Reply-To: <cover.1540095102.git.lucien.xin@gmail.com>
When socks' sk_reuseport is set, the same port and address are allowed
to be bound into these socks who have the same uid.
Note that the difference from sk_reuse is that it allows multiple socks
to listen on the same port and address.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
include/net/sctp/structs.h | 4 +++-
net/sctp/socket.c | 46 +++++++++++++++++++++++++++++++++-------------
2 files changed, 36 insertions(+), 14 deletions(-)
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 15d017f..af9d494 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -96,7 +96,9 @@ struct sctp_stream;
struct sctp_bind_bucket {
unsigned short port;
- unsigned short fastreuse;
+ signed char fastreuse;
+ signed char fastreuseport;
+ kuid_t fastuid;
struct hlist_node node;
struct hlist_head owner;
struct net *net;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 44e7d8c..8605705 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -7642,8 +7642,10 @@ static struct sctp_bind_bucket *sctp_bucket_create(
static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
{
- bool reuse = (sk->sk_reuse || sctp_sk(sk)->reuse);
+ struct sctp_sock *sp = sctp_sk(sk);
+ bool reuse = (sk->sk_reuse || sp->reuse);
struct sctp_bind_hashbucket *head; /* hash list */
+ kuid_t uid = sock_i_uid(sk);
struct sctp_bind_bucket *pp;
unsigned short snum;
int ret;
@@ -7719,7 +7721,10 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
pr_debug("%s: found a possible match\n", __func__);
- if (pp->fastreuse && reuse && sk->sk_state != SCTP_SS_LISTENING)
+ if ((pp->fastreuse && reuse &&
+ sk->sk_state != SCTP_SS_LISTENING) ||
+ (pp->fastreuseport && sk->sk_reuseport &&
+ uid_eq(pp->fastuid, uid)))
goto success;
/* Run through the list of sockets bound to the port
@@ -7733,16 +7738,18 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
* in an endpoint.
*/
sk_for_each_bound(sk2, &pp->owner) {
- struct sctp_endpoint *ep2;
- ep2 = sctp_sk(sk2)->ep;
+ struct sctp_sock *sp2 = sctp_sk(sk2);
+ struct sctp_endpoint *ep2 = sp2->ep;
if (sk == sk2 ||
- (reuse && (sk2->sk_reuse || sctp_sk(sk2)->reuse) &&
- sk2->sk_state != SCTP_SS_LISTENING))
+ (reuse && (sk2->sk_reuse || sp2->reuse) &&
+ sk2->sk_state != SCTP_SS_LISTENING) ||
+ (sk->sk_reuseport && sk2->sk_reuseport &&
+ uid_eq(uid, sock_i_uid(sk2))))
continue;
- if (sctp_bind_addr_conflict(&ep2->base.bind_addr, addr,
- sctp_sk(sk2), sctp_sk(sk))) {
+ if (sctp_bind_addr_conflict(&ep2->base.bind_addr,
+ addr, sp2, sp)) {
ret = (long)sk2;
goto fail_unlock;
}
@@ -7765,19 +7772,32 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
pp->fastreuse = 1;
else
pp->fastreuse = 0;
- } else if (pp->fastreuse &&
- (!reuse || sk->sk_state == SCTP_SS_LISTENING))
- pp->fastreuse = 0;
+
+ if (sk->sk_reuseport) {
+ pp->fastreuseport = 1;
+ pp->fastuid = uid;
+ } else {
+ pp->fastreuseport = 0;
+ }
+ } else {
+ if (pp->fastreuse &&
+ (!reuse || sk->sk_state == SCTP_SS_LISTENING))
+ pp->fastreuse = 0;
+
+ if (pp->fastreuseport &&
+ (!sk->sk_reuseport || !uid_eq(pp->fastuid, uid)))
+ pp->fastreuseport = 0;
+ }
/* We are set, so fill up all the data in the hash table
* entry, tie the socket list information with the rest of the
* sockets FIXME: Blurry, NPI (ipg).
*/
success:
- if (!sctp_sk(sk)->bind_hash) {
+ if (!sp->bind_hash) {
inet_sk(sk)->inet_num = snum;
sk_add_bind_node(sk, &pp->owner);
- sctp_sk(sk)->bind_hash = pp;
+ sp->bind_hash = pp;
}
ret = 0;
--
2.1.0
^ permalink raw reply related
* Re: [PATCH net] Revert "neighbour: force neigh_invalidate when NUD_FAILED update is from admin"
From: David Miller @ 2018-10-21 5:26 UTC (permalink / raw)
To: roopa; +Cc: netdev
In-Reply-To: <1540084171-12793-1-git-send-email-roopa@cumulusnetworks.com>
From: Roopa Prabhu <roopa@cumulusnetworks.com>
Date: Sat, 20 Oct 2018 18:09:31 -0700
> From: Roopa Prabhu <roopa@cumulusnetworks.com>
>
> This reverts commit 8e326289e3069dfc9fa9c209924668dd031ab8ef.
>
> This patch results in unnecessary netlink notification when one
> tries to delete a neigh entry already in NUD_FAILED state. Found
> this with a buggy app that tries to delete a NUD_FAILED entry
> repeatedly. While the notification issue can be fixed with more
> checks, adding more complexity here seems unnecessary. Also,
> recent tests with other changes in the neighbour code have
> shown that the INCOMPLETE and PROBE checks are good enough for
> the original issue.
>
> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Applied, thanks.
^ permalink raw reply
* Re: [PATCH bpf-next 0/6] Misc improvements and few minor fixes
From: Alexei Starovoitov @ 2018-10-21 6:18 UTC (permalink / raw)
To: Daniel Borkmann; +Cc: netdev
In-Reply-To: <20181021000928.15705-1-daniel@iogearbox.net>
On Sun, Oct 21, 2018 at 02:09:22AM +0200, Daniel Borkmann wrote:
> Last batch of misc patches I had in queue: first one removes some left-over
> bits from ULP, second is a fix in the verifier where we wrongly use register
> number as type to fetch the string for the dump, third disables xadd on flow
> keys and subsequent one removes the flow key type from check_helper_mem_access()
> as they cannot be passed into any helper as of today. Next one lets map push,
> pop, peek avoid having to go through retpoline, and last one has a couple of
> minor fixes and cleanups for the ring buffer walk.
Applied, Thanks
^ permalink raw reply
* Re: [PATCH bpf-next] selftests/bpf: fix return value comparison for tests in test_libbpf.sh
From: Alexei Starovoitov @ 2018-10-21 6:19 UTC (permalink / raw)
To: Quentin Monnet; +Cc: Alexei Starovoitov, Daniel Borkmann, netdev, oss-drivers
In-Reply-To: <1540072724-26002-1-git-send-email-quentin.monnet@netronome.com>
On Sat, Oct 20, 2018 at 10:58:44PM +0100, Quentin Monnet wrote:
> The return value for each test in test_libbpf.sh is compared with
>
> if (( $? == 0 )) ; then ...
>
> This works well with bash, but not with dash, that /bin/sh is aliased to
> on some systems (such as Ubuntu).
>
> Let's replace this comparison by something that works on both shells.
>
> Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Applied, Thanks
^ permalink raw reply
* Re: [PATCH bpf-next 0/3] tools: bpftool: bring minor fixes to bpftool
From: Alexei Starovoitov @ 2018-10-21 6:22 UTC (permalink / raw)
To: Quentin Monnet; +Cc: Alexei Starovoitov, Daniel Borkmann, netdev, oss-drivers
In-Reply-To: <1540072910-29732-1-git-send-email-quentin.monnet@netronome.com>
On Sat, Oct 20, 2018 at 11:01:47PM +0100, Quentin Monnet wrote:
> Hi,
> These are three minor fixes for bpftool, its documentation and its bash
> completion function. Please refer to individual patches for details.
Applied, Thanks
^ permalink raw reply
* Re: [PATCH net-next] net: phy: phy_support_sym_pause: Clear Asym Pause
From: LABBE Corentin @ 2018-10-21 6:54 UTC (permalink / raw)
To: Andrew Lunn; +Cc: David Miller, netdev, Florian Fainelli, hkallweit1
In-Reply-To: <1540068088-14446-1-git-send-email-andrew@lunn.ch>
On Sat, Oct 20, 2018 at 10:41:28PM +0200, Andrew Lunn wrote:
> When indicating the MAC supports Symmetric Pause, clear the Asymmetric
> Pause bit, which could of been already set is the PHY supports it.
>
> Reported-by: Labbe Corentin <clabbe@baylibre.com>
> Fixes: c306ad36184f ("net: ethernet: Add helper for MACs which support pause")
> Signed-off-by: Andrew Lunn <andrew@lunn.ch>
> ---
> drivers/net/phy/phy_device.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
> index 43cb08dcce81..ab33d1777132 100644
> --- a/drivers/net/phy/phy_device.c
> +++ b/drivers/net/phy/phy_device.c
> @@ -1940,6 +1940,7 @@ EXPORT_SYMBOL(phy_remove_link_mode);
> */
> void phy_support_sym_pause(struct phy_device *phydev)
> {
> + phydev->supported &= ~SUPPORTED_Asym_Pause;
> phydev->supported |= SUPPORTED_Pause;
> phydev->advertising = phydev->supported;
> }
> --
> 2.19.0
>
Thanks, it made my imx6q-sabrelite works again with next-20181019.
Tested-by: Corentin Labbe <clabbe@baylibre.com>
For completeness, this is the ethtool output which confirm it.
ethtool version 4.16
Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: Symmetric
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: Symmetric
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Link partner advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Link partner advertised pause frame use: Symmetric Receive-only
Link partner advertised auto-negotiation: Yes
Link partner advertised FEC modes: Not reported
Speed: 1000Mb/s
Duplex: Full
Port: MII
PHYAD: 6
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: d
Wake-on: d
Link detected: yes
^ permalink raw reply
* Re: [PATCH net-next 0/3] sctp: add support for sk_reuseport
From: Xin Long @ 2018-10-21 6:58 UTC (permalink / raw)
To: network dev, linux-sctp; +Cc: Marcelo Ricardo Leitner, Neil Horman, davem
In-Reply-To: <cover.1540095102.git.lucien.xin@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3812 bytes --]
On Sun, Oct 21, 2018 at 1:43 PM Xin Long <lucien.xin@gmail.com> wrote:
>
> sctp sk_reuseport allows multiple socks to listen on the same port and
> addresses, as long as these socks have the same uid. This works pretty
> much as TCP/UDP does, the only difference is that sctp is multi-homing
> and all the bind_addrs in these socks will have to completely matched,
> otherwise listen() will return err.
>
> The below is when 5 sockets are listening on 172.16.254.254:6400 on a
> server, 26 sockets on a client connect to 172.16.254.254:6400 and each
> may be processed by a different socket on the server which is selected
> by hash(lport, pport, paddr) in reuseport_select_sock():
>
> # ss --sctp -nn
> State Recv-Q Send-Q Local Address:Port Peer Address:Port
> LISTEN 0 10 172.16.254.254:6400 *:*
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.1:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.4:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.3:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.4:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.2:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.3:1234
> LISTEN 0 10 172.16.254.254:6400 *:*
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.3:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.4:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.2:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.1:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.2:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.3:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.4:1234
> LISTEN 0 10 172.16.254.254:6400 *:*
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.2:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.5:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.4.5:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.253.253:1234
> LISTEN 0 10 172.16.254.254:6400 *:*
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.2:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.3:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.4:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.5:1234
> LISTEN 0 10 172.16.254.254:6400 *:*
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.1:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.1.5:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.2.5:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.3.1:1234
> `- ESTAB 0 0 172.16.254.254%eth1:6400 172.16.5.1:1234
Attached is the testcase based on sctp-tests.git.
>
> Xin Long (3):
> sctp: do reuseport_select_sock in __sctp_rcv_lookup_endpoint
> sctp: add sock_reuseport for the sock in __sctp_hash_endpoint
> sctp: process sk_reuseport in sctp_get_port_local
>
> include/net/sctp/sctp.h | 2 +-
> include/net/sctp/structs.h | 6 ++-
> net/core/sock_reuseport.c | 1 +
> net/sctp/bind_addr.c | 28 ++++++++++
> net/sctp/input.c | 129 ++++++++++++++++++++++++++++++++-------------
> net/sctp/socket.c | 49 +++++++++++------
> 6 files changed, 162 insertions(+), 53 deletions(-)
>
> --
> 2.1.0
>
[-- Attachment #2: reuseport.tar.gz --]
[-- Type: application/x-gzip, Size: 2501 bytes --]
^ permalink raw reply
* Re: [PATCH net-next] net: phy: phy_support_sym_pause: Clear Asym Pause
From: Sergei Shtylyov @ 2018-10-21 8:24 UTC (permalink / raw)
To: Andrew Lunn, clabbe, David Miller; +Cc: netdev, Florian Fainelli, hkallweit1
In-Reply-To: <1540068088-14446-1-git-send-email-andrew@lunn.ch>
Hello!
On 20.10.2018 23:41, Andrew Lunn wrote:
> When indicating the MAC supports Symmetric Pause, clear the Asymmetric
> Pause bit, which could of been already set is the PHY supports it.
Could've been, s/is/if/.
> Reported-by: Labbe Corentin <clabbe@baylibre.com>
> Fixes: c306ad36184f ("net: ethernet: Add helper for MACs which support pause")
> Signed-off-by: Andrew Lunn <andrew@lunn.ch>
[...]
MBR, Sergei
^ permalink raw reply
* Re: [PATCH] net: ethernet:fec: Consistently use SPEED_ prefix
From: Sergei Shtylyov @ 2018-10-21 8:25 UTC (permalink / raw)
To: Andrew Lunn, David Miller; +Cc: clabbe, netdev, Florian Fainelli, hkallweit1
In-Reply-To: <1540068491-14760-1-git-send-email-andrew@lunn.ch>
On 20.10.2018 23:48, Andrew Lunn wrote:
> All other calls to phy_set_max_speed() use the SPEED_ prefix. Make the
> FEC driver follow this common pattern. This makes no different to
Difference.
> generated code since SPEED_1000 is 1000, and SPEED_100 is 100.
>
> Reported-by: Corentin Labbe <clabbe@baylibre.com>
> Signed-off-by: Andrew Lunn <andrew@lunn.ch>
[...]
MBR, Sergei
^ permalink raw reply
* r8169: changed rx buffer alignment requirement
From: Heiner Kallweit @ 2018-10-21 9:02 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev@vger.kernel.org
Hi Eric,
when working on the r8169 driver I came across an old patch from you:
6f0333b8fde4 ("r8169: use 50% less ram for RX ring")
As part of this patch the alignment requirement for rx buffers was
silently changed from 8 to 16 bytes. Can you remember (well, after
eight years) why you did this? In the chip datasheet I find only
8 bytes mentioned as requirement.
Regards,
Heiner
^ permalink raw reply
* Re: [PATCH bpf-next] selftests/bpf: enable (uncomment) all tests in test_libbpf.sh
From: Jesper Dangaard Brouer @ 2018-10-21 9:57 UTC (permalink / raw)
To: Quentin Monnet
Cc: Alexei Starovoitov, Daniel Borkmann, netdev, oss-drivers, brouer
In-Reply-To: <1540072824-27914-1-git-send-email-quentin.monnet@netronome.com>
On Sat, 20 Oct 2018 23:00:24 +0100
Quentin Monnet <quentin.monnet@netronome.com> wrote:
> libbpf is now able to load successfully test_l4lb_noinline.o and
> samples/bpf/tracex3_kern.o, so we can uncomment related tests from
> test_libbpf.c and remove the associated "TODO"s.
Thanks for working on this, comments below.
> It is also trivial to fix test_xdp_noinline.o so that it provides a
> version and can be loaded. Fix it and uncomment this test as well.
>
> For the record, the error message obtainted with tracex3_kern.o was
> fixed by commit e3d91b0ca523 ("tools/libbpf: handle issues with bpf ELF
> objects containing .eh_frames")
>
> I have not been abled to reproduce the "libbpf: incorrect bpf_call
> opcode" error for test_l4lb_noinline.o, even with the version of libbpf
> present at the time when test_libbpf.sh and test_libbpf_open.c were
> created.
>
> Cc: Jesper Dangaard Brouer <brouer@redhat.com>
> Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
> ---
> tools/testing/selftests/bpf/test_libbpf.sh | 12 +++---------
> tools/testing/selftests/bpf/test_xdp_meta.c | 2 ++
> 2 files changed, 5 insertions(+), 9 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/test_libbpf.sh b/tools/testing/selftests/bpf/test_libbpf.sh
> index 156d89f1edcc..a426f28163a5 100755
> --- a/tools/testing/selftests/bpf/test_libbpf.sh
> +++ b/tools/testing/selftests/bpf/test_libbpf.sh
> @@ -33,17 +33,11 @@ trap exit_handler 0 2 3 6 9
>
> libbpf_open_file test_l4lb.o
>
> -# TODO: fix libbpf to load noinline functions
> -# [warning] libbpf: incorrect bpf_call opcode
> -#libbpf_open_file test_l4lb_noinline.o
> +libbpf_open_file test_l4lb_noinline.o
>
> -# TODO: fix test_xdp_meta.c to load with libbpf
> -# [warning] libbpf: test_xdp_meta.o doesn't provide kernel version
> -#libbpf_open_file test_xdp_meta.o
> +libbpf_open_file test_xdp_meta.o
>
> -# TODO: fix libbpf to handle .eh_frame
> -# [warning] libbpf: relocation failed: no section(10)
> -#libbpf_open_file ../../../../samples/bpf/tracex3_kern.o
> +libbpf_open_file ../../../../samples/bpf/tracex3_kern.o
I don't like the ../../../../samples/bpf/ reference (even-through I
added this TODO), as the kselftests AFAIK support installing the
selftests and then this tests will fail.
Maybe we can find another example kern.o file?
(which isn't compiled with -target bpf)
> # Success
> exit 0
> diff --git a/tools/testing/selftests/bpf/test_xdp_meta.c b/tools/testing/selftests/bpf/test_xdp_meta.c
> index 8d0182650653..2f42de66e2bb 100644
> --- a/tools/testing/selftests/bpf/test_xdp_meta.c
> +++ b/tools/testing/selftests/bpf/test_xdp_meta.c
> @@ -8,6 +8,8 @@
> #define round_up(x, y) ((((x) - 1) | __round_mask(x, y)) + 1)
> #define ctx_ptr(ctx, mem) (void *)(unsigned long)ctx->mem
>
> +int _version SEC("version") = 1;
> +
> SEC("t")
> int ing_cls(struct __sk_buff *ctx)
> {
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
^ permalink raw reply
* Re: [PATCH net-next] octeontx2-af: Remove set but not used variable 'block'
From: YueHaibing @ 2018-10-21 10:07 UTC (permalink / raw)
To: Sunil Kovvuri
Cc: Sunil Goutham, Linu Cherian, Geetha sowjanya, jerinj,
David S. Miller, Linux Netdev List, kernel-janitors
In-Reply-To: <CA+sq2CekhmaVQddoy2T0e5B9KwG2=_8d+KVFavqfnJfAFSPs2A@mail.gmail.com>
On 2018/10/19 21:36, Sunil Kovvuri wrote:
> On Fri, Oct 19, 2018 at 6:11 PM YueHaibing <yuehaibing@huawei.com> wrote:
>>
>> Fixes gcc '-Wunused-but-set-variable' warning:
>>
>> drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c: In function 'rvu_npa_init':
>> drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c:446:20: warning:
>> variable 'block' set but not used [-Wunused-but-set-variable]
>>
>> It never used since introduction in
>> commit 7a37245ef23f ("octeontx2-af: NPA block admin queue init")
>>
>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>> ---
>> drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c | 3 ---
>> 1 file changed, 3 deletions(-)
>>
>> diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c
>> index 0e43a69..7531fdc 100644
>> --- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c
>> +++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c
>> @@ -443,15 +443,12 @@ static int npa_aq_init(struct rvu *rvu, struct rvu_block *block)
>> int rvu_npa_init(struct rvu *rvu)
>> {
>> struct rvu_hwinfo *hw = rvu->hw;
>> - struct rvu_block *block;
>> int blkaddr, err;
>>
>> blkaddr = rvu_get_blkaddr(rvu, BLKTYPE_NPA, 0);
>> if (blkaddr < 0)
>> return 0;
>>
>> - block = &hw->block[blkaddr];
>> -
>> /* Initialize admin queue */
>> err = npa_aq_init(rvu, &hw->block[blkaddr]);
>> if (err)
>>
>
> Thanks for the patch.
> Which GCC version do you use ?
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)
> Before submitting patches I did test compiling specifically with these
> "make arch=X86 -j8 -Werror=unused-function -Wunused-but-set-variable"
> but that didn't throw these warnings.
>
> Thanks,
> Sunil.
>
> .
>
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox