* [PATCH 4/8] netfilter: xt_TEE: add missing code to get interface index in checkentry.
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
From: Taehee Yoo <ap420073@gmail.com>
checkentry(tee_tg_check) should initialize priv->oif from dev if possible.
But only netdevice notifier handler can set that.
Hence priv->oif is always -1 until notifier handler is called.
Fixes: 9e2f6c5d78db ("netfilter: Rework xt_TEE netdevice notifier")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_TEE.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index 673ad2099f97..1dae02a97ee3 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -104,6 +104,8 @@ static int tee_tg_check(const struct xt_tgchk_param *par)
return -EINVAL;
if (info->oif[0]) {
+ struct net_device *dev;
+
if (info->oif[sizeof(info->oif)-1] != '\0')
return -EINVAL;
@@ -115,6 +117,11 @@ static int tee_tg_check(const struct xt_tgchk_param *par)
priv->oif = -1;
info->priv = priv;
+ dev = dev_get_by_name(par->net, info->oif);
+ if (dev) {
+ priv->oif = dev->ifindex;
+ dev_put(dev);
+ }
mutex_lock(&tn->lock);
list_add(&priv->list, &tn->priv_list);
mutex_unlock(&tn->lock);
--
2.11.0
^ permalink raw reply related
* [PATCH 0/8] Netfilter fixes for net
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
Hi David,
The following patchset contains Netfilter fixes for your net tree:
1) rbtree lookup from control plane returns the left-hand side element
of the range when the interval end flag is set on.
2) osf extension is not supported from the input path, reject this from
the control plane, from Fernando Fernandez Mancera.
3) xt_TEE is leaving output interface unset due to a recent incorrect
netns rework, from Taehee Yoo.
4) xt_TEE allows to select an interface which does not belong to this
netnamespace, from Taehee Yoo.
5) Zero private extension area in nft_compat, just like we do in x_tables,
otherwise we leak kernel memory to userspace.
6) Missing .checkentry and .destroy entries in new DNAT extensions breaks
it since we never load nf_conntrack dependencies, from Paolo Abeni.
7) Do not remove flowtable hook from netns exit path, the netdevice handler
already deals with this, also from Taehee Yoo.
8) Only cleanup flowtable entries that reside in this netnamespace, also
from Taehee Yoo.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 9a4890bd6d6325a1c88564a20ab310b2d56f6094:
rds: RDS (tcp) hangs on sendto() to unresponding address (2018-10-10 22:19:52 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to a3fb3698cadf27dc142b24394c401625e14d80d0:
netfilter: nf_flow_table: do not remove offload when other netns's interface is down (2018-10-19 13:30:48 +0200)
----------------------------------------------------------------
Fernando Fernandez Mancera (1):
netfilter: nft_osf: usage from output path is not valid
Pablo Neira Ayuso (2):
netfilter: nft_set_rbtree: allow loose matching of closing element in interval
netfilter: nft_compat: do not dump private area
Paolo Abeni (1):
netfilter: xt_nat: fix DNAT target for shifted portmap ranges
Taehee Yoo (4):
netfilter: xt_TEE: fix wrong interface selection
netfilter: xt_TEE: add missing code to get interface index in checkentry.
netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
netfilter: nf_flow_table: do not remove offload when other netns's interface is down
net/netfilter/nf_flow_table_core.c | 9 +++--
net/netfilter/nf_tables_api.c | 3 --
net/netfilter/nft_compat.c | 24 +++++++++++-
net/netfilter/nft_osf.c | 10 +++++
net/netfilter/nft_set_rbtree.c | 10 ++++-
net/netfilter/xt_TEE.c | 76 +++++++++++++++++++++++++++++---------
net/netfilter/xt_nat.c | 2 +
7 files changed, 107 insertions(+), 27 deletions(-)
^ permalink raw reply
* [PATCH 3/8] netfilter: xt_TEE: fix wrong interface selection
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
From: Taehee Yoo <ap420073@gmail.com>
TEE netdevice notifier handler checks only interface name. however
each netns can have same interface name. hence other netns's interface
could be selected.
test commands:
%ip netns add vm1
%iptables -I INPUT -p icmp -j TEE --gateway 192.168.1.1 --oif enp2s0
%ip link set enp2s0 netns vm1
Above rule is in the root netns. but that rule could get enp2s0
ifindex of vm1 by notifier handler.
After this patch, TEE rule is added to the per-netns list.
Fixes: 9e2f6c5d78db ("netfilter: Rework xt_TEE netdevice notifier")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_TEE.c | 69 +++++++++++++++++++++++++++++++++++++-------------
1 file changed, 52 insertions(+), 17 deletions(-)
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index 0d0d68c989df..673ad2099f97 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -14,6 +14,8 @@
#include <linux/skbuff.h>
#include <linux/route.h>
#include <linux/netfilter/x_tables.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
#include <net/route.h>
#include <net/netfilter/ipv4/nf_dup_ipv4.h>
#include <net/netfilter/ipv6/nf_dup_ipv6.h>
@@ -25,8 +27,15 @@ struct xt_tee_priv {
int oif;
};
+static unsigned int tee_net_id __read_mostly;
static const union nf_inet_addr tee_zero_address;
+struct tee_net {
+ struct list_head priv_list;
+ /* lock protects the priv_list */
+ struct mutex lock;
+};
+
static unsigned int
tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
@@ -51,17 +60,16 @@ tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
}
#endif
-static DEFINE_MUTEX(priv_list_mutex);
-static LIST_HEAD(priv_list);
-
static int tee_netdev_event(struct notifier_block *this, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
+ struct net *net = dev_net(dev);
+ struct tee_net *tn = net_generic(net, tee_net_id);
struct xt_tee_priv *priv;
- mutex_lock(&priv_list_mutex);
- list_for_each_entry(priv, &priv_list, list) {
+ mutex_lock(&tn->lock);
+ list_for_each_entry(priv, &tn->priv_list, list) {
switch (event) {
case NETDEV_REGISTER:
if (!strcmp(dev->name, priv->tginfo->oif))
@@ -79,13 +87,14 @@ static int tee_netdev_event(struct notifier_block *this, unsigned long event,
break;
}
}
- mutex_unlock(&priv_list_mutex);
+ mutex_unlock(&tn->lock);
return NOTIFY_DONE;
}
static int tee_tg_check(const struct xt_tgchk_param *par)
{
+ struct tee_net *tn = net_generic(par->net, tee_net_id);
struct xt_tee_tginfo *info = par->targinfo;
struct xt_tee_priv *priv;
@@ -106,9 +115,9 @@ static int tee_tg_check(const struct xt_tgchk_param *par)
priv->oif = -1;
info->priv = priv;
- mutex_lock(&priv_list_mutex);
- list_add(&priv->list, &priv_list);
- mutex_unlock(&priv_list_mutex);
+ mutex_lock(&tn->lock);
+ list_add(&priv->list, &tn->priv_list);
+ mutex_unlock(&tn->lock);
} else
info->priv = NULL;
@@ -118,12 +127,13 @@ static int tee_tg_check(const struct xt_tgchk_param *par)
static void tee_tg_destroy(const struct xt_tgdtor_param *par)
{
+ struct tee_net *tn = net_generic(par->net, tee_net_id);
struct xt_tee_tginfo *info = par->targinfo;
if (info->priv) {
- mutex_lock(&priv_list_mutex);
+ mutex_lock(&tn->lock);
list_del(&info->priv->list);
- mutex_unlock(&priv_list_mutex);
+ mutex_unlock(&tn->lock);
kfree(info->priv);
}
static_key_slow_dec(&xt_tee_enabled);
@@ -156,6 +166,21 @@ static struct xt_target tee_tg_reg[] __read_mostly = {
#endif
};
+static int __net_init tee_net_init(struct net *net)
+{
+ struct tee_net *tn = net_generic(net, tee_net_id);
+
+ INIT_LIST_HEAD(&tn->priv_list);
+ mutex_init(&tn->lock);
+ return 0;
+}
+
+static struct pernet_operations tee_net_ops = {
+ .init = tee_net_init,
+ .id = &tee_net_id,
+ .size = sizeof(struct tee_net),
+};
+
static struct notifier_block tee_netdev_notifier = {
.notifier_call = tee_netdev_event,
};
@@ -164,22 +189,32 @@ static int __init tee_tg_init(void)
{
int ret;
- ret = xt_register_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
- if (ret)
+ ret = register_pernet_subsys(&tee_net_ops);
+ if (ret < 0)
return ret;
+
+ ret = xt_register_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
+ if (ret < 0)
+ goto cleanup_subsys;
+
ret = register_netdevice_notifier(&tee_netdev_notifier);
- if (ret) {
- xt_unregister_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
- return ret;
- }
+ if (ret < 0)
+ goto unregister_targets;
return 0;
+
+unregister_targets:
+ xt_unregister_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
+cleanup_subsys:
+ unregister_pernet_subsys(&tee_net_ops);
+ return ret;
}
static void __exit tee_tg_exit(void)
{
unregister_netdevice_notifier(&tee_netdev_notifier);
xt_unregister_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
+ unregister_pernet_subsys(&tee_net_ops);
}
module_init(tee_tg_init);
--
2.11.0
^ permalink raw reply related
* [PATCH 5/8] netfilter: nft_compat: do not dump private area
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
Zero pad private area, otherwise we expose private kernel pointer to
userspace. This patch also zeroes the tail area after the ->matchsize
and ->targetsize that results from XT_ALIGN().
Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_compat.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 32535eea51b2..768292eac2a4 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -290,6 +290,24 @@ nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
module_put(target->me);
}
+static int nft_extension_dump_info(struct sk_buff *skb, int attr,
+ const void *info,
+ unsigned int size, unsigned int user_size)
+{
+ unsigned int info_size, aligned_size = XT_ALIGN(size);
+ struct nlattr *nla;
+
+ nla = nla_reserve(skb, attr, aligned_size);
+ if (!nla)
+ return -1;
+
+ info_size = user_size ? : size;
+ memcpy(nla_data(nla), info, info_size);
+ memset(nla_data(nla) + info_size, 0, aligned_size - info_size);
+
+ return 0;
+}
+
static int nft_target_dump(struct sk_buff *skb, const struct nft_expr *expr)
{
const struct xt_target *target = expr->ops->data;
@@ -297,7 +315,8 @@ static int nft_target_dump(struct sk_buff *skb, const struct nft_expr *expr)
if (nla_put_string(skb, NFTA_TARGET_NAME, target->name) ||
nla_put_be32(skb, NFTA_TARGET_REV, htonl(target->revision)) ||
- nla_put(skb, NFTA_TARGET_INFO, XT_ALIGN(target->targetsize), info))
+ nft_extension_dump_info(skb, NFTA_TARGET_INFO, info,
+ target->targetsize, target->usersize))
goto nla_put_failure;
return 0;
@@ -532,7 +551,8 @@ static int __nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr,
if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) ||
nla_put_be32(skb, NFTA_MATCH_REV, htonl(match->revision)) ||
- nla_put(skb, NFTA_MATCH_INFO, XT_ALIGN(match->matchsize), info))
+ nft_extension_dump_info(skb, NFTA_MATCH_INFO, info,
+ match->matchsize, match->usersize))
goto nla_put_failure;
return 0;
--
2.11.0
^ permalink raw reply related
* [PATCH 1/8] netfilter: nft_set_rbtree: allow loose matching of closing element in interval
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
Allow to find closest matching for the right side of an interval (end
flag set on) so we allow lookups in inner ranges, eg. 10-20 in 5-25.
Fixes: ba0e4d9917b4 ("netfilter: nf_tables: get set elements via netlink")
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_set_rbtree.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 0e5ec126f6ad..fa61208371f8 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -135,9 +135,12 @@ static bool __nft_rbtree_get(const struct net *net, const struct nft_set *set,
d = memcmp(this, key, set->klen);
if (d < 0) {
parent = rcu_dereference_raw(parent->rb_left);
- interval = rbe;
+ if (!(flags & NFT_SET_ELEM_INTERVAL_END))
+ interval = rbe;
} else if (d > 0) {
parent = rcu_dereference_raw(parent->rb_right);
+ if (flags & NFT_SET_ELEM_INTERVAL_END)
+ interval = rbe;
} else {
if (!nft_set_elem_active(&rbe->ext, genmask))
parent = rcu_dereference_raw(parent->rb_left);
@@ -154,7 +157,10 @@ static bool __nft_rbtree_get(const struct net *net, const struct nft_set *set,
if (set->flags & NFT_SET_INTERVAL && interval != NULL &&
nft_set_elem_active(&interval->ext, genmask) &&
- !nft_rbtree_interval_end(interval)) {
+ ((!nft_rbtree_interval_end(interval) &&
+ !(flags & NFT_SET_ELEM_INTERVAL_END)) ||
+ (nft_rbtree_interval_end(interval) &&
+ (flags & NFT_SET_ELEM_INTERVAL_END)))) {
*elem = interval;
return true;
}
--
2.11.0
^ permalink raw reply related
* [PATCH 8/8] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
From: Taehee Yoo <ap420073@gmail.com>
When interface is down, offload cleanup function(nf_flow_table_do_cleanup)
is called and that checks whether interface index of offload and
index of link down interface is same. but only interface index checking
is not enough because flowtable is not pernet list.
So that, if other netns's interface that has index is same with offload
is down, that offload will be removed.
This patch adds netns checking code to the offload cleanup routine.
Fixes: 59c466dd68e7 ("netfilter: nf_flow_table: add a new flow state for tearing down offloading")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_flow_table_core.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index d8125616edc7..c188e27972c7 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -478,14 +478,17 @@ EXPORT_SYMBOL_GPL(nf_flow_table_init);
static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
{
struct net_device *dev = data;
+ struct flow_offload_entry *e;
+
+ e = container_of(flow, struct flow_offload_entry, flow);
if (!dev) {
flow_offload_teardown(flow);
return;
}
-
- if (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||
- flow->tuplehash[1].tuple.iifidx == dev->ifindex)
+ if (net_eq(nf_ct_net(e->ct), dev_net(dev)) &&
+ (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||
+ flow->tuplehash[1].tuple.iifidx == dev->ifindex))
flow_offload_dead(flow);
}
--
2.11.0
^ permalink raw reply related
* [PATCH 7/8] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
From: Taehee Yoo <ap420073@gmail.com>
When device is unregistered, flowtable flush routine is called
by notifier_call(nf_tables_flowtable_event). and exit callback of
nftables pernet_operation(nf_tables_exit_net) also has flowtable flush
routine. but when network namespace is destroyed, both notifier_call
and pernet_operation are called. hence flowtable flush routine in
pernet_operation is unnecessary.
test commands:
%ip netns add vm1
%ip netns exec vm1 nft add table ip filter
%ip netns exec vm1 nft add flowtable ip filter w \
{ hook ingress priority 0\; devices = { lo }\; }
%ip netns del vm1
splat looks like:
[ 265.187019] WARNING: CPU: 0 PID: 87 at net/netfilter/core.c:309 nf_hook_entry_head+0xc7/0xf0
[ 265.187112] Modules linked in: nf_flow_table_ipv4 nf_flow_table nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink ip_tables x_tables
[ 265.187390] CPU: 0 PID: 87 Comm: kworker/u4:2 Not tainted 4.19.0-rc3+ #5
[ 265.187453] Workqueue: netns cleanup_net
[ 265.187514] RIP: 0010:nf_hook_entry_head+0xc7/0xf0
[ 265.187546] Code: 8d 81 68 03 00 00 5b c3 89 d0 83 fa 04 48 8d 84 c7 e8 11 00 00 76 81 0f 0b 31 c0 e9 78 ff ff ff 0f 0b 48 83 c4 08 31 c0 5b c3 <0f> 0b 31 c0 e9 65 ff ff ff 0f 0b 31 c0 e9 5c ff ff ff 48 89 0c 24
[ 265.187573] RSP: 0018:ffff88011546f098 EFLAGS: 00010246
[ 265.187624] RAX: ffffffff8d90e135 RBX: 1ffff10022a8de1c RCX: 0000000000000000
[ 265.187645] RDX: 0000000000000000 RSI: 0000000000000005 RDI: ffff880116298040
[ 265.187645] RBP: ffff88010ea4c1a8 R08: 0000000000000000 R09: 0000000000000000
[ 265.187645] R10: ffff88011546f1d8 R11: ffffed0022c532c1 R12: ffff88010ea4c1d0
[ 265.187645] R13: 0000000000000005 R14: dffffc0000000000 R15: ffff88010ea4c1c4
[ 265.187645] FS: 0000000000000000(0000) GS:ffff88011b200000(0000) knlGS:0000000000000000
[ 265.187645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 265.187645] CR2: 00007fdfb8d00000 CR3: 0000000057a16000 CR4: 00000000001006f0
[ 265.187645] Call Trace:
[ 265.187645] __nf_unregister_net_hook+0xca/0x5d0
[ 265.187645] ? nf_hook_entries_free.part.3+0x80/0x80
[ 265.187645] ? save_trace+0x300/0x300
[ 265.187645] nf_unregister_net_hooks+0x2e/0x40
[ 265.187645] nf_tables_exit_net+0x479/0x1340 [nf_tables]
[ 265.187645] ? find_held_lock+0x39/0x1c0
[ 265.187645] ? nf_tables_abort+0x30/0x30 [nf_tables]
[ 265.187645] ? inet_frag_destroy_rcu+0xd0/0xd0
[ 265.187645] ? trace_hardirqs_on+0x93/0x210
[ 265.187645] ? __bpf_trace_preemptirq_template+0x10/0x10
[ 265.187645] ? inet_frag_destroy_rcu+0xd0/0xd0
[ 265.187645] ? inet_frag_destroy_rcu+0xd0/0xd0
[ 265.187645] ? __mutex_unlock_slowpath+0x17f/0x740
[ 265.187645] ? wait_for_completion+0x710/0x710
[ 265.187645] ? bucket_table_free+0xb2/0x1f0
[ 265.187645] ? nested_table_free+0x130/0x130
[ 265.187645] ? __lock_is_held+0xb4/0x140
[ 265.187645] ops_exit_list.isra.10+0x94/0x140
[ 265.187645] cleanup_net+0x45b/0x900
[ ... ]
This WARNING means that hook unregisteration is failed because
all flowtables hooks are already unregistered by notifier_call.
Network namespace exit routine guarantees that all devices will be
unregistered first. then, other exit callbacks of pernet_operations
are called. so that removing flowtable flush routine in exit callback of
pernet_operation(nf_tables_exit_net) doesn't make flowtable leak.
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 2cfb173cd0b2..d83c0d01a266 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7202,9 +7202,6 @@ static void __nft_release_tables(struct net *net)
list_for_each_entry(chain, &table->chains, list)
nf_tables_unregister_hook(net, table, chain);
- list_for_each_entry(flowtable, &table->flowtables, list)
- nf_unregister_net_hooks(net, flowtable->ops,
- flowtable->ops_len);
/* No packets are walking on these chains anymore. */
ctx.table = table;
list_for_each_entry(chain, &table->chains, list) {
--
2.11.0
^ permalink raw reply related
* [PATCH 6/8] netfilter: xt_nat: fix DNAT target for shifted portmap ranges
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
From: Paolo Abeni <pabeni@redhat.com>
The commit 2eb0f624b709 ("netfilter: add NAT support for shifted
portmap ranges") did not set the checkentry/destroy callbacks for
the newly added DNAT target. As a result, rulesets using only
such nat targets are not effective, as the relevant conntrack hooks
are not enabled.
The above affect also nft_compat rulesets.
Fix the issue adding the missing initializers.
Fixes: 2eb0f624b709 ("netfilter: add NAT support for shifted portmap ranges")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_nat.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/xt_nat.c b/net/netfilter/xt_nat.c
index 8af9707f8789..ac91170fc8c8 100644
--- a/net/netfilter/xt_nat.c
+++ b/net/netfilter/xt_nat.c
@@ -216,6 +216,8 @@ static struct xt_target xt_nat_target_reg[] __read_mostly = {
{
.name = "DNAT",
.revision = 2,
+ .checkentry = xt_nat_checkentry,
+ .destroy = xt_nat_destroy,
.target = xt_dnat_target_v2,
.targetsize = sizeof(struct nf_nat_range2),
.table = "nat",
--
2.11.0
^ permalink raw reply related
* [PATCH 2/8] netfilter: nft_osf: usage from output path is not valid
From: Pablo Neira Ayuso @ 2018-10-22 20:07 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20181022200724.25806-1-pablo@netfilter.org>
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
The nft_osf extension, like xt_osf, is not supported from the output
path.
Fixes: b96af92d6eaf ("netfilter: nf_tables: implement Passive OS fingerprint module in nft_osf")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_osf.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c
index a35fb59ace73..df4e3e0412ed 100644
--- a/net/netfilter/nft_osf.c
+++ b/net/netfilter/nft_osf.c
@@ -69,6 +69,15 @@ static int nft_osf_dump(struct sk_buff *skb, const struct nft_expr *expr)
return -1;
}
+static int nft_osf_validate(const struct nft_ctx *ctx,
+ const struct nft_expr *expr,
+ const struct nft_data **data)
+{
+ return nft_chain_validate_hooks(ctx->chain, (1 << NF_INET_LOCAL_IN) |
+ (1 << NF_INET_PRE_ROUTING) |
+ (1 << NF_INET_FORWARD));
+}
+
static struct nft_expr_type nft_osf_type;
static const struct nft_expr_ops nft_osf_op = {
.eval = nft_osf_eval,
@@ -76,6 +85,7 @@ static const struct nft_expr_ops nft_osf_op = {
.init = nft_osf_init,
.dump = nft_osf_dump,
.type = &nft_osf_type,
+ .validate = nft_osf_validate,
};
static struct nft_expr_type nft_osf_type __read_mostly = {
--
2.11.0
^ permalink raw reply related
* Re: [PATCH] mm: convert totalram_pages, totalhigh_pages and managed_pages to atomic.
From: Arun Sudhilal @ 2018-10-23 4:46 UTC (permalink / raw)
To: mhocko-DgEjT+Ai2ygdnm+yROfE0A
Cc: snitzer-H+wXaHxf7aLQT0dZR+AlfA,
benh-XVmvHMARGAS8U2dJNN8I7kB+6BGkLq7r,
kemi.wang-ral2JQCrhuEAvxtiuMwx3w,
dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW,
bfields-uC3wQj2KruNg9hUCZPvPmw, linux-sctp-u79uwXL29TY76Z2rM5mHXA,
paulus-eUNUBHrolfbYtjvyW6yDsg, pavel-+ZI9xUNit7I,
cl-vYTEC60ixJUAvxtiuMwx3w, kys-0li6OtcxBFHby3iVrkZq2A,
sumit.semwal-QSEj5FYQhm4dnm+yROfE0A, David1.Zhou-5C7GfCeVMHo,
ptesarik-IBi9RG/b67k, mpe-Gsx/Oe8HsFggBc27wqDAHg,
ceph-devel-u79uwXL29TY76Z2rM5mHXA, jejb-6jwH94ZQLHl74goWV3ctuw,
kasan-dev-/JYPxA39Uh5TLH3MbocFFw,
marcos.souza.org-Re5JQEeQqe8AvxtiuMwx3w,
steven.hill-YGCgFSpz5w/QT0dZR+AlfA,
rientjes-hpIqsD4AKlfQT0dZR+AlfA,
anthony.yznaga-QHcLZuEGTsvQT0dZR+AlfA,
neelx-H+wXaHxf7aLQT0dZR+AlfA, guro-b10kYP2dOMg,
len.brown-ral2JQCrhuEAvxtiuMwx3w, linux-pm-u79uwXL29TY76Z2rM5mHXA,
vbabka-AlSwsSmVLrQ, linux-um-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r,
rppt-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8,
viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn,
tglx-hfZtesqFncYOwBW4kG4KsQ,
trond.myklebust-F/q8l9xzQnoyLce1RVWEUA,
anton-yrGDUoBaLx3QT0dZR+AlfA, linux-parisc-u79uwXL29TY76Z2rM5mHXA,
malat-8fiUuRrzOP0dnm+yROfE0A,
gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r,
rdunlap-wEGCiKHe2LqWVfeAwA7xHQ, rjw-LthD3rsA81gm4RdzfppkhA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, cyrilbur
In-Reply-To: <20181022181122.GK18839-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
On Mon, Oct 22, 2018 at 11:41 PM Michal Hocko <mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
>
> On Mon 22-10-18 22:53:22, Arun KS wrote:
> > Remove managed_page_count_lock spinlock and instead use atomic
> > variables.
>
Hello Michal,
> I assume this has been auto-generated. If yes, it would be better to
> mention the script so that people can review it and regenerate for
> comparision. Such a large change is hard to review manually.
Changes were made partially with script. For totalram_pages and
totalhigh_pages,
find dir -type f -exec sed -i
's/totalram_pages/atomic_long_read(\&totalram_pages)/g' {} \;
find dir -type f -exec sed -i
's/totalhigh_pages/atomic_long_read(\&totalhigh_pages)/g' {} \;
For managed_pages it was mostly manual edits after using,
find mm/ -type f -exec sed -i
's/zone->managed_pages/atomic_long_read(\&zone->managed_pages)/g' {}
\;
Regards,
Arun
> --
> Michal Hocko
> SUSE Labs
^ permalink raw reply
* Re: [PATCH] mm: convert totalram_pages, totalhigh_pages and managed_pages to atomic.
From: Arun KS @ 2018-10-23 4:48 UTC (permalink / raw)
To: Joe Perches
Cc: Mike Snitzer, Benjamin Herrenschmidt, Kemi Wang,
dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW, J. Bruce Fields,
linux-sctp-u79uwXL29TY76Z2rM5mHXA, Paul Mackerras, Pavel Machek,
Christoph Lameter, K. Y. Srinivasan, Sumit Semwal,
David (ChunMing) Zhou, Petr Tesarik, Michael Ellerman,
ceph-devel-u79uwXL29TY76Z2rM5mHXA, James E.J. Bottomley,
kasan-dev-/JYPxA39Uh5TLH3MbocFFw, Marcos Paulo de Souza,
Steven J. Hill, David Rientjes, Anthony Yznaga, Daniel Vacek,
Roman Gushchin, Len Brown <len.b
In-Reply-To: <c57bcc584b3700c483b0311881ec3ae8786f88b1.camel-6d6DIl74uiNBDgjK7y7TUQ@public.gmane.org>
On 2018-10-23 09:45, Joe Perches wrote:
> On Mon, 2018-10-22 at 22:53 +0530, Arun KS wrote:
>> Remove managed_page_count_lock spinlock and instead use atomic
>> variables.
>
Hello Joe,
> Perhaps better to define and use macros for the accesses
> instead of specific uses of atomic_long_<inc/dec/read>
>
> Something like:
>
> #define totalram_pages() (unsigned
> long)atomic_long_read(&_totalram_pages)
> #define totalram_pages_inc() (unsigned
> long)atomic_long_inc(&_totalram_pages)
> #define totalram_pages_dec() (unsigned
> long)atomic_long_dec(&_totalram_pages)
That sounds like a nice idea.
Regards,
Arun
^ permalink raw reply
* [PATCH 03/20] ath9k: ar9002_phy: mark expected switch fall-throughs
From: Gustavo A. R. Silva @ 2018-10-22 20:38 UTC (permalink / raw)
To: QCA ath9k Development
Cc: Kalle Valo, linux-wireless, David S. Miller, netdev, linux-kernel,
Gustavo A. R. Silva
In-Reply-To: <cover.1540239684.git.gustavo@embeddedor.com>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Addresses-Coverity-ID: 1056532 ("Missing break in switch")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
drivers/net/wireless/ath/ath9k/ar9002_phy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_phy.c b/drivers/net/wireless/ath/ath9k/ar9002_phy.c
index 7132918..6f32b8d 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_phy.c
+++ b/drivers/net/wireless/ath/ath9k/ar9002_phy.c
@@ -119,7 +119,7 @@ static int ar9002_hw_set_channel(struct ath_hw *ah, struct ath9k_channel *chan)
aModeRefSel = 2;
if (aModeRefSel)
break;
- /* else: fall through */
+ /* fall through */
case 1:
default:
aModeRefSel = 0;
--
2.7.4
^ permalink raw reply related
* [PATCH 05/20] carl9170: rx: mark expected switch fall-through
From: Gustavo A. R. Silva @ 2018-10-22 20:39 UTC (permalink / raw)
To: Christian Lamparter
Cc: Kalle Valo, linux-wireless, David S. Miller, netdev, linux-kernel,
Gustavo A. R. Silva
In-Reply-To: <cover.1540239684.git.gustavo@embeddedor.com>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Addresses-Coverity-ID: 1056534 ("Missing break in switch")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
drivers/net/wireless/ath/carl9170/rx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/ath/carl9170/rx.c b/drivers/net/wireless/ath/carl9170/rx.c
index 7050632..f7c2f19 100644
--- a/drivers/net/wireless/ath/carl9170/rx.c
+++ b/drivers/net/wireless/ath/carl9170/rx.c
@@ -766,6 +766,7 @@ static void carl9170_rx_untie_data(struct ar9170 *ar, u8 *buf, int len)
goto drop;
}
+ /* fall through */
case AR9170_RX_STATUS_MPDU_MIDDLE:
/* These are just data + mac status */
--
2.7.4
^ permalink raw reply related
* [PATCH 12/20] prism54: islpci_dev: mark expected switch fall-through
From: Gustavo A. R. Silva @ 2018-10-22 20:43 UTC (permalink / raw)
To: Luis R. Rodriguez
Cc: Kalle Valo, linux-wireless, David S. Miller, netdev, linux-kernel,
Gustavo A. R. Silva
In-Reply-To: <cover.1540239684.git.gustavo@embeddedor.com>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Addresses-Coverity-ID: 114947 ("Missing break in switch")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
drivers/net/wireless/intersil/prism54/islpci_dev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/intersil/prism54/islpci_dev.c b/drivers/net/wireless/intersil/prism54/islpci_dev.c
index 325176d..ad6d3a5 100644
--- a/drivers/net/wireless/intersil/prism54/islpci_dev.c
+++ b/drivers/net/wireless/intersil/prism54/islpci_dev.c
@@ -932,6 +932,7 @@ islpci_set_state(islpci_private *priv, islpci_state_t new_state)
switch (new_state) {
case PRV_STATE_OFF:
priv->state_off++;
+ /* fall through */
default:
priv->state = new_state;
break;
--
2.7.4
^ permalink raw reply related
* [PATCH 17/20] rt2x00: rt61pci: mark expected switch fall-through
From: Gustavo A. R. Silva @ 2018-10-22 20:46 UTC (permalink / raw)
To: Stanislaw Gruszka, Helmut Schaa
Cc: Kalle Valo, linux-wireless, David S. Miller, netdev, linux-kernel,
Gustavo A. R. Silva
In-Reply-To: <cover.1540239684.git.gustavo@embeddedor.com>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
drivers/net/wireless/ralink/rt2x00/rt61pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt61pci.c b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
index cb0e119..4c5de8f 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt61pci.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
@@ -2226,7 +2226,7 @@ static void rt61pci_txdone(struct rt2x00_dev *rt2x00dev)
break;
case 6: /* Failure, excessive retries */
__set_bit(TXDONE_EXCESSIVE_RETRY, &txdesc.flags);
- /* Don't break, this is a failed frame! */
+ /* Fall through - this is a failed frame! */
default: /* Failure */
__set_bit(TXDONE_FAILURE, &txdesc.flags);
}
--
2.7.4
^ permalink raw reply related
* Re: [PATCH net 1/4] net/sched: act_gact: disallow 'goto chain' on fallback control action
From: Jiri Pirko @ 2018-10-22 20:55 UTC (permalink / raw)
To: Davide Caratti; +Cc: Cong Wang, Jamal Hadi Salim, David S. Miller, netdev
In-Reply-To: <02f04ade8a0087781778d02fbb645b1d72f9d777.1540070509.git.dcaratti@redhat.com>
Sat, Oct 20, 2018 at 11:33:07PM CEST, dcaratti@redhat.com wrote:
>in the following command:
>
> # tc action add action <c1> random <rand_type> <c2> <rand_param>
>
>'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
>crash with NULL pointer dereference, since TC core doesn't initialize the
>chain handle.
>
>Signed-off-by: Davide Caratti <dcaratti@redhat.com>
>---
> net/sched/act_gact.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
>index cd1d9bd32ef9..505138047e5c 100644
>--- a/net/sched/act_gact.c
>+++ b/net/sched/act_gact.c
>@@ -88,6 +88,11 @@ static int tcf_gact_init(struct net *net, struct nlattr *nla,
> p_parm = nla_data(tb[TCA_GACT_PROB]);
> if (p_parm->ptype >= MAX_RAND)
> return -EINVAL;
>+ if (TC_ACT_EXT_CMP(p_parm->paction, TC_ACT_GOTO_CHAIN)) {
>+ NL_SET_ERR_MSG(extack,
>+ "goto chain not allowed on fallback");
No need for a line-wrap. Otherwise
Acked-by: Jiri Pirko <jiri@mellanox.com>
^ permalink raw reply
* Re: [PATCH net 2/4] net/sched: act_police: disallow 'goto chain' on fallback control action
From: Jiri Pirko @ 2018-10-22 20:57 UTC (permalink / raw)
To: Davide Caratti; +Cc: Cong Wang, Jamal Hadi Salim, David S. Miller, netdev
In-Reply-To: <c2f076b0758b8cd997574b45c2abe064e28aca74.1540070509.git.dcaratti@redhat.com>
Sat, Oct 20, 2018 at 11:33:08PM CEST, dcaratti@redhat.com wrote:
>in the following command:
>
> # tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2>
>
>'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
>crash with NULL pointer dereference, since TC core doesn't initialize the
>chain handle.
>
>Signed-off-by: Davide Caratti <dcaratti@redhat.com>
>---
> net/sched/act_police.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
>diff --git a/net/sched/act_police.c b/net/sched/act_police.c
>index 5d8bfa878477..3b793393efd1 100644
>--- a/net/sched/act_police.c
>+++ b/net/sched/act_police.c
>@@ -150,6 +150,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
> goto failure;
> }
>
>+ if (tb[TCA_POLICE_RESULT]) {
>+ police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
>+ if (TC_ACT_EXT_CMP(police->tcfp_result, TC_ACT_GOTO_CHAIN)) {
>+ NL_SET_ERR_MSG(extack,
>+ "goto chain not allowed on fallback");
Also, no need for line-wrap
Acked-by: Jiri Pirko <jiri@mellanox.com>
>+ err = -EINVAL;
>+ goto failure;
>+ }
>+ }
>+
> spin_lock_bh(&police->tcf_lock);
> /* No failure allowed after this point */
> police->tcfp_mtu = parm->mtu;
>@@ -173,8 +183,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
> police->peak_present = false;
> }
>
>- if (tb[TCA_POLICE_RESULT])
>- police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
> police->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
> police->tcfp_toks = police->tcfp_burst;
> if (police->peak_present) {
>--
>2.17.1
>
^ permalink raw reply
* Re: [PATCH] mm: convert totalram_pages, totalhigh_pages and managed_pages to atomic.
From: Huang, Ying @ 2018-10-23 5:37 UTC (permalink / raw)
To: Arun KS
Cc: Mike Snitzer, Benjamin Herrenschmidt, Kemi Wang,
dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW, J. Bruce Fields,
linux-sctp-u79uwXL29TY76Z2rM5mHXA, Paul Mackerras, Pavel Machek,
Christoph Lameter, K. Y. Srinivasan, Sumit Semwal,
David (ChunMing) Zhou, Petr Tesarik, Michael Ellerman,
ceph-devel-u79uwXL29TY76Z2rM5mHXA, James E.J. Bottomley,
kasan-dev-/JYPxA39Uh5TLH3MbocFFw, Marcos Paulo de Souza,
Steven J. Hill, David Rientjes, Anthony Yznaga, Daniel Vacek,
Roman Gushchin, Len Brown <len.
In-Reply-To: <1540229092-25207-1-git-send-email-arunks-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
Arun KS <arunks-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org> writes:
> Remove managed_page_count_lock spinlock and instead use atomic
> variables.
>
> Suggested-by: Michal Hocko <mhocko-IBi9RG/b67k@public.gmane.org>
> Suggested-by: Vlastimil Babka <vbabka-AlSwsSmVLrQ@public.gmane.org>
> Signed-off-by: Arun KS <arunks-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org>
>
> ---
> As discussed here,
> https://patchwork.kernel.org/patch/10627521/#22261253
My 2 cents. I think you should include at least part of the discussion
in the patch description to make it more readable by itself.
Best Regards,
Huang, Ying
^ permalink raw reply
* [PATCH] rtlwifi: remove set but not used variable 'radiob_array_table' and 'radiob_arraylen'
From: zhong jiang @ 2018-10-23 5:47 UTC (permalink / raw)
To: kvalo; +Cc: pkshih, davem, linux-wireless, netdev, linux-kernel
'radiob_array_table' and 'radiob_arraylen' is not used after setting its value.
It is safe to remove the unused variable.
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
---
drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c
index 5cf29f5..3f33278 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c
@@ -509,13 +509,10 @@ bool rtl8723e_phy_config_rf_with_headerfile(struct ieee80211_hw *hw,
int i;
bool rtstatus = true;
u32 *radioa_array_table;
- u32 *radiob_array_table;
- u16 radioa_arraylen, radiob_arraylen;
+ u16 radioa_arraylen;
radioa_arraylen = RTL8723ERADIOA_1TARRAYLENGTH;
radioa_array_table = RTL8723E_RADIOA_1TARRAY;
- radiob_arraylen = RTL8723E_RADIOB_1TARRAYLENGTH;
- radiob_array_table = RTL8723E_RADIOB_1TARRAY;
rtstatus = true;
--
1.7.12.4
^ permalink raw reply related
* Re: Some suggestions for tc-tests
From: Lucas Bates @ 2018-10-22 21:54 UTC (permalink / raw)
To: Cong Wang; +Cc: Roman Mashak, Jamal Hadi Salim, Linux Kernel Network Developers
In-Reply-To: <CAM_iQpUHoq4Z8rqZvwkY2E8SqJDB_GdVCOcbG8eTJHAbxy-hcA@mail.gmail.com>
Hi Cong,
>
> 1. Create veth pair devices by its own. The most important thing for
> tc-tests is to automate everything, it is not friendly for users to
> create their own veth pair named v0p0 to just run the tests. tc-tests
> should be able to create a veth pair with random names and clean up
> them once it is finished.
You can actually do this automatically in two steps: first, create a
symlink to plugin-lib/nsPlugin.py in the plugins/ directory. Then,
when running tdc, always invoke the '-n' option. This will execute
all the commands inside a namespace *and* automatically create the
veth pair that get used in the testing.
It's referenced in the readme, but if you think it's useful to make it
a default setup I could add an installation/setup script to tdc to
create the symlink.
> 2. Test iproute2 version or capability. Apparently my iproute2 doesn't
> support tc filter chain yet, this makes many tests failed. Ideally,
> each test should be able to check if the iproute2 supports the thing
> it wants to test, if not just skip it, at least by default.
So is this a version you compile yourself, or is it just the default
/sbin/tc? Because you can specify the tc executable you want to use
in tdc_config.py... But yes, we're looking at ways to make sure the
support is there before running tests. We're hoping to send some patches soon.
> 3. Is there anything in the tests that can be done only with Python3?
> If we could lower the requirement to Python2, then it would be easier
> to setup and run these tests.
I'd have to go back and re-check to see what python 3-specific
features I'm using, but there *are* some.
Do you maybe have the ability to run a VM or Docker container on your
system to run python 3?
Thanks!
^ permalink raw reply
* Re: CRC errors between mvneta and macb
From: Richard Genoud @ 2018-10-23 6:56 UTC (permalink / raw)
To: Willy Tarreau, Richard Genoud
Cc: linux-kernel, Thomas Petazzoni, Antoine Tenart, Gregory CLEMENT,
Yelena Krivosheev, Maxime Chevallier, Nicolas Ferre, netdev,
Andrew Lunn
In-Reply-To: <20181022163429.GA22826@1wt.eu>
Le 22/10/2018 à 18:34, Willy Tarreau a écrit :
> On Mon, Oct 22, 2018 at 05:15:21PM +0200, Richard Genoud wrote:
>> After analyzing the ethernet frame on the Davicom PHY's output (pin
>> TX+), I find out that the FCS errors occurs when the ethernet preamble
>> is longer than 56bits. (something like 58 or 60 bits)
>>
>> To say this in another way, instead of having 28 times 1-0 followed by
>> the SFD (10101011), I see 29 or 30 times 1-0 followed by the SFD.
>> (sometimes 29, sometimes 30)
>>
>>
>> Should a longer preamble be considered as an FCS error ? It seems a
>> little harsh since the point of the preamble is to synchronize the frame.
>
> That indeed seems a bit strange considering that you're not supposed to
> know what is before the preamble so it would very well contain random
> noise looking a lot like alteranted bits.
>
>> I don't know what the 802.3 standard says about that.
>
> Just found it :-)
>
> https://www.trincoll.edu/Academics/MajorsAndMinors/Engineering/Documents/IEEE%20Standard%20for%20Ethernet.pdf
>
> Page 132, #7.2.3.2 :
>
> The DTE is required to supply at least 56 bits of preamble in
> order to satisfy system requirements. System components consume
> preamble bits in order to perform their functions. The number
> of preamble bits sourced ensures an adequate number of bits are
> provided to each system component to correctly implement its
> function.
>
> So that totally makes sense since the purpose is to enable signal
> detection at the hardware leve, hence the problem definitely is on
> the receiver in your case.
>
> Willy
>
Great ! Thanks !
I'll check on the Marvell side
Richard
^ permalink raw reply
* [net-next:master 451/481] drivers/net/ethernet/amazon/ena/ena_com.h:1104:2: error: implicit declaration of function 'prefetchw'
From: kbuild test robot @ 2018-10-22 22:35 UTC (permalink / raw)
To: Netanel Belgazal; +Cc: kbuild-all, netdev
[-- Attachment #1: Type: text/plain, Size: 2922 bytes --]
Hi Netanel,
FYI, the error/warning still remains.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git master
head: 21ea1d36f6dfcb1d59184937c672022d5d01902a
commit: 8c590f9776386b8f697fd0b7ed6142ae6e3de79e [451/481] net: ena: Fix Kconfig dependency on X86
config: microblaze-allmodconfig (attached as .config)
compiler: microblaze-linux-gcc (GCC) 8.1.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
git checkout 8c590f9776386b8f697fd0b7ed6142ae6e3de79e
# save the attached .config to linux build tree
GCC_VERSION=8.1.0 make.cross ARCH=microblaze
All errors (new ones prefixed by >>):
In file included from drivers/net/ethernet/amazon/ena/ena_com.c:33:
drivers/net/ethernet/amazon/ena/ena_com.h: In function 'ena_com_get_next_bounce_buffer':
>> drivers/net/ethernet/amazon/ena/ena_com.h:1104:2: error: implicit declaration of function 'prefetchw' [-Werror=implicit-function-declaration]
prefetchw(bounce_buf_ctrl->base_buffer +
^~~~~~~~~
cc1: some warnings being treated as errors
vim +/prefetchw +1104 drivers/net/ethernet/amazon/ena/ena_com.h
1738cd3e Netanel Belgazal 2016-08-10 1092
689b2bda Arthur Kiyanovski 2018-10-11 1093 static inline u8 *ena_com_get_next_bounce_buffer(struct ena_com_io_bounce_buffer_control *bounce_buf_ctrl)
689b2bda Arthur Kiyanovski 2018-10-11 1094 {
689b2bda Arthur Kiyanovski 2018-10-11 1095 u16 size, buffers_num;
689b2bda Arthur Kiyanovski 2018-10-11 1096 u8 *buf;
689b2bda Arthur Kiyanovski 2018-10-11 1097
689b2bda Arthur Kiyanovski 2018-10-11 1098 size = bounce_buf_ctrl->buffer_size;
689b2bda Arthur Kiyanovski 2018-10-11 1099 buffers_num = bounce_buf_ctrl->buffers_num;
689b2bda Arthur Kiyanovski 2018-10-11 1100
689b2bda Arthur Kiyanovski 2018-10-11 1101 buf = bounce_buf_ctrl->base_buffer +
689b2bda Arthur Kiyanovski 2018-10-11 1102 (bounce_buf_ctrl->next_to_use++ & (buffers_num - 1)) * size;
689b2bda Arthur Kiyanovski 2018-10-11 1103
689b2bda Arthur Kiyanovski 2018-10-11 @1104 prefetchw(bounce_buf_ctrl->base_buffer +
689b2bda Arthur Kiyanovski 2018-10-11 1105 (bounce_buf_ctrl->next_to_use & (buffers_num - 1)) * size);
689b2bda Arthur Kiyanovski 2018-10-11 1106
689b2bda Arthur Kiyanovski 2018-10-11 1107 return buf;
689b2bda Arthur Kiyanovski 2018-10-11 1108 }
689b2bda Arthur Kiyanovski 2018-10-11 1109
:::::: The code at line 1104 was first introduced by commit
:::::: 689b2bdaaa1480ad2c14bdc4c6eaf38284549022 net: ena: add functions for handling Low Latency Queues in ena_com
:::::: TO: Arthur Kiyanovski <akiyano@amazon.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 54668 bytes --]
^ permalink raw reply
* Re: CRC errors between mvneta and macb
From: Richard Genoud @ 2018-10-23 6:58 UTC (permalink / raw)
To: Andrew Lunn
Cc: Willy Tarreau, linux-kernel, Thomas Petazzoni, Antoine Tenart,
Gregory CLEMENT, Yelena Krivosheev, Maxime Chevallier,
Nicolas Ferre, netdev
In-Reply-To: <20181022181918.GF24112@lunn.ch>
Le 22/10/2018 à 20:19, Andrew Lunn a écrit :
>> I dug more on the subject, and I think I found what Marvell's PHY/MAC
>> doesn't like.
>
> Hi Richard
>
> What PHY is being used?
>
88E1512-NNP2
>> After analyzing the ethernet frame on the Davicom PHY's output (pin
>> TX+), I find out that the FCS errors occurs when the ethernet preamble
>> is longer than 56bits. (something like 58 or 60 bits)
>
> Some Marvell PHYs have a register bit which might be of interest: Page
> 2, register 16, bit 6.
>
> 0 = Pad odd nibble preambles in copper receive packets.
> 1 = Pass as is and do not pad odd nibble preambles in
>
> Andrew
>
Thanks, I'll look into that.
Richard
^ permalink raw reply
* Re: [PATCH v2] wireless: mark expected switch fall-throughs
From: Johannes Berg @ 2018-10-23 7:01 UTC (permalink / raw)
To: Gustavo A. R. Silva, David S. Miller
Cc: linux-wireless, netdev, linux-kernel, Kees Cook
In-Reply-To: <20181023001308.GA4150@embeddedor.com>
On Tue, 2018-10-23 at 02:13 +0200, Gustavo A. R. Silva wrote:
> In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> where we are expecting to fall through.
>
> Warning level 3 was used: -Wimplicit-fallthrough=3
>
> This code was not tested and GCC 7.2.0 was used to compile it.
Look, I'm not going to make this any clearer: I'm not applying patches
like that where you've invested no effort whatsoever on verifying that
they're correct.
johannes
^ permalink raw reply
* Re: Improving accuracy of PHC readings
From: Richard Cochran @ 2018-10-22 22:48 UTC (permalink / raw)
To: Miroslav Lichvar; +Cc: netdev, Keller, Jacob E
In-Reply-To: <20181019095137.GG4407@localhost>
On Fri, Oct 19, 2018 at 11:51:37AM +0200, Miroslav Lichvar wrote:
> A solution to this would be a new driver function that wraps the
> latching register read with readings of the system clock and return
> three timestamps instead of one. For example:
>
> ktime_get_real_ts64(&sys_ts1);
> IXGBE_READ_REG(hw, IXGBE_SYSTIMR);
> ktime_get_real_ts64(&sys_ts2);
> phc_ts.tv_nsec = IXGBE_READ_REG(hw, IXGBE_SYSTIML);
> phc_ts.tv_sec = IXGBE_READ_REG(hw, IXGBE_SYSTIMH);
Makes sense...
> The extra timestamp doesn't fit the API of the PTP_SYS_OFFSET ioctl,
> so it would need to shift the timestamp it returns by the missing
> intervals (assuming the frequency offset between the PHC and system
> clock is small), or a new ioctl could be introduced that would return
> all timestamps in an array looking like this:
>
> [sys, phc, sys, sys, phc, sys, ...]
How about a new ioctl with number of trials as input and single offset
as output?
Then it would be up to the driver to implement the device-specific
loop.
Thanks,
Richard
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox