* [net] ixgbe: fix possible deadlock in ixgbe_service_task()
From: Jeff Kirsher @ 2019-08-05 20:04 UTC (permalink / raw)
To: davem; +Cc: Taehee Yoo, netdev, nhorman, sassmann, Andrew Bowers,
Jeff Kirsher
From: Taehee Yoo <ap420073@gmail.com>
ixgbe_service_task() calls unregister_netdev() under rtnl_lock().
But unregister_netdev() internally calls rtnl_lock().
So deadlock would occur.
Fixes: 59dd45d550c5 ("ixgbe: firmware recovery mode")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index cbaf712d6529..3386e752e458 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -7898,9 +7898,7 @@ static void ixgbe_service_task(struct work_struct *work)
}
if (ixgbe_check_fw_error(adapter)) {
if (!test_bit(__IXGBE_DOWN, &adapter->state)) {
- rtnl_lock();
unregister_netdev(adapter->netdev);
- rtnl_unlock();
}
ixgbe_service_event_complete(adapter);
return;
--
2.21.0
^ permalink raw reply related
* Re: [PATCH bpf-next 1/2] selftests/bpf: add loop test 4
From: Yonghong Song @ 2019-08-05 20:04 UTC (permalink / raw)
To: Andrii Nakryiko, Alexei Starovoitov
Cc: David S. Miller, Daniel Borkmann, Networking, bpf, Kernel Team
In-Reply-To: <CAEf4Bzb==_gzT78_oN7AfiGHrqGXdYK+oEamkxpfEjP5fzr_UA@mail.gmail.com>
On 8/5/19 12:45 PM, Andrii Nakryiko wrote:
> On Sat, Aug 3, 2019 at 8:19 PM Alexei Starovoitov <ast@kernel.org> wrote:
>>
>> Add a test that returns a 'random' number between [0, 2^20)
>> If state pruning is not working correctly for loop body the number of
>> processed insns will be 2^20 * num_of_insns_in_loop_body and the program
>> will be rejected.
>>
>> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
>> ---
>> .../bpf/prog_tests/bpf_verif_scale.c | 1 +
>> tools/testing/selftests/bpf/progs/loop4.c | 23 +++++++++++++++++++
>> 2 files changed, 24 insertions(+)
>> create mode 100644 tools/testing/selftests/bpf/progs/loop4.c
>>
>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>> index b4be96162ff4..757e39540eda 100644
>> --- a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>> @@ -71,6 +71,7 @@ void test_bpf_verif_scale(void)
>>
>> { "loop1.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>> { "loop2.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>> + { "loop4.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>
>> /* partial unroll. 19k insn in a loop.
>> * Total program size 20.8k insn.
>> diff --git a/tools/testing/selftests/bpf/progs/loop4.c b/tools/testing/selftests/bpf/progs/loop4.c
>> new file mode 100644
>> index 000000000000..3e7ee14fddbd
>> --- /dev/null
>> +++ b/tools/testing/selftests/bpf/progs/loop4.c
>> @@ -0,0 +1,23 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +// Copyright (c) 2019 Facebook
>> +#include <linux/sched.h>
>> +#include <linux/ptrace.h>
>> +#include <stdint.h>
>> +#include <stddef.h>
>> +#include <stdbool.h>
>> +#include <linux/bpf.h>
>> +#include "bpf_helpers.h"
>> +
>> +char _license[] SEC("license") = "GPL";
>> +
>> +SEC("socket")
>> +int combinations(volatile struct __sk_buff* skb)
>> +{
>> + int ret = 0, i;
>> +
>> +#pragma nounroll
>> + for (i = 0; i < 20; i++)
>> + if (skb->len)
>> + ret |= 1 << i;
>
> So I think the idea is that because verifier shouldn't know whether
> skb->len is zero or not, then you have two outcomes on every iteration
> leading to 2^20 states, right?
>
> But I'm afraid that verifier can eventually be smart enough (if it's
> not already, btw), to figure out that ret can be either 0 or ((1 <<
> 21) - 1), actually. If skb->len is put into separate register, then
> that register's bounds will be established on first loop iteration as
> either == 0 on one branch or (0, inf) on another branch, after which
> all subsequent iterations will not branch at all (one or the other
> branch will be always taken).
>
> It's also possible that LLVM/Clang is smart enough already to figure
> this out on its own and optimize loop into.
>
>
> if (skb->len) {
> for (i = 0; i < 20; i++)
> ret |= 1 << i;
> }
We have
volatile struct __sk_buff* skb
So from the source code, skb->len could be different for each
iteration. The compiler cannot do the above optimization.
>
>
> So two complains:
>
> 1. Let's obfuscate this a bit more, e.g., with testing (skb->len &
> (1<<i)) instead, so that result really depends on actual length of the
> packet.
> 2. Is it possible to somehow turn off this precision tracking (e.g.,
> running not under root, maybe?) and see that this same program fails
> in that case? That way we'll know test actually validates what we
> think it validates.
>
> Thoughts?
>
>> + return ret;
>> +}
>> --
>> 2.20.0
>>
^ permalink raw reply
* Re: [PATCH v2] net/mlx5e: Use refcount_t for refcount
From: Saeed Mahameed @ 2019-08-05 20:06 UTC (permalink / raw)
To: hslester96@gmail.com, leon@kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org,
linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org
In-Reply-To: <CANhBUQ0tUTXQKq__zvhNCUxXTFfDyr2xKF+Cwupod9xmvSrw2A@mail.gmail.com>
On Mon, 2019-08-05 at 14:55 +0800, Chuhong Yuan wrote:
> On Mon, Aug 5, 2019 at 2:13 PM Leon Romanovsky <leon@kernel.org>
> wrote:
> > On Sun, Aug 04, 2019 at 10:44:47PM +0800, Chuhong Yuan wrote:
> > > On Sun, Aug 4, 2019 at 8:59 PM Leon Romanovsky <leon@kernel.org>
> > > wrote:
> > > > On Sat, Aug 03, 2019 at 12:48:28AM +0800, Chuhong Yuan wrote:
> > > > > refcount_t is better for reference counters since its
> > > > > implementation can prevent overflows.
> > > > > So convert atomic_t ref counters to refcount_t.
> > > >
> > > > I'm not thrilled to see those automatic conversion patches,
> > > > especially
> > > > for flows which can't overflow. There is nothing wrong in using
> > > > atomic_t
> > > > type of variable, do you have in mind flow which will cause to
> > > > overflow?
> > > >
> > > > Thanks
> > >
> > > I have to say that these patches are not done automatically...
> > > Only the detection of problems is done by a script.
> > > All conversions are done manually.
> >
> > Even worse, you need to audit usage of atomic_t and replace there
> > it can overflow.
> >
> > > I am not sure whether the flow can cause an overflow.
> >
> > It can't.
> >
> > > But I think it is hard to ensure that a data path is impossible
> > > to have problems in any cases including being attacked.
> >
> > It is not data path, and I doubt that such conversion will be
> > allowed
> > in data paths without proving that no performance regression is
> > introduced.
> > > So I think it is better to do this minor revision to prevent
> > > potential risk, just like we have done in mlx5/core/cq.c.
> >
> > mlx5/core/cq.c is a different beast, refcount there means actual
> > users
> > of CQ which are limited in SW, so in theory, they have potential
> > to be overflown.
> >
> > It is not the case here, there your are adding new port.
> > There is nothing wrong with atomic_t.
> >
>
> Thanks for your explanation!
> I will pay attention to this point in similar cases.
> But it seems that the semantic of refcount is not always as clear as
> here...
>
Semantically speaking, there is nothing wrong with moving to refcount_t
in the case of vxlan ports.. it also seems more accurate and will
provide the type protection, even if it is not necessary. Please let me
know what is the verdict here, i can apply this patch to net-next-mlx5.
Thanks,
Saeed.
^ permalink raw reply
* Re: [PATCH net 1/2] net/tls: partially revert fix transition through disconnect with close
From: David Miller @ 2019-08-05 20:15 UTC (permalink / raw)
To: jakub.kicinski
Cc: netdev, oss-drivers, edumazet, davejwatson, borisp, aviadye,
john.fastabend, daniel
In-Reply-To: <20190801213602.19634-1-jakub.kicinski@netronome.com>
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Thu, 1 Aug 2019 14:36:01 -0700
> Looks like we were slightly overzealous with the shutdown()
> cleanup. Even though the sock->sk_state can reach CLOSED again,
> socket->state will not got back to SS_UNCONNECTED once
> connections is ESTABLISHED. Meaning we will see EISCONN if
> we try to reconnect, and EINVAL if we try to listen.
>
> Only listen sockets can be shutdown() and reused, but since
> ESTABLISHED sockets can never be re-connected() or used for
> listen() we don't need to try to clean up the ULP state early.
>
> Fixes: 32857cf57f92 ("net/tls: fix transition through disconnect with close")
> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Applied and queued up for -stable.
^ permalink raw reply
* Re: [PATCH net 2/2] selftests/tls: add a litmus test for the socket reuse through shutdown
From: David Miller @ 2019-08-05 20:16 UTC (permalink / raw)
To: jakub.kicinski
Cc: netdev, oss-drivers, edumazet, davejwatson, borisp, aviadye,
john.fastabend, daniel
In-Reply-To: <20190801213602.19634-2-jakub.kicinski@netronome.com>
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Thu, 1 Aug 2019 14:36:02 -0700
> Make sure that shutdown never works, and at the same time document how
> I tested to came to the conclusion that currently reuse is not possible.
>
> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Applied.
^ permalink raw reply
* Re: [PATCH net] ipv6: Fix unbalanced rcu locking in rt6_update_exception_stamp_rt
From: David Miller @ 2019-08-05 20:17 UTC (permalink / raw)
To: dsahern; +Cc: netdev, dsahern
In-Reply-To: <20190801213635.9278-1-dsahern@kernel.org>
From: David Ahern <dsahern@kernel.org>
Date: Thu, 1 Aug 2019 14:36:35 -0700
> From: David Ahern <dsahern@gmail.com>
>
> The nexthop path in rt6_update_exception_stamp_rt needs to call
> rcu_read_unlock if it fails to find a fib6_nh match rather than
> just returning.
>
> Fixes: e659ba31d806 ("ipv6: Handle all fib6_nh in a nexthop in exception handling")
> Signed-off-by: David Ahern <dsahern@gmail.com>
Applied.
^ permalink raw reply
* Re: [PATCH net-next] ipv6: have a single rcu unlock point in __ip6_rt_update_pmtu
From: David Miller @ 2019-08-05 20:18 UTC (permalink / raw)
To: dsahern; +Cc: netdev, dsahern
In-Reply-To: <20190801221808.18321-1-dsahern@kernel.org>
From: David Ahern <dsahern@kernel.org>
Date: Thu, 1 Aug 2019 15:18:08 -0700
> From: David Ahern <dsahern@gmail.com>
>
> Simplify the unlock path in __ip6_rt_update_pmtu by using a
> single point where rcu_read_unlock is called.
>
> Signed-off-by: David Ahern <dsahern@gmail.com>
Applied.
^ permalink raw reply
* Re: [PATCH net] gve: Fix case where desc_cnt and data_cnt can get out of sync
From: David Miller @ 2019-08-05 20:19 UTC (permalink / raw)
To: csully; +Cc: netdev, sagis
In-Reply-To: <20190801230731.142536-1-csully@google.com>
From: Catherine Sullivan <csully@google.com>
Date: Thu, 1 Aug 2019 16:07:31 -0700
> desc_cnt and data_cnt should always be equal. In the case of a dropped
> packet desc_cnt was still getting updated (correctly), data_cnt
> was not. To eliminate this bug and prevent it from recurring this
> patch combines them into one ring level cnt.
>
> Signed-off-by: Catherine Sullivan <csully@google.com>
> Reviewed-by: Sagi Shahar <sagis@google.com>
Applied.
^ permalink raw reply
* Re: [PATCH net-next] selftests: Add l2tp tests
From: David Miller @ 2019-08-05 20:20 UTC (permalink / raw)
To: dsahern; +Cc: netdev, dsahern
In-Reply-To: <20190801235421.8344-1-dsahern@kernel.org>
From: David Ahern <dsahern@kernel.org>
Date: Thu, 1 Aug 2019 16:54:21 -0700
> From: David Ahern <dsahern@gmail.com>
>
> Add IPv4 and IPv6 l2tp tests. Current set is over IP and with
> IPsec.
>
> Signed-off-by: David Ahern <dsahern@gmail.com>
> ---
> The ipsec tests expose a netdev refcount leak that I have not had
> time to track down, but the tests themselves are good.
Don't you need to add this to the Makefile too?
^ permalink raw reply
* Re: [PATCH net-next] cnic: Explicitly initialize all reference counts to 0.
From: David Miller @ 2019-08-05 20:22 UTC (permalink / raw)
To: michael.chan; +Cc: netdev, hslester96, rmody, GR-Linux-NIC-Dev
In-Reply-To: <1564726671-7094-1-git-send-email-michael.chan@broadcom.com>
From: Michael Chan <michael.chan@broadcom.com>
Date: Fri, 2 Aug 2019 02:17:51 -0400
> The driver is relying on zero'ed allocated memory and does not
> explicitly call atomic_set() to initialize the ref counts to 0. Add
> these atomic_set() calls so that it will be more straight forward
> to convert atomic ref counts to refcount_t.
>
> Reported-by: Chuhong Yuan <hslester96@gmail.com>
> Cc: Rasesh Mody <rmody@marvell.com>
> Cc: <GR-Linux-NIC-Dev@marvell.com>
> Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Applied.
^ permalink raw reply
* Re: [PATCH net] net/smc: do not schedule tx_work in SMC_CLOSED state
From: David Miller @ 2019-08-05 20:24 UTC (permalink / raw)
To: kgraul; +Cc: netdev, linux-s390, gor, heiko.carstens, raspl, ubraun
In-Reply-To: <20190802081638.56207-1-kgraul@linux.ibm.com>
From: Karsten Graul <kgraul@linux.ibm.com>
Date: Fri, 2 Aug 2019 10:16:38 +0200
> From: Ursula Braun <ubraun@linux.ibm.com>
>
> The setsockopts options TCP_NODELAY and TCP_CORK may schedule the
> tx worker. Make sure the socket is not yet moved into SMC_CLOSED
> state (for instance by a shutdown SHUT_RDWR call).
>
> Reported-by: syzbot+92209502e7aab127c75f@syzkaller.appspotmail.com
> Reported-by: syzbot+b972214bb803a343f4fe@syzkaller.appspotmail.com
> Fixes: 01d2f7e2cdd31 ("net/smc: sockopts TCP_NODELAY and TCP_CORK")
> Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
> Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Applied and queued up for -stable.
^ permalink raw reply
* Re: [PATCH net] net/smc: avoid fallback in case of non-blocking connect
From: David Miller @ 2019-08-05 20:25 UTC (permalink / raw)
To: kgraul; +Cc: netdev, linux-s390, gor, heiko.carstens, raspl, ubraun
In-Reply-To: <20190802084750.5518-1-kgraul@linux.ibm.com>
From: Karsten Graul <kgraul@linux.ibm.com>
Date: Fri, 2 Aug 2019 10:47:50 +0200
> From: Ursula Braun <ubraun@linux.ibm.com>
>
> FASTOPEN is not possible with SMC. sendmsg() with msg_flag MSG_FASTOPEN
> triggers a fallback to TCP if the socket is in state SMC_INIT.
> But if a nonblocking connect is already started, fallback to TCP
> is no longer possible, even though the socket may still be in state
> SMC_INIT.
> And if a nonblocking connect is already started, a listen() call
> does not make sense.
>
> Reported-by: syzbot+bd8cc73d665590a1fcad@syzkaller.appspotmail.com
> Fixes: 50717a37db032 ("net/smc: nonblocking connect rework")
> Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
> Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Applied and queued up for -stable.
^ permalink raw reply
* Re: [patch 1/1] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
From: David Miller @ 2019-08-05 20:31 UTC (permalink / raw)
To: arnaud.patard; +Cc: netdev, andrew
In-Reply-To: <20190802083310.772136040@rtp-net.org>
From: Arnaud Patard (Rtp) <arnaud.patard@rtp-net.org>
Date: Fri, 02 Aug 2019 10:32:40 +0200
> Orion5.x systems are still using machine files and not device-tree.
> Commit 96cb4342382290c9 ("net: mvmdio: allow up to three clocks to be
> specified for orion-mdio") has replaced devm_clk_get() with of_clk_get(),
> leading to a oops at boot and not working network, as reported in
> https://lists.debian.org/debian-arm/2019/07/msg00088.html and possibly in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908712.
>
> Link: https://lists.debian.org/debian-arm/2019/07/msg00088.html
> Fixes: 96cb4342382290c9 ("net: mvmdio: allow up to three clocks to be specified for orion-mdio")
> Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Applied and queued up for -stable, thanks.
^ permalink raw reply
* Re: [PATCH net v4] net: bridge: move default pvid init/deinit to NETDEV_REGISTER/UNREGISTER
From: David Miller @ 2019-08-05 20:33 UTC (permalink / raw)
To: nikolay; +Cc: netdev, roopa, bridge, michael-dev
In-Reply-To: <20190802105736.26767-1-nikolay@cumulusnetworks.com>
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Date: Fri, 2 Aug 2019 13:57:36 +0300
> Most of the bridge device's vlan init bugs come from the fact that its
> default pvid is created at the wrong time, way too early in ndo_init()
> before the device is even assigned an ifindex. It introduces a bug when the
> bridge's dev_addr is added as fdb during the initial default pvid creation
> the notification has ifindex/NDA_MASTER both equal to 0 (see example below)
> which really makes no sense for user-space[0] and is wrong.
> Usually user-space software would ignore such entries, but they are
> actually valid and will eventually have all necessary attributes.
> It makes much more sense to send a notification *after* the device has
> registered and has a proper ifindex allocated rather than before when
> there's a chance that the registration might still fail or to receive
> it with ifindex/NDA_MASTER == 0. Note that we can remove the fdb flush
> from br_vlan_flush() since that case can no longer happen. At
> NETDEV_REGISTER br->default_pvid is always == 1 as it's initialized by
> br_vlan_init() before that and at NETDEV_UNREGISTER it can be anything
> depending why it was called (if called due to NETDEV_REGISTER error
> it'll still be == 1, otherwise it could be any value changed during the
> device life time).
>
> For the demonstration below a small change to iproute2 for printing all fdb
> notifications is added, because it contained a workaround not to show
> entries with ifindex == 0.
> Command executed while monitoring: $ ip l add br0 type bridge
> Before (both ifindex and master == 0):
> $ bridge monitor fdb
> 36:7e:8a:b3:56:ba dev * vlan 1 master * permanent
>
> After (proper br0 ifindex):
> $ bridge monitor fdb
> e6:2a:ae:7a:b7:48 dev br0 vlan 1 master br0 permanent
>
> v4: move only the default pvid init/deinit to NETDEV_REGISTER/UNREGISTER
> v3: send the correct v2 patch with all changes (stub should return 0)
> v2: on error in br_vlan_init set br->vlgrp to NULL and return 0 in
> the br_vlan_bridge_event stub when bridge vlans are disabled
>
> [0] https://bugzilla.kernel.org/show_bug.cgi?id=204389
>
> Reported-by: michael-dev <michael-dev@fami-braun.de>
> Fixes: 5be5a2df40f0 ("bridge: Add filtering support for default_pvid")
> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Applied and queued up for -stable, thanks.
^ permalink raw reply
* [PATCH net-next] net: delete "register" keyword
From: Alexey Dobriyan @ 2019-08-05 20:34 UTC (permalink / raw)
To: davem; +Cc: netdev, lvs-devel
Delete long obsoleted "register" keyword.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
drivers/net/ethernet/apple/bmac.c | 4 ++--
drivers/net/slip/slhc.c | 30 +++++++++++++++---------------
net/netfilter/ipvs/ip_vs_ctl.c | 4 ++--
net/netfilter/ipvs/ip_vs_lblcr.c | 4 ++--
4 files changed, 21 insertions(+), 21 deletions(-)
--- a/drivers/net/ethernet/apple/bmac.c
+++ b/drivers/net/ethernet/apple/bmac.c
@@ -815,8 +815,8 @@ static int reverse6[64] = {
static unsigned int
crc416(unsigned int curval, unsigned short nxtval)
{
- register unsigned int counter, cur = curval, next = nxtval;
- register int high_crc_set, low_data_set;
+ unsigned int counter, cur = curval, next = nxtval;
+ int high_crc_set, low_data_set;
/* Swap bytes */
next = ((next & 0x00FF) << 8) | (next >> 8);
--- a/drivers/net/slip/slhc.c
+++ b/drivers/net/slip/slhc.c
@@ -91,8 +91,8 @@ static unsigned short pull16(unsigned char **cpp);
struct slcompress *
slhc_init(int rslots, int tslots)
{
- register short i;
- register struct cstate *ts;
+ short i;
+ struct cstate *ts;
struct slcompress *comp;
if (rslots < 0 || rslots > 255 || tslots < 0 || tslots > 255)
@@ -206,7 +206,7 @@ pull16(unsigned char **cpp)
static long
decode(unsigned char **cpp)
{
- register int x;
+ int x;
x = *(*cpp)++;
if(x == 0){
@@ -227,14 +227,14 @@ int
slhc_compress(struct slcompress *comp, unsigned char *icp, int isize,
unsigned char *ocp, unsigned char **cpp, int compress_cid)
{
- register struct cstate *ocs = &(comp->tstate[comp->xmit_oldest]);
- register struct cstate *lcs = ocs;
- register struct cstate *cs = lcs->next;
- register unsigned long deltaS, deltaA;
- register short changes = 0;
+ struct cstate *ocs = &(comp->tstate[comp->xmit_oldest]);
+ struct cstate *lcs = ocs;
+ struct cstate *cs = lcs->next;
+ unsigned long deltaS, deltaA;
+ short changes = 0;
int hlen;
unsigned char new_seq[16];
- register unsigned char *cp = new_seq;
+ unsigned char *cp = new_seq;
struct iphdr *ip;
struct tcphdr *th, *oth;
__sum16 csum;
@@ -486,11 +486,11 @@ slhc_compress(struct slcompress *comp, unsigned char *icp, int isize,
int
slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
{
- register int changes;
+ int changes;
long x;
- register struct tcphdr *thp;
- register struct iphdr *ip;
- register struct cstate *cs;
+ struct tcphdr *thp;
+ struct iphdr *ip;
+ struct cstate *cs;
int len, hdrlen;
unsigned char *cp = icp;
@@ -543,7 +543,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
switch(changes & SPECIALS_MASK){
case SPECIAL_I: /* Echoed terminal traffic */
{
- register short i;
+ short i;
i = ntohs(ip->tot_len) - hdrlen;
thp->ack_seq = htonl( ntohl(thp->ack_seq) + i);
thp->seq = htonl( ntohl(thp->seq) + i);
@@ -637,7 +637,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
int
slhc_remember(struct slcompress *comp, unsigned char *icp, int isize)
{
- register struct cstate *cs;
+ struct cstate *cs;
unsigned ihl;
unsigned char index;
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -262,7 +262,7 @@ static inline unsigned int
ip_vs_svc_hashkey(struct netns_ipvs *ipvs, int af, unsigned int proto,
const union nf_inet_addr *addr, __be16 port)
{
- register unsigned int porth = ntohs(port);
+ unsigned int porth = ntohs(port);
__be32 addr_fold = addr->ip;
__u32 ahash;
@@ -493,7 +493,7 @@ static inline unsigned int ip_vs_rs_hashkey(int af,
const union nf_inet_addr *addr,
__be16 port)
{
- register unsigned int porth = ntohs(port);
+ unsigned int porth = ntohs(port);
__be32 addr_fold = addr->ip;
#ifdef CONFIG_IP_VS_IPV6
--- a/net/netfilter/ipvs/ip_vs_lblcr.c
+++ b/net/netfilter/ipvs/ip_vs_lblcr.c
@@ -160,7 +160,7 @@ static void ip_vs_dest_set_eraseall(struct ip_vs_dest_set *set)
/* get weighted least-connection node in the destination set */
static inline struct ip_vs_dest *ip_vs_dest_set_min(struct ip_vs_dest_set *set)
{
- register struct ip_vs_dest_set_elem *e;
+ struct ip_vs_dest_set_elem *e;
struct ip_vs_dest *dest, *least;
int loh, doh;
@@ -209,7 +209,7 @@ static inline struct ip_vs_dest *ip_vs_dest_set_min(struct ip_vs_dest_set *set)
/* get weighted most-connection node in the destination set */
static inline struct ip_vs_dest *ip_vs_dest_set_max(struct ip_vs_dest_set *set)
{
- register struct ip_vs_dest_set_elem *e;
+ struct ip_vs_dest_set_elem *e;
struct ip_vs_dest *dest, *most;
int moh, doh;
^ permalink raw reply
* [PATCH net-next] net: use "nb" for notifier blocks
From: Alexey Dobriyan @ 2019-08-05 20:43 UTC (permalink / raw)
To: davem; +Cc: netdev, netfilter-devel, linux-sctp, bpf
Use more pleasant looking
struct notifier_block *nb,
instead of "this".
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/broadcom/cnic.c | 2 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +-
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 4 ++--
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 4 ++--
drivers/net/ethernet/mellanox/mlx5/core/lag.c | 4 ++--
drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c | 4 ++--
drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +-
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 4 ++--
drivers/net/ethernet/sfc/efx.c | 2 +-
drivers/net/ethernet/sfc/falcon/efx.c | 2 +-
drivers/net/hamradio/bpqether.c | 2 +-
drivers/net/hyperv/netvsc_drv.c | 2 +-
drivers/net/macsec.c | 2 +-
drivers/net/netconsole.c | 2 +-
drivers/net/ppp/pppoe.c | 2 +-
drivers/net/wan/hdlc.c | 2 +-
drivers/net/wan/lapbether.c | 2 +-
net/appletalk/aarp.c | 2 +-
net/appletalk/ddp.c | 2 +-
net/atm/br2684.c | 2 +-
net/atm/clip.c | 6 +++---
net/ax25/af_ax25.c | 2 +-
net/batman-adv/hard-interface.c | 2 +-
net/core/failover.c | 2 +-
net/core/fib_rules.c | 2 +-
net/core/rtnetlink.c | 2 +-
net/decnet/af_decnet.c | 2 +-
net/decnet/dn_fib.c | 2 +-
net/ipv4/arp.c | 2 +-
net/ipv4/devinet.c | 2 +-
net/ipv4/fib_frontend.c | 4 ++--
net/ipv4/igmp.c | 2 +-
net/ipv4/ipmr.c | 2 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
net/ipv4/nexthop.c | 2 +-
net/ipv6/addrconf.c | 2 +-
net/ipv6/ip6mr.c | 2 +-
net/ipv6/mcast.c | 2 +-
net/ipv6/ndisc.c | 2 +-
net/ipv6/route.c | 2 +-
net/iucv/af_iucv.c | 2 +-
net/iucv/iucv.c | 2 +-
net/mpls/af_mpls.c | 2 +-
net/ncsi/ncsi-manage.c | 2 +-
net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
net/netfilter/nf_nat_masquerade.c | 6 +++---
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nfnetlink_log.c | 2 +-
net/netfilter/nfnetlink_queue.c | 4 ++--
net/netfilter/nft_chain_filter.c | 2 +-
net/netfilter/nft_flow_offload.c | 2 +-
net/netfilter/xt_TEE.c | 2 +-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netrom/af_netrom.c | 2 +-
net/nfc/netlink.c | 2 +-
net/packet/af_packet.c | 2 +-
net/rose/af_rose.c | 2 +-
net/sctp/ipv6.c | 2 +-
net/sctp/protocol.c | 2 +-
net/smc/smc_pnet.c | 2 +-
net/tls/tls_device.c | 2 +-
net/x25/af_x25.c | 12 ++++++------
net/xdp/xsk.c | 2 +-
net/xfrm/xfrm_device.c | 2 +-
66 files changed, 82 insertions(+), 82 deletions(-)
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3202,7 +3202,7 @@ static int bond_slave_netdev_event(unsigned long event,
* locks for us to safely manipulate the slave devices (RTNL lock,
* dev_probe_lock).
*/
-static int bond_netdev_event(struct notifier_block *this,
+static int bond_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/broadcom/cnic.c
+++ b/drivers/net/ethernet/broadcom/cnic.c
@@ -5672,7 +5672,7 @@ static void cnic_rcv_netevent(struct cnic_local *cp, unsigned long event,
}
/* netdev event handler */
-static int cnic_netdev_event(struct notifier_block *this, unsigned long event,
+static int cnic_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -2273,7 +2273,7 @@ static void notify_ulds(struct adapter *adap, enum cxgb4_state new_state)
}
#if IS_ENABLED(CONFIG_IPV6)
-static int cxgb4_inet6addr_handler(struct notifier_block *this,
+static int cxgb4_inet6addr_handler(struct notifier_block *nb,
unsigned long event, void *data)
{
struct inet6_ifaddr *ifa = data;
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -3020,7 +3020,7 @@ static int mlx4_en_queue_bond_work(struct mlx4_en_priv *priv, int is_bonded,
return 0;
}
-int mlx4_en_netdev_event(struct notifier_block *this,
+int mlx4_en_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
@@ -3036,7 +3036,7 @@ int mlx4_en_netdev_event(struct notifier_block *this,
if (!net_eq(dev_net(ndev), &init_net))
return NOTIFY_DONE;
- mdev = container_of(this, struct mlx4_en_dev, nb);
+ mdev = container_of(nb, struct mlx4_en_dev, nb);
dev = mdev->dev;
/* Go into this mode only when two network devices set on two ports
--- a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
+++ b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
@@ -794,7 +794,7 @@ void mlx4_en_update_pfc_stats_bitmap(struct mlx4_dev *dev,
struct mlx4_en_stats_bitmap *stats_bitmap,
u8 rx_ppp, u8 rx_pause,
u8 tx_ppp, u8 tx_pause);
-int mlx4_en_netdev_event(struct notifier_block *this,
+int mlx4_en_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr);
/*
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -3657,7 +3657,7 @@ static void mlx5e_tc_hairpin_update_dead_peer(struct mlx5e_priv *priv,
}
}
-static int mlx5e_tc_netdev_event(struct notifier_block *this,
+static int mlx5e_tc_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
@@ -3671,7 +3671,7 @@ static int mlx5e_tc_netdev_event(struct notifier_block *this,
ndev->reg_state == NETREG_REGISTERED)
return NOTIFY_DONE;
- tc = container_of(this, struct mlx5e_tc_table, netdevice_nb);
+ tc = container_of(nb, struct mlx5e_tc_table, netdevice_nb);
fs = container_of(tc, struct mlx5e_flow_steering, tc);
priv = container_of(fs, struct mlx5e_priv, fs);
peer_priv = netdev_priv(ndev);
--- a/drivers/net/ethernet/mellanox/mlx5/core/lag.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lag.c
@@ -453,7 +453,7 @@ static int mlx5_handle_changelowerstate_event(struct mlx5_lag *ldev,
return 1;
}
-static int mlx5_lag_netdev_event(struct notifier_block *this,
+static int mlx5_lag_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
@@ -467,7 +467,7 @@ static int mlx5_lag_netdev_event(struct notifier_block *this,
if ((event != NETDEV_CHANGEUPPER) && (event != NETDEV_CHANGELOWERSTATE))
return NOTIFY_DONE;
- ldev = container_of(this, struct mlx5_lag, nb);
+ ldev = container_of(nb, struct mlx5_lag, nb);
tracker = ldev->tracker;
switch (event) {
--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
@@ -3344,7 +3344,7 @@ static void netxen_config_master(struct net_device *dev, unsigned long event)
netxen_free_ip_list(adapter, true);
}
-static int netxen_netdev_event(struct notifier_block *this,
+static int netxen_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netxen_adapter *adapter;
@@ -3387,7 +3387,7 @@ static int netxen_netdev_event(struct notifier_block *this,
}
static int
-netxen_inetaddr_event(struct notifier_block *this,
+netxen_inetaddr_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netxen_adapter *adapter;
--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
@@ -228,7 +228,7 @@ static struct qed_eth_cb_ops qede_ll_ops = {
.ports_update = qede_udp_ports_update,
};
-static int qede_netdev_event(struct notifier_block *this, unsigned long event,
+static int qede_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
@@ -4162,7 +4162,7 @@ void qlcnic_restore_indev_addr(struct net_device *netdev, unsigned long event)
rcu_read_unlock();
}
-static int qlcnic_netdev_event(struct notifier_block *this,
+static int qlcnic_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct qlcnic_adapter *adapter;
@@ -4194,7 +4194,7 @@ static int qlcnic_netdev_event(struct notifier_block *this,
}
static int
-qlcnic_inetaddr_event(struct notifier_block *this,
+qlcnic_inetaddr_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct qlcnic_adapter *adapter;
--- a/drivers/net/ethernet/sfc/efx.c
+++ b/drivers/net/ethernet/sfc/efx.c
@@ -2498,7 +2498,7 @@ static void efx_update_name(struct efx_nic *efx)
efx_set_channel_names(efx);
}
-static int efx_netdev_event(struct notifier_block *this,
+static int efx_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *net_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/sfc/falcon/efx.c
+++ b/drivers/net/ethernet/sfc/falcon/efx.c
@@ -2237,7 +2237,7 @@ static void ef4_update_name(struct ef4_nic *efx)
ef4_set_channel_names(efx);
}
-static int ef4_netdev_event(struct notifier_block *this,
+static int ef4_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *net_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/hamradio/bpqether.c
+++ b/drivers/net/hamradio/bpqether.c
@@ -524,7 +524,7 @@ static void bpq_free_device(struct net_device *ndev)
/*
* Handle device status changes.
*/
-static int bpq_device_event(struct notifier_block *this,
+static int bpq_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2416,7 +2416,7 @@ static struct hv_driver netvsc_drv = {
* to the guest. When the corresponding VF instance is registered,
* we will take care of switching the data path.
*/
-static int netvsc_netdev_event(struct notifier_block *this,
+static int netvsc_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -3478,7 +3478,7 @@ static bool is_macsec_master(struct net_device *dev)
return rcu_access_pointer(dev->rx_handler) == macsec_handle_frame;
}
-static int macsec_notify(struct notifier_block *this, unsigned long event,
+static int macsec_notify(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *real_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/netconsole.c
+++ b/drivers/net/netconsole.c
@@ -688,7 +688,7 @@ static struct configfs_subsystem netconsole_subsys = {
#endif /* CONFIG_NETCONSOLE_DYNAMIC */
/* Handle network interface device notifications */
-static int netconsole_netdev_event(struct notifier_block *this,
+static int netconsole_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
unsigned long flags;
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -329,7 +329,7 @@ static void pppoe_flush_dev(struct net_device *dev)
write_unlock_bh(&pn->hash_lock);
}
-static int pppoe_device_event(struct notifier_block *this,
+static int pppoe_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/wan/hdlc.c
+++ b/drivers/net/wan/hdlc.c
@@ -85,7 +85,7 @@ static inline void hdlc_proto_stop(struct net_device *dev)
-static int hdlc_device_event(struct notifier_block *this, unsigned long event,
+static int hdlc_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -359,7 +359,7 @@ static void lapbeth_free_device(struct lapbethdev *lapbeth)
*
* Called from notifier with RTNL held.
*/
-static int lapbeth_device_event(struct notifier_block *this,
+static int lapbeth_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct lapbethdev *lapbeth;
--- a/net/appletalk/aarp.c
+++ b/net/appletalk/aarp.c
@@ -324,7 +324,7 @@ static void aarp_expire_timeout(struct timer_list *unused)
}
/* Network device notifier chain handler. */
-static int aarp_device_event(struct notifier_block *this, unsigned long event,
+static int aarp_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -635,7 +635,7 @@ static inline void atalk_dev_down(struct net_device *dev)
* A device event has occurred. Watch for devices going down and
* delete our use of them (iface and route).
*/
-static int ddp_device_event(struct notifier_block *this, unsigned long event,
+static int ddp_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -144,7 +144,7 @@ static struct net_device *br2684_find_dev(const struct br2684_if_spec *s)
return NULL;
}
-static int atm_dev_event(struct notifier_block *this, unsigned long event,
+static int atm_dev_event(struct notifier_block *nb, unsigned long event,
void *arg)
{
struct atm_dev *atm_dev = arg;
--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -542,7 +542,7 @@ static int clip_create(int number)
return number;
}
-static int clip_device_event(struct notifier_block *this, unsigned long event,
+static int clip_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
@@ -575,7 +575,7 @@ static int clip_device_event(struct notifier_block *this, unsigned long event,
return NOTIFY_DONE;
}
-static int clip_inet_event(struct notifier_block *this, unsigned long event,
+static int clip_inet_event(struct notifier_block *nb, unsigned long event,
void *ifa)
{
struct in_device *in_dev;
@@ -589,7 +589,7 @@ static int clip_inet_event(struct notifier_block *this, unsigned long event,
if (event != NETDEV_UP)
return NOTIFY_DONE;
netdev_notifier_info_init(&info, in_dev->dev);
- return clip_device_event(this, NETDEV_CHANGE, &info);
+ return clip_device_event(nb, NETDEV_CHANGE, &info);
}
static struct notifier_block clip_dev_notifier = {
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -106,7 +106,7 @@ static void ax25_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int ax25_device_event(struct notifier_block *this, unsigned long event,
+static int ax25_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -1015,7 +1015,7 @@ static int batadv_hard_if_event_softif(unsigned long event,
return NOTIFY_DONE;
}
-static int batadv_hard_if_event(struct notifier_block *this,
+static int batadv_hard_if_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *net_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/core/failover.c
+++ b/net/core/failover.c
@@ -183,7 +183,7 @@ static int failover_slave_name_change(struct net_device *slave_dev)
}
static int
-failover_event(struct notifier_block *this, unsigned long event, void *ptr)
+failover_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -1187,7 +1187,7 @@ static void detach_rules(struct list_head *rules, struct net_device *dev)
}
-static int fib_rules_event(struct notifier_block *this, unsigned long event,
+static int fib_rules_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -5253,7 +5253,7 @@ static int rtnetlink_bind(struct net *net, int group)
return 0;
}
-static int rtnetlink_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int rtnetlink_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -2076,7 +2076,7 @@ static int dn_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
return err;
}
-static int dn_device_event(struct notifier_block *this, unsigned long event,
+static int dn_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -672,7 +672,7 @@ static void dn_fib_disable_addr(struct net_device *dev, int force)
neigh_ifdown(&dn_neigh_table, dev);
}
-static int dn_fib_dnaddr_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int dn_fib_dnaddr_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct dn_ifaddr *ifa = (struct dn_ifaddr *)ptr;
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1236,7 +1236,7 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
return err;
}
-static int arp_netdev_event(struct notifier_block *this, unsigned long event,
+static int arp_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1517,7 +1517,7 @@ static void inetdev_send_gratuitous_arp(struct net_device *dev,
/* Called only under RTNL semaphore */
-static int inetdev_event(struct notifier_block *this, unsigned long event,
+static int inetdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1415,7 +1415,7 @@ static void fib_disable_ip(struct net_device *dev, unsigned long event,
arp_ifdown(dev);
}
-static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int fib_inetaddr_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct in_ifaddr *ifa = (struct in_ifaddr *)ptr;
struct net_device *dev = ifa->ifa_dev->dev;
@@ -1446,7 +1446,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
return NOTIFY_DONE;
}
-static int fib_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int fib_netdev_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct netdev_notifier_changeupper_info *upper_info = ptr;
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -3044,7 +3044,7 @@ static struct pernet_operations igmp_net_ops = {
};
#endif
-static int igmp_netdev_event(struct notifier_block *this,
+static int igmp_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1741,7 +1741,7 @@ int ipmr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
}
#endif
-static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int ipmr_device_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct net *net = dev_net(dev);
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -185,7 +185,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
}
static int
-clusterip_netdev_event(struct notifier_block *this, unsigned long event,
+clusterip_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/nexthop.c
+++ b/net/ipv4/nexthop.c
@@ -1753,7 +1753,7 @@ static void nexthop_sync_mtu(struct net_device *dev, u32 orig_mtu)
}
/* rtnl */
-static int nh_netdev_event(struct notifier_block *this,
+static int nh_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3473,7 +3473,7 @@ static void addrconf_permanent_addr(struct net *net, struct net_device *dev)
write_unlock_bh(&idev->lock);
}
-static int addrconf_notify(struct notifier_block *this, unsigned long event,
+static int addrconf_notify(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1226,7 +1226,7 @@ static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
return 0;
}
-static int ip6mr_device_event(struct notifier_block *this,
+static int ip6mr_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -2638,7 +2638,7 @@ static void ipv6_mc_rejoin_groups(struct inet6_dev *idev)
mld_send_report(idev, NULL);
}
-static int ipv6_mc_netdev_event(struct notifier_block *this,
+static int ipv6_mc_netdev_event(struct notifier_block *nb,
unsigned long event,
void *ptr)
{
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1771,7 +1771,7 @@ int ndisc_rcv(struct sk_buff *skb)
return 0;
}
-static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int ndisc_netdev_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct netdev_notifier_change_info *change_info;
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5954,7 +5954,7 @@ void fib6_rt_update(struct net *net, struct fib6_info *rt,
rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
}
-static int ip6_route_dev_notify(struct notifier_block *this,
+static int ip6_route_dev_notify(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -2339,7 +2339,7 @@ static void afiucv_hs_callback_txnotify(struct sk_buff *skb,
/*
* afiucv_netdev_event: handle netdev notifier chain events
*/
-static int afiucv_netdev_event(struct notifier_block *this,
+static int afiucv_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -824,7 +824,7 @@ void iucv_unregister(struct iucv_handler *handler, int smp)
}
EXPORT_SYMBOL(iucv_unregister);
-static int iucv_reboot_event(struct notifier_block *this,
+static int iucv_reboot_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
int i;
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -1578,7 +1578,7 @@ static void mpls_ifup(struct net_device *dev, unsigned int flags)
}
}
-static int mpls_dev_notify(struct notifier_block *this, unsigned long event,
+static int mpls_dev_notify(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ncsi/ncsi-manage.c
+++ b/net/ncsi/ncsi-manage.c
@@ -1484,7 +1484,7 @@ int ncsi_process_next_channel(struct ncsi_dev_priv *ndp)
}
#if IS_ENABLED(CONFIG_IPV6)
-static int ncsi_inet6addr_event(struct notifier_block *this,
+static int ncsi_inet6addr_event(struct notifier_block *nb,
unsigned long event, void *data)
{
struct inet6_ifaddr *ifa = data;
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1641,7 +1641,7 @@ ip_vs_forget_dev(struct ip_vs_dest *dest, struct net_device *dev)
/* Netdev event receiver
* Currently only NETDEV_DOWN is handled to release refs to cached dsts
*/
-static int ip_vs_dst_event(struct notifier_block *this, unsigned long event,
+static int ip_vs_dst_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/nf_nat_masquerade.c
+++ b/net/netfilter/nf_nat_masquerade.c
@@ -72,7 +72,7 @@ static int device_cmp(struct nf_conn *i, void *ifindex)
return nat->masq_index == (int)(long)ifindex;
}
-static int masq_device_event(struct notifier_block *this,
+static int masq_device_event(struct notifier_block *nb,
unsigned long event,
void *ptr)
{
@@ -106,7 +106,7 @@ static int inet_cmp(struct nf_conn *ct, void *ptr)
return ifa->ifa_address == tuple->dst.u3.ip;
}
-static int masq_inet_event(struct notifier_block *this,
+static int masq_inet_event(struct notifier_block *nb,
unsigned long event,
void *ptr)
{
@@ -228,7 +228,7 @@ static void iterate_cleanup_work(struct work_struct *work)
* As we can have 'a lot' of inet_events (depending on amount of ipv6
* addresses being deleted), we also need to limit work item queue.
*/
-static int masq_inet6_event(struct notifier_block *this,
+static int masq_inet6_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct inet6_ifaddr *ifa = ptr;
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6154,7 +6154,7 @@ static void nft_flowtable_event(unsigned long event, struct net_device *dev,
}
}
-static int nf_tables_flowtable_event(struct notifier_block *this,
+static int nf_tables_flowtable_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -758,7 +758,7 @@ nfulnl_log_packet(struct net *net,
}
static int
-nfulnl_rcv_nl_event(struct notifier_block *this,
+nfulnl_rcv_nl_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netlink_notify *n = ptr;
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -941,7 +941,7 @@ nfqnl_dev_drop(struct net *net, int ifindex)
}
static int
-nfqnl_rcv_dev_event(struct notifier_block *this,
+nfqnl_rcv_dev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
@@ -971,7 +971,7 @@ static void nfqnl_nf_hook_drop(struct net *net)
}
static int
-nfqnl_rcv_nl_event(struct notifier_block *this,
+nfqnl_rcv_nl_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netlink_notify *n = ptr;
--- a/net/netfilter/nft_chain_filter.c
+++ b/net/netfilter/nft_chain_filter.c
@@ -311,7 +311,7 @@ static void nft_netdev_event(unsigned long event, struct net_device *dev,
}
}
-static int nf_tables_netdev_event(struct notifier_block *this,
+static int nf_tables_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -208,7 +208,7 @@ static struct nft_expr_type nft_flow_offload_type __read_mostly = {
.owner = THIS_MODULE,
};
-static int flow_offload_netdev_event(struct notifier_block *this,
+static int flow_offload_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -57,7 +57,7 @@ tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
}
#endif
-static int tee_netdev_event(struct notifier_block *this, unsigned long event,
+static int tee_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -695,7 +695,7 @@ int netlbl_unlhsh_remove(struct net *net,
* related entries from the unlabeled connection hash table.
*
*/
-static int netlbl_unlhsh_netdev_handler(struct notifier_block *this,
+static int netlbl_unlhsh_netdev_handler(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -112,7 +112,7 @@ static void nr_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int nr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int nr_device_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1811,7 +1811,7 @@ static void nfc_urelease_event_work(struct work_struct *work)
kfree(w);
}
-static int nfc_genl_rcv_nl_event(struct notifier_block *this,
+static int nfc_genl_rcv_nl_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netlink_notify *n = ptr;
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -4035,7 +4035,7 @@ static int compat_packet_setsockopt(struct socket *sock, int level, int optname,
}
#endif
-static int packet_notifier(struct notifier_block *this,
+static int packet_notifier(struct notifier_block *nb,
unsigned long msg, void *ptr)
{
struct sock *sk;
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -200,7 +200,7 @@ static void rose_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int rose_device_event(struct notifier_block *this,
+static int rose_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -71,7 +71,7 @@ static int sctp_v6_cmp_addr(const union sctp_addr *addr1,
* time and thus corrupt the list.
* The reader side is protected with RCU.
*/
-static int sctp_inet6addr_event(struct notifier_block *this, unsigned long ev,
+static int sctp_inet6addr_event(struct notifier_block *nb, unsigned long ev,
void *ptr)
{
struct inet6_ifaddr *ifa = (struct inet6_ifaddr *)ptr;
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -751,7 +751,7 @@ void sctp_addr_wq_mgmt(struct net *net, struct sctp_sockaddr_entry *addr, int cm
* time and thus corrupt the list.
* The reader side is protected with RCU.
*/
-static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
+static int sctp_inetaddr_event(struct notifier_block *nb, unsigned long ev,
void *ptr)
{
struct in_ifaddr *ifa = (struct in_ifaddr *)ptr;
--- a/net/smc/smc_pnet.c
+++ b/net/smc/smc_pnet.c
@@ -651,7 +651,7 @@ static struct genl_family smc_pnet_nl_family __ro_after_init = {
.n_ops = ARRAY_SIZE(smc_pnet_ops)
};
-static int smc_pnet_netdev_event(struct notifier_block *this,
+static int smc_pnet_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1134,7 +1134,7 @@ static int tls_device_down(struct net_device *netdev)
return NOTIFY_DONE;
}
-static int tls_dev_event(struct notifier_block *this, unsigned long event,
+static int tls_dev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -218,11 +218,11 @@ static void x25_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int x25_device_event(struct notifier_block *this, unsigned long event,
+static int x25_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
- struct x25_neigh *nb;
+ struct x25_neigh *neigh;
if (!net_eq(dev_net(dev), &init_net))
return NOTIFY_DONE;
@@ -237,10 +237,10 @@ static int x25_device_event(struct notifier_block *this, unsigned long event,
x25_link_device_up(dev);
break;
case NETDEV_GOING_DOWN:
- nb = x25_get_neigh(dev);
- if (nb) {
- x25_terminate_link(nb);
- x25_neigh_put(nb);
+ neigh = x25_get_neigh(dev);
+ if (neigh) {
+ x25_terminate_link(neigh);
+ x25_neigh_put(neigh);
}
break;
case NETDEV_DOWN:
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -747,7 +747,7 @@ static int xsk_mmap(struct file *file, struct socket *sock,
size, vma->vm_page_prot);
}
-static int xsk_notifier(struct notifier_block *this,
+static int xsk_notifier(struct notifier_block *nb,
unsigned long msg, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -378,7 +378,7 @@ static int xfrm_dev_down(struct net_device *dev)
return NOTIFY_DONE;
}
-static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int xfrm_dev_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
^ permalink raw reply
* Re: [PATCH net-next v3] net: phy: broadcom: add 1000Base-X support for BCM54616S
From: Heiner Kallweit @ 2019-08-05 20:45 UTC (permalink / raw)
To: Vladimir Oltean
Cc: Andrew Lunn, Tao Ren, Florian Fainelli, David S . Miller,
Arun Parameswaran, Justin Chen, netdev, lkml,
openbmc@lists.ozlabs.org
In-Reply-To: <CA+h21hov3WzqYSUcxOnH0DOMO2dYdh_Q30Q_GQJpxa4nFM7MsQ@mail.gmail.com>
On 04.08.2019 21:22, Vladimir Oltean wrote:
> On Sun, 4 Aug 2019 at 19:07, Heiner Kallweit <hkallweit1@gmail.com> wrote:
>>
>> On 04.08.2019 17:59, Vladimir Oltean wrote:
>>> On Sun, 4 Aug 2019 at 17:52, Andrew Lunn <andrew@lunn.ch> wrote:
>>>>
>>>>>> The patchset looks better now. But is it ok, I wonder, to keep
>>>>>> PHY_BCM_FLAGS_MODE_1000BX in phydev->dev_flags, considering that
>>>>>> phy_attach_direct is overwriting it?
>>>>>
>>>>
>>>>> I checked ftgmac100 driver (used on my machine) and it calls
>>>>> phy_connect_direct which passes phydev->dev_flags when calling
>>>>> phy_attach_direct: that explains why the flag is not cleared in my
>>>>> case.
>>>>
>>>> Yes, that is the way it is intended to be used. The MAC driver can
>>>> pass flags to the PHY. It is a fragile API, since the MAC needs to
>>>> know what PHY is being used, since the flags are driver specific.
>>>>
>>>> One option would be to modify the assignment in phy_attach_direct() to
>>>> OR in the flags passed to it with flags which are already in
>>>> phydev->dev_flags.
>>>>
>>>> Andrew
>>>
>>> Even if that were the case (patching phy_attach_direct to apply a
>>> logical-or to dev_flags), it sounds fishy to me that the genphy code
>>> is unable to determine that this PHY is running in 1000Base-X mode.
>>>
>>> In my opinion it all boils down to this warning:
>>>
>>> "PHY advertising (0,00000200,000062c0) more modes than genphy
>>> supports, some modes not advertised".
>>>
>> The genphy code deals with Clause 22 + Gigabit BaseT only.
>> Question is whether you want aneg at all in 1000Base-X mode and
>> what you want the config_aneg callback to do.
>> There may be some inspiration in the Marvel PHY drivers.
>>
>
> AN for 1000Base-X still gives you duplex and pause frame settings. I
> thought the base page format for exchanging that info is standardized
> in clause 37.
> Does genphy cover only copper media by design, or is it desirable to
> augment genphy_read_status?
>
So far we care about copper only in phylib. Some constants needed for
Clause 37 support are defined, but used by few drivers only.
ADVERTISE_1000XHALF
ADVERTISE_1000XFULL
ADVERTISE_1000XPAUSE
ADVERTISE_1000XPSE_ASYM
I think it would make sense to have something like genphy_c37_config_aneg.
Similar for read_status.
>>> You see, the 0x200 in the above advertising mask corresponds exactly
>>> to this definition from ethtool.h:
>>> ETHTOOL_LINK_MODE_1000baseX_Full_BIT = 41,
>>>
>>> But it gets truncated and hence lost.
>>>
>>> Regards,
>>> -Vladimir
>>>
>> Heiner
>
Heiner
^ permalink raw reply
* Re: [PATCH net-next v2] openvswitch: Print error when ovs_execute_actions() fails
From: Pravin Shelar @ 2019-08-05 20:50 UTC (permalink / raw)
To: Yifeng Sun; +Cc: Linux Kernel Network Developers, Greg Rose
In-Reply-To: <1564973771-22542-1-git-send-email-pkusunyifeng@gmail.com>
On Sun, Aug 4, 2019 at 7:56 PM Yifeng Sun <pkusunyifeng@gmail.com> wrote:
>
> Currently in function ovs_dp_process_packet(), return values of
> ovs_execute_actions() are silently discarded. This patch prints out
> an debug message when error happens so as to provide helpful hints
> for debugging.
> ---
> v1->v2: Fixed according to Pravin's review.
>
Looks good.
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Thanks,
Pravin.
^ permalink raw reply
* Re: [PATCH bpf-next 1/2] selftests/bpf: add loop test 4
From: Alexei Starovoitov @ 2019-08-05 20:53 UTC (permalink / raw)
To: Yonghong Song, Andrii Nakryiko, Alexei Starovoitov
Cc: David S. Miller, Daniel Borkmann, Networking, bpf, Kernel Team
In-Reply-To: <db0340a8-a4d7-f652-729d-9edd22a87310@fb.com>
On 8/5/19 1:04 PM, Yonghong Song wrote:
>
>
> On 8/5/19 12:45 PM, Andrii Nakryiko wrote:
>> On Sat, Aug 3, 2019 at 8:19 PM Alexei Starovoitov <ast@kernel.org> wrote:
>>>
>>> Add a test that returns a 'random' number between [0, 2^20)
>>> If state pruning is not working correctly for loop body the number of
>>> processed insns will be 2^20 * num_of_insns_in_loop_body and the program
>>> will be rejected.
>>>
>>> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
>>> ---
>>> .../bpf/prog_tests/bpf_verif_scale.c | 1 +
>>> tools/testing/selftests/bpf/progs/loop4.c | 23 +++++++++++++++++++
>>> 2 files changed, 24 insertions(+)
>>> create mode 100644 tools/testing/selftests/bpf/progs/loop4.c
>>>
>>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>>> index b4be96162ff4..757e39540eda 100644
>>> --- a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>>> @@ -71,6 +71,7 @@ void test_bpf_verif_scale(void)
>>>
>>> { "loop1.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>> { "loop2.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>> + { "loop4.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>>
>>> /* partial unroll. 19k insn in a loop.
>>> * Total program size 20.8k insn.
>>> diff --git a/tools/testing/selftests/bpf/progs/loop4.c b/tools/testing/selftests/bpf/progs/loop4.c
>>> new file mode 100644
>>> index 000000000000..3e7ee14fddbd
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/progs/loop4.c
>>> @@ -0,0 +1,23 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +// Copyright (c) 2019 Facebook
>>> +#include <linux/sched.h>
>>> +#include <linux/ptrace.h>
>>> +#include <stdint.h>
>>> +#include <stddef.h>
>>> +#include <stdbool.h>
>>> +#include <linux/bpf.h>
>>> +#include "bpf_helpers.h"
>>> +
>>> +char _license[] SEC("license") = "GPL";
>>> +
>>> +SEC("socket")
>>> +int combinations(volatile struct __sk_buff* skb)
>>> +{
>>> + int ret = 0, i;
>>> +
>>> +#pragma nounroll
>>> + for (i = 0; i < 20; i++)
>>> + if (skb->len)
>>> + ret |= 1 << i;
>>
>> So I think the idea is that because verifier shouldn't know whether
>> skb->len is zero or not, then you have two outcomes on every iteration
>> leading to 2^20 states, right?
>>
>> But I'm afraid that verifier can eventually be smart enough (if it's
>> not already, btw), to figure out that ret can be either 0 or ((1 <<
>> 21) - 1), actually. If skb->len is put into separate register, then
>> that register's bounds will be established on first loop iteration as
>> either == 0 on one branch or (0, inf) on another branch, after which
>> all subsequent iterations will not branch at all (one or the other
>> branch will be always taken).
>>
>> It's also possible that LLVM/Clang is smart enough already to figure
>> this out on its own and optimize loop into.
>>
>>
>> if (skb->len) {
>> for (i = 0; i < 20; i++)
>> ret |= 1 << i;
>> }
>
> We have
> volatile struct __sk_buff* skb
>
> So from the source code, skb->len could be different for each
> iteration. The compiler cannot do the above optimization.
yep.
Without volatile llvm optimizes it even more than Andrii predicted :)
>>
>>
>> So two complains:
>>
>> 1. Let's obfuscate this a bit more, e.g., with testing (skb->len &
>> (1<<i)) instead, so that result really depends on actual length of the
>> packet.
>> 2. Is it possible to somehow turn off this precision tracking (e.g.,
>> running not under root, maybe?) and see that this same program fails
>> in that case? That way we'll know test actually validates what we
>> think it validates.
that's on my todo list already.
To do proper unit tests for all this stuff there should be a way
to turn off not only precision, but heuristics too.
All magic numbers in is_state_visited() need to be switchable.
I'm still thinking on the way to expose it to tests infra.
^ permalink raw reply
* Re: [PATCH 01/16] net: phy: adin: add support for Analog Devices PHYs
From: Heiner Kallweit @ 2019-08-05 20:54 UTC (permalink / raw)
To: Alexandru Ardelean, netdev, devicetree, linux-kernel
Cc: davem, robh+dt, mark.rutland, f.fainelli, andrew
In-Reply-To: <20190805165453.3989-2-alexandru.ardelean@analog.com>
On 05.08.2019 18:54, Alexandru Ardelean wrote:
> This change adds support for Analog Devices Industrial Ethernet PHYs.
> Particularly the PHYs this driver adds support for:
> * ADIN1200 - Robust, Industrial, Low Power 10/100 Ethernet PHY
> * ADIN1300 - Robust, Industrial, Low Latency 10/100/1000 Gigabit
> Ethernet PHY
>
> The 2 chips are pin & register compatible with one another. The main
> difference being that ADIN1200 doesn't operate in gigabit mode.
>
> The chips can be operated by the Generic PHY driver as well via the
> standard IEEE PHY registers (0x0000 - 0x000F) which are supported by the
> kernel as well. This assumes that configuration of the PHY has been done
> required.
>
> Configuration can also be done via registers, which will be implemented by
> the driver in the next changes.
>
> Datasheets:
> https://www.analog.com/media/en/technical-documentation/data-sheets/ADIN1300.pdf
> https://www.analog.com/media/en/technical-documentation/data-sheets/ADIN1200.pdf
>
> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
> ---
> MAINTAINERS | 7 +++++
> drivers/net/phy/Kconfig | 9 ++++++
> drivers/net/phy/Makefile | 1 +
> drivers/net/phy/adin.c | 59 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 76 insertions(+)
> create mode 100644 drivers/net/phy/adin.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index ee663e0e2f2e..faf5723610c8 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -938,6 +938,13 @@ S: Supported
> F: drivers/mux/adgs1408.c
> F: Documentation/devicetree/bindings/mux/adi,adgs1408.txt
>
> +ANALOG DEVICES INC ADIN DRIVER
> +M: Alexandru Ardelean <alexaundru.ardelean@analog.com>
> +L: netdev@vger.kernel.org
> +W: http://ez.analog.com/community/linux-device-drivers
> +S: Supported
> +F: drivers/net/phy/adin.c
> +
> ANALOG DEVICES INC ADIS DRIVER LIBRARY
> M: Alexandru Ardelean <alexandru.ardelean@analog.com>
> S: Supported
> diff --git a/drivers/net/phy/Kconfig b/drivers/net/phy/Kconfig
> index 206d8650ee7f..5966d3413676 100644
> --- a/drivers/net/phy/Kconfig
> +++ b/drivers/net/phy/Kconfig
> @@ -257,6 +257,15 @@ config SFP
> depends on HWMON || HWMON=n
> select MDIO_I2C
>
> +config ADIN_PHY
> + tristate "Analog Devices Industrial Ethernet PHYs"
> + help
> + Adds support for the Analog Devices Industrial Ethernet PHYs.
> + Currently supports the:
> + - ADIN1200 - Robust,Industrial, Low Power 10/100 Ethernet PHY
> + - ADIN1300 - Robust,Industrial, Low Latency 10/100/1000 Gigabit
> + Ethernet PHY
> +
> config AMD_PHY
> tristate "AMD PHYs"
> ---help---
> diff --git a/drivers/net/phy/Makefile b/drivers/net/phy/Makefile
> index ba07c27e4208..a03437e091f3 100644
> --- a/drivers/net/phy/Makefile
> +++ b/drivers/net/phy/Makefile
> @@ -47,6 +47,7 @@ obj-$(CONFIG_SFP) += sfp.o
> sfp-obj-$(CONFIG_SFP) += sfp-bus.o
> obj-y += $(sfp-obj-y) $(sfp-obj-m)
>
> +obj-$(CONFIG_ADIN_PHY) += adin.o
> obj-$(CONFIG_AMD_PHY) += amd.o
> aquantia-objs += aquantia_main.o
> ifdef CONFIG_HWMON
> diff --git a/drivers/net/phy/adin.c b/drivers/net/phy/adin.c
> new file mode 100644
> index 000000000000..6a610d4563c3
> --- /dev/null
> +++ b/drivers/net/phy/adin.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/**
> + * Driver for Analog Devices Industrial Ethernet PHYs
> + *
> + * Copyright 2019 Analog Devices Inc.
> + */
> +#include <linux/kernel.h>
> +#include <linux/errno.h>
> +#include <linux/init.h>
> +#include <linux/module.h>
> +#include <linux/mii.h>
> +#include <linux/phy.h>
> +
> +#define PHY_ID_ADIN1200 0x0283bc20
> +#define PHY_ID_ADIN1300 0x0283bc30
> +
> +static int adin_config_init(struct phy_device *phydev)
> +{
> + int rc;
> +
> + rc = genphy_config_init(phydev);
> + if (rc < 0)
> + return rc;
> +
> + return 0;
> +}
> +
> +static struct phy_driver adin_driver[] = {
> + {
> + .phy_id = PHY_ID_ADIN1200,
You could use PHY_ID_MATCH_MODEL here.
> + .name = "ADIN1200",
> + .phy_id_mask = 0xfffffff0,
> + .features = PHY_BASIC_FEATURES,
Setting features is deprecated, instead the get_features callback
should be implemented if the default genphy_read_abilities needs
to be extended / replaced. You say that the PHY's work with the
genphy driver, so I suppose the default feature detection is ok
in your case. Then you could simply remove setting "features".
> + .config_init = adin_config_init,
> + .config_aneg = genphy_config_aneg,
> + .read_status = genphy_read_status,
> + },
> + {
> + .phy_id = PHY_ID_ADIN1300,
> + .name = "ADIN1300",
> + .phy_id_mask = 0xfffffff0,
> + .features = PHY_GBIT_FEATURES,
> + .config_init = adin_config_init,
> + .config_aneg = genphy_config_aneg,
> + .read_status = genphy_read_status,
> + },
> +};
> +
> +module_phy_driver(adin_driver);
> +
> +static struct mdio_device_id __maybe_unused adin_tbl[] = {
> + { PHY_ID_ADIN1200, 0xfffffff0 },
> + { PHY_ID_ADIN1300, 0xfffffff0 },
PHY_ID_MATCH_MODEL could be used here too.
> + { }
> +};
> +
> +MODULE_DEVICE_TABLE(mdio, adin_tbl);
> +MODULE_DESCRIPTION("Analog Devices Industrial Ethernet PHY driver");
> +MODULE_LICENSE("GPL");
>
^ permalink raw reply
* Re: [PATCH net] mvpp2: fix panic on module removal
From: David Miller @ 2019-08-05 20:54 UTC (permalink / raw)
To: mcroce
Cc: netdev, miquel.raynal, linux-kernel, lorenzo, antoine.tenart,
maxime.chevallier
In-Reply-To: <CAGnkfhxRV=2G6Sxf_nZQekeXLsf64QkKqfN-9pN_Mi6Y+=nXRA@mail.gmail.com>
From: Matteo Croce <mcroce@redhat.com>
Date: Mon, 5 Aug 2019 20:17:39 +0200
> On Mon, Aug 5, 2019 at 7:58 PM David Miller <davem@davemloft.net> wrote:
>>
>> From: Matteo Croce <mcroce@redhat.com>
>> Date: Wed, 31 Jul 2019 20:31:16 +0200
>>
>> > mvpp2 uses a delayed workqueue to gather traffic statistics.
>> > On module removal the workqueue can be destroyed before calling
>> > cancel_delayed_work_sync() on its works.
>> > Fix it by moving the destroy_workqueue() call after mvpp2_port_remove().
>>
>> Please post a new version with the flush_workqueue() removed.
>
> Hi,
>
> I thought that it was already merged:
>
> https://lore.kernel.org/netdev/20190801121330.30823-1-mcroce@redhat.com/
>
> Let me know if it's ok already.
Oops, my bad. :-)
^ permalink raw reply
* Re: [PATCH net-next] selftests: Add l2tp tests
From: David Ahern @ 2019-08-05 20:55 UTC (permalink / raw)
To: David Miller, dsahern; +Cc: netdev
In-Reply-To: <20190805.132042.1186329327655280064.davem@davemloft.net>
On 8/5/19 2:20 PM, David Miller wrote:
> From: David Ahern <dsahern@kernel.org>
> Date: Thu, 1 Aug 2019 16:54:21 -0700
>
>> From: David Ahern <dsahern@gmail.com>
>>
>> Add IPv4 and IPv6 l2tp tests. Current set is over IP and with
>> IPsec.
>>
>> Signed-off-by: David Ahern <dsahern@gmail.com>
>> ---
>> The ipsec tests expose a netdev refcount leak that I have not had
>> time to track down, but the tests themselves are good.
>
> Don't you need to add this to the Makefile too?
>
interesting. I don't run tests via the Makefile, so I missed that for a
few others as well. Will send a v2 and an update for others.
^ permalink raw reply
* Re: [PATCH 03/16] net: phy: adin: add support for interrupts
From: Heiner Kallweit @ 2019-08-05 21:02 UTC (permalink / raw)
To: Alexandru Ardelean, netdev, devicetree, linux-kernel
Cc: davem, robh+dt, mark.rutland, f.fainelli, andrew
In-Reply-To: <20190805165453.3989-4-alexandru.ardelean@analog.com>
On 05.08.2019 18:54, Alexandru Ardelean wrote:
> This change adds support for enabling PHY interrupts that can be used by
> the PHY framework to get signal for link/speed/auto-negotiation changes.
>
> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
> ---
> drivers/net/phy/adin.c | 44 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 44 insertions(+)
>
> diff --git a/drivers/net/phy/adin.c b/drivers/net/phy/adin.c
> index c100a0dd95cd..b75c723bda79 100644
> --- a/drivers/net/phy/adin.c
> +++ b/drivers/net/phy/adin.c
> @@ -14,6 +14,22 @@
> #define PHY_ID_ADIN1200 0x0283bc20
> #define PHY_ID_ADIN1300 0x0283bc30
>
> +#define ADIN1300_INT_MASK_REG 0x0018
> +#define ADIN1300_INT_MDIO_SYNC_EN BIT(9)
> +#define ADIN1300_INT_ANEG_STAT_CHNG_EN BIT(8)
> +#define ADIN1300_INT_ANEG_PAGE_RX_EN BIT(6)
> +#define ADIN1300_INT_IDLE_ERR_CNT_EN BIT(5)
> +#define ADIN1300_INT_MAC_FIFO_OU_EN BIT(4)
> +#define ADIN1300_INT_RX_STAT_CHNG_EN BIT(3)
> +#define ADIN1300_INT_LINK_STAT_CHNG_EN BIT(2)
> +#define ADIN1300_INT_SPEED_CHNG_EN BIT(1)
> +#define ADIN1300_INT_HW_IRQ_EN BIT(0)
> +#define ADIN1300_INT_MASK_EN \
> + (ADIN1300_INT_ANEG_STAT_CHNG_EN | ADIN1300_INT_ANEG_PAGE_RX_EN | \
> + ADIN1300_INT_LINK_STAT_CHNG_EN | ADIN1300_INT_SPEED_CHNG_EN | \
> + ADIN1300_INT_HW_IRQ_EN)
> +#define ADIN1300_INT_STATUS_REG 0x0019
> +
> static int adin_config_init(struct phy_device *phydev)
> {
> int rc;
> @@ -25,15 +41,40 @@ static int adin_config_init(struct phy_device *phydev)
> return 0;
> }
>
> +static int adin_phy_ack_intr(struct phy_device *phydev)
> +{
> + int ret;
> +
> + /* Clear pending interrupts. */
> + ret = phy_read(phydev, ADIN1300_INT_STATUS_REG);
> + if (ret < 0)
> + return ret;
> +
> + return 0;
> +}
> +
> +static int adin_phy_config_intr(struct phy_device *phydev)
> +{
> + if (phydev->interrupts == PHY_INTERRUPT_ENABLED)
> + return phy_set_bits(phydev, ADIN1300_INT_MASK_REG,
> + ADIN1300_INT_MASK_EN);
> +
> + return phy_clear_bits(phydev, ADIN1300_INT_MASK_REG,
> + ADIN1300_INT_MASK_EN);
> +}
> +
> static struct phy_driver adin_driver[] = {
> {
> .phy_id = PHY_ID_ADIN1200,
> .name = "ADIN1200",
> .phy_id_mask = 0xfffffff0,
> .features = PHY_BASIC_FEATURES,
> + .flags = PHY_HAS_INTERRUPT,
This flag doesn't exist any longer. This indicates that you
develop against an older kernel version. Please develop
against net-next. Check up-to-date drivers like the one
for Realtek PHY's for hints.
> .config_init = adin_config_init,
> .config_aneg = genphy_config_aneg,
> .read_status = genphy_read_status,
> + .ack_interrupt = adin_phy_ack_intr,
> + .config_intr = adin_phy_config_intr,
> .resume = genphy_resume,
> .suspend = genphy_suspend,
> },
> @@ -42,9 +83,12 @@ static struct phy_driver adin_driver[] = {
> .name = "ADIN1300",
> .phy_id_mask = 0xfffffff0,
> .features = PHY_GBIT_FEATURES,
> + .flags = PHY_HAS_INTERRUPT,
> .config_init = adin_config_init,
> .config_aneg = genphy_config_aneg,
> .read_status = genphy_read_status,
> + .ack_interrupt = adin_phy_ack_intr,
> + .config_intr = adin_phy_config_intr,
> .resume = genphy_resume,
> .suspend = genphy_suspend,
> },
>
^ permalink raw reply
* Re: [PATCH net 1/2] net/tls: partially revert fix transition through disconnect with close
From: John Fastabend @ 2019-08-05 21:22 UTC (permalink / raw)
To: David Miller, jakub.kicinski
Cc: netdev, oss-drivers, edumazet, davejwatson, borisp, aviadye,
john.fastabend, daniel
In-Reply-To: <20190805.131552.1289253403274923799.davem@davemloft.net>
David Miller wrote:
> From: Jakub Kicinski <jakub.kicinski@netronome.com>
> Date: Thu, 1 Aug 2019 14:36:01 -0700
>
> > Looks like we were slightly overzealous with the shutdown()
> > cleanup. Even though the sock->sk_state can reach CLOSED again,
> > socket->state will not got back to SS_UNCONNECTED once
> > connections is ESTABLISHED. Meaning we will see EISCONN if
> > we try to reconnect, and EINVAL if we try to listen.
> >
> > Only listen sockets can be shutdown() and reused, but since
> > ESTABLISHED sockets can never be re-connected() or used for
> > listen() we don't need to try to clean up the ULP state early.
> >
> > Fixes: 32857cf57f92 ("net/tls: fix transition through disconnect with close")
> > Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>
> Applied and queued up for -stable.
Bit late but, I went back and ran some of the syzbot tests that
were failing before original series and most of my ktls+bpf tests
and everything seems in good shape now. There is still one issue
with crypto stack that I'll look at fixing now. Thanks.
Acked-by: John Fastabend <john.fastabend@gmail.com>
Tested-by: John Fastabend <john.fastabend@gmail.com>
^ permalink raw reply
* Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Andy Lutomirski @ 2019-08-05 21:25 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Andy Lutomirski, Song Liu, Kees Cook, Networking, bpf,
Alexei Starovoitov, Daniel Borkmann, Kernel Team, Lorenz Bauer,
Jann Horn, Greg KH, Linux API, LSM List
In-Reply-To: <20190805192122.laxcaz75k4vxdspn@ast-mbp>
On Mon, Aug 5, 2019 at 12:21 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Mon, Aug 05, 2019 at 10:23:10AM -0700, Andy Lutomirski wrote:
> >
> > I refreshed the branch again. I had a giant hole in my previous idea
> > that we could deprivilege program loading: some BPF functions need
> > privilege. Now I have a changelog comment to that effect and a patch
> > that sketches out a way to addressing this.
> >
> > I don't think I'm going to have time soon to actually get any of this
> > stuff mergeable, and it would be fantastic if you or someone else who
> > likes working of bpf were to take this code and run with it. Feel
> > free to add my Signed-off-by, and I'd be happy to help review.
>
> Thanks a lot for working on patches and helping us with the design!
>
> Can you resend the patches to the mailing list?
> It's kinda hard to reply/review to patches that are somewhere in the web.
Will do.
> I'm still trying to understand the main idea.
> If I'm reading things correctly:
The series doesn't, strictly speaking, have an overall problem that it
solves. It's a series of steps in the direction of making bpf() make
more sense without privilege and toward reducing the required
privilege.
> patch 1 "add access permissions to bpf fds"
> just passes the flags ?
It tries to make the kernel respect the access modes for fds. Without
this patch, there seem to be some holes: nothing looked at program fds
and, unless I missed something, you could take a readonly fd for a
program, pin the program, and reopen it RW.
> patch 2 "Don't require mknod() permission to pin an object"
> makes sense in isolation.
It makes even more sense now :)
> patch 3 "Allow creating all program types without privilege"
> is not right.
I think it can be made right, which is the point.
> patch 4 "Add a way to mark functions as requiring privilege"
> is an interesting idea, but I don't think it helps that much.
Other than the issue that this patch partially fixes, can you see any
reason that loading a program should require privilege? Obviously the
verifier is weakened a bit when called by privileged users, but a lot
of that is about excessive resource usage and various less-well-tested
features. It seems to me that most of the value of bpf() should be
available to programs that should not need privilege to load. Are
there things I'm missing?
>
> So the main thing we're trying to solve with augmented bpf syscall
> and/or /dev/bpf is to be able to use root-only features of bpf when
> trused process already dropped root permissions.
> These features include bpf2bpf calls, bounded loops, special maps (like LPM), etc.
Can you elaborate on all these:
I see nothing inherently wrong with bpf2bpf for unprivileged users as
long as they have appropriate access to the called program. Patch 1
improves that.
Bounded loops: if they are adequately well verified, then the only
damage is that they can make bpf progs that run slowly, right? It
seems like some kind of capability or sysctl for "allow using lots of
bpf resources" would do the trick. This could even be a cgroup
setting -- bpf resources aren't all that different from any other
resource.
LPM: I don't see why this requires privilege at all. It indeed checks
capable(CAP_SYS_ADMIN), but I don't see why.
>
> Attaching to a cgroup already has file based permission checks.
> The user needs to open cgroup directory to attach.
> acls on cgroup dir can already be used to prevent attaching to
> certain parts of cgroup hierarchy.
The current checks seem inadequate.
$ echo 'yay' </sys/fs/cgroup/systemd/system.slice/
The ability to obtain an fd to a cgroup does *not* imply any right to
modify that cgroup. The ability to write to a cgroup directory
already means something else -- it's the ability to create cgroups
under the group in question. I'm suggesting that a new API be added
that allows attaching a bpf program to a cgroup without capabilities
and that instead requires write access to a new file in the cgroup
directory. (It could be a single file for all bpf types or one file
per type. I prefer the latter -- it gives the admin finer-grained
control.)
> What we need is to drop privileges sooner in daemons like systemd.
This is doable right now: systemd could fork off a subprocess and
delegate its cgroup operations to it. It would be maybe a couple
hundred lines of code. As an added benefit, that subprocess could
verify that the bpf operations in question are reasonable.
Alternatively, if there was a CAP_BPF_ADMIN, systemd could retain that
capability and flip it on and off as needed.
> Container management daemon runs in the nested containers.
> These trusted daemons need to have access to full bpf, but they
> don't want to be root all the time.
> They cannot flip back and forth via seteuid to root every time they
> need to do bpf.
> Hence the idea is to have a file that this daemon can open,
> then drop privileges and still keep doing bpf things because FD is held.
> Outer container daemon can pass this /dev/bpf's FD to inner daemon, etc.
> This /dev/bpf would be accessible to root only.
> There is no desire to open it up to non-root.
This seems extremely dangerous right now. A program that can bypass
*all* of the capable() checks in bpf() can do a whole lot. Among
other things, it can read all of kernel memory. It can very likely
gain full system root by appropriate installation of malicious
programs in a cgroup that contains fully privileged programs. In this
regard, bpf() is like most of the Linux capabilities -- it seems
somewhat limited, but it really implies a lot of privilege. There was
a little paper awhile back pointing out that, on a normal system, most
of the Linux capabilities were functionally equivalent.
>
> It seems there is concern that /dev/bpf is unnecessary special.
> How about we combine bpffs and /dev/bpf ideas?
> Like we can have a special file name in bpffs.
> The root would do 'touch /sys/fs/bpf/privileges' and it would behave
> just like /dev/bpf, but now it can be in any bpffs directory and acls
> to bpffs mount would work as-is.
This seems to have most of the same problems. My main point is that
it conflates a whole lot of different permissions, and I really don't
think it's that much work to mostly disentangle the permissions in
question. My little series (if completed) plus a patch to allow
unprivileged cgroup attach operations if you have an FMODE_WRITE fd to
an appropriate file should get most of the way there.
Also, be careful about your bpffs idea: bpffs is (sort of) namespaced,
and it would make sense to allow new bpf instances to be created
inside unprivileged user namespaces. Such instances should not be
able to create magical privilege-granting files. In that respect,
/dev/bpf is better.
>
> CAP_BPF is also good idea. I think for the enviroment where untrusted
> and unprivileged users want to run 'bpftrace' that would be perfect mechanism.
> getcap /bin/bpftrace would have cap_bpf, cap_kprobe and whatever else.
> Sort of like /bin/ping.
> But I don't see how cap_bpf helps to solve our trusted root daemon problem.
> imo open ("/sys/fs/bpf/privileges") and pass that FD into bpf syscall
> is the only viable mechanism.
>
As above, I think that forking before dropping privileges and asking
the child to do the bpf() operations is safer and more flexible.
> Note the verifier does very different amount of work for unpriv vs root.
> It does speculative execution analysis, pointer leak checks for unpriv.
> So we gotta pass special flag to the verifier to make it act like it's
> loading a program for root.
>
Indeed. And programs in untrusted containers should not be able to do this.
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox