* Re: [Intel-wired-lan] [PATCH 2/2] ixgbe: Use refcount_t for refcount
From: Willem de Bruijn @ 2019-08-05 21:59 UTC (permalink / raw)
To: Bowers, AndrewX
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
intel-wired-lan@lists.osuosl.org
In-Reply-To: <26D9FDECA4FBDD4AADA65D8E2FC68A4A1D40F174@ORSMSX104.amr.corp.intel.com>
On Mon, Aug 5, 2019 at 5:43 PM Bowers, AndrewX <andrewx.bowers@intel.com> wrote:
>
> > -----Original Message-----
> > From: Intel-wired-lan [mailto:intel-wired-lan-bounces@osuosl.org] On
> > Behalf Of Chuhong Yuan
> > Sent: Friday, August 2, 2019 3:55 AM
> > Cc: netdev@vger.kernel.org; Chuhong Yuan <hslester96@gmail.com>; linux-
> > kernel@vger.kernel.org; intel-wired-lan@lists.osuosl.org; David S . Miller
> > <davem@davemloft.net>
> > Subject: [Intel-wired-lan] [PATCH 2/2] ixgbe: Use refcount_t for refcount
> >
> > refcount_t is better for reference counters since its implementation can
> > prevent overflows.
> > So convert atomic_t ref counters to refcount_t.
> >
> > Also convert refcount from 0-based to 1-based.
> >
> > This patch depends on PATCH 1/2.
> >
> > Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> > ---
> > drivers/net/ethernet/intel/ixgbe/ixgbe_fcoe.c | 6 +++---
> > drivers/net/ethernet/intel/ixgbe/ixgbe_fcoe.h | 2 +-
> > 2 files changed, 4 insertions(+), 4 deletions(-)
>
> Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
To reiterate, this patchset should not be applied as is. It is not
correct to simply change the initial refcount.
^ permalink raw reply
* RE: [Intel-wired-lan] [PATCH][net-next] ice: fix potential infinite loop
From: Bowers, AndrewX @ 2019-08-05 21:49 UTC (permalink / raw)
To: intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org
Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
In-Reply-To: <20190802155217.16996-1-colin.king@canonical.com>
> -----Original Message-----
> From: Intel-wired-lan [mailto:intel-wired-lan-bounces@osuosl.org] On
> Behalf Of Colin King
> Sent: Friday, August 2, 2019 8:52 AM
> To: Kirsher, Jeffrey T <jeffrey.t.kirsher@intel.com>; David S . Miller
> <davem@davemloft.net>; intel-wired-lan@lists.osuosl.org;
> netdev@vger.kernel.org
> Cc: kernel-janitors@vger.kernel.org; linux-kernel@vger.kernel.org
> Subject: [Intel-wired-lan] [PATCH][net-next] ice: fix potential infinite loop
>
> From: Colin Ian King <colin.king@canonical.com>
>
> The loop counter of a for-loop is a u8 however this is being compared to an
> int upper bound and this can lead to an infinite loop if the upper bound is
> greater than 255 since the loop counter will wrap back to zero. Fix this
> potential issue by making the loop counter an int.
>
> Addresses-Coverity: ("Infinite loop")
> Fixes: c7aeb4d1b9bf ("ice: Disable VFs until reset is completed")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/net/ethernet/intel/ice/ice_main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
^ permalink raw reply
* Re: pull-request: can 2019-08-02
From: David Miller @ 2019-08-05 21:45 UTC (permalink / raw)
To: mkl; +Cc: netdev, linux-can, kernel
In-Reply-To: <20190802120038.18154-1-mkl@pengutronix.de>
From: Marc Kleine-Budde <mkl@pengutronix.de>
Date: Fri, 2 Aug 2019 14:00:34 +0200
> this is a pull request of 4 patches for net/master.
>
> The first two patches are by Wang Xiayang, they force that the string buffer
> during a dev_info() is properly NULL terminated.
>
> The last two patches are by Tomas Bortoli and fix both a potential info leak of
> kernel memory to USB devices.
Pulled, thanks Marc.
^ permalink raw reply
* Re: linux-next: Signed-off-by missing for commit in the net tree
From: David Miller @ 2019-08-05 21:43 UTC (permalink / raw)
To: sfr; +Cc: netdev, linux-next, linux-kernel
In-Reply-To: <20190806073825.6e6ba393@canb.auug.org.au>
From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Tue, 6 Aug 2019 07:38:25 +1000
> Commit
>
> c3953a3c2d31 ("NFC: nfcmrvl: fix gpio-handling regression")
>
> is missing a Signed-off-by from its committer.
That has to be the first time that's ever happened to me :-)
And indeed as I check my command line history I forgot the --signoff
command line option.
^ permalink raw reply
* Re: [PATCH net-next v2] openvswitch: Print error when ovs_execute_actions() fails
From: Yifeng Sun @ 2019-08-05 21:43 UTC (permalink / raw)
To: Pravin Shelar; +Cc: Linux Kernel Network Developers, Greg Rose
In-Reply-To: <CAOrHB_C758HjLJxb3jzAn0Wy1a_m4G2o4gsqMDdhJ9PRdT4GUg@mail.gmail.com>
Thanks Pravin!
Best,
Yifeng
On Mon, Aug 5, 2019 at 1:49 PM Pravin Shelar <pshelar@ovn.org> wrote:
>
> On Sun, Aug 4, 2019 at 7:56 PM Yifeng Sun <pkusunyifeng@gmail.com> wrote:
> >
> > Currently in function ovs_dp_process_packet(), return values of
> > ovs_execute_actions() are silently discarded. This patch prints out
> > an debug message when error happens so as to provide helpful hints
> > for debugging.
> > ---
> > v1->v2: Fixed according to Pravin's review.
> >
>
> Looks good.
> Acked-by: Pravin B Shelar <pshelar@ovn.org>
>
> Thanks,
> Pravin.
^ permalink raw reply
* RE: [Intel-wired-lan] [PATCH 2/2] ixgbe: Use refcount_t for refcount
From: Bowers, AndrewX @ 2019-08-05 21:43 UTC (permalink / raw)
To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
intel-wired-lan@lists.osuosl.org
In-Reply-To: <20190802105507.16650-1-hslester96@gmail.com>
> -----Original Message-----
> From: Intel-wired-lan [mailto:intel-wired-lan-bounces@osuosl.org] On
> Behalf Of Chuhong Yuan
> Sent: Friday, August 2, 2019 3:55 AM
> Cc: netdev@vger.kernel.org; Chuhong Yuan <hslester96@gmail.com>; linux-
> kernel@vger.kernel.org; intel-wired-lan@lists.osuosl.org; David S . Miller
> <davem@davemloft.net>
> Subject: [Intel-wired-lan] [PATCH 2/2] ixgbe: Use refcount_t for refcount
>
> refcount_t is better for reference counters since its implementation can
> prevent overflows.
> So convert atomic_t ref counters to refcount_t.
>
> Also convert refcount from 0-based to 1-based.
>
> This patch depends on PATCH 1/2.
>
> Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> ---
> drivers/net/ethernet/intel/ixgbe/ixgbe_fcoe.c | 6 +++---
> drivers/net/ethernet/intel/ixgbe/ixgbe_fcoe.h | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
^ permalink raw reply
* RE: [Intel-wired-lan] [PATCH 1/2] ixgbe: Explicitly initialize reference count to 0
From: Bowers, AndrewX @ 2019-08-05 21:42 UTC (permalink / raw)
To: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
intel-wired-lan@lists.osuosl.org
In-Reply-To: <20190802105457.16596-1-hslester96@gmail.com>
> -----Original Message-----
> From: Intel-wired-lan [mailto:intel-wired-lan-bounces@osuosl.org] On
> Behalf Of Chuhong Yuan
> Sent: Friday, August 2, 2019 3:55 AM
> Cc: netdev@vger.kernel.org; Chuhong Yuan <hslester96@gmail.com>; linux-
> kernel@vger.kernel.org; intel-wired-lan@lists.osuosl.org; David S . Miller
> <davem@davemloft.net>
> Subject: [Intel-wired-lan] [PATCH 1/2] ixgbe: Explicitly initialize reference
> count to 0
>
> The driver does not explicitly call atomic_set to initialize refcount to 0.
> Add the call so that it will be more straight forward to convert refcount from
> atomic_t to refcount_t.
>
> Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
> ---
> drivers/net/ethernet/intel/ixgbe/ixgbe_fcoe.c | 1 +
> 1 file changed, 1 insertion(+)
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
^ permalink raw reply
* linux-next: Signed-off-by missing for commit in the net tree
From: Stephen Rothwell @ 2019-08-05 21:38 UTC (permalink / raw)
To: David Miller, Networking
Cc: Linux Next Mailing List, Linux Kernel Mailing List
[-- Attachment #1: Type: text/plain, Size: 168 bytes --]
Hi all,
Commit
c3953a3c2d31 ("NFC: nfcmrvl: fix gpio-handling regression")
is missing a Signed-off-by from its committer.
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply
* Re: [PATCH bpf-next 1/2] selftests/bpf: add loop test 4
From: Andrii Nakryiko @ 2019-08-05 21:37 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Yonghong Song, Alexei Starovoitov, David S. Miller,
Daniel Borkmann, Networking, bpf, Kernel Team
In-Reply-To: <f3ccc18f-7c25-a4e8-3d3d-c9f0bdf453ea@fb.com>
On Mon, Aug 5, 2019 at 1:53 PM Alexei Starovoitov <ast@fb.com> wrote:
>
> On 8/5/19 1:04 PM, Yonghong Song wrote:
> >
> >
> > On 8/5/19 12:45 PM, Andrii Nakryiko wrote:
> >> On Sat, Aug 3, 2019 at 8:19 PM Alexei Starovoitov <ast@kernel.org> wrote:
> >>>
> >>> Add a test that returns a 'random' number between [0, 2^20)
> >>> If state pruning is not working correctly for loop body the number of
> >>> processed insns will be 2^20 * num_of_insns_in_loop_body and the program
> >>> will be rejected.
> >>>
> >>> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
> >>> ---
> >>> .../bpf/prog_tests/bpf_verif_scale.c | 1 +
> >>> tools/testing/selftests/bpf/progs/loop4.c | 23 +++++++++++++++++++
> >>> 2 files changed, 24 insertions(+)
> >>> create mode 100644 tools/testing/selftests/bpf/progs/loop4.c
> >>>
> >>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
> >>> index b4be96162ff4..757e39540eda 100644
> >>> --- a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
> >>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
> >>> @@ -71,6 +71,7 @@ void test_bpf_verif_scale(void)
> >>>
> >>> { "loop1.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
> >>> { "loop2.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
> >>> + { "loop4.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
> >>>
> >>> /* partial unroll. 19k insn in a loop.
> >>> * Total program size 20.8k insn.
> >>> diff --git a/tools/testing/selftests/bpf/progs/loop4.c b/tools/testing/selftests/bpf/progs/loop4.c
> >>> new file mode 100644
> >>> index 000000000000..3e7ee14fddbd
> >>> --- /dev/null
> >>> +++ b/tools/testing/selftests/bpf/progs/loop4.c
> >>> @@ -0,0 +1,23 @@
> >>> +// SPDX-License-Identifier: GPL-2.0
> >>> +// Copyright (c) 2019 Facebook
> >>> +#include <linux/sched.h>
> >>> +#include <linux/ptrace.h>
> >>> +#include <stdint.h>
> >>> +#include <stddef.h>
> >>> +#include <stdbool.h>
> >>> +#include <linux/bpf.h>
> >>> +#include "bpf_helpers.h"
> >>> +
> >>> +char _license[] SEC("license") = "GPL";
> >>> +
> >>> +SEC("socket")
> >>> +int combinations(volatile struct __sk_buff* skb)
> >>> +{
> >>> + int ret = 0, i;
> >>> +
> >>> +#pragma nounroll
> >>> + for (i = 0; i < 20; i++)
> >>> + if (skb->len)
> >>> + ret |= 1 << i;
> >>
> >> So I think the idea is that because verifier shouldn't know whether
> >> skb->len is zero or not, then you have two outcomes on every iteration
> >> leading to 2^20 states, right?
> >>
> >> But I'm afraid that verifier can eventually be smart enough (if it's
> >> not already, btw), to figure out that ret can be either 0 or ((1 <<
> >> 21) - 1), actually. If skb->len is put into separate register, then
> >> that register's bounds will be established on first loop iteration as
> >> either == 0 on one branch or (0, inf) on another branch, after which
> >> all subsequent iterations will not branch at all (one or the other
> >> branch will be always taken).
> >>
> >> It's also possible that LLVM/Clang is smart enough already to figure
> >> this out on its own and optimize loop into.
> >>
> >>
> >> if (skb->len) {
> >> for (i = 0; i < 20; i++)
> >> ret |= 1 << i;
> >> }
> >
> > We have
> > volatile struct __sk_buff* skb
> >
> > So from the source code, skb->len could be different for each
> > iteration. The compiler cannot do the above optimization.
>
> yep.
> Without volatile llvm optimizes it even more than Andrii predicted :)
My bad, completely missed volatile.
>
> >>
> >>
> >> So two complains:
> >>
> >> 1. Let's obfuscate this a bit more, e.g., with testing (skb->len &
> >> (1<<i)) instead, so that result really depends on actual length of the
> >> packet.
> >> 2. Is it possible to somehow turn off this precision tracking (e.g.,
> >> running not under root, maybe?) and see that this same program fails
> >> in that case? That way we'll know test actually validates what we
> >> think it validates.
>
> that's on my todo list already.
> To do proper unit tests for all this stuff there should be a way
> to turn off not only precision, but heuristics too.
> All magic numbers in is_state_visited() need to be switchable.
> I'm still thinking on the way to expose it to tests infra.
Yep, that would be great.
I have nothing beyond what Yonghong suggested.
Acked-by: Andrii Nakryiko <andriin@fb.com>
^ permalink raw reply
* [WIP 0/4] bpf: A bit of progress toward unprivileged use
From: Andy Lutomirski @ 2019-08-05 21:29 UTC (permalink / raw)
To: LKML, Alexei Starovoitov
Cc: Song Liu, Kees Cook, Networking, bpf, Daniel Borkmann,
Alexei Starovoitov, Kernel Team, Lorenz Bauer, Jann Horn, Greg KH,
Linux API, LSM List, Andy Lutomirski
Other than the mknod() patch, this is not ready for prime time. These
patches try to make progress toward making bpf() more useful without
privilege
Andy Lutomirski (4):
bpf: Respect persistent map and prog access modes
bpf: Don't require mknod() permission to pin an object
bpf: Add a way to mark functions as requiring privilege
bpf: Allow creating all program types without privilege
include/linux/bpf.h | 30 +++++++++++++++-----
include/linux/bpf_verifier.h | 1 +
kernel/bpf/arraymap.c | 8 +++++-
kernel/bpf/cgroup.c | 6 +++-
kernel/bpf/inode.c | 29 +++++++++++--------
kernel/bpf/syscall.c | 54 +++++++++++++++++++++++++-----------
kernel/bpf/verifier.c | 8 ++++++
kernel/events/core.c | 5 ++--
kernel/trace/bpf_trace.c | 1 +
net/core/dev.c | 4 ++-
net/core/filter.c | 8 ++++--
net/netfilter/xt_bpf.c | 5 ++--
net/packet/af_packet.c | 2 +-
13 files changed, 115 insertions(+), 46 deletions(-)
--
2.21.0
^ permalink raw reply
* [WIP 3/4] bpf: Add a way to mark functions as requiring privilege
From: Andy Lutomirski @ 2019-08-05 21:29 UTC (permalink / raw)
To: LKML, Alexei Starovoitov
Cc: Song Liu, Kees Cook, Networking, bpf, Daniel Borkmann,
Alexei Starovoitov, Kernel Team, Lorenz Bauer, Jann Horn, Greg KH,
Linux API, LSM List, Andy Lutomirski
In-Reply-To: <cover.1565040372.git.luto@kernel.org>
This is horribly incomplete:
- I only marked one function as requiring privilege, and there are
surely more.
- Checking is_priv is probably not the right thing to do. This should
probably do something more clever. At the very lease, it needs to
integrate with the upcoming lockdown LSM infrastructure.
- The seen_privileged_funcs mechanism is probably not a good solution.
Instead we should check something while we still have enough context
to give a good error message. But we *don't* want to check for
capabilities up front before even seeing a function call, since we
don't want to inadvertently generate audit events for privileges that
are never used.
So it's the idea that counts :)
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
include/linux/bpf.h | 15 +++++++++++++++
include/linux/bpf_verifier.h | 1 +
kernel/bpf/verifier.c | 8 ++++++++
kernel/trace/bpf_trace.c | 1 +
4 files changed, 25 insertions(+)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 2d5e1a4dff6c..de31b9888b6c 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -229,6 +229,7 @@ struct bpf_func_proto {
u64 (*func)(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
bool gpl_only;
bool pkt_access;
+ u16 privilege;
enum bpf_return_type ret_type;
enum bpf_arg_type arg1_type;
enum bpf_arg_type arg2_type;
@@ -237,6 +238,20 @@ struct bpf_func_proto {
enum bpf_arg_type arg5_type;
};
+/*
+ * Some functions should require privilege to call at all, even in a test
+ * run. These flags indicate why privilege is required. The core BPF
+ * code will verify that the creator of such a program has the requisite
+ * privilege.
+ *
+ * NB: This means that anyone who creates a privileged program (due to
+ * such a call or due to a privilege-requiring pointer-to-integer conversion)
+ * is responsible for restricting access to the program in an appropriate
+ * manner.
+ */
+#define BPF_FUNC_PRIV_READ_KERNEL_MEMORY BIT(0)
+#define BPT_FUNC_PRIV_WRITE_GLOBAL_LOGS BIT(1)
+
/* bpf_context is intentionally undefined structure. Pointer to bpf_context is
* the first argument to eBPF programs.
* For socket filters: 'struct bpf_context *' == 'struct sk_buff *'
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 5fe99f322b1c..9877f5753cf4 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -363,6 +363,7 @@ struct bpf_verifier_env {
u32 id_gen; /* used to generate unique reg IDs */
bool allow_ptr_leaks;
bool seen_direct_write;
+ u16 seen_privileged_funcs;
struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */
const struct bpf_line_info *prev_linfo;
struct bpf_verifier_log log;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5900cbb966b1..5e048688fd8d 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4129,6 +4129,9 @@ static int check_helper_call(struct bpf_verifier_env *env, int func_id, int insn
if (changes_data)
clear_all_pkt_pointers(env);
+
+ env->seen_privileged_funcs |= fn->privilege;
+
return 0;
}
@@ -9371,6 +9374,11 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr,
if (ret == 0)
adjust_btf_func(env);
+ if (env->seen_privileged_funcs && !is_priv) {
+ ret = -EPERM;
+ goto err_release_maps;
+ }
+
err_release_maps:
if (!env->prog->aux->used_maps)
/* if we didn't copy map pointers into bpf_prog_info, release
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index ca1255d14576..d9454588d9e8 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -152,6 +152,7 @@ BPF_CALL_3(bpf_probe_read, void *, dst, u32, size, const void *, unsafe_ptr)
static const struct bpf_func_proto bpf_probe_read_proto = {
.func = bpf_probe_read,
.gpl_only = true,
+ .privilege = BPF_FUNC_PRIV_READ_KERNEL_MEMORY,
.ret_type = RET_INTEGER,
.arg1_type = ARG_PTR_TO_UNINIT_MEM,
.arg2_type = ARG_CONST_SIZE_OR_ZERO,
--
2.21.0
^ permalink raw reply related
* [WIP 4/4] bpf: Allow creating all program types without privilege
From: Andy Lutomirski @ 2019-08-05 21:29 UTC (permalink / raw)
To: LKML, Alexei Starovoitov
Cc: Song Liu, Kees Cook, Networking, bpf, Daniel Borkmann,
Alexei Starovoitov, Kernel Team, Lorenz Bauer, Jann Horn, Greg KH,
Linux API, LSM List, Andy Lutomirski
In-Reply-To: <cover.1565040372.git.luto@kernel.org>
This doesn't let you *run* the programs except in test mode, so it should
be safe. Famous last words.
This assumes that the check-privilege-to-call-privileged-functions
patch actually catches all the cases and that there's nothing else
that should need privilege lurking in the type-specific verifiers.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
kernel/bpf/syscall.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 23f8f89d2a86..730afa2be786 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1649,8 +1649,7 @@ static int bpf_prog_load(union bpf_attr *attr, union bpf_attr __user *uattr)
attr->insn_cnt > (capable(CAP_SYS_ADMIN) ? BPF_COMPLEXITY_LIMIT_INSNS : BPF_MAXINSNS))
return -E2BIG;
if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
- type != BPF_PROG_TYPE_CGROUP_SKB &&
- !capable(CAP_SYS_ADMIN))
+ type != BPF_PROG_TYPE_CGROUP_SKB)
return -EPERM;
bpf_prog_load_fixup_attach_type(attr);
--
2.21.0
^ permalink raw reply related
* [WIP 1/4] bpf: Respect persistent map and prog access modes
From: Andy Lutomirski @ 2019-08-05 21:29 UTC (permalink / raw)
To: LKML, Alexei Starovoitov
Cc: Song Liu, Kees Cook, Networking, bpf, Daniel Borkmann,
Alexei Starovoitov, Kernel Team, Lorenz Bauer, Jann Horn, Greg KH,
Linux API, LSM List, Andy Lutomirski
In-Reply-To: <cover.1565040372.git.luto@kernel.org>
In the interest of making bpf() more useful by unprivileged users,
this patch teaches bpf to respect access modes on map and prog
inodes. The permissions are:
R on a map: read the map
W on a map: write the map
Referencing a map from a program should require RW.
R on a prog: Read or introspect the prog
W on a prog: Attach the prog to something
Test-running a prog is a form of introspection, so it requires RW.
Detaching a prog merely uses the fd for identification, so neither R
nor W is needed.
This is likely incomplete, and it has some comments that should be
removed.
This patch uses WRITE instead of EXEC as the permission needed to
run (by attaching or test-running) a program. EXEC seems nicer, but
O_MAYEXEC isn't merged, which makes using X awkward.
---
include/linux/bpf.h | 15 +++++++------
kernel/bpf/arraymap.c | 8 ++++++-
kernel/bpf/cgroup.c | 6 ++++-
kernel/bpf/inode.c | 25 ++++++++++++++-------
kernel/bpf/syscall.c | 51 ++++++++++++++++++++++++++++++------------
kernel/events/core.c | 5 +++--
net/core/dev.c | 4 +++-
net/core/filter.c | 8 ++++---
net/netfilter/xt_bpf.c | 5 +++--
net/packet/af_packet.c | 2 +-
10 files changed, 89 insertions(+), 40 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 18f4cc2c6acd..2d5e1a4dff6c 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -630,9 +630,9 @@ extern const struct bpf_prog_ops bpf_offload_prog_ops;
extern const struct bpf_verifier_ops tc_cls_act_analyzer_ops;
extern const struct bpf_verifier_ops xdp_analyzer_ops;
-struct bpf_prog *bpf_prog_get(u32 ufd);
+struct bpf_prog *bpf_prog_get(u32 ufd, int mask);
struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type,
- bool attach_drv);
+ bool attach_drv, int mask);
struct bpf_prog * __must_check bpf_prog_add(struct bpf_prog *prog, int i);
void bpf_prog_sub(struct bpf_prog *prog, int i);
struct bpf_prog * __must_check bpf_prog_inc(struct bpf_prog *prog);
@@ -662,7 +662,7 @@ void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr);
extern int sysctl_unprivileged_bpf_disabled;
int bpf_map_new_fd(struct bpf_map *map, int flags);
-int bpf_prog_new_fd(struct bpf_prog *prog);
+int bpf_prog_new_fd(struct bpf_prog *prog, int flags);
int bpf_obj_pin_user(u32 ufd, const char __user *pathname);
int bpf_obj_get_user(const char __user *pathname, int flags);
@@ -733,7 +733,7 @@ static inline int bpf_map_attr_numa_node(const union bpf_attr *attr)
attr->numa_node : NUMA_NO_NODE;
}
-struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type);
+struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type, int mask);
int array_map_alloc_check(union bpf_attr *attr);
int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
@@ -850,7 +850,7 @@ static inline int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu,
}
static inline struct bpf_prog *bpf_prog_get_type_path(const char *name,
- enum bpf_prog_type type)
+ enum bpf_prog_type type, int mask)
{
return ERR_PTR(-EOPNOTSUPP);
}
@@ -878,9 +878,10 @@ static inline int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
#endif /* CONFIG_BPF_SYSCALL */
static inline struct bpf_prog *bpf_prog_get_type(u32 ufd,
- enum bpf_prog_type type)
+ enum bpf_prog_type type,
+ int mask)
{
- return bpf_prog_get_type_dev(ufd, type, false);
+ return bpf_prog_get_type_dev(ufd, type, false, mask);
}
bool bpf_prog_get_ok(struct bpf_prog *, enum bpf_prog_type *, bool);
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 1c65ce0098a9..7e17a5d42110 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -522,6 +522,10 @@ int bpf_fd_array_map_lookup_elem(struct bpf_map *map, void *key, u32 *value)
}
/* only called from syscall */
+/*
+ * XXX: it's totally unclear to me what this ends up doing with the fd
+ * in general.
+ */
int bpf_fd_array_map_update_elem(struct bpf_map *map, struct file *map_file,
void *key, void *value, u64 map_flags)
{
@@ -569,7 +573,9 @@ static void *prog_fd_array_get_ptr(struct bpf_map *map,
struct file *map_file, int fd)
{
struct bpf_array *array = container_of(map, struct bpf_array, map);
- struct bpf_prog *prog = bpf_prog_get(fd);
+
+ /* XXX: what, exactly, does this end up doing to the prog in question? */
+ struct bpf_prog *prog = bpf_prog_get(fd, FMODE_READ | FMODE_WRITE);
if (IS_ERR(prog))
return prog;
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 0a00eaca6fae..1450c3bdab82 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -562,7 +562,11 @@ int cgroup_bpf_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype)
if (IS_ERR(cgrp))
return PTR_ERR(cgrp);
- prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
+ /*
+ * No particular access required -- this only uses the fd to identify
+ * a program, not to do anything with the program.
+ */
+ prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype, 0);
if (IS_ERR(prog))
prog = NULL;
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index cc0d0cf114e3..cb07736b33ae 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -58,7 +58,7 @@ static void bpf_any_put(void *raw, enum bpf_type type)
}
}
-static void *bpf_fd_probe_obj(u32 ufd, enum bpf_type *type)
+static void *bpf_fd_probe_obj(u32 ufd, enum bpf_type *type, int mask)
{
void *raw;
@@ -66,7 +66,7 @@ static void *bpf_fd_probe_obj(u32 ufd, enum bpf_type *type)
raw = bpf_map_get_with_uref(ufd);
if (IS_ERR(raw)) {
*type = BPF_TYPE_PROG;
- raw = bpf_prog_get(ufd);
+ raw = bpf_prog_get(ufd, mask);
}
return raw;
@@ -430,7 +430,12 @@ int bpf_obj_pin_user(u32 ufd, const char __user *pathname)
if (IS_ERR(pname))
return PTR_ERR(pname);
- raw = bpf_fd_probe_obj(ufd, &type);
+ /*
+ * Pinning an object effectively grants the caller all access, because
+ * the caller ends up owning the inode. So require all access.
+ * XXX: If we use FMODE_EXEC, we should require FMODE_EXEC too.
+ */
+ raw = bpf_fd_probe_obj(ufd, &type, FMODE_READ | FMODE_WRITE);
if (IS_ERR(raw)) {
ret = PTR_ERR(raw);
goto out;
@@ -456,6 +461,10 @@ static void *bpf_obj_do_get(const struct filename *pathname,
if (ret)
return ERR_PTR(ret);
+ /*
+ * XXX: O_MAYEXEC doesn't exist, which is problematic here if we
+ * want to use FMODE_EXEC.
+ */
inode = d_backing_inode(path.dentry);
ret = inode_permission(inode, ACC_MODE(flags));
if (ret)
@@ -499,7 +508,7 @@ int bpf_obj_get_user(const char __user *pathname, int flags)
}
if (type == BPF_TYPE_PROG)
- ret = bpf_prog_new_fd(raw);
+ ret = bpf_prog_new_fd(raw, f_flags);
else if (type == BPF_TYPE_MAP)
ret = bpf_map_new_fd(raw, f_flags);
else
@@ -512,10 +521,10 @@ int bpf_obj_get_user(const char __user *pathname, int flags)
return ret;
}
-static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type type)
+static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type type, int mask)
{
struct bpf_prog *prog;
- int ret = inode_permission(inode, MAY_READ);
+ int ret = inode_permission(inode, mask);
if (ret)
return ERR_PTR(ret);
@@ -536,14 +545,14 @@ static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type
return bpf_prog_inc(prog);
}
-struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type)
+struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type, int mask)
{
struct bpf_prog *prog;
struct path path;
int ret = kern_path(name, LOOKUP_FOLLOW, &path);
if (ret)
return ERR_PTR(ret);
- prog = __get_prog_inode(d_backing_inode(path.dentry), type);
+ prog = __get_prog_inode(d_backing_inode(path.dentry), type, mask);
if (!IS_ERR(prog))
touch_atime(&path);
path_put(&path);
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 5d141f16f6fa..23f8f89d2a86 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -447,6 +447,7 @@ int bpf_map_new_fd(struct bpf_map *map, int flags)
int bpf_get_file_flag(int flags)
{
+ /* XXX: What about exec? */
if ((flags & BPF_F_RDONLY) && (flags & BPF_F_WRONLY))
return -EINVAL;
if (flags & BPF_F_RDONLY)
@@ -556,6 +557,10 @@ static int map_create(union bpf_attr *attr)
if (err)
return -EINVAL;
+ /*
+ * XXX: I'm a bit confused. Why would you ever create a map and
+ * grant *yourself* less than full permission?
+ */
f_flags = bpf_get_file_flag(attr->map_flags);
if (f_flags < 0)
return f_flags;
@@ -1411,7 +1416,7 @@ const struct file_operations bpf_prog_fops = {
.write = bpf_dummy_write,
};
-int bpf_prog_new_fd(struct bpf_prog *prog)
+int bpf_prog_new_fd(struct bpf_prog *prog, int flags)
{
int ret;
@@ -1420,10 +1425,10 @@ int bpf_prog_new_fd(struct bpf_prog *prog)
return ret;
return anon_inode_getfd("bpf-prog", &bpf_prog_fops, prog,
- O_RDWR | O_CLOEXEC);
+ flags | O_CLOEXEC);
}
-static struct bpf_prog *____bpf_prog_get(struct fd f)
+static struct bpf_prog *____bpf_prog_get(struct fd f, int mask)
{
if (!f.file)
return ERR_PTR(-EBADF);
@@ -1431,6 +1436,10 @@ static struct bpf_prog *____bpf_prog_get(struct fd f)
fdput(f);
return ERR_PTR(-EINVAL);
}
+ if ((f.file->f_mode & mask) != mask) {
+ fdput(f);
+ return ERR_PTR(-EACCES);
+ }
return f.file->private_data;
}
@@ -1497,12 +1506,12 @@ bool bpf_prog_get_ok(struct bpf_prog *prog,
}
static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type,
- bool attach_drv)
+ bool attach_drv, int mask)
{
struct fd f = fdget(ufd);
struct bpf_prog *prog;
- prog = ____bpf_prog_get(f);
+ prog = ____bpf_prog_get(f, mask);
if (IS_ERR(prog))
return prog;
if (!bpf_prog_get_ok(prog, attach_type, attach_drv)) {
@@ -1516,15 +1525,15 @@ static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type,
return prog;
}
-struct bpf_prog *bpf_prog_get(u32 ufd)
+struct bpf_prog *bpf_prog_get(u32 ufd, int mask)
{
- return __bpf_prog_get(ufd, NULL, false);
+ return __bpf_prog_get(ufd, NULL, false, mask);
}
struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type,
- bool attach_drv)
+ bool attach_drv, int mask)
{
- return __bpf_prog_get(ufd, &type, attach_drv);
+ return __bpf_prog_get(ufd, &type, attach_drv, mask);
}
EXPORT_SYMBOL_GPL(bpf_prog_get_type_dev);
@@ -1707,7 +1716,7 @@ static int bpf_prog_load(union bpf_attr *attr, union bpf_attr __user *uattr)
if (err)
goto free_used_maps;
- err = bpf_prog_new_fd(prog);
+ err = bpf_prog_new_fd(prog, O_RDWR /* | O_MAYEXEC */);
if (err < 0) {
/* failed to allocate fd.
* bpf_prog_put() is needed because the above
@@ -1808,7 +1817,7 @@ static int bpf_raw_tracepoint_open(const union bpf_attr *attr)
}
raw_tp->btp = btp;
- prog = bpf_prog_get(attr->raw_tracepoint.prog_fd);
+ prog = bpf_prog_get(attr->raw_tracepoint.prog_fd, MAY_EXEC);
if (IS_ERR(prog)) {
err = PTR_ERR(prog);
goto out_free_tp;
@@ -1929,7 +1938,7 @@ static int bpf_prog_attach(const union bpf_attr *attr)
return -EINVAL;
}
- prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
+ prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype, MAY_EXEC);
if (IS_ERR(prog))
return PTR_ERR(prog);
@@ -2083,7 +2092,11 @@ static int bpf_prog_test_run(const union bpf_attr *attr,
(!attr->test.ctx_size_out && attr->test.ctx_out))
return -EINVAL;
- prog = bpf_prog_get(attr->test.prog_fd);
+ /*
+ * A test run is is a form of query, so require RW. Using W as a proxy for
+ * X, since X is awkward due to a lack of O_MAYEXEC.
+ */
+ prog = bpf_prog_get(attr->test.prog_fd, MAY_READ | MAY_WRITE);
if (IS_ERR(prog))
return PTR_ERR(prog);
@@ -2147,7 +2160,11 @@ static int bpf_prog_get_fd_by_id(const union bpf_attr *attr)
if (IS_ERR(prog))
return PTR_ERR(prog);
- fd = bpf_prog_new_fd(prog);
+ /*
+ * We have all permissions. This is okay, since we also require
+ * CAP_SYS_ADMIN to do this at all.
+ */
+ fd = bpf_prog_new_fd(prog, O_RDWR /* | O_MAYEXEC */);
if (fd < 0)
bpf_prog_put(prog);
@@ -2638,6 +2655,11 @@ static int bpf_obj_get_info_by_fd(const union bpf_attr *attr,
if (!f.file)
return -EBADFD;
+ if (!(f.file->f_mode & FMODE_READ)) {
+ err = -EACCES;
+ goto out;
+ }
+
if (f.file->f_op == &bpf_prog_fops)
err = bpf_prog_get_info_by_fd(f.file->private_data, attr,
uattr);
@@ -2649,6 +2671,7 @@ static int bpf_obj_get_info_by_fd(const union bpf_attr *attr,
else
err = -EINVAL;
+out:
fdput(f);
return err;
}
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 026a14541a38..f2e3973b28f2 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -8876,7 +8876,8 @@ static int perf_event_set_bpf_handler(struct perf_event *event, u32 prog_fd)
if (event->prog)
return -EEXIST;
- prog = bpf_prog_get_type(prog_fd, BPF_PROG_TYPE_PERF_EVENT);
+ /* Should maybe be FMODE_EXEC? */
+ prog = bpf_prog_get_type(prog_fd, BPF_PROG_TYPE_PERF_EVENT, FMODE_WRITE);
if (IS_ERR(prog))
return PTR_ERR(prog);
@@ -8942,7 +8943,7 @@ static int perf_event_set_bpf_prog(struct perf_event *event, u32 prog_fd)
/* bpf programs can only be attached to u/kprobe or tracepoint */
return -EINVAL;
- prog = bpf_prog_get(prog_fd);
+ prog = bpf_prog_get(prog_fd, FMODE_WRITE);
if (IS_ERR(prog))
return PTR_ERR(prog);
diff --git a/net/core/dev.c b/net/core/dev.c
index fc676b2610e3..3fcaeae693bb 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -8093,8 +8093,10 @@ int dev_change_xdp_fd(struct net_device *dev, struct netlink_ext_ack *extack,
return -EBUSY;
}
+ /* XXX: FMODE_EXEC? */
prog = bpf_prog_get_type_dev(fd, BPF_PROG_TYPE_XDP,
- bpf_op == ops->ndo_bpf);
+ bpf_op == ops->ndo_bpf,
+ FMODE_WRITE);
if (IS_ERR(prog))
return PTR_ERR(prog);
diff --git a/net/core/filter.c b/net/core/filter.c
index 4e2a79b2fd77..9282462678fd 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1544,7 +1544,8 @@ static struct bpf_prog *__get_bpf(u32 ufd, struct sock *sk)
if (sock_flag(sk, SOCK_FILTER_LOCKED))
return ERR_PTR(-EPERM);
- return bpf_prog_get_type(ufd, BPF_PROG_TYPE_SOCKET_FILTER);
+ /* FMODE_EXEC? */
+ return bpf_prog_get_type(ufd, BPF_PROG_TYPE_SOCKET_FILTER, FMODE_WRITE);
}
int sk_attach_bpf(u32 ufd, struct sock *sk)
@@ -1572,9 +1573,10 @@ int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk)
if (sock_flag(sk, SOCK_FILTER_LOCKED))
return -EPERM;
- prog = bpf_prog_get_type(ufd, BPF_PROG_TYPE_SOCKET_FILTER);
+ prog = bpf_prog_get_type(ufd, BPF_PROG_TYPE_SOCKET_FILTER, FMODE_WRITE);
if (IS_ERR(prog) && PTR_ERR(prog) == -EINVAL)
- prog = bpf_prog_get_type(ufd, BPF_PROG_TYPE_SK_REUSEPORT);
+ prog = bpf_prog_get_type(ufd, BPF_PROG_TYPE_SK_REUSEPORT,
+ FMODE_WRITE);
if (IS_ERR(prog))
return PTR_ERR(prog);
diff --git a/net/netfilter/xt_bpf.c b/net/netfilter/xt_bpf.c
index 13cf3f9b5938..34e5c08ee1f3 100644
--- a/net/netfilter/xt_bpf.c
+++ b/net/netfilter/xt_bpf.c
@@ -44,7 +44,7 @@ static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret)
{
struct bpf_prog *prog;
- prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);
+ prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER, MAY_EXEC);
if (IS_ERR(prog))
return PTR_ERR(prog);
@@ -57,7 +57,8 @@ static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret)
if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX)
return -EINVAL;
- *ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER);
+ *ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER,
+ MAY_EXEC);
return PTR_ERR_OR_ZERO(*ret);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 8d54f3047768..5b8c5e5d94bf 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1563,7 +1563,7 @@ static int fanout_set_data_ebpf(struct packet_sock *po, char __user *data,
if (copy_from_user(&fd, data, len))
return -EFAULT;
- new = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);
+ new = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER, FMODE_WRITE);
if (IS_ERR(new))
return PTR_ERR(new);
--
2.21.0
^ permalink raw reply related
* [WIP 2/4] bpf: Don't require mknod() permission to pin an object
From: Andy Lutomirski @ 2019-08-05 21:29 UTC (permalink / raw)
To: LKML, Alexei Starovoitov
Cc: Song Liu, Kees Cook, Networking, bpf, Daniel Borkmann,
Alexei Starovoitov, Kernel Team, Lorenz Bauer, Jann Horn, Greg KH,
Linux API, LSM List, Andy Lutomirski
In-Reply-To: <cover.1565040372.git.luto@kernel.org>
security_path_mknod() seems excessive for pinning an object --
pinning an object is effectively just creating a file. It's also
redundant, as vfs_mkobj() calls security_inode_create() by itself.
This isn't strictly required -- mknod(path, S_IFREG, unused) works
to create regular files, but bpf is currently the only user in the
kernel outside of mknod() itself that uses it to create regular
(i.e. S_IFREG) files.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
kernel/bpf/inode.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index cb07736b33ae..14304609003a 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -394,10 +394,6 @@ static int bpf_obj_do_pin(const struct filename *pathname, void *raw,
mode = S_IFREG | ((S_IRUSR | S_IWUSR) & ~current_umask());
- ret = security_path_mknod(&path, dentry, mode, 0);
- if (ret)
- goto out;
-
dir = d_inode(path.dentry);
if (dir->i_op != &bpf_dir_iops) {
ret = -EPERM;
--
2.21.0
^ permalink raw reply related
* Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Andy Lutomirski @ 2019-08-05 21:25 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Andy Lutomirski, Song Liu, Kees Cook, Networking, bpf,
Alexei Starovoitov, Daniel Borkmann, Kernel Team, Lorenz Bauer,
Jann Horn, Greg KH, Linux API, LSM List
In-Reply-To: <20190805192122.laxcaz75k4vxdspn@ast-mbp>
On Mon, Aug 5, 2019 at 12:21 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Mon, Aug 05, 2019 at 10:23:10AM -0700, Andy Lutomirski wrote:
> >
> > I refreshed the branch again. I had a giant hole in my previous idea
> > that we could deprivilege program loading: some BPF functions need
> > privilege. Now I have a changelog comment to that effect and a patch
> > that sketches out a way to addressing this.
> >
> > I don't think I'm going to have time soon to actually get any of this
> > stuff mergeable, and it would be fantastic if you or someone else who
> > likes working of bpf were to take this code and run with it. Feel
> > free to add my Signed-off-by, and I'd be happy to help review.
>
> Thanks a lot for working on patches and helping us with the design!
>
> Can you resend the patches to the mailing list?
> It's kinda hard to reply/review to patches that are somewhere in the web.
Will do.
> I'm still trying to understand the main idea.
> If I'm reading things correctly:
The series doesn't, strictly speaking, have an overall problem that it
solves. It's a series of steps in the direction of making bpf() make
more sense without privilege and toward reducing the required
privilege.
> patch 1 "add access permissions to bpf fds"
> just passes the flags ?
It tries to make the kernel respect the access modes for fds. Without
this patch, there seem to be some holes: nothing looked at program fds
and, unless I missed something, you could take a readonly fd for a
program, pin the program, and reopen it RW.
> patch 2 "Don't require mknod() permission to pin an object"
> makes sense in isolation.
It makes even more sense now :)
> patch 3 "Allow creating all program types without privilege"
> is not right.
I think it can be made right, which is the point.
> patch 4 "Add a way to mark functions as requiring privilege"
> is an interesting idea, but I don't think it helps that much.
Other than the issue that this patch partially fixes, can you see any
reason that loading a program should require privilege? Obviously the
verifier is weakened a bit when called by privileged users, but a lot
of that is about excessive resource usage and various less-well-tested
features. It seems to me that most of the value of bpf() should be
available to programs that should not need privilege to load. Are
there things I'm missing?
>
> So the main thing we're trying to solve with augmented bpf syscall
> and/or /dev/bpf is to be able to use root-only features of bpf when
> trused process already dropped root permissions.
> These features include bpf2bpf calls, bounded loops, special maps (like LPM), etc.
Can you elaborate on all these:
I see nothing inherently wrong with bpf2bpf for unprivileged users as
long as they have appropriate access to the called program. Patch 1
improves that.
Bounded loops: if they are adequately well verified, then the only
damage is that they can make bpf progs that run slowly, right? It
seems like some kind of capability or sysctl for "allow using lots of
bpf resources" would do the trick. This could even be a cgroup
setting -- bpf resources aren't all that different from any other
resource.
LPM: I don't see why this requires privilege at all. It indeed checks
capable(CAP_SYS_ADMIN), but I don't see why.
>
> Attaching to a cgroup already has file based permission checks.
> The user needs to open cgroup directory to attach.
> acls on cgroup dir can already be used to prevent attaching to
> certain parts of cgroup hierarchy.
The current checks seem inadequate.
$ echo 'yay' </sys/fs/cgroup/systemd/system.slice/
The ability to obtain an fd to a cgroup does *not* imply any right to
modify that cgroup. The ability to write to a cgroup directory
already means something else -- it's the ability to create cgroups
under the group in question. I'm suggesting that a new API be added
that allows attaching a bpf program to a cgroup without capabilities
and that instead requires write access to a new file in the cgroup
directory. (It could be a single file for all bpf types or one file
per type. I prefer the latter -- it gives the admin finer-grained
control.)
> What we need is to drop privileges sooner in daemons like systemd.
This is doable right now: systemd could fork off a subprocess and
delegate its cgroup operations to it. It would be maybe a couple
hundred lines of code. As an added benefit, that subprocess could
verify that the bpf operations in question are reasonable.
Alternatively, if there was a CAP_BPF_ADMIN, systemd could retain that
capability and flip it on and off as needed.
> Container management daemon runs in the nested containers.
> These trusted daemons need to have access to full bpf, but they
> don't want to be root all the time.
> They cannot flip back and forth via seteuid to root every time they
> need to do bpf.
> Hence the idea is to have a file that this daemon can open,
> then drop privileges and still keep doing bpf things because FD is held.
> Outer container daemon can pass this /dev/bpf's FD to inner daemon, etc.
> This /dev/bpf would be accessible to root only.
> There is no desire to open it up to non-root.
This seems extremely dangerous right now. A program that can bypass
*all* of the capable() checks in bpf() can do a whole lot. Among
other things, it can read all of kernel memory. It can very likely
gain full system root by appropriate installation of malicious
programs in a cgroup that contains fully privileged programs. In this
regard, bpf() is like most of the Linux capabilities -- it seems
somewhat limited, but it really implies a lot of privilege. There was
a little paper awhile back pointing out that, on a normal system, most
of the Linux capabilities were functionally equivalent.
>
> It seems there is concern that /dev/bpf is unnecessary special.
> How about we combine bpffs and /dev/bpf ideas?
> Like we can have a special file name in bpffs.
> The root would do 'touch /sys/fs/bpf/privileges' and it would behave
> just like /dev/bpf, but now it can be in any bpffs directory and acls
> to bpffs mount would work as-is.
This seems to have most of the same problems. My main point is that
it conflates a whole lot of different permissions, and I really don't
think it's that much work to mostly disentangle the permissions in
question. My little series (if completed) plus a patch to allow
unprivileged cgroup attach operations if you have an FMODE_WRITE fd to
an appropriate file should get most of the way there.
Also, be careful about your bpffs idea: bpffs is (sort of) namespaced,
and it would make sense to allow new bpf instances to be created
inside unprivileged user namespaces. Such instances should not be
able to create magical privilege-granting files. In that respect,
/dev/bpf is better.
>
> CAP_BPF is also good idea. I think for the enviroment where untrusted
> and unprivileged users want to run 'bpftrace' that would be perfect mechanism.
> getcap /bin/bpftrace would have cap_bpf, cap_kprobe and whatever else.
> Sort of like /bin/ping.
> But I don't see how cap_bpf helps to solve our trusted root daemon problem.
> imo open ("/sys/fs/bpf/privileges") and pass that FD into bpf syscall
> is the only viable mechanism.
>
As above, I think that forking before dropping privileges and asking
the child to do the bpf() operations is safer and more flexible.
> Note the verifier does very different amount of work for unpriv vs root.
> It does speculative execution analysis, pointer leak checks for unpriv.
> So we gotta pass special flag to the verifier to make it act like it's
> loading a program for root.
>
Indeed. And programs in untrusted containers should not be able to do this.
^ permalink raw reply
* Re: [PATCH net 1/2] net/tls: partially revert fix transition through disconnect with close
From: John Fastabend @ 2019-08-05 21:22 UTC (permalink / raw)
To: David Miller, jakub.kicinski
Cc: netdev, oss-drivers, edumazet, davejwatson, borisp, aviadye,
john.fastabend, daniel
In-Reply-To: <20190805.131552.1289253403274923799.davem@davemloft.net>
David Miller wrote:
> From: Jakub Kicinski <jakub.kicinski@netronome.com>
> Date: Thu, 1 Aug 2019 14:36:01 -0700
>
> > Looks like we were slightly overzealous with the shutdown()
> > cleanup. Even though the sock->sk_state can reach CLOSED again,
> > socket->state will not got back to SS_UNCONNECTED once
> > connections is ESTABLISHED. Meaning we will see EISCONN if
> > we try to reconnect, and EINVAL if we try to listen.
> >
> > Only listen sockets can be shutdown() and reused, but since
> > ESTABLISHED sockets can never be re-connected() or used for
> > listen() we don't need to try to clean up the ULP state early.
> >
> > Fixes: 32857cf57f92 ("net/tls: fix transition through disconnect with close")
> > Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>
> Applied and queued up for -stable.
Bit late but, I went back and ran some of the syzbot tests that
were failing before original series and most of my ktls+bpf tests
and everything seems in good shape now. There is still one issue
with crypto stack that I'll look at fixing now. Thanks.
Acked-by: John Fastabend <john.fastabend@gmail.com>
Tested-by: John Fastabend <john.fastabend@gmail.com>
^ permalink raw reply
* Re: [PATCH 03/16] net: phy: adin: add support for interrupts
From: Heiner Kallweit @ 2019-08-05 21:02 UTC (permalink / raw)
To: Alexandru Ardelean, netdev, devicetree, linux-kernel
Cc: davem, robh+dt, mark.rutland, f.fainelli, andrew
In-Reply-To: <20190805165453.3989-4-alexandru.ardelean@analog.com>
On 05.08.2019 18:54, Alexandru Ardelean wrote:
> This change adds support for enabling PHY interrupts that can be used by
> the PHY framework to get signal for link/speed/auto-negotiation changes.
>
> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
> ---
> drivers/net/phy/adin.c | 44 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 44 insertions(+)
>
> diff --git a/drivers/net/phy/adin.c b/drivers/net/phy/adin.c
> index c100a0dd95cd..b75c723bda79 100644
> --- a/drivers/net/phy/adin.c
> +++ b/drivers/net/phy/adin.c
> @@ -14,6 +14,22 @@
> #define PHY_ID_ADIN1200 0x0283bc20
> #define PHY_ID_ADIN1300 0x0283bc30
>
> +#define ADIN1300_INT_MASK_REG 0x0018
> +#define ADIN1300_INT_MDIO_SYNC_EN BIT(9)
> +#define ADIN1300_INT_ANEG_STAT_CHNG_EN BIT(8)
> +#define ADIN1300_INT_ANEG_PAGE_RX_EN BIT(6)
> +#define ADIN1300_INT_IDLE_ERR_CNT_EN BIT(5)
> +#define ADIN1300_INT_MAC_FIFO_OU_EN BIT(4)
> +#define ADIN1300_INT_RX_STAT_CHNG_EN BIT(3)
> +#define ADIN1300_INT_LINK_STAT_CHNG_EN BIT(2)
> +#define ADIN1300_INT_SPEED_CHNG_EN BIT(1)
> +#define ADIN1300_INT_HW_IRQ_EN BIT(0)
> +#define ADIN1300_INT_MASK_EN \
> + (ADIN1300_INT_ANEG_STAT_CHNG_EN | ADIN1300_INT_ANEG_PAGE_RX_EN | \
> + ADIN1300_INT_LINK_STAT_CHNG_EN | ADIN1300_INT_SPEED_CHNG_EN | \
> + ADIN1300_INT_HW_IRQ_EN)
> +#define ADIN1300_INT_STATUS_REG 0x0019
> +
> static int adin_config_init(struct phy_device *phydev)
> {
> int rc;
> @@ -25,15 +41,40 @@ static int adin_config_init(struct phy_device *phydev)
> return 0;
> }
>
> +static int adin_phy_ack_intr(struct phy_device *phydev)
> +{
> + int ret;
> +
> + /* Clear pending interrupts. */
> + ret = phy_read(phydev, ADIN1300_INT_STATUS_REG);
> + if (ret < 0)
> + return ret;
> +
> + return 0;
> +}
> +
> +static int adin_phy_config_intr(struct phy_device *phydev)
> +{
> + if (phydev->interrupts == PHY_INTERRUPT_ENABLED)
> + return phy_set_bits(phydev, ADIN1300_INT_MASK_REG,
> + ADIN1300_INT_MASK_EN);
> +
> + return phy_clear_bits(phydev, ADIN1300_INT_MASK_REG,
> + ADIN1300_INT_MASK_EN);
> +}
> +
> static struct phy_driver adin_driver[] = {
> {
> .phy_id = PHY_ID_ADIN1200,
> .name = "ADIN1200",
> .phy_id_mask = 0xfffffff0,
> .features = PHY_BASIC_FEATURES,
> + .flags = PHY_HAS_INTERRUPT,
This flag doesn't exist any longer. This indicates that you
develop against an older kernel version. Please develop
against net-next. Check up-to-date drivers like the one
for Realtek PHY's for hints.
> .config_init = adin_config_init,
> .config_aneg = genphy_config_aneg,
> .read_status = genphy_read_status,
> + .ack_interrupt = adin_phy_ack_intr,
> + .config_intr = adin_phy_config_intr,
> .resume = genphy_resume,
> .suspend = genphy_suspend,
> },
> @@ -42,9 +83,12 @@ static struct phy_driver adin_driver[] = {
> .name = "ADIN1300",
> .phy_id_mask = 0xfffffff0,
> .features = PHY_GBIT_FEATURES,
> + .flags = PHY_HAS_INTERRUPT,
> .config_init = adin_config_init,
> .config_aneg = genphy_config_aneg,
> .read_status = genphy_read_status,
> + .ack_interrupt = adin_phy_ack_intr,
> + .config_intr = adin_phy_config_intr,
> .resume = genphy_resume,
> .suspend = genphy_suspend,
> },
>
^ permalink raw reply
* Re: [PATCH net-next] selftests: Add l2tp tests
From: David Ahern @ 2019-08-05 20:55 UTC (permalink / raw)
To: David Miller, dsahern; +Cc: netdev
In-Reply-To: <20190805.132042.1186329327655280064.davem@davemloft.net>
On 8/5/19 2:20 PM, David Miller wrote:
> From: David Ahern <dsahern@kernel.org>
> Date: Thu, 1 Aug 2019 16:54:21 -0700
>
>> From: David Ahern <dsahern@gmail.com>
>>
>> Add IPv4 and IPv6 l2tp tests. Current set is over IP and with
>> IPsec.
>>
>> Signed-off-by: David Ahern <dsahern@gmail.com>
>> ---
>> The ipsec tests expose a netdev refcount leak that I have not had
>> time to track down, but the tests themselves are good.
>
> Don't you need to add this to the Makefile too?
>
interesting. I don't run tests via the Makefile, so I missed that for a
few others as well. Will send a v2 and an update for others.
^ permalink raw reply
* Re: [PATCH net] mvpp2: fix panic on module removal
From: David Miller @ 2019-08-05 20:54 UTC (permalink / raw)
To: mcroce
Cc: netdev, miquel.raynal, linux-kernel, lorenzo, antoine.tenart,
maxime.chevallier
In-Reply-To: <CAGnkfhxRV=2G6Sxf_nZQekeXLsf64QkKqfN-9pN_Mi6Y+=nXRA@mail.gmail.com>
From: Matteo Croce <mcroce@redhat.com>
Date: Mon, 5 Aug 2019 20:17:39 +0200
> On Mon, Aug 5, 2019 at 7:58 PM David Miller <davem@davemloft.net> wrote:
>>
>> From: Matteo Croce <mcroce@redhat.com>
>> Date: Wed, 31 Jul 2019 20:31:16 +0200
>>
>> > mvpp2 uses a delayed workqueue to gather traffic statistics.
>> > On module removal the workqueue can be destroyed before calling
>> > cancel_delayed_work_sync() on its works.
>> > Fix it by moving the destroy_workqueue() call after mvpp2_port_remove().
>>
>> Please post a new version with the flush_workqueue() removed.
>
> Hi,
>
> I thought that it was already merged:
>
> https://lore.kernel.org/netdev/20190801121330.30823-1-mcroce@redhat.com/
>
> Let me know if it's ok already.
Oops, my bad. :-)
^ permalink raw reply
* Re: [PATCH 01/16] net: phy: adin: add support for Analog Devices PHYs
From: Heiner Kallweit @ 2019-08-05 20:54 UTC (permalink / raw)
To: Alexandru Ardelean, netdev, devicetree, linux-kernel
Cc: davem, robh+dt, mark.rutland, f.fainelli, andrew
In-Reply-To: <20190805165453.3989-2-alexandru.ardelean@analog.com>
On 05.08.2019 18:54, Alexandru Ardelean wrote:
> This change adds support for Analog Devices Industrial Ethernet PHYs.
> Particularly the PHYs this driver adds support for:
> * ADIN1200 - Robust, Industrial, Low Power 10/100 Ethernet PHY
> * ADIN1300 - Robust, Industrial, Low Latency 10/100/1000 Gigabit
> Ethernet PHY
>
> The 2 chips are pin & register compatible with one another. The main
> difference being that ADIN1200 doesn't operate in gigabit mode.
>
> The chips can be operated by the Generic PHY driver as well via the
> standard IEEE PHY registers (0x0000 - 0x000F) which are supported by the
> kernel as well. This assumes that configuration of the PHY has been done
> required.
>
> Configuration can also be done via registers, which will be implemented by
> the driver in the next changes.
>
> Datasheets:
> https://www.analog.com/media/en/technical-documentation/data-sheets/ADIN1300.pdf
> https://www.analog.com/media/en/technical-documentation/data-sheets/ADIN1200.pdf
>
> Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
> ---
> MAINTAINERS | 7 +++++
> drivers/net/phy/Kconfig | 9 ++++++
> drivers/net/phy/Makefile | 1 +
> drivers/net/phy/adin.c | 59 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 76 insertions(+)
> create mode 100644 drivers/net/phy/adin.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index ee663e0e2f2e..faf5723610c8 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -938,6 +938,13 @@ S: Supported
> F: drivers/mux/adgs1408.c
> F: Documentation/devicetree/bindings/mux/adi,adgs1408.txt
>
> +ANALOG DEVICES INC ADIN DRIVER
> +M: Alexandru Ardelean <alexaundru.ardelean@analog.com>
> +L: netdev@vger.kernel.org
> +W: http://ez.analog.com/community/linux-device-drivers
> +S: Supported
> +F: drivers/net/phy/adin.c
> +
> ANALOG DEVICES INC ADIS DRIVER LIBRARY
> M: Alexandru Ardelean <alexandru.ardelean@analog.com>
> S: Supported
> diff --git a/drivers/net/phy/Kconfig b/drivers/net/phy/Kconfig
> index 206d8650ee7f..5966d3413676 100644
> --- a/drivers/net/phy/Kconfig
> +++ b/drivers/net/phy/Kconfig
> @@ -257,6 +257,15 @@ config SFP
> depends on HWMON || HWMON=n
> select MDIO_I2C
>
> +config ADIN_PHY
> + tristate "Analog Devices Industrial Ethernet PHYs"
> + help
> + Adds support for the Analog Devices Industrial Ethernet PHYs.
> + Currently supports the:
> + - ADIN1200 - Robust,Industrial, Low Power 10/100 Ethernet PHY
> + - ADIN1300 - Robust,Industrial, Low Latency 10/100/1000 Gigabit
> + Ethernet PHY
> +
> config AMD_PHY
> tristate "AMD PHYs"
> ---help---
> diff --git a/drivers/net/phy/Makefile b/drivers/net/phy/Makefile
> index ba07c27e4208..a03437e091f3 100644
> --- a/drivers/net/phy/Makefile
> +++ b/drivers/net/phy/Makefile
> @@ -47,6 +47,7 @@ obj-$(CONFIG_SFP) += sfp.o
> sfp-obj-$(CONFIG_SFP) += sfp-bus.o
> obj-y += $(sfp-obj-y) $(sfp-obj-m)
>
> +obj-$(CONFIG_ADIN_PHY) += adin.o
> obj-$(CONFIG_AMD_PHY) += amd.o
> aquantia-objs += aquantia_main.o
> ifdef CONFIG_HWMON
> diff --git a/drivers/net/phy/adin.c b/drivers/net/phy/adin.c
> new file mode 100644
> index 000000000000..6a610d4563c3
> --- /dev/null
> +++ b/drivers/net/phy/adin.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/**
> + * Driver for Analog Devices Industrial Ethernet PHYs
> + *
> + * Copyright 2019 Analog Devices Inc.
> + */
> +#include <linux/kernel.h>
> +#include <linux/errno.h>
> +#include <linux/init.h>
> +#include <linux/module.h>
> +#include <linux/mii.h>
> +#include <linux/phy.h>
> +
> +#define PHY_ID_ADIN1200 0x0283bc20
> +#define PHY_ID_ADIN1300 0x0283bc30
> +
> +static int adin_config_init(struct phy_device *phydev)
> +{
> + int rc;
> +
> + rc = genphy_config_init(phydev);
> + if (rc < 0)
> + return rc;
> +
> + return 0;
> +}
> +
> +static struct phy_driver adin_driver[] = {
> + {
> + .phy_id = PHY_ID_ADIN1200,
You could use PHY_ID_MATCH_MODEL here.
> + .name = "ADIN1200",
> + .phy_id_mask = 0xfffffff0,
> + .features = PHY_BASIC_FEATURES,
Setting features is deprecated, instead the get_features callback
should be implemented if the default genphy_read_abilities needs
to be extended / replaced. You say that the PHY's work with the
genphy driver, so I suppose the default feature detection is ok
in your case. Then you could simply remove setting "features".
> + .config_init = adin_config_init,
> + .config_aneg = genphy_config_aneg,
> + .read_status = genphy_read_status,
> + },
> + {
> + .phy_id = PHY_ID_ADIN1300,
> + .name = "ADIN1300",
> + .phy_id_mask = 0xfffffff0,
> + .features = PHY_GBIT_FEATURES,
> + .config_init = adin_config_init,
> + .config_aneg = genphy_config_aneg,
> + .read_status = genphy_read_status,
> + },
> +};
> +
> +module_phy_driver(adin_driver);
> +
> +static struct mdio_device_id __maybe_unused adin_tbl[] = {
> + { PHY_ID_ADIN1200, 0xfffffff0 },
> + { PHY_ID_ADIN1300, 0xfffffff0 },
PHY_ID_MATCH_MODEL could be used here too.
> + { }
> +};
> +
> +MODULE_DEVICE_TABLE(mdio, adin_tbl);
> +MODULE_DESCRIPTION("Analog Devices Industrial Ethernet PHY driver");
> +MODULE_LICENSE("GPL");
>
^ permalink raw reply
* Re: [PATCH bpf-next 1/2] selftests/bpf: add loop test 4
From: Alexei Starovoitov @ 2019-08-05 20:53 UTC (permalink / raw)
To: Yonghong Song, Andrii Nakryiko, Alexei Starovoitov
Cc: David S. Miller, Daniel Borkmann, Networking, bpf, Kernel Team
In-Reply-To: <db0340a8-a4d7-f652-729d-9edd22a87310@fb.com>
On 8/5/19 1:04 PM, Yonghong Song wrote:
>
>
> On 8/5/19 12:45 PM, Andrii Nakryiko wrote:
>> On Sat, Aug 3, 2019 at 8:19 PM Alexei Starovoitov <ast@kernel.org> wrote:
>>>
>>> Add a test that returns a 'random' number between [0, 2^20)
>>> If state pruning is not working correctly for loop body the number of
>>> processed insns will be 2^20 * num_of_insns_in_loop_body and the program
>>> will be rejected.
>>>
>>> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
>>> ---
>>> .../bpf/prog_tests/bpf_verif_scale.c | 1 +
>>> tools/testing/selftests/bpf/progs/loop4.c | 23 +++++++++++++++++++
>>> 2 files changed, 24 insertions(+)
>>> create mode 100644 tools/testing/selftests/bpf/progs/loop4.c
>>>
>>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>>> index b4be96162ff4..757e39540eda 100644
>>> --- a/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c
>>> @@ -71,6 +71,7 @@ void test_bpf_verif_scale(void)
>>>
>>> { "loop1.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>> { "loop2.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>> + { "loop4.o", BPF_PROG_TYPE_RAW_TRACEPOINT },
>>>
>>> /* partial unroll. 19k insn in a loop.
>>> * Total program size 20.8k insn.
>>> diff --git a/tools/testing/selftests/bpf/progs/loop4.c b/tools/testing/selftests/bpf/progs/loop4.c
>>> new file mode 100644
>>> index 000000000000..3e7ee14fddbd
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/progs/loop4.c
>>> @@ -0,0 +1,23 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +// Copyright (c) 2019 Facebook
>>> +#include <linux/sched.h>
>>> +#include <linux/ptrace.h>
>>> +#include <stdint.h>
>>> +#include <stddef.h>
>>> +#include <stdbool.h>
>>> +#include <linux/bpf.h>
>>> +#include "bpf_helpers.h"
>>> +
>>> +char _license[] SEC("license") = "GPL";
>>> +
>>> +SEC("socket")
>>> +int combinations(volatile struct __sk_buff* skb)
>>> +{
>>> + int ret = 0, i;
>>> +
>>> +#pragma nounroll
>>> + for (i = 0; i < 20; i++)
>>> + if (skb->len)
>>> + ret |= 1 << i;
>>
>> So I think the idea is that because verifier shouldn't know whether
>> skb->len is zero or not, then you have two outcomes on every iteration
>> leading to 2^20 states, right?
>>
>> But I'm afraid that verifier can eventually be smart enough (if it's
>> not already, btw), to figure out that ret can be either 0 or ((1 <<
>> 21) - 1), actually. If skb->len is put into separate register, then
>> that register's bounds will be established on first loop iteration as
>> either == 0 on one branch or (0, inf) on another branch, after which
>> all subsequent iterations will not branch at all (one or the other
>> branch will be always taken).
>>
>> It's also possible that LLVM/Clang is smart enough already to figure
>> this out on its own and optimize loop into.
>>
>>
>> if (skb->len) {
>> for (i = 0; i < 20; i++)
>> ret |= 1 << i;
>> }
>
> We have
> volatile struct __sk_buff* skb
>
> So from the source code, skb->len could be different for each
> iteration. The compiler cannot do the above optimization.
yep.
Without volatile llvm optimizes it even more than Andrii predicted :)
>>
>>
>> So two complains:
>>
>> 1. Let's obfuscate this a bit more, e.g., with testing (skb->len &
>> (1<<i)) instead, so that result really depends on actual length of the
>> packet.
>> 2. Is it possible to somehow turn off this precision tracking (e.g.,
>> running not under root, maybe?) and see that this same program fails
>> in that case? That way we'll know test actually validates what we
>> think it validates.
that's on my todo list already.
To do proper unit tests for all this stuff there should be a way
to turn off not only precision, but heuristics too.
All magic numbers in is_state_visited() need to be switchable.
I'm still thinking on the way to expose it to tests infra.
^ permalink raw reply
* Re: [PATCH net-next v2] openvswitch: Print error when ovs_execute_actions() fails
From: Pravin Shelar @ 2019-08-05 20:50 UTC (permalink / raw)
To: Yifeng Sun; +Cc: Linux Kernel Network Developers, Greg Rose
In-Reply-To: <1564973771-22542-1-git-send-email-pkusunyifeng@gmail.com>
On Sun, Aug 4, 2019 at 7:56 PM Yifeng Sun <pkusunyifeng@gmail.com> wrote:
>
> Currently in function ovs_dp_process_packet(), return values of
> ovs_execute_actions() are silently discarded. This patch prints out
> an debug message when error happens so as to provide helpful hints
> for debugging.
> ---
> v1->v2: Fixed according to Pravin's review.
>
Looks good.
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Thanks,
Pravin.
^ permalink raw reply
* Re: [PATCH net-next v3] net: phy: broadcom: add 1000Base-X support for BCM54616S
From: Heiner Kallweit @ 2019-08-05 20:45 UTC (permalink / raw)
To: Vladimir Oltean
Cc: Andrew Lunn, Tao Ren, Florian Fainelli, David S . Miller,
Arun Parameswaran, Justin Chen, netdev, lkml,
openbmc@lists.ozlabs.org
In-Reply-To: <CA+h21hov3WzqYSUcxOnH0DOMO2dYdh_Q30Q_GQJpxa4nFM7MsQ@mail.gmail.com>
On 04.08.2019 21:22, Vladimir Oltean wrote:
> On Sun, 4 Aug 2019 at 19:07, Heiner Kallweit <hkallweit1@gmail.com> wrote:
>>
>> On 04.08.2019 17:59, Vladimir Oltean wrote:
>>> On Sun, 4 Aug 2019 at 17:52, Andrew Lunn <andrew@lunn.ch> wrote:
>>>>
>>>>>> The patchset looks better now. But is it ok, I wonder, to keep
>>>>>> PHY_BCM_FLAGS_MODE_1000BX in phydev->dev_flags, considering that
>>>>>> phy_attach_direct is overwriting it?
>>>>>
>>>>
>>>>> I checked ftgmac100 driver (used on my machine) and it calls
>>>>> phy_connect_direct which passes phydev->dev_flags when calling
>>>>> phy_attach_direct: that explains why the flag is not cleared in my
>>>>> case.
>>>>
>>>> Yes, that is the way it is intended to be used. The MAC driver can
>>>> pass flags to the PHY. It is a fragile API, since the MAC needs to
>>>> know what PHY is being used, since the flags are driver specific.
>>>>
>>>> One option would be to modify the assignment in phy_attach_direct() to
>>>> OR in the flags passed to it with flags which are already in
>>>> phydev->dev_flags.
>>>>
>>>> Andrew
>>>
>>> Even if that were the case (patching phy_attach_direct to apply a
>>> logical-or to dev_flags), it sounds fishy to me that the genphy code
>>> is unable to determine that this PHY is running in 1000Base-X mode.
>>>
>>> In my opinion it all boils down to this warning:
>>>
>>> "PHY advertising (0,00000200,000062c0) more modes than genphy
>>> supports, some modes not advertised".
>>>
>> The genphy code deals with Clause 22 + Gigabit BaseT only.
>> Question is whether you want aneg at all in 1000Base-X mode and
>> what you want the config_aneg callback to do.
>> There may be some inspiration in the Marvel PHY drivers.
>>
>
> AN for 1000Base-X still gives you duplex and pause frame settings. I
> thought the base page format for exchanging that info is standardized
> in clause 37.
> Does genphy cover only copper media by design, or is it desirable to
> augment genphy_read_status?
>
So far we care about copper only in phylib. Some constants needed for
Clause 37 support are defined, but used by few drivers only.
ADVERTISE_1000XHALF
ADVERTISE_1000XFULL
ADVERTISE_1000XPAUSE
ADVERTISE_1000XPSE_ASYM
I think it would make sense to have something like genphy_c37_config_aneg.
Similar for read_status.
>>> You see, the 0x200 in the above advertising mask corresponds exactly
>>> to this definition from ethtool.h:
>>> ETHTOOL_LINK_MODE_1000baseX_Full_BIT = 41,
>>>
>>> But it gets truncated and hence lost.
>>>
>>> Regards,
>>> -Vladimir
>>>
>> Heiner
>
Heiner
^ permalink raw reply
* [PATCH net-next] net: use "nb" for notifier blocks
From: Alexey Dobriyan @ 2019-08-05 20:43 UTC (permalink / raw)
To: davem; +Cc: netdev, netfilter-devel, linux-sctp, bpf
Use more pleasant looking
struct notifier_block *nb,
instead of "this".
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/broadcom/cnic.c | 2 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +-
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 4 ++--
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 4 ++--
drivers/net/ethernet/mellanox/mlx5/core/lag.c | 4 ++--
drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c | 4 ++--
drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +-
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c | 4 ++--
drivers/net/ethernet/sfc/efx.c | 2 +-
drivers/net/ethernet/sfc/falcon/efx.c | 2 +-
drivers/net/hamradio/bpqether.c | 2 +-
drivers/net/hyperv/netvsc_drv.c | 2 +-
drivers/net/macsec.c | 2 +-
drivers/net/netconsole.c | 2 +-
drivers/net/ppp/pppoe.c | 2 +-
drivers/net/wan/hdlc.c | 2 +-
drivers/net/wan/lapbether.c | 2 +-
net/appletalk/aarp.c | 2 +-
net/appletalk/ddp.c | 2 +-
net/atm/br2684.c | 2 +-
net/atm/clip.c | 6 +++---
net/ax25/af_ax25.c | 2 +-
net/batman-adv/hard-interface.c | 2 +-
net/core/failover.c | 2 +-
net/core/fib_rules.c | 2 +-
net/core/rtnetlink.c | 2 +-
net/decnet/af_decnet.c | 2 +-
net/decnet/dn_fib.c | 2 +-
net/ipv4/arp.c | 2 +-
net/ipv4/devinet.c | 2 +-
net/ipv4/fib_frontend.c | 4 ++--
net/ipv4/igmp.c | 2 +-
net/ipv4/ipmr.c | 2 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
net/ipv4/nexthop.c | 2 +-
net/ipv6/addrconf.c | 2 +-
net/ipv6/ip6mr.c | 2 +-
net/ipv6/mcast.c | 2 +-
net/ipv6/ndisc.c | 2 +-
net/ipv6/route.c | 2 +-
net/iucv/af_iucv.c | 2 +-
net/iucv/iucv.c | 2 +-
net/mpls/af_mpls.c | 2 +-
net/ncsi/ncsi-manage.c | 2 +-
net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
net/netfilter/nf_nat_masquerade.c | 6 +++---
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nfnetlink_log.c | 2 +-
net/netfilter/nfnetlink_queue.c | 4 ++--
net/netfilter/nft_chain_filter.c | 2 +-
net/netfilter/nft_flow_offload.c | 2 +-
net/netfilter/xt_TEE.c | 2 +-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netrom/af_netrom.c | 2 +-
net/nfc/netlink.c | 2 +-
net/packet/af_packet.c | 2 +-
net/rose/af_rose.c | 2 +-
net/sctp/ipv6.c | 2 +-
net/sctp/protocol.c | 2 +-
net/smc/smc_pnet.c | 2 +-
net/tls/tls_device.c | 2 +-
net/x25/af_x25.c | 12 ++++++------
net/xdp/xsk.c | 2 +-
net/xfrm/xfrm_device.c | 2 +-
66 files changed, 82 insertions(+), 82 deletions(-)
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3202,7 +3202,7 @@ static int bond_slave_netdev_event(unsigned long event,
* locks for us to safely manipulate the slave devices (RTNL lock,
* dev_probe_lock).
*/
-static int bond_netdev_event(struct notifier_block *this,
+static int bond_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/broadcom/cnic.c
+++ b/drivers/net/ethernet/broadcom/cnic.c
@@ -5672,7 +5672,7 @@ static void cnic_rcv_netevent(struct cnic_local *cp, unsigned long event,
}
/* netdev event handler */
-static int cnic_netdev_event(struct notifier_block *this, unsigned long event,
+static int cnic_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -2273,7 +2273,7 @@ static void notify_ulds(struct adapter *adap, enum cxgb4_state new_state)
}
#if IS_ENABLED(CONFIG_IPV6)
-static int cxgb4_inet6addr_handler(struct notifier_block *this,
+static int cxgb4_inet6addr_handler(struct notifier_block *nb,
unsigned long event, void *data)
{
struct inet6_ifaddr *ifa = data;
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -3020,7 +3020,7 @@ static int mlx4_en_queue_bond_work(struct mlx4_en_priv *priv, int is_bonded,
return 0;
}
-int mlx4_en_netdev_event(struct notifier_block *this,
+int mlx4_en_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
@@ -3036,7 +3036,7 @@ int mlx4_en_netdev_event(struct notifier_block *this,
if (!net_eq(dev_net(ndev), &init_net))
return NOTIFY_DONE;
- mdev = container_of(this, struct mlx4_en_dev, nb);
+ mdev = container_of(nb, struct mlx4_en_dev, nb);
dev = mdev->dev;
/* Go into this mode only when two network devices set on two ports
--- a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
+++ b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
@@ -794,7 +794,7 @@ void mlx4_en_update_pfc_stats_bitmap(struct mlx4_dev *dev,
struct mlx4_en_stats_bitmap *stats_bitmap,
u8 rx_ppp, u8 rx_pause,
u8 tx_ppp, u8 tx_pause);
-int mlx4_en_netdev_event(struct notifier_block *this,
+int mlx4_en_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr);
/*
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -3657,7 +3657,7 @@ static void mlx5e_tc_hairpin_update_dead_peer(struct mlx5e_priv *priv,
}
}
-static int mlx5e_tc_netdev_event(struct notifier_block *this,
+static int mlx5e_tc_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
@@ -3671,7 +3671,7 @@ static int mlx5e_tc_netdev_event(struct notifier_block *this,
ndev->reg_state == NETREG_REGISTERED)
return NOTIFY_DONE;
- tc = container_of(this, struct mlx5e_tc_table, netdevice_nb);
+ tc = container_of(nb, struct mlx5e_tc_table, netdevice_nb);
fs = container_of(tc, struct mlx5e_flow_steering, tc);
priv = container_of(fs, struct mlx5e_priv, fs);
peer_priv = netdev_priv(ndev);
--- a/drivers/net/ethernet/mellanox/mlx5/core/lag.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lag.c
@@ -453,7 +453,7 @@ static int mlx5_handle_changelowerstate_event(struct mlx5_lag *ldev,
return 1;
}
-static int mlx5_lag_netdev_event(struct notifier_block *this,
+static int mlx5_lag_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
@@ -467,7 +467,7 @@ static int mlx5_lag_netdev_event(struct notifier_block *this,
if ((event != NETDEV_CHANGEUPPER) && (event != NETDEV_CHANGELOWERSTATE))
return NOTIFY_DONE;
- ldev = container_of(this, struct mlx5_lag, nb);
+ ldev = container_of(nb, struct mlx5_lag, nb);
tracker = ldev->tracker;
switch (event) {
--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
@@ -3344,7 +3344,7 @@ static void netxen_config_master(struct net_device *dev, unsigned long event)
netxen_free_ip_list(adapter, true);
}
-static int netxen_netdev_event(struct notifier_block *this,
+static int netxen_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netxen_adapter *adapter;
@@ -3387,7 +3387,7 @@ static int netxen_netdev_event(struct notifier_block *this,
}
static int
-netxen_inetaddr_event(struct notifier_block *this,
+netxen_inetaddr_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netxen_adapter *adapter;
--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
@@ -228,7 +228,7 @@ static struct qed_eth_cb_ops qede_ll_ops = {
.ports_update = qede_udp_ports_update,
};
-static int qede_netdev_event(struct notifier_block *this, unsigned long event,
+static int qede_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
@@ -4162,7 +4162,7 @@ void qlcnic_restore_indev_addr(struct net_device *netdev, unsigned long event)
rcu_read_unlock();
}
-static int qlcnic_netdev_event(struct notifier_block *this,
+static int qlcnic_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct qlcnic_adapter *adapter;
@@ -4194,7 +4194,7 @@ static int qlcnic_netdev_event(struct notifier_block *this,
}
static int
-qlcnic_inetaddr_event(struct notifier_block *this,
+qlcnic_inetaddr_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct qlcnic_adapter *adapter;
--- a/drivers/net/ethernet/sfc/efx.c
+++ b/drivers/net/ethernet/sfc/efx.c
@@ -2498,7 +2498,7 @@ static void efx_update_name(struct efx_nic *efx)
efx_set_channel_names(efx);
}
-static int efx_netdev_event(struct notifier_block *this,
+static int efx_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *net_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/ethernet/sfc/falcon/efx.c
+++ b/drivers/net/ethernet/sfc/falcon/efx.c
@@ -2237,7 +2237,7 @@ static void ef4_update_name(struct ef4_nic *efx)
ef4_set_channel_names(efx);
}
-static int ef4_netdev_event(struct notifier_block *this,
+static int ef4_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *net_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/hamradio/bpqether.c
+++ b/drivers/net/hamradio/bpqether.c
@@ -524,7 +524,7 @@ static void bpq_free_device(struct net_device *ndev)
/*
* Handle device status changes.
*/
-static int bpq_device_event(struct notifier_block *this,
+static int bpq_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2416,7 +2416,7 @@ static struct hv_driver netvsc_drv = {
* to the guest. When the corresponding VF instance is registered,
* we will take care of switching the data path.
*/
-static int netvsc_netdev_event(struct notifier_block *this,
+static int netvsc_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -3478,7 +3478,7 @@ static bool is_macsec_master(struct net_device *dev)
return rcu_access_pointer(dev->rx_handler) == macsec_handle_frame;
}
-static int macsec_notify(struct notifier_block *this, unsigned long event,
+static int macsec_notify(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *real_dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/netconsole.c
+++ b/drivers/net/netconsole.c
@@ -688,7 +688,7 @@ static struct configfs_subsystem netconsole_subsys = {
#endif /* CONFIG_NETCONSOLE_DYNAMIC */
/* Handle network interface device notifications */
-static int netconsole_netdev_event(struct notifier_block *this,
+static int netconsole_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
unsigned long flags;
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -329,7 +329,7 @@ static void pppoe_flush_dev(struct net_device *dev)
write_unlock_bh(&pn->hash_lock);
}
-static int pppoe_device_event(struct notifier_block *this,
+static int pppoe_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/wan/hdlc.c
+++ b/drivers/net/wan/hdlc.c
@@ -85,7 +85,7 @@ static inline void hdlc_proto_stop(struct net_device *dev)
-static int hdlc_device_event(struct notifier_block *this, unsigned long event,
+static int hdlc_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -359,7 +359,7 @@ static void lapbeth_free_device(struct lapbethdev *lapbeth)
*
* Called from notifier with RTNL held.
*/
-static int lapbeth_device_event(struct notifier_block *this,
+static int lapbeth_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct lapbethdev *lapbeth;
--- a/net/appletalk/aarp.c
+++ b/net/appletalk/aarp.c
@@ -324,7 +324,7 @@ static void aarp_expire_timeout(struct timer_list *unused)
}
/* Network device notifier chain handler. */
-static int aarp_device_event(struct notifier_block *this, unsigned long event,
+static int aarp_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -635,7 +635,7 @@ static inline void atalk_dev_down(struct net_device *dev)
* A device event has occurred. Watch for devices going down and
* delete our use of them (iface and route).
*/
-static int ddp_device_event(struct notifier_block *this, unsigned long event,
+static int ddp_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -144,7 +144,7 @@ static struct net_device *br2684_find_dev(const struct br2684_if_spec *s)
return NULL;
}
-static int atm_dev_event(struct notifier_block *this, unsigned long event,
+static int atm_dev_event(struct notifier_block *nb, unsigned long event,
void *arg)
{
struct atm_dev *atm_dev = arg;
--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -542,7 +542,7 @@ static int clip_create(int number)
return number;
}
-static int clip_device_event(struct notifier_block *this, unsigned long event,
+static int clip_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
@@ -575,7 +575,7 @@ static int clip_device_event(struct notifier_block *this, unsigned long event,
return NOTIFY_DONE;
}
-static int clip_inet_event(struct notifier_block *this, unsigned long event,
+static int clip_inet_event(struct notifier_block *nb, unsigned long event,
void *ifa)
{
struct in_device *in_dev;
@@ -589,7 +589,7 @@ static int clip_inet_event(struct notifier_block *this, unsigned long event,
if (event != NETDEV_UP)
return NOTIFY_DONE;
netdev_notifier_info_init(&info, in_dev->dev);
- return clip_device_event(this, NETDEV_CHANGE, &info);
+ return clip_device_event(nb, NETDEV_CHANGE, &info);
}
static struct notifier_block clip_dev_notifier = {
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -106,7 +106,7 @@ static void ax25_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int ax25_device_event(struct notifier_block *this, unsigned long event,
+static int ax25_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -1015,7 +1015,7 @@ static int batadv_hard_if_event_softif(unsigned long event,
return NOTIFY_DONE;
}
-static int batadv_hard_if_event(struct notifier_block *this,
+static int batadv_hard_if_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *net_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/core/failover.c
+++ b/net/core/failover.c
@@ -183,7 +183,7 @@ static int failover_slave_name_change(struct net_device *slave_dev)
}
static int
-failover_event(struct notifier_block *this, unsigned long event, void *ptr)
+failover_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -1187,7 +1187,7 @@ static void detach_rules(struct list_head *rules, struct net_device *dev)
}
-static int fib_rules_event(struct notifier_block *this, unsigned long event,
+static int fib_rules_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -5253,7 +5253,7 @@ static int rtnetlink_bind(struct net *net, int group)
return 0;
}
-static int rtnetlink_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int rtnetlink_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -2076,7 +2076,7 @@ static int dn_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
return err;
}
-static int dn_device_event(struct notifier_block *this, unsigned long event,
+static int dn_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -672,7 +672,7 @@ static void dn_fib_disable_addr(struct net_device *dev, int force)
neigh_ifdown(&dn_neigh_table, dev);
}
-static int dn_fib_dnaddr_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int dn_fib_dnaddr_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct dn_ifaddr *ifa = (struct dn_ifaddr *)ptr;
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1236,7 +1236,7 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
return err;
}
-static int arp_netdev_event(struct notifier_block *this, unsigned long event,
+static int arp_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1517,7 +1517,7 @@ static void inetdev_send_gratuitous_arp(struct net_device *dev,
/* Called only under RTNL semaphore */
-static int inetdev_event(struct notifier_block *this, unsigned long event,
+static int inetdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1415,7 +1415,7 @@ static void fib_disable_ip(struct net_device *dev, unsigned long event,
arp_ifdown(dev);
}
-static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int fib_inetaddr_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct in_ifaddr *ifa = (struct in_ifaddr *)ptr;
struct net_device *dev = ifa->ifa_dev->dev;
@@ -1446,7 +1446,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
return NOTIFY_DONE;
}
-static int fib_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int fib_netdev_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct netdev_notifier_changeupper_info *upper_info = ptr;
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -3044,7 +3044,7 @@ static struct pernet_operations igmp_net_ops = {
};
#endif
-static int igmp_netdev_event(struct notifier_block *this,
+static int igmp_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1741,7 +1741,7 @@ int ipmr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
}
#endif
-static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int ipmr_device_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct net *net = dev_net(dev);
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -185,7 +185,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
}
static int
-clusterip_netdev_event(struct notifier_block *this, unsigned long event,
+clusterip_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv4/nexthop.c
+++ b/net/ipv4/nexthop.c
@@ -1753,7 +1753,7 @@ static void nexthop_sync_mtu(struct net_device *dev, u32 orig_mtu)
}
/* rtnl */
-static int nh_netdev_event(struct notifier_block *this,
+static int nh_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3473,7 +3473,7 @@ static void addrconf_permanent_addr(struct net *net, struct net_device *dev)
write_unlock_bh(&idev->lock);
}
-static int addrconf_notify(struct notifier_block *this, unsigned long event,
+static int addrconf_notify(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1226,7 +1226,7 @@ static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
return 0;
}
-static int ip6mr_device_event(struct notifier_block *this,
+static int ip6mr_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -2638,7 +2638,7 @@ static void ipv6_mc_rejoin_groups(struct inet6_dev *idev)
mld_send_report(idev, NULL);
}
-static int ipv6_mc_netdev_event(struct notifier_block *this,
+static int ipv6_mc_netdev_event(struct notifier_block *nb,
unsigned long event,
void *ptr)
{
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1771,7 +1771,7 @@ int ndisc_rcv(struct sk_buff *skb)
return 0;
}
-static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int ndisc_netdev_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct netdev_notifier_change_info *change_info;
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5954,7 +5954,7 @@ void fib6_rt_update(struct net *net, struct fib6_info *rt,
rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
}
-static int ip6_route_dev_notify(struct notifier_block *this,
+static int ip6_route_dev_notify(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -2339,7 +2339,7 @@ static void afiucv_hs_callback_txnotify(struct sk_buff *skb,
/*
* afiucv_netdev_event: handle netdev notifier chain events
*/
-static int afiucv_netdev_event(struct notifier_block *this,
+static int afiucv_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -824,7 +824,7 @@ void iucv_unregister(struct iucv_handler *handler, int smp)
}
EXPORT_SYMBOL(iucv_unregister);
-static int iucv_reboot_event(struct notifier_block *this,
+static int iucv_reboot_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
int i;
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c
@@ -1578,7 +1578,7 @@ static void mpls_ifup(struct net_device *dev, unsigned int flags)
}
}
-static int mpls_dev_notify(struct notifier_block *this, unsigned long event,
+static int mpls_dev_notify(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/ncsi/ncsi-manage.c
+++ b/net/ncsi/ncsi-manage.c
@@ -1484,7 +1484,7 @@ int ncsi_process_next_channel(struct ncsi_dev_priv *ndp)
}
#if IS_ENABLED(CONFIG_IPV6)
-static int ncsi_inet6addr_event(struct notifier_block *this,
+static int ncsi_inet6addr_event(struct notifier_block *nb,
unsigned long event, void *data)
{
struct inet6_ifaddr *ifa = data;
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1641,7 +1641,7 @@ ip_vs_forget_dev(struct ip_vs_dest *dest, struct net_device *dev)
/* Netdev event receiver
* Currently only NETDEV_DOWN is handled to release refs to cached dsts
*/
-static int ip_vs_dst_event(struct notifier_block *this, unsigned long event,
+static int ip_vs_dst_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/nf_nat_masquerade.c
+++ b/net/netfilter/nf_nat_masquerade.c
@@ -72,7 +72,7 @@ static int device_cmp(struct nf_conn *i, void *ifindex)
return nat->masq_index == (int)(long)ifindex;
}
-static int masq_device_event(struct notifier_block *this,
+static int masq_device_event(struct notifier_block *nb,
unsigned long event,
void *ptr)
{
@@ -106,7 +106,7 @@ static int inet_cmp(struct nf_conn *ct, void *ptr)
return ifa->ifa_address == tuple->dst.u3.ip;
}
-static int masq_inet_event(struct notifier_block *this,
+static int masq_inet_event(struct notifier_block *nb,
unsigned long event,
void *ptr)
{
@@ -228,7 +228,7 @@ static void iterate_cleanup_work(struct work_struct *work)
* As we can have 'a lot' of inet_events (depending on amount of ipv6
* addresses being deleted), we also need to limit work item queue.
*/
-static int masq_inet6_event(struct notifier_block *this,
+static int masq_inet6_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct inet6_ifaddr *ifa = ptr;
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6154,7 +6154,7 @@ static void nft_flowtable_event(unsigned long event, struct net_device *dev,
}
}
-static int nf_tables_flowtable_event(struct notifier_block *this,
+static int nf_tables_flowtable_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -758,7 +758,7 @@ nfulnl_log_packet(struct net *net,
}
static int
-nfulnl_rcv_nl_event(struct notifier_block *this,
+nfulnl_rcv_nl_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netlink_notify *n = ptr;
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -941,7 +941,7 @@ nfqnl_dev_drop(struct net *net, int ifindex)
}
static int
-nfqnl_rcv_dev_event(struct notifier_block *this,
+nfqnl_rcv_dev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
@@ -971,7 +971,7 @@ static void nfqnl_nf_hook_drop(struct net *net)
}
static int
-nfqnl_rcv_nl_event(struct notifier_block *this,
+nfqnl_rcv_nl_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netlink_notify *n = ptr;
--- a/net/netfilter/nft_chain_filter.c
+++ b/net/netfilter/nft_chain_filter.c
@@ -311,7 +311,7 @@ static void nft_netdev_event(unsigned long event, struct net_device *dev,
}
}
-static int nf_tables_netdev_event(struct notifier_block *this,
+static int nf_tables_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -208,7 +208,7 @@ static struct nft_expr_type nft_flow_offload_type __read_mostly = {
.owner = THIS_MODULE,
};
-static int flow_offload_netdev_event(struct notifier_block *this,
+static int flow_offload_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -57,7 +57,7 @@ tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
}
#endif
-static int tee_netdev_event(struct notifier_block *this, unsigned long event,
+static int tee_netdev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -695,7 +695,7 @@ int netlbl_unlhsh_remove(struct net *net,
* related entries from the unlabeled connection hash table.
*
*/
-static int netlbl_unlhsh_netdev_handler(struct notifier_block *this,
+static int netlbl_unlhsh_netdev_handler(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -112,7 +112,7 @@ static void nr_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int nr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int nr_device_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1811,7 +1811,7 @@ static void nfc_urelease_event_work(struct work_struct *work)
kfree(w);
}
-static int nfc_genl_rcv_nl_event(struct notifier_block *this,
+static int nfc_genl_rcv_nl_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct netlink_notify *n = ptr;
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -4035,7 +4035,7 @@ static int compat_packet_setsockopt(struct socket *sock, int level, int optname,
}
#endif
-static int packet_notifier(struct notifier_block *this,
+static int packet_notifier(struct notifier_block *nb,
unsigned long msg, void *ptr)
{
struct sock *sk;
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -200,7 +200,7 @@ static void rose_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int rose_device_event(struct notifier_block *this,
+static int rose_device_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -71,7 +71,7 @@ static int sctp_v6_cmp_addr(const union sctp_addr *addr1,
* time and thus corrupt the list.
* The reader side is protected with RCU.
*/
-static int sctp_inet6addr_event(struct notifier_block *this, unsigned long ev,
+static int sctp_inet6addr_event(struct notifier_block *nb, unsigned long ev,
void *ptr)
{
struct inet6_ifaddr *ifa = (struct inet6_ifaddr *)ptr;
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -751,7 +751,7 @@ void sctp_addr_wq_mgmt(struct net *net, struct sctp_sockaddr_entry *addr, int cm
* time and thus corrupt the list.
* The reader side is protected with RCU.
*/
-static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
+static int sctp_inetaddr_event(struct notifier_block *nb, unsigned long ev,
void *ptr)
{
struct in_ifaddr *ifa = (struct in_ifaddr *)ptr;
--- a/net/smc/smc_pnet.c
+++ b/net/smc/smc_pnet.c
@@ -651,7 +651,7 @@ static struct genl_family smc_pnet_nl_family __ro_after_init = {
.n_ops = ARRAY_SIZE(smc_pnet_ops)
};
-static int smc_pnet_netdev_event(struct notifier_block *this,
+static int smc_pnet_netdev_event(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1134,7 +1134,7 @@ static int tls_device_down(struct net_device *netdev)
return NOTIFY_DONE;
}
-static int tls_dev_event(struct notifier_block *this, unsigned long event,
+static int tls_dev_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -218,11 +218,11 @@ static void x25_kill_by_device(struct net_device *dev)
/*
* Handle device status changes.
*/
-static int x25_device_event(struct notifier_block *this, unsigned long event,
+static int x25_device_event(struct notifier_block *nb, unsigned long event,
void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
- struct x25_neigh *nb;
+ struct x25_neigh *neigh;
if (!net_eq(dev_net(dev), &init_net))
return NOTIFY_DONE;
@@ -237,10 +237,10 @@ static int x25_device_event(struct notifier_block *this, unsigned long event,
x25_link_device_up(dev);
break;
case NETDEV_GOING_DOWN:
- nb = x25_get_neigh(dev);
- if (nb) {
- x25_terminate_link(nb);
- x25_neigh_put(nb);
+ neigh = x25_get_neigh(dev);
+ if (neigh) {
+ x25_terminate_link(neigh);
+ x25_neigh_put(neigh);
}
break;
case NETDEV_DOWN:
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -747,7 +747,7 @@ static int xsk_mmap(struct file *file, struct socket *sock,
size, vma->vm_page_prot);
}
-static int xsk_notifier(struct notifier_block *this,
+static int xsk_notifier(struct notifier_block *nb,
unsigned long msg, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -378,7 +378,7 @@ static int xfrm_dev_down(struct net_device *dev)
return NOTIFY_DONE;
}
-static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
+static int xfrm_dev_event(struct notifier_block *nb, unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
^ permalink raw reply
* [PATCH net-next] net: delete "register" keyword
From: Alexey Dobriyan @ 2019-08-05 20:34 UTC (permalink / raw)
To: davem; +Cc: netdev, lvs-devel
Delete long obsoleted "register" keyword.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
drivers/net/ethernet/apple/bmac.c | 4 ++--
drivers/net/slip/slhc.c | 30 +++++++++++++++---------------
net/netfilter/ipvs/ip_vs_ctl.c | 4 ++--
net/netfilter/ipvs/ip_vs_lblcr.c | 4 ++--
4 files changed, 21 insertions(+), 21 deletions(-)
--- a/drivers/net/ethernet/apple/bmac.c
+++ b/drivers/net/ethernet/apple/bmac.c
@@ -815,8 +815,8 @@ static int reverse6[64] = {
static unsigned int
crc416(unsigned int curval, unsigned short nxtval)
{
- register unsigned int counter, cur = curval, next = nxtval;
- register int high_crc_set, low_data_set;
+ unsigned int counter, cur = curval, next = nxtval;
+ int high_crc_set, low_data_set;
/* Swap bytes */
next = ((next & 0x00FF) << 8) | (next >> 8);
--- a/drivers/net/slip/slhc.c
+++ b/drivers/net/slip/slhc.c
@@ -91,8 +91,8 @@ static unsigned short pull16(unsigned char **cpp);
struct slcompress *
slhc_init(int rslots, int tslots)
{
- register short i;
- register struct cstate *ts;
+ short i;
+ struct cstate *ts;
struct slcompress *comp;
if (rslots < 0 || rslots > 255 || tslots < 0 || tslots > 255)
@@ -206,7 +206,7 @@ pull16(unsigned char **cpp)
static long
decode(unsigned char **cpp)
{
- register int x;
+ int x;
x = *(*cpp)++;
if(x == 0){
@@ -227,14 +227,14 @@ int
slhc_compress(struct slcompress *comp, unsigned char *icp, int isize,
unsigned char *ocp, unsigned char **cpp, int compress_cid)
{
- register struct cstate *ocs = &(comp->tstate[comp->xmit_oldest]);
- register struct cstate *lcs = ocs;
- register struct cstate *cs = lcs->next;
- register unsigned long deltaS, deltaA;
- register short changes = 0;
+ struct cstate *ocs = &(comp->tstate[comp->xmit_oldest]);
+ struct cstate *lcs = ocs;
+ struct cstate *cs = lcs->next;
+ unsigned long deltaS, deltaA;
+ short changes = 0;
int hlen;
unsigned char new_seq[16];
- register unsigned char *cp = new_seq;
+ unsigned char *cp = new_seq;
struct iphdr *ip;
struct tcphdr *th, *oth;
__sum16 csum;
@@ -486,11 +486,11 @@ slhc_compress(struct slcompress *comp, unsigned char *icp, int isize,
int
slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
{
- register int changes;
+ int changes;
long x;
- register struct tcphdr *thp;
- register struct iphdr *ip;
- register struct cstate *cs;
+ struct tcphdr *thp;
+ struct iphdr *ip;
+ struct cstate *cs;
int len, hdrlen;
unsigned char *cp = icp;
@@ -543,7 +543,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
switch(changes & SPECIALS_MASK){
case SPECIAL_I: /* Echoed terminal traffic */
{
- register short i;
+ short i;
i = ntohs(ip->tot_len) - hdrlen;
thp->ack_seq = htonl( ntohl(thp->ack_seq) + i);
thp->seq = htonl( ntohl(thp->seq) + i);
@@ -637,7 +637,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
int
slhc_remember(struct slcompress *comp, unsigned char *icp, int isize)
{
- register struct cstate *cs;
+ struct cstate *cs;
unsigned ihl;
unsigned char index;
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -262,7 +262,7 @@ static inline unsigned int
ip_vs_svc_hashkey(struct netns_ipvs *ipvs, int af, unsigned int proto,
const union nf_inet_addr *addr, __be16 port)
{
- register unsigned int porth = ntohs(port);
+ unsigned int porth = ntohs(port);
__be32 addr_fold = addr->ip;
__u32 ahash;
@@ -493,7 +493,7 @@ static inline unsigned int ip_vs_rs_hashkey(int af,
const union nf_inet_addr *addr,
__be16 port)
{
- register unsigned int porth = ntohs(port);
+ unsigned int porth = ntohs(port);
__be32 addr_fold = addr->ip;
#ifdef CONFIG_IP_VS_IPV6
--- a/net/netfilter/ipvs/ip_vs_lblcr.c
+++ b/net/netfilter/ipvs/ip_vs_lblcr.c
@@ -160,7 +160,7 @@ static void ip_vs_dest_set_eraseall(struct ip_vs_dest_set *set)
/* get weighted least-connection node in the destination set */
static inline struct ip_vs_dest *ip_vs_dest_set_min(struct ip_vs_dest_set *set)
{
- register struct ip_vs_dest_set_elem *e;
+ struct ip_vs_dest_set_elem *e;
struct ip_vs_dest *dest, *least;
int loh, doh;
@@ -209,7 +209,7 @@ static inline struct ip_vs_dest *ip_vs_dest_set_min(struct ip_vs_dest_set *set)
/* get weighted most-connection node in the destination set */
static inline struct ip_vs_dest *ip_vs_dest_set_max(struct ip_vs_dest_set *set)
{
- register struct ip_vs_dest_set_elem *e;
+ struct ip_vs_dest_set_elem *e;
struct ip_vs_dest *dest, *most;
int moh, doh;
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox