Eric Lee / smarc-fsl-linux-kernel

21 May, 2019

1 commit

  • 457c89965   treewide: Add SPDX license identifier for missed files ... Browse Code »

    Add SPDX license identifiers to all files which:

    - Have no license information of any form

    - Have EXPORT_.*_SYMBOL_GPL inside which was used in the
    initial scan/conversion to ignore the file

    These files fall under the project license, GPL v2 only. The resulting SPDX
    license identifier is:

    GPL-2.0-only

    Signed-off-by: Thomas Gleixner
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

08 Apr, 2018

1 commit

  • 3099a5291   soreuseport: initialise timewait reuseport field ... Browse Code »

    syzbot reported an uninit-value in inet_csk_bind_conflict() [1]

    It turns out we never propagated sk->sk_reuseport into timewait socket.

    [1]
    BUG: KMSAN: uninit-value in inet_csk_bind_conflict+0x5f9/0x990 net/ipv4/inet_connection_sock.c:151
    CPU: 1 PID: 3589 Comm: syzkaller008242 Not tainted 4.16.0+ #82
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
    __dump_stack lib/dump_stack.c:17 [inline]
    dump_stack+0x185/0x1d0 lib/dump_stack.c:53
    kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
    __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
    inet_csk_bind_conflict+0x5f9/0x990 net/ipv4/inet_connection_sock.c:151
    inet_csk_get_port+0x1d28/0x1e40 net/ipv4/inet_connection_sock.c:320
    inet6_bind+0x121c/0x1820 net/ipv6/af_inet6.c:399
    SYSC_bind+0x3f2/0x4b0 net/socket.c:1474
    SyS_bind+0x54/0x80 net/socket.c:1460
    do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
    entry_SYSCALL_64_after_hwframe+0x3d/0xa2
    RIP: 0033:0x4416e9
    RSP: 002b:00007ffce6d15c88 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
    RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 00000000004416e9
    RDX: 000000000000001c RSI: 0000000020402000 RDI: 0000000000000004
    RBP: 0000000000000000 R08: 00000000e6d15e08 R09: 00000000e6d15e08
    R10: 0000000000000004 R11: 0000000000000217 R12: 0000000000009478
    R13: 00000000006cd448 R14: 0000000000000000 R15: 0000000000000000

    Uninit was stored to memory at:
    kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
    kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
    kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
    __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
    tcp_time_wait+0xf17/0xf50 net/ipv4/tcp_minisocks.c:283
    tcp_rcv_state_process+0xebe/0x6490 net/ipv4/tcp_input.c:6003
    tcp_v6_do_rcv+0x11dd/0x1d90 net/ipv6/tcp_ipv6.c:1331
    sk_backlog_rcv include/net/sock.h:908 [inline]
    __release_sock+0x2d6/0x680 net/core/sock.c:2271
    release_sock+0x97/0x2a0 net/core/sock.c:2786
    tcp_close+0x277/0x18f0 net/ipv4/tcp.c:2269
    inet_release+0x240/0x2a0 net/ipv4/af_inet.c:427
    inet6_release+0xaf/0x100 net/ipv6/af_inet6.c:435
    sock_release net/socket.c:595 [inline]
    sock_close+0xe0/0x300 net/socket.c:1149
    __fput+0x49e/0xa10 fs/file_table.c:209
    ____fput+0x37/0x40 fs/file_table.c:243
    task_work_run+0x243/0x2c0 kernel/task_work.c:113
    exit_task_work include/linux/task_work.h:22 [inline]
    do_exit+0x10e1/0x38d0 kernel/exit.c:867
    do_group_exit+0x1a0/0x360 kernel/exit.c:970
    SYSC_exit_group+0x21/0x30 kernel/exit.c:981
    SyS_exit_group+0x25/0x30 kernel/exit.c:979
    do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
    entry_SYSCALL_64_after_hwframe+0x3d/0xa2
    Uninit was stored to memory at:
    kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
    kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
    kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
    __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
    inet_twsk_alloc+0xaef/0xc00 net/ipv4/inet_timewait_sock.c:182
    tcp_time_wait+0xd9/0xf50 net/ipv4/tcp_minisocks.c:258
    tcp_rcv_state_process+0xebe/0x6490 net/ipv4/tcp_input.c:6003
    tcp_v6_do_rcv+0x11dd/0x1d90 net/ipv6/tcp_ipv6.c:1331
    sk_backlog_rcv include/net/sock.h:908 [inline]
    __release_sock+0x2d6/0x680 net/core/sock.c:2271
    release_sock+0x97/0x2a0 net/core/sock.c:2786
    tcp_close+0x277/0x18f0 net/ipv4/tcp.c:2269
    inet_release+0x240/0x2a0 net/ipv4/af_inet.c:427
    inet6_release+0xaf/0x100 net/ipv6/af_inet6.c:435
    sock_release net/socket.c:595 [inline]
    sock_close+0xe0/0x300 net/socket.c:1149
    __fput+0x49e/0xa10 fs/file_table.c:209
    ____fput+0x37/0x40 fs/file_table.c:243
    task_work_run+0x243/0x2c0 kernel/task_work.c:113
    exit_task_work include/linux/task_work.h:22 [inline]
    do_exit+0x10e1/0x38d0 kernel/exit.c:867
    do_group_exit+0x1a0/0x360 kernel/exit.c:970
    SYSC_exit_group+0x21/0x30 kernel/exit.c:981
    SyS_exit_group+0x25/0x30 kernel/exit.c:979
    do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
    entry_SYSCALL_64_after_hwframe+0x3d/0xa2
    Uninit was created at:
    kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
    kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:188
    kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:314
    kmem_cache_alloc+0xaab/0xb90 mm/slub.c:2756
    inet_twsk_alloc+0x13b/0xc00 net/ipv4/inet_timewait_sock.c:163
    tcp_time_wait+0xd9/0xf50 net/ipv4/tcp_minisocks.c:258
    tcp_rcv_state_process+0xebe/0x6490 net/ipv4/tcp_input.c:6003
    tcp_v6_do_rcv+0x11dd/0x1d90 net/ipv6/tcp_ipv6.c:1331
    sk_backlog_rcv include/net/sock.h:908 [inline]
    __release_sock+0x2d6/0x680 net/core/sock.c:2271
    release_sock+0x97/0x2a0 net/core/sock.c:2786
    tcp_close+0x277/0x18f0 net/ipv4/tcp.c:2269
    inet_release+0x240/0x2a0 net/ipv4/af_inet.c:427
    inet6_release+0xaf/0x100 net/ipv6/af_inet6.c:435
    sock_release net/socket.c:595 [inline]
    sock_close+0xe0/0x300 net/socket.c:1149
    __fput+0x49e/0xa10 fs/file_table.c:209
    ____fput+0x37/0x40 fs/file_table.c:243
    task_work_run+0x243/0x2c0 kernel/task_work.c:113
    exit_task_work include/linux/task_work.h:22 [inline]
    do_exit+0x10e1/0x38d0 kernel/exit.c:867
    do_group_exit+0x1a0/0x360 kernel/exit.c:970
    SYSC_exit_group+0x21/0x30 kernel/exit.c:981
    SyS_exit_group+0x25/0x30 kernel/exit.c:979
    do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
    entry_SYSCALL_64_after_hwframe+0x3d/0xa2

    Fixes: da5e36308d9f ("soreuseport: TCP/IPv4 implementation")
    Signed-off-by: Eric Dumazet
    Reported-by: syzbot
    Signed-off-by: David S. Miller

    Eric Dumazet
     

16 Jan, 2018

1 commit

  • 273c28bc5   net: Convert atomic_t net::count to refcount_t ... Browse Code »

    Since net could be obtained from RCU lists,
    and there is a race with net destruction,
    the patch converts net::count to refcount_t.

    This provides sanity checks for the cases of
    incrementing counter of already dead net,
    when maybe_get_net() has to used instead
    of get_net().

    Drivers: allyesconfig and allmodconfig are OK.

    Suggested-by: Eric Dumazet
    Signed-off-by: Kirill Tkhai
    Reviewed-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Kirill Tkhai
     

14 Dec, 2017

1 commit

06 Dec, 2017

1 commit

16 Nov, 2017

2 commits

  • 7c225c69f   Merge branch 'akpm' (patches from Andrew) ... Browse Code »

    Merge updates from Andrew Morton:

    - a few misc bits

    - ocfs2 updates

    - almost all of MM

    * emailed patches from Andrew Morton : (131 commits)
    memory hotplug: fix comments when adding section
    mm: make alloc_node_mem_map a void call if we don't have CONFIG_FLAT_NODE_MEM_MAP
    mm: simplify nodemask printing
    mm,oom_reaper: remove pointless kthread_run() error check
    mm/page_ext.c: check if page_ext is not prepared
    writeback: remove unused function parameter
    mm: do not rely on preempt_count in print_vma_addr
    mm, sparse: do not swamp log with huge vmemmap allocation failures
    mm/hmm: remove redundant variable align_end
    mm/list_lru.c: mark expected switch fall-through
    mm/shmem.c: mark expected switch fall-through
    mm/page_alloc.c: broken deferred calculation
    mm: don't warn about allocations which stall for too long
    fs: fuse: account fuse_inode slab memory as reclaimable
    mm, page_alloc: fix potential false positive in __zone_watermark_ok
    mm: mlock: remove lru_add_drain_all()
    mm, sysctl: make NUMA stats configurable
    shmem: convert shmem_init_inodecache() to void
    Unify migrate_pages and move_pages access checks
    mm, pagevec: rename pagevec drained field
    ...

    Linus Torvalds
     
  • 495027667   kmemcheck: remove annotations ... Browse Code »

    Patch series "kmemcheck: kill kmemcheck", v2.

    As discussed at LSF/MM, kill kmemcheck.

    KASan is a replacement that is able to work without the limitation of
    kmemcheck (single CPU, slow). KASan is already upstream.

    We are also not aware of any users of kmemcheck (or users who don't
    consider KASan as a suitable replacement).

    The only objection was that since KASAN wasn't supported by all GCC
    versions provided by distros at that time we should hold off for 2
    years, and try again.

    Now that 2 years have passed, and all distros provide gcc that supports
    KASAN, kill kmemcheck again for the very same reasons.

    This patch (of 4):

    Remove kmemcheck annotations, and calls to kmemcheck from the kernel.

    [alexander.levin@verizon.com: correctly remove kmemcheck call from dma_map_sg_attrs]
    Link: http://lkml.kernel.org/r/20171012192151.26531-1-alexander.levin@verizon.com
    Link: http://lkml.kernel.org/r/20171007030159.22241-2-alexander.levin@verizon.com
    Signed-off-by: Sasha Levin
    Cc: Alexander Potapenko
    Cc: Eric W. Biederman
    Cc: Michal Hocko
    Cc: Pekka Enberg
    Cc: Steven Rostedt
    Cc: Tim Hansen
    Cc: Vegard Nossum
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Levin, Alexander (Sasha Levin)
     

18 Oct, 2017

1 commit

  • 1ab791dc2   ipv4: timewait: Convert timers to use timer_setup() ... Browse Code »

    In preparation for unconditionally passing the struct timer_list pointer to
    all timer callbacks, switch to using the new timer_setup() and from_timer()
    to pass the timer pointer explicitly.

    Cc: "David S. Miller"
    Cc: Alexey Kuznetsov
    Cc: Hideaki YOSHIFUJI
    Cc: netdev@vger.kernel.org
    Signed-off-by: Kees Cook
    Signed-off-by: David S. Miller

    Kees Cook
     

01 Jul, 2017

1 commit

  • 41c6d650f   net: convert sock.sk_refcnt from atomic_t to refcount_t ... Browse Code »

    refcount_t type and corresponding API should be
    used instead of atomic_t when the variable is used as
    a reference counter. This allows to avoid accidental
    refcounter overflows that might lead to use-after-free
    situations.

    This patch uses refcount_inc_not_zero() instead of
    atomic_inc_not_zero_hint() due to absense of a _hint()
    version of refcount API. If the hint() version must
    be used, we might need to revisit API.

    Signed-off-by: Elena Reshetova
    Signed-off-by: Hans Liljestrand
    Signed-off-by: Kees Cook
    Signed-off-by: David Windsor
    Signed-off-by: David S. Miller

    Reshetova, Elena
     

30 Dec, 2016

1 commit

07 Jul, 2016

1 commit

  • f3438bc78   timers, net/ipv4/inet: Initialize connection request timers as pinned ... Browse Code »

    Pinned timers must carry the pinned attribute in the timer structure
    itself, so convert the code to the new API.

    No functional change.

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Frederic Weisbecker
    Cc: Arjan van de Ven
    Cc: Chris Mason
    Cc: Eric Dumazet
    Cc: George Spelvin
    Cc: Josh Triplett
    Cc: Len Brown
    Cc: Linus Torvalds
    Cc: Paul E. McKenney
    Cc: Peter Zijlstra
    Cc: Rik van Riel
    Cc: rt@linutronix.de
    Link: http://lkml.kernel.org/r/20160704094341.617891430@linutronix.de
    Signed-off-by: Ingo Molnar

    Thomas Gleixner
     

05 May, 2016

1 commit

28 Apr, 2016

1 commit

22 Sep, 2015

1 commit

  • ed2e92394   tcp/dccp: fix timewait races in timer handling ... Browse Code »

    When creating a timewait socket, we need to arm the timer before
    allowing other cpus to find it. The signal allowing cpus to find
    the socket is setting tw_refcnt to non zero value.

    As we set tw_refcnt in __inet_twsk_hashdance(), we therefore need to
    call inet_twsk_schedule() first.

    This also means we need to remove tw_refcnt changes from
    inet_twsk_schedule() and let the caller handle it.

    Note that because we use mod_timer_pinned(), we have the guarantee
    the timer wont expire before we set tw_refcnt as we run in BH context.

    To make things more readable I introduced inet_twsk_reschedule() helper.

    When rearming the timer, we can use mod_timer_pending() to make sure
    we do not rearm a canceled timer.

    Note: This bug can possibly trigger if packets of a flow can hit
    multiple cpus. This does not normally happen, unless flow steering
    is broken somehow. This explains this bug was spotted ~5 months after
    its introduction.

    A similar fix is needed for SYN_RECV sockets in reqsk_queue_hash_req(),
    but will be provided in a separate patch for proper tracking.

    Fixes: 789f558cfb36 ("tcp/dccp: get rid of central timewait timer")
    Signed-off-by: Eric Dumazet
    Reported-by: Ying Cai
    Signed-off-by: David S. Miller

    Eric Dumazet
     

10 Jul, 2015

2 commits

  • dbe7faa40   inet: inet_twsk_deschedule factorization ... Browse Code »

    inet_twsk_deschedule() calls are followed by inet_twsk_put().

    Only particular case is in inet_twsk_purge() but there is no point
    to defer the inet_twsk_put() after re-enabling BH.

    Lets rename inet_twsk_deschedule() to inet_twsk_deschedule_put()
    and move the inet_twsk_put() inside.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     
  • fc01538f9   inet: simplify timewait refcounting ... Browse Code »

    timewait sockets have a complex refcounting logic.
    Once we realize it should be similar to established and
    syn_recv sockets, we can use sk_nulls_del_node_init_rcu()
    and remove inet_twsk_unhash()

    In particular, deferred inet_twsk_put() added in commit
    13475a30b66cd ("tcp: connect() race with timewait reuse")
    looks unecessary : When removing a timewait socket from
    ehash or bhash, caller must own a reference on the socket
    anyway.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

14 May, 2015

1 commit

14 Apr, 2015

1 commit

  • 789f558cf   tcp/dccp: get rid of central timewait timer ... Browse Code »

    Using a timer wheel for timewait sockets was nice ~15 years ago when
    memory was expensive and machines had a single processor.

    This does not scale, code is ugly and source of huge latencies
    (Typically 30 ms have been seen, cpus spinning on death_lock spinlock.)

    We can afford to use an extra 64 bytes per timewait sock and spread
    timewait load to all cpus to have better behavior.

    Tested:

    On following test, /proc/sys/net/ipv4/tcp_tw_recycle is set to 1
    on the target (lpaa24)

    Before patch :

    lpaa23:~# ./super_netperf 200 -H lpaa24 -t TCP_CC -l 60 -- -p0,0
    419594

    lpaa23:~# ./super_netperf 200 -H lpaa24 -t TCP_CC -l 60 -- -p0,0
    437171

    While test is running, we can observe 25 or even 33 ms latencies.

    lpaa24:~# ping -c 1000 -i 0.02 -qn lpaa23
    ...
    1000 packets transmitted, 1000 received, 0% packet loss, time 20601ms
    rtt min/avg/max/mdev = 0.020/0.217/25.771/1.535 ms, pipe 2

    lpaa24:~# ping -c 1000 -i 0.02 -qn lpaa23
    ...
    1000 packets transmitted, 1000 received, 0% packet loss, time 20702ms
    rtt min/avg/max/mdev = 0.019/0.183/33.761/1.441 ms, pipe 2

    After patch :

    About 90% increase of throughput :

    lpaa23:~# ./super_netperf 200 -H lpaa24 -t TCP_CC -l 60 -- -p0,0
    810442

    lpaa23:~# ./super_netperf 200 -H lpaa24 -t TCP_CC -l 60 -- -p0,0
    800992

    And latencies are kept to minimal values during this load, even
    if network utilization is 90% higher :

    lpaa24:~# ping -c 1000 -i 0.02 -qn lpaa23
    ...
    1000 packets transmitted, 1000 received, 0% packet loss, time 19991ms
    rtt min/avg/max/mdev = 0.023/0.064/0.360/0.042 ms

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

04 Apr, 2015

1 commit

  • 00db41243   ipv4: coding style: comparison for inequality with NULL ... Browse Code »

    The ipv4 code uses a mixture of coding styles. In some instances check
    for non-NULL pointer is done as x != NULL and sometimes as x. x is
    preferred according to checkpatch and this patch makes the code
    consistent by adopting the latter form.

    No changes detected by objdiff.

    Signed-off-by: Ian Morris
    Signed-off-by: David S. Miller

    Ian Morris
     

19 Mar, 2015

1 commit

13 Mar, 2015

1 commit

  • efd7ef1c1   net: Kill hold_net release_net ... Browse Code »

    hold_net and release_net were an idea that turned out to be useless.
    The code has been disabled since 2008. Kill the code it is long past due.

    Signed-off-by: "Eric W. Biederman"
    Acked-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

12 Mar, 2015

1 commit

  • 33cf7c90f   net: add real socket cookies ... Browse Code »

    A long standing problem in netlink socket dumps is the use
    of kernel socket addresses as cookies.

    1) It is a security concern.

    2) Sockets can be reused quite quickly, so there is
    no guarantee a cookie is used once and identify
    a flow.

    3) request sock, establish sock, and timewait socks
    for a given flow have different cookies.

    Part of our effort to bring better TCP statistics requires
    to switch to a different allocator.

    In this patch, I chose to use a per network namespace 64bit generator,
    and to use it only in the case a socket needs to be dumped to netlink.
    (This might be refined later if needed)

    Note that I tried to carry cookies from request sock, to establish sock,
    then timewait sockets.

    Signed-off-by: Eric Dumazet
    Cc: Eric Salo
    Signed-off-by: David S. Miller

    Eric Dumazet
     

09 Oct, 2013

1 commit

  • 05dbc7b59   tcp/dccp: remove twchain ... Browse Code »

    TCP listener refactoring, part 3 :

    Our goal is to hash SYN_RECV sockets into main ehash for fast lookup,
    and parallel SYN processing.

    Current inet_ehash_bucket contains two chains, one for ESTABLISH (and
    friend states) sockets, another for TIME_WAIT sockets only.

    As the hash table is sized to get at most one socket per bucket, it
    makes little sense to have separate twchain, as it makes the lookup
    slightly more complicated, and doubles hash table memory usage.

    If we make sure all socket types have the lookup keys at the same
    offsets, we can use a generic and faster lookup. It turns out TIME_WAIT
    and ESTABLISHED sockets already have common lookup fields for IPv4.

    [ INET_TW_MATCH() is no longer needed ]

    I'll provide a follow-up to factorize IPv6 lookup as well, to remove
    INET6_TW_MATCH()

    This way, SYN_RECV pseudo sockets will be supported the same.

    A new sock_gen_put() helper is added, doing either a sock_put() or
    inet_twsk_put() [ and will support SYN_RECV later ].

    Note this helper should only be called in real slow path, when rcu
    lookup found a socket that was moved to another identity (freed/reused
    immediately), but could eventually be used in other contexts, like
    sock_edemux()

    Before patch :

    dmesg | grep "TCP established"

    TCP established hash table entries: 524288 (order: 11, 8388608 bytes)

    After patch :

    TCP established hash table entries: 524288 (order: 10, 4194304 bytes)

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

04 Oct, 2013

1 commit

  • 96f817fed   tcp: shrink tcp6_timewait_sock by one cache line ... Browse Code »

    While working on tcp listener refactoring, I found that it
    would really make things easier if sock_common could include
    the IPv6 addresses needed in the lookups, instead of doing
    very complex games to get their values (depending on sock
    being SYN_RECV, ESTABLISHED, TIME_WAIT)

    For this to happen, I need to be sure that tcp6_timewait_sock
    and tcp_timewait_sock consume same number of cache lines.

    This is possible if we only use 32bits for tw_ttd, as we remove
    one 32bit hole in inet_timewait_sock

    inet_tw_time_stamp() is defined and used, even if its current
    implementation looks like tcp_time_stamp : We might need finer
    resolution for tcp_time_stamp in the future.

    Before patch : sizeof(struct tcp6_timewait_sock) = 0xc8

    After patch : sizeof(struct tcp6_timewait_sock) = 0xc0

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

28 Feb, 2013

1 commit

  • b67bfe0d4   hlist: drop the node parameter from iterators ... Browse Code »

    I'm not sure why, but the hlist for each entry iterators were conceived

    list_for_each_entry(pos, head, member)

    The hlist ones were greedy and wanted an extra parameter:

    hlist_for_each_entry(tpos, pos, head, member)

    Why did they need an extra pos parameter? I'm not quite sure. Not only
    they don't really need it, it also prevents the iterator from looking
    exactly like the list iterator, which is unfortunate.

    Besides the semantic patch, there was some manual work required:

    - Fix up the actual hlist iterators in linux/list.h
    - Fix up the declaration of other iterators based on the hlist ones.
    - A very small amount of places were using the 'node' parameter, this
    was modified to use 'obj->member' instead.
    - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
    properly, so those had to be fixed up manually.

    The semantic patch which is mostly the work of Peter Senna Tschudin is here:

    @@
    iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;

    type T;
    expression a,c,d,e;
    identifier b;
    statement S;
    @@

    -T b;

    [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
    [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
    [akpm@linux-foundation.org: checkpatch fixes]
    [akpm@linux-foundation.org: fix warnings]
    [akpm@linux-foudnation.org: redo intrusive kvm changes]
    Tested-by: Peter Senna Tschudin
    Acked-by: Paul E. McKenney
    Signed-off-by: Sasha Levin
    Cc: Wu Fengguang
    Cc: Marcelo Tosatti
    Cc: Gleb Natapov
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Sasha Levin
     

16 May, 2012

1 commit

16 Apr, 2012

1 commit

01 Nov, 2011

1 commit

24 Oct, 2011

1 commit

  • 66b13d99d   ipv4: tcp: fix TOS value in ACK messages sent from TIME_WAIT ... Browse Code »

    There is a long standing bug in linux tcp stack, about ACK messages sent
    on behalf of TIME_WAIT sockets.

    In the IP header of the ACK message, we choose to reflect TOS field of
    incoming message, and this might break some setups.

    Example of things that were broken :
    - Routing using TOS as a selector
    - Firewalls
    - Trafic classification / shaping

    We now remember in timewait structure the inet tos field and use it in
    ACK generation, and route lookup.

    Notes :
    - We still reflect incoming TOS in RST messages.
    - We could extend MuraliRaja Muniraju patch to report TOS value in
    netlink messages for TIME_WAIT sockets.
    - A patch is needed for IPv6

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

20 Feb, 2011

1 commit

  • 91035f0b7   tcp: fix inet_twsk_deschedule() ... Browse Code »

    Eric W. Biederman reported a lockdep splat in inet_twsk_deschedule()

    This is caused by inet_twsk_purge(), run from process context,
    and commit 575f4cd5a5b6394577 (net: Use rcu lookups in inet_twsk_purge.)
    removed the BH disabling that was necessary.

    Add the BH disabling but fine grained, right before calling
    inet_twsk_deschedule(), instead of whole function.

    With help from Linus Torvalds and Eric W. Biederman

    Reported-by: Eric W. Biederman
    Signed-off-by: Eric Dumazet
    CC: Daniel Lezcano
    CC: Pavel Emelyanov
    CC: Arnaldo Carvalho de Melo
    CC: stable (# 2.6.33+)
    Signed-off-by: David S. Miller

    Eric Dumazet
     

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

09 Dec, 2009

2 commits

  • 2a8875e73   [PATCH] tcp: documents timewait refcnt tricks ... Browse Code »

    Adds kerneldoc for inet_twsk_unhash() & inet_twsk_bind_unhash().

    With help from Randy Dunlap.

    Suggested-by: Evgeniy Polyakov
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     
  • 3cdaedae6   tcp: Fix a connect() race with timewait sockets ... Browse Code »

    When we find a timewait connection in __inet_hash_connect() and reuse
    it for a new connection request, we have a race window, releasing bind
    list lock and reacquiring it in __inet_twsk_kill() to remove timewait
    socket from list.

    Another thread might find the timewait socket we already chose, leading to
    list corruption and crashes.

    Fix is to remove timewait socket from bind list before releasing the bind lock.

    Note: This problem happens if sysctl_tcp_tw_reuse is set.

    Reported-by: kapil dakhane
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

04 Dec, 2009

4 commits

  • 47e1c3230   tcp: fix a timewait refcnt race ... Browse Code »

    After TCP RCU conversion, tw->tw_refcnt should not be set to 1 in
    inet_twsk_alloc(). It allows a RCU reader to get this timewait socket,
    while we not yet stabilized it.

    Only choice we have is to set tw_refcnt to 0 in inet_twsk_alloc(),
    then atomic_add() it later, once everything is done.

    Location of this atomic_add() is tricky, because we dont want another
    writer to find this timewait in ehash, while tw_refcnt is still zero !

    Thanks to Kapil Dakhane tests and reports.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     
  • 13475a30b   tcp: connect() race with timewait reuse ... Browse Code »

    Its currently possible that several threads issuing a connect() find
    the same timewait socket and try to reuse it, leading to list
    corruptions.

    Condition for bug is that these threads bound their socket on same
    address/port of to-be-find timewait socket, and connected to same
    target. (SO_REUSEADDR needed)

    To fix this problem, we could unhash timewait socket while holding
    ehash lock, to make sure lookups/changes will be serialized. Only
    first thread finds the timewait socket, other ones find the
    established socket and return an EADDRNOTAVAIL error.

    This second version takes into account Evgeniy's review and makes sure
    inet_twsk_put() is called outside of locked sections.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     
  • b099ce260   net: Batch inet_twsk_purge ... Browse Code »

    This function walks the whole hashtable so there is no point in
    passing it a network namespace. Instead I purge all timewait
    sockets from dead network namespaces that I find. If the namespace
    is one of the once I am trying to purge I am guaranteed no new timewait
    sockets can be formed so this will get them all. If the namespace
    is one I am not acting for it might form a few more but I will
    call inet_twsk_purge again and shortly to get rid of them. In
    any even if the network namespace is dead timewait sockets are
    useless.

    Move the calls of inet_twsk_purge into batch_exit routines so
    that if I am killing a bunch of namespaces at once I will just
    call inet_twsk_purge once and save a lot of redundant unnecessary
    work.

    My simple 4k network namespace exit test the cleanup time dropped from
    roughly 8.2s to 1.6s. While the time spent running inet_twsk_purge fell
    to about 2ms. 1ms for ipv4 and 1ms for ipv6.

    Signed-off-by: Eric W. Biederman
    Signed-off-by: David S. Miller

    Eric W. Biederman
     
  • 575f4cd5a   net: Use rcu lookups in inet_twsk_purge. ... Browse Code »

    While we are looking up entries to free there is no reason to take
    the lock in inet_twsk_purge. We have to drop locks and restart
    occassionally anyway so adding a few more in case we get on the
    wrong list because of a timewait move is no big deal. At the
    same time not taking the lock for long periods of time is much
    more polite to the rest of the users of the hash table.

    In my test configuration of killing 4k network namespaces
    this change causes 4k back to back runs of inet_twsk_purge on an
    empty hash table to go from roughly 20.7s to 3.3s, and the total
    time to destroy 4k network namespaces goes from roughly 44s to
    3.3s.

    Signed-off-by: Eric W. Biederman
    Acked-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

19 Oct, 2009

1 commit

  • c720c7e83   inet: rename some inet_sock fields ... Browse Code »

    In order to have better cache layouts of struct sock (separate zones
    for rx/tx paths), we need this preliminary patch.

    Goal is to transfert fields used at lookup time in the first
    read-mostly cache line (inside struct sock_common) and move sk_refcnt
    to a separate cache line (only written by rx path)

    This patch adds inet_ prefix to daddr, rcv_saddr, dport, num, saddr,
    sport and id fields. This allows a future patch to define these
    fields as macros, like sk_refcnt, without name clashes.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

13 Oct, 2009

1 commit

29 Aug, 2009

1 commit

  • 80a1096ba   tcp: fix premature termination of FIN_WAIT2 time-wait sockets ... Browse Code »

    There is a race condition in the time-wait sockets code that can lead
    to premature termination of FIN_WAIT2 and, subsequently, to RST
    generation when the FIN,ACK from the peer finally arrives:

    Time TCP header
    0.000000 30755 > http [SYN] Seq=0 Win=2920 Len=0 MSS=1460 TSV=282912 TSER=0
    0.000008 http > 30755 aSYN, ACK] Seq=0 Ack=1 Win=2896 Len=0 MSS=1460 TSV=...
    0.136899 HEAD /1b.html?n1Lg=v1 HTTP/1.0 [Packet size limited during capture]
    0.136934 HTTP/1.0 200 OK [Packet size limited during capture]
    0.136945 http > 30755 [FIN, ACK] Seq=187 Ack=207 Win=2690 Len=0 TSV=270521...
    0.136974 30755 > http [ACK] Seq=207 Ack=187 Win=2734 Len=0 TSV=283049 TSER=...
    0.177983 30755 > http [ACK] Seq=207 Ack=188 Win=2733 Len=0 TSV=283089 TSER=...
    0.238618 30755 > http [FIN, ACK] Seq=207 Ack=188 Win=2733 Len=0 TSV=283151...
    0.238625 http > 30755 [RST] Seq=188 Win=0 Len=0

    Say twdr->slot = 1 and we are running inet_twdr_hangman and in this
    instance inet_twdr_do_twkill_work returns 1. At that point we will
    mark slot 1 and schedule inet_twdr_twkill_work. We will also make
    twdr->slot = 2.

    Next, a connection is closed and tcp_time_wait(TCP_FIN_WAIT2, timeo)
    is called which will create a new FIN_WAIT2 time-wait socket and will
    place it in the last to be reached slot, i.e. twdr->slot = 1.

    At this point say inet_twdr_twkill_work will run which will start
    destroying the time-wait sockets in slot 1, including the just added
    TCP_FIN_WAIT2 one.

    To avoid this issue we increment the slot only if all entries in the
    slot have been purged.

    This change may delay the slots cleanup by a time-wait death row
    period but only if the worker thread didn't had the time to run/purge
    the current slot in the next period (6 seconds with default sysctl
    settings). However, on such a busy system even without this change we
    would probably see delays...

    Signed-off-by: Octavian Purdila
    Signed-off-by: David S. Miller

    Octavian Purdila