Eric Lee / smarc-fsl-linux-kernel

22 Feb, 2016

1 commit

18 Dec, 2015

1 commit

12 Dec, 2015

5 commits

  • f20367df1   mpls: make via address optional for multipath routes ... Browse Code »

    The via address is optional for a single path route, yet is mandatory
    when the multipath attribute is used:

    # ip -f mpls route add 100 dev lo
    # ip -f mpls route add 101 nexthop dev lo
    RTNETLINK answers: Invalid argument

    Make them consistent by making the via address optional when the
    RTA_MULTIPATH attribute is being parsed so that both forms of
    specifying the route work.

    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • eb7809f09   mpls: fix out-of-bounds access when via address not specified ... Browse Code »

    When a via address isn't specified, the via table is left initialised
    to 0 (NEIGH_ARP_TABLE), and the via address length also left
    initialised to 0. This results in a via address array of length 0
    being allocated (contiguous with route and nexthop array), meaning
    that when a packet is sent using neigh_xmit the neighbour lookup and
    creation will cause an out-of-bounds access when accessing the 4 bytes
    of the IPv4 address it assumes it has been given a pointer to.

    This could be fixed by allocating the 4 bytes of via address necessary
    and leaving it as all zeroes. However, it seems wrong to me to use an
    ipv4 nexthop (including possibly ARPing for 0.0.0.0) when the user
    didn't specify to do so.

    Instead, set the via address table to NEIGH_NR_TABLES to signify it
    hasn't been specified and use this at forwarding time to signify a
    neigh_xmit using an L2 address consisting of the device address. This
    mechanism is the same as that used for both ARP and ND for loopback
    interfaces and those flagged as no-arp, which are all we can really
    support in this case.

    Fixes: cf4b24f0024f ("mpls: reduce memory usage of routes")
    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • 72dcac96c   mpls: don't dump RTA_VIA attribute if not specified ... Browse Code »

    The problem seen is that when adding a route with a nexthop with no
    via address specified, iproute2 generates bogus output:

    # ip -f mpls route add 100 dev lo
    # ip -f mpls route list
    100 via inet 0.0.8.0 dev lo

    The reason for this is that the kernel generates an RTA_VIA attribute
    with the family set to AF_INET, but the via address data having zero
    length. The cause of family being AF_INET is that on route insert
    cfg->rc_via_table is left set to 0, which just happens to be
    NEIGH_ARP_TABLE which is then translated into AF_INET.

    iproute2 doesn't validate the length prior to printing and so prints
    garbage. Although it could be fixed to do the validation, I would
    argue that AF_INET addresses should always be exactly 4 bytes so the
    kernel is really giving userspace bogus data.

    Therefore, avoid generating the RTA_VIA attribute when dumping the
    route if the via address wasn't specified on add/modify. This is
    indicated by NEIGH_ARP_TABLE and a zero via address length - if the
    user specified a via address the address length would have been
    validated such that it was 4 bytes. Although this is a change in
    behaviour that is visible to userspace, I believe that what was
    generated before was invalid and as such userspace wouldn't be
    expecting it.

    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • a3e948e83   mpls: validate L2 via address length ... Browse Code »

    If an L2 via address for an mpls nexthop is specified, the length of
    the L2 address must match that expected by the output device,
    otherwise it could access memory beyond the end of the via address
    buffer in the route.

    This check was present prior to commit f8efb73c97e2 ("mpls: multipath
    route support"), but got lost in the refactoring, so add it back,
    applying it to all nexthops in multipath routes.

    Fixes: f8efb73c97e2 ("mpls: multipath route support")
    Signed-off-by: Robert Shearman
    Acked-by: Roopa Prabhu
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • 6e71b2990   mpls_iptunnel: add static qualifier to mpls_output ... Browse Code »

    This gets rid of the following compile warn:
    net/mpls/mpls_iptunnel.c:40:5: warning: no previous prototype for
    mpls_output [-Wmissing-prototypes]

    Signed-off-by: Roopa Prabhu
    Acked-by: Robert Shearman
    Signed-off-by: David S. Miller

    Roopa Prabhu
     

08 Dec, 2015

1 commit

  • fe82b3300   mpls: fix sending of local encapped packets ... Browse Code »

    Locally generated IPv4 and (probably) IPv6 packets are dropped because
    skb->protocol isn't set. We could write wrappers to lwtunnel_output
    for IPv4 and IPv6 that set the protocol accordingly and then call
    lwtunnel_output, but mpls_output relies on the AF-specific type of dst
    anyway to get the via address.

    Therefore, make use of dst->dst_ops->family in mpls_output to
    determine the type of nexthop and thus protocol of the packet instead
    of checking skb->protocol.

    Fixes: 61adedf3e3f1 ("route: move lwtunnel state to dst_entry")
    Reported-by: Sam Russell
    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     

04 Dec, 2015

1 commit

  • c89359a42   mpls: support for dead routes ... Browse Code »

    Adds support for RTNH_F_DEAD and RTNH_F_LINKDOWN flags on mpls
    routes due to link events. Also adds code to ignore dead
    routes during route selection.

    Unlike ip routes, mpls routes are not deleted when the route goes
    dead. This is current mpls behaviour and this patch does not change
    that. With this patch however, routes will be marked dead.
    dead routes are not notified to userspace (this is consistent with ipv4
    routes).

    dead routes:
    -----------
    $ip -f mpls route show
    100
    nexthop as to 200 via inet 10.1.1.2 dev swp1
    nexthop as to 700 via inet 10.1.1.6 dev swp2

    $ip link set dev swp1 down

    $ip link show dev swp1
    4: swp1: mtu 1500 qdisc pfifo_fast state DOWN mode
    DEFAULT group default qlen 1000
    link/ether 00:02:00:00:00:01 brd ff:ff:ff:ff:ff:ff

    $ip -f mpls route show
    100
    nexthop as to 200 via inet 10.1.1.2 dev swp1 dead linkdown
    nexthop as to 700 via inet 10.1.1.6 dev swp2

    linkdown routes:
    ----------------
    $ip -f mpls route show
    100
    nexthop as to 200 via inet 10.1.1.2 dev swp1
    nexthop as to 700 via inet 10.1.1.6 dev swp2

    $ip link show dev swp1
    4: swp1: mtu 1500 qdisc pfifo_fast
    state UP mode DEFAULT group default qlen 1000
    link/ether 00:02:00:00:00:01 brd ff:ff:ff:ff:ff:ff

    /* carrier goes down */
    $ip link show dev swp1
    4: swp1: mtu 1500 qdisc pfifo_fast
    state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:02:00:00:00:01 brd ff:ff:ff:ff:ff:ff

    $ip -f mpls route show
    100
    nexthop as to 200 via inet 10.1.1.2 dev swp1 linkdown
    nexthop as to 700 via inet 10.1.1.6 dev swp2

    Signed-off-by: Roopa Prabhu
    Acked-by: Robert Shearman
    Signed-off-by: David S. Miller

    Roopa Prabhu
     

28 Oct, 2015

2 commits

  • cf4b24f00   mpls: reduce memory usage of routes ... Browse Code »

    Nexthops for MPLS routes have a via address field sized for the
    largest via address that is expected, which is 32 bytes. This means
    that in the most common case of having ipv4 via addresses, 28 bytes of
    memory more than required are used per nexthop. In the other common
    case of an ipv6 nexthop then 16 bytes more than required are
    used. With large numbers of MPLS routes this extra memory usage could
    start to become significant.

    To avoid allocating memory for a maximum length via address when not
    all of it is required and to allow for ease of iterating over
    nexthops, then the via addresses are changed to be stored in the same
    memory block as the route and nexthops, but in an array after the end
    of the array of nexthops. New accessors are provided to retrieve a
    pointer to the via address.

    To allow for O(1) access without having to store a pointer or offset
    per nh, the via address for each nexthop is sized according to the
    maximum via address for any nexthop in the route, which is stored in a
    new route field, rt_max_alen, but this is in an existing hole in
    struct mpls_route so it doesn't increase the size of the
    structure. Each via address is ensured to be aligned to VIA_ALEN_ALIGN
    to account for architectures that don't allow unaligned accesses.

    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • b4e04fc73   mpls: fix forwarding using v4/v6 explicit null ... Browse Code »

    Fill in the via address length for the predefined IPv4 and IPv6
    explicit-null label routes.

    Fixes: f8efb73c97e2 ("mpls: multipath route support")
    Signed-off-by: Robert Shearman
    Acked-by: Roopa Prabhu
    Signed-off-by: David S. Miller

    Robert Shearman
     

23 Oct, 2015

2 commits

  • 1c78efa83   mpls: flow-based multipath selection ... Browse Code »

    Change the selection of a multipath route to use a flow-based
    hash. This more suitable for traffic sensitive to reordering within a
    flow (e.g. TCP, L2VPN) and whilst still allowing a good distribution
    of traffic given enough flows.

    Selection of the path for a multipath route is done using a hash of:
    1. Label stack up to MAX_MP_SELECT_LABELS labels or up to and
    including entropy label, whichever is first.
    2. 3-tuple of (L3 src, L3 dst, proto) from IPv4/IPv6 header in MPLS
    payload, if present.

    Naturally, a 5-tuple hash using L4 information in addition would be
    possible and be better in some scenarios, but there is a tradeoff
    between looking deeper into the packet to achieve good distribution,
    and packet forwarding performance, and I have erred on the side of the
    latter as the default.

    Signed-off-by: Robert Shearman
    Signed-off-by: Roopa Prabhu
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • f8efb73c9   mpls: multipath route support ... Browse Code »

    This patch adds support for MPLS multipath routes.

    Includes following changes to support multipath:
    - splits struct mpls_route into 'struct mpls_route + struct mpls_nh'

    - 'struct mpls_nh' represents a mpls nexthop label forwarding entry

    - moves mpls route and nexthop structures into internal.h

    - A mpls_route can point to multiple mpls_nh structs

    - the nexthops are maintained as a array (similar to ipv4 fib)

    - In the process of restructuring, this patch also consistently changes
    all labels to u8

    - Adds support to parse/fill RTA_MULTIPATH netlink attribute for
    multipath routes similar to ipv4/v6 fib

    - In this patch, the multipath route nexthop selection algorithm
    simply returns the first nexthop. It is replaced by a
    hash based algorithm from Robert Shearman in the next patch

    - mpls_route_update cleanup: remove 'dev' handling in mpls_route_update.
    mpls_route_update though implemented to update based on dev, it was
    never used that way. And the dev handling gets tricky with multiple
    nexthops. Cannot match against any single nexthops dev. So, this patch
    removes the unused 'dev' handling in mpls_route_update.

    - dead route/path handling will be implemented in a subsequent patch

    Example:

    $ip -f mpls route add 100 nexthop as 200 via inet 10.1.1.2 dev swp1 \
    nexthop as 700 via inet 10.1.1.6 dev swp2 \
    nexthop as 800 via inet 40.1.1.2 dev swp3

    $ip -f mpls route show
    100
    nexthop as to 200 via inet 10.1.1.2 dev swp1
    nexthop as to 700 via inet 10.1.1.6 dev swp2
    nexthop as to 800 via inet 40.1.1.2 dev swp3

    Signed-off-by: Roopa Prabhu
    Acked-by: Robert Shearman
    Signed-off-by: David S. Miller

    Roopa Prabhu
     

08 Oct, 2015

1 commit

01 Sep, 2015

1 commit

  • 6ea3c9d5b   mpls: fix mpls_net_init memory leak ... Browse Code »

    Fix a memory leak in the mpls netns init function in case of failure. If
    register_net_sysctl fails then we need to free the ctl_table.

    Fixes: 7720c01f3f59 ("mpls: Add a sysctl to control the size of the mpls label table")
    Signed-off-by: Nikolay Aleksandrov
    Signed-off-by: David S. Miller

    Nikolay Aleksandrov
     

25 Aug, 2015

1 commit

  • 127eb7cd3   lwt: Add cfg argument to build_state ... Browse Code »

    Add cfg and family arguments to lwt build state functions. cfg is a void
    pointer and will either be a pointer to a fib_config or fib6_config
    structure. The family parameter indicates which one (either AF_INET
    or AF_INET6).

    LWT encpasulation implementation may use the fib configuration to build
    the LWT state.

    Signed-off-by: Tom Herbert
    Signed-off-by: David S. Miller

    Tom Herbert
     

21 Aug, 2015

1 commit

  • 61adedf3e   route: move lwtunnel state to dst_entry ... Browse Code »

    Currently, the lwtunnel state resides in per-protocol data. This is
    a problem if we encapsulate ipv6 traffic in an ipv4 tunnel (or vice versa).
    The xmit function of the tunnel does not know whether the packet has been
    routed to it by ipv4 or ipv6, yet it needs the lwtstate data. Moving the
    lwtstate data to dst_entry makes such inter-protocol tunneling possible.

    As a bonus, this brings a nice diffstat.

    Signed-off-by: Jiri Benc
    Acked-by: Roopa Prabhu
    Acked-by: Thomas Graf
    Signed-off-by: David S. Miller

    Jiri Benc
     

10 Aug, 2015

1 commit

  • 118d52346   mpls: Enforce payload type of traffic sent using explicit NULL ... Browse Code »

    RFC 4182 s2 states that if an IPv4 Explicit NULL label is the only
    label on the stack, then after popping the resulting packet must be
    treated as a IPv4 packet and forwarded based on the IPv4 header. The
    same is true for IPv6 Explicit NULL with an IPv6 packet following.

    Therefore, when installing the IPv4/IPv6 Explicit NULL label routes,
    add an attribute that specifies the expected payload type for use at
    forwarding time for determining the type of the encapsulated packet
    instead of inspecting the first nibble of the packet.

    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     

07 Aug, 2015

2 commits

  • 3dcb615e6   af_mpls: add null dev check in find_outdev ... Browse Code »

    This patch adds null dev check for the 'cfg->rc_via_table ==
    NEIGH_LINK_TABLE or dev_get_by_index() failed' case

    Reported-by: Dan Carpenter
    Signed-off-by: Roopa Prabhu
    Signed-off-by: David S. Miller

    Roopa Prabhu
     
  • 5a9348b54   mpls: small cleanup in inet/inet6_fib_lookup_dev() ... Browse Code »

    We recently changed this code from returning NULL to returning ERR_PTR.
    There are some left over NULL assignments which we can remove. We can
    preserve the error code from ip_route_output() instead of always
    returning -ENODEV. Also these functions use a mix of gotos and direct
    returns. There is no cleanup necessary so I changed the gotos to
    direct returns.

    Signed-off-by: Dan Carpenter
    Acked-by: Roopa Prabhu
    Acked-by: Robert Shearman
    Signed-off-by: David S. Miller

    Dan Carpenter
     

04 Aug, 2015

1 commit

  • a6affd24f   mpls: Use definition for reserved label checks ... Browse Code »

    In multiple locations there are checks for whether the label in hand
    is a reserved label or not using the arbritray value of 16. Factor
    this out into a #define for better maintainability and for
    documentation.

    Signed-off-by: Robert Shearman
    Acked-by: Roopa Prabhu
    Signed-off-by: David S. Miller

    Robert Shearman
     

01 Aug, 2015

1 commit

  • bf21563ac   af_mpls: fix undefined reference to ip6_route_output ... Browse Code »

    Undefined reference to ip6_route_output and ip_route_output
    was reported with CONFIG_INET=n and CONFIG_IPV6=n.

    This patch uses ipv6_stub_impl.ipv6_dst_lookup instead of
    ip6_route_output. And wraps affected code under
    IS_ENABLED(CONFIG_INET) and IS_ENABLED(CONFIG_IPV6).

    Reported-by: kbuild test robot
    Reported-by: Thomas Graf
    Signed-off-by: Roopa Prabhu
    Signed-off-by: David S. Miller

    Roopa Prabhu
     

23 Jul, 2015

1 commit

22 Jul, 2015

3 commits

14 Jun, 2015

1 commit

12 Jun, 2015

1 commit

  • 0fae3bf01   mpls: handle device renames for per-device sysctls ... Browse Code »

    If a device is renamed and the original name is subsequently reused
    for a new device, the following warning is generated:

    sysctl duplicate entry: /net/mpls/conf/veth0//input
    CPU: 3 PID: 1379 Comm: ip Not tainted 4.1.0-rc4+ #20
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
    0000000000000000 0000000000000000 ffffffff81566aaf 0000000000000000
    ffffffff81236279 ffff88002f7d7f00 0000000000000000 ffff88000db336d8
    ffff88000db33698 0000000000000005 ffff88002e046000 ffff8800168c9280
    Call Trace:
    [] ? dump_stack+0x40/0x50
    [] ? __register_sysctl_table+0x289/0x5a0
    [] ? mpls_dev_notify+0x1ff/0x300 [mpls_router]
    [] ? notifier_call_chain+0x4f/0x70
    [] ? register_netdevice+0x2b2/0x480
    [] ? veth_newlink+0x178/0x2d3 [veth]
    [] ? rtnl_newlink+0x73c/0x8e0
    [] ? rtnl_newlink+0x16a/0x8e0
    [] ? __kmalloc_reserve.isra.30+0x32/0x90
    [] ? rtnetlink_rcv_msg+0x8d/0x250
    [] ? __alloc_skb+0x47/0x1f0
    [] ? __netlink_lookup+0xab/0xe0
    [] ? rtnetlink_rcv+0x30/0x30
    [] ? netlink_rcv_skb+0xb0/0xd0
    [] ? rtnetlink_rcv+0x24/0x30
    [] ? netlink_unicast+0x107/0x1a0
    [] ? netlink_sendmsg+0x50e/0x630
    [] ? sock_sendmsg+0x3c/0x50
    [] ? ___sys_sendmsg+0x27b/0x290
    [] ? mem_cgroup_try_charge+0x88/0x110
    [] ? mem_cgroup_commit_charge+0x56/0xa0
    [] ? do_filp_open+0x30/0xa0
    [] ? __sys_sendmsg+0x3e/0x80
    [] ? system_call_fastpath+0x16/0x75

    Fix this by unregistering the previous sysctl table (registered for
    the path containing the original device name) and re-registering the
    table for the path containing the new device name.

    Fixes: 37bde79979c3 ("mpls: Per-device enabling of packet input")
    Reported-by: Scott Feldman
    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     

09 Jun, 2015

1 commit

08 Jun, 2015

1 commit

  • 25cc8f076   mpls: fix possible use after free of device ... Browse Code »

    The mpls device is used in an RCU read context without a lock being
    held. As the memory is freed without waiting for the RCU grace period
    to elapse, the freed memory could still be in use.

    Address this by using kfree_rcu to free the memory for the mpls device
    after the RCU grace period has elapsed.

    Fixes: 03c57747a702 ("mpls: Per-device MPLS state")
    Signed-off-by: Robert Shearman
    Acked-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Robert Shearman
     

02 Jun, 2015

1 commit

  • bdef7de4b   net: Add priority to packet_offload objects. ... Browse Code »

    When we scan a packet for GRO processing, we want to see the most
    common packet types in the front of the offload_base list.

    So add a priority field so we can handle this properly.

    IPv4/IPv6 get the highest priority with the implicit zero priority
    field.

    Next comes ethernet with a priority of 10, and then we have the MPLS
    types with a priority of 15.

    Suggested-by: Eric Dumazet
    Suggested-by: Toshiaki Makita
    Signed-off-by: David S. Miller

    David S. Miller
     

10 May, 2015

1 commit

06 May, 2015

1 commit

23 Apr, 2015

3 commits

  • 5a9ab0176   mpls: Prevent use of implicit NULL label as outgoing label ... Browse Code »

    The reserved implicit-NULL label isn't allowed to appear in the label
    stack for packets, so make it an error for the control plane to
    specify it as an outgoing label.

    Suggested-by: "Eric W. Biederman"
    Signed-off-by: Robert Shearman
    Reviewed-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • 37bde7997   mpls: Per-device enabling of packet input ... Browse Code »

    An MPLS network is a single trust domain where the edges must be in
    control of what labels make their way into the core. The simplest way
    of ensuring this is for the edge device to always impose the labels,
    and not allow forward labeled traffic from untrusted neighbours. This
    is achieved by allowing a per-device configuration of whether MPLS
    traffic input from that interface should be processed or not.

    To be secure by default, the default state is changed to MPLS being
    disabled on all interfaces unless explicitly enabled and no global
    option is provided to change the default. Whilst this differs from
    other protocols (e.g. IPv6), network operators are used to explicitly
    enabling MPLS forwarding on interfaces, and with the number of links
    to the MPLS core typically fairly low this doesn't present too much of
    a burden on operators.

    Cc: "Eric W. Biederman"
    Signed-off-by: Robert Shearman
    Reviewed-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Robert Shearman
     
  • 03c57747a   mpls: Per-device MPLS state ... Browse Code »

    Add per-device MPLS state to supported interfaces. Use the presence of
    this state in mpls_route_add to determine that this is a supported
    interface.

    Use the presence of mpls_dev to drop packets that arrived on an
    unsupported interface - previously they were allowed through.

    Cc: "Eric W. Biederman"
    Signed-off-by: Robert Shearman
    Reviewed-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Robert Shearman
     

13 Mar, 2015

1 commit

  • 76fecd827   mpls: In mpls_egress verify the packet length. ... Browse Code »

    Reobert Shearman noticed that mpls_egress is failing to verify that
    the bytes to be examined are in fact present in the packet before
    mpls_egress reads those bytes.

    As suggested by David Miller reduce this to a single pskb_may_pull
    call so that we don't do unnecessary work in the fast path.

    Reported-by: Robert Shearman
    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

12 Mar, 2015

1 commit

  • 8a08919f4   mpls: Allow mpls_gso and mpls_router to be built as modules ... Browse Code »

    CONFIG_MPLS=m doesn't result in a kernel module being built because it
    applies to the net/mpls directory, rather than to .o files.

    So revert the MPLS menuitem to being a boolean and make MPLS_GSO and
    MPLS_ROUTING tristates to allow mpls_gso and mpls_router modules to be
    produced as desired.

    Cc: "Eric W. Biederman"
    Signed-off-by: Robert Shearman
    Signed-off-by: David S. Miller

    Robert Shearman
     

10 Mar, 2015

1 commit

09 Mar, 2015

1 commit