05 Oct, 2015
40 commits
-
We want to avoid using time_t in the kernel because of the y2038
overflow problem. The use in sctp is not for storing seconds at
all, but instead uses microseconds and is passed as 32-bit
on all machines.This patch changes the type to u32, which better fits the use.
Signed-off-by: Arnd Bergmann
Cc: Vlad Yasevich
Cc: Neil Horman
Cc: linux-sctp@vger.kernel.org
Acked-by: Neil Horman
Acked-by: Marcelo Ricardo Leitner
Signed-off-by: David S. Miller -
The ipv6 mip6 implementation is one of only a few users of the
skb_get_timestamp() function in the kernel, which is both unsafe
on 32-bit architectures because of the 2038 overflow, and slightly
less efficient than the skb_get_ktime() based approach.This converts the function call and the mip6_report_rate_limiter
structure that stores the time stamp, eliminating all uses of
timeval in the ipv6 code.Signed-off-by: Arnd Bergmann
Cc: Alexey Kuznetsov
Cc: James Morris
Cc: Hideaki YOSHIFUJI
Cc: Patrick McHardy
Signed-off-by: David S. Miller -
The __build_packet_message function fills a nfulnl_msg_packet_timestamp
structure that uses 64-bit seconds and is therefore y2038 safe, but
it uses an intermediate 'struct timespec' which is not.This trivially changes the code to use 'struct timespec64' instead,
to correct the result on 32-bit architectures.Signed-off-by: Arnd Bergmann
Cc: Pablo Neira Ayuso
Cc: Patrick McHardy
Cc: Jozsef Kadlecsik
Cc: netfilter-devel@vger.kernel.org
Cc: coreteam@netfilter.org
Acked-by: Pablo Neira Ayuso
Signed-off-by: David S. Miller -
The zatm_t_hist structure is not used anywhere in the kernel, but is
exported to user space. As we are trying to eliminate uses of time_t
in the kernel for y2038 compatibility, the current definition triggers
checking tools because it contains 'struct timeval'.As pointed out by Chas Williams, the only user of this structure was
the ZATM_GETHIST ioctl command that has been removed a long time ago,
and we can remove the structure as well without breaking any user
space.Signed-off-by: Arnd Bergmann
Cc: Chas Williams
Cc: linux-atm-general@lists.sourceforge.net
Signed-off-by: David S. Miller -
The mac80211 code uses ktime_get_ts to measure the connected time.
As this uses monotonic time, it is y2038 safe on 32-bit systems,
but we still want to deprecate the use of 'timespec' because most
other users are broken.This changes the code to use ktime_get_seconds() instead, which
avoids the timespec structure and is slightly more efficient.Signed-off-by: Arnd Bergmann
Cc: Johannes Berg
Cc: linux-wireless@vger.kernel.org
Signed-off-by: David S. Miller -
mwifiex_get_random_ba_threshold() uses a complex homegrown implementation
to generate a pseudo-random number from the current time as returned
from do_gettimeofday().This currently requires two 32-bit divisions plus a couple of other
computations that are eventually discarded as only eight bits of
the microsecond portion are used at all.We could replace this with a call to get_random_bytes(), but that
might drain the entropy pool too fast if this is called for each
packet.Instead, this patch converts it to use ktime_get_ns(), which is a
bit faster than do_gettimeofday(), and then uses a similar algorithm
as before, but in a way that takes both the nanosecond and second
portion into account for slightly-more-but-still-not-very-random
pseudorandom number.Signed-off-by: Arnd Bergmann
Cc: Amitkumar Karwar
Cc: Nishant Sarmukadam
Cc: Kalle Valo
Cc: linux-wireless@vger.kernel.org
Signed-off-by: David S. Miller -
The mwifiex_11n_aggregate_pkt() function creates a ktime_t from
a timeval returned by do_gettimeofday, which is slow and causes
an overflow in 2038 on 32-bit architectures.This solves both problems by using the appropriate ktime_get_real()
function.Signed-off-by: Arnd Bergmann
Cc: Amitkumar Karwar
Cc: Nishant Sarmukadam
Cc: Kalle Valo
Cc: linux-wireless@vger.kernel.org
Signed-off-by: David S. Miller -
We want to deprecate the use of 'struct timespec' on 32-bit
architectures, as it is will overflow in 2038. The igb
driver uses it to read the current time, and can simply
be changed to use ktime_get_real_ts64() instead.Because of hardware limitations, there is still an overflow
in year 2106, which we cannot really avoid, but this documents
the overflow.Signed-off-by: Arnd Bergmann
Cc: Jeff Kirsher
Cc: intel-wired-lan@lists.osuosl.org
Reviewed-by: Richard Cochran
Signed-off-by: David S. Miller -
We want to deprecate the use of 'struct timespec' on 32-bit
architectures, as it is will overflow in 2038. The stmmac
driver uses it to read the current time, and can simply
be changed to use ktime_get_real_ts64() instead.Because of hardware limitations, there is still an overflow
in year 2106, which we cannot really avoid, but this documents
the overflow.Signed-off-by: Arnd Bergmann
Cc: Giuseppe Cavallaro
Cc: Richard Cochran
Acked-by: Richard Cochran
Signed-off-by: David S. Miller -
The fec_ptp_enable_pps uses an open-coded implementation of ns_to_timespec,
which will be removed eventually as it is not y2038-safe on 32-bit
architectures. Two more instances of the same code in this file were
already converted to use the safe ns_to_timespec64 in commit 6630514fcee
("ptp: fec: use helpers for converting ns to timespec"), this changes
the last one as well.The seconds portion here is actually unused and we could just remove the
timespec variable, but using ns_to_timespec64 can still be better as the
implementation can be hand-optimized in the future.Signed-off-by: Arnd Bergmann
Cc: Richard Cochran
Cc: Fugang Duan
Cc: Luwei Zhou
Cc: Frank Li
Acked-by: Richard Cochran
Signed-off-by: David S. Miller -
Peter Nørlund says:
====================
ipv4: Hash-based multipath routingWhen the routing cache was removed in 3.6, the IPv4 multipath algorithm changed
from more or less being destination-based into being quasi-random per-packet
scheduling. This increases the risk of out-of-order packets and makes it
impossible to use multipath together with anycast services.This patch series replaces the old implementation with flow-based load
balancing based on a hash over the source and destination addresses.Distribution of the hash is done with thresholds as described in RFC 2992.
This reduces the disruption when a path is added/remove when having more than
two paths.To futher the chance of successful usage in conjuction with anycast, ICMP
error packets are hashed over the inner IP addresses. This ensures that PMTU
will work together with anycast or load-balancers such as IPVS.Port numbers are not considered since fragments could cause problems with
anycast and IPVS. Relying on the DF-flag for TCP packets is also insufficient,
since ICMP inspection effectively extracts information from the opposite
flow which might have a different state of the DF-flag. This is also why the
RSS hash is not used. These are typically based on the NDIS RSS spec which
mandates TCP support.Measurements of the additional overhead of a two-path multipath
(p_mkroute_input excl. __mkroute_input) on a Xeon X3550 (4 cores, 2.66GHz):Original per-packet: ~394 cycles/packet
L3 hash: ~76 cycles/packetChanges in v5:
- Fixed compilation errorChanges in v4:
- Functions take hash directly instead of func ptr
- Added inline hash function
- Added dummy macros to minimize ifdefs
- Use upper 31 bits of hash instead of lowerChanges in v3:
- Multipath algorithm is no longer configurable (always L3)
- Added random seed to hash
- Moved ICMP inspection to isolated function
- Ignore source quench packets (deprecated as per RFC 6633)Changes in v2:
- Replaced 8-bit xor hash with 31-bit jenkins hash
- Don't scale weights (since 31-bit)
- Avoided unnecesary renaming of variables
- Rely on DF-bit instead of fragment offset when checking for fragmentation
- upper_bound is now inclusive to avoid overflow
- Use a callback to postpone extracting flow information until necessary
- Skipped ICMP inspection entirely with L4 hashing
- Handle newly added sysctl ignore_routes_with_linkdown
====================Signed-off-by: David S. Miller
-
ICMP packets are inspected to let them route together with the flow they
belong to, minimizing the chance that a problematic path will affect flows
on other paths, and so that anycast environments can work with ECMP.Signed-off-by: Peter Nørlund
Signed-off-by: David S. Miller -
Replaces the per-packet multipath with a hash-based multipath using
source and destination address.Signed-off-by: Peter Nørlund
Signed-off-by: David S. Miller -
Eric Dumazet says:
====================
tcp: lockless listener fixes and improvementThis fixes issues with TCP FastOpen vs lockless listeners,
and SYNACK being attached to request sockets.Then, last patch brings performance improvement for
syncookies generation and validation.Tested under a 4.3 Mpps SYNFLOOD attack, new perf profile looks
like :
12.11% [kernel] [k] sha_transform
5.83% [kernel] [k] tcp_conn_request
4.59% [kernel] [k] __inet_lookup_listener
4.11% [kernel] [k] ipt_do_table
3.91% [kernel] [k] tcp_make_synack
3.05% [kernel] [k] fib_table_lookup
2.74% [kernel] [k] sock_wfree
2.66% [kernel] [k] memcpy_erms
2.12% [kernel] [k] tcp_v4_rcv
====================Signed-off-by: David S. Miller
-
inet_reqsk_alloc() is used to allocate a temporary request
in order to generate a SYNACK with a cookie. Then later,
syncookie validation also uses a temporary request.These paths already took a reference on listener refcount,
we can avoid a couple of atomic operations.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
SYN_RECV & TIMEWAIT sockets are not full blown, they do not have a
sk_dst_cache pointer.Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
SYN_RECV & TIMEWAIT sockets are not full blown, they do not have a pinet6
pointer.Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
SYN_RECV & TIMEWAIT sockets are not full blown,
do not even try to call ip_sk_use_pmtu() on them.Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
There are multiple races that need fixes :
1) skb_get() + queue skb + kfree_skb() is racy
An accept() can be done on another cpu, data consumed immediately.
tcp_recvmsg() uses __kfree_skb() as it is assumed all skb found in
socket receive queue are private.Then the kfree_skb() in tcp_rcv_state_process() uses an already freed skb
2) tcp_reqsk_record_syn() needs to be done before tcp_try_fastopen()
for the same reasons.3) We want to send the SYNACK before queueing child into accept queue,
otherwise we might reintroduce the ooo issue fixed in
commit 7c85af881044 ("tcp: avoid reorders for TFO passive connections")Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Nikolay Aleksandrov says:
====================
bridge: complete netlink supportThis set completes the bridge device's netlink support and makes it
possible to view and configure everything that can be configured via
sysfs. I have tested all of these (setting and getting). There're a few
longer line warnings about the br_get_size() ifla comments but I think we
should have them to know what has been accounted for. I have used the sysfs
interface as a guide of what and how to set. As usual I'll send the
corresponding iproute2 patches later.
The bridge port's netlink interface will be completed after this set gets
applied in some form.This patch-set is on top of my last vlan cleanups set:
http://www.spinics.net/lists/netdev/msg346005.html
====================Signed-off-by: David S. Miller
-
Add IFLA_BR_VLAN_DEFAULT_PVID to allow setting/getting bridge's
default_pvid via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add support to allow getting/setting netfilter tables settings.
Currently these are IFLA_BR_NF_CALL_IPTABLES, IFLA_BR_NF_CALL_IP6TABLES
and IFLA_BR_NF_CALL_ARPTABLES.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add support to set/get all of the igmp's configurable intervals via
netlink. These currently are:
IFLA_BR_MCAST_LAST_MEMBER_INTVL
IFLA_BR_MCAST_MEMBERSHIP_INTVL
IFLA_BR_MCAST_QUERIER_INTVL
IFLA_BR_MCAST_QUERY_INTVL
IFLA_BR_MCAST_QUERY_RESPONSE_INTVL
IFLA_BR_MCAST_STARTUP_QUERY_INTVLSigned-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_STARTUP_QUERY_CNT to allow setting/getting
br->multicast_startup_query_count via netlink. Also align the ifla
comments.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_LAST_MEMBER_CNT to allow setting/getting
br->multicast_last_member_count via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_HASH_MAX to allow setting/getting br->hash_max via
netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_HASH_ELASTICITY to allow setting/getting
br->hash_elasticity via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_QUERIER to allow setting/getting br->multicast_querier
via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_QUERY_USE_IFADDR to allow setting/getting
br->multicast_query_use_ifaddr via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_SNOOPING to allow enabling/disabling multicast
snooping via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_MCAST_ROUTER to allow setting and retrieving
br->multicast_router when igmp snooping is enabled.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Simple attribute that flushes the bridge's fdb.
Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_GROUP_ADDR attribute to allow setting and retrieving the
group_addr via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Export the following bridge timers (also exported via sysfs):
IFLA_BR_HELLO_TIMER, IFLA_BR_TCN_TIMER, IFLA_BR_TOPOLOGY_CHANGE_TIMER,
IFLA_BR_GC_TIMER via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_TOPOLOGY_CHANGE and IFLA_BR_TOPOLOGY_CHANGE_DETECTED and
export them via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_ROOT_PATH_COST and export it via netlink.
Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_ROOT_PORT and export it via netlink.
Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_BRIDGE_ID and export br->bridge_id via netlink.
Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_ROOT_ID and export br->designated_root via netlink. For this
purpose add struct ifla_bridge_id that would represent struct bridge_id.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller -
Add IFLA_BR_GROUP_FWD_MASK attribute to allow setting and retrieving the
group_fwd_mask via netlink.Signed-off-by: Nikolay Aleksandrov
Signed-off-by: David S. Miller
