26 Dec, 2016
1 commit
-
ktime_set(S,N) was required for the timespec storage type and is still
useful for situations where a Seconds and Nanoseconds part of a time value
needs to be converted. For anything where the Seconds argument is 0, this
is pointless and can be replaced with a simple assignment.Signed-off-by: Thomas Gleixner
Cc: Peter Zijlstra
25 Dec, 2016
1 commit
-
This was entirely automated, using the script by Al:
PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*'
sed -i -e "s!$PATT!#include !" \
$(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)to do the replacement at the end of the merge window.
Requested-by: Al Viro
Signed-off-by: Linus Torvalds
13 Dec, 2016
1 commit
-
Pull smp hotplug updates from Thomas Gleixner:
"This is the final round of converting the notifier mess to the state
machine. The removal of the notifiers and the related infrastructure
will happen around rc1, as there are conversions outstanding in other
trees.The whole exercise removed about 2000 lines of code in total and in
course of the conversion several dozen bugs got fixed. The new
mechanism allows to test almost every hotplug step standalone, so
usage sites can exercise all transitions extensively.There is more room for improvement, like integrating all the
pointlessly different architecture mechanisms of synchronizing,
setting cpus online etc into the core code"* 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (60 commits)
tracing/rb: Init the CPU mask on allocation
soc/fsl/qbman: Convert to hotplug state machine
soc/fsl/qbman: Convert to hotplug state machine
zram: Convert to hotplug state machine
KVM/PPC/Book3S HV: Convert to hotplug state machine
arm64/cpuinfo: Convert to hotplug state machine
arm64/cpuinfo: Make hotplug notifier symmetric
mm/compaction: Convert to hotplug state machine
iommu/vt-d: Convert to hotplug state machine
mm/zswap: Convert pool to hotplug state machine
mm/zswap: Convert dst-mem to hotplug state machine
mm/zsmalloc: Convert to hotplug state machine
mm/vmstat: Convert to hotplug state machine
mm/vmstat: Avoid on each online CPU loops
mm/vmstat: Drop get_online_cpus() from init_cpu_node_state/vmstat_cpu_dead()
tracing/rb: Convert to hotplug state machine
oprofile/nmi timer: Convert to hotplug state machine
net/iucv: Use explicit clean up labels in iucv_init()
x86/pci/amd-bus: Convert to hotplug state machine
x86/oprofile/nmi: Convert to hotplug state machine
...
04 Dec, 2016
1 commit
-
Couple conflicts resolved here:
1) In the MACB driver, a bug fix to properly initialize the
RX tail pointer properly overlapped with some changes
to support variable sized rings.2) In XGBE we had a "CONFIG_PM" --> "CONFIG_PM_SLEEP" fix
overlapping with a reorganization of the driver to support
ACPI, OF, as well as PCI variants of the chip.3) In 'net' we had several probe error path bug fixes to the
stmmac driver, meanwhile a lot of this code was cleaned up
and reorganized in 'net-next'.4) The cls_flower classifier obtained a helper function in
'net-next' called __fl_delete() and this overlapped with
Daniel Borkamann's bug fix to use RCU for object destruction
in 'net'. It also overlapped with Jiri's change to guard
the rhashtable_remove_fast() call with a check against
tc_skip_sw().5) In mlx4, a revert bug fix in 'net' overlapped with some
unrelated changes in 'net-next'.6) In geneve, a stale header pointer after pskb_expand_head()
bug fix in 'net' overlapped with a large reorganization of
the same code in 'net-next'. Since the 'net-next' code no
longer had the bug in question, there was nothing to do
other than to simply take the 'net-next' hunks.Signed-off-by: David S. Miller
30 Nov, 2016
1 commit
-
It doesn't support to run 32bit 'ip' to set xfrm objdect on 64bit host.
But the return value is unknown for user program:ip xfrm policy list
RTNETLINK answers: Unknown error 524Replace ENOTSUPP with EOPNOTSUPP:
ip xfrm policy list
RTNETLINK answers: Operation not supportedSigned-off-by: Yi Zhao
Signed-off-by: Steffen Klassert
18 Nov, 2016
1 commit
-
if we succeed grabbing the refcount, then
if (err && !xfrm_pol_hold_rcu)will evaluate to false so this hits last else branch which then
sets policy to ERR_PTR(0).Fixes: ae33786f73a7ce ("xfrm: policy: only use rcu in xfrm_sk_policy_lookup")
Reported-by: Nicolas Dichtel
Tested-by: Nicolas Dichtel
Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert
10 Nov, 2016
1 commit
-
Install the callbacks via the state machine. Use multi state support to avoid
custom list handling for the multiple instances.Signed-off-by: Sebastian Andrzej Siewior
Signed-off-by: Thomas Gleixner
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: netdev@vger.kernel.org
Cc: rt@linutronix.de
Cc: "David S. Miller"
Link: http://lkml.kernel.org/r/20161103145021.28528-10-bigeasy@linutronix.de
Signed-off-by: Thomas Gleixner
29 Oct, 2016
1 commit
-
Steffen Klassert says:
====================
pull request (net-next): ipsec-next 2016-10-25Just a leftover from the last development cycle.
1) Remove some unused code, from Florian Westphal.
====================Signed-off-by: David S. Miller
30 Sep, 2016
2 commits
-
Not used anymore since 2009 (9e0d57fd6dad37,
'xfrm: SAD entries do not expire correctly after suspend-resume').Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to
aggregate the data by going through all the items of each cpu sequentially.Signed-off-by: Jia He
Signed-off-by: David S. Miller
24 Sep, 2016
1 commit
-
Steffen Klassert says:
====================
pull request (net-next): ipsec-next 2016-09-23Only two patches this time:
1) Fix a comment reference to struct xfrm_replay_state_esn.
From Richard Guy Briggs.2) Convert xfrm_state_lookup to rcu, we don't need the
xfrm_state_lock anymore in the input path.
From Florian Westphal.Please pull or let me know if there are problems.
====================Signed-off-by: David S. Miller
23 Sep, 2016
1 commit
21 Sep, 2016
1 commit
-
This is called from the packet input path, we get lock contention
if many cpus handle ipsec in parallel.After recent rcu conversion it is safe to call __xfrm_state_lookup
without the spinlock.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert
19 Sep, 2016
1 commit
-
commit 1a6509d99122 ("[IPSEC]: Add support for combined mode algorithms")
introduced aead. The function attach_aead kmemdup()s the algorithm
name during xfrm_state_construct().
However this memory is never freed.
Implementation has since been slightly modified in
commit ee5c23176fcc ("xfrm: Clone states properly on migration")
without resolving this leak.
This patch adds a kfree() call for the aead algorithm name.Fixes: 1a6509d99122 ("[IPSEC]: Add support for combined mode algorithms")
Signed-off-by: Ilan Tayari
Acked-by: Rami Rosen
Signed-off-by: Steffen Klassert
13 Sep, 2016
1 commit
-
Conflicts:
drivers/net/ethernet/mediatek/mtk_eth_soc.c
drivers/net/ethernet/qlogic/qed/qed_dcbx.c
drivers/net/phy/KconfigAll conflicts were cases of overlapping commits.
Signed-off-by: David S. Miller
11 Sep, 2016
1 commit
-
The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either
built-in or as a module, use that macro instead of open coding the same.Using the macro makes the code more readable by helping abstract away some
of the Kconfig built-in and module enable details.Signed-off-by: Javier Martinez Canillas
Signed-off-by: David S. Miller
09 Sep, 2016
2 commits
-
When we fail to attach the security context in xfrm_state_construct()
we'll return 0 as error value which, in turn, will wrongly claim success
to userland when, in fact, we won't be adding / updating the XFRM state.This is a regression introduced by commit fd21150a0fe1 ("[XFRM] netlink:
Inline attach_encap_tmpl(), attach_sec_ctx(), and attach_one_addr()").Fix it by propagating the error returned by security_xfrm_state_alloc()
in this case.Fixes: fd21150a0fe1 ("[XFRM] netlink: Inline attach_encap_tmpl()...")
Signed-off-by: Mathias Krause
Cc: Thomas Graf
Signed-off-by: Steffen Klassert -
Steffen Klassert says:
====================
ipsec-next 2016-09-081) Constify the xfrm_replay structures. From Julia Lawall
2) Protect xfrm state hash tables with rcu, lookups
can be done now without acquiring xfrm_state_lock.
From Florian Westphal.3) Protect xfrm policy hash tables with rcu, lookups
can be done now without acquiring xfrm_policy_lock.
From Florian Westphal.4) We don't need to have a garbage collector list per
namespace anymore, so use a global one instead.
From Florian Westphal.
====================Signed-off-by: David S. Miller
08 Sep, 2016
1 commit
-
proc_dointvec limits the values to INT_MAX in u32 sysctl entries.
proc_douintvec allows to write upto UINT_MAX.Signed-off-by: Subash Abhinov Kasiviswanathan
Signed-off-by: David S. Miller
24 Aug, 2016
2 commits
-
After commit 5b8ef3415a21f173
("xfrm: Remove ancient sleeping when the SA is in acquire state")
gc does not need any per-netns data anymore.As far as gc is concerned all state structs are the same, so we
can use a global work struct for it.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
An earlier patch accidentally replaced a write_lock_bh
with a spin_unlock_bh. Fix this by using spin_lock_bh
instead.Fixes: 9d0380df6217 ("xfrm: policy: convert policy_lock to spinlock")
Signed-off-by: Steffen Klassert
12 Aug, 2016
8 commits
-
After earlier patches conversions all spots acquire the writer lock and
we can now convert this to a normal spinlock.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
It doesn't seem that important.
We now get inconsistent view of the counters, but those are stale anyway
right after we drop the lock.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
Don't acquire the readlock anymore and rely on rcu alone.
In case writer on other CPU changed policy at the wrong moment (after we
obtained sk policy pointer but before we could obtain the reference)
just repeat the lookup.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
side effect: no longer disables BH (should be fine).
Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
If we don't hold the policy lock anymore the refcnt might
already be 0, i.e. policy struct is about to be free'd.Switch to atomic_inc_not_zero to avoid this.
On removal policies are already unlinked from the tables (lists)
before the last _put occurs so we are not supposed to find the same
'dead' entry on the next loop, so its safe to just repeat the lookup.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
Once xfrm_policy_lookup_bytype doesn't grab xfrm_policy_lock anymore its
possible for a hash resize to occur in parallel.Use sequence counter to block lookup in case a resize is in
progress and to also re-lookup in case hash table was altered
in the mean time (might cause use to not find the best-match).Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
Since commit 56f047305dd4b6b617
("xfrm: add rcu grace period in xfrm_policy_destroy()") xfrm policy
objects are already free'd via rcu.In order to make more places lockless (i.e. use rcu_read_lock instead of
grabbing read-side of policy rwlock) we only need to:- use rcu_assign_pointer to store address of new hash table backend memory
- add rcu barrier so that freeing of old memory is delayed (expansion
and free happens from system workqueue, so synchronize_rcu is fine)
- use rcu_dereference to fetch current address of the hash table.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
This is required once we allow lockless readers.
Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert
11 Aug, 2016
1 commit
-
Running LTP 'icmp-uni-basic.sh -6 -p ipcomp -m tunnel' test over
openvswitch + veth can trigger kernel panic:BUG: unable to handle kernel NULL pointer dereference
at 00000000000000e0 IP: [] xfrm_input+0x82/0x750
...
[] xfrm6_rcv_spi+0x1e/0x20
[] xfrm6_tunnel_rcv+0x42/0x50 [xfrm6_tunnel]
[] tunnel6_rcv+0x3e/0x8c [tunnel6]
[] ip6_input_finish+0xd5/0x430
[] ip6_input+0x33/0x90
[] ip6_rcv_finish+0xa5/0xb0
...It seems that tunnel.ip6 can have garbage values and also dereferenced
without a proper check, only tunnel.ip4 is being verified. Fix it by
adding one more if block for AF_INET6 and initialize tunnel.ip6 with NULL
inside xfrm6_rcv_spi() (which is similar to xfrm4_rcv_spi()).Fixes: 049f8e2 ("xfrm: Override skb->mark with tunnel->parm.i_key in xfrm_input")
Signed-off-by: Alexey Kodanev
Signed-off-by: Steffen Klassert
10 Aug, 2016
7 commits
-
push the lock down, after earlier patches we can rely on rcu to
make sure state struct won't go away.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
Before xfrm_state_find() can use rcu_read_lock instead of xfrm_state_lock
we need to switch users of the hash table to assign/obtain the pointers
with the appropriate rcu helpers.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
Once xfrm_state_find is lockless we have to cope with a concurrent
resize opertion.We use a sequence counter to block in case a resize is in progress
and to detect if we might have missed a state that got moved to
a new hash table.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
The hash table backend memory and the state structs are free'd via
kfree/vfree.Once we only rely on rcu during lookups we have to make sure no other cpu
is currently accessing this before doing the free.Free operations already happen from worker so we can use synchronize_rcu
to wait until concurrent readers are done.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
Once xfrm_state_lookup_byaddr no longer acquires the state lock another
cpu might be freeing the state entry at the same time.To detect this we use atomic_inc_not_zero, we then signal -EAGAIN to
caller in case our result was stale.Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
This is required once we allow lockless access of bydst/bysrc hash tables.
Signed-off-by: Florian Westphal
Signed-off-by: Steffen Klassert -
The xfrm_replay structures are never modified, so declare them as const.
Done with the help of Coccinelle.
Signed-off-by: Julia Lawall
Signed-off-by: Steffen Klassert
29 Jul, 2016
1 commit
-
Whenever thresholds are changed the hash tables are rebuilt. This is
done by enumerating all policies and hashing and inserting them into
the right table according to the thresholds and direction.Because socket policies are also contained in net->xfrm.policy_all but
no hash tables are defined for their direction (dir + XFRM_POLICY_MAX)
this causes a NULL or invalid pointer dereference after returning from
policy_hash_bysel() if the rebuild is done while any socket policies
are installed.Since the rebuild after changing thresholds is scheduled this crash
could even occur if the userland sets thresholds seemingly before
installing any socket policies.Fixes: 53c2e285f970 ("xfrm: Do not hash socket policies")
Signed-off-by: Tobias Brunner
Acked-by: Herbert Xu
Signed-off-by: Steffen Klassert
27 Jul, 2016
2 commits
-
During fuzzing I regularly run into this WARN(). According to Herbert Xu,
this "certainly shouldn't be a WARN, it probably shouldn't print anything
either".Cc: Stephen Hemminger
Cc: Steffen Klassert
Cc: Herbert Xu
Signed-off-by: Vegard Nossum
Signed-off-by: Steffen Klassert -
AFAICT this message is just printed whenever input validation fails.
This is a normal failure and we shouldn't be dumping the stack over it.Looks like it was originally a printk that was maybe incorrectly
upgraded to a WARN:commit 62db5cfd70b1ef53aa21f144a806fe3b78c84fab
Author: stephen hemminger
Date: Wed May 12 06:37:06 2010 +0000xfrm: add severity to printk
Cc: Stephen Hemminger
Cc: Steffen Klassert
Signed-off-by: Vegard Nossum
Signed-off-by: Steffen Klassert