21 Oct, 2016
1 commit
-
Currently, GRO can do unlimited recursion through the gro_receive
handlers. This was fixed for tunneling protocols by limiting tunnel GRO
to one level with encap_mark, but both VLAN and TEB still have this
problem. Thus, the kernel is vulnerable to a stack overflow, if we
receive a packet composed entirely of VLAN headers.This patch adds a recursion counter to the GRO layer to prevent stack
overflow. When a gro_receive function hits the recursion limit, GRO is
aborted for this skb and it is processed normally. This recursion
counter is put in the GRO CB, but could be turned into a percpu counter
if we run out of space in the CB.Thanks to Vladimír Beneš for the initial bug report.
Fixes: CVE-2016-7039
Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.")
Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan")
Signed-off-by: Sabrina Dubroca
Reviewed-by: Jiri Benc
Acked-by: Hannes Frederic Sowa
Acked-by: Tom Herbert
Signed-off-by: David S. Miller
14 Aug, 2016
1 commit
-
The idea for type_check in dev_get_nest_level() was to count the number
of nested devices of the same type (currently, only macvlan or vlan
devices).
This prevented the false positive lockdep warning on configurations such
as:eth0
Signed-off-by: David S. Miller
24 Jul, 2016
1 commit
-
Just several instances of overlapping changes.
Signed-off-by: David S. Miller
17 Jul, 2016
1 commit
-
macsec can't cope with mtu frames which need vlan tag insertion, and
vlan device set the default mtu equal to the underlying dev's one.
By default vlan over macsec devices use invalid mtu, dropping
all the large packets.
This patch adds a netif helper to check if an upper vlan device
needs mtu reduction. The helper is used during vlan devices
initialization to set a valid default and during mtu updating to
forbid invalid, too bit, mtu values.
The helper currently only check if the lower dev is a macsec device,
if we get more users, we need to update only the helper (possibly
reserving an additional IFF bit).Signed-off-by: Paolo Abeni
Signed-off-by: David S. Miller
06 Jul, 2016
1 commit
-
L2 upper device needs to propagate neigh_construct/destroy calls down to
lower devices. Do this by defining default ndo functions and use them in
team, bond, bridge and vlan.Signed-off-by: Jiri Pirko
Reviewed-by: Ido Schimmel
Signed-off-by: David S. Miller
01 Jun, 2016
1 commit
-
The MAC address of the physical interface is only copied to the VLAN
when it is first created, resulting in an inconsistency after MAC
address changes of only newly created VLANs having an up-to-date MAC.The VLANs should continue inheriting the MAC address of the physical
interface until the VLAN MAC address is explicitly set to any value.
This allows IPv6 EUI64 addresses for the VLAN to reflect any changes
to the MAC of the physical interface and thus for DAD to behave as
expected.Signed-off-by: Mike Manning
Signed-off-by: David S. Miller
18 Mar, 2016
1 commit
-
vlan drivers lack proper propagation of gso_max_segs from
lower device.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
26 Feb, 2016
1 commit
-
Signed-off-by: David Decotigny
Signed-off-by: David S. Miller
22 Feb, 2016
1 commit
-
Currently vlan device inherits unicast filtering flag from underlying
device. If underlying device doesn't support unicast filter, this will
put vlan device into promiscuous mode when it's stacked.Tun on IFF_UNICAST_FLT on the vlan device in any case so that it does
not go into promiscuous mode needlessly. If underlying device does not
support unicast filtering, that device will enter promiscuous mode.Signed-off-by: Zhang Shengju
Signed-off-by: David S. Miller
18 Feb, 2016
1 commit
-
Since function vlan_proc_rem_dev() will only return 0, it's better to
return void instead of int.Signed-off-by: Zhang Shengju
Signed-off-by: David S. Miller
16 Dec, 2015
3 commits
-
The name NETIF_F_ALL_CSUM is a misnomer. This does not correspond to the
set of features for offloading all checksums. This is a mask of the
checksum offload related features bits. It is incorrect to set both
NETIF_F_HW_CSUM and NETIF_F_IP_CSUM or NETIF_F_IPV6 at the same time for
features of a device.This patch:
- Changes instances of NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK (where
NETIF_F_ALL_CSUM is being used as a mask).
- Changes bonding, sfc/efx, ipvlan, macvlan, vlan, and team drivers to
use NEITF_F_HW_CSUM in features list instead of NETIF_F_ALL_CSUM.Signed-off-by: Tom Herbert
Signed-off-by: David S. Miller -
The SCTP checksum is really a CRC and is very different from the
standards 1's complement checksum that serves as the checksum
for IP protocols. This offload interface is also very different.
Rename NETIF_F_SCTP_CSUM to NETIF_F_SCTP_CRC to highlight these
differences. The term CSUM should be reserved in the stack to refer
to the standard 1's complement IP checksum.Signed-off-by: Tom Herbert
Signed-off-by: David S. Miller -
We need to be able to propagate static FDB entries and certain bridge
port attributes (e.g. learning, flooding) down to the port netdev
driver when bridge port is a VLAN interface.Achieve that by setting ndo_bridge* and ndo_fdb* in vlan_netdev_ops to
the corresponding switchdev_port* functions. This is consistent with
team and bond devices.Signed-off-by: Ido Schimmel
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller
18 Nov, 2015
1 commit
-
When a vlan is configured with REORDER_HEADER set to 0, the vlan
header is put back into the packet and makes it appear that
the vlan header is still there even after it's been processed.
This posses a problem for bridge and macvlan ports. The packets
passed to those device may be forwarded and at the time of the
forward, vlan headers end up being unexpectedly present.With the patch, we make sure that we do not put the vlan header
back (when REORDER_HEADER is 0) if a bridge or macvlan has
been configured on top of the vlan device.Signed-off-by: Vladislav Yasevich
Signed-off-by: David S. Miller
04 Nov, 2015
1 commit
-
NIC drivers mark device as detached during error recovery.
It expects no manangement hooks to be invoked in this state.
Invoke driver vlan hooks only if device is present.Signed-off-by: Padmanabh Ratnakar
Signed-off-by: David S. Miller
19 Aug, 2015
1 commit
-
Signed-off-by: Phil Sutter
Cc: Patrick McHardy
Signed-off-by: David S. Miller
02 Jun, 2015
1 commit
-
Currently packets with non-hardware-accelerated vlan cannot be handled
by GRO. This causes low performance for 802.1ad and stacked vlan, as their
vlan tags are currently not stripped by hardware.This patch adds GRO support for non-hardware-accelerated vlan and
improves receive performance of them.Test Environment:
vlan device (.1Q) on vlan device (.1ad) on ixgbe (82599)Result:
- Before
$ netperf -t TCP_STREAM -H 192.168.20.2 -l 60
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec87380 16384 16384 60.00 5233.17
Rx side CPU usage:
%usr %sys %irq %soft %idle
0.27 58.03 0.00 41.70 0.00- After
$ netperf -t TCP_STREAM -H 192.168.20.2 -l 60
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec87380 16384 16384 60.00 7586.85
Rx side CPU usage:
%usr %sys %irq %soft %idle
0.50 25.83 0.00 59.53 14.14[ Register VLAN offloads with priority 10 -DaveM ]
Signed-off-by: Toshiaki Makita
Signed-off-by: David S. Miller
14 May, 2015
1 commit
-
Currently vlan notifier handler will try to update all vlans
for a device when that device comes up. A problem occurs,
however, when the vlan device was set to promiscuous, but not
by the user (ex: a bridge). In that case, dev->gflags are
not updated. What results is that the lower device ends
up with an extra promiscuity count. Here are the
backtraces that prove this:
[62852.052179] [] __dev_set_promiscuity+0x38/0x1e0
[62852.052186] [] ? _raw_spin_unlock_bh+0x1b/0x40
[62852.052188] [] ? dev_set_rx_mode+0x2e/0x40
[62852.052190] [] dev_set_promiscuity+0x24/0x50
[62852.052194] [] vlan_dev_open+0xd5/0x1f0 [8021q]
[62852.052196] [] __dev_open+0xbf/0x140
[62852.052198] [] __dev_change_flags+0x9d/0x170
[62852.052200] [] dev_change_flags+0x29/0x60The above comes from the setting the vlan device to IFF_UP state.
[62852.053569] [] __dev_set_promiscuity+0x38/0x1e0
[62852.053571] [] ? vlan_dev_set_rx_mode+0x2b/0x30
[8021q]
[62852.053573] [] __dev_change_flags+0xe5/0x170
[62852.053645] [] dev_change_flags+0x29/0x60
[62852.053647] [] vlan_device_event+0x18a/0x690
[8021q]
[62852.053649] [] notifier_call_chain+0x4c/0x70
[62852.053651] [] raw_notifier_call_chain+0x16/0x20
[62852.053653] [] call_netdevice_notifiers+0x2d/0x60
[62852.053654] [] __dev_notify_flags+0x33/0xa0
[62852.053656] [] dev_change_flags+0x52/0x60
[62852.053657] [] do_setlink+0x397/0xa40And this one comes from the notification code. What we end
up with is a vlan with promiscuity count of 1 and and a physical
device with a promiscuity count of 2. They should both have
a count 1.To resolve this issue, vlan code can use dev_get_flags() api
which correctly masks promiscuity and allmulti flags.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
03 Apr, 2015
1 commit
-
Don't use dev->iflink anymore.
CC: Patrick McHardy
Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller
30 Mar, 2015
1 commit
-
Stacked vlan devices curretly have few features (GRO, HIGHDMA, LLTX).
Since we have software fallbacks in case the NIC can not handle some
features for multiple vlans, we can add the same features as the lower
vlan devices for stacked vlan devices.This allows stacked vlan devices to create large (GSO) packets and not to
segment packets. Those packets will be segmented by software on the real
device, or even can be segmented by the NIC once TSO for multiple vlans
becomes enabled by the following patches.The exception is those related to FCoE, which does not have a software
fallback.Signed-off-by: Toshiaki Makita
Signed-off-by: David S. Miller
19 Mar, 2015
1 commit
-
When a networking device is taken down that has a non-trivial number
of VLAN devices configured under it, we eat a full synchronize_net()
for every such VLAN device.This is because of the call chain:
NETDEV_DOWN notifier
--> vlan_device_event()
--> dev_change_flags()
--> __dev_change_flags()
--> __dev_close()
--> __dev_close_many()
--> dev_deactivate_many()
--> synchronize_net()This is kind of rediculous because we already have infrastructure for
batching doing operation X to a list of net devices so that we only
incur one sync.So make use of that by exporting dev_close_many() and adjusting it's
interfaace so that the caller can fully manage the batch list. Use
this in vlan_device_event() and all the overhead goes away.Reported-by: Salam Noureddine
Signed-off-by: David S. Miller
04 Mar, 2015
1 commit
-
Use the built-in function instead of memset.
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
03 Mar, 2015
1 commit
-
Now that there are no more users kill dev_rebuild_header and all of it's
implementations.This is long overdue.
Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
24 Jan, 2015
1 commit
-
Assign rtnl_link_ops->get_link_net() callback so that IFLA_LINK_NETNSID is
added to rtnetlink messages.Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller
14 Jan, 2015
1 commit
-
The same macros are used for rx as well. So rename it.
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller
12 Dec, 2014
1 commit
-
Since the real device can segment packets by software, a vlan device
can set TSO/UFO even when the real device doesn't have those features.
Unlike GSO, this allows packets to be segmented after Qdisc.Signed-off-by: Toshiaki Makita
Signed-off-by: David S. Miller
22 Nov, 2014
2 commits
-
Commit a6111d3c "vlan: Pass SIOC[SG]HWTSTAMP ioctls to real device"
intended to enable hardware time stamping on VLAN interfaces, but
passing SIOCSHWTSTAMP is only half of the story. This patch adds
the second half, by letting user space find out the time stamping
capabilities of the device backing a VLAN interface.Signed-off-by: Richard Cochran
Signed-off-by: David S. Miller -
Always returns the same skb it gets, so change to void.
Signed-off-by: Jiri Pirko
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
08 Oct, 2014
1 commit
-
Testing xmit_more support with netperf and connected UDP sockets,
I found strange dst refcount false sharing.Current handling of IFF_XMIT_DST_RELEASE is not optimal.
Dropping dst in validate_xmit_skb() is certainly too late in case
packet was queued by cpu X but dequeued by cpu YThe logical point to take care of drop/force is in __dev_queue_xmit()
before even taking qdisc lock.As Julian Anastasov pointed out, need for skb_dst() might come from some
packet schedulers or classifiers.This patch adds new helper to cleanly express needs of various drivers
or qdiscs/classifiers.Drivers that need skb_dst() in their ndo_start_xmit() should call
following helper in their setup instead of the prior :dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
->
netif_keep_dst(dev);Instead of using a single bit, we use two bits, one being
eventually rebuilt in bonding/team drivers.The other one, is permanent and blocks IFF_XMIT_DST_RELEASE being
rebuilt in bonding/team. Eventually, we could add something
smarter later.Signed-off-by: Eric Dumazet
Cc: Julian Anastasov
Signed-off-by: David S. Miller
12 Aug, 2014
1 commit
-
Currently the functionality to untag traffic on input resides
as part of the vlan module and is build only when VLAN support
is enabled in the kernel. When VLAN is disabled, the function
vlan_untag() turns into a stub and doesn't really untag the
packets. This seems to create an interesting interaction
between VMs supporting checksum offloading and some network drivers.There are some drivers that do not allow the user to change
tx-vlan-offload feature of the driver. These drivers also seem
to assume that any VLAN-tagged traffic they transmit will
have the vlan information in the vlan_tci and not in the vlan
header already in the skb. When transmitting skbs that already
have tagged data with partial checksum set, the checksum doesn't
appear to be updated correctly by the card thus resulting in a
failure to establish TCP connections.The following is a packet trace taken on the receiver where a
sender is a VM with a VLAN configued. The host VM is running on
doest not have VLAN support and the outging interface on the
host is tg3:
10:12:43.503055 52:54:00:ae:42:3f > 28:d2:44:7d:c2:de, ethertype 802.1Q
(0x8100), length 78: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 27243,
offset 0, flags [DF], proto TCP (6), length 60)
10.0.100.1.58545 > 10.0.100.10.ircu-2: Flags [S], cksum 0xdc39 (incorrect
-> 0x48d9), seq 1069378582, win 29200, options [mss 1460,sackOK,TS val
4294837885 ecr 0,nop,wscale 7], length 0
10:12:44.505556 52:54:00:ae:42:3f > 28:d2:44:7d:c2:de, ethertype 802.1Q
(0x8100), length 78: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 27244,
offset 0, flags [DF], proto TCP (6), length 60)
10.0.100.1.58545 > 10.0.100.10.ircu-2: Flags [S], cksum 0xdc39 (incorrect
-> 0x44ee), seq 1069378582, win 29200, options [mss 1460,sackOK,TS val
4294838888 ecr 0,nop,wscale 7], length 0This connection finally times out.
I've only access to the TG3 hardware in this configuration thus have
only tested this with TG3 driver. There are a lot of other drivers
that do not permit user changes to vlan acceleration features, and
I don't know if they all suffere from a similar issue.The patch attempt to fix this another way. It moves the vlan header
stipping code out of the vlan module and always builds it into the
kernel network core. This way, even if vlan is not supported on
a virtualizatoin host, the virtual machines running on top of such
host will still work with VLANs enabled.CC: Patrick McHardy
CC: Nithin Nayak Sujir
CC: Michael Chan
CC: Jiri Pirko
Signed-off-by: Vladislav Yasevich
Acked-by: Jiri Pirko
Signed-off-by: David S. Miller
30 Jul, 2014
1 commit
-
Similarly, vlan will create /proc/net/vlan/, so when we
create dev with name "config", it will confict with
/proc/net/vlan/config.Reported-by: Stephane Chazelas
Cc: "David S. Miller"
Signed-off-by: Cong Wang
Signed-off-by: David S. Miller
17 Jul, 2014
1 commit
-
Signed-off-by: David S. Miller
16 Jul, 2014
1 commit
-
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen
Reviewed-by: David Herrmann
Signed-off-by: David S. Miller
08 Jul, 2014
1 commit
-
This allows applications to enable hardware timestamping without being aware
of it being a vlan device and figuring out the real device.Signed-off-by: Stefan Sørensen
Signed-off-by: David S. Miller
03 Jul, 2014
1 commit
-
Madalin-Cristian reported crashs happening after a recent commit
(5a4ae5f6e7d4 "vlan: unnecessary to check if vlan_pcpu_stats is NULL")-----------------------------------------------------------------------
root@p5040ds:~# vconfig add eth8 1
root@p5040ds:~# vconfig rem eth8.1
Unable to handle kernel paging request for data at address 0x2bc88028
Faulting instruction address: 0xc058e950
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=8 CoreNet Generic
Modules linked in:
CPU: 3 PID: 2167 Comm: vconfig Tainted: G W 3.16.0-rc3-00346-g65e85bf #2
task: e7264d90 ti: e2c2c000 task.ti: e2c2c000
NIP: c058e950 LR: c058ea30 CTR: c058e900
REGS: e2c2db20 TRAP: 0300 Tainted: G W (3.16.0-rc3-00346-g65e85bf)
MSR: 00029002 CR: 48000428 XER: 20000000
DEAR: 2bc88028 ESR: 00000000
GPR00: c047299c e2c2dbd0 e7264d90 00000000 2bc88000 00000000 ffffffff 00000000
GPR08: 0000000f 00000000 000000ff 00000000 28000422 10121928 10100000 10100000
GPR16: 10100000 00000000 c07c5968 00000000 00000000 00000000 e2c2dc48 e7838000
GPR24: c07c5bac c07c58a8 e77290cc c07b0000 00000000 c05de6c0 e7838000 e2c2dc48
NIP [c058e950] vlan_dev_get_stats64+0x50/0x170
LR [c058ea30] vlan_dev_get_stats64+0x130/0x170
Call Trace:
[e2c2dbd0] [ffffffea] 0xffffffea (unreliable)
[e2c2dc20] [c047299c] dev_get_stats+0x4c/0x140
[e2c2dc40] [c0488ca8] rtnl_fill_ifinfo+0x3d8/0x960
[e2c2dd70] [c0489f4c] rtmsg_ifinfo+0x6c/0x110
[e2c2dd90] [c04731d4] rollback_registered_many+0x344/0x3b0
[e2c2ddd0] [c047332c] rollback_registered+0x2c/0x50
[e2c2ddf0] [c0476058] unregister_netdevice_queue+0x78/0xf0
[e2c2de00] [c058d800] unregister_vlan_dev+0xc0/0x160
[e2c2de20] [c058e360] vlan_ioctl_handler+0x1c0/0x550
[e2c2de90] [c045d11c] sock_ioctl+0x28c/0x2f0
[e2c2deb0] [c010d070] do_vfs_ioctl+0x90/0x7b0
[e2c2df20] [c010d7d0] SyS_ioctl+0x40/0x80
[e2c2df40] [c000f924] ret_from_syscall+0x0/0x3cFix this problem by freeing percpu stats from dev->destructor() instead
of ndo_uninit()Reported-by: Madalin-Cristian Bucur
Signed-off-by: Eric Dumazet
Tested-by: Madalin-Cristian Bucur
Fixes: 5a4ae5f6e7d4 ("vlan: unnecessary to check if vlan_pcpu_stats is NULL")
Cc: Li RongQing
Signed-off-by: David S. Miller
22 Jun, 2014
1 commit
-
skb_cow called in vlan_reorder_header does not free the skb when it failed,
and vlan_reorder_header returns NULL to reset original skb when it is called
in vlan_untag, lead to a memory leak.Signed-off-by: Li RongQing
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
24 May, 2014
1 commit
-
Conflicts:
drivers/net/bonding/bond_alb.c
drivers/net/ethernet/altera/altera_msgdma.c
drivers/net/ethernet/altera/altera_sgdma.c
net/ipv6/xfrm6_output.cSeveral cases of overlapping changes.
The xfrm6_output.c has a bug fix which overlaps the renaming
of skb->local_df to skb->ignore_df.In the Altera TSE driver cases, the register access cleanups
in net-next overlapped with bug fixes done in net.Similarly a bug fix to send ALB packets in the bonding driver using
the right source address overlaps with cleanups in net-next.Signed-off-by: David S. Miller
23 May, 2014
1 commit
-
When combining real_dev's features and vlan_features, simple
bitwise AND is used. This doesn't work well for checksum
offloading features as if one set has NETIF_F_HW_CSUM and the
other NETIF_F_IP_CSUM and/or NETIF_F_IPV6_CSUM, we end up with
no checksum offloading. However, from the logical point of view
(how can_checksum_protocol() works), NETIF_F_HW_CSUM contains
the functionality of NETIF_F_IP_CSUM and NETIF_F_IPV6_CSUM so
that the result should be IP/IPV6.Add helper function netdev_intersect_features() implementing
this logic and use it in vlan_dev_fix_features().Signed-off-by: Michal Kubecek
Signed-off-by: David S. Miller
17 May, 2014
1 commit
-
This reverts commit dc8eaaa006350d24030502a4521542e74b5cb39f.
vlan: Fix lockdep warning when vlan dev handle notificationInstead we use the new new API to find the lock subclass of
our vlan device. This way we can support configurations where
vlans are interspersed with other devices:
bond -> vlan -> macvlan -> vlanSigned-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
13 May, 2014
1 commit
-
The __vlan_find_dev_deep should always called in RCU, according
David's suggestion, rename to __vlan_find_dev_deep_rcu looks more
reasonable.Signed-off-by: Ding Tianhong
Signed-off-by: David S. Miller
