]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/log
mirror_ubuntu-disco-kernel.git
8 years agoliquidio VF vlan support
Raghu Vatsavayi [Thu, 8 Dec 2016 21:00:44 +0000 (13:00 -0800)]
liquidio VF vlan support

Adds support for VF vlan features.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
David S. Miller [Thu, 8 Dec 2016 19:33:17 +0000 (14:33 -0500)]
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

Johan Hedberg says:

====================
pull request: bluetooth-next 2016-12-08

I didn't miss your "net-next is closed" email, but it did come as a bit
of a surprise, and due to time-zone differences I didn't have a chance
to react to it until now. We would have had a couple of patches in
bluetooth-next that we'd still have wanted to get to 4.10.

Out of these the most critical one is the H7/CT2 patch for Bluetooth
Security Manager Protocol, something that couldn't be published before
the Bluetooth 5.0 specification went public (yesterday). If these really
can't go to net-next we'll likely be sending at least this patch through
bluetooth.git to net.git for rc1 inclusion.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agocxgb4/cxgb4vf: Remove deprecated module parameters
Ganesh Goudar [Thu, 8 Dec 2016 07:46:25 +0000 (13:16 +0530)]
cxgb4/cxgb4vf: Remove deprecated module parameters

Remove deprecated module parameters num_vf, dflt_msg_enable and
force_init.

Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'xdp-head-adjustment'
David S. Miller [Thu, 8 Dec 2016 19:25:14 +0000 (14:25 -0500)]
Merge branch 'xdp-head-adjustment'

Martin KaFai Lau says:

====================
Allow head adjustment in XDP prog

This series adds a helper to allow head adjusting in XDP prog.  mlx4
driver has been modified to support this feature.  An example is written
to encapsulate a packet with an IPv4/v6 header and then XDP_TX it
out.

v4:
1. Remove XDP_QUERY_FEATURES command.  Instead, check
   the prog->xdp_adjust_head bit inside the driver itself
   during XDP_SETUP_PROG in patch 1of4.
   Thanks for everybody's ideas.
2. Nit changes on sample code per Jesper

v3:
1. Check if the driver supports head adjustment before
   setting the xdp_prog fd to the device in patch 1of4.
2. Remove the page alignment assumption on the data_hard_start.
   Instead, add data_hard_start to the struct xdp_buff and the
   driver has to fill it if it supports head adjustment.
3. Keep the wire MTU as before in mlx4
4. Set map0_byte_count to PAGE_SIZE in patch 3of4

v2:
1. Make a variable name change in bpf_xdp_adjust_head() in patch 1
2. Ensure no less than ETH_HLEN data in bpf_xdp_adjust_head() in patch 1
3. Some clarifications in commit log messages of patch 2 and 3
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobpf: xdp: Add XDP example for head adjustment
Martin KaFai Lau [Wed, 7 Dec 2016 23:53:14 +0000 (15:53 -0800)]
bpf: xdp: Add XDP example for head adjustment

The XDP prog checks if the incoming packet matches any VIP:PORT
combination in the BPF hashmap.  If it is, it will encapsulate
the packet with a IPv4/v6 header as instructed by the value of
the BPF hashmap and then XDP_TX it out.

The VIP:PORT -> IP-Encap-Info can be specified by the cmd args
of the user prog.

Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomlx4: xdp: Reserve headroom for receiving packet when XDP prog is active
Martin KaFai Lau [Wed, 7 Dec 2016 23:53:13 +0000 (15:53 -0800)]
mlx4: xdp: Reserve headroom for receiving packet when XDP prog is active

Reserve XDP_PACKET_HEADROOM for packet and enable bpf_xdp_adjust_head()
support.  This patch only affects the code path when XDP is active.

After testing, the tx_dropped counter is incremented if the xdp_prog sends
more than wire MTU.

Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomlx4: xdp: Allow raising MTU up to one page minus eth and vlan hdrs
Martin KaFai Lau [Wed, 7 Dec 2016 23:53:12 +0000 (15:53 -0800)]
mlx4: xdp: Allow raising MTU up to one page minus eth and vlan hdrs

When XDP is active in mlx4, mlx4 is using one page/pkt.
At the same time (i.e. when XDP is active), it is currently
limiting MTU to be FRAG_SZ0 - ETH_HLEN - (2 * VLAN_HLEN)
which is 1514 in x86.  AFAICT, we can at least raise the MTU
limit up to PAGE_SIZE - ETH_HLEN - (2 * VLAN_HLEN) which this
patch is doing.  It will be useful in the next patch which
allows XDP program to extend the packet by adding new header(s).

Note: In the earlier XDP patches, there is already existing guard
to ensure the page/pkt scheme only applies when XDP is active
in mlx4.

Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobpf: xdp: Allow head adjustment in XDP prog
Martin KaFai Lau [Wed, 7 Dec 2016 23:53:11 +0000 (15:53 -0800)]
bpf: xdp: Allow head adjustment in XDP prog

This patch allows XDP prog to extend/remove the packet
data at the head (like adding or removing header).  It is
done by adding a new XDP helper bpf_xdp_adjust_head().

It also renames bpf_helper_changes_skb_data() to
bpf_helper_changes_pkt_data() to better reflect
that XDP prog does not work on skb.

This patch adds one "xdp_adjust_head" bit to bpf_prog for the
XDP-capable driver to check if the XDP prog requires
bpf_xdp_adjust_head() support.  The driver can then decide
to error out during XDP_SETUP_PROG.

Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'lan7801-mac-only'
David S. Miller [Thu, 8 Dec 2016 19:21:48 +0000 (14:21 -0500)]
Merge branch 'lan7801-mac-only'

Woojung Huh says:

====================
phy: lan78xx: add phy fixup unregister functions & LAN7801 update

V2 patch of adding phy fixup unregister function with use in LAN7801 update.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agolan78xx: add LAN7801 MAC only support
Woojung Huh [Wed, 7 Dec 2016 20:26:25 +0000 (20:26 +0000)]
lan78xx: add LAN7801 MAC only support

Add LAN7801 MAC only support with phy fixup functions.

Signed-off-by: Woojung Huh <woojung.huh@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agophy: add phy fixup unregister functions
Woojung.Huh@microchip.com [Wed, 7 Dec 2016 20:26:07 +0000 (20:26 +0000)]
phy: add phy fixup unregister functions

>From : Woojung Huh <woojung.huh@microchip.com>

Add functions to unregister phy fixup for modules.

int phy_unregister_fixup(const char *bus_id, u32 phy_uid, u32 phy_uid_mask)
Unregister phy fixup from phy_fixup_list per bus_id, phy_uid &
phy_uid_mask

int phy_unregister_fixup_for_uid(u32 phy_uid, u32 phy_uid_mask)
Unregister phy fixup from phy_fixup_list.
Use it for fixup registered by phy_register_fixup_for_uid()

int phy_unregister_fixup_for_id(const char *bus_id)
Unregister phy fixup from phy_fixup_list.
Use it for fixup registered by phy_register_fixup_for_id()

Signed-off-by: Woojung Huh <woojung.huh@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobpf: fix state equivalence
Alexei Starovoitov [Wed, 7 Dec 2016 18:57:59 +0000 (10:57 -0800)]
bpf: fix state equivalence

Commmits 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers")
and 484611357c19 ("bpf: allow access into map value arrays") by themselves
are correct, but in combination they make state equivalence ignore 'id' field
of the register state which can lead to accepting invalid program.

Fixes: 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers")
Fixes: 484611357c19 ("bpf: allow access into map value arrays")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: do not read sk_drops if application does not care
Eric Dumazet [Wed, 7 Dec 2016 18:05:36 +0000 (10:05 -0800)]
net: do not read sk_drops if application does not care

sk_drops can be an often written field, do not read it unless
application showed interest.

Note that sk_drops can be read via inet_diag, so applications
can avoid getting this info from every received packet.

In the future, 'reading' sk_drops might require folding per node or per
cpu fields, and thus become even more expensive than today.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoudp: under rx pressure, try to condense skbs
Eric Dumazet [Wed, 7 Dec 2016 17:19:33 +0000 (09:19 -0800)]
udp: under rx pressure, try to condense skbs

Under UDP flood, many softirq producers try to add packets to
UDP receive queue, and one user thread is burning one cpu trying
to dequeue packets as fast as possible.

Two parts of the per packet cost are :
- copying payload from kernel space to user space,
- freeing memory pieces associated with skb.

If socket is under pressure, softirq handler(s) can try to pull in
skb->head the payload of the packet if it fits.

Meaning the softirq handler(s) can free/reuse the page fragment
immediately, instead of letting udp_recvmsg() do this hundreds of usec
later, possibly from another node.

Additional gains :
- We reduce skb->truesize and thus can store more packets per SO_RCVBUF
- We avoid cache line misses at copyout() time and consume_skb() time,
and avoid one put_page() with potential alien freeing on NUMA hosts.

This comes at the cost of a copy, bounded to available tail room, which
is usually small. (We might have to fix GRO_MAX_HEAD which looks bigger
than necessary)

This patch gave me about 5 % increase in throughput in my tests.

skb_condense() helper could probably used in other contexts.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'liqudio-VF-data-path'
David S. Miller [Thu, 8 Dec 2016 18:21:40 +0000 (13:21 -0500)]
Merge branch 'liqudio-VF-data-path'

Raghu Vatsavayi says:

====================
liquidio VF data path

Following is V3 patch series that adds support for VF
data path related features. It also has following changes
related to previous comments:
1) Remove unnecessary "void *" casting.
2) Remove inline for functions and let gcc decide.

Please apply patches in following order as some of them
depend on earlier patches.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio VF rx data and ctl path
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:37 +0000 (08:54 -0800)]
liquidio VF rx data and ctl path

Adds support for VF receive data control path.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio CN23XX: VF TX buffers
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:36 +0000 (08:54 -0800)]
liquidio CN23XX: VF TX buffers

Adds support for freeing VF xmit buffers.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio CN23XX: VF xmit
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:35 +0000 (08:54 -0800)]
liquidio CN23XX: VF xmit

Adds support for transmit functionality in VF.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio CN23XX: VF scatter gather lists
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:34 +0000 (08:54 -0800)]
liquidio CN23XX: VF scatter gather lists

Adds support for VF scatter gather lists.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio CN23XX: VF mac address
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:33 +0000 (08:54 -0800)]
liquidio CN23XX: VF mac address

Adds support for configuring mtu, multicast and mac address.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio CN23XX: VF link status
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:32 +0000 (08:54 -0800)]
liquidio CN23XX: VF link status

Adds support for VF link status related changes.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoliquidio CN23XX: VF offload features
Raghu Vatsavayi [Wed, 7 Dec 2016 16:54:31 +0000 (08:54 -0800)]
liquidio CN23XX: VF offload features

Adds support for VF link initialization and offload features.

Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@caviumnetworks.com>
Signed-off-by: Derek Chickles <derek.chickles@caviumnetworks.com>
Signed-off-by: Satanand Burla <satananda.burla@caviumnetworks.com>
Signed-off-by: Felix Manlunas <felix.manlunas@caviumnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: rfs: add a jump label
Eric Dumazet [Wed, 7 Dec 2016 16:29:10 +0000 (08:29 -0800)]
net: rfs: add a jump label

RFS is not commonly used, so add a jump label to avoid some conditionals
in fast path.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agomacsec: remove first zero and add attribute name in comments
Zhang Shengju [Wed, 7 Dec 2016 15:02:09 +0000 (23:02 +0800)]
macsec: remove first zero and add attribute name in comments

Remove first zero for add, and use full attribute name in comments.

Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'stmmac-DMA-burst'
David S. Miller [Thu, 8 Dec 2016 18:07:11 +0000 (13:07 -0500)]
Merge branch 'stmmac-DMA-burst'

Niklas Cassel says:

====================
net: stmmac: make DMA programmable burst length more configurable

Make DMA programmable burst length more configurable in the stmmac driver.

This is done by adding support for independent pbl for tx/rx through DT.
More fine grained tuning of pbl is possible thanks to a DT property saying
that we should NOT multiply pbl values by x8/x4 in hardware.

All new DT properties are optional, and created in a way that it will not
affect any existing DT configurations.

Changes since V1:
Created cover-letter.
Rebased patch set against next-20161205, since conflicting patches to
stmmac_platform.c has been merged since V1.

Changes since V2:
Moved default value initialization of pbl to stmmac_platform.c
and added a check for pbl != 0 in stmmac_main.c,
to catch a possble pbl == 0 from pci glue.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: smmac: allow configuring lower pbl values
Niklas Cassel [Wed, 7 Dec 2016 14:20:08 +0000 (15:20 +0100)]
net: smmac: allow configuring lower pbl values

The driver currently always sets the PBLx8/PBLx4 bit, which means that
the pbl values configured via the pbl/txpbl/rxpbl DT properties are
always multiplied by 8/4 in the hardware.

In order to allow the DT to configure lower pbl values, while at the
same time not changing behavior of any existing device trees using the
pbl/txpbl/rxpbl settings, add a property to disable the multiplication
of the pbl by 8/4 in the hardware.

Suggested-by: Rabin Vincent <rabinv@axis.com>
Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: add support for independent DMA pbl for tx/rx
Niklas Cassel [Wed, 7 Dec 2016 14:20:07 +0000 (15:20 +0100)]
net: stmmac: add support for independent DMA pbl for tx/rx

GMAC and newer supports independent programmable burst lengths for
DMA tx/rx. Add new optional devicetree properties representing this.

To be backwards compatible, snps,pbl will still be valid, but
snps,txpbl/snps,rxpbl will override the value in snps,pbl if set.

If the IP is synthesized to use the AXI interface, there is a register
and a matching DT property inside the optional stmmac-axi-config DT node
for controlling burst lengths, named snps,blen.
However, using this register, it is not possible to control tx and rx
independently. Also, this register is not available if the IP was
synthesized with, e.g., the AHB interface.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: dwmac1000: fix define DMA_BUS_MODE_RPBL_MASK
Niklas Cassel [Wed, 7 Dec 2016 14:20:06 +0000 (15:20 +0100)]
net: stmmac: dwmac1000: fix define DMA_BUS_MODE_RPBL_MASK

DMA_BUS_MODE_RPBL_MASK is really 6 bits,
just like DMA_BUS_MODE_PBL_MASK.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: stmmac_platform: fix parsing of DT binding
Niklas Cassel [Wed, 7 Dec 2016 14:20:05 +0000 (15:20 +0100)]
net: stmmac: stmmac_platform: fix parsing of DT binding

commit 64c3b252e9fc ("net: stmmac: fixed the pbl setting with DT")
changed the parsing of the DT binding.

Before 64c3b252e9fc, snps,fixed-burst and snps,mixed-burst were parsed
regardless if the property snps,pbl existed or not.
After the commit, fixed burst and mixed burst are only parsed if
snps,pbl exists. Now when snps,aal has been added, it too is only
parsed if snps,pbl exists.

Since the DT binding does not specify that fixed burst, mixed burst
or aal depend on snps,pbl being specified, undo changes introduced
by 64c3b252e9fc.

The issue commit 64c3b252e9fc ("net: stmmac: fixed the pbl setting with
DT") tries to address is solved in another way:
The databook specifies that all values other than
1, 2, 4, 8, 16, or 32 results in undefined behavior,
so snps,pbl = <0> is invalid.

If pbl is 0 after parsing, set pbl to DEFAULT_DMA_PBL.
This handles the case where the property is omitted, and also handles
the case where the property is specified without any data.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: simplify the common DMA init API
Niklas Cassel [Wed, 7 Dec 2016 14:20:04 +0000 (15:20 +0100)]
net: stmmac: simplify the common DMA init API

Use struct stmmac_dma_cfg *dma_cfg as an argument rather
than using all the struct members as individual arguments.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: return error if no DMA configuration is found
Niklas Cassel [Wed, 7 Dec 2016 14:20:03 +0000 (15:20 +0100)]
net: stmmac: return error if no DMA configuration is found

All drivers except pci glue layer calls stmmac_probe_config_dt.
stmmac_probe_config_dt does a kzalloc dma_cfg.

pci glue layer does kzalloc dma_cfg explicitly, so all current
drivers does a kzalloc dma_cfg.

Return an error if no DMA configuration is found, that way
we can assume that the DMA configuration always exists.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: slicoss: use module_pci_driver()
Tobias Klauser [Wed, 7 Dec 2016 13:43:30 +0000 (14:43 +0100)]
net: ethernet: slicoss: use module_pci_driver()

Use module_pci_driver() to get rid of some boilerplate code.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'cls_flower-ICMP'
David S. Miller [Thu, 8 Dec 2016 16:47:14 +0000 (11:47 -0500)]
Merge branch 'cls_flower-ICMP'

Simon Horman says:

====================
net/sched: cls_flower: Support matching on ICMP

this series adds support for matching on ICMP type and code to cls_flower.

Changes v5->v6:
* Restore missing signed-off-by

Changes v4->v5:
* Drop all helpers

Changes v3->v4:
* Do not add icmp to struct flow_keys, it is not needed
* Do not test for ICMP protocols in packet in __skb_flow_dissect,
  this is also not needed

Changes v2->v3:
* Add FLOW_DISSECTOR_KEY_ICMP and use separate structure for ICMP

Changes v1->v2:
* Include all dissector helpers in first patch
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet/sched: cls_flower: Support matching on ICMP type and code
Simon Horman [Wed, 7 Dec 2016 12:48:28 +0000 (13:48 +0100)]
net/sched: cls_flower: Support matching on ICMP type and code

Support matching on ICMP type and code.

Example usage:

tc qdisc add dev eth0 ingress

tc filter add dev eth0 protocol ip parent ffff: flower \
indev eth0 ip_proto icmp type 8 code 0 action drop

tc filter add dev eth0 protocol ipv6 parent ffff: flower \
indev eth0 ip_proto icmpv6 type 128 code 0 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoflow dissector: ICMP support
Simon Horman [Wed, 7 Dec 2016 12:48:27 +0000 (13:48 +0100)]
flow dissector: ICMP support

Allow dissection of ICMP(V6) type and code. This should only occur
if a packet is ICMP(V6) and the dissector has FLOW_DISSECTOR_KEY_ICMP set.

There are currently no users of FLOW_DISSECTOR_KEY_ICMP.
A follow-up patch will allow FLOW_DISSECTOR_KEY_ICMP to be used by
the flower classifier.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: stmmac_platform: use correct setup function for gmac4
Niklas Cassel [Wed, 7 Dec 2016 12:41:08 +0000 (13:41 +0100)]
net: stmmac: stmmac_platform: use correct setup function for gmac4

devicetree binding for stmmac states:
- compatible: Should be "snps,dwmac-<ip_version>", "snps,dwmac"
For backwards compatibility: "st,spear600-gmac" is also supported.

Previously, when specifying "snps,dwmac-4.10a", "snps,dwmac" as your
compatible string, plat_stmmacenet_data would have both has_gmac and
has_gmac4 set.

This would lead to stmmac_hw_init calling dwmac1000_setup rather than
dwmac4_setup, resulting in a non-functional driver.
This happened since the check for has_gmac is done before the check for
has_gmac4. However, the order should not matter, so it does not make sense
to have both set.

If something is valid for both, you should do as the stmmac_interrupt does:
if (priv->plat->has_gmac || priv->plat->has_gmac4) ...

The places where it was obvious that the author actually meant
if (has_gmac || has_gmac4) rather than if (has_gmac) has been updated.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre TORGUE <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: dwmac-generic: add missing compatible strings
Niklas Cassel [Wed, 7 Dec 2016 12:41:07 +0000 (13:41 +0100)]
net: stmmac: dwmac-generic: add missing compatible strings

devicetree binding for stmmac states:
- compatible: Should be "snps,dwmac-<ip_version>", "snps,dwmac"
For backwards compatibility: "st,spear600-gmac" is also supported.

Since dwmac-generic.c calls stmmac_probe_config_dt explicitly,
another alternative would have been to remove all compatible strings
other than "snps,dwmac" and "st,spear600-gmac" from dwmac-generic.c.

However, that would probably do more good than harm, since when trying
to figure out what hardware a certain driver supports, you usually look
at the compatible strings in the struct of_device_id, and not in some
function defined in a completely different file.

No functional change intended.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobindings: net: stmmac: correct note about TSO
Niklas Cassel [Wed, 7 Dec 2016 12:41:06 +0000 (13:41 +0100)]
bindings: net: stmmac: correct note about TSO

snps,tso was previously placed under AXI BUS Mode parameters,
suggesting that the property should be in the stmmac-axi-config node.

TSO (TCP Segmentation Offloading) has nothing to do with AXI BUS Mode
parameters, and the parser actually expects it to be in the root node,
not in the stmmac-axi-config.

Also added a note about snps,tso only being available on GMAC4 and newer.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Acked-by: Alexandre TORGUE <alexandre.torgue@st.com>
Acked-by: Rob Herring <robh@kernel.org>
Acked-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ll_temac: Utilize of_get_mac_address()
Tobias Klauser [Wed, 7 Dec 2016 12:25:29 +0000 (13:25 +0100)]
net: ll_temac: Utilize of_get_mac_address()

Do not open code getting the MAC address exclusively from the
"local-mac-address" property, but instead use of_get_mac_address()
which looks up the MAC address using the 3 typical property names.

Also avoid casting away the const qualifier of the return value by
making temac_init_mac_address() take a const void* address.

Follows commit b34296a9c047 ("net: ethoc: Utilize
of_get_mac_address()").

Cc: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: axienet: Utilize of_get_mac_address()
Tobias Klauser [Wed, 7 Dec 2016 12:24:44 +0000 (13:24 +0100)]
net: axienet: Utilize of_get_mac_address()

Do not open code getting the MAC address exclusively from the
"local-mac-address" property, but instead use of_get_mac_address()
which looks up the MAC address using the 3 typical property names.

Also avoid casting away the const qualifier of the return value by
making axienet_set_mac_address() take a const void* address.

Follows commit b34296a9c047 ("net: ethoc: Utilize
of_get_mac_address()").

Cc: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'cls_flower-flags'
David S. Miller [Thu, 8 Dec 2016 16:32:50 +0000 (11:32 -0500)]
Merge branch 'cls_flower-flags'

Or Gerlitz says:

====================
net/sched: cls_flower: Add support for matching on dissection flags

This series add the UAPI to provide set of flags for matching, where the
flags provided from user-space are mapped to flow-dissector flags.

The 1st flag allows to match on whether the packet is an
IP fragment and corresponds to the FLOW_DIS_IS_FRAGMENT flag.

v2->v3:
  - replace BIT() with << (kbuild test robot)

v1->v2:
 - dropped the flow dissector patch (#1) as no changes are needed there (Jiri)
 - applied code review comments from Jiri to the flower patch
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet/mlx5e: Offload TC matching on packets being IP fragments
Or Gerlitz [Wed, 7 Dec 2016 12:03:11 +0000 (14:03 +0200)]
net/mlx5e: Offload TC matching on packets being IP fragments

Enable offloading of matching on packets being fragments.

Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet/sched: cls_flower: Add support for matching on flags
Or Gerlitz [Wed, 7 Dec 2016 12:03:10 +0000 (14:03 +0200)]
net/sched: cls_flower: Add support for matching on flags

Add UAPI to provide set of flags for matching, where the flags
provided from user-space are mapped to flow-dissector flags.

The 1st flag allows to match on whether the packet is an
IP fragment and corresponds to the FLOW_DIS_IS_FRAGMENT flag.

Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: mvneta: Indent some statements
Dan Carpenter [Wed, 7 Dec 2016 11:32:17 +0000 (14:32 +0300)]
net: mvneta: Indent some statements

These two statements were not indented correctly so it's sort of
confusing.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agodrivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool()
Dan Carpenter [Wed, 7 Dec 2016 11:14:24 +0000 (14:14 +0300)]
drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool()

We never set "slots" in this function.

Fixes: a9380b0f7be8 ("drivers: net: xgene: Add support for Jumbo frame")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Iyappan Subramanian <isubramanian@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agovhost: remove unnecessary smp_mb from vhost_work_queue
Peng Tao [Wed, 7 Dec 2016 09:52:19 +0000 (17:52 +0800)]
vhost: remove unnecessary smp_mb from vhost_work_queue

test_and_set_bit() already implies a memory barrier.

Signed-off-by: Peng Tao <bergwolf@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agovhost-vsock: remove unused vq variable
Peng Tao [Wed, 7 Dec 2016 09:52:18 +0000 (17:52 +0800)]
vhost-vsock: remove unused vq variable

Signed-off-by: Peng Tao <bergwolf@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoicmp: correct return value of icmp_rcv()
Zhang Shengju [Wed, 7 Dec 2016 06:52:53 +0000 (14:52 +0800)]
icmp: correct return value of icmp_rcv()

Currently, icmp_rcv() always return zero on a packet delivery upcall.

To make its behavior more compliant with the way this API should be
used, this patch changes this to let it return NET_RX_SUCCESS when the
packet is proper handled, and NET_RX_DROP otherwise.

Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoBluetooth: SMP: Add support for H7 crypto function and CT2 auth flag
Johan Hedberg [Thu, 8 Dec 2016 06:32:54 +0000 (08:32 +0200)]
Bluetooth: SMP: Add support for H7 crypto function and CT2 auth flag

Bluetooth 5.0 introduces a new H7 key generation function that's used
when both sides of the pairing set the CT2 authentication flag to 1.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoBluetooth: btmrvl: drop duplicate header slab.h
Geliang Tang [Wed, 23 Nov 2016 15:14:01 +0000 (23:14 +0800)]
Bluetooth: btmrvl: drop duplicate header slab.h

Drop duplicate header slab.h from btmrvl_drv.h.

Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoieee802154: atusb: implement .set_frame_retries ops callback
Stefan Schmidt [Mon, 5 Dec 2016 13:47:20 +0000 (14:47 +0100)]
ieee802154: atusb: implement .set_frame_retries ops callback

From firmware version 0.3 onwards we use the TX_ARET mode allowing for automatic
frame retransmissions. To actually make use of this feature we need to implement
the callback for setting the frame retries.

If the firmware version is to old print a warning and return with invalid value.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoieee802154: atusb: try to read permanent extended address from device
Stefan Schmidt [Mon, 5 Dec 2016 13:47:19 +0000 (14:47 +0100)]
ieee802154: atusb: try to read permanent extended address from device

With version 0.3 the atusb firmware offers an interface to read a permanent
EUI64 address from the devices EEPROM. This patch checks if the firmware is
new enough and tries to read out and use the address. If this does not work
we fall back to the original randomly generated address.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoieee802154: atusb: store firmware version after retrieval for later use
Stefan Schmidt [Mon, 5 Dec 2016 13:47:18 +0000 (14:47 +0100)]
ieee802154: atusb: store firmware version after retrieval for later use

The firmware versions will be used to enable selective features based on the
available firmware on the device. Make sure we do not need to fetch it for
every check but store it after the initial retrieval.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoieee802154: atusb: sync header file from firmware for new features
Stefan Schmidt [Mon, 5 Dec 2016 13:47:17 +0000 (14:47 +0100)]
ieee802154: atusb: sync header file from firmware for new features

This file is shared between the atusb firmware and the kernel driver. In this
update it brings the new interfaces from version 0.3 of the firmware.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
David S. Miller [Thu, 8 Dec 2016 00:16:46 +0000 (19:16 -0500)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset contains a large Netfilter update for net-next,
to summarise:

1) Add support for stateful objects. This series provides a nf_tables
   native alternative to the extended accounting infrastructure for
   nf_tables. Two initial stateful objects are supported: counters and
   quotas. Objects are identified by a user-defined name, you can fetch
   and reset them anytime. You can also use a maps to allow fast lookups
   using any arbitrary key combination. More info at:

   http://marc.info/?l=netfilter-devel&m=148029128323837&w=2

2) On-demand registration of nf_conntrack and defrag hooks per netns.
   Register nf_conntrack hooks if we have a stateful ruleset, ie.
   state-based filtering or NAT. The new nf_conntrack_default_on sysctl
   enables this from newly created netnamespaces. Default behaviour is not
   modified. Patches from Florian Westphal.

3) Allocate 4k chunks and then use these for x_tables counter allocation
   requests, this improves ruleset load time and also datapath ruleset
   evaluation, patches from Florian Westphal.

4) Add support for ebpf to the existing x_tables bpf extension.
   From Willem de Bruijn.

5) Update layer 4 checksum if any of the pseudoheader fields is updated.
   This provides a limited form of 1:1 stateless NAT that make sense in
   specific scenario, eg. load balancing.

6) Add support to flush sets in nf_tables. This series comes with a new
   set->ops->deactivate_one() indirection given that we have to walk
   over the list of set elements, then deactivate them one by one.
   The existing set->ops->deactivate() performs an element lookup that
   we don't need.

7) Two patches to avoid cloning packets, thus speed up packet forwarding
   via nft_fwd from ingress. From Florian Westphal.

8) Two IPVS patches via Simon Horman: Decrement ttl in all modes to
   prevent infinite loops, patch from Dwip Banerjee. And one minor
   refactoring from Gao feng.

9) Revisit recent log support for nf_tables netdev families: One patch
   to ensure that we correctly handle non-ethernet packets. Another
   patch to add missing logger definition for netdev. Patches from
   Liping Zhang.

10) Three patches for nft_fib, one to address insufficient register
    initialization and another to solve incorrect (although harmless)
    byteswap operation. Moreover update xt_rpfilter and nft_fib to match
    lbcast packets with zeronet as source, eg. DHCP Discover packets
    (0.0.0.0 -> 255.255.255.255). Also from Liping Zhang.

11) Built-in DCCP, SCTP and UDPlite conntrack and NAT support, from
    Davide Caratti. While DCCP is rather hopeless lately, and UDPlite has
    been broken in many-cast mode for some little time, let's give them a
    chance by placing them at the same level as other existing protocols.
    Thus, users don't explicitly have to modprobe support for this and
    NAT rules work for them. Some people point to the lack of support in
    SOHO Linux-based routers that make deployment of new protocols harder.
    I guess other middleboxes outthere on the Internet are also to blame.
    Anyway, let's see if this has any impact in the midrun.

12) Skip software SCTP software checksum calculation if the NIC comes
    with SCTP checksum offload support. From Davide Caratti.

13) Initial core factoring to prepare conversion to hook array. Three
    patches from Aaron Conole.

14) Gao Feng made a wrong conversion to switch in the xt_multiport
    extension in a patch coming in the previous batch. Fix it in this
    batch.

15) Get vmalloc call in sync with kmalloc flags to avoid a warning
    and likely OOM killer intervention from x_tables. From Marcelo
    Ricardo Leitner.

16) Update Arturo Borrero's email address in all source code headers.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next...
David S. Miller [Thu, 8 Dec 2016 00:03:23 +0000 (19:03 -0500)]
Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue

Jeff Kirsher says:

====================
40GbE Intel Wired LAN Driver Updates 2016-12-07

This series contains updates to i40e and i40evf only.

Filip modifies the i40e to log link speed change and when the link is
brought up and down.

Mitch replaces i40e_txd_use_count() with a new function which is slightly
faster and better documented so the dim witted can better follow the
code.  Fixes the locking of the service task so that it is actually
done in the service task and not in the scheduling function which calls
the service task.

Jacob, being the busy little beaver he is, provides most of the changes
starting restores a workaround that is still needed in some configurations,
specifically the Ethernet Controller XL710 for 40GbE QSFP+.  Removes
duplicate code and simplifies the i40e_vsi_add_vlan() and
i40e_vsi_kill_vlan() functions.  Removes detection of PTP frames over L4
(UDP) on the XL710 MAC, since there was a product decision to defeature
it.  Fixed a previous refactor of active filters which caused issues in
the accounting of active_filters.  Remaining work was done in the VLAN
filters to improve readability and simplify code as much as possible
to reduce inconsistencies.

Alex fixes foul budget accounting in core code by returning actual
work done, capped to budget-1.

Henry fixes the "ethtool -p" function for 1G BaseT PHYs.

Carolyn adds support for 25G devices for i40e and i40evf.

Michal adds functions to apply the correct access method for external PHYs
which could use Clause22 or Clause45 depending on the PHY.

v2: dropped last patch from previous series, since changes are needed based
    on feedback from Sergei Shtylyov
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agodummy: expend mtu range for dummy device
Zhang Shengju [Wed, 7 Dec 2016 09:41:33 +0000 (17:41 +0800)]
dummy: expend mtu range for dummy device

After commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"),
the mtu range for dummy device becomes [68, 1500].

This patch extends it to [0, 65535].

Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonlmon: use core MTU range checking in nlmon driver
Zhang Shengju [Wed, 7 Dec 2016 09:26:05 +0000 (17:26 +0800)]
nlmon: use core MTU range checking in nlmon driver

Since commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"),
mtu range is checked at dev_set_mtu().

This patch adds min_mtu for nlmon device and remove unnecessary
ndo_change_mtu() function.

Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agodriver: macvlan: Remove the rcu member of macvlan_port
Gao Feng [Wed, 7 Dec 2016 04:23:18 +0000 (12:23 +0800)]
driver: macvlan: Remove the rcu member of macvlan_port

When free macvlan_port in macvlan_port_destroy, it is safe to free
directly because netdev_rx_handler_unregister could enforce one
grace period.
So it is unnecessary to use kfree_rcu for macvlan_port.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agodriver: ipvlan: Free ipvl_port directly with kfree instead of kfree_rcu
Gao Feng [Wed, 7 Dec 2016 00:44:47 +0000 (08:44 +0800)]
driver: ipvlan: Free ipvl_port directly with kfree instead of kfree_rcu

There are two functions which would free the ipvl_port now. The first
is ipvlan_port_create. It frees the ipvl_port in the error handler,
so it could kfree it directly. The second is ipvlan_port_destroy. It
invokes netdev_rx_handler_unregister which enforces one grace period
by synchronize_net firstly, so it also could kfree the ipvl_port
directly and safely.

So it is unnecessary to use kfree_rcu to free ipvl_port.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobpf: fix loading of BPF_MAXINSNS sized programs
Daniel Borkmann [Wed, 7 Dec 2016 00:15:44 +0000 (01:15 +0100)]
bpf: fix loading of BPF_MAXINSNS sized programs

General assumption is that single program can hold up to BPF_MAXINSNS,
that is, 4096 number of instructions. It is the case with cBPF and
that limit was carried over to eBPF. When recently testing digest, I
noticed that it's actually not possible to feed 4096 instructions
via bpf(2).

The check for > BPF_MAXINSNS was added back then to bpf_check() in
cbd357008604 ("bpf: verifier (add ability to receive verification log)").
However, 09756af46893 ("bpf: expand BPF syscall with program load/unload")
added yet another check that comes before that into bpf_prog_load(),
but this time bails out already in case of >= BPF_MAXINSNS.

Fix it up and perform the check early in bpf_prog_load(), so we can drop
the second one in bpf_check(). It makes sense, because also a 0 insn
program is useless and we don't want to waste any resources doing work
up to bpf_check() point. The existing bpf(2) man page documents E2BIG
as the official error for such cases, so just stick with it as well.

Fixes: 09756af46893 ("bpf: expand BPF syscall with program load/unload")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: stmmac: do not call phy_ethtool_ksettings_set from atomic context
Niklas Cassel [Tue, 6 Dec 2016 13:47:15 +0000 (14:47 +0100)]
net: stmmac: do not call phy_ethtool_ksettings_set from atomic context

>From what I can tell, spin_lock(&priv->lock) is not needed, since the
phy_ethtool_ksettings_set call is not given the priv struct.

phy_start_aneg takes the phydev->lock. Calls to phy_adjust_link
from phy_state_machine also takes the phydev->lock.

[   13.718319] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:97
[   13.726717] in_atomic(): 1, irqs_disabled(): 0, pid: 1307, name: ethtool
[   13.742115] Hardware name: Axis ARTPEC-6 Platform
[   13.746829] [<80110568>] (unwind_backtrace) from [<8010c2bc>] (show_stack+0x18/0x1c)
[   13.754575] [<8010c2bc>] (show_stack) from [<80433484>] (dump_stack+0x80/0xa0)
[   13.761801] [<80433484>] (dump_stack) from [<80145428>] (___might_sleep+0x108/0x170)
[   13.769554] [<80145428>] (___might_sleep) from [<806c9b50>] (mutex_lock+0x24/0x44)
[   13.777128] [<806c9b50>] (mutex_lock) from [<8050cbc0>] (phy_start_aneg+0x1c/0x13c)
[   13.784783] [<8050cbc0>] (phy_start_aneg) from [<8050d338>] (phy_ethtool_ksettings_set+0x98/0xd0)
[   13.793656] [<8050d338>] (phy_ethtool_ksettings_set) from [<80517adc>] (stmmac_ethtool_set_link_ksettings+0xa0/0xb4)
[   13.804184] [<80517adc>] (stmmac_ethtool_set_link_ksettings) from [<805c5138>] (ethtool_set_settings+0xd4/0x13c)
[   13.814358] [<805c5138>] (ethtool_set_settings) from [<805c9718>] (dev_ethtool+0x13c4/0x211c)
[   13.822882] [<805c9718>] (dev_ethtool) from [<805dc7c0>] (dev_ioctl+0x480/0x8e0)
[   13.830291] [<805dc7c0>] (dev_ioctl) from [<80260e34>] (do_vfs_ioctl+0x94/0xa00)
[   13.837699] [<80260e34>] (do_vfs_ioctl) from [<802617dc>] (SyS_ioctl+0x3c/0x60)
[   13.845011] [<802617dc>] (SyS_ioctl) from [<801088bc>] (__sys_trace_return+0x0/0x10)

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'ti-cpts-update-and-fixes'
David S. Miller [Wed, 7 Dec 2016 16:13:49 +0000 (11:13 -0500)]
Merge branch 'ti-cpts-update-and-fixes'

Grygorii Strashko says:

====================
net: ethernet: ti: cpts: update and fixes

It is preparation series intended to clean up and optimize TI CPTS driver to
facilitate further integration with other TI's SoCs like Keystone 2.

Changes in v5:
- fixed copy paste error in cpts_release
- reworked cc.mult/shift and cc_mult initialization

Changes in v4:
- fixed build error in patch
  "net: ethernet: ti: cpts: clean up event list if event pool is empty"
- rebased on top of net-next

Changes in v3:
- patches reordered: fixes and small updates moved first
- added comments in code about cpts->cc_mult
- conversation range (maxsec) limited to 10sec

Changes in v2:
- patch "net: ethernet: ti: cpts: rework initialization/deinitialization"
  was split on 4 patches
- applied comments from Richard Cochran
- dropped patch
  "net: ethernet: ti: cpts: add return value to tx and rx timestamp funcitons"
- new patches added:
  "net: ethernet: ti: cpts: drop excessive writes to CTRL and INT_EN regs"
  and "clocksource: export the clocks_calc_mult_shift to use by timestamp code"

Links on prev versions:
v4: https://lkml.org/lkml/2016/12/6/496
v3: https://www.spinics.net/lists/devicetree/msg153474.html
v2: http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1282034.html
v1: http://www.spinics.net/lists/linux-omap/msg131925.html
====================

Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: fix overflow check period
Grygorii Strashko [Wed, 7 Dec 2016 00:00:45 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: fix overflow check period

The CPTS drivers uses 8sec period for overflow checking with
assumption that CPTS retclk will not exceed 500MHz. But that's not
true on some TI platforms (Kesytone 2). As result, it is possible that
CPTS counter will overflow more than once between two readings.

Hence, fix it by selecting overflow check period dynamically as
max_sec_before_overflow/2, where
 max_sec_before_overflow = max_counter_val / rftclk_freq.

Cc: John Stultz <john.stultz@linaro.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: calc mult and shift from refclk freq
Grygorii Strashko [Wed, 7 Dec 2016 00:00:44 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: calc mult and shift from refclk freq

The cyclecounter mult and shift values can be calculated based on the
CPTS rfclk frequency and timekeepnig framework provides required algos
and API's.

Hence, calc mult and shift basing on CPTS rfclk frequency if both
cpts_clock_shift and cpts_clock_mult properties are not provided in DT (the
basis of calculation algorithm is borrowed from
__clocksource_update_freq_scale() commit 7d2f944a2b83 ("clocksource:
Provide a generic mult/shift factor calculation")). After this change
cpts_clock_shift and cpts_clock_mult DT properties will become optional.

Cc: John Stultz <john.stultz@linaro.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoclocksource: export the clocks_calc_mult_shift to use by timestamp code
Murali Karicheri [Wed, 7 Dec 2016 00:00:43 +0000 (18:00 -0600)]
clocksource: export the clocks_calc_mult_shift to use by timestamp code

The CPSW CPTS driver is capable of doing timestamping on tx/rx packets and
requires to know mult and shift factors for timestamp conversion from raw
value to nanoseconds (ptp clock). Now these mult and shift factors are
calculated manually and provided through DT, which makes very hard to
support of a lot number of platforms, especially if CPTS refclk is not the
same for some kind of boards and depends on efuse settings (Keystone 2
platforms). Hence, export clocks_calc_mult_shift() to allow drivers like
CPSW CPTS (and other ptp drivesr) to benefit from automaitc calculation of
mult and shift factors.

Cc: John Stultz <john.stultz@linaro.org>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: move dt props parsing to cpts driver
Grygorii Strashko [Wed, 7 Dec 2016 00:00:42 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: move dt props parsing to cpts driver

Move DT properties parsing into CPTS driver to simplify CPSW
code and CPTS driver porting on other SoC in the future
(like Keystone 2) - with this change it will not be required
to add the same DT parsing code in Keystone 2 NETCP driver.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: rework initialization/deinitialization
Grygorii Strashko [Wed, 7 Dec 2016 00:00:41 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: rework initialization/deinitialization

The current implementation CPTS initialization and deinitialization
(represented by cpts_register/unregister()) does too many static
initialization from .ndo_open(), which is reasonable to do once at probe
time instead, and also require caller to allocate memory for struct cpts,
which is internal for CPTS driver in general.

This patch splits CPTS initialization and deinitialization on two parts:

- static initializtion cpts_create()/cpts_release() which expected to be
executed when parent driver is probed/removed;

- dynamic part cpts_register/unregister() which expected to be executed
when network device is opened/closed.

As result, current code of CPTS parent driver - CPSW - will be simplified
(and it also will allow simplify adding support for Keystone 2 devices in
the future), plus more initialization errors will be catched earlier. In
addition, this change allows to clean up cpts.h for the case when CPTS is
disabled.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: drop excessive writes to CTRL and INT_EN regs
Grygorii Strashko [Wed, 7 Dec 2016 00:00:40 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: drop excessive writes to CTRL and INT_EN regs

CPTS module and IRQs are always enabled when CPTS is registered,
before starting overflow check work, and disabled during
deregistration, when overflow check work has been canceled already.
So, It doesn't require to (re)enable CPTS module and IRQs in
cpts_overflow_check().

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: clean up event list if event pool is empty
WingMan Kwok [Wed, 7 Dec 2016 00:00:39 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: clean up event list if event pool is empty

When a CPTS user does not exit gracefully by disabling cpts
timestamping and leaving a joined multicast group, the system
continues to receive and timestamps the ptp packets which eventually
occupy all the event list entries.  When this happns, the added code
tries to remove some list entries which are expired.

Signed-off-by: WingMan Kwok <w-kwok2@ti.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: disable cpts when unregistered
Grygorii Strashko [Wed, 7 Dec 2016 00:00:38 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: disable cpts when unregistered

The cpts now is left enabled after unregistration.
Hence, disable it in cpts_unregister().

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: fix registration order
Grygorii Strashko [Wed, 7 Dec 2016 00:00:37 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: fix registration order

The ptp clock registered before spinlock, which is protecting it, and
before timecounter and cyclecounter initialization in cpts_register().

So, ensure that ptp clock is registered the last, after everything
else is done.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: fix unbalanced clk api usage in cpts_register/unregister
Grygorii Strashko [Wed, 7 Dec 2016 00:00:36 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: fix unbalanced clk api usage in cpts_register/unregister

There are two issues with TI CPTS code which are reproducible when TI
CPSW ethX device passes few up/down iterations:
- cpts refclk prepare counter continuously incremented after each
up/down iteration;
- devm_clk_get(dev, "cpts") is called many times.

Hence, fix these issues by using clk_disable_unprepare() in
cpts_clk_release() and skipping devm_clk_get() if cpts refclk has been
acquired already.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpsw: minimize direct access to struct cpts
Grygorii Strashko [Wed, 7 Dec 2016 00:00:35 +0000 (18:00 -0600)]
net: ethernet: ti: cpsw: minimize direct access to struct cpts

This will provide more flexibility in changing CPTS internals and also
required for further changes.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: allow cpts to be built separately
Grygorii Strashko [Wed, 7 Dec 2016 00:00:34 +0000 (18:00 -0600)]
net: ethernet: ti: allow cpts to be built separately

TI CPTS IP is used as part of TI OMAP CPSW driver, but it's also
present as part of NETCP on TI Keystone 2 SoCs. So, It's required
to enable build of CPTS for both this drivers and this can be
achieved by allowing CPTS to be built separately.

Hence, allow cpts to be built separately and convert it to be
a module as both CPSW and NETCP drives can be built as modules.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: ethernet: ti: cpts: switch to readl/writel_relaxed()
Grygorii Strashko [Wed, 7 Dec 2016 00:00:33 +0000 (18:00 -0600)]
net: ethernet: ti: cpts: switch to readl/writel_relaxed()

Switch to readl/writel_relaxed() APIs, because this is recommended
API and the CPTS IP is reused on Keystone 2 SoCs
where LE/BE modes are supported.

Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agoMerge branch 'bnxt_en-RDMA'
David S. Miller [Wed, 7 Dec 2016 15:59:27 +0000 (10:59 -0500)]
Merge branch 'bnxt_en-RDMA'

Michael Chan says:

====================
bnxt_en: Add interface to support RDMA driver.

This series adds an interface to support a brand new RDMA driver bnxt_re.
The first step is to re-arrange some code so that pci_enable_msix() can
be called during pci probe.  The purpose is to allow the RDMA driver to
initialize and stay initialized whether the netdev is up or down.

Then we make some changes to VF resource allocation so that there is
enough resources to support RDMA.

Finally the last patch adds a simple interface to allow the RDMA driver to
probe and register itself with any bnxt_en devices that support RDMA.
Once registered, the RDMA driver can request MSIX, send fw messages, and
receive some notifications.

v2: Fixed kbuild test robot warnings.

David, please consider this series for net-next.  Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Add interface to support RDMA driver.
Michael Chan [Wed, 7 Dec 2016 05:26:21 +0000 (00:26 -0500)]
bnxt_en: Add interface to support RDMA driver.

Since the network driver and RDMA driver operate on the same PCI function,
we need to create an interface to allow the RDMA driver to share resources
with the network driver.

1. Create a new bnxt_en_dev struct which will be returned by
bnxt_ulp_probe() upon success.  After that, all calls from the RDMA driver
to bnxt_en will pass a pointer to this struct.

2. This struct contains additional function pointers to register, request
msix, send fw messages, register for async events.

3. If the RDMA driver wants to enable RDMA on the function, it needs to
call the function pointer bnxt_register_device().  A ulp_ops structure
is passed for RCU protected upcalls from bnxt_en to the RDMA driver.

4. The RDMA driver can call firmware APIs using the bnxt_send_fw_msg()
function pointer.

5. 1 stats context is reserved when the RDMA driver registers.  MSIX
and completion rings are reserved when the RDMA driver calls
bnxt_request_msix() function pointer.

6. When the RDMA driver calls bnxt_unregister_device(), all RDMA resources
will be cleaned up.

v2: Fixed 2 uninitialized variable warnings.

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Refactor the driver registration function with firmware.
Michael Chan [Wed, 7 Dec 2016 05:26:20 +0000 (00:26 -0500)]
bnxt_en: Refactor the driver registration function with firmware.

The driver register function with firmware consists of passing version
information and registering for async events.  To support the RDMA driver,
the async events that we need to register may change.  Separate the
driver register function into 2 parts so that we can just update the
async events for the RDMA driver.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Reserve RDMA resources by default.
Michael Chan [Wed, 7 Dec 2016 05:26:19 +0000 (00:26 -0500)]
bnxt_en: Reserve RDMA resources by default.

If the device supports RDMA, we'll setup network default rings so that
there are enough minimum resources for RDMA, if possible.  However, the
user can still increase network rings to the max if he wants.  The actual
RDMA resources won't be reserved until the RDMA driver registers.

v2: Fix compile warning when BNXT_CONFIG_SRIOV is not set.

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Improve completion ring allocation for VFs.
Michael Chan [Wed, 7 Dec 2016 05:26:18 +0000 (00:26 -0500)]
bnxt_en: Improve completion ring allocation for VFs.

All available remaining completion rings not used by the PF should be
made available for the VFs so that there are enough rings in the VF to
support RDMA.  The earlier workaround code of capping the rings by the
statistics context is removed.

When SRIOV is disabled, call a new function bnxt_restore_pf_fw_resources()
to restore FW resources.  Later on we need to add some logic to account
for RDMA resources.

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Move function reset to bnxt_init_one().
Michael Chan [Wed, 7 Dec 2016 05:26:17 +0000 (00:26 -0500)]
bnxt_en: Move function reset to bnxt_init_one().

Now that MSIX is enabled in bnxt_init_one(), resources may be allocated by
the RDMA driver before the network device is opened.  So we cannot do
function reset in bnxt_open() which will clear all the resources.

The proper place to do function reset now is in bnxt_init_one().
If we get AER, we'll do function reset as well.

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Enable MSIX early in bnxt_init_one().
Michael Chan [Wed, 7 Dec 2016 05:26:16 +0000 (00:26 -0500)]
bnxt_en: Enable MSIX early in bnxt_init_one().

To better support the new RDMA driver, we need to move pci_enable_msix()
from bnxt_open() to bnxt_init_one().  This way, MSIX vectors are available
to the RDMA driver whether the network device is up or down.

Part of the existing bnxt_setup_int_mode() function is now refactored into
a new bnxt_init_int_mode().  bnxt_init_int_mode() is called during
bnxt_init_one() to enable MSIX.  The remaining logic in
bnxt_setup_int_mode() to map the IRQs to the completion rings is called
during bnxt_open().

v2: Fixed compile warning when CONFIG_BNXT_SRIOV is not set.

Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agobnxt_en: Add bnxt_set_max_func_irqs().
Michael Chan [Wed, 7 Dec 2016 05:26:15 +0000 (00:26 -0500)]
bnxt_en: Add bnxt_set_max_func_irqs().

By refactoring existing code into this new function.  The new function
will be used in subsequent patches.

v2: Fixed compile warning when CONFIG_BNXT_SRIOV is not set.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonet: sock_rps_record_flow() is for connected sockets
Eric Dumazet [Wed, 7 Dec 2016 03:32:50 +0000 (19:32 -0800)]
net: sock_rps_record_flow() is for connected sockets

Paolo noticed a cache line miss in UDP recvmsg() to access
sk_rxhash, sharing a cache line with sk_drops.

sk_drops might be heavily incremented by cpus handling a flood targeting
this socket.

We might place sk_drops on a separate cache line, but lets try
to avoid wasting 64 bytes per socket just for this, since we have
other bottlenecks to take care of.

sock_rps_record_flow() should only access sk_rxhash for connected
flows.

Testing sk_state for TCP_ESTABLISHED covers most of the cases for
connected sockets, for a zero cost, since system calls using
sock_rps_record_flow() also access sk->sk_prot which is on the
same cache line.

A follow up patch will provide a static_key (Jump Label) since most
hosts do not even use RFS.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 years agonetfilter: nft_quota: allow to restore consumed quota
Pablo Neira Ayuso [Wed, 7 Dec 2016 13:40:53 +0000 (14:40 +0100)]
netfilter: nft_quota: allow to restore consumed quota

Allow to restore consumed quota, this is useful to restore the quota
state across reboots.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: xt_bpf: support ebpf
Willem de Bruijn [Tue, 6 Dec 2016 21:25:02 +0000 (16:25 -0500)]
netfilter: xt_bpf: support ebpf

Add support for attaching an eBPF object by file descriptor.

The iptables binary can be called with a path to an elf object or a
pinned bpf object. Also pass the mode and path to the kernel to be
able to return it later for iptables dump and save.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: x_tables: avoid warn and OOM killer on vmalloc call
Marcelo Ricardo Leitner [Fri, 2 Dec 2016 09:46:38 +0000 (07:46 -0200)]
netfilter: x_tables: avoid warn and OOM killer on vmalloc call

Andrey Konovalov reported that this vmalloc call is based on an
userspace request and that it's spewing traces, which may flood the logs
and cause DoS if abused.

Florian Westphal also mentioned that this call should not trigger OOM
killer.

This patch brings the vmalloc call in sync to kmalloc and disables the
warn trace on allocation failure and also disable OOM killer invocation.

Note, however, that under such stress situation, other places may
trigger OOM killer invocation.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nf_tables: support for set flushing
Pablo Neira Ayuso [Mon, 5 Dec 2016 22:35:50 +0000 (23:35 +0100)]
netfilter: nf_tables: support for set flushing

This patch adds support for set flushing, that consists of walking over
the set elements if the NFTA_SET_ELEM_LIST_ELEMENTS attribute is set.
This patch requires the following changes:

1) Add set->ops->deactivate_one() operation: This allows us to
   deactivate an element from the set element walk path, given we can
   skip the lookup that happens in ->deactivate().

2) Add a new nft_trans_alloc_gfp() function since we need to allocate
   transactions using GFP_ATOMIC given the set walk path happens with
   held rcu_read_lock.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nft_set: introduce nft_{hash, rbtree}_deactivate_one()
Pablo Neira Ayuso [Mon, 5 Dec 2016 22:35:49 +0000 (23:35 +0100)]
netfilter: nft_set: introduce nft_{hash, rbtree}_deactivate_one()

This new function allows us to deactivate one single element, this is
required by the set flush command that comes in a follow up patch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nf_tables: constify struct nft_ctx * parameter in nft_trans_alloc()
Pablo Neira Ayuso [Mon, 5 Dec 2016 22:35:48 +0000 (23:35 +0100)]
netfilter: nf_tables: constify struct nft_ctx * parameter in nft_trans_alloc()

Context is not modified by nft_trans_alloc(), so constify it.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nat: skip checksum on offload SCTP packets
Davide Caratti [Mon, 5 Dec 2016 14:33:57 +0000 (15:33 +0100)]
netfilter: nat: skip checksum on offload SCTP packets

SCTP GSO and hardware can do CRC32c computation after netfilter processing,
so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed
is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE
when the NAT code computes the CRC, to prevent offloaders from computing
it again (on ixgbe this resulted in a transmission with wrong L4 checksum).

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: rpfilter: bypass ipv4 lbcast packets with zeronet source
Liping Zhang [Sat, 3 Dec 2016 13:25:08 +0000 (21:25 +0800)]
netfilter: rpfilter: bypass ipv4 lbcast packets with zeronet source

Otherwise, DHCP Discover packets(0.0.0.0->255.255.255.255) may be
dropped incorrectly.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nf_tables: allow to filter stateful object dumps by type
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:06:11 +0000 (00:06 +0100)]
netfilter: nf_tables: allow to filter stateful object dumps by type

This patch adds the netlink code to filter out dump of stateful objects,
through the NFTA_OBJ_TYPE netlink attribute.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nft_objref: support for stateful object maps
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:06:03 +0000 (00:06 +0100)]
netfilter: nft_objref: support for stateful object maps

This patch allows us to refer to stateful object dictionaries, the
source register indicates the key data to be used to look up for the
corresponding state object. We can refer to these maps through names or,
alternatively, the map transaction id. This allows us to refer to both
anonymous and named maps.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nf_tables: add stateful object reference to set elements
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:06:00 +0000 (00:06 +0100)]
netfilter: nf_tables: add stateful object reference to set elements

This patch allows you to refer to stateful objects from set elements.
This provides the infrastructure to create maps where the right hand
side of the mapping is a stateful object.

This allows us to build dictionaries of stateful objects, that you can
use to perform fast lookups using any arbitrary key combination.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nft_quota: add depleted flag for objects
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:05:56 +0000 (00:05 +0100)]
netfilter: nft_quota: add depleted flag for objects

Notify on depleted quota objects. The NFT_QUOTA_F_DEPLETED flag
indicates we have reached overquota.

Add pointer to table from nft_object, so we can use it when sending the
depletion notification to userspace.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nf_tables: notify internal updates of stateful objects
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:05:48 +0000 (00:05 +0100)]
netfilter: nf_tables: notify internal updates of stateful objects

Introduce nf_tables_obj_notify() to notify internal state changes in
stateful objects. This is used by the quota object to report depletion
in a follow up patch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nf_tables: atomic dump and reset for stateful objects
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:05:44 +0000 (00:05 +0100)]
netfilter: nf_tables: atomic dump and reset for stateful objects

This patch adds a new NFT_MSG_GETOBJ_RESET command perform an atomic
dump-and-reset of the stateful object. This also comes with add support
for atomic dump and reset for counter and quota objects.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 years agonetfilter: nft_quota: dump consumed quota
Pablo Neira Ayuso [Sun, 27 Nov 2016 23:05:52 +0000 (00:05 +0100)]
netfilter: nft_quota: dump consumed quota

Add a new attribute NFTA_QUOTA_CONSUMED that displays the amount of
quota that has been already consumed. This allows us to restore the
internal state of the quota object between reboots as well as to monitor
how wasted it is.

This patch changes the logic to account for the consumed bytes, instead
of the bytes that remain to be consumed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>