]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/log
mirror_ubuntu-artful-kernel.git
11 years agonetfilter: nf_tables: fix error path in the init functions
Pablo Neira Ayuso [Thu, 9 Jan 2014 19:32:19 +0000 (20:32 +0100)]
netfilter: nf_tables: fix error path in the init functions

We have to unregister chain type if this fails to register netns.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain()
Patrick McHardy [Thu, 9 Jan 2014 18:42:43 +0000 (18:42 +0000)]
netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain()

We don't encode argument types into function names and since besides
nft_do_chain() there are only AF-specific versions, there is no risk
of confusion.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: prohibit deletion of a table with existing sets
Patrick McHardy [Thu, 9 Jan 2014 18:42:41 +0000 (18:42 +0000)]
netfilter: nf_tables: prohibit deletion of a table with existing sets

We currently leak the set memory when deleting a table that still has
sets in it. Return EBUSY when attempting to delete a table with sets.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: take AF module reference when creating a table
Patrick McHardy [Thu, 9 Jan 2014 18:42:40 +0000 (18:42 +0000)]
netfilter: nf_tables: take AF module reference when creating a table

The table refers to data of the AF module, so we need to make sure the
module isn't unloaded while the table exists.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: perform flags validation before table allocation
Patrick McHardy [Thu, 9 Jan 2014 18:42:39 +0000 (18:42 +0000)]
netfilter: nf_tables: perform flags validation before table allocation

Simplifies error handling. Additionally use the correct type u32 for the
host byte order flags value.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: minor nf_chain_type cleanups
Patrick McHardy [Thu, 9 Jan 2014 18:42:38 +0000 (18:42 +0000)]
netfilter: nf_tables: minor nf_chain_type cleanups

Minor nf_chain_type cleanups:

- reorder struct to plug a hoe
- rename struct module member to "owner" for consistency
- rename nf_hookfn array to "hooks" for consistency
- reorder initializers for better readability

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: constify chain type definitions and pointers
Patrick McHardy [Thu, 9 Jan 2014 18:42:37 +0000 (18:42 +0000)]
netfilter: nf_tables: constify chain type definitions and pointers

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: replay request after dropping locks to load chain type
Patrick McHardy [Thu, 9 Jan 2014 18:42:36 +0000 (18:42 +0000)]
netfilter: nf_tables: replay request after dropping locks to load chain type

To avoid races, we need to replay to request after dropping the nfnl_mutex
to auto-load the chain type module.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: add missing module references to chain types
Patrick McHardy [Thu, 9 Jan 2014 18:42:35 +0000 (18:42 +0000)]
netfilter: nf_tables: add missing module references to chain types

In some cases we neither take a reference to the AF info nor to the
chain type, allowing the module to be unloaded while in use.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: fix chain type module reference handling
Patrick McHardy [Thu, 9 Jan 2014 18:42:34 +0000 (18:42 +0000)]
netfilter: nf_tables: fix chain type module reference handling

The chain type module reference handling makes no sense at all: we take
a reference immediately when the module is registered, preventing the
module from ever being unloaded.

Fix by taking a reference when we're actually creating a chain of the
chain type and release the reference when destroying the chain.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: fix check for table overflow
Patrick McHardy [Thu, 9 Jan 2014 18:42:33 +0000 (18:42 +0000)]
netfilter: nf_tables: fix check for table overflow

The table use counter is only increased for new chains, so move the check
to the correct position.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: restore chain change atomicity
Patrick McHardy [Thu, 9 Jan 2014 18:42:32 +0000 (18:42 +0000)]
netfilter: nf_tables: restore chain change atomicity

Chain counter validation is performed after the chain policy has
potentially been changed. Move counter validation/setting before
changing of the chain policy to fix this.

Additionally fix a memory leak if chain counter allocation fails
for new chains, remove an unnecessary free_percpu() and move
counter allocation for new chains

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: split chain policy validation from actually setting it
Patrick McHardy [Thu, 9 Jan 2014 18:42:31 +0000 (18:42 +0000)]
netfilter: nf_tables: split chain policy validation from actually setting it

Currently nf_tables_newchain() atomicity is broken because of having
validation of some netlink attributes performed after changing attributes
of the chain. The chain policy is (currently) fine, but split it up as
preparation for the following fixes and to avoid future mistakes.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nft_meta: fix lack of validation of the input register
Pablo Neira Ayuso [Thu, 9 Jan 2014 19:03:55 +0000 (20:03 +0100)]
netfilter: nft_meta: fix lack of validation of the input register

We have to validate that the input register is in the range of
allowed registers, otherwise we can take a incorrect register
value as input that may lead us to a crash.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nft_ct: Add support to set the connmark
Kristian Evensen [Tue, 7 Jan 2014 15:43:54 +0000 (16:43 +0100)]
netfilter: nft_ct: Add support to set the connmark

This patch adds kernel support for setting properties of tracked
connections. Currently, only connmark is supported. One use-case
for this feature is to provide the same functionality as
-j CONNMARK --save-mark in iptables.

Some restructuring was needed to implement the set op. The new
structure follows that of nft_meta.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nft_ct: load both IPv4 and IPv6 conntrack modules for NFPROTO_INET
Patrick McHardy [Mon, 6 Jan 2014 18:09:49 +0000 (18:09 +0000)]
netfilter: nft_ct: load both IPv4 and IPv6 conntrack modules for NFPROTO_INET

The ct expression can currently not be used in the inet family since
we don't have a conntrack module for NFPROTO_INET, so
nf_ct_l3proto_try_module_get() fails. Add some manual handling to
load the modules for both NFPROTO_IPV4 and NFPROTO_IPV6 if the
ct expression is used in the inet family.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nft_meta: add l4proto support
Patrick McHardy [Fri, 3 Jan 2014 12:16:18 +0000 (12:16 +0000)]
netfilter: nft_meta: add l4proto support

For L3-proto independant rules we need to get at the L4 protocol value
directly. Add it to the nft_pktinfo struct and use the meta expression
to retrieve it.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: add nfproto support to meta expression
Patrick McHardy [Fri, 3 Jan 2014 12:16:17 +0000 (12:16 +0000)]
netfilter: nf_tables: add nfproto support to meta expression

Needed by multi-family tables to distinguish IPv4 and IPv6 packets.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: add "inet" table for IPv4/IPv6
Patrick McHardy [Fri, 3 Jan 2014 12:16:16 +0000 (12:16 +0000)]
netfilter: nf_tables: add "inet" table for IPv4/IPv6

This patch adds a new table family and a new filter chain that you can
use to attach IPv4 and IPv6 rules. This should help to simplify
rule-set maintainance in dual-stack setups.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: add support for multi family tables
Patrick McHardy [Fri, 3 Jan 2014 12:16:15 +0000 (12:16 +0000)]
netfilter: nf_tables: add support for multi family tables

Add support to register chains to multiple hooks for different address
families for mixed IPv4/IPv6 tables.

Signed-off-by: Patrick McHardy <kaber@trash.net>
11 years agonetfilter: nf_tables: add hook ops to struct nft_pktinfo
Patrick McHardy [Fri, 3 Jan 2014 12:16:14 +0000 (12:16 +0000)]
netfilter: nf_tables: add hook ops to struct nft_pktinfo

Multi-family tables need the AF from the hook ops. Add a pointer to the
hook ops and replace usage of the hooknum member in struct nft_pktinfo.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nf_tables: make chain types override the default AF functions
Patrick McHardy [Fri, 3 Jan 2014 12:16:13 +0000 (12:16 +0000)]
netfilter: nf_tables: make chain types override the default AF functions

Currently the AF-specific hook functions override the chain-type specific
hook functions. That doesn't make too much sense since the chain types
are a special case of the AF-specific hooks.

Make the AF-specific hook functions the default and make the optional
chain type hooks override them.

As a side effect, the necessary code restructuring reduces the code size,
f.i. in case of nf_tables_ipv4.o:

  nf_tables_ipv4_init_net   |  -24
  nft_do_chain_ipv4         | -113
 2 functions changed, 137 bytes removed, diff: -137

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonetfilter: nft_reject: fix compilation warning if NF_TABLES_IPV6 is disabled
Pablo Neira Ayuso [Mon, 6 Jan 2014 20:06:30 +0000 (21:06 +0100)]
netfilter: nft_reject: fix compilation warning if NF_TABLES_IPV6 is disabled

net/netfilter/nft_reject.c: In function 'nft_reject_eval':
net/netfilter/nft_reject.c:37:14: warning: unused variable 'net' [-Wunused-variable]

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 years agonet: Do not enable tx-nocache-copy by default
Benjamin Poirier [Tue, 7 Jan 2014 15:11:10 +0000 (10:11 -0500)]
net: Do not enable tx-nocache-copy by default

There are many cases where this feature does not improve performance or even
reduces it.

For example, here are the results from tests that I've run using 3.12.6 on one
Intel Xeon W3565 and one i7 920 connected by ixgbe adapters. The results are
from the Xeon, but they're similar on the i7. All numbers report the
mean±stddev over 10 runs of 10s.

1) latency tests similar to what is described in "c6e1a0d net: Allow no-cache
copy from user on transmit"
There is no statistically significant difference between tx-nocache-copy
on/off.
nic irqs spread out (one queue per cpu)

200x netperf -r 1400,1
tx-nocache-copy off
        692000±1000 tps
        50/90/95/99% latency (us): 275±2/643.8±0.4/799±1/2474.4±0.3
tx-nocache-copy on
        693000±1000 tps
        50/90/95/99% latency (us): 274±1/644.1±0.7/800±2/2474.5±0.7

200x netperf -r 14000,14000
tx-nocache-copy off
        86450±80 tps
        50/90/95/99% latency (us): 334.37±0.02/838±1/2100±20/3990±40
tx-nocache-copy on
        86110±60 tps
        50/90/95/99% latency (us): 334.28±0.01/837±2/2110±20/3990±20

2) single stream throughput tests
tx-nocache-copy leads to higher service demand

                        throughput  cpu0        cpu1        demand
                        (Gb/s)      (Gcycle)    (Gcycle)    (cycle/B)

nic irqs and netperf on cpu0 (1x netperf -T0,0 -t omni -- -d send)

tx-nocache-copy off     9402±5      9.4±0.2                 0.80±0.01
tx-nocache-copy on      9403±3      9.85±0.04               0.838±0.004

nic irqs on cpu0, netperf on cpu1 (1x netperf -T1,1 -t omni -- -d send)

tx-nocache-copy off     9401±5      5.83±0.03   5.0±0.1     0.923±0.007
tx-nocache-copy on      9404±2      5.74±0.03   5.523±0.009 0.958±0.002

As a second example, here are some results from Eric Dumazet with latest
net-next.
tx-nocache-copy also leads to higher service demand

(cpu is Intel(R) Xeon(R) CPU X5660  @ 2.80GHz)

lpq83:~# ./ethtool -K eth0 tx-nocache-copy on
lpq83:~# perf stat ./netperf -H lpq84 -c
MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to lpq84.prod.google.com () port 0 AF_INET
Recv   Send    Send                          Utilization       Service Demand
Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
Size   Size    Size     Time     Throughput  local    remote   local   remote
bytes  bytes   bytes    secs.    10^6bits/s  % S      % U      us/KB   us/KB

 87380  16384  16384    10.00      9407.44   2.50     -1.00    0.522   -1.000

 Performance counter stats for './netperf -H lpq84 -c':

       4282.648396 task-clock                #    0.423 CPUs utilized
             9,348 context-switches          #    0.002 M/sec
                88 CPU-migrations            #    0.021 K/sec
               355 page-faults               #    0.083 K/sec
    11,812,797,651 cycles                    #    2.758 GHz                     [82.79%]
     9,020,522,817 stalled-cycles-frontend   #   76.36% frontend cycles idle    [82.54%]
     4,579,889,681 stalled-cycles-backend    #   38.77% backend  cycles idle    [67.33%]
     6,053,172,792 instructions              #    0.51  insns per cycle
                                             #    1.49  stalled cycles per insn [83.64%]
       597,275,583 branches                  #  139.464 M/sec                   [83.70%]
         8,960,541 branch-misses             #    1.50% of all branches         [83.65%]

      10.128990264 seconds time elapsed

lpq83:~# ./ethtool -K eth0 tx-nocache-copy off
lpq83:~# perf stat ./netperf -H lpq84 -c
MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to lpq84.prod.google.com () port 0 AF_INET
Recv   Send    Send                          Utilization       Service Demand
Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
Size   Size    Size     Time     Throughput  local    remote   local   remote
bytes  bytes   bytes    secs.    10^6bits/s  % S      % U      us/KB   us/KB

 87380  16384  16384    10.00      9412.45   2.15     -1.00    0.449   -1.000

 Performance counter stats for './netperf -H lpq84 -c':

       2847.375441 task-clock                #    0.281 CPUs utilized
            11,632 context-switches          #    0.004 M/sec
                49 CPU-migrations            #    0.017 K/sec
               354 page-faults               #    0.124 K/sec
     7,646,889,749 cycles                    #    2.686 GHz                     [83.34%]
     6,115,050,032 stalled-cycles-frontend   #   79.97% frontend cycles idle    [83.31%]
     1,726,460,071 stalled-cycles-backend    #   22.58% backend  cycles idle    [66.55%]
     2,079,702,453 instructions              #    0.27  insns per cycle
                                             #    2.94  stalled cycles per insn [83.22%]
       363,773,213 branches                  #  127.757 M/sec                   [83.29%]
         4,242,732 branch-misses             #    1.17% of all branches         [83.51%]

      10.128449949 seconds time elapsed

CC: Tom Herbert <therbert@google.com>
Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoipv4: loopback device: ignore value changes after device is upped
Jiri Pirko [Tue, 7 Jan 2014 14:55:45 +0000 (15:55 +0100)]
ipv4: loopback device: ignore value changes after device is upped

When lo is brought up, new ifa is created. Then, devconf and neigh values
bitfield should be set so later changes of default values would not
affect lo values.

Note that the same behaviour is in ipv6. Also note that this is likely
not an issue in many distros (for example Fedora 19) because userspace
sets address to lo manually before bringing it up.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoIPv6: add the option to use anycast addresses as source addresses in echo reply
FX Le Bail [Tue, 7 Jan 2014 13:57:27 +0000 (14:57 +0100)]
IPv6: add the option to use anycast addresses as source addresses in echo reply

This change allows to follow a recommandation of RFC4942.

- Add "anycast_src_echo_reply" sysctl to control the use of anycast addresses
  as source addresses for ICMPv6 echo reply. This sysctl is false by default
  to preserve existing behavior.
- Add inline check ipv6_anycast_destination().
- Use them in icmpv6_echo_reply().

Reference:
RFC4942 - IPv6 Transition/Coexistence Security Considerations
   (http://tools.ietf.org/html/rfc4942#section-2.1.6)

2.1.6. Anycast Traffic Identification and Security

   [...]
   To avoid exposing knowledge about the internal structure of the
   network, it is recommended that anycast servers now take advantage of
   the ability to return responses with the anycast address as the
   source address if possible.

Signed-off-by: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonet/mlx4_en: fix error return code in mlx4_en_get_qp()
Wei Yongjun [Tue, 7 Jan 2014 08:56:07 +0000 (16:56 +0800)]
net/mlx4_en: fix error return code in mlx4_en_get_qp()

Fix to return a negative error code from the error handling
case instead of 0.

Fixes: 837052d0ccc5 ('net/mlx4_en: Add netdev support for TCP/IP offloads of vxlan tunneling')
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agor8152: correct some messages
Hayes Wang [Tue, 7 Jan 2014 03:18:22 +0000 (11:18 +0800)]
r8152: correct some messages

 - Replace pr_warn_ratelimited() with net_ratelimit() and netdev_warn().
 - Adjust the algnment of some messages.
 - Remove the peroid.
 - Fix some messages don't have terminating newline.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobna: Fix build due to missing use of dma_unmap_len_set()
David S. Miller [Tue, 7 Jan 2014 01:37:41 +0000 (20:37 -0500)]
bna: Fix build due to missing use of dma_unmap_len_set()

> as reported for linux-next of Dec.20, 2013
> when CONFIG_NEED_DMA_MAP_STATE is not enabled:
>
> drivers/net/ethernet/brocade/bna/bnad.c: In function 'bnad_start_xmit':
> drivers/net/ethernet/brocade/bna/bnad.c:3074:26: error: 'struct bnad_tx_vector' has no member named 'dma_len'

Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agogre_offload: statically build GRE offloading support
Eric Dumazet [Mon, 6 Jan 2014 22:03:07 +0000 (14:03 -0800)]
gre_offload: statically build GRE offloading support

GRO/GSO layers can be enabled on a node, even if said
node is only forwarding packets.

This patch permits GSO (and upcoming GRO) support for GRE
encapsulated packets, even if the host has no GRE tunnel setup.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: H.K. Jerry Chu <hkchu@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobgmac: fix typos
Hauke Mehrtens [Mon, 6 Jan 2014 22:24:29 +0000 (23:24 +0100)]
bgmac: fix typos

This fixes some typos found by Sergei.

Reported-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch
David S. Miller [Tue, 7 Jan 2014 00:48:38 +0000 (19:48 -0500)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch

Jesse Gross says:

====================
[GIT net-next] Open vSwitch

Open vSwitch changes for net-next/3.14. Highlights are:
 * Performance improvements in the mechanism to get packets to userspace
   using memory mapped netlink and skb zero copy where appropriate.
 * Per-cpu flow stats in situations where flows are likely to be shared
   across CPUs. Standard flow stats are used in other situations to save
   memory and allocation time.
 * A handful of code cleanups and rationalization.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoovs: make functions local
Stephen Hemminger [Tue, 17 Dec 2013 19:22:48 +0000 (19:22 +0000)]
ovs: make functions local

Several functions and datastructures could be local
Found with 'make namespacecheck'

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Compute checksum in skb_gso_segment() if needed
Thomas Graf [Fri, 13 Dec 2013 14:22:22 +0000 (15:22 +0100)]
openvswitch: Compute checksum in skb_gso_segment() if needed

The copy & csum optimization is no longer present with zerocopy
enabled. Compute the checksum in skb_gso_segment() directly by
dropping the HW CSUM capability from the features passed in.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Use skb_zerocopy() for upcall
Thomas Graf [Fri, 13 Dec 2013 14:22:21 +0000 (15:22 +0100)]
openvswitch: Use skb_zerocopy() for upcall

Use of skb_zerocopy() can avoid the expensive call to memcpy()
when copying the packet data into the Netlink skb. Completes
checksum through skb_checksum_help() if not already done in
GSO segmentation.

Zerocopy is only performed if user space supported unaligned
Netlink messages. memory mapped netlink i/o is preferred over
zerocopy if it is set up.

Cost of upcall is significantly reduced from:
+   7.48%       vhost-8471  [k] memcpy
+   5.57%     ovs-vswitchd  [k] memcpy
+   2.81%       vhost-8471  [k] csum_partial_copy_generic

to:
+   5.72%     ovs-vswitchd  [k] memcpy
+   3.32%       vhost-5153  [k] memcpy
+   0.68%       vhost-5153  [k] skb_zerocopy

(megaflows disabled)

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Pass datapath into userspace queue functions
Thomas Graf [Fri, 13 Dec 2013 14:22:20 +0000 (15:22 +0100)]
openvswitch: Pass datapath into userspace queue functions

Allows removing the net and dp_ifindex argument and simplify the
code.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Drop user features if old user space attempted to create datapath
Thomas Graf [Fri, 13 Dec 2013 14:22:19 +0000 (15:22 +0100)]
openvswitch: Drop user features if old user space attempted to create datapath

Drop user features if an outdated user space instance that does not
understand the concept of user_features attempted to create a new
datapath.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Allow user space to announce ability to accept unaligned Netlink messages
Thomas Graf [Fri, 13 Dec 2013 14:22:18 +0000 (15:22 +0100)]
openvswitch: Allow user space to announce ability to accept unaligned Netlink messages

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agonet: Export skb_zerocopy() to zerocopy from one skb to another
Thomas Graf [Fri, 13 Dec 2013 14:22:17 +0000 (15:22 +0100)]
net: Export skb_zerocopy() to zerocopy from one skb to another

Make the skb zerocopy logic written for nfnetlink queue available for
use by other modules.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: remove duplicated include from flow_table.c
Wei Yongjun [Mon, 16 Dec 2013 06:06:15 +0000 (14:06 +0800)]
openvswitch: remove duplicated include from flow_table.c

Remove duplicated include.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agonet: ovs: use kfree_rcu instead of rcu_free_{sw_flow_mask_cb,acts_callback}
Daniel Borkmann [Tue, 10 Dec 2013 11:02:03 +0000 (12:02 +0100)]
net: ovs: use kfree_rcu instead of rcu_free_{sw_flow_mask_cb,acts_callback}

As we're only doing a kfree() anyway in the RCU callback, we can
simply use kfree_rcu, which does the same job, and remove the
function rcu_free_sw_flow_mask_cb() and rcu_free_acts_callback().

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Per cpu flow stats.
Pravin B Shelar [Wed, 30 Oct 2013 00:22:21 +0000 (17:22 -0700)]
openvswitch: Per cpu flow stats.

With mega flow implementation ovs flow can be shared between
multiple CPUs which makes stats updates highly contended
operation. This patch uses per-CPU stats in cases where a flow
is likely to be shared (if there is a wildcard in the 5-tuple
and therefore likely to be spread by RSS). In other situations,
it uses the current strategy, saving memory and allocation time.

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Enable memory mapped Netlink i/o
Thomas Graf [Sat, 30 Nov 2013 12:21:32 +0000 (13:21 +0100)]
openvswitch: Enable memory mapped Netlink i/o

Use memory mapped Netlink i/o for all unicast openvswitch
communication if a ring has been set up.

Benchmark
  * pktgen -> ovs internal port
  * 5M pkts, 5M flows
  * 4 threads, 8 cores

Before:
Result: OK: 67418743(c67108212+d310530) usec, 5000000 (9000byte,0frags)
  74163pps 5339Mb/sec (5339736000bps) errors: 0
+   2.98%     ovs-vswitchd  [k] copy_user_generic_string
+   2.49%     ovs-vswitchd  [k] memcpy
+   1.84%       kpktgend_2  [k] memcpy
+   1.81%       kpktgend_1  [k] memcpy
+   1.81%       kpktgend_3  [k] memcpy
+   1.78%       kpktgend_0  [k] memcpy

After:
Result: OK: 24229690(c24127165+d102524) usec, 5000000 (9000byte,0frags)
  206358pps 14857Mb/sec (14857776000bps) errors: 0
+   2.80%     ovs-vswitchd  [k] memcpy
+   1.31%       kpktgend_2  [k] memcpy
+   1.23%       kpktgend_0  [k] memcpy
+   1.09%       kpktgend_1  [k] memcpy
+   1.04%       kpktgend_3  [k] memcpy
+   0.96%     ovs-vswitchd  [k] copy_user_generic_string

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agonetlink: Avoid netlink mmap alloc if msg size exceeds frame size
Thomas Graf [Sat, 30 Nov 2013 12:21:31 +0000 (13:21 +0100)]
netlink: Avoid netlink mmap alloc if msg size exceeds frame size

An insufficent ring frame size configuration can lead to an
unnecessary skb allocation for every Netlink message. Check frame
size before taking the queue lock and allocating the skb and
re-check with lock to be safe.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agogenl: Add genlmsg_new_unicast() for unicast message allocation
Thomas Graf [Sat, 30 Nov 2013 12:21:30 +0000 (13:21 +0100)]
genl: Add genlmsg_new_unicast() for unicast message allocation

Allocates a new sk_buff large enough to cover the specified payload
plus required Netlink headers. Will check receiving socket for
memory mapped i/o capability and use it if enabled. Will fall back
to non-mapped skb if message size exceeds the frame size of the ring.

Signed-of-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Silence RCU lockdep checks from flow lookup.
Jesse Gross [Tue, 3 Dec 2013 18:58:53 +0000 (10:58 -0800)]
openvswitch: Silence RCU lockdep checks from flow lookup.

Flow lookup can happen either in packet processing context or userspace
context but it was annotated as requiring RCU read lock to be held. This
also allows OVS mutex to be held without causing warnings.

Reported-by: Justin Pettit <jpettit@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Reviewed-by: Thomas Graf <tgraf@redhat.com>
11 years agoopenvswitch: Change ovs_flow_tbl_lookup_xx() APIs
Andy Zhou [Mon, 25 Nov 2013 18:42:46 +0000 (10:42 -0800)]
openvswitch: Change ovs_flow_tbl_lookup_xx() APIs

API changes only for code readability. No functional chnages.

This patch removes the underscored version. Added a new API
ovs_flow_tbl_lookup_stats() that returns the n_mask_hits.

Reported by: Ben Pfaff <blp@nicira.com>
Reviewed-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Shrink sw_flow_mask by 8 bytes (64-bit) or 4 bytes (32-bit).
Ben Pfaff [Mon, 25 Nov 2013 18:41:28 +0000 (10:41 -0800)]
openvswitch: Shrink sw_flow_mask by 8 bytes (64-bit) or 4 bytes (32-bit).

We won't normally have a ton of flow masks but using a size_t to store
values no bigger than sizeof(struct sw_flow_key) seems excessive.

This reduces sw_flow_key_range and sw_flow_mask by 4 bytes on 32-bit
systems.  On 64-bit systems it shrinks sw_flow_key_range by 12 bytes but
sw_flow_mask only by 8 bytes due to padding.

Compile tested only.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoopenvswitch: Correct comment.
Ben Pfaff [Mon, 25 Nov 2013 18:40:51 +0000 (10:40 -0800)]
openvswitch: Correct comment.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
11 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Mon, 6 Jan 2014 22:37:45 +0000 (17:37 -0500)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Conflicts:
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c
net/ipv6/ip6_tunnel.c
net/ipv6/ip6_vti.c

ipv6 tunnel statistic bug fixes conflicting with consolidation into
generic sw per-cpu net stats.

qlogic conflict between queue counting bug fix and the addition
of multiple MAC address support.

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonet_sched: act: action flushing missaccounting
Jamal Hadi Salim [Mon, 23 Dec 2013 13:02:13 +0000 (08:02 -0500)]
net_sched: act: action flushing missaccounting

action flushing missaccounting
Account only for deleted actions

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonet_sched: Remove unnecessary checks for act->ops
Jamal Hadi Salim [Mon, 23 Dec 2013 13:02:12 +0000 (08:02 -0500)]
net_sched: Remove unnecessary checks for act->ops

Remove unnecessary checks for act->ops
(suggested by Eric Dumazet).

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobridge: use DEVICE_ATTR_xx macros
sfeldma@cumulusnetworks.com [Mon, 6 Jan 2014 19:00:44 +0000 (11:00 -0800)]
bridge: use DEVICE_ATTR_xx macros

Use DEVICE_ATTR_RO/RW macros to simplify bridge sysfs attribute definitions.

Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobridge: use spin_lock_bh() in br_multicast_set_hash_max
Curt Brune [Mon, 6 Jan 2014 19:00:32 +0000 (11:00 -0800)]
bridge: use spin_lock_bh() in br_multicast_set_hash_max

br_multicast_set_hash_max() is called from process context in
net/bridge/br_sysfs_br.c by the sysfs store_hash_max() function.

br_multicast_set_hash_max() calls spin_lock(&br->multicast_lock),
which can deadlock the CPU if a softirq that also tries to take the
same lock interrupts br_multicast_set_hash_max() while the lock is
held .  This can happen quite easily when any of the bridge multicast
timers expire, which try to take the same lock.

The fix here is to use spin_lock_bh(), preventing other softirqs from
executing on this CPU.

Steps to reproduce:

1. Create a bridge with several interfaces (I used 4).
2. Set the "multicast query interval" to a low number, like 2.
3. Enable the bridge as a multicast querier.
4. Repeatedly set the bridge hash_max parameter via sysfs.

  # brctl addbr br0
  # brctl addif br0 eth1 eth2 eth3 eth4
  # brctl setmcqi br0 2
  # brctl setmcquerier br0 1

  # while true ; do echo 4096 > /sys/class/net/br0/bridge/hash_max; done

Signed-off-by: Curt Brune <curt@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agovxlan: keep original skb ownership
Eric Dumazet [Mon, 6 Jan 2014 17:54:31 +0000 (09:54 -0800)]
vxlan: keep original skb ownership

Sathya Perla posted a patch trying to address following problem :

<quote>
 The vxlan driver sets itself as the socket owner for all the TX flows
 it encapsulates (using vxlan_set_owner()) and assigns it's own skb
 destructor. This causes all tunneled traffic to land up on only one TXQ
 as all encapsulated skbs refer to the vxlan socket and not the original
 socket.  Also, the vxlan skb destructor breaks some functionality for
 tunneled traffic like wmem accounting and as TCP small queues and
 FQ/pacing packet scheduler.
</quote>

I reworked Sathya patch and added some explanations.

vxlan_xmit() can avoid one skb_clone()/dev_kfree_skb() pair
and gain better drop monitor accuracy, by calling kfree_skb() when
appropriate.

The UDP socket used by vxlan to perform encapsulation of xmit packets
do not need to be alive while packets leave vxlan code. Its better
to keep original socket ownership to get proper feedback from qdisc and
NIC layers.

We use skb->sk to

A) control amount of bytes/packets queued on behalf of a socket, but
prior vxlan code did the skb->sk transfert without any limit/control
on vxlan socket sk_sndbuf.

B) security purposes (as selinux) or netfilter uses, and I do not think
anything is prepared to handle vxlan stacked case in this area.

By not changing ownership, vxlan tunnels behave like other tunnels.
As Stephen mentioned, we might do the same change in L2TP.

Reported-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agotcp: out_of_order_queue do not use its lock
Eric Dumazet [Mon, 6 Jan 2014 17:36:12 +0000 (09:36 -0800)]
tcp: out_of_order_queue do not use its lock

TCP out_of_order_queue lock is not used, as queue manipulation
happens with socket lock held and we therefore use the lockless
skb queue routines (as __skb_queue_head())

We can use __skb_queue_head_init() instead of skb_queue_head_init()
to make this more consistent.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoipv6: don't install anycast address for /128 addresses on routers
Hannes Frederic Sowa [Mon, 6 Jan 2014 16:53:14 +0000 (17:53 +0100)]
ipv6: don't install anycast address for /128 addresses on routers

It does not make sense to create an anycast address for an /128-prefix.
Suppress it.

As 32019e651c6fce ("ipv6: Do not leave router anycast address for /127
prefixes.") shows we also may not leave them, because we could accidentally
remove an anycast address the user has allocated or got added via another
prefix.

Cc: François-Xavier Le Bail <fx.lebail@yahoo.com>
Cc: Thomas Haller <thaller@redhat.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agohso: fix handling of modem port SERIAL_STATE notifications
Dan Williams [Mon, 6 Jan 2014 16:07:29 +0000 (10:07 -0600)]
hso: fix handling of modem port SERIAL_STATE notifications

The existing serial state notification handling expected older Option
devices, having a hardcoded assumption that the Modem port was always
USB interface #2.  That isn't true for devices from the past few years.

hso_serial_state_notification is a local cache of a USB Communications
Interface Class SERIAL_STATE notification from the device, and the
USB CDC specification (section 6.3, table 67 "Class-Specific Notifications")
defines wIndex as the USB interface the event applies to.  For hso
devices this will always be the Modem port, as the Modem port is the
only port which is set up to receive them by the driver.

So instead of always expecting USB interface #2, instead validate the
notification with the actual USB interface number of the Modem port.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Tested-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobonding: fix kstrtou8() return value verification in num_peer_notif
Veaceslav Falico [Mon, 6 Jan 2014 10:54:40 +0000 (11:54 +0100)]
bonding: fix kstrtou8() return value verification in num_peer_notif

It returns 0 in case of success, !0 error otherwise. Fix the improper error
verification.

Fixes: 2c9839c143bbc ("bonding: add num_grat_arp attribute netlink support")
CC: sfeldma@cumulusnetworks.com
CC: Jay Vosburgh <fubar@us.ibm.com>
CC: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Acked-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agor8152: replace the return value of rtl_ops_init
hayeswang [Mon, 6 Jan 2014 09:08:43 +0000 (17:08 +0800)]
r8152: replace the return value of rtl_ops_init

Replace the boolean value with the error code for the return value
of the rtl_ops_init().

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agor8152: move the actions of saving the information of the device
hayeswang [Mon, 6 Jan 2014 09:08:42 +0000 (17:08 +0800)]
r8152: move the actions of saving the information of the device

Some information of the device may be used in other functions. Move
the relative code to make sure it would be initialzed correctly
before using it.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agor8152: replace some tabs with spaces
hayeswang [Mon, 6 Jan 2014 09:08:41 +0000 (17:08 +0800)]
r8152: replace some tabs with spaces

Replace the tabs of the variables declaration with the spaces.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoisdn: Drop big endian cpp checks from telespci and hfc_pci drivers
Guenter Roeck [Mon, 6 Jan 2014 04:31:39 +0000 (20:31 -0800)]
isdn: Drop big endian cpp checks from telespci and hfc_pci drivers

With arm:allmodconfig, building the Teles PCI driver fails with

telespci.c:294:2: error: #error "not running on big endian machines now"

Similar, building the driver for HFC PCI-Bus cards fails with

hfc_pci.c:1647:2: error: #error "not running on big endian machines now"

Remove the big endian cpp check from both drivers to fix the build errors.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonet: pkt_sched: PIE AQM scheme
Vijay Subramanian [Sun, 5 Jan 2014 01:33:55 +0000 (17:33 -0800)]
net: pkt_sched: PIE AQM scheme

Proportional Integral controller Enhanced (PIE) is a scheduler to address the
bufferbloat problem.

>From the IETF draft below:
" Bufferbloat is a phenomenon where excess buffers in the network cause high
latency and jitter. As more and more interactive applications (e.g. voice over
IP, real time video streaming and financial transactions) run in the Internet,
high latency and jitter degrade application performance. There is a pressing
need to design intelligent queue management schemes that can control latency and
jitter; and hence provide desirable quality of service to users.

We present here a lightweight design, PIE(Proportional Integral controller
Enhanced) that can effectively control the average queueing latency to a target
value. Simulation results, theoretical analysis and Linux testbed results have
shown that PIE can ensure low latency and achieve high link utilization under
various congestion situations. The design does not require per-packet
timestamp, so it incurs very small overhead and is simple enough to implement
in both hardware and software.  "

Many thanks to Dave Taht for extensive feedback, reviews, testing and
suggestions. Thanks also to Stephen Hemminger and Eric Dumazet for reviews and
suggestions.  Naeem Khademi and Dave Taht independently contributed to ECN
support.

For more information, please see technical paper about PIE in the IEEE
Conference on High Performance Switching and Routing 2013. A copy of the paper
can be found at ftp://ftpeng.cisco.com/pie/.

Please also refer to the IETF draft submission at
http://tools.ietf.org/html/draft-pan-tsvwg-pie-00

All relevant code, documents and test scripts and results can be found at
ftp://ftpeng.cisco.com/pie/.

For problems with the iproute2/tc or Linux kernel code, please contact Vijay
Subramanian (vijaynsu@cisco.com or subramanian.vijay@gmail.com) Mythili Prabhu
(mysuryan@cisco.com)

Signed-off-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Signed-off-by: Mythili Prabhu <mysuryan@cisco.com>
CC: Dave Taht <dave.taht@bufferbloat.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonetfilter: Fix build failure in nfnetlink_queue_core.c.
David S. Miller [Mon, 6 Jan 2014 18:36:06 +0000 (13:36 -0500)]
netfilter: Fix build failure in nfnetlink_queue_core.c.

net/netfilter/nfnetlink_queue_core.c: In function 'nfqnl_put_sk_uidgid':
net/netfilter/nfnetlink_queue_core.c:304:35: error: 'TCP_TIME_WAIT' undeclared (first use in this function)
net/netfilter/nfnetlink_queue_core.c:304:35: note: each undeclared identifier is reported only once for each function it appears in
make[3]: *** [net/netfilter/nfnetlink_queue_core.o] Error 1

Just a missing include of net/tcp_states.h

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables
David S. Miller [Mon, 6 Jan 2014 18:29:30 +0000 (13:29 -0500)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables

Pablo Neira Ayuso says: <pablo@netfilter.org>

====================
nftables updates for net-next

The following patchset contains nftables updates for your net-next tree,
they are:

* Add set operation to the meta expression by means of the select_ops()
  infrastructure, this allows us to set the packet mark among other things.
  From Arturo Borrero Gonzalez.

* Fix wrong format in sscanf in nf_tables_set_alloc_name(), from Daniel
  Borkmann.

* Add new queue expression to nf_tables. These comes with two previous patches
  to prepare this new feature, one to add mask in nf_tables_core to
  evaluate the queue verdict appropriately and another to refactor common
  code with xt_NFQUEUE, from Eric Leblond.

* Do not hide nftables from Kconfig if nfnetlink is not enabled, also from
  Eric Leblond.

* Add the reject expression to nf_tables, this adds the missing TCP RST
  support. It comes with an initial patch to refactor common code with
  xt_NFQUEUE, again from Eric Leblond.

* Remove an unused variable assignment in nf_tables_dump_set(), from Michal
  Nazarewicz.

* Remove the nft_meta_target code, now that Arturo added the set operation
  to the meta expression, from me.

* Add help information for nf_tables to Kconfig, also from me.

* Allow to dump all sets by specifying NFPROTO_UNSPEC, similar feature is
  available to other nf_tables objects, requested by Arturo, from me.

* Expose the table usage counter, so we can know how many chains are using
  this table without dumping the list of chains, from Tomasz Bursztyka.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net...
David S. Miller [Mon, 6 Jan 2014 18:25:58 +0000 (13:25 -0500)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next

Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates

This series contains updates to i40e only.

Majority of this series contains patches from Greg and Mitch to fix
up or add functionality to the PF/VF driver interactions.  Notably,
a fix for SR-IOV VF port VLAN which resolved the problem of port VLAN
configurations not being persistent across VF driver loads and unloads
and enable/disable of the feature.  Also do not enable the default port
on the VEB, which is designed only to bridge the PF to an Open vSwitch
or bridge.  Another fix to resolve a possible memory corruption
condition where ARQ messages are written to random memory locations.
Fix a problem where the 'ip link show' command would display stale
link address information after the link address was set via the 'ip
link set' command.

Anjali provides several patches, one which saves information that can
be used while cleaning the Tx ring and useful in detecting Tx hangs.
Then provides a fixes to the admin queue shutdown function to ensure
we are shutting down the queue in the shutdown path and ensure ASQ is
alive before issuing the admin queue command.

Shannon provides a fix for get/update vsi params where the incorrect
struct was being used.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge branch 'be2net'
David S. Miller [Mon, 6 Jan 2014 18:09:26 +0000 (13:09 -0500)]
Merge branch 'be2net'

Sathya Perla says:

====================
be2net: patch set

Pls apply the following bug fixes to the 'net' tree. Thanks.

Suresh Reddy (2):
  be2net: increase the timeout value for loopback-test FW cmd
  be2net: fix max_evt_qs calculation for BE3 in SR-IOV config

Vasundhara Volam (1):
  be2net: disable RSS when number of RXQs is reduced to 1 via
    set-channels
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobe2net: fix max_evt_qs calculation for BE3 in SR-IOV config
Suresh Reddy [Mon, 6 Jan 2014 07:32:25 +0000 (13:02 +0530)]
be2net: fix max_evt_qs calculation for BE3 in SR-IOV config

The driver wrongly assumes 16 EQs/vectors are available for each BE3 PF.
When SR-IOV is enabled, a BE3 PF can support only a max of 8 EQs.

Signed-off-by: Suresh Reddy <suresh.reddy@emulex.com>
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobe2net: increase the timeout value for loopback-test FW cmd
Suresh Reddy [Mon, 6 Jan 2014 07:32:24 +0000 (13:02 +0530)]
be2net: increase the timeout value for loopback-test FW cmd

The loopback test FW cmd may need upto 15 seconds to complete on
certain PHYs. This patch also fixes the name of the completion variable
used to synchronize FW cmd completions as it not used by the flashing
cmd alone anymore.

Signed-off-by: Suresh Reddy <suresh.reddy@emulex.com>
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobe2net: disable RSS when number of RXQs is reduced to 1 via set-channels
Vasundhara Volam [Mon, 6 Jan 2014 07:32:23 +0000 (13:02 +0530)]
be2net: disable RSS when number of RXQs is reduced to 1 via set-channels

When *only* the default RXQ is used, the RSS policy must be disabled so
that all IP and no-IP traffic is placed into the default RXQ. If not,
IP traffic is dropped.

Also, issue the RSS_CONFIG cmd only if FW advertises RSS capability for
the interface.
Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com>
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoi40e: Do not allow AQ calls from ndo-ops
Anjali Singhai Jain [Thu, 28 Nov 2013 06:39:47 +0000 (06:39 +0000)]
i40e: Do not allow AQ calls from ndo-ops

If the device is not in a working state avoid making admin
queue (AQ) calls that rely on a working AQ.

Change-Id: Ifbba6d257b3a5b51bfe92938c04088c0baa21433
Signed-off-by: Anjali Singhai Jain <anjali.singhai@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: check asq alive before notify
Anjali Singhai Jain [Thu, 28 Nov 2013 06:39:46 +0000 (06:39 +0000)]
i40e: check asq alive before notify

Driver needs to make sure the send queue is alive before
trying to use it.

Chagne-Id: I9bd1f6159c45c98e63f562e3a8dfb57edfe50e13
Signed-off-by: Anjali Singhai Jain <anjali.singhai@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: Admin queue shutdown fixes
Anjali Singhai Jain [Thu, 28 Nov 2013 06:39:45 +0000 (06:39 +0000)]
i40e: Admin queue shutdown fixes

Always call the AQ call to shutdown the queue in the shutdown path.

Check ASQ is alive before issuing the AQ command since we might be
resetting to recover from a bad state in which case we should not
issue the AQ command.

Use the register variable for length so it can be used by PF, VF
and GL AQ commands.

Change-Id: Ic3d305687ea3f1a6afa84e864b7a27bd38a9af32
Signed-off-by: Anjali Singhai Jain <anjali.singhai@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: Hide the Port VLAN VLAN ID
Greg Rose [Thu, 28 Nov 2013 06:39:44 +0000 (06:39 +0000)]
i40e: Hide the Port VLAN VLAN ID

The VF VSI Port VLAN settings still allow the user to view VLAN tag in
the descriptor.  Fix the settings to hide the VLAN ID from the VF. The
VF is not supposed to be aware it is on a VLAN in the Port VLAN
scenario.

Change-Id: I976f2bacb455dbb750f8c53a781c689f02cb8907
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: use correct struct for get and update vsi params
Shannon Nelson [Thu, 28 Nov 2013 06:39:43 +0000 (06:39 +0000)]
i40e: use correct struct for get and update vsi params

The get_vsi_params and update_vsi_params functions were using a
different command struct that just happened to have an seid element in
the right place and so worked correctly anyway.  This patch fixes the
functions to use the right data struct.

There is no actual logic change.

Change-Id: I513b5e1dc293dfd5b2ba4fa443cbdbfa608d9d19
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: Fix VF driver MAC address configuration
Greg Rose [Thu, 28 Nov 2013 06:39:42 +0000 (06:39 +0000)]
i40e: Fix VF driver MAC address configuration

Fix a problem where the 'ip link show' command would display stale
link address information after the link address was set via the 'ip
link set' command.  In addition, fix problem with the user being
allowed to overwrite the administratively set VF MAC address.

Change-Id: I669ed14e55f2b633ef7b456b713632b08468671c
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: support VFs on PFs other than 0
Mitch Williams [Thu, 28 Nov 2013 06:39:41 +0000 (06:39 +0000)]
i40e: support VFs on PFs other than 0

When communicating with VF devices over the AQ, the FW refers to the
VF by its global VF ID, not local the VF ID with reference to its
parent PF. Since the global and local VF IDs are identical for PF 0,
the code worked correctly on PF 0.

However, we cannot just use global IDs throughout the code as most of
the other references to the VF (VSI setup, register offsets, etc.)
require the local VF ID. Instead, we just add or subtract our base VF
ID when sending and receiving AQ messages.

Change-Id: I92f4332b4876bc68b2f9af9ebf48761f63b6bd97
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: acknowledge VFLR when disabling SR-IOV
Mitch Williams [Thu, 28 Nov 2013 06:39:40 +0000 (06:39 +0000)]
i40e: acknowledge VFLR when disabling SR-IOV

When SR-IOV is disabled, the (now nonexistent) virtual function
devices undergo a VFLR event. We don't need to handle this event
because the VFs are gone, but we do need to tell the HW that they are
complete. This fixes an issue with a phantom VFLR and broken VFs when
SR-IOV is re-enabled.

Change-Id: I7580b49ded0158172a85b14661ec212af77000c8
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: don't allocate zero size
Mitch Williams [Thu, 28 Nov 2013 06:39:39 +0000 (06:39 +0000)]
i40e: don't allocate zero size

Shockingly, the compiler didn't flag this uninitialized variable. This
fixes a potential memory corruption condition where ARQ messages are
written to random memory locations.

Change-Id: Iac82f4562d2bf3f42df3f3b2163d9cbed2160135
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: use struct assign instead of memcpy
Mitch Williams [Thu, 28 Nov 2013 06:39:38 +0000 (06:39 +0000)]
i40e: use struct assign instead of memcpy

Use struct assignment rather than an expensive memory copy.

Change-Id: I1d18d510774dfd41a9c1250cdef238a4187528f5
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: Do not enable default port on the VEB
Greg Rose [Thu, 28 Nov 2013 06:39:37 +0000 (06:39 +0000)]
i40e: Do not enable default port on the VEB

Enabling the default port on the VEB causes all outgoing traffic from
virtual functions to be copied to the physical function.  The default
port is only supposed to be used if you wish to bridge the physical
function to a SW switch such as Open vSwitch or the Linux bridge. That
allows the SW switch to route traffic to VMs that are not using a
virtual function.

Eventually we'll want to implement the ndo_fdb_add, ndo_fdb_del, and
ndo_fdb_dump functions.  The ndo_fdb_add function would set the
default port on the VEB in those cases where the MAC/VLAN address
filters have overflowed.  Normally we would not want to use it.

Change-Id: I3990f0384fff2840c4e43bc0955dd0b701380852
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: avoid unnecessary register read
Mitch Williams [Thu, 28 Nov 2013 06:39:36 +0000 (06:39 +0000)]
i40e: avoid unnecessary register read

We don't need to read the base VF id. It's already stashed in the HW
struct.

Change-Id: Ib81e2f76fc40b12c966e014a856b481912cafefc
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: fix whitespace
Jesse Brandeburg [Thu, 28 Nov 2013 06:39:35 +0000 (06:39 +0000)]
i40e: fix whitespace

Trivial whitespace fix.

Change-Id: Ib7c70891a33c4b3d200c69367549d0dbdee0f076
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: Fix SR-IOV VF port VLAN
Greg Rose [Thu, 28 Nov 2013 06:39:34 +0000 (06:39 +0000)]
i40e: Fix SR-IOV VF port VLAN

This patch fixes two different problems.
1) The port VLAN configuration was not persistent across VF driver
   loads and unloads.

2) The port VLAN configuration was only correct the first time it was
   set. Switching the port VLAN on and off would cause subsequent VLAN
   configurations to be corrupted in the VSI.  Ensure that the correct
   bits are being set for the VSI port VLAN configuration.

Change-Id: I7ebf5329f77eb8d73ccd3324eb346b3abeea737d
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Sibai Li <sibai.li@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agoi40e: Record dma buffer info for dummy packets
Anjali Singhai Jain [Thu, 28 Nov 2013 06:39:33 +0000 (06:39 +0000)]
i40e: Record dma buffer info for dummy packets

Save information that we can use while cleaning the tx ring. Also record
the time_stamp since we will need it to check tx hangs.

Change-Id: Ia3f1c17f6fec9bcb7fef2542d77eac7f6c4f115c
Signed-off-by: Anjali Singhai Jain <anjali.singhai@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
11 years agonet/mlx4_core: Warn if device doesn't have enough PCI bandwidth
Eyal Perry [Sun, 5 Jan 2014 15:41:08 +0000 (17:41 +0200)]
net/mlx4_core: Warn if device doesn't have enough PCI bandwidth

Check if the device get enough bandwidth from the entire PCI chain to satisfy
its capabilities. This patch determines the PCIe device's bandwidth capabilities
by reading its PCIe Link Capabilities registers and then call the
pcie_get_minimum_link function to ensure that the adapter is hooked into a slot
which is capable of providing the necessary bandwidth capabilities.

Signed-off-by: Eyal Perry <eyalpe@mellanox.com>
Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoxen-netback: Include header for vmalloc
Josh Boyer [Sun, 5 Jan 2014 15:24:01 +0000 (10:24 -0500)]
xen-netback: Include header for vmalloc

Commit ac3d5ac27735 ("xen-netback: fix guest-receive-side array sizes")
added calls to vmalloc and vfree in the interface.c file without including
<linux/vmalloc.h>.  This causes build failures if the
-Werror=implicit-function-declaration flag is passed.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net...
David S. Miller [Mon, 6 Jan 2014 01:31:01 +0000 (20:31 -0500)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next

Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates

This series contains updates to i40e only.

Anjali provides two cleanups to remove unnecessary code and a fix
to resolve debugfs dumping only half the NVM.  Then provides a fix
to ethtool NVM reads where shadow RAM was used instead of actual
NVM reads.

Jesse provides a couple of fixes, one removes custom i40e functions
which duplicate existing kernel functionality.  Second fixes constant
cast issues by replacing __constant_htons with htons.

Mitch provides a couple of fixes for the VF interfaces in i40e.  First
provides a fix to guard against VF message races with can cause a panic.
Second fix reinitializes the buffer size each time we clean the ARQ,
because subsequent messages can be truncated. Lastly adds functionality
to enable/disable ICR 0 dynamically.

Vasu adds a simple guard against multiple includes of the i40e_txrx.h
file.

Shannon provides a couple of fixes, first fix swaps a couple of lines
around in the error handling if the allocation for the VSI array fails.
Second fixes an issue where we try to free the q_vector that has not
been setup which can panic the kernel.

David provides a patch to save off the point to memory and the length
of 2 structs used in the admin queue in order to store all info about
allocated kernel memory.

Neerav fixes ring allocation where allocation and clearing of rings
for a VSI should be using the alloc_queue_pairs and not num_queue_pairs.
Then removes the unused define for multi-queue enabled.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years ago8021q: make vlan_pcpu_stats visible without CONFIG_VLAN_8021Q
Hannes Frederic Sowa [Mon, 6 Jan 2014 00:41:20 +0000 (01:41 +0100)]
8021q: make vlan_pcpu_stats visible without CONFIG_VLAN_8021Q

macvlan needs vlan_pcpu_stats so make it visible even if compiling
without VLAN_8021Q support. Otherwise a very long compiler error happens.

Fixes: cdf3e274cf1b36 ("macvlan: unify macvlan_pcpu_stats and vlan_pcpu_stats")
Cc: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-By: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonet: netdev_kobject_init: annotate with __init
Daniel Borkmann [Mon, 6 Jan 2014 00:20:11 +0000 (01:20 +0100)]
net: netdev_kobject_init: annotate with __init

netdev_kobject_init() is only being called from __init context,
that is, net_dev_init(), so annotate it with __init as well, thus
the kernel can take this as a hint that the function is used only
during the initialization phase and free up used memory resources
after its invocation.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agonet: 6lowpan: fix lowpan_header_create non-compression memcpy call
Daniel Borkmann [Mon, 6 Jan 2014 00:45:50 +0000 (01:45 +0100)]
net: 6lowpan: fix lowpan_header_create non-compression memcpy call

In function lowpan_header_create(), we invoke the following code
construct:

  struct ipv6hdr *hdr;
  ...
  hdr = ipv6_hdr(skb);
  ...
  if (...)
    memcpy(hc06_ptr + 1, &hdr->flow_lbl[1], 2);
  else
    memcpy(hc06_ptr, &hdr, 4);

Where the else path of the condition, that is, non-compression
path, calls memcpy() with a pointer to struct ipv6hdr *hdr as
source, thus two levels of indirection. This cannot be correct,
and likely only one level of pointer was intended as source
buffer for memcpy() here.

Fixes: 44331fe2aa0d ("IEEE802.15.4: 6LoWPAN basic support")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Alexander Smirnov <alex.bluesman.smirnov@gmail.com>
Cc: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Cc: Werner Almesberger <werner@almesberger.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agofec: Revert "fec: Do not assume that PHY reset is active low"
Fabio Estevam [Mon, 6 Jan 2014 00:08:25 +0000 (22:08 -0200)]
fec: Revert "fec: Do not assume that PHY reset is active low"

In order to keep DT compatibility we need to revert this, otherwise the original
dts files will no longer work with this driver change.

This reverts commit 7a399e3a2e05bc580a78ea72371b3896827f72e1.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge branch 'bnx2x'
David S. Miller [Mon, 6 Jan 2014 01:23:12 +0000 (20:23 -0500)]
Merge branch 'bnx2x'

Yuval Mintz says:

====================
bnx2x: Bug fixes patch series

Most of what this parch series contains is SR-IOV related bug fixes.
Additionally, it contains some small fixes for legacy devices/modes.

Please consider applying these patches to `net'.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobnx2x: fix VLAN configuration for VFs.
Yuval Mintz [Sun, 5 Jan 2014 16:33:54 +0000 (18:33 +0200)]
bnx2x: fix VLAN configuration for VFs.

If the hypervisor configures a vlan for the VF via the PF, the expected
result is that only packets tagged by said vlan will be received by the VF
(and that vlan will be silently removed).
Due to an incorrect manipulation of vlan filters in the driver, the
VF can receive untagged traffic even if the hypervisor configured
some vlan for it.

This patch corrects the behaviour.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobnx2x: fix AFEX memory overflow
Yuval Mintz [Sun, 5 Jan 2014 16:33:53 +0000 (18:33 +0200)]
bnx2x: fix AFEX memory overflow

There are 2 different (related) flows in the slowpath configuration
that utilize the same pointer and cast it to different structs;
This is obviously incorrect as the intended allocated memory is that
of the smaller struct, possibly causing the flow utilizing the larger
struct to corrupt other slowpath configuration.

Since both flows are exclusive, set the allocated memory to be a union
of both structs.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobnx2x: Clean before update RSS arrives
Michal Kalderon [Sun, 5 Jan 2014 16:33:52 +0000 (18:33 +0200)]
bnx2x: Clean before update RSS arrives

When a PF receives a VF message indicating a change in RSS properties
it should clean the flags' bit-fields; Otherwise, it's possible that
some random values will be considered as flags by the lower layers configuring
the RSS in FW.

Signed-off-by: Michal Kalderon <michals@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobnx2x: Correct number of MSI-X vectors for VFs
Michal Kalderon [Sun, 5 Jan 2014 16:33:51 +0000 (18:33 +0200)]
bnx2x: Correct number of MSI-X vectors for VFs

Number of VFs in PCIe configuration space is zero-based. Driver incorrectly
sets the number of VFs to be larger by one than what actually is feasible by
HW, which might cause later VFs to fail to allocate their MSI-X interrupts.

Signed-off-by: Michal Kalderon <michals@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agobnx2x: limit number of interrupt vectors for 57711
Dmitry Kravkov [Sun, 5 Jan 2014 16:33:50 +0000 (18:33 +0200)]
bnx2x: limit number of interrupt vectors for 57711

Original straightforward division may lead to zeroing number of SB and
null-pointer dereference when device is short of MSIX vectors or lacks
MSIX capabilities.

Reported-by: Vladislav Zolotarov <vladz@cloudius-systems.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
11 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
David S. Miller [Mon, 6 Jan 2014 01:18:50 +0000 (20:18 -0500)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
netfilter/IPVS updates for net-next

The following patchset contains Netfilter updates for your net-next tree,
they are:

* Add full port randomization support. Some crazy researchers found a way
  to reconstruct the secure ephemeral ports that are allocated in random mode
  by sending off-path bursts of UDP packets to overrun the socket buffer of
  the DNS resolver to trigger retransmissions, then if the timing for the
  DNS resolution done by a client is larger than usual, then they conclude
  that the port that received the burst of UDP packets is the one that was
  opened. It seems a bit aggressive method to me but it seems to work for
  them. As a result, Daniel Borkmann and Hannes Frederic Sowa came up with a
  new NAT mode to fully randomize ports using prandom.

* Add a new classifier to x_tables based on the socket net_cls set via
  cgroups. These includes two patches to prepare the field as requested by
  Zefan Li. Also from Daniel Borkmann.

* Use prandom instead of get_random_bytes in several locations of the
  netfilter code, from Florian Westphal.

* Allow to use the CTA_MARK_MASK in ctnetlink when mangling the conntrack
  mark, also from Florian Westphal.

* Fix compilation warning due to unused variable in IPVS, from Geert
  Uytterhoeven.

* Add support for UID/GID via nfnetlink_queue, from Valentina Giusti.

* Add IPComp extension to x_tables, from Fan Du.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>