se (udp, tcp,
forwarding workloads, ...)
4. There are no fancy action(s) needed on clone/free, such as callbacks
into kernel modules.
Florian Westphal (13):
netfilter: avoid using skb->nf_bridge directly
sk_buff: add skb extension infrastructure
net: convert bridge_nf to
is going to remove skb->sp.
Signed-off-by: Florian Westphal
---
v2: no changes
include/net/xfrm.h | 2 +-
net/ipv4/esp4_offload.c | 11 ++-
net/ipv6/esp6_offload.c | 11 ++-
net/ipv6/xfrm6_input.c | 6 --
net/xfrm/xfrm_input.c | 16 +---
5 files changed
skb_sec_path gains 'const' qualifier to avoid
xt_policy.c: 'skb_sec_path' discards 'const' qualifier from pointer target type
same reasoning as previous conversions: Won't need to touch these
spots anymore when skb->sp is removed.
Signed-off-by: Florian
This pointer is going to be removed soon, so use the existing helpers in
more places to avoid noise when the removal happens.
Signed-off-by: Florian Westphal
---
v2: no changes
include/linux/netfilter_bridge.h | 33 +-
include/net/netfilter/br_netfilter.h | 6
net
Future patch will remove skb->sp pointer.
To reduce noise in those patches, move existing helper to
sk_buff and use it in more places to ease skb->sp replacement later.
Signed-off-by: Florian Westphal
---
v2: no changes
include/linux/skbuff.h | 13 ++---
include/net/xfrm.h
-off-by: Florian Westphal
---
v2: no changes
include/linux/netfilter_bridge.h | 4 ++--
include/linux/skbuff.h | 28 ++--
include/net/netfilter/br_netfilter.h | 8
net/Kconfig | 1 +
net/bridge/br_netfilter_hooks.c
allocated memory (except the small extension header) is not cleared,
so no additonal overhead aside from memory usage.
Avoid atomic_dec_and_test operation on skb_ext_put()
by using similar trick as kfree_skbmem() does with fclone_ref:
If recount is 1, there is no concurrent user and we can fr
... so this won't have to be changed when skb->sp goes away.
v2: no changes, preserve ack.
Acked-by: Shannon Nelson
Signed-off-by: Florian Westphal
---
drivers/net/netdevsim/ipsec.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/netdevsim/i
Will reduce noise when skb->sp is removed later in this series.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h| 2 +-
net/xfrm/xfrm_interface.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 71411ebaf
reduce noise when skb->sp is removed later in the series.
Signed-off-by: Florian Westphal
---
drivers/crypto/chelsio/chcr_ipsec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/chelsio/chcr_ipsec.c
b/drivers/crypto/chelsio/chcr_ipsec.c
index 461b97e2f
Will avoid touching this when sp pointer is removed from sk_buff struct.
Signed-off-by: Florian Westphal
---
v2: no changes
.../ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c| 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5
Use skb_sec_path and secpath_exists helpers where possible.
This reduces noise in followup patch that removes skb->sp pointer.
v2: no changes, preseve acks from v1.
Acked-by: Shannon Nelson
Signed-off-by: Florian Westphal
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
in following ipsec performance tests:
- transport mode with aes on 10GB link
- tunnel mode between two network namespaces with aes and null cipher
Signed-off-by: Florian Westphal
---
Documentation/networking/xfrm_device.txt | 7 +--
include/linux/skbuff.h | 10 ++---
include/
in places that immediately assign the return value to
skb.
This allows to remove skb->sp without touching these spots again.
secpath_dup can eventually be removed in followup patch.
Signed-off-by: Florian Westphal
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 +
dr
> It not used since commit 6be3b0db6db8 ("xfrm: policy: add inexact policy
> search tree infrastructure")
Acked-by: Florian Westphal
Removing this appears correct, the exact policy gets passed to
xfrm_policy_eval_candidates where the priority is checked.
Dmitry Vyukov wrote:
> On Wed, Dec 19, 2018 at 7:37 PM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:a26d94bff4d5 net: bridge: remove unneeded variable 'err'
> > git tree: net-next
> > console output: https://syzkaller.appspot.com/x/log.
Paolo Abeni wrote:
> When the extension to be added is already present, the only
> skb field we may need to update is 'extensions': we can reorder
> the code and avoid a branch.
>
> Signed-off-by: Paolo Abeni
> ---
> net/core/skbuff.c | 9 +++--
> 1 file changed, 3 insertions(+), 6 deletions
Paolo Abeni wrote:
> Such helper is currently unused, and skb extension users are
> better off using skb_ext_add()/skb_ext_del(). So let's drop
> it.
Right, I had a look at one of my older branches and its not used
there either.
Acked-by: Florian Westphal
'.
Yep, this is indeed possible when two clones of same skb
have skb_ext_add() invoked at the same time from two different
context.
Thanks for spotting this.
Acked-by: Florian Westphal
Paolo Abeni wrote:
> When the extension to be added is already present, the only
> skb field we may need to update is 'extensions': we can reorder
> the code and avoid a branch.
Thanks Paolo.
Acked-by: Florian Westphal
ture")
Signed-off-by: Florian Westphal
---
Greg, David:
The patch will not break build for a tree that lacks the 'Fixes'
commit, so this can also go in via staging tree.
OTOH, net-next build is broken for mips/octeon, so I think in
this case net-next might make more sense?
syzbot wrote:
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit:ce28bb445388 Merge git://git.kernel.org/pub/scm/linux/kern..
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1673fb1b40
> kernel config: https://syzkaller.apps
Mauricio Faria de Oliveira wrote:
> +static const struct nf_conntrack_tuple_hash *
> +find_or_evict(struct net *net, struct xt_connlimit_conn *conn)
> +{
> + const struct nf_conntrack_tuple_hash *found;
> + unsigned long a, b;
> + int cpu = raw_smp_processor_id();
> + __s32 age;
T
Mauricio Faria de Oliveira wrote:
> Recently, Alakesh Haloi reported the following issue [1] with stable/4.14:
>
> """
> An iptable rule like the following on a multicore systems will result in
> accepting more connections than set in the rule.
>
> iptables -A INPUT -p tcp -m tcp --syn
David Ahern wrote:
> On 12/27/18 12:38 AM, we...@ucloud.cn wrote:
> > nft add table firewall
> > nft add chain firewall zones { type filter hook prerouting priority - 300
> > \; }
> > nft add rule firewall zones counter ct zone set iif map { "eth1" : 1,
> > "eth2" : 2 }
> > nft add chain firewa
Cong Wang wrote:
> xfrm_hash_rebuild() re-inserts existing policies into the hashtables,
> so it should not insert a same policy in the same place twice. This
> means we have to pass excl==1 to xfrm_policy_inexact_insert() and ignore
> the -EEXIST error. Otherwise we end up having an entry in the
patch 'fixes this'.
AFAIU that will make syzbot report the problem again in case it can still
trigger similar splats with these fixes in place.
Florian Westphal (7):
selftests: xfrm: add block rules with adjacent/overlapping subnets
xfrm: policy: use hlist rcu variants on inex
he 'old' node and replace
it with the new subnet prefix).
Add a few 'block policies' in a pattern that triggers this, with a priority
that will make kernel prefer the 'esp' rules.
Make sure the 'tunnel ping' tests still pass after they have been added
by destination address")
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_policy.c | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 24dfd1e47cf0..e691683223ee 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm
causing soft lockups or double-frees.
Reported-by: syzbot+9d971dd21eb265670...@syzkaller.appspotmail.com
Fixes: 9cf545ebd591da ("xfrm: policy: store inexact policies in a tree ordered
by destination address")
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_policy.c | 23
... and back to inexact tree.
Repeat ping test after each htresh change: lookup results must not change.
Signed-off-by: Florian Westphal
---
tools/testing/selftests/net/xfrm_policy.sh | 44 --
1 file changed, 40 insertions(+), 4 deletions(-)
diff --git a/tools/testing
olicies in a tree ordered
by destination address")
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_policy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 934492bad8e0..628b389af2ba 100644
--- a/net/xfr
takes place. Hash rebuild missed the needed increment.
Hash resizes and hash rebuilds cannot occur in parallel (both acquire
hash_resize_mutex), so just increment xfrm_hash_generation, like resize.
Fixes: a7c44247f704e3 ("xfrm: policy: make xfrm_policy_lookup_bytype lockless")
Signed-off-b
frm: policy: add 2nd-level saddr trees for inexact
policies")
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_policy.c | 15 +++
tools/testing/selftests/net/xfrm_policy.sh | 4 ++--
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/net/xfrm/xf
Cong Wang wrote:
> On Fri, Jan 4, 2019 at 5:19 AM Florian Westphal wrote:
> >
> > An xfrm hash rebuild has to reset the inexact policy list before the
> > policies get re-inserted: A change of hash thresholds will result in
> > policies to get moved from inexact tr
Cong Wang wrote:
> > - hlist_for_each_entry(tmp, &v->hhead, bydst)
> > - tmp->bydst_reinsert = true;
> > - hlist_for_each_entry(tmp, &n->hhead, bydst)
> > + hlist_for_each_entry(tmp, &v->hhead, bydst) {
>
>
> hlist_for_each_entry_safe()?
Good question. Its not n
Cong Wang wrote:
> > - hlist_for_each_entry(tmp, &node->hhead, bydst)
> > - tmp->bydst_reinsert = true;
> > - hlist_for_each_entry(tmp, &n->hhead, bydst)
> > + hlist_for_each_entry(tmp, &n->hhead, bydst
Mohandass, Roobesh wrote:
> Issue: getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) is in fact
> sometimes returning the source IP instead the destination IP
SO_ORIGINAL_DST returns the original address (before DNAT/REDIRECT rewrite)
that conntrack believes to be the originator.
> What you e
rs changed to point at the addresses found in the template,
rather than the flowi ones, so no oob read will occur.
Reported-by: 3ntr0py1...@gmail.com
Reported-by: Daniel Borkmann
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_user.c | 13 +
1 file changed, 9 insertions(+), 4 delet
Martin Zaharinov wrote:
> I use latest kernel 4.19.8 and have same problem see down
> i use pppoe with 1k+ users if i activate shaper with hfsc and imq machine
> crash and reboot
> after stop shaper for test mashine only send in dmesg bug error mesg.
dst_hold use there sure looks fishy. Can yo
syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
[..]
> Workqueue: events xfrm_hash_rebuild
Ignoring this report for a second -- I think it makes sense to see
if we can just remove the entire hash table rebuild/resize code.
After recent tree conversion, we could probably make th
syzbot wrote:
>
> HEAD commit:74c4a24df7ca Add linux-next specific files for 20181207
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=17bbea7d40
> kernel config: https://syzkaller.appspot.com/x/.config?x=6e9413388bf37bed
> dashboard link: https://
ruct needs to hold reference on the
xfrm state structure(s), thus handling gets more complicated when
an existing secpath extension has to be COW'd (we need to take additional
reference count on the xfrm states contained in the new copy).
Florian Westphal (13):
netfilter: avoid using s
al with
refcount/free of extension area) but replaces the existing code that
deals with skb->nf_bridge.
This patch only adds the basic infrastructure, the nf_bridge conversion
is added in the next patch.
Conversion of skb->sp (ipsec/xfrm secpath) to an skb extension is planned
as a followup.
S
This pointer is going to be removed soon, so use the existing helpers in
more places to avoid noise when the removal happens.
Signed-off-by: Florian Westphal
---
include/linux/netfilter_bridge.h | 33 +-
include/net/netfilter/br_netfilter.h | 6
net/bridge
skb_sec_path gains 'const' qualifier to avoid
xt_policy.c: 'skb_sec_path' discards 'const' qualifier from pointer target type
same reasoning as previous conversions: Won't need to touch these
spots anymore when skb->sp is removed.
Signed-off-by: Florian
Will reduce noise when skb->sp is removed later in this series.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h| 2 +-
net/xfrm/xfrm_interface.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 71411ebaf
Use skb_sec_path and secpath_exists helpers where possible.
This reduces noise in followup patch that removes skb->sp pointer.
Signed-off-by: Florian Westphal
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c| 6 --
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 5 +++--
driv
is going to remove skb->sp.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h | 2 +-
net/ipv4/esp4_offload.c | 11 ++-
net/ipv6/esp6_offload.c | 11 ++-
net/ipv6/xfrm6_input.c | 6 --
net/xfrm/xfrm_input.c | 16 +---
5 files changed, 26 insertions(+
Future patch will remove skb->sp pointer.
To reduce noise in those patches, move existing helper to
sk_buff and use it in more places to ease skb->sp replacement later.
Signed-off-by: Florian Westphal
---
include/linux/skbuff.h | 13 ++---
include/net/xfrm.h | 9
-off-by: Florian Westphal
---
include/linux/netfilter_bridge.h | 4 ++--
include/linux/skbuff.h | 28 ++--
include/net/netfilter/br_netfilter.h | 8
net/Kconfig | 1 +
net/bridge/br_netfilter_hooks.c | 20
reduce noise when skb->sp is removed later in the series.
Signed-off-by: Florian Westphal
---
drivers/crypto/chelsio/chcr_ipsec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/chelsio/chcr_ipsec.c
b/drivers/crypto/chelsio/chcr_ipsec.c
index 461b97e2f
Signed-off-by: Florian Westphal
---
drivers/net/netdevsim/ipsec.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index 2dcf6cc269d0..76e11d889bb6 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net
Remove skb->sp and allocate secpath storage via extension
infrastructure. This also reduces sk_buff bu 8 bytes on x86_64.
Signed-off-by: Florian Westphal
---
Documentation/networking/xfrm_device.txt | 7 +--
include/linux/skbuff.h | 10 ++---
include/net/xfr
Will avoid touching this when sp pointer is removed from sk_buff struct.
Signed-off-by: Florian Westphal
---
.../ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c| 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel
in places that immediately assign the return value to
skb.
This allows to remove skb->sp without touching these spots again.
secpath_dup can eventually be removed in followup patch.
Signed-off-by: Florian Westphal
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 +
dr
Steffen Klassert wrote:
> On Mon, Dec 10, 2018 at 03:50:06PM +0100, Florian Westphal wrote:
> > }
> > @@ -552,11 +517,6 @@ void __init xfrm_input_init(void)
> > if (err)
> > gro_cells.cells = NULL;
> >
> > - secpath_ca
Pablo Neira Ayuso wrote:
[ trimming CCs ]
> This is another iteration of the in-kernel intermediate representation
> (IR) that allows to express ACL hardware offloads using one unified
> representation from the driver side for the ethtool and the tc
> frontends [1] [2] [3].
[..]
This is marked
Mat Martineau wrote:
>
> On Mon, 11 Dec 2018, Florian Westphal wrote:
>
> ...
>
> > diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> > index b1831a5ca173..d715736eb734 100644
> > --- a/include/linux/skbuff.h
> > +++ b/include/linux/skbuff
Steffen Klassert wrote:
> > I can run a few IPSEC benchmark tests to see if there is measureable
> > impact.
>
> That would be good, thanks!
Will do this later today.
One alternative would be to always allocate the entire maximum possible
extension length when the first extension is to be added
Florian Westphal wrote:
> Mat Martineau wrote:
> > > +#ifdef CONFIG_SKB_EXTENSIONS
> > > +enum skb_ext_id {
> > > +#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
> > > + SKB_EXT_BRIDGE_NF,
> > > +#endif
> > > + SKB_EXT_NUM, /* must b
Willem de Bruijn wrote:
> > +#ifdef CONFIG_SKB_EXTENSIONS
> > + __u8active_extensions;
> > +#endif
>
> This byte could be saved by moving the bits to the first byte of the
> new extension.
I tried to do this, but could not resolve following problem:
- extensions a and b
Stephen Suryaputra wrote:
> On Mon, Dec 10, 2018 at 11:20 AM Florian Westphal wrote:
>
> > +#ifdef CONFIG_SKB_EXTENSIONS
> > +enum skb_ext_id {
> > +#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
> > + SKB_EXT_BRIDGE_NF,
> > +#endif
> > + SKB_EX
Eric Dumazet wrote:
> On 12/10/2018 06:49 AM, Florian Westphal wrote:
> > The (out-of-tree) Multipath-TCP implementation needs a significant amount
> > of extra space in the skb control buffer.
>
> Which skbs ? Input or output path ?
Both.
> > This work adds an e
Eric Dumazet wrote:
> > If you prefer that, ok, but I don't see why we can't unify them behind
> > a single layer?
>
> Well, for a start we do not use nf_brifge or secpath.
Then the extension framework isn't built and the result
is exactly the same as before these patches: helpers
turn into empt
Eric Dumazet wrote:
[ CC Christoph, Mathew, Peter ]
> > If not, I will send another iteration that just allocates the entire
> > extension space if first extension is added, it simplifies allocation
> > handling a little.
> >
>
> I am still unsure of the added extra costs, but for a start, TCP
Eric Dumazet wrote:
> > If its going to be used as I expect, then the extension could be
> > discarded after the DSS mapping has been written to the tcp option
> > space, i.e. before cloning occurs.
>
> I do not see how this would work, without also discarding on the master skb
> the needed info.
Eric Dumazet wrote:
>
>
> On 12/13/2018 02:39 AM, Florian Westphal wrote:
> >
> > Thats whats done in the MPTCP out-of-tree implementation, but I don't
> > think its needed.
> >
> > It could just delete the extension before ->queue_xmit() AFAIU.
&
Eric Dumazet wrote:
> On 12/13/2018 03:03 AM, Florian Westphal wrote:
> > Eric Dumazet wrote:
> >> So, cloning would do an refcount_inc(), and deleting the extension would
> >> do an refcount_dec_and_test() ?
> >>
> >> That is what I called an ex
Wolfgang Walter wrote:
[ CCing Christophe ]
> Am Montag, 10. Dezember 2018, 09:58:56 schrieb David Miller:
> > From: Florian Westphal
> > Date: Mon, 10 Dec 2018 13:47:24 +0100
> >
> > > After recent tree conversion, we could probably make the exact policies
&
Christophe Gouault wrote:
> The main use cases I have encountered and tried to address with the
> hash-based lookup were network operator use cases:
> - a lot of dynamic /32 <=> /32 policies (protecting GTP tunnels)
> - or a lot of dynamic policies with the same prefix lengths (e.g. /16 <=> /24)
>
bydst table/list lookups use rcu, so insertions must use rcu versions.
Fixes: a7c44247f704e ("xfrm: policy: make xfrm_policy_lookup_bytype lockless")
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_policy.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git
Maciej Żenczykowski wrote:
I am currently travelling and not able to investigate
until next week.
> commit ad8b1ffc3efae2f65080bdb11145c87d299b8f9a
> Author: Florian Westphal
> netfilter: ipv6: nf_defrag: drop skb dst before queueing
>
> +++ b/net/ipv6/netfilter/nf_co
025054511dc3a6696918 is the first bad commit
> commit faec18dbb0405c7d4dda025054511dc3a6696918
> Author: Florian Westphal
> Date: Thu Dec 13 16:01:33 2018 +0100
>
> netfilter: nat: remove l4proto->manip_pkt
Thanks, this is immensely helpful.
I think I see the bug, we can&#x
Florian Westphal wrote:
> Sander Eikelenboom wrote:
> > L.S.,
> >
> > While trying out a 5.0-RC5 kernel I seem to have stumbled over a regression
> > with NAT.
> > (using an nftables firewall with NAT and connection tracking).
> >
> > Unfortuna
ed
> into ipvlan_l3s.c that is compiled in when enabled.
IIRC L3S is only meaningful with netfilter anyway, so this
looks like a good thing to do.
Acked-by: Florian Westphal
Greg Kroah-Hartman wrote:
> On Thu, May 17, 2018 at 12:42:00PM +0200, Jan Engelhardt wrote:
> >
> > On Thursday 2018-05-17 12:09, Greg Kroah-Hartman wrote:
> > >> > --- a/net/netfilter/x_tables.c
> > >> > +++ b/net/netfilter/x_tables.c
> > >> > @@ -1183,11 +1183,10 @@ struct xt_table_info
> > >>
Eric Dumazet wrote:
> Recent patch forgot to remove nla_data(), upsetting syzkaller a bit.
Duuuh Thanks Eric.
Acked-by: Florian Westphal
David Ahern wrote:
> On 11/14/17 10:36 AM, Florian Westphal wrote:
> > Hi David
> >
> > This test program no longer works with 4.14
> > (recvfrom: Resource temporarily unavailable)
> >
> > after reverting commit
> > 4832c30d5458387ff2533ff66fbde26a
Hi.
We are experiencing broken ipv6 connectivity with 4.14 kernel
on arm64 with thunderx.
ping6 still works, but it looks like tcp syn packets get sent
with a wrong checksum -- socket remains in SYN-SENT state.
after running
ethtool -K enP2p1s0f1 tx-checksum-ipv6 off
ipv6 tcp appears to works
Eric Dumazet wrote:
> From: Eric Dumazet
>
> tcp_v6_send_reset() expects to receive an skb with skb->cb[] layout as
> used in TCP stack.
> MD5 lookup uses tcp_v6_iif() and tcp_v6_sdif() and thus
> TCP_SKB_CB(skb)->header.h6
Indeed, thanks for fixing this up.
Acked-by: Florian Westphal
Add yet another rtnl_register function. It will be used by modules
that can be removed.
The passed module struct is used to prevent module unload while
a netlink dump is in progress or when a DOIT_UNLOCKED doit callback
is called.
Cc: Peter Zijlstra
Signed-off-by: Florian Westphal
This removes __rtnl_register and switches callers to either
rtnl_register or rtnl_register_module.
Also, rtnl_register() will now print an error if memory allocation
failed rather than panic the kernel.
Signed-off-by: Florian Westphal
---
include/net/rtnetlink.h | 2 --
net/core/rtnetlink.c
Peter Zijlstra reported (referring to commit 019a316992ee0d983,
"rtnetlink: add reference counting to prevent module unload while dump is in
progress"):
1) it not in fact a refcount, so using refcount_t is silly
2) there is a distinct lack of memory barriers, so we can easily
observe the de
all of these can be compiled as a module, so use new
_module version to make sure module can no longer be removed
while callback/dump is in use.
Signed-off-by: Florian Westphal
---
net/bridge/br_mdb.c | 6 +++---
net/can/gw.c| 14 ++
net/decnet/dn_dev.c | 9
t via rcu_assign_pointer, i.e. once
another cpu can see such pointer no modifications will occur anymore.
based on initial patch from Peter Zijlstra.
Cc: Peter Zijlstra
Signed-off-by: Florian Westphal
---
net/core/rtnetlink.c | 154 +--
1 file changed, 101 inser
David Miller wrote:
> From: Florian Westphal
> Date: Sat, 2 Dec 2017 21:44:04 +0100
>
> > Peter Zijlstra reported (referring to commit 019a316992ee0d983,
> > "rtnetlink: add reference counting to prevent module unload while dump is
> > in progress"):
>
convert remaining users of rtnl_register to rtnl_register_module
and un-export rtnl_register.
Requested-by: David S. Miller
Signed-off-by: Florian Westphal
---
include/net/addrconf.h | 2 +-
net/core/rtnetlink.c | 1 -
net/ipv6/addrconf.c| 4 +++-
net/ipv6/addrlabel.c | 24
eported-by: kbuild test robot
Signed-off-by: Florian Westphal
---
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 642b3afb12b9..a4faefd65006 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -129,7 +129,7 @@ bool lockdep_rtnl_is_held(void)
EXPORT_SYMBOL(lockdep_rt
ructure.
Add an enum with the three available replay modes to the xfrm_state
structure and then replace all x->repl->notify() calls by the new
xfrm_replay_notify() helper.
The helper checks the enum internally to adapt behaviour as needed.
Signed-off-by: Florian Westphal
---
includ
r = xfrm_replay_overflow(x, skb);
Instead of a pointer to a struct with function pointers, xfrm_state
now holds an enum that tells the replay core what kind of replay
test is to be done.
Florian Westphal (6):
xfrm: replay: avoid xfrm replay notify indirection
xfrm: replay: get rid
ad enabled, the other
when its disabled.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h | 8 +--
net/xfrm/xfrm_output.c | 2 +-
net/xfrm/xfrm_replay.c | 51 +-
3 files changed, 28 insertions(+), 33 deletions(-)
diff --git a/include/ne
After previous patch, we can consolidate some code:
xfrm_replay_notify, xfrm_replay_notify_bmp and _esn all contain the
same code at the end.
Remove it from xfrm_replay_notify_bmp/esn and reuse the one
in xfrm_replay_notify.
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_replay.c | 22
Add and use xfrm_replay_check helper instead of indirection.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h | 4 +---
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 27 ++-
3 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/include
Similar to other patches: add a new helper to avoid
an indirection.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h | 2 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 24 ++--
3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/include
Adds new xfrm_replay_recheck() helper and calls it from
xfrm input path instead of the indirection.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h | 4 +---
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_replay.c | 22 --
3 files changed, 18 insertions(+), 10
ection.
Example:
- err = x->repl->overflow(x, skb);
+ err = xfrm_replay_overflow(x, skb);
Instead of a pointer to a struct with function pointers, xfrm_state
now holds an enum that tells the replay core what kind of replay
test is to be done.
Florian Westphal (6):
xfrm: replay: avoid
ructure.
Add an enum with the three available replay modes to the xfrm_state
structure and then replace all x->repl->notify() calls by the new
xfrm_replay_notify() helper.
The helper checks the enum internally to adapt behaviour as needed.
Signed-off-by: Florian Westphal
---
includ
Similar to other patches: add a new helper to avoid
an indirection.
v2: fix 'net/xfrm/xfrm_replay.c:519:13: warning: 'seq' may be used
uninitialized in this function' warning.
Signed-off-by: Florian Westphal
---
include/net/xfrm.h | 2 +-
net/xfrm/xfrm_input.
After previous patch, we can consolidate some code:
xfrm_replay_notify, xfrm_replay_notify_bmp and _esn all contain the
same code at the end.
Remove it from xfrm_replay_notify_bmp/esn and reuse the one
in xfrm_replay_notify.
Signed-off-by: Florian Westphal
---
net/xfrm/xfrm_replay.c | 22
501 - 600 of 1338 matches
Mail list logo
