[PATCH v2 net-next] rtnetlink: bridge: use ext_ack instead of printk

-off-by: Florian Westphal <f...@strlen.de> --- v2: forgot to refresh patch, v1 did not even compile. net/core/rtnetlink.c | 33 + 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index e84d10

[PATCH net-next] selftests: rtnetlink: test RTM_GETNETCONF

exercise RTM_GETNETCONF call path for unspec, inet and inet6 families, they are DOIT_UNLOCKED candidates. Signed-off-by: Florian Westphal <f...@strlen.de> --- tools/testing/selftests/net/rtnetlink.sh | 28 1 file changed, 28 insertions(+) diff --git a/tools/t

[PATCH v3 net-next] rtnetlink: bridge: use ext_ack instead of printk

, suggested by David Ahern, they are not useful, the add/del in bridge command line is enough. Also reword error in response to malformed/bad vlan id attribute size. Cc: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- net/core/rtne

Re: [PATCH v2 net-next] rtnetlink: bridge: use ext_ack instead of printk

David Ahern <dsah...@gmail.com> wrote: > On 10/10/17 5:32 AM, Florian Westphal wrote: > > diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c > > index e84d108cfee4..19ea53a5210f 100644 > > --- a/net/core/rtnetlink.c > > +++ b/net/core/rtnetlink.

[PATCH v4 net-next] rtnetlink: bridge: use ext_ack instead of printk

, suggested by David Ahern, they are not useful, the add/del in bridge command line is enough. Also reword error in response to malformed/bad vlan id attribute size. Cc: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- change since v3: forg

[PATCH v2 nf-next 1/2] netfilter: x_tables: make xt_replace_table wait until old rules are not used anymore

<eduma...@google.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- v2: fix Erics email address net/netfilter/x_tables.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index c83a3b5e1c6c..f

[PATCH v2 nf-next 2/2] netfilter: x_tables: don't use seqlock when fetching old counters

replacement on busy systems with large tables (and many cores). Cc: Dan Williams <d...@redhat.com> Cc: Eric Dumazet <eduma...@google.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- v2: fix Erics email address net/ipv4/netfilter/arp_tables.c | 22 --

[PATCH v2 nf-next] netfilter: x_tables: speed up iptables-restore

iptables-restore can take quite a long time when sytem is busy, in order of half a minute or more. The main reason for this is the way ip(6)tables performs table swap, or, more precisely, expensive sequence lock synchronizations when reading counters. When xt_replace_table assigns the new ruleset

[PATCH net-next 0/2] ipv6: addrconf: make two more doit functions not use rtnl mutex

ipv6 RTM_GETNETCONF and RTM_GETADDR don't seem to require strict serialization via rtnl mutex, so switch both to DOIT_UNLOCKED and increment device reference counts instead. Alternative would be to use rcu which would need some minor code re-arrangements (we can't use GFP_ATOMIC for buffer

[PATCH net-next 2/2] ipv6: addrconf: don't use rtnl mutex in RTM_GETADDR

Similar to the previous patch, use the device lookup functions that bump device refcount and flag this as DOIT_UNLOCKED to avoid rtnl mutex. Signed-off-by: Florian Westphal <f...@strlen.de> --- net/ipv6/addrconf.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff

[PATCH net-next 1/2] ipv6: addrconf: don't use rtnl mutex in RTM_GETNETCONF

to GFP_KERNEL allocation. Signed-off-by: Florian Westphal <f...@strlen.de> --- net/ipv6/addrconf.c | 24 ++-- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index d9f6226694eb..5207f567ef28 100644 --- a/net/ipv6/addrconf.c

[PATCH net-next] selftests: rtnetlink: add a small macsec test case

Signed-off-by: Florian Westphal <f...@strlen.de> --- tools/testing/selftests/net/rtnetlink.sh | 42 1 file changed, 42 insertions(+) diff --git a/tools/testing/selftests/net/rtnetlink.sh b/tools/testing/selftests/net/rtnetlink.sh index a8a8cdf726b2..521549

Re: [PATCH net-next] selftests: rtnetlink: add a small macsec test case

Sabrina Dubroca <s...@queasysnail.net> wrote: > 2017-10-12, 11:11:22 +0200, Florian Westphal wrote: > > Signed-off-by: Florian Westphal <f...@strlen.de> > > Reviewed-by: Sabrina Dubroca <s...@queasysnail.net> Thanks for reviewing. > Just a small detail: t

Re: [PATCH net-next 1/1] net/smc: add SMC rendezvous protocol

Ursula Braun wrote: > On 10/11/2017 11:06 PM, David Miller wrote: > > From: Ursula Braun > > Date: Tue, 10 Oct 2017 16:14:19 +0200 > > > >> The goal of this patch is to leave common TCP code unmodified. Thus, > >> it uses netfilter hooks to

[PATCH net-next 2/2] net: core: rcu-ify rtnl af_ops

instead. doit functions that need the af_ops can now use rcu instead of the rtnl mutex provided the mutex isn't needed for other reasons. Signed-off-by: Florian Westphal <f...@strlen.de> --- net/core/rtnetlink.c | 62 ++-- net/ipv4/devinet.c

[PATCH net-next 1/2] rtnetlink: place link af dump into own helper

next patch will rcu-ify rtnl af_ops, i.e. allow af_ops lookup and function calls with rcu read lock held instead of rtnl mutex. Signed-off-by: Florian Westphal <f...@strlen.de> --- net/core/rtnetlink.c | 72 ++-- 1 file changed, 42 inse

[PATCH net-next 0/2] net: core: rcuify rtnl af_ops

None of the rtnl af_ops callbacks sleep, so they can be called while holding rcu read lock. Switch handling of af_ops to rcu. This would allow to later call af_ops functions without holding the rtnl mutex anymore. core/rtnetlink.c | 134 ---

[PATCH net-next 0/2] tcp: re-add header prediction

Eric reported a performance regression caused by header prediction removal. We now call tcp_ack() much more frequently, for some workloads this brings in enough cache line misses to become noticeable. We could possibly still kill HP provided we find a different way to suppress unneeded tcp_ack,

[PATCH net-next 2/2] tcp: Revert "tcp: remove header prediction"

<eduma...@google.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- include/linux/tcp.h | 6 ++ include/net/tcp.h | 23 ++ include/uapi/linux/snmp.h | 2 + net/ipv4/proc.c | 2 + net/ipv4/tcp.c| 4 +- net/ipv4/tcp_input.

[PATCH net-next 1/2] tcp: Revert "tcp: remove CA_ACK_SLOWPATH"

This change was a followup to the header prediction removal, so first revert this as a prerequisite to back out hp removal. Signed-off-by: Florian Westphal <f...@strlen.de> --- include/net/tcp.h | 5 +++-- net/ipv4/tcp_input.c| 35 +++ ne

Re: Memory leaks in conntrack

Cong Wang wrote: > While testing my TC filter patches (so not related to conntrack), the > following memory leaks are shown up: > > unreferenced object 0x9b19ba551228 (size 128): > comm "chronyd", pid 338, jiffies 4294910829 (age 53.188s) > hex dump (first 32

Re: Division by zero on UP (was: Re: netfilter: nat: use keyed locks)

Geert Uytterhoeven wrote: > > srchash = hash_by_src(net, > > > > >tuplehash[IP_CT_DIR_ORIGINAL].tuple); > > - spin_lock_bh(_nat_lock); > > + lock = _nat_locks[srchash %

Re: WARNING: at net/netfilter/core.c:218 __nf_hook_entries_try_shrink+0xf7/0x110

Mike Galbraith wrote: > [ 21.219604] ip6_tables: (C) 2000-2006 Netfilter Core Team > [ 21.433091] nf_conntrack version 0.5.0 (65536 buckets, 262144 max) > [ 21.495849] ip_tables: (C) 2000-2006 Netfilter Core Team > [ 22.404040] [ cut here ] > [

[PATCH net-next v4] selftests: rtnetlink.sh: add rudimentary vrf test

Acked-by: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- Changes since v1: indent all lines with tabs, not spaces detaching this from the series, I want to avoid needless v5. tools/testing/selftests/net/rtnet

Re: [PATCH] ebtables: fix race condition in frame_filter_net_init()

Artem Savkov wrote: > It is possible for ebt_in_hook to be triggered before ebt_table is assigned > resulting in a NULL-pointer dereference. Make sure hooks are > registered as the last step. Right, thanks for the patch. > --- a/net/bridge/netfilter/ebtable_broute.c > +++

[PATCH net-next] selftests: rtnetlink.sh: add vxlan and fou test cases

fou test lifted from ip-fou man page. Signed-off-by: Florian Westphal <f...@strlen.de> --- tools/testing/selftests/net/rtnetlink.sh | 96 1 file changed, 96 insertions(+) diff --git a/tools/testing/selftests/net/rtnetlink.sh b/tools/testing/selftes

Re: [PATCH net-next] net: core: decouple ifalias get/set from rtnl lock

David Miller <da...@davemloft.net> wrote: > From: Florian Westphal <f...@strlen.de> > Date: Fri, 29 Sep 2017 13:21:50 +0200 > > > @@ -1488,7 +1484,7 @@ static void netdev_release(struct device *d) > > > > BUG_ON(dev->reg_state != NETREG_R

[PATCH net-next v2] net: core: decouple ifalias get/set from rtnl lock

to not hold it when dumping ifalias. Signed-off-by: Florian Westphal <f...@strlen.de> --- Changes since v1: - add a comment why dev->ifalias is freed via kfree, not kfree_rcu. include/linux/netdevice.h | 3 +- net/core/dev.c| 70 +++

Re: [PATCH net-next v2] net: core: decouple ifalias get/set from rtnl lock

Eric Dumazet wrote: > Just use RCU : A writer is supposed to work on a private copy, and > _then_ publish the new pointer, so that a reader can not see mangled > string. > > We either copy the 'old' name or the 'new' one. > > A seqcount is not needed, and wont prevent

[PATCH net-next] net: core: decouple ifalias get/set from rtnl lock

to not hold it when dumping ifalias. Signed-off-by: Florian Westphal <f...@strlen.de> --- include/linux/netdevice.h | 3 +- net/core/dev.c| 70 +++ net/core/net-sysfs.c | 14 -- net/core/rtnetlink.c | 13 +++-- 4

[PATCH net-next v4 0/4] rtnetlink: preparation patches for further rtnl lock pushdown/removal

Patches split large rtnl_fill_ifinfo into smaller chunks to better see which parts 1. require rtnl 2. do not require it at all 3. rely on rtnl locking now but could be converted Changes since v3: I dropped the 'ifalias' patch, I have a change to decouple ifalias and rtnl mutex, I will send it

[PATCH net-next v4 4/4] rtnetlink: rtnl_have_link_slave_info doesn't need rtnl

it can be switched to rcu. Reviewed-by: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- No changes in v4. net/core/rtnetlink.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnet

[PATCH net-next v4 3/4] rtnetlink: add helpers to dump netnsid information

Reviewed-by: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- No changes in v4. net/core/rtnetlink.c | 30 +++--- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnet

[PATCH net-next v4 1/4] rtnetlink: add helper to put master and link ifindexes

rtnl dependency. Reviewed-by: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- No changes in v4. net/core/rtnetlink.c | 32 +++- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/net/core/rtnetlink.

[PATCH net-next v4 2/4] rtnetlink: add helpers to dump vf information

similar to earlier patches, split out more parts of this function to better see what is happening and where we assume rtnl is locked. Reviewed-by: David Ahern <dsah...@gmail.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- No changes in v4. net/core/rtne

Re: [PATCH nf-next] netfilter: xt_CHECKSUM: avoid bad offload warnings on GSO packets

Michal Kubecek wrote: > When --checksum_fill action is applied to a GSO packet, checksum_tg() calls > skb_checksum_help() which is only meant to be applied to non-GSO packets so > that it issues a warning. > > This can be easily triggered by using e.g. > > iptables -t mangle

Re: [PATCH nf-next] netfilter: xt_CHECKSUM: avoid bad offload warnings on GSO packets

Davide Caratti wrote: > Small nit: may I suggest you to call skb_csum_hwoffload_help() instead of > skb_checksum_help(), so that we avoid corrupting SCTP packets in case they > hit xt_CHECKSUM target? Alternatively we could restrict the target to udp only. AFAIU the only

Re: [Patch net-next v2 3/4] net_sched: remove tc class reference counting

Jiri Pirko wrote: > Fri, Aug 25, 2017 at 01:51:29AM CEST, xiyou.wangc...@gmail.com wrote: > >For TC classes, their ->get() and ->put() are always paired, and the > >reference counting is completely useless, because: > > > >1) For class modification and dumping paths, we already

Re: [PATCH nf-next] netfilter: xt_CHECKSUM: avoid bad offload warnings on GSO packets

Michal Kubecek <mkube...@suse.cz> wrote: > On Thu, Aug 24, 2017 at 03:17:22PM +0200, Florian Westphal wrote: > > Davide Caratti <dcara...@redhat.com> wrote: > > > Small nit: may I suggest you to call skb_csum_hwoffload_help() instead of > > > skb_checksum_h

Re: [PATCH nf-next] netfilter: xt_CHECKSUM: avoid bad offload warnings on GSO packets

Florian Westphal <f...@strlen.de> wrote: > Michal Kubecek <mkube...@suse.cz> wrote: > > On Thu, Aug 24, 2017 at 03:17:22PM +0200, Florian Westphal wrote: > > > Davide Caratti <dcara...@redhat.com> wrote: > > > > Small nit: may I sugge

Re: [PATCH] netfilter: ipv4: nf_defrag: constify nf_hook_ops

Arvind Yadav wrote: > nf_hook_ops are not supposed to change at runtime. nf_register_net_hooks > and nf_unregister_net_hooks are working with const nf_hook_ops. > So mark the non-const nf_hook_ops structs as const. please update your nf-next tree, all nf_hook_ops are

Re: Question about ip_defrag

liujian (CE) wrote: > Hi > > I checked our 3.10 kernel, we had backported all percpu_counter bug fix in > lib/percpu_counter.c and include/linux/percpu_counter.h. > And I check 4.13-rc6, also has the issue if NIC's rx cpu num big enough. > > > > > > the issue: > > > > >

Re: nf_nat_pptp 4.12.3 kernel lockup/reboot

Denys Fedoryshchenko wrote: > >>> I am trying to upgrade kernel 4.11.8 to 4.12.3 (it is a nat/router, > >>> handling > >>> approx 2gbps of pppoe users traffic) and noticed that after while server > >>> rebooting(i have set reboot on panic and etc). > >>> I can't run

Re: [PATCH 6/7] netfilter: nat: make rhashtable_params const

Bhumika Goyal <bhumi...@gmail.com> wrote: [..] trimming CC list, also this should probably have been sent to netfilter-de...@vger.kernel.org on its own, with [nf-next] in subject line. That aside: Acked-by: Florian Westphal <f...@strlen.de>

Re: Question about ip_defrag

Jesper Dangaard Brouer <bro...@redhat.com> wrote: > On Mon, 28 Aug 2017 16:00:32 +0200 > Florian Westphal <f...@strlen.de> wrote: > > > liujian (CE) <liujia...@huawei.com> wrote: > > > Hi > > > > > > I checked our 3.10 kernel

[PATCH net-next 2/2] addrlabel: add/delete/get can run without rtnl

There appears to be no need to use rtnl, addrlabel entries are refcounted and add/delete is serialized by the addrlabel table spinlock. Signed-off-by: Florian Westphal <f...@strlen.de> --- net/ipv6/addrlabel.c | 22 +- 1 file changed, 17 insertions(+), 5 deletions(-)

[PATCH net-next 0/2] addrlabel: don't use rtnl locking

addrlabel doesn't appear to require rtnl lock as the addrlabel table uses a spinlock to serialize add/delete operations. Also, entries are reference counted so it should be safe to call the rtnl ops without the rtnl mutex.

[PATCH net-next 1/2] selftests: add addrlabel add/delete to rtnetlink.sh

Signed-off-by: Florian Westphal <f...@strlen.de> --- tools/testing/selftests/net/rtnetlink.sh | 41 1 file changed, 41 insertions(+) diff --git a/tools/testing/selftests/net/rtnetlink.sh b/tools/testing/selftests/net/rtnetlink.sh index 84b4acf5baa9..57b5ff

Re: Question about ip_defrag

Jesper Dangaard Brouer wrote: > > I take 2) back. Its wrong to do this, for large NR_CPU values it > > would even overflow. > > Alternatively solution 3: > Why do we want to maintain a (4MBytes) memory limit, across all CPUs? > Couldn't we just allow each CPU to have a memory

Re: Question about ip_defrag

liujian (CE) wrote: [ trimming cc list ] > Now, I have not the real environment. > I use iperf generate fragment packets; > and I always change NIC rx irq's affinity cpu, to make sure frag_mem_limit > reach to thresh. > my test machine, CPU num is 384. Oh well, that

Re: [PATCH net 1/2] Revert "net: use lib/percpu_counter API for fragmentation mem accounting"

Jesper Dangaard Brouer <bro...@redhat.com> wrote: > This reverts commit 6d7b857d541ecd1d9bd997c97242d4ef94b19de2. > > There is a bug in fragmentation codes use of the percpu_counter API, > that can cause issues on systems with many CPUs. Acked-by: Florian Westphal <f...@strlen.de> Thanks Jesper.

[PATCH net-next] rtnetlink: remove __rtnl_af_unregister

switch the only caller to rtnl_af_unregister. Signed-off-by: Florian Westphal <f...@strlen.de> --- include/net/rtnetlink.h | 2 -- net/core/rtnetlink.c| 14 +- net/ipv6/addrconf.c | 4 ++-- 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/inclu

Re: [PATCH v2 nf-next 1/2] netfilter: x_tables: make xt_replace_table wait until old rules are not used anymore

Eric Dumazet wrote: > > + /* ... so wait for even xt_recseq on all cpus */ > > + for_each_possible_cpu(cpu) { > > + seqcount_t *s = _cpu(xt_recseq, cpu); > > + > > + while (raw_read_seqcount(s) & 1) > > +

Re: [PATCH] xfrm: don't call xfrm_policy_cache_flush under xfrm_state_lock

> locking dependency detected" warnings on flush. > > Fixes: ec30d78c14a8 xfrm: add xdst pcpu cache > Signed-off-by: Artem Savkov <asav...@redhat.com> You're right, its not needed (and wrong). Acked-by: Florian Westphal <f...@strlen.de>

Re: [PATCH 41/47] netfilter: convert hook list to an array

> > - 5 hooks: (raw + mangle prerouting, mangle+filter input, inet filter): > >empty mangle and raw prerouting, mangle and filter input hooks: > >353.9 > >this patch: > >364.2 > > > >Signed-off-by: Aaron Conole <acon...@bytheb.org> > >Signed-off

Re: Linux ECN Handling

[ full-quoting due to Cc fixups, adding netdev ] Steve Ibanez wrote: > Hi Florian, Neal, and Daniel, > > I hope this email finds you well. My name is Stephen Ibanez and I'm a PhD > Student at Stanford currently working on a project with Mohammad Alizadeh, > Nick McKeown,

Re: problem with rtnetlink 'reference' count

Peter Zijlstra <pet...@infradead.org> wrote: > On Mon, Oct 23, 2017 at 06:37:44PM +0200, Florian Westphal wrote: > > > Is refcount_t only supposed to be used with dec_and_test patterns? > > Yes, for reference counting objects. Hmm, I still feel its

Re: problem with rtnetlink 'reference' count

Peter Zijlstra <pet...@infradead.org> wrote: > On Mon, Oct 23, 2017 at 09:37:03PM +0200, Florian Westphal wrote: > > > > OK, so then why not do something like so? > > > @@ -260,10 +259,18 @@ void rtnl_unregister_all(int protocol) > > > RCU_INIT_PO

Re: [PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Peter Zijlstra <pet...@infradead.org> wrote: > On Mon, Nov 13, 2017 at 08:21:59AM +0100, Florian Westphal wrote: > > Reason is that some places do this: > > > > rtnl_register(pf, RTM_FOO, doit, NULL, 0); > > rtnl_register(pf, RTM_FOO, NULL, dumpit, 0); > >

Re: [PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Peter Zijlstra <pet...@infradead.org> wrote: > On Tue, Nov 07, 2017 at 10:47:51AM +0100, Florian Westphal wrote: > > I would expect this to trigger all the time, due to > > > > rtnl_register(AF_INET, RTM_GETROUTE, ... > > rtnl_register(AF_INET, RTM_GETADDR, ... &

broken ipv6 tcp csum offload on thunderx

Hi. We are experiencing broken ipv6 connectivity with 4.14 kernel on arm64 with thunderx. ping6 still works, but it looks like tcp syn packets get sent with a wrong checksum -- socket remains in SYN-SENT state. after running ethtool -K enP2p1s0f1 tx-checksum-ipv6 off ipv6 tcp appears to works

Re: [PATCH net] tcp: remove buggy call to tcp_v6_restore_cb()

header.h6 Indeed, thanks for fixing this up. Acked-by: Florian Westphal <f...@strlen.de>

[PATCH net-next] rtnetlink: ipv6: convert remaining users to rtnl_register_module

convert remaining users of rtnl_register to rtnl_register_module and un-export rtnl_register. Requested-by: David S. Miller <da...@davemloft.net> Signed-off-by: Florian Westphal <f...@strlen.de> --- include/net/addrconf.h | 2 +- net/core/rtnetlink.c | 1 - net/ipv6/addrco

[PATCH net-next] rtnetlink: fix rtnl_link msghandler rcu annotations

) Reported-by: kbuild test robot <fengguang...@intel.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 642b3afb12b9..a4faefd65006 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -129,7 +129,7 @@ bool loc

Re: [PATCH v4 11/18] nfnetlink_log: exit_net cleanup check added

Vasily Averin <v...@virtuozzo.com> wrote: > Be sure that instance_table array initialized in net_init hook > was return to initial state. Acked-by: Florian Westphal <f...@strlen.de>

Re: [PATCH v4 12/18] nfnetlink_gueue: exit_net cleanup check added

break; This looks strange, why if/break? Plain WARN_ON_ONCE should be enough, but thats a nit so: Acked-by: Florian Westphal <f...@strlen.de>

Re: JOIN_ANYCAST breakage w. "net: ipv6: put host and anycast routes on device with address"

David Ahern <dsah...@gmail.com> wrote: > On 11/14/17 10:36 AM, Florian Westphal wrote: > > Hi David > > > > This test program no longer works with 4.14 > > (recvfrom: Resource temporarily unavailable) > > > > after reverting commit > > 4832c30d5

JOIN_ANYCAST breakage w. "net: ipv6: put host and anycast routes on device with address"

Hi David This test program no longer works with 4.14 (recvfrom: Resource temporarily unavailable) after reverting commit 4832c30d5458387ff2533ff66fbde26ad8bb5a2d (net: ipv6: put host and anycast routes on device with address) it will work again ("OK"). Could you please have a look at this?

[PATCH net] xfrm: defer daddr pointer assignment after spi parsing

com> Signed-off-by: Florian Westphal <f...@strlen.de> --- net/xfrm/xfrm_input.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 8ac9d32fb79d..1c6051cb7733 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input

Re: [PATCH RFC,WIP 1/5] netfilter: nf_conntrack: move nf_ct_netns_{get,put}() to core

Pablo Neira Ayuso <pa...@netfilter.org> wrote: > So we can call this from other expression that need conntrack in place > to work. Acked-by: Florian Westphal <f...@strlen.de>

Re: KASAN: stack-out-of-bounds Read in xfrm_state_find (2)

syzbot wrote: [ cc Thomas Egerer ] > syzkaller hit the following crash on > 36ef71cae353f88fd6e095e2aaa3e5953af1685d > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master > compiler: gcc (GCC) 7.1.1

Re: [PATCH RFC,WIP 3/5] netfilter: nf_flow_offload: integration with conntrack

Pablo Neira Ayuso wrote: > This patch adds the IPS_OFFLOAD status bit, this new bit tells us that > the conntrack entry is owned by the flow offload infrastructure. The > timer of such conntrack entries is stopped - the conntrack garbage > collector skips them - and they

[PATCH net-next 8/8] mpls: use rtnl_register_module

Signed-off-by: Florian Westphal <f...@strlen.de> --- net/mpls/af_mpls.c | 15 +-- 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c index 8ca9915befc8..5dce8336d33f 100644 --- a/net/mpls/af_mpls.c +++ b/net/mpls/af_mpls.c @@ -2

[PATCH net-next 3/8] qtr: use rtnl_register_module

Signed-off-by: Florian Westphal <f...@strlen.de> --- net/qrtr/qrtr.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c index e458ece96d3d..5098625469e0 100644 --- a/net/qrtr/qrtr.c +++ b/net/qrtr/qrtr.c @@ -1116,9 +1116,13 @@ stat

[PATCH net-next 7/8] phonet: use rtnl_register_module

Signed-off-by: Florian Westphal <f...@strlen.de> --- net/phonet/pn_netlink.c | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c index da754fc926e7..871eaf2cb85e 100644 --- a/net/phonet/pn_netlink.c +++

[PATCH ipsec] xfrm: do unconditional template resolution before pcpu cache check

t; Tested-by: Stephen Smalley <s...@tycho.nsa.gov> Signed-off-by: Florian Westphal <f...@strlen.de> --- net/xfrm/xfrm_policy.c | 42 -- 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 8caf

Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE

77 > > inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 > > This is introduced by: > > commit 394f51abb3d04f33fb798f04b16ae6b0491ea4ec > Author: Florian Westphal <f...@strlen.de> > Date: Tue Aug 15 16:34:44 2017 +0200 > > ipv4: route: set ipv4 RTM_GETROUTE to not use rtn

Re: [PATCH] Net: netfilter: Moved vmalloc call to kmalloc call

Charlie Sale wrote: > Fixed FIXME comment in code my changing a vmalloc call > to a kmalloc call. Thought it would be a good place to > start for a first patch. Please at least compile test your patches. > - /* FIXME: don't use vmalloc() here or anywhere else -HW */ >

Re: [PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Peter Zijlstra <pet...@infradead.org> wrote: > On Mon, Nov 06, 2017 at 11:51:07AM +0100, Florian Westphal wrote: > > @@ -180,6 +164,12 @@ int __rtnl_register(int protocol, int msgtype, > > rcu_assign_pointer(rtnl_msg_handlers[protocol], tab); > >

Re: [PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Peter Zijlstra wrote: > Something like the below would go some way toward sanitizing this stuff; > rcu_assign_pointer() is a store-release, meaning it happens after > everything coming before. > > Therefore, when you observe that tab (through rcu_dereference) you're >

Re: [PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Peter Zijlstra wrote: > > rtnetlink_rcv_msg: > > > > 4406 dumpit = READ_ONCE(handlers[type].dumpit); > > 4407 if (!dumpit) > > 4408 goto err_unlock; > > 4409 owner =

Re: [PATCHv2 net-next 2/3] ip6_gre: Refactor ip6gre xmit codes

William Tu wrote: Not related to your patch specifically but: > +static int prepare_ip6gre_xmit_ipv6(struct sk_buff *skb, > + struct net_device *dev, > + struct flowi6 *fl6, __u8 *dsfield, > +

[PATCH ipsec-next] xfrm: don't pull esp/auth header in xfrm_parse_spi

syzbot reported an issue where pointer to ip header content was not reloaded after xfrm_parse_spi(). Its not intuitive that this function changes skb->head, so switch to skb_pointer_header. Reported-by: syzbot <syzkal...@googlegroups.com> Signed-off-by: Florian Westphal <f.

Re: KASAN: stack-out-of-bounds Read in xfrm_state_find (2)

Steffen Klassert <steffen.klass...@secunet.com> wrote: > On Wed, Nov 01, 2017 at 11:06:08PM +0100, Florian Westphal wrote: > > I also don't understand how address comparision is supposed to work in this > > case, > > it seems that if saddr/daddr are v4 and templ

[PATCH net] fib: fib_dump_info can no longer use __in_dev_get_rtnl

ipv4 RTM_GETROUTE to not use rtnl") Reported-by: syzbot <syzkal...@googlegroups.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- net/ipv4/fib_semantics.c | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/ipv4/fib_semantics.c b/net/ipv4

Re: [PATCH] Net: netfilter: vmalloc/vfree to kvmalloc/kvfree

Charlie Sale wrote: > + hinfo = kvmalloc(sizeof(*hinfo) + sizeof(struct hlist_head) * size, > + GPT_KERNEL); Looks like you did not even compile test this. Again. :-(

Re: [PATCH RFC,WIP 4/5] netfilter: nf_tables: flow offload expression

Pablo Neira Ayuso wrote: > +static void nft_flow_offload_eval(const struct nft_expr *expr, > + struct nft_regs *regs, > + const struct nft_pktinfo *pkt) > +{ [..] > + if (test_bit(IPS_HELPER_BIT, >status)) > +

Re: [PATCH RFC,WIP 2/5] netfilter: add software flow offload infrastructure

Pablo Neira Ayuso wrote: > +static int __init nf_flow_offload_module_init(void) > +{ > + struct rhashtable_params params = flow_offload_rhash_params; > + struct nf_hook_ops flow_offload_hook = { > + .hook = nf_flow_offload_hook, > +

Re: [PATCH RFC,WIP 5/5] netfilter: nft_flow_offload: add ndo hooks for hardware offload

Pablo Neira Ayuso wrote: > +static void flow_offload_work(struct work_struct *work) > +{ > + struct flow_hw_offload *offload, *next; > + > + spin_lock_bh(_hw_offload_lock); > + list_for_each_entry_safe(offload, next, _hw_offload_pending_list, > list) { > +

[PATCH net-next 4/8] bridge: use rtnl_register_module

Signed-off-by: Florian Westphal <f...@strlen.de> --- net/bridge/br_mdb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c index 31ddff22563e..f56eb480abb2 100644 --- a/net/bridge/br_mdb.c +++ b/net/bridge/br_mdb.c @@ -714,9

[PATCH net-next 5/8] can: use rtnl_register_module

Signed-off-by: Florian Westphal <f...@strlen.de> --- net/can/gw.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/net/can/gw.c b/net/can/gw.c index 73a02af4b5d7..398dd0395ad9 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -1014,6 +1014,8 @@ static

[PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Add yet another rtnl_register function. It will be used by modules that can be removed. The passed module struct is used to take a reference while a netlink dump is in progress to prevent module unload while netlink core can invoke registered dumper function again. Signed-off-by: Florian

[PATCH net-next 1/8] rtnetlink: Revert "rtnetlink: add reference counting to prevent module unload while dump is in progress"

is in use. Signed-off-by: Florian Westphal <f...@strlen.de> --- net/core/rtnetlink.c | 13 - 1 file changed, 13 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index dc5ad84ac096..c70f62137dd8 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@

rtnetlink: fix dump+module unload races, take 2

Peter Zijlstra reported: -- I just ran across commit: 019a316992ee ("rtnetlink: add reference counting to prevent module unload while dump is in progress") And that commit is _completely_ broken. 1) it not in fact a refcount, so using refcount_t is silly 2) there is a distinct

[PATCH net-next 6/8] decnet: use rtnl_register_module

Signed-off-by: Florian Westphal <f...@strlen.de> --- net/decnet/dn_dev.c | 9 ++--- net/decnet/dn_fib.c | 6 -- net/decnet/dn_route.c | 8 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c index 915324

Re: [PATCH nf-next RFC,v2 1/6] netfilter: nf_conntrack: add IPS_OFFLOAD status bit

Pablo Neira Ayuso wrote: > diff --git a/include/uapi/linux/netfilter/nf_conntrack_common.h > b/include/uapi/linux/netfilter/nf_conntrack_common.h > index dc947e59d03a..6b463b88182d 100644 > --- a/include/uapi/linux/netfilter/nf_conntrack_common.h > +++

Re: [PATCH nf-next RFC,v2 6/6] netfilter: nft_flow_offload: add ndo hooks for hardware offload

Pablo Neira Ayuso wrote: > The software flow table garbage collector skips entries that resides in > the hardware, so the hardware will be responsible for releasing this > flow table entry too via flow_offload_dead(). In the next garbage > collector run, this removes the

Re: [PATCH nf-next RFC,v2 4/6] netfilter: flow table support for IPv4

Pablo Neira Ayuso wrote: > This patch adds the IPv4 flow table type, that implements the datapath > flow table to forward IPv4 traffic. Rationale is: > > 1) Look up for the packet in the flow table, from the ingress hook. > 2) If there's a hit, decrement ttl and pass it on

[PATCH net-next 2/4] rtnetlink: get reference on module before invoking handlers

Add yet another rtnl_register function. It will be used by modules that can be removed. The passed module struct is used to prevent module unload while a netlink dump is in progress or when a DOIT_UNLOCKED doit callback is called. Cc: Peter Zijlstra <pet...@infradead.org> Signed-off-by: F

[PATCH net] net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts

nderx: Fix TCP/UDP checksum offload for IPv6 pkts") Cc: Sunil Goutham <sgout...@cavium.com> Cc: Aleksey Makarov <aleksey.maka...@auriga.com> Cc: Eric Dumazet <eduma...@google.com> Signed-off-by: Florian Westphal <f...@strlen.de> --- drivers/net/ethernet/cavium/thunder/nic

<    2   3   4   5   6   7   8   9   >