1. 11 Apr, 2022 11 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next · 4696ad36
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains Netfilter updates for net-next:
      
      1) Replace unnecessary list_for_each_entry_continue() in nf_tables,
         from Jakob Koschel.
      
      2) Add struct nf_conntrack_net_ecache to conntrack event cache and
         use it, from Florian Westphal.
      
      3) Refactor ctnetlink_dump_list(), also from Florian.
      
      4) Bump module reference counter on cttimeout object addition/removal,
         from Florian.
      
      5) Consolidate nf_log MAC printer, from Phil Sutter.
      
      6) Add basic logging support for unknown ethertype, from Phil Sutter.
      
      7) Consolidate check for sysctl nf_log_all_netns toggle, also from Phil.
      
      8) Replace hardcode value in nft_bitwise, from Jeremy Sowden.
      
      9) Rename BASIC-like goto tags in nft_bitwise to more meaningful names,
         also from Jeremy.
      
      10) nft_fib support for reverse path filtering with policy-based routing
          on iif. Extend selftests to cover for this new usecase, from Florian.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4696ad36
    • Florian Westphal's avatar
      selftests: netfilter: add fib expression forward test case · 0c7b2761
      Florian Westphal authored
      Its now possible to use fib expression in the forward chain (where both
      the input and output interfaces are known).
      
      Add a simple test case for this.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0c7b2761
    • Pablo Neira Ayuso's avatar
      netfilter: nft_fib: reverse path filter for policy-based routing on iif · be8be04e
      Pablo Neira Ayuso authored
      If policy-based routing using the iif selector is used, then the fib
      expression fails to look up for the reverse path from the prerouting
      hook because the input interface cannot be inferred. In order to support
      this scenario, extend the fib expression to allow to use after the route
      lookup, from the forward hook.
      
      This patch also adds support for the input hook for usability reasons.
      Since the prerouting hook cannot be used for the scenario described
      above, users need two rules: one for the forward chain and another rule
      for the input chain to check for the reverse path check for locally
      targeted traffic.
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      be8be04e
    • Lv Ruyi's avatar
      bnx2x: Fix spelling mistake "regiser" -> "register" · a21437d2
      Lv Ruyi authored
      There are some spelling mistakes in the comments for macro. Fix it.
      Reported-by: default avatarZeal Robot <zealci@zte.com.cn>
      Signed-off-by: default avatarLv Ruyi <lv.ruyi@zte.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a21437d2
    • Felix Fietkau's avatar
      net: ethernet: mtk_eth_soc/wed: fix sparse endian warnings · 4d65f9b6
      Felix Fietkau authored
      Descriptor fields are little-endian
      
      Fixes: 804775df ("net: ethernet: mtk_eth_soc: add support for Wireless Ethernet Dispatch (WED)")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4d65f9b6
    • Yang Yingliang's avatar
      net: ethernet: mtk_eth_soc: fix return value check in mtk_wed_add_hw() · b559edfa
      Yang Yingliang authored
      If syscon_regmap_lookup_by_phandle() fails, it never return NULL pointer,
      change the check to IS_ERR().
      
      Fixes: 804775df ("net: ethernet: mtk_eth_soc: add support for Wireless Ethernet Dispatch (WED)")
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b559edfa
    • David S. Miller's avatar
      Merge branch 'icmp-skb-reason' · 750d019d
      David S. Miller authored
      Menglong Dong says:
      
      ====================
      net: icmp: add skb drop reasons to icmp
      In the commit c504e5c2 ("net: skb: introduce kfree_skb_reason()"),
      we added the support of reporting the reasons of skb drops to kfree_skb
      tracepoint. And in this series patches, reasons for skb drops are added
      to ICMP protocol.
      
      In order to report the reasons of skb drops in 'sock_queue_rcv_skb()',
      the function 'sock_queue_rcv_skb_reason()' is introduced in the 1th
      patch, which is used in the 3th patch.
      
      As David Ahern suggested, the reasons for skb drops should be more
      general and not be code based. Therefore, in the 2th patch,
      SKB_DROP_REASON_PTYPE_ABSENT is renamed to
      SKB_DROP_REASON_UNHANDLED_PROTO, which is used for the cases of no
      L3 protocol handler, no L4 protocol handler, version extensions, etc.
      
      In the 3th patch, we introduce the new function __ping_queue_rcv_skb()
      to report drop reasons by its return value and keep the return value of
      ping_queue_rcv_skb() still.
      
      In the 4th patch, we make ICMP message handler functions return drop
      reasons, which means we change the return type of 'handler()' in
      'struct icmp_control' from 'bool' to 'enum skb_drop_reason'. This
      changed its original intention, as 'false' means failure, but
      'SKB_NOT_DROPPED_YET', which is 0, means success now. Therefore, we
      have to change all usages of these handler. Following "handler"
      functions are involved:
      
      icmp_unreach()
      icmp_redirect()
      icmp_echo()
      icmp_timestamp()
      icmp_discard()
      
      And following drop reasons are added(what they mean can be see
      in the document for them):
      
      SKB_DROP_REASON_ICMP_CSUM
      SKB_DROP_REASON_INVALID_PROTO
      
      The reason 'INVALID_PROTO' is introduced for the case that the packet
      doesn't follow rfc 1122 and is dropped. I think this reason is different
      from the 'UNHANDLED_PROTO', as the 'UNHANDLED_PROTO' means the packet is
      fine, and it is just not supported. This is not a common case, and I
      believe we can locate the problem from the data in the packet. For now,
      this 'INVALID_PROTO' is used for the icmp broadcasts with wrong types.
      
      Maybe there should be a document file for these reasons. For example,
      list all the case that causes the 'INVALID_PROTO' drop reason. Therefore,
      users can locate their problems according to the document.
      
      Changes since v4:
      - rename SKB_DROP_REASON_RFC_1122 to SKB_DROP_REASON_INVALID_PROTO
      
      Changes since v3:
      - rename SKB_DROP_REASON_PTYPE_ABSENT to SKB_DROP_REASON_UNHANDLED_PROTO
        in the 2th patch
      - fix the return value problem of ping_queue_rcv_skb() in the 3th patch
      - remove SKB_DROP_REASON_ICMP_TYPE and SKB_DROP_REASON_ICMP_BROADCAST
        and introduce the SKB_DROP_REASON_RFC_1122 in the 4th patch
      
      Changes since v2:
      - fix aliegnment problem in the 2th patch
      
      Changes since v1:
      - introduce __ping_queue_rcv_skb() instead of change the return value
        of ping_queue_rcv_skb() in the 2th patch, as Paolo suggested
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      750d019d
    • Menglong Dong's avatar
      net: icmp: add skb drop reasons to icmp protocol · b384c95a
      Menglong Dong authored
      Replace kfree_skb() used in icmp_rcv() and icmpv6_rcv() with
      kfree_skb_reason().
      
      In order to get the reasons of the skb drops after icmp message handle,
      we change the return type of 'handler()' in 'struct icmp_control' from
      'bool' to 'enum skb_drop_reason'. This may change its original
      intention, as 'false' means failure, but 'SKB_NOT_DROPPED_YET' means
      success now. Therefore, all 'handler' and the call of them need to be
      handled. Following 'handler' functions are involved:
      
      icmp_unreach()
      icmp_redirect()
      icmp_echo()
      icmp_timestamp()
      icmp_discard()
      
      And following new drop reasons are added:
      
      SKB_DROP_REASON_ICMP_CSUM
      SKB_DROP_REASON_INVALID_PROTO
      
      The reason 'INVALID_PROTO' is introduced for the case that the packet
      doesn't follow rfc 1122 and is dropped. This is not a common case, and
      I believe we can locate the problem from the data in the packet. For now,
      this 'INVALID_PROTO' is used for the icmp broadcasts with wrong types.
      
      Maybe there should be a document file for these reasons. For example,
      list all the case that causes the 'UNHANDLED_PROTO' and 'INVALID_PROTO'
      drop reason. Therefore, users can locate their problems according to the
      document.
      Reviewed-by: default avatarHao Peng <flyingpeng@tencent.com>
      Reviewed-by: default avatarJiang Biao <benbjiang@tencent.com>
      Signed-off-by: default avatarMenglong Dong <imagedong@tencent.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b384c95a
    • Menglong Dong's avatar
      net: icmp: introduce __ping_queue_rcv_skb() to report drop reasons · 41a95a00
      Menglong Dong authored
      In order to avoid to change the return value of ping_queue_rcv_skb(),
      introduce the function __ping_queue_rcv_skb(), which is able to report
      the reasons of skb drop as its return value, as Paolo suggested.
      
      Meanwhile, make ping_queue_rcv_skb() a simple call to
      __ping_queue_rcv_skb().
      
      The kfree_skb() and sock_queue_rcv_skb() used in ping_queue_rcv_skb()
      are replaced with kfree_skb_reason() and sock_queue_rcv_skb_reason()
      now.
      Reviewed-by: default avatarHao Peng <flyingpeng@tencent.com>
      Reviewed-by: default avatarJiang Biao <benbjiang@tencent.com>
      Signed-off-by: default avatarMenglong Dong <imagedong@tencent.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      41a95a00
    • Menglong Dong's avatar
      net: skb: rename SKB_DROP_REASON_PTYPE_ABSENT · 9f8ed577
      Menglong Dong authored
      As David Ahern suggested, the reasons for skb drops should be more
      general and not be code based.
      
      Therefore, rename SKB_DROP_REASON_PTYPE_ABSENT to
      SKB_DROP_REASON_UNHANDLED_PROTO, which is used for the cases of no
      L3 protocol handler, no L4 protocol handler, version extensions, etc.
      
      From previous discussion, now we have the aim to make these reasons
      more abstract and users based, avoiding code based.
      Signed-off-by: default avatarMenglong Dong <imagedong@tencent.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f8ed577
    • Menglong Dong's avatar
      net: sock: introduce sock_queue_rcv_skb_reason() · c1b8a567
      Menglong Dong authored
      In order to report the reasons of skb drops in 'sock_queue_rcv_skb()',
      introduce the function 'sock_queue_rcv_skb_reason()'.
      
      As the return value of 'sock_queue_rcv_skb()' is used as the error code,
      we can't make it as drop reason and have to pass extra output argument.
      'sock_queue_rcv_skb()' is used in many places, so we can't change it
      directly.
      
      Introduce the new function 'sock_queue_rcv_skb_reason()' and make
      'sock_queue_rcv_skb()' an inline call to it.
      Reviewed-by: default avatarHao Peng <flyingpeng@tencent.com>
      Reviewed-by: default avatarJiang Biao <benbjiang@tencent.com>
      Signed-off-by: default avatarMenglong Dong <imagedong@tencent.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c1b8a567
  2. 10 Apr, 2022 12 commits
  3. 09 Apr, 2022 4 commits
    • Jeremy Sowden's avatar
      netfilter: bitwise: improve error goto labels · 00bd4352
      Jeremy Sowden authored
      Replace two labels (`err1` and `err2`) with more informative ones.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      00bd4352
    • Jeremy Sowden's avatar
      netfilter: bitwise: replace hard-coded size with `sizeof` expression · c70b921f
      Jeremy Sowden authored
      When calculating the length of an array, use the appropriate `sizeof`
      expression for its type, rather than an integer literal.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      c70b921f
    • Colin Foster's avatar
      net: mdio: mscc-miim: add local dev variable to cleanup probe function · 626a5aaa
      Colin Foster authored
      Create a local device *dev in order to not dereference the platform_device
      several times throughout the probe function.
      Signed-off-by: default avatarColin Foster <colin.foster@in-advantage.com>
      Reviewed-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      626a5aaa
    • Jakub Kicinski's avatar
      Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · 34ba23b4
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf-next 2022-04-09
      
      We've added 63 non-merge commits during the last 9 day(s) which contain
      a total of 68 files changed, 4852 insertions(+), 619 deletions(-).
      
      The main changes are:
      
      1) Add libbpf support for USDT (User Statically-Defined Tracing) probes.
         USDTs are an abstraction built on top of uprobes, critical for tracing
         and BPF, and widely used in production applications, from Andrii Nakryiko.
      
      2) While Andrii was adding support for x86{-64}-specific logic of parsing
         USDT argument specification, Ilya followed-up with USDT support for s390
         architecture, from Ilya Leoshkevich.
      
      3) Support name-based attaching for uprobe BPF programs in libbpf. The format
         supported is `u[ret]probe/binary_path:[raw_offset|function[+offset]]`, e.g.
         attaching to libc malloc can be done in BPF via SEC("uprobe/libc.so.6:malloc")
         now, from Alan Maguire.
      
      4) Various load/store optimizations for the arm64 JIT to shrink the image
         size by using arm64 str/ldr immediate instructions. Also enable pointer
         authentication to verify return address for JITed code, from Xu Kuohai.
      
      5) BPF verifier fixes for write access checks to helper functions, e.g.
         rd-only memory from bpf_*_cpu_ptr() must not be passed to helpers that
         write into passed buffers, from Kumar Kartikeya Dwivedi.
      
      6) Fix overly excessive stack map allocation for its base map structure and
         buckets which slipped-in from cleanups during the rlimit accounting removal
         back then, from Yuntao Wang.
      
      7) Extend the unstable CT lookup helpers for XDP and tc/BPF to report netfilter
         connection tracking tuple direction, from Lorenzo Bianconi.
      
      8) Improve bpftool dump to show BPF program/link type names, Milan Landaverde.
      
      9) Minor cleanups all over the place from various others.
      
      * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (63 commits)
        bpf: Fix excessive memory allocation in stack_map_alloc()
        selftests/bpf: Fix return value checks in perf_event_stackmap test
        selftests/bpf: Add CO-RE relos into linked_funcs selftests
        libbpf: Use weak hidden modifier for USDT BPF-side API functions
        libbpf: Don't error out on CO-RE relos for overriden weak subprogs
        samples, bpf: Move routes monitor in xdp_router_ipv4 in a dedicated thread
        libbpf: Allow WEAK and GLOBAL bindings during BTF fixup
        libbpf: Use strlcpy() in path resolution fallback logic
        libbpf: Add s390-specific USDT arg spec parsing logic
        libbpf: Make BPF-side of USDT support work on big-endian machines
        libbpf: Minor style improvements in USDT code
        libbpf: Fix use #ifdef instead of #if to avoid compiler warning
        libbpf: Potential NULL dereference in usdt_manager_attach_usdt()
        selftests/bpf: Uprobe tests should verify param/return values
        libbpf: Improve string parsing for uprobe auto-attach
        libbpf: Improve library identification for uprobe binary path resolution
        selftests/bpf: Test for writes to map key from BPF helpers
        selftests/bpf: Test passing rdonly mem to global func
        bpf: Reject writes for PTR_TO_MAP_KEY in check_helper_mem_access
        bpf: Check PTR_TO_MEM | MEM_RDONLY in check_helper_mem_access
        ...
      ====================
      
      Link: https://lore.kernel.org/r/20220408231741.19116-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      34ba23b4
  4. 08 Apr, 2022 13 commits