1. 16 Aug, 2019 7 commits
  2. 14 Aug, 2019 12 commits
  3. 13 Aug, 2019 21 commits
    • Vlad Buslov's avatar
      net: devlink: remove redundant rtnl lock assert · 043b8413
      Vlad Buslov authored
      It is enough for caller of devlink_compat_switch_id_get() to hold the net
      device to guarantee that devlink port is not destroyed concurrently. Remove
      rtnl lock assertion and modify comment to warn user that they must hold
      either rtnl lock or reference to net device. This is necessary to
      accommodate future implementation of rtnl-unlocked TC offloads driver
      callbacks.
      Signed-off-by: default avatarVlad Buslov <vladbu@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      043b8413
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · 708852dc
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      The following pull-request contains BPF updates for your *net-next* tree.
      
      There is a small merge conflict in libbpf (Cc Andrii so he's in the loop
      as well):
      
              for (i = 1; i <= btf__get_nr_types(btf); i++) {
                      t = (struct btf_type *)btf__type_by_id(btf, i);
      
                      if (!has_datasec && btf_is_var(t)) {
                              /* replace VAR with INT */
                              t->info = BTF_INFO_ENC(BTF_KIND_INT, 0, 0);
        <<<<<<< HEAD
                              /*
                               * using size = 1 is the safest choice, 4 will be too
                               * big and cause kernel BTF validation failure if
                               * original variable took less than 4 bytes
                               */
                              t->size = 1;
                              *(int *)(t+1) = BTF_INT_ENC(0, 0, 8);
                      } else if (!has_datasec && kind == BTF_KIND_DATASEC) {
        =======
                              t->size = sizeof(int);
                              *(int *)(t + 1) = BTF_INT_ENC(0, 0, 32);
                      } else if (!has_datasec && btf_is_datasec(t)) {
        >>>>>>> 72ef80b5
                              /* replace DATASEC with STRUCT */
      
      Conflict is between the two commits 1d4126c4 ("libbpf: sanitize VAR to
      conservative 1-byte INT") and b03bc685 ("libbpf: convert libbpf code to
      use new btf helpers"), so we need to pick the sanitation fixup as well as
      use the new btf_is_datasec() helper and the whitespace cleanup. Looks like
      the following:
      
        [...]
                      if (!has_datasec && btf_is_var(t)) {
                              /* replace VAR with INT */
                              t->info = BTF_INFO_ENC(BTF_KIND_INT, 0, 0);
                              /*
                               * using size = 1 is the safest choice, 4 will be too
                               * big and cause kernel BTF validation failure if
                               * original variable took less than 4 bytes
                               */
                              t->size = 1;
                              *(int *)(t + 1) = BTF_INT_ENC(0, 0, 8);
                      } else if (!has_datasec && btf_is_datasec(t)) {
                              /* replace DATASEC with STRUCT */
        [...]
      
      The main changes are:
      
      1) Addition of core parts of compile once - run everywhere (co-re) effort,
         that is, relocation of fields offsets in libbpf as well as exposure of
         kernel's own BTF via sysfs and loading through libbpf, from Andrii.
      
         More info on co-re: http://vger.kernel.org/bpfconf2019.html#session-2
         and http://vger.kernel.org/lpc-bpf2018.html#session-2
      
      2) Enable passing input flags to the BPF flow dissector to customize parsing
         and allowing it to stop early similar to the C based one, from Stanislav.
      
      3) Add a BPF helper function that allows generating SYN cookies from XDP and
         tc BPF, from Petar.
      
      4) Add devmap hash-based map type for more flexibility in device lookup for
         redirects, from Toke.
      
      5) Improvements to XDP forwarding sample code now utilizing recently enabled
         devmap lookups, from Jesper.
      
      6) Add support for reporting the effective cgroup progs in bpftool, from Jakub
         and Takshak.
      
      7) Fix reading kernel config from bpftool via /proc/config.gz, from Peter.
      
      8) Fix AF_XDP umem pages mapping for 32 bit architectures, from Ivan.
      
      9) Follow-up to add two more BPF loop tests for the selftest suite, from Alexei.
      
      10) Add perf event output helper also for other skb-based program types, from Allan.
      
      11) Fix a co-re related compilation error in selftests, from Yonghong.
      ====================
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      708852dc
    • YueHaibing's avatar
      net: hns3: Make hclge_func_reset_sync_vf static · a9a96760
      YueHaibing authored
      Fix sparse warning:
      
      drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:3190:5:
       warning: symbol 'hclge_func_reset_sync_vf' was not declared. Should it be static?
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      a9a96760
    • Jiri Pirko's avatar
      devlink: send notifications for deleted snapshots on region destroy · 92b49822
      Jiri Pirko authored
      Currently the notifications for deleted snapshots are sent only in case
      user deletes a snapshot manually. Send the notifications in case region
      is destroyed too.
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      92b49822
    • Daniel Borkmann's avatar
      Merge branch 'bpf-libbpf-read-sysfs-btf' · 72ef80b5
      Daniel Borkmann authored
      Andrii Nakryiko says:
      
      ====================
      Now that kernel's BTF is exposed through sysfs at well-known location, attempt
      to load it first as a target BTF for the purpose of BPF CO-RE relocations.
      
      Patch #1 is a follow-up patch to rename /sys/kernel/btf/kernel into
      /sys/kernel/btf/vmlinux.
      
      Patch #2 adds ability to load raw BTF contents from sysfs and expands the list
      of locations libbpf attempts to load vmlinux BTF from.
      ====================
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      72ef80b5
    • Andrii Nakryiko's avatar
      libbpf: attempt to load kernel BTF from sysfs first · a1916a15
      Andrii Nakryiko authored
      Add support for loading kernel BTF from sysfs (/sys/kernel/btf/vmlinux)
      as a target BTF. Also extend the list of on disk search paths for
      vmlinux ELF image with entries that perf is searching for.
      Signed-off-by: default avatarAndrii Nakryiko <andriin@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      a1916a15
    • Andrii Nakryiko's avatar
      btf: rename /sys/kernel/btf/kernel into /sys/kernel/btf/vmlinux · 7fd78568
      Andrii Nakryiko authored
      Expose kernel's BTF under the name vmlinux to be more uniform with using
      kernel module names as file names in the future.
      
      Fixes: 341dfcf8 ("btf: expose BTF info through sysfs")
      Suggested-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarAndrii Nakryiko <andriin@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      7fd78568
    • Petar Penkov's avatar
      selftests/bpf: fix race in flow dissector tests · 9840a4ff
      Petar Penkov authored
      Since the "last_dissection" map holds only the flow keys for the most
      recent packet, there is a small race in the skb-less flow dissector
      tests if a new packet comes between transmitting the test packet, and
      reading its keys from the map. If this happens, the test packet keys
      will be overwritten and the test will fail.
      
      Changing the "last_dissection" map to a hash map, keyed on the
      source/dest port pair resolves this issue. Additionally, let's clear the
      last test results from the map between tests to prevent previous test
      cases from interfering with the following test cases.
      
      Fixes: 0905beec ("selftests/bpf: run flow dissector tests in skb-less mode")
      Signed-off-by: default avatarPetar Penkov <ppenkov@google.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      9840a4ff
    • Peter Wu's avatar
      tools: bpftool: add feature check for zlib · d66fa3c7
      Peter Wu authored
      bpftool requires libelf, and zlib for decompressing /proc/config.gz.
      zlib is a transitive dependency via libelf, and became mandatory since
      elfutils 0.165 (Jan 2016). The feature check of libelf is already done
      in the elfdep target of tools/lib/bpf/Makefile, pulled in by bpftool via
      a dependency on libbpf.a. Add a similar feature check for zlib.
      Suggested-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarPeter Wu <peter@lekensteyn.nl>
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      d66fa3c7
    • Andrii Nakryiko's avatar
      btf: expose BTF info through sysfs · 341dfcf8
      Andrii Nakryiko authored
      Make .BTF section allocated and expose its contents through sysfs.
      
      /sys/kernel/btf directory is created to contain all the BTFs present
      inside kernel. Currently there is only kernel's main BTF, represented as
      /sys/kernel/btf/kernel file. Once kernel modules' BTFs are supported,
      each module will expose its BTF as /sys/kernel/btf/<module-name> file.
      
      Current approach relies on a few pieces coming together:
      1. pahole is used to take almost final vmlinux image (modulo .BTF and
         kallsyms) and generate .BTF section by converting DWARF info into
         BTF. This section is not allocated and not mapped to any segment,
         though, so is not yet accessible from inside kernel at runtime.
      2. objcopy dumps .BTF contents into binary file and subsequently
         convert binary file into linkable object file with automatically
         generated symbols _binary__btf_kernel_bin_start and
         _binary__btf_kernel_bin_end, pointing to start and end, respectively,
         of BTF raw data.
      3. final vmlinux image is generated by linking this object file (and
         kallsyms, if necessary). sysfs_btf.c then creates
         /sys/kernel/btf/kernel file and exposes embedded BTF contents through
         it. This allows, e.g., libbpf and bpftool access BTF info at
         well-known location, without resorting to searching for vmlinux image
         on disk (location of which is not standardized and vmlinux image
         might not be even available in some scenarios, e.g., inside qemu
         during testing).
      
      Alternative approach using .incbin assembler directive to embed BTF
      contents directly was attempted but didn't work, because sysfs_proc.o is
      not re-compiled during link-vmlinux.sh stage. This is required, though,
      to update embedded BTF data (initially empty data is embedded, then
      pahole generates BTF info and we need to regenerate sysfs_btf.o with
      updated contents, but it's too late at that point).
      
      If BTF couldn't be generated due to missing or too old pahole,
      sysfs_btf.c handles that gracefully by detecting that
      _binary__btf_kernel_bin_start (weak symbol) is 0 and not creating
      /sys/kernel/btf at all.
      
      v2->v3:
      - added Documentation/ABI/testing/sysfs-kernel-btf (Greg K-H);
      - created proper kobject (btf_kobj) for btf directory (Greg K-H);
      - undo v2 change of reusing vmlinux, as it causes extra kallsyms pass
        due to initially missing  __binary__btf_kernel_bin_{start/end} symbols;
      
      v1->v2:
      - allow kallsyms stage to re-use vmlinux generated by gen_btf();
      Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarAndrii Nakryiko <andriin@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      341dfcf8
    • Florian Westphal's avatar
      netfilter: connlabels: prefer static lock initialiser · 10533343
      Florian Westphal authored
      seen during boot:
      BUG: spinlock bad magic on CPU#2, swapper/0/1
       lock: nf_connlabels_lock+0x0/0x60, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
      Call Trace:
       do_raw_spin_lock+0x14e/0x1b0
       nf_connlabels_get+0x15/0x40
       ct_init_net+0xc4/0x270
       ops_init+0x56/0x1c0
       register_pernet_operations+0x1c8/0x350
       register_pernet_subsys+0x1f/0x40
       tcf_register_action+0x7c/0x1a0
       do_one_initcall+0x13d/0x2d9
      
      Problem is that ct action init function can run before
      connlabels_init().  Lock has not been initialised yet.
      
      Fix it by using a static initialiser.
      
      Fixes: b57dc7c1 ("net/sched: Introduce action ct")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      10533343
    • Valdis Klētnieks's avatar
      netfilter: nf_nat_proto: make tables static · 0a30ba50
      Valdis Klētnieks authored
      Sparse warns about two tables not being declared.
      
        CHECK   net/netfilter/nf_nat_proto.c
      net/netfilter/nf_nat_proto.c:725:26: warning: symbol 'nf_nat_ipv4_ops' was not declared. Should it be static?
      net/netfilter/nf_nat_proto.c:964:26: warning: symbol 'nf_nat_ipv6_ops' was not declared. Should it be static?
      
      And in fact they can indeed be static.
      Signed-off-by: default avatarValdis Kletnieks <valdis.kletnieks@vt.edu>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0a30ba50
    • Valdis Klētnieks's avatar
      netfilter: nf_tables: add missing prototypes. · 5785cf15
      Valdis Klētnieks authored
      Sparse rightly complains about undeclared symbols.
      
        CHECK   net/netfilter/nft_set_hash.c
      net/netfilter/nft_set_hash.c:647:21: warning: symbol 'nft_set_rhash_type' was not declared. Should it be static?
      net/netfilter/nft_set_hash.c:670:21: warning: symbol 'nft_set_hash_type' was not declared. Should it be static?
      net/netfilter/nft_set_hash.c:690:21: warning: symbol 'nft_set_hash_fast_type' was not declared. Should it be static?
        CHECK   net/netfilter/nft_set_bitmap.c
      net/netfilter/nft_set_bitmap.c:296:21: warning: symbol 'nft_set_bitmap_type' was not declared. Should it be static?
        CHECK   net/netfilter/nft_set_rbtree.c
      net/netfilter/nft_set_rbtree.c:470:21: warning: symbol 'nft_set_rbtree_type' was not declared. Should it be static?
      
      Include nf_tables_core.h rather than nf_tables.h to pick up the additional definitions.
      Signed-off-by: default avatarValdis Kletnieks <valdis.kletnieks@vt.edu>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      5785cf15
    • Jeremy Sowden's avatar
      kbuild: remove all netfilter headers from header-test blacklist. · 2a475c40
      Jeremy Sowden authored
      All the blacklisted NF headers can now be compiled stand-alone, so
      removed them from the blacklist.
      
      Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      2a475c40
    • Jeremy Sowden's avatar
      netfilter: remove "#ifdef __KERNEL__" guards from some headers. · 20a9379d
      Jeremy Sowden authored
      A number of non-UAPI Netfilter header-files contained superfluous
      "#ifdef __KERNEL__" guards.  Removed them.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      20a9379d
    • Jeremy Sowden's avatar
      netfilter: add missing IS_ENABLED(CONFIG_NETFILTER) checks to some header-files. · 78458e3e
      Jeremy Sowden authored
      linux/netfilter.h defines a number of struct and inline function
      definitions which are only available is CONFIG_NETFILTER is enabled.
      These structs and functions are used in declarations and definitions in
      other header-files.  Added preprocessor checks to make sure these
      headers will compile if CONFIG_NETFILTER is disabled.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      78458e3e
    • Jeremy Sowden's avatar
      netfilter: add missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to some header-files. · 0abc8bf4
      Jeremy Sowden authored
      struct nf_conn contains a "struct nf_conntrack ct_general" member and
      struct net contains a "struct netns_ct ct" member which are both only
      defined in CONFIG_NF_CONNTRACK is enabled.  These members are used in a
      number of inline functions defined in other header-files.  Added
      preprocessor checks to make sure the headers will compile if
      CONFIG_NF_CONNTRACK is disabled.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0abc8bf4
    • Jeremy Sowden's avatar
      netfilter: add missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file. · 47e640af
      Jeremy Sowden authored
      nf_tables.h defines an API comprising several inline functions and
      macros that depend on the nft member of struct net.  However, this is
      only defined is CONFIG_NF_TABLES is enabled.  Added preprocessor checks
      to ensure that nf_tables.h will compile if CONFIG_NF_TABLES is disabled.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      47e640af
    • Jeremy Sowden's avatar
      netfilter: add missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to header-file. · 9211bfbf
      Jeremy Sowden authored
      br_netfilter.h defines inline functions that use an enum constant and
      struct member that are only defined if CONFIG_BRIDGE_NETFILTER is
      enabled.  Added preprocessor checks to ensure br_netfilter.h will
      compile if CONFIG_BRIDGE_NETFILTER is disabled.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      9211bfbf
    • Jeremy Sowden's avatar
      netfilter: add missing includes to a number of header-files. · a1b2f04e
      Jeremy Sowden authored
      A number of netfilter header-files used declarations and definitions
      from other headers without including them.  Added include directives to
      make those declarations and definitions available.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      a1b2f04e
    • Jeremy Sowden's avatar
      netfilter: inline four headers files into another one. · bd96b4c7
      Jeremy Sowden authored
      linux/netfilter/ipset/ip_set.h included four other header files:
      
        include/linux/netfilter/ipset/ip_set_comment.h
        include/linux/netfilter/ipset/ip_set_counter.h
        include/linux/netfilter/ipset/ip_set_skbinfo.h
        include/linux/netfilter/ipset/ip_set_timeout.h
      
      Of these the first three were not included anywhere else.  The last,
      ip_set_timeout.h, was included in a couple of other places, but defined
      inline functions which call other inline functions defined in ip_set.h,
      so ip_set.h had to be included before it.
      
      Inlined all four into ip_set.h, and updated the other files that
      included ip_set_timeout.h.
      Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
      Acked-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      bd96b4c7