1. 28 Jul, 2023 15 commits
  2. 26 Jul, 2023 1 commit
  3. 25 Jul, 2023 11 commits
  4. 24 Jul, 2023 10 commits
  5. 23 Jul, 2023 3 commits
    • Patrick Rohr's avatar
      net: add sysctl accept_ra_min_rtr_lft · 1671bcfd
      Patrick Rohr authored
      This change adds a new sysctl accept_ra_min_rtr_lft to specify the
      minimum acceptable router lifetime in an RA. If the received RA router
      lifetime is less than the configured value (and not 0), the RA is
      ignored.
      This is useful for mobile devices, whose battery life can be impacted
      by networks that configure RAs with a short lifetime. On such networks,
      the device should never gain IPv6 provisioning and should attempt to
      drop RAs via hardware offload, if available.
      Signed-off-by: default avatarPatrick Rohr <prohr@google.com>
      Cc: Maciej Żenczykowski <maze@google.com>
      Cc: Lorenzo Colitti <lorenzo@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1671bcfd
    • justinstitt@google.com's avatar
      net: dsa: remove deprecated strncpy · 5c9f7b04
      justinstitt@google.com authored
      `strncpy` is deprecated for use on NUL-terminated destination strings [1].
      
      Even call sites utilizing length-bounded destination buffers should
      switch over to using `strtomem` or `strtomem_pad`. In this case,
      however, the compiler is unable to determine the size of the `data`
      buffer which renders `strtomem` unusable. Due to this, `strscpy`
      should be used.
      
      It should be noted that most call sites already zero-initialize the
      destination buffer. However, I've opted to use `strscpy_pad` to maintain
      the same exact behavior that `strncpy` produced (zero-padded tail up to
      `len`).
      
      Also see [3].
      
      [1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
      [2]: elixir.bootlin.com/linux/v6.3/source/net/ethtool/ioctl.c#L1944
      [3]: manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
      
      Link: https://github.com/KSPP/linux/issues/90Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJustin Stitt <justinstitt@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c9f7b04
    • David S. Miller's avatar
      Merge branch 'process-connector-bug-fixes-and-enhancements' · 2e60314c
      David S. Miller authored
      Anjali Kulkarni says:
      
      ====================
      Process connector bug fixes & enhancements
      
      Oracle DB is trying to solve a performance overhead problem it has been
      facing for the past 10 years and using this patch series, we can fix this
      issue.
      
      Oracle DB runs on a large scale with 100000s of short lived processes,
      starting up and exiting quickly. A process monitoring DB daemon which
      tracks and cleans up after processes that have died without a proper exit
      needs notifications only when a process died with a non-zero exit code
      (which should be rare).
      
      Due to the pmon architecture, which is distributed, each process is
      independent and has minimal interaction with pmon. Hence fd based
      solutions to track a process's spawning and exit cannot be used. Pmon
      needs to detect the abnormal death of a process so it can cleanup after.
      Currently it resorts to checking /proc every few seconds. Other methods
      we tried like using system call to reduce the above overhead were not
      accepted upstream.
      
      With this change, we add event based filtering to proc connector module
      so that DB can only listen to the events it is interested in. A new
      event type PROC_EVENT_NONZERO_EXIT is added, which is only sent by kernel
      to a listening application when any process exiting has a non-zero exit
      status.
      
      This change will give Oracle DB substantial performance savings - it takes
      50ms to scan about 8K PIDs in /proc, about 500ms for 100K PIDs. DB does
      this check every 3 secs, so over an hour we save 10secs for 100K PIDs.
      
      With this, a client can register to listen for only exit or fork or a mix or
      all of the events. This greatly enhances performance - currently, we
      need to listen to all events, and there are 9 different types of events.
      For eg. handling 3 types of events - 8K-forks + 8K-exits + 8K-execs takes
      200ms, whereas handling 2 types - 8K-forks + 8K-exits takes about 150ms,
      and handling just one type - 8K exits takes about 70ms.
      
      Measuring the time using pidfds for monitoring 8K process exits took 4
      times longer - 200ms, as compared to 70ms using only exit notifications
      of proc connector. Hence, we cannot use pidfd for our use case.
      
      This kind of a new event could also be useful to other applications like
      Google's lmkd daemon, which needs a killed process's exit notification.
      
      This patch series is organized as follows -
      
      Patch 1 : Needed for patch 3 to work.
      Patch 2 : Needed for patch 3 to work.
      Patch 3 : Fixes some bugs in proc connector, details in the patch.
      Patch 4 : Adds event based filtering for performance enhancements.
      Patch 5 : Allow non-root users access to proc connector events.
      Patch 6 : Selftest code for proc connector.
      
      v9->v10 changes:
      - Rebased to net-next, re-compiled and re-tested.
      
      v8->v9 changes:
      - Added sha1 ("title") of reversed patch as suggested by Eric Dumazet.
      
      v7->v8 changes:
      - Fixed an issue pointed by Liam Howlett in v7.
      
      v6->v7 changes:
      - Incorporated Liam Howlett's comments on v6
      - Incorporated Kalesh Anakkur Purayil's comments
      
      v5->v6 changes:
      - Incorporated Liam Howlett's comments
      - Removed FILTER define from proc_filter.c and added a "-f" run-time
        option to run new filter code.
      - Made proc_filter.c a selftest in tools/testing/selftests/connector
      
      v4->v5 changes:
      - Change the cover letter
      - Fix a small issue in proc_filter.c
      
      v3->v4 changes:
      - Fix comments by Jakub Kicinski to incorporate root access changes
        within bind call of connector
      
      v2->v3 changes:
      - Fix comments by Jakub Kicinski to separate netlink (patch 2) (after
        layering) from connector fixes (patch 3).
      - Minor fixes suggested by Jakub.
      - Add new multicast group level permissions check at netlink layer.
        Split this into netlink & connector layers (patches 6 & 7)
      
      v1->v2 changes:
      - Fix comments by Jakub Kicinski to keep layering within netlink and
        update kdocs.
      - Move non-root users access patch last in series so remaining patches
        can go in first.
      
      v->v1 changes:
      - Changed commit log in patch 4 as suggested by Christian Brauner
      - Changed patch 4 to make more fine grained access to non-root users
      - Fixed warning in cn_proc.c,
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      - Fixed some existing warnings in cn_proc.c
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e60314c