1. 05 Oct, 2015 17 commits
    • Arnd Bergmann's avatar
      nfnetlink: use y2038 safe timestamp · f6389ecb
      Arnd Bergmann authored
      The __build_packet_message function fills a nfulnl_msg_packet_timestamp
      structure that uses 64-bit seconds and is therefore y2038 safe, but
      it uses an intermediate 'struct timespec' which is not.
      
      This trivially changes the code to use 'struct timespec64' instead,
      to correct the result on 32-bit architectures.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Cc: netfilter-devel@vger.kernel.org
      Cc: coreteam@netfilter.org
      Acked-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6389ecb
    • Arnd Bergmann's avatar
      atm: remove 'struct zatm_t_hist' · 70ba07b6
      Arnd Bergmann authored
      The zatm_t_hist structure is not used anywhere in the kernel, but is
      exported to user space. As we are trying to eliminate uses of time_t
      in the kernel for y2038 compatibility, the current definition triggers
      checking tools because it contains 'struct timeval'.
      
      As pointed out by Chas Williams, the only user of this structure was
      the ZATM_GETHIST ioctl command that has been removed a long time ago,
      and we can remove the structure as well without breaking any user
      space.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Chas Williams <3chas3@gmail.com>
      Cc: linux-atm-general@lists.sourceforge.net
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      70ba07b6
    • Arnd Bergmann's avatar
      mac80211: use ktime_get_seconds · 84b00607
      Arnd Bergmann authored
      The mac80211 code uses ktime_get_ts to measure the connected time.
      As this uses monotonic time, it is y2038 safe on 32-bit systems,
      but we still want to deprecate the use of 'timespec' because most
      other users are broken.
      
      This changes the code to use ktime_get_seconds() instead, which
      avoids the timespec structure and is slightly more efficient.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Cc: linux-wireless@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84b00607
    • Arnd Bergmann's avatar
      mwifiex: avoid gettimeofday in ba_threshold setting · 52f4f918
      Arnd Bergmann authored
      mwifiex_get_random_ba_threshold() uses a complex homegrown implementation
      to generate a pseudo-random number from the current time as returned
      from do_gettimeofday().
      
      This currently requires two 32-bit divisions plus a couple of other
      computations that are eventually discarded as only eight bits of
      the microsecond portion are used at all.
      
      We could replace this with a call to get_random_bytes(), but that
      might drain the entropy pool too fast if this is called for each
      packet.
      
      Instead, this patch converts it to use ktime_get_ns(), which is a
      bit faster than do_gettimeofday(), and then uses a similar algorithm
      as before, but in a way that takes both the nanosecond and second
      portion into account for slightly-more-but-still-not-very-random
      pseudorandom number.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Amitkumar Karwar <akarwar@marvell.com>
      Cc: Nishant Sarmukadam <nishants@marvell.com>
      Cc: Kalle Valo <kvalo@codeaurora.org>
      Cc: linux-wireless@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52f4f918
    • Arnd Bergmann's avatar
      mwifiex: use ktime_get_real for timestamping · e253fb74
      Arnd Bergmann authored
      The mwifiex_11n_aggregate_pkt() function creates a ktime_t from
      a timeval returned by do_gettimeofday, which is slow and causes
      an overflow in 2038 on 32-bit architectures.
      
      This solves both problems by using the appropriate ktime_get_real()
      function.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Amitkumar Karwar <akarwar@marvell.com>
      Cc: Nishant Sarmukadam <nishants@marvell.com>
      Cc: Kalle Valo <kvalo@codeaurora.org>
      Cc: linux-wireless@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e253fb74
    • Arnd Bergmann's avatar
      net: igb: avoid using timespec · 40c9b079
      Arnd Bergmann authored
      We want to deprecate the use of 'struct timespec' on 32-bit
      architectures, as it is will overflow in 2038. The igb
      driver uses it to read the current time, and can simply
      be changed to use ktime_get_real_ts64() instead.
      
      Because of hardware limitations, there is still an overflow
      in year 2106, which we cannot really avoid, but this documents
      the overflow.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
      Cc: intel-wired-lan@lists.osuosl.org
      Reviewed-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      40c9b079
    • Arnd Bergmann's avatar
      net: stmmac: avoid using timespec · 0a624155
      Arnd Bergmann authored
      We want to deprecate the use of 'struct timespec' on 32-bit
      architectures, as it is will overflow in 2038. The stmmac
      driver uses it to read the current time, and can simply
      be changed to use ktime_get_real_ts64() instead.
      
      Because of hardware limitations, there is still an overflow
      in year 2106, which we cannot really avoid, but this documents
      the overflow.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0a624155
    • Arnd Bergmann's avatar
      net: fec: avoid timespec use · be7ccdc3
      Arnd Bergmann authored
      The fec_ptp_enable_pps uses an open-coded implementation of ns_to_timespec,
      which will be removed eventually as it is not y2038-safe on 32-bit
      architectures. Two more instances of the same code in this file were
      already converted to use the safe ns_to_timespec64 in commit 6630514f
      ("ptp: fec: use helpers for converting ns to timespec"), this changes
      the last one as well.
      
      The seconds portion here is actually unused and we could just remove the
      timespec variable, but using ns_to_timespec64 can still be better as the
      implementation can be hand-optimized in the future.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Cc: Fugang Duan <b38611@freescale.com>
      Cc: Luwei Zhou <b45643@freescale.com>
      Cc: Frank Li <Frank.Li@freescale.com>
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      be7ccdc3
    • David S. Miller's avatar
      Merge branch 'ipv4-multipath-hash' · 07355737
      David S. Miller authored
      Peter Nørlund says:
      
      ====================
      ipv4: Hash-based multipath routing
      
      When the routing cache was removed in 3.6, the IPv4 multipath algorithm changed
      from more or less being destination-based into being quasi-random per-packet
      scheduling. This increases the risk of out-of-order packets and makes it
      impossible to use multipath together with anycast services.
      
      This patch series replaces the old implementation with flow-based load
      balancing based on a hash over the source and destination addresses.
      
      Distribution of the hash is done with thresholds as described in RFC 2992.
      This reduces the disruption when a path is added/remove when having more than
      two paths.
      
      To futher the chance of successful usage in conjuction with anycast, ICMP
      error packets are hashed over the inner IP addresses. This ensures that PMTU
      will work together with anycast or load-balancers such as IPVS.
      
      Port numbers are not considered since fragments could cause problems with
      anycast and IPVS. Relying on the DF-flag for TCP packets is also insufficient,
      since ICMP inspection effectively extracts information from the opposite
      flow which might have a different state of the DF-flag. This is also why the
      RSS hash is not used. These are typically based on the NDIS RSS spec which
      mandates TCP support.
      
      Measurements of the additional overhead of a two-path multipath
      (p_mkroute_input excl. __mkroute_input) on a Xeon X3550 (4 cores, 2.66GHz):
      
      Original per-packet: ~394 cycles/packet
      L3 hash:              ~76 cycles/packet
      
      Changes in v5:
      - Fixed compilation error
      
      Changes in v4:
      - Functions take hash directly instead of func ptr
      - Added inline hash function
      - Added dummy macros to minimize ifdefs
      - Use upper 31 bits of hash instead of lower
      
      Changes in v3:
      - Multipath algorithm is no longer configurable (always L3)
      - Added random seed to hash
      - Moved ICMP inspection to isolated function
      - Ignore source quench packets (deprecated as per RFC 6633)
      
      Changes in v2:
      - Replaced 8-bit xor hash with 31-bit jenkins hash
      - Don't scale weights (since 31-bit)
      - Avoided unnecesary renaming of variables
      - Rely on DF-bit instead of fragment offset when checking for fragmentation
      - upper_bound is now inclusive to avoid overflow
      - Use a callback to postpone extracting flow information until necessary
      - Skipped ICMP inspection entirely with L4 hashing
      - Handle newly added sysctl ignore_routes_with_linkdown
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      07355737
    • Peter Nørlund's avatar
      ipv4: ICMP packet inspection for multipath · 79a13159
      Peter Nørlund authored
      ICMP packets are inspected to let them route together with the flow they
      belong to, minimizing the chance that a problematic path will affect flows
      on other paths, and so that anycast environments can work with ECMP.
      Signed-off-by: default avatarPeter Nørlund <pch@ordbogen.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      79a13159
    • Peter Nørlund's avatar
      ipv4: L3 hash-based multipath · 0e884c78
      Peter Nørlund authored
      Replaces the per-packet multipath with a hash-based multipath using
      source and destination address.
      Signed-off-by: default avatarPeter Nørlund <pch@ordbogen.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e884c78
    • David S. Miller's avatar
      Merge branch 'tcp-listener-fixes-and-improvement' · 2472186f
      David S. Miller authored
      Eric Dumazet says:
      
      ====================
      tcp: lockless listener fixes and improvement
      
      This fixes issues with TCP FastOpen vs lockless listeners,
      and SYNACK being attached to request sockets.
      
      Then, last patch brings performance improvement for
      syncookies generation and validation.
      
      Tested under a 4.3 Mpps SYNFLOOD attack, new perf profile looks
      like :
          12.11%  [kernel]  [k] sha_transform
           5.83%  [kernel]  [k] tcp_conn_request
           4.59%  [kernel]  [k] __inet_lookup_listener
           4.11%  [kernel]  [k] ipt_do_table
           3.91%  [kernel]  [k] tcp_make_synack
           3.05%  [kernel]  [k] fib_table_lookup
           2.74%  [kernel]  [k] sock_wfree
           2.66%  [kernel]  [k] memcpy_erms
           2.12%  [kernel]  [k] tcp_v4_rcv
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2472186f
    • Eric Dumazet's avatar
      tcp: avoid two atomic ops for syncookies · a1a5344d
      Eric Dumazet authored
      inet_reqsk_alloc() is used to allocate a temporary request
      in order to generate a SYNACK with a cookie. Then later,
      syncookie validation also uses a temporary request.
      
      These paths already took a reference on listener refcount,
      we can avoid a couple of atomic operations.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a1a5344d
    • Eric Dumazet's avatar
      net: use sk_fullsock() in __netdev_pick_tx() · 004a5d01
      Eric Dumazet authored
      SYN_RECV & TIMEWAIT sockets are not full blown, they do not have a
      sk_dst_cache pointer.
      
      Fixes: ca6fb065 ("tcp: attach SYNACK messages to request sockets instead of listener")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      004a5d01
    • Eric Dumazet's avatar
      ipv6: inet6_sk() should use sk_fullsock() · e7eadb4d
      Eric Dumazet authored
      SYN_RECV & TIMEWAIT sockets are not full blown, they do not have a pinet6
      pointer.
      
      Fixes: ca6fb065 ("tcp: attach SYNACK messages to request sockets instead of listener")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e7eadb4d
    • Eric Dumazet's avatar
      inet: ip_skb_dst_mtu() should use sk_fullsock() · caf3f267
      Eric Dumazet authored
      SYN_RECV & TIMEWAIT sockets are not full blown,
      do not even try to call ip_sk_use_pmtu() on them.
      
      Fixes: ca6fb065 ("tcp: attach SYNACK messages to request sockets instead of listener")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      caf3f267
    • Eric Dumazet's avatar
      tcp: fix fastopen races vs lockless listener · 7656d842
      Eric Dumazet authored
      There are multiple races that need fixes :
      
      1) skb_get() + queue skb + kfree_skb() is racy
      
      An accept() can be done on another cpu, data consumed immediately.
      tcp_recvmsg() uses __kfree_skb() as it is assumed all skb found in
      socket receive queue are private.
      
      Then the kfree_skb() in tcp_rcv_state_process() uses an already freed skb
      
      2) tcp_reqsk_record_syn() needs to be done before tcp_try_fastopen()
      for the same reasons.
      
      3) We want to send the SYNACK before queueing child into accept queue,
      otherwise we might reintroduce the ooo issue fixed in
      commit 7c85af88 ("tcp: avoid reorders for TFO passive connections")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7656d842
  2. 04 Oct, 2015 23 commits