- 31 Jul, 2020 34 commits
-
-
David S. Miller authored
Florian Westphal says: ==================== mptcp: add syncookie support Changes in v2: - first patch renames req->ts_cookie to req->syncookie instead of removing ts_cookie member. - patch to add 'want_cookie' arg to init_req() functions has been dropped. All users of that arg were changed to check 'req->syncookie' instead. v1 cover letter: When syn-cookies are used the SYN?ACK never contains a MPTCP option, because the code path that creates a request socket based on a valid cookie ACK lacks the needed changes to construct MPTCP request sockets. After this series, if SYN carries MP_CAPABLE option, the option is not cleared anymore and request socket will be reconstructed using the MP_CAPABLE option data that is re-sent with the ACK. This means that no additional state gets encoded into the syn cookie or the TCP timestamp. There are two caveats for SYN-Cookies with MPTCP: 1. When syn-cookies are used, the server-generated key is not stored. The drawback is that the next connection request that comes in before the cookie-ACK has a small chance that it will generate the same local_key. If this happens, the cookie ACK that comes in second will (re)compute the token hash and then detects that this is already in use. Unlike normal case, where the server will pick a new key value and then re-tries, we can't do that because we already committed to the key value (it was sent to peer already). Im this case, MPTCP cannot be used and late TCP fallback happens. 2). SYN packets with a MP_JOIN requests cannot be handled without storing state. This is because the SYN contains a nonce value that is needed to verify the HMAC of the MP_JOIN ACK that completes the three-way handshake. Also, a local nonce is generated and used in the cookie SYN/ACK. There are only 2 ways to solve this: a) Do not support JOINs when cookies are in effect. b) Store the nonces somewhere. The approach chosen here is b). Patch 8 adds a fixed-size (1024 entries) state table to store the information required to validate the MP_JOIN ACK and re-build the request socket. State gets stored when syn-cookies are active and the token in the JOIN request referred to an established MPTCP connection that can also accept a new subflow. State is restored if the ACK cookie is valid, an MP_JOIN option is present and the state slot contains valid data from a previous SYN. After the request socket has been re-build, normal HMAC check is done just as without syn cookies. Largely identical to last RFC, except patch #8 which follows Paolos suggestion to use a private table storage area rather than keeping request sockets around. This also means I dropped the patch to remove const qualifier from sk_listener pointers. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
Also add test cases with MP_JOIN when tcp_syncookies sysctl is 2 (i.e., syncookies are always-on). While at it, also print the test number and add the test number to the pcap files that can be generated optionally. This makes it easier to match the pcap to the test case. Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
check we can establish connections also when syn cookies are in use. Check that MPTcpExtMPCapableSYNRX and MPTcpExtMPCapableACKRX increase for each MPTCP test. Check TcpExtSyncookiesSent and TcpExtSyncookiesRecv increase in netns2. Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
JOIN requests do not work in syncookie mode -- for HMAC validation, the peers nonce and the mptcp token (to obtain the desired connection socket the join is for) are required, but this information is only present in the initial syn. So either we need to drop all JOIN requests once a listening socket enters syncookie mode, or we need to store enough state to reconstruct the request socket later. This adds a state table (1024 entries) to store the data present in the MP_JOIN syn request and the random nonce used for the cookie syn/ack. When a MP_JOIN ACK passed cookie validation, the table is consulted to rebuild the request socket from it. An alternate approach would be to "cancel" syn-cookie mode and force MP_JOIN to always use a syn queue entry. However, doing so brings the backlog over the configured queue limit. v2: use req->syncookie, not (removed) want_cookie arg Suggested-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
If SYN packet contains MP_CAPABLE option, keep it enabled. Syncokie validation and cookie-based socket creation is changed to instantiate an mptcp request sockets if the ACK contains an MPTCP connection request. Rather than extend both cookie_v4/6_check, add a common helper to create the (mp)tcp request socket. Suggested-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
Will be used to initialize the mptcp request socket when a MP_CAPABLE request was handled in syncookie mode, i.e. when a TCP ACK containing a MP_CAPABLE option is a valid syncookie value. Normally (non-cookie case), MPTCP will generate a unique 32 bit connection ID and stores it in the MPTCP token storage to be able to retrieve the mptcp socket for subflow joining. In syncookie case, we do not want to store any state, so just generate the unique ID and use it in the reply. This means there is a small window where another connection could generate the same token. When Cookie ACK comes back, we check that the token has not been registered in the mean time. If it was, the connection needs to fall back to TCP. Changes in v2: - use req->syncookie instead of passing 'want_cookie' arg to ->init_req() (Eric Dumazet) Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
syncookie code path needs to create an mptcp request sock. Prepare for this and add mptcp prefix plus needed export of ops struct. Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
When syncookie support is added, we will need to add a variant of subflow_init_req() helper. It will do almost same thing except that it will not compute/add a token to the mptcp token tree. To avoid excess copy&paste, this commit splits away part of the code into a new helper, __subflow_init_req, that can then be re-used from the 'no insert' function added in a followup change. Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
Once syncookie support is added, no state will be stored anymore when the syn/ack is generated in syncookie mode. When the ACK comes back, the generated key will be taken from the TCP ACK, the token is re-generated and inserted into the token tree. This means we can't retry with a new key when the token is already taken in the syncookie case. Therefore, move the retry logic to the caller to prepare for syncookie support in mptcp. Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
Nowadays output function has a 'synack_type' argument that tells us when the syn/ack is emitted via syncookies. The request already tells us when timestamps are supported, so check both to detect special timestamp for tcp option encoding is needed. We could remove cookie_ts altogether, but a followup patch would otherwise need to adjust function signatures to pass 'want_cookie' to mptcp core. This way, the 'existing' bit can be used. Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gustavo A. R. Silva authored
Make use of the struct_size() helper, in multiple places, instead of an open-coded version in order to avoid any potential type mistakes and protect against potential integer overflows. Also, remove unnecessary object identifier size. Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andy Shevchenko authored
Convert to %pM instead of using custom code. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andy Shevchenko authored
Convert to %pM instead of using custom code. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andy Shevchenko authored
Convert to %pM instead of using custom code. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Julian Wiedmann says: ==================== s390/qeth: updates 2020-07-30 please apply the following patch series for qeth to netdev's net-next tree. This primarily brings some modernization to the RX path, laying the groundwork for smarter RX refill policies. Some of the patches are tagged as fixes, but really target only rare / theoretical issues. So given where we are in the release cycle and that we touch the main RX path, taking them through net-next seems more appropriate. ==================== Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
The (misplaced) comment doesn't make any sense, enforcing an uninitialized RX buffer won't help with IRQ reduction. So make the best use of all available RX buffers. Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
Discard events that don't contain any entries. This shouldn't happen, but subsequent code relies on being able to use entry 0. So better be safe than accessing garbage. Fixes: b4d72c08 ("qeth: bridgeport support - basic control") Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Reviewed-by: Alexandra Winter <wintera@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
Running a RX refill outside of NAPI context is inherently racy, even though the worker is only started for an entirely idle RX ring. >From the moment that the worker has replenished parts of the RX ring, the HW can use those RX buffers, raise an IRQ and cause our NAPI code to run concurrently to the RX refill worker. Instead let the worker schedule our NAPI instance, and refill the RX ring from there. Keeping accurate count of how many buffers still need to be refilled also removes some quirky arithmetic from the low-level code. Fixes: b3332930 ("qeth: add support for af_iucv HiperSockets transport") Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Wiedmann authored
When preparing a buffer for RX refill, tolerate that it already has a pool_entry attached. Otherwise we could easily leak such a pool_entry when re-driving the RX refill after an error (from eg. do_qdio()). This needs some minor adjustment in the code that drains RX buffer(s) prior to RX refill and during teardown, so that ->pool_entry is NULLed accordingly. Fixes: 4a71df50 ("qeth: new qeth device driver") Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Miaohe Lin authored
When we don't care about vlan depth, we could pass NULL instead of the address of a unused local variable to skb_network_protocol() as a param. Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
net/bluetooth/sco.c: In function ‘sco_sock_setsockopt’: net/bluetooth/sco.c:862:3: error: cannot convert to a pointer type 862 | if (get_user(opt, (u32 __user *)optval)) { | ^~ Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2020-07-31 Here's the main bluetooth-next pull request for 5.9: - Fix firmware filenames for Marvell chipsets - Several suspend-related fixes - Addedd mgmt commands for runtime configuration - Multiple fixes for Qualcomm-based controllers - Add new monitoring feature for mgmt - Fix handling of legacy cipher (E4) together with security level 4 - Add support for Realtek 8822CE controller - Fix issues with Chinese controllers using fake VID/PID values - Multiple other smaller fixes & improvements ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
The flag CRYPTO_ALG_INTERNAL is not meant to be used outside of the Crypto API. It isn't needed here anyway. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
Marcel Holtmann authored
Increment the mgmt revision due to the recently added new commands. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
Alain Michaud authored
When an LE connection is requested and an RPA update is needed via hci_connect_le_scan, the default scanning parameters are used rather than the connect parameters. This leads to significant delays in the connection establishment process when using lower duty cycle scanning parameters. The patch simply looks at the pended connection list when trying to determine which scanning parameters should be used. Before: < HCI Command: LE Set Extended Scan Parameters (0x08|0x0041) plen 8 #378 [hci0] 1659.247156 Own address type: Public (0x00) Filter policy: Ignore not in white list (0x01) PHYs: 0x01 Entry 0: LE 1M Type: Passive (0x00) Interval: 367.500 msec (0x024c) Window: 37.500 msec (0x003c) After: < HCI Command: LE Set Extended Scan Parameters (0x08|0x0041) plen 8 #39 [hci0] 7.422109 Own address type: Public (0x00) Filter policy: Ignore not in white list (0x01) PHYs: 0x01 Entry 0: LE 1M Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 60.000 msec (0x0060) Signed-off-by: Alain Michaud <alainm@chromium.org> Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org> Reviewed-by: Yu Liu <yudiliu@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Wang Hai authored
platform_get_resource() may fail and return NULL, so we had better check its return value to avoid a NULL pointer dereference a bit later in the code. Fix it to use devm_platform_ioremap_resource_byname() instead of calling platform_get_resource_byname() and devm_ioremap(). Fixes: 8425c41d ("net: ll_temac: Extend support to non-device-tree platforms") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Vaibhav Gupta says: ==================== net: ethernet: use generic power management Linux Kernel Mentee: Remove Legacy Power Management. The purpose of this patch series is to upgrade power management in net ethernet drivers. This has been done by upgrading .suspend() and .resume() callbacks. The upgrade makes sure that the involvement of PCI Core does not change the order of operations executed in a driver. Thus, does not change its behavior. In general, drivers with legacy PM, .suspend() and .resume() make use of PCI helper functions like pci_enable/disable_device_mem(), pci_set_power_state(), pci_save/restore_state(), pci_enable/disable_device(), etc. to complete their job. The conversion requires the removal of those function calls, change the callbacks' definition accordingly and make use of dev_pm_ops structure. All patches are compile-tested only. Test tools: - Compiler: gcc (GCC) 10.1.0 - allmodconfig build: make -j$(nproc) W=1 all ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vaibhav Gupta authored
Drivers using legacy power management .suspen()/.resume() callbacks have to manage PCI states and device's PM states themselves. They also need to take care of standard configuration registers. Switch to generic power management framework using a single "struct dev_pm_ops" variable to take the unnecessary load from the driver. This also avoids the need for the driver to directly call most of the PCI helper functions and device power state control functions, as through the generic framework PCI Core takes care of the necessary operations, and drivers are required to do only device-specific jobs. Signed-off-by: Vaibhav Gupta <vaibhavgupta40@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vaibhav Gupta authored
Drivers using legacy power management .suspen()/.resume() callbacks have to manage PCI states and device's PM states themselves. They also need to take care of standard configuration registers. Switch to generic power management framework using a single "struct dev_pm_ops" variable to take the unnecessary load from the driver. This also avoids the need for the driver to directly call most of the PCI helper functions and device power state control functions, as through the generic framework PCI Core takes care of the necessary operations, and drivers are required to do only device-specific jobs. Signed-off-by: Vaibhav Gupta <vaibhavgupta40@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vaibhav Gupta authored
Drivers using legacy power management .suspen()/.resume() callbacks have to manage PCI states and device's PM states themselves. They also need to take care of standard configuration registers. Switch to generic power management framework using a single "struct dev_pm_ops" variable to take the unnecessary load from the driver. This also avoids the need for the driver to directly call most of the PCI helper functions and device power state control functions, as through the generic framework PCI Core takes care of the necessary operations, and drivers are required to do only device-specific jobs. Signed-off-by: Vaibhav Gupta <vaibhavgupta40@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Li Heng authored
Fixes coccicheck warning: ./drivers/net/ethernet/broadcom/bnxt/bnxt.c:3730:19-37: WARNING: dma_alloc_coherent use in stats -> hw_stats already zeroes out memory, so memset is not needed dma_alloc_coherent use in status already zeroes out memory, so memset is not needed Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Li Heng <liheng40@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wang Hai authored
The size of struct octeon_dispatch is too small, it is better to use kmalloc instead of vmalloc. Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gustavo A. R. Silva authored
Make use of the flex_array_size() helper to calculate the size of a flexible array member within an enclosing structure. This helper offers defense-in-depth against potential integer overflows, while at the same time makes it explicitly clear that we are dealing with a flexible array member. Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gustavo A. R. Silva authored
Make use of the flex_array_size() helper to calculate the size of a flexible array member within an enclosing structure. This helper offers defense-in-depth against potential integer overflows, while at the same time makes it explicitly clear that we are dealing witha flexible array member. Also, remove unnecessary pointer identifier sub_pool. Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Tested-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 30 Jul, 2020 6 commits
-
-
YueHaibing authored
Remove duplicated include. Signed-off-by: YueHaibing <yuehaibing@huawei.com> Acked-by: Edward Cree <ecree@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Min Li authored
With 4.8.7 firmware, adjtime can change delta instead of absolute time, which greately increases snap accuracy. PPS alignment doesn't have to be set for every single TOD change. Other minor changes includes: adding more debug logs, increasing snap accuracy for pre 4.8.7 firmware and supporting new tcs2bin format. Signed-off-by: Min Li <min.li.xe@renesas.com> Acked-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Tom Parkin says: ==================== l2tp: tidy up l2tp core API This short series makes some minor tidyup changes to the L2TP core API. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tom Parkin authored
* Improve the description of the key l2tp subsystem data structures. * Add high-level description of the main APIs for interacting with l2tp core. * Add documentation for the l2tp netlink session command callbacks. * Document the session pseudowire callbacks. Signed-off-by: Tom Parkin <tparkin@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tom Parkin authored
All of the l2tp subsystem's exported symbols are exported using EXPORT_SYMBOL_GPL, except for l2tp_recv_common and l2tp_ioctl. These functions alone are not useful without the rest of the l2tp infrastructure, so there's no practical benefit to these symbols using a different export policy. Change these exports to use EXPORT_SYMBOL_GPL for consistency with the rest of l2tp. Signed-off-by: Tom Parkin <tparkin@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tom Parkin authored
The structure of an L2TP data packet header varies depending on the version of the L2TP protocol being used. struct l2tp_session used to have a build_header callback to abstract this difference away. It's clearer to simply choose the correct function to use when building the data packet (and we save on the function pointer in the session structure). This approach does mean dereferencing the parent tunnel structure in order to determine the tunnel version, but we're doing that in the transmit path in any case. Signed-off-by: Tom Parkin <tparkin@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-