Re: [PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

On Thu, Aug 31, 2017 at 7:05 PM, Alexei Starovoitov wrote: > On Thu, Aug 31, 2017 at 01:56:34PM -0700, Chenbo Feng wrote: >> From: Chenbo Feng >> >> Introduce a pointer into struct bpf_map to hold the security information >> about the map. The

RE: netdev carrier changes is one even after ethernet link up.

Thanks for responding. Now responding inline > -Original Message- > From: Florian Fainelli [mailto:f.faine...@gmail.com] > Sent: Friday, September 01, 2017 5:53 AM > To: Bhadram Varka ; and...@lunn.ch > Cc: linux-netdev > Subject: Re: netdev

RE: netdev carrier changes is one even after ethernet link up.

Thanks for responding. -Original Message- From: Florian Fainelli [mailto:f.faine...@gmail.com] Sent: Friday, September 01, 2017 5:53 AM To: Bhadram Varka ; and...@lunn.ch Cc: linux-netdev Subject: Re: netdev carrier changes is one even after

Re: [PATCH 13/31] timer: Remove meaningless .data/.function assignments

On Thu, Aug 31, 2017 at 04:29:25PM -0700, Kees Cook wrote: > Several timer users needlessly reset their .function/.data fields during > their timer callback, but nothing else changes them. Some users do not > use their .data field at all. Each instance is removed here. > > Cc: Krzysztof Halasa

Re: [PATCH v3 net-next 0/7] bpf: Add option to set mark and priority in cgroup sock programs

From: David Ahern Date: Thu, 31 Aug 2017 15:05:43 -0700 > Add option to set mark and priority in addition to bound device for newly > created sockets. Also, allow the bpf programs to use the get_current_uid_gid > helper meaning socket marks, priority and device can be set

[PATCH] net: ethernet: ibm-emac: Add 5482 PHY init for OpenBlocks 600

The vendor patches initialize those registers to get the PHY working properly. Sadly I don't have that PHY spec and whatever Broadcom PHY code we already have don't seem to document these two shadow registers (unless I miscalculated the address) so I'm keeping this as "vendor magic for that

Re: [RFC net-next 0/8] net: dsa: Multi-queue awareness

On 08/31/2017 05:05 PM, Andrew Lunn wrote: > On Wed, Aug 30, 2017 at 05:18:44PM -0700, Florian Fainelli wrote: >> This patch series is sent as reference, especially because the last patch >> is trying not to be creating too many layer violations, but clearly there >> are a little bit being

Re: [RFC net-next 1/8] net: dsa: Allow switch drivers to indicate number of RX/TX queues

On 08/31/2017 04:44 PM, Andrew Lunn wrote: > On Wed, Aug 30, 2017 at 05:18:45PM -0700, Florian Fainelli wrote: >> Let switch drivers indicate how many RX and TX queues they support. Some >> switches, such as Broadcom Starfighter 2 are resigned with 8 egress >> queues. > > Marvell switches also

[RFC] tools: selftests: psock_tpacket: skip un-supported tpacket_v3 test

The TPACKET_V3 test of PACKET_TX_RING will fail with kernel version lower than v4.11. Supported code of tx ring was add with commit id <7f953ab2ba46: af_packet: TX_RING support for TPACKET_V3> at Jan. 3 of 2017. So skip this item test instead of reporting failing for old kernels. Signed-off-by:

Re: virtio_net: ethtool supported link modes

On 2017年09月01日 01:04, Radu Rendec wrote: Hello, Looking at the code in virtnet_set_link_ksettings, it seems the speed and duplex can be set to any valid value. The driver will "remember" them and report them back in virtnet_get_link_ksettings. However, the supported link modes

Re: [PATCH net-next] doc: document MSG_ZEROCOPY

On Thu, Aug 31, 2017 at 11:10 PM, Alexei Starovoitov wrote: > On Thu, Aug 31, 2017 at 11:04:41PM -0400, Willem de Bruijn wrote: >> On Thu, Aug 31, 2017 at 10:10 PM, Alexei Starovoitov >> wrote: >> > On Thu, Aug 31, 2017 at 05:00:13PM

Re: [PATCH v2 net-next 1/8] bpf: Add support for recursively running cgroup sock filters

On Thu, Aug 31, 2017 at 07:22:01AM -0700, Tejun Heo wrote: > Hello, David, Alexei. > > Sorry about late reply. > > On Sun, Aug 27, 2017 at 08:49:23AM -0600, David Ahern wrote: > > On 8/25/17 8:49 PM, Alexei Starovoitov wrote: > > > > > >> +if (prog && curr_recursive && !new_recursive) >

Re: [PATCH net-next] virtio-net: invoke zerocopy callback on xmit path if no tx napi

On 2017年08月31日 22:30, Willem de Bruijn wrote: Incomplete results at this stage, but I do see this correlation between flows. It occurs even while not running out of zerocopy descriptors, which I cannot yet explain. Running two threads in a guest, each with a udp socket, each sending up to 100

Re: [PATCH net-next] doc: document MSG_ZEROCOPY

On Thu, Aug 31, 2017 at 11:04:41PM -0400, Willem de Bruijn wrote: > On Thu, Aug 31, 2017 at 10:10 PM, Alexei Starovoitov > wrote: > > On Thu, Aug 31, 2017 at 05:00:13PM -0400, Willem de Bruijn wrote: > >> From: Willem de Bruijn > >> > >>

Re: [PATCH net-next] virtio-net: invoke zerocopy callback on xmit path if no tx napi

On 2017年08月30日 11:11, Willem de Bruijn wrote: On Tue, Aug 29, 2017 at 9:45 PM, Jason Wang wrote: On 2017年08月30日 03:35, Willem de Bruijn wrote: On Fri, Aug 25, 2017 at 9:03 PM, Willem de Bruijn wrote: On Fri, Aug 25, 2017 at 7:32 PM,

Re: [PATCH net-next] doc: document MSG_ZEROCOPY

On Thu, Aug 31, 2017 at 10:10 PM, Alexei Starovoitov wrote: > On Thu, Aug 31, 2017 at 05:00:13PM -0400, Willem de Bruijn wrote: >> From: Willem de Bruijn >> >> Documentation for this feature was missing from the patchset. >> Copied a lot from the

Re: [PATCH net-next v5 2/2] tcp_diag: report TCP MD5 signing keys and addresses

On Thu, 2017-08-31 at 09:59 -0700, Ivan Delalande wrote: > Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to > processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is > not possible to retrieve these from the kernel once they have been > configured on

Re: [PATCH net-next v5 1/2] inet_diag: allow protocols to provide additional data

On Thu, 2017-08-31 at 09:59 -0700, Ivan Delalande wrote: > Extend inet_diag_handler to allow individual protocols to report > additional data on INET_DIAG_INFO through idiag_get_aux. The size > can be dynamic and is computed by idiag_get_aux_size. > > Signed-off-by: Ivan Delalande

Re: [PATCH] bnx2x: drop packets where gso_size is too big for hardware

Eric Dumazet writes: > If you had this test in bnx2x_features_check(), packet could be > segmented by core networking stack before reaching bnx2x_start_xmit() by > clearing NETIF_F_GSO_MASK > > -> No drop would be involved. Thanks for the pointer - networking code is all

RE: [RFC PATCH] net: frag limit checks need to use percpu_counter_compare

Best Regards, liujian > -Original Message- > From: Michal Kubecek [mailto:mkube...@suse.cz] > Sent: Friday, September 01, 2017 12:24 AM > To: Jesper Dangaard Brouer > Cc: liujian (CE); netdev@vger.kernel.org; Florian Westphal > Subject: Re: [RFC PATCH] net: frag limit checks need to

Re: [PATCH net-next] doc: document MSG_ZEROCOPY

On Thu, Aug 31, 2017 at 05:00:13PM -0400, Willem de Bruijn wrote: > From: Willem de Bruijn > > Documentation for this feature was missing from the patchset. > Copied a lot from the netdev 2.1 paper, addressing some small > interface changes since then. > > Signed-off-by:

Re: [PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

On Thu, Aug 31, 2017 at 01:56:34PM -0700, Chenbo Feng wrote: > From: Chenbo Feng > > Introduce a pointer into struct bpf_map to hold the security information > about the map. The actual security struct varies based on the security > models implemented. Place the LSM hooks

Re: [PATCH v3 net-next 6/7] samples/bpf: Update cgrp2 socket tests

On Thu, Aug 31, 2017 at 03:05:49PM -0700, David Ahern wrote: > Update cgrp2 bpf sock tests to check that device, mark and priority > can all be set on a socket via bpf programs attached to a cgroup. > > Signed-off-by: David Ahern Acked-by: Alexei Starovoitov

Re: [PATCH v3 net-next 7/7] samples/bpf: Update cgroup socket examples to use uid gid helper

On Thu, Aug 31, 2017 at 03:05:50PM -0700, David Ahern wrote: > Signed-off-by: David Ahern Acked-by: Alexei Starovoitov

Re: [PATCH v3 net-next 5/7] samples/bpf: Add option to dump socket settings

On Thu, Aug 31, 2017 at 03:05:48PM -0700, David Ahern wrote: > Add option to dump socket settings. Will be used in the next patch > to verify bpf programs are correctly setting mark, priority and > device based on the cgroup attachment for the program run. > > Signed-off-by: David Ahern

Re: [PATCH v3 net-next 4/7] samples/bpf: Add detach option to test_cgrp2_sock

On Thu, Aug 31, 2017 at 03:05:47PM -0700, David Ahern wrote: > Add option to detach programs from a cgroup. > > Signed-off-by: David Ahern Acked-by: Alexei Starovoitov

Re: [PATCH v3 net-next 3/7] samples/bpf: Update sock test to allow setting mark and priority

On Thu, Aug 31, 2017 at 03:05:46PM -0700, David Ahern wrote: > Update sock test to set mark and priority on socket create. > > Signed-off-by: David Ahern Acked-by: Alexei Starovoitov

[RFC iproute2 1/2] update headers with CBS API [RFC]

Signed-off-by: Vinicius Costa Gomes --- include/linux/pkt_sched.h | 29 + 1 file changed, 29 insertions(+) diff --git a/include/linux/pkt_sched.h b/include/linux/pkt_sched.h index 099bf552..ba6c9a54 100644 --- a/include/linux/pkt_sched.h +++

[RFC iproute2 2/2] tc: Add support for the CBS qdisc

The Credit Based Shaper (CBS) queueing discipline allows bandwidth reservation with sub-milisecond precision. It is defined by the 802.1Q-2014 specification (section 8.6.8.2 and Annex L). The syntax is: tc qdisc add dev DEV parent NODE cbs locredit hicredit sendslope idleslope

[RFC net-next 5/5] samples/tsn: Add script for calculating CBS config

From: Andre Guedes Add a script that takes as input the parameters of the Credit-based shaper used on FQTSS - link rate, max frame size of best effort traffic, idleslope and maximum frame size of the time-sensitive traffic class - for SR classes A and B, and calculates

[RFC net-next 4/5] sample: Add TSN Talker and Listener examples

From: Jesus Sanchez-Palencia Add two examples so one can easily test a 'TSN distributed system' running with standard kernel interfaces. Both 'talker' and 'listener' sides are provided, and use a AF_PACKET for Tx / Rx of frames. Running the examples is rather

[RFC net-next 0/5] TSN: Add qdisc-based config interfaces for traffic shapers

Hi, This patchset is an RFC on a proposal of how the Traffic Control subsystem can be used to offload the configuration of traffic shapers into network devices that provide support for them in HW. Our goal here is to start upstreaming support for features related to the Time-Sensitive Networking

[RFC net-next 1/5] net/sched: Introduce the user API for the CBS shaper

Export the API necessary for configuring the CBS shaper (implemented in the next patch) via the tc tool. Signed-off-by: Vinicius Costa Gomes --- include/uapi/linux/pkt_sched.h | 29 + 1 file changed, 29 insertions(+) diff --git

[RFC net-next 2/5] net/sched: Introduce Credit Based Shaper (CBS) qdisc

This queueing discipline implements the shaper algorithm defined by the 802.1Q-2014 Section 8.6.8.2 and detailed in Annex L. It's primary usage is to apply some bandwidth reservation to user defined traffic classes, which are mapped to different queues via the mqprio qdisc. Initially, it only

[RFC net-next 3/5] igb: Add support for CBS offload

From: Andre Guedes This patch adds support for Credit-Based Shaper (CBS) qdisc offload from Traffic Control system. This support enable us to leverage the Forwarding and Queuing for Time-Sensitive Streams (FQTSS) features from Intel i210 Ethernet Controller. FQTSS is the

Re: [PATCH 31/31] timer: Switch to testing for .function instead of .data

On Thu, Aug 31, 2017 at 4:59 PM, Kees Cook wrote: > On Thu, Aug 31, 2017 at 4:45 PM, Dmitry Torokhov > wrote: >> On Thu, Aug 31, 2017 at 4:29 PM, Kees Cook wrote: >>> In several places, .data is checked for initialization

Re: [PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

On Thu, Aug 31, 2017 at 3:38 PM, Daniel Borkmann wrote: > On 08/31/2017 10:56 PM, Chenbo Feng wrote: >> >> From: Chenbo Feng >> >> Introduce a pointer into struct bpf_map to hold the security information >> about the map. The actual security struct varies

Re: [PATCH 19/31] timer: Remove open-coded casts for .data and .function

On 08/31/2017 04:29 PM, Kees Cook wrote: > This standardizes the callback and data prototypes in several places that > perform casting, in an effort to remove more open-coded .data and > .function uses in favor of setup_timer(). > > Cc: Samuel Ortiz > Cc: Tyrel Datwyler

Re: [PATCH 19/31] timer: Remove open-coded casts for .data and .function

On 08/31/2017 04:29 PM, Kees Cook wrote: > This standardizes the callback and data prototypes in several places that > perform casting, in an effort to remove more open-coded .data and > .function uses in favor of setup_timer(). > > Cc: Samuel Ortiz > Cc: Tyrel Datwyler

Re: netdev carrier changes is one even after ethernet link up.

On 08/30/2017 10:53 PM, Bhadram Varka wrote: > Hi, > > > > I have observed that carrier_changes is one even in case of the ethernet > link is up. > > > > After investigating the code below is my observation – > > > > ethernet_driver_probe() > > +--->phy_connect() > > |

Re: [PATCH net-next v5 2/2] tcp_diag: report TCP MD5 signing keys and addresses

On Fri, Sep 01, 2017 at 01:26:33AM +0200, Sabrina Dubroca wrote: > 2017-08-31, 09:59:39 -0700, Ivan Delalande wrote: > > diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c > > index a748c74aa8b7..abbf0edcf6c2 100644 > > --- a/net/ipv4/tcp_diag.c > > +++ b/net/ipv4/tcp_diag.c > [...] > >

Re: [PATCH v2 net-next 0/2] net: ubuf_info.refcnt conversion

On Thu, 2017-08-31 at 16:48 -0700, Eric Dumazet wrote: > Yet another atomic_t -> refcount_t conversion, split in two patches. > > First patch prepares the automatic conversion done in the second patch. > > Eric Dumazet (2): > net: prepare (struct ubuf_info)->refcnt conversion > net: convert

Re: [RFC net-next 0/8] net: dsa: Multi-queue awareness

On Wed, Aug 30, 2017 at 05:18:44PM -0700, Florian Fainelli wrote: > This patch series is sent as reference, especially because the last patch > is trying not to be creating too many layer violations, but clearly there > are a little bit being created here anyways. > > Essentially what I am trying

Re: [PATCH 31/31] timer: Switch to testing for .function instead of .data

On Thu, Aug 31, 2017 at 4:45 PM, Dmitry Torokhov wrote: > On Thu, Aug 31, 2017 at 4:29 PM, Kees Cook wrote: >> In several places, .data is checked for initialization to gate early >> calls to del_timer_sync(). Checking for .function is equally

Re: [PATCH v2 net-next 2/2] net: convert (struct ubuf_info)->refcnt to refcount_t

On Thu, Aug 31, 2017 at 7:48 PM, Eric Dumazet wrote: > refcount_t type and corresponding API should be > used instead of atomic_t when the variable is used as > a reference counter. This allows to avoid accidental > refcounter overflows that might lead to use-after-free >

Re: [PATCH v2 net-next 1/2] net: prepare (struct ubuf_info)->refcnt conversion

On Thu, Aug 31, 2017 at 7:48 PM, Eric Dumazet wrote: > In order to convert this atomic_t refcnt to refcount_t, > we need to init the refcount to one to not trigger > a 0 -> 1 transition. > > This also removes one atomic operation in fast path. > > v2: removed dead code in

[PATCH v2 net-next 1/2] net: prepare (struct ubuf_info)->refcnt conversion

In order to convert this atomic_t refcnt to refcount_t, we need to init the refcount to one to not trigger a 0 -> 1 transition. This also removes one atomic operation in fast path. v2: removed dead code in sock_zerocopy_put_abort() as suggested by Willem. Signed-off-by: Eric Dumazet

[PATCH 25/31] net/atm/mpc: Use separate static data field with with static timer

In preparation for changing the timer callback argument to the timer pointer, move to a separate static data variable. Cc: "David S. Miller" Cc: Andrew Morton Cc: Alexey Dobriyan Cc: "Reshetova, Elena"

[PATCH v2 net-next 2/2] net: convert (struct ubuf_info)->refcnt to refcount_t

refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. v2: added the change in drivers/vhost/net.c as spotted by Willem.

[PATCH v2 net-next 0/2] net: ubuf_info.refcnt conversion

Yet another atomic_t -> refcount_t conversion, split in two patches. First patch prepares the automatic conversion done in the second patch. Eric Dumazet (2): net: prepare (struct ubuf_info)->refcnt conversion net: convert (struct ubuf_info)->refcnt to refcount_t drivers/vhost/net.c|

Re: [PATCH 31/31] timer: Switch to testing for .function instead of .data

On Thu, Aug 31, 2017 at 4:29 PM, Kees Cook wrote: > In several places, .data is checked for initialization to gate early > calls to del_timer_sync(). Checking for .function is equally valid, so > switch to this in all callers. Not seeing the rest of patches it is unclear

Re: [PATCH net] ipv4: Don't override return code from ip_route_input_noref()

2017-08-31, 18:11:41 +0200, Stefano Brivio wrote: > After ip_route_input() calls ip_route_input_noref(), another > check on skb_dst() is done, but if this fails, we shouldn't > override the return code from ip_route_input_noref(), as it > could have been more specific (i.e. -EHOSTUNREACH). > >

Re: [RFC net-next 1/8] net: dsa: Allow switch drivers to indicate number of RX/TX queues

On Wed, Aug 30, 2017 at 05:18:45PM -0700, Florian Fainelli wrote: > Let switch drivers indicate how many RX and TX queues they support. Some > switches, such as Broadcom Starfighter 2 are resigned with 8 egress > queues. Marvell switches also have egress queue. Does the SF2 have ingress queues?

[PATCH 20/31] net/core: Collapse redundant sk_timer callback data assignments

The core sk_timer initializer can provide the common .data assignment instead of it being set separately in users. Cc: "David S. Miller" Cc: Ralf Baechle Cc: Andrew Hendry Cc: Eric Dumazet Cc: Paolo Abeni

[PATCH 19/31] timer: Remove open-coded casts for .data and .function

This standardizes the callback and data prototypes in several places that perform casting, in an effort to remove more open-coded .data and .function uses in favor of setup_timer(). Cc: Samuel Ortiz Cc: Tyrel Datwyler Cc: Benjamin Herrenschmidt

[PATCH 30/31] appletalk: Remove unneeded synchronization

The use of del_timer_sync() will make sure a timer is not rescheduled. As such, there is no need to add external signals to kill timers. In preparation for switching the timer callback argument to the timer pointer, this drops the .data argument since it doesn't serve a meaningful purpose here.

[PATCH 31/31] timer: Switch to testing for .function instead of .data

In several places, .data is checked for initialization to gate early calls to del_timer_sync(). Checking for .function is equally valid, so switch to this in all callers. Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Len Brown Cc: Greg

[PATCH 13/31] timer: Remove meaningless .data/.function assignments

Several timer users needlessly reset their .function/.data fields during their timer callback, but nothing else changes them. Some users do not use their .data field at all. Each instance is removed here. Cc: Krzysztof Halasa Cc: Aditya Shankar Cc:

[RFC PATCH] net: Introduce a socket option to enable picking tx queue based on rx queue.

This patch introduces a new socket option SO_SYMMETRIC_QUEUES that can be used to enable symmetric tx and rx queues on a socket. This option is specifically useful for epoll based multi threaded workloads where each thread handles packets received on a single RX queue . In this model, we have

Re: [PATCH net-next v5 2/2] tcp_diag: report TCP MD5 signing keys and addresses

2017-08-31, 09:59:39 -0700, Ivan Delalande wrote: > diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c > index a748c74aa8b7..abbf0edcf6c2 100644 > --- a/net/ipv4/tcp_diag.c > +++ b/net/ipv4/tcp_diag.c [...] > +static int tcp_diag_get_aux(struct sock *sk, bool net_admin, > +

[PATCH net-next 0/2] netvsc: transparent VF related cleanups

The first gets rid of unnecessary ref counting, and second allows removing hv_netvsc driver even if VF present. Stephen Hemminger (2): netvsc: cleanup datapath switch netvsc: allow driver to be removed even if VF is present drivers/net/hyperv/netvsc_drv.c | 55

[PATCH net-next 2/2] netvsc: allow driver to be removed even if VF is present

If VF is attached then can still allow netvsc driver module to be removed. Just have to make sure and do the cleanup. Also, avoid extra rtnl round trip when calling unregister. Signed-off-by: Stephen Hemminger --- drivers/net/hyperv/netvsc_drv.c | 17 +

[PATCH net-next 1/2] netvsc: cleanup datapath switch

Use one routine for datapath up/down. Don't need to reopen the rndis layer. Signed-off-by: Stephen Hemminger --- drivers/net/hyperv/netvsc_drv.c | 38 +++--- 1 file changed, 7 insertions(+), 31 deletions(-) diff --git

Re: [PATCH net-next 2/2] net: convert (struct ubuf_info)->refcnt to refcount_t

On Thu, 2017-08-31 at 18:45 -0400, Willem de Bruijn wrote: > On Thu, Aug 31, 2017 at 4:30 PM, Eric Dumazet wrote: > > refcount_t type and corresponding API should be > > used instead of atomic_t when the variable is used as > > a reference counter. This allows to avoid

Re: [PATCH net-next 2/2] net: convert (struct ubuf_info)->refcnt to refcount_t

On Thu, Aug 31, 2017 at 4:30 PM, Eric Dumazet wrote: > refcount_t type and corresponding API should be > used instead of atomic_t when the variable is used as > a reference counter. This allows to avoid accidental > refcounter overflows that might lead to use-after-free >

Re: [PATCH net-next] bridge: add tracepoint in br_fdb_update

On Thu, 31 Aug 2017 23:50:26 +0200 Jesper Dangaard Brouer wrote: > On Thu, 31 Aug 2017 11:43:25 -0700 (PDT) > David Miller wrote: > > > From: Roopa Prabhu > > Date: Wed, 30 Aug 2017 22:18:13 -0700 > > > > > From: Roopa

Re: [PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

On 08/31/2017 10:56 PM, Chenbo Feng wrote: From: Chenbo Feng Introduce a pointer into struct bpf_map to hold the security information about the map. The actual security struct varies based on the security models implemented. Place the LSM hooks before each of the unrestricted

Re: [PATCH net-next 1/2] net: prepare (struct ubuf_info)->refcnt conversion

On Thu, Aug 31, 2017 at 4:30 PM, Eric Dumazet wrote: > In order to convert this atomic_t refcnt to refcount_t, > we need to init the refcount to one to not trigger > a 0 -> 1 transition. > > This also removes one atomic operation in fast path. > > Signed-off-by: Eric Dumazet

[PATCH net-next 1/2] flow_dissector: Cleanup control flow

__skb_flow_dissect is riddled with gotos that make discerning the flow, debugging, and extending the capability difficult. This patch reorganizes things so that we only perform goto's after the two main switch statements (no gotos within the cases now). It also eliminates several goto labels so

[PATCH net-next 2/2] flow_dissector: Add limits for encapsulation and EH

In flow dissector there are no limits to the number of nested encapsulations that might be dissected which makes for a nice DOS attack. This patch limits for dissecting nested encapsulations as well as for dissecting over extension headers. Reported-by: Hannes Frederic Sowa

[PATCH net-next 0/2] flow_dissector: Flow dissector fixes

This patch set fixes some basic issues with __skb_flow_dissect function. Items addressed: - Cleanup control flow in the fucntion; in particular eliminate a bunch of goto's and implement a simplified control flow model - Add limits for number of encapsulations of extension headers that

Re: [PATCH v3 net-next 2/7] bpf: Allow cgroup sock filters to use get_current_uid_gid helper

On 09/01/2017 12:05 AM, David Ahern wrote: Allow BPF programs run on sock create to use the get_current_uid_gid helper. IPv4 and IPv6 sockets are created in a process context so there is always a valid uid/gid Signed-off-by: David Ahern Acked-by: Alexei Starovoitov

Re: [PATCH v3 net-next 1/7] bpf: Add mark and priority to sock options that can be set

On 09/01/2017 12:05 AM, David Ahern wrote: Add socket mark and priority to fields that can be set by ebpf program when a socket is created. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- include/uapi/linux/bpf.h | 2 ++ net/core/filter.c

Re: [PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

On Thu, Aug 31, 2017 at 2:17 PM, Mimi Zohar wrote: > On Thu, 2017-08-31 at 13:56 -0700, Chenbo Feng wrote: >> From: Chenbo Feng >> >> Introduce a pointer into struct bpf_map to hold the security information >> about the map. The actual security struct

[PATCH v3 net-next 3/7] samples/bpf: Update sock test to allow setting mark and priority

Update sock test to set mark and priority on socket create. Signed-off-by: David Ahern --- samples/bpf/test_cgrp2_sock.c | 134 - samples/bpf/test_cgrp2_sock.sh | 2 +- 2 files changed, 119 insertions(+), 17 deletions(-) diff --git

[PATCH v3 net-next 4/7] samples/bpf: Add detach option to test_cgrp2_sock

Add option to detach programs from a cgroup. Signed-off-by: David Ahern --- samples/bpf/test_cgrp2_sock.c | 50 ++- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/samples/bpf/test_cgrp2_sock.c

[PATCH v3 net-next 2/7] bpf: Allow cgroup sock filters to use get_current_uid_gid helper

Allow BPF programs run on sock create to use the get_current_uid_gid helper. IPv4 and IPv6 sockets are created in a process context so there is always a valid uid/gid Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- net/core/filter.c | 16

[PATCH v3 net-next 6/7] samples/bpf: Update cgrp2 socket tests

Update cgrp2 bpf sock tests to check that device, mark and priority can all be set on a socket via bpf programs attached to a cgroup. Signed-off-by: David Ahern --- samples/bpf/test_cgrp2_sock.sh | 162 +++-- 1 file changed, 124

[PATCH v3 net-next 7/7] samples/bpf: Update cgroup socket examples to use uid gid helper

Signed-off-by: David Ahern --- samples/bpf/sock_flags_kern.c | 5 + samples/bpf/test_cgrp2_sock.c | 12 +++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/samples/bpf/sock_flags_kern.c b/samples/bpf/sock_flags_kern.c index

[PATCH v3 net-next 5/7] samples/bpf: Add option to dump socket settings

Add option to dump socket settings. Will be used in the next patch to verify bpf programs are correctly setting mark, priority and device based on the cgroup attachment for the program run. Signed-off-by: David Ahern --- samples/bpf/test_cgrp2_sock.c | 75

[PATCH v3 net-next 1/7] bpf: Add mark and priority to sock options that can be set

Add socket mark and priority to fields that can be set by ebpf program when a socket is created. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov --- include/uapi/linux/bpf.h | 2 ++ net/core/filter.c| 26 ++ 2 files

[PATCH v3 net-next 0/7] bpf: Add option to set mark and priority in cgroup sock programs

Add option to set mark and priority in addition to bound device for newly created sockets. Also, allow the bpf programs to use the get_current_uid_gid helper meaning socket marks, priority and device can be set based on the uid/gid of the running process. Sample programs are updated to

Re: [PATCH net-next] bridge: add tracepoint in br_fdb_update

On Thu, 31 Aug 2017 11:43:25 -0700 (PDT) David Miller wrote: > From: Roopa Prabhu > Date: Wed, 30 Aug 2017 22:18:13 -0700 > > > From: Roopa Prabhu > > > > This extends bridge fdb table tracepoints to also cover > >

Re: [patch net-next repost 0/8] mlxsw: Add IPv6 host dpipe table

From: Jiri Pirko Date: Thu, 31 Aug 2017 17:59:11 +0200 > This patchset adds IPv6 host dpipe table support. This will provide the > ability to observe the hardware offloaded IPv6 neighbors. Series applied, thanks. I noticed while reviewing this we are pretty much split on how

Re: [PATCH net-next] net/ncsi: Define {add, kill}_vid callbacks for !CONFIG_NET_NCSI

On Thu, 2017-08-31 at 08:24 -0700, Vernon Mauery wrote: > +int ncsi_vlan_rx_add_vid(struct net_device *dev, __be16 proto, u16 vid) > > +{ > > + return -ENOTTY; > > +} > > +int ncsi_vlan_rx_kill_vid(struct net_device *dev, __be16 proto, u16 vid) > > +{ > > + return -ENOTTY; > > +} > >

Re: [PATCH net-next 7/8] net: hns3: add vlan filter config of Ports

From: Lipeng Date: Thu, 31 Aug 2017 21:39:08 +0800 > Config the self_define vlan_type as TPID(0x8100) for vlan identification. > When normal port initialize vlan configure, set default vlan id as 0. > > Signed-off-by: Mingguang Qu > Signed-off-by:

Re: [PATCH] ath9k: remove cast to void pointer

On Thu, 2017-08-31 at 18:37 +0530, Himanshu Jha wrote: > casting to void pointer from any pointer type and vice-versa is done > implicitly and therefore casting is not needed in such a case. You said you were going to remember to mention the tool and script that did this.

Re: [PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

On Thu, 2017-08-31 at 13:56 -0700, Chenbo Feng wrote: > From: Chenbo Feng > > Introduce a pointer into struct bpf_map to hold the security information > about the map. The actual security struct varies based on the security > models implemented. Place the LSM hooks before each

[PATCH net-next] doc: document MSG_ZEROCOPY

From: Willem de Bruijn Documentation for this feature was missing from the patchset. Copied a lot from the netdev 2.1 paper, addressing some small interface changes since then. Signed-off-by: Willem de Bruijn ---

Re: [PATCH v4 4/5] net: stmmac: dwmac-sun8i: choose internal PHY via phy-is-integrated

On Thu, Aug 31, 2017 at 03:18:03PM -0500, Rob Herring wrote: > On Sat, Aug 26, 2017 at 11:20:51PM +0200, Andrew Lunn wrote: > > Hi Corentin > > > > I think we have now all agreed this is an mdio-mux, plus it is also an > > MII mux. We should represent that in device tree. This patchset does > >

[PATCH 3/3] selinux: bpf: Implement the selinux checks for eBPF object

From: Chenbo Feng Introduce 5 new selinux checks for eBPF object related operations. The check is based on the ownership information of eBPF maps and the capability of creating eBPF object. Signed-off-by: Chenbo Feng --- security/selinux/hooks.c

[PATCH 2/3] security: bpf: Add eBPF LSM hooks and security field to eBPF map

From: Chenbo Feng Introduce a pointer into struct bpf_map to hold the security information about the map. The actual security struct varies based on the security models implemented. Place the LSM hooks before each of the unrestricted eBPF operations, the map_update_elem and

[PATCH 1/3] security: bpf: Add eBPF LSM hooks to security module

From: Chenbo Feng Introduce 5 LSM hooks to provide finer granularity controls on eBPF related operations including create eBPF maps, modify and read eBPF maps content and load eBPF programs to the kernel. Hooks use the new security pointer inside the eBPF map struct to store

[PATCH 0/3] Security: add lsm hooks for checking permissions on eBPF objects

From: Chenbo Feng Much like files and sockets, eBPF objects are accessed, controlled, and shared via a file descriptor (FD). Unlike files and sockets, the existing mechanism for eBPF object access control is very limited. Currently there are two options for granting accessing

Re: [PATCH v2 net-next 1/8] bpf: Add support for recursively running cgroup sock filters

On 8/31/17 8:22 AM, Tejun Heo wrote: > On Sun, Aug 27, 2017 at 08:49:23AM -0600, David Ahern wrote: >> On 8/25/17 8:49 PM, Alexei Starovoitov wrote: >>> + if (prog && curr_recursive && !new_recursive) + /* if a parent has recursive prog attached, only + * allow

Re: [PATCH][net-next] net: qualcomm: rmnet: remove unused variable priv

On 2017-08-31 08:07, Colin King wrote: From: Colin Ian King priv is being assigned but is never used, so remove it. Cleans up clang build warning: "warning: Value stored to 'priv' is never read" Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial

[PATCH net-next 2/2] net: convert (struct ubuf_info)->refcnt to refcount_t

refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Eric Dumazet ---

[PATCH net-next 1/2] net: prepare (struct ubuf_info)->refcnt conversion

In order to convert this atomic_t refcnt to refcount_t, we need to init the refcount to one to not trigger a 0 -> 1 transition. This also removes one atomic operation in fast path. Signed-off-by: Eric Dumazet --- net/core/skbuff.c | 3 ++- net/ipv4/tcp.c| 2 -- 2 files

[PATCH net-next 0/2] net: ubuf_info.refcnt conversion

Yet another atomic_t -> refcount_t conversion, split in two patches. First patch prepares the automatic conversion done in the second patch. Eric Dumazet (2): net: prepare (struct ubuf_info)->refcnt conversion net: convert (struct ubuf_info)->refcnt to refcount_t include/linux/skbuff.h | 5

Re: [PATCH v4 4/5] net: stmmac: dwmac-sun8i: choose internal PHY via phy-is-integrated

On Sat, Aug 26, 2017 at 11:20:51PM +0200, Andrew Lunn wrote: > Hi Corentin > > I think we have now all agreed this is an mdio-mux, plus it is also an > MII mux. We should represent that in device tree. This patchset does > this. However, as it is now, the mux structure in DT is ignored. All > it

  1   2   3   >