Re: [PATCH] ARM: dts: add phy-reset property for rk3066a-rayeager emac

Hello Chris, On 11/07/2017 04:49 AM, Chris Zhong wrote: > The ethernet phy of rk3066a-rayeager has a reset pin, it controlled by > GPIO1_D6, this pin should be pull down then pull up to reset the phy. > Add a phy-reset property in emac, make the phy can be reset when emac > power on. for PHY

RE: [PATCH 0/4] fsl/fman: Fix some error handling code in mac_probe

Hi Christophe, I'll review and test your fixes. Thank you! Madalin > -Original Message- > From: Christophe JAILLET [mailto:christophe.jail...@wanadoo.fr] > Sent: Monday, November 06, 2017 11:53 PM > To: Madalin-cristian Bucur > Cc: netdev@vger.kernel.org;

Re: [PATCH net-next 2/8] rtnetlink: add rtnl_register_module

Peter Zijlstra wrote: > On Mon, Nov 06, 2017 at 11:51:07AM +0100, Florian Westphal wrote: > > @@ -180,6 +164,12 @@ int __rtnl_register(int protocol, int msgtype, > > rcu_assign_pointer(rtnl_msg_handlers[protocol], tab); > > } > > > > +

[PATCH] libceph: don't WARN() if user tries to add invalid key

From: Eric Biggers The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a user tries to add a key of type "ceph" with an invalid payload as follows (assuming CONFIG_CEPH_LIB=y): echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ |

Re: [PATCH net-next 2/3] net: ipv4: flush neighbor entries when carrier is off

On 11/6/17 11:49 PM, David Ahern wrote: >>> diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c >>> index f02819134ba2..aa8fea74858f 100644 >>> --- a/net/ipv4/fib_frontend.c >>> +++ b/net/ipv4/fib_frontend.c >>> @@ -1226,10 +1226,13 @@ static int fib_netdev_event(struct notifier_block

[PATCH] qrtr: Move to postcore_initcall

Registering qrtr with module_init makes the ability of typical platform code to create AF_QIPCRTR socket during probe a matter of link order luck. Moving qrtr to postcore_initcall() avoids this. Signed-off-by: Bjorn Andersson --- net/qrtr/qrtr.c | 2 +- 1 file

Re: [PATCH iproute2] libnetlink: Handle extack messages for non-error case

On 11/7/17 1:12 PM, David Ahern wrote: > @@ -101,15 +101,18 @@ static int nl_dump_ext_err(const struct nlmsghdr *nlh, > nl_ext_ack_fn_t errfn) > } > > if (errfn) > - return errfn(errmsg, off, err_nlh); > + return errfn(msg, off, err_nlh); > > - if

[sock_def_readable] WARNING: bad unlock balance detected!

FYI, this warning shows up in both v4.14-rc8 and v4.13: [ 144.578809] br-lan: port 1(eth0) entered disabled state [ 144.581360] device eth0 left promiscuous mode [ 144.582699] br-lan: port 1(eth0) entered disabled state [ 144.685012] [ 144.685370] = [

[PATCH iproute2] libnetlink: Handle extack messages for non-error case

Kernel can now return non-fatal error messages in extack facility. Update iproute2 to dump to use if present. - rename nl_dump_ext_err to nl_dump_ext_ack - rename errmsg to msg - add call to nl_dump_ext_ack in rtnl_dump_done and __rtnl_talk for non-error path Signed-off-by: David Ahern

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

On Mon, Nov 06, 2017 at 07:01:58PM -0500, Boris Lukashev wrote: > On Mon, Nov 6, 2017 at 6:39 PM, Serge E. Hallyn wrote: > > Quoting Boris Lukashev (blukas...@sempervictus.com): > >> On Mon, Nov 6, 2017 at 5:14 PM, Serge E. Hallyn wrote: > >> > Quoting Daniel

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

On Mon, Nov 06, 2017 at 09:16:03PM -0500, Daniel Micay wrote: > On Mon, 2017-11-06 at 16:14 -0600, Serge E. Hallyn wrote: > > Quoting Daniel Micay (danielmi...@gmail.com): > > > Substantial added attack surface will never go away as a problem. > > > There > > > aren't a finite number of

Re: Bond recovery from BOND_LINK_FAIL state not working

Jarod Wilson wrote: >On 2017-11-02 9:11 PM, Jay Vosburgh wrote: [...] >> diff --git a/drivers/net/bonding/bond_main.c >> b/drivers/net/bonding/bond_main.c >> index 18b58e1376f1..6f89f9981a6c 100644 >> --- a/drivers/net/bonding/bond_main.c >> +++

Re: [PATCH v2 09/21] clusterip: exit_net cleanup check added

Hi Vasily, Thank you for the patch! Yet something to improve: [auto build test ERROR on net/master] [also build test ERROR on v4.14-rc8 next-20171106] [cannot apply to net-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url

Re: [PATCH v2 01/21] exit_net cleanup: geneve sock_list check

Hi Vasily, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on net/master] [also build test WARNING on v4.14-rc8 next-20171106] [cannot apply to net-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system

[PATCHv2 net-next iproute2] ip6_gre: add support for ERSPAN tunnel

The patch adds ERSPAN type II tunnel support for IPv6. Signed-off-by: William Tu --- v1->v2 rebase to net-next branch --- ip/ipaddress.c | 5 +++-- ip/iplink.c | 6 +++--- ip/link_gre6.c | 28 +++-

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

On Mon, 2017-11-06 at 16:14 -0600, Serge E. Hallyn wrote: > Quoting Daniel Micay (danielmi...@gmail.com): > > Substantial added attack surface will never go away as a problem. > > There > > aren't a finite number of vulnerabilities to be found. > > There's varying levels of usefulness and

Re: [PATCH iproute2-resend 0/3] *** SUBJECT HERE ***

On Thu, 2 Nov 2017 14:13:22 +0100 Thomas Egerer wrote: > Hello *, > > the following set of three patches tries deals with socket policies. > The first patch adresses the missing filter option for socket > polices. Especially when dealing with many of those, it is

Re: [PATCH net-next iproute2] ip6_gre: add support for ERSPAN tunnel

On Mon, Nov 6, 2017 at 6:10 PM, Stephen Hemminger wrote: > On Sun, 5 Nov 2017 10:35:30 -0800 > William Tu wrote: > >> The patch adds ERSPAN type II tunnel support for IPv6. >> >> Signed-off-by: William Tu > > Patch does not

RE: ITS Email Verification

Dear Staff Member, Due to the on-going security upgrade, All Staff members are required to update their information to the new security system to enable a faster, easier and more secure e-mail experience

Re: [PATCH net-next iproute2] ip6_gre: add support for ERSPAN tunnel

On Sun, 5 Nov 2017 10:35:30 -0800 William Tu wrote: > The patch adds ERSPAN type II tunnel support for IPv6. > > Signed-off-by: William Tu Patch does not apply cleanly against current net-next branch.

Re: [iproute2 PATCH] flower: Represent HW traffic classes as classid values

On Fri, 03 Nov 2017 01:54:01 -0700 Amritha Nambiar wrote: > + tc = strtoul(*argv, , 0); > + if (*end) { > + fprintf(stderr, "Illegal TC index\n"); > + return -1; > +

Re: [PATCH net-next] ipv6: addrconf: fix a lockdep splat

From: Eric Dumazet Date: Mon, 06 Nov 2017 14:13:29 -0800 > From: Eric Dumazet > > Fixes a case where GFP_ATOMIC allocation must be used instead of > GFP_KERNEL one. ... > Fixes: f3d9832e56c4 ("ipv6: addrconf: cleanup locking in ipv6_add_addr") >

Re: [PATCH net-next 01/11] net: dsa: constify cpu_dp member of dsa_port

On 11/06/2017 01:11 PM, Vivien Didelot wrote: > A DSA port has a dedicated CPU port assigned to it, stored in the cpu_dp > member. It is not meant to be modified by a port, thus make it const. > > Signed-off-by: Vivien Didelot Reviewed-by: Florian Fainelli

Re: [patch net-next 3/9] net_sch: cbs: Change TC_SETUP_CBS to TC_SETUP_QDISC_CBS

On Mon, Nov 06, 2017 at 07:23:43AM +0100, Jiri Pirko wrote: > From: Nogah Frankel > > Change TC_SETUP_CBS to TC_SETUP_QDISC_CBS to match the new convention.. > > Signed-off-by: Nogah Frankel > Signed-off-by: Jiri Pirko Reviewed-by:

Re: [patch net-next 1/9] net_sch: red: Add offload ability to RED qdisc

On Mon, Nov 06, 2017 at 07:23:41AM +0100, Jiri Pirko wrote: > From: Nogah Frankel > > Add the ability to offload RED qdisc by using ndo_setup_tc. > There are four commands for RED offloading: > * TC_RED_SET: handles set and change. > * TC_RED_DESTROY: handle qdisc destroy. >

Re: [patch net-next 2/9] net_sch: mqprio: Change TC_SETUP_MQPRIO to TC_SETUP_QDISC_MQPRIO

On Mon, Nov 06, 2017 at 07:23:42AM +0100, Jiri Pirko wrote: > From: Nogah Frankel > > Change TC_SETUP_MQPRIO to TC_SETUP_QDISC_MQPRIO to match the new > convention. > > Signed-off-by: Nogah Frankel > Signed-off-by: Jiri Pirko

Re: circular locking dependency splat

On Tue, 2017-11-07 at 09:35 +0900, David Ahern wrote: > Saw this trying to reproduce the RA splat. This is from top of tree > net-next: > commit 2798b80b385384d51a81832556ee9ad25d175f9b > > [ 99.988789] == > [ 99.990494] WARNING: possible

Re: [PATCH] netfilter: mark expected switch fall-throughs

Hi Gustavo, On Thu, Oct 19, 2017 at 09:06:16AM -0500, Gustavo A. R. Silva wrote: > diff --git a/net/netfilter/ipset/ip_set_core.c > b/net/netfilter/ipset/ip_set_core.c > index cf84f7b..72f654a 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -1386,7

Re: [RFC 0/9] net: create adaptive software irq moderation library

On Sun, Nov 5, 2017 at 9:44 PM, Andy Gospodarek wrote: > From: Andy Gospodarek > > This RFC converts the adaptive interrupt moderation library from the > mlx5_en driver into a library so it can be used by any driver. The last > patch in this set adds

Re: [PATCH v3 net-next 0/5] IGMP snooping for local traffic

On Tue, 7 Nov 2017 00:26:53 +0100 Andrew Lunn wrote: > The linux bridge supports IGMP snooping. It will listen to IGMP > reports on bridge ports and keep track of which groups have been > joined on an interface. It will then forward multicast based on this > group membership. >

[PATCH 05/23] netfilter: conntrack: add and use nf_l4proto_log_invalid

From: Florian Westphal We currently pass down the l4 protocol to the conntrack ->packet() function, but the only user of this is the debug info decision. Same information can be derived from struct nf_conn. As a first step, add and use a new log function for this, similar to

[PATCH 04/23] netfilter: nat: use test_and_clear_bit when deleting ct from bysource list

From: Florian Westphal We can use a single statement for this. While at it, fixup the comment -- we don't have pernet table/ops anymore, the function is only called from module exit path. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

[PATCH 01/23] netfilter: ipset: Compress return logic

From: simran singhal Simplify function returns by merging assignment and return into one command line. Signed-off-by: simran singhal Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso

[PATCH 07/23] netfilter: conntrack: remove pf argument from l4 packet functions

From: Florian Westphal not needed/used anymore. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_conntrack_l4proto.h | 1 - net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 1 -

[PATCH 12/23] netfilter: xt_connlimit: don't store address in the conn nodes

From: Florian Westphal Only stored, never read. This is a leftover from commit 7d0848c8 ("netfilter: connlimit: use rbtree for per-host conntrack obj storage"), which added the rbtree node struct that stores the address instead. Signed-off-by: Florian Westphal

[PATCH 14/23] netfilter: ipvs: Use %pS printk format for direct addresses

From: Helge Deller The debug and error printk functions in ipvs uses wrongly the %pF instead of the %pS printk format specifier for printing symbols for the address returned by _builtin_return_address(0). Fix it for the ia64, ppc64 and parisc64 architectures. Signed-off-by: Helge

[PATCH 23/23] netfilter: nf_tables: get set elements via netlink

This patch adds a new get operation to look up for specific elements in a set via netlink interface. You can also use it to check if an interval already exists. Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_tables.h | 5 ++ net/netfilter/nf_tables_api.c

[PATCH 15/23] netfilter: ipvs: Fix inappropriate output of procfs

From: KUWAZAWA Takuya Information about ipvs in different network namespace can be seen via procfs. How to reproduce: # ip netns add ns01 # ip netns add ns02 # ip netns exec ns01 ip a add dev lo 127.0.0.1/8 # ip netns exec ns02 ip a add dev lo 127.0.0.1/8 # ip

[PATCH 22/23] netfilter: nf_tables: performance set policy skips size description in selection

Use the complexity and space notations if policy is performance, this results in placing the bitmap set representation over the hashtable for key <= 16 for better performance as we discussed during the last NFWS in Faro, Portugal. Signed-off-by: Pablo Neira Ayuso ---

[PATCH 20/23] netfilter: conntrack: move nf_ct_netns_{get,put}() to core

So we can call this from other expression that need conntrack in place to work. Signed-off-by: Pablo Neira Ayuso Acked-by: Florian Westphal --- net/netfilter/nf_conntrack_proto.c | 37 ++-- net/netfilter/nft_ct.c

[PATCH 18/23] netfilter: nft_hash: fix nft_hash_deactivate

From: Florian Westphal Jindřich Makovička says: The logical OR looks fishy to me. Shouldn't be && there instead? Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1199 Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

[PATCH 21/23] netfilter: conntrack: use power efficient workqueue

From: Vincent Guittot conntrack uses the bounded system_long_wq workqueue for its works that don't have to run on the cpu they have been queued. Using bounded workqueue prevents the scheduler to make smart decision about the best place to schedule the work. This

[PATCH 16/23] netfilter: ebtables: clean up initialization of buf

From: Colin Ian King buf is initialized to buf_start and then set on the next statement to buf_start + offsets[i]. Clean this up to just initialize buf to buf_start + offsets[i] to clean up the clang build warning: "Value stored to 'buf' during its initialization is

[PATCH 17/23] netfilter: xt_connlimit: remove mask argument

From: Florian Westphal Instead of passing mask to all the helpers, just fixup the search key early. After rbtree conversion, each rbtree node stores connections of same 'addr & mask', so no need to pass the mask too. Signed-off-by: Florian Westphal

[PATCH 11/23] netfilter: nf_conntrack_h323: Remove typedef struct

From: Harsha Sharma Remove typedef from struct as linux-kernel coding style tends to avoid using typedefs. Done using following coccinelle semantic patch @r1@ type T; @@ typedef struct { ... } T; @script:python c1@ T2; T << r1.T; @@ if T[-2:] =="_t" or T[-2:] ==

[PATCH 19/23] netfilter: conntrack: don't cache nlattr_tuple_size result in nla_size

From: Florian Westphal We currently call ->nlattr_tuple_size() once at register time and cache result in l4proto->nla_size. nla_size is the only member that is written to, avoiding this would allow to make l4proto trackers const. We can use ->nlattr_tuple_size() at run time,

[PATCH 13/23] netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack

From: Eric Sesterhenn Add missing counter decrement to prevent out of bounds memory read. Signed-off-by: Eric Sesterhenn Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso ---

[PATCH 10/23] netfilter: conntrack: make l3proto trackers const

From: Florian Westphal previous patches removed all writes to them. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 2 +- include/net/netfilter/ipv6/nf_conntrack_ipv6.h

[PATCH 08/23] netfilter: x_tables: make xt_replace_table wait until old rules are not used anymore

From: Florian Westphal xt_replace_table relies on table replacement counter retrieval (which uses xt_recseq to synchronize pcpu counters). This is fine, however with large rule set get_counters() can take a very long time -- it needs to synchronize all counters because it has to

[PATCH 03/23] netfilter: ipset: deduplicate prefixlen maps

From: Aaron Conole The prefixlen maps used here are identical, and have been since introduction. It seems to make sense to use a single large map, that the preprocessor will fill appropriately. Signed-off-by: Aaron Conole Signed-off-by: Jozsef Kadlecsik

[PATCH 02/23] netfilter: ipset: Fix sparse warnings

From: Jozsef Kadlecsik Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso --- net/netfilter/ipset/ip_set_hash_ipportnet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[PATCH 06/23] netfilter: conntrack: add and use nf_ct_l4proto_log_invalid

From: Florian Westphal We currently pass down the l4 protocol to the conntrack ->packet() function, but the only user of this is the debug info decision. Same information can be derived from struct nf_conn. Add a wrapper for the previous patch that extracs the information from

[PATCH 09/23] netfilter: x_tables: don't use seqlock when fetching old counters

From: Florian Westphal after previous commit xt_replace_table will wait until all cpus had even seqcount (i.e., no cpu is accessing old ruleset). Add a 'old' counter retrival version that doesn't synchronize counters. Its not needed, the old counters are not in use anymore at

[PATCH 00/23] Netfilter/IPVS updates for net-next

Hi David, The following patchset contains Netfilter/IPVS updates for your net-next tree, they are: 1) Speed up table replacement on busy systems with large tables (and many cores) in x_tables. Now xt_replace_table() synchronizes by itself by waiting until all cpus had an even seqcount and

Re: [PATCH net-next] ipv6: addrconf: fix a lockdep splat

On 11/7/17 7:13 AM, Eric Dumazet wrote: > From: Eric Dumazet > > Fixes a case where GFP_ATOMIC allocation must be used instead of > GFP_KERNEL one. > ... > > Fixes: f3d9832e56c4 ("ipv6: addrconf: cleanup locking in ipv6_add_addr") > Signed-off-by: Eric Dumazet

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On 11/7/17 9:31 AM, Eric Dumazet wrote: > On Mon, Nov 6, 2017 at 4:29 PM, David Ahern wrote: >> On 11/7/17 5:56 AM, valdis.kletni...@vt.edu wrote: >>> I've hit this 6 times now, across 3 boots: >>> >>> Nov 3 11:04:54 turing-police kernel: [ 547.814748] BUG: sleeping function

circular locking dependency splat

Saw this trying to reproduce the RA splat. This is from top of tree net-next: commit 2798b80b385384d51a81832556ee9ad25d175f9b [ 99.988789] == [ 99.990494] WARNING: possible circular locking dependency detected [ 99.992187] 4.14.0-rc7+ #23

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On 11/7/17 5:56 AM, valdis.kletni...@vt.edu wrote: > I've hit this 6 times now, across 3 boots: > > Nov 3 11:04:54 turing-police kernel: [ 547.814748] BUG: sleeping function > called from invalid context at mm/slab.h:422 > > Nov 3 20:24:11 turing-police kernel: [ 60.093793] BUG: sleeping

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On 11/7/17 9:31 AM, Eric Dumazet wrote: > Do you have CONFIG_DEBUG_ATOMIC_SLEEP=y in your .config ? dsa@kenny:mgmt:~/kernel-2.git$ grep CONFIG_DEBUG_ATOMIC_SLEEP kbuild/rcu-lock-debug/.config CONFIG_DEBUG_ATOMIC_SLEEP=y Yep, that is on.

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On Mon, Nov 6, 2017 at 4:29 PM, David Ahern wrote: > On 11/7/17 5:56 AM, valdis.kletni...@vt.edu wrote: >> I've hit this 6 times now, across 3 boots: >> >> Nov 3 11:04:54 turing-police kernel: [ 547.814748] BUG: sleeping function >> called from invalid context at

Re: [RFC PATCH] bpf: Add helpers to read useful task_struct members

On 11/02/2017 11:58 PM, Sandipan Das wrote: For added security, the layout of some structures can be randomized by enabling CONFIG_GCC_PLUGIN_RANDSTRUCT. One such structure is task_struct. To build BPF programs, we use Clang which does not support this feature. So, if we attempt to read a

Re: [RFC PATCH 5/5] selinux: Add SCTP support

On Tue, Oct 17, 2017 at 9:59 AM, Richard Haines wrote: > The SELinux SCTP implementation is explained in: > Documentation/security/SELinux-sctp.txt > > Signed-off-by: Richard Haines > --- > Documentation/security/SELinux-sctp.txt

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

On Mon, Nov 6, 2017 at 6:39 PM, Serge E. Hallyn wrote: > Quoting Boris Lukashev (blukas...@sempervictus.com): >> On Mon, Nov 6, 2017 at 5:14 PM, Serge E. Hallyn wrote: >> > Quoting Daniel Micay (danielmi...@gmail.com): >> >> Substantial added attack surface

Re: [PATCH net-next v6 0/3] Incorporated all required changes

From: Manish Kurup Date: Mon, 6 Nov 2017 11:52:37 -0500 > Currently, the body of the commit message describes what it is doing > in each commit patch. Would you like me to add some detail to the > description of each commit? This is not what I am asking for. The header

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

Quoting Boris Lukashev (blukas...@sempervictus.com): > On Mon, Nov 6, 2017 at 5:14 PM, Serge E. Hallyn wrote: > > Quoting Daniel Micay (danielmi...@gmail.com): > >> Substantial added attack surface will never go away as a problem. There > >> aren't a finite number of

RE: [PATCH net-next] liquidio: Fix an issue with multiple switchdev enable disables

>Applied, thanks. > >But I do have a question, are you properly reference counting these dispatch >function objects? I can't see how you can properly handle multiple >enable/disable otherwise. > LiquidIO doesn't reference count dispatch function as no two LiquidIO components registers for the

Re: Linux ECN Handling

Hi Daniel, Apologies for the delay. I tried out Neal's suggestion to printk the cwnd and ss-thresh in the tcp_init_cwnd_reduction(), tcp_cwnd_reduction(), and tcp_end_cwnd_reduction() functions in tcp_input.c. From what I can tell, none of these functions are setting the cwnd to 0. Here is the

[PATCH v3 net-next 5/5] net: dsa: switch: Don't add CPU port to an mdb by default

Now that the host indicates when a multicast group should be forwarded from the switch to the host, don't do it by default. Signed-off-by: Andrew Lunn --- net/dsa/switch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/dsa/switch.c b/net/dsa/switch.c

[PATCH v3 net-next 4/5] net: dsa: slave: Handle switchdev host mdb add/del

Add code to handle switchdev host mdb add/del. Since DSA uses one of the switch ports as a transport to the host, we just need to add an MDB on this port. Signed-off-by: Andrew Lunn --- net/dsa/slave.c | 13 + 1 file changed, 13 insertions(+) diff --git

[PATCH v3 net-next 3/5] net: bridge: Add/del switchdev object on host join/leave

When the host joins or leaves a multicast group, use switchdev to add an object to the hardware to forward traffic for the group to the host. Signed-off-by: Andrew Lunn --- include/net/switchdev.h | 1 + net/bridge/br_mdb.c | 39 +++

[PATCH v3 net-next 2/5] net: bridge: Send notification when host join/leaves a group

The host can join or leave a multicast group on the brX interface, as indicated by IGMP snooping. This is tracked within the bridge multicast code. Send a notification when this happens, in the same way a notification is sent when a port of the bridge joins/leaves a group because of IGMP

[PATCH v3 net-next 1/5] net: bridge: Rename mglist to host_joined

The boolean mglist indicates the host has joined a particular multicast group on the bridge interface. It is badly named, obscuring what is means. Rename it. Signed-off-by: Andrew Lunn --- net/bridge/br_input.c | 2 +- net/bridge/br_mdb.c | 2 +-

[PATCH v3 net-next 0/5] IGMP snooping for local traffic

The linux bridge supports IGMP snooping. It will listen to IGMP reports on bridge ports and keep track of which groups have been joined on an interface. It will then forward multicast based on this group membership. When the bridge adds or removed groups from an interface, it uses switchdev to

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

On Mon, Nov 06, 2017 at 03:13:19PM -0800, Florian Fainelli wrote: > Hi Andrew, > > On 11/06/2017 03:04 PM, Andrew Lunn wrote: > > The software bridge can be build with vlan filtering support > > included. However, by default it is turned off. In its turned off > > state, it still passes VLANs via

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

On Mon, Nov 6, 2017 at 5:14 PM, Serge E. Hallyn wrote: > Quoting Daniel Micay (danielmi...@gmail.com): >> Substantial added attack surface will never go away as a problem. There >> aren't a finite number of vulnerabilities to be found. > > There's varying levels of usefulness

Re: [PATCH v2 net-next 1/6] net: dsa: Fix SWITCHDEV_ATTR_ID_PORT_PARENT_ID

On 11/06/2017 03:02 PM, Andrew Lunn wrote: > SWITCHDEV_ATTR_ID_PORT_PARENT_ID is used by the software bridge when > determining which ports to flood a packet out. If the packet > originated from a switch, it assumes the switch has already flooded > the packet out the switches ports, so the bridge

Re: [RFC PATCH 4/5] netlabel: Add SCTP support

On Tue, Oct 17, 2017 at 9:58 AM, Richard Haines wrote: > Add support to label SCTP associations and cater for a situation where > family = PF_INET6 with an ip_hdr(skb)->version = 4. > > Signed-off-by: Richard Haines > --- >

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

Hi Andrew, On 11/06/2017 03:04 PM, Andrew Lunn wrote: > The software bridge can be build with vlan filtering support > included. However, by default it is turned off. In its turned off > state, it still passes VLANs via switchev, even though they are not to > be used. Don't pass these VLANs to

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

Hi David I forgot to put the tree in the subject. This is for net-next. Sorry Andrew

[PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

The software bridge can be build with vlan filtering support included. However, by default it is turned off. In its turned off state, it still passes VLANs via switchev, even though they are not to be used. Don't pass these VLANs to the hardware. Only do so when vlan filtering is enabled. This

[PATCH v2 net-next 5/6] net: dsa: mv88e6xxx: Move mv88e6xxx_port_db_load_purge()

This function is going to be needed by a soon to be added new function. Move it earlier so we can avoid a forward declaration. No functional changes. Signed-off-by: Andrew Lunn Reviewed-by: Vivien Didelot --- drivers/net/dsa/mv88e6xxx/chip.c

[PATCH v2 net-next 0/6] mv88e6xxx broadcast flooding in hardware

This patchset makes the mv88e6xxx driver perform flooding in hardware, rather than let the software bridge perform the flooding. This is a prerequisite for IGMP snooping on the bridge interface. In order to make hardware broadcasting work, a few other issues need fixing or improving.

[PATCH v2 net-next 4/6] net: dsa: mv88e6xxx: Print offending port when vlan check fails

When testing if a VLAN is one more than one bridge, we print an error message that the VLAN is already in use somewhere else. Print both the new port which would like the VLAN, and the port which already has it, to aid debugging. Signed-off-by: Andrew Lunn Reviewed-by: Vivien

[PATCH v2 net-next 1/6] net: dsa: Fix SWITCHDEV_ATTR_ID_PORT_PARENT_ID

SWITCHDEV_ATTR_ID_PORT_PARENT_ID is used by the software bridge when determining which ports to flood a packet out. If the packet originated from a switch, it assumes the switch has already flooded the packet out the switches ports, so the bridge should not flood the packet itself out switch

[PATCH v2 net-next 2/6] net: dsa: {e}dsa: set offload_fwd_mark on received packets

The software bridge needs to know if a packet has already been bridged by hardware offload to ports in the same hardware offload, in order that it does not re-flood them, causing duplicates. This is particularly true for broadcast and multicast traffic which the host has requested. By setting

[PATCH v2 net-next 6/6] net: dsa: mv88e6xxx: Flood broadcast frames in hardware

By default, the switch does not flood broadcast frames. Instead the broadcast address is unknown in the ATU, so the frame gets forwarded out the cpu port. The software bridge then floods it back to the individual switch ports which are members of the bridge. Add an ATU entry in the switch so that

[PATCH v2 net-next 3/6] net: dsa: mv88e6xxx: Fixed port netdev check for VLANs

Having the same VLAN on multiple bridges is currently unsupported as an offload. mv88e6xxx_port_check_hw_vlan() is used to ensure that a VLAN is not on multiple bridges when adding a VLAN range to a port. It loops the ports and checks to see if there are ports in a different bridge with the same

Re: [PATCH net-next v3] net: mvpp2: add ethtool GOP statistics

On Mon, Nov 06, 2017 at 10:56:53PM +0100, Miquel Raynal wrote: > Add ethtool statistics support by reading the GOP statistics from the > hardware counters. Also implement a workqueue to gather the statistics > every second or some 32-bit counters could overflow. > > Suggested-by: Stefan Chulski

Re: [PATCH net-next v2] net: mvpp2: add ethtool GOP statistics

Hi Stefan, +David Miller/Net ML > > @@ -6844,6 +7023,10 @@ static int mvpp2_open(struct net_device > > *dev) > > > > mvpp2_start_dev(port); > > > > + /* Start hardware statistics gathering */ > > + queue_delayed_work(priv->stats_queue, >stats_work, > > +

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

On Mon, Nov 06, 2017 at 04:14:18PM -0600, Serge Hallyn wrote: > Quoting Daniel Micay (danielmi...@gmail.com): > > Substantial added attack surface will never go away as a problem. There > > aren't a finite number of vulnerabilities to be found. > > There's varying levels of usefulness and

Re: [RFC PATCH 1/5] security: Add support for SCTP security hooks

On Tue, Oct 17, 2017 at 10:02 AM, Richard Haines wrote: > The SCTP security hooks are explained in: > Documentation/security/LSM-sctp.txt > > Signed-off-by: Richard Haines > --- > Documentation/security/LSM-sctp.txt | 212 >

Re: [REGRESSION] Warning in tcp_fastretrans_alert() of net/ipv4/tcp_input.c

On Fri, Oct 27, 2017 at 1:38 PM, Eric Dumazet wrote: > > On Wed, Oct 25, 2017 at 10:37 PM, Yuchung Cheng wrote: > > On Wed, Oct 25, 2017 at 7:07 PM, Alexei Starovoitov > > wrote: > >> > >> On Thu, Sep 28, 2017 at 04:36:58PM

[PATCH] rsi: rsi_91x_ps: remove redundant code in str_psstate

"INVALID_STATE" is already being returned in the default case and this code cannot be reached. Addresses-Coverity-ID: 1398384 Signed-off-by: Gustavo A. R. Silva --- drivers/net/wireless/rsi/rsi_91x_ps.c | 1 - 1 file changed, 1 deletion(-) diff --git

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On Mon, Nov 6, 2017 at 2:04 PM, Eric Dumazet wrote: > I have a patch, will send in a couple of minutes. Thanks. https://patchwork.ozlabs.org/patch/834983/ ipv6: addrconf: fix a lockdep splat

Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces

Quoting Daniel Micay (danielmi...@gmail.com): > Substantial added attack surface will never go away as a problem. There > aren't a finite number of vulnerabilities to be found. There's varying levels of usefulness and quality. There is code which I want to be able to use in a container, and code

[PATCH net-next] ipv6: addrconf: fix a lockdep splat

From: Eric Dumazet Fixes a case where GFP_ATOMIC allocation must be used instead of GFP_KERNEL one. [ 54.891146] lock_acquire+0xb3/0x2f0 [ 54.891153] ? fs_reclaim_acquire.part.60+0x5/0x30 [ 54.891165] fs_reclaim_acquire.part.60+0x29/0x30 [ 54.891170] ?

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On Mon, Nov 6, 2017 at 2:01 PM, Ido Schimmel wrote: > On Mon, Nov 06, 2017 at 03:56:54PM -0500, valdis.kletni...@vt.edu wrote: >> I've hit this 6 times now, across 3 boots: >> >> Nov 3 11:04:54 turing-police kernel: [ 547.814748] BUG: sleeping function >> called from invalid

Re: IPv6 issue in next-20171102 - lockdep and BUG handling RA packet.

On Mon, Nov 06, 2017 at 03:56:54PM -0500, valdis.kletni...@vt.edu wrote: > I've hit this 6 times now, across 3 boots: > > Nov 3 11:04:54 turing-police kernel: [ 547.814748] BUG: sleeping function > called from invalid context at mm/slab.h:422 > > Nov 3 20:24:11 turing-police kernel: [

[PATCH net-next v3] net: mvpp2: add ethtool GOP statistics

Add ethtool statistics support by reading the GOP statistics from the hardware counters. Also implement a workqueue to gather the statistics every second or some 32-bit counters could overflow. Suggested-by: Stefan Chulski Signed-off-by: Miquel Raynal

[PATCH 1/4] fsl/fman: Remove a useless call to 'dev_set_drvdata()'

Commit c6e26ea8c893 ("dpaa_eth: change device used") has removed usage of 'dev_set_drvdata()' in the 'mac_probe() function. This call should also be axed. Signed-off-by: Christophe JAILLET --- drivers/net/ethernet/freescale/fman/mac.c | 1 - 1 file changed, 1

  1   2   3   >