_SKB_PAD) if needed.
Yes I agree. It doesn't hurt to dump more data.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
checksum fault if the checksum turns out to be
correct in that case but it's not really a big deal.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Nov 19, 2018 at 11:56:35AM +0800, Herbert Xu wrote:
>
> I take that back. Because of your shift which cancels out the
> shift in NULLS_MARKER, it would appear that this should work just
> fine with RHT_NULLS_MARRKER(0), no? IOW, it would appear that
>
>
e is no validation of the original skb->csum.
> So this check should be still inverted there??
>
> Or am I still missing anything here?
What do you mean? My copy of nf_ip_checksum seems to be doing the
right thing as far as verifying CHECKSUM_COMPLETED goes.
Cheers,
--
Emai
On Mon, Nov 19, 2018 at 11:54:15AM +0800, Herbert Xu wrote:
>
> > >> diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> > >> index 30526afa8343..852ffa5160f1 100644
> > >> --- a/lib/rhashtable.c
> > >> +++ b/lib/rhashtable.c
> > >> @@
_head __rcu *rhnull;
> >
> > I don't understand why you can't continue to do NULLS_MARKER(0) or
> > RHT_NULLS_MARKER(0).
>
> Because then the test
>
> + } while (he != RHT_NULLS_MARKER(head));
>
> in __rhashtable_lookup() would always succeed, and it would loop
&g
te packet plus the hardware-generated checksum.
That would make debugging these rare hardware faults much easier.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
6647601721=2
Can you please provide your backtrace?
Thanks,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
no warning or InCsumErrors after 1 hour.
>
> Fixes: fb286bb2990a ("[NET]: Detect hardware rx checksum faults correctly")
> Cc: Herbert Xu
> Cc: Tom Herbert
> Cc: Eric Dumazet
> Signed-off-by: Cong Wang
> ---
> net/core/datagram.c | 4 ++--
> net/core/dev
ecided at run-time.
In fact you can already do this at run-time anyway through the
xfrm interface. So please please please just ditch whatever that
you're using that's still glued to the long-obsolete (more than a
decade) af_key interface and switch it over to xfrm.
Thanks,
--
Email: Herbert X
igned to handle read-only iteration
through the hash table. While this probably works since the
actual freeing is delayed by RCU, it seems to be rather fragile.
How about using the dead flag but instead of putting it in the
rhashtable put it in netns_frags and have the timers check on tha
nvoking the normal rhashtable remove function.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
e to another.
I'm relucant to add semantics that would restrain on how rhashtable
works unless we have real and valid use-cases for it.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_init+0x130/0x130 [nfnetlink]
> [ 200.975525] ? debug_show_all_locks+0x290/0x290
> [ 200.980363] ? debug_show_all_locks+0x290/0x290
> [ 200.986356] ? sched_clock_cpu+0x132/0x170
> [ 200.990352] ? find_held_lock+0x39/0x1b0
> [ 200.994355] ? sched_clock_local+0x10d/0x130
> [ 200.999531] ? memset+0x1f/0x40
>
> V2:
> - free all tables requested by Herbert Xu
>
> Signed-off-by: Taehee Yoo
Acked-by: Herbert Xu
Thanks,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_tbl, ht);
> + if (tbl)
> + goto restart;
> }
> -
> - bucket_table_free(tbl);
> + bucket_table_free(rht_dereference(ht->tbl, ht));
Good catch. But don't we need to call bucket_table_free on all
the tables too rather than just the first table?
;
> Signed-off-by: Atul Gupta <atul.gu...@chelsio.com>
> Signed-off-by: Harsh Jain <ha...@chelsio.com>
Patch applied. Thanks.
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
gt;
> > Also move the locking initialization down to the end.
> >
> > Signed-off-by: Davidlohr Bueso <dbu...@suse.de>
>
> The user potentially "doing something bogus" is why the most
> expensive part of the initialization (the memory allocation
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
must not be allowed
to occur.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
ork stack. As the aim is to convert as many existing hash
tables to rhashtable as possible, we want to keep this.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
r may not have even
started from the same place.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
to instantiate the same nested table.
I think you missed the fact that when we use nested tables the spin
lock table is limited to just a single page and hence corresponds
to the first level in the nested table. Therefore it's always safe.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.a
status quo. On the other this does not work on rhltable and
we do have a way of fixing it for both rhashtable and rhltable.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
e. There can be multiple tables
in existence. Unless you hold the lock on the first table, what
is to stop two parallel inserters each from inserting into their
"last" tables which may not be the same table?
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
ator, sometimes it doesn't.
>
> This function is not currently used and is not worth keeping, so
> remove it.
>
> Signed-off-by: NeilBrown <ne...@suse.com>
I don't have a problem with this. But it would be good to hear
from Tom Herbert who added this.
--
Email: Herbert Xu <herb.
ock that's meant to be held around this
operation?
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
se.com>
This looks nice.
> - spin_unlock_bh(old_tbl->locks);
> + rcu_assign_pointer(tmp, new_tbl);
Do we need this barrier since cmpxchg is supposed to provide memory
barrier semantics?
> + if (cmpxchg(_tbl->future_tbl, NULL, tmp) != NULL)
> + return
know that there will be a use for this.
As to the bug fix, please separate it out of the patch and resubmit.
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
om>
I don't think the mutex is actually needed but since we don't
have rht_dereference_raw and this is just test code:
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: ht
and MIPv6 RO state.
Such state should not be added to the SPI hash
because we do not care about it on deleting path.
Signed-off-by: Masahide NAKAMURA <na...@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshf...@linux-ipv6.org>
I think it would be better to revert this.
ible to workaround from userspace as
> xfrm_id_proto_match() will be always true for ah/esp/comp protos.
>
> So, don't try looking up by hash if SPI == 0.
>
> Cc: Steffen Klassert <steffen.klass...@secunet.com>
> Cc: Herbert Xu <herb...@gondor.apana.org.au>
> Cc: &q
t can be useful for the client to know whether it got the previous one
> or not.
I see. I'm OK with this provided that you will also remove/convert
users of rhashtable_walk_peek.
I don't think we need two functions that do almost the same thing.
Thanks,
--
Email: Herbert Xu <h
alk_enter()
>
> Neither rhashtable_walk_enter() or rhltable_walk_enter() sleep, though
> they do take a spinlock without irq protection.
> So revise the comments to accurately state the contexts in which
> these functions can be called.
>
> Signed-off-by: NeilBrown <ne...@suse.com&g
viously the not able to sleep part
completely ruled out any ambiguity but the new wording could confuse
people into thinking that this can be called from softirq context
where it would be unsafe if mixed with process context usage.
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home P
u explain the need for this function and its difference
from the existing rhashtable_walk_peek?
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Wed, Apr 18, 2018 at 04:47:01PM +1000, NeilBrown wrote:
> grow_decision and shink_decision no longer exist, so remove
> the remaining references to them.
>
> Signed-off-by: NeilBrown <ne...@suse.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
with spin locks held.
It does a naked spin lock so even though we removed the memory
allocation you still mustn't call it from interrupt context.
Why do you need to do that anyway?
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
too small.
Automatic shrinking shouldn't be an issue because that's the slow
kind of resizing that we punt to kthread context and it can afford
to do a careful count.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
.
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
to just this after
your patch then yes possibly. You also need to ensure that not only
seqfs users continue to work but also netlink dump users which are
slightly different.
> It might be OK to have a function call instead of expecting people to
> use iter.p directly.
Yes that would definite
Dumazet <eduma...@google.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Dumazet <eduma...@google.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
ns too:
- nested_table_free
- bucket_table_alloc
- rhashtable_rehash_table
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
gt; - spin_unlock(>chain_lock);
> + struct inet_frag_queue *fq;
>
> - if (depth <= INETFRAGS_MAXDEPTH)
> - return inet_frag_create(nf, f, key);
> + rcu_read_lock();
>
> - if (inet_frag_may_rebuild(f)) {
> - if (!f->rebuild)
> - f->rebuild = true;
> - inet_frag_schedule_worker(f);
> + fq = rhashtable_lookup(>rhashtable, key, nf->f->rhash_params);
Ditto.
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
walk_peek. As otherwise
the object that triggers the out-of-space condition will be skipped
upon resumption.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
in the face of
removals.
https://patchwork.ozlabs.org/patch/892534/
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
e must defer that to a work queue because dropping the last
> reference may sleep.
In light of Neil's latest patch, do we still need this?
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> through the whole table again to be sure to see everything at least
> once.
>
> Signed-off-by: NeilBrown <ne...@suse.com>
Very nice!
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
dcf8eb615537526bd42ff27a081d46d337816e
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
t; the number of elements could exceed any given value. The only promise
> we can provide is that it wont exceed N% of the table size for more than
> T seconds.
Sure. However, assuming we use an estimate that is hash-based,
that *should* be fairly accurate assuming that your hash function
i
differentiate between
a walker, a normal object, and the end of the list. I think it
should be doable.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
the spinlock table approach and have a counter
per bucket spinlock. This should be sufficient as you'll contend
on the bucket spinlock table anyway.
This also allows us to estimate the total table size and not have
to always do a last-ditch growth when it's too late.
Cheers,
--
Email:
g like rht_marker so that normal traversal
doesn't see it.
That way the removal code can simply traverse that list and inform
them that the iterator is invalid.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
tely. Would that be acceptable to your use-case?
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
The current code
should never fail an insertion until you actually run ouf memory.
That is unless you're using rhashtable when you should be using
rhlist instead.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
n lost objects due to concurrent removals.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
htable *ht = iter->ht;
>
> rcu_read_lock();
>
> + if (!obj || iter->p != obj)
> + iter->p = NULL;
Why bother with this check at all? Couldn't we make it so that
if you call continue then you continue with the cursor otherwise
you set it to NULL as we curre
for it to be true.
>
> Signed-off-by: NeilBrown <ne...@suse.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
ble_walk_start()
> + * or when the iterator is reset. In this case there
> + * is no previous object to return.
> + */
> + return NULL;
>
> return __rhashtable_walk_find_next(iter);
> }
>
>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Sun, Mar 18, 2018 at 10:36:02AM -0400, David Miller wrote:
>
> Herbert, is it OK for this entire series to go via net-next?
Sure, although there could be conflicts since the chelsio driver
seems to be changing quite fast.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au&g
On Thu, Mar 08, 2018 at 07:10:47PM +0200, Paul Blakey wrote:
>
> I know but I wanted to show the inner structure for the failure case, iirc
> walk doesn't provide this.
Fair enough.
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana
On Thu, Mar 08, 2018 at 08:31:47AM -0800, Eric Dumazet wrote:
>
> Because that would not be nice.
>
> this_cpu_read() is faster than going through raw_smp_processor_id() and
> per_cpu_ptr()
I see. In that case I have no objections to this patch.
Thanks,
--
Email: H
gned-off-by: Paul Blakey <pa...@mellanox.com>
This shouldn't be doing a table walk in the first place.
You should convert it to using the table walk interface.
Direct table walks are forbidden because they will break when
you hit a resize.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au&g
the following kernel BUG while
> fuzzing sendmsg:
Please explain why we can't revert f7c83bcbfaf5 instead.
Your patch contradicts the comment above the line that you're
changing.
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herb
have been tightened and
> __this_cpu_read() cannot be used in a preemptible context.
>
> syzkaller reported this leading to the following kernel BUG while
> fuzzing sendmsg:
How about reverting f7c83bcbfaf5 instead?
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://
f-by: Paul Blakey <pa...@mellanox.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
e')
> Signed-off-by: Paul Blakey <pa...@mellanox.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
f-by: Paul Blakey <pa...@mellanox.com>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
to the wrong email.
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
I see, thanks for catching this!
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
u must not insert objects with the same key through
rhashtable. The reason is that we cannot reliably fetch all
of the objects with the same key during a resize.
If you need duplicate objects, you should use rhlist.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http:
be done. I'm working on it.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
one.
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---
include/net/xfrm.h|7 +
net/ipv4/esp4.c | 208 --
net/xfrm/xfrm_input.c | 21 +++--
net/xfrm/xfrm_state.c |3
4 files changed, 228 insertions(+), 11 deletions
with the encapsulation side.
In particular, if encapsulation data comes in while the socket
is owned by user-space, the packets will be stored in tp->encap_out
and processed during release_sock.
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---
include/linux/tcp.h | 15 ++
include/
when the socket send buffer
is full.
This patch fixes it by setting the MSG_DONTWAIT flag when calling
kernel_sendmsg_locked.
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---
net/core/skbuff.c |1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/skbuff.c b/net/core/sk
CP, TCP_NODELAY, , sizeof(one)) < 0)
error(-1, errno, "TCP_NODELAY");
if (setsockopt(s, SOL_TCP, TCP_ENCAP, NULL, 0) < 0)
error(-1, errno, "TCP_ENCAP");
while ((err = read(s, buf, sizeof(buf))) > 0)
;
his
is harmless as the mode has already been checked further up the
stack. This patch removes this anomaly by aligning the IPv6
behaviour with IPv4 and treating unknown modes (which cannot
actually happen) as transport mode.
Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
8ee859f ("xfrm: Reinject transport-mode packets...")
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 444fa37..9dbf425 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -508,7 +508,7 @@
Currently esp will happily create an xfrm state with an unknown
encap type for IPv4 or an unknown mode for IPv6, without setting
the necessary state parameters. This patch fixes it by returning
-EINVAL.
Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
Signed-off-by:
ches
it to __skb_queue_tail instead.
Reported-by: Artem Savkov <asav...@redhat.com>
Fixes: acf568ee859f ("xfrm: Reinject transport-mode packets...")
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 0
ate configuration.
In practice key managers will never do a state update to change the
encapsulation type. Only the port numbers need to be changed as the
peer NAT entry is updated.
Therefore this patch adds a check in xfrm_state_update to forbid
any changes to the encap_type.
Signed-off-by: Herbert
all objects that have been fully converted so far.
> Upon the next read from user-space, the object that didn't fit
> previously will be revisited.
>
> Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com>
Doesn't the helper that Tom Herbert just added do exact
input hooks")
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index dc28a98..ae35991 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1570,6 +1570,9 @@ struct xfrmk_spdinfo {
int xfrm_prepare_input(struct xfrm_
existing rhashtable users that dump
through netlink to use the new peek interface.
Thanks,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
reached (walker.tbl being NULL is not a
> sufficient condition for end of table).
>
> Signed-off-by: Tom Herbert <t...@quantonium.net>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.
he function
> rhashtable_walk_start_check has been added that returns -EAGAIN on a
> resize event.
>
> Signed-off-by: Tom Herbert <t...@quantonium.net>
Acked-by: Herbert Xu <herb...@gondor.apana.org.au>
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Wed, Dec 06, 2017 at 02:37:17PM +1100, Herbert Xu wrote:
>
> So why is xfrm_input in the xfrm_gro case trying to reinject the
> skb into the network stack?
Nevermind, I see now that transport_finish has code to skip xfrm_gro
packets.
Cheers,
--
Email: Herbert Xu <herb...@gondor.
the
skb into the network stack?
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
lways follow the start
> of the walk so there should be no behavioral change in doing this.
>
> Signed-off-by: Tom Herbert <t...@quantonium.net>
Doesn't this mean that if a walk encounters a rehash you may end up
missing half or more of the hash table?
Cheers,
--
Email: He
> each pass.
Thanks Tom! This information is very useful.
It sounds like this problem isn't specific to ila and would exist
for all rhashtable users that dump through netlink. Let me think
about this a little bit more.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gond
eature into the patch
description? As it is it's difficult to deduce why we would want
to add something like this given that hashtable walks are always
unstable and there is no guarantee that two calls to peek or a
peek followed by a normal walk will see the same entry.
Thanks,
--
Email: Herbert Xu &
alibaba-inc.com>
> Cc: Herbert Xu <herb...@gondor.apana.org.au>
> Cc: "David S. Miller" <da...@davemloft.net>
> Cc: linux-cry...@vger.kernel.org
Patch applied. Thanks.
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
: Fixed a build warning and added flag for data packet
Patch applied. Thanks.
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
and added flag for data packet
Patch applied. Thanks.
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
o/chcr_core.c:169: undefined reference to
> >> `chcr_add_xfrmops'
Atul, can you fix this and resubmit your patches please?
Thanks!
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Fri, Nov 10, 2017 at 01:30:38PM +1100, Herbert Xu wrote:
>
> I found the problem. This crap is coming from clone_policy. Now
> let me where this code came from.
---8<---
Subject: xfrm: Copy policy family in clone_policy
The syzbot found an ancient bug in the IPsec code. Wh
On Fri, Nov 10, 2017 at 01:11:45PM +1100, Herbert Xu wrote:
>
> Oh and this is an important clue. We have two policies with
> identical index values. The index value is meant to be unique
> so clearly something funny is going on.
I found the problem. This crap is coming from clone_
On Fri, Nov 10, 2017 at 01:04:59PM +1100, Herbert Xu wrote:
>
> By castrating the reproducer to not perform a pfkey dump I have
> captured the corrupted policy via xfrm:
>
> src ???/0 dst ???/0 uid 0
> socket in action allow index 2083 priority 0 ptype main share any
&
On Thu, Nov 09, 2017 at 10:38:57PM +1100, Herbert Xu wrote:
>
> The xfrm code path is meant to forbid the creation of such a policy.
> I don't currently see how this is bypassing that check. But
> clearly it has found a way through the check since it's crashing.
By castrating th
1 - 100 of 2197 matches
Mail list logo
