1. 09 Jan, 2018 18 commits
    • Felix Walter's avatar
      macsec: Add support for GCM-AES-256 cipher suite · ccfdec90
      Felix Walter authored
      This adds support for the GCM-AES-256 cipher suite as specified in
      IEEE 802.1AEbn-2011. The prepared cipher suite selection mechanism is used,
      with GCM-AES-128 being the default cipher suite as defined in the standard.
      Signed-off-by: default avatarFelix Walter <felix.walter@cloudandheat.com>
      Cc: Sabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ccfdec90
    • David S. Miller's avatar
      Merge branch 'XDP-transmission-for-tuntap' · e8b18af8
      David S. Miller authored
      Jason Wang says:
      
      ====================
      XDP transmission for tuntap
      
      This series tries to implement XDP transmission (ndo_xdp_xmit) for
      tuntap. Pointer ring was used for queuing both XDP buffers and
      sk_buff, this is done by encoding the type into lowest bit of the
      pointer and storin XDP metadata in the headroom of XDP buff.
      
      Tests gets 3.05 Mpps when doing xdp_redirect_map from ixgbe to VM
      (testpmd + virtio-net in guest). This gives us ~20% improvments
      compared to use skb during redirect.
      
      Please review.
      
      Changes from V1:
      
      - slient warnings
      - fix typos
      - add skb mode number in the commit log
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e8b18af8
    • Jason Wang's avatar
      tuntap: XDP transmission · fc72d1d5
      Jason Wang authored
      This patch implements XDP transmission for TAP. Since we can't create
      new queues for TAP during XDP set, exist ptr_ring was reused for
      queuing XDP buffers. To differ xdp_buff from sk_buff, TUN_XDP_FLAG
      (0x1UL) was encoded into lowest bit of xpd_buff pointer during
      ptr_ring_produce, and was decoded during consuming. XDP metadata was
      stored in the headroom of the packet which should work in most of
      cases since driver usually reserve enough headroom. Very minor changes
      were done for vhost_net: it just need to peek the length depends on
      the type of pointer.
      
      Tests were done on two Intel E5-2630 2.40GHz machines connected back
      to back through two 82599ES. Traffic were generated/received through
      MoonGen/testpmd(rxonly). It reports ~20% improvements when
      xdp_redirect_map is doing redirection from ixgbe to TAP (from 2.50Mpps
      to 3.05Mpps)
      
      Cc: Jesper Dangaard Brouer <brouer@redhat.com>
      Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fc72d1d5
    • Jason Wang's avatar
      tun/tap: use ptr_ring instead of skb_array · 5990a305
      Jason Wang authored
      This patch switches to use ptr_ring instead of skb_array. This will be
      used to enqueue different types of pointers by encoding type into
      lower bits.
      Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5990a305
    • David S. Miller's avatar
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · ef7f8cec
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Frag and UDP handling fixes in i40e driver, from Amritha Nambiar and
          Alexander Duyck.
      
       2) Undo unintentional UAPI change in netfilter conntrack, from Florian
          Westphal.
      
       3) Revert a change to how error codes are returned from
          dev_get_valid_name(), it broke some apps.
      
       4) Cannot cache routes for ipv6 tunnels in the tunnel is ipv4/ipv6
          dual-stack. From Eli Cooper.
      
       5) Fix missed PMTU updates in geneve, from Xin Long.
      
       6) Cure double free in macvlan, from Gao Feng.
      
       7) Fix heap out-of-bounds write in rds_message_alloc_sgs(), from
          Mohamed Ghannam.
      
       8) FEC bug fixes from FUgang Duan (mis-accounting of dev_id, missed
          deferral of probe when the regulator is not ready yet).
      
       9) Missing DMA mapping error checks in 3c59x, from Neil Horman.
      
      10) Turn off Broadcom tags for some b53 switches, from Florian Fainelli.
      
      11) Fix OOPS when get_target_net() is passed an SKB whose NETLINK_CB()
          isn't initialized. From Andrei Vagin.
      
      12) Fix crashes in fib6_add(), from Wei Wang.
      
      13) PMTU bug fixes in SCTP from Marcelo Ricardo Leitner.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (56 commits)
        sh_eth: fix TXALCR1 offsets
        mdio-sun4i: Fix a memory leak
        phylink: mark expected switch fall-throughs in phylink_mii_ioctl
        sctp: fix the handling of ICMP Frag Needed for too small MTUs
        sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled
        xen-netfront: enable device after manual module load
        bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
        bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc()
        sh_eth: fix SH7757 GEther initialization
        net: fec: free/restore resource in related probe error pathes
        uapi/if_ether.h: prevent redefinition of struct ethhdr
        ipv6: fix general protection fault in fib6_add()
        RDS: null pointer dereference in rds_atomic_free_op
        sh_eth: fix TSU resource handling
        net: stmmac: enable EEE in MII, GMII or RGMII only
        rtnetlink: give a user socket to get_target_net()
        MAINTAINERS: Update my email address.
        can: ems_usb: improve error reporting for error warning and error passive
        can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
        can: gs_usb: fix return value of the "set_bittiming" callback
        ...
      ef7f8cec
    • Yang Shi's avatar
      net: tipc: remove unused hardirq.h · f4803f1b
      Yang Shi authored
      Preempt counter APIs have been split out, currently, hardirq.h just
      includes irq_enter/exit APIs which are not used by TIPC at all.
      
      So, remove the unused hardirq.h.
      Signed-off-by: default avatarYang Shi <yang.s@alibaba-inc.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Tested-by: default avatarYing Xue <ying.xue@windriver.com>
      Cc: Jon Maloy <jon.maloy@ericsson.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4803f1b
    • Yang Shi's avatar
      net: ovs: remove unused hardirq.h · 419091f1
      Yang Shi authored
      Preempt counter APIs have been split out, currently, hardirq.h just
      includes irq_enter/exit APIs which are not used by openvswitch at all.
      
      So, remove the unused hardirq.h.
      Signed-off-by: default avatarYang Shi <yang.s@alibaba-inc.com>
      Acked-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: dev@openvswitch.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      419091f1
    • Yang Shi's avatar
      net: caif: remove unused hardirq.h · 373372b3
      Yang Shi authored
      Preempt counter APIs have been split out, currently, hardirq.h just
      includes irq_enter/exit APIs which are not used by caif at all.
      
      So, remove the unused hardirq.h.
      Signed-off-by: default avatarYang Shi <yang.s@alibaba-inc.com>
      Cc: Dmitry Tarnyagin <dmitry.tarnyagin@lockless.no>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      373372b3
    • David S. Miller's avatar
      Merge branch 'net-netdev_WARN_ONCE' · f1f2b7c3
      David S. Miller authored
      Gal Pressman says:
      
      ====================
      Replace WARN_ONCE usages with netdev_WARN_ONCE
      
      This series will fix an issue in netdev_WARN_ONCE, improve its formatting and
      replace drivers' usage of WARN_ONCE to netdev_WARN_ONCE.
      
      Driver specific patches were compilation tested, in addition, functional tested
      on Mellanox NIC.
      
      v1->v2:
      - Addressed commit message comments in patch #1
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1f2b7c3
    • Gal Pressman's avatar
      8139cp: Replace WARN_ONCE with netdev_WARN_ONCE · 9d0b967f
      Gal Pressman authored
      Use the more appropriate netdev_WARN_ONCE instead of WARN_ONCE macro.
      Signed-off-by: default avatarGal Pressman <galp@mellanox.com>
      Reviewed-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Cc: Realtek linux nic maintainers <nic_swsd@realtek.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9d0b967f
    • Gal Pressman's avatar
      bnx2x: Replace WARN_ONCE with netdev_WARN_ONCE · 37ed41c4
      Gal Pressman authored
      Use the more appropriate netdev_WARN_ONCE instead of WARN_ONCE macro.
      Signed-off-by: default avatarGal Pressman <galp@mellanox.com>
      Reviewed-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Cc: Ariel Elior <ariel.elior@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      37ed41c4
    • Gal Pressman's avatar
      e1000: Replace WARN_ONCE with netdev_WARN_ONCE · e65c3e1d
      Gal Pressman authored
      Use the more appropriate netdev_WARN_ONCE instead of WARN_ONCE macro.
      Signed-off-by: default avatarGal Pressman <galp@mellanox.com>
      Reviewed-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e65c3e1d
    • Gal Pressman's avatar
      net/mlx5e: Replace WARN_ONCE with netdev_WARN_ONCE · cd4a87df
      Gal Pressman authored
      Use the more appropriate netdev_WARN_ONCE instead of WARN_ONCE macro.
      Signed-off-by: default avatarGal Pressman <galp@mellanox.com>
      Reviewed-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cd4a87df
    • Gal Pressman's avatar
      net: No line break on netdev_WARN* formatting · e1cfe3d0
      Gal Pressman authored
      Remove the unnecessary line break between the netdev name and reg state
      to the actual message that should be printed.
      
      For example, this:
      [86730.307236] ------------[ cut here ]------------
      [86730.313496] netdevice: enp27s0f0
      Message from the driver
      [...]
      
      Will be replaced with:
      [86770.259289] ------------[ cut here ]------------
      [86770.265191] netdevice: enp27s0f0: Message from the driver
      [...]
      Signed-off-by: default avatarGal Pressman <galp@mellanox.com>
      Reviewed-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e1cfe3d0
    • Gal Pressman's avatar
      net: Fix netdev_WARN_ONCE macro · 72dd831e
      Gal Pressman authored
      netdev_WARN_ONCE is broken (whoops..), this fix will remove the
      unnecessary "condition" parameter, add the missing comma and change
      "arg" to "args".
      
      Fixes: 375ef2b1 ("net: Introduce netdev_*_once functions")
      Signed-off-by: default avatarGal Pressman <galp@mellanox.com>
      Reviewed-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      72dd831e
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 9f0e896f
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      The following patchset contains Netfilter/IPVS updates for your
      net-next tree:
      
      1) Free hooks via call_rcu to speed up netns release path, from
         Florian Westphal.
      
      2) Reduce memory footprint of hook arrays, skip allocation if family is
         not present - useful in case decnet support is not compiled built-in.
         Patches from Florian Westphal.
      
      3) Remove defensive check for malformed IPv4 - including ihl field - and
         IPv6 headers in x_tables and nf_tables.
      
      4) Add generic flow table offload infrastructure for nf_tables, this
         includes the netlink control plane and support for IPv4, IPv6 and
         mixed IPv4/IPv6 dataplanes. This comes with NAT support too. This
         patchset adds the IPS_OFFLOAD conntrack status bit to indicate that
         this flow has been offloaded.
      
      5) Add secpath matching support for nf_tables, from Florian.
      
      6) Save some code bytes in the fast path for the nf_tables netdev,
         bridge and inet families.
      
      7) Allow one single NAT hook per point and do not allow to register NAT
         hooks in nf_tables before the conntrack hook, patches from Florian.
      
      8) Seven patches to remove the struct nf_af_info abstraction, instead
         we perform direct calls for IPv4 which is faster. IPv6 indirections
         are still needed to avoid dependencies with the 'ipv6' module, but
         these now reside in struct nf_ipv6_ops.
      
      9) Seven patches to handle NFPROTO_INET from the Netfilter core,
         hence we can remove specific code in nf_tables to handle this
         pseudofamily.
      
      10) No need for synchronize_net() call for nf_queue after conversion
          to hook arrays. Also from Florian.
      
      11) Call cond_resched_rcu() when dumping large sets in ipset to avoid
          softlockup. Again from Florian.
      
      12) Pass lockdep_nfnl_is_held() to rcu_dereference_protected(), patch
          from Florian Westphal.
      
      13) Fix matching of counters in ipset, from Jozsef Kadlecsik.
      
      14) Missing nfnl lock protection in the ip_set_net_exit path, also
          from Jozsef.
      
      15) Move connlimit code that we can reuse from nf_tables into
          nf_conncount, from Florian Westhal.
      
      And asorted cleanups:
      
      16) Get rid of nft_dereference(), it only has one single caller.
      
      17) Add nft_set_is_anonymous() helper function.
      
      18) Remove NF_ARP_FORWARD leftover chain definition in nf_tables_arp.
      
      19) Remove unnecessary comments in nf_conntrack_h323_asn1.c
          From Varsha Rao.
      
      20) Remove useless parameters in frag_safe_skb_hp(), from Gao Feng.
      
      21) Constify layer 4 conntrack protocol definitions, function
          parameters to register/unregister these protocol trackers, and
          timeouts. Patches from Florian Westphal.
      
      22) Remove nlattr_size indirection, from Florian Westphal.
      
      23) Add fall-through comments as -Wimplicit-fallthrough needs this,
          from Gustavo A. R. Silva.
      
      24) Use swap() macro to exchange values in ipset, patch from
          Gustavo A. R. Silva.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f0e896f
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 44596f86
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
      
       - One line fix to mlx4 error flow (same as mlx5 fix in last pull
         request, just in the mlx4 driver)
      
       - Fix a race condition in the IPoIB driver. This patch is larger than
         just a one line fix, but resolves a race condition in a fairly
         straight forward manner
      
       - Fix a locking issue in the RDMA netlink code. This patch is also
         larger than I would like for a late -rc. It has, however, had a week
         to bake in the rdma tree prior to this pull request
      
       - One line fix to fix granting remote machine access to memory that
         they don't need and shouldn't have
      
       - One line fix to correct the fact that our sgid/dgid pair is swapped
         from what you would expect when receiving an incoming connection
         request
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        IB/srpt: Fix ACL lookup during login
        IB/srpt: Disable RDMA access by the initiator
        RDMA/netlink: Fix locking around __ib_get_device_by_index
        IB/ipoib: Fix race condition in neigh creation
        IB/mlx4: Fix mlx4_ib_alloc_mr error flow
      44596f86
  2. 08 Jan, 2018 22 commits