1. 03 May, 2013 1 commit
    • Daniel Borkmann's avatar
      packet: tpacket_v3: do not trigger bug() on wrong header status · 8da3056c
      Daniel Borkmann authored
      Jakub reported that it is fairly easy to trigger the BUG() macro
      from user space with TPACKET_V3's RX_RING by just giving a wrong
      header status flag. We already had a similar situation in commit
       (``af_packet: remove BUG statement in
      tpacket_destruct_skb'') where this was the case in the TX_RING
      side that could be triggered from user space. So really, don't use
      BUG() or BUG_ON() unless there's really no way out, and i.e.
      don't use it for consistency checking when there's user space
      involved, no excuses, especially not if you're slapping the user
      with WARN + dump_stack + BUG all at once. The two functions are
      of concern:
        prb_retire_current_block() [when block status != TP_STATUS_KERNEL]
        prb_open_block() [when block_status != TP_STATUS_KERNEL]
      Calls to prb_open_block() are guarded by ealier checks if block_status
      is really TP_STATUS_KERNEL (racy!), but the first one BUG() is easily
      triggable from user space. System behaves still stable after they are
      removed. Also remove that yoda condition entirely, since it's already
      Reported-by: default avatarJakub Zawadzki <darkjames-ws@darkjames.pl>
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  2. 24 Apr, 2013 4 commits
    • Daniel Borkmann's avatar
      packet: account statistics only in tpacket_stats_u · ee80fbf3
      Daniel Borkmann authored
      Currently, packet_sock has a struct tpacket_stats stats member for
      TPACKET_V1 and TPACKET_V2 statistic accounting, and with TPACKET_V3
      ``union tpacket_stats_u stats_u'' was introduced, where however only
      statistics for TPACKET_V3 are held, and when copied to user space,
      TPACKET_V3 does some hackery and access also tpacket_stats' stats,
      although everything could have been done within the union itself.
      Unify accounting within the tpacket_stats_u union so that we can
      remove 8 bytes from packet_sock that are there unnecessary. Note that
      even if we switch to TPACKET_V3 and would use non mmap(2)ed option,
      this still works due to the union with same types + offsets, that are
      exposed to the user space.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Daniel Borkmann's avatar
      packet: if hw/sw ts enabled in rx/tx ring, report which ts we got · b9c32fb2
      Daniel Borkmann authored
      Currently, there is no way to find out which timestamp is reported in
      tpacket{,2,3}_hdr's tp_sec, tp_{n,u}sec members. It can be one of
      SOF_TIMESTAMPING_SOFTWARE, or a fallback variant late call from the
      PF_PACKET code in software.
      Therefore, report in the tp_status member of the ring buffer which
      timestamp has been reported for RX and TX path. This should not break
      anything for the following reasons: i) in RX ring path, the user needs
      to test for tp_status & TP_STATUS_USER, and later for other flags as
      well such as TP_STATUS_VLAN_VALID et al, so adding other flags will
      do no harm; ii) in TX ring path, time stamps with PACKET_TIMESTAMP
      socketoption are not available resp. had no effect except that the
      application setting this is buggy. Next to TP_STATUS_AVAILABLE, the
      user also should check for other flags such as TP_STATUS_WRONG_FORMAT
      to reclaim frames to the application. Thus, in case TX ts are turned
      off (default case), nothing happens to the application logic, and in
      case we want to use this new feature, we now can also check which of
      the ts source is reported in the status field as provided in the docs.
      Reported-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Daniel Borkmann's avatar
      packet: enable hardware tx timestamping on tpacket ring · 7a51384c
      Daniel Borkmann authored
      Currently, we only have software timestamping for the TX ring buffer
      path, but this limitation stems rather from the implementation. By
      just reusing tpacket_get_timestamp(), we can also allow hardware
      timestamping just as in the RX path.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Willem de Bruijn's avatar
      packet: tx timestamping on tpacket ring · 2e31396f
      Willem de Bruijn authored
      When transmit timestamping is enabled at the socket level, record a
      timestamp on packets written to a PACKET_TX_RING. Tx timestamps are
      always looped to the application over the socket error queue. Software
      timestamps are also written back into the packet frame header in the
      packet ring.
      Reported-by: default avatarPaul Chavent <paul.chavent@onera.fr>
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  3. 19 Apr, 2013 1 commit
  4. 16 Apr, 2013 1 commit
  5. 14 Apr, 2013 1 commit
  6. 27 Mar, 2013 1 commit
  7. 26 Mar, 2013 1 commit
  8. 19 Mar, 2013 1 commit
    • Willem de Bruijn's avatar
      packet: packet fanout rollover during socket overload · 77f65ebd
      Willem de Bruijn authored
        v3->v2: rebase (no other changes)
                passes selftest
        v2->v1: read f->num_members only once
                fix bug: test rollover mode + flag
      Minimize packet drop in a fanout group. If one socket is full,
      roll over packets to another from the group. Maintain flow
      affinity during normal load using an rxhash fanout policy, while
      dispersing unexpected traffic storms that hit a single cpu, such
      as spoofed-source DoS flows. Rollover breaks affinity for flows
      arriving at saturated sockets during those conditions.
      The patch adds a fanout policy ROLLOVER that rotates between sockets,
      filling each socket before moving to the next. It also adds a fanout
      flag ROLLOVER. If passed along with any other fanout policy, the
      primary policy is applied until the chosen socket is full. Then,
      rollover selects another socket, to delay packet drop until the
      entire system is saturated.
      Probing sockets is not free. Selecting the last used socket, as
      rollover does, is a greedy approach that maximizes chance of
      success, at the cost of extreme load imbalance. In practice, with
      sufficiently long queues to absorb bursts, sockets are drained in
      parallel and load balance looks uniform in `top`.
      To avoid contention, scales counters with number of sockets and
      accesses them lockfree. Values are bounds checked to ensure
      Tested using an application with 9 threads pinned to CPUs, one socket
      per thread and sufficient busywork per packet operation to limits each
      thread to handling 32 Kpps. When sent 500 Kpps single UDP stream
      packets, a FANOUT_CPU setup processes 32 Kpps in total without this
      patch, 270 Kpps with the patch. Tested with read() and with a packet
      ring (V1).
      Also, passes psock_fanout.c unit test added to selftests.
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  9. 27 Feb, 2013 1 commit
    • Sasha Levin's avatar
      hlist: drop the node parameter from iterators · b67bfe0d
      Sasha Levin authored
      I'm not sure why, but the hlist for each entry iterators were conceived
              list_for_each_entry(pos, head, member)
      The hlist ones were greedy and wanted an extra parameter:
              hlist_for_each_entry(tpos, pos, head, member)
      Why did they need an extra pos parameter? I'm not quite sure. Not only
      they don't really need it, it also prevents the iterator from looking
      exactly like the list iterator, which is unfortunate.
      Besides the semantic patch, there was some manual work required:
       - Fix up the actual hlist iterators in linux/list.h
       - Fix up the declaration of other iterators based on the hlist ones.
       - A very small amount of places were using the 'node' parameter, this
       was modified to use 'obj->member' instead.
       - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
       properly, so those had to be fixed up manually.
      The semantic patch which is mostly the work of Peter Senna Tschudin is here:
      iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
      type T;
      expression a,c,d,e;
      identifier b;
      statement S;
      -T b;
          <+... when != b
      - b,
      c, d) S
      - b,
      c) S
      - b,
      c) S
      - b,
      c, d) S
      - b,
      c, d) S
      - b,
      c) S
      for_each_busy_worker(a, c,
      - b,
      d) S
      - b,
      c) S
      - b,
      c) S
      - b,
      c) S
      - b,
      c) S
      - b,
      c) S
      - b,
      c) S
      -(a, b)
      + sk_for_each_from(a) S
      - b,
      c, d) S
      - b,
      c) S
      - b,
      c, d, e) S
      - b,
      c) S
      - b,
      c) S
      - b,
      c, d) S
      - b,
      c) S
      - b,
      c, d) S
      - for_each_gfn_sp(a, c, d, b) S
      + for_each_gfn_sp(a, c, d) S
      - for_each_gfn_indirect_valid_sp(a, c, d, b) S
      + for_each_gfn_indirect_valid_sp(a, c, d) S
      - b,
      c) S
      - b,
      c, d) S
      - b,
      c, d) S
      [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
      [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
      [akpm@linux-foundation.org: checkpatch fixes]
      [akpm@linux-foundation.org: fix warnings]
      [akpm@linux-foudnation.org: redo intrusive kvm changes]
      Tested-by: default avatarPeter Senna Tschudin <peter.senna@gmail.com>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      Cc: Wu Fengguang <fengguang.wu@intel.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  10. 18 Feb, 2013 2 commits
  11. 03 Feb, 2013 1 commit
    • Phil Sutter's avatar
      packet: fix leakage of tx_ring memory · 9665d5d6
      Phil Sutter authored
      When releasing a packet socket, the routine packet_set_ring() is reused
      to free rings instead of allocating them. But when calling it for the
      first time, it fills req->tp_block_nr with the value of rb->pg_vec_len
      which in the second invocation makes it bail out since req->tp_block_nr
      is greater zero but req->tp_block_size is zero.
      This patch solves the problem by passing a zeroed auto-variable to
      packet_set_ring() upon each invocation from packet_release().
      As far as I can tell, this issue exists even since 69e3c75f
       (net: TX_RING
      and packet mmap), i.e. the original inclusion of TX ring support into
      af_packet, but applies only to sockets with both RX and TX ring
      allocated, which is probably why this was unnoticed all the time.
      Signed-off-by: default avatarPhil Sutter <phil.sutter@viprinet.com>
      Cc: Johann Baudy <johann.baudy@gnu-log.net>
      Cc: Daniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  12. 18 Nov, 2012 1 commit
    • Eric W. Biederman's avatar
      net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm · df008c91
      Eric W. Biederman authored
      Allow an unpriviled user who has created a user namespace, and then
      created a network namespace to effectively use the new network
      namespace, by reducing capable(CAP_NET_ADMIN) and
      capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
      CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
      Allow creation of af_key sockets.
      Allow creation of llc sockets.
      Allow creation of af_packet sockets.
      Allow sending xfrm netlink control messages.
      Allow binding to netlink multicast groups.
      Allow sending to netlink multicast groups.
      Allow adding and dropping netlink multicast groups.
      Allow sending to all netlink multicast groups and port ids.
      Allow reading the netfilter SO_IP_SET socket option.
      Allow sending netfilter netlink messages.
      Allow setting and getting ip_vs netfilter socket options.
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  13. 07 Nov, 2012 1 commit
  14. 26 Oct, 2012 1 commit
  15. 23 Aug, 2012 1 commit
  16. 22 Aug, 2012 2 commits
    • Pavel Emelyanov's avatar
      packet: Protect packet sk list with mutex (v2) · 0fa7fa98
      Pavel Emelyanov authored
      Change since v1:
      * Fixed inuse counters access spotted by Eric
      In patch eea68e2f
       (packet: Report socket mclist info via diag module) I've
      introduced a "scheduling in atomic" problem in packet diag module -- the
      socket list is traversed under rcu_read_lock() while performed under it sk
      mclist access requires rtnl lock (i.e. -- mutex) to be taken.
      [152363.820563] BUG: scheduling while atomic: crtools/12517/0x10000002
      [152363.820573] 4 locks held by crtools/12517:
      [152363.820581]  #0:  (sock_diag_mutex){+.+.+.}, at: [<ffffffff81a2dcb5>] sock_diag_rcv+0x1f/0x3e
      [152363.820613]  #1:  (sock_diag_table_mutex){+.+.+.}, at: [<ffffffff81a2de70>] sock_diag_rcv_msg+0xdb/0x11a
      [152363.820644]  #2:  (nlk->cb_mutex){+.+.+.}, at: [<ffffffff81a67d01>] netlink_dump+0x23/0x1ab
      [152363.820693]  #3:  (rcu_read_lock){.+.+..}, at: [<ffffffff81b6a049>] packet_diag_dump+0x0/0x1af
      Similar thing was then re-introduced by further packet diag patches (fanount
      mutex and pgvec mutex for rings) :(
      Apart from being terribly sorry for the above, I propose to change the packet
      sk list protection from spinlock to mutex. This lock currently protects two
      * sklist
      * prot inuse counters
      The sklist modifications can be just reprotected with mutex since they already
      occur in a sleeping context. The inuse counters modifications are trickier -- the
      __this_cpu_-s are used inside, thus requiring the caller to handle the potential
      issues with contexts himself. Since packet sockets' counters are modified in two
      places only (packet_create and packet_release) we only need to protect the context
      from being preempted. BH disabling is not required in this case.
      Signed-off-by: default avatarPavel Emelyanov <xemul@parallels.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • danborkmann@iogearbox.net's avatar
      af_packet: use define instead of constant · 9e67030a
      danborkmann@iogearbox.net authored
      Instead of using a hard-coded value for the status variable, it would make
      the code more readable to use its destined define from linux/if_packet.h.
      Signed-off-by: daniel.borkmann@tik.ee.ethz.ch
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  17. 20 Aug, 2012 2 commits
  18. 14 Aug, 2012 2 commits
  19. 12 Aug, 2012 1 commit
    • danborkmann@iogearbox.net's avatar
      af_packet: remove BUG statement in tpacket_destruct_skb · 7f5c3e3a
      danborkmann@iogearbox.net authored
      Here's a quote of the comment about the BUG macro from asm-generic/bug.h:
       Don't use BUG() or BUG_ON() unless there's really no way out; one
       example might be detecting data structure corruption in the middle
       of an operation that can't be backed out of.  If the (sub)system
       can somehow continue operating, perhaps with reduced functionality,
       it's probably not BUG-worthy.
       If you're tempted to BUG(), think again:  is completely giving up
       really the *only* solution?  There are usually better options, where
       users don't need to reboot ASAP and can mostly shut down cleanly.
      In our case, the status flag of a ring buffer slot is managed from both sides,
      the kernel space and the user space. This means that even though the kernel
      side might work as expected, the user space screws up and changes this flag
      right between the send(2) is triggered when the flag is changed to
      TP_STATUS_SENDING and a given skb is destructed after some time. Then, this
      will hit the BUG macro. As David suggested, the best solution is to simply
      remove this statement since it cannot be used for kernel side internal
      consistency checks. I've tested it and the system still behaves /stable/ in
      this case, so in accordance with the above comment, we should rather remove it.
      Signed-off-by: default avatarDaniel Borkmann <daniel.borkmann@tik.ee.ethz.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  20. 08 Aug, 2012 1 commit
  21. 27 Jun, 2012 1 commit
  22. 11 Jun, 2012 1 commit
  23. 04 Jun, 2012 1 commit
    • Joe Perches's avatar
      net: Remove casts to same type · e3192690
      Joe Perches authored
      Adding casts of objects to the same type is unnecessary
      and confusing for a human reader.
      For example, this cast:
      	int y;
      	int *p = (int *)&y;
      I used the coccinelle script below to find and remove these
      unnecessary casts.  I manually removed the conversions this
      script produces of casts with __force and __user.
      type T;
      T *p;
      -	(T *)p
      +	p
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  24. 21 Apr, 2012 1 commit
  25. 19 Apr, 2012 1 commit
  26. 15 Apr, 2012 1 commit
  27. 28 Mar, 2012 1 commit
  28. 24 Feb, 2012 1 commit
  29. 27 Dec, 2011 1 commit
  30. 23 Dec, 2011 1 commit
  31. 18 Nov, 2011 2 commits
  32. 14 Nov, 2011 1 commit