1. 12 Oct, 2015 10 commits
    • Alexei Starovoitov's avatar
      bpf: enable non-root eBPF programs · 1be7f75d
      Alexei Starovoitov authored
      In order to let unprivileged users load and execute eBPF programs
      teach verifier to prevent pointer leaks.
      Verifier will prevent
      - any arithmetic on pointers
        (except R10+Imm which is used to compute stack addresses)
      - comparison of pointers
        (except if (map_value_ptr == 0) ... )
      - passing pointers to helper functions
      - indirectly passing pointers in stack to helper functions
      - returning pointer from bpf program
      - storing pointers into ctx or maps
      
      Spill/fill of pointers into stack is allowed, but mangling
      of pointers stored in the stack or reading them byte by byte is not.
      
      Within bpf programs the pointers do exist, since programs need to
      be able to access maps, pass skb pointer to LD_ABS insns, etc
      but programs cannot pass such pointer values to the outside
      or obfuscate them.
      
      Only allow BPF_PROG_TYPE_SOCKET_FILTER unprivileged programs,
      so that socket filters (tcpdump), af_packet (quic acceleration)
      and future kcm can use it.
      tracing and tc cls/act program types still require root permissions,
      since tracing actually needs to be able to see all kernel pointers
      and tc is for root only.
      
      For example, the following unprivileged socket filter program is allowed:
      int bpf_prog1(struct __sk_buff *skb)
      {
        u32 index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol));
        u64 *value = bpf_map_lookup_elem(&my_map, &index);
      
        if (value)
      	*value += skb->len;
        return 0;
      }
      
      but the following program is not:
      int bpf_prog1(struct __sk_buff *skb)
      {
        u32 index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol));
        u64 *value = bpf_map_lookup_elem(&my_map, &index);
      
        if (value)
      	*value += (u64) skb;
        return 0;
      }
      since it would leak the kernel address into the map.
      
      Unprivileged socket filter bpf programs have access to the
      following helper functions:
      - map lookup/update/delete (but they cannot store kernel pointers into them)
      - get_random (it's already exposed to unprivileged user space)
      - get_smp_processor_id
      - tail_call into another socket filter program
      - ktime_get_ns
      
      The feature is controlled by sysctl kernel.unprivileged_bpf_disabled.
      This toggle defaults to off (0), but can be set true (1).  Once true,
      bpf programs and maps cannot be accessed from unprivileged process,
      and the toggle cannot be set back to false.
      Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1be7f75d
    • Arnd Bergmann's avatar
      net: HNS: fix MDIO dependencies · 0fa28877
      Arnd Bergmann authored
      The newly introduced HNS_MDIO Kconfig symbol selects 'MDIO', but
      that is the wrong symbol as the code used by this driver is
      provided by PHYLIB rather than the MDIO driver. Also, there is
      no need to make this driver user selectable, because it is already
      selected by all drivers that need it.
      
      This changes the Kconfig file to select the correct library, and
      to make the option silent.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 5b904d39 ("net: add Hisilicon Network Subsystem MDIO support")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0fa28877
    • Daniel Pieczko's avatar
      sfc: fully reset if MC_REBOOT event received without warm_boot_count increment · c577e59e
      Daniel Pieczko authored
      On EF10, MC_CMD_VPORT_RECONFIGURE can cause a CODE_MC_REBOOT event
      to be sent to a function without incrementing the (adapter-wide)
      warm_boot_count.  In this case, the reboot is not detected by the
      loop on efx_mcdi_poll_reboot(), so prepare for recovery from an MC
      reboot anyway.  When this codepath is run, the MC has always just
      rebooted, so this recovery is valid.
      
      The loop on efx_mcdi_poll_reboot() is still required for other MC
      reboot cases, so that actions in response to an MC reboot are
      performed, such as clearing locally calculated statistics.
      Siena NICs are unaffected by this change as the above scenario
      does not apply.
      Signed-off-by: default avatarShradha Shah <sshah@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c577e59e
    • David S. Miller's avatar
      Merge branch 'switchdev_ageing_time' · d5404915
      David S. Miller authored
      Scott Feldman says:
      
      ====================
      switchdev: push bridge ageing_time attribute down
      
      Push bridge-level attributes down to switchdev drivers.  This patchset
      adds the infrastructure and then pushes, as an example, ageing_time attribute
      down from bridge to switchdev (rocker) driver.  Add some range-checking
      for ageing_time.
      
      RTNETLINK answers: Numerical result out of range
      
      Up until now, switchdev attrs where port-level attrs, so the netdev used in
      switchdev_attr_set() would be a switch port or bond of switch ports.  With
      bridge-level attrs, the netdev passed to switchdev_attr_set() is the bridge
      netdev.  The same recusive algo is used to visit the leaves of the stacked
      drivers to set the attr, it's just in this case we start one layer higher in
      the stack.  One note is not all ports in the bridge may support setting a
      bridge-level attribute, so rather than failing the entire set, we'll skip over
      those ports returning -EOPNOTSUPP.
      
      v2->v3: Per Jiri review: push only ageing_time attr down at this time, and
      don't pass raw bridge IFLA_BR_* values; rather use new switchdev attr ID for
      ageing_time.
      
      v1->v2: rebase w/ net-next
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d5404915
    • Scott Feldman's avatar
      rocker: handle setting bridge ageing_time · d0cf57f9
      Scott Feldman authored
      The FDB cleanup timer will get rescheduled to re-evaluate FDB entries
      based on new ageing_time.
      Signed-off-by: default avatarScott Feldman <sfeldma@gmail.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d0cf57f9
    • Scott Feldman's avatar
      bridge: push bridge setting ageing_time down to switchdev · c62987bb
      Scott Feldman authored
      Use SWITCHDEV_F_SKIP_EOPNOTSUPP to skip over ports in bridge that don't
      support setting ageing_time (or setting bridge attrs in general).
      
      If push fails, don't update ageing_time in bridge and return err to user.
      
      If push succeeds, update ageing_time in bridge and run gc_timer now to
      recalabrate when to run gc_timer next, based on new ageing_time.
      Signed-off-by: default avatarScott Feldman <sfeldma@gmail.com>
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c62987bb
    • Scott Feldman's avatar
      switchdev: skip over ports returning -EOPNOTSUPP when recursing ports · 464314ea
      Scott Feldman authored
      This allows us to recurse over all the ports, skipping over unsupporting
      ports.  Without the change, the recursion would stop at first unsupported
      port.
      Signed-off-by: default avatarScott Feldman <sfeldma@gmail.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      464314ea
    • Scott Feldman's avatar
      switchdev: add bridge ageing_time attribute · f55ac58a
      Scott Feldman authored
      Setting the stage to push bridge-level attributes down to port driver so
      hardware can be programmed accordingly.  Bridge-level attribute example is
      ageing_time.  This is a per-bridge attribute, not a per-bridge-port attr.
      Signed-off-by: default avatarScott Feldman <sfeldma@gmail.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f55ac58a
    • Richard Sailer's avatar
      tcp: change type of alive from int to bool · 7533ce30
      Richard Sailer authored
      The alive parameter of tcp_orphan_retries, indicates
      whether the connection is assumed alive or not.
      In the function and all places calling it is used as a boolean value.
      
      Therefore this changes the type of alive to bool in the function
      definition and all calling locations.
      
      Since tcp_orphan_tries is a tcp_timer.c local function no change in
      any other file or header is necessary.
      Signed-off-by: default avatarRichard Sailer <richard@weltraumpflege.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7533ce30
    • Roopa Prabhu's avatar
      bridge: allow adding of fdb entries pointing to the bridge device · 3741873b
      Roopa Prabhu authored
      This patch enables adding of fdb entries pointing to the bridge device.
      This can be used to propagate mac address of vlan interfaces
      configured on top of the vlan filtering bridge.
      
      Before:
      $bridge fdb add 44:38:39:00:27:9f dev bridge
      RTNETLINK answers: Invalid argument
      
      After:
      $bridge fdb add 44:38:39:00:27:9f dev bridge
      Signed-off-by: default avatarRoopa Prabhu <roopa@cumulusnetworks.com>
      Reviewed-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3741873b
  2. 11 Oct, 2015 11 commits
  3. 09 Oct, 2015 19 commits