Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networkign fixes from David Miller:
 "Networking bug fixes, Cacio e Pepe edition:

  1) BNX2X accidently accesses chip rev specific registers without an
     appropriate guard, fix from Ariel Elior.

  2) When we removed the routing cache, we set ip_rt_max_size to ~0 just
     to keep reporting a value to userspace via sysfs.  But the ipv4
     IPSEC layer was using this to tune itself which is completely bogus
     to now do.  Fix from Steffen Klassert.

  3) Missing initialization in netfilter ipset code from Jozsef
     Kadlecsik.

  4) Check CTA_TIMEOUT_NAME length properly in netfilter cttimeout code,
     fix from Florian Westphal.

  5) After removing the routing cache, we inadvertantly are caching
     multicast routes that end up looping back locally, we cannot do
     that legitimately any more.  Fix from Julian Anastasov.

  6) Revert a race fix for 8139cp qemu/kvm that doesn't actually work
     properly on real hardware.  From Francois Romieu.

  7) Fixup errors in example command lines in VXLAN device docs."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  bnx2x: remove redundant warning log
  vxlan: fix command usage in its doc
  8139cp: revert "set ring address before enabling receiver"
  ipv4: do not cache looped multicasts
  netfilter: cttimeout: fix buffer overflow
  netfilter: ipset: Fix range bug in hash:ip,port,net
  xfrm: Fix the gc threshold value for ipv4
This commit is contained in:
Linus Torvalds 2012-11-23 11:55:49 -10:00
Родитель f3a443af9e 4a25417c20
Коммит eb5aaedd8b
11 изменённых файлов: 43 добавлений и 46 удалений

Просмотреть файл

@ -32,7 +32,7 @@ no entry is in the forwarding table.
# ip link delete vxlan0 # ip link delete vxlan0
3. Show vxlan info 3. Show vxlan info
# ip -d show vxlan0 # ip -d link show vxlan0
It is possible to create, destroy and display the vxlan It is possible to create, destroy and display the vxlan
forwarding table using the new bridge command. forwarding table using the new bridge command.
@ -41,7 +41,7 @@ forwarding table using the new bridge command.
# bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0 # bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0
2. Delete forwarding table entry 2. Delete forwarding table entry
# bridge fdb delete 00:17:42:8a:b4:05 # bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0
3. Show forwarding table 3. Show forwarding table
# bridge fdb show dev vxlan0 # bridge fdb show dev vxlan0

Просмотреть файл

@ -9545,10 +9545,13 @@ static int __devinit bnx2x_prev_unload_common(struct bnx2x *bp)
*/ */
static void __devinit bnx2x_prev_interrupted_dmae(struct bnx2x *bp) static void __devinit bnx2x_prev_interrupted_dmae(struct bnx2x *bp)
{ {
u32 val = REG_RD(bp, PGLUE_B_REG_PGLUE_B_INT_STS); if (!CHIP_IS_E1x(bp)) {
if (val & PGLUE_B_PGLUE_B_INT_STS_REG_WAS_ERROR_ATTN) { u32 val = REG_RD(bp, PGLUE_B_REG_PGLUE_B_INT_STS);
BNX2X_ERR("was error bit was found to be set in pglueb upon startup. Clearing"); if (val & PGLUE_B_PGLUE_B_INT_STS_REG_WAS_ERROR_ATTN) {
REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR, 1 << BP_FUNC(bp)); BNX2X_ERR("was error bit was found to be set in pglueb upon startup. Clearing");
REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR,
1 << BP_FUNC(bp));
}
} }
} }

Просмотреть файл

@ -979,17 +979,6 @@ static void cp_init_hw (struct cp_private *cp)
cpw32_f (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0))); cpw32_f (MAC0 + 0, le32_to_cpu (*(__le32 *) (dev->dev_addr + 0)));
cpw32_f (MAC0 + 4, le32_to_cpu (*(__le32 *) (dev->dev_addr + 4))); cpw32_f (MAC0 + 4, le32_to_cpu (*(__le32 *) (dev->dev_addr + 4)));
cpw32_f(HiTxRingAddr, 0);
cpw32_f(HiTxRingAddr + 4, 0);
ring_dma = cp->ring_dma;
cpw32_f(RxRingAddr, ring_dma & 0xffffffff);
cpw32_f(RxRingAddr + 4, (ring_dma >> 16) >> 16);
ring_dma += sizeof(struct cp_desc) * CP_RX_RING_SIZE;
cpw32_f(TxRingAddr, ring_dma & 0xffffffff);
cpw32_f(TxRingAddr + 4, (ring_dma >> 16) >> 16);
cp_start_hw(cp); cp_start_hw(cp);
cpw8(TxThresh, 0x06); /* XXX convert magic num to a constant */ cpw8(TxThresh, 0x06); /* XXX convert magic num to a constant */
@ -1003,6 +992,17 @@ static void cp_init_hw (struct cp_private *cp)
cpw8(Config5, cpr8(Config5) & PMEStatus); cpw8(Config5, cpr8(Config5) & PMEStatus);
cpw32_f(HiTxRingAddr, 0);
cpw32_f(HiTxRingAddr + 4, 0);
ring_dma = cp->ring_dma;
cpw32_f(RxRingAddr, ring_dma & 0xffffffff);
cpw32_f(RxRingAddr + 4, (ring_dma >> 16) >> 16);
ring_dma += sizeof(struct cp_desc) * CP_RX_RING_SIZE;
cpw32_f(TxRingAddr, ring_dma & 0xffffffff);
cpw32_f(TxRingAddr + 4, (ring_dma >> 16) >> 16);
cpw16(MultiIntr, 0); cpw16(MultiIntr, 0);
cpw8_f(Cfg9346, Cfg9346_Lock); cpw8_f(Cfg9346, Cfg9346_Lock);

Просмотреть файл

@ -1351,7 +1351,7 @@ struct xfrm6_tunnel {
}; };
extern void xfrm_init(void); extern void xfrm_init(void);
extern void xfrm4_init(int rt_hash_size); extern void xfrm4_init(void);
extern int xfrm_state_init(struct net *net); extern int xfrm_state_init(struct net *net);
extern void xfrm_state_fini(struct net *net); extern void xfrm_state_fini(struct net *net);
extern void xfrm4_state_init(void); extern void xfrm4_state_init(void);

Просмотреть файл

@ -1785,6 +1785,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
if (dev_out->flags & IFF_LOOPBACK) if (dev_out->flags & IFF_LOOPBACK)
flags |= RTCF_LOCAL; flags |= RTCF_LOCAL;
do_cache = true;
if (type == RTN_BROADCAST) { if (type == RTN_BROADCAST) {
flags |= RTCF_BROADCAST | RTCF_LOCAL; flags |= RTCF_BROADCAST | RTCF_LOCAL;
fi = NULL; fi = NULL;
@ -1793,6 +1794,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
fl4->flowi4_proto)) fl4->flowi4_proto))
flags &= ~RTCF_LOCAL; flags &= ~RTCF_LOCAL;
else
do_cache = false;
/* If multicast route do not exist use /* If multicast route do not exist use
* default one, but do not gateway in this case. * default one, but do not gateway in this case.
* Yes, it is hack. * Yes, it is hack.
@ -1802,8 +1805,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
} }
fnhe = NULL; fnhe = NULL;
do_cache = fi != NULL; do_cache &= fi != NULL;
if (fi) { if (do_cache) {
struct rtable __rcu **prth; struct rtable __rcu **prth;
struct fib_nh *nh = &FIB_RES_NH(*res); struct fib_nh *nh = &FIB_RES_NH(*res);
@ -2597,7 +2600,7 @@ int __init ip_rt_init(void)
pr_err("Unable to create route proc files\n"); pr_err("Unable to create route proc files\n");
#ifdef CONFIG_XFRM #ifdef CONFIG_XFRM
xfrm_init(); xfrm_init();
xfrm4_init(ip_rt_max_size); xfrm4_init();
#endif #endif
rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);

Просмотреть файл

@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void)
xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo);
} }
void __init xfrm4_init(int rt_max_size) void __init xfrm4_init(void)
{ {
/*
* Select a default value for the gc_thresh based on the main route
* table hash size. It seems to me the worst case scenario is when
* we have ipsec operating in transport mode, in which we create a
* dst_entry per socket. The xfrm gc algorithm starts trying to remove
* entries at gc_thresh, and prevents new allocations as 2*gc_thresh
* so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
* That will let us store an ipsec connection per route table entry,
* and start cleaning when were 1/2 full
*/
xfrm4_dst_ops.gc_thresh = rt_max_size/2;
dst_entries_init(&xfrm4_dst_ops); dst_entries_init(&xfrm4_dst_ops);
xfrm4_state_init(); xfrm4_state_init();

Просмотреть файл

@ -173,6 +173,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
return adtfn(set, &nip, timeout, flags); return adtfn(set, &nip, timeout, flags);
} }
ip_to = ip;
if (tb[IPSET_ATTR_IP_TO]) { if (tb[IPSET_ATTR_IP_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret) if (ret)
@ -185,8 +186,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (!cidr || cidr > 32) if (!cidr || cidr > 32)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} else }
ip_to = ip;
hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1); hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1);

Просмотреть файл

@ -162,7 +162,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
const struct ip_set_hash *h = set->data; const struct ip_set_hash *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt]; ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipport4_elem data = { }; struct hash_ipport4_elem data = { };
u32 ip, ip_to = 0, p = 0, port, port_to; u32 ip, ip_to, p = 0, port, port_to;
u32 timeout = h->timeout; u32 timeout = h->timeout;
bool with_ports = false; bool with_ports = false;
int ret; int ret;
@ -210,7 +210,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
return ip_set_eexist(ret, flags) ? 0 : ret; return ip_set_eexist(ret, flags) ? 0 : ret;
} }
ip = ntohl(data.ip); ip_to = ip = ntohl(data.ip);
if (tb[IPSET_ATTR_IP_TO]) { if (tb[IPSET_ATTR_IP_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret) if (ret)
@ -223,8 +223,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
if (!cidr || cidr > 32) if (!cidr || cidr > 32)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} else }
ip_to = ip;
port_to = port = ntohs(data.port); port_to = port = ntohs(data.port);
if (with_ports && tb[IPSET_ATTR_PORT_TO]) { if (with_ports && tb[IPSET_ATTR_PORT_TO]) {

Просмотреть файл

@ -166,7 +166,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
const struct ip_set_hash *h = set->data; const struct ip_set_hash *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt]; ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipportip4_elem data = { }; struct hash_ipportip4_elem data = { };
u32 ip, ip_to = 0, p = 0, port, port_to; u32 ip, ip_to, p = 0, port, port_to;
u32 timeout = h->timeout; u32 timeout = h->timeout;
bool with_ports = false; bool with_ports = false;
int ret; int ret;
@ -218,7 +218,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
return ip_set_eexist(ret, flags) ? 0 : ret; return ip_set_eexist(ret, flags) ? 0 : ret;
} }
ip = ntohl(data.ip); ip_to = ip = ntohl(data.ip);
if (tb[IPSET_ATTR_IP_TO]) { if (tb[IPSET_ATTR_IP_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret) if (ret)
@ -231,8 +231,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (!cidr || cidr > 32) if (!cidr || cidr > 32)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
ip_set_mask_from_to(ip, ip_to, cidr); ip_set_mask_from_to(ip, ip_to, cidr);
} else }
ip_to = ip;
port_to = port = ntohs(data.port); port_to = port = ntohs(data.port);
if (with_ports && tb[IPSET_ATTR_PORT_TO]) { if (with_ports && tb[IPSET_ATTR_PORT_TO]) {

Просмотреть файл

@ -215,8 +215,8 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
const struct ip_set_hash *h = set->data; const struct ip_set_hash *h = set->data;
ipset_adtfn adtfn = set->variant->adt[adt]; ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_ipportnet4_elem data = { .cidr = HOST_MASK - 1 }; struct hash_ipportnet4_elem data = { .cidr = HOST_MASK - 1 };
u32 ip, ip_to = 0, p = 0, port, port_to; u32 ip, ip_to, p = 0, port, port_to;
u32 ip2_from = 0, ip2_to, ip2_last, ip2; u32 ip2_from, ip2_to, ip2_last, ip2;
u32 timeout = h->timeout; u32 timeout = h->timeout;
bool with_ports = false; bool with_ports = false;
u8 cidr; u8 cidr;
@ -286,6 +286,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
return ip_set_eexist(ret, flags) ? 0 : ret; return ip_set_eexist(ret, flags) ? 0 : ret;
} }
ip_to = ip;
if (tb[IPSET_ATTR_IP_TO]) { if (tb[IPSET_ATTR_IP_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to); ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret) if (ret)
@ -306,6 +307,8 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
if (port > port_to) if (port > port_to)
swap(port, port_to); swap(port, port_to);
} }
ip2_to = ip2_from;
if (tb[IPSET_ATTR_IP2_TO]) { if (tb[IPSET_ATTR_IP2_TO]) {
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to); ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to);
if (ret) if (ret)

Просмотреть файл

@ -41,7 +41,8 @@ MODULE_DESCRIPTION("cttimeout: Extended Netfilter Connection Tracking timeout tu
static LIST_HEAD(cttimeout_list); static LIST_HEAD(cttimeout_list);
static const struct nla_policy cttimeout_nla_policy[CTA_TIMEOUT_MAX+1] = { static const struct nla_policy cttimeout_nla_policy[CTA_TIMEOUT_MAX+1] = {
[CTA_TIMEOUT_NAME] = { .type = NLA_NUL_STRING }, [CTA_TIMEOUT_NAME] = { .type = NLA_NUL_STRING,
.len = CTNL_TIMEOUT_NAME_MAX - 1},
[CTA_TIMEOUT_L3PROTO] = { .type = NLA_U16 }, [CTA_TIMEOUT_L3PROTO] = { .type = NLA_U16 },
[CTA_TIMEOUT_L4PROTO] = { .type = NLA_U8 }, [CTA_TIMEOUT_L4PROTO] = { .type = NLA_U8 },
[CTA_TIMEOUT_DATA] = { .type = NLA_NESTED }, [CTA_TIMEOUT_DATA] = { .type = NLA_NESTED },