summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-11-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller31-340/+1610
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for your net-next tree. This includes better integration with the routing subsystem for nf_tables, explicit notrack support and smaller updates. More specifically, they are: 1) Add fib lookup expression for nf_tables, from Florian Westphal. This new expression provides a native replacement for iptables addrtype and rp_filter matches. This is more flexible though, since we can populate the kernel flowi representation to inquire fib to accomodate new usecases, such as RTBH through skb mark. 2) Introduce rt expression for nf_tables, from Anders K. Pedersen. This new expression allow you to access skbuff route metadata, more specifically nexthop and classid fields. 3) Add notrack support for nf_tables, to skip conntracking, requested by many users already. 4) Add boilerplate code to allow to use nf_log infrastructure from nf_tables ingress. 5) Allow to mangle pkttype from nf_tables prerouting chain, to emulate the xtables cluster match, from Liping Zhang. 6) Move socket lookup code into generic nf_socket_* infrastructure so we can provide a native replacement for the xtables socket match. 7) Make sure nfnetlink_queue data that is updated on every packets is placed in a different cache from read-only data, from Florian Westphal. 8) Handle NF_STOLEN from nf_tables core, also from Florian Westphal. 9) Start round robin number generation in nft_numgen from zero, instead of n-1, for consistency with xtables statistics match, patch from Liping Zhang. 10) Set GFP_NOWARN flag in skbuff netlink allocations in nfnetlink_log, given we retry with a smaller allocation on failure, from Calvin Owens. 11) Cleanup xt_multiport to use switch(), from Gao feng. 12) Remove superfluous check in nft_immediate and nft_cmp, from Liping Zhang. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01netfilter: nf_queue: place volatile data in own cachelineFlorian Westphal1-1/+1
As the comment indicates, the data at the end of nfqnl_instance struct is written on every queue/dequeue, so it should reside in its own cacheline. Before this change, 'lock' was in first cacheline so we dirtied both. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-01netfilter: nf_tables: remove useless U8_MAX validationLiping Zhang2-6/+0
After call nft_data_init, size is already validated and desc.len will not exceed the sizeof(struct nft_data), i.e. 16 bytes. So it will never exceed U8_MAX. Furthermore, in nft_immediate_init, we forget to call nft_data_uninit when desc.len exceeds U8_MAX, although this will not happen, but it's a logical mistake. Now remove these redundant validation introduced by commit 36b701fae12a ("netfilter: nf_tables: validate maximum value of u32 netlink attributes") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-01netfilter: nf_tables: introduce routing expressionAnders K. Pedersen4-0/+187
Introduces an nftables rt expression for routing related data with support for nexthop (i.e. the directly connected IP address that an outgoing packet is sent to), which can be used either for matching or accounting, eg. # nft add rule filter postrouting \ ip daddr 192.168.1.0/24 rt nexthop != 192.168.0.1 drop This will drop any traffic to 192.168.1.0/24 that is not routed via 192.168.0.1. # nft add rule filter postrouting \ flow table acct { rt nexthop timeout 600s counter } # nft add rule ip6 filter postrouting \ flow table acct { rt nexthop timeout 600s counter } These rules count outgoing traffic per nexthop. Note that the timeout releases an entry if no traffic is seen for this nexthop within 10 minutes. # nft add rule inet filter postrouting \ ether type ip \ flow table acct { rt nexthop timeout 600s counter } # nft add rule inet filter postrouting \ ether type ip6 \ flow table acct { rt nexthop timeout 600s counter } Same as above, but via the inet family, where the ether type must be specified explicitly. "rt classid" is also implemented identical to "meta rtclassid", since it is more logical to have this match in the routing expression going forward. Signed-off-by: Anders K. Pedersen <akp@cohaesio.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-01netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.cPablo Neira Ayuso9-296/+369
We need this split to reuse existing codebase for the upcoming nf_tables socket expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-01netfilter: nf_log: add packet logging for netdev familyPablo Neira Ayuso7-15/+121
Move layer 2 packet logging into nf_log_l2packet() that resides in nf_log_common.c, so this can be shared by both bridge and netdev families. This patch adds the boiler plate code to register the netdev logging family. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-01netfilter: nf_tables: add fib expressionFlorian Westphal12-0/+854
Add FIB expression, supported for ipv4, ipv6 and inet family (the latter just dispatches to ipv4 or ipv6 one based on nfproto). Currently supports fetching output interface index/name and the rtm_type associated with an address. This can be used for adding path filtering. rtm_type is useful to e.g. enforce a strong-end host model where packets are only accepted if daddr is configured on the interface the packet arrived on. The fib expression is a native nftables alternative to the xtables addrtype and rp_filter matches. FIB result order for oif/oifname retrieval is as follows: - if packet is local (skb has rtable, RTF_LOCAL set, this will also catch looped-back multicast packets), set oif to the loopback interface. - if fib lookup returns an error, or result points to local, store zero result. This means '--local' option of -m rpfilter is not supported. It is possible to use 'fib type local' or add explicit saddr/daddr matching rules to create exceptions if this is really needed. - store result in the destination register. In case of multiple routes, search set for desired oif in case strict matching is requested. ipv4 and ipv6 behave fib expressions are supposed to behave the same. [ I have collapsed Arnd Bergmann's ("netfilter: nf_tables: fib warnings") http://patchwork.ozlabs.org/patch/688615/ to address fallout from this patch after rebasing nf-next, that was posted to address compilation warnings. --pablo ] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-01genetlink: fix error return code in genl_register_family()Wei Yongjun1-1/+3
Fix to return a negative error code from the idr_alloc() error handling case instead of 0, as done elsewhere in this function. Also fix the return value check of idr_alloc() since idr_alloc return negative errors on failure, not zero. Fixes: 2ae0f17df1cd ("genetlink: use idr to track families") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01net: Enable support for VRF with ipv4 multicastDavid Ahern3-21/+56
Enable support for IPv4 multicast: - similar to unicast the flow struct is updated to L3 master device if relevant prior to calling fib_rules_lookup. The table id is saved to the lookup arg so the rule action for ipmr can return the table associated with the device. - ip_mr_forward needs to check for master device mismatch as well since the skb->dev is set to it - allow multicast address on VRF device for Rx by checking for the daddr in the VRF device as well as the original ingress device - on Tx need to drop to __mkroute_output when FIB lookup fails for multicast destination address. - if CONFIG_IP_MROUTE_MULTIPLE_TABLES is enabled VRF driver creates IPMR FIB rules on first device create similar to FIB rules. In addition the VRF driver does not divert IPv4 multicast packets: it breaks on Tx since the fib lookup fails on the mcast address. With this patch, ipmr forwarding and local rx/tx work. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01Merge branch 'tipc-socket-layer-improvements'David S. Miller2-238/+242
Parthasarathy Bhuvaragan says: ==================== tipc: socket layer improvements The following issues with the current socket layer hinders socket diagnostics implementation, which led to this patch series. 1. tipc socket state is derived from multiple variables like sock->state, tsk->probing_state and tsk->connected. This style forces us to export multiple attributes to the user space, which has to be backward compatible. 2. Abuse of sock->state cannot be exported to user-space without requiring tipc specific hacks in the user-space. - For connection less (CL) sockets sock->state is overloaded to tipc state SS_READY. - For connection oriented (CO) listening socket sock->state is overloaded to tipc state SS_LISTEN. This series is split into four: 1. Bug fixes in patch #1,2,3. 2. Minor cleanups in patch#4-5. 3. Express all tipc states using a single variable in patch#6-8. 4. Migrate the new tipc states to sk->sk_state in patch#9-16. The figures below represents the FSM after this series: Stream Server Listening Socket: +-----------+ +-------------+ | TIPC_OPEN |------>| TIPC_LISTEN | +-----------+ +-------------+ Stream Server Data Socket: +-----------+ +------------------+ | TIPC_OPEN |------>| TIPC_ESTABLISHED | +-----------+ +------------------+ ^ | | | | v +--------------------+ | TIPC_DISCONNECTING | +--------------------+ Stream Socket Client: +-----------+ +-----------------+ | TIPC_OPEN |------>| TIPC_CONNECTING |------+ +-----------+ +-----------------+ | | | | | v | +------------------+ | | TIPC_ESTABLISHED | | +------------------+ | ^ | | | | | | v | +--------------------+ | | TIPC_DISCONNECTING |<--+ +--------------------+ NOTE: This is just a base refractoring required for socket diagnostics. TIPC socket diagnostics support will be introduced in a later series. v2: - remove extra cast and parenthesis as suggested by David S. Miller in #4. - map new tipc state values to tcp states to address Eric Dumazet's concern, thus allow the usage of generic sk_* helpers. This is done in patch#10-15. - remove TIPC_PROBING state and replace it with probe_unacked flag in #11. - replace the TIPC_CLOSING state in v1 with sk_shutdown flag in #14. - introduce __tipc_shutdown() to avoid code duplication in #14. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: remove SS_CONNECTED sock stateParthasarathy Bhuvaragan1-48/+38
In this commit, we replace references to sock->state SS_CONNECTE with sk_state TIPC_ESTABLISHED. Finally, the sock->state is no longer explicitly used by tipc. The FSM below is for various types of connection oriented sockets. Stream Server Listening Socket: +-----------+ +-------------+ | TIPC_OPEN |------>| TIPC_LISTEN | +-----------+ +-------------+ Stream Server Data Socket: +-----------+ +------------------+ | TIPC_OPEN |------>| TIPC_ESTABLISHED | +-----------+ +------------------+ ^ | | | | v +--------------------+ | TIPC_DISCONNECTING | +--------------------+ Stream Socket Client: +-----------+ +-----------------+ | TIPC_OPEN |------>| TIPC_CONNECTING |------+ +-----------+ +-----------------+ | | | | | v | +------------------+ | | TIPC_ESTABLISHED | | +------------------+ | ^ | | | | | | v | +--------------------+ | | TIPC_DISCONNECTING |<--+ +--------------------+ Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: create TIPC_CONNECTING as a new sk_stateParthasarathy Bhuvaragan1-32/+28
In this commit, we create a new tipc socket state TIPC_CONNECTING by primarily replacing the SS_CONNECTING with TIPC_CONNECTING. There is no functional change in this commit. Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: remove SS_DISCONNECTING stateParthasarathy Bhuvaragan1-80/+52
In this commit, we replace the references to SS_DISCONNECTING with the combination of sk_state TIPC_DISCONNECTING and flags set in sk_shutdown. We introduce a new function _tipc_shutdown(), which provides the common code required by tipc_release() and tipc_shutdown(). Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: create TIPC_DISCONNECTING as a new sk_stateParthasarathy Bhuvaragan1-15/+24
In this commit, we create a new tipc socket state TIPC_DISCONNECTING in sk_state. TIPC_DISCONNECTING is replacing the socket connection status update using SS_DISCONNECTING. TIPC_DISCONNECTING is set for connection oriented sockets at: - tipc_shutdown() - connection probe timeout - when we receive an error message on the connection. There is no functional change in this commit. Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: create TIPC_OPEN as a new sk_stateParthasarathy Bhuvaragan1-54/+43
In this commit, we create a new tipc socket state TIPC_OPEN in sk_state. We primarily replace the SS_UNCONNECTED sock->state with TIPC_OPEN. Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: create TIPC_ESTABLISHED as a new sk_stateParthasarathy Bhuvaragan1-7/+11
Until now, tipc maintains probing state for connected sockets in tsk->probing_state variable. In this commit, we express this information as socket states and this remove the variable. We set probe_unacked flag when a probe is sent out and reset it if we receive a reply. Instead of the probing state TIPC_CONN_OK, we create a new state TIPC_ESTABLISHED. There is no functional change in this commit. Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: create TIPC_LISTEN as a new sk_stateParthasarathy Bhuvaragan1-19/+43
Until now, tipc maintains the socket state in sock->state variable. This is used to maintain generic socket states, but in tipc we overload it and save tipc socket states like TIPC_LISTEN. Other protocols like TCP, UDP store protocol specific states in sk->sk_state instead. In this commit, we : - declare a new tipc state TIPC_LISTEN, that replaces SS_LISTEN - Create a new function tipc_set_state(), to update sk->sk_state. - TIPC_LISTEN state is maintained in sk->sk_state. - replace references to SS_LISTEN with TIPC_LISTEN. There is no functional change in this commit. Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: remove socket state SS_READYParthasarathy Bhuvaragan1-18/+31
Until now, tipc socket state SS_READY declares that the socket is a connectionless socket. In this commit, we remove the state SS_READY and replace it with a condition which returns true for datagram / connectionless sockets. Acked-by: Ying Xue <ying.xue@windriver.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: remove probing_intv from tipc_sockParthasarathy Bhuvaragan1-10/+9
Until now, probing_intv is a variable in struct tipc_sock but is always set to a constant CONN_PROBING_INTERVAL. The socket connection is probed based on this value. In this commit, we remove this variable and setup the socket timer based on the constant CONN_PROBING_INTERVAL. There is no functional change in this commit. Acked-by: Ying Xue <ying.xue@windriver.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: remove tsk->connected from tipc_sockParthasarathy Bhuvaragan1-17/+19
Until now, we determine if a socket is connected or not based on tsk->connected, which is set once when the probing state is set to TIPC_CONN_OK. It is unset when the sock->state is updated from SS_CONNECTED to any other state. In this commit, we remove connected variable from tipc_sock and derive socket connection status from the following condition: sock->state == SS_CONNECTED => tsk->connected There is no functional change in this commit. Acked-by: Ying Xue <ying.xue@windriver.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: remove tsk->connected for connectionless socketsParthasarathy Bhuvaragan1-3/+1
Until now, for connectionless sockets the peer information during connect is stored in tsk->peer and a connection state is set in tsk->connected. This is redundant. In this commit, for connectionless sockets we update: - __tipc_sendmsg(), when the destination is NULL the peer existence is determined by tsk->peer.family, instead of tsk->connected. - tipc_connect(), remove set/unset of tsk->connected. Hence tsk->connected is no longer used for connectionless sockets. There is no functional change in this commit. Acked-by: Ying Xue <ying.xue@windriver.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: rename tsk->remote to tsk->peer for consistent namingParthasarathy Bhuvaragan1-6/+5
Until now, the peer information for connect is stored in tsk->remote but the rest of code uses the name peer for peer/remote. In this commit, we rename tsk->remote to tsk->peer to align with naming convention followed in the rest of the code. There is no functional change in this commit. Acked-by: Ying Xue <ying.xue@windriver.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: rename struct tipc_skb_cb member handle to bytes_readParthasarathy Bhuvaragan2-9/+11
In this commit, we rename handle to bytes_read indicating the purpose of the member. Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: set kern=0 in sk_alloc() during tipc_accept()Parthasarathy Bhuvaragan1-1/+1
Until now, tipc_accept() calls sk_alloc() with kern=1. This is incorrect as the data socket's owner is the user application. Thus for these accepted data sockets the network namespace refcount is skipped. In this commit, we fix this by setting kern=0. Acked-by: Ying Xue <ying.xue@windriver.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: wakeup sleeping users at disconnectParthasarathy Bhuvaragan1-0/+1
Until now, in filter_connect() when we terminate a connection due to an error message from peer, we set the socket state to DISCONNECTING. The socket is notified about this broken connection using EPIPE when a user tries to send a message. However if a socket was waiting on a poll() while the connection is being terminated, we fail to wakeup that socket. In this commit, we wakeup sleeping sockets at connection termination. Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01tipc: return early for non-blocking sockets at link congestionParthasarathy Bhuvaragan1-0/+6
Until now, in stream/mcast send() we pass the message to the link layer even when the link is congested and add the socket to the link's wakeup queue. This is unnecessary for non-blocking sockets. If a socket is set to non-blocking and sends multicast with zero back off time while receiving EAGAIN, we exhaust the memory. In this commit, we return immediately at stream/mcast send() for non-blocking sockets. Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01Merge branch 'nfp-cleanups-and-RX-path-rewrite'David S. Miller5-318/+263
Jakub Kicinski says: ==================== nfp: cleanups and RX path rewrite This series lays groundwork for upcoming XDP support by updating the RX path not to pre-allocate sk_buffs. I start with few cleanups, removal of NFP3200-related code being the most significant. Patch 7 moves to alloc_frag() and build_skb() APIs. Again, a number of small cleanups follow. The set ends with adding support for different number of RX and TX rings. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: bring back support for different ring countsJakub Kicinski1-47/+71
We used to always allocate the same number of TX and RX rings so the support for having r_vectors without one of the rings was dropped. That makes us, however, unnecessarily limited to 8 TX rings (8 is the Linux RSS default) most of the time. Also we are about to add channel count configuration via ethtool, so bring that support back. TX rings can now default to num_online_cpus() and RX rings to netif_get_num_default_rss_queues(). Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: replace num_irqs with max_r_vecsJakub Kicinski2-8/+10
num_irqs is not used anywhere, replace it with max_r_vecs which holds number of allocated RX/TX vectors and is going to be useful soon. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: remove nfp_net_irqs_wanted()Jakub Kicinski1-23/+4
nfp_net_irqs_wanted() doesn't really encapsulate much logic, remove it and inline the calculations. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: use unsigned int for vector/ring countsJakub Kicinski2-10/+12
Use unsigned int consistently for vector/ring counts. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: create separate define for max number of vectorsJakub Kicinski1-3/+5
We are currently using define for max TX rings to allocate IRQ vectors. It's OK since the max number of rings for TX and RX are currently the same, but lets make the code nicer by taking max of the two. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: use AND instead of modulo to get ring indexesJakub Kicinski1-7/+7
We already force ring sizes to be power of 2 so replace modulo operations with AND (size - 1) in index calculations. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: add separate buffer allocation function for napiJakub Kicinski1-2/+21
Introduce a separate buffer allocation function to be called from NAPI. We can make assumptions about the context and buffer size. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: use alloc_frag() and build_skb()Jakub Kicinski3-50/+82
Speed up RX processing by moving to the alloc_frag()/build_skb() paradigm. Since we're no longer mapping the entire buffer for DMA add helpers which take care of calculating offsets and lengths. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: add buffer drop/recycle helper for RXJakub Kicinski1-10/+17
nfp_net_rx() is quite long already and about to get longer. Move buffer drop/recycle to a helper. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: centralize the buffer size calculationJakub Kicinski2-9/+21
Add a helper function to calculate the buffer size at run time. Buffer lengths will now depend on the FW prepend configuration instead of assuming the most space consuming configuration and defaulting to 2k buffers at initialization time. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: remove inline attributes and dead codeJakub Kicinski1-14/+1
Don't declare functions as static inline in .c files and remove dead code it was hiding. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: remove unnecessary call to ether_setup()Jakub Kicinski1-1/+0
ether_setup() will be invoked by alloc_etherdev_mqs(), no need to call it again. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: remove support for nfp3200Jakub Kicinski4-138/+22
Drop all code related to nfp3200. It was never widely deployed as a NIC. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01nfp: simplify nfp_net_poll()Jakub Kicinski1-9/+3
There are few variables in nfp_net_poll() which are used only once or unused but set. Remove them. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01Merge branch 'qed-next'David S. Miller4-1/+23
Yuval Mintz says: ==================== qed*: Fixes to "Allow unicast filtering" Commit 7b7e70f979e3 ("qed*: Allow unicast filtering") introduced several issues in driver. This series is intended to address and fix those. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01qed: Correct VF mac numberMintz, Yuval3-0/+22
When relaxing the limitation on the number of unicast MAC filters an interface can configure, qed started passing the MAC quota to qede. However, the value is initialized only for PFs, causing VFs to always try and configure themselves as promiscuous [as they believe they lack the resources to configure the rx-mode]. Fixes: 7b7e70f979e3 ("qed*: Allow unicast filtering") Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01qede: Don't override priv_flagsMintz, Yuval1-1/+1
Driver is now setting the ndev's priv_flags instead of adding to it, causing pktgen failure to utilize various features due to the loss of the IFF_TX_SKB_SHARING indication. Fixes: 7b7e70f979e3 ("qed*: Allow unicast filtering") Signed-off-by: Yuval Mintz <Yuval.Mintz@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-01Merge branch '40GbE' of ↵David S. Miller18-850/+867
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 40GbE Intel Wired LAN Driver Updates 2016-10-31 This series contains updates to i40e and i40evf. Colin Ian King fixes a minor issue with dev_err message where a new line character was missing from the end of the message. Jake provides several most of the changes in the series, starting with dropping the is_vf and is_netdev fields in the i40e_mac_filter structure since they are not needed (along with the checks that used these fields). Reason being that we use separate VSI's for SRIOV VFs and for netdev VSIs, therefore a single VSI should only have one type of filter. Then simplifies our .set_rx_mode handler by using the kernel provided __dev_uc_sync and __dev_mc_sync functions for notification of add and deletion of filters. Refactored the i40e_put_mac_in_vlan() to resolve an issue where this function was arbitrarily modifying all filters to have the same VLAN, which is incorrect because it could be modifying active filters without putting them into the new state. Refactored the delete filter logic so that we can re-use the functionality, where appropriate, without having to search for the filter twice. Reduced the latency of operations related to searching for specific MAC filters by using a static hash table instead of a list. Reduced code duplication in the adminq command to add/delete for filters. Fixed an issue where TSYNVALID bit was not being checked as the true indicator of whether the packet has an associated timestamp. Cleaned up a second msleep() call by simply re-ordering the code so that the extra wait is no longer needed. Alan provides additional fix to the work Jake has been doing to resolve a bug where adding at least one VLAN and then removing all VLANs leaves the MAC filters for the VSI with an incorrect value for the VID which indicates the MAC filter's VLAN status. Alex adds a common method for finding a VSI by type. Also cleaned up the logic for coalescing RS bits, which was convoluted and larger than it needed to be. Mitch fixes an issue with the failure to add filters when the VF driver is reloaded by simply setting the number of filters to 0 when freeing VF resources. Maciej implements a I40E_NVMUPD_STATE_ERROR state for NVM update, so that the driver has the ability to return NVM image write failure. Filip removes unreachable code which was found using static analysis where "if" statements were never in a "true/false" state, so clean up unnecessary if statements. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-10-31net: set SK_MEM_QUANTUM to 4096Eric Dumazet1-6/+17
Systems with large pages (64KB pages for example) do not always have huge quantity of memory. A big SK_MEM_QUANTUM value leads to fewer interactions with the global counters (like tcp_memory_allocated) but might trigger memory pressure much faster, giving suboptimal TCP performance since windows are lowered to ridiculous values. Note that sysctl_mem units being in pages and in ABI, we also need to change sk_prot_mem_limits() accordingly. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-10-31net: cris: make eth_v10.c explicitly non-modularPaul Gortmaker1-10/+1
The Makefile/Kconfig currently controlling compilation of this code is: drivers/net/cris/Makefile:obj-$(CONFIG_ETRAX_ARCH_V10) += eth_v10.o arch/cris/Kconfig:config ETRAX_ARCH_V10 arch/cris/Kconfig: bool ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering remains unchanged with this commit. There was a one line wrapper for the int init function, which made no sense; hence we just put the device_initcall on the true init function itself and delete the pointless wrapper. In doing that we get rid of the following compile warning: WARNING: drivers/net/built-in.o(.text+0x1e28): Section mismatch in reference from the function etrax_init_module() to the function .init.text:etrax_ethernet_init() We don't replace module.h with init.h since the file already has that. Cc: "David S. Miller" <davem@davemloft.net> Cc: Mikael Starvik <starvik@axis.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Cc: netdev@vger.kernel.org Cc: linux-cris-kernel@axis.com Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-10-31i40e: removed unreachable codeFilip Sadowski4-60/+33
Removed some of unnecessary if statements and unreachable code found by static code analysis tool. The return value of i40e_vsi_control_rings(..., false) is always 0. So, test for non-zero will never be true. The function has been split into "int i40e_vsi_start_rings()" and "void i40e_vsi_stop_rings()" for better understanding. Similarly, the function i40e_vsi_kill_vlan() never fails. So, checking for return value is also unnecessary. Function definition changed to void. The i40e_loopback_test() function is not implemented. The function and all references to loopback testing were removed. Change-ID: Id45cf66f6689ce2bc4e887de13f073e30e8431bd Signed-off-by: Filip Sadowski <filip.sadowski@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-10-31i40e: Implementation of ERROR state for NVM update state machineMaciej Sosin5-4/+22
This patch adds I40E_NVMUPD_STATE_ERROR state for NVM update. Without this patch driver has no possibility to return NVM image write failure.This state is being set when ARQ rises error. arq_last_status is also updated every time when ARQ event comes, not only on error cases. Change-ID: I67ce43ba22a240773c2821b436e96054db0b7c81 Signed-off-by: Maciej Sosin <maciej.sosin@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-10-31i40e: Fix for division by zeroMichal Kosiarz1-2/+4
For some cases when reading from device are incorrect or image is incorrect, this part of code causes crash due to division by zero. Change-ID: I8961029a7a87b0a479995823ef8fcbf6471405e1 Signed-off-by: Michal Kosiarz <michal.kosiarz@intel.com> Tested-by: Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>