- Jan 08, 2019
-
-
Tycho Andersen authored
Both the .o and the actual executable need to be built with -m32 in order to link correctly. Reported-by:
Ingo Molnar <mingo@kernel.org> Signed-off-by:
Tycho Andersen <tycho@tycho.ws> Reviewed-by:
Kees Cook <keescook@chromium.org> Cc: Borislav Petkov <bp@alien8.de> Cc: James Morris <jmorris@namei.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Fixes: fec7b669 ("samples: add an example of seccomp user trap") Link: http://lkml.kernel.org/r/20190107231631.1849-1-tycho@tycho.ws Signed-off-by:
-
- Dec 23, 2018
-
-
Masahiro Yamada authored
Avoid unneeded recreation of these in the incremental build. Signed-off-by:Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
These explicit rules are unneeded because scripts/Makefile.build provides a pattern rule to create %.s from %.c Signed-off-by:
-
- Dec 18, 2018
-
-
Nicholas Mc Guire authored
kzalloc() return should always be checked - notably in example code where this may be seen as reference. On failure of allocation in livepatch_fix1_dummy_alloc() respectively dummy_alloc() previous allocation is freed (thanks to Petr Mladek <pmladek@suse.com> for catching this) and NULL returned. Signed-off-by:
Nicholas Mc Guire <hofrat@osadl.org> Fixes: 439e7271 ("livepatch: introduce shadow variable API") Acked-by:
Joe Lawrence <joe.lawrence@redhat.com> Reviewed-by:
Petr Mladek <pmladek@suse.com> Acked-by:
Miroslav Benes <mbenes@suse.cz> Signed-off-by:
Jiri Kosina <jkosina@suse.cz>
-
- Dec 17, 2018
-
-
Nathan Chancellor authored
Clang warns: samples/vfio-mdev/mtty.c:592:39: warning: implicit conversion from 'int' to 'char' changes value from 162 to -94 [-Wconstant-conversion] *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD; ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~ 1 warning generated. Turns out that all uses of buf in this function ultimately end up stored or cast to an unsigned type. Just use u8, which has the same number of bits but can store this larger number so Clang no longer warns. Signed-off-by:Nathan Chancellor <natechancellor@gmail.com> Signed-off-by:
Alex Williamson <alex.williamson@redhat.com>
-
- Dec 12, 2018
-
-
Tycho Andersen authored
The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by:
-
- Dec 03, 2018
-
-
Daniel T. Lee authored
When NULL pointer accidentally passed to write_kprobe_events, due to strlen(NULL), segmentation fault happens. Changed code returns -1 to deal with this situation. Bug issued with Smatch, static analysis. Signed-off-by:
Daniel T. Lee <danieltimlee@gmail.com> Acked-by:
Song Liu <songliubraving@fb.com> Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net>
-
Michael Tretter authored
Commit 2d700715 ("[media] media: videobuf2: Restructure vb2_buffer") replaced vb2_buffer with vb2_v4l2_buffer in all v4l2 drivers. The restructuring skipped the v4l2-pci-skeleton, probably because it resides outside the drivers directory. The v4l2_buf_ops assume that the passed buffer is a vb2_v4l2_buffer. This is not the case if the skel_buffer is based on vb2_buffer instead of vb2_v4l2_buffer. Replace vb2_buffer with vb2_v4l2_buffer in the skeleton to make sure that future drivers that are based on the skeleton use vb2_v4l2_buffer. Signed-off-by:
Michael Tretter <m.tretter@pengutronix.de> Signed-off-by:
Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by:
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
-
- Dec 01, 2018
-
-
Masahiro Yamada authored
SUBDIRS has been kept as a backward compatibility since commit ("[PATCH] kbuild: external module support") in 2002. We do not need multiple ways to do the same thing, so I will remove SUBDIRS after the Linux 5.3 release. I cleaned up in-tree code, and updated the document so that nobody would try to use it. Meanwhile, display the following warning if SUBDIRS is used. Makefile:189: ================= WARNING ================ Makefile:190: 'SUBDIRS' will be removed after Linux 5.3 Makefile:191: Please use 'M=' or 'KBUILD_EXTMOD' instead Makefile:192: ========================================== Signed-off-by: -
Matteo Croce authored
Find the ifindex with if_nametoindex() instead of requiring the numeric ifindex. Signed-off-by:
Matteo Croce <mcroce@redhat.com> Signed-off-by:
Alexei Starovoitov <ast@kernel.org>
-
Matteo Croce authored
Store only the total packet count for every protocol, instead of the whole per-cpu array. Use bpf_map_get_next_key() to iterate the map, instead of looking up all the protocols. Signed-off-by:
-
- Nov 23, 2018
-
-
Daniel T. Lee authored
Currently, kprobe_events failure won't be handled properly. Due to calling system() indirectly to write to kprobe_events, it can't be identified whether an error is derived from kprobe or system. // buf = "echo '%c:%s %s' >> /s/k/d/t/kprobe_events" err = system(buf); if (err < 0) { printf("failed to create kprobe .."); return -1; } For example, running ./tracex7 sample in ext4 partition, "echo p:open_ctree open_ctree >> /s/k/d/t/kprobe_events" gets 256 error code system() failure. => The error comes from kprobe, but it's not handled correctly. According to man of system(3), it's return value just passes the termination status of the child shell rather than treating the error as -1. (don't care success) Which means, currently it's not working as desired. (According to the upper code snippet) ex) running ./tracex7 with ext4 env. # Current Output sh: echo: I/O error failed to open event open_ctree # Desired Output failed to create kprobe 'open_ctree' error 'No such file or directory' The problem is, error can't be verified whether from child ps or system. But using write() directly can verify the command failure, and it will treat all error as -1. So I suggest using write() directly to 'kprobe_events' rather than calling system(). Signed-off-by:
-
- Nov 20, 2018
-
-
Jonathan Davies authored
Signed-off-by:
Jonathan Davies <jonathan.davies@nutanix.com> Signed-off-by:
-
Yonghong Song authored
Add additional checks in tools/testing/selftests/bpf and samples/bpf such that if clang/llvm compiler can generate BTF sections, do not use pahole. Signed-off-by:
Yonghong Song <yhs@fb.com> Signed-off-by:
Martin KaFai Lau <kafai@fb.com> Signed-off-by:
-
- Nov 07, 2018
-
-
Shannon Nelson authored
To help when debugging bpf/xdp load issues, have the load_map() error message include the number and name of the map that failed. Signed-off-by:
Shannon Nelson <shannon.nelson@oracle.com> Acked-by:
John Fastabend <john.fastabend@gmail.com> Acked-by:
-
- Oct 11, 2018
-
-
Gerd Hoffmann authored
Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> Signed-off-by:
-
- Oct 10, 2018
-
-
Masahiro Yamada authored
Some samples require headers installation, so commit 3fca1700 ("kbuild: make samples really depend on headers_install") added such dependency in the top Makefile. However, UML fails to build with CONFIG_SAMPLES=y because UML does not support headers_install. Fixes: 3fca1700 ("kbuild: make samples really depend on headers_install") Reported-by:
-
- Oct 04, 2018
-
-
Bo YU authored
There is a warning when compiling bpf sample programs in sample/bpf: make -C /home/foo/bpf/samples/bpf/../../tools/lib/bpf/ RM='rm -rf' LDFLAGS= srctree=/home/foo/bpf/samples/bpf/../../ O= HOSTCC /home/foo/bpf/samples/bpf/tracex3_user.o /home/foo/bpf/samples/bpf/tracex3_user.c:20:0: warning: "ARRAY_SIZE" redefined #define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) In file included from /home/foo/bpf/samples/bpf/tracex3_user.c:18:0: ./tools/testing/selftests/bpf/bpf_util.h:48:0: note: this is the location of the previous definition # define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) Signed-off-by:Bo YU <tsu.yubo@gmail.com> Signed-off-by:
-
- Oct 02, 2018
-
-
Dan Carpenter authored
"out_buf_sz" needs to be signed for the error handling to work. Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- Oct 01, 2018
-
-
Roman Gushchin authored
This commit extends the test_cgrp2_attach2 test to cover per-cpu cgroup storage. Bpf program will use shared and per-cpu cgroup storages simultaneously, so a better coverage of corresponding core code will be achieved. Expected output: $ ./test_cgrp2_attach2 Attached DROP prog. This ping in cgroup /foo should fail... ping: sendmsg: Operation not permitted Attached DROP prog. This ping in cgroup /foo/bar should fail... ping: sendmsg: Operation not permitted Attached PASS prog. This ping in cgroup /foo/bar should pass... Detached PASS from /foo/bar while DROP is attached to /foo. This ping in cgroup /foo/bar should fail... ping: sendmsg: Operation not permitted Attached PASS from /foo/bar and detached DROP from /foo. This ping in cgroup /foo/bar should pass... ### override:PASS ### multi:PASS Signed-off-by:
Roman Gushchin <guro@fb.com> Acked-by:
-
- Sep 21, 2018
-
-
Prashant Bhole authored
following commit: commit d58e468b ("flow_dissector: implements flow dissector BPF hook") added struct bpf_flow_keys which conflicts with the struct with same name in sockex2_kern.c and sockex3_kern.c similar to commit: commit 534e0e52 ("samples/bpf: fix a compilation failure") we tried the rename it "flow_keys" but it also conflicted with struct having same name in include/net/flow_dissector.h. Hence renaming the struct to "flow_key_record". Also, this commit doesn't fix the compilation error completely because the similar struct is present in sockex3_kern.c. Hence renaming it in both files sockex3_user.c and sockex3_kern.c Signed-off-by:
Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp> Acked-by:
-
- Sep 18, 2018
-
-
Yonghong Song authored
samples/bpf build failed with the following errors: $ make samples/bpf/ ... HOSTCC samples/bpf/sockex3_user.o /data/users/yhs/work/net-next/samples/bpf/sockex3_user.c:16:8: error: redefinition of ‘struct bpf_flow_keys’ struct bpf_flow_keys { ^ In file included from /data/users/yhs/work/net-next/samples/bpf/sockex3_user.c:4:0: ./usr/include/linux/bpf.h:2338:9: note: originally defined here struct bpf_flow_keys *flow_keys; ^ make[3]: *** [samples/bpf/sockex3_user.o] Error 1 Commit d58e468b ("flow_dissector: implements flow dissector BPF hook") introduced struct bpf_flow_keys in include/uapi/linux/bpf.h and hence caused the naming conflict with samples/bpf/sockex3_user.c. The fix is to rename struct bpf_flow_keys in samples/bpf/sockex3_user.c to flow_keys to avoid the conflict. Signed-off-by: -
YueHaibing authored
Remove duplicated includes. Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Acked-by:
-
- Aug 31, 2018
-
-
Prashant Bhole authored
- xsks_map size was fixed to 4, changed it MAX_SOCKS - Remove redundant definition of MAX_SOCKS in xdpsock_user.c - In dump_stats(), add NULL check for xsks[i] Signed-off-by:
Björn Töpel <bjorn.topel@intel.com> Signed-off-by:
-
Nikita V. Shirokov authored
Sample program which shows TCP_SAVE_SYN/TCP_SAVED_SYN usage example: bpf program which is doing TOS/TCLASS reflection (server would reply with a same TOS/TCLASS as client). Signed-off-by:
Nikita V. Shirokov <tehnerd@fb.com> Signed-off-by:
-
- Aug 29, 2018
-
-
Björn Töpel authored
The -c/--copy -z/--zero-copy flags enforces either copy or zero-copy mode. Signed-off-by:
-
- Aug 16, 2018
-
-
Jesper Dangaard Brouer authored
It is common XDP practice to unload/deattach the XDP bpf program, when the XDP sample program is Ctrl-C interrupted (SIGINT) or killed (SIGTERM). The samples/bpf programs xdp_redirect_cpu and xdp_rxq_info, forgot to trap signal SIGTERM (which is the default signal used by the kill command). This was discovered by Red Hat QA, which automated scripts depend on killing the XDP sample program after a timeout period. Fixes: fad3917e ("samples/bpf: add cpumap sample program xdp_redirect_cpu") Fixes: 0fca931a ("samples/bpf: program demonstrating access to xdp_rxq_info") Reported-by:
Jean-Tsung Hsiao <jhsiao@redhat.com> Signed-off-by:
Jesper Dangaard Brouer <brouer@redhat.com> Acked-by:
-
- Aug 10, 2018
-
-
Jesper Dangaard Brouer authored
This implement XDP CPU redirection load-balancing across available CPUs, based on the hashing IP-pairs + L4-protocol. This equivalent to xdp-cpu-redirect feature in Suricata, which is inspired by the Suricata 'ippair' hashing code. An important property is that the hashing is flow symmetric, meaning that if the source and destination gets swapped then the selected CPU will remain the same. This is helps locality by placing both directions of a flows on the same CPU, in a forwarding/routing scenario. The hashing INITVAL (15485863 the 10^6th prime number) was fairly arbitrary choosen, but experiments with kernel tree pktgen scripts (pktgen_sample04_many_flows.sh +pktgen_sample05_flow_per_thread.sh) showed this improved the distribution. This patch also change the default loaded XDP program to be this load-balancer. As based on different user feedback, this seems to be the expected behavior of the sample xdp_redirect_cpu. Link: https://github.com/OISF/suricata/commit/796ec08dd7a63 Signed-off-by:
-
Jesper Dangaard Brouer authored
Adjusted function call API to take an initval. This allow the API user to set the initial value, as a seed. This could also be used for inputting the previous hash. Signed-off-by:
-
- Aug 09, 2018
-
-
Jesper Dangaard Brouer authored
The teardown race in cpumap is really hard to reproduce. These changes makes it easier to reproduce, for QA. The --stress-mode now have a case of a very small queue size of 8, that helps to trigger teardown flush to encounter a full queue, which results in calling xdp_return_frame API, in a non-NAPI protect context. Also increase MAX_CPUS, as my QA department have larger machines than me. Tested-by:
-
- Aug 02, 2018
-
-
Roman Gushchin authored
The test_cgrp2_attach test covers bpf cgroup attachment code well, so let's re-use it for testing allocation/releasing of cgroup storage. The extension is pretty straightforward: the bpf program will use the cgroup storage to save the number of transmitted bytes. Expected output: $ ./test_cgrp2_attach2 Attached DROP prog. This ping in cgroup /foo should fail... ping: sendmsg: Operation not permitted Attached DROP prog. This ping in cgroup /foo/bar should fail... ping: sendmsg: Operation not permitted Attached PASS prog. This ping in cgroup /foo/bar should pass... Detached PASS from /foo/bar while DROP is attached to /foo. This ping in cgroup /foo/bar should fail... ping: sendmsg: Operation not permitted Attached PASS from /foo/bar and detached DROP from /foo. This ping in cgroup /foo/bar should pass... ### override:PASS ### multi:PASS Signed-off-by:
-
- Jul 27, 2018
-
-
Jakub Kicinski authored
Convert xdpsock_user.c to use libbpf instead of bpf_load.o. Signed-off-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by:
Quentin Monnet <quentin.monnet@netronome.com> Signed-off-by:
-
Jakub Kicinski authored
Convert xdp_fwd_user.c to use libbpf instead of bpf_load.o. Signed-off-by:
-
Taeung Song authored
To smoothly test BTF supported binary on samples/bpf, let samples/bpf/Makefile probe llc, pahole and llvm-objcopy for BPF support and use them like tools/testing/selftests/bpf/Makefile changed from the commit c0fa1b6c ("bpf: btf: Add BTF tests"). Signed-off-by:
Taeung Song <treeze.taeung@gmail.com> Acked-by:
-
Brian Brooks authored
Define u_smp_rmb() and u_smp_wmb() to respective barrier instructions. This ensures the processor will order accesses to queue indices against accesses to queue ring entries. Signed-off-by:
Brian Brooks <brian.brooks@linaro.org> Acked-by:
-
- Jul 17, 2018
-
-
Laura Abbott authored
In preparation for enabling command line LDLIBS, re-name HOST_LOADLIBES to KBUILD_HOSTLDLIBS as the internal use only flags. Also rename existing usage to HOSTLDLIBS for consistency. This should not have any visible effects. Signed-off-by:
Laura Abbott <labbott@redhat.com> Signed-off-by:
-
Laura Abbott authored
In preparation for enabling command line CFLAGS, re-name HOSTCFLAGS to KBUILD_HOSTCFLAGS as the internal use only flags. This should not have any visible effects. Signed-off-by:
-
- Jul 16, 2018
-
-
Dan Carpenter authored
"prog_cnt" is the number of elements which are filled out in prog_fd[] so the test should be >= instead of >. Signed-off-by:
David Ahern <dsahern@gmail.com> Signed-off-by:
-
Dan Carpenter authored
I can't see that we check prog_cnt to ensure it doesn't go over MAX_PROGS. Signed-off-by:
-
- Jul 13, 2018
-
-
Jesper Dangaard Brouer authored
People noticed that the code match on IEEE 802.1ad (ETH_P_8021AD) ethertype, and this implies Q-in-Q or double tagged VLANs. Thus, we better parse the next VLAN header too. It is even marked as a TODO. This is relevant for real world use-cases, as XDP cpumap redirect can be used when the NIC RSS hashing is broken. E.g. the ixgbe driver HW cannot handle double tagged VLAN packets, and places everything into a single RX queue. Using cpumap redirect, users can redistribute traffic across CPUs to solve this, which is faster than the network stacks RPS solution. It is left as an exerise how to distribute the packets across CPUs. It would be convenient to use the RX hash, but that is not _yet_ exposed to XDP programs. For now, users can code their own hash, as I've demonstrated in the Suricata code (where Q-in-Q is handled correctly). Reported-by:
Florian Maury <florian.maury-cv@x-cli.eu> Reported-by:
Marek Majkowski <marek@cloudflare.com> Signed-off-by:
-
