pyrox.dev / nixpkgs
lol
fork atom

linux: remove unused kernel patches

Robin Gloster 05b8cae9 9f3f575a

-1961
-407
pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/4.4.patch
··· 1 - commit e7cae741f6d645ac68fe8823ca6ef45dbbf6891b 2 - Author: Tejun Heo <tj@kernel.org> 3 - Date: Fri Mar 11 07:31:23 2016 -0500 4 - 5 - sched: Misc preps for cgroup unified hierarchy interface 6 - 7 - Make the following changes in preparation for the cpu controller 8 - interface implementation for the unified hierarchy. This patch 9 - doesn't cause any functional differences. 10 - 11 - * s/cpu_stats_show()/cpu_cfs_stats_show()/ 12 - 13 - * s/cpu_files/cpu_legacy_files/ 14 - 15 - * Separate out cpuacct_stats_read() from cpuacct_stats_show(). While 16 - at it, remove pointless cpuacct_stat_desc[] array. 17 - 18 - Signed-off-by: Tejun Heo <tj@kernel.org> 19 - Cc: Ingo Molnar <mingo@redhat.com> 20 - Cc: Peter Zijlstra <peterz@infradead.org> 21 - Cc: Li Zefan <lizefan@huawei.com> 22 - Cc: Johannes Weiner <hannes@cmpxchg.org> 23 - 24 - diff --git a/kernel/sched/core.c b/kernel/sched/core.c 25 - index 732e993..77f3ddd 100644 26 - --- a/kernel/sched/core.c 27 - +++ b/kernel/sched/core.c 28 - @@ -8512,7 +8512,7 @@ static int __cfs_schedulable(struct task_group *tg, u64 period, u64 quota) 29 - return ret; 30 - } 31 - 32 - -static int cpu_stats_show(struct seq_file *sf, void *v) 33 - +static int cpu_cfs_stats_show(struct seq_file *sf, void *v) 34 - { 35 - struct task_group *tg = css_tg(seq_css(sf)); 36 - struct cfs_bandwidth *cfs_b = &tg->cfs_bandwidth; 37 - @@ -8552,7 +8552,7 @@ static u64 cpu_rt_period_read_uint(struct cgroup_subsys_state *css, 38 - } 39 - #endif /* CONFIG_RT_GROUP_SCHED */ 40 - 41 - -static struct cftype cpu_files[] = { 42 - +static struct cftype cpu_legacy_files[] = { 43 - #ifdef CONFIG_FAIR_GROUP_SCHED 44 - { 45 - .name = "shares", 46 - @@ -8573,7 +8573,7 @@ static struct cftype cpu_files[] = { 47 - }, 48 - { 49 - .name = "stat", 50 - - .seq_show = cpu_stats_show, 51 - + .seq_show = cpu_cfs_stats_show, 52 - }, 53 - #endif 54 - #ifdef CONFIG_RT_GROUP_SCHED 55 - @@ -8599,7 +8599,7 @@ struct cgroup_subsys cpu_cgrp_subsys = { 56 - .fork = cpu_cgroup_fork, 57 - .can_attach = cpu_cgroup_can_attach, 58 - .attach = cpu_cgroup_attach, 59 - - .legacy_cftypes = cpu_files, 60 - + .legacy_cftypes = cpu_legacy_files, 61 - .early_init = 1, 62 - }; 63 - 64 - diff --git a/kernel/sched/cpuacct.c b/kernel/sched/cpuacct.c 65 - index dd7cbb5..42b2dd5 100644 66 - --- a/kernel/sched/cpuacct.c 67 - +++ b/kernel/sched/cpuacct.c 68 - @@ -177,36 +177,33 @@ static int cpuacct_percpu_seq_show(struct seq_file *m, void *V) 69 - return 0; 70 - } 71 - 72 - -static const char * const cpuacct_stat_desc[] = { 73 - - [CPUACCT_STAT_USER] = "user", 74 - - [CPUACCT_STAT_SYSTEM] = "system", 75 - -}; 76 - - 77 - -static int cpuacct_stats_show(struct seq_file *sf, void *v) 78 - +static void cpuacct_stats_read(struct cpuacct *ca, u64 *userp, u64 *sysp) 79 - { 80 - - struct cpuacct *ca = css_ca(seq_css(sf)); 81 - int cpu; 82 - - s64 val = 0; 83 - 84 - + *userp = 0; 85 - for_each_online_cpu(cpu) { 86 - struct kernel_cpustat *kcpustat = per_cpu_ptr(ca->cpustat, cpu); 87 - - val += kcpustat->cpustat[CPUTIME_USER]; 88 - - val += kcpustat->cpustat[CPUTIME_NICE]; 89 - + *userp += kcpustat->cpustat[CPUTIME_USER]; 90 - + *userp += kcpustat->cpustat[CPUTIME_NICE]; 91 - } 92 - - val = cputime64_to_clock_t(val); 93 - - seq_printf(sf, "%s %lld\n", cpuacct_stat_desc[CPUACCT_STAT_USER], val); 94 - 95 - - val = 0; 96 - + *sysp = 0; 97 - for_each_online_cpu(cpu) { 98 - struct kernel_cpustat *kcpustat = per_cpu_ptr(ca->cpustat, cpu); 99 - - val += kcpustat->cpustat[CPUTIME_SYSTEM]; 100 - - val += kcpustat->cpustat[CPUTIME_IRQ]; 101 - - val += kcpustat->cpustat[CPUTIME_SOFTIRQ]; 102 - + *sysp += kcpustat->cpustat[CPUTIME_SYSTEM]; 103 - + *sysp += kcpustat->cpustat[CPUTIME_IRQ]; 104 - + *sysp += kcpustat->cpustat[CPUTIME_SOFTIRQ]; 105 - } 106 - +} 107 - 108 - - val = cputime64_to_clock_t(val); 109 - - seq_printf(sf, "%s %lld\n", cpuacct_stat_desc[CPUACCT_STAT_SYSTEM], val); 110 - +static int cpuacct_stats_show(struct seq_file *sf, void *v) 111 - +{ 112 - + cputime64_t user, sys; 113 - 114 - + cpuacct_stats_read(css_ca(seq_css(sf)), &user, &sys); 115 - + seq_printf(sf, "user %lld\n", cputime64_to_clock_t(user)); 116 - + seq_printf(sf, "system %lld\n", cputime64_to_clock_t(sys)); 117 - return 0; 118 - } 119 - 120 - 121 - commit 1bb33e8a69f089f2d3f58a0e681d4ff352e11c97 122 - Author: Tejun Heo <tj@kernel.org> 123 - Date: Fri Mar 11 07:31:23 2016 -0500 124 - 125 - sched: Implement interface for cgroup unified hierarchy 126 - 127 - While the cpu controller doesn't have any functional problems, there 128 - are a couple interface issues which can be addressed in the v2 129 - interface. 130 - 131 - * cpuacct being a separate controller. This separation is artificial 132 - and rather pointless as demonstrated by most use cases co-mounting 133 - the two controllers. It also forces certain information to be 134 - accounted twice. 135 - 136 - * Use of different time units. Writable control knobs use 137 - microseconds, some stat fields use nanoseconds while other cpuacct 138 - stat fields use centiseconds. 139 - 140 - * Control knobs which can't be used in the root cgroup still show up 141 - in the root. 142 - 143 - * Control knob names and semantics aren't consistent with other 144 - controllers. 145 - 146 - This patchset implements cpu controller's interface on the unified 147 - hierarchy which adheres to the controller file conventions described 148 - in Documentation/cgroups/unified-hierarchy.txt. Overall, the 149 - following changes are made. 150 - 151 - * cpuacct is implictly enabled and disabled by cpu and its information 152 - is reported through "cpu.stat" which now uses microseconds for all 153 - time durations. All time duration fields now have "_usec" appended 154 - to them for clarity. While this doesn't solve the double accounting 155 - immediately, once majority of users switch to v2, cpu can directly 156 - account and report the relevant stats and cpuacct can be disabled on 157 - the unified hierarchy. 158 - 159 - Note that cpuacct.usage_percpu is currently not included in 160 - "cpu.stat". If this information is actually called for, it can be 161 - added later. 162 - 163 - * "cpu.shares" is replaced with "cpu.weight" and operates on the 164 - standard scale defined by CGROUP_WEIGHT_MIN/DFL/MAX (1, 100, 10000). 165 - The weight is scaled to scheduler weight so that 100 maps to 1024 166 - and the ratio relationship is preserved - if weight is W and its 167 - scaled value is S, W / 100 == S / 1024. While the mapped range is a 168 - bit smaller than the orignal scheduler weight range, the dead zones 169 - on both sides are relatively small and covers wider range than the 170 - nice value mappings. This file doesn't make sense in the root 171 - cgroup and isn't create on root. 172 - 173 - * "cpu.cfs_quota_us" and "cpu.cfs_period_us" are replaced by "cpu.max" 174 - which contains both quota and period. 175 - 176 - * "cpu.rt_runtime_us" and "cpu.rt_period_us" are replaced by 177 - "cpu.rt.max" which contains both runtime and period. 178 - 179 - v2: cpu_stats_show() was incorrectly using CONFIG_FAIR_GROUP_SCHED for 180 - CFS bandwidth stats and also using raw division for u64. Use 181 - CONFIG_CFS_BANDWITH and do_div() instead. 182 - 183 - The semantics of "cpu.rt.max" is not fully decided yet. Dropped 184 - for now. 185 - 186 - Signed-off-by: Tejun Heo <tj@kernel.org> 187 - Cc: Ingo Molnar <mingo@redhat.com> 188 - Cc: Peter Zijlstra <peterz@infradead.org> 189 - Cc: Li Zefan <lizefan@huawei.com> 190 - Cc: Johannes Weiner <hannes@cmpxchg.org> 191 - 192 - diff --git a/kernel/sched/core.c b/kernel/sched/core.c 193 - index 77f3ddd..7aafe63 100644 194 - --- a/kernel/sched/core.c 195 - +++ b/kernel/sched/core.c 196 - @@ -8591,6 +8591,139 @@ static struct cftype cpu_legacy_files[] = { 197 - { } /* terminate */ 198 - }; 199 - 200 - +static int cpu_stats_show(struct seq_file *sf, void *v) 201 - +{ 202 - + cpuacct_cpu_stats_show(sf); 203 - + 204 - +#ifdef CONFIG_CFS_BANDWIDTH 205 - + { 206 - + struct task_group *tg = css_tg(seq_css(sf)); 207 - + struct cfs_bandwidth *cfs_b = &tg->cfs_bandwidth; 208 - + u64 throttled_usec; 209 - + 210 - + throttled_usec = cfs_b->throttled_time; 211 - + do_div(throttled_usec, NSEC_PER_USEC); 212 - + 213 - + seq_printf(sf, "nr_periods %d\n" 214 - + "nr_throttled %d\n" 215 - + "throttled_usec %llu\n", 216 - + cfs_b->nr_periods, cfs_b->nr_throttled, 217 - + throttled_usec); 218 - + } 219 - +#endif 220 - + return 0; 221 - +} 222 - + 223 - +#ifdef CONFIG_FAIR_GROUP_SCHED 224 - +static u64 cpu_weight_read_u64(struct cgroup_subsys_state *css, 225 - + struct cftype *cft) 226 - +{ 227 - + struct task_group *tg = css_tg(css); 228 - + u64 weight = scale_load_down(tg->shares); 229 - + 230 - + return DIV_ROUND_CLOSEST_ULL(weight * CGROUP_WEIGHT_DFL, 1024); 231 - +} 232 - + 233 - +static int cpu_weight_write_u64(struct cgroup_subsys_state *css, 234 - + struct cftype *cftype, u64 weight) 235 - +{ 236 - + /* 237 - + * cgroup weight knobs should use the common MIN, DFL and MAX 238 - + * values which are 1, 100 and 10000 respectively. While it loses 239 - + * a bit of range on both ends, it maps pretty well onto the shares 240 - + * value used by scheduler and the round-trip conversions preserve 241 - + * the original value over the entire range. 242 - + */ 243 - + if (weight < CGROUP_WEIGHT_MIN || weight > CGROUP_WEIGHT_MAX) 244 - + return -ERANGE; 245 - + 246 - + weight = DIV_ROUND_CLOSEST_ULL(weight * 1024, CGROUP_WEIGHT_DFL); 247 - + 248 - + return sched_group_set_shares(css_tg(css), scale_load(weight)); 249 - +} 250 - +#endif 251 - + 252 - +static void __maybe_unused cpu_period_quota_print(struct seq_file *sf, 253 - + long period, long quota) 254 - +{ 255 - + if (quota < 0) 256 - + seq_puts(sf, "max"); 257 - + else 258 - + seq_printf(sf, "%ld", quota); 259 - + 260 - + seq_printf(sf, " %ld\n", period); 261 - +} 262 - + 263 - +/* caller should put the current value in *@periodp before calling */ 264 - +static int __maybe_unused cpu_period_quota_parse(char *buf, 265 - + u64 *periodp, u64 *quotap) 266 - +{ 267 - + char tok[21]; /* U64_MAX */ 268 - + 269 - + if (!sscanf(buf, "%s %llu", tok, periodp)) 270 - + return -EINVAL; 271 - + 272 - + *periodp *= NSEC_PER_USEC; 273 - + 274 - + if (sscanf(tok, "%llu", quotap)) 275 - + *quotap *= NSEC_PER_USEC; 276 - + else if (!strcmp(tok, "max")) 277 - + *quotap = RUNTIME_INF; 278 - + else 279 - + return -EINVAL; 280 - + 281 - + return 0; 282 - +} 283 - + 284 - +#ifdef CONFIG_CFS_BANDWIDTH 285 - +static int cpu_max_show(struct seq_file *sf, void *v) 286 - +{ 287 - + struct task_group *tg = css_tg(seq_css(sf)); 288 - + 289 - + cpu_period_quota_print(sf, tg_get_cfs_period(tg), tg_get_cfs_quota(tg)); 290 - + return 0; 291 - +} 292 - + 293 - +static ssize_t cpu_max_write(struct kernfs_open_file *of, 294 - + char *buf, size_t nbytes, loff_t off) 295 - +{ 296 - + struct task_group *tg = css_tg(of_css(of)); 297 - + u64 period = tg_get_cfs_period(tg); 298 - + u64 quota; 299 - + int ret; 300 - + 301 - + ret = cpu_period_quota_parse(buf, &period, &quota); 302 - + if (!ret) 303 - + ret = tg_set_cfs_bandwidth(tg, period, quota); 304 - + return ret ?: nbytes; 305 - +} 306 - +#endif 307 - + 308 - +static struct cftype cpu_files[] = { 309 - + { 310 - + .name = "stat", 311 - + .flags = CFTYPE_NOT_ON_ROOT, 312 - + .seq_show = cpu_stats_show, 313 - + }, 314 - +#ifdef CONFIG_FAIR_GROUP_SCHED 315 - + { 316 - + .name = "weight", 317 - + .flags = CFTYPE_NOT_ON_ROOT, 318 - + .read_u64 = cpu_weight_read_u64, 319 - + .write_u64 = cpu_weight_write_u64, 320 - + }, 321 - +#endif 322 - +#ifdef CONFIG_CFS_BANDWIDTH 323 - + { 324 - + .name = "max", 325 - + .flags = CFTYPE_NOT_ON_ROOT, 326 - + .seq_show = cpu_max_show, 327 - + .write = cpu_max_write, 328 - + }, 329 - +#endif 330 - + { } /* terminate */ 331 - +}; 332 - + 333 - struct cgroup_subsys cpu_cgrp_subsys = { 334 - .css_alloc = cpu_cgroup_css_alloc, 335 - .css_free = cpu_cgroup_css_free, 336 - @@ -8600,7 +8733,15 @@ struct cgroup_subsys cpu_cgrp_subsys = { 337 - .can_attach = cpu_cgroup_can_attach, 338 - .attach = cpu_cgroup_attach, 339 - .legacy_cftypes = cpu_legacy_files, 340 - + .dfl_cftypes = cpu_files, 341 - .early_init = 1, 342 - +#ifdef CONFIG_CGROUP_CPUACCT 343 - + /* 344 - + * cpuacct is enabled together with cpu on the unified hierarchy 345 - + * and its stats are reported through "cpu.stat". 346 - + */ 347 - + .depends_on = 1 << cpuacct_cgrp_id, 348 - +#endif 349 - }; 350 - 351 - #endif /* CONFIG_CGROUP_SCHED */ 352 - diff --git a/kernel/sched/cpuacct.c b/kernel/sched/cpuacct.c 353 - index 42b2dd5..b4d32a6 100644 354 - --- a/kernel/sched/cpuacct.c 355 - +++ b/kernel/sched/cpuacct.c 356 - @@ -224,6 +224,30 @@ static struct cftype files[] = { 357 - { } /* terminate */ 358 - }; 359 - 360 - +/* used to print cpuacct stats in cpu.stat on the unified hierarchy */ 361 - +void cpuacct_cpu_stats_show(struct seq_file *sf) 362 - +{ 363 - + struct cgroup_subsys_state *css; 364 - + u64 usage, user, sys; 365 - + 366 - + css = cgroup_get_e_css(seq_css(sf)->cgroup, &cpuacct_cgrp_subsys); 367 - + 368 - + usage = cpuusage_read(css, seq_cft(sf)); 369 - + cpuacct_stats_read(css_ca(css), &user, &sys); 370 - + 371 - + user *= TICK_NSEC; 372 - + sys *= TICK_NSEC; 373 - + do_div(usage, NSEC_PER_USEC); 374 - + do_div(user, NSEC_PER_USEC); 375 - + do_div(sys, NSEC_PER_USEC); 376 - + 377 - + seq_printf(sf, "usage_usec %llu\n" 378 - + "user_usec %llu\n" 379 - + "system_usec %llu\n", usage, user, sys); 380 - + 381 - + css_put(css); 382 - +} 383 - + 384 - /* 385 - * charge this task's execution time to its accounting group. 386 - * 387 - diff --git a/kernel/sched/cpuacct.h b/kernel/sched/cpuacct.h 388 - index ed60562..44eace9 100644 389 - --- a/kernel/sched/cpuacct.h 390 - +++ b/kernel/sched/cpuacct.h 391 - @@ -2,6 +2,7 @@ 392 - 393 - extern void cpuacct_charge(struct task_struct *tsk, u64 cputime); 394 - extern void cpuacct_account_field(struct task_struct *p, int index, u64 val); 395 - +extern void cpuacct_cpu_stats_show(struct seq_file *sf); 396 - 397 - #else 398 - 399 - @@ -14,4 +15,8 @@ cpuacct_account_field(struct task_struct *p, int index, u64 val) 400 - { 401 - } 402 - 403 - +static inline void cpuacct_cpu_stats_show(struct seq_file *sf) 404 - +{ 405 - +} 406 - + 407 - #endif
-24
pkgs/os-specific/linux/kernel/crc-regression.patch
··· 1 - See https://github.com/NixOS/nixpkgs/issues/6231 2 - 3 - v3.14.31:crypto/crc32c.c is missing the MODULE_ALIAS_CRYPTO("crc32c"). 4 - That's probably because crypto/crc32c.c was renamed to 5 - crypto/crc32c_generic.c in commit 6 - 06e5a1f29819759392239669beb2cad27059c8ec and therefore fell through 7 - the cracks when backporting commit 8 - 5d26a105b5a73e5635eae0629b42fa0a90e07b7b. 9 - 10 - So the affected kernels (all that backported the "crypto-" prefix 11 - patches) need this additional patch: 12 - 13 - diff --git a/crypto/crc32c.c b/crypto/crc32c.c 14 - index 06f7018c9d95..aae5829eb681 100644 15 - --- a/crypto/crc32c.c 16 - +++ b/crypto/crc32c.c 17 - @@ -167,6 +167,7 @@ static void __exit crc32c_mod_fini(void) 18 - module_init(crc32c_mod_init); 19 - module_exit(crc32c_mod_fini); 20 - 21 - +MODULE_ALIAS_CRYPTO("crc32c"); 22 - MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>"); 23 - MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c"); 24 - MODULE_LICENSE("GPL");
-45
pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch
··· 1 - 2 - From Yang Shi <> 3 - Subject [PATCH] crypto: rsa - fix a potential race condition in build 4 - Date Fri, 2 Dec 2016 15:41:04 -0800 5 - 6 - 7 - When building kernel with RSA enabled with multithreaded, the below 8 - compile failure might be caught: 9 - 10 - | /buildarea/kernel-source/crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory 11 - | #include "rsapubkey-asn1.h" 12 - | ^ 13 - | compilation terminated. 14 - | CC crypto/rsa-pkcs1pad.o 15 - | CC crypto/algboss.o 16 - | CC crypto/testmgr.o 17 - | make[3]: *** [/buildarea/kernel-source/scripts/Makefile.build:289: crypto/rsa_helper.o] Error 1 18 - | make[3]: *** Waiting for unfinished jobs.... 19 - | make[2]: *** [/buildarea/kernel-source/Makefile:969: crypto] Error 2 20 - | make[1]: *** [Makefile:150: sub-make] Error 2 21 - | make: *** [Makefile:24: __sub-make] Error 2 22 - 23 - The header file is not generated before rsa_helper is compiled, so 24 - adding dependency to avoid such issue. 25 - 26 - Signed-off-by: Yang Shi <yang.shi@windriver.com> 27 - 28 - --- 29 - crypto/Makefile | 1 + 30 - 1 file changed, 1 insertion(+) 31 - 32 - diff --git a/crypto/Makefile b/crypto/Makefile 33 - index 99cc64a..8db39f9 100644 34 - --- a/crypto/Makefile 35 - +++ b/crypto/Makefile 36 - @@ -40,6 +40,7 @@ obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o 37 - 38 - $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h 39 - $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h 40 - +$(obj)/rsa_helper.o: $(obj)/rsa_helper.c $(obj)/rsaprivkey-asn1.h 41 - clean-files += rsapubkey-asn1.c rsapubkey-asn1.h 42 - clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h 43 - 44 - -- 45 - 2.0.2
-85
pkgs/os-specific/linux/kernel/no-xsave.patch
··· 1 - --- a/arch/x86/xen/enlighten.c 2 - +++ b/arch/x86/xen/enlighten.c 3 - @@ -168,21 +168,23 @@ static void __init xen_banner(void) 4 - xen_feature(XENFEAT_mmu_pt_update_preserve_ad) ? " (preserve-AD)" : ""); 5 - } 6 - 7 - +static __read_mostly unsigned int cpuid_leaf1_edx_mask = ~0; 8 - +static __read_mostly unsigned int cpuid_leaf1_ecx_mask = ~0; 9 - + 10 - static void xen_cpuid(unsigned int *ax, unsigned int *bx, 11 - unsigned int *cx, unsigned int *dx) 12 - { 13 - + unsigned maskecx = ~0; 14 - unsigned maskedx = ~0; 15 - 16 - /* 17 - * Mask out inconvenient features, to try and disable as many 18 - * unsupported kernel subsystems as possible. 19 - */ 20 - - if (*ax == 1) 21 - - maskedx = ~((1 << X86_FEATURE_APIC) | /* disable APIC */ 22 - - (1 << X86_FEATURE_ACPI) | /* disable ACPI */ 23 - - (1 << X86_FEATURE_MCE) | /* disable MCE */ 24 - - (1 << X86_FEATURE_MCA) | /* disable MCA */ 25 - - (1 << X86_FEATURE_ACC)); /* thermal monitoring */ 26 - + if (*ax == 1) { 27 - + maskecx = cpuid_leaf1_ecx_mask; 28 - + maskedx = cpuid_leaf1_edx_mask; 29 - + } 30 - 31 - asm(XEN_EMULATE_PREFIX "cpuid" 32 - : "=a" (*ax), 33 - @@ -190,9 +192,43 @@ static void xen_cpuid(unsigned int *ax, unsigned int *bx, 34 - "=c" (*cx), 35 - "=d" (*dx) 36 - : "0" (*ax), "2" (*cx)); 37 - + 38 - + *cx &= maskecx; 39 - *dx &= maskedx; 40 - } 41 - 42 - +static __init void xen_init_cpuid_mask(void) 43 - +{ 44 - + unsigned int ax, bx, cx, dx; 45 - + 46 - + cpuid_leaf1_edx_mask = 47 - + ~((1 << X86_FEATURE_MCE) | /* disable MCE */ 48 - + (1 << X86_FEATURE_MCA) | /* disable MCA */ 49 - + (1 << X86_FEATURE_ACC)); /* thermal monitoring */ 50 - + 51 - + if (!xen_initial_domain()) 52 - + cpuid_leaf1_edx_mask &= 53 - + ~((1 << X86_FEATURE_APIC) | /* disable local APIC */ 54 - + (1 << X86_FEATURE_ACPI)); /* disable ACPI */ 55 - + 56 - + ax = 1; 57 - + xen_cpuid(&ax, &bx, &cx, &dx); 58 - + 59 - + /* cpuid claims we support xsave; try enabling it to see what happens */ 60 - + if (cx & (1 << (X86_FEATURE_XSAVE % 32))) { 61 - + unsigned long cr4; 62 - + 63 - + set_in_cr4(X86_CR4_OSXSAVE); 64 - + 65 - + cr4 = read_cr4(); 66 - + 67 - + if ((cr4 & X86_CR4_OSXSAVE) == 0) 68 - + cpuid_leaf1_ecx_mask &= ~(1 << (X86_FEATURE_XSAVE % 32)); 69 - + 70 - + clear_in_cr4(X86_CR4_OSXSAVE); 71 - + } 72 - +} 73 - + 74 - static void xen_set_debugreg(int reg, unsigned long val) 75 - { 76 - HYPERVISOR_set_debugreg(reg, val); 77 - @@ -903,6 +939,8 @@ asmlinkage void __init xen_start_kernel(void) 78 - 79 - xen_init_irq_ops(); 80 - 81 - + xen_init_cpuid_mask(); 82 - + 83 - #ifdef CONFIG_X86_LOCAL_APIC 84 - /* 85 - * set up the basic apic ops.
-72
pkgs/os-specific/linux/kernel/patches.nix
··· 21 21 22 22 rec { 23 23 24 - multithreaded_rsapubkey = 25 - { 26 - name = "multithreaded-rsapubkey-asn1.patch"; 27 - patch = ./multithreaded-rsapubkey-asn1.patch; 28 - }; 29 - 30 24 bridge_stp_helper = 31 25 { name = "bridge-stp-helper"; 32 26 patch = ./bridge-stp-helper.patch; ··· 37 31 patch = ./p9-fixes.patch; 38 32 }; 39 33 40 - no_xsave = 41 - { name = "no-xsave"; 42 - patch = ./no-xsave.patch; 43 - features.noXsave = true; 44 - }; 45 - 46 34 mips_fpureg_emu = 47 35 { name = "mips-fpureg-emulation"; 48 36 patch = ./mips-fpureg-emulation.patch; ··· 63 51 patch = ./modinst-arg-list-too-long.patch; 64 52 }; 65 53 66 - ubuntu_fan_4_4 = 67 - { name = "ubuntu-fan"; 68 - patch = ./ubuntu-fan-4.4.patch; 69 - }; 70 - 71 - ubuntu_unprivileged_overlayfs = 72 - { name = "ubuntu-unprivileged-overlayfs"; 73 - patch = ./ubuntu-unprivileged-overlayfs.patch; 74 - }; 75 - 76 - tuxonice_3_10 = makeTuxonicePatch { 77 - version = "2013-11-07"; 78 - kernelVersion = "3.10.18"; 79 - sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j"; 80 - }; 81 - 82 54 grsecurity_testing = throw '' 83 55 Upstream has ceased free support for grsecurity/PaX. 84 56 ··· 86 58 and https://grsecurity.net/passing_the_baton_faq.php 87 59 for more information. 88 60 ''; 89 - 90 - crc_regression = 91 - { name = "crc-backport-regression"; 92 - patch = ./crc-regression.patch; 93 - }; 94 61 95 62 genksyms_fix_segfault = 96 63 { name = "genksyms-fix-segfault"; ··· 107 74 patch = ./chromiumos-patches/no-link-restrictions.patch; 108 75 }; 109 76 110 - chromiumos_mfd_fix_dependency = 111 - { name = "mfd_fix_dependency"; 112 - patch = ./chromiumos-patches/mfd-fix-dependency.patch; 113 - }; 114 - 115 - hiddev_CVE_2016_5829 = 116 - { name = "hiddev_CVE_2016_5829"; 117 - patch = fetchpatch { 118 - url = "https://sources.debian.net/data/main/l/linux/4.6.3-1/debian/patches/bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch"; 119 - sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy"; 120 - }; 121 - }; 122 - 123 77 cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches; 124 - 125 - lguest_entry-linkage = 126 - { name = "lguest-asmlinkage.patch"; 127 - patch = fetchpatch { 128 - url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git" 129 - + "/patch/drivers/lguest/x86/core.c?id=cdd77e87eae52"; 130 - sha256 = "04xlx6al10cw039av6jkby7gx64zayj8m1k9iza40sw0fydcfqhc"; 131 - }; 132 - }; 133 - 134 - packet_fix_race_condition_CVE_2016_8655 = 135 - { name = "packet_fix_race_condition_CVE_2016_8655.patch"; 136 - patch = fetchpatch { 137 - url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=84ac7260236a49c79eede91617700174c2c19b0c"; 138 - sha256 = "19viqjjgq8j8jiz5yhgmzwhqvhwv175q645qdazd1k69d25nv2ki"; 139 - }; 140 - }; 141 - 142 - panic_on_icmp6_frag_CVE_2016_9919 = rec 143 - { name = "panic_on_icmp6_frag_CVE_2016_9919.patch"; 144 - patch = fetchpatch { 145 - inherit name; 146 - url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2"; 147 - sha256 = "0mps33r4mnwiy0bmgrzgqkrk59yya17v6kzpv9024g4xlz61rk8p"; 148 - }; 149 - }; 150 78 151 79 DCCP_double_free_vulnerability_CVE-2017-6074 = rec 152 80 { name = "DCCP_double_free_vulnerability_CVE-2017-6074.patch";
-18
pkgs/os-specific/linux/kernel/perf.diff
··· 1 - --- perf/config/utilities.mak.orig 2014-01-25 14:55:32.573320370 +0000 2 - +++ perf/config/utilities.mak 2014-01-25 15:13:34.174337760 +0000 3 - @@ -186,9 +186,14 @@ 4 - endif 5 - TRY_CC_MSG=echo " CHK $(3)" 1>&2; 6 - 7 - +define newline 8 - + 9 - + 10 - +endef 11 - + 12 - try-cc = $(shell sh -c \ 13 - 'TMP="$(OUTPUT)$(TMPOUT).$$$$"; \ 14 - $(TRY_CC_MSG) \ 15 - - echo "$(1)" | \ 16 - + echo -e "$(subst $(newline),\\n,$(1))" | tee _test.c | \ 17 - $(CC) -x c - $(2) -o "$$TMP" $(TRY_CC_OUTPUT) && echo y; \ 18 - rm -f "$$TMP"')
-1
pkgs/os-specific/linux/kernel/perf.nix
··· 16 16 preConfigure = '' 17 17 cd tools/perf 18 18 sed -i s,/usr/include/elfutils,$elfutils/include/elfutils, Makefile 19 - ${optionalString (versionOlder kernel.version "3.13") "patch -p1 < ${./perf.diff}"} 20 19 [ -f bash_completion ] && sed -i 's,^have perf,_have perf,' bash_completion 21 20 export makeFlags="DESTDIR=$out $makeFlags" 22 21 '';
-1240
pkgs/os-specific/linux/kernel/ubuntu-fan-4.4.patch
··· 1 - From e64058be3b97c5bd3e034fc4ece21e306ef6f90b Mon Sep 17 00:00:00 2001 2 - From: Jay Vosburgh <jay.vosburgh@canonical.com> 3 - Date: Wed, 1 Apr 2015 16:11:09 -0700 4 - Subject: [PATCH] UBUNTU: SAUCE: fan: tunnel multiple mapping mode (v3) 5 - 6 - Switch to a single tunnel for all mappings, this removes the limitations 7 - on how many mappings each tunnel can handle, and therefore how many Fan 8 - slices each local address may hold. 9 - 10 - NOTE: This introduces a new kernel netlink interface which needs updated 11 - iproute2 support. 12 - 13 - BugLink: http://bugs.launchpad.net/bugs/1470091 14 - Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com> 15 - Signed-off-by: Andy Whitcroft <apw@canonical.com> 16 - Signed-off-by: Tim Gardner <tim.gardner@canonical.com> 17 - 18 - Conflicts: 19 - include/net/ip_tunnels.h 20 - --- 21 - include/net/ip_tunnels.h | 15 ++++ 22 - include/uapi/linux/if_tunnel.h | 20 +++++ 23 - net/ipv4/ip_tunnel.c | 7 +- 24 - net/ipv4/ipip.c | 186 +++++++++++++++++++++++++++++++++++++++-- 25 - 4 files changed, 222 insertions(+), 6 deletions(-) 26 - 27 - diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h 28 - index 62a750a..47fec59 100644 29 - --- a/include/net/ip_tunnels.h 30 - +++ b/include/net/ip_tunnels.h 31 - @@ -91,6 +91,19 @@ struct ip_tunnel_dst { 32 - }; 33 - 34 - struct metadata_dst; 35 - +/* A fan overlay /8 (250.0.0.0/8, for example) maps to exactly one /16 36 - + * underlay (10.88.0.0/16, for example). Multiple local addresses within 37 - + * the /16 may be used, but a particular overlay may not span 38 - + * multiple underlay subnets. 39 - + * 40 - + * We store one underlay, indexed by the overlay's high order octet. 41 - + */ 42 - +#define FAN_OVERLAY_CNT 256 43 - + 44 - +struct ip_tunnel_fan { 45 - +/* u32 __rcu *map;*/ 46 - + u32 map[FAN_OVERLAY_CNT]; 47 - +}; 48 - 49 - struct ip_tunnel { 50 - struct ip_tunnel __rcu *next; 51 - @@ -123,6 +136,7 @@ struct ip_tunnel { 52 - #endif 53 - struct ip_tunnel_prl_entry __rcu *prl; /* potential router list */ 54 - unsigned int prl_count; /* # of entries in PRL */ 55 - + struct ip_tunnel_fan fan; 56 - int ip_tnl_net_id; 57 - struct gro_cells gro_cells; 58 - bool collect_md; 59 - @@ -143,6 +157,7 @@ struct ip_tunnel { 60 - #define TUNNEL_VXLAN_OPT __cpu_to_be16(0x1000) 61 - 62 - #define TUNNEL_OPTIONS_PRESENT (TUNNEL_GENEVE_OPT | TUNNEL_VXLAN_OPT) 63 - +#define TUNNEL_FAN __cpu_to_be16(0x4000) 64 - 65 - struct tnl_ptk_info { 66 - __be16 flags; 67 - diff --git a/include/uapi/linux/if_tunnel.h b/include/uapi/linux/if_tunnel.h 68 - index af4de90..85a3e4b 100644 69 - --- a/include/uapi/linux/if_tunnel.h 70 - +++ b/include/uapi/linux/if_tunnel.h 71 - @@ -57,6 +57,10 @@ enum { 72 - IFLA_IPTUN_ENCAP_FLAGS, 73 - IFLA_IPTUN_ENCAP_SPORT, 74 - IFLA_IPTUN_ENCAP_DPORT, 75 - + 76 - + __IFLA_IPTUN_VENDOR_BREAK, /* Ensure new entries do not hit the below. */ 77 - + IFLA_IPTUN_FAN_MAP = 33, 78 - + 79 - __IFLA_IPTUN_MAX, 80 - }; 81 - #define IFLA_IPTUN_MAX (__IFLA_IPTUN_MAX - 1) 82 - @@ -132,4 +136,20 @@ enum { 83 - }; 84 - 85 - #define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1) 86 - + 87 - +enum { 88 - + IFLA_FAN_UNSPEC, 89 - + IFLA_FAN_MAPPING, 90 - + __IFLA_FAN_MAX, 91 - +}; 92 - + 93 - +#define IFLA_FAN_MAX (__IFLA_FAN_MAX - 1) 94 - + 95 - +struct ip_tunnel_fan_map { 96 - + __be32 underlay; 97 - + __be32 overlay; 98 - + __u16 underlay_prefix; 99 - + __u16 overlay_prefix; 100 - +}; 101 - + 102 - #endif /* _UAPI_IF_TUNNEL_H_ */ 103 - diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c 104 - index cbb51f3..7a6174b 100644 105 - --- a/net/ipv4/ip_tunnel.c 106 - +++ b/net/ipv4/ip_tunnel.c 107 - @@ -1110,6 +1110,11 @@ out: 108 - } 109 - EXPORT_SYMBOL_GPL(ip_tunnel_newlink); 110 - 111 - +static int ip_tunnel_is_fan(struct ip_tunnel *tunnel) 112 - +{ 113 - + return tunnel->parms.i_flags & TUNNEL_FAN; 114 - +} 115 - + 116 - int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[], 117 - struct ip_tunnel_parm *p) 118 - { 119 - @@ -1119,7 +1124,7 @@ int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[], 120 - struct ip_tunnel_net *itn = net_generic(net, tunnel->ip_tnl_net_id); 121 - 122 - if (dev == itn->fb_tunnel_dev) 123 - - return -EINVAL; 124 - + return ip_tunnel_is_fan(tunnel) ? 0 : -EINVAL; 125 - 126 - t = ip_tunnel_find(itn, p, dev->type); 127 - 128 - diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c 129 - index a09fb0d..56e8984 100644 130 - --- a/net/ipv4/ipip.c 131 - +++ b/net/ipv4/ipip.c 132 - @@ -107,6 +107,7 @@ 133 - #include <linux/init.h> 134 - #include <linux/netfilter_ipv4.h> 135 - #include <linux/if_ether.h> 136 - +#include <linux/inetdevice.h> 137 - 138 - #include <net/sock.h> 139 - #include <net/ip.h> 140 - @@ -208,6 +209,40 @@ drop: 141 - return 0; 142 - } 143 - 144 - +static int ipip_tunnel_is_fan(struct ip_tunnel *tunnel) 145 - +{ 146 - + return tunnel->parms.i_flags & TUNNEL_FAN; 147 - +} 148 - + 149 - +/* 150 - + * Determine fan tunnel endpoint to send packet to, based on the inner IP 151 - + * address. For an overlay (inner) address Y.A.B.C, the transformation is 152 - + * F.G.A.B, where "F" and "G" are the first two octets of the underlay 153 - + * network (the network portion of a /16), "A" and "B" are the low order 154 - + * two octets of the underlay network host (the host portion of a /16), 155 - + * and "Y" is a configured first octet of the overlay network. 156 - + * 157 - + * E.g., underlay host 10.88.3.4 with an overlay of 99 would host overlay 158 - + * subnet 99.3.4.0/24. An overlay network datagram from 99.3.4.5 to 159 - + * 99.6.7.8, would be directed to underlay host 10.88.6.7, which hosts 160 - + * overlay network 99.6.7.0/24. 161 - + */ 162 - +static int ipip_build_fan_iphdr(struct ip_tunnel *tunnel, struct sk_buff *skb, struct iphdr *iph) 163 - +{ 164 - + unsigned int overlay; 165 - + u32 daddr, underlay; 166 - + 167 - + daddr = ntohl(ip_hdr(skb)->daddr); 168 - + overlay = daddr >> 24; 169 - + underlay = tunnel->fan.map[overlay]; 170 - + if (!underlay) 171 - + return -EINVAL; 172 - + 173 - + *iph = tunnel->parms.iph; 174 - + iph->daddr = htonl(underlay | ((daddr >> 8) & 0x0000ffff)); 175 - + return 0; 176 - +} 177 - + 178 - /* 179 - * This function assumes it is being called from dev_queue_xmit() 180 - * and that skb is filled properly by that function. 181 - @@ -215,7 +250,8 @@ drop: 182 - static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 183 - { 184 - struct ip_tunnel *tunnel = netdev_priv(dev); 185 - - const struct iphdr *tiph = &tunnel->parms.iph; 186 - + const struct iphdr *tiph; 187 - + struct iphdr fiph; 188 - 189 - if (unlikely(skb->protocol != htons(ETH_P_IP))) 190 - goto tx_error; 191 - @@ -224,6 +260,14 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 192 - if (IS_ERR(skb)) 193 - goto out; 194 - 195 - + if (ipip_tunnel_is_fan(tunnel)) { 196 - + if (ipip_build_fan_iphdr(tunnel, skb, &fiph)) 197 - + goto tx_error; 198 - + tiph = &fiph; 199 - + } else { 200 - + tiph = &tunnel->parms.iph; 201 - + } 202 - + 203 - skb_set_inner_ipproto(skb, IPPROTO_IPIP); 204 - 205 - ip_tunnel_xmit(skb, dev, tiph, tiph->protocol); 206 - @@ -375,21 +419,88 @@ static bool ipip_netlink_encap_parms(struct nlattr *data[], 207 - return ret; 208 - } 209 - 210 - +static void ipip_fan_free_map(struct ip_tunnel *t) 211 - +{ 212 - + memset(&t->fan.map, 0, sizeof(t->fan.map)); 213 - +} 214 - + 215 - +static int ipip_fan_set_map(struct ip_tunnel *t, struct ip_tunnel_fan_map *map) 216 - +{ 217 - + u32 overlay, overlay_mask, underlay, underlay_mask; 218 - + 219 - + if ((map->underlay_prefix && map->underlay_prefix != 16) || 220 - + (map->overlay_prefix && map->overlay_prefix != 8)) 221 - + return -EINVAL; 222 - + 223 - + overlay = ntohl(map->overlay); 224 - + overlay_mask = ntohl(inet_make_mask(map->overlay_prefix)); 225 - + 226 - + underlay = ntohl(map->underlay); 227 - + underlay_mask = ntohl(inet_make_mask(map->underlay_prefix)); 228 - + 229 - + if ((overlay & ~overlay_mask) || (underlay & ~underlay_mask)) 230 - + return -EINVAL; 231 - + 232 - + if (!(overlay & overlay_mask) && (underlay & underlay_mask)) 233 - + return -EINVAL; 234 - + 235 - + t->parms.i_flags |= TUNNEL_FAN; 236 - + 237 - + /* Special case: overlay 0 and underlay 0 clears all mappings */ 238 - + if (!overlay && !underlay) { 239 - + ipip_fan_free_map(t); 240 - + return 0; 241 - + } 242 - + 243 - + overlay >>= (32 - map->overlay_prefix); 244 - + t->fan.map[overlay] = underlay; 245 - + 246 - + return 0; 247 - +} 248 - + 249 - + 250 - +static int ipip_netlink_fan(struct nlattr *data[], struct ip_tunnel *t, 251 - + struct ip_tunnel_parm *parms) 252 - +{ 253 - + struct ip_tunnel_fan_map *map; 254 - + struct nlattr *attr; 255 - + int rem, rv; 256 - + 257 - + if (!data[IFLA_IPTUN_FAN_MAP]) 258 - + return 0; 259 - + 260 - + if (parms->iph.daddr) 261 - + return -EINVAL; 262 - + 263 - + nla_for_each_nested(attr, data[IFLA_IPTUN_FAN_MAP], rem) { 264 - + map = nla_data(attr); 265 - + rv = ipip_fan_set_map(t, map); 266 - + if (rv) 267 - + return rv; 268 - + } 269 - + 270 - + return 0; 271 - +} 272 - + 273 - static int ipip_newlink(struct net *src_net, struct net_device *dev, 274 - struct nlattr *tb[], struct nlattr *data[]) 275 - { 276 - struct ip_tunnel_parm p; 277 - struct ip_tunnel_encap ipencap; 278 - + struct ip_tunnel *t = netdev_priv(dev); 279 - + int err; 280 - 281 - if (ipip_netlink_encap_parms(data, &ipencap)) { 282 - - struct ip_tunnel *t = netdev_priv(dev); 283 - - int err = ip_tunnel_encap_setup(t, &ipencap); 284 - + err = ip_tunnel_encap_setup(t, &ipencap); 285 - 286 - if (err < 0) 287 - return err; 288 - } 289 - 290 - ipip_netlink_parms(data, &p); 291 - + err = ipip_netlink_fan(data, t, &p); 292 - + if (err < 0) 293 - + return err; 294 - return ip_tunnel_newlink(dev, tb, &p); 295 - } 296 - 297 - @@ -398,16 +509,20 @@ static int ipip_changelink(struct net_device *dev, struct nlattr *tb[], 298 - { 299 - struct ip_tunnel_parm p; 300 - struct ip_tunnel_encap ipencap; 301 - + struct ip_tunnel *t = netdev_priv(dev); 302 - + int err; 303 - 304 - if (ipip_netlink_encap_parms(data, &ipencap)) { 305 - - struct ip_tunnel *t = netdev_priv(dev); 306 - - int err = ip_tunnel_encap_setup(t, &ipencap); 307 - + err = ip_tunnel_encap_setup(t, &ipencap); 308 - 309 - if (err < 0) 310 - return err; 311 - } 312 - 313 - ipip_netlink_parms(data, &p); 314 - + err = ipip_netlink_fan(data, t, &p); 315 - + if (err < 0) 316 - + return err; 317 - 318 - if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) || 319 - (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr)) 320 - @@ -439,6 +554,8 @@ static size_t ipip_get_size(const struct net_device *dev) 321 - nla_total_size(2) + 322 - /* IFLA_IPTUN_ENCAP_DPORT */ 323 - nla_total_size(2) + 324 - + /* IFLA_IPTUN_FAN_MAP */ 325 - + nla_total_size(sizeof(struct ip_tunnel_fan_map)) * 256 + 326 - 0; 327 - } 328 - 329 - @@ -466,6 +583,29 @@ static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev) 330 - tunnel->encap.flags)) 331 - goto nla_put_failure; 332 - 333 - + if (tunnel->parms.i_flags & TUNNEL_FAN) { 334 - + struct nlattr *fan_nest; 335 - + int i; 336 - + 337 - + fan_nest = nla_nest_start(skb, IFLA_IPTUN_FAN_MAP); 338 - + if (!fan_nest) 339 - + goto nla_put_failure; 340 - + for (i = 0; i < 256; i++) { 341 - + if (tunnel->fan.map[i]) { 342 - + struct ip_tunnel_fan_map map; 343 - + 344 - + map.underlay = htonl(tunnel->fan.map[i]); 345 - + map.underlay_prefix = 16; 346 - + map.overlay = htonl(i << 24); 347 - + map.overlay_prefix = 8; 348 - + if (nla_put(skb, IFLA_FAN_MAPPING, 349 - + sizeof(map), &map)) 350 - + goto nla_put_failure; 351 - + } 352 - + } 353 - + nla_nest_end(skb, fan_nest); 354 - + } 355 - + 356 - return 0; 357 - 358 - nla_put_failure: 359 - @@ -483,6 +623,9 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { 360 - [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 }, 361 - [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 }, 362 - [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, 363 - + 364 - + [__IFLA_IPTUN_VENDOR_BREAK ... IFLA_IPTUN_MAX] = { .type = NLA_BINARY }, 365 - + [IFLA_IPTUN_FAN_MAP] = { .type = NLA_NESTED }, 366 - }; 367 - 368 - static struct rtnl_link_ops ipip_link_ops __read_mostly = { 369 - @@ -523,6 +666,23 @@ static struct pernet_operations ipip_net_ops = { 370 - .size = sizeof(struct ip_tunnel_net), 371 - }; 372 - 373 - +#ifdef CONFIG_SYSCTL 374 - +static struct ctl_table_header *ipip_fan_header; 375 - +static unsigned int ipip_fan_version = 3; 376 - + 377 - +static struct ctl_table ipip_fan_sysctls[] = { 378 - + { 379 - + .procname = "version", 380 - + .data = &ipip_fan_version, 381 - + .maxlen = sizeof(ipip_fan_version), 382 - + .mode = 0444, 383 - + .proc_handler = proc_dointvec, 384 - + }, 385 - + {}, 386 - +}; 387 - + 388 - +#endif /* CONFIG_SYSCTL */ 389 - + 390 - static int __init ipip_init(void) 391 - { 392 - int err; 393 - @@ -541,9 +701,22 @@ static int __init ipip_init(void) 394 - if (err < 0) 395 - goto rtnl_link_failed; 396 - 397 - +#ifdef CONFIG_SYSCTL 398 - + ipip_fan_header = register_net_sysctl(&init_net, "net/fan", 399 - + ipip_fan_sysctls); 400 - + if (!ipip_fan_header) { 401 - + err = -ENOMEM; 402 - + goto sysctl_failed; 403 - + } 404 - +#endif /* CONFIG_SYSCTL */ 405 - + 406 - out: 407 - return err; 408 - 409 - +#ifdef CONFIG_SYSCTL 410 - +sysctl_failed: 411 - + rtnl_link_unregister(&ipip_link_ops); 412 - +#endif /* CONFIG_SYSCTL */ 413 - rtnl_link_failed: 414 - xfrm4_tunnel_deregister(&ipip_handler, AF_INET); 415 - xfrm_tunnel_failed: 416 - @@ -553,6 +726,9 @@ xfrm_tunnel_failed: 417 - 418 - static void __exit ipip_fini(void) 419 - { 420 - +#ifdef CONFIG_SYSCTL 421 - + unregister_net_sysctl_table(ipip_fan_header); 422 - +#endif /* CONFIG_SYSCTL */ 423 - rtnl_link_unregister(&ipip_link_ops); 424 - if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET)) 425 - pr_info("%s: can't deregister tunnel\n", __func__); 426 - -- 427 - 2.7.4 428 - 429 - From 14aba409d044e3a314c09c650e1c42de699700b8 Mon Sep 17 00:00:00 2001 430 - From: Jay Vosburgh <jay.vosburgh@canonical.com> 431 - Date: Wed, 11 Nov 2015 13:04:50 +0000 432 - Subject: [PATCH] UBUNTU: SAUCE: fan: add VXLAN implementation 433 - 434 - Generify the fan mapping support and utilise that to implement fan 435 - mappings over vxlan transport. 436 - 437 - Expose the existance of this functionality (when the module is loaded) 438 - via an additional sysctl marker. 439 - 440 - Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com> 441 - [apw@canonical.com: added feature marker for fan over vxlan.] 442 - Signed-off-by: Andy Whitcroft <apw@canonical.com> 443 - --- 444 - drivers/net/vxlan.c | 245 +++++++++++++++++++++++++++++++++++++++++ 445 - include/net/ip_tunnels.h | 19 +++- 446 - include/net/vxlan.h | 2 + 447 - include/uapi/linux/if_link.h | 1 + 448 - include/uapi/linux/if_tunnel.h | 2 +- 449 - net/ipv4/ip_tunnel.c | 7 +- 450 - net/ipv4/ipip.c | 242 +++++++++++++++++++++++++++++++--------- 451 - 7 files changed, 453 insertions(+), 65 deletions(-) 452 - 453 - diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c 454 - index 405a7b6..a17cfd0 100644 455 - --- a/drivers/net/vxlan.c 456 - +++ b/drivers/net/vxlan.c 457 - @@ -23,6 +23,7 @@ 458 - #include <linux/udp.h> 459 - #include <linux/igmp.h> 460 - #include <linux/etherdevice.h> 461 - +#include <linux/inetdevice.h> 462 - #include <linux/if_ether.h> 463 - #include <linux/if_vlan.h> 464 - #include <linux/hash.h> 465 - @@ -106,6 +107,167 @@ static inline bool vxlan_collect_metadata(struct vxlan_sock *vs) 466 - ip_tunnel_collect_metadata(); 467 - } 468 - 469 - +static struct ip_fan_map *vxlan_fan_find_map(struct vxlan_dev *vxlan, __be32 daddr) 470 - +{ 471 - + struct ip_fan_map *fan_map; 472 - + 473 - + rcu_read_lock(); 474 - + list_for_each_entry_rcu(fan_map, &vxlan->fan.fan_maps, list) { 475 - + if (fan_map->overlay == 476 - + (daddr & inet_make_mask(fan_map->overlay_prefix))) { 477 - + rcu_read_unlock(); 478 - + return fan_map; 479 - + } 480 - + } 481 - + rcu_read_unlock(); 482 - + 483 - + return NULL; 484 - +} 485 - + 486 - +static void vxlan_fan_flush_map(struct vxlan_dev *vxlan) 487 - +{ 488 - + struct ip_fan_map *fan_map; 489 - + 490 - + list_for_each_entry_rcu(fan_map, &vxlan->fan.fan_maps, list) { 491 - + list_del_rcu(&fan_map->list); 492 - + kfree_rcu(fan_map, rcu); 493 - + } 494 - +} 495 - + 496 - +static int vxlan_fan_del_map(struct vxlan_dev *vxlan, __be32 overlay) 497 - +{ 498 - + struct ip_fan_map *fan_map; 499 - + 500 - + fan_map = vxlan_fan_find_map(vxlan, overlay); 501 - + if (!fan_map) 502 - + return -ENOENT; 503 - + 504 - + list_del_rcu(&fan_map->list); 505 - + kfree_rcu(fan_map, rcu); 506 - + 507 - + return 0; 508 - +} 509 - + 510 - +static int vxlan_fan_add_map(struct vxlan_dev *vxlan, struct ifla_fan_map *map) 511 - +{ 512 - + __be32 overlay_mask, underlay_mask; 513 - + struct ip_fan_map *fan_map; 514 - + 515 - + overlay_mask = inet_make_mask(map->overlay_prefix); 516 - + underlay_mask = inet_make_mask(map->underlay_prefix); 517 - + 518 - + netdev_dbg(vxlan->dev, "vfam: map: o %x/%d u %x/%d om %x um %x\n", 519 - + map->overlay, map->overlay_prefix, 520 - + map->underlay, map->underlay_prefix, 521 - + overlay_mask, underlay_mask); 522 - + 523 - + if ((map->overlay & ~overlay_mask) || (map->underlay & ~underlay_mask)) 524 - + return -EINVAL; 525 - + 526 - + if (!(map->overlay & overlay_mask) && (map->underlay & underlay_mask)) 527 - + return -EINVAL; 528 - + 529 - + /* Special case: overlay 0 and underlay 0: flush all mappings */ 530 - + if (!map->overlay && !map->underlay) { 531 - + vxlan_fan_flush_map(vxlan); 532 - + return 0; 533 - + } 534 - + 535 - + /* Special case: overlay set and underlay 0: clear map for overlay */ 536 - + if (!map->underlay) 537 - + return vxlan_fan_del_map(vxlan, map->overlay); 538 - + 539 - + if (vxlan_fan_find_map(vxlan, map->overlay)) 540 - + return -EEXIST; 541 - + 542 - + fan_map = kmalloc(sizeof(*fan_map), GFP_KERNEL); 543 - + fan_map->underlay = map->underlay; 544 - + fan_map->overlay = map->overlay; 545 - + fan_map->underlay_prefix = map->underlay_prefix; 546 - + fan_map->overlay_mask = ntohl(overlay_mask); 547 - + fan_map->overlay_prefix = map->overlay_prefix; 548 - + 549 - + list_add_tail_rcu(&fan_map->list, &vxlan->fan.fan_maps); 550 - + 551 - + return 0; 552 - +} 553 - + 554 - +static int vxlan_parse_fan_map(struct nlattr *data[], struct vxlan_dev *vxlan) 555 - +{ 556 - + struct ifla_fan_map *map; 557 - + struct nlattr *attr; 558 - + int rem, rv; 559 - + 560 - + nla_for_each_nested(attr, data[IFLA_IPTUN_FAN_MAP], rem) { 561 - + map = nla_data(attr); 562 - + rv = vxlan_fan_add_map(vxlan, map); 563 - + if (rv) 564 - + return rv; 565 - + } 566 - + 567 - + return 0; 568 - +} 569 - + 570 - +static int vxlan_fan_build_rdst(struct vxlan_dev *vxlan, struct sk_buff *skb, 571 - + struct vxlan_rdst *fan_rdst) 572 - +{ 573 - + struct ip_fan_map *f_map; 574 - + union vxlan_addr *va; 575 - + u32 daddr, underlay; 576 - + struct arphdr *arp; 577 - + void *arp_ptr; 578 - + struct ethhdr *eth; 579 - + struct iphdr *iph; 580 - + 581 - + eth = eth_hdr(skb); 582 - + switch (eth->h_proto) { 583 - + case htons(ETH_P_IP): 584 - + iph = ip_hdr(skb); 585 - + if (!iph) 586 - + return -EINVAL; 587 - + daddr = iph->daddr; 588 - + break; 589 - + case htons(ETH_P_ARP): 590 - + arp = arp_hdr(skb); 591 - + if (!arp) 592 - + return -EINVAL; 593 - + arp_ptr = arp + 1; 594 - + netdev_dbg(vxlan->dev, 595 - + "vfbr: arp sha %pM sip %pI4 tha %pM tip %pI4\n", 596 - + arp_ptr, arp_ptr + skb->dev->addr_len, 597 - + arp_ptr + skb->dev->addr_len + 4, 598 - + arp_ptr + (skb->dev->addr_len * 2) + 4); 599 - + arp_ptr += (skb->dev->addr_len * 2) + 4; 600 - + memcpy(&daddr, arp_ptr, 4); 601 - + break; 602 - + default: 603 - + netdev_dbg(vxlan->dev, "vfbr: unknown eth p %x\n", eth->h_proto); 604 - + return -EINVAL; 605 - + } 606 - + 607 - + f_map = vxlan_fan_find_map(vxlan, daddr); 608 - + if (!f_map) 609 - + return -EINVAL; 610 - + 611 - + daddr = ntohl(daddr); 612 - + underlay = ntohl(f_map->underlay); 613 - + if (!underlay) 614 - + return -EINVAL; 615 - + 616 - + memset(fan_rdst, 0, sizeof(*fan_rdst)); 617 - + va = &fan_rdst->remote_ip; 618 - + va->sa.sa_family = AF_INET; 619 - + fan_rdst->remote_vni = vxlan->default_dst.remote_vni; 620 - + va->sin.sin_addr.s_addr = htonl(underlay | 621 - + ((daddr & ~f_map->overlay_mask) >> 622 - + (32 - f_map->overlay_prefix - 623 - + (32 - f_map->underlay_prefix)))); 624 - + netdev_dbg(vxlan->dev, "vfbr: daddr %x ul %x dst %x\n", 625 - + daddr, underlay, va->sin.sin_addr.s_addr); 626 - + 627 - + return 0; 628 - +} 629 - + 630 - #if IS_ENABLED(CONFIG_IPV6) 631 - static inline 632 - bool vxlan_addr_equal(const union vxlan_addr *a, const union vxlan_addr *b) 633 - @@ -2029,6 +2191,13 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, 634 - goto rt_tx_error; 635 - } 636 - 637 - + if (fan_has_map(&vxlan->fan) && rt->rt_flags & RTCF_LOCAL) { 638 - + netdev_dbg(dev, "discard fan to localhost %pI4\n", 639 - + &dst->sin.sin_addr.s_addr); 640 - + ip_rt_put(rt); 641 - + goto tx_free; 642 - + } 643 - + 644 - /* Bypass encapsulation if the destination is local */ 645 - if (rt->rt_flags & RTCF_LOCAL && 646 - !(rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) { 647 - @@ -2169,6 +2338,20 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) 648 - return NETDEV_TX_OK; 649 - } 650 - 651 - + if (fan_has_map(&vxlan->fan)) { 652 - + struct vxlan_rdst fan_rdst; 653 - + 654 - + netdev_dbg(vxlan->dev, "vxlan_xmit p %x d %pM\n", 655 - + eth->h_proto, eth->h_dest); 656 - + if (vxlan_fan_build_rdst(vxlan, skb, &fan_rdst)) { 657 - + dev->stats.tx_dropped++; 658 - + kfree_skb(skb); 659 - + return NETDEV_TX_OK; 660 - + } 661 - + vxlan_xmit_one(skb, dev, &fan_rdst, 0); 662 - + return NETDEV_TX_OK; 663 - + } 664 - + 665 - f = vxlan_find_mac(vxlan, eth->h_dest); 666 - did_rsc = false; 667 - 668 - @@ -2532,6 +2715,8 @@ static void vxlan_setup(struct net_device *dev) 669 - 670 - for (h = 0; h < FDB_HASH_SIZE; ++h) 671 - INIT_HLIST_HEAD(&vxlan->fdb_head[h]); 672 - + 673 - + INIT_LIST_HEAD(&vxlan->fan.fan_maps); 674 - } 675 - 676 - static const struct nla_policy vxlan_policy[IFLA_VXLAN_MAX + 1] = { 677 - @@ -2881,6 +3066,7 @@ EXPORT_SYMBOL_GPL(vxlan_dev_create); 678 - static int vxlan_newlink(struct net *src_net, struct net_device *dev, 679 - struct nlattr *tb[], struct nlattr *data[]) 680 - { 681 - + struct vxlan_dev *vxlan = netdev_priv(dev); 682 - struct vxlan_config conf; 683 - int err; 684 - 685 - @@ -2899,6 +3085,12 @@ static int vxlan_newlink(struct net *src_net, struct net_device *dev, 686 - conf.remote_ip.sa.sa_family = AF_INET6; 687 - } 688 - 689 - + if (data[IFLA_VXLAN_FAN_MAP]) { 690 - + err = vxlan_parse_fan_map(data, vxlan); 691 - + if (err) 692 - + return err; 693 - + } 694 - + 695 - if (data[IFLA_VXLAN_LOCAL]) { 696 - conf.saddr.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_VXLAN_LOCAL]); 697 - conf.saddr.sa.sa_family = AF_INET; 698 - @@ -3037,6 +3229,7 @@ static size_t vxlan_get_size(const struct net_device *dev) 699 - nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_UDP_ZERO_CSUM6_RX */ 700 - nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_REMCSUM_TX */ 701 - nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_REMCSUM_RX */ 702 - + nla_total_size(sizeof(struct ip_fan_map) * 256) + 703 - 0; 704 - } 705 - 706 - @@ -3083,6 +3276,26 @@ static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev) 707 - } 708 - } 709 - 710 - + if (fan_has_map(&vxlan->fan)) { 711 - + struct nlattr *fan_nest; 712 - + struct ip_fan_map *fan_map; 713 - + 714 - + fan_nest = nla_nest_start(skb, IFLA_VXLAN_FAN_MAP); 715 - + if (!fan_nest) 716 - + goto nla_put_failure; 717 - + list_for_each_entry_rcu(fan_map, &vxlan->fan.fan_maps, list) { 718 - + struct ifla_fan_map map; 719 - + 720 - + map.underlay = fan_map->underlay; 721 - + map.underlay_prefix = fan_map->underlay_prefix; 722 - + map.overlay = fan_map->overlay; 723 - + map.overlay_prefix = fan_map->overlay_prefix; 724 - + if (nla_put(skb, IFLA_FAN_MAPPING, sizeof(map), &map)) 725 - + goto nla_put_failure; 726 - + } 727 - + nla_nest_end(skb, fan_nest); 728 - + } 729 - + 730 - if (nla_put_u8(skb, IFLA_VXLAN_TTL, vxlan->cfg.ttl) || 731 - nla_put_u8(skb, IFLA_VXLAN_TOS, vxlan->cfg.tos) || 732 - nla_put_u8(skb, IFLA_VXLAN_LEARNING, 733 - @@ -3201,6 +3414,22 @@ static __net_init int vxlan_init_net(struct net *net) 734 - return 0; 735 - } 736 - 737 - +#ifdef CONFIG_SYSCTL 738 - +static struct ctl_table_header *vxlan_fan_header; 739 - +static unsigned int vxlan_fan_version = 4; 740 - + 741 - +static struct ctl_table vxlan_fan_sysctls[] = { 742 - + { 743 - + .procname = "vxlan", 744 - + .data = &vxlan_fan_version, 745 - + .maxlen = sizeof(vxlan_fan_version), 746 - + .mode = 0444, 747 - + .proc_handler = proc_dointvec, 748 - + }, 749 - + {}, 750 - +}; 751 - +#endif /* CONFIG_SYSCTL */ 752 - + 753 - static void __net_exit vxlan_exit_net(struct net *net) 754 - { 755 - struct vxlan_net *vn = net_generic(net, vxlan_net_id); 756 - @@ -3256,7 +3485,20 @@ static int __init vxlan_init_module(void) 757 - if (rc) 758 - goto out3; 759 - 760 - +#ifdef CONFIG_SYSCTL 761 - + vxlan_fan_header = register_net_sysctl(&init_net, "net/fan", 762 - + vxlan_fan_sysctls); 763 - + if (!vxlan_fan_header) { 764 - + rc = -ENOMEM; 765 - + goto sysctl_failed; 766 - + } 767 - +#endif /* CONFIG_SYSCTL */ 768 - + 769 - return 0; 770 - +#ifdef CONFIG_SYSCTL 771 - +sysctl_failed: 772 - + rtnl_link_unregister(&vxlan_link_ops); 773 - +#endif /* CONFIG_SYSCTL */ 774 - out3: 775 - unregister_netdevice_notifier(&vxlan_notifier_block); 776 - out2: 777 - @@ -3269,6 +3511,9 @@ late_initcall(vxlan_init_module); 778 - 779 - static void __exit vxlan_cleanup_module(void) 780 - { 781 - +#ifdef CONFIG_SYSCTL 782 - + unregister_net_sysctl_table(vxlan_fan_header); 783 - +#endif /* CONFIG_SYSCTL */ 784 - rtnl_link_unregister(&vxlan_link_ops); 785 - unregister_netdevice_notifier(&vxlan_notifier_block); 786 - destroy_workqueue(vxlan_wq); 787 - diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h 788 - index 47fec59..28a38e5 100644 789 - --- a/include/net/ip_tunnels.h 790 - +++ b/include/net/ip_tunnels.h 791 - @@ -100,9 +100,18 @@ struct metadata_dst; 792 - */ 793 - #define FAN_OVERLAY_CNT 256 794 - 795 - +struct ip_fan_map { 796 - + __be32 underlay; 797 - + __be32 overlay; 798 - + u16 underlay_prefix; 799 - + u16 overlay_prefix; 800 - + u32 overlay_mask; 801 - + struct list_head list; 802 - + struct rcu_head rcu; 803 - +}; 804 - + 805 - struct ip_tunnel_fan { 806 - -/* u32 __rcu *map;*/ 807 - - u32 map[FAN_OVERLAY_CNT]; 808 - + struct list_head fan_maps; 809 - }; 810 - 811 - struct ip_tunnel { 812 - @@ -157,7 +166,11 @@ struct ip_tunnel { 813 - #define TUNNEL_VXLAN_OPT __cpu_to_be16(0x1000) 814 - 815 - #define TUNNEL_OPTIONS_PRESENT (TUNNEL_GENEVE_OPT | TUNNEL_VXLAN_OPT) 816 - -#define TUNNEL_FAN __cpu_to_be16(0x4000) 817 - + 818 - +static inline int fan_has_map(const struct ip_tunnel_fan *fan) 819 - +{ 820 - + return !list_empty(&fan->fan_maps); 821 - +} 822 - 823 - struct tnl_ptk_info { 824 - __be16 flags; 825 - diff --git a/include/net/vxlan.h b/include/net/vxlan.h 826 - index e289ada..542f421 100644 827 - --- a/include/net/vxlan.h 828 - +++ b/include/net/vxlan.h 829 - @@ -161,6 +161,8 @@ struct vxlan_dev { 830 - struct vxlan_rdst default_dst; /* default destination */ 831 - u32 flags; /* VXLAN_F_* in vxlan.h */ 832 - 833 - + struct ip_tunnel_fan fan; 834 - + 835 - struct timer_list age_timer; 836 - spinlock_t hash_lock; 837 - unsigned int addrcnt; 838 - diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h 839 - index 5ad5737..6cde3bf 100644 840 - --- a/include/uapi/linux/if_link.h 841 - +++ b/include/uapi/linux/if_link.h 842 - @@ -443,6 +443,7 @@ enum { 843 - IFLA_VXLAN_GBP, 844 - IFLA_VXLAN_REMCSUM_NOPARTIAL, 845 - IFLA_VXLAN_COLLECT_METADATA, 846 - + IFLA_VXLAN_FAN_MAP = 33, 847 - __IFLA_VXLAN_MAX 848 - }; 849 - #define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1) 850 - diff --git a/include/uapi/linux/if_tunnel.h b/include/uapi/linux/if_tunnel.h 851 - index 85a3e4b..d36b150 100644 852 - --- a/include/uapi/linux/if_tunnel.h 853 - +++ b/include/uapi/linux/if_tunnel.h 854 - @@ -145,7 +145,7 @@ enum { 855 - 856 - #define IFLA_FAN_MAX (__IFLA_FAN_MAX - 1) 857 - 858 - -struct ip_tunnel_fan_map { 859 - +struct ifla_fan_map { 860 - __be32 underlay; 861 - __be32 overlay; 862 - __u16 underlay_prefix; 863 - diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c 864 - index 7a6174b..c821bf1 100644 865 - --- a/net/ipv4/ip_tunnel.c 866 - +++ b/net/ipv4/ip_tunnel.c 867 - @@ -1110,11 +1110,6 @@ out: 868 - } 869 - EXPORT_SYMBOL_GPL(ip_tunnel_newlink); 870 - 871 - -static int ip_tunnel_is_fan(struct ip_tunnel *tunnel) 872 - -{ 873 - - return tunnel->parms.i_flags & TUNNEL_FAN; 874 - -} 875 - - 876 - int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[], 877 - struct ip_tunnel_parm *p) 878 - { 879 - @@ -1124,7 +1119,7 @@ int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[], 880 - struct ip_tunnel_net *itn = net_generic(net, tunnel->ip_tnl_net_id); 881 - 882 - if (dev == itn->fb_tunnel_dev) 883 - - return ip_tunnel_is_fan(tunnel) ? 0 : -EINVAL; 884 - + return fan_has_map(&tunnel->fan) ? 0 : -EINVAL; 885 - 886 - t = ip_tunnel_find(itn, p, dev->type); 887 - 888 - diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c 889 - index 56e8984..3877b0e 100644 890 - --- a/net/ipv4/ipip.c 891 - +++ b/net/ipv4/ipip.c 892 - @@ -108,6 +108,7 @@ 893 - #include <linux/netfilter_ipv4.h> 894 - #include <linux/if_ether.h> 895 - #include <linux/inetdevice.h> 896 - +#include <linux/rculist.h> 897 - 898 - #include <net/sock.h> 899 - #include <net/ip.h> 900 - @@ -209,37 +210,144 @@ drop: 901 - return 0; 902 - } 903 - 904 - -static int ipip_tunnel_is_fan(struct ip_tunnel *tunnel) 905 - +static struct ip_fan_map *ipip_fan_find_map(struct ip_tunnel *t, __be32 daddr) 906 - { 907 - - return tunnel->parms.i_flags & TUNNEL_FAN; 908 - + struct ip_fan_map *fan_map; 909 - + 910 - + rcu_read_lock(); 911 - + list_for_each_entry_rcu(fan_map, &t->fan.fan_maps, list) { 912 - + if (fan_map->overlay == 913 - + (daddr & inet_make_mask(fan_map->overlay_prefix))) { 914 - + rcu_read_unlock(); 915 - + return fan_map; 916 - + } 917 - + } 918 - + rcu_read_unlock(); 919 - + 920 - + return NULL; 921 - } 922 - 923 - -/* 924 - - * Determine fan tunnel endpoint to send packet to, based on the inner IP 925 - - * address. For an overlay (inner) address Y.A.B.C, the transformation is 926 - - * F.G.A.B, where "F" and "G" are the first two octets of the underlay 927 - - * network (the network portion of a /16), "A" and "B" are the low order 928 - - * two octets of the underlay network host (the host portion of a /16), 929 - - * and "Y" is a configured first octet of the overlay network. 930 - +/* Determine fan tunnel endpoint to send packet to, based on the inner IP 931 - + * address. 932 - + * 933 - + * Given a /8 overlay and /16 underlay, for an overlay (inner) address 934 - + * Y.A.B.C, the transformation is F.G.A.B, where "F" and "G" are the first 935 - + * two octets of the underlay network (the network portion of a /16), "A" 936 - + * and "B" are the low order two octets of the underlay network host (the 937 - + * host portion of a /16), and "Y" is a configured first octet of the 938 - + * overlay network. 939 - + * 940 - + * E.g., underlay host 10.88.3.4/16 with an overlay of 99.0.0.0/8 would 941 - + * host overlay subnet 99.3.4.0/24. An overlay network datagram from 942 - + * 99.3.4.5 to 99.6.7.8, would be directed to underlay host 10.88.6.7, 943 - + * which hosts overlay network subnet 99.6.7.0/24. This transformation is 944 - + * described in detail further below. 945 - + * 946 - + * Using netmasks for the overlay and underlay other than /8 and /16, as 947 - + * shown above, can yield larger (or smaller) overlay subnets, with the 948 - + * trade-off of allowing fewer (or more) underlay hosts to participate. 949 - + * 950 - + * The size of each overlay network subnet is defined by the total of the 951 - + * network mask of the overlay plus the size of host portion of the 952 - + * underlay network. In the above example, /8 + /16 = /24. 953 - + * 954 - + * E.g., consider underlay host 10.99.238.5/20 and overlay 99.0.0.0/8. In 955 - + * this case, the network portion of the underlay is 10.99.224.0/20, and 956 - + * the host portion is 0.0.14.5 (12 bits). To determine the overlay 957 - + * network subnet, the 12 bits of host portion are left shifted 12 bits 958 - + * (/20 - /8) and ORed with the overlay subnet prefix. This yields an 959 - + * overlay subnet of 99.224.80/20, composed of 8 bits overlay, followed by 960 - + * 12 bits underlay. This yields 12 bits in the overlay network portion, 961 - + * allowing for 4094 addresses in each overlay network subnet. The 962 - + * trade-off is that fewer hosts may participate in the underlay network, 963 - + * as its host address size has shrunk from 16 bits (65534 addresses) in 964 - + * the first example to 12 bits (4094 addresses) here. 965 - + * 966 - + * For fewer hosts per overlay subnet (permitting a larger number of 967 - + * underlay hosts to participate), the underlay netmask may be made 968 - + * smaller. 969 - + * 970 - + * E.g., underlay host 10.111.1.2/12 (network 10.96.0.0/12, host portion 971 - + * is 0.15.1.2, 20 bits) with an overlay of 33.0.0.0/8 would left shift 972 - + * the 20 bits of host by 4 (so that it's highest order bit is adjacent to 973 - + * the lowest order bit of the /8 overlay). This yields an overlay subnet 974 - + * of 33.240.16.32/28 (8 bits overlay, 20 bits from the host portion of 975 - + * the underlay). This provides more addresses for the underlay network 976 - + * (approximately 2^20), but each host's segment of the overlay provides 977 - + * only 4 bits of addresses (14 usable). 978 - + * 979 - + * It is also possible to adjust the overlay subnet. 980 - + * 981 - + * For an overlay of 240.0.0.0/5 and underlay of 10.88.0.0/20, consider 982 - + * underlay host 10.88.129.2; the 12 bits of host, 0.0.1.2, are left 983 - + * shifted 15 bits (/20 - /5), yielding an overlay network of 984 - + * 240.129.0.0/17. An underlay host of 10.88.244.215 would yield an 985 - + * overlay network of 242.107.128.0/17. 986 - + * 987 - + * For an overlay of 100.64.0.0/10 and underlay of 10.224.220.0/24, for 988 - + * underlay host 10.224.220.10, the underlay host portion (.10) is left 989 - + * shifted 14 bits, yielding an overlay network subnet of 100.66.128.0/18. 990 - + * This would permit 254 addresses on the underlay, with each overlay 991 - + * segment providing approximately 2^14 - 2 addresses (16382). 992 - + * 993 - + * For packets being encapsulated, the overlay network destination IP 994 - + * address is deconstructed into its overlay and underlay-derived 995 - + * portions. The underlay portion (determined by the overlay mask and 996 - + * overlay subnet mask) is right shifted according to the size of the 997 - + * underlay network mask. This value is then ORed with the network 998 - + * portion of the underlay network to produce the underlay network 999 - + * destination for the encapsulated datagram. 1000 - + * 1001 - + * For example, using the initial example of underlay 10.88.3.4/16 and 1002 - + * overlay 99.0.0.0/8, with underlay host 10.88.3.4/16 providing overlay 1003 - + * subnet 99.3.4.0/24 with specfic host 99.3.4.5. A datagram from 1004 - + * 99.3.4.5 to 99.6.7.8 would first have the underlay host derived portion 1005 - + * of the address extracted. This is a number of bits equal to underlay 1006 - + * network host portion. In the destination address, the highest order of 1007 - + * these bits is one bit lower than the lowest order bit from the overlay 1008 - + * network mask. 1009 - + * 1010 - + * Using the sample value, 99.6.7.8, the overlay mask is /8, and the 1011 - + * underlay mask is /16 (leaving 16 bits for the host portion). The bits 1012 - + * to be shifted are the middle two octets, 0.6.7.0, as this is 99.6.7.8 1013 - + * ANDed with the mask 0x00ffff00 (which is 16 bits, the highest order of 1014 - + * which is 1 bit lower than the lowest order overlay address bit). 1015 - * 1016 - - * E.g., underlay host 10.88.3.4 with an overlay of 99 would host overlay 1017 - - * subnet 99.3.4.0/24. An overlay network datagram from 99.3.4.5 to 1018 - - * 99.6.7.8, would be directed to underlay host 10.88.6.7, which hosts 1019 - - * overlay network 99.6.7.0/24. 1020 - + * These octets, 0.6.7.0, are then right shifted 8 bits, yielding 0.0.6.7. 1021 - + * This value is then ORed with the underlay network portion, 1022 - + * 10.88.0.0/16, providing 10.88.6.7 as the final underlay destination for 1023 - + * the encapuslated datagram. 1024 - + * 1025 - + * Another transform using the final example: overlay 100.64.0.0/10 and 1026 - + * underlay 10.224.220.0/24. Consider overlay address 100.66.128.1 1027 - + * sending a datagram to 100.66.200.5. In this case, 8 bits (the host 1028 - + * portion size of 10.224.220.0/24) beginning after the 100.64/10 overlay 1029 - + * prefix are masked off, yielding 0.2.192.0. This is right shifted 14 1030 - + * (32 - 10 - (32 - 24), i.e., the number of bits between the overlay 1031 - + * network portion and the underlay host portion) bits, yielding 0.0.0.11. 1032 - + * This is ORed with the underlay network portion, 10.224.220.0/24, giving 1033 - + * the underlay destination of 10.224.220.11 for overlay destination 1034 - + * 100.66.200.5. 1035 - */ 1036 - static int ipip_build_fan_iphdr(struct ip_tunnel *tunnel, struct sk_buff *skb, struct iphdr *iph) 1037 - { 1038 - - unsigned int overlay; 1039 - + struct ip_fan_map *f_map; 1040 - u32 daddr, underlay; 1041 - 1042 - + f_map = ipip_fan_find_map(tunnel, ip_hdr(skb)->daddr); 1043 - + if (!f_map) 1044 - + return -ENOENT; 1045 - + 1046 - daddr = ntohl(ip_hdr(skb)->daddr); 1047 - - overlay = daddr >> 24; 1048 - - underlay = tunnel->fan.map[overlay]; 1049 - + underlay = ntohl(f_map->underlay); 1050 - if (!underlay) 1051 - return -EINVAL; 1052 - 1053 - *iph = tunnel->parms.iph; 1054 - - iph->daddr = htonl(underlay | ((daddr >> 8) & 0x0000ffff)); 1055 - + iph->daddr = htonl(underlay | 1056 - + ((daddr & ~f_map->overlay_mask) >> 1057 - + (32 - f_map->overlay_prefix - 1058 - + (32 - f_map->underlay_prefix)))); 1059 - return 0; 1060 - } 1061 - 1062 - @@ -260,7 +368,7 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 1063 - if (IS_ERR(skb)) 1064 - goto out; 1065 - 1066 - - if (ipip_tunnel_is_fan(tunnel)) { 1067 - + if (fan_has_map(&tunnel->fan)) { 1068 - if (ipip_build_fan_iphdr(tunnel, skb, &fiph)) 1069 - goto tx_error; 1070 - tiph = &fiph; 1071 - @@ -325,6 +433,8 @@ static const struct net_device_ops ipip_netdev_ops = { 1072 - 1073 - static void ipip_tunnel_setup(struct net_device *dev) 1074 - { 1075 - + struct ip_tunnel *t = netdev_priv(dev); 1076 - + 1077 - dev->netdev_ops = &ipip_netdev_ops; 1078 - 1079 - dev->type = ARPHRD_TUNNEL; 1080 - @@ -336,6 +446,7 @@ static void ipip_tunnel_setup(struct net_device *dev) 1081 - dev->features |= IPIP_FEATURES; 1082 - dev->hw_features |= IPIP_FEATURES; 1083 - ip_tunnel_setup(dev, ipip_net_id); 1084 - + INIT_LIST_HEAD(&t->fan.fan_maps); 1085 - } 1086 - 1087 - static int ipip_tunnel_init(struct net_device *dev) 1088 - @@ -419,41 +530,65 @@ static bool ipip_netlink_encap_parms(struct nlattr *data[], 1089 - return ret; 1090 - } 1091 - 1092 - -static void ipip_fan_free_map(struct ip_tunnel *t) 1093 - +static void ipip_fan_flush_map(struct ip_tunnel *t) 1094 - { 1095 - - memset(&t->fan.map, 0, sizeof(t->fan.map)); 1096 - + struct ip_fan_map *fan_map; 1097 - + 1098 - + list_for_each_entry_rcu(fan_map, &t->fan.fan_maps, list) { 1099 - + list_del_rcu(&fan_map->list); 1100 - + kfree_rcu(fan_map, rcu); 1101 - + } 1102 - } 1103 - 1104 - -static int ipip_fan_set_map(struct ip_tunnel *t, struct ip_tunnel_fan_map *map) 1105 - +static int ipip_fan_del_map(struct ip_tunnel *t, __be32 overlay) 1106 - { 1107 - - u32 overlay, overlay_mask, underlay, underlay_mask; 1108 - + struct ip_fan_map *fan_map; 1109 - 1110 - - if ((map->underlay_prefix && map->underlay_prefix != 16) || 1111 - - (map->overlay_prefix && map->overlay_prefix != 8)) 1112 - - return -EINVAL; 1113 - + fan_map = ipip_fan_find_map(t, overlay); 1114 - + if (!fan_map) 1115 - + return -ENOENT; 1116 - + 1117 - + list_del_rcu(&fan_map->list); 1118 - + kfree_rcu(fan_map, rcu); 1119 - 1120 - - overlay = ntohl(map->overlay); 1121 - - overlay_mask = ntohl(inet_make_mask(map->overlay_prefix)); 1122 - + return 0; 1123 - +} 1124 - 1125 - - underlay = ntohl(map->underlay); 1126 - - underlay_mask = ntohl(inet_make_mask(map->underlay_prefix)); 1127 - +static int ipip_fan_add_map(struct ip_tunnel *t, struct ifla_fan_map *map) 1128 - +{ 1129 - + __be32 overlay_mask, underlay_mask; 1130 - + struct ip_fan_map *fan_map; 1131 - 1132 - - if ((overlay & ~overlay_mask) || (underlay & ~underlay_mask)) 1133 - - return -EINVAL; 1134 - + overlay_mask = inet_make_mask(map->overlay_prefix); 1135 - + underlay_mask = inet_make_mask(map->underlay_prefix); 1136 - 1137 - - if (!(overlay & overlay_mask) && (underlay & underlay_mask)) 1138 - + if ((map->overlay & ~overlay_mask) || (map->underlay & ~underlay_mask)) 1139 - return -EINVAL; 1140 - 1141 - - t->parms.i_flags |= TUNNEL_FAN; 1142 - + if (!(map->overlay & overlay_mask) && (map->underlay & underlay_mask)) 1143 - + return -EINVAL; 1144 - 1145 - - /* Special case: overlay 0 and underlay 0 clears all mappings */ 1146 - - if (!overlay && !underlay) { 1147 - - ipip_fan_free_map(t); 1148 - + /* Special case: overlay 0 and underlay 0: flush all mappings */ 1149 - + if (!map->overlay && !map->underlay) { 1150 - + ipip_fan_flush_map(t); 1151 - return 0; 1152 - } 1153 - + 1154 - + /* Special case: overlay set and underlay 0: clear map for overlay */ 1155 - + if (!map->underlay) 1156 - + return ipip_fan_del_map(t, map->overlay); 1157 - + 1158 - + if (ipip_fan_find_map(t, map->overlay)) 1159 - + return -EEXIST; 1160 - + 1161 - + fan_map = kmalloc(sizeof(*fan_map), GFP_KERNEL); 1162 - + fan_map->underlay = map->underlay; 1163 - + fan_map->overlay = map->overlay; 1164 - + fan_map->underlay_prefix = map->underlay_prefix; 1165 - + fan_map->overlay_mask = ntohl(overlay_mask); 1166 - + fan_map->overlay_prefix = map->overlay_prefix; 1167 - 1168 - - overlay >>= (32 - map->overlay_prefix); 1169 - - t->fan.map[overlay] = underlay; 1170 - + list_add_tail_rcu(&fan_map->list, &t->fan.fan_maps); 1171 - 1172 - return 0; 1173 - } 1174 - @@ -462,7 +597,7 @@ static int ipip_fan_set_map(struct ip_tunnel *t, struct ip_tunnel_fan_map *map) 1175 - static int ipip_netlink_fan(struct nlattr *data[], struct ip_tunnel *t, 1176 - struct ip_tunnel_parm *parms) 1177 - { 1178 - - struct ip_tunnel_fan_map *map; 1179 - + struct ifla_fan_map *map; 1180 - struct nlattr *attr; 1181 - int rem, rv; 1182 - 1183 - @@ -474,7 +609,7 @@ static int ipip_netlink_fan(struct nlattr *data[], struct ip_tunnel *t, 1184 - 1185 - nla_for_each_nested(attr, data[IFLA_IPTUN_FAN_MAP], rem) { 1186 - map = nla_data(attr); 1187 - - rv = ipip_fan_set_map(t, map); 1188 - + rv = ipip_fan_add_map(t, map); 1189 - if (rv) 1190 - return rv; 1191 - } 1192 - @@ -555,7 +690,7 @@ static size_t ipip_get_size(const struct net_device *dev) 1193 - /* IFLA_IPTUN_ENCAP_DPORT */ 1194 - nla_total_size(2) + 1195 - /* IFLA_IPTUN_FAN_MAP */ 1196 - - nla_total_size(sizeof(struct ip_tunnel_fan_map)) * 256 + 1197 - + nla_total_size(sizeof(struct ifla_fan_map)) * 256 + 1198 - 0; 1199 - } 1200 - 1201 - @@ -583,25 +718,22 @@ static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev) 1202 - tunnel->encap.flags)) 1203 - goto nla_put_failure; 1204 - 1205 - - if (tunnel->parms.i_flags & TUNNEL_FAN) { 1206 - + if (fan_has_map(&tunnel->fan)) { 1207 - struct nlattr *fan_nest; 1208 - - int i; 1209 - + struct ip_fan_map *fan_map; 1210 - 1211 - fan_nest = nla_nest_start(skb, IFLA_IPTUN_FAN_MAP); 1212 - if (!fan_nest) 1213 - goto nla_put_failure; 1214 - - for (i = 0; i < 256; i++) { 1215 - - if (tunnel->fan.map[i]) { 1216 - - struct ip_tunnel_fan_map map; 1217 - - 1218 - - map.underlay = htonl(tunnel->fan.map[i]); 1219 - - map.underlay_prefix = 16; 1220 - - map.overlay = htonl(i << 24); 1221 - - map.overlay_prefix = 8; 1222 - - if (nla_put(skb, IFLA_FAN_MAPPING, 1223 - - sizeof(map), &map)) 1224 - - goto nla_put_failure; 1225 - - } 1226 - + list_for_each_entry_rcu(fan_map, &tunnel->fan.fan_maps, list) { 1227 - + struct ifla_fan_map map; 1228 - + 1229 - + map.underlay = fan_map->underlay; 1230 - + map.underlay_prefix = fan_map->underlay_prefix; 1231 - + map.overlay = fan_map->overlay; 1232 - + map.overlay_prefix = fan_map->overlay_prefix; 1233 - + if (nla_put(skb, IFLA_FAN_MAPPING, sizeof(map), &map)) 1234 - + goto nla_put_failure; 1235 - } 1236 - nla_nest_end(skb, fan_nest); 1237 - } 1238 - -- 1239 - 2.7.4 1240 -
-69
pkgs/os-specific/linux/kernel/ubuntu-unprivileged-overlayfs.patch
··· 1 - From 7415cb7b31569e9266229d4ebc79ccec4841ab04 Mon Sep 17 00:00:00 2001 2 - From: Serge Hallyn <serge.hallyn@ubuntu.com> 3 - Date: Fri, 7 Feb 2014 09:32:46 -0600 4 - Subject: [PATCH] UBUNTU: SAUCE: Overlayfs: allow unprivileged mounts 5 - 6 - Unprivileged mounting, here, refers to root in a non-initial user 7 - namespace performing the mount. In particular, it requires 8 - CAP_SYS_ADMIN toward the task's mounts namespace, alleviating 9 - the concerns of manipulating mount environment for setuid-root 10 - binaries on the host. 11 - 12 - We refuse unprivileged mounting of most filesystem types because 13 - we do not trust the in-kernel superblock parsers to correctly 14 - handle malicious input. 15 - 16 - However, overlayfs does not parse any user-provided data other 17 - than the pathnames passed in. Therefore unprivileged mounting 18 - of overlayfs should be safe. 19 - 20 - Allowing unprivileged mounting of overlayfs filesystems would 21 - allow Ubuntu Trusty users to create overlayfs-based container 22 - snapshots, which would be a huge usability improvement. 23 - 24 - This patch enables unprivileged mounting of overlayfs. 25 - 26 - I tested a few simple combinations, and found that, when 27 - doing (the equivalent of) 28 - 29 - mount -t overlayfs -oupperdir=u,lowerdir=l l t 30 - 31 - (u for upper, l for lower, t for target), 32 - 33 - 1. overlayfs mount is always allowed, regardless of ownership 34 - of u, l, or t. However 35 - 36 - 2. Creation of new files is allowed so long as u is owned by 37 - T. Otherwise, regardless of ownerships of l and t it is 38 - denied. (This is expected; t was the mountpoint and 39 - 'disapears', so its ownership is irrelevant) 40 - 41 - 3. modification of a file 'hithere' which is in l but not yet 42 - in u, and which is not owned by T, is not allowed, even if 43 - writes to u are allowed. This may be a bug in overlayfs, 44 - but it is safe behavior. It also will not cause a problem 45 - for lxc since lxc will ensure that files are mapped into T's 46 - namespace. 47 - 48 - Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> 49 - Signed-off-by: Tim Gardner <tim.gardner@canonical.com> 50 - Signed-off-by: Andy Whitcroft <apw@canonical.com> 51 - --- 52 - fs/overlayfs/super.c | 1 + 53 - 1 file changed, 1 insertion(+) 54 - 55 - diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c 56 - index 9473e79..50890c2 100644 57 - --- a/fs/overlayfs/super.c 58 - +++ b/fs/overlayfs/super.c 59 - @@ -668,6 +668,7 @@ static struct file_system_type ovl_fs_type = { 60 - .name = "overlayfs", 61 - .mount = ovl_mount, 62 - .kill_sb = kill_anon_super, 63 - + .fs_flags = FS_USERNS_MOUNT, 64 - }; 65 - MODULE_ALIAS_FS("overlayfs"); 66 - 67 - -- 68 - 2.1.0.rc1 69 -