[arch-commits] Commit in linux/trunk (3 files)
Evangelos Foutras
foutrelis at archlinux.org
Fri Sep 4 20:43:16 UTC 2015
Date: Friday, September 4, 2015 @ 22:43:15
Author: foutrelis
Revision: 245327
upgpkg: linux 4.2-3
Fix two network-related issues.
Added:
linux/trunk/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch
linux/trunk/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch
Modified:
linux/trunk/PKGBUILD
-----------------------------------------------------------------+
0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch | 65 ++++++
0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch | 103 ++++++++++
PKGBUILD | 19 +
3 files changed, 184 insertions(+), 3 deletions(-)
Added: 0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch
===================================================================
--- 0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch (rev 0)
+++ 0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch 2015-09-04 20:43:15 UTC (rev 245327)
@@ -0,0 +1,65 @@
+From 37b12910dd11d9ab969f2c310dc9160b7f3e3405 Mon Sep 17 00:00:00 2001
+From: Raanan Avargil <raanan.avargil at intel.com>
+Date: Sun, 19 Jul 2015 16:33:20 +0300
+Subject: [PATCH] e1000e: Fix tight loop implementation of systime read
+ algorithm
+
+Change the algorithm. Read systimel twice and check for overflow.
+If there was no overflow, use the first value.
+If there was an overflow, read systimeh again and use the second
+systimel value.
+
+Signed-off-by: Raanan Avargil <raanan.avargil at intel.com>
+Tested-by: Aaron Brown <aaron.f.brown at intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher at intel.com>
+---
+ drivers/net/ethernet/intel/e1000e/netdev.c | 31 ++++++++++++++++++++----------
+ 1 file changed, 21 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
+index 24b7269..96a8166 100644
+--- a/drivers/net/ethernet/intel/e1000e/netdev.c
++++ b/drivers/net/ethernet/intel/e1000e/netdev.c
+@@ -4280,18 +4280,29 @@ static cycle_t e1000e_cyclecounter_read(const struct cyclecounter *cc)
+ struct e1000_adapter *adapter = container_of(cc, struct e1000_adapter,
+ cc);
+ struct e1000_hw *hw = &adapter->hw;
++ u32 systimel_1, systimel_2, systimeh;
+ cycle_t systim, systim_next;
+- /* SYSTIMH latching upon SYSTIML read does not work well. To fix that
+- * we don't want to allow overflow of SYSTIML and a change to SYSTIMH
+- * to occur between reads, so if we read a vale close to overflow, we
+- * wait for overflow to occur and read both registers when its safe.
++ /* SYSTIMH latching upon SYSTIML read does not work well.
++ * This means that if SYSTIML overflows after we read it but before
++ * we read SYSTIMH, the value of SYSTIMH has been incremented and we
++ * will experience a huge non linear increment in the systime value
++ * to fix that we test for overflow and if true, we re-read systime.
+ */
+- u32 systim_overflow_latch_fix = 0x3FFFFFFF;
+-
+- do {
+- systim = (cycle_t)er32(SYSTIML);
+- } while (systim > systim_overflow_latch_fix);
+- systim |= (cycle_t)er32(SYSTIMH) << 32;
++ systimel_1 = er32(SYSTIML);
++ systimeh = er32(SYSTIMH);
++ systimel_2 = er32(SYSTIML);
++ /* Check for overflow. If there was no overflow, use the values */
++ if (systimel_1 < systimel_2) {
++ systim = (cycle_t)systimel_1;
++ systim |= (cycle_t)systimeh << 32;
++ } else {
++ /* There was an overflow, read again SYSTIMH, and use
++ * systimel_2
++ */
++ systimeh = er32(SYSTIMH);
++ systim = (cycle_t)systimel_2;
++ systim |= (cycle_t)systimeh << 32;
++ }
+
+ if ((hw->mac.type == e1000_82574) || (hw->mac.type == e1000_82583)) {
+ u64 incvalue, time_delta, rem, temp;
+--
+2.5.1
+
Added: 0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch
===================================================================
--- 0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch (rev 0)
+++ 0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch 2015-09-04 20:43:15 UTC (rev 245327)
@@ -0,0 +1,103 @@
+From 9cf94eab8b309e8bcc78b41dd1561c75b537dd0b Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <daniel at iogearbox.net>
+Date: Mon, 31 Aug 2015 19:11:02 +0200
+Subject: [PATCH] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy
+ error paths
+
+Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack
+templates") migrated templates to the new allocator api, but forgot to
+update error paths for them in CT and synproxy to use nf_ct_tmpl_free()
+instead of nf_conntrack_free().
+
+Due to that, memory is being freed into the wrong kmemcache, but also
+we drop the per net reference count of ct objects causing an imbalance.
+
+In Brad's case, this leads to a wrap-around of net->ct.count and thus
+lets __nf_conntrack_alloc() refuse to create a new ct object:
+
+ [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching
+ [ 10.810168] nf_conntrack: table full, dropping packet
+ [ 11.917416] r8169 0000:07:00.0 eth0: link up
+ [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
+ [ 12.815902] nf_conntrack: table full, dropping packet
+ [ 15.688561] nf_conntrack: table full, dropping packet
+ [ 15.689365] nf_conntrack: table full, dropping packet
+ [ 15.690169] nf_conntrack: table full, dropping packet
+ [ 15.690967] nf_conntrack: table full, dropping packet
+ [...]
+
+With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs.
+nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus,
+to fix the problem, export and use nf_ct_tmpl_free() instead.
+
+Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates")
+Reported-by: Brad Jackson <bjackson0971 at gmail.com>
+Signed-off-by: Daniel Borkmann <daniel at iogearbox.net>
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+---
+ include/net/netfilter/nf_conntrack.h | 1 +
+ net/netfilter/nf_conntrack_core.c | 3 ++-
+ net/netfilter/nf_synproxy_core.c | 2 +-
+ net/netfilter/xt_CT.c | 2 +-
+ 4 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
+index 37cd391..4023c4c 100644
+--- a/include/net/netfilter/nf_conntrack.h
++++ b/include/net/netfilter/nf_conntrack.h
+@@ -292,6 +292,7 @@ extern unsigned int nf_conntrack_hash_rnd;
+ void init_nf_conntrack_hash_rnd(void);
+
+ struct nf_conn *nf_ct_tmpl_alloc(struct net *net, u16 zone, gfp_t flags);
++void nf_ct_tmpl_free(struct nf_conn *tmpl);
+
+ #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
+ #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
+diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
+index 3c20d02..0625a42 100644
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
+@@ -320,12 +320,13 @@ out_free:
+ }
+ EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc);
+
+-static void nf_ct_tmpl_free(struct nf_conn *tmpl)
++void nf_ct_tmpl_free(struct nf_conn *tmpl)
+ {
+ nf_ct_ext_destroy(tmpl);
+ nf_ct_ext_free(tmpl);
+ kfree(tmpl);
+ }
++EXPORT_SYMBOL_GPL(nf_ct_tmpl_free);
+
+ static void
+ destroy_conntrack(struct nf_conntrack *nfct)
+diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
+index d7f1685..d6ee8f8 100644
+--- a/net/netfilter/nf_synproxy_core.c
++++ b/net/netfilter/nf_synproxy_core.c
+@@ -378,7 +378,7 @@ static int __net_init synproxy_net_init(struct net *net)
+ err3:
+ free_percpu(snet->stats);
+ err2:
+- nf_conntrack_free(ct);
++ nf_ct_tmpl_free(ct);
+ err1:
+ return err;
+ }
+diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
+index 43ddeee..f3377ce 100644
+--- a/net/netfilter/xt_CT.c
++++ b/net/netfilter/xt_CT.c
+@@ -233,7 +233,7 @@ out:
+ return 0;
+
+ err3:
+- nf_conntrack_free(ct);
++ nf_ct_tmpl_free(ct);
+ err2:
+ nf_ct_l3proto_module_put(par->family);
+ err1:
+--
+2.5.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-09-04 20:28:11 UTC (rev 245326)
+++ PKGBUILD 2015-09-04 20:43:15 UTC (rev 245327)
@@ -6,7 +6,7 @@
#pkgbase=linux-custom # Build kernel with a different name
_srcname=linux-4.2
pkgver=4.2
-pkgrel=2
+pkgrel=3
arch=('i686' 'x86_64')
url="http://www.kernel.org/"
license=('GPL2')
@@ -21,7 +21,9 @@
# standard config files for mkinitcpio ramdisk
'linux.preset'
'change-default-console-loglevel.patch'
- '0001-make_flush_workqueue_non_gpl.patch')
+ '0001-make_flush_workqueue_non_gpl.patch'
+ '0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch'
+ '0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch')
sha256sums=('cf20e044f17588d2a42c8f2a450b0fd84dfdbd579b489d93e9ab7d0e8b45dbeb'
'SKIP'
'e6f6f804f98ad321ce3e4395924993b51decb89699fde369391ccbb4bae928b2'
@@ -28,7 +30,9 @@
'a071aaa327d2b3577fa4709b47ed5fe81c7914d168607f3db905fdbf226247e7'
'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c'
'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
- '4e776734e2c2185910a6fbb6f333d967b04f4a72b3196310af286c6a779bd97d')
+ '4e776734e2c2185910a6fbb6f333d967b04f4a72b3196310af286c6a779bd97d'
+ '0b1e41ba59ae45f5929963aa22fdc53bc8ffb4534e976cec046269d1a462197b'
+ '6ed9e31ae5614c289c4884620e45698e764c03670ebc45bab9319d741238cbd3')
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -49,6 +53,15 @@
# already applied to 4.3 series
patch -p1 -i "${srcdir}/0001-make_flush_workqueue_non_gpl.patch"
+ # fix hard lockup in e1000e_cyclecounter_read() after 4 hours of uptime
+ # https://lkml.org/lkml/2015/8/18/292
+ patch -p1 -i "${srcdir}/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch"
+
+ # add not-yet-mainlined patch to fix network unavailability when iptables
+ # rules are applied during startup - happened with Shorewall; journal had
+ # many instances of this error: nf_conntrack: table full, dropping packet
+ patch -p1 -i "${srcdir}/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch"
+
# set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
# remove this when a Kconfig knob is made available by upstream
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
More information about the arch-commits
mailing list