Permalink
Commits on Aug 20, 2017
  1. landlock: Add user and kernel documentation for Landlock

    l0kod committed Aug 20, 2017
    This documentation can be built with the Sphinx framework.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v6:
    * add a check for ctx->event
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE
    * rename Landlock version to ABI to better reflect its purpose and add a
      dedicated changelog section
    * update tables
    * relax no_new_privs recommendations
    * remove ABILITY_WRITE related functions
    * reword rule "appending" to "prepending" and explain it
    * cosmetic fixes
    
    Changes since v5:
    * update the rule hierarchy inheritance explanation
    * briefly explain ctx->arg2
    * add ptrace restrictions
    * explain EPERM
    * update example (subtype)
    * use ":manpage:"
  2. bpf,landlock: Add tests for Landlock

    l0kod committed Aug 20, 2017
    Test basic context access, ptrace protection and filesystem event with
    multiple cases.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Cc: Shuah Khan <shuah@kernel.org>
    Cc: Will Drewry <wad@chromium.org>
    ---
    
    Changes since v6:
    * use the new kselftest_harness.h
    * use const variables
    * replace ASSERT_STEP with ASSERT_*
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE
    * force sample library rebuild
    * fix install target
    
    Changes since v5:
    * add subtype test
    * add ptrace tests
    * split and rename files
    * cleanup and rebase
  3. bpf: Add a Landlock sandbox example

    l0kod committed Aug 20, 2017
    Add a basic sandbox tool to create a process isolated from some part of
    the system. This sandbox create a read-only environment. It is only
    allowed to write to a character device such as a TTY:
    
      # :> X
      # echo $?
      0
      # ./samples/bpf/landlock1 /bin/sh -i
      Launching a new sandboxed process.
      # :> Y
      cannot create Y: Operation not permitted
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v6:
    * check return value of load_and_attach()
    * allow to write on pipes
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE
    * rename Landlock version to ABI to better reflect its purpose
    * use const variable (suggested by Kees Cook)
    * remove useless definitions (suggested by Kees Cook)
    * add detailed explanations (suggested by Kees Cook)
    
    Changes since v5:
    * cosmetic fixes
    * rebase
    
    Changes since v4:
    * write Landlock rule in C and compiled it with LLVM
    * remove cgroup handling
    * remove path handling: only handle a read-only environment
    * remove errno return codes
    
    Changes since v3:
    * remove seccomp and origin field: completely free from seccomp programs
    * handle more FS-related hooks
    * handle inode hooks and directory traversal
    * add faked but consistent view thanks to ENOENT
    * add /lib64 in the example
    * fix spelling
    * rename some types and definitions (e.g. SECCOMP_ADD_LANDLOCK_RULE)
    
    Changes since v2:
    * use BPF_PROG_ATTACH for cgroup handling
  4. landlock: Add ptrace restrictions

    l0kod committed Aug 20, 2017
    A landlocked process has less privileges than a non-landlocked process
    and must then be subject to additional restrictions when manipulating
    processes. To be allowed to use ptrace(2) and related syscalls on a
    target process, a landlocked process must have a subset of the target
    process' rules.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v6:
    * factor out ptrace check
    * constify pointers
    * cleanup headers
    * use the new security_add_hooks()
  5. seccomp,landlock: Handle Landlock events per process hierarchy

    l0kod committed Aug 20, 2017
    The seccomp(2) syscall can be used by a task to apply a Landlock rule to
    itself. As a seccomp filter, a Landlock rule is enforced for the current
    task and all its future children. A rule is immutable and a task can
    only add new restricting rules to itself, forming a chain of rules.
    
    A Landlock rule is tied to a Landlock event. If the action on a kernel
    object is allowed by the other Linux security mechanisms (e.g. DAC,
    capabilities, other LSM), then a Landlock event related to this kind of
    object is triggered. The chain of rules for this event is then
    evaluated. Each rule return a 32-bit value which can deny the action on
    a kernel object with a non-zero value. If every rules of the chain
    return zero, then the action on the object is allowed.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Cc: Will Drewry <wad@chromium.org>
    Link: https://lkml.kernel.org/r/c10a503d-5e35-7785-2f3d-25ed8dd63fab@digikod.net
    ---
    
    Changes since v6:
    * rename some functions with more accurate names to reflect that an eBPF
      program for Landlock could be used for something else than a rule
    * reword rule "appending" to "prepending" and explain it
    * remove the superfluous no_new_privs check, only check global
      CAP_SYS_ADMIN when prepending a Landlock rule (needed for containers)
    * create and use {get,put}_seccomp_landlock() (suggested by Kees Cook)
    * replace ifdef with static inlined function (suggested by Kees Cook)
    * use get_user() (suggested by Kees Cook)
    * replace atomic_t with refcount_t (requested by Kees Cook)
    * move struct landlock_{rule,events} from landlock.h to common.h
    * cleanup headers
    
    Changes since v5:
    * remove struct landlock_node and use a similar inheritance mechanisme
      as seccomp-bpf (requested by Andy Lutomirski)
    * rename SECCOMP_ADD_LANDLOCK_RULE to SECCOMP_APPEND_LANDLOCK_RULE
    * rename file manager.c to providers.c
    * add comments
    * typo and cosmetic fixes
    
    Changes since v4:
    * merge manager and seccomp patches
    * return -EFAULT in seccomp(2) when user_bpf_fd is null to easely check
      if Landlock is supported
    * only allow a process with the global CAP_SYS_ADMIN to use Landlock
      (will be lifted in the future)
    * add an early check to exit as soon as possible if the current process
      does not have Landlock rules
    
    Changes since v3:
    * remove the hard link with seccomp (suggested by Andy Lutomirski and
      Kees Cook):
      * remove the cookie which could imply multiple evaluation of Landlock
        rules
      * remove the origin field in struct landlock_data
    * remove documentation fix (merged upstream)
    * rename the new seccomp command to SECCOMP_ADD_LANDLOCK_RULE
    * internal renaming
    * split commit
    * new design to be able to inherit on the fly the parent rules
    
    Changes since v2:
    * Landlock programs can now be run without seccomp filter but for any
      syscall (from the process) or interruption
    * move Landlock related functions and structs into security/landlock/*
      (to manage cgroups as well)
    * fix seccomp filter handling: run Landlock programs for each of their
      legitimate seccomp filter
    * properly clean up all seccomp results
    * cosmetic changes to ease the understanding
    * fix some ifdef
  6. landlock: Add LSM hooks related to filesystem

    l0kod committed Aug 20, 2017
    Handle 33 filesystem-related LSM hooks for the Landlock filesystem
    event: LANDLOCK_SUBTYPE_EVENT_FS.
    
    A Landlock event wrap LSM hooks for similar kernel object types (e.g.
    struct file, struct path...). Multiple LSM hooks can trigger the same
    Landlock event.
    
    Landlock handle nine coarse-grained actions: read, write, execute, new,
    get, remove, ioctl, lock and fcntl. Each of them abstract LSM hook
    access control in a way that can be extended in the future.
    
    The Landlock LSM hook registration is done after other LSM to only run
    actions from user-space, via eBPF programs, if the access was granted by
    major (privileged) LSMs.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v6:
    * add 3 more sub-events: IOCTL, LOCK, FCNTL
      https://lkml.kernel.org/r/2fbc99a6-f190-f335-bd14-04bdeed35571@digikod.net
    * use the new security_add_hooks()
    * explain the -Werror=unused-function
    * constify pointers
    * cleanup headers
    
    Changes since v5:
    * split hooks.[ch] into hooks.[ch] and hooks_fs.[ch]
    * add more documentation
    * cosmetic fixes
    * rebase (SCALAR_VALUE)
    
    Changes since v4:
    * add LSM hook abstraction called Landlock event
      * use the compiler type checking to verify hooks use by an event
      * handle all filesystem related LSM hooks (e.g. file_permission,
        mmap_file, sb_mount...)
    * register BPF programs for Landlock just after LSM hooks registration
    * move hooks registration after other LSMs
    * add failsafes to check if a hook is not used by the kernel
    * allow partial raw value access form the context (needed for programs
      generated by LLVM)
    
    Changes since v3:
    * split commit
    * add hooks dealing with struct inode and struct path pointers:
      inode_permission and inode_getattr
    * add abstraction over eBPF helper arguments thanks to wrapping structs
  7. bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode()

    l0kod committed Aug 20, 2017
    Add an eBPF function bpf_handle_fs_get_mode(handle_fs) to get the mode
    of a an abstract object wrapping either a file, a dentry, a path, or an
    inode.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Cc: Jann Horn <jann@thejh.net>
    ---
    
    Changes since v6:
    * remove WARN_ON() for missing dentry->d_inode
    * refactor bpf_landlock_func_proto() (suggested by Kees Cook)
    
    Changes since v5:
    * cosmetic fixes and rebase
    
    Changes since v4:
    * use a file abstraction (handle) to wrap inode, dentry, path and file
      structs
    * remove bpf_landlock_cmp_fs_beneath()
    * rename the BPF helper and move it to kernel/bpf/
    * tighten helpers accessible by a Landlock rule
    
    Changes since v3:
    * remove bpf_landlock_cmp_fs_prop() (suggested by Alexie Starovoitov)
    * add hooks dealing with struct inode and struct path pointers:
      inode_permission and inode_getattr
    * add abstraction over eBPF helper arguments thanks to wrapping structs
    * add bpf_landlock_get_fs_mode() helper to check file type and mode
    * merge WARN_ON() (suggested by Kees Cook)
    * fix and update bpf_helpers.h
    * use BPF_CALL_* for eBPF helpers (suggested by Alexie Starovoitov)
    * make handle arraymap safe (RCU) and remove buggy synchronize_rcu()
    * factor out the arraymay walk
    * use size_t to index array (suggested by Jann Horn)
    
    Changes since v2:
    * add MNT_INTERNAL check to only add file handle from user-visible FS
      (e.g. no anonymous inode)
    * replace struct file* with struct path* in map_landlock_handle
    * add BPF protos
    * fix bpf_landlock_cmp_fs_prop_with_struct_file()
  8. bpf,landlock: Define an eBPF program type for a Landlock rule

    l0kod committed Aug 20, 2017
    Add a new type of eBPF program used by Landlock rules.
    
    This new BPF program type will be registered with the Landlock LSM
    initialization.
    
    Add an initial Landlock Kconfig.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v6:
    * add 3 more sub-events: IOCTL, LOCK, FCNTL
      https://lkml.kernel.org/r/2fbc99a6-f190-f335-bd14-04bdeed35571@digikod.net
    * rename LANDLOCK_VERSION to LANDLOCK_ABI to better reflect its purpose,
      and move it from landlock.h to common.h
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE: an eBPF
      program could be used for something else than a rule
    * simplify struct landlock_context by removing the arch and syscall_nr fields
    * remove all eBPF map functions call, remove ABILITY_WRITE
    * refactor bpf_landlock_func_proto() (suggested by Kees Cook)
    * constify pointers
    * fix doc inclusion
    
    Changes since v5:
    * rename file hooks.c to init.c
    * fix spelling
    
    Changes since v4:
    * merge a minimal (not enabled) LSM code and Kconfig in this commit
    
    Changes since v3:
    * split commit
    * revamp the landlock_context:
      * add arch, syscall_nr and syscall_cmd (ioctl, fcntl…) to be able to
        cross-check action with the event type
      * replace args array with dedicated fields to ease the addition of new
        fields
  9. bpf: Add eBPF program subtype and is_valid_subtype() verifier

    l0kod committed Aug 20, 2017
    The goal of the program subtype is to be able to have different static
    fine-grained verifications for a unique program type.
    
    The struct bpf_verifier_ops gets a new optional function:
    is_valid_subtype(). This new verifier is called at the beginning of the
    eBPF program verification to check if the (optional) program subtype is
    valid.
    
    For now, only Landlock eBPF programs are using a program subtype (see
    next commit) but this could be used by other program types in the future.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Link: https://lkml.kernel.org/r/20160827205559.GA43880@ast-mbp.thefacebook.com
    ---
    
    Changes since v6:
    * rename Landlock version to ABI to better reflect its purpose
    * fix unsigned integer checks
    * fix pointer cast
    * constify pointers
    * rebase
    
    Changes since v5:
    * use a prog_subtype pointer and make it future-proof
    * add subtype test
    * constify bpf_load_program()'s subtype argument
    * cleanup subtype initialization
    * rebase
    
    Changes since v4:
    * replace the "status" field with "version" (more generic)
    * replace the "access" field with "ability" (less confusing)
    
    Changes since v3:
    * remove the "origin" field
    * add an "option" field
    * cleanup comments
  10. selftest: Enhance kselftest_harness.h with a step mechanism

    l0kod committed Aug 20, 2017
    This step mechanism may be useful to return an information about the
    error without being able to write to TH_LOG_STREAM.
    
    Set _metadata->no_print to true to print this counter.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Shuah Khan <shuah@kernel.org>
    Cc: Will Drewry <wad@chromium.org>
    Link: https://lkml.kernel.org/r/CAGXu5j+D-FP8Kt9unNOqKrQJP4DYTpmgkJxWykZyrYiVPz3Y3Q@mail.gmail.com
    ---
    
    This patch is intended to the kselftest tree:
    https://lkml.kernel.org/r/20170806232337.4191-1-mic@digikod.net
    
    Changes since v6:
    * add the step counter in assert/expect macros and use _metadata to
      enable the counter (suggested by Kees Cook)
  11. bpf: linux/bpf.h needs linux/numa.h

    davem330 committed Aug 20, 2017
    Reported-by: kbuild test robot <fengguang.wu@intel.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  12. Merge branch 'BPF-inline-improvements'

    davem330 committed Aug 20, 2017
    Daniel Borkmann says:
    
    ====================
    BPF inline improvements
    
    First one makes htab inlining more robust wrt future jits and
    second one inlines map in map lookups through map_gen_lookup()
    callback.
    
    v1 -> v2:
      - BITS_PER_LONG guard in patch 1
      - BPF_EMIT_CALL is on __htab_map_lookup_elem
    ====================
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
  13. bpf: inline map in map lookup functions for array and htab

    borkmann authored and davem330 committed Aug 19, 2017
    Avoid two successive functions calls for the map in map lookup, first
    is the bpf_map_lookup_elem() helper call, and second the callback via
    map->ops->map_lookup_elem() to get to the map in map implementation.
    Implementation inlines array and htab flavor for map in map lookups.
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  14. bpf: make htab inlining more robust wrt assumptions

    borkmann authored and davem330 committed Aug 19, 2017
    Commit 9015d2f ("bpf: inline htab_map_lookup_elem()") was
    making the assumption that a direct call emission to the function
    __htab_map_lookup_elem() will always work out for JITs.
    
    This is currently true since all JITs we have are for 64 bit archs,
    but in case of 32 bit JITs like upcoming arm32, we get a NULL pointer
    dereference when executing the call to __htab_map_lookup_elem()
    since passed arguments are of a different size (due to pointer args)
    than what we do out of BPF. Guard and thus limit this for now for
    the current 64 bit JITs only.
    
    Reported-by: Shubham Bansal <illusionist.neo@gmail.com>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  15. Merge branch 'bpf-Allow-selecting-numa-node-during-map-creation'

    davem330 committed Aug 20, 2017
    Martin KaFai Lau says:
    
    ====================
    bpf: Allow selecting numa node during map creation
    
    This series allows user to pick the numa node during map creation.
    The first patch has the details
    ====================
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
  16. bpf: Allow numa selection in INNER_LRU_HASH_PREALLOC test of map_perf…

    iamkafai authored and davem330 committed Aug 18, 2017
    …_test
    
    This patch makes the needed changes to allow each process of
    the INNER_LRU_HASH_PREALLOC test to provide its numa node id
    when creating the lru map.
    
    Signed-off-by: Martin KaFai Lau <kafai@fb.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@fb.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  17. bpf: Allow selecting numa node during map creation

    iamkafai authored and davem330 committed Aug 18, 2017
    The current map creation API does not allow to provide the numa-node
    preference.  The memory usually comes from where the map-creation-process
    is running.  The performance is not ideal if the bpf_prog is known to
    always run in a numa node different from the map-creation-process.
    
    One of the use case is sharding on CPU to different LRU maps (i.e.
    an array of LRU maps).  Here is the test result of map_perf_test on
    the INNER_LRU_HASH_PREALLOC test if we force the lru map used by
    CPU0 to be allocated from a remote numa node:
    
    [ The machine has 20 cores. CPU0-9 at node 0. CPU10-19 at node 1 ]
    
    ># taskset -c 10 ./map_perf_test 512 8 1260000 8000000
    5:inner_lru_hash_map_perf pre-alloc 1628380 events per sec
    4:inner_lru_hash_map_perf pre-alloc 1626396 events per sec
    3:inner_lru_hash_map_perf pre-alloc 1626144 events per sec
    6:inner_lru_hash_map_perf pre-alloc 1621657 events per sec
    2:inner_lru_hash_map_perf pre-alloc 1621534 events per sec
    1:inner_lru_hash_map_perf pre-alloc 1620292 events per sec
    7:inner_lru_hash_map_perf pre-alloc 1613305 events per sec
    0:inner_lru_hash_map_perf pre-alloc 1239150 events per sec  #<<<
    
    After specifying numa node:
    ># taskset -c 10 ./map_perf_test 512 8 1260000 8000000
    5:inner_lru_hash_map_perf pre-alloc 1629627 events per sec
    3:inner_lru_hash_map_perf pre-alloc 1628057 events per sec
    1:inner_lru_hash_map_perf pre-alloc 1623054 events per sec
    6:inner_lru_hash_map_perf pre-alloc 1616033 events per sec
    2:inner_lru_hash_map_perf pre-alloc 1614630 events per sec
    4:inner_lru_hash_map_perf pre-alloc 1612651 events per sec
    7:inner_lru_hash_map_perf pre-alloc 1609337 events per sec
    0:inner_lru_hash_map_perf pre-alloc 1619340 events per sec #<<<
    
    This patch adds one field, numa_node, to the bpf_attr.  Since numa node 0
    is a valid node, a new flag BPF_F_NUMA_NODE is also added.  The numa_node
    field is honored if and only if the BPF_F_NUMA_NODE flag is set.
    
    Numa node selection is not supported for percpu map.
    
    This patch does not change all the kmalloc.  F.e.
    'htab = kzalloc()' is not changed since the object
    is small enough to stay in the cache.
    
    Signed-off-by: Martin KaFai Lau <kafai@fb.com>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Alexei Starovoitov <ast@fb.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  18. bnxt_en: fix spelling mistake: "swtichdev" -> "switchdev"

    ColinIanKing authored and davem330 committed Aug 18, 2017
    Trivial fix to spelling mistake in a netdev_info message
    
    Signed-off-by: Colin Ian King <colin.king@canonical.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  19. net: hns3: fix a handful of spelling mistakes

    ColinIanKing authored and davem330 committed Aug 18, 2017
    Trival fix to spelling mistakes:
    
    firware -> firmware
    invald -> invalid
    mutilcast -> multicast
    
    Signed-off-by: Colin Ian King <colin.king@canonical.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  20. Merge branch 'net-const-eisa_device_id'

    davem330 committed Aug 20, 2017
    Arvind Yadav says:
    
    ====================
    constify net eisa_device_id
    
    eisa_device_id are not supposed to change at runtime. All functions
    working with eisa_device_id provided by <linux/eisa.h> work with
    const eisa_device_id. So mark the non-const structs as const.
    ====================
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
  21. net: defxx: constify eisa_device_id

    ArvindYadavCs authored and davem330 committed Aug 19, 2017
    eisa_device_id are not supposed to change at runtime. All functions
    working with eisa_device_id provided by <linux/eisa.h> work with
    const eisa_device_id. So mark the non-const structs as const.
    
    Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
    Reviewed-by: Maciej W. Rozycki <macro@linux-mips.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  22. net: hp100: constify eisa_device_id

    ArvindYadavCs authored and davem330 committed Aug 19, 2017
    eisa_device_id are not supposed to change at runtime. All functions
    working with eisa_device_id provided by <linux/eisa.h> work with
    const eisa_device_id. So mark the non-const structs as const.
    
    Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  23. net: de4x5: constify eisa_device_id

    ArvindYadavCs authored and davem330 committed Aug 19, 2017
    eisa_device_id are not supposed to change at runtime. All functions
    working with eisa_device_id provided by <linux/eisa.h> work with
    const eisa_device_id. So mark the non-const structs as const.
    
    Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  24. net: 3c59x: constify eisa_device_id

    ArvindYadavCs authored and davem330 committed Aug 19, 2017
    eisa_device_id are not supposed to change at runtime. All functions
    working with eisa_device_id provided by <linux/eisa.h> work with
    const eisa_device_id. So mark the non-const structs as const.
    
    Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  25. net: 3c509: constify eisa_device_id

    ArvindYadavCs authored and davem330 committed Aug 19, 2017
    eisa_device_id are not supposed to change at runtime. All functions
    working with eisa_device_id provided by <linux/eisa.h> work with
    const eisa_device_id. So mark the non-const structs as const.
    
    Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
Commits on Aug 19, 2017
  1. Merge branch 'nfp-add-basic-ethtool-callbacks-to-representors'

    davem330 committed Aug 19, 2017
    Jakub Kicinski says:
    
    ====================
    nfp: add basic ethtool callbacks to representors
    
    This set extends the basic ethtool functionality to representor
    netdevs.  I start with providing link state via ethtool and then
    move on to functions such as driver information, statistics and
    FW log dump.  The series contains a number of clean ups to the
    ethtool stats code too, some of the logic is simplified by making
    better use of the nfp_port abstraction.  The stats we expose on
    representors are only the PCIe and MAC port statistics firmware
    maintains for us.
    ====================
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
  2. nfp: don't reuse pointers in ring dumping

    kuba-moo authored and davem330 committed Aug 18, 2017
    We were reusing skb pointer when reading page frag, since ring
    entries contain a union of a skb and frag pointer.  This can
    be confusing to people reading the code.  Refactor the code
    to read frag pointer directly.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  3. nfp: fix copy paste in names and messages regarding vNICs

    kuba-moo authored and davem330 committed Aug 18, 2017
    Data and control vNICs currently use the same area name and
    error message.  This could lead to confusion.  Make sure
    the error message says "ctrl" in case of control and the
    data area is called "nfp.bar0".
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  4. nfp: add ethtool statistics for representors

    kuba-moo authored and davem330 committed Aug 18, 2017
    Representors may be associated with both VFs or more importantly
    with physical ports.  Allow vNIC and MAC statistics to be read
    with ethtool -S on representors.  In case of vNICs we reuse
    the vNIC statistic helper, we just need to swap RX and TX to
    give statistics the "switch perspective."
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  5. nfp: add pointer to vNIC config memory to nfp_port structure

    kuba-moo authored and davem330 committed Aug 18, 2017
    Simplify the statistics handling code by keeping pointer to vNIC's
    config memory in nfp_port.  Note that this is referring to the
    representor side of vNICs, vNIC side has the pointer in nfp_net.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  6. nfp: report MAC statistics in ethtool

    kuba-moo authored and davem330 committed Aug 18, 2017
    Add reporting of MAC statistics in ethtool.  MAC statistics
    are read out from the MAC IP and accumulated by application
    FW, therefore their presence depends on the application FW.
    
    Add missing defines and string names for the statistics and
    dump them in ethtool -S.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  7. nfp: store pointer to MAC statistics in nfp_port

    kuba-moo authored and davem330 committed Aug 18, 2017
    Store pointer to device memory containing MAC statistics
    in nfp_port.  This simplifies representor code and will
    be used to dump those statistics in ethtool as well.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  8. nfp: split software and hardware vNIC statistics

    kuba-moo authored and davem330 committed Aug 18, 2017
    In preparation for reporting vNIC HW stats on representors
    split handling of the SW and HW stats in ethtool -S.
    Representors don't have SW stats (since vNIC is assigned
    to the VM).
    
    Remove the questionable defines which assume nn variable
    exists in the scope.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  9. nfp: add helper for printing ethtool strings

    kuba-moo authored and davem330 committed Aug 18, 2017
    Add a helper for printing ethtool strings and advancing the
    pointer correctly.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  10. nfp: don't report standard netdev statistics in ethtool

    kuba-moo authored and davem330 committed Aug 18, 2017
    We have been recently called out as a bad example for reporting
    standard netdev statistics as part of ethtool.  Fix that :)
    
    Removing standard statistics allows us to simplify the structure
    holding definitions since we no longer have to mux different types
    of statistics.
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: Simon Horman <simon.horman@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>