| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 May 2014 17:07:44 -0400 (EDT)
From: Jon Maxwell <jmaxwell@...hat.com>
To: Toshiaki Makita <makita.toshiaki@....ntt.co.jp>
Cc: Jon Maxwell <jmaxwell37@...il.com>, stephen@...workplumber.org,
davem@...emloft.net, vyasevic@...hat.com,
bridge@...ts.linux-foundation.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, jpirko@...hat.com
Subject: Re: [PATCH net] bridge: notify user space of fdb port change
----- Original Message -----
> From: "Toshiaki Makita" <makita.toshiaki@....ntt.co.jp>
> To: "Jon Maxwell" <jmaxwell37@...il.com>, stephen@...workplumber.org
> Cc: davem@...emloft.net, vyasevic@...hat.com, bridge@...ts.linux-foundation.org, netdev@...r.kernel.org,
> linux-kernel@...r.kernel.org, jpirko@...hat.com, jmaxwell@...hat.com
> Sent: Wednesday, May 14, 2014 10:34:38 AM
> Subject: Re: [PATCH net] bridge: notify user space of fdb port change
>
> (2014/05/13 16:55), Jon Maxwell wrote:
> > From: Jon Maxwell <jmaxwell37@...il.com>
> >
> > There has been a number incidents recently where customers running KVM have
> > reported that VM hosts on different Hypervisors are unreachable. Based on
> > pcap traces we found that the bridge was broadcasting the ARP request out
> > onto the network. However some NICs have an inbuilt switch which on
> > occasions
> > were broadcasting the VMs ARP request back through the physical NIC on the
> > Hypervisor. This resulted in the bridge changing ports and incorrectly
> > learning
> > that the VMs mac address was external. As a result the ARP reply was
> > directed
> > back onto the external network and VM never updated it's ARP cache. This
> > patch
> > will notify the bridge command to identify such port toggling.
> >
> > Signed-off-by: Jon Maxwell <jmaxwell37@...il.com>
> > ---
> > net/bridge/br_fdb.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
> > index 9203d5a..37742e2 100644
> > --- a/net/bridge/br_fdb.c
> > +++ b/net/bridge/br_fdb.c
> > @@ -507,6 +507,8 @@ void br_fdb_update(struct net_bridge *br, struct
> > net_bridge_port *source,
> > source->dev->name);
> > } else {
> > /* fastpath: update of existing entry */
> > + if (source->port_no != fdb->dst->port_no)
>
> It seems that we don't need to fetch port_no and it is enough to compare
> source and fdb->dst.
It may save a few instructions but I have not tested it.
>
> > + fdb_notify(br, fdb, RTM_NEWNEIGH);
> > fdb->dst = source;
> > fdb->updated = jiffies;
> > if (unlikely(added_by_user))
> >
>
> This notifies fdb entry before updating existing entry. Is this on purpose?
> I think we should notify the updated fdb entry.
> Similar code fdb_add_entry() does after updating it.
It was not on purpose but for this particular case there will be burst of notifies
so it probably does not matter. However I agree it should be after the update.
I will do that along with adding the unlikely() conditional and resubmit.
>
> Also, isn't it better to move update of dst into "if" block?
I would prefer to leave this portion as alone and only use the if
statement for the notify.
>
> if (source != fdb->dst) {
> fdb->dst = source;
> modified = true;
> }
> ...
> if (modified) ...
>
> Thanks,
> Toshiaki Makita
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists