lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Oct 2015 12:36:26 +0200 From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com> To: Elad Raz <eladr@...lanox.com>, Vivien Didelot <vivien.didelot@...oirfairelinux.com> Cc: Jiri Pirko <jiri@...nulli.us>, Scott Feldman <sfeldma@...il.com>, netdev <netdev@...r.kernel.org>, "stephen@...workplumber.org" <stephen@...workplumber.org>, Florian Fainelli <f.fainelli@...il.com>, Andrew Lunn <andrew@...n.ch>, Ido Schimmel <idosch@...lanox.com>, Or Gerlitz <ogerlitz@...lanox.com> Subject: Re: switchdev and VLAN ranges On 10/10/2015 09:49 AM, Elad Raz wrote: > >> On Oct 10, 2015, at 2:30 AM, Vivien Didelot <vivien.didelot@...oirfairelinux.com> wrote: >> >> I have two concerns in mind: >> >> a) if we imagine that drivers like Rocker allocate memory in the prepare >> phase for each VID, preparing a range like 100-4000 would definitely not >> be recommended. >> >> b) imagine that you have two Linux bridges on a switch, one using the >> hardware VLAN 100. If you request the VLAN range 99-101 for the other >> bridge members, it is not possible for the driver to say "I can >> accelerate VLAN 99 and 101, but not 100". It must return OPNOTSUPP for >> the whole range. > > Another concern I have with vid_being..vid_end range is the “flags”. Where flags can be BRIDGE_VLAN_INFO_PVID. > There is no sense having more than one VLAN as a PVID. > This leave the HW vendor the choice which VLAN id they will use as the PVID. > iproute2 doesn't allow to do it but I can see that someone can actually make it so the flags for the range have it and it doesn't look correct. Perhaps we need something like the patch below to enforce this from kernel-side. diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index d78b4429505a..02b17b53e9a6 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -524,6 +524,9 @@ static int br_afspec(struct net_bridge *br, if (vinfo_start) return -EINVAL; vinfo_start = vinfo; + /* don't allow range of pvids */ + if (vinfo_start->flags & BRIDGE_VLAN_INFO_PVID) + return -EINVAL; continue; } -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists