lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAE4R7bBdNv_e37BZRHyjNp_-5f1sD1AF5ykKCMP_Cf+fV6nEJw@mail.gmail.com>
Date:	Wed, 29 Jul 2015 14:17:43 -0700
From:	Scott Feldman <sfeldma@...il.com>
To:	Vivien Didelot <vivien.didelot@...oirfairelinux.com>
Cc:	David <davem@...emloft.net>, netdev <netdev@...r.kernel.org>,
	Jiří Pírko <jiri@...nulli.us>,
	Florian Fainelli <f.fainelli@...il.com>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	kernel <kernel@...oirfairelinux.com>
Subject: Re: [PATCH] net: switchdev: restrict vid range abstraction

On Wed, Jul 29, 2015 at 12:14 PM, Vivien Didelot
<vivien.didelot@...oirfairelinux.com> wrote:
> Hi Scott, David,
>
> On Jul 29, 2015, at 2:28 PM, David davem@...emloft.net wrote:
>
>> From: Scott Feldman <sfeldma@...il.com>
>> Date: Wed, 29 Jul 2015 00:31:44 -0700
>>
>>> Since the netlink request (for example vlan add) includes the range,
>>> I'm not seeing how we can response with success for the satisfied
>>> vlans in the range, and also respond with an error for the unsatisfied
>>> vlans in the range.   In other words, from the netlink msgs
>>> perspective, we need to treat a vlan range as all-or-nothing.  So in
>>> your example, if hw can't add vlan 2, we fail the entire request to
>>> add range 2-5.  This is where the prepare phase checks to make sure
>>> the entire request can be satisfied before committing to hw.
>
> I made this change in order to start restricting the bridge abstraction
> to switchdev, since IMHO its info flags do not add much value to the
> switch chip drivers perspective.
>
> While a range might be convenient to a user, exposing it to drivers is
> likely to end up writing the same vid_begin to vid_end for loop.
>
>> This was my concern with the change as well.
>>
>> The user asked for the range to be installed, so if any portion
>> of it cannot be done we must not make any changes to the HW
>> configuration and fail the entire request.
>
> I understand the concern with the netlink request.
>
> However, this can be confusing to someone. With the previous example:
>
>     bridge vlan add dev port0 vid 2-5 master
>
> must fail for the entire range (due to the single netlink request). But:
>
>     bridge vlan add dev port0 vid 2 master
>
> will silently fallback to software VLAN (assuming that the driver
> correctly returned -EOPNOTSUPP in the prepare phase). In other words, no
> changes has been committed to the hardware.

I see your concern now, I think.  net/bridge/br_netlink.c:br_afspec()
does the range loop but doesn't rewind if something goes wrong with
one of the vlans in the range.  The call into switchdev is
one-at-a-time at that point.  If br_afspec() handled the rewind, would
this address your concern?  We can keep the range support in the
switchdev vlan obj, so 'self' can use it.

-scott
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ