| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2015 21:02:14 -0400 (EDT) From: Vivien Didelot <vivien.didelot@...oirfairelinux.com> To: Scott Feldman <sfeldma@...il.com> Cc: David <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Jiří Pírko <jiri@...nulli.us>, Florian Fainelli <f.fainelli@...il.com>, linux-kernel <linux-kernel@...r.kernel.org>, kernel <kernel@...oirfairelinux.com> Subject: Re: [PATCH] net: switchdev: restrict vid range abstraction Hi Scott, On Jul 29, 2015, at 5:17 PM, Scott Feldman sfeldma@...il.com wrote: > On Wed, Jul 29, 2015 at 12:14 PM, Vivien Didelot > <vivien.didelot@...oirfairelinux.com> wrote: >> Hi Scott, David, >> >> On Jul 29, 2015, at 2:28 PM, David davem@...emloft.net wrote: >> >>> From: Scott Feldman <sfeldma@...il.com> >>> Date: Wed, 29 Jul 2015 00:31:44 -0700 >>> >>>> Since the netlink request (for example vlan add) includes the range, >>>> I'm not seeing how we can response with success for the satisfied >>>> vlans in the range, and also respond with an error for the unsatisfied >>>> vlans in the range. In other words, from the netlink msgs >>>> perspective, we need to treat a vlan range as all-or-nothing. So in >>>> your example, if hw can't add vlan 2, we fail the entire request to >>>> add range 2-5. This is where the prepare phase checks to make sure >>>> the entire request can be satisfied before committing to hw. >> >> I made this change in order to start restricting the bridge abstraction >> to switchdev, since IMHO its info flags do not add much value to the >> switch chip drivers perspective. >> >> While a range might be convenient to a user, exposing it to drivers is >> likely to end up writing the same vid_begin to vid_end for loop. >> >>> This was my concern with the change as well. >>> >>> The user asked for the range to be installed, so if any portion >>> of it cannot be done we must not make any changes to the HW >>> configuration and fail the entire request. >> >> I understand the concern with the netlink request. >> >> However, this can be confusing to someone. With the previous example: >> >> bridge vlan add dev port0 vid 2-5 master >> >> must fail for the entire range (due to the single netlink request). But: >> >> bridge vlan add dev port0 vid 2 master >> >> will silently fallback to software VLAN (assuming that the driver >> correctly returned -EOPNOTSUPP in the prepare phase). In other words, no >> changes has been committed to the hardware. > > I see your concern now, I think. net/bridge/br_netlink.c:br_afspec() > does the range loop but doesn't rewind if something goes wrong with > one of the vlans in the range. The call into switchdev is > one-at-a-time at that point. If br_afspec() handled the rewind, would > this address your concern? We can keep the range support in the > switchdev vlan obj, so 'self' can use it. I am not sure is the rewind is needed. My concern was trying to handle the fallback to software VLAN for a single VID within a range, so that we can free a switch chip driver for this bridge-specific notion. But because of the single netlink request, it seems not possible. At which level does this fallback happen exactly? Thanks, -v -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists