lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200810210108.ystlnglj4atyfrfh@skbuf>
Date:   Tue, 11 Aug 2020 00:01:08 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     Sasha Levin <sashal@...nel.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Vladimir Oltean <vladimir.oltean@....com>,
        "David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH AUTOSEL 5.7 03/60] net: mscc: ocelot: fix encoding
 destination ports into multicast IPv4 address

Hi Sasha,

On Mon, Aug 10, 2020 at 03:09:31PM -0400, Sasha Levin wrote:
> From: Vladimir Oltean <vladimir.oltean@....com>
> 
> [ Upstream commit 0897ecf7532577bda3dbcb043ce046a96948889d ]
> 
> The ocelot hardware designers have made some hacks to support multicast
> IPv4 and IPv6 addresses. Normally, the MAC table matches on MAC
> addresses and the destination ports are selected through the DEST_IDX
> field of the respective MAC table entry. The DEST_IDX points to a Port
> Group ID (PGID) which contains the bit mask of ports that frames should
> be forwarded to. But there aren't a lot of PGIDs (only 80 or so) and
> there are clearly many more IP multicast addresses than that, so it
> doesn't scale to use this PGID mechanism, so something else was done.
> Since the first portion of the MAC address is known, the hack they did
> was to use a single PGID for _flooding_ unknown IPv4 multicast
> (PGID_MCIPV4 == 62), but for known IP multicast, embed the destination
> ports into the first 3 bytes of the MAC address recorded in the MAC
> table.
> 
> The VSC7514 datasheet explains it like this:
> 
>     3.9.1.5 IPv4 Multicast Entries
> 
>     MAC table entries with the ENTRY_TYPE = 2 settings are interpreted
>     as IPv4 multicast entries.
>     IPv4 multicasts entries match IPv4 frames, which are classified to
>     the specified VID, and which have DMAC = 0x01005Exxxxxx, where
>     xxxxxx is the lower 24 bits of the MAC address in the entry.
>     Instead of a lookup in the destination mask table (PGID), the
>     destination set is programmed as part of the entry MAC address. This
>     is shown in the following table.
> 
>     Table 78: IPv4 Multicast Destination Mask
> 
>         Destination Ports            Record Bit Field
>         ---------------------------------------------
>         Ports 10-0                   MAC[34-24]
> 
>     Example: All IPv4 multicast frames in VLAN 12 with MAC 01005E112233 are
>     to be forwarded to ports 3, 8, and 9. This is done by inserting the
>     following entry in the MAC table entry:
>     VALID = 1
>     VID = 12
>     MAC = 0x000308112233
>     ENTRY_TYPE = 2
>     DEST_IDX = 0
> 
> But this procedure is not at all what's going on in the driver. In fact,
> the code that embeds the ports into the MAC address looks like it hasn't
> actually been tested. This patch applies the procedure described in the
> datasheet.
> 
> Since there are many other fixes to be made around multicast forwarding
> until it works properly, there is no real reason for this patch to be
> backported to stable trees, or considered a real fix of something that
> should have worked.
> 
> Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---

Could you please drop this patch from the 'stable' queues for 5.7 and
5.8? I haven't tested it on older kernels and without the other patches
sent in that series. I would like to avoid unexpected regressions if
possible.

Thanks,
-Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ