lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 11 Mar 2021 02:25:49 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Horatiu Vultur <horatiu.vultur@...rochip.com>
Cc:     davem@...emloft.net, kuba@...nel.org, vladimir.oltean@....com,
        claudiu.manoil@....com, alexandre.belloni@...tlin.com,
        UNGLinuxDriver@...rochip.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] net: ocelot: Extend MRP

On Wed, Mar 10, 2021 at 09:51:40PM +0100, Horatiu Vultur wrote:
> This patch extends MRP support for Ocelot.  It allows to have multiple
> rings and when the node has the MRC role it forwards MRP Test frames in
> HW. For MRM there is no change.
> 
> Signed-off-by: Horatiu Vultur <horatiu.vultur@...rochip.com>
> ---
>  drivers/net/ethernet/mscc/ocelot.c     |   6 -
>  drivers/net/ethernet/mscc/ocelot_mrp.c | 229 +++++++++++++++++--------
>  include/soc/mscc/ocelot.h              |  10 +-
>  3 files changed, 158 insertions(+), 87 deletions(-)
> 
> diff --git a/drivers/net/ethernet/mscc/ocelot.c b/drivers/net/ethernet/mscc/ocelot.c
> index 46e5c9136bac..9b79363db17f 100644
> --- a/drivers/net/ethernet/mscc/ocelot.c
> +++ b/drivers/net/ethernet/mscc/ocelot.c
> @@ -772,12 +772,6 @@ int ocelot_xtr_poll_frame(struct ocelot *ocelot, int grp, struct sk_buff **nskb)
>  
>  	skb->protocol = eth_type_trans(skb, dev);
>  
> -#if IS_ENABLED(CONFIG_BRIDGE_MRP)
> -	if (skb->protocol == cpu_to_be16(ETH_P_MRP) &&
> -	    cpuq & BIT(OCELOT_MRP_CPUQ))
> -		skb->offload_fwd_mark = 0;
> -#endif
> -

I suppose net/dsa/tag_ocelot.c doesn't need it any longer either?

>  	*nskb = skb;
>  
>  	return 0;
> diff --git a/drivers/net/ethernet/mscc/ocelot_mrp.c b/drivers/net/ethernet/mscc/ocelot_mrp.c
> index 683da320bfd8..86b36e5d2279 100644
> --- a/drivers/net/ethernet/mscc/ocelot_mrp.c
> +++ b/drivers/net/ethernet/mscc/ocelot_mrp.c
> @@ -1,8 +1,5 @@
>  // SPDX-License-Identifier: (GPL-2.0 OR MIT)
>  /* Microsemi Ocelot Switch driver
> - *
> - * This contains glue logic between the switchdev driver operations and the
> - * mscc_ocelot_switch_lib.
>   *
>   * Copyright (c) 2017, 2019 Microsemi Corporation
>   * Copyright 2020-2021 NXP Semiconductors
> @@ -15,13 +12,33 @@
>  #include "ocelot.h"
>  #include "ocelot_vcap.h"
>  
> -static int ocelot_mrp_del_vcap(struct ocelot *ocelot, int port)
> +static const u8 mrp_test_dmac[] = {0x01, 0x15, 0x4e, 0x00, 0x00, 0x01 };
> +static const u8 mrp_control_dmac[] = {0x01, 0x15, 0x4e, 0x00, 0x00, 0x02 };
> +
> +static int ocelot_mrp_find_port(struct ocelot *ocelot, struct ocelot_port *p)

Could this be named:
struct ocelot_port *ocelot_find_mrp_partner_port(struct ocelot_port *ocelot_port)

and return NULL instead of zero on "not found"? Zero is a perfectly
valid port number, definitely not what you want.

> +{
> +	int i;
> +
> +	for (i = 0; i < ocelot->num_phys_ports; ++i) {
> +		struct ocelot_port *ocelot_port = ocelot->ports[i];
> +
> +		if (!ocelot_port || p == ocelot_port)
> +			continue;
> +
> +		if (ocelot_port->mrp_ring_id == p->mrp_ring_id)
> +			return i;
> +	}
> +
> +	return 0;
> +}
> +
> +static int ocelot_mrp_del_vcap(struct ocelot *ocelot, int id)
>  {
>  	struct ocelot_vcap_block *block_vcap_is2;
>  	struct ocelot_vcap_filter *filter;
>  
>  	block_vcap_is2 = &ocelot->block[VCAP_IS2];
> -	filter = ocelot_vcap_block_find_filter_by_id(block_vcap_is2, port,
> +	filter = ocelot_vcap_block_find_filter_by_id(block_vcap_is2, id,
>  						     false);
>  	if (!filter)
>  		return 0;
> @@ -29,6 +46,87 @@ static int ocelot_mrp_del_vcap(struct ocelot *ocelot, int port)
>  	return ocelot_vcap_filter_del(ocelot, filter);
>  }
>  
> +static int ocelot_mrp_redirect_add_vcap(struct ocelot *ocelot, int src_port,
> +					int dst_port)
> +{
> +	const u8 mrp_test_mask[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff };

OCD, but could you add a space between the opening bracket and the first
0xff? There's one more place where that should be done.

> +	struct ocelot_vcap_filter *filter;
> +	int err;
> +
> +	filter = kzalloc(sizeof(*filter), GFP_ATOMIC);
> +	if (!filter)
> +		return -ENOMEM;

Why atomic? Isn't SWITCHDEV_OBJ_ID_RING_ROLE_MRP put on the blocking
notifier call chain?

> +
> +	filter->key_type = OCELOT_VCAP_KEY_ETYPE;
> +	filter->prio = 1;
> +	filter->id.cookie = src_port;
> +	filter->id.tc_offload = false;
> +	filter->block_id = VCAP_IS2;
> +	filter->type = OCELOT_VCAP_FILTER_OFFLOAD;
> +	filter->ingress_port_mask = BIT(src_port);
> +	ether_addr_copy(filter->key.etype.dmac.value, mrp_test_dmac);
> +	ether_addr_copy(filter->key.etype.dmac.mask, mrp_test_mask);
> +	filter->action.mask_mode = OCELOT_MASK_MODE_REDIRECT;
> +	filter->action.port_mask = BIT(dst_port);
> +
> +	err = ocelot_vcap_filter_add(ocelot, filter, NULL);
> +	if (err)
> +		kfree(filter);
> +
> +	return err;
> +}
> +
> +static int ocelot_mrp_copy_add_vcap(struct ocelot *ocelot, int port,
> +				    int prio, int cookie)

"cookie" should be unsigned long I think?

> +{
> +	const u8 mrp_mask[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0x00 };
> +	struct ocelot_vcap_filter *filter;
> +	int err;
> +
> +	filter = kzalloc(sizeof(*filter), GFP_ATOMIC);
> +	if (!filter)
> +		return -ENOMEM;
> +
> +	filter->key_type = OCELOT_VCAP_KEY_ETYPE;
> +	filter->prio = prio;
> +	filter->id.cookie = cookie;
> +	filter->id.tc_offload = false;
> +	filter->block_id = VCAP_IS2;
> +	filter->type = OCELOT_VCAP_FILTER_OFFLOAD;
> +	filter->ingress_port_mask = BIT(port);
> +	/* Here is possible to use control or test dmac because the mask
> +	 * doesn't cover the LSB
> +	 */
> +	ether_addr_copy(filter->key.etype.dmac.value, mrp_test_dmac);
> +	ether_addr_copy(filter->key.etype.dmac.mask, mrp_mask);
> +	filter->action.mask_mode = OCELOT_MASK_MODE_PERMIT_DENY;
> +	filter->action.port_mask = 0x0;
> +	filter->action.cpu_copy_ena = true;
> +	filter->action.cpu_qu_num = OCELOT_MRP_CPUQ;
> +
> +	err = ocelot_vcap_filter_add(ocelot, filter, NULL);
> +	if (err)
> +		kfree(filter);
> +
> +	return err;
> +}
> +
> +static void ocelot_mrp_save_mac(struct ocelot *ocelot,
> +				struct ocelot_port *port)
> +{
> +	ocelot_mact_learn(ocelot, PGID_MRP, mrp_test_dmac,
> +			  port->pvid_vlan.vid, ENTRYTYPE_LOCKED);
> +	ocelot_mact_learn(ocelot, PGID_MRP, mrp_control_dmac,
> +			  port->pvid_vlan.vid, ENTRYTYPE_LOCKED);

Let me make sure I understand.
By learning these multicast addresses, you mark them as 'not unknown' in
the MAC table, because otherwise they will be flooded, including to the
CPU port module, and there's no way you can remove the CPU from the
flood mask, even if the packets get later redirected through VCAP IS2?
I mean that's the reason why we have the policer on the CPU port for the
drop action in ocelot_vcap_init, no?

> diff --git a/include/soc/mscc/ocelot.h b/include/soc/mscc/ocelot.h
> index 425ff29d9389..c41696d2e82b 100644
> --- a/include/soc/mscc/ocelot.h
> +++ b/include/soc/mscc/ocelot.h
> @@ -51,6 +51,7 @@
>   */
>  
>  /* Reserve some destination PGIDs at the end of the range:
> + * PGID_MRP: used for not flooding MRP frames to CPU

Could this be named PGID_BLACKHOLE or something? It isn't specific to
MRP if I understand correctly. We should also probably initialize it
with zero.

>   * PGID_CPU: used for whitelisting certain MAC addresses, such as the addresses
>   *           of the switch port net devices, towards the CPU port module.
>   * PGID_UC: the flooding destinations for unknown unicast traffic.
> @@ -59,6 +60,7 @@
>   * PGID_MCIPV6: the flooding destinations for IPv6 multicast traffic.
>   * PGID_BC: the flooding destinations for broadcast traffic.
>   */
> +#define PGID_MRP			57
>  #define PGID_CPU			58
>  #define PGID_UC				59
>  #define PGID_MC				60
> @@ -611,6 +613,8 @@ struct ocelot_port {
>  
>  	struct net_device		*bond;
>  	bool				lag_tx_active;
> +
> +	u16				mrp_ring_id;
>  };
>  
>  struct ocelot {
> @@ -679,12 +683,6 @@ struct ocelot {
>  	/* Protects the PTP clock */
>  	spinlock_t			ptp_clock_lock;
>  	struct ptp_pin_desc		ptp_pins[OCELOT_PTP_PINS_NUM];
> -
> -#if IS_ENABLED(CONFIG_BRIDGE_MRP)
> -	u16				mrp_ring_id;
> -	struct net_device		*mrp_p_port;
> -	struct net_device		*mrp_s_port;
> -#endif
>  };
>  
>  struct ocelot_policer {
> -- 
> 2.30.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ