| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Aug 2022 12:23:30 +0200
From: netdev@...io-technology.com
To: Ido Schimmel <idosch@...dia.com>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
Florian Fainelli <f.fainelli@...il.com>,
Andrew Lunn <andrew@...n.ch>,
Vivien Didelot <vivien.didelot@...il.com>,
Vladimir Oltean <olteanv@...il.com>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Kurt Kanzenbach <kurt@...utronix.de>,
Hauke Mehrtens <hauke@...ke-m.de>,
Woojung Huh <woojung.huh@...rochip.com>,
UNGLinuxDriver@...rochip.com, Sean Wang <sean.wang@...iatek.com>,
Landen Chao <Landen.Chao@...iatek.com>,
DENG Qingfang <dqfext@...il.com>,
Matthias Brugger <matthias.bgg@...il.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
Jiri Pirko <jiri@...nulli.us>,
Ivan Vecera <ivecera@...hat.com>,
Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Shuah Khan <shuah@...nel.org>,
Christian Marangi <ansuelsmth@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
Yuwei Wang <wangyuweihx@...il.com>,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-mediatek@...ts.infradead.org,
bridge@...ts.linux-foundation.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v5 net-next 1/6] net: bridge: add locked entry fdb flag to
extend locked port feature
On 2022-08-27 17:19, Ido Schimmel wrote:
> On Fri, Aug 26, 2022 at 01:45:33PM +0200, Hans Schultz wrote:
>>
>> nbp_switchdev_frame_mark(p, skb);
>> @@ -943,6 +946,10 @@ static int br_setport(struct net_bridge_port *p,
>> struct nlattr *tb[],
>> br_set_port_flag(p, tb, IFLA_BRPORT_NEIGH_SUPPRESS,
>> BR_NEIGH_SUPPRESS);
>> br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED);
>> br_set_port_flag(p, tb, IFLA_BRPORT_LOCKED, BR_PORT_LOCKED);
>> + br_set_port_flag(p, tb, IFLA_BRPORT_MAB, BR_PORT_MAB);
>> +
>> + if (!(p->flags & BR_PORT_LOCKED))
>> + p->flags &= ~BR_PORT_MAB;
The reason for this is that I wanted it to be so that if you have MAB
enabled (and locked of course) and unlock the port, it will
automatically clear both flags instead of having to first disable MAB
and then unlock the port.
>
> Any reason not to emit an error if MAB is enabled while the port is
> unlocked? Something like this (untested):
>
> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
> index 5aeb3646e74c..18353a4c29e1 100644
> --- a/net/bridge/br_netlink.c
> +++ b/net/bridge/br_netlink.c
> @@ -944,6 +944,12 @@ static int br_setport(struct net_bridge_port *p,
> struct nlattr *tb[],
> br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED);
> br_set_port_flag(p, tb, IFLA_BRPORT_LOCKED, BR_PORT_LOCKED);
>
> + if (!(p->flags & BR_PORT_LOCKED) && (p->flags & BR_PORT_MAB)) {
> + NL_SET_ERR_MSG(extack, "MAB cannot be enabled when
> port is unlocked");
> + p->flags = old_flags;
> + return -EINVAL;
> + }
> +
> changed_mask = old_flags ^ p->flags;
>
> err = br_switchdev_set_port_flag(p, p->flags, changed_mask,
> extack);
>
Powered by blists - more mailing lists