lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220906100525.mhjomm6f2y4lr3lw@skbuf>
Date:   Tue, 6 Sep 2022 10:05:26 +0000
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     Michael Walle <michael@...le.cc>
CC:     "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Shawn Guo <shawnguo@...nel.org>, Leo Li <leoyang.li@....com>,
        Rob Herring <robh+dt@...nel.org>,
        Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH devicetree] arm64: dts: ls1028a-rdb: add more ethernet
 aliases

On Tue, Sep 06, 2022 at 10:10:50AM +0200, Michael Walle wrote:
> > > with 3 MAC addresses, right?
> > 
> > Which 3 MAC addresses would those be? Not sure I'm following. enetc #0,
> > enetc #1, enetc #2? That could work, multiple DSA user ports can share
> > the same MAC address (inherited from the DSA master or not) and things
> > would work just fine unless you connect them to each other.
> 
> enetc #0, #1 and swp0. As you mentioned, swp1..3 should inherit the
> address from swp0 then if swp0 is added as the first device, right?
> 
> So why would enetc#2 (or #3) need a non-random mac address? I must
> be missing something here.

I didn't say that swp1..3 inherit the MAC address from swp0. I said that
the DSA user ports can inherit the MAC address from the DSA master (eno2
or eno3). See dsa_slave_create():

	if (!is_zero_ether_addr(port->mac)) // device tree
		eth_hw_addr_set(slave_dev, port->mac);
	else
		eth_hw_addr_inherit(slave_dev, master);

The DSA user ports (swp0-swp3) can also share the same MAC address which
is not inherited from the DSA master (eno2), but this can only be
achieved through static configuration (such as manually setting the same
mac-address in the device tree).

> > If eno2/eno3, then a
> > configuration where having MAC addresses on these interfaces is useful
> > to me is running some of the kselftests on the LS1028A-RDB, which does
> > not have enough external enetc ports for 2 loopback pairs, so I do
> > this, thereby having 1 external loopback through a cable, and 1 internal
> > loopback in the SoC:
> > 
> > ./psfp.sh eno0 swp0 swp4 eno2
> > https://github.com/torvalds/linux/blob/master/tools/testing/selftests/drivers/net/ocelot/psfp.sh
> > 
> > Speaking of kselftests, it actually doesn't matter that much what the
> > MAC addresses *are*, since we don't enter any network, just loop back
> > traffic. In fact we have an environment variable STABLE_MAC_ADDRS, which
> > when set, configures the ports to use some predetermined MAC addresses.
> > 
> > There are other configurations where it is useful for eno2 to see DSA
> > untagged traffic. These are downstream 802.1CB (where this hardware can
> > offload redundant streams in the forwarding plane, but not in the
> > termination plane, so we use eno2 as forwarding plane, for termination),
> 
> I'm not that familiar with 802.1CB. Is this MAC address visible outside
> of the switch or can it be a random one?

The MAC address of eno2 is visible outside the switch, onto the network.
Take this 802.1CB ring network for example:
https://github.com/vladimiroltean/isochron/blob/master/frer/8021cb.sh

Every board has 2 redundant ports in the ring, and every board can ping
every other board through the redundant ring, through an IP termination
point (eno2). Except that the switch does not support inserting/stripping
802.1CB redundancy headers for locally terminated traffic, or splitting/
eliminating duplicate streams for locally terminated traffic.

So we configure the switch to consider the internal swp4 as a user port,
and effectively set it up for the forwarding plane, in a bridge with
swp0 and swp1. It's now as if each eno2 used for termination is
connected to a switch that's physically separate from the LS1028A, which
handles the redundant forwarding. Except it's not physically separate,
it's part of the same SoC, and its DSA master is eno3. All in all, it
requires a bit of a split brain syndrome to work with it. This is in
fact one of the key things blocking 802.1CB upstreaming for us, as a
side note - we don't have a very good proposal for modeling a generic
software data path for this.

You can see more details here if you care enough:
https://patchwork.kernel.org/project/netdevbpf/patch/20210928114451.24956-1-xiaoliang.yang_1@nxp.com/

> > DPDK on eno2 (which mainline Linux doesn't care about), and vfio-pci +
> > QEMU, where DSA switch control still belongs to the Linux host, but the
> > guest has 'internet'.
> 
> For me, all of that is kind of a trade off. If you want to use
> virtual interfaces, you might need to borrow a MAC address from
> one of the switch ports (where you have 3 unique addresses left
> if you combine all 4 ports to one bridge).

I didn't say virtual interfaces in this case, I said vfio-pci which is a
way to do PCI direct assignment to a guest OS, which sees the whole
0000:00:00.2 PF corresponding to eno2.

By the way, the internal enetc ports eno2 and eno3 don't have VFs since
SR-IOV is a bit of a complicated topic when DSA-tagged traffic is
expected (you don't want a guest OS to see DSA tags in packets, it
doesn't know what to do with them). But this is one of the main reasons
we have 2 internal ports btw. You configure eno3 as a DSA master, you
leave swp4 as a user port, so now eno2 sees DSA untagged traffic and you
can do direct assignment to whomever.

> > > So uhm, 6 addresses are the maximum?
> > 
> > No, the maximum is given by the number of ports, PFs and VFs. But that's
> > a high number. It's the theoretical maximum. Then there's the practical
> > maximum, which is given by what kind of embedded system is built with
> > it.
> > I think that the more general-purpose the system is, the more garden
> > variety the networking use cases will be. I also think it would be very
> > absurd for everybody to reserve a number of MAC addresses equal to the
> > number of possibilities in which the LS1028A can expose IP termination
> > points, if they're likely to never need them.
> 
> I think we are on the same track here. I was ignoring any VFs for now.
> So I guess, what I'm still missing here is why enet#2 and enet#3 (or
> even swp4 and swp5) would need a non-random MAC address. Except from
> your example above. Considering the usecase where swp0..3 is one bridge
> with eno2 and eno3 being the CPU ports. Then I'd only need a unique
> MAC address for eno0, eno1 and swp0, correct?

Don't say "unique MAC address for swp0", since swp0's MAC address is not
unique, you probably mean to say "a MAC address which will be shared by
swp0-swp3".

I think I've answered why eno2/eno3 could need a stable MAC address -
for the case when they aren't used as DSA masters (through the switch
termination plane) but as interfaces unaware of the switch connected to
them (through the switch forwarding plane).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ