lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a93ff762-215b-fbc1-9e23-b186421cb176@ti.com>
Date:   Mon, 19 Jun 2023 17:37:16 +0530
From:   Ravi Gunasekaran <r-gunasekaran@...com>
To:     Ido Schimmel <idosch@...dia.com>
CC:     <kuba@...nel.org>, Nikolay Aleksandrov <razor@...ckwall.org>,
        Vladimir Oltean <olteanv@...il.com>, <davem@...emloft.net>,
        <edumazet@...gle.com>, <pabeni@...hat.com>,
        <bigeasy@...utronix.de>, <simon.horman@...igine.com>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <rogerq@...nel.org>
Subject: Re: [PATCH v2 net-next] net: hsr: Disable promiscuous mode in offload
 mode



On 6/19/23 4:44 PM, Ido Schimmel wrote:
> On Thu, Jun 15, 2023 at 10:37:36PM -0700, Jakub Kicinski wrote:
>> On Wed, 14 Jun 2023 17:17:10 +0530 Ravi Gunasekaran wrote:
>>> When port-to-port forwarding for interfaces in HSR node is enabled,
>>> disable promiscuous mode since L2 frame forward happens at the
>>> offloaded hardware.
> 
> It's not clear to me why you want to disable promiscuous mode. I'm not
> familiar with HSR, but I assume you want the hardware to forward all the
> packets between the two ports and not only specific DMACs.
> 
> How does the underlying device implement "promiscuous mode" that you
> benefit from disabling it?

While creating an HSR interface using two slave nodes, the promiscuous mode
is set via dev_set_promiscuity() in hsr_portdev_setup() for both the ports.
And then in the HSR driver, a packet is forwarded to the other
slave port (physical port) and also the HSR master if it is intended for it.

Before forwarding, a check is done in 

static void hsr_forward_do(struct hsr_frame_info *frame)
{
...

if (hsr->proto_ops->drop_frame &&                                                       
    hsr->proto_ops->drop_frame(frame, port))               
         continue;     

...
}

And the drop_frame callback is as below

bool hsr_drop_frame(struct hsr_frame_info *frame, struct hsr_port *port)                                
{                                                                       
        if (port->dev->features & NETIF_F_HW_HSR_FWD)                   
                return prp_drop_frame(frame, port);                     
                                                                        
        return false;                                                      
}  


The driver drops these packets and does not forward to any port at all.
But since promiscuous mode is enabled, CPU cycles are consumed. So benefit
of disabling promiscuous mode is saving CPU cycles.

So in this patch, I check for NETIF_F_HW_HSR_FWD and then take a
call to enable/disable the promiscuous mode during HSR interface creation.


> 
> Thanks
> 
>>>
>>> Signed-off-by: Ravi Gunasekaran <r-gunasekaran@...com>
>>> Reviewed-by: Simon Horman <simon.horman@...igine.com>
>>
>> Bridge folks any thoughts on this? Is this the behavior bridge has 
>> and if not should we try to align the two?
>>
>>> Changes from v1:
>>> ===============
>>> * Changed the data type of "fwd_offloaded" from "unsigned int" to "bool"
>>>   and moved it below "net_id" struct member as per Paolo's comment.
>>> * Collected Reviewed-by tag from v1 patch.
>>>
>>> v1: https://lore.kernel.org/all/20230612093933.13267-1-r-gunasekaran@ti.com/
>>>
>>>  net/hsr/hsr_device.c |  5 +++++
>>>  net/hsr/hsr_main.h   |  1 +
>>>  net/hsr/hsr_slave.c  | 15 +++++++++++----
>>>  3 files changed, 17 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
>>> index 5a236aae2366..306f942c3b28 100644
>>> --- a/net/hsr/hsr_device.c
>>> +++ b/net/hsr/hsr_device.c
>>> @@ -531,6 +531,11 @@ int hsr_dev_finalize(struct net_device *hsr_dev, struct net_device *slave[2],
>>>  	if (res)
>>>  		goto err_add_master;
>>>  
>>> +	/* HSR forwarding offload supported in lower device? */
>>> +	if ((slave[0]->features & NETIF_F_HW_HSR_FWD) &&
>>> +	    (slave[1]->features & NETIF_F_HW_HSR_FWD))
>>> +		hsr->fwd_offloaded = true;
>>> +
>>>  	res = register_netdevice(hsr_dev);
>>>  	if (res)
>>>  		goto err_unregister;
>>> diff --git a/net/hsr/hsr_main.h b/net/hsr/hsr_main.h
>>> index 5584c80a5c79..6851e33df7d1 100644
>>> --- a/net/hsr/hsr_main.h
>>> +++ b/net/hsr/hsr_main.h
>>> @@ -208,6 +208,7 @@ struct hsr_priv {
>>>  	u8 net_id;		/* for PRP, it occupies most significant 3 bits
>>>  				 * of lan_id
>>>  				 */
>>> +	bool fwd_offloaded;	/* Forwarding offloaded to HW */
>>>  	unsigned char		sup_multicast_addr[ETH_ALEN] __aligned(sizeof(u16));
>>>  				/* Align to u16 boundary to avoid unaligned access
>>>  				 * in ether_addr_equal
>>> diff --git a/net/hsr/hsr_slave.c b/net/hsr/hsr_slave.c
>>> index b70e6bbf6021..e5742f2a2d52 100644
>>> --- a/net/hsr/hsr_slave.c
>>> +++ b/net/hsr/hsr_slave.c
>>> @@ -131,9 +131,14 @@ static int hsr_portdev_setup(struct hsr_priv *hsr, struct net_device *dev,
>>>  	struct hsr_port *master;
>>>  	int res;
>>>  
>>> -	res = dev_set_promiscuity(dev, 1);
>>> -	if (res)
>>> -		return res;
>>> +	/* Don't use promiscuous mode for offload since L2 frame forward
>>> +	 * happens at the offloaded hardware.
>>> +	 */
>>> +	if (!port->hsr->fwd_offloaded) {
>>> +		res = dev_set_promiscuity(dev, 1);
>>> +		if (res)
>>> +			return res;
>>> +	}
>>>  
>>>  	master = hsr_port_get_hsr(hsr, HSR_PT_MASTER);
>>>  	hsr_dev = master->dev;
>>> @@ -152,7 +157,9 @@ static int hsr_portdev_setup(struct hsr_priv *hsr, struct net_device *dev,
>>>  fail_rx_handler:
>>>  	netdev_upper_dev_unlink(dev, hsr_dev);
>>>  fail_upper_dev_link:
>>> -	dev_set_promiscuity(dev, -1);
>>> +	if (!port->hsr->fwd_offloaded)
>>> +		dev_set_promiscuity(dev, -1);
>>> +
>>>  	return res;
>>>  }
>>>  
>>

-- 
Regards,
Ravi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ