lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d3175821-1d1a-4ca3-b9ba-5e33eac08da2@lunn.ch>
Date: Wed, 5 Mar 2025 19:01:46 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Joseph Huang <joseph.huang.2024@...il.com>
Cc: Joseph Huang <Joseph.Huang@...min.com>, netdev@...r.kernel.org,
	Vladimir Oltean <olteanv@...il.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Guenter Roeck <linux@...ck-us.net>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net: dsa: mv88e6xxx: Verify after ATU Load ops

On Wed, Mar 05, 2025 at 12:44:54PM -0500, Joseph Huang wrote:
> On 3/5/2025 10:14 AM, Andrew Lunn wrote:
> > On Tue, Mar 04, 2025 at 06:53:51PM -0500, Joseph Huang wrote:
> > > ATU Load operations could fail silently if there's not enough space
> > > on the device to hold the new entry.
> > > 
> > > Do a Read-After-Write verification after each fdb/mdb add operation
> > > to make sure that the operation was really successful, and return
> > > -ENOSPC otherwise.
> > 
> > Please could you add a description of what the user sees when the ATU
> > is full. What makes this a bug which needs fixing? I would of thought
> > at least for unicast addresses, the switch has no entry for the
> > destination, so sends the packet to the CPU. The CPU will then
> > software bridge it out the correct port. Reporting ENOSPC will not
> > change that.
> 
> Hi Andrew,
> 
> What the user will see when the ATU table is full depends on the unknown
> flood setting. If a user has unknown multicast flood disabled, what the user
> will see is that multicast packets are dropped when the ATU table is full.
> In other words, IGMP snooping is broken when the ATU Load operation fails
> silently.

Please add this to the commit message. This describes the real problem
being fixed, which is what somebody reading the commit message wants
to know.

   Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ