lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOiHx=mkuvuJOBFjmDRMAeSFByW=AZ=RTTOG6poEu53XGkWHbw@mail.gmail.com>
Date: Thu, 24 Apr 2025 11:50:05 +0200
From: Jonas Gorski <jonas.gorski@...il.com>
To: Paolo Abeni <pabeni@...hat.com>
Cc: Andrew Lunn <andrew@...n.ch>, Vladimir Oltean <olteanv@...il.com>, 
	"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Simon Horman <horms@...nel.org>, 
	Florian Fainelli <f.fainelli@...il.com>, Vladimir Oltean <vladimir.oltean@....com>, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net: dsa: fix VLAN 0 filter imbalance when toggling filtering

Hi,

On Thu, Apr 24, 2025 at 11:15 AM Paolo Abeni <pabeni@...hat.com> wrote:
>
>
>
> On 4/22/25 8:49 PM, Jonas Gorski wrote:
> > When a net device has NETIF_F_HW_VLAN_CTAG_FILTER set, the 8021q code
> > will add VLAN 0 when enabling the device, and remove it on disabling it
> > again.
> >
> > But since we are changing NETIF_F_HW_VLAN_CTAG_FILTER during runtime in
> > dsa_user_manage_vlan_filtering(), user ports that are already enabled
> > may end up with no VLAN 0 configured, or VLAN 0 left configured.
>
> Why this is a problem specifically for dsa and not a generic one? others
> devices allow flipping the NETIF_F_HW_VLAN_CTAG_FILTER feature at runtime.
>
> AFAICS dsa_user_manage_vlan_filtering() is currently missing a call to
> netdev_update_features(), why is that not sufficient nor necessary?

Good point, I missed that (looked for something like this, but
obviously didn't look hard enough). But checking the flow of it in the
kernel ...

netdev_update_features() for NETIF_F_HW_VLAN_CTAG_FILTER triggers a
NETDEV_CVLAN_FILTER_PUSH_INFO notification, which would then trigger
vlan_filter_push_vids(), which then calls vlan_add_rx_filter_info()
for all configured vlans.

This is more or less identical to what dsa does with its
vlan_for_each(user, dsa_user_restore_vlan, user); call.

And AFAICT it also has the same issue I am trying to fix here, that it
does not install a VLAN 0 filter for devices that are already up,
which it would have if the device had NETIF_F_HW_VLAN_CTAG_FILTER set
when was the device was enabled (and vice versa on on down/remove).

So I guess the course of action for a V2 is fixing this in the core
vlan code and make vlan_filter_push_vids() / vlan_filter_drop_vids()
take care of the VLAN 0 filter as well, and then make dsa use
netdev_update_features() to simplify the code as well.

Does that sound reasonable?

Best Regards,
Jonas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ