lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 6 Dec 2017 14:56:19 +0100
From:   Andrew Lunn <andrew@...n.ch>
To:     Tristram.Ha@...rochip.com
Cc:     f.fainelli@...il.com, netdev@...r.kernel.org,
        UNGLinuxDriver@...rochip.com
Subject: Re: dsa: dsa_slave_port_obj_del calls multiple times with
 SWITCHDEV_OBJ_ID_HOST_MDB obj id

On Wed, Dec 06, 2017 at 02:33:07AM +0000, Tristram.Ha@...rochip.com wrote:
> I found the latest net-next kernel calls dsa_slave_port_obj_del() multiple times,
> one for each port, with host port as the parameter.

Hi Tristram

SWITCHDEV_OBJ_ID_HOST_MDB is used, when there is a join/leave on the
bridge interface. It happens for each interface in the bridge, and it
means, packets which match the group that ingress on that interface
should be forwarded to the CPU.

> As the base driver cannot find an entry with that host port, it returns an error
> and so users will see a lot of failures from the DSA switch.

You have a few options:

1) Just forward all multicast traffic to the cpu, and ignore
   SWITCHDEV_OBJ_ID_HOST_MDB.

2) Implement SWITCHDEV_OBJ_ID_HOST_MDB so you setup your tables to
   just forward the requested multicast to the cpu.

3) You can also forward a bit too much, e.g. if you cannot set filters
   per ingress port, just send all the traffic for the group from any
   port.


The bridge will discard whatever it does not need. 

> Is this a new behavior and the driver needs to handle that?  In previous versions
> I do not think I saw that.

SWITCHDEV_OBJ_ID_HOST_MDB is new. However, dsa_slave_port_obj_del()
can be called for all sorts of objects, and you should only be
reacting on those your support. So adding a new object should not of
changed anything.

> Typical operation is a PC connected to a port in a switch wants to send multicast
> packets.  It broadcasts an IGMP membership join message.  Function
> dsa_slave_port_obj_add is called to setup an entry in the lookup table.  When
> IGMP membership leave message is received dsa_slave_port_obj_del will be
> called after a delay.  But then it is called for each port with host port as the
> parameter.

Correct. switchdev is a generic API. It also needs to work for Top of
Rack switches, which generally have a match/action architecture. I can
imagine that this match/action happens per port, so we need to call
switchdev per port. However, switches supported by DSA tend to have
central management of all ports, so one call would be sufficient. With
a DSA driver, you just need to expect redundant calls, and do the
right thing.

      Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ