lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 9 Mar 2018 15:39:57 +0200
From:   Ido Schimmel <idosch@...lanox.com>
To:     netdev@...r.kernel.org, davem@...emloft.net, sfr@...b.auug.org.au
Cc:     jiri@...lanox.com, petrm@...lanox.com, mlxsw@...lanox.com
Subject: Re: [PATCH net 2/2] mlxsw: spectrum: Prevent duplicate mirrors

+Stephen

On Fri, Mar 09, 2018 at 03:33:53PM +0200, Ido Schimmel wrote:
> From: Petr Machata <petrm@...lanox.com>
> 
> The Spectrum ASIC doesn't support mirroring more than once from a single
> binding point (which is a port-direction pair). Therefore detect that a
> second binding of a given binding point is attempted.
> 
> To that end, extend struct mlxsw_sp_span_inspected_port to track whether
> a given binding point is bound or not. Extend
> mlxsw_sp_span_entry_port_find() to look for ports based on the full
> unique key: port number, direction, and boundness.
> 
> Besides fixing the overt bug where configured mirrors are not offloaded,
> this also fixes a more subtle bug: mlxsw_sp_span_inspected_port_del()
> just defers to mlxsw_sp_span_entry_bound_port_find(), and that used to
> find the first port with the right number (disregarding the type). Thus
> by adding and removing egress and ingress mirrors in the right order,
> one could trick the system into believing it has no egress mirrors when
> in fact it did have some. That then caused that
> mlxsw_sp_span_port_mtu_update() didn't update mirroring buffer when MTU
> was changed.
> 
> Fixes: 763b4b70afcd ("mlxsw: spectrum: Add support in matchall mirror TC offloading")
> Signed-off-by: Petr Machata <petrm@...lanox.com>
> Signed-off-by: Ido Schimmel <idosch@...lanox.com>

Hi Dave, Stephen,

Please note that this is going to conflict with recent mirroring to GRE
tap work when you merge net into net-next. The resolution is available
here:
git@...hub.com:jpirko/linux_mlxsw.git (branch: linux-next-fix)

Or simply here:
https://github.com/jpirko/linux_mlxsw/commit/8175f7c4736fe9f6a4dac330ee79b45593502a6c

Thanks and sorry about the added work.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ