lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20181220.162127.1745868597034213178.davem@davemloft.net>
Date:   Thu, 20 Dec 2018 16:21:27 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     Tristram.Ha@...rochip.com
Cc:     sergio.paracuellos@...il.com, andrew@...n.ch, f.fainelli@...il.com,
        marex@...x.de, pavel@....cz, dan.carpenter@...cle.com,
        vivien.didelot@...oirfairelinux.com, UNGLinuxDriver@...rochip.com,
        netdev@...r.kernel.org
Subject: Re: [PATCH v1 net] net: dsa: microchip: fix unicast frame leak

From: <Tristram.Ha@...rochip.com>
Date: Wed, 19 Dec 2018 18:59:31 -0800

> From: Tristram Ha <Tristram.Ha@...rochip.com>
> 
> Port partitioning is done by enabling UNICAST_VLAN_BOUNDARY and changing
> the default port membership of 0x7f to other values such that there is
> no communication between ports.  In KSZ9477 the member for port 1 is
> 0x41; port 2, 0x42; port 3, 0x44; port 4, 0x48; port 5, 0x50; and port 7,
> 0x60.  Port 6 is the host port.
> 
> Setting a zero value can be used to stop port from receiving.
> 
> However, when UNICAST_VLAN_BOUNDARY is disabled and the unicast addresses
> are already learned in the dynamic MAC table, setting zero still allows
> devices connected to those ports to communicate.  This does not apply to
> multicast and broadcast addresses though.  To prevent these leaks and
> make the function of port membership consistent UNICAST_VLAN_BOUNDARY
> should never be disabled.
> 
> Note that UNICAST_VLAN_BOUNDARY is enabled by default in KSZ9477.
> 
> Fixes: b987e98e50ab90e5 ("dsa: add DSA switch driver for Microchip KSZ9477")
> Signed-off-by: Tristram Ha <Tristram.Ha@...rochip.com>
> ---
> v1
> - Fix only UNICAST_VLAN_BOUNDARY issue
> - Describe what UNICAST_VLAN_BOUNDARY does
> 
>  drivers/net/dsa/microchip/ksz9477.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)

This file only exists in net-next, so that's where I have applied this.

The commit in the Fixes tag is from much earlier than what is in 'net'
which seems to suggest that code has been moved around and we need
another version of this fix for 'net' and optionally -stable.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ