| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Mar 2019 20:42:23 +0300
From: Vladimir Oltean <olteanv@...il.com>
To: f.fainelli@...il.com, vivien.didelot@...il.com, andrew@...n.ch,
davem@...emloft.net
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
linus.walleij@...aro.org, georg.waibel@...sor-technik.de,
Vladimir Oltean <olteanv@...il.com>
Subject: [PATCH net-next 08/17] net: dsa: Be aware of switches where VLAN filtering is a global setting
On some switches, the action of whether to parse VLAN frame headers and use
that information for ingress admission is configurable, but not per
port. Such is the case for the Broadcom BCM53xx and the NXP SJA1105
families, for example. In that case, DSA can prevent the bridge core
from trying to apply different VLAN filtering settings on net devices
that belong to the same switch.
Signed-off-by: Vladimir Oltean <olteanv@...il.com>
Suggested-by: Florian Fainelli <f.fainelli@...il.com>
---
include/net/dsa.h | 5 +++++
net/dsa/port.c | 34 ++++++++++++++++++++++++++++++++++
net/dsa/switch.c | 1 +
3 files changed, 40 insertions(+)
diff --git a/include/net/dsa.h b/include/net/dsa.h
index b22c350c40f0..91375bcf2cfb 100644
--- a/include/net/dsa.h
+++ b/include/net/dsa.h
@@ -209,6 +209,11 @@ struct dsa_switch {
/* Number of switch port queues */
unsigned int num_tx_queues;
+ /* Disallow bridge core from requesting different VLAN awareness
+ * settings on ports if not hardware-supported
+ */
+ bool vlan_filtering_is_global;
+
unsigned long *bitmap;
unsigned long _bitmap;
diff --git a/net/dsa/port.c b/net/dsa/port.c
index 10065a622ada..d04e7c4f5efe 100644
--- a/net/dsa/port.c
+++ b/net/dsa/port.c
@@ -154,6 +154,37 @@ void dsa_port_bridge_leave(struct dsa_port *dp, struct net_device *br)
dsa_port_set_state_now(dp, BR_STATE_FORWARDING);
}
+static bool dsa_port_can_apply_vlan_filtering(struct dsa_port *dp,
+ bool vlan_filtering)
+{
+ struct dsa_switch *ds = dp->ds;
+ int i;
+
+ if (!ds->vlan_filtering_is_global)
+ return true;
+
+ /* For cases where enabling/disabling VLAN awareness is global to the
+ * switch, we need to handle the case where multiple bridges span
+ * different ports of the same switch device and one of them has a
+ * different setting than what is being requested.
+ */
+ for (i = 0; i < ds->num_ports; i++) {
+ struct net_device *other_bridge;
+
+ other_bridge = dsa_to_port(ds, i)->bridge_dev;
+ if (!other_bridge)
+ continue;
+ /* If it's the same bridge, it also has same
+ * vlan_filtering setting => no need to check
+ */
+ if (other_bridge == dp->bridge_dev)
+ continue;
+ if (br_vlan_enabled(other_bridge) != vlan_filtering)
+ return false;
+ }
+ return true;
+}
+
int dsa_port_vlan_filtering(struct dsa_port *dp, bool vlan_filtering,
struct switchdev_trans *trans)
{
@@ -165,6 +196,9 @@ int dsa_port_vlan_filtering(struct dsa_port *dp, bool vlan_filtering,
return 0;
if (ds->ops->port_vlan_filtering) {
+ if (!dsa_port_can_apply_vlan_filtering(dp, vlan_filtering))
+ return -EINVAL;
+
err = ds->ops->port_vlan_filtering(ds, dp->index,
vlan_filtering);
if (err)
diff --git a/net/dsa/switch.c b/net/dsa/switch.c
index fde4e9195709..03b8d8928651 100644
--- a/net/dsa/switch.c
+++ b/net/dsa/switch.c
@@ -10,6 +10,7 @@
* (at your option) any later version.
*/
+#include <linux/if_bridge.h>
#include <linux/netdevice.h>
#include <linux/notifier.h>
#include <linux/if_vlan.h>
--
2.17.1
Powered by blists - more mailing lists