lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  4 May 2020 15:43:23 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     andrew@...n.ch, f.fainelli@...il.com, vivien.didelot@...il.com
Cc:     davem@...emloft.net, jiri@...nulli.us, idosch@...sch.org,
        kuba@...nel.org, netdev@...r.kernel.org,
        nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com,
        georg.waibel@...sor-technik.de, o.rempel@...gutronix.de,
        christian.herber@....com
Subject: [RFC 4/6] net: dsa: tag_8021q: skip disabled ports

From: Vladimir Oltean <vladimir.oltean@....com>

Not only is it not needed to program dsa_8021q VLANs into ports that are
not used, but it also makes validation impossible, given the fact that
port == dsa_upstream_port(ds, port) for a port that is disabled. So when
a user port wants to install its rx_vid into us (we the disabled port),
think that we are in fact the CPU port, so we want the flags to be
egress-tagged (which they aren't). So instead of trying to make
dsa_upstream_port return something more sensible for disabled ports,
skip this nonsense altogether.

Because we didn't have VID validation until now, there's no reason to
treat this patch as a bugfix.

Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
---
 net/dsa/tag_8021q.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/dsa/tag_8021q.c b/net/dsa/tag_8021q.c
index 158584153e15..3958f426d60e 100644
--- a/net/dsa/tag_8021q.c
+++ b/net/dsa/tag_8021q.c
@@ -239,7 +239,7 @@ int dsa_port_setup_8021q_tagging(struct dsa_switch *ds, int port, bool enabled)
 	for (i = 0; i < ds->num_ports; i++) {
 		u16 flags;
 
-		if (i == upstream)
+		if (!dsa_is_user_port(ds, i))
 			continue;
 		else if (i == port)
 			/* The RX VID is pvid on this port */
@@ -302,6 +302,8 @@ int dsa_8021q_vid_validate(struct dsa_switch *ds, int port, u16 vid, u16 flags)
 		return -EPERM;
 
 	for (other_port = 0; other_port < ds->num_ports; other_port++) {
+		if (!dsa_is_user_port(ds, other_port))
+			continue;
 		if (vid == dsa_8021q_rx_vid(ds, other_port)) {
 			rx_vid_of = other_port;
 			break;
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ