lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 11 May 2020 23:20:43 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     andrew@...n.ch, f.fainelli@...il.com, vivien.didelot@...il.com
Cc:     davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org
Subject: [PATCH net-next 1/4] net: dsa: allow drivers to request promiscuous mode on master

From: Vladimir Oltean <vladimir.oltean@....com>

Currently DSA assumes that taggers don't mess with the destination MAC
address of the frames on RX. That is not always the case. Some DSA
headers are placed before the Ethernet header (ocelot), and others
simply mangle random bytes from the destination MAC address (sja1105
with its incl_srcpt option).

Currently the DSA master goes to promiscuous mode automatically when the
slave devices go too (such as when enslaved to a bridge), but in
standalone mode this is a problem that needs to be dealt with.

So give drivers the possibility to signal that their tagging protocol
will get randomly dropped otherwise, and let DSA deal with fixing that.

Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
---
 include/net/dsa.h | 13 +++++++++++++
 net/dsa/master.c  | 39 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/include/net/dsa.h b/include/net/dsa.h
index 312c2f067e65..ddc970430a63 100644
--- a/include/net/dsa.h
+++ b/include/net/dsa.h
@@ -217,6 +217,12 @@ struct dsa_port {
 	 */
 	const struct net_device_ops *orig_ndo_ops;
 
+	/*
+	 * Original master netdev flags in case we need to put it in
+	 * promiscuous mode
+	 */
+	unsigned int orig_master_flags;
+
 	bool setup;
 };
 
@@ -298,6 +304,13 @@ struct dsa_switch {
 	 */
 	bool			mtu_enforcement_ingress;
 
+	/* Some tagging protocols either mangle or shift the destination MAC
+	 * address, in which case the DSA master would drop packets on ingress
+	 * if what it understands out of the destination MAC address is not in
+	 * its RX filter.
+	 */
+	bool promisc_on_master;
+
 	size_t num_ports;
 };
 
diff --git a/net/dsa/master.c b/net/dsa/master.c
index a621367c6e8c..5d1873026612 100644
--- a/net/dsa/master.c
+++ b/net/dsa/master.c
@@ -294,6 +294,37 @@ static void dsa_master_ndo_teardown(struct net_device *dev)
 	cpu_dp->orig_ndo_ops = NULL;
 }
 
+static void dsa_master_set_promisc(struct net_device *dev)
+{
+	struct dsa_port *cpu_dp = dev->dsa_ptr;
+	struct dsa_switch *ds = cpu_dp->ds;
+	unsigned int flags;
+
+	if (!ds->promisc_on_master)
+		return;
+
+	flags = dev_get_flags(dev);
+
+	cpu_dp->orig_master_flags = flags;
+
+	rtnl_lock();
+	dev_change_flags(dev, flags | IFF_PROMISC, NULL);
+	rtnl_unlock();
+}
+
+static void dsa_master_reset_promisc(struct net_device *dev)
+{
+	struct dsa_port *cpu_dp = dev->dsa_ptr;
+	struct dsa_switch *ds = cpu_dp->ds;
+
+	if (!ds->promisc_on_master)
+		return;
+
+	rtnl_lock();
+	dev_change_flags(dev, cpu_dp->orig_master_flags, NULL);
+	rtnl_unlock();
+}
+
 static ssize_t tagging_show(struct device *d, struct device_attribute *attr,
 			    char *buf)
 {
@@ -345,9 +376,12 @@ int dsa_master_setup(struct net_device *dev, struct dsa_port *cpu_dp)
 	wmb();
 
 	dev->dsa_ptr = cpu_dp;
+
+	dsa_master_set_promisc(dev);
+
 	ret = dsa_master_ethtool_setup(dev);
 	if (ret)
-		return ret;
+		goto out_err_reset_promisc;
 
 	ret = dsa_master_ndo_setup(dev);
 	if (ret)
@@ -363,6 +397,8 @@ int dsa_master_setup(struct net_device *dev, struct dsa_port *cpu_dp)
 	dsa_master_ndo_teardown(dev);
 out_err_ethtool_teardown:
 	dsa_master_ethtool_teardown(dev);
+out_err_reset_promisc:
+	dsa_master_reset_promisc(dev);
 	return ret;
 }
 
@@ -372,6 +408,7 @@ void dsa_master_teardown(struct net_device *dev)
 	dsa_master_ndo_teardown(dev);
 	dsa_master_ethtool_teardown(dev);
 	dsa_master_reset_mtu(dev);
+	dsa_master_reset_promisc(dev);
 
 	dev->dsa_ptr = NULL;
 
-- 
2.17.1

Powered by blists - more mailing lists