lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 May 2020 20:28:35 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Vladimir Oltean <olteanv@...il.com>, andrew@...n.ch,
        vivien.didelot@...il.com
Cc:     davem@...emloft.net, kuba@...nel.org, jiri@...lanox.com,
        idosch@...sch.org, rmk+kernel@...linux.org.uk,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 net-next 04/15] net: dsa: sja1105: deny alterations of
 dsa_8021q VLANs from the bridge



On 5/11/2020 6:53 AM, Vladimir Oltean wrote:
> From: Vladimir Oltean <vladimir.oltean@....com>
> 
> At the moment, this can never happen. The 2 modes that we operate in do
> not permit that:
> 
>  - SJA1105_VLAN_UNAWARE: we are guarded from bridge VLANs added by the
>    user by the DSA core. We will later lift this restriction by setting
>    ds->vlan_bridge_vtu = true, and that is where we'll need it.
> 
>  - SJA1105_VLAN_FILTERING_FULL: in this mode, dsa_8021q configuration is
>    disabled. So the user is free to add these VLANs in the 1024-3071
>    range.
> 
> The reason for the patch is that we'll introduce a third VLAN awareness
> state, where both dsa_8021q as well as the bridge are going to call our
> .port_vlan_add and .port_vlan_del methods.
> 
> For that, we need a good way to discriminate between the 2. The easiest
> (and less intrusive way for upper layers) is to recognize the fact that
> dsa_8021q configurations are always driven by our driver - we _know_
> when a .port_vlan_add method will be called from dsa_8021q because _we_
> initiated it.
> 
> So introduce an expect_dsa_8021q boolean which is only used, at the
> moment, for blacklisting VLANs in range 1024-3071 in the modes when
> dsa_8021q is active.>
> Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>

Reviewed-by: Florian Fainelli <f.fainelli@...il.com>
-- 
Florian

Powered by blists - more mailing lists