| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2020 00:10:26 +0300
From: Vladimir Oltean <olteanv@...il.com>
To: andrew@...n.ch, f.fainelli@...il.com, vivien.didelot@...il.com,
davem@...emloft.net
Cc: jiri@...nulli.us, idosch@...sch.org, kuba@...nel.org,
ivecera@...hat.com, netdev@...r.kernel.org,
horatiu.vultur@...rochip.com, allan.nielsen@...rochip.com,
nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com
Subject: [PATCH RFC net-next 03/13] net: 8021q: vlan_dev: add vid tag for vlan device own address
From: Ivan Khoronzhuk <ivan.khoronzhuk@...aro.org>
The vlan device address is held separately from uc/mc lists and
handled differently. The vlan dev address is bound with real device
address only if it's inherited from init, in all other cases it's
separate address entry in uc list. With vid set, the address becomes
not inherited from real device after it's set manually as before, but
is part of uc list any way, with appropriate vid tag set. If vid_len
for real device is 0, the behaviour is the same as before this change,
so shouldn't be any impact on systems w/o individual virtual device
filtering (IVDF) enabled. This allows to control and sync vlan device
address and disable concrete vlan packet ingress when vlan interface is
down.
Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@...aro.org>
Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
---
net/8021q/vlan.c | 3 ++
net/8021q/vlan_dev.c | 75 +++++++++++++++++++++++++++++++++-----------
2 files changed, 60 insertions(+), 18 deletions(-)
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index d4bcfd8f95bf..4cc341c191a4 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -298,6 +298,9 @@ static void vlan_sync_address(struct net_device *dev,
if (vlan_dev_inherit_address(vlandev, dev))
goto out;
+ if (dev->vid_len)
+ goto out;
+
/* vlan address was different from the old address and is equal to
* the new address */
if (!ether_addr_equal(vlandev->dev_addr, vlan->real_dev_addr) &&
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index c2c3e5ae535c..f3f570a12ffd 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -252,12 +252,61 @@ static void vlan_dev_set_addr_vid(struct net_device *vlan_dev, u8 *addr)
addr[vlan_dev->addr_len + 1] = (vid >> 8) & 0xf;
}
+static int vlan_dev_add_addr(struct net_device *dev, u8 *addr)
+{
+ struct net_device *real_dev = vlan_dev_real_dev(dev);
+ unsigned char naddr[ETH_ALEN + NET_8021Q_VID_TSIZE];
+
+ if (real_dev->vid_len) {
+ memcpy(naddr, addr, dev->addr_len);
+ vlan_dev_set_addr_vid(dev, naddr);
+ return dev_vid_uc_add(real_dev, naddr);
+ }
+
+ if (ether_addr_equal(addr, real_dev->dev_addr))
+ return 0;
+
+ return dev_uc_add(real_dev, addr);
+}
+
+static void vlan_dev_del_addr(struct net_device *dev, u8 *addr)
+{
+ struct net_device *real_dev = vlan_dev_real_dev(dev);
+ unsigned char naddr[ETH_ALEN + NET_8021Q_VID_TSIZE];
+
+ if (real_dev->vid_len) {
+ memcpy(naddr, addr, dev->addr_len);
+ vlan_dev_set_addr_vid(dev, naddr);
+ dev_vid_uc_del(real_dev, naddr);
+ return;
+ }
+
+ if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr))
+ dev_uc_del(real_dev, addr);
+}
+
+static int vlan_dev_subs_addr(struct net_device *dev, u8 *addr)
+{
+ int err;
+
+ err = vlan_dev_add_addr(dev, addr);
+ if (err < 0)
+ return err;
+
+ vlan_dev_del_addr(dev, dev->dev_addr);
+ return err;
+}
+
bool vlan_dev_inherit_address(struct net_device *dev,
struct net_device *real_dev)
{
if (dev->addr_assign_type != NET_ADDR_STOLEN)
return false;
+ if (real_dev->vid_len)
+ if (vlan_dev_subs_addr(dev, real_dev->dev_addr))
+ return false;
+
ether_addr_copy(dev->dev_addr, real_dev->dev_addr);
call_netdevice_notifiers(NETDEV_CHANGEADDR, dev);
return true;
@@ -273,9 +322,10 @@ static int vlan_dev_open(struct net_device *dev)
!(vlan->flags & VLAN_FLAG_LOOSE_BINDING))
return -ENETDOWN;
- if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr) &&
- !vlan_dev_inherit_address(dev, real_dev)) {
- err = dev_uc_add(real_dev, dev->dev_addr);
+ if (ether_addr_equal(dev->dev_addr, real_dev->dev_addr) ||
+ (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr) &&
+ !vlan_dev_inherit_address(dev, real_dev))) {
+ err = vlan_dev_add_addr(dev, dev->dev_addr);
if (err < 0)
goto out;
}
@@ -308,8 +358,7 @@ static int vlan_dev_open(struct net_device *dev)
if (dev->flags & IFF_ALLMULTI)
dev_set_allmulti(real_dev, -1);
del_unicast:
- if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr))
- dev_uc_del(real_dev, dev->dev_addr);
+ vlan_dev_del_addr(dev, dev->dev_addr);
out:
netif_carrier_off(dev);
return err;
@@ -327,8 +376,7 @@ static int vlan_dev_stop(struct net_device *dev)
if (dev->flags & IFF_PROMISC)
dev_set_promiscuity(real_dev, -1);
- if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr))
- dev_uc_del(real_dev, dev->dev_addr);
+ vlan_dev_del_addr(dev, dev->dev_addr);
if (!(vlan->flags & VLAN_FLAG_BRIDGE_BINDING))
netif_carrier_off(dev);
@@ -337,9 +385,7 @@ static int vlan_dev_stop(struct net_device *dev)
static int vlan_dev_set_mac_address(struct net_device *dev, void *p)
{
- struct net_device *real_dev = vlan_dev_priv(dev)->real_dev;
struct sockaddr *addr = p;
- int err;
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
@@ -347,15 +393,8 @@ static int vlan_dev_set_mac_address(struct net_device *dev, void *p)
if (!(dev->flags & IFF_UP))
goto out;
- if (!ether_addr_equal(addr->sa_data, real_dev->dev_addr)) {
- err = dev_uc_add(real_dev, addr->sa_data);
- if (err < 0)
- return err;
- }
-
- if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr))
- dev_uc_del(real_dev, dev->dev_addr);
-
+ if (vlan_dev_subs_addr(dev, addr->sa_data))
+ return true;
out:
ether_addr_copy(dev->dev_addr, addr->sa_data);
return 0;
--
2.25.1
Powered by blists - more mailing lists