| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Sep 2020 19:37:05 -0700
From: Florian Fainelli <f.fainelli@...il.com>
To: Vladimir Oltean <vladimir.oltean@....com>, netdev@...r.kernel.org,
davem@...emloft.net
Cc: andrew@...n.ch, vivien.didelot@...il.com, idosch@...sch.org,
jiri@...nulli.us, kurt.kanzenbach@...utronix.de, kuba@...nel.org
Subject: Re: [RFC PATCH 4/9] net: dsa: convert denying bridge VLAN with
existing 8021q upper to PRECHANGEUPPER
On 9/19/2020 6:47 PM, Vladimir Oltean wrote:
> This is checking for the following order of operations, and makes sure
> to deny that configuration:
>
> ip link add link swp2 name swp2.100 type vlan id 100
> ip link add br0 type bridge vlan_filtering 1
> ip link set swp2 master br0
> bridge vlan add dev swp2 vid 100
>
> Instead of using vlan_for_each(), which looks at the VLAN filters
> installed with vlan_vid_add(), just track the 8021q uppers. This has the
> advantage of freeing up the vlan_vid_add() call for actual VLAN
> filtering.
>
> There is another change in this patch. The check is moved in slave.c,
> from switch.c. I don't think it makes sense to have this 8021q upper
> check for each switch port that gets notified of that VLAN addition
> (these include DSA links and CPU ports, we know those can't have 8021q
> uppers because they don't have a net_device registered for them), so
> just do it in slave.c, for that one slave interface.
>
> Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
> ---
> net/dsa/slave.c | 33 +++++++++++++++++++++++++++++++++
> net/dsa/switch.c | 41 -----------------------------------------
> 2 files changed, 33 insertions(+), 41 deletions(-)
>
> diff --git a/net/dsa/slave.c b/net/dsa/slave.c
> index 1940c2458f0f..b88a31a79e2f 100644
> --- a/net/dsa/slave.c
> +++ b/net/dsa/slave.c
> @@ -303,6 +303,28 @@ static int dsa_slave_port_attr_set(struct net_device *dev,
> return ret;
> }
>
> +/* Must be called under rcu_read_lock() */
> +static int
> +dsa_slave_vlan_check_for_8021q_uppers(struct net_device *slave,
> + const struct switchdev_obj_port_vlan *vlan)
> +{
> + struct net_device *upper_dev;
> + struct list_head *iter;
> +
> + netdev_for_each_upper_dev_rcu(slave, upper_dev, iter) {
> + u16 vid;
> +
> + if (!is_vlan_dev(upper_dev))
> + continue;
> +
> + vid = vlan_dev_vlan_id(upper_dev);
> + if (vlan->vid_begin <= vid && vlan->vid_end >= vid)
> + return -EBUSY;
I would find:
if (vid >= vlan->vid_begin && vid <= vlan->vid_end)
more natural but this works too.
Reviewed-by: Florian Fainelli <f.fainelli@...il.com>
--
Florian
Powered by blists - more mailing lists