lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 20 Oct 2020 00:28:24 +0000
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     Andrew Lunn <andrew@...n.ch>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>
Subject: Re: [PATCH net] net: dsa: reference count the host mdb addresses

On Tue, Oct 20, 2020 at 02:06:32AM +0200, Andrew Lunn wrote:
> I agree with the analysis. This is how i designed it!
[...]
> So i decided to keep it KISS and not bother with reference counting.

Well, I can't argue with that then...

> The other part of the argument is that DSA is stateless, in that there
> is no dynamic memory allocation. Drivers are also stateless in terms
> of dynamically allocating memory.

And is that some sort of design goal? I think you'll run out of things
to do very quickly if you set out to never call kmalloc().

> So, what value do this code add? Why do we actually need reference
> counting?

Well, for one thing, if you have multiple bridge interfaces spanning the
ports of a single switch ASIC (and this is not uncommon with port count > 4)
then you'll have the timer expiry from one bridge clear the host MDB
entries of the other. Weird. And in general, you can't just "add first,
delete first" with this type of things. I actually got some pushback
from Vivien an year ago on a topic very similar to this: in the other
place where DSA is "lazy" and does not implement refcounting, which is
VLANs on the CPU port, at least the VLAN is not deleted. That would be
more correct, at least, than performing 6 additions, then 1 single
deletion which would invalidate the entry for all the other ports.

Also, I am taking the opportunity to add the refcounting infrastructure
for host FDB entries (this goes back to the patch series about DSA RX
filtering). At the moment, host addresses are added from a single type
of source (aka, a switchdev HOST_MDB object). But with unicast, there
could be more than one sources that a unicast address could be
added from:
- the MAC addresses of the ports. These addresses should be installed as
  host FDB entries
- the MAC addresses of the upper interfaces. Similar argument here.
- the local (master) FDB of the bridge. My plan of record is to offload
  this using a new switchdev HOST_FDB object, similar to what you've
  done for HOST_MDB.
In this case, having reference counting is pretty much something to
have, when an address could come from more than one place, we wouldn't
want to break anything.
Also, consider what happens when you start having the ability to install
the MAC address of the switch ports as a host FDB entry. DSA configures
all interfaces to have the same MAC address, which is inherited from the
master's MAC address. But you can also change the MAC address of a
switch interface. What do you do with the old one? Do you delete it? Do
you keep it? If you don't delete it, you might run out of FDB space
after enough MAC address changes. If you delete it, you might break
traffic for the other switch ports that are still using it...

Powered by blists - more mailing lists