lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Nov 2020 01:37:57 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Florian Fainelli <f.fainelli@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Yunjian Wang <wangyunjian@...wei.com>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH net] net: Have netpoll bring-up DSA management interface

On Mon, Nov 16, 2020 at 03:20:37PM -0800, Florian Fainelli wrote:
> I remember now there was a reason for me to "open code" this, and this
> is because since the patch is intended to be a bug fix, I wanted it to
> be independent from: 2f1e8ea726e9 ("net: dsa: link interfaces with the
> DSA master to get rid of lockdep warnings")
>
> which we would be depending on and is only two-ish releases away. Let me
> know if you prefer different fixes for different branches.

Florian, I studied a little bit the reason why DSA wants the master
interface to be open before the slave is (not enough to actually submit
a fully tested patch, though). It's because Lennert Buytenhek wanted to
ensure that DSA only manages the promiscuity of interfaces that are up,
because of a bugfix from 2008. See commit:

commit df02c6ff2e3937379b31ea161b53229134fe92f7
Author: Lennert Buytenhek <buytenh@...vell.com>
Date:   Mon Nov 10 21:53:12 2008 -0800

    dsa: fix master interface allmulti/promisc handling

    Before commit b6c40d68ff6498b7f63ddf97cf0aa818d748dee7 ("net: only
    invoke dev->change_rx_flags when device is UP"), the dsa driver could
    sort-of get away with only fiddling with the master interface's
    allmulti/promisc counts in ->change_rx_flags() and not touching them
    in ->open() or ->stop().  After this commit (note that it was merged
    almost simultaneously with the dsa patches, which is why this wasn't
    caught initially), the breakage that was already there became more
    apparent.

    Since it makes no sense to keep the master interface's allmulti or
    promisc count pinned for a slave interface that is down, copy the vlan
    driver's sync logic (which does exactly what we want) over to dsa to
    fix this.

    Bug report from Dirk Teurlings <dirk@...xia.nl> and Peter van Valderen
    <linux@...rew.com>.

    Signed-off-by: Lennert Buytenhek <buytenh@...vell.com>
    Tested-by: Dirk Teurlings <dirk@...xia.nl>
    Tested-by: Peter van Valderen <linux@...rew.com>
    Signed-off-by: David S. Miller <davem@...emloft.net>

followed by commit

commit d2615bf450694c1302d86b9cc8a8958edfe4c3a4
Author: Vlad Yasevich <vyasevic@...hat.com>
Date:   Tue Nov 19 20:47:15 2013 -0500

    net: core: Always propagate flag changes to interfaces

    The following commit:
        b6c40d68ff6498b7f63ddf97cf0aa818d748dee7
        net: only invoke dev->change_rx_flags when device is UP

    tried to fix a problem with VLAN devices and promiscuouse flag setting.
    The issue was that VLAN device was setting a flag on an interface that
    was down, thus resulting in bad promiscuity count.
    This commit blocked flag propagation to any device that is currently
    down.

    A later commit:
        deede2fabe24e00bd7e246eb81cd5767dc6fcfc7
        vlan: Don't propagate flag changes on down interfaces

    fixed VLAN code to only propagate flags when the VLAN interface is up,
    thus fixing the same issue as above, only localized to VLAN.

    The problem we have now is that if we have create a complex stack
    involving multiple software devices like bridges, bonds, and vlans,
    then it is possible that the flags would not propagate properly to
    the physical devices.  A simple examle of the scenario is the
    following:

      eth0----> bond0 ----> bridge0 ---> vlan50

    If bond0 or eth0 happen to be down at the time bond0 is added to
    the bridge, then eth0 will never have promisc mode set which is
    currently required for operation as part of the bridge.  As a
    result, packets with vlan50 will be dropped by the interface.

    The only 2 devices that implement the special flag handling are
    VLAN and DSA and they both have required code to prevent incorrect
    flag propagation.  As a result we can remove the generic solution
    introduced in b6c40d68ff6498b7f63ddf97cf0aa818d748dee7 and leave
    it to the individual devices to decide whether they will block
    flag propagation or not.

    Reported-by: Stefan Priebe <s.priebe@...fihost.ag>
    Suggested-by: Veaceslav Falico <vfalico@...hat.com>
    Signed-off-by: Vlad Yasevich <vyasevic@...hat.com>
    Signed-off-by: David S. Miller <davem@...emloft.net>

So Vlad Yasevich, through his patch, leaves this decision at the sole
will of DSA now, it is no longer mandated by the networking core that
the master interface must be up when changing its promiscuity.

As from my point of view? I think we're missing the forest for the
trees by requiring the user to bring up the master interface. Even _if_
there still was a problem with promiscuity when the master is down
(which btw I couldn't reproduce), then who's stopping DSA from simply
bringing the master interface up in the first place... I think from a
user's point of view this would be a beneficial change.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ