| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YR9y2nwQWtGTumIS@shredder>
Date: Fri, 20 Aug 2021 12:16:10 +0300
From: Ido Schimmel <idosch@...sch.org>
To: Vladimir Oltean <vladimir.oltean@....com>
Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <nikolay@...dia.com>,
Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Vivien Didelot <vivien.didelot@...il.com>,
Vladimir Oltean <olteanv@...il.com>,
Vadym Kochan <vkochan@...vell.com>,
Taras Chornyi <tchornyi@...vell.com>,
Jiri Pirko <jiri@...dia.com>, Ido Schimmel <idosch@...dia.com>,
UNGLinuxDriver@...rochip.com,
Grygorii Strashko <grygorii.strashko@...com>,
Marek Behun <kabel@...ckhole.sk>,
DENG Qingfang <dqfext@...il.com>,
Kurt Kanzenbach <kurt@...utronix.de>,
Hauke Mehrtens <hauke@...ke-m.de>,
Woojung Huh <woojung.huh@...rochip.com>,
Sean Wang <sean.wang@...iatek.com>,
Landen Chao <Landen.Chao@...iatek.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
George McCollister <george.mccollister@...il.com>,
Ioana Ciornei <ioana.ciornei@....com>,
Saeed Mahameed <saeedm@...dia.com>,
Leon Romanovsky <leon@...nel.org>,
Lars Povlsen <lars.povlsen@...rochip.com>,
Steen Hegelund <Steen.Hegelund@...rochip.com>,
Julian Wiedmann <jwi@...ux.ibm.com>,
Karsten Graul <kgraul@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
Ivan Vecera <ivecera@...hat.com>,
Vlad Buslov <vladbu@...dia.com>,
Jianbo Liu <jianbol@...dia.com>,
Mark Bloch <mbloch@...dia.com>, Roi Dayan <roid@...dia.com>,
Tobias Waldekranz <tobias@...dekranz.com>,
Vignesh Raghavendra <vigneshr@...com>,
Jesse Brandeburg <jesse.brandeburg@...el.com>
Subject: Re: [PATCH v2 net-next 0/5] Make SWITCHDEV_FDB_{ADD,DEL}_TO_DEVICE
blocking
On Thu, Aug 19, 2021 at 07:07:18PM +0300, Vladimir Oltean wrote:
> Problem statement:
>
> Any time a driver needs to create a private association between a bridge
> upper interface and use that association within its
> SWITCHDEV_FDB_{ADD,DEL}_TO_DEVICE handler, we have an issue with FDB
> entries deleted by the bridge when the port leaves. The issue is that
> all switchdev drivers schedule a work item to have sleepable context,
> and that work item can be actually scheduled after the port has left the
> bridge, which means the association might have already been broken by
> the time the scheduled FDB work item attempts to use it.
This is handled in mlxsw by telling the device to flush the FDB entries
pointing to the {port, FID} when the VLAN is deleted (synchronously).
>
> The solution is to modify switchdev to use its embedded SWITCHDEV_F_DEFER
> mechanism to make the FDB notifiers emitted from the fastpath be
> scheduled in sleepable context. All drivers are converted to handle
> SWITCHDEV_FDB_{ADD,DEL}_TO_DEVICE from their blocking notifier block
> handler (or register a blocking switchdev notifier handler if they
> didn't have one). This solves the aforementioned problem because the
> bridge waits for the switchdev deferred work items to finish before a
> port leaves (del_nbp calls switchdev_deferred_process), whereas a work
> item privately scheduled by the driver will obviously not be waited upon
> by the bridge, leading to the possibility of having the race.
How the problem is solved if after this patchset drivers still queue a
work item?
DSA supports learning, but does not report the entries to the bridge.
How are these entries deleted when a port leaves the bridge?
>
> This is a dependency for the "DSA FDB isolation" posted here. It was
> split out of that series hence the numbering starts directly at v2.
>
> https://patchwork.kernel.org/project/netdevbpf/cover/20210818120150.892647-1-vladimir.oltean@nxp.com/
What is FDB isolation? Cover letter says: "There are use cases which
need FDB isolation between standalone ports and bridged ports, as well
as isolation between ports of different bridges".
Does it mean that DSA currently forwards packets between ports even if
they are member in different bridges or standalone?
>
> Vladimir Oltean (5):
> net: switchdev: move SWITCHDEV_FDB_{ADD,DEL}_TO_DEVICE to the blocking
> notifier chain
> net: bridge: switchdev: make br_fdb_replay offer sleepable context to
> consumers
> net: switchdev: drop the atomic notifier block from
> switchdev_bridge_port_{,un}offload
> net: switchdev: don't assume RCU context in
> switchdev_handle_fdb_{add,del}_to_device
> net: dsa: handle SWITCHDEV_FDB_{ADD,DEL}_TO_DEVICE synchronously
>
> .../ethernet/freescale/dpaa2/dpaa2-switch.c | 86 +++++------
> .../marvell/prestera/prestera_switchdev.c | 110 +++++++-------
> .../mellanox/mlx5/core/en/rep/bridge.c | 59 +++++++-
> .../mellanox/mlxsw/spectrum_switchdev.c | 61 +++++++-
> .../microchip/sparx5/sparx5_switchdev.c | 78 +++++-----
> drivers/net/ethernet/mscc/ocelot_net.c | 3 -
> drivers/net/ethernet/rocker/rocker_main.c | 73 ++++-----
> drivers/net/ethernet/rocker/rocker_ofdpa.c | 4 +-
> drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +-
> drivers/net/ethernet/ti/am65-cpsw-switchdev.c | 57 ++++----
> drivers/net/ethernet/ti/cpsw_new.c | 4 +-
> drivers/net/ethernet/ti/cpsw_switchdev.c | 60 ++++----
> drivers/s390/net/qeth_l2_main.c | 10 +-
> include/net/switchdev.h | 30 +++-
> net/bridge/br.c | 5 +-
> net/bridge/br_fdb.c | 40 ++++-
> net/bridge/br_private.h | 4 -
> net/bridge/br_switchdev.c | 18 +--
> net/dsa/dsa.c | 15 --
> net/dsa/dsa_priv.h | 15 --
> net/dsa/port.c | 3 -
> net/dsa/slave.c | 138 ++++++------------
> net/switchdev/switchdev.c | 61 +++++++-
> 23 files changed, 529 insertions(+), 409 deletions(-)
>
> --
> 2.25.1
>
Powered by blists - more mailing lists