lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211001224633.u7ylsyy4mpl5kmmo@skbuf>
Date:   Fri, 1 Oct 2021 22:46:34 +0000
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     Jakub Kicinski <kuba@...nel.org>
CC:     Xiaoliang Yang <xiaoliang.yang_1@....com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "allan.nielsen@...rochip.com" <allan.nielsen@...rochip.com>,
        "joergen.andreasen@...rochip.com" <joergen.andreasen@...rochip.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "jiri@...lanox.com" <jiri@...lanox.com>,
        "idosch@...lanox.com" <idosch@...lanox.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        Po Liu <po.liu@....com>, Leo Li <leoyang.li@....com>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        Claudiu Manoil <claudiu.manoil@....com>,
        "matthias.bgg@...il.com" <matthias.bgg@...il.com>,
        "horatiu.vultur@...rochip.com" <horatiu.vultur@...rochip.com>
Subject: Re: [PATCH v6 net-next 0/8] net: dsa: felix: psfp support on vsc9959

On Fri, Oct 01, 2021 at 03:11:15PM -0700, Jakub Kicinski wrote:
> On Thu, 30 Sep 2021 15:59:40 +0800 Xiaoliang Yang wrote:
> > VSC9959 hardware supports Per-Stream Filtering and Policing(PSFP).
> > This patch series add PSFP support on tc flower offload of ocelot
> > driver. Use chain 30000 to distinguish PSFP from VCAP blocks. Add gate
> > and police set to support PSFP in VSC9959 driver.
>
> Vladimir, any comments?

Sorry, I was intending to try out the patches and get an overall feel
from there, but I had an incredibly busy week and simply didn't have time.
If it's okay to wait a bit more I will do that tomorrow.
In general I feel that the most glaring issue Xiaoliang has still
avoided to address is the one discussed here:
https://patchwork.kernel.org/project/netdevbpf/patch/20210831034536.17497-6-xiaoliang.yang_1@nxp.com/#24416737
where basically some tc filters depend on some bridge fdb entries, and
there's no way to prevent the bridge from deleting the fdb entries which
would in turn break the tc filters, but also no way of removing the tc
filters when the bridge fdb entries disappear.
The hardware design is poor, no two ways around that, but arguably it's
a tricky issue to handle in software too, the bridge simply doesn't give
switchdev drivers a chance to veto an fdb removal, and I've no idea what
changing that would even mean. So I can understand why Xiaoliang is
avoiding it.
That's why I wanted to run the patches too, first I feel that we should
provide a selftest for the feature, and that is absent from this patch
series, and second I would like to see how broken can the driver state
end up being if we just leave tc filters around which are just inactive
in the absence of a bridge, or a bridge fdb entry. I simply don't know
that right now.
It's almost as if we would be better off stealing some hardware FDB
entries from the bridge and reserving them for the tc filter, and not
depending on the bridge driver at all.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ