lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  8 Mar 2022 11:15:09 +0200
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     netdev@...r.kernel.org
Cc:     Jakub Kicinski <kuba@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Florian Fainelli <f.fainelli@...il.com>,
        Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Vladimir Oltean <olteanv@...il.com>,
        Claudiu Manoil <claudiu.manoil@....com>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        UNGLinuxDriver@...rochip.com,
        Alvin Šipraga <alsi@...g-olufsen.dk>
Subject: [PATCH net-next 0/6] Incremental fixups for DSA unicast filtering

There are some bugs I've discovered in the recently merged "DSA unicast
filtering" series:
https://patchwork.kernel.org/project/netdevbpf/cover/20220302191417.1288145-1-vladimir.oltean@nxp.com/

First bug is the dereference of an uninitialized list (dp->fdbs) when
the "initial" tag protocol is placed in the device tree for the Felix
switch driver. This is a scenario I hadn't tested. It is handled by
patches 1-3.

Second bug is actually a sum of bugs that canceled each other out during
my previous testing. The MAC address change of a DSA slave interface
breaks termination for the other slave interfaces. But this actually
does not happen if the slave interface whose address is changing is
down. And even when up, traffic termination is still not broken because
we fail to properly disable host flooding. Patches 4-6 handle this for
the Felix driver (the only one benefiting from unicast filtering so far).

Vladimir Oltean (6):
  net: dsa: warn if port lists aren't empty in dsa_port_teardown
  net: dsa: move port lists initialization to dsa_port_touch
  net: dsa: felix: drop "bool change" from felix_set_tag_protocol
  net: dsa: be mostly no-op in dsa_slave_set_mac_address when down
  net: dsa: felix: actually disable flooding towards NPI port
  net: dsa: felix: avoid early deletion of host FDB entries

 drivers/net/dsa/ocelot/felix.c | 90 +++++++++++++++++++---------------
 include/net/dsa.h              |  6 +++
 net/dsa/dsa.c                  | 60 +++++++++++++++++++++++
 net/dsa/dsa2.c                 | 31 +++---------
 net/dsa/dsa_priv.h             |  2 +
 net/dsa/slave.c                |  7 +++
 net/dsa/switch.c               | 18 -------
 7 files changed, 134 insertions(+), 80 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ