lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu,  5 May 2022 19:22:11 +0300
From:   Vladimir Oltean <vladimir.oltean@....com>
To:     netdev@...r.kernel.org
Cc:     Jakub Kicinski <kuba@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Andrew Lunn <andrew@...n.ch>,
        Vladimir Oltean <olteanv@...il.com>,
        Claudiu Manoil <claudiu.manoil@....com>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        UNGLinuxDriver@...rochip.com,
        Xiaoliang Yang <xiaoliang.yang_1@....com>,
        Colin Foster <colin.foster@...advantage.com>
Subject: [PATCH net-next 2/4] net: dsa: felix: stop migrating FDBs back and forth on tag proto change

I just realized we don't need to migrate the host-filtered FDB entries
when the tagging protocol changes from "ocelot" to "ocelot-8021q".

Host-filtered addresses are learned towards the PGID_CPU "multicast"
port group, reserved by software, which contains BIT(ocelot->num_phys_ports).
That is the "special" port entry in the analyzer block for the CPU port
module.

In "ocelot" mode, the CPU port module's packets are redirected to the
NPI port.

In "ocelot-8021q" mode, felix_8021q_cpu_port_init() does something funny
anyway, and changes PGID_CPU to stop pointing at the CPU port module and
start pointing at the physical port where the DSA master is attached.

The fact that we can alter the destination of packets learned towards
PGID_CPU without altering the MAC table entries themselves means that it
is pointless to walk through the FDB entries, forget that they were
learned towards PGID_CPU, and re-learn them towards the "unicast" PGID
associated with the physical port connected to the DSA master. We can
let the PGID_CPU value change simply alter the destination of the
host-filtered unicast packets in one fell swoop.

Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
---
 drivers/net/dsa/ocelot/felix.c | 55 ++--------------------------------
 1 file changed, 2 insertions(+), 53 deletions(-)

diff --git a/drivers/net/dsa/ocelot/felix.c b/drivers/net/dsa/ocelot/felix.c
index 6bb10a0aa11c..4331714a45c5 100644
--- a/drivers/net/dsa/ocelot/felix.c
+++ b/drivers/net/dsa/ocelot/felix.c
@@ -42,22 +42,6 @@ static struct net_device *felix_classify_db(struct dsa_db db)
 	}
 }
 
-/* We are called before felix_npi_port_init(), so ocelot->npi is -1. */
-static int felix_migrate_fdbs_to_npi_port(struct dsa_switch *ds, int port,
-					  const unsigned char *addr, u16 vid,
-					  struct dsa_db db)
-{
-	struct net_device *bridge_dev = felix_classify_db(db);
-	struct ocelot *ocelot = ds->priv;
-	int err;
-
-	err = ocelot_fdb_del(ocelot, port, addr, vid, bridge_dev);
-	if (err)
-		return err;
-
-	return ocelot_fdb_add(ocelot, PGID_CPU, addr, vid, bridge_dev);
-}
-
 static int felix_migrate_mdbs_to_npi_port(struct dsa_switch *ds, int port,
 					  const unsigned char *addr, u16 vid,
 					  struct dsa_db db)
@@ -116,26 +100,6 @@ felix_migrate_flood_to_tag_8021q_port(struct dsa_switch *ds, int port)
 	felix_migrate_pgid_bit(ds, ocelot->num_phys_ports, port, PGID_BC);
 }
 
-/* ocelot->npi was already set to -1 by felix_npi_port_deinit, so
- * ocelot_fdb_add() will not redirect FDB entries towards the
- * CPU port module here, which is what we want.
- */
-static int
-felix_migrate_fdbs_to_tag_8021q_port(struct dsa_switch *ds, int port,
-				     const unsigned char *addr, u16 vid,
-				     struct dsa_db db)
-{
-	struct net_device *bridge_dev = felix_classify_db(db);
-	struct ocelot *ocelot = ds->priv;
-	int err;
-
-	err = ocelot_fdb_del(ocelot, PGID_CPU, addr, vid, bridge_dev);
-	if (err)
-		return err;
-
-	return ocelot_fdb_add(ocelot, port, addr, vid, bridge_dev);
-}
-
 static int
 felix_migrate_mdbs_to_tag_8021q_port(struct dsa_switch *ds, int port,
 				     const unsigned char *addr, u16 vid,
@@ -491,13 +455,9 @@ static int felix_setup_tag_8021q(struct dsa_switch *ds, int cpu)
 	if (err)
 		return err;
 
-	err = dsa_port_walk_fdbs(ds, cpu, felix_migrate_fdbs_to_tag_8021q_port);
-	if (err)
-		goto out_tag_8021q_unregister;
-
 	err = dsa_port_walk_mdbs(ds, cpu, felix_migrate_mdbs_to_tag_8021q_port);
 	if (err)
-		goto out_migrate_fdbs;
+		goto out_tag_8021q_unregister;
 
 	felix_migrate_flood_to_tag_8021q_port(ds, cpu);
 
@@ -519,8 +479,6 @@ static int felix_setup_tag_8021q(struct dsa_switch *ds, int cpu)
 out_migrate_flood:
 	felix_migrate_flood_to_npi_port(ds, cpu);
 	dsa_port_walk_mdbs(ds, cpu, felix_migrate_mdbs_to_npi_port);
-out_migrate_fdbs:
-	dsa_port_walk_fdbs(ds, cpu, felix_migrate_fdbs_to_npi_port);
 out_tag_8021q_unregister:
 	dsa_tag_8021q_unregister(ds);
 	return err;
@@ -600,24 +558,15 @@ static int felix_setup_tag_npi(struct dsa_switch *ds, int cpu)
 	struct ocelot *ocelot = ds->priv;
 	int err;
 
-	err = dsa_port_walk_fdbs(ds, cpu, felix_migrate_fdbs_to_npi_port);
-	if (err)
-		return err;
-
 	err = dsa_port_walk_mdbs(ds, cpu, felix_migrate_mdbs_to_npi_port);
 	if (err)
-		goto out_migrate_fdbs;
+		return err;
 
 	felix_migrate_flood_to_npi_port(ds, cpu);
 
 	felix_npi_port_init(ocelot, cpu);
 
 	return 0;
-
-out_migrate_fdbs:
-	dsa_port_walk_fdbs(ds, cpu, felix_migrate_fdbs_to_tag_8021q_port);
-
-	return err;
 }
 
 static void felix_teardown_tag_npi(struct dsa_switch *ds, int cpu)
-- 
2.25.1

Powered by blists - more mailing lists