lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1687265905.git.petrm@nvidia.com>
Date: Tue, 20 Jun 2023 15:55:46 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Petr Machata <petrm@...dia.com>, Ido Schimmel <idosch@...dia.com>,
	Danielle Ratson <danieller@...dia.com>, Amit Cohen <amcohen@...dia.com>,
	Shuah Khan <shuah@...nel.org>, <linux-kselftest@...r.kernel.org>,
	<mlxsw@...dia.com>
Subject: [PATCH net-next 00/16] selftests: Preparations for out-of-order-operations patches in mlxsw

The mlxsw driver currently makes the assumption that the user applies
configuration in a bottom-up manner. Thus netdevices need to be added to
the bridge before IP addresses are configured on that bridge or SVI added
on top of it. Enslaving a netdevice to another netdevice that already has
uppers is in fact forbidden by mlxsw for this reason. Despite this safety,
it is rather easy to get into situations where the offloaded configuration
is just plain wrong.

Over the course of the following several patchsets, mlxsw code is going to
be adjusted to diminish the space of wrongly offloaded configurations.
Ideally the offload state will reflect the actual state, regardless of the
sequence of operation used to construct that state.

Several selftests build configurations that will not be offloadable in the
future on some systems. The reason is that what will get offloaded is the
actual configuration, not the configuration steps.

For example, when a port is added to a bridge that has an IP address, that
bridge will get a RIF, which it would not have with the current code. But
on Nvidia Spectrum-1 machines, MAC addresses of all RIFs need to have the
same prefix, which the bridge will violate. The RIF thus couldn't be
created, and the enslavement is therefore canceled, because it would lead
to an unoffloadable configuration. This breaks some selftests.

In this patchset, adjust selftests to avoid the configurations that mlxsw
would be incapable of offloading, while maintaining relevance with regards
to the feature that is being tested. There are generally two cases of
fixes:

- Disabling IPv6 autogen on bridges that do not participate in routing,
  either because of the abovementioned requirement to keep the same MAC
  prefix on all in-HW router interfaces, or, on 802.1ad bridges, because
  in-HW router interfaces are not supported at all.

- Setting the bridge MAC address to what it will become after the first
  member port is attached, so that the in-HW router interface is created
  with a supported MAC address.

The patchset is then split thus:

- Patches #1-#7 adjust generic selftests
- Patches #8-#16 adjust mlxsw-specific selftests

Petr Machata (16):
  selftests: forwarding: q_in_vni: Disable IPv6 autogen on bridges
  selftests: forwarding: dual_vxlan_bridge: Disable IPv6 autogen on
    bridges
  selftests: forwarding: skbedit_priority: Disable IPv6 autogen on a
    bridge
  selftests: forwarding: pedit_dsfield: Disable IPv6 autogen on a bridge
  selftests: forwarding: mirror_gre_*: Disable IPv6 autogen on bridges
  selftests: forwarding: mirror_gre_*: Use port MAC for bridge address
  selftests: forwarding: router_bridge: Use port MAC for bridge address
  selftests: mlxsw: q_in_q_veto: Disable IPv6 autogen on bridges
  selftests: mlxsw: extack: Disable IPv6 autogen on bridges
  selftests: mlxsw: mirror_gre_scale: Disable IPv6 autogen on a bridge
  selftests: mlxsw: qos_dscp_bridge: Disable IPv6 autogen on a bridge
  selftests: mlxsw: qos_ets_strict: Disable IPv6 autogen on bridges
  selftests: mlxsw: qos_mc_aware: Disable IPv6 autogen on bridges
  selftests: mlxsw: spectrum: q_in_vni_veto: Disable IPv6 autogen on a
    bridge
  selftests: mlxsw: vxlan: Disable IPv6 autogen on bridges
  selftests: mlxsw: one_armed_router: Use port MAC for bridge address

 .../selftests/drivers/net/mlxsw/extack.sh     | 24 ++++++++---
 .../drivers/net/mlxsw/mirror_gre_scale.sh     |  1 +
 .../drivers/net/mlxsw/one_armed_router.sh     |  3 +-
 .../drivers/net/mlxsw/q_in_q_veto.sh          |  8 ++++
 .../drivers/net/mlxsw/qos_dscp_bridge.sh      |  1 +
 .../drivers/net/mlxsw/qos_ets_strict.sh       |  8 +++-
 .../drivers/net/mlxsw/qos_mc_aware.sh         |  2 +
 .../net/mlxsw/spectrum/q_in_vni_veto.sh       |  1 +
 .../selftests/drivers/net/mlxsw/vxlan.sh      | 41 ++++++++++++++-----
 .../net/forwarding/dual_vxlan_bridge.sh       |  1 +
 .../net/forwarding/mirror_gre_bound.sh        |  1 +
 .../net/forwarding/mirror_gre_bridge_1d.sh    |  3 +-
 .../forwarding/mirror_gre_bridge_1d_vlan.sh   |  3 +-
 .../forwarding/mirror_gre_bridge_1q_lag.sh    |  3 +-
 .../net/forwarding/mirror_topo_lib.sh         |  1 +
 .../selftests/net/forwarding/pedit_dsfield.sh |  4 +-
 .../selftests/net/forwarding/q_in_vni.sh      |  1 +
 .../selftests/net/forwarding/router_bridge.sh |  3 +-
 .../net/forwarding/skbedit_priority.sh        |  4 +-
 19 files changed, 88 insertions(+), 25 deletions(-)

-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ