lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZJnU6WntVQW2AgvZ@corigine.com>
Date: Mon, 26 Jun 2023 20:11:53 +0200
From: Simon Horman <simon.horman@...igine.com>
To: Vladimir Oltean <vladimir.oltean@....com>
Cc: netdev@...r.kernel.org, Andrew Lunn <andrew@...n.ch>,
	Florian Fainelli <f.fainelli@...il.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH net 2/2] net: dsa: tag_sja1105: always prefer source port
 information from INCL_SRCPT

On Mon, Jun 26, 2023 at 06:51:12PM +0300, Vladimir Oltean wrote:
> Currently the sja1105 tagging protocol prefers using the source port
> information from the VLAN header if that is available, falling back to
> the INCL_SRCPT option if it isn't. The VLAN header is available for all
> frames except for META frames initiated by the switch (containing RX
> timestamps), and thus, the "if (is_link_local)" branch is practically
> dead.
> 
> The tag_8021q source port identification has become more loose
> ("imprecise") and will report a plausible rather than exact bridge port,
> when under a bridge (be it VLAN-aware or VLAN-unaware). But link-local
> traffic always needs to know the precise source port. With incorrect
> source port reporting, for example PTP traffic over 2 bridged ports will
> all be seen on sockets opened on the first such port, which is incorrect.
> 
> Now that the tagging protocol has been changed to make link-local frames
> always contain source port information, we can reverse the order of the
> checks so that we always give precedence to that information (which is
> always precise) in lieu of the tag_8021q VID which is only precise for a
> standalone port.
> 
> Fixes: d7f9787a763f ("net: dsa: tag_8021q: add support for imprecise RX based on the VBID")
> Fixes: 91495f21fcec ("net: dsa: tag_8021q: replace the SVL bridging with VLAN-unaware IVL bridging")
> Signed-off-by: Vladimir Oltean <vladimir.oltean@....com>
> ---
>  net/dsa/tag_sja1105.c | 35 +++++++++++++++++++++++++----------
>  1 file changed, 25 insertions(+), 10 deletions(-)
> 
> diff --git a/net/dsa/tag_sja1105.c b/net/dsa/tag_sja1105.c
> index a5f3b73da417..0e62eab8f251 100644
> --- a/net/dsa/tag_sja1105.c
> +++ b/net/dsa/tag_sja1105.c
> @@ -545,10 +545,7 @@ static struct sk_buff *sja1105_rcv(struct sk_buff *skb,
>  	is_link_local = sja1105_is_link_local(skb);
>  	is_meta = sja1105_is_meta_frame(skb);
>  
> -	if (sja1105_skb_has_tag_8021q(skb)) {
> -		/* Normal traffic path. */
> -		sja1105_vlan_rcv(skb, &source_port, &switch_id, &vbid, &vid);
> -	} else if (is_link_local) {
> +	if (is_link_local) {
>  		/* Management traffic path. Switch embeds the switch ID and
>  		 * port ID into bytes of the destination MAC, courtesy of
>  		 * the incl_srcpt options.
> @@ -562,16 +559,34 @@ static struct sk_buff *sja1105_rcv(struct sk_buff *skb,
>  		sja1105_meta_unpack(skb, &meta);
>  		source_port = meta.source_port;
>  		switch_id = meta.switch_id;
> -	} else {
> -		return NULL;
>  	}
>  
> -	if (vbid >= 1)
> +	/* Normal data plane traffic and link-local frames are tagged with
> +	 * a tag_8021q VLAN which we have to strip
> +	 */
> +	if (sja1105_skb_has_tag_8021q(skb)) {
> +		int tmp_source_port = -1, tmp_switch_id = -1;
> +
> +		sja1105_vlan_rcv(skb, &tmp_source_port, &tmp_switch_id, &vbid,
> +				 &vid);
> +		/* Preserve the source information from the INCL_SRCPT option,
> +		 * if available. This allows us to not overwrite a valid source
> +		 * port and switch ID with zeroes when receiving link-local
> +		 * frames from a VLAN-unaware bridged port (non-zero vbid) or a
> +		 * VLAN-aware bridged port (non-zero vid).
> +		 */
> +		if (source_port == -1)
> +			source_port = tmp_source_port;
> +		if (switch_id == -1)
> +			switch_id = tmp_switch_id;
> +	}
> +
> +	if (source_port != -1 && switch_id != -1)
> +		skb->dev = dsa_master_find_slave(netdev, switch_id, source_port);
> +	else if (vbid >= 1)
>  		skb->dev = dsa_tag_8021q_find_port_by_vbid(netdev, vbid);
> -	else if (source_port == -1 || switch_id == -1)
> -		skb->dev = dsa_find_designated_bridge_port_by_vid(netdev, vid);
>  	else
> -		skb->dev = dsa_master_find_slave(netdev, switch_id, source_port);
> +		skb->dev = dsa_find_designated_bridge_port_by_vid(netdev, vid);

Hi Vladimir,

A similar comment to that made for [1], though the code is somewhat
different to that case: are you sure vid is initialised here?
GCC 12 and Smatch seem unsure about it.

[1] Re: [PATCH net-next v2 4/7] net: dsa: vsc73xx: Add dsa tagging based on 8021q
    https://lore.kernel.org/all/ZJg2M+Qvg3Fv73CH@corigine.com/

>  	if (!skb->dev) {
>  		netdev_warn(netdev, "Couldn't decode source port\n");
>  		return NULL;
> -- 
> 2.34.1
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ