lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1689763088.git.petrm@nvidia.com>
Date: Wed, 19 Jul 2023 13:01:15 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Ido Schimmel <idosch@...dia.com>, Petr Machata <petrm@...dia.com>,
	Danielle Ratson <danieller@...dia.com>, <mlxsw@...dia.com>
Subject: [PATCH net-next 00/17] mlxsw: Permit enslavement to netdevices with uppers

The mlxsw driver currently makes the assumption that the user applies
configuration in a bottom-up manner. Thus netdevices need to be added to
the bridge before IP addresses are configured on that bridge or SVI added
on top of it. Enslaving a netdevice to another netdevice that already has
uppers is in fact forbidden by mlxsw for this reason. Despite this safety,
it is rather easy to get into situations where the offloaded configuration
is just plain wrong.

As an example, take a front panel port, configure an IP address: it gets a
RIF. Now enslave the port to the bridge, and the RIF is gone. Remove the
port from the bridge again, but the RIF never comes back. There is a number
of similar situations, where changing the configuration there and back
utterly breaks the offload.

Similarly, detaching a front panel port from a configured topology means
unoffloading of this whole topology -- VLAN uppers, next hops, etc.
Attaching the port back is then not permitted at all. If it were, it would
not result in a working configuration, because much of mlxsw is written to
react to changes in immediate configuration. There is nothing that would go
visit netdevices in the attached-to topology and offload existing routes
and VLAN memberships, for example.

In this patchset, introduce a number of replays to be invoked so that this
sort of post-hoc offload is supported. Then remove the vetoes that
disallowed enslavement of front panel ports to other netdevices with
uppers.

The patchset progresses as follows:

- In patch #1, fix an issue in the bridge driver. To my knowledge, the
  issue could not have resulted in a buggy behavior previously, and thus is
  packaged with this patchset instead of being sent separately to net.

- In patch #2, add a new helper to the switchdev code.

- In patch #3, drop mlxsw selftests that will not be relevant after this
  patchset anymore.

- Patches #4, #5, #6, #7 and #8 prepare the codebase for smoother
  introduction of the rest of the code.

- Patches #9, #10, #11, #12, #13 and #14 replay various aspects of upper
  configuration when a front panel port is introduced into a topology.
  Individual patches take care of bridge and LAG RIF memberships, switchdev
  replay, nexthop and neighbors replay, and MACVLAN offload.

- Patches #15 and #16 introduce RIFs for newly-relevant netdevices when a
  front panel port is enslaved (in which case all uppers are newly
  relevant), or, respectively, deslaved (in which case the newly-relevant
  netdevice is the one being deslaved).

- Up until this point, the introduced scaffolding was not really used,
  because mlxsw still forbids enslavement of mlxsw netdevices to uppers
  with uppers. In patch #17, this condition is finally relaxed.

A sizable selftest suite is available to test all this new code. That will
be sent in a separate patchset.

Petr Machata (17):
  net: bridge: br_switchdev: Tolerate -EOPNOTSUPP when replaying MDB
  net: switchdev: Add a helper to replay objects on a bridge port
  selftests: mlxsw: rtnetlink: Drop obsolete tests
  mlxsw: spectrum_router: Allow address handlers to run on bridge ports
  mlxsw: spectrum_router: Extract a helper to schedule neighbour work
  mlxsw: spectrum: Split a helper out of mlxsw_sp_netdevice_event()
  mlxsw: spectrum: Allow event handlers to check unowned bridges
  mlxsw: spectrum: Add a replay_deslavement argument to event handlers
  mlxsw: spectrum: On port enslavement to a LAG, join upper's bridges
  mlxsw: spectrum_switchdev: Replay switchdev objects on port join
  mlxsw: spectrum_router: Join RIFs of LAG upper VLANs
  mlxsw: spectrum_router: Offload ethernet nexthops when RIF is made
  mlxsw: spectrum_router: Replay MACVLANs when RIF is made
  mlxsw: spectrum_router: Replay neighbours when RIF is made
  mlxsw: spectrum_router: Replay IP NETDEV_UP on device enslavement
  mlxsw: spectrum_router: Replay IP NETDEV_UP on device deslavement
  mlxsw: spectrum: Permit enslavement to netdevices with uppers

 .../net/ethernet/mellanox/mlxsw/spectrum.c    | 312 ++++++++++---
 .../net/ethernet/mellanox/mlxsw/spectrum.h    |   2 +
 .../ethernet/mellanox/mlxsw/spectrum_router.c | 432 ++++++++++++++++--
 .../ethernet/mellanox/mlxsw/spectrum_router.h |   7 +
 .../mellanox/mlxsw/spectrum_switchdev.c       | 138 +++++-
 include/net/switchdev.h                       |   6 +
 net/bridge/br.c                               |   8 +
 net/bridge/br_private.h                       |  16 +
 net/bridge/br_switchdev.c                     |  15 +-
 net/switchdev/switchdev.c                     |  25 +
 .../selftests/drivers/net/mlxsw/rtnetlink.sh  |  31 --
 11 files changed, 862 insertions(+), 130 deletions(-)

-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ