lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241126213401.3211801-3-yongwang@nvidia.com>
Date: Tue, 26 Nov 2024 13:34:01 -0800
From: Yong Wang <yongwang@...dia.com>
To: razor@...ckwall.org,
	roopa@...dia.com,
	davem@...emloft.net,
	netdev@...r.kernel.org
Cc: aroulin@...dia.com,
	idosch@...dia.com,
	ndhar@...dia.com
Subject: [RFC net-next 2/2] net: bridge: multicast: update multicast contex when vlan state gets changed

Add br_vlan_set_state_finish() helper function to be executed right after
br_vlan_set_state() when vlan state gets changed, similar to port state,
vlan state could impact multicast behaviors as well such as igmp query.
When bridge is running with userspace STP, vlan state can be manipulated by
"bridge vlan" commands. Updating the corresponding multicast context
will ensure the port query timer to continue when vlan state gets changed
to those "allowed" states like "forwarding" etc.

Signed-off-by: Yong Wang <yongwang@...dia.com>
Reviewed-by: Andy Roulin <aroulin@...dia.com>
---
 net/bridge/br_mst.c          |  5 +++--
 net/bridge/br_multicast.c    | 18 ++++++++++++++++++
 net/bridge/br_private.h      | 11 +++++++++++
 net/bridge/br_vlan_options.c |  2 ++
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/net/bridge/br_mst.c b/net/bridge/br_mst.c
index 1820f09ff59c..b77c31a24257 100644
--- a/net/bridge/br_mst.c
+++ b/net/bridge/br_mst.c
@@ -80,10 +80,11 @@ static void br_mst_vlan_set_state(struct net_bridge_vlan_group *vg,
 	if (br_vlan_get_state(v) == state)
 		return;
 
-	br_vlan_set_state(v, state);
-
 	if (v->vid == vg->pvid)
 		br_vlan_set_pvid_state(vg, state);
+
+	br_vlan_set_state(v, state);
+	br_vlan_set_state_finish(v, state);
 }
 
 int br_mst_set_state(struct net_bridge_port *p, u16 msti, u8 state,
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 8b23b0dc6129..3a3b63c97c92 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -4270,6 +4270,24 @@ static void __br_multicast_stop(struct net_bridge_mcast *brmctx)
 #endif
 }
 
+void br_multicast_update_vlan_mcast_ctx(struct net_bridge_vlan *v, u8 state)
+{
+	struct net_bridge *br;
+
+	if (!br_vlan_should_use(v))
+		return;
+
+	if (br_vlan_is_master(v))
+		return;
+
+	br = v->port->br;
+
+	if (br_vlan_state_allowed(state, true) &&
+	    (v->priv_flags & BR_VLFLAG_MCAST_ENABLED) &&
+	    br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED))
+		br_multicast_enable_port_ctx(&v->port_mcast_ctx);
+}
+
 void br_multicast_toggle_one_vlan(struct net_bridge_vlan *vlan, bool on)
 {
 	struct net_bridge *br;
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 9853cfbb9d14..9c72070956e3 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -1052,6 +1052,7 @@ void br_multicast_port_ctx_init(struct net_bridge_port *port,
 				struct net_bridge_vlan *vlan,
 				struct net_bridge_mcast_port *pmctx);
 void br_multicast_port_ctx_deinit(struct net_bridge_mcast_port *pmctx);
+void br_multicast_update_vlan_mcast_ctx(struct net_bridge_vlan *v, u8 state);
 void br_multicast_toggle_one_vlan(struct net_bridge_vlan *vlan, bool on);
 int br_multicast_toggle_vlan_snooping(struct net_bridge *br, bool on,
 				      struct netlink_ext_ack *extack);
@@ -1502,6 +1503,10 @@ static inline void br_multicast_port_ctx_deinit(struct net_bridge_mcast_port *pm
 {
 }
 
+static inline void br_multicast_update_vlan_mcast_ctx(struct net_bridge_vlan *v, u8 state)
+{
+}
+
 static inline void br_multicast_toggle_one_vlan(struct net_bridge_vlan *vlan,
 						bool on)
 {
@@ -1853,6 +1858,12 @@ bool br_vlan_global_opts_can_enter_range(const struct net_bridge_vlan *v_curr,
 bool br_vlan_global_opts_fill(struct sk_buff *skb, u16 vid, u16 vid_range,
 			      const struct net_bridge_vlan *v_opts);
 
+/* helper function to be called right after br_vlan_set_state() when vlan state gets changed */
+static inline void br_vlan_set_state_finish(struct net_bridge_vlan *v, u8 state)
+{
+	br_multicast_update_vlan_mcast_ctx(v, state);
+}
+
 /* vlan state manipulation helpers using *_ONCE to annotate lock-free access */
 static inline u8 br_vlan_get_state(const struct net_bridge_vlan *v)
 {
diff --git a/net/bridge/br_vlan_options.c b/net/bridge/br_vlan_options.c
index 8fa89b04ee94..bad187c4f16d 100644
--- a/net/bridge/br_vlan_options.c
+++ b/net/bridge/br_vlan_options.c
@@ -123,6 +123,8 @@ static int br_vlan_modify_state(struct net_bridge_vlan_group *vg,
 		br_vlan_set_pvid_state(vg, state);
 
 	br_vlan_set_state(v, state);
+	br_vlan_set_state_finish(v, state);
+
 	*changed = true;
 
 	return 0;
-- 
2.39.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ