| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250829085724.24230-9-linus.luessing@c0d3.blue>
Date: Fri, 29 Aug 2025 10:53:49 +0200
From: Linus Lüssing <linus.luessing@...3.blue>
To: bridge@...ts.linux.dev
Cc: netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
Nikolay Aleksandrov <razor@...ckwall.org>,
Ido Schimmel <idosch@...dia.com>,
Andrew Lunn <andrew+netdev@...n.ch>,
Simon Horman <horms@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Jakub Kicinski <kuba@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
"David S . Miller" <davem@...emloft.net>,
Kuniyuki Iwashima <kuniyu@...gle.com>,
Stanislav Fomichev <sdf@...ichev.me>,
Xiao Liang <shaw.leon@...il.com>,
Linus Lüssing <linus.luessing@...3.blue>
Subject: [PATCH 8/9] net: bridge: mcast: track active state, bridge up/down
This is mainly for switchdev and DSA later: To ensure that we switch
to inactive before destroying a bridge interface. A switchdev/DSA driver
might have allocated resources after we switched to an enabled multicast
active state. This gives switchdev/DSA drivers a chance to free these
resources again when we destroy the bridge (later).
Putting it into the ndo_stop / bridge interface down part instead of the
ndo_uninit / bridge destroy part though for a better semantic match. If
the bridge interface is down / stopped then it is also inactive.
No functional change for the fast/data path.
Signed-off-by: Linus Lüssing <linus.luessing@...3.blue>
---
include/uapi/linux/if_link.h | 8 ++++----
net/bridge/br_device.c | 3 +++
net/bridge/br_multicast.c | 26 ++++++++++++++++++++++----
3 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index ef686ea17afe..76d15a07344d 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -746,14 +746,14 @@ enum in6_addr_gen_mode {
* @IFLA_BR_MCAST_ACTIVE_V4
* Bridge IPv4 mcast active state, read only.
*
- * 1 if *IFLA_BR_MCAST_SNOOPING* is enabled and an IGMP querier is present,
- * 0 otherwise.
+ * 1 if *IFLA_BR_MCAST_SNOOPING* is enabled, an IGMP querier is present
+ * and the bridge interface is up, 0 otherwise.
*
* @IFLA_BR_MCAST_ACTIVE_V6
* Bridge IPv6 mcast active state, read only.
*
- * 1 if *IFLA_BR_MCAST_SNOOPING* is enabled and an MLD querier is present,
- * 0 otherwise.
+ * 1 if *IFLA_BR_MCAST_SNOOPING* is enabled, an MLD querier is present
+ * and the bridge interface is up, 0 otherwise.
*/
enum {
IFLA_BR_UNSPEC,
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 3cdf1c17108b..efb5d35c2dd4 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -168,7 +168,10 @@ static int br_dev_open(struct net_device *dev)
netdev_update_features(dev);
netif_start_queue(dev);
br_stp_enable_bridge(br);
+
+ spin_lock_bh(&br->multicast_lock);
br_multicast_open(br);
+ spin_unlock_bh(&br->multicast_lock);
if (br_opt_get(br, BROPT_MULTICAST_ENABLED))
br_multicast_join_snoopers(br);
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 53720337a1e3..09e23e4d8b74 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1145,6 +1145,7 @@ static void br_ip6_multicast_update_active(struct net_bridge_mcast *brmctx,
*
* The multicast active state is set, per protocol family, if:
*
+ * - the bridge interface is up
* - multicast snooping is enabled
* - an IGMP/MLD querier is present
* - for own IPv6 MLD querier: an IPv6 address is configured on the bridge
@@ -1160,6 +1161,9 @@ static void br_multicast_update_active(struct net_bridge_mcast *brmctx)
lockdep_assert_held_once(&brmctx->br->multicast_lock);
+ if (!netif_running(brmctx->br->dev))
+ force_inactive = true;
+
if (!br_opt_get(brmctx->br, BROPT_MULTICAST_ENABLED))
force_inactive = true;
@@ -4379,6 +4383,9 @@ static void __br_multicast_open(struct net_bridge_mcast *brmctx)
#if IS_ENABLED(CONFIG_IPV6)
__br_multicast_open_query(brmctx->br, &brmctx->ip6_own_query);
#endif
+
+ /* bridge interface is up, maybe set multicast state to active */
+ br_multicast_update_active(brmctx);
}
void br_multicast_open(struct net_bridge *br)
@@ -4417,6 +4424,11 @@ static void __br_multicast_stop(struct net_bridge_mcast *brmctx)
timer_delete_sync(&brmctx->ip6_other_query.delay_timer);
timer_delete_sync(&brmctx->ip6_own_query.timer);
#endif
+
+ spin_lock_bh(&brmctx->br->multicast_lock);
+ /* bridge interface is down, set multicast state to inactive */
+ br_multicast_update_active(brmctx);
+ spin_unlock_bh(&brmctx->br->multicast_lock);
}
void br_multicast_update_vlan_mcast_ctx(struct net_bridge_vlan *v, u8 state)
@@ -4469,10 +4481,13 @@ void br_multicast_toggle_one_vlan(struct net_bridge_vlan *vlan, bool on)
br_multicast_update_active(&vlan->br_mcast_ctx);
spin_unlock_bh(&br->multicast_lock);
- if (on)
+ if (on) {
+ spin_lock_bh(&br->multicast_lock);
__br_multicast_open(&vlan->br_mcast_ctx);
- else
+ spin_unlock_bh(&br->multicast_lock);
+ } else {
__br_multicast_stop(&vlan->br_mcast_ctx);
+ }
} else {
struct net_bridge_mcast *brmctx;
@@ -4534,10 +4549,13 @@ int br_multicast_toggle_vlan_snooping(struct net_bridge *br, bool on,
br_opt_toggle(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED, on);
/* disable/enable non-vlan mcast contexts based on vlan snooping */
- if (on)
+ if (on) {
__br_multicast_stop(&br->multicast_ctx);
- else
+ } else {
+ spin_lock_bh(&br->multicast_lock);
__br_multicast_open(&br->multicast_ctx);
+ spin_unlock_bh(&br->multicast_lock);
+ }
list_for_each_entry(p, &br->port_list, list) {
if (on)
br_multicast_disable_port_ctx(&p->multicast_ctx);
--
2.50.1
Powered by blists - more mailing lists