[net] net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add

Commit Message

Qingfang Deng Jan. 30, 2021, 1:43 p.m. UTC

Having multiple destination ports for a unicast address does not make
sense.
Make port_db_load_purge override existent unicast portvec instead of
adding a new port bit.

Fixes: 884729399260 ("net: dsa: mv88e6xxx: handle multiple ports in ATU")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
---
 drivers/net/dsa/mv88e6xxx/chip.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Tobias Waldekranz Jan. 30, 2021, 8:47 p.m. UTC | #1

On Sat, Jan 30, 2021 at 21:43, DENG Qingfang <dqfext@gmail.com> wrote:
> Having multiple destination ports for a unicast address does not make
> sense.
> Make port_db_load_purge override existent unicast portvec instead of
> adding a new port bit.

Is this the layer we want to solve this problem at? What are the
contents of the software FDB at this stage?

Here is a quick example I tried on one of my systems:

root@envoy:~# bridge fdb add 02:00:de:ad:00:01 dev eth1 static vlan 1
root@envoy:~# bridge fdb add 02:00:de:ad:00:01 dev eth2 static vlan 1
root@envoy:~# bridge fdb | grep de:ad
02:00:de:ad:00:01 dev eth2 vlan 1 self static
02:00:de:ad:00:01 dev eth1 vlan 1 self static

Why does the second add operation succeed? Am I missing some magic flag?
Presumably the bridge will only ever forward packets to which ever entry
ends up being first in the relevant hash list. Is that not the real
problem here?

As it stands today, those commands will result in the following ATU
config (eth1/2 being mapped to port 10/9):

root@envoy:~# mvls atu
ADDRESS             FID  STATE      Q  F  0  1  2  3  4  5  6  7  8  9  a
ff:ff:ff:ff:ff:ff     0  static     -  -  0  1  2  3  4  5  6  7  8  9  a
02:00:de:ad:00:01     1  static     -  -  .  .  .  .  .  .  .  .  .  9  a
ff:ff:ff:ff:ff:ff     1  static     -  -  0  1  2  3  4  5  6  7  8  9  a

One might argue that this is no more wrong than what would have been set
up with this patch applied. The problem is that the bridge allows this
configuration in the first place.

Vladimir Oltean Jan. 31, 2021, 12:33 a.m. UTC | #2

On Sat, Jan 30, 2021 at 09:47:02PM +0100, Tobias Waldekranz wrote:
> root@envoy:~# bridge fdb add 02:00:de:ad:00:01 dev eth1 static vlan 1
> Why does the second add operation succeed? Am I missing some magic flag?

Yes, 'master'.
We talked about this before. 'bridge fdb add' is implicitly 'self' which
bypasses the bridge code and shoots straight for the .ndo_fdb_add that
DSA implements. Maybe we should just kill that to avoid further
confusion.

$ bridge link
6: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
7: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
10: swp5@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
11: swp2@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
12: swp3@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
13: swp4@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
$ bridge fdb add 00:01:02:03:04:05 dev eth0 master static
$ bridge fdb add 00:01:02:03:04:05 dev eth1 master static
RTNETLINK answers: File exists

Vladimir Oltean Jan. 31, 2021, 12:39 a.m. UTC | #3

On Sat, Jan 30, 2021 at 09:43:34PM +0800, DENG Qingfang wrote:
> Having multiple destination ports for a unicast address does not make
> sense.
> Make port_db_load_purge override existent unicast portvec instead of
> adding a new port bit.
> 
> Fixes: 884729399260 ("net: dsa: mv88e6xxx: handle multiple ports in ATU")
> Signed-off-by: DENG Qingfang <dqfext@gmail.com>
> ---

Reviewed-by: Vladimir Oltean <olteanv@gmail.com>

Tobias has a point in a way too, you should get used to adding the
'master static' flags to your bridge fdb commands, otherwise weird
things like this could happen. The faulty code can only be triggered
when going through dsa_legacy_fdb_add, but it is still faulty
nonetheless.

Qingfang Deng Jan. 31, 2021, 1:13 a.m. UTC | #4

On Sun, Jan 31, 2021 at 8:39 AM Vladimir Oltean <olteanv@gmail.com> wrote:
>
> Tobias has a point in a way too, you should get used to adding the
> 'master static' flags to your bridge fdb commands, otherwise weird
> things like this could happen. The faulty code can only be triggered
> when going through dsa_legacy_fdb_add, but it is still faulty
> nonetheless.

This bug is exposed when I try your patch series on kernel 5.4
https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/

Without this patch, DSA will add a new port bit to the existing
portvec when a client moves to the software part of a bridge. When it
moves away, DSA will clear the port bit but the existing one will
remain static. This results in connection issues when the client moves
to a different port of the switch, and the kernel log below.

mv88e6085 f1072004.mdio-mii:00: ATU member violation for
xx:xx:xx:xx:xx:xx portvec dc00 spid 0

Vladimir Oltean Jan. 31, 2021, 10:20 p.m. UTC | #5

On Sun, Jan 31, 2021 at 09:13:15AM +0800, DENG Qingfang wrote:
> This bug is exposed when I try your patch series on kernel 5.4
> https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
> https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
>
> Without this patch, DSA will add a new port bit to the existing
> portvec when a client moves to the software part of a bridge. When it
> moves away, DSA will clear the port bit but the existing one will
> remain static. This results in connection issues when the client moves
> to a different port of the switch, and the kernel log below.
>
> mv88e6085 f1072004.mdio-mii:00: ATU member violation for
> xx:xx:xx:xx:xx:xx portvec dc00 spid 0

Ah, ok, DSA adds an FDB entry behind the user's back and it relies upon
the driver behavior being 'override'. A bit subtle, though it gives one
good reason against someone suggesting "why don't you just refuse adding
the new entry instead of overriding, like the software bridge does".
Probably the refusal of overwriting an entry is what needs to be handled
at upper layers, we do need to be able to override from DSA.
I had a quick look through our other drivers and it seems that all of
them are happy to override an existing FDB entry (or at least the
software part is).

patchwork-bot+netdevbpf@kernel.org Feb. 2, 2021, 2:30 a.m. UTC | #6

Hello:

This patch was applied to netdev/net.git (refs/heads/master):

On Sat, 30 Jan 2021 21:43:34 +0800 you wrote:
> Having multiple destination ports for a unicast address does not make
> sense.
> Make port_db_load_purge override existent unicast portvec instead of
> adding a new port bit.
> 
> Fixes: 884729399260 ("net: dsa: mv88e6xxx: handle multiple ports in ATU")
> Signed-off-by: DENG Qingfang <dqfext@gmail.com>
> 
> [...]

Here is the summary with links:
  - [net] net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add
    https://git.kernel.org/netdev/net/c/f72f2fb8fb6b

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Tobias Waldekranz Feb. 2, 2021, 7:39 a.m. UTC | #7

On Sun, Jan 31, 2021 at 09:13, DENG Qingfang <dqfext@gmail.com> wrote:
> On Sun, Jan 31, 2021 at 8:39 AM Vladimir Oltean <olteanv@gmail.com> wrote:
>>
>> Tobias has a point in a way too, you should get used to adding the
>> 'master static' flags to your bridge fdb commands, otherwise weird
>> things like this could happen. The faulty code can only be triggered
>> when going through dsa_legacy_fdb_add, but it is still faulty
>> nonetheless.
>
> This bug is exposed when I try your patch series on kernel 5.4
> https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
> https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
>
> Without this patch, DSA will add a new port bit to the existing
> portvec when a client moves to the software part of a bridge. When it
> moves away, DSA will clear the port bit but the existing one will
> remain static. This results in connection issues when the client moves
> to a different port of the switch, and the kernel log below.
>
> mv88e6085 f1072004.mdio-mii:00: ATU member violation for
> xx:xx:xx:xx:xx:xx portvec dc00 spid 0

So the bug is really that an automatically learned address is promoted
to a static entry, right?

     br0
   /  |   \
swp0 swp1 eth0

1. A station starts out connected to swp0. An ATU entry is added by the
   switch via normal SA learning.

2. The station moves to eth0.

3. DSA reacts to the event on the foreign interface, reading back the
   entry from (1), adds the CPU port and _crucially_ modifies the state
   from MV88E6XXX_G1_ATU_DATA_STATE_UC_AGE_[1-7] to static.

4. If the station now moves to swp1, you get the ATU violation.

IMO, the condition should be changed to:

    /* User-configured entries take precedence over learned entries. */
    if (is_unicast_ether_addr(addr) &&
        (entry.state >= MV88E6XXX_G1_ATU_DATA_STATE_UC_AGE_1_OLDEST) &&
        (entry.state <= MV88E6XXX_G1_ATU_DATA_STATE_UC_AGE_7_NEWEST))

This should solve the issue discussed here, and it makes sure to keep
the ATU in sync with the FDB config, no matter how crazy the setup is.

Patch

diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index b99f27b8c084..ae0b490f00cd 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -1686,7 +1686,11 @@  static int mv88e6xxx_port_db_load_purge(struct mv88e6xxx_chip *chip, int port,
 		if (!entry.portvec)
 			entry.state = 0;
 	} else {
-		entry.portvec |= BIT(port);
+		if (state == MV88E6XXX_G1_ATU_DATA_STATE_UC_STATIC)
+			entry.portvec = BIT(port);
+		else
+			entry.portvec |= BIT(port);
+
 		entry.state = state;
 	}