| Message ID | 20220124210944.3749235-3-tobias@waldekranz.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net: dsa: Avoid cross-chip syncing of VLAN filtering | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Clearly marked for net |
| netdev/fixes_present | success | Fixes tag present in non-next series |
| netdev/subject_prefix | success | Link |
| netdev/cover_letter | success | Series has a cover letter |
| netdev/patch_count | success | Link |
| netdev/header_inline | success | No static functions without inline keyword in header files |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/cc_maintainers | success | CCed 7 of 7 maintainers |
| netdev/build_clang | success | Errors and warnings before: 0 this patch: 0 |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/verify_fixes | success | Fixes tag looks correct |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 14 lines checked |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/source_inline | success | Was 0 now: 0 |
On Mon, Jan 24, 2022 at 10:09:44PM +0100, Tobias Waldekranz wrote: > Changes to VLAN filtering are not applicable to cross-chip > notifications. Yes, it seems so. In a cross-chip setup, ports will individually leave the bridge, leaving every switch a chance to unset VLAN filtering. We have this check in dsa_port_vlan_filtering(), so it's easy to forget that the function is called more times than actually needed: if (dsa_port_is_vlan_filtering(dp) == vlan_filtering) return 0; Sorry. > On a system like this: > > .-----. .-----. .-----. > | sw1 +---+ sw2 +---+ sw3 | > '-1-2-' '-1-2-' '-1-2-' > > Before this change, upon sw1p1 leaving a bridge, a call to > dsa_port_vlan_filtering would also be made to sw2p1 and sw3p1. > > In this scenario: > > .---------. .-----. .-----. > | sw1 +---+ sw2 +---+ sw3 | > '-1-2-3-4-' '-1-2-' '-1-2-' > > When sw1p4 would leave a bridge, dsa_port_vlan_filtering would be > called for sw2 and sw3 with a non-existing port - leading to array > out-of-bounds accesses and crashes on mv88e6xxx. > > Fixes: d371b7c92d19 ("net: dsa: Unset vlan_filtering when ports leave the bridge") > Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com> > --- > net/dsa/switch.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/net/dsa/switch.c b/net/dsa/switch.c > index 9f9b70d6070a..517cc83d13cc 100644 > --- a/net/dsa/switch.c > +++ b/net/dsa/switch.c > @@ -180,9 +180,11 @@ static int dsa_switch_bridge_leave(struct dsa_switch *ds, > info->sw_index, info->port, > info->bridge); > > - err = dsa_switch_sync_vlan_filtering(ds, info); > - if (err) > - return err; > + if (ds->dst->index == info->tree_index && ds->index == info->sw_index) { > + err = dsa_switch_sync_vlan_filtering(ds, info); > + if (err) > + return err; > + } As net-next material, we could probably move this call to dsa_port_switchdev_unsync_attrs() where there's even a comment that references it, and do away with the targeted switch check. > > return dsa_tag_8021q_bridge_leave(ds, info); > } > -- > 2.25.1 > Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
diff --git a/net/dsa/switch.c b/net/dsa/switch.c index 9f9b70d6070a..517cc83d13cc 100644 --- a/net/dsa/switch.c +++ b/net/dsa/switch.c @@ -180,9 +180,11 @@ static int dsa_switch_bridge_leave(struct dsa_switch *ds, info->sw_index, info->port, info->bridge); - err = dsa_switch_sync_vlan_filtering(ds, info); - if (err) - return err; + if (ds->dst->index == info->tree_index && ds->index == info->sw_index) { + err = dsa_switch_sync_vlan_filtering(ds, info); + if (err) + return err; + } return dsa_tag_8021q_bridge_leave(ds, info); }
Changes to VLAN filtering are not applicable to cross-chip notifications. On a system like this: .-----. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-' '-1-2-' '-1-2-' Before this change, upon sw1p1 leaving a bridge, a call to dsa_port_vlan_filtering would also be made to sw2p1 and sw3p1. In this scenario: .---------. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-3-4-' '-1-2-' '-1-2-' When sw1p4 would leave a bridge, dsa_port_vlan_filtering would be called for sw2 and sw3 with a non-existing port - leading to array out-of-bounds accesses and crashes on mv88e6xxx. Fixes: d371b7c92d19 ("net: dsa: Unset vlan_filtering when ports leave the bridge") Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com> --- net/dsa/switch.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)