| Message ID | 20230626155112.3155993-3-vladimir.oltean@nxp.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | Fix PTP received on wrong port with bridged SJA1105 DSA | expand |
| Context | Check | Description |
|---|---|---|
| netdev/series_format | success | Posting correctly formatted |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/fixes_present | success | Fixes tag present in non-next series |
| netdev/header_inline | success | No static functions without inline keyword in header files |
| netdev/build_32bit | success | Errors and warnings before: 8 this patch: 8 |
| netdev/cc_maintainers | success | CCed 8 of 8 maintainers |
| netdev/build_clang | success | Errors and warnings before: 8 this patch: 8 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/deprecated_api | success | None detected |
| netdev/check_selftest | success | No net selftest shell script |
| netdev/verify_fixes | success | Fixes tag looks correct |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 8 this patch: 8 |
| netdev/checkpatch | warning | WARNING: line length of 81 exceeds 80 columns |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/source_inline | success | Was 0 now: 0 |
On Mon, Jun 26, 2023 at 06:51:12PM +0300, Vladimir Oltean wrote: > Currently the sja1105 tagging protocol prefers using the source port > information from the VLAN header if that is available, falling back to > the INCL_SRCPT option if it isn't. The VLAN header is available for all > frames except for META frames initiated by the switch (containing RX > timestamps), and thus, the "if (is_link_local)" branch is practically > dead. > > The tag_8021q source port identification has become more loose > ("imprecise") and will report a plausible rather than exact bridge port, > when under a bridge (be it VLAN-aware or VLAN-unaware). But link-local > traffic always needs to know the precise source port. With incorrect > source port reporting, for example PTP traffic over 2 bridged ports will > all be seen on sockets opened on the first such port, which is incorrect. > > Now that the tagging protocol has been changed to make link-local frames > always contain source port information, we can reverse the order of the > checks so that we always give precedence to that information (which is > always precise) in lieu of the tag_8021q VID which is only precise for a > standalone port. > > Fixes: d7f9787a763f ("net: dsa: tag_8021q: add support for imprecise RX based on the VBID") > Fixes: 91495f21fcec ("net: dsa: tag_8021q: replace the SVL bridging with VLAN-unaware IVL bridging") > Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> > --- > net/dsa/tag_sja1105.c | 35 +++++++++++++++++++++++++---------- > 1 file changed, 25 insertions(+), 10 deletions(-) > > diff --git a/net/dsa/tag_sja1105.c b/net/dsa/tag_sja1105.c > index a5f3b73da417..0e62eab8f251 100644 > --- a/net/dsa/tag_sja1105.c > +++ b/net/dsa/tag_sja1105.c > @@ -545,10 +545,7 @@ static struct sk_buff *sja1105_rcv(struct sk_buff *skb, > is_link_local = sja1105_is_link_local(skb); > is_meta = sja1105_is_meta_frame(skb); > > - if (sja1105_skb_has_tag_8021q(skb)) { > - /* Normal traffic path. */ > - sja1105_vlan_rcv(skb, &source_port, &switch_id, &vbid, &vid); > - } else if (is_link_local) { > + if (is_link_local) { > /* Management traffic path. Switch embeds the switch ID and > * port ID into bytes of the destination MAC, courtesy of > * the incl_srcpt options. > @@ -562,16 +559,34 @@ static struct sk_buff *sja1105_rcv(struct sk_buff *skb, > sja1105_meta_unpack(skb, &meta); > source_port = meta.source_port; > switch_id = meta.switch_id; > - } else { > - return NULL; > } > > - if (vbid >= 1) > + /* Normal data plane traffic and link-local frames are tagged with > + * a tag_8021q VLAN which we have to strip > + */ > + if (sja1105_skb_has_tag_8021q(skb)) { > + int tmp_source_port = -1, tmp_switch_id = -1; > + > + sja1105_vlan_rcv(skb, &tmp_source_port, &tmp_switch_id, &vbid, > + &vid); > + /* Preserve the source information from the INCL_SRCPT option, > + * if available. This allows us to not overwrite a valid source > + * port and switch ID with zeroes when receiving link-local > + * frames from a VLAN-unaware bridged port (non-zero vbid) or a > + * VLAN-aware bridged port (non-zero vid). > + */ > + if (source_port == -1) > + source_port = tmp_source_port; > + if (switch_id == -1) > + switch_id = tmp_switch_id; > + } > + > + if (source_port != -1 && switch_id != -1) > + skb->dev = dsa_master_find_slave(netdev, switch_id, source_port); > + else if (vbid >= 1) > skb->dev = dsa_tag_8021q_find_port_by_vbid(netdev, vbid); > - else if (source_port == -1 || switch_id == -1) > - skb->dev = dsa_find_designated_bridge_port_by_vid(netdev, vid); > else > - skb->dev = dsa_master_find_slave(netdev, switch_id, source_port); > + skb->dev = dsa_find_designated_bridge_port_by_vid(netdev, vid); Hi Vladimir, A similar comment to that made for [1], though the code is somewhat different to that case: are you sure vid is initialised here? GCC 12 and Smatch seem unsure about it. [1] Re: [PATCH net-next v2 4/7] net: dsa: vsc73xx: Add dsa tagging based on 8021q https://lore.kernel.org/all/ZJg2M+Qvg3Fv73CH@corigine.com/ > if (!skb->dev) { > netdev_warn(netdev, "Couldn't decode source port\n"); > return NULL; > -- > 2.34.1 > >
Hi Simon, On Mon, Jun 26, 2023 at 08:11:53PM +0200, Simon Horman wrote: > Hi Vladimir, > > A similar comment to that made for [1], though the code is somewhat > different to that case: are you sure vid is initialised here? > GCC 12 and Smatch seem unsure about it. > > [1] Re: [PATCH net-next v2 4/7] net: dsa: vsc73xx: Add dsa tagging based on 8021q > https://lore.kernel.org/all/ZJg2M+Qvg3Fv73CH@corigine.com/ "vid" can be uninitialized if the tagger is fed a junk packet (a non-link-local, non-meta packet that also has no tag_8021q header). The immediate answer that comes to mind is: it depends on how the driver configures the hardware to send packets to the CPU (and it will never configure the switch in that way). But, between the sja1105 driver configuring the switch in a certain way and the tag_sja1105 driver seeing the results of that, there's also the DSA master driver (can be any net_device) which can alter the packet in a nonsensical way, like remove the VLAN header for some reason. Considering the fact that the DSA master can have tc rules on its ingress path which do just that, it would probably be wise to be defensive about this. So I can probably add: if (sja1105_skb_has_tag_8021q(skb)) { ... // existing call to sja1105_vlan_rcv() here } else if (source_port == -1 && switch_id == -1) { /* Packets with no source information have no chance of * getting accepted, drop them straight away. */ return NULL; } This "else if" block should ensure that when "vid" is uninitialized, either "source_port" and "switch_id", or "vbid", always have valid values.
On Tue, Jun 27, 2023 at 01:18:28AM +0300, Vladimir Oltean wrote: > Hi Simon, > > On Mon, Jun 26, 2023 at 08:11:53PM +0200, Simon Horman wrote: > > Hi Vladimir, > > > > A similar comment to that made for [1], though the code is somewhat > > different to that case: are you sure vid is initialised here? > > GCC 12 and Smatch seem unsure about it. > > > > [1] Re: [PATCH net-next v2 4/7] net: dsa: vsc73xx: Add dsa tagging based on 8021q > > https://lore.kernel.org/all/ZJg2M+Qvg3Fv73CH@corigine.com/ > > "vid" can be uninitialized if the tagger is fed a junk packet (a > non-link-local, non-meta packet that also has no tag_8021q header). > > The immediate answer that comes to mind is: it depends on how the driver > configures the hardware to send packets to the CPU (and it will never > configure the switch in that way). > > But, between the sja1105 driver configuring the switch in a certain way > and the tag_sja1105 driver seeing the results of that, there's also the > DSA master driver (can be any net_device) which can alter the packet in > a nonsensical way, like remove the VLAN header for some reason. > > Considering the fact that the DSA master can have tc rules on its > ingress path which do just that, it would probably be wise to be > defensive about this. So I can probably add: > > if (sja1105_skb_has_tag_8021q(skb)) { > ... // existing call to sja1105_vlan_rcv() here > } else if (source_port == -1 && switch_id == -1) { > /* Packets with no source information have no chance of > * getting accepted, drop them straight away. > */ > return NULL; > } > > This "else if" block should ensure that when "vid" is uninitialized, > either "source_port" and "switch_id", or "vbid", always have valid values. This is kind of complex :) Can I clarify that either: 1. Both source_port and switch_id are -1; or 2. Neither source_port nor switch_id are -1 If so, I agree with your proposal.
On Tue, Jun 27, 2023 at 01:15:03PM +0200, Simon Horman wrote: > On Tue, Jun 27, 2023 at 01:18:28AM +0300, Vladimir Oltean wrote: > > Hi Simon, > > > > On Mon, Jun 26, 2023 at 08:11:53PM +0200, Simon Horman wrote: > > > Hi Vladimir, > > > > > > A similar comment to that made for [1], though the code is somewhat > > > different to that case: are you sure vid is initialised here? > > > GCC 12 and Smatch seem unsure about it. > > > > > > [1] Re: [PATCH net-next v2 4/7] net: dsa: vsc73xx: Add dsa tagging based on 8021q > > > https://lore.kernel.org/all/ZJg2M+Qvg3Fv73CH@corigine.com/ > > > > "vid" can be uninitialized if the tagger is fed a junk packet (a > > non-link-local, non-meta packet that also has no tag_8021q header). > > > > The immediate answer that comes to mind is: it depends on how the driver > > configures the hardware to send packets to the CPU (and it will never > > configure the switch in that way). > > > > But, between the sja1105 driver configuring the switch in a certain way > > and the tag_sja1105 driver seeing the results of that, there's also the > > DSA master driver (can be any net_device) which can alter the packet in > > a nonsensical way, like remove the VLAN header for some reason. > > > > Considering the fact that the DSA master can have tc rules on its > > ingress path which do just that, it would probably be wise to be > > defensive about this. So I can probably add: > > > > if (sja1105_skb_has_tag_8021q(skb)) { > > ... // existing call to sja1105_vlan_rcv() here > > } else if (source_port == -1 && switch_id == -1) { > > /* Packets with no source information have no chance of > > * getting accepted, drop them straight away. > > */ > > return NULL; > > } > > > > This "else if" block should ensure that when "vid" is uninitialized, > > either "source_port" and "switch_id", or "vbid", always have valid values. > > This is kind of complex :) > > Can I clarify that either: > > 1. Both source_port and switch_id are -1; or > 2. Neither source_port nor switch_id are -1 > > If so, I agree with your proposal. They are integers assigned from the same code blocks in all cases, starting with -1 and later being assigned rvalues either from u64 fields limited to 0-255 (meta->source_port, meta->switch_id) or from unsigned char fields (hdr->h_dest[3], hdr->h_dest[4]), or from dsa_8021q_rx_source_port() and dsa_8021q_rx_switch_id() which return limited-size positive integers due to their implementation.
On Tue, Jun 27, 2023 at 02:41:48PM +0300, Vladimir Oltean wrote: > On Tue, Jun 27, 2023 at 01:15:03PM +0200, Simon Horman wrote: > > On Tue, Jun 27, 2023 at 01:18:28AM +0300, Vladimir Oltean wrote: > > > Hi Simon, > > > > > > On Mon, Jun 26, 2023 at 08:11:53PM +0200, Simon Horman wrote: > > > > Hi Vladimir, > > > > > > > > A similar comment to that made for [1], though the code is somewhat > > > > different to that case: are you sure vid is initialised here? > > > > GCC 12 and Smatch seem unsure about it. > > > > > > > > [1] Re: [PATCH net-next v2 4/7] net: dsa: vsc73xx: Add dsa tagging based on 8021q > > > > https://lore.kernel.org/all/ZJg2M+Qvg3Fv73CH@corigine.com/ > > > > > > "vid" can be uninitialized if the tagger is fed a junk packet (a > > > non-link-local, non-meta packet that also has no tag_8021q header). > > > > > > The immediate answer that comes to mind is: it depends on how the driver > > > configures the hardware to send packets to the CPU (and it will never > > > configure the switch in that way). > > > > > > But, between the sja1105 driver configuring the switch in a certain way > > > and the tag_sja1105 driver seeing the results of that, there's also the > > > DSA master driver (can be any net_device) which can alter the packet in > > > a nonsensical way, like remove the VLAN header for some reason. > > > > > > Considering the fact that the DSA master can have tc rules on its > > > ingress path which do just that, it would probably be wise to be > > > defensive about this. So I can probably add: > > > > > > if (sja1105_skb_has_tag_8021q(skb)) { > > > ... // existing call to sja1105_vlan_rcv() here > > > } else if (source_port == -1 && switch_id == -1) { > > > /* Packets with no source information have no chance of > > > * getting accepted, drop them straight away. > > > */ > > > return NULL; > > > } > > > > > > This "else if" block should ensure that when "vid" is uninitialized, > > > either "source_port" and "switch_id", or "vbid", always have valid values. > > > > This is kind of complex :) > > > > Can I clarify that either: > > > > 1. Both source_port and switch_id are -1; or > > 2. Neither source_port nor switch_id are -1 > > > > If so, I agree with your proposal. > > They are integers assigned from the same code blocks in all cases, > starting with -1 and later being assigned rvalues either from u64 fields > limited to 0-255 (meta->source_port, meta->switch_id) or from unsigned > char fields (hdr->h_dest[3], hdr->h_dest[4]), or from > dsa_8021q_rx_source_port() and dsa_8021q_rx_switch_id() which return > limited-size positive integers due to their implementation. Thanks, in that case I think we are good.
diff --git a/net/dsa/tag_sja1105.c b/net/dsa/tag_sja1105.c index a5f3b73da417..0e62eab8f251 100644 --- a/net/dsa/tag_sja1105.c +++ b/net/dsa/tag_sja1105.c @@ -545,10 +545,7 @@ static struct sk_buff *sja1105_rcv(struct sk_buff *skb, is_link_local = sja1105_is_link_local(skb); is_meta = sja1105_is_meta_frame(skb); - if (sja1105_skb_has_tag_8021q(skb)) { - /* Normal traffic path. */ - sja1105_vlan_rcv(skb, &source_port, &switch_id, &vbid, &vid); - } else if (is_link_local) { + if (is_link_local) { /* Management traffic path. Switch embeds the switch ID and * port ID into bytes of the destination MAC, courtesy of * the incl_srcpt options. @@ -562,16 +559,34 @@ static struct sk_buff *sja1105_rcv(struct sk_buff *skb, sja1105_meta_unpack(skb, &meta); source_port = meta.source_port; switch_id = meta.switch_id; - } else { - return NULL; } - if (vbid >= 1) + /* Normal data plane traffic and link-local frames are tagged with + * a tag_8021q VLAN which we have to strip + */ + if (sja1105_skb_has_tag_8021q(skb)) { + int tmp_source_port = -1, tmp_switch_id = -1; + + sja1105_vlan_rcv(skb, &tmp_source_port, &tmp_switch_id, &vbid, + &vid); + /* Preserve the source information from the INCL_SRCPT option, + * if available. This allows us to not overwrite a valid source + * port and switch ID with zeroes when receiving link-local + * frames from a VLAN-unaware bridged port (non-zero vbid) or a + * VLAN-aware bridged port (non-zero vid). + */ + if (source_port == -1) + source_port = tmp_source_port; + if (switch_id == -1) + switch_id = tmp_switch_id; + } + + if (source_port != -1 && switch_id != -1) + skb->dev = dsa_master_find_slave(netdev, switch_id, source_port); + else if (vbid >= 1) skb->dev = dsa_tag_8021q_find_port_by_vbid(netdev, vbid); - else if (source_port == -1 || switch_id == -1) - skb->dev = dsa_find_designated_bridge_port_by_vid(netdev, vid); else - skb->dev = dsa_master_find_slave(netdev, switch_id, source_port); + skb->dev = dsa_find_designated_bridge_port_by_vid(netdev, vid); if (!skb->dev) { netdev_warn(netdev, "Couldn't decode source port\n"); return NULL;
Currently the sja1105 tagging protocol prefers using the source port information from the VLAN header if that is available, falling back to the INCL_SRCPT option if it isn't. The VLAN header is available for all frames except for META frames initiated by the switch (containing RX timestamps), and thus, the "if (is_link_local)" branch is practically dead. The tag_8021q source port identification has become more loose ("imprecise") and will report a plausible rather than exact bridge port, when under a bridge (be it VLAN-aware or VLAN-unaware). But link-local traffic always needs to know the precise source port. With incorrect source port reporting, for example PTP traffic over 2 bridged ports will all be seen on sockets opened on the first such port, which is incorrect. Now that the tagging protocol has been changed to make link-local frames always contain source port information, we can reverse the order of the checks so that we always give precedence to that information (which is always precise) in lieu of the tag_8021q VID which is only precise for a standalone port. Fixes: d7f9787a763f ("net: dsa: tag_8021q: add support for imprecise RX based on the VBID") Fixes: 91495f21fcec ("net: dsa: tag_8021q: replace the SVL bridging with VLAN-unaware IVL bridging") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> --- net/dsa/tag_sja1105.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-)