diff mbox series

[net] net: dsa: refuse cross-chip mirroring operations

Message ID 20241008094320.3340980-1-vladimir.oltean@nxp.com (mailing list archive)
State Accepted
Commit 8c924369cb56c3054dca504c2c9c3eb208272865
Delegated to: Netdev Maintainers
Headers show
Series [net] net: dsa: refuse cross-chip mirroring operations | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 6 this patch: 6
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 8 of 8 maintainers
netdev/build_clang success Errors and warnings before: 6 this patch: 6
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 5 this patch: 5
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 23 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-10-08--15-00 (tests: 773)

Commit Message

Vladimir Oltean Oct. 8, 2024, 9:43 a.m. UTC 
In case of a tc mirred action from one switch to another, the behavior
is not correct. We simply tell the source switch driver to program a
mirroring entry towards mirror->to_local_port = to_dp->index, but it is
not even guaranteed that the to_dp belongs to the same switch as dp.

For proper cross-chip support, we would need to go through the
cross-chip notifier layer in switch.c, program the entry on cascade
ports, and introduce new, explicit API for cross-chip mirroring, given
that intermediary switches should have introspection into the DSA tags
passed through the cascade port (and not just program a port mirror on
the entire cascade port). None of that exists today.

Reject what is not implemented so that user space is not misled into
thinking it works.

Fixes: f50f212749e8 ("net: dsa: Add plumbing for port mirroring")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
---
This is a resubmission of:
https://lore.kernel.org/netdev/20240913152915.2981126-5-vladimir.oltean@nxp.com/
with rewritten commit message and targetting the 'net' tree, as
preparation for submitting the rest as 'net-next' material.

 net/dsa/user.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

Comments

Andrew Lunn Oct. 8, 2024, 12:19 p.m. UTC | #1 
On Tue, Oct 08, 2024 at 12:43:20PM +0300, Vladimir Oltean wrote:
> In case of a tc mirred action from one switch to another, the behavior
> is not correct. We simply tell the source switch driver to program a
> mirroring entry towards mirror->to_local_port = to_dp->index, but it is
> not even guaranteed that the to_dp belongs to the same switch as dp.
> 
> For proper cross-chip support, we would need to go through the
> cross-chip notifier layer in switch.c, program the entry on cascade
> ports, and introduce new, explicit API for cross-chip mirroring, given
> that intermediary switches should have introspection into the DSA tags
> passed through the cascade port (and not just program a port mirror on
> the entire cascade port). None of that exists today.
> 
> Reject what is not implemented so that user space is not misled into
> thinking it works.
> 
> Fixes: f50f212749e8 ("net: dsa: Add plumbing for port mirroring")
> Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>

Reviewed-by: Andrew Lunn <andrew@lunn.ch>

    Andrew
patchwork-bot+netdevbpf@kernel.org Oct. 10, 2024, 2:50 a.m. UTC | #2 
Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue,  8 Oct 2024 12:43:20 +0300 you wrote:
> In case of a tc mirred action from one switch to another, the behavior
> is not correct. We simply tell the source switch driver to program a
> mirroring entry towards mirror->to_local_port = to_dp->index, but it is
> not even guaranteed that the to_dp belongs to the same switch as dp.
> 
> For proper cross-chip support, we would need to go through the
> cross-chip notifier layer in switch.c, program the entry on cascade
> ports, and introduce new, explicit API for cross-chip mirroring, given
> that intermediary switches should have introspection into the DSA tags
> passed through the cascade port (and not just program a port mirror on
> the entire cascade port). None of that exists today.
> 
> [...]

Here is the summary with links:
  - [net] net: dsa: refuse cross-chip mirroring operations
    https://git.kernel.org/netdev/net/c/8c924369cb56

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/dsa/user.c b/net/dsa/user.c
index 74eda9b30608..64f660d2334b 100644
--- a/net/dsa/user.c
+++ b/net/dsa/user.c
@@ -1392,6 +1392,14 @@  dsa_user_add_cls_matchall_mirred(struct net_device *dev,
 	if (!dsa_user_dev_check(act->dev))
 		return -EOPNOTSUPP;
 
+	to_dp = dsa_user_to_port(act->dev);
+
+	if (dp->ds != to_dp->ds) {
+		NL_SET_ERR_MSG_MOD(extack,
+				   "Cross-chip mirroring not implemented");
+		return -EOPNOTSUPP;
+	}
+
 	mall_tc_entry = kzalloc(sizeof(*mall_tc_entry), GFP_KERNEL);
 	if (!mall_tc_entry)
 		return -ENOMEM;
@@ -1399,9 +1407,6 @@  dsa_user_add_cls_matchall_mirred(struct net_device *dev,
 	mall_tc_entry->cookie = cls->cookie;
 	mall_tc_entry->type = DSA_PORT_MALL_MIRROR;
 	mirror = &mall_tc_entry->mirror;
-
-	to_dp = dsa_user_to_port(act->dev);
-
 	mirror->to_local_port = to_dp->index;
 	mirror->ingress = ingress;