6ab4c3117a
As explained in this discussion: https://lore.kernel.org/netdev/20210117193009.io3nungdwuzmo5f7@skbuf/ the switchdev notifiers for FDB entries managed to have a zero-day bug. The bridge would not say that this entry is local: ip link add br0 type bridge ip link set swp0 master br0 bridge fdb add dev swp0 00:01:02:03:04:05 master local and the switchdev driver would be more than happy to offload it as a normal static FDB entry. This is despite the fact that 'local' and non-'local' entries have completely opposite directions: a local entry is locally terminated and not forwarded, whereas a static entry is forwarded and not locally terminated. So, for example, DSA would install this entry on swp0 instead of installing it on the CPU port as it should. There is an even sadder part, which is that the 'local' flag is implicit if 'static' is not specified, meaning that this command produces the same result of adding a 'local' entry: bridge fdb add dev swp0 00:01:02:03:04:05 master I've updated the man pages for 'bridge', and after reading it now, it should be pretty clear to any user that the commands above were broken and should have never resulted in the 00:01:02:03:04:05 address being forwarded (this behavior is coherent with non-switchdev interfaces): https://patchwork.kernel.org/project/netdevbpf/cover/20210211104502.2081443-1-olteanv@gmail.com/ If you're a user reading this and this is what you want, just use: bridge fdb add dev swp0 00:01:02:03:04:05 master static Because switchdev should have given drivers the means from day one to classify FDB entries as local/non-local, but didn't, it means that all drivers are currently broken. So we can just as well omit the switchdev notifications for local FDB entries, which is exactly what this patch does to close the bug in stable trees. For further development work where drivers might want to trap the local FDB entries to the host, we can add a 'bool is_local' to br_switchdev_fdb_call_notifiers(), and selectively make drivers act upon that bit, while all the others ignore those entries if the 'is_local' bit is set. Fixes: 6b26b51b1d13 ("net: bridge: Add support for notifying devices about FDB add/del") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
179 lines
4.2 KiB
C
179 lines
4.2 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <linux/kernel.h>
|
|
#include <linux/list.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/rtnetlink.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/switchdev.h>
|
|
|
|
#include "br_private.h"
|
|
|
|
static int br_switchdev_mark_get(struct net_bridge *br, struct net_device *dev)
|
|
{
|
|
struct net_bridge_port *p;
|
|
|
|
/* dev is yet to be added to the port list. */
|
|
list_for_each_entry(p, &br->port_list, list) {
|
|
if (netdev_port_same_parent_id(dev, p->dev))
|
|
return p->offload_fwd_mark;
|
|
}
|
|
|
|
return ++br->offload_fwd_mark;
|
|
}
|
|
|
|
int nbp_switchdev_mark_set(struct net_bridge_port *p)
|
|
{
|
|
struct netdev_phys_item_id ppid = { };
|
|
int err;
|
|
|
|
ASSERT_RTNL();
|
|
|
|
err = dev_get_port_parent_id(p->dev, &ppid, true);
|
|
if (err) {
|
|
if (err == -EOPNOTSUPP)
|
|
return 0;
|
|
return err;
|
|
}
|
|
|
|
p->offload_fwd_mark = br_switchdev_mark_get(p->br, p->dev);
|
|
|
|
return 0;
|
|
}
|
|
|
|
void nbp_switchdev_frame_mark(const struct net_bridge_port *p,
|
|
struct sk_buff *skb)
|
|
{
|
|
if (skb->offload_fwd_mark && !WARN_ON_ONCE(!p->offload_fwd_mark))
|
|
BR_INPUT_SKB_CB(skb)->offload_fwd_mark = p->offload_fwd_mark;
|
|
}
|
|
|
|
bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p,
|
|
const struct sk_buff *skb)
|
|
{
|
|
return !skb->offload_fwd_mark ||
|
|
BR_INPUT_SKB_CB(skb)->offload_fwd_mark != p->offload_fwd_mark;
|
|
}
|
|
|
|
/* Flags that can be offloaded to hardware */
|
|
#define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \
|
|
BR_MCAST_FLOOD | BR_BCAST_FLOOD)
|
|
|
|
int br_switchdev_set_port_flag(struct net_bridge_port *p,
|
|
unsigned long flags,
|
|
unsigned long mask,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
struct switchdev_attr attr = {
|
|
.orig_dev = p->dev,
|
|
};
|
|
struct switchdev_notifier_port_attr_info info = {
|
|
.attr = &attr,
|
|
};
|
|
int err;
|
|
|
|
mask &= BR_PORT_FLAGS_HW_OFFLOAD;
|
|
if (!mask)
|
|
return 0;
|
|
|
|
attr.id = SWITCHDEV_ATTR_ID_PORT_PRE_BRIDGE_FLAGS;
|
|
attr.u.brport_flags.val = flags;
|
|
attr.u.brport_flags.mask = mask;
|
|
|
|
/* We run from atomic context here */
|
|
err = call_switchdev_notifiers(SWITCHDEV_PORT_ATTR_SET, p->dev,
|
|
&info.info, extack);
|
|
err = notifier_to_errno(err);
|
|
if (err == -EOPNOTSUPP)
|
|
return 0;
|
|
|
|
if (err) {
|
|
if (extack && !extack->_msg)
|
|
NL_SET_ERR_MSG_MOD(extack,
|
|
"bridge flag offload is not supported");
|
|
return -EOPNOTSUPP;
|
|
}
|
|
|
|
attr.id = SWITCHDEV_ATTR_ID_PORT_BRIDGE_FLAGS;
|
|
attr.flags = SWITCHDEV_F_DEFER;
|
|
|
|
err = switchdev_port_attr_set(p->dev, &attr, extack);
|
|
if (err) {
|
|
if (extack && !extack->_msg)
|
|
NL_SET_ERR_MSG_MOD(extack,
|
|
"error setting offload flag on port");
|
|
return err;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
br_switchdev_fdb_call_notifiers(bool adding, const unsigned char *mac,
|
|
u16 vid, struct net_device *dev,
|
|
bool added_by_user, bool offloaded)
|
|
{
|
|
struct switchdev_notifier_fdb_info info;
|
|
unsigned long notifier_type;
|
|
|
|
info.addr = mac;
|
|
info.vid = vid;
|
|
info.added_by_user = added_by_user;
|
|
info.offloaded = offloaded;
|
|
notifier_type = adding ? SWITCHDEV_FDB_ADD_TO_DEVICE : SWITCHDEV_FDB_DEL_TO_DEVICE;
|
|
call_switchdev_notifiers(notifier_type, dev, &info.info, NULL);
|
|
}
|
|
|
|
void
|
|
br_switchdev_fdb_notify(const struct net_bridge_fdb_entry *fdb, int type)
|
|
{
|
|
if (!fdb->dst)
|
|
return;
|
|
if (test_bit(BR_FDB_LOCAL, &fdb->flags))
|
|
return;
|
|
|
|
switch (type) {
|
|
case RTM_DELNEIGH:
|
|
br_switchdev_fdb_call_notifiers(false, fdb->key.addr.addr,
|
|
fdb->key.vlan_id,
|
|
fdb->dst->dev,
|
|
test_bit(BR_FDB_ADDED_BY_USER,
|
|
&fdb->flags),
|
|
test_bit(BR_FDB_OFFLOADED,
|
|
&fdb->flags));
|
|
break;
|
|
case RTM_NEWNEIGH:
|
|
br_switchdev_fdb_call_notifiers(true, fdb->key.addr.addr,
|
|
fdb->key.vlan_id,
|
|
fdb->dst->dev,
|
|
test_bit(BR_FDB_ADDED_BY_USER,
|
|
&fdb->flags),
|
|
test_bit(BR_FDB_OFFLOADED,
|
|
&fdb->flags));
|
|
break;
|
|
}
|
|
}
|
|
|
|
int br_switchdev_port_vlan_add(struct net_device *dev, u16 vid, u16 flags,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
struct switchdev_obj_port_vlan v = {
|
|
.obj.orig_dev = dev,
|
|
.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
|
|
.flags = flags,
|
|
.vid = vid,
|
|
};
|
|
|
|
return switchdev_port_obj_add(dev, &v.obj, extack);
|
|
}
|
|
|
|
int br_switchdev_port_vlan_del(struct net_device *dev, u16 vid)
|
|
{
|
|
struct switchdev_obj_port_vlan v = {
|
|
.obj.orig_dev = dev,
|
|
.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
|
|
.vid = vid,
|
|
};
|
|
|
|
return switchdev_port_obj_del(dev, &v.obj);
|
|
}
|