ef9a5a62c6
current switchdev drivers dont seem to support offloading fdb entries pointing to the bridge device which have fdb->dst not set to any port. This patch adds a NULL fdb->dst check in the switchdev notifier code. This patch fixes the below NULL ptr dereference: $bridge fdb add 00:02:00:00:00:33 dev br0 self [ 69.953374] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 69.954044] IP: br_switchdev_fdb_notify+0x29/0x80 [ 69.954044] PGD 66527067 [ 69.954044] P4D 66527067 [ 69.954044] PUD 7899c067 [ 69.954044] PMD 0 [ 69.954044] [ 69.954044] Oops: 0000 [#1] SMP [ 69.954044] Modules linked in: [ 69.954044] CPU: 1 PID: 3074 Comm: bridge Not tainted 4.13.0-rc6+ #1 [ 69.954044] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org 04/01/2014 [ 69.954044] task: ffff88007b827140 task.stack: ffffc90001564000 [ 69.954044] RIP: 0010:br_switchdev_fdb_notify+0x29/0x80 [ 69.954044] RSP: 0018:ffffc90001567918 EFLAGS: 00010246 [ 69.954044] RAX: 0000000000000000 RBX: ffff8800795e0880 RCX: 00000000000000c0 [ 69.954044] RDX: ffffc90001567920 RSI: 000000000000001c RDI: ffff8800795d0600 [ 69.954044] RBP: ffffc90001567938 R08: ffff8800795d0600 R09: 0000000000000000 [ 69.954044] R10: ffffc90001567a88 R11: ffff88007b849400 R12: ffff8800795e0880 [ 69.954044] R13: ffff8800795d0600 R14: ffffffff81ef8880 R15: 000000000000001c [ 69.954044] FS: 00007f93d3085700(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000 [ 69.954044] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.954044] CR2: 0000000000000008 CR3: 0000000066551000 CR4: 00000000000006e0 [ 69.954044] Call Trace: [ 69.954044] fdb_notify+0x3f/0xf0 [ 69.954044] __br_fdb_add.isra.12+0x1a7/0x370 [ 69.954044] br_fdb_add+0x178/0x280 [ 69.954044] rtnl_fdb_add+0x10a/0x200 [ 69.954044] rtnetlink_rcv_msg+0x1b4/0x240 [ 69.954044] ? skb_free_head+0x21/0x40 [ 69.954044] ? rtnl_calcit.isra.18+0xf0/0xf0 [ 69.954044] netlink_rcv_skb+0xed/0x120 [ 69.954044] rtnetlink_rcv+0x15/0x20 [ 69.954044] netlink_unicast+0x180/0x200 [ 69.954044] netlink_sendmsg+0x291/0x370 [ 69.954044] ___sys_sendmsg+0x180/0x2e0 [ 69.954044] ? filemap_map_pages+0x2db/0x370 [ 69.954044] ? do_wp_page+0x11d/0x420 [ 69.954044] ? __handle_mm_fault+0x794/0xd80 [ 69.954044] ? vma_link+0xcb/0xd0 [ 69.954044] __sys_sendmsg+0x4c/0x90 [ 69.954044] SyS_sendmsg+0x12/0x20 [ 69.954044] do_syscall_64+0x63/0xe0 [ 69.954044] entry_SYSCALL64_slow_path+0x25/0x25 [ 69.954044] RIP: 0033:0x7f93d2bad690 [ 69.954044] RSP: 002b:00007ffc7217a638 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.954044] RAX: ffffffffffffffda RBX: 00007ffc72182eac RCX: 00007f93d2bad690 [ 69.954044] RDX: 0000000000000000 RSI: 00007ffc7217a670 RDI: 0000000000000003 [ 69.954044] RBP: 0000000059a1f7f8 R08: 0000000000000006 R09: 000000000000000a [ 69.954044] R10: 00007ffc7217a400 R11: 0000000000000246 R12: 00007ffc7217a670 [ 69.954044] R13: 00007ffc72182a98 R14: 00000000006114c0 R15: 00007ffc72182aa0 [ 69.954044] Code: 1f 00 66 66 66 66 90 55 48 89 e5 48 83 ec 20 f6 47 20 04 74 0a 83 fe 1c 74 09 83 fe 1d 74 2c c9 66 90 c3 48 8b 47 10 48 8d 55 e8 <48> 8b 70 08 0f b7 47 1e 48 83 c7 18 48 89 7d f0 bf 03 00 00 00 [ 69.954044] RIP: br_switchdev_fdb_notify+0x29/0x80 RSP: ffffc90001567918 [ 69.954044] CR2: 0000000000000008 [ 69.954044] ---[ end trace 03e9eec4a82c238b ]--- Fixes: 6b26b51b1d13 ("net: bridge: Add support for notifying devices about FDB add/del") Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
134 lines
3.1 KiB
C
134 lines
3.1 KiB
C
#include <linux/kernel.h>
|
|
#include <linux/list.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/rtnetlink.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/switchdev.h>
|
|
|
|
#include "br_private.h"
|
|
|
|
static int br_switchdev_mark_get(struct net_bridge *br, struct net_device *dev)
|
|
{
|
|
struct net_bridge_port *p;
|
|
|
|
/* dev is yet to be added to the port list. */
|
|
list_for_each_entry(p, &br->port_list, list) {
|
|
if (switchdev_port_same_parent_id(dev, p->dev))
|
|
return p->offload_fwd_mark;
|
|
}
|
|
|
|
return ++br->offload_fwd_mark;
|
|
}
|
|
|
|
int nbp_switchdev_mark_set(struct net_bridge_port *p)
|
|
{
|
|
struct switchdev_attr attr = {
|
|
.orig_dev = p->dev,
|
|
.id = SWITCHDEV_ATTR_ID_PORT_PARENT_ID,
|
|
};
|
|
int err;
|
|
|
|
ASSERT_RTNL();
|
|
|
|
err = switchdev_port_attr_get(p->dev, &attr);
|
|
if (err) {
|
|
if (err == -EOPNOTSUPP)
|
|
return 0;
|
|
return err;
|
|
}
|
|
|
|
p->offload_fwd_mark = br_switchdev_mark_get(p->br, p->dev);
|
|
|
|
return 0;
|
|
}
|
|
|
|
void nbp_switchdev_frame_mark(const struct net_bridge_port *p,
|
|
struct sk_buff *skb)
|
|
{
|
|
if (skb->offload_fwd_mark && !WARN_ON_ONCE(!p->offload_fwd_mark))
|
|
BR_INPUT_SKB_CB(skb)->offload_fwd_mark = p->offload_fwd_mark;
|
|
}
|
|
|
|
bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p,
|
|
const struct sk_buff *skb)
|
|
{
|
|
return !skb->offload_fwd_mark ||
|
|
BR_INPUT_SKB_CB(skb)->offload_fwd_mark != p->offload_fwd_mark;
|
|
}
|
|
|
|
/* Flags that can be offloaded to hardware */
|
|
#define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \
|
|
BR_MCAST_FLOOD | BR_BCAST_FLOOD)
|
|
|
|
int br_switchdev_set_port_flag(struct net_bridge_port *p,
|
|
unsigned long flags,
|
|
unsigned long mask)
|
|
{
|
|
struct switchdev_attr attr = {
|
|
.orig_dev = p->dev,
|
|
.id = SWITCHDEV_ATTR_ID_PORT_BRIDGE_FLAGS_SUPPORT,
|
|
};
|
|
int err;
|
|
|
|
if (mask & ~BR_PORT_FLAGS_HW_OFFLOAD)
|
|
return 0;
|
|
|
|
err = switchdev_port_attr_get(p->dev, &attr);
|
|
if (err == -EOPNOTSUPP)
|
|
return 0;
|
|
if (err)
|
|
return err;
|
|
|
|
/* Check if specific bridge flag attribute offload is supported */
|
|
if (!(attr.u.brport_flags_support & mask)) {
|
|
br_warn(p->br, "bridge flag offload is not supported %u(%s)\n",
|
|
(unsigned int)p->port_no, p->dev->name);
|
|
return -EOPNOTSUPP;
|
|
}
|
|
|
|
attr.id = SWITCHDEV_ATTR_ID_PORT_BRIDGE_FLAGS;
|
|
attr.flags = SWITCHDEV_F_DEFER;
|
|
attr.u.brport_flags = flags;
|
|
err = switchdev_port_attr_set(p->dev, &attr);
|
|
if (err) {
|
|
br_warn(p->br, "error setting offload flag on port %u(%s)\n",
|
|
(unsigned int)p->port_no, p->dev->name);
|
|
return err;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
br_switchdev_fdb_call_notifiers(bool adding, const unsigned char *mac,
|
|
u16 vid, struct net_device *dev)
|
|
{
|
|
struct switchdev_notifier_fdb_info info;
|
|
unsigned long notifier_type;
|
|
|
|
info.addr = mac;
|
|
info.vid = vid;
|
|
notifier_type = adding ? SWITCHDEV_FDB_ADD_TO_DEVICE : SWITCHDEV_FDB_DEL_TO_DEVICE;
|
|
call_switchdev_notifiers(notifier_type, dev, &info.info);
|
|
}
|
|
|
|
void
|
|
br_switchdev_fdb_notify(const struct net_bridge_fdb_entry *fdb, int type)
|
|
{
|
|
if (!fdb->added_by_user || !fdb->dst)
|
|
return;
|
|
|
|
switch (type) {
|
|
case RTM_DELNEIGH:
|
|
br_switchdev_fdb_call_notifiers(false, fdb->addr.addr,
|
|
fdb->vlan_id,
|
|
fdb->dst->dev);
|
|
break;
|
|
case RTM_NEWNEIGH:
|
|
br_switchdev_fdb_call_notifiers(true, fdb->addr.addr,
|
|
fdb->vlan_id,
|
|
fdb->dst->dev);
|
|
break;
|
|
}
|
|
}
|