linux_dsm_epyc7002/net/bridge
Vladimir Oltean 558454ec51 net: bridge: don't notify switchdev for local FDB addresses
[ Upstream commit 6ab4c3117aec4e08007d9e971fa4133e1de1082d ]

As explained in this discussion:
https://lore.kernel.org/netdev/20210117193009.io3nungdwuzmo5f7@skbuf/

the switchdev notifiers for FDB entries managed to have a zero-day bug.
The bridge would not say that this entry is local:

ip link add br0 type bridge
ip link set swp0 master br0
bridge fdb add dev swp0 00:01:02:03:04:05 master local

and the switchdev driver would be more than happy to offload it as a
normal static FDB entry. This is despite the fact that 'local' and
non-'local' entries have completely opposite directions: a local entry
is locally terminated and not forwarded, whereas a static entry is
forwarded and not locally terminated. So, for example, DSA would install
this entry on swp0 instead of installing it on the CPU port as it should.

There is an even sadder part, which is that the 'local' flag is implicit
if 'static' is not specified, meaning that this command produces the
same result of adding a 'local' entry:

bridge fdb add dev swp0 00:01:02:03:04:05 master

I've updated the man pages for 'bridge', and after reading it now, it
should be pretty clear to any user that the commands above were broken
and should have never resulted in the 00:01:02:03:04:05 address being
forwarded (this behavior is coherent with non-switchdev interfaces):
https://patchwork.kernel.org/project/netdevbpf/cover/20210211104502.2081443-1-olteanv@gmail.com/
If you're a user reading this and this is what you want, just use:

bridge fdb add dev swp0 00:01:02:03:04:05 master static

Because switchdev should have given drivers the means from day one to
classify FDB entries as local/non-local, but didn't, it means that all
drivers are currently broken. So we can just as well omit the switchdev
notifications for local FDB entries, which is exactly what this patch
does to close the bug in stable trees. For further development work
where drivers might want to trap the local FDB entries to the host, we
can add a 'bool is_local' to br_switchdev_fdb_call_notifiers(), and
selectively make drivers act upon that bit, while all the others ignore
those entries if the 'is_local' bit is set.

Fixes: 6b26b51b1d ("net: bridge: Add support for notifying devices about FDB add/del")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-03-30 14:32:04 +02:00
..
netfilter netfilter: ebtables: Fixes dropping of small packets in bridge nat 2020-10-20 13:54:53 +02:00
br_arp_nd_proxy.c net: core: introduce struct netdev_nested_priv for nested interface infrastructure 2020-09-28 15:00:15 -07:00
br_device.c bridge: Fix a deadlock when enabling multicast snooping 2020-12-07 17:14:43 -08:00
br_fdb.c net: bridge: fdb: don't flush ext_learn entries 2020-09-28 12:47:43 -07:00
br_forward.c net: bridge: mcast: when forwarding handle filter mode and blocked flag 2020-09-23 13:24:35 -07:00
br_if.c net: bridge: allow enslaving some DSA master network devices 2020-05-10 19:52:33 -07:00
br_input.c net: bridge: allow enslaving some DSA master network devices 2020-05-10 19:52:33 -07:00
br_ioctl.c net: bridge: delete duplicated words 2020-09-18 14:12:43 -07:00
br_mdb.c net: bridge: mcast: add support for blocked port groups 2020-09-23 13:24:34 -07:00
br_mrp_netlink.c bridge: mrp: Extend br_mrp_fill_info 2020-07-14 13:46:43 -07:00
br_mrp_switchdev.c bridge: mrp: Fix the usage of br_mrp_port_switchdev_set_state 2021-02-17 11:02:29 +01:00
br_mrp.c bridge: mrp: Fix the usage of br_mrp_port_switchdev_set_state 2021-02-17 11:02:29 +01:00
br_multicast.c bridge: Fix a deadlock when enabling multicast snooping 2020-12-07 17:14:43 -08:00
br_netfilter_hooks.c netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal 2020-11-28 11:46:51 -08:00
br_netfilter_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-06-25 01:32:59 +02:00
br_netlink_tunnel.c net: bridge: notify on vlan tunnel changes done via the old api 2020-07-12 15:18:24 -07:00
br_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-08 15:44:50 -07:00
br_nf_core.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2019-12-24 22:28:54 -08:00
br_private_mrp.h bridge: mrp: Fix the usage of br_mrp_port_switchdev_set_state 2021-02-17 11:02:29 +01:00
br_private_stp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
br_private_tunnel.h net: bridge: vlan options: add support for tunnel mapping set/del 2020-03-17 22:47:12 -07:00
br_private.h bridge: Fix a deadlock when enabling multicast snooping 2020-12-07 17:14:43 -08:00
br_stp_bpdu.c net: bridge: add STP xstats 2019-12-14 20:02:36 -08:00
br_stp_if.c net: remove newlines in NL_SET_ERR_MSG_MOD 2020-05-07 17:56:14 -07:00
br_stp_timer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
br_stp.c net: bridge: Add checks for enabling the STP. 2020-04-27 11:40:25 -07:00
br_switchdev.c net: bridge: don't notify switchdev for local FDB addresses 2021-03-30 14:32:04 +02:00
br_sysfs_br.c net: bridge: Add checks for enabling the STP. 2020-04-27 11:40:25 -07:00
br_sysfs_if.c net: bridge: use switchdev for port flags set through sysfs too 2021-03-07 12:34:07 +01:00
br_vlan_options.c net: bridge: vlan options: move the tunnel command to the nested attribute 2020-03-20 08:52:20 -07:00
br_vlan_tunnel.c net: bridge: vlan tunnel: constify bridge and port arguments 2020-03-17 22:47:12 -07:00
br_vlan.c net: bridge: vlan: fix error return code in __vlan_add() 2020-12-04 15:41:06 -08:00
br.c net: bridge: Fix a warning when del bridge sysfs 2021-02-23 15:53:23 +01:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile bridge: mrp: Connect MRP API with the switchdev API 2020-04-27 11:40:25 -07:00