Re: [PATCH v7 net-next 12/15] net: dsa: netc: add FDB, STP, MTU, port setup and host flooding support

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Standalone port isolation is completely broken due to shared VLAN and ignored dsa_db in FDB operations.
--

commit 31eef54688ed02b9e54753924a74c9b8e24c10a6
Author: Wei Fang <wei.fang@nxp.com>

net: dsa: netc: add FDB, STP, MTU, port setup and host flooding support

This commit expands the NETC switch driver with foundational features
including FDB/MDB management, STP state handling, MTU configuration, and
host flooding support. It initially supports standalone port mode, using
VLAN 0 as the PVID for ingress frames.

> diff --git a/drivers/net/dsa/netc/netc_main.c b/drivers/net/dsa/netc/netc_main.c
> --- a/drivers/net/dsa/netc/netc_main.c
> +++ b/drivers/net/dsa/netc/netc_main.c
[ ... ]
> @@ -531,6 +848,278 @@ static void netc_switch_get_ip_revision(struct netc_switch *priv)
[ ... ]
> +static int netc_port_fdb_add(struct dsa_switch *ds, int port,
> +			     const unsigned char *addr, u16 vid,
> +			     struct dsa_db db)
> +{
> +	struct netc_port *np = NETC_PORT(ds, port);
> +
> +	/* Currently, only support standalone port mode, so only
> +	 * NETC_STANDALONE_PVID (= 0) is supported here.
> +	 */
> +	if (vid != NETC_STANDALONE_PVID)
> +		return -EOPNOTSUPP;
> +
> +	return netc_port_set_fdb_entry(np, addr, vid);
> +}

Does this allow cross-talk between standalone ports, bypassing the host
networking stack?

Since all active ports are mapped to a single shared VLAN
(NETC_STANDALONE_PVID = 0), they rely on disabled MAC learning and dropping
unknown frames to maintain isolation.

However, because the dsa_db argument is ignored here, a static FDB entry
added to one port (e.g., via bridge fdb add) is forced into the shared VID 0,
making it globally visible.

If a packet arrives on a different port destined for this MAC address, will
the hardware switch match the FDB entry and forward it directly between the
ports?

[ ... ]
> @@ -796,6 +1396,7 @@ static int netc_switch_probe(struct pci_dev *pdev,
>  	ds->num_tx_queues = NETC_TC_NUM;
>  	ds->ops = &netc_switch_ops;
>  	ds->phylink_mac_ops = &netc_phylink_mac_ops;
> +	ds->fdb_isolation = true;
>  	ds->priv = priv;
>  	priv->ds = ds;

How does the ignored dsa_db argument in the FDB callbacks interact with this
fdb_isolation declaration? Drivers that set fdb_isolation to true usually
receive the bridge database through the dsa_db argument to isolate FDBs of
multiple bridges or standalone ports.

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260513030454.1666570-1-wei.fang@nxp.com?part=12