From: sashiko-bot@kernel.org
To: "Jens Emil Schulz Østergaard" <jensemil.schulzostergaard@microchip.com>
Cc: robh@kernel.org, devicetree@vger.kernel.org, conor+dt@kernel.org
Subject: Re: [PATCH net-next v6 5/9] net: dsa: lan9645x: add bridge support
Date: Sat, 30 May 2026 00:50:13 +0000 [thread overview]
Message-ID: <20260530005013.8B9531F00899@smtp.kernel.org> (raw)
In-Reply-To: <20260527-dsa_lan9645x_switch_driver_base-v6-5-4d409ae64f3c@microchip.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Failure to clear `bridge_fwd_mask` and `stp_state` when a port leaves a bridge allows a stale forwarding state to persist, creating a race condition that can lead to temporary Layer 2 loops.
--
commit 31a25a746a8f28de119e2a7f8f9439f1cb05b67f
Author: Jens Emil Schulz Østergaard <jensemil.schulzostergaard@microchip.com>
net: dsa: lan9645x: add bridge support
This commit adds hardware offloading support for a single bridge device
to the lan9645x DSA switch driver.
> diff --git a/drivers/net/dsa/microchip/lan9645x/lan9645x_main.c b/drivers/net/dsa/microchip/lan9645x/lan9645x_main.c
> --- a/drivers/net/dsa/microchip/lan9645x/lan9645x_main.c
> +++ b/drivers/net/dsa/microchip/lan9645x/lan9645x_main.c
[ ... ]
> @@ -269,6 +292,278 @@ static void lan9645x_port_phylink_get_caps(struct dsa_switch *ds, int port,
[ ... ]
> +static void lan9645x_port_bridge_leave(struct dsa_switch *ds, int port,
> + struct dsa_bridge bridge)
> +{
> + struct lan9645x *lan9645x = ds->priv;
> + struct lan9645x_port *p;
> +
> + p = lan9645x_to_port(lan9645x, port);
> +
> + mutex_lock(&lan9645x->fwd_domain_lock);
> +
> + lan9645x->bridge_mask &= ~BIT(p->chip_port);
[Severity: High]
Does leaving a port in the forwarding mask when it is removed from a bridge
create a race condition if it rejoins the bridge later?
If bridge_fwd_mask and stp_state are not cleared here in
lan9645x_port_bridge_leave(), the stale forwarding state persists.
When the port later rejoins the bridge, lan9645x_port_bridge_join() sets the
bridge_mask bit again. There is a small window before the DSA core calls
port_stp_state_set() to explicitly initialize the port to BR_STATE_BLOCKING
(which would clear the bridge_fwd_mask bit).
If a concurrent STP state change for another port in the bridge executes via
the switchdev workqueue during this exact window, it will call
lan9645x_update_fwd_mask(). The mask calculation bridge_mask &
bridge_fwd_mask will falsely include the newly joined port, prematurely
programming the hardware to forward traffic to and from it.
Could this bypass the STP blocking phase, creating a vulnerability to
broadcast storms and temporary Layer 2 loops?
> +
> + /* Last port leaving clears bridge dev */
> + if (!lan9645x->bridge_mask)
> + lan9645x->bridge = NULL;
> +
> + __lan9645x_port_set_host_flood(lan9645x);
> + lan9645x_update_fwd_mask(lan9645x);
> +
> + mutex_unlock(&lan9645x->fwd_domain_lock);
> +}
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260527-dsa_lan9645x_switch_driver_base-v6-0-4d409ae64f3c@microchip.com?part=5
next prev parent reply other threads:[~2026-05-30 0:50 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-27 14:49 [PATCH net-next v6 0/9] net: dsa: add DSA support for the LAN9645x switch chip family Jens Emil Schulz Østergaard
2026-05-27 14:49 ` [PATCH net-next v6 1/9] net: dsa: add tag driver for LAN9645X Jens Emil Schulz Østergaard
2026-05-27 15:39 ` Jonas Gorski
2026-05-28 10:45 ` Jens Emil Schulz Ostergaard
2026-05-30 0:50 ` sashiko-bot
2026-05-27 14:49 ` [PATCH net-next v6 2/9] dt-bindings: net: lan9645x: add LAN9645X switch bindings Jens Emil Schulz Østergaard
2026-05-27 14:49 ` [PATCH net-next v6 3/9] net: dsa: lan9645x: add autogenerated register macros Jens Emil Schulz Østergaard
2026-05-27 14:49 ` [PATCH net-next v6 4/9] net: dsa: lan9645x: add basic dsa driver for LAN9645X Jens Emil Schulz Østergaard
2026-05-30 0:50 ` sashiko-bot
2026-05-27 14:49 ` [PATCH net-next v6 5/9] net: dsa: lan9645x: add bridge support Jens Emil Schulz Østergaard
2026-05-30 0:50 ` sashiko-bot [this message]
2026-05-27 14:49 ` [PATCH net-next v6 6/9] net: dsa: lan9645x: add vlan support Jens Emil Schulz Østergaard
2026-05-30 0:50 ` sashiko-bot
2026-05-27 14:49 ` [PATCH net-next v6 7/9] net: dsa: lan9645x: add mac table integration Jens Emil Schulz Østergaard
2026-05-30 0:50 ` sashiko-bot
2026-05-27 14:49 ` [PATCH net-next v6 8/9] net: dsa: lan9645x: add mdb management Jens Emil Schulz Østergaard
2026-05-30 0:50 ` sashiko-bot
2026-05-27 14:49 ` [PATCH net-next v6 9/9] net: dsa: lan9645x: add port statistics Jens Emil Schulz Østergaard
2026-05-30 0:50 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260530005013.8B9531F00899@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=jensemil.schulzostergaard@microchip.com \
--cc=robh@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.