From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Grygorii Strashko <grygorii.strashko@ti.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 07/33] net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
Date: Fri, 18 May 2018 10:15:46 +0200 [thread overview]
Message-ID: <20180518081535.385224973@linuxfoundation.org> (raw)
In-Reply-To: <20180518081535.096308218@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Grygorii Strashko <grygorii.strashko@ti.com>
[ Upstream commit 5e5add172ea81152d518b161ec5706503ad3d799 ]
In dual_mac mode packets arrived on one port should not be forwarded by
switch hw to another port. Only Linux Host can forward packets between
ports. The below test case (reported in [1]) shows that packet arrived on
one port can be leaked to anoter (reproducible with dual port evms):
- connect port 1 (eth0) to linux Host 0 and run tcpdump or Wireshark
- connect port 2 (eth1) to linux Host 1 with vlan 1 configured
- ping <IPx> from Host 1 through vlan 1 interface.
ARP packets will be seen on Host 0.
Issue happens because dual_mac mode is implemnted using two vlans: 1 (Port
1+Port 0) and 2 (Port 2+Port 0), so there are vlan records created for for
each vlan. By default, the ALE will find valid vlan record in its table
when vlan 1 tagged packet arrived on Port 2 and so forwards packet to all
ports which are vlan 1 members (like Port.
To avoid such behaviorr the ALE VLAN ID Ingress Check need to be enabled
for each external CPSW port (ALE_PORTCTLn.VID_INGRESS_CHECK) so ALE will
drop ingress packets if Rx port is not VLAN member.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ti/cpsw.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/ti/cpsw.c
+++ b/drivers/net/ethernet/ti/cpsw.c
@@ -1141,6 +1141,8 @@ static inline void cpsw_add_dual_emac_de
cpsw_ale_add_ucast(cpsw->ale, priv->mac_addr,
HOST_PORT_NUM, ALE_VLAN |
ALE_SECURE, slave->port_vlan);
+ cpsw_ale_control_set(cpsw->ale, slave_port,
+ ALE_PORT_DROP_UNKNOWN_VLAN, 1);
}
static void soft_reset_slave(struct cpsw_slave *slave)
next prev parent reply other threads:[~2018-05-18 8:15 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-18 8:15 [PATCH 4.9 00/33] 4.9.101-stable review Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 01/33] 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 02/33] bridge: check iface upper dev when setting master via ioctl Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 03/33] dccp: fix tasklet usage Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 04/33] ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 05/33] llc: better deal with too small mtu Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 06/33] net: ethernet: sun: niu set correct packet size in skb Greg Kroah-Hartman
2018-05-18 8:15 ` Greg Kroah-Hartman [this message]
2018-05-18 8:15 ` [PATCH 4.9 08/33] net/mlx4_en: Verify coalescing parameters are in range Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 09/33] net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 10/33] net_sched: fq: take care of throttled flows before reuse Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 11/33] net: support compat 64-bit time in {s,g}etsockopt Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 12/33] openvswitch: Dont swap table in nlattr_set() after OVS_ATTR_NESTED is found Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 13/33] qmi_wwan: do not steal interfaces from class drivers Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 14/33] r8169: fix powering up RTL8168h Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 15/33] sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 16/33] sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 17/33] sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 18/33] tcp_bbr: fix to zero idle_restart only upon S/ACKed data Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 19/33] tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.9 20/33] bonding: do not allow rlb updates to invalid mac Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 21/33] net/mlx5: Avoid cleaning flow steering table twice during error flow Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 22/33] bonding: send learning packets for vlans on slave Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 23/33] tcp: ignore Fast Open on repair mode Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 24/33] sctp: fix the issue that the cookie-ack with auth cant get processed Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 25/33] sctp: delay the authentication for the duplicated cookie-echo chunk Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 26/33] serial: sccnxp: Fix error handling in sccnxp_probe() Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 27/33] futex: Remove duplicated code and fix undefined behaviour Greg Kroah-Hartman
2018-05-18 8:30 ` Jiri Slaby
2018-05-18 9:01 ` Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 28/33] xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 29/33] lockd: lost rollback of set_grace_period() in lockd_down_net() Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 30/33] Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 31/33] l2tp: revert "l2tp: fix missing print session offset info" Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 32/33] nfp: TX time stamp packets before HW doorbell is rung Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.9 33/33] proc: do not access cmdline nor environ from file-backed areas Greg Kroah-Hartman
2018-05-18 13:20 ` [PATCH 4.9 00/33] 4.9.101-stable review Guenter Roeck
2018-05-18 14:05 ` kernelci.org bot
2018-05-18 19:02 ` Naresh Kamboju
2018-05-18 20:47 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180518081535.385224973@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=grygorii.strashko@ti.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox