From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Grygorii Strashko <grygorii.strashko@ti.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.14 08/45] net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
Date: Fri, 18 May 2018 10:15:25 +0200 [thread overview]
Message-ID: <20180518081530.755618799@linuxfoundation.org> (raw)
In-Reply-To: <20180518081530.331586165@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Grygorii Strashko <grygorii.strashko@ti.com>
[ Upstream commit 5e5add172ea81152d518b161ec5706503ad3d799 ]
In dual_mac mode packets arrived on one port should not be forwarded by
switch hw to another port. Only Linux Host can forward packets between
ports. The below test case (reported in [1]) shows that packet arrived on
one port can be leaked to anoter (reproducible with dual port evms):
- connect port 1 (eth0) to linux Host 0 and run tcpdump or Wireshark
- connect port 2 (eth1) to linux Host 1 with vlan 1 configured
- ping <IPx> from Host 1 through vlan 1 interface.
ARP packets will be seen on Host 0.
Issue happens because dual_mac mode is implemnted using two vlans: 1 (Port
1+Port 0) and 2 (Port 2+Port 0), so there are vlan records created for for
each vlan. By default, the ALE will find valid vlan record in its table
when vlan 1 tagged packet arrived on Port 2 and so forwards packet to all
ports which are vlan 1 members (like Port.
To avoid such behaviorr the ALE VLAN ID Ingress Check need to be enabled
for each external CPSW port (ALE_PORTCTLn.VID_INGRESS_CHECK) so ALE will
drop ingress packets if Rx port is not VLAN member.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ti/cpsw.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/ti/cpsw.c
+++ b/drivers/net/ethernet/ti/cpsw.c
@@ -1260,6 +1260,8 @@ static inline void cpsw_add_dual_emac_de
cpsw_ale_add_ucast(cpsw->ale, priv->mac_addr,
HOST_PORT_NUM, ALE_VLAN |
ALE_SECURE, slave->port_vlan);
+ cpsw_ale_control_set(cpsw->ale, slave_port,
+ ALE_PORT_DROP_UNKNOWN_VLAN, 1);
}
static void soft_reset_slave(struct cpsw_slave *slave)
next prev parent reply other threads:[~2018-05-18 8:19 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-18 8:15 [PATCH 4.14 00/45] 4.14.42-stable review Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 01/45] 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 02/45] bridge: check iface upper dev when setting master via ioctl Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 03/45] dccp: fix tasklet usage Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 04/45] ipv4: fix fnhe usage by non-cached routes Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 05/45] ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 06/45] llc: better deal with too small mtu Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 07/45] net: ethernet: sun: niu set correct packet size in skb Greg Kroah-Hartman
2018-05-18 8:15 ` Greg Kroah-Hartman [this message]
2018-05-18 8:15 ` [PATCH 4.14 09/45] net/mlx4_en: Fix an error handling path in mlx4_en_init_netdev() Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 10/45] net/mlx4_en: Verify coalescing parameters are in range Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 11/45] net/mlx5e: Err if asked to offload TC match on frag being first Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 12/45] net/mlx5: E-Switch, Include VF RDMA stats in vport statistics Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 13/45] net sched actions: fix refcnt leak in skbmod Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 14/45] net_sched: fq: take care of throttled flows before reuse Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 15/45] net: support compat 64-bit time in {s,g}etsockopt Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 16/45] net/tls: Dont recursively call push_record during tls_write_space callbacks Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 17/45] net/tls: Fix connection stall on partial tls record Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 18/45] openvswitch: Dont swap table in nlattr_set() after OVS_ATTR_NESTED is found Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 20/45] r8169: fix powering up RTL8168h Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 21/45] rds: do not leak kernel memory to user land Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 22/45] sctp: delay the authentication for the duplicated cookie-echo chunk Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 23/45] sctp: fix the issue that the cookie-ack with auth cant get processed Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 24/45] sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 25/45] sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 26/45] sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 27/45] tcp_bbr: fix to zero idle_restart only upon S/ACKed data Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 28/45] tcp: ignore Fast Open on repair mode Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 29/45] tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 30/45] bonding: do not allow rlb updates to invalid mac Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 31/45] bonding: send learning packets for vlans on slave Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 32/45] net: sched: fix error path in tcf_proto_create() when modules are not configured Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 33/45] net/mlx5e: TX, Use correct counter in dma_map error flow Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 34/45] net/mlx5: Avoid cleaning flow steering table twice during " Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 35/45] hv_netvsc: set master device Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 36/45] ipv6: fix uninit-value in ip6_multipath_l3_keys() Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 37/45] net/mlx5e: Allow offloading ipv4 header re-write for icmp Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 38/45] nsh: fix infinite loop Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 39/45] udp: fix SO_BINDTODEVICE Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 40/45] scsi: aacraid: Correct hba_send to include iu_type Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 41/45] xfrm: Use __skb_queue_tail in xfrm_trans_queue Greg Kroah-Hartman
2018-05-18 8:15 ` [PATCH 4.14 42/45] btrfs: Take trans lock before access running trans in check_delayed_ref Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.14 43/45] xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.14 44/45] l2tp: revert "l2tp: fix missing print session offset info" Greg Kroah-Hartman
2018-05-18 8:16 ` [PATCH 4.14 45/45] proc: do not access cmdline nor environ from file-backed areas Greg Kroah-Hartman
2018-05-18 13:22 ` [PATCH 4.14 00/45] 4.14.42-stable review Guenter Roeck
2018-05-18 19:10 ` Naresh Kamboju
2018-05-18 20:46 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180518081530.755618799@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=grygorii.strashko@ti.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).