Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2028689pxf;
        Sat, 3 Apr 2021 08:27:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwnsib+ZHUZZgqTZZmlD02UiVi4ds7IcxIG9gNXU/E2IoTqjMU2ruOyQiZXI9hp/MJb0SEI
X-Received: by 2002:a6b:e312:: with SMTP id u18mr14554206ioc.58.1617463643388;
        Sat, 03 Apr 2021 08:27:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617463643; cv=none;
        d=google.com; s=arc-20160816;
        b=NpdSY2h6C/51wqZk/OlbwzhlN+h3Eyj/g7RXBkCY+G1V9lMO5z/hl4/fRgEU0CTU+Z
         NiVQHMuMnWoYZJ12rWUQ8l5zz1TO1QJFu03DKMbdUoW9iC0UBTUpr9j/0cjLauZCvD8A
         vDoYINFBlKipv4mtfIhKCf1mX47oxv+bYRv0xOXHid9hkJEsQd6eM2/fDb+ZrXIwNwOQ
         5DZoAt1zF9reeb8kWeLE20Fau32Z5ZGFtYcsXozZULTYktvxcLHgHRb6m48IqX4sMnsa
         vF4Nv/KdhRwtfHL27gWVZia3vh37sN/958ynpEVc4OGY2HYlblGMjtt6vjzk2PMRQBCk
         DEDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=4Kgfr/5GEBb9M9Hwh2pQ15kxT1GXO8GBMd2gKyAg7VA=;
        b=rZgtsdGrbfvQVRNcntvfMqaWXJocTNG/IpNuMSQGfIJdip6PnPkZFQCMq/sOtWCJ6i
         xiu/NjjYSk1VGypU4CD8o+wChvS3LfjtgLC400l0L9bJoWc2SVSfcTP+4K56W5vEzypt
         ROhVRhwjy/o2qF9BKoTIWIzF29SK2zsWSZJsCNuZlWt3xOBaI1D+fAjDX2VSs43/y+b3
         FRL7CIRRaUuPGxQTXf6nOav3tpP4mlYRerGbGt9QpFmWsXJwH+wDWlofJmWcdXjtW+Ux
         Ipy5bPWx/2QNVU03O6RoV9ipw/tHob79/+45xmu/hPTovGQ58W9bKg7jtTevsdAEHOP0
         Nm2g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h13si10451276iow.73.2021.04.03.08.27.09;
        Sat, 03 Apr 2021 08:27:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236853AbhDCPZZ (ORCPT <rfc822;mahongyuan1997@gmail.com>
        + 99 others); Sat, 3 Apr 2021 11:25:25 -0400
Received: from vps0.lunn.ch ([185.16.172.187]:32854 "EHLO vps0.lunn.ch"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S236621AbhDCPZY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 3 Apr 2021 11:25:24 -0400
Received: from andrew by vps0.lunn.ch with local (Exim 4.94)
        (envelope-from <andrew@lunn.ch>)
        id 1lSi9E-00EeCt-10; Sat, 03 Apr 2021 17:25:16 +0200
Date:   Sat, 3 Apr 2021 17:25:16 +0200
From:   Andrew Lunn <andrew@lunn.ch>
To:     Oleksij Rempel <o.rempel@pengutronix.de>
Cc:     Vivien Didelot <vivien.didelot@gmail.com>,
        Florian Fainelli <f.fainelli@gmail.com>,
        Vladimir Oltean <olteanv@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Russell King <linux@armlinux.org.uk>,
        Pengutronix Kernel Team <kernel@pengutronix.de>,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-mips@vger.kernel.org
Subject: Re: [PATCH net-next v1 5/9] net: dsa: qca: ar9331: add forwarding
 database support
Message-ID: <YGiI3JtqU7Ezlbxb@lunn.ch>
References: <20210403114848.30528-1-o.rempel@pengutronix.de>
 <20210403114848.30528-6-o.rempel@pengutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210403114848.30528-6-o.rempel@pengutronix.de>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> +static int ar9331_sw_port_fdb_rmw(struct ar9331_sw_priv *priv,
> +				  const unsigned char *mac,
> +				  u8 port_mask_set,
> +				  u8 port_mask_clr)
> +{
> +	port_mask = FIELD_GET(AR9331_SW_AT_DES_PORT, f2);
> +	status = FIELD_GET(AR9331_SW_AT_STATUS, f2);
> +	if (status > 0 && status < AR9331_SW_AT_STATUS_STATIC) {
> +		dev_err_ratelimited(priv->dev, "%s: found existing dynamic entry on %x\n",
> +				    __func__, port_mask);
> +
> +		if (port_mask_set && port_mask_set != port_mask)
> +			dev_err_ratelimited(priv->dev, "%s: found existing dynamic entry on %x, replacing it with static on %x\n",
> +					    __func__, port_mask, port_mask_set);
> +		port_mask = 0;
> +	} else if (!status && !port_mask_set) {
> +		return 0;
> +	}

As a generate rule of thumb, use rate limiting where you have no
control of the number of prints, e.g. it is triggered by packet
processing, and there is potentially a lot of them, which could DOS
the box by a remote or unprivileged attacker.

FDB changes should not happen often. Yes, root my be able to DOS the
box by doing bridge fdb add commands in a loop, but only root should
be able to do that.

Plus, i'm not actually sure we should be issuing warnings here. What
does the bridge code do in this case? Is it silent and just does it,
or does it issue a warning?




> +
> +	port_mask_new = port_mask & ~port_mask_clr;
> +	port_mask_new |= port_mask_set;
> +
> +	if (port_mask_new == port_mask &&
> +	    status == AR9331_SW_AT_STATUS_STATIC) {
> +		dev_info(priv->dev, "%s: no need to overwrite existing valid entry on %x\n",
> +				    __func__, port_mask_new);

This one should probably be dev_dbg().

     Andrew