Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2028689pxf; Sat, 3 Apr 2021 08:27:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwnsib+ZHUZZgqTZZmlD02UiVi4ds7IcxIG9gNXU/E2IoTqjMU2ruOyQiZXI9hp/MJb0SEI X-Received: by 2002:a6b:e312:: with SMTP id u18mr14554206ioc.58.1617463643388; Sat, 03 Apr 2021 08:27:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617463643; cv=none; d=google.com; s=arc-20160816; b=NpdSY2h6C/51wqZk/OlbwzhlN+h3Eyj/g7RXBkCY+G1V9lMO5z/hl4/fRgEU0CTU+Z NiVQHMuMnWoYZJ12rWUQ8l5zz1TO1QJFu03DKMbdUoW9iC0UBTUpr9j/0cjLauZCvD8A vDoYINFBlKipv4mtfIhKCf1mX47oxv+bYRv0xOXHid9hkJEsQd6eM2/fDb+ZrXIwNwOQ 5DZoAt1zF9reeb8kWeLE20Fau32Z5ZGFtYcsXozZULTYktvxcLHgHRb6m48IqX4sMnsa vF4Nv/KdhRwtfHL27gWVZia3vh37sN/958ynpEVc4OGY2HYlblGMjtt6vjzk2PMRQBCk DEDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=4Kgfr/5GEBb9M9Hwh2pQ15kxT1GXO8GBMd2gKyAg7VA=; b=rZgtsdGrbfvQVRNcntvfMqaWXJocTNG/IpNuMSQGfIJdip6PnPkZFQCMq/sOtWCJ6i xiu/NjjYSk1VGypU4CD8o+wChvS3LfjtgLC400l0L9bJoWc2SVSfcTP+4K56W5vEzypt ROhVRhwjy/o2qF9BKoTIWIzF29SK2zsWSZJsCNuZlWt3xOBaI1D+fAjDX2VSs43/y+b3 FRL7CIRRaUuPGxQTXf6nOav3tpP4mlYRerGbGt9QpFmWsXJwH+wDWlofJmWcdXjtW+Ux Ipy5bPWx/2QNVU03O6RoV9ipw/tHob79/+45xmu/hPTovGQ58W9bKg7jtTevsdAEHOP0 Nm2g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h13si10451276iow.73.2021.04.03.08.27.09; Sat, 03 Apr 2021 08:27:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236853AbhDCPZZ (ORCPT + 99 others); Sat, 3 Apr 2021 11:25:25 -0400 Received: from vps0.lunn.ch ([185.16.172.187]:32854 "EHLO vps0.lunn.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236621AbhDCPZY (ORCPT ); Sat, 3 Apr 2021 11:25:24 -0400 Received: from andrew by vps0.lunn.ch with local (Exim 4.94) (envelope-from ) id 1lSi9E-00EeCt-10; Sat, 03 Apr 2021 17:25:16 +0200 Date: Sat, 3 Apr 2021 17:25:16 +0200 From: Andrew Lunn To: Oleksij Rempel Cc: Vivien Didelot , Florian Fainelli , Vladimir Oltean , "David S. Miller" , Jakub Kicinski , Russell King , Pengutronix Kernel Team , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mips@vger.kernel.org Subject: Re: [PATCH net-next v1 5/9] net: dsa: qca: ar9331: add forwarding database support Message-ID: References: <20210403114848.30528-1-o.rempel@pengutronix.de> <20210403114848.30528-6-o.rempel@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210403114848.30528-6-o.rempel@pengutronix.de> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > +static int ar9331_sw_port_fdb_rmw(struct ar9331_sw_priv *priv, > + const unsigned char *mac, > + u8 port_mask_set, > + u8 port_mask_clr) > +{ > + port_mask = FIELD_GET(AR9331_SW_AT_DES_PORT, f2); > + status = FIELD_GET(AR9331_SW_AT_STATUS, f2); > + if (status > 0 && status < AR9331_SW_AT_STATUS_STATIC) { > + dev_err_ratelimited(priv->dev, "%s: found existing dynamic entry on %x\n", > + __func__, port_mask); > + > + if (port_mask_set && port_mask_set != port_mask) > + dev_err_ratelimited(priv->dev, "%s: found existing dynamic entry on %x, replacing it with static on %x\n", > + __func__, port_mask, port_mask_set); > + port_mask = 0; > + } else if (!status && !port_mask_set) { > + return 0; > + } As a generate rule of thumb, use rate limiting where you have no control of the number of prints, e.g. it is triggered by packet processing, and there is potentially a lot of them, which could DOS the box by a remote or unprivileged attacker. FDB changes should not happen often. Yes, root my be able to DOS the box by doing bridge fdb add commands in a loop, but only root should be able to do that. Plus, i'm not actually sure we should be issuing warnings here. What does the bridge code do in this case? Is it silent and just does it, or does it issue a warning? > + > + port_mask_new = port_mask & ~port_mask_clr; > + port_mask_new |= port_mask_set; > + > + if (port_mask_new == port_mask && > + status == AR9331_SW_AT_STATUS_STATIC) { > + dev_info(priv->dev, "%s: no need to overwrite existing valid entry on %x\n", > + __func__, port_mask_new); This one should probably be dev_dbg(). Andrew