Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4151698pxb;
        Mon, 27 Sep 2021 10:26:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJymkE74Kd+Awll8VXR/e4jyTyZKNLIxW9oA6Vn6taMrOG1HGvMkwtQVjajR0xwlZ8dTaS8c
X-Received: by 2002:aa7:808d:0:b0:44b:31ab:c763 with SMTP id v13-20020aa7808d000000b0044b31abc763mr1103695pff.4.1632763583612;
        Mon, 27 Sep 2021 10:26:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1632763583; cv=none;
        d=google.com; s=arc-20160816;
        b=dHbaApBajRV2GwxpE2AH8dyS3zQXzDDTZ4S6KnS3iKpSraeJW3MnbmZQGLzLGndZU0
         XZ6qT/AMRestH8GopIXJZyQ7bajd1mXAnsXWZM/Rn0DykLuc6KYuKA4QKwuykVwKnQX7
         AGKGpY0ToF0twiBIT53aA24afQjenOlRdqFplgZybfnE7IWXbgeMIVWc92w+42O3BqLb
         at8vl+RGW0MuGP9KsdwFYIfjNkQDOZeQ2UviRGjPX3VfPPEGr3okuqRpyPhmqDvwJCes
         coldd+oYY2QbejimbFpO9MDaGh2ICsmJX+XXdsUQE1CLWatAzkO/DzW9gL4aRTTzpt4j
         arNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=JyzAuEf3Tr7Gmigf/HhTRyns7m4xCVHSkY72QEasRmY=;
        b=U0bfbBVAl667sqlFLYYhea5vW5uwa2pBJXfv+j4OoD0Op5RPDb88aydJDXsWovmRh7
         PZ7uDke0uyIWgu7tFqOjM1+tchFJl4Zdjtq3d1yBcLJ0bQaAt6DIX6/juJBfEVo7KstV
         05EaKuNJTz2iWzfCLIL5Z18QauJYC2i1lfKyeTNIcMQKHSsZx37lgKR93A3PHfVCaKqp
         q3MrjLaQT/ii4ZmuWlyUIRIw1jFg5D6vWtnV0ZnlRIOhrst/WVNh14tvE4AqwvZgVDF0
         IL9kLkOuujp8vkU/86s+ZijYjMc96nX5vo13eVPa2vIFpT+PCKElY/JaC3vBUoQA88JR
         t8aQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZM7AoKsw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d1si112185pjk.153.2021.09.27.10.26.11;
        Mon, 27 Sep 2021 10:26:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ZM7AoKsw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236811AbhI0R1G (ORCPT <rfc822;loic.yhuel@gmail.com> + 99 others);
        Mon, 27 Sep 2021 13:27:06 -0400
Received: from mail.kernel.org ([198.145.29.99]:41016 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S237515AbhI0RXU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Sep 2021 13:23:20 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 96CD56139E;
        Mon, 27 Sep 2021 17:14:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1632762887;
        bh=zmlKPEvCPy4VDKcUyOH5io7XNhDQByhPPa7mxy69/sk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ZM7AoKswApZ11SHhLsNmuHaB6BkJQcOYhTGSDKjyHW1qUIqkg3qqejx5qBlE5EHmy
         56p5ISnKrlVx9KDHlMzlAe1VRFjg66wzqj/XzU/7tR89omg08l4QRtyzvoMGrVK38O
         L2LCQ/vtUO+Zss9bjotQsGlYOp/G+WMauZeMRjYA=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Colin Foster <colin.foster@in-advantage.com>,
        Vladimir Oltean <vladimir.oltean@nxp.com>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.14 087/162] net: mscc: ocelot: fix forwarding from BLOCKING ports remaining enabled
Date:   Mon, 27 Sep 2021 19:02:13 +0200
Message-Id: <20210927170236.445780907@linuxfoundation.org>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210927170233.453060397@linuxfoundation.org>
References: <20210927170233.453060397@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Vladimir Oltean <vladimir.oltean@nxp.com>

[ Upstream commit acc64f52afac15e9e44d9b5253271346841786e0 ]

The blamed commit made the fatally incorrect assumption that ports which
aren't in the FORWARDING STP state should not have packets forwarded
towards them, and that is all that needs to be done.

However, that logic alone permits BLOCKING ports to forward to
FORWARDING ports, which of course allows packet storms to occur when
there is an L2 loop.

The ocelot_get_bridge_fwd_mask should not only ask "what can the bridge
do for you", but "what can you do for the bridge". This way, only
FORWARDING ports forward to the other FORWARDING ports from the same
bridging domain, and we are still compatible with the idea of multiple
bridges.

Fixes: df291e54ccca ("net: ocelot: support multiple bridges")
Suggested-by: Colin Foster <colin.foster@in-advantage.com>
Reported-by: Colin Foster <colin.foster@in-advantage.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Colin Foster <colin.foster@in-advantage.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/mscc/ocelot.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/mscc/ocelot.c b/drivers/net/ethernet/mscc/ocelot.c
index 2948d731a1c1..512dff955166 100644
--- a/drivers/net/ethernet/mscc/ocelot.c
+++ b/drivers/net/ethernet/mscc/ocelot.c
@@ -1260,14 +1260,19 @@ static u32 ocelot_get_bond_mask(struct ocelot *ocelot, struct net_device *bond,
 	return mask;
 }
 
-static u32 ocelot_get_bridge_fwd_mask(struct ocelot *ocelot,
+static u32 ocelot_get_bridge_fwd_mask(struct ocelot *ocelot, int src_port,
 				      struct net_device *bridge)
 {
+	struct ocelot_port *ocelot_port = ocelot->ports[src_port];
 	u32 mask = 0;
 	int port;
 
+	if (!ocelot_port || ocelot_port->bridge != bridge ||
+	    ocelot_port->stp_state != BR_STATE_FORWARDING)
+		return 0;
+
 	for (port = 0; port < ocelot->num_phys_ports; port++) {
-		struct ocelot_port *ocelot_port = ocelot->ports[port];
+		ocelot_port = ocelot->ports[port];
 
 		if (!ocelot_port)
 			continue;
@@ -1333,7 +1338,7 @@ void ocelot_apply_bridge_fwd_mask(struct ocelot *ocelot)
 			struct net_device *bridge = ocelot_port->bridge;
 			struct net_device *bond = ocelot_port->bond;
 
-			mask = ocelot_get_bridge_fwd_mask(ocelot, bridge);
+			mask = ocelot_get_bridge_fwd_mask(ocelot, port, bridge);
 			mask |= cpu_fwd_mask;
 			mask &= ~BIT(port);
 			if (bond) {
-- 
2.33.0