From nobody Mon Dec 1 21:30:50 2025 Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44660303A37 for ; Mon, 1 Dec 2025 10:28:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584932; cv=none; b=c516UYGHgkyauom9YJFMiPqppbilgbp7JxjQIRcma6dDsCX+QX8xk91+I0hdMPFyW7kfGpR0dIBIX0lokh+ik44Fk1SHSVArFj8FBY0KryHY4hecUGKt6ZO9kw3Q6FSiryMKP6m627cIwspZy8TV2jn8RvmIai9sVeUG404O8jM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584932; c=relaxed/simple; bh=a3FBgtBNu3mvlspy/DoRDK+WbOfe+joC26J0DWtMtFk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OByjNvylPWfxGp0E6vtRnfq/ppqPlom5cQyOUn8BhDnQxHcmBusXOwd8ucg8MHllLqCsOKtitnruePBf5gF0q60oxjQCEv2O9DNxozo21uBMWGb6i6HUoZXt6536DRSwX99LebC6mXhlHM0sCuqkurKq+Xvhdl+1jaCkoWvrkzE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iX7nVxrr; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iX7nVxrr" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-b7697e8b01aso785923466b.2 for ; Mon, 01 Dec 2025 02:28:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764584928; x=1765189728; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VzbSHnmLm2HKogqw9fcglsbW3IjBMhBVe0507gsTSHg=; b=iX7nVxrryiboy6afSVSpifeP4vJJFMlC2PoJv3sDadPIqBOJlfZb9ode7dBzSpA7iD KG5hKaIr074C+mFO6+aVsYycSOjqojVGbB4WqhpdB0skaVeX1CJ38NqqXARVCHROv29C VUZouHzcpJMY54QkSuKN/9ubvN9S3pz0g7hakEBOluMcoVe4lMsWu0XxXQz45lFGCXlb NTI1+Ux9xWV/Ens8nOopHJmQJ3aJRMOqtkZAPSOVBkZacbO/WlbstBA490mW8DTW5W2o PYQ/6UatEZMxr/w9741kXIVwbknVU1EkDYzA44kPmbHBwLrk1UR95dcPDtmFUhhJu4LJ 2SPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764584928; x=1765189728; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=VzbSHnmLm2HKogqw9fcglsbW3IjBMhBVe0507gsTSHg=; b=Mn7Kvvn36w7nzzdvRgWjilOpZ2D+zJ6XsYnqGhj1ftuS8xSuiDPu1ZMyG6AKI4wyW3 AvysFTy3GB0YHaCKZcvrGYCkyMGoTzForFqv0vbvQt/SJWyYjHbTS9/dhLhAedlcibfJ auLwWOT3BvGXbJKgw7XEcSxTBWzpH/DTGAlstzZOxOiDqNpe1NV3Ik3Ig5HKHu4FczPC zHCr0scrQXqRq3oaaPsf+nLoI3mFJUTMyLQFGDgR++0i2oPo1hCvGu5vfXUMYYhoBsOA Bql76LZfv5flwPs6to9eXiow3B8Q97itW0wemUB1/nl+dWbebG4CzWM4VWK06xvMutKt Gl4w== X-Forwarded-Encrypted: i=1; AJvYcCXm2HUHtllQepclmjpGYSRPMAFTDJxX8tR8YZzfgsggEIQD9Esvj2+iCPv07qe2SpQ7V5I23IW8TTIJkSE=@vger.kernel.org X-Gm-Message-State: AOJu0YyAgLrJ/GvxcwWK239RuuppNjbfq4wrsOdWf/wZ07qhX7WHkwg4 Nk4Mbh7hffnPKdKWm3Vz72+WYQXi7CNomh35js/1n3wC3CugYztmMEVA X-Gm-Gg: ASbGncveON0d7xNm5RterCA8o0A3TV25S1QVcxMqRdeQk7x1p2bXW5G1slBOrwSB8iY 76LlKeQRFPbPlp0mzIAdIaL0x7MehFQZk0GCBK1Ic8hBLekIkXFIPOv/z4qn0Z24cSlsgSb7iLA H49TvvByZsEp77nQZF1x2xuj3FzuxgKethYtNoKEuQYczDOoAH99ey2UpSCT5m24oXLzJCGgfz7 oKC5wQpiK6hr0AnKrOutwn3hCPxwPnvJFpSZ+Bnq4Mek/dgqV8OGh+pihXhur5JjFrkGXrh951v YuRkgrbUfXVzWhqZQWfKK6w490mokC4SD0vCIh9aEtV7p4J64NXAClh9RMYXt7M9bNkXCV2DK2J a7K4ChMcyd3dQ4RxZ2ai86VHLkHVQPD29waugXI5szdcKEyjlAdWv1Zzfh8QLBtj5m81xRApT+3 PqAZstrKIiE3mLPkI+noAJPKBWqzTHhCZoGyas+XoZwdzuhy0NM8RD3HLfzhJXWwTfYcg= X-Google-Smtp-Source: AGHT+IE7v6ceIh3pd4soCp8xqz/i5/FM9hHMZS3MRN9QRptYtUlF/PiDHzWEl0q3hZieNC6J05UC8Q== X-Received: by 2002:a17:907:97d6:b0:b73:8f33:eed3 with SMTP id a640c23a62f3a-b76715afc72mr4333301466b.26.1764584927957; Mon, 01 Dec 2025 02:28:47 -0800 (PST) Received: from localhost (dslb-002-205-018-238.002.205.pools.vodafone-ip.de. [2.205.18.238]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-647509896d1sm12520131a12.0.2025.12.01.02.28.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 02:28:47 -0800 (PST) From: Jonas Gorski To: Andrew Lunn , Vladimir Oltean , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Shuah Khan , Florian Fainelli Cc: Vladimir Oltean , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC/RFT net-next v2 1/5] net: dsa: deny bridge VLAN with existing 8021q upper on any port Date: Mon, 1 Dec 2025 11:28:13 +0100 Message-ID: <20251201102817.301552-2-jonas.gorski@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251201102817.301552-1-jonas.gorski@gmail.com> References: <20251201102817.301552-1-jonas.gorski@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently adding a bridge vlan to a port only checks for an 8021q upper of that vlan on the port, but does not check for matching 8021q uppers on other ports. This leads to the possibility of configuring shared vlans on ports after adding uppers. E.g. adding the upper after configuring the vlan would be rejected $ ip link add br0 type bridge vlan filtering 1 $ ip link set swp1 master br0 $ ip link set swp2 master br0 $ bridge vlan add dev swp2 vid 100 $ ip link add swp1.100 link swp1 type vlan id 100 RTNETLINK answers: Resource busy But the other way around would currently be accepted: $ ip link add br0 type bridge vlan filtering 1 $ ip link set swp1 master br0 $ ip link set swp2 master br0 $ ip link add swp1.100 link swp1 type vlan id 100 $ bridge vlan add dev swp2 vid 100 $ bridge vlan port vlan-id swp2 1 PVID Egress Untagged 100 swp1 1 PVID Egress Untagged br0 1 PVID Egress Untagged Fix this by checking all members of the bridge for a matching vlan upper, and not the port itself. After: $ ip link add br0 type bridge vlan filtering 1 $ ip link set swp1 master br0 $ ip link set swp2 master br0 $ ip link add swp1.100 link swp1 type vlan id 100 $ bridge vlan add dev swp2 vid 100 RTNETLINK answers: Resource busy Fixes: 1ce39f0ee8da ("net: dsa: convert denying bridge VLAN with existing 8= 021q upper to PRECHANGEUPPER") Signed-off-by: Jonas Gorski --- v1 -> v2: * no changes net/dsa/user.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/net/dsa/user.c b/net/dsa/user.c index f59d66f0975d..fa1fe0f1493a 100644 --- a/net/dsa/user.c +++ b/net/dsa/user.c @@ -653,21 +653,30 @@ static int dsa_user_port_attr_set(struct net_device *= dev, const void *ctx, =20 /* Must be called under rcu_read_lock() */ static int -dsa_user_vlan_check_for_8021q_uppers(struct net_device *user, +dsa_user_vlan_check_for_8021q_uppers(struct dsa_port *dp, const struct switchdev_obj_port_vlan *vlan) { - struct net_device *upper_dev; - struct list_head *iter; + struct dsa_switch *ds =3D dp->ds; + struct dsa_port *other_dp; =20 - netdev_for_each_upper_dev_rcu(user, upper_dev, iter) { - u16 vid; + dsa_switch_for_each_user_port(other_dp, ds) { + struct net_device *user =3D other_dp->user; + struct net_device *upper_dev; + struct list_head *iter; =20 - if (!is_vlan_dev(upper_dev)) + if (!dsa_port_bridge_same(dp, other_dp)) continue; =20 - vid =3D vlan_dev_vlan_id(upper_dev); - if (vid =3D=3D vlan->vid) - return -EBUSY; + netdev_for_each_upper_dev_rcu(user, upper_dev, iter) { + u16 vid; + + if (!is_vlan_dev(upper_dev)) + continue; + + vid =3D vlan_dev_vlan_id(upper_dev); + if (vid =3D=3D vlan->vid) + return -EBUSY; + } } =20 return 0; @@ -693,11 +702,11 @@ static int dsa_user_vlan_add(struct net_device *dev, */ if (br_vlan_enabled(dsa_port_bridge_dev_get(dp))) { rcu_read_lock(); - err =3D dsa_user_vlan_check_for_8021q_uppers(dev, vlan); + err =3D dsa_user_vlan_check_for_8021q_uppers(dp, vlan); rcu_read_unlock(); if (err) { NL_SET_ERR_MSG_MOD(extack, - "Port already has a VLAN upper with this VID"); + "This VLAN already has an upper configured on a bridge port"); return err; } } --=20 2.43.0 From nobody Mon Dec 1 21:30:50 2025 Received: from mail-ej1-f43.google.com (mail-ej1-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08A25303C9F for ; Mon, 1 Dec 2025 10:28:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584932; cv=none; b=sdVuVhwBOYpCqyEdNFPRB5xYyU1OfKqzV1WnaSC+B7j7eZqiB/kEOPzccqHyncGKMtQOeJwmt2sW9xVvWj5D7UwSxZo/EgnFsmfZo9StWfUHSGA4BRQxzj07oN1hbnTbhhHrWnMX5/nq7rrTdEx7Cgl6Jc1HG3g/RsfTw8RVsaU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584932; c=relaxed/simple; bh=wWdXTf3PWwMEgee4xvskzWMHbq0aF33vkNM3dtLaIL8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HXLJlLnmckw3t8I638FU2WOXhAOOWL+aFqBnWTadqx0XYEUPuAUCdGKhvRNEP+ghEl6OQcDcPIqr17g5D8xWxFgC++lfelUlc6ynsjqS8+joSuY88qK43YDts0fcAAIggfcZEbXo016PJKKK2dwnsb6jErMa/9lJFAPtZFj3v50= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ALzwo/A/; arc=none smtp.client-ip=209.85.218.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ALzwo/A/" Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-b735e278fa1so48270666b.0 for ; Mon, 01 Dec 2025 02:28:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764584929; x=1765189729; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FIzSKOpGNcki0F1mAxWBRjW2MjoQZLx/rLT/pH+h1/4=; b=ALzwo/A/1oONJ4pDgmgfJxKYk+/KbSMZ47exwPvEuMdzn+gIuxGLa8Ox0DkRG19zn5 IiavKdToIAEapOcOWnvFJEx5yt4uTtIC4sJwtyYC5PghA3GN3d3phCRrsZQOlAuoaX6f LJfsv2Pm/R8e9Jxk9lJYC6ofSg1jEI/xWK6KTyN5Btk9Z94yhoXmvN4PxI+TEvluSVW5 a6Kad/EHKguuzwH5bVWtPcMERw3vbst2wmHySu/2OBYZ50KeyFhwK4XvrMfRR8R+4uUJ 1irBPnCRVdLr/AmO8MInFJf977t4AyaerDIiZfJHOVC1POOCidwabNKpMlbRDEXswyxm Hy6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764584929; x=1765189729; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=FIzSKOpGNcki0F1mAxWBRjW2MjoQZLx/rLT/pH+h1/4=; b=a9BuSXB67ybB27XpA//j+ef8ebRpUrSz3kg2SjUkWHM+cY4mb4ZA0rnQpUhsSq3PJT xj0GgKbccqpbZeKl/2nGh0NCpkORNBHKNHSNwvENqjCsR7rcfueQCkJuhGQGlaWDsWY+ 4BU8adWkOblHDekJx76iazXg1h7mWFFYDlKMvcuhR0epT+zhh6UxEAEoXleOm9ntKK2V KRLxsP6VkWNUMt4RxAmKylpevkbxc4BVI9YeqSPKm/ic9VZ/eK//O7SrtREyKJ9P3eT5 JmHR/gOZHCnGqXcwDVPzbyUJJbcFbxYE3nEOaOPoYIUhnhZwNwiRhmVV3ygSGu1vyEG1 SnIQ== X-Forwarded-Encrypted: i=1; AJvYcCWUucEh9CJK1PtnBrSRMMBC8lL4Bh9FaZnUmlyn9WXBWZUWJqkCwNat1vzbDlVUeYFXVVR7XnDdMS5I6rM=@vger.kernel.org X-Gm-Message-State: AOJu0Yw3UQnTPFmFVMNzEueGHaJTFiHBhfPybQRzq2AwH0FbCNaCZmxQ 1ufQSXf195sW94YDoWr8A0RRnZRrUF5vtdVTxYRpsHVcddUNUPRSY59d X-Gm-Gg: ASbGncsaCfpvI75nukjJwZ7ywiiqb3JwTrrIkFSYYelwhOK1SwHjjBLGtIFLRSPnCn9 oAZNJRWFEom5QzUZOP+lqcUXvLd53wvErtUG2idPANvBaTceDDTyvT83vZJQtt8YU4TEhCv8fso 4n9En79HD0XGdeNAmYeYCmxwcp7D7hhy2j7DTNv+BB/3T0ztdHaaShUrC/w6gW4+8ZL9Z1uVOl0 7rEci+50wX4s2qHbBYyLPgsCx5VT6F87GGnB6BFVOkYVAO/+OyhBXO+DcnAJnLUcrI4p8ysw0R6 4m8tq0wYm881xJ0TWSjCF+LWehCoQx8WwllpfluSk6Q0lrxG+ygx4HvYWMct5VsbDzifSgnTY7n DsXoC057wZFp1JSfTpW4zt0o6PFzRaJoEpSjaV/l0gp10qaXoGiHSM95rg9/7JnIvyI2gQffHoT Y5PPD8fOLYinrQiCcP/lQef9ve5OQYbQAEAMqD1cVGVZ2xcKAToLN3AAZcEUrmyz2C3Ak= X-Google-Smtp-Source: AGHT+IG/MbOrMoxloIMO1QZgU+rp0yNg3TPBATPkNx5UeifGWcK6FmSaWpWZL8LEhuVo0rEEYcPgGg== X-Received: by 2002:a17:906:f5a5:b0:b3f:f207:b748 with SMTP id a640c23a62f3a-b76c547167bmr2736230066b.10.1764584929180; Mon, 01 Dec 2025 02:28:49 -0800 (PST) Received: from localhost (dslb-002-205-018-238.002.205.pools.vodafone-ip.de. [2.205.18.238]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b76f5a3a4ebsm1178101966b.62.2025.12.01.02.28.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 02:28:48 -0800 (PST) From: Jonas Gorski To: Andrew Lunn , Vladimir Oltean , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Shuah Khan , Florian Fainelli Cc: Vladimir Oltean , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC/RFT net-next v2 2/5] net: dsa: deny multiple 8021q uppers on bridged ports for the same VLAN Date: Mon, 1 Dec 2025 11:28:14 +0100 Message-ID: <20251201102817.301552-3-jonas.gorski@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251201102817.301552-1-jonas.gorski@gmail.com> References: <20251201102817.301552-1-jonas.gorski@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When creating 8021q uppers on bridged ports on a vlan filtering bridge, we will configure the VLAN on the ports. For the dsa driver, there is no difference between a 8021q upper on bridged port and a port vlan configured within the bridge. For that reason, if we configure a second 8021q upper for the same VLAN on a different port of the bridge, we implicitly enable forwarding between these ports on that VLAN. This breaks the requirement for 8021q uppers for the VLAN to be consumed, so we need to reject these configurations. Reuse dsa_user_vlan_check_for_8021q_uppers() and change its argument to just the vlan id. Before: $ ip link add br0 type bridge vlan_filtering 1 $ ip link set swp1 master br0 $ ip link set swp2 master br0 $ ip link add swp1.100 link GbE1 type vlan id 100 $ ip link add swp2.100 link GbE2 type vlan id 100 $ After: $ ip link add br0 type bridge vlan_filtering 1 $ ip link set swp1 master br0 $ ip link set swp2 master br0 $ ip link add swp1.100 link GbE1 type vlan id 100 $ ip link add swp2.100 link GbE2 type vlan id 100 RTNETLINK answers: Resource busy Signed-off-by: Jonas Gorski --- v1 -> v2: * no changes net/dsa/user.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/net/dsa/user.c b/net/dsa/user.c index fa1fe0f1493a..e8c6452780b0 100644 --- a/net/dsa/user.c +++ b/net/dsa/user.c @@ -653,8 +653,7 @@ static int dsa_user_port_attr_set(struct net_device *de= v, const void *ctx, =20 /* Must be called under rcu_read_lock() */ static int -dsa_user_vlan_check_for_8021q_uppers(struct dsa_port *dp, - const struct switchdev_obj_port_vlan *vlan) +dsa_user_vlan_check_for_8021q_uppers(struct dsa_port *dp, u16 other_vid) { struct dsa_switch *ds =3D dp->ds; struct dsa_port *other_dp; @@ -674,7 +673,7 @@ dsa_user_vlan_check_for_8021q_uppers(struct dsa_port *d= p, continue; =20 vid =3D vlan_dev_vlan_id(upper_dev); - if (vid =3D=3D vlan->vid) + if (vid =3D=3D other_vid) return -EBUSY; } } @@ -702,7 +701,7 @@ static int dsa_user_vlan_add(struct net_device *dev, */ if (br_vlan_enabled(dsa_port_bridge_dev_get(dp))) { rcu_read_lock(); - err =3D dsa_user_vlan_check_for_8021q_uppers(dp, vlan); + err =3D dsa_user_vlan_check_for_8021q_uppers(dp, vlan->vid); rcu_read_unlock(); if (err) { NL_SET_ERR_MSG_MOD(extack, @@ -3185,6 +3184,16 @@ dsa_user_check_8021q_upper(struct net_device *dev, return notifier_from_errno(-EBUSY); } =20 + rcu_read_lock(); + err =3D dsa_user_vlan_check_for_8021q_uppers(dp, vid); + rcu_read_unlock(); + + if (err) { + NL_SET_ERR_MSG_MOD(extack, + "This VLAN already has an upper configured on a bridge port"); + return notifier_from_errno(err); + } + return NOTIFY_DONE; } =20 --=20 2.43.0 From nobody Mon Dec 1 21:30:50 2025 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2876F304BB5 for ; Mon, 1 Dec 2025 10:28:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584934; cv=none; b=j8nsXWcCWdFgll5YalNndeNn5/cM/p6aZlJSrgGPvARlxNz/5wD0t8RUeR0eWB3f9fkM4jsW2NmKxb4TTQwVobYzgGxOoxDFTXdVL9VIJiihoPj/5hf1vxFfMjoeu/6MNtI+hqgG8VrOPcRnakav3jSrXScb6cz+2/m8pxjbp0c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584934; c=relaxed/simple; bh=bpfHyyspFf7vI7NmB9tWN+VXQOjDBGy/ulV1bMwtwkw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IbISKnE4l0mIS/GXsVE4DFXlx3js6jLic8miUtJGCUlyb0m6vKH80MdkkXh5u7ehDXIroABplKUBc3nL2MvvQaeE2mwkxuECX0ZYAmZ+dmsv/X7fxahRUH89FgKHxpuJLEJRGFwVyE9NKl3A3Y7t/WhGLiKDTvti0FStCYRNG5M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MIE/ozVX; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MIE/ozVX" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-b73161849e1so960153266b.2 for ; Mon, 01 Dec 2025 02:28:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764584930; x=1765189730; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r62uAAysvOeF+TQvBPK+HmpxuJJtN8BAOCCbeSMPZRw=; b=MIE/ozVXkW9Dqz28uyOPT9368AzPdlgymcW3jVzdu2V3Jk0VxYodGB/4EMVZkYSAW4 SDXe/KZtHP5SlGzyE1LL/dkdqLDUCW9g0ahNAT/jhqfePnrX2QhdRfs8eJriShq145u+ op+5DCZH3DDavteR3RwxZgeceZYdsVxxqAQHxuZE0QI4diHq/+lPBVaxdbWakOJfwOeR zOadRjKnfE5ykehZ7ezAWLa8b3J3WM3vAPca+bfx+QIIGSQHPv1yOcCnKRLgUnTrjTRt d4csxEt8XPsT7G7iA5uxF6woxLZSQSDuS+xr+WtVOEEAN7OJLAIRaWyMRblgQJ8Nw0dh uRVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764584930; x=1765189730; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=r62uAAysvOeF+TQvBPK+HmpxuJJtN8BAOCCbeSMPZRw=; b=YpGjteKvbNCyKziQu5itrgZoQK7Sw2NU6FTBmHyI/loqrHv5lpAXHz0XMYo2pul2fT xRCTIXKeaWuFRkHpZ82i6EaArrAPak/7qALmLNdH4OB94zD/UMZu/RdTbpcbFwB/SL8j bZ8VsNHv4jWcbjjn6uBs0J5joe3cXKIIFPtg9hP/WjkNiis4N2JUQAE/5Ez9kTYTw6md YhZfmmbI8vV48FTdDffu5Yl1RH/CCzJ0UxlNZt/7yxomxflloKpde2kYvTgg9arQIxz5 5+W+4PI2IZVZs3ccoEA4CJotK02EYLS0fUPE2iKt8D2qnJtTICEJlsz5GWJKu/Mn4Wg/ qQAA== X-Forwarded-Encrypted: i=1; AJvYcCXvvJNI572wlSW/5qufJ2ZtUZn3he6sItC8gbI3i/PErjdfz5OqYXHnbBrZngwcXXZAls1DLDbQ9rjPMEc=@vger.kernel.org X-Gm-Message-State: AOJu0YxFuEfFWnIvK4FuyiBv4uhXjGuSIS7PVkj6rdUBumgEFdZs52k4 /5kS08B9R/yslquT5il1KCE4INoL4shWVVwhlcbECTs0sePTPiYKq797 X-Gm-Gg: ASbGncv8I0pFMAseRd/JyWDLkkOxElQh5QecbAG5Lk88pQznpytWl4GDhHms4DGOgR0 YUY9e+GooNpKtOXlXXqIzGR/XQNGJtcWaOFYPuyvkurefZyEanTH2cfSCRFg7+ybacPwNygr2p7 t7uXMYFA5Ey9wRObGD8v6AC9qlfdC+jPc8eoo0Xl6w74CDoQ3JpafnL9SJYNf+P0GnqMhtBmaL2 QVzeVk5v+lCLi/DP9qFCiE1tDqmx/72lkabGQqY8Dr6WVazsC2E/zYCLV0nDANAIoa0yoPLoy8x +1GCDb/67+3auz6TbFGWT7nc7R1d/dWLv0Dst90Vh14bzK7VCykSddBLueQ4CINDIYiXzom+nNW fpci4WPsrlzVjjcXybvHv4nGTrxapXpdd6Rw8Ezxr9lUR0i5RVfVN0OUC8tte6aCGJYydvv8sJV xjZ9xsYpFbbrEAyGqGcx8xKe18miLlG4KqBXHRUoHB/dNAWwiSm8QspI1bClRVQyjQZyA= X-Google-Smtp-Source: AGHT+IFUMDNzleZaysdDaOIWKCLnv0W/7ORsWcveP6WOewtMC3bsi4ve1+dw0mBPOzG6hzY3eCvx5w== X-Received: by 2002:a17:907:3f25:b0:b72:aaae:1b22 with SMTP id a640c23a62f3a-b767150b109mr4455364166b.12.1764584930328; Mon, 01 Dec 2025 02:28:50 -0800 (PST) Received: from localhost (dslb-002-205-018-238.002.205.pools.vodafone-ip.de. [2.205.18.238]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b76f5162d3esm1199021666b.8.2025.12.01.02.28.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 02:28:49 -0800 (PST) From: Jonas Gorski To: Andrew Lunn , Vladimir Oltean , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Shuah Khan , Florian Fainelli Cc: Vladimir Oltean , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC/RFT net-next v2 3/5] selftests: no_forwarding: test VLAN uppers on VLAN aware bridged ports Date: Mon, 1 Dec 2025 11:28:15 +0100 Message-ID: <20251201102817.301552-4-jonas.gorski@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251201102817.301552-1-jonas.gorski@gmail.com> References: <20251201102817.301552-1-jonas.gorski@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a test (mainly for switchdev implementors) to test that multiple VLAN uppers on a VLAN aware bridge for the same VLAN do not enable forwarding of that VLAN between those ports. Since we are testing VLAN uppers, skip checking untagged traffic in those cases. Disallowing VLAN uppers on bridge ports is a valid choice for switchdev drivers, so test if we can create them first and skip the tests if not. Signed-off-by: Jonas Gorski --- v1 -> v2: * new patch .../selftests/net/forwarding/no_forwarding.sh | 89 ++++++++++++++----- 1 file changed, 67 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/net/forwarding/no_forwarding.sh b/tool= s/testing/selftests/net/forwarding/no_forwarding.sh index 694ece9ba3a7..c8adf04e1328 100755 --- a/tools/testing/selftests/net/forwarding/no_forwarding.sh +++ b/tools/testing/selftests/net/forwarding/no_forwarding.sh @@ -1,7 +1,7 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0 =20 -ALL_TESTS=3D"standalone two_bridges one_bridge_two_pvids" +ALL_TESTS=3D"standalone two_bridges one_bridge_two_pvids bridge_aware_vlan= _uppers" NUM_NETIFS=3D4 =20 source lib.sh @@ -90,6 +90,7 @@ check_rcv() run_test() { local test_name=3D"$1" + local swp_uppers=3D${2:0} local smac=3D$(mac_get $h1) local dmac=3D$(mac_get $h2) local h1_ipv6_lladdr=3D$(ipv6_lladdr_get $h1) @@ -99,16 +100,24 @@ run_test() =20 tcpdump_start $h2 =20 - send_non_ip $h1 $smac $dmac - send_non_ip $h1 $smac $NON_IP_MC - send_non_ip $h1 $smac $BC - send_uc_ipv4 $h1 $dmac - send_mc_ipv4 $h1 - send_uc_ipv6 $h1 $dmac - send_mc_ipv6 $h1 + if [ "$swp_uppers" -eq 0 ]; then + send_non_ip $h1 $smac $dmac + send_non_ip $h1 $smac $NON_IP_MC + send_non_ip $h1 $smac $BC + send_uc_ipv4 $h1 $dmac + send_mc_ipv4 $h1 + send_uc_ipv6 $h1 $dmac + send_mc_ipv6 $h1 + fi =20 for vid in "${vids[@]}"; do vlan_create $h1 $vid + if [ "$swp_uppers" -ge 1 ]; then + vlan_create $swp1 $vid + fi + if [ "$swp_uppers" -ge 2 ]; then + vlan_create $swp2 $vid + fi simple_if_init $h1.$vid $H1_IPV4/24 $H1_IPV6/64 =20 send_non_ip $h1.$vid $smac $dmac @@ -120,6 +129,12 @@ run_test() send_mc_ipv6 $h1.$vid =20 simple_if_fini $h1.$vid $H1_IPV4/24 $H1_IPV6/64 + if [ "$swp_uppers" -ge 2 ]; then + vlan_destroy $swp2 $vid + fi + if [ "$swp_uppers" -ge 1 ]; then + vlan_destroy $swp1 $vid + fi vlan_destroy $h1 $vid done =20 @@ -129,26 +144,28 @@ run_test() =20 tcpdump_stop $h2 =20 - check_rcv $h2 "$test_name: Unicast non-IP untagged" \ - "$smac > $dmac, 802.3, length 4:" + if [ "$swp_uppers" -eq 0 ]; then + check_rcv $h2 "$test_name: Unicast non-IP untagged" \ + "$smac > $dmac, 802.3, length 4:" =20 - check_rcv $h2 "$test_name: Multicast non-IP untagged" \ - "$smac > $NON_IP_MC, 802.3, length 4:" + check_rcv $h2 "$test_name: Multicast non-IP untagged" \ + "$smac > $NON_IP_MC, 802.3, length 4:" =20 - check_rcv $h2 "$test_name: Broadcast non-IP untagged" \ - "$smac > $BC, 802.3, length 4:" + check_rcv $h2 "$test_name: Broadcast non-IP untagged" \ + "$smac > $BC, 802.3, length 4:" =20 - check_rcv $h2 "$test_name: Unicast IPv4 untagged" \ - "$smac > $dmac, ethertype IPv4 (0x0800)" + check_rcv $h2 "$test_name: Unicast IPv4 untagged" \ + "$smac > $dmac, ethertype IPv4 (0x0800)" =20 - check_rcv $h2 "$test_name: Multicast IPv4 untagged" \ - "$smac > $MACV4_ALLNODES, ethertype IPv4 (0x0800).*: $H1_IPV4 > $IPV4_AL= LNODES" + check_rcv $h2 "$test_name: Multicast IPv4 untagged" \ + "$smac > $MACV4_ALLNODES, ethertype IPv4 (0x0800).*: $H1_IPV4 > $IPV4_A= LLNODES" =20 - check_rcv $h2 "$test_name: Unicast IPv6 untagged" \ - "$smac > $dmac, ethertype IPv6 (0x86dd).*8: $H1_IPV6 > $H2_IPV6" + check_rcv $h2 "$test_name: Unicast IPv6 untagged" \ + "$smac > $dmac, ethertype IPv6 (0x86dd).*8: $H1_IPV6 > $H2_IPV6" =20 - check_rcv $h2 "$test_name: Multicast IPv6 untagged" \ - "$smac > $MACV6_ALLNODES, ethertype IPv6 (0x86dd).*: $h1_ipv6_lladdr > $= IPV6_ALLNODES" + check_rcv $h2 "$test_name: Multicast IPv6 untagged" \ + "$smac > $MACV6_ALLNODES, ethertype IPv6 (0x86dd).*: $h1_ipv6_lladdr > = $IPV6_ALLNODES" + fi =20 for vid in "${vids[@]}"; do check_rcv $h2 "$test_name: Unicast non-IP VID $vid" \ @@ -209,6 +226,34 @@ one_bridge_two_pvids() ip link del br0 } =20 +bridge_aware_vlan_uppers() +{ + ip link add br0 type bridge vlan_filtering 1 vlan_default_pvid 0 + ip link set br0 up + ip link set $swp1 master br0 + ip link set $swp2 master br0 + + if ! ip link add name $swp1.10 link $swp1 type vlan id 10 2>/dev/null; th= en + ip link del br0 + echo "SKIP: vlan-aware bridge does not allow vlan uppers on bridge ports" + exit "$ksft_skip" + fi + + if ! ip link add name $swp2.10 link $swp2 type vlan id 10 2>/dev/null; th= en + vlan_destroy $swp1 10 + ip link del br0 + echo "SKIP: vlan-aware bridge does not allow multiple vlan uppers per VL= AN on bridge ports" + exit "$ksft_skip" + fi + + vlan_destroy $swp1 10 + vlan_destroy $swp2 10 + + run_test "Switch ports in VLAN-aware bridge with VLAN uppers" 2 + + ip link del br0 +} + h1_create() { simple_if_init $h1 $H1_IPV4/24 $H1_IPV6/64 --=20 2.43.0 From nobody Mon Dec 1 21:30:50 2025 Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74D603054D4 for ; Mon, 1 Dec 2025 10:28:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584935; cv=none; b=g3XFtSpH3+a2wiHQpeYapvIPDwiEN8G7iM6SXGqTrsNsMkasSVgkmHm2hC1B7VrOhjahW4vBT91CMu/MWUO3LlLsL/a8EPZcERCvb+Nd8iepotzHLGsvJLxxUcVLIp1CjyowRnsOBgX98wBMULvgnMwXYXmZagqK56NAuCpUfdY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584935; c=relaxed/simple; bh=kcdB10IAw2gkJ9lGc1YtDOyMNEKD6+NwmKs07aM43cU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S6d7OMlf7vqxsJbVpWoGyE2sUe22FxR8xl9y0pvf8iKTqPcJOYO1txIwhEIUqJLJSz4PBuiJIRpfX3Wzs18gtibzmlSPxPa3pJMV8V7qr6qeVfqsdHkPTLH2pfg85v54uUb+Ay+uQ3m0Akw5MShwCYEt3bn40S8wrkdAx9v5iNw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GCOiDo1L; arc=none smtp.client-ip=209.85.218.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GCOiDo1L" Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-b76b5afdf04so695948366b.1 for ; Mon, 01 Dec 2025 02:28:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764584932; x=1765189732; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0KJH3bXmMEwxHSCHbGbfUAmcdLYGbe7hL6mo3kE3l6g=; b=GCOiDo1LLa6TgM+5ydT0JcPvC3RG84l0r40UBeAlxYOXjPxU+IjFEgQDPyA8YzF6D1 ms4VhtF/URWTGYTvOfUYZVccyUwWGOFdKB2osXNvCIhrdpaDiRsaCFVZr1X01jTpI4SN UVYGCaSpu0PLNPCv8pg2ty/R28302bUuXotgzlpZQvPYBH61+iJcWkPtpakjvv3L5/9v IPKDaBxfvr98ogYFvlF7y+0YH5MAgOVDXf4jdTVx17W0wLs2OmyIbaxtimS0cecQImF+ LgY/r007mJamH5cEgiRAxe2vVWLhxY7eTtuwLVcVA+bLO+/3KEXsYnuD3YqI6IU2+f7F U0zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764584932; x=1765189732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=0KJH3bXmMEwxHSCHbGbfUAmcdLYGbe7hL6mo3kE3l6g=; b=a1b2LVtkFTKED8iqtSAaiXaT9zOJdvVj1U+JqvFLCWwt/3K7XnkF++ylPKEgEnghlZ XTZ8qLxTF7STRlY07Xj0X6gO7vZ1v7C2/V/rkVpQRo/Y2vBXsk9jnR42SrATt2P1/vcj p0bOQNdwQnawYIoXYFHo60OkD3arRE+w6hBIEwijq63VoSVMSt3Kry5F2LVOF0dg6LTg teEwbVCQaiwum30cIalmzzRV3U3DccVbnWgTo+K2PLk0mFt+Zd0Zc88BzosH5aJheOYV r0XzJYLFBR5ymncTG8C7IDQG1neCGym5yzteajfWugnzTmjhy/CwJ/jtzu9eVkDkXDsK HDGw== X-Forwarded-Encrypted: i=1; AJvYcCU7ZQzdHIwY9IFZGtydsisANfIGCUIXR7YGO7purv2v0Tt4WvwJvGFshPEOxjwIMzbMpy+44me+VKX0qVk=@vger.kernel.org X-Gm-Message-State: AOJu0YyKcFm2XpnOD4EdpTQAkw3r2QW44hwvCvKeNvhDMzuHxS26g1OQ aBOOc3vHs50kNmZsm4ircG9liYqktlUUcR0ronmiNJv3hDDX8KatTaOY X-Gm-Gg: ASbGncsmqCuHeqtfTP7O/9lizmh2loS1zSjRjZWdHAs482BZ/8WkpKpXygHF0fMf4NY wNiOGXPUxtAZwawImrKd+s1hDC2Gy09CMZJXuCf8KbCS2mMOUrkztCTK39oBGO8uBdUHwr5/yyi PevC9A43C/avY+l+VA1/gcwfDjZemj2B1J0ELQg0YqY/5NqDIiEdL6cXPwqdXcuRCxwnJjKd5sR eiWvXerKUjoywMJUn+WPjaMyy+5GRBkRlP2UqUYcjPxENIbDWl+0Vzfs3yCfOUQcAobAXD/LDqZ kwcO2I6TXkw90nhTQaKLFcDLrrdShJzwQ/ZRdRfUp97qBXn3o095/F1U43fqBbacuVEFCB7HoJs d8sdd9ZQTCJQcTpGfVhmIJFdw1lpT1a91Qw5fa0Y5h69zeK4WOeyWLU334XEK1EB79mWgek3DNl ctltwRPEM/mBFfNb29WzDD3sex2a2DgfwZHGTQz+TOKsBNIKy6dqF+BxocidG06MU3XHA= X-Google-Smtp-Source: AGHT+IH8UzIXZ+P9m8fEUgF681BNGjOYCjDIaz/r0htVxM1wr+pTCtgffVG0RJhGTTYN5l3Ys9Se2Q== X-Received: by 2002:a17:907:3e0b:b0:b74:f827:b886 with SMTP id a640c23a62f3a-b767170bfcfmr4074321666b.32.1764584931481; Mon, 01 Dec 2025 02:28:51 -0800 (PST) Received: from localhost (dslb-002-205-018-238.002.205.pools.vodafone-ip.de. [2.205.18.238]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b76f519d883sm1183492566b.17.2025.12.01.02.28.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 02:28:50 -0800 (PST) From: Jonas Gorski To: Andrew Lunn , Vladimir Oltean , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Shuah Khan , Florian Fainelli Cc: Vladimir Oltean , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC/RFT net-next v2 4/5] net: dsa: deny 8021q uppers on vlan unaware bridged ports Date: Mon, 1 Dec 2025 11:28:16 +0100 Message-ID: <20251201102817.301552-5-jonas.gorski@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251201102817.301552-1-jonas.gorski@gmail.com> References: <20251201102817.301552-1-jonas.gorski@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Documentation/networking/switchdev.rst says: - with VLAN filtering turned off, the bridge will process all ingress traffic for the port, except for the traffic tagged with a VLAN ID destined for a VLAN upper. But DSA currently does not notify drivers about uppers on bridge ports of a VLAN unaware bridge: Bridged ports on a VLAN unaware bridge will usually not have filtering enabled and thus do not have NETIF_F_HW_VLAN_CTAG_FILTER so dsa_user_vlan_rx_add_vid() is never called. And if filtering is always on for a driver, then DSA will just call dsa_port_vlan_add(), in the same way it would for VLANs added to the bridge. And VLANs programmed to the bridge are supposed to be ignored while filtering is disabled, so drivers would still not act upon it. Therefore traffic tagged with the VID will continue to be forwarded to other ports, and therefore we cannot support VLAN uppers on ports of a VLAN unaware bridges. So reject any VLAN uppers for bridged ports of VLAN unaware bridges, and reject disabling filtering as long as any VLAN uppers on bridged ports exist. Signed-off-by: Jonas Gorski --- v1 -> v2: * actually deny VLAN uppers on VLAN-unware bridges * fix DSA behaviour description for non-filtering bridge ports net/dsa/port.c | 23 ++++------------------- net/dsa/user.c | 9 ++++++++- 2 files changed, 12 insertions(+), 20 deletions(-) diff --git a/net/dsa/port.c b/net/dsa/port.c index 082573ae6864..d7746885f7e0 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -728,35 +728,20 @@ static bool dsa_port_can_apply_vlan_filtering(struct = dsa_port *dp, { struct dsa_switch *ds =3D dp->ds; struct dsa_port *other_dp; - int err; =20 - /* VLAN awareness was off, so the question is "can we turn it on". + /* VLAN awareness was on, so the question is "can we turn it off". * We may have had 8021q uppers, those need to go. Make sure we don't * enter an inconsistent state: deny changing the VLAN awareness state * as long as we have 8021q uppers. */ - if (vlan_filtering && dsa_port_is_user(dp)) { - struct net_device *br =3D dsa_port_bridge_dev_get(dp); + if (!vlan_filtering && dsa_port_is_user(dp)) { struct net_device *upper_dev, *user =3D dp->user; struct list_head *iter; =20 netdev_for_each_upper_dev_rcu(user, upper_dev, iter) { - struct bridge_vlan_info br_info; - u16 vid; - - if (!is_vlan_dev(upper_dev)) - continue; - - vid =3D vlan_dev_vlan_id(upper_dev); - - /* br_vlan_get_info() returns -EINVAL or -ENOENT if the - * device, respectively the VID is not found, returning - * 0 means success, which is a failure for us here. - */ - err =3D br_vlan_get_info(br, vid, &br_info); - if (err =3D=3D 0) { + if (is_vlan_dev(upper_dev)) { NL_SET_ERR_MSG_MOD(extack, - "Must first remove VLAN uppers having VIDs also present in bridge= "); + "Must first remove VLAN uppers from bridged ports"); return false; } } diff --git a/net/dsa/user.c b/net/dsa/user.c index e8c6452780b0..442cf3b2dc30 100644 --- a/net/dsa/user.c +++ b/net/dsa/user.c @@ -3167,10 +3167,17 @@ dsa_user_check_8021q_upper(struct net_device *dev, int err =3D NOTIFY_DONE; u16 vid; =20 - if (!br || !br_vlan_enabled(br)) + if (!br) return NOTIFY_DONE; =20 extack =3D netdev_notifier_info_to_extack(&info->info); + + if (!br_vlan_enabled(br)) { + NL_SET_ERR_MSG_MOD(extack, + "VLAN uppers not supported with non filtering bridges"); + return notifier_from_errno(-EBUSY); + } + vid =3D vlan_dev_vlan_id(info->upper_dev); =20 /* br_vlan_get_info() returns -EINVAL or -ENOENT if the --=20 2.43.0 From nobody Mon Dec 1 21:30:50 2025 Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3584305971 for ; Mon, 1 Dec 2025 10:28:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584936; cv=none; b=MTC4dE1KfZIqRhHxaUjzDbL9r+lOvx0MrLEAI6VMo9B4D0telCucIpVY6KCo1+85dA696d0jlYbChV1Z/WKSErcwxZvru1XZJVhmuiVY0glyEsg4R5glY8wX2B8oGtx8rKlneEEdYcAWWyJ4Oh6PZA02ESV5g078auAxLdgL7zU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764584936; c=relaxed/simple; bh=p8nrLd8JgHXvBOx3nRAE8e12DQJPDzMeaIvncxSjwDI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rylEw4QpbsL1EKPnwgvdqdQTh9pNwLjjw89WqN2b8OUbsO5+FnFSXSWzD/ceHbxQDHw1qDgsGUdpRY1aTKo+a5Gn59zv6PqczlfiQRXYLH4dFF2LFI31/1sU3xQYAkXwOGTRGbaIBaQJyy36wE0e0lhEQSOy8mHNwCd6JqEc3H8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VFjvC3xT; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VFjvC3xT" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-640bd9039fbso307612a12.2 for ; Mon, 01 Dec 2025 02:28:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764584933; x=1765189733; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ygDjwJpJeLSApr9Yk+KRSHapU8CeVBWTNC852WoTWfU=; b=VFjvC3xTsWBsSA3KGtfWnloKFemE07SRzAyOjU8np52KCeAkkWa2PbqaiSJz1BrrEH +VO9EmVORcXr+VPb1jKlX4yIJH29fNyb54aTvDXf+SWN5KYZGaGPfkQVqEUu9WhBfkrX chHDBgx1MWjYQ6tqjZIhMuME6/y0YKM4Zkbl+XP9liali0AuStphCEVSSynfItZ9H0aV qTSSm6HGMzn1KYhN1CYGsuENe8gNI9qrG1TBYMPaVkmp/A0LFQ2uQUNS7UPi6WUFV6Q9 cnqEKaVkvhyPyLznv1NypGT3LoP6EGzK86oqxpQNLFjK4B1yaRtsXyTr0dVj48rfAJVb kXRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764584933; x=1765189733; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ygDjwJpJeLSApr9Yk+KRSHapU8CeVBWTNC852WoTWfU=; b=D66AAsA/jcHR2cSWOrF3LkBcLAptdwi+xRRuZ138w8aOgMsXZjkFHMk7briPG/rw2q vwsFt4e3p1vExtw3TsIoQdc50to2OklHJkLf6Z+Y6qXlX5toQ2oMQN4vbOKMN8N8cuSF RJuXFxWJBh3G6OiCUTFGwWmwrWG/5QjhmuTw7tAUabocq7cUmsJ8qiBUXyi6h04Fvf2d jgtWO5fS+rtXPxHkPX4Y2XmKmEDbX0yN6qfH5MT5P1E2rTugoWXXvXzfg4IL/gu8TM31 2gzYMRCHtzFyPkyVIT03j1JpylilhjpNJsTvxrayjz9/UxMDnh+D3Ld9HvWWORGk0chW cFwQ== X-Forwarded-Encrypted: i=1; AJvYcCULUWgu75OVLqhAuKPB8s+WoVYN3GeYKoDzEpieknkLTsd1HSGl1PQclaOkNZwhjcv3StidBxeVKFL5hDY=@vger.kernel.org X-Gm-Message-State: AOJu0Yw7ufOZdKWgTRr4+s3R3vVL8ds3RaZddQQF35Ssglbr/j9o2HrN WbPz3lRU/wYip5AaNfuo3nxEgapakhn/JGcJfOtH/8a9z9ZKyO0i/2V4 X-Gm-Gg: ASbGnctYSh/ioFt2eOy5Kvew8BkPHtBU+hu2S7v3aL3BZYZVPkHmoIWXXbi5c02EuQg Wn9p3dt2ulhwbRM71crNJagIQfYsR6mXlQoHmhnrE57NEnYIj+UPKfcmqZIf0fRiQD+h+56SbQ5 6VvKD6EYp8tFTOUgxaa0lBCrg1nOqRoPOSCbdvsBe0oPKn/X69ebqpFzlv1cFpBLovEfBbCIgUy 4N9myMoh9UCCgpBRtwHmZBOsOzveduQgDk4OMzExqHoPx54J+Lp8HN39im1aWhsvwAlQkrpfkCg DP7rwwP5nVWVzoSD5wfMQNAY8m8KTrpdf2kRCvoW9NkOl6iOEhXkmEeh3B1df77J0DWMVzMib8G kDpLkjUq4v5m8zsYz7tT4qSJqUH08cV3JduHI6EOdaeGNdWpGi8JnpxfeQXi1GF7eW25ld3mURl xWLLb1zTz/2Dl+ucuVqxa/XP0o7fEqRkfH2LCjxjCniw+cDp68Y7BPx6sQsIZJ82kvdJQ= X-Google-Smtp-Source: AGHT+IEeOymRIkFQOr4JB61bu2rSDxpP6cAksOESLtPWvBHBz4B7/Sh7AubPoUZ4gTkeiXgXOkHVKA== X-Received: by 2002:a17:907:7245:b0:b76:339d:63ed with SMTP id a640c23a62f3a-b767183c00emr3758956666b.52.1764584932679; Mon, 01 Dec 2025 02:28:52 -0800 (PST) Received: from localhost (dslb-002-205-018-238.002.205.pools.vodafone-ip.de. [2.205.18.238]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b76f5162d26sm1190495766b.3.2025.12.01.02.28.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 02:28:52 -0800 (PST) From: Jonas Gorski To: Andrew Lunn , Vladimir Oltean , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Shuah Khan , Florian Fainelli Cc: Vladimir Oltean , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC/RFT net-next v2 5/5] selftests: no_forwarding: test VLAN uppers on VLAN-unaware bridged ports Date: Mon, 1 Dec 2025 11:28:17 +0100 Message-ID: <20251201102817.301552-6-jonas.gorski@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251201102817.301552-1-jonas.gorski@gmail.com> References: <20251201102817.301552-1-jonas.gorski@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" A VLAN upper on a bridged port consumes the VLAN on this port and inhibits forwarding of it. Add a test that for VLAN-unaware bridges a single VLAN upper prevents forwarding of that VLAN from that port. This is asymmetric "blocking", as other ports' traffic can still be forwarded to this port. This is not tested, as this is a no-forward test, not a forward test. Since we are testing VLAN uppers, skip checking untagged traffic in those cases. Disallowing VLAN uppers on bridge ports is a valid choice for switchdev drivers, so test if we can create them first and skip the tests if not. Signed-off-by: Jonas Gorski --- v1 -> v2: * new patch .../selftests/net/forwarding/no_forwarding.sh | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/forwarding/no_forwarding.sh b/tool= s/testing/selftests/net/forwarding/no_forwarding.sh index c8adf04e1328..d223b5b79a4f 100755 --- a/tools/testing/selftests/net/forwarding/no_forwarding.sh +++ b/tools/testing/selftests/net/forwarding/no_forwarding.sh @@ -1,7 +1,7 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0 =20 -ALL_TESTS=3D"standalone two_bridges one_bridge_two_pvids bridge_aware_vlan= _uppers" +ALL_TESTS=3D"standalone two_bridges one_bridge_two_pvids bridge_unaware_vl= an_upper bridge_aware_vlan_uppers" NUM_NETIFS=3D4 =20 source lib.sh @@ -226,6 +226,24 @@ one_bridge_two_pvids() ip link del br0 } =20 +bridge_unaware_vlan_upper() +{ + ip link add br0 type bridge && ip link set br0 up + ip link set $swp1 master br0 + ip link set $swp2 master br0 + + if ! ip link add name $swp1.10 link $swp1 type vlan id 10 2>/dev/null; th= en + ip link del br0 + echo "SKIP: bridge does not allow vlan uppers on bridge ports" + exit "$ksft_skip" + fi + vlan_destroy $swp1 10 + + run_test "Switch ports in VLAN-unaware bridge with VLAN upper" 1 + + ip link del br0 +} + bridge_aware_vlan_uppers() { ip link add br0 type bridge vlan_filtering 1 vlan_default_pvid 0 --=20 2.43.0