net: mscc: ocelot: fix forwarding from BLOCKING ports remaining enabled

The blamed commit made the fatally incorrect assumption that ports which
aren't in the FORWARDING STP state should not have packets forwarded
towards them, and that is all that needs to be done.

However, that logic alone permits BLOCKING ports to forward to
FORWARDING ports, which of course allows packet storms to occur when
there is an L2 loop.

The ocelot_get_bridge_fwd_mask should not only ask "what can the bridge
do for you", but "what can you do for the bridge". This way, only
FORWARDING ports forward to the other FORWARDING ports from the same
bridging domain, and we are still compatible with the idea of multiple
bridges.

Fixes: df291e54ccca ("net: ocelot: support multiple bridges")
Suggested-by: Colin Foster <colin.foster@in-advantage.com>
Reported-by: Colin Foster <colin.foster@in-advantage.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Colin Foster <colin.foster@in-advantage.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/mscc/ocelot.c b/drivers/net/ethernet/mscc/ocelot.c
index 729ba826ba17c39e028e9f5e541ffd5d9b0b67aa..559177e6ded40754b138d0bc1e5fe425972a737c 100644 (file)
--- a/drivers/net/ethernet/mscc/ocelot.c
+++ b/drivers/net/ethernet/mscc/ocelot.c
@@ -1293,14 +1293,19 @@ static u32 ocelot_get_bond_mask(struct ocelot *ocelot, struct net_device *bond,
        return mask;
 }
 
-static u32 ocelot_get_bridge_fwd_mask(struct ocelot *ocelot,
+static u32 ocelot_get_bridge_fwd_mask(struct ocelot *ocelot, int src_port,
                                      struct net_device *bridge)
 {
+       struct ocelot_port *ocelot_port = ocelot->ports[src_port];
        u32 mask = 0;
        int port;
 
+       if (!ocelot_port || ocelot_port->bridge != bridge ||
+           ocelot_port->stp_state != BR_STATE_FORWARDING)
+               return 0;
+
        for (port = 0; port < ocelot->num_phys_ports; port++) {
-               struct ocelot_port *ocelot_port = ocelot->ports[port];
+               ocelot_port = ocelot->ports[port];
 
                if (!ocelot_port)
                        continue;
@@ -1366,7 +1371,7 @@ void ocelot_apply_bridge_fwd_mask(struct ocelot *ocelot)
                        struct net_device *bridge = ocelot_port->bridge;
                        struct net_device *bond = ocelot_port->bond;
 
-                       mask = ocelot_get_bridge_fwd_mask(ocelot, bridge);
+                       mask = ocelot_get_bridge_fwd_mask(ocelot, port, bridge);
                        mask |= cpu_fwd_mask;
                        mask &= ~BIT(port);
                        if (bond) {