From patchwork Thu Feb 22 07:51:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oleksij Rempel X-Patchwork-Id: 204586 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:aa16:b0:108:e6aa:91d0 with SMTP id by22csp93330dyb; Wed, 21 Feb 2024 23:51:43 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUA6pgqmYjMOYOEyD1HFIn7tLFpkQK1yah90VA8rZZLceVenrIDT1HUqcZWfijgbKsDLmx8nFWXEDJCeIC0KMyc8yAAXg== X-Google-Smtp-Source: AGHT+IEJIuAX0CL1QHCvv8SzFxGwncmXSVtkeXIwT0eLe1ewQmO5nXjYRvfQMBbfAMjxta2NaMKT X-Received: by 2002:a17:906:378e:b0:a3e:fce7:9393 with SMTP id n14-20020a170906378e00b00a3efce79393mr4553049ejc.10.1708588303720; Wed, 21 Feb 2024 23:51:43 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708588303; cv=pass; d=google.com; s=arc-20160816; b=aGNqQs1mW+BqOKh1loxWWtp4dLIX2KaVerMHsoy5ynB5TMuUMWxTV8GzD5KfYSawKH K7dUdQRb+ADZ/UciSO7bJpPWmaTm8AoT3i3lKvTuE6JCSwfX7rlpvuhRWJzVgEEVwo3f bqIF/bftVuqayCfvk+jIEWi8z/bkfEwCLfEu7wmWCUgHEuwgqHnIn8wSxb3Lqf5g4o81 CRSyTuxWmJjY4kBAYs3EQt8cokkBQsmaAUMvjEsn78JAS8BpL4QO/xSf0Gq83HJjSH45 t88VNT8Z2NzijsYe3KcnVyOj4qsdb72o9Ote7Alv/WS3St4PI5kyBQq7nf3UToSBptub yubA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=w9b8zugrpI2ftkqviMA9jBhu6w8uZuMPREgqMBVp5sg=; fh=M1qfrahb/qW7n6G/0kHpmUybK+Ky3Jq5+sps382+aZ4=; b=HsDHCLnxQKwtf65q3pvMmopHKPewV9WlR0zSVFcVgEIvocWx/qCSTMh3WT8HVR6rvv 0LJm+VAGEpEXvuScna9pw0UMn+pgA5K7BrHZO9SvyeWFF/Lup8DJfNnEIRCE0CGaWuWI UX5pp0KkTN42zNtL1GEWv4LVLZoEGo/9ap5UptUaOvamyAKx5bsAUJBYF2Wtt1uHUcAn UtkwwU1A9GlIkeEA9WL7jlEkA/ffONGC5WGYb6riIP1AmCXy461GTqObYzvMDb6BLcjQ Tz5KB5eh8WQ2b9JHYllt2Ko5l43U1+bB0sMh+X+RFA1mtl4N4oMSx8BaB+KnsxeMvxDI OGIw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=pengutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-76028-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76028-ouuuleilei=gmail.com@vger.kernel.org" Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id pk18-20020a170906d7b200b00a3ea08a5d9csi3516977ejb.54.2024.02.21.23.51.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 23:51:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-76028-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=pengutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-76028-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76028-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id E6EAC1F216B6 for ; Thu, 22 Feb 2024 07:51:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 27BF917BDF; Thu, 22 Feb 2024 07:51:26 +0000 (UTC) Received: from metis.whiteo.stw.pengutronix.de (metis.whiteo.stw.pengutronix.de [185.203.201.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 58F5B1799F for ; Thu, 22 Feb 2024 07:51:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.203.201.7 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708588284; cv=none; b=ueoqyAD3VQt6AtjfEQwPxeBSV+Besf5X/meWV1W1d6hPsQlgQ0ctjDJU0parX7+fq0eX+GUhawk8xv078zokdVbOqhu8bGOUB8LYnWt4EhUJoLP6uiJR15Nqwmpm0KsQ4jsArtvE7GldJKJN+dutlLfR5MBQaPOAgQ5n5/YwMAc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708588284; c=relaxed/simple; bh=YABI2wY90F4ti0YQ+FYf2izsdH0x6Nl4/AuuHydNCm8=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=RlTGNuVw0noz9OZ/1R2WGIwv8KYq2rdBu2pdl9UrBBz5FIUnByErgzeKwSz+go3A1/rhcU95VG9A6s0Max4YSI0sP14bQ4bQV8MoTK470nHCkSY03ixgMRVAdqH38IZ4PNBFtvL7f2MQQRUXgMsRErCpf5Ok2j7P1JwXadgX080= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de; spf=pass smtp.mailfrom=pengutronix.de; arc=none smtp.client-ip=185.203.201.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pengutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pengutronix.de Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rd3rP-0007Wg-9I; Thu, 22 Feb 2024 08:51:15 +0100 Received: from [2a0a:edc0:0:1101:1d::ac] (helo=dude04.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rd3rO-002Bn0-D6; Thu, 22 Feb 2024 08:51:14 +0100 Received: from ore by dude04.red.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1rd3rO-00Al9r-16; Thu, 22 Feb 2024 08:51:14 +0100 From: Oleksij Rempel To: "David S. Miller" , Andrew Lunn , Eric Dumazet , Florian Fainelli , Jakub Kicinski , Paolo Abeni , Vladimir Oltean , Woojung Huh , Arun Ramadoss Cc: Oleksij Rempel , kernel@pengutronix.de, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, UNGLinuxDriver@microchip.com Subject: [PATCH net-next v3 1/1] net: dsa: microchip: Add support for bridge port isolation Date: Thu, 22 Feb 2024 08:51:13 +0100 Message-Id: <20240222075113.2564540-1-o.rempel@pengutronix.de> X-Mailer: git-send-email 2.39.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: ore@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791500597003417693 X-GMAIL-MSGID: 1791584688918741308 Implement bridge port isolation for KSZ switches. Enabling the isolation of switch ports from each other while maintaining connectivity with the CPU and other forwarding ports. For instance, to isolate swp1 and swp2 from each other, use the following commands: - bridge link set dev swp1 isolated on - bridge link set dev swp2 isolated on Signed-off-by: Oleksij Rempel Acked-by: Arun Ramadoss --- changes v3: - fix documentation changes v2: - add comments and new lines --- drivers/net/dsa/microchip/ksz_common.c | 55 +++++++++++++++++++++++--- drivers/net/dsa/microchip/ksz_common.h | 1 + 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/drivers/net/dsa/microchip/ksz_common.c b/drivers/net/dsa/microchip/ksz_common.c index 7cd37133ec05..d58cc685478b 100644 --- a/drivers/net/dsa/microchip/ksz_common.c +++ b/drivers/net/dsa/microchip/ksz_common.c @@ -1898,6 +1898,29 @@ static void ksz_get_strings(struct dsa_switch *ds, int port, } } +/** + * ksz_update_port_member - Adjust port forwarding rules based on STP state and + * isolation settings. + * @dev: A pointer to the struct ksz_device representing the device. + * @port: The port number to adjust. + * + * This function dynamically adjusts the port membership configuration for a + * specified port and other device ports, based on Spanning Tree Protocol (STP) + * states and port isolation settings. Each port, including the CPU port, has a + * membership register, represented as a bitfield, where each bit corresponds + * to a port number. A set bit indicates permission to forward frames to that + * port. This function iterates over all ports, updating the membership register + * to reflect current forwarding permissions: + * + * 1. Forwards frames only to ports that are part of the same bridge group and + * in the BR_STATE_FORWARDING state. + * 2. Takes into account the isolation status of ports; ports in the + * BR_STATE_FORWARDING state with BR_ISOLATED configuration will not forward + * frames to each other, even if they are in the same bridge group. + * 3. Ensures that the CPU port is included in the membership based on its + * upstream port configuration, allowing for management and control traffic + * to flow as required. + */ static void ksz_update_port_member(struct ksz_device *dev, int port) { struct ksz_port *p = &dev->ports[port]; @@ -1926,7 +1949,14 @@ static void ksz_update_port_member(struct ksz_device *dev, int port) if (other_p->stp_state != BR_STATE_FORWARDING) continue; - if (p->stp_state == BR_STATE_FORWARDING) { + /* At this point we know that "port" and "other" port [i] are in + * the same bridge group and that "other" port [i] is in + * forwarding stp state. If "port" is also in forwarding stp + * state, we can allow forwarding from port [port] to port [i]. + * Except if both ports are isolated. + */ + if (p->stp_state == BR_STATE_FORWARDING && + !(p->isolated && other_p->isolated)) { val |= BIT(port); port_member |= BIT(i); } @@ -1945,8 +1975,19 @@ static void ksz_update_port_member(struct ksz_device *dev, int port) third_p = &dev->ports[j]; if (third_p->stp_state != BR_STATE_FORWARDING) continue; + third_dp = dsa_to_port(ds, j); - if (dsa_port_bridge_same(other_dp, third_dp)) + + /* Now we updating relation of the "other" port [i] to + * the "third" port [j]. We already know that "other" + * port [i] is in forwarding stp state and that "third" + * port [j] is in forwarding stp state too. + * We need to check if "other" port [i] and "third" port + * [j] are in the same bridge group and not isolated + * before allowing forwarding from port [i] to port [j]. + */ + if (dsa_port_bridge_same(other_dp, third_dp) && + !(other_p->isolated && third_p->isolated)) val |= BIT(j); } @@ -2699,7 +2740,7 @@ static int ksz_port_pre_bridge_flags(struct dsa_switch *ds, int port, struct switchdev_brport_flags flags, struct netlink_ext_ack *extack) { - if (flags.mask & ~BR_LEARNING) + if (flags.mask & ~(BR_LEARNING | BR_ISOLATED)) return -EINVAL; return 0; @@ -2712,8 +2753,12 @@ static int ksz_port_bridge_flags(struct dsa_switch *ds, int port, struct ksz_device *dev = ds->priv; struct ksz_port *p = &dev->ports[port]; - if (flags.mask & BR_LEARNING) { - p->learning = !!(flags.val & BR_LEARNING); + if (flags.mask & (BR_LEARNING | BR_ISOLATED)) { + if (flags.mask & BR_LEARNING) + p->learning = !!(flags.val & BR_LEARNING); + + if (flags.mask & BR_ISOLATED) + p->isolated = !!(flags.val & BR_ISOLATED); /* Make the change take effect immediately */ ksz_port_stp_state_set(ds, port, p->stp_state); diff --git a/drivers/net/dsa/microchip/ksz_common.h b/drivers/net/dsa/microchip/ksz_common.h index a3f69a036fa9..fb76637596fc 100644 --- a/drivers/net/dsa/microchip/ksz_common.h +++ b/drivers/net/dsa/microchip/ksz_common.h @@ -111,6 +111,7 @@ struct ksz_switch_macaddr { struct ksz_port { bool remove_tag; /* Remove Tag flag set, for ksz8795 only */ bool learning; + bool isolated; int stp_state; struct phy_device phydev;