Re: [PATCH net-next v2 02/12] net: dsa: vsc73xx: Add vlan filtering

[Vladimir Oltean]

On Wed, Jun 19, 2024 at 10:52:08PM +0200, Pawel Dembicki wrote:
> +	vsc73xx_vlan = vsc73xx_bridge_vlan_find(vsc, vlan->vid);
> +
> +	if (!vsc73xx_vlan) {
> +		vsc73xx_vlan = kzalloc(sizeof(*vsc73xx_vlan), GFP_KERNEL);
> +		if (!vsc73xx_vlan)
> +			return -ENOMEM;
> +
> +		vsc73xx_vlan->vid = vlan->vid;
> +		vsc73xx_vlan->portmask = 0;
> +		vsc73xx_vlan->untagged = 0;
> +
> +		list_add_tail(&vsc73xx_vlan->list, &vsc->vlans);
> +	}
> +
> +	/* CPU port must be always tagged because port separation is based on
> +	 * tag_8021q.
> +	 */
> +	if (port == CPU_PORT)
> +		goto update_vlan_table;
> +
> +	vsc73xx_vlan->portmask |= BIT(port);

This does not look correctly handled.

The CPU port is not recorded in the portmask of the newly created VLAN,
because of the early goto.

So the VLAN structure will be freed from memory earlier than expected
when it is deleted from a user port. Then the reference to the
corresponding VLAN on the CPU port from the hardware VLAN table is lost.