[PATCH AUTOSEL 7.0] dsa: tag_mxl862xx: set dsa_default_offload_fwd_mark()
From: Sasha Levin
Date: Mon Apr 20 2026 - 10:47:17 EST
From: Daniel Golle <daniel@xxxxxxxxxxxxxx>
[ Upstream commit 4250ff1640ea1ede99bfe02ca949acbcc6c0927f ]
The MxL862xx offloads bridge forwarding in hardware, so set
dsa_default_offload_fwd_mark() to avoid duplicate forwarding of
packets of (eg. flooded) frames arriving at the CPU port.
Link-local frames are directly trapped to the CPU port only, so don't
set dsa_default_offload_fwd_mark() on those.
Signed-off-by: Daniel Golle <daniel@xxxxxxxxxxxxxx>
Link: https://patch.msgid.link/e1161c90894ddc519c57dc0224b3a0f6bfa1d2d6.1775049897.git.daniel@xxxxxxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
LLM Generated explanations, may be completely bogus:
Now I have all the information needed for a complete analysis.
---
## PHASE 1: COMMIT MESSAGE FORENSICS
**Step 1.1: Subject Line**
- Subsystem: `dsa: tag_mxl862xx`
- Action: "set" (adding a missing call)
- Summary: Set `dsa_default_offload_fwd_mark()` in the MxL862xx DSA tag
RCV path to prevent duplicate forwarding.
**Step 1.2: Tags**
- `Signed-off-by: Daniel Golle` - author and original driver creator
- `Link:` - patch.msgid.link URL (standard for netdev)
- `Signed-off-by: Jakub Kicinski` - net maintainer applied the patch
- No Fixes: tag, no Reported-by:, no Cc: stable (expected for this
review)
**Step 1.3: Commit Body**
The message explains: MxL862xx offloads bridge forwarding in hardware.
Without `dsa_default_offload_fwd_mark()`, the software bridge doesn't
know the hardware already forwarded the packet, so it forwards again,
creating duplicate frames (especially flooded frames). Link-local frames
are trapped directly to the CPU and should NOT have the mark set.
**Step 1.4: Hidden Bug Fix**
This IS a real bug fix disguised as a "set" action. The missing offload
forward mark causes concrete packet duplication on the network.
## PHASE 2: DIFF ANALYSIS
**Step 2.1: Inventory**
- Files changed: 1 (`net/dsa/tag_mxl862xx.c`)
- Lines: +3 added, 0 removed
- Function modified: `mxl862_tag_rcv()`
**Step 2.2: Code Flow Change**
Before: `mxl862_tag_rcv()` identifies the source port, sets `skb->dev`,
strips the tag, returns. `skb->offload_fwd_mark` is never set (defaults
to 0/false).
After: Before stripping the tag, if the destination is NOT a link-local
address, `dsa_default_offload_fwd_mark(skb)` is called, which sets
`skb->offload_fwd_mark = !!(dp->bridge)`. This tells the software bridge
that hardware already forwarded this packet.
**Step 2.3: Bug Mechanism**
Category: Logic/correctness fix. The missing
`dsa_default_offload_fwd_mark()` call means
`nbp_switchdev_allowed_egress()` (in `net/bridge/br_switchdev.c` line
67-74) sees `offload_fwd_mark == 0` and allows the software bridge to
forward the packet AGAIN, even though the hardware switch already
forwarded it. This causes duplicate frames on bridged interfaces.
**Step 2.4: Fix Quality**
- Obviously correct: YES - this is the identical pattern used by ~15
other DSA tag drivers
- Minimal/surgical: YES - 3 lines
- Regression risk: Extremely low - the same pattern is well-tested
across all other DSA tag drivers
- The `is_link_local_ether_addr` guard is used identically by
`tag_brcm.c` (lines 179-180, 254-255)
## PHASE 3: GIT HISTORY INVESTIGATION
**Step 3.1: Blame**
All lines in `tag_mxl862xx.c` trace to commit `85ee987429027` ("net:
dsa: add tag format for MxL862xx switches"), which was in v7.0-rc1. The
bug has been present since the file was created.
**Step 3.2: No Fixes: tag** - N/A. The implicit target is
`85ee987429027`.
**Step 3.3: File History**
Only one commit touches this file: `85ee987429027` (the initial
creation). No intermediate fixes or refactoring.
**Step 3.4: Author**
Daniel Golle is the original author of the MxL862xx tag driver and the
MxL862xx DSA driver. He created the driver and is clearly the maintainer
of this code.
**Step 3.5: Dependencies**
No dependencies. The fix is standalone; `dsa_default_offload_fwd_mark()`
and `is_link_local_ether_addr()` both already exist in the tree. The
file hasn't changed since its introduction.
## PHASE 4: MAILING LIST
Lore.kernel.org was blocked by bot protection. However:
- b4 dig found the original driver submission at `https://patch.msgid.li
nk/c64e6ddb6c93a4fac39f9ab9b2d8bf551a2b118d.1770433307.git.daniel@makr
otopia.org` (v14 of the series, meaning extensive review)
- The fix was signed off by Jakub Kicinski, the net maintainer
- The original driver was Reviewed-by Vladimir Oltean (DSA maintainer) -
the missing `dsa_default_offload_fwd_mark()` was an oversight in the
original v14 series
## PHASE 5: CODE SEMANTIC ANALYSIS
**Step 5.1:** Function modified: `mxl862_tag_rcv()`
**Step 5.2: Callers**
`mxl862_tag_rcv` is registered as `.rcv` callback in
`mxl862_netdev_ops`. It's called by the DSA core on every packet
received from the switch. This is a HOT PATH for every single network
packet.
**Step 5.3/5.4:** `dsa_default_offload_fwd_mark()` sets
`skb->offload_fwd_mark` based on `dp->bridge` being non-NULL. This is
checked by `nbp_switchdev_allowed_egress()` in the bridge forwarding
path, which prevents duplicate forwarding.
**Step 5.5: Similar patterns**
The exact same pattern (`is_link_local` check +
`dsa_default_offload_fwd_mark`) is used in `tag_brcm.c`. The simpler
form (unconditional `dsa_default_offload_fwd_mark`) is used in 12+ other
tag drivers (`tag_ksz.c`, `tag_mtk.c`, `tag_ocelot.c`,
`tag_hellcreek.c`, `tag_rtl4_a.c`, `tag_rtl8_4.c`, `tag_rzn1_a5psw.c`,
`tag_xrs700x.c`, `tag_vsc73xx_8021q.c`, `tag_yt921x.c`, etc.).
## PHASE 6: STABLE TREE ANALYSIS
**Step 6.1: File existence in stable trees**
- `net/dsa/tag_mxl862xx.c` does NOT exist in v6.19 or any earlier kernel
- It was introduced in v7.0-rc1
- The fix is ONLY relevant for 7.0.y stable
**Step 6.2: Backport Complications**
The file in 7.0.y is identical to the v7.0-rc1/v7.0 version. The patch
will apply cleanly with no conflicts.
**Step 6.3: No related fixes already in stable.**
## PHASE 7: SUBSYSTEM CONTEXT
**Step 7.1:** Subsystem: Networking / DSA (Distributed Switch
Architecture). Criticality: IMPORTANT - affects users of MxL862xx
hardware switches.
**Step 7.2:** The MxL862xx driver is very new (added in 7.0-rc1), but
DSA as a subsystem is mature and actively developed.
## PHASE 8: IMPACT AND RISK ASSESSMENT
**Step 8.1: Who is affected**
All users of MxL862xx switches with bridged ports. This is
embedded/networking hardware.
**Step 8.2: Trigger conditions**
Every bridged packet received from the switch triggers this bug. Flooded
frames (broadcast, unknown unicast, multicast) are explicitly mentioned.
This is extremely common - essentially all normal network traffic when
using bridging.
**Step 8.3: Failure mode**
- Duplicate frames on the network for every bridged packet
- Potential broadcast storms (flooded frames duplicated endlessly)
- Network instability and degraded performance
- Severity: HIGH (network malfunction, not a crash, but makes bridging
essentially broken)
**Step 8.4: Risk-Benefit**
- BENEFIT: Very high - fixes completely broken bridge forwarding for
this hardware
- RISK: Very low - 3 lines, well-established pattern used by 15+ other
drivers, zero chance of regression
- Ratio: Strongly favorable
## PHASE 9: FINAL SYNTHESIS
**Evidence FOR backporting:**
1. Fixes a real, significant bug: duplicate forwarding of all bridged
packets
2. Tiny fix: 3 lines
3. Follows the exact same pattern as 15+ other DSA tag drivers (well-
tested)
4. Written by the original driver author
5. Applied by net maintainer Jakub Kicinski
6. Applies cleanly to 7.0.y
7. Zero regression risk
**Evidence AGAINST backporting:**
1. Only affects 7.0.y stable (file doesn't exist in earlier kernels)
2. No explicit Fixes: tag or Cc: stable (expected for reviewed commits)
3. MxL862xx is relatively new hardware (niche user base)
**Stable Rules Checklist:**
1. Obviously correct? YES - identical pattern to 15+ other tag drivers
2. Fixes a real bug? YES - duplicate forwarding of bridged packets
3. Important issue? YES - makes bridging non-functional (duplicate
frames, potential storms)
4. Small and contained? YES - 3 lines, one file
5. No new features? CORRECT - no new features
6. Applies to stable? YES - clean apply to 7.0.y
## Verification
- [Phase 1] Parsed tags: Signed-off-by Daniel Golle (author) and Jakub
Kicinski (net maintainer). No Fixes/Reported-by tags.
- [Phase 2] Diff analysis: 3 lines added in `mxl862_tag_rcv()`, adds
missing `dsa_default_offload_fwd_mark()` call with
`is_link_local_ether_addr` guard.
- [Phase 3] git blame: all code from `85ee987429027` (v7.0-rc1). Bug
present since file creation.
- [Phase 3] git log: only 1 commit touches `tag_mxl862xx.c`, no
intermediate changes.
- [Phase 3] Author is original driver creator (verified via blame + git
log --author).
- [Phase 4] b4 dig found original series: v14 of MxL862xx driver
submission. Reviewed by Vladimir Oltean.
- [Phase 4] Lore fetch blocked by bot protection; relied on b4 dig
results.
- [Phase 5] grep confirmed `dsa_default_offload_fwd_mark()` used by 15+
other DSA tag drivers with identical pattern.
- [Phase 5] `tag_brcm.c` uses exact same `is_link_local_ether_addr`
guard (lines 179-180, 254-255).
- [Phase 5] `nbp_switchdev_allowed_egress()` in `br_switchdev.c:67-74`
confirmed: uses `offload_fwd_mark` to suppress duplicate forwarding.
- [Phase 6] `git show v6.19.12:net/dsa/tag_mxl862xx.c` → "does not
exist". File only in 7.0+.
- [Phase 6] `git show v7.0:net/dsa/tag_mxl862xx.c` → file identical to
current HEAD, patch applies cleanly.
- [Phase 8] Failure mode: duplicate forwarding of all bridged frames,
severity HIGH.
**YES**
net/dsa/tag_mxl862xx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/dsa/tag_mxl862xx.c b/net/dsa/tag_mxl862xx.c
index 01f2158682718..8daefeb8d49df 100644
--- a/net/dsa/tag_mxl862xx.c
+++ b/net/dsa/tag_mxl862xx.c
@@ -86,6 +86,9 @@ static struct sk_buff *mxl862_tag_rcv(struct sk_buff *skb,
return NULL;
}
+ if (likely(!is_link_local_ether_addr(eth_hdr(skb)->h_dest)))
+ dsa_default_offload_fwd_mark(skb);
+
/* remove the MxL862xx special tag between the MAC addresses and the
* current ethertype field.
*/
--
2.53.0