lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 20 Feb 2015 15:14:00 -0800
From:	Jay Vosburgh <jay.vosburgh@...onical.com>
To:	Alexey Dobriyan <adobriyan@...il.com>
cc:	davem@...emloft.net, vfalico@...il.com, andy@...yhouse.net,
	netdev@...r.kernel.org
Subject: Re: [PATCH] bonding: ban stacked bonding support

Alexey Dobriyan <adobriyan@...il.com> wrote:

>Does Linux support it at all?
>
>In short: if you add bonding master as a slave, and then release it,
>it will no longer be a IFF_BONDING creating problems like described at
>https://bugzilla.kernel.org/show_bug.cgi?id=89541
>
>	echo +bond1 >/sys/class/net/bonding_masters
>	echo 1 >/sys/class/net/bond1/bonding/mode
>	echo +bond2 >/sys/class/net/bonding_masters
>	echo +bond2 >/sys/class/net/bond1/bonding/slaves
>	echo -bond2 >/sys/class/net/bond1/bonding/slaves
>	echo -bond2 >/sys/class/net/bonding_masters
>
>	cat /proc/net/bonding/bond2		# should not exist
>		[oops]
>
>Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>

	I think it's time to disallow stacking like this; it never
really worked quite right as far as I can remember, and I thought it was
disallowed at some point in the past.  I don't believe the stacked bonds
function correctly for receive in the current kernel, either, although
I'd have to test it again to confirm that.

	The usual case for desiring to stack bonds is an active-backup
pair of LACP / 802.3ad bonds (such as the bugzilla referenced above),
but the 802.3ad mode handles this situation internally, so no stack is
necessary.

>---
>
> drivers/net/bonding/bond_main.c |    5 +++++
> 1 file changed, 5 insertions(+)
>
>--- a/drivers/net/bonding/bond_main.c
>+++ b/drivers/net/bonding/bond_main.c
>@@ -1248,6 +1248,11 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev)
> 			    slave_dev->name);
> 	}
> 
>+	if (slave_dev->flags & IFF_MASTER) {
>+		netdev_dbg(bond_dev, "stacked bonding not supported\n");
>+		return -EBUSY;
>+	}
>+
> 	/* already enslaved */
> 	if (slave_dev->flags & IFF_SLAVE) {
> 		netdev_dbg(bond_dev, "Error: Device was already enslaved\n");

	Instead of a separate block for IFF_MASTER, the IFF_SLAVE line
could be replaced with something like:

	if (netif_is_bond_slave(slave_dev) || netif_is_bond_master(slave_dev)) {
		netdev_dbg(bond_dev, "Error: Device is bond slave or master\n");

	With that caveat:

Signed-off-by: Jay Vosburgh <jay.vosburgh@...onical.com>

	This is probably a good candidate for -stable as well.

	-J

---
	-Jay Vosburgh, jay.vosburgh@...onical.com
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ