lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 28 Jun 2016 04:20:31 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	jay.vosburgh@...onical.com
Cc:	netdev@...r.kernel.org, veli-matti.lintu@...nsys.fi,
	vfalico@...il.com, gospo@...ulusnetworks.com, zyjzyj2000@...il.com
Subject: Re: [PATCH net] bonding: fix 802.3ad aggregator reselection

From: Jay Vosburgh <jay.vosburgh@...onical.com>
Date: Thu, 23 Jun 2016 14:20:51 -0700

> 
> 	Since commit 7bb11dc9f59d ("bonding: unify all places where
> actor-oper key needs to be updated."), the logic in bonding to handle
> selection between multiple aggregators has not functioned.
> 
> 	This affects only configurations wherein the bonding slaves
> connect to two discrete aggregators (e.g., two independent switches, each
> with LACP enabled), thus creating two separate aggregation groups within a
> single bond.
> 
> 	The cause is a change in 7bb11dc9f59d to no longer set
> AD_PORT_BEGIN on a port after a link state change, which would cause the
> port to be reselected for attachment to an aggregator as if were newly
> added to the bond.  We cannot restore the prior behavior, as it
> contradicts IEEE 802.1AX 5.4.12, which requires ports that "become
> inoperable" (lose carrier, setting port_enabled=false as per 802.1AX
> 5.4.7) to remain selected (i.e., assigned to the aggregator).  As the port
> now remains selected, the aggregator selection logic is not invoked.
> 
> 	A side effect of this change is that aggregators in bonding will
> now contain ports that are link down.  The aggregator selection logic
> does not currently handle this situation correctly, causing incorrect
> aggregator selection.
> 
> 	This patch makes two changes to repair the aggregator selection
> logic in bonding to function as documented and within the confines of the
> standard:
> 
> 	First, the aggregator selection and related logic now utilizes the
> number of active ports per aggregator, not the number of selected ports
> (as some selected ports may be down).  The ad_select "bandwidth" and
> "count" options only consider ports that are link up.
> 
> 	Second, on any carrier state change of any slave, the aggregator
> selection logic is explicitly called to insure the correct aggregator is
> active.
> 
> Reported-by: Veli-Matti Lintu <veli-matti.lintu@...nsys.fi>
> Fixes: 7bb11dc9f59d ("bonding: unify all places where actor-oper key needs to be updated.")
> Signed-off-by: Jay Vosburgh <jay.vosburgh@...onical.com>

Applied and queued up for -stable, thanks Jay.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ