lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a475dfac-3bd7-4877-bab4-3c08259501c2@blackwall.org>
Date: Wed, 18 Sep 2024 12:40:27 +0300
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Hangbin Liu <liuhangbin@...il.com>, netdev@...r.kernel.org
Cc: Jay Vosburgh <jv@...sburgh.net>, Andy Gospodarek <andy@...yhouse.net>,
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 Jarod Wilson <jarod@...hat.com>, Simon Horman <horms@...nel.org>,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] Bonding: update bond device XFRM features based on
 current active slave

On 18/09/2024 11:35, Hangbin Liu wrote:
> XFRM offload is supported in active-backup mode. However, if the current
> active slave does not support it, we should disable it on bond device.
> Otherwise, ESP traffic may fail due to the downlink not supporting the
> feature.
> 
> Reproducer:
>   # ip link add bond0 type bond
>   # ip link add type veth
>   # ip link set bond0 type bond mode 1 miimon 100
>   # ip link set veth0 master bond0
>   # ethtool -k veth0 | grep esp
>   tx-esp-segmentation: off [fixed]
>   esp-hw-offload: off [fixed]
>   esp-tx-csum-hw-offload: off [fixed]
>   # ethtool -k bond0 | grep esp
>   tx-esp-segmentation: on
>   esp-hw-offload: on
>   esp-tx-csum-hw-offload: on
> 
> After fix:
>   # ethtool -k bond0 | grep esp
>   tx-esp-segmentation: off [requested on]
>   esp-hw-offload: off [requested on]
>   esp-tx-csum-hw-offload: off [requested on]
> 
> Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
> ---
>  drivers/net/bonding/bond_main.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index b560644ee1b1..33f7fde15c65 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
>  				call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
>  							 bond->dev);
>  			}
> +
> +#ifdef CONFIG_XFRM_OFFLOAD
> +			netdev_update_features(bond->dev);
> +#endif /* CONFIG_XFRM_OFFLOAD */
>  		}
>  	}
>  
> @@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
>  		features = netdev_increment_features(features,
>  						     slave->dev->features,
>  						     mask);
> +#ifdef CONFIG_XFRM_OFFLOAD
> +		if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
> +		    slave == rtnl_dereference(bond->curr_active_slave))
> +			features &= slave->dev->features & BOND_XFRM_FEATURES;
> +#endif /* CONFIG_XFRM_OFFLOAD */
>  	}
>  	features = netdev_add_tso_features(features, mask);
>  

Nice catch,
Reviewed-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ