lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z_OcP36h_XOhAfjv@fedora>
Date: Mon, 7 Apr 2025 09:34:55 +0000
From: Hangbin Liu <liuhangbin@...il.com>
To: Jay Vosburgh <jv@...sburgh.net>
Cc: netdev@...r.kernel.org, Andrew Lunn <andrew+netdev@...n.ch>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Nikolay Aleksandrov <razor@...ckwall.org>,
	Simon Horman <horms@...nel.org>, Cosmin Ratiu <cratiu@...dia.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCHv2 net] bonding: use permanent address for MAC swapping if
 device address is same

On Fri, Apr 04, 2025 at 02:36:39PM -0700, Jay Vosburgh wrote:
> Hangbin Liu <liuhangbin@...il.com> wrote:
> 
> >Similar with a951bc1e6ba5 ("bonding: correct the MAC address for "follow"
> >fail_over_mac policy"). The fail_over_mac follow mode requires the formerly
> >active slave to swap MAC addresses with the newly active slave during
> >failover. However, the slave's MAC address can be same under certain
> >conditions:
> >
> >1) ip link set eth0 master bond0
> >   bond0 adopts eth0's MAC address (MAC0).
> >
> >1) ip link set eth1 master bond0
> >   eth1 is added as a backup with its own MAC (MAC1).
> >
> >3) ip link set eth0 nomaster
> >   eth0 is released and restores its MAC (MAC0).
> >   eth1 becomes the active slave, and bond0 assigns MAC0 to eth1.
> 
> 	This step leaves both the bond+eth1 and the independent eth0
> using the same MAC address.  There is a warning printed for this, and
> allowing the duplicated MAC address assignment has been the behavior for
> a very long time, and to my knowledge hasn't caused issues (I presume
> because swapping interfaces in and out of a bond willy nilly doesn't
> happen much outside of test cases).

Yes, until the NetworkManager become the default interface configuration tool
on some release. When set a slave down, the nmcli will remove the interface
from bond... This causes the issue to be triggered more often.

> >4) ip link set eth0 master bond0
> >   eth0 is re-added to bond0, but both eth0 and eth1 now have MAC0,
> >   breaking the follow policy.
> >
> >To resolve this issue, we need to swap the new active slave’s permanent
> >MAC address with the old one. The new active slave then uses the old
> >dev_addr, ensuring that it matches the bond address. After the fix:
> 
> 	Which interface is the "new active" in this situation?  Adding
> eth0 back into the bond should not cause a change of active, eth0 would
> be added as a backup.

When do fail-over, the "new active" literally. E.g.

> >5) ip link set bond0 type bond active_slave eth0
> >   dev_addr is the same, swap old active eth1's MAC (MAC0) with eth0.
> >   Swap new active eth0's permanent MAC (MAC0) to eth1.
> >   MAC addresses remain unchanged.

The new active slave is eth0 here.
> 
> 
> 	So this patch's change wouldn't actually resolve the MAC
> conflict until a failover takes place?  I.e., if we only do step 4 but
> not step 5 or 6, eth0 and eth1 will both have the same MAC address.  Am
> I understanding correctly?

Yes, you are right. At step 4, there is no failover, so eth0 is still using
it's own mac address. How about set the mac at enslave time, with this we
can get correct mac directly. e.g.

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 950d8e4d86f8..0d4e1ddd900d 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -2120,6 +2120,24 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev,
 			slave_err(bond_dev, slave_dev, "Error %d calling set_mac_address\n", res);
 			goto err_restore_mtu;
 		}
+	} else if (bond->params.fail_over_mac == BOND_FOM_FOLLOW &&
+		   BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
+		   memcmp(slave_dev->dev_addr, bond_dev->dev_addr, bond_dev->addr_len) == 0) {
+		/* Set slave to current active slave's permanent mac address to
+		 * avoid duplicate mac address.
+		 */
+		curr_active_slave = rcu_dereference(bond->curr_active_slave);
+		if (curr_active_slave) {
+			memcpy(ss.__data, curr_active_slave->perm_hwaddr,
+			       curr_active_slave->dev->addr_len);
+			ss.ss_family = slave_dev->type;
+			res = dev_set_mac_address(slave_dev, (struct sockaddr *)&ss,
+					extack);
+			if (res) {
+				slave_err(bond_dev, slave_dev, "Error %d calling set_mac_address\n", res);
+				goto err_restore_mtu;
+			}
+		}
 	}

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ