lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 07 Dec 2009 19:24:57 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Andy Gospodarek <andy@...yhouse.net>
CC:	Jay Vosburgh <fubar@...ibm.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next-2.6] bonding: allow arp_ip_targets to be on a
 separate vlan from bond device

Andy Gospodarek a écrit :

>> Jay,
>>
>> The issue was that that orig_dev was getting set to the active slave, so
>> your running tcpdump on the active slave made the conditional inside
>> this loop:
>>
>>         list_for_each_entry_rcu(ptype, &ptype_all, list) {
>>                 if (ptype->dev == null_or_orig || ptype->dev == skb->dev ||
>>                     ptype->dev == orig_dev) {
>>                         if (pt_prev)
>>                                 ret = deliver_skb(skb, pt_prev, orig_dev);
>>                         pt_prev = ptype;
>>                 }
>>         }
>>
>> hit and deliver_skb was being called for all traffic coming toward
>> bond0.<vid>.  I'm not completely happy with this solutoin, but I think
>> it resolves both the original problem I was trying to solve and the
>> regression you discovered with your original patch.  Let me know if you
>> see everything working now like I do.
>>
>> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>> index 726bd75..b1e3b2f 100644
>> --- a/drivers/net/bonding/bond_main.c
>> +++ b/drivers/net/bonding/bond_main.c
>> @@ -2697,6 +2697,19 @@ static int bond_arp_rcv(struct sk_buff *skb, struct net_device *dev, struct pack
>>  	bond = netdev_priv(dev);
>>  	read_lock(&bond->lock);
>>  
>> +	/*
>> +	 * We may have dev passed in as a vlan device, so make sure to get to the
>> +	 * core netdev before continuing.
>> +	 */
>> +	if (dev->priv_flags & IFF_802_1Q_VLAN) {
>> +		dev = vlan_dev_real_dev(dev);
>> +		/*
>> +		 * Don't necessarily trust passed in orig_dev since vlan accelerated
>> +		 * netdevs and bonding don't play well together.
>> +		 */
>> +		orig_dev = __dev_get_by_index(dev_net(skb->dev),skb->skb_iif);
>> +	}
>> +

> 
> Any thoughts on the updated patch, Jay?

Unfortunately you still use __dev_get_by_index()
in a non safe context.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists