| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56BFE845.30608@huawei.com>
Date: Sun, 14 Feb 2016 10:36:53 +0800
From: Ding Tianhong <dingtianhong@...wei.com>
To: Jay Vosburgh <jay.vosburgh@...onical.com>,
<netdev@...r.kernel.org>,
"Tantilov, Emil S" <emil.s.tantilov@...el.com>,
zhuyj <zyjzyj2000@...il.com>
CC: Veaceslav Falico <vfalico@...il.com>,
Andy Gospodarek <gospo@...ulusnetworks.com>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH v2 net] bonding: don't use stale speed and duplex
information
On 2016/2/9 4:10, Jay Vosburgh wrote:
>
> There is presently a race condition between the bonding periodic
> link monitor and the updating of a slave's speed and duplex. The former
> occurs on a periodic basis, and the latter in response to a driver's
> calling of netif_carrier_on.
>
> It is possible for the periodic monitor to run between the
> driver call of netif_carrier_on and the receipt of the NETDEV_CHANGE
> event that causes bonding to update the slave's speed and duplex. This
> manifests most notably as a report that a slave is up and "0 Mbps full
> duplex" after enslavement, but in principle could report an incorrect
> speed and duplex after any link up event if the device comes up with a
> different speed or duplex. This affects the 802.3ad aggregator
> selection, as the speed and duplex are selection criteria.
>
> This is fixed by updating the speed and duplex in the periodic
> monitor, prior to using that information.
>
> This was done historically in bonding, but the call to
> bond_update_speed_duplex was removed in commit 876254ae2758 ("bonding:
> don't call update_speed_duplex() under spinlocks"), as it might sleep
> under lock. Later, the locking was changed to only hold RTNL, and so
> after commit 876254ae2758 ("bonding: don't call update_speed_duplex()
> under spinlocks") this call is again safe.
>
> Tested-by: "Tantilov, Emil S" <emil.s.tantilov@...el.com>
> Cc: Veaceslav Falico <vfalico@...il.com>
> Cc: dingtianhong <dingtianhong@...wei.com>
> Fixes: 876254ae2758 ("bonding: don't call update_speed_duplex() under spinlocks")
> Signed-off-by: Jay Vosburgh <jay.vosburgh@...onical.com>
Acked-by: Ding Tianhong <dingtianhong@...wei.com>
>
> ---
>
> v2: Correct Veaceslav's email address
>
> Note: The "Fixes" commit is the commit that makes this operation safe
> again, not the commit that originally introduced the race. I don't see
> any simple way to resolve this bug between these two commits.
>
> drivers/net/bonding/bond_main.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 56b560558884..cabaeb61333d 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -2127,6 +2127,7 @@ static void bond_miimon_commit(struct bonding *bond)
> continue;
>
> case BOND_LINK_UP:
> + bond_update_speed_duplex(slave);
> bond_set_slave_link_state(slave, BOND_LINK_UP,
> BOND_SLAVE_NOTIFY_NOW);
> slave->last_link_up = jiffies;
>
Powered by blists - more mailing lists