| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Apr 2017 19:44:25 -0700
From: Greg Rose <gvrose8192@...il.com>
To: David Ahern <dsa@...ulusnetworks.com>
Cc: netdev@...r.kernel.org, rshearma@...cade.com
Subject: Re: [PATCH net-next] net: vrf: Do not allow looback to be moved to
a VRF
On Wed, 2017-04-26 at 07:58 -0700, David Ahern wrote:
> Moving the loopback into a VRF breaks networking for the default VRF.
> Since the VRF device is the loopback for VRF domains, there is no
> reason to move the loopback. Given the repercussions, block attempts
> to set lo into a VRF.
>
> Signed-off-by: David Ahern <dsa@...ulusnetworks.com>
> ---
> drivers/net/vrf.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
> index aa5d30428bba..ceda5861da78 100644
> --- a/drivers/net/vrf.c
> +++ b/drivers/net/vrf.c
> @@ -877,6 +877,12 @@ static int do_vrf_add_slave(struct net_device *dev, struct net_device *port_dev)
> {
> int ret;
>
> + /* do not allow loopback device to be enslaved to a VRF.
> + * The vrf device acts as the loopback for the vrf.
> + */
> + if (port_dev == dev_net(dev)->loopback_dev)
> + return -EOPNOTSUPP;
> +
> port_dev->priv_flags |= IFF_L3MDEV_SLAVE;
> ret = netdev_master_upper_dev_link(port_dev, dev, NULL, NULL);
> if (ret < 0)
I think that's a great idea.
Reviewed-by: Greg Rose <gvrose8192@...il.com>
Powered by blists - more mailing lists