lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Jul 2021 11:35:05 +0800
From:   zhudi <zhudi21@...wei.com>
To:     <j.vosburgh@...il.com>, <vfalico@...il.com>, <kuba@...nel.org>,
        <davem@...emloft.net>
CC:     <netdev@...r.kernel.org>, <zhudi21@...wei.com>,
        <rose.chen@...wei.com>
Subject: [PATCH] bonding: Avoid adding slave devices to inactive bonding

We need to refuse to add slave devices to the bonding which does
not set IFF_UP flag, otherwise some problems will be caused(such as
bond_set_carrier() will not sync carrier state to upper net device).
The ifenslave command can prevent such use case, but through the sysfs
interface, slave devices can still be added regardless of whether
the bonding is set with IFF_UP flag or not.

So we introduce a new BOND_OPTFLAG_IFUP flag to avoid adding slave
devices to inactive bonding.

Signed-off-by: zhudi <zhudi21@...wei.com>
---
 drivers/net/bonding/bond_options.c | 4 +++-
 include/net/bond_options.h         | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/net/bonding/bond_options.c b/drivers/net/bonding/bond_options.c
index 0cf25de6f46d..6d2f44b3528d 100644
--- a/drivers/net/bonding/bond_options.c
+++ b/drivers/net/bonding/bond_options.c
@@ -387,7 +387,7 @@ static const struct bond_option bond_opts[BOND_OPT_LAST] = {
 		.id = BOND_OPT_SLAVES,
 		.name = "slaves",
 		.desc = "Slave membership management",
-		.flags = BOND_OPTFLAG_RAWVAL,
+		.flags = BOND_OPTFLAG_RAWVAL | BOND_OPTFLAG_IFUP,
 		.set = bond_option_slaves_set
 	},
 	[BOND_OPT_TLB_DYNAMIC_LB] = {
@@ -583,6 +583,8 @@ static int bond_opt_check_deps(struct bonding *bond,
 		return -ENOTEMPTY;
 	if ((opt->flags & BOND_OPTFLAG_IFDOWN) && (bond->dev->flags & IFF_UP))
 		return -EBUSY;
+	if ((opt->flags & BOND_OPTFLAG_IFUP) && !(bond->dev->flags & IFF_UP))
+		return -EPERM;
 
 	return 0;
 }
diff --git a/include/net/bond_options.h b/include/net/bond_options.h
index 9d382f2f0bc5..742f5cc81adf 100644
--- a/include/net/bond_options.h
+++ b/include/net/bond_options.h
@@ -15,11 +15,13 @@
  * BOND_OPTFLAG_NOSLAVES - check if the bond device is empty before setting
  * BOND_OPTFLAG_IFDOWN - check if the bond device is down before setting
  * BOND_OPTFLAG_RAWVAL - the option parses the value itself
+ * BOND_OPTFLAG_IFUP - check if the bond device is up before setting
  */
 enum {
 	BOND_OPTFLAG_NOSLAVES	= BIT(0),
 	BOND_OPTFLAG_IFDOWN	= BIT(1),
-	BOND_OPTFLAG_RAWVAL	= BIT(2)
+	BOND_OPTFLAG_RAWVAL	= BIT(2),
+	BOND_OPTFLAG_IFUP	= BIT(3)
 };
 
 /* Value type flags:
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ