| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Jul 2021 22:06:01 -0700
From: Jay Vosburgh <jay.vosburgh@...onical.com>
To: zhudi <zhudi21@...wei.com>
cc: vfalico@...il.com, kuba@...nel.org, davem@...emloft.net,
netdev@...r.kernel.org, rose.chen@...wei.com
Subject: Re: [PATCH] bonding: Avoid adding slave devices to inactive bonding
zhudi <zhudi21@...wei.com> wrote:
>We need to refuse to add slave devices to the bonding which does
>not set IFF_UP flag, otherwise some problems will be caused(such as
>bond_set_carrier() will not sync carrier state to upper net device).
>The ifenslave command can prevent such use case, but through the sysfs
>interface, slave devices can still be added regardless of whether
>the bonding is set with IFF_UP flag or not.
What specifically happens in the carrier state issue you
mention? Are there other specific issues?
As far as I can recall, adding interfaces to the bond while the
bond is down has worked for a very long time, so I'm concerned that
disabling that functionality will have impact on existing
configurations.
Also, to the best of my knowledge, the currently packaged
ifenslave programs are scripts that utilize the sysfs interface. I'm
unaware of current usage of the old C ifenslave program (removed from
the kernel source in 2013), although the kernel code should still
support it.
-J
>So we introduce a new BOND_OPTFLAG_IFUP flag to avoid adding slave
>devices to inactive bonding.
>
>Signed-off-by: zhudi <zhudi21@...wei.com>
>---
> drivers/net/bonding/bond_options.c | 4 +++-
> include/net/bond_options.h | 4 +++-
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/drivers/net/bonding/bond_options.c b/drivers/net/bonding/bond_options.c
>index 0cf25de6f46d..6d2f44b3528d 100644
>--- a/drivers/net/bonding/bond_options.c
>+++ b/drivers/net/bonding/bond_options.c
>@@ -387,7 +387,7 @@ static const struct bond_option bond_opts[BOND_OPT_LAST] = {
> .id = BOND_OPT_SLAVES,
> .name = "slaves",
> .desc = "Slave membership management",
>- .flags = BOND_OPTFLAG_RAWVAL,
>+ .flags = BOND_OPTFLAG_RAWVAL | BOND_OPTFLAG_IFUP,
> .set = bond_option_slaves_set
> },
> [BOND_OPT_TLB_DYNAMIC_LB] = {
>@@ -583,6 +583,8 @@ static int bond_opt_check_deps(struct bonding *bond,
> return -ENOTEMPTY;
> if ((opt->flags & BOND_OPTFLAG_IFDOWN) && (bond->dev->flags & IFF_UP))
> return -EBUSY;
>+ if ((opt->flags & BOND_OPTFLAG_IFUP) && !(bond->dev->flags & IFF_UP))
>+ return -EPERM;
>
> return 0;
> }
>diff --git a/include/net/bond_options.h b/include/net/bond_options.h
>index 9d382f2f0bc5..742f5cc81adf 100644
>--- a/include/net/bond_options.h
>+++ b/include/net/bond_options.h
>@@ -15,11 +15,13 @@
> * BOND_OPTFLAG_NOSLAVES - check if the bond device is empty before setting
> * BOND_OPTFLAG_IFDOWN - check if the bond device is down before setting
> * BOND_OPTFLAG_RAWVAL - the option parses the value itself
>+ * BOND_OPTFLAG_IFUP - check if the bond device is up before setting
> */
> enum {
> BOND_OPTFLAG_NOSLAVES = BIT(0),
> BOND_OPTFLAG_IFDOWN = BIT(1),
>- BOND_OPTFLAG_RAWVAL = BIT(2)
>+ BOND_OPTFLAG_RAWVAL = BIT(2),
>+ BOND_OPTFLAG_IFUP = BIT(3)
> };
>
> /* Value type flags:
>--
>2.27.0
>
---
-Jay Vosburgh, jay.vosburgh@...onical.com
Powered by blists - more mailing lists