lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  5 Dec 2022 12:46:05 -0500
From:   Xin Long <lucien.xin@...il.com>
To:     network dev <netdev@...r.kernel.org>
Cc:     davem@...emloft.net, kuba@...nel.org,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, Jiri Pirko <jiri@...nulli.us>,
        LiLiang <liali@...hat.com>
Subject: [PATCH net] team: prevent ipv6 link local address on port devices

The similar fix from commit c2edacf80e15 ("bonding / ipv6: no addrconf
for slaves separately from master") is also needed in Team. Otherwise,
DAD and RS packets to be sent from the slaves in turn can confuse the
switches and cause them to incorrectly update their forwarding tables
as Liang noticed in the test with activebackup mode.

Note that the patch also sets IFF_MASTER flag for Team dev accordingly
while IFF_SLAVE flag is set for port devs. Although IFF_MASTER flag is
not really used in Team, it's good to show in 'ip link':

  eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP>
  team0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP>

Fixes: 3d249d4ca7d0 ("net: introduce ethernet teaming device")
Reported-by: LiLiang <liali@...hat.com>
Signed-off-by: Xin Long <lucien.xin@...il.com>
---
 drivers/net/team/team.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 62ade69295a9..5b187913cfec 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -1127,6 +1127,7 @@ static void team_upper_dev_unlink(struct team *team, struct team_port *port)
 {
 	netdev_upper_dev_unlink(port->dev, team->dev);
 	port->dev->priv_flags &= ~IFF_TEAM_PORT;
+	port->dev->flags &= ~IFF_SLAVE;
 }
 
 static void __team_port_change_port_added(struct team_port *port, bool linkup);
@@ -1212,6 +1213,7 @@ static int team_port_add(struct team *team, struct net_device *port_dev,
 		goto err_port_enter;
 	}
 
+	port_dev->flags |= IFF_SLAVE;
 	err = dev_open(port_dev, extack);
 	if (err) {
 		netdev_dbg(dev, "Device %s opening failed\n",
@@ -1312,6 +1314,7 @@ static int team_port_add(struct team *team, struct net_device *port_dev,
 	dev_close(port_dev);
 
 err_dev_open:
+	port_dev->flags &= ~IFF_SLAVE;
 	team_port_leave(team, port);
 	team_port_set_orig_dev_addr(port);
 
@@ -2171,6 +2174,7 @@ static void team_setup(struct net_device *dev)
 	dev->ethtool_ops = &team_ethtool_ops;
 	dev->needs_free_netdev = true;
 	dev->priv_destructor = team_destructor;
+	dev->flags |= IFF_MASTER;
 	dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
 	dev->priv_flags |= IFF_NO_QUEUE;
 	dev->priv_flags |= IFF_TEAM;
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ