lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240918083533.21093-1-liuhangbin@gmail.com>
Date: Wed, 18 Sep 2024 08:35:33 +0000
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Jay Vosburgh <jv@...sburgh.net>,
	Andy Gospodarek <andy@...yhouse.net>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Jarod Wilson <jarod@...hat.com>,
	Nikolay Aleksandrov <razor@...ckwall.org>,
	Simon Horman <horms@...nel.org>,
	linux-kernel@...r.kernel.org,
	Hangbin Liu <liuhangbin@...il.com>
Subject: [PATCH net] Bonding: update bond device XFRM features based on current active slave

XFRM offload is supported in active-backup mode. However, if the current
active slave does not support it, we should disable it on bond device.
Otherwise, ESP traffic may fail due to the downlink not supporting the
feature.

Reproducer:
  # ip link add bond0 type bond
  # ip link add type veth
  # ip link set bond0 type bond mode 1 miimon 100
  # ip link set veth0 master bond0
  # ethtool -k veth0 | grep esp
  tx-esp-segmentation: off [fixed]
  esp-hw-offload: off [fixed]
  esp-tx-csum-hw-offload: off [fixed]
  # ethtool -k bond0 | grep esp
  tx-esp-segmentation: on
  esp-hw-offload: on
  esp-tx-csum-hw-offload: on

After fix:
  # ethtool -k bond0 | grep esp
  tx-esp-segmentation: off [requested on]
  esp-hw-offload: off [requested on]
  esp-tx-csum-hw-offload: off [requested on]

Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load")
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
 drivers/net/bonding/bond_main.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index b560644ee1b1..33f7fde15c65 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1353,6 +1353,10 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active)
 				call_netdevice_notifiers(NETDEV_NOTIFY_PEERS,
 							 bond->dev);
 			}
+
+#ifdef CONFIG_XFRM_OFFLOAD
+			netdev_update_features(bond->dev);
+#endif /* CONFIG_XFRM_OFFLOAD */
 		}
 	}
 
@@ -1524,6 +1528,11 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
 		features = netdev_increment_features(features,
 						     slave->dev->features,
 						     mask);
+#ifdef CONFIG_XFRM_OFFLOAD
+		if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
+		    slave == rtnl_dereference(bond->curr_active_slave))
+			features &= slave->dev->features & BOND_XFRM_FEATURES;
+#endif /* CONFIG_XFRM_OFFLOAD */
 	}
 	features = netdev_add_tso_features(features, mask);
 
-- 
2.39.3 (Apple Git-146)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ