lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250403085857.17868-2-liuhangbin@gmail.com>
Date: Thu,  3 Apr 2025 08:58:55 +0000
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Andrew Lunn <andrew+netdev@...n.ch>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>,
	Shuah Khan <shuah@...nel.org>,
	Xiao Liang <shaw.leon@...il.com>,
	Kuniyuki Iwashima <kuniyu@...zon.com>,
	Alexander Lobakin <aleksander.lobakin@...el.com>,
	Stanislav Fomichev <sdf@...ichev.me>,
	Venkat Venkatsubra <venkat.x.venkatsubra@...cle.com>,
	Etienne Champetier <champetier.etienne@...il.com>,
	Di Zhu <zhudi21@...wei.com>,
	Nikolay Aleksandrov <razor@...ckwall.org>,
	Travis Brown <travisb@...sta.com>,
	Suresh Krishnan <skrishnan@...sta.com>,
	linux-kselftest@...r.kernel.org,
	Hangbin Liu <liuhangbin@...il.com>
Subject: [PATCH net 1/3] ipvlan: fix NETDEV_UP/NETDEV_DOWN event handling

When setting the lower-layer link up/down, the ipvlan device synchronizes
its state via netif_stacked_transfer_operstate(), which only checks the
carrier state. However, setting the link down does not necessarily change
the carrier state for virtual interfaces like bonding. This causes the
ipvlan state to become out of sync with the lower-layer link state.

If the lower link and ipvlan are in the same namespace, this issue is
hidden because ip link show checks the link state in IFLA_LINK and has
a m_flag to control the state, displaying M-DOWN in the flags. However,
if the ipvlan and the lower link are in different namespaces, this
information is not available, and the ipvlan link state remains unchanged.
For example:

  1. Add an ipvlan over bond0.
  2. Move the ipvlan to a separate namespace and bring it up.
  3. Set bond0 link down.
  4. The ipvlan remains up.

This issue affects containers and pods, causing them to display an
incorrect link state for ipvlan. Fix this by explicitly changing the
IFF_UP flag, similar to how VLAN handles it.

Fixes: 57fb346cc7d0 ("ipvlan: Add handling of NETDEV_UP events")
Fixes: 229783970838 ("ipvlan: handle NETDEV_DOWN event")
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
 drivers/net/ipvlan/ipvlan_main.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 0ed2fd833a5d..2abe6ddc4d15 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -730,7 +730,7 @@ static int ipvlan_device_event(struct notifier_block *unused,
 	struct ipvl_dev *ipvlan, *next;
 	struct ipvl_port *port;
 	LIST_HEAD(lst_kill);
-	int err;
+	int flags, err;
 
 	if (!netif_is_ipvlan_port(dev))
 		return NOTIFY_DONE;
@@ -739,7 +739,25 @@ static int ipvlan_device_event(struct notifier_block *unused,
 
 	switch (event) {
 	case NETDEV_UP:
+		list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
+			flags = ipvlan->dev->flags;
+			if (flags & IFF_UP)
+				continue;
+			dev_change_flags(ipvlan->dev, flags | IFF_UP, extack);
+			netif_stacked_transfer_operstate(ipvlan->phy_dev,
+							 ipvlan->dev);
+		}
+		break;
 	case NETDEV_DOWN:
+		list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
+			flags = ipvlan->dev->flags;
+			if (!(flags & IFF_UP))
+				continue;
+			dev_close(ipvlan->dev);
+			netif_stacked_transfer_operstate(ipvlan->phy_dev,
+							 ipvlan->dev);
+		}
+		break;
 	case NETDEV_CHANGE:
 		list_for_each_entry(ipvlan, &port->ipvlans, pnode)
 			netif_stacked_transfer_operstate(ipvlan->phy_dev,
-- 
2.46.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ