| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250403085857.17868-2-liuhangbin@gmail.com>
Date: Thu, 3 Apr 2025 08:58:55 +0000
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>,
Shuah Khan <shuah@...nel.org>,
Xiao Liang <shaw.leon@...il.com>,
Kuniyuki Iwashima <kuniyu@...zon.com>,
Alexander Lobakin <aleksander.lobakin@...el.com>,
Stanislav Fomichev <sdf@...ichev.me>,
Venkat Venkatsubra <venkat.x.venkatsubra@...cle.com>,
Etienne Champetier <champetier.etienne@...il.com>,
Di Zhu <zhudi21@...wei.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Travis Brown <travisb@...sta.com>,
Suresh Krishnan <skrishnan@...sta.com>,
linux-kselftest@...r.kernel.org,
Hangbin Liu <liuhangbin@...il.com>
Subject: [PATCH net 1/3] ipvlan: fix NETDEV_UP/NETDEV_DOWN event handling
When setting the lower-layer link up/down, the ipvlan device synchronizes
its state via netif_stacked_transfer_operstate(), which only checks the
carrier state. However, setting the link down does not necessarily change
the carrier state for virtual interfaces like bonding. This causes the
ipvlan state to become out of sync with the lower-layer link state.
If the lower link and ipvlan are in the same namespace, this issue is
hidden because ip link show checks the link state in IFLA_LINK and has
a m_flag to control the state, displaying M-DOWN in the flags. However,
if the ipvlan and the lower link are in different namespaces, this
information is not available, and the ipvlan link state remains unchanged.
For example:
1. Add an ipvlan over bond0.
2. Move the ipvlan to a separate namespace and bring it up.
3. Set bond0 link down.
4. The ipvlan remains up.
This issue affects containers and pods, causing them to display an
incorrect link state for ipvlan. Fix this by explicitly changing the
IFF_UP flag, similar to how VLAN handles it.
Fixes: 57fb346cc7d0 ("ipvlan: Add handling of NETDEV_UP events")
Fixes: 229783970838 ("ipvlan: handle NETDEV_DOWN event")
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
drivers/net/ipvlan/ipvlan_main.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 0ed2fd833a5d..2abe6ddc4d15 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -730,7 +730,7 @@ static int ipvlan_device_event(struct notifier_block *unused,
struct ipvl_dev *ipvlan, *next;
struct ipvl_port *port;
LIST_HEAD(lst_kill);
- int err;
+ int flags, err;
if (!netif_is_ipvlan_port(dev))
return NOTIFY_DONE;
@@ -739,7 +739,25 @@ static int ipvlan_device_event(struct notifier_block *unused,
switch (event) {
case NETDEV_UP:
+ list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
+ flags = ipvlan->dev->flags;
+ if (flags & IFF_UP)
+ continue;
+ dev_change_flags(ipvlan->dev, flags | IFF_UP, extack);
+ netif_stacked_transfer_operstate(ipvlan->phy_dev,
+ ipvlan->dev);
+ }
+ break;
case NETDEV_DOWN:
+ list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
+ flags = ipvlan->dev->flags;
+ if (!(flags & IFF_UP))
+ continue;
+ dev_close(ipvlan->dev);
+ netif_stacked_transfer_operstate(ipvlan->phy_dev,
+ ipvlan->dev);
+ }
+ break;
case NETDEV_CHANGE:
list_for_each_entry(ipvlan, &port->ipvlans, pnode)
netif_stacked_transfer_operstate(ipvlan->phy_dev,
--
2.46.0
Powered by blists - more mailing lists