lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4177946.1744766112@famine>
Date: Tue, 15 Apr 2025 18:15:12 -0700
From: Jay Vosburgh <jv@...sburgh.net>
To: Hangbin Liu <liuhangbin@...il.com>
cc: netdev@...r.kernel.org, Andrew Lunn <andrew+netdev@...n.ch>,
    "David S. Miller" <davem@...emloft.net>,
    Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
    Paolo Abeni <pabeni@...hat.com>,
    Nikolay Aleksandrov <razor@...ckwall.org>,
    Simon Horman <horms@...nel.org>, Cosmin Ratiu <cratiu@...dia.com>,
    linux-kernel@...r.kernel.org
Subject: Re: [PATCHv2 net] bonding: use permanent address for MAC swapping if
 device address is same

Hangbin Liu <liuhangbin@...il.com> wrote:

>Hi Jay,
>On Mon, Apr 07, 2025 at 09:35:03AM +0000, Hangbin Liu wrote:
>> > 	So this patch's change wouldn't actually resolve the MAC
>> > conflict until a failover takes place?  I.e., if we only do step 4 but
>> > not step 5 or 6, eth0 and eth1 will both have the same MAC address.  Am
>> > I understanding correctly?
>> 
>> Yes, you are right. At step 4, there is no failover, so eth0 is still using
>> it's own mac address. How about set the mac at enslave time, with this we
>> can get correct mac directly. e.g.
>
>Any comments for the new approach?

	Sorry, just getting back to this.

>Thanks
>Hangbin
>> 
>> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>> index 950d8e4d86f8..0d4e1ddd900d 100644
>> --- a/drivers/net/bonding/bond_main.c
>> +++ b/drivers/net/bonding/bond_main.c
>> @@ -2120,6 +2120,24 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev,
>>  			slave_err(bond_dev, slave_dev, "Error %d calling set_mac_address\n", res);
>>  			goto err_restore_mtu;
>>  		}
>> +	} else if (bond->params.fail_over_mac == BOND_FOM_FOLLOW &&
>> +		   BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
>> +		   memcmp(slave_dev->dev_addr, bond_dev->dev_addr, bond_dev->addr_len) == 0) {
>> +		/* Set slave to current active slave's permanent mac address to
>> +		 * avoid duplicate mac address.
>> +		 */
>> +		curr_active_slave = rcu_dereference(bond->curr_active_slave);
>> +		if (curr_active_slave) {
>> +			memcpy(ss.__data, curr_active_slave->perm_hwaddr,
>> +			       curr_active_slave->dev->addr_len);
>> +			ss.ss_family = slave_dev->type;
>> +			res = dev_set_mac_address(slave_dev, (struct sockaddr *)&ss,
>> +					extack);
>> +			if (res) {
>> +				slave_err(bond_dev, slave_dev, "Error %d calling set_mac_address\n", res);
>> +				goto err_restore_mtu;
>> +			}
>> +		}

	Is this in replacement of the prior patch (that does stuff
during failover), or in addition to?

	I'm asking because in the above, if there is no
curr_active_slave, e.g., all interfaces in the bond are down, the above
would permit MAC conflict in the absence of logic in failover to resolve
things.

	-J

---
	-Jay Vosburgh, jv@...sburgh.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ