From patchwork Mon Apr 1 23:04:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Si-Wei Liu X-Patchwork-Id: 1073512 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="Ph1wnQC8"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44Y8Bc5D5gz9sRk for ; Tue, 2 Apr 2019 10:46:48 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726206AbfDAXpV (ORCPT ); Mon, 1 Apr 2019 19:45:21 -0400 Received: from aserp2130.oracle.com ([141.146.126.79]:35472 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725893AbfDAXpV (ORCPT ); Mon, 1 Apr 2019 19:45:21 -0400 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x31NNtpj047170; Mon, 1 Apr 2019 23:30:09 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id; s=corp-2018-07-02; bh=kQcV8cq4DKWUqSWbwHKvadrhD6NZC6mFYqCItO19pKY=; b=Ph1wnQC8l/9wFWOi83VxCf5LHRvnXz7HuZszzxNV4Q5N1nnGrz40QSaHdnCuNAT5hw1H enIXQu2jhfvB9yOQnrussgRUdv+Mm/vFQOM9x+w6HhEE4fu8GUYgWlVCyw+WFt6kD1sk HJ7ZT/xJDh+hLALkgaxP3tnFhM/LVCPYE0w9L/LxPb4CQZX3mYSGARd/HnOAobMeadLH iNMj3X7PGCFqWe/havOajzx2nx22YrO6r8VNNp1yGztBYVivHSfzbZ+PWsCHLknUxNaq pZOoM7mSXLbRmM5Dnq2Qtc1icYQZUUnlKIbdCNc+fFJJAAo+b59PaVdmmcGlhu38DWhl og== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2130.oracle.com with ESMTP id 2rhwyd24u0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 01 Apr 2019 23:30:08 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id x31NU6T0026254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 1 Apr 2019 23:30:06 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x31NU4s7011707; Mon, 1 Apr 2019 23:30:04 GMT Received: from ban25x6uut24.us.oracle.com (/10.153.73.24) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 01 Apr 2019 16:30:04 -0700 From: Si-Wei Liu To: mst@redhat.com, sridhar.samudrala@intel.com, stephen@networkplumber.org, davem@davemloft.net, kubakici@wp.pl, alexander.duyck@gmail.com, jiri@resnulli.us, netdev@vger.kernel.org, virtualization@lists.linux-foundation.org Cc: liran.alon@oracle.com, boris.ostrovsky@oracle.com, vijay.balakrishna@oracle.com, si-wei liu Subject: [PATCH net v5] failover: allow name change on IFF_UP slave interfaces Date: Mon, 1 Apr 2019 19:04:53 -0400 Message-Id: <1554159893-29704-1-git-send-email-si-wei.liu@oracle.com> X-Mailer: git-send-email 1.8.3.1 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9214 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=4 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904010151 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org When a netdev appears through hot plug then gets enslaved by a failover master that is already up and running, the slave will be opened right away after getting enslaved. Today there's a race that userspace (udev) may fail to rename the slave if the kernel (net_failover) opens the slave earlier than when the userspace rename happens. Unlike bond or team, the primary slave of failover can't be renamed by userspace ahead of time, since the kernel initiated auto-enslavement is unable to, or rather, is never meant to be synchronized with the rename request from userspace. As the failover slave interfaces are not designed to be operated directly by userspace apps: IP configuration, filter rules with regard to network traffic passing and etc., should all be done on master interface. In general, userspace apps only care about the name of master interface, while slave names are less important as long as admin users can see reliable names that may carry other information describing the netdev. For e.g., they can infer that "ens3nsby" is a standby slave of "ens3", while for a name like "eth0" they can't tell which master it belongs to. Historically the name of IFF_UP interface can't be changed because there might be admin script or management software that is already relying on such behavior and assumes that the slave name can't be changed once UP. But failover is special: with the in-kernel auto-enslavement mechanism, the userspace expectation for device enumeration and bring-up order is already broken. Previously initramfs and various userspace config tools were modified to bypass failover slaves because of auto-enslavement and duplicate MAC address. Similarly, in case that users care about seeing reliable slave name, the new type of failover slaves needs to be taken care of specifically in userspace anyway. It's less risky to lift up the rename restriction on failover slave which is already UP. Although it's possible this change may potentially break userspace component (most likely configuration scripts or management software) that assumes slave name can't be changed while UP, it's relatively a limited and controllable set among all userspace components, which can be fixed specifically to listen for the rename and/or link down/up events on failover slaves. Userspace component interacting with slaves is expected to be changed to operate on failover master interface instead, as the failover slave is dynamic in nature which may come and go at any point. The goal is to make the role of failover slaves less relevant, and userspace components should only deal with failover master in the long run. Fixes: 30c8bd5aa8b2 ("net: Introduce generic failover module") Signed-off-by: Si-Wei Liu Reviewed-by: Liran Alon Acked-by: Sridhar Samudrala Acked-by: Michael S. Tsirkin --- v1 -> v2: - Drop configurable module parameter (Sridhar) v2 -> v3: - Drop additional IFF_SLAVE_RENAME_OK flag (Sridhar) - Send down and up events around rename (Michael S. Tsirkin) v3 -> v4: - Simplify notification to be sent (Stephen Hemminger) v4 -> v5: - Sync up code with latest net-next (Sridhar) - Use proper structure initialization (Stephen, Jiri) --- net/core/dev.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c index 9823b77..b694184 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1185,7 +1185,21 @@ int dev_change_name(struct net_device *dev, const char *newname) BUG_ON(!dev_net(dev)); net = dev_net(dev); - if (dev->flags & IFF_UP) + + /* Allow failover slave to rename even when + * it is up and running. + * + * Failover slaves are special, since userspace + * might rename the slave after the interface + * has been brought up and running due to + * auto-enslavement. + * + * Failover users don't actually care about slave + * name change, as they are only expected to operate + * on master interface directly. + */ + if (dev->flags & IFF_UP && + likely(!(dev->priv_flags & IFF_FAILOVER_SLAVE))) return -EBUSY; write_seqcount_begin(&devnet_rename_seq); @@ -1232,6 +1246,15 @@ int dev_change_name(struct net_device *dev, const char *newname) hlist_add_head_rcu(&dev->name_hlist, dev_name_hash(net, dev->name)); write_unlock_bh(&dev_base_lock); + if (unlikely(dev->flags & IFF_UP)) { + struct netdev_notifier_change_info change_info = { + .info.dev = dev, + }; + + call_netdevice_notifiers_info(NETDEV_CHANGE, + &change_info.info); + } + ret = call_netdevice_notifiers(NETDEV_CHANGENAME, dev); ret = notifier_to_errno(ret);