From patchwork Mon May 3 19:38:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Jurgens X-Patchwork-Id: 1473324 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FYtbx5tJBz9s1l; Tue, 4 May 2021 05:40:13 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ldeQK-0001uG-7P; Mon, 03 May 2021 19:40:08 +0000 Received: from mail-il-dmz.mellanox.com ([193.47.165.129] helo=mellanox.co.il) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ldePn-0001WT-OO for kernel-team@lists.ubuntu.com; Mon, 03 May 2021 19:39:35 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from danielj@nvidia.com) with SMTP; 3 May 2021 22:39:31 +0300 Received: from sw-mtx-hparm-003.mtx.labs.mlnx. (sw-mtx-hparm-003.mtx.labs.mlnx [10.9.151.78]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id 143JdHlh026551; Mon, 3 May 2021 22:39:30 +0300 From: Daniel Jurgens To: kernel-team@lists.ubuntu.com Subject: [SRU][F:linux-bluefield][PATCH 14/32] bonding: deal with xfrm state in all modes and add more error-checking Date: Mon, 3 May 2021 22:38:59 +0300 Message-Id: <1620070757-51528-15-git-send-email-danielj@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1620070757-51528-1-git-send-email-danielj@nvidia.com> References: <1620070757-51528-1-git-send-email-danielj@nvidia.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jarod Wilson BugLink: https://bugs.launchpad.net/bugs/1926994 It's possible that device removal happens when the bond is in non-AB mode, and addition happens in AB mode, so bond_ipsec_del_sa() never gets called, which leaves security associations in an odd state if bond_ipsec_add_sa() then gets called after switching the bond into AB. Just call add and delete universally for all modes to keep things consistent. However, it's also possible that this code gets called when the system is shutting down, and the xfrm subsystem has already been disconnected from the bond device, so we need to do some error-checking and bail, lest we hit a null ptr deref. Fixes: a3b658cfb664 ("bonding: allow xfrm offload setup post-module-load") CC: Huy Nguyen CC: Saeed Mahameed CC: Jay Vosburgh CC: Veaceslav Falico CC: Andy Gospodarek CC: "David S. Miller" CC: Jeff Kirsher CC: Jakub Kicinski CC: Steffen Klassert CC: Herbert Xu CC: netdev@vger.kernel.org CC: intel-wired-lan@lists.osuosl.org Signed-off-by: Jarod Wilson Signed-off-by: David S. Miller (cherry picked from commit 5cd24cbe7dca62089ac6228f1dd14729d7da6ed8) Signed-off-by: Daniel Jurgens --- drivers/net/bonding/bond_main.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index dc49fc8..8f173ec 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -336,9 +336,14 @@ static int bond_vlan_rx_kill_vid(struct net_device *bond_dev, static int bond_ipsec_add_sa(struct xfrm_state *xs) { struct net_device *bond_dev = xs->xso.dev; - struct bonding *bond = netdev_priv(bond_dev); - struct slave *slave = rtnl_dereference(bond->curr_active_slave); + struct bonding *bond; + struct slave *slave; + if (!bond_dev) + return -EINVAL; + + bond = netdev_priv(bond_dev); + slave = rtnl_dereference(bond->curr_active_slave); xs->xso.real_dev = slave->dev; bond->xs = xs; @@ -358,8 +363,14 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs) static void bond_ipsec_del_sa(struct xfrm_state *xs) { struct net_device *bond_dev = xs->xso.dev; - struct bonding *bond = netdev_priv(bond_dev); - struct slave *slave = rtnl_dereference(bond->curr_active_slave); + struct bonding *bond; + struct slave *slave; + + if (!bond_dev) + return; + + bond = netdev_priv(bond_dev); + slave = rtnl_dereference(bond->curr_active_slave); if (!slave) return; @@ -913,12 +924,12 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active) if (old_active == new_active) return; - if (new_active) { #ifdef CONFIG_XFRM_OFFLOAD - if ((BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP) && bond->xs) - bond_ipsec_del_sa(bond->xs); + if (old_active && bond->xs) + bond_ipsec_del_sa(bond->xs); #endif /* CONFIG_XFRM_OFFLOAD */ + if (new_active) { new_active->last_link_up = jiffies; if (new_active->link == BOND_LINK_BACK) { @@ -981,13 +992,6 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active) bond_should_notify_peers(bond); } -#ifdef CONFIG_XFRM_OFFLOAD - if (old_active && bond->xs) { - xfrm_dev_state_flush(dev_net(bond->dev), bond->dev, true); - bond_ipsec_add_sa(bond->xs); - } -#endif /* CONFIG_XFRM_OFFLOAD */ - call_netdevice_notifiers(NETDEV_BONDING_FAILOVER, bond->dev); if (should_notify_peers) { bond->send_peer_notif--; @@ -997,6 +1001,13 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active) } } +#ifdef CONFIG_XFRM_OFFLOAD + if (new_active && bond->xs) { + xfrm_dev_state_flush(dev_net(bond->dev), bond->dev, true); + bond_ipsec_add_sa(bond->xs); + } +#endif /* CONFIG_XFRM_OFFLOAD */ + /* resend IGMP joins since active slave has changed or * all were sent on curr_active_slave. * resend only if bond is brought up with the affected