From: Taehee Yoo <ap420073@gmail.com> To: davem@davemloft.net, kuba@kernel.org, j.vosburgh@gmail.com, vfalico@gmail.com, andy@greyhouse.net, jesse.brandeburg@intel.com, anthony.l.nguyen@intel.com, jarod@redhat.com, netdev@vger.kernel.org, intel-wired-lan@lists.osuosl.org Cc: ap420073@gmail.com Subject: [PATCH net 6/8] bonding: disallow setting nested bonding + ipsec offload Date: Fri, 2 Jul 2021 14:26:46 +0000 [thread overview] Message-ID: <20210702142648.7677-7-ap420073@gmail.com> (raw) In-Reply-To: <20210702142648.7677-1-ap420073@gmail.com> bonding interface can be nested and it supports ipsec offload. So, it allows setting the nested bonding + ipsec scenario. But code does not support this scenario. So, it should be disallowed. interface graph: bond2 | bond1 | eth0 The nested bonding + ipsec offload may not a real usecase. So, disallowing this is fine. Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves") Signed-off-by: Taehee Yoo <ap420073@gmail.com> --- drivers/net/bonding/bond_main.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 7659e1fab19e..f268e67cb2f0 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -419,8 +419,9 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs) xs->xso.real_dev = slave->dev; bond->xs = xs; - if (!(slave->dev->xfrmdev_ops - && slave->dev->xfrmdev_ops->xdo_dev_state_add)) { + if (!slave->dev->xfrmdev_ops || + !slave->dev->xfrmdev_ops->xdo_dev_state_add || + netif_is_bond_master(slave->dev)) { slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n"); rcu_read_unlock(); return -EINVAL; @@ -453,8 +454,9 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs) xs->xso.real_dev = slave->dev; - if (!(slave->dev->xfrmdev_ops - && slave->dev->xfrmdev_ops->xdo_dev_state_delete)) { + if (!slave->dev->xfrmdev_ops || + !slave->dev->xfrmdev_ops->xdo_dev_state_delete || + netif_is_bond_master(slave->dev)) { slave_warn(bond_dev, slave->dev, "%s: no slave xdo_dev_state_delete\n", __func__); goto out; } @@ -479,8 +481,9 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) return true; - if (!(slave_dev->xfrmdev_ops - && slave_dev->xfrmdev_ops->xdo_dev_offload_ok)) { + if (!slave_dev->xfrmdev_ops || + !slave_dev->xfrmdev_ops->xdo_dev_offload_ok || + netif_is_bond_master(slave_dev)) { slave_warn(bond_dev, slave_dev, "%s: no slave xdo_dev_offload_ok\n", __func__); return false; } -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Taehee Yoo <ap420073@gmail.com> To: intel-wired-lan@osuosl.org Subject: [Intel-wired-lan] [PATCH net 6/8] bonding: disallow setting nested bonding + ipsec offload Date: Fri, 2 Jul 2021 14:26:46 +0000 [thread overview] Message-ID: <20210702142648.7677-7-ap420073@gmail.com> (raw) In-Reply-To: <20210702142648.7677-1-ap420073@gmail.com> bonding interface can be nested and it supports ipsec offload. So, it allows setting the nested bonding + ipsec scenario. But code does not support this scenario. So, it should be disallowed. interface graph: bond2 | bond1 | eth0 The nested bonding + ipsec offload may not a real usecase. So, disallowing this is fine. Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves") Signed-off-by: Taehee Yoo <ap420073@gmail.com> --- drivers/net/bonding/bond_main.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 7659e1fab19e..f268e67cb2f0 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -419,8 +419,9 @@ static int bond_ipsec_add_sa(struct xfrm_state *xs) xs->xso.real_dev = slave->dev; bond->xs = xs; - if (!(slave->dev->xfrmdev_ops - && slave->dev->xfrmdev_ops->xdo_dev_state_add)) { + if (!slave->dev->xfrmdev_ops || + !slave->dev->xfrmdev_ops->xdo_dev_state_add || + netif_is_bond_master(slave->dev)) { slave_warn(bond_dev, slave->dev, "Slave does not support ipsec offload\n"); rcu_read_unlock(); return -EINVAL; @@ -453,8 +454,9 @@ static void bond_ipsec_del_sa(struct xfrm_state *xs) xs->xso.real_dev = slave->dev; - if (!(slave->dev->xfrmdev_ops - && slave->dev->xfrmdev_ops->xdo_dev_state_delete)) { + if (!slave->dev->xfrmdev_ops || + !slave->dev->xfrmdev_ops->xdo_dev_state_delete || + netif_is_bond_master(slave->dev)) { slave_warn(bond_dev, slave->dev, "%s: no slave xdo_dev_state_delete\n", __func__); goto out; } @@ -479,8 +481,9 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) return true; - if (!(slave_dev->xfrmdev_ops - && slave_dev->xfrmdev_ops->xdo_dev_offload_ok)) { + if (!slave_dev->xfrmdev_ops || + !slave_dev->xfrmdev_ops->xdo_dev_offload_ok || + netif_is_bond_master(slave_dev)) { slave_warn(bond_dev, slave_dev, "%s: no slave xdo_dev_offload_ok\n", __func__); return false; } -- 2.17.1
next prev parent reply other threads:[~2021-07-02 14:27 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-07-02 14:26 [PATCH net 0/8] net: fix bonding ipsec offload problems Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 1/8] bonding: fix suspicious RCU usage in bond_ipsec_add_sa() Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 2/8] bonding: fix null dereference " Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 3/8] net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 4/8] ixgbevf: " Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 5/8] bonding: fix suspicious RCU usage in bond_ipsec_del_sa() Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` Taehee Yoo [this message] 2021-07-02 14:26 ` [Intel-wired-lan] [PATCH net 6/8] bonding: disallow setting nested bonding + ipsec offload Taehee Yoo 2021-07-02 21:14 ` Jay Vosburgh 2021-07-02 21:14 ` [Intel-wired-lan] " Jay Vosburgh 2021-07-03 6:37 ` Taehee Yoo 2021-07-03 6:37 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 21:26 ` Jay Vosburgh 2021-07-02 21:26 ` [Intel-wired-lan] " Jay Vosburgh 2021-07-03 6:46 ` Taehee Yoo 2021-07-03 6:46 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 7/8] bonding: Add struct bond_ipesc to manage SA Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo 2021-07-02 14:26 ` [PATCH net 8/8] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() Taehee Yoo 2021-07-02 14:26 ` [Intel-wired-lan] " Taehee Yoo
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210702142648.7677-7-ap420073@gmail.com \ --to=ap420073@gmail.com \ --cc=andy@greyhouse.net \ --cc=anthony.l.nguyen@intel.com \ --cc=davem@davemloft.net \ --cc=intel-wired-lan@lists.osuosl.org \ --cc=j.vosburgh@gmail.com \ --cc=jarod@redhat.com \ --cc=jesse.brandeburg@intel.com \ --cc=kuba@kernel.org \ --cc=netdev@vger.kernel.org \ --cc=vfalico@gmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.