archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 04:24:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/net/bonding
History
Exact
Jiayuan Chen 479d589b40 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded 
bond_option_mode_set() already rejects mode changes that would make a
loaded XDP program incompatible via bond_xdp_check().  However,
bond_option_xmit_hash_policy_set() has no such guard.

For 802.3ad and balance-xor modes, bond_xdp_check() returns false when
xmit_hash_policy is vlan+srcmac, because the 802.1q payload is usually
absent due to hardware offload.  This means a user can:

1. Attach a native XDP program to a bond in 802.3ad/balance-xor mode
   with a compatible xmit_hash_policy (e.g. layer2+3).
2. Change xmit_hash_policy to vlan+srcmac while XDP remains loaded.

This leaves bond->xdp_prog set but bond_xdp_check() now returning false
for the same device.  When the bond is later destroyed, dev_xdp_uninstall()
calls bond_xdp_set(dev, NULL, NULL) to remove the program, which hits
the bond_xdp_check() guard and returns -EOPNOTSUPP, triggering:

WARN_ON(dev_xdp_install(dev, mode, bpf_op, NULL, 0, NULL))

Fix this by rejecting xmit_hash_policy changes to vlan+srcmac when an
XDP program is loaded on a bond in 802.3ad or balance-xor mode.

commit 39a0876d59 ("net, bonding: Disallow vlan+srcmac with XDP")
introduced bond_xdp_check() which returns false for 802.3ad/balance-xor
modes when xmit_hash_policy is vlan+srcmac.  The check was wired into
bond_xdp_set() to reject XDP attachment with an incompatible policy, but
the symmetric path -- preventing xmit_hash_policy from being changed to an
incompatible value after XDP is already loaded -- was left unguarded in
bond_option_xmit_hash_policy_set().

Note:
commit 094ee6017e ("bonding: check xdp prog when set bond mode")
later added a similar guard to bond_option_mode_set(), but
bond_option_xmit_hash_policy_set() remained unprotected.

Reported-by: syzbot+5a287bcdc08104bc3132@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/6995aff6.050a0220.2eeac1.014e.GAE@google.com/T/
Fixes: 39a0876d59 ("net, bonding: Disallow vlan+srcmac with XDP")
Signed-off-by: Jiayuan Chen <jiayuan.chen@shopee.com>
Link: https://patch.msgid.link/20260226080306.98766-2-jiayuan.chen@linux.dev
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-03-03 10:47:37 +01:00
..
bond_3ad.c net: bonding: use workqueue to make sure peer notify updated in lacp mode 2026-01-22 11:20:33 +01:00
bond_alb.c net: core: Convert dev_set_mac_address() to struct sockaddr_storage 2025-05-27 08:25:43 +02:00
bond_debugfs.c saner replacement for debugfs_rename() 2025-01-15 13:14:37 +01:00
bond_main.c bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded 2026-03-03 10:47:37 +01:00
bond_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-01 10:14:49 +02:00
bond_options.c bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded 2026-03-03 10:47:37 +01:00
bond_procfs.c bonding: no longer use RTNL in bonding_show_queue_id() 2024-04-09 17:31:45 -07:00
bond_sysfs.c bonding: Remove support for use_carrier 2025-09-02 14:01:54 -07:00
bond_sysfs_slave.c bonding: no longer use RTNL in bonding_show_queue_id() 2024-04-09 17:31:45 -07:00
bonding_priv.h net: bonding: Add SPDX identifier to remaining files 2023-05-16 15:38:06 +02:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00