| Message ID | 20210319121747.622717971@linuxfoundation.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | None | expand |
On Fri, 19 Mar 2021, Greg Kroah-Hartman wrote: > From: Jia-Ju Bai <baijiaju1990@gmail.com> > > [ Upstream commit 2055a99da8a253a357bdfd359b3338ef3375a26c ] > > When slave is NULL or slave_ops->ndo_neigh_setup is NULL, no error > return code of bond_neigh_init() is assigned. > To fix this bug, ret is assigned with -EINVAL in these cases. > > Fixes: 9e99bfefdbce ("bonding: fix bond_neigh_init()") > Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> > Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> > Signed-off-by: David S. Miller <davem@davemloft.net> > Signed-off-by: Sasha Levin <sashal@kernel.org> > --- > drivers/net/bonding/bond_main.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c > index 5fe5232cc3f3..fba6b6d1b430 100644 > --- a/drivers/net/bonding/bond_main.c > +++ b/drivers/net/bonding/bond_main.c > @@ -3917,11 +3917,15 @@ static int bond_neigh_init(struct neighbour *n) > > rcu_read_lock(); > slave = bond_first_slave_rcu(bond); > - if (!slave) > + if (!slave) { > + ret = -EINVAL; > goto out; > + } > slave_ops = slave->dev->netdev_ops; > - if (!slave_ops->ndo_neigh_setup) > + if (!slave_ops->ndo_neigh_setup) { > + ret = -EINVAL; > goto out; > + } This patch is completely broken and breaks bonding functionality altogether for me.
On Fri, Mar 19, 2021 at 03:12:12PM +0100, Jiri Kosina wrote: > On Fri, 19 Mar 2021, Greg Kroah-Hartman wrote: > > > From: Jia-Ju Bai <baijiaju1990@gmail.com> > > > > [ Upstream commit 2055a99da8a253a357bdfd359b3338ef3375a26c ] > > > > When slave is NULL or slave_ops->ndo_neigh_setup is NULL, no error > > return code of bond_neigh_init() is assigned. > > To fix this bug, ret is assigned with -EINVAL in these cases. > > > > Fixes: 9e99bfefdbce ("bonding: fix bond_neigh_init()") > > Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> > > Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> > > Signed-off-by: David S. Miller <davem@davemloft.net> > > Signed-off-by: Sasha Levin <sashal@kernel.org> > > --- > > drivers/net/bonding/bond_main.c | 8 ++++++-- > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c > > index 5fe5232cc3f3..fba6b6d1b430 100644 > > --- a/drivers/net/bonding/bond_main.c > > +++ b/drivers/net/bonding/bond_main.c > > @@ -3917,11 +3917,15 @@ static int bond_neigh_init(struct neighbour *n) > > > > rcu_read_lock(); > > slave = bond_first_slave_rcu(bond); > > - if (!slave) > > + if (!slave) { > > + ret = -EINVAL; > > goto out; > > + } > > slave_ops = slave->dev->netdev_ops; > > - if (!slave_ops->ndo_neigh_setup) > > + if (!slave_ops->ndo_neigh_setup) { > > + ret = -EINVAL; > > goto out; > > + } > > This patch is completely broken and breaks bonding functionality > altogether for me. Is Linus's tree also broken for you? This showed up in 5.12-rc3. thanks, greg k-h
On Fri, 19 Mar 2021, Greg Kroah-Hartman wrote: > > > diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c > > > index 5fe5232cc3f3..fba6b6d1b430 100644 > > > --- a/drivers/net/bonding/bond_main.c > > > +++ b/drivers/net/bonding/bond_main.c > > > @@ -3917,11 +3917,15 @@ static int bond_neigh_init(struct neighbour *n) > > > > > > rcu_read_lock(); > > > slave = bond_first_slave_rcu(bond); > > > - if (!slave) > > > + if (!slave) { > > > + ret = -EINVAL; > > > goto out; > > > + } > > > slave_ops = slave->dev->netdev_ops; > > > - if (!slave_ops->ndo_neigh_setup) > > > + if (!slave_ops->ndo_neigh_setup) { > > > + ret = -EINVAL; > > > goto out; > > > + } > > > > This patch is completely broken and breaks bonding functionality > > altogether for me. > > Is Linus's tree also broken for you? This showed up in 5.12-rc3. Yes, it is.
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 5fe5232cc3f3..fba6b6d1b430 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -3917,11 +3917,15 @@ static int bond_neigh_init(struct neighbour *n) rcu_read_lock(); slave = bond_first_slave_rcu(bond); - if (!slave) + if (!slave) { + ret = -EINVAL; goto out; + } slave_ops = slave->dev->netdev_ops; - if (!slave_ops->ndo_neigh_setup) + if (!slave_ops->ndo_neigh_setup) { + ret = -EINVAL; goto out; + } /* TODO: find another way [1] to implement this. * Passing a zeroed structure is fragile,