Programming Languages Research Group: Git - firefly-linux-kernel-4.4.55.git/commit

author	Mahesh Bandewar <maheshb@google.com>
	Fri, 2 Sep 2016 05:18:34 +0000 (22:18 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 30 Sep 2016 08:18:36 +0000 (10:18 +0200)
commit	f357a79839f95f5ea7baf1c1366d64796d833bca
tree	907454b9e61c748186598a9af76e79510cf3f72e	tree \| snapshot
parent	56e5ad1e1d7a2ab2d79ef004a29d15e0a137a0d0	commit \| diff

bonding: Fix bonding crash

[ Upstream commit 24b27fc4cdf9e10c5e79e5923b6b7c2c5c95096c ]

Following few steps will crash kernel -

  (a) Create bonding master
      > modprobe bonding miimon=50
  (b) Create macvlan bridge on eth2
      > ip link add link eth2 dev mvl0 address aa:0:0:0:0:01 \
   type macvlan
  (c) Now try adding eth2 into the bond
      > echo +eth2 > /sys/class/net/bond0/bonding/slaves
      <crash>

Bonding does lots of things before checking if the device enslaved is
busy or not.

In this case when the notifier call-chain sends notifications, the
bond_netdev_event() assumes that the rx_handler /rx_handler_data is
registered while the bond_enslave() hasn't progressed far enough to
register rx_handler for the new slave.

This patch adds a rx_handler check that can be performed right at the
beginning of the enslave code to avoid getting into this situation.

Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/net/bonding/bond_main.c		diff \| blob \| history
include/linux/netdevice.h		diff \| blob \| history
net/core/dev.c		diff \| blob \| history