Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1508625ybb; Sat, 11 Apr 2020 05:15:47 -0700 (PDT) X-Google-Smtp-Source: APiQypLSdORPZJunDpdL8P+iG1mRHqmUGUomFcyMKSEYgQPsrU8tvUtCjQ54undxCXZUVjRGuoBk X-Received: by 2002:ac8:1a85:: with SMTP id x5mr3331584qtj.302.1586607347332; Sat, 11 Apr 2020 05:15:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586607347; cv=none; d=google.com; s=arc-20160816; b=sOBo6Lrg1N1n1r/Kv6j9vCmcTiQUqi74bkdfGF855N9jZue9YN7o6wjcOPMenx0Hfk umznB7i0BogW/A216m6ZksKz6DSf+b5smy+LlwJvrwjKU4mgrSjA4j1duU/fge3tECjJ gsX0iA4tsog0ICny8j//JSs1DxQwEQnqLaG6tCtGAh/bAHc/cQAU/mKks/wPm3mtYd+6 Uwf8psuKcLtY+uvTI79C62WVh498ckQ8EmrMlG+kHKACOjmLNpEY67z5Mq4O2XFr/sFi tSlz0I67cSvNQHmJ1PyRL2Hs/Ixef6B2L6Ar1t4xYY5P0W1+u/J+ffJKJcuKfcjL+Gl0 NiZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Nhnce8Hlm3fCV+ugy8xOFhtfc3b+ECs+l9n15/XN2iw=; b=mXfsvhI42N7IMf53Ky+R0q5c7got1vJpLPobA2oIcyy1/L7BNzWkhtMADHHwT8/g4t blhq5Pxu5U3QqK0DGBQvMZ21EcsDS7qRgZTxiKYzNErmBb7u2o+1LvUmQoVmrL0a90Y9 57G6mmKeea8JKM5ntqLar8ZUPb1yCJXg4pZd7iilBRPhqb4XzG4+oL0B6NMSej4ijxmF 1kSShLkjaIcGu7ilvcFBRfRs3ACakztl/zy5JRFQM/lOe5+cZxTFNVa4aqgIrJcvUluY BabknMFfGQ7HDn2MkOgd7Xs+4730y7hd+deNcL3ahJtypbIKMQ2jozoO+bo1rv3gk09/ idwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=f3rO6b4X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 8si2901108qkv.341.2020.04.11.05.15.33; Sat, 11 Apr 2020 05:15:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=f3rO6b4X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727752AbgDKMNU (ORCPT + 99 others); Sat, 11 Apr 2020 08:13:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:46206 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727732AbgDKMNT (ORCPT ); Sat, 11 Apr 2020 08:13:19 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DA9FB2166E; Sat, 11 Apr 2020 12:13:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586607199; bh=/lxQsjwShHOCqEOzz99+Z6MX6Z1Ea8+vgXJ2HukAbNQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f3rO6b4Xx6/H6LP5TNN/DYxOzgzFNSQtbypUkCbJ6pSRs9V724V3q4WKMe/gWvH1J 9cIMmERJiHu2qiFoxeh64KI1uL2re4MCywV8fVJn7m3qdJ2JoZEG2N0w/JspUblLo1 3QYf3lKn1txu9MOj9S0029eFzxjqgT7Xx8wKSqcU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Moshe Levi , Stephen Hemminger , Marcelo Ricardo Leitner , netdev@vger.kernel.org, Jarod Wilson , "David S. Miller" Subject: [PATCH 4.14 15/38] ipv6: dont auto-add link-local address to lag ports Date: Sat, 11 Apr 2020 14:08:59 +0200 Message-Id: <20200411115439.509016369@linuxfoundation.org> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200411115437.795556138@linuxfoundation.org> References: <20200411115437.795556138@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jarod Wilson [ Upstream commit 744fdc8233f6aa9582ce08a51ca06e59796a3196 ] Bonding slave and team port devices should not have link-local addresses automatically added to them, as it can interfere with openvswitch being able to properly add tc ingress. Basic reproducer, courtesy of Marcelo: $ ip link add name bond0 type bond $ ip link set dev ens2f0np0 master bond0 $ ip link set dev ens2f1np2 master bond0 $ ip link set dev bond0 up $ ip a s 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens2f0np0: mtu 1500 qdisc mq master bond0 state UP group default qlen 1000 link/ether 00:0f:53:2f:ea:40 brd ff:ff:ff:ff:ff:ff 5: ens2f1np2: mtu 1500 qdisc mq master bond0 state DOWN group default qlen 1000 link/ether 00:0f:53:2f:ea:40 brd ff:ff:ff:ff:ff:ff 11: bond0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:0f:53:2f:ea:40 brd ff:ff:ff:ff:ff:ff inet6 fe80::20f:53ff:fe2f:ea40/64 scope link valid_lft forever preferred_lft forever (above trimmed to relevant entries, obviously) $ sysctl net.ipv6.conf.ens2f0np0.addr_gen_mode=0 net.ipv6.conf.ens2f0np0.addr_gen_mode = 0 $ sysctl net.ipv6.conf.ens2f1np2.addr_gen_mode=0 net.ipv6.conf.ens2f1np2.addr_gen_mode = 0 $ ip a l ens2f0np0 2: ens2f0np0: mtu 1500 qdisc mq master bond0 state UP group default qlen 1000 link/ether 00:0f:53:2f:ea:40 brd ff:ff:ff:ff:ff:ff inet6 fe80::20f:53ff:fe2f:ea40/64 scope link tentative valid_lft forever preferred_lft forever $ ip a l ens2f1np2 5: ens2f1np2: mtu 1500 qdisc mq master bond0 state DOWN group default qlen 1000 link/ether 00:0f:53:2f:ea:40 brd ff:ff:ff:ff:ff:ff inet6 fe80::20f:53ff:fe2f:ea40/64 scope link tentative valid_lft forever preferred_lft forever Looks like addrconf_sysctl_addr_gen_mode() bypasses the original "is this a slave interface?" check added by commit c2edacf80e15, and results in an address getting added, while w/the proposed patch added, no address gets added. This simply adds the same gating check to another code path, and thus should prevent the same devices from erroneously obtaining an ipv6 link-local address. Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to change link-local address generation mode") Reported-by: Moshe Levi CC: Stephen Hemminger CC: Marcelo Ricardo Leitner CC: netdev@vger.kernel.org Signed-off-by: Jarod Wilson Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv6/addrconf.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3175,6 +3175,10 @@ static void addrconf_addr_gen(struct ine if (netif_is_l3_master(idev->dev)) return; + /* no link local addresses on devices flagged as slaves */ + if (idev->dev->flags & IFF_SLAVE) + return; + ipv6_addr_set(&addr, htonl(0xFE800000), 0, 0, 0); switch (idev->cnf.addr_gen_mode) {