diff --git a/patches.kernel.org/6.2.12-052-bonding-fix-ns-validation-on-backup-slaves.patch b/patches.kernel.org/6.2.12-052-bonding-fix-ns-validation-on-backup-slaves.patch new file mode 100644 index 0000000..eba1dca --- /dev/null +++ b/patches.kernel.org/6.2.12-052-bonding-fix-ns-validation-on-backup-slaves.patch @@ -0,0 +1,89 @@ +From: Hangbin Liu +Date: Thu, 6 Apr 2023 16:23:50 +0800 +Subject: [PATCH] bonding: fix ns validation on backup slaves +References: bsc#1012628 +Patch-mainline: 6.2.12 +Git-commit: 4598380f9c548aa161eb4e990a1583f0a7d1e0d7 + +[ Upstream commit 4598380f9c548aa161eb4e990a1583f0a7d1e0d7 ] + +When arp_validate is set to 2, 3, or 6, validation is performed for +backup slaves as well. As stated in the bond documentation, validation +involves checking the broadcast ARP request sent out via the active +slave. This helps determine which slaves are more likely to function in +the event of an active slave failure. + +However, when the target is an IPv6 address, the NS message sent from +the active interface is not checked on backup slaves. Additionally, +based on the bond_arp_rcv() rule b, we must reverse the saddr and daddr +when checking the NS message. + +Note that when checking the NS message, the destination address is a +multicast address. Therefore, we must convert the target address to +solicited multicast in the bond_get_targets_ip6() function. + +Prior to the fix, the backup slaves had a mii status of "down", but +after the fix, all of the slaves' mii status was updated to "UP". + +Fixes: 4e24be018eb9 ("bonding: add new parameter ns_targets") +Reviewed-by: Jonathan Toppins +Acked-by: Jay Vosburgh +Signed-off-by: Hangbin Liu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Jiri Slaby +--- + drivers/net/bonding/bond_main.c | 5 +++-- + include/net/bonding.h | 8 ++++++-- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 116d295d..415cd95f 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -3267,7 +3267,8 @@ static int bond_na_rcv(const struct sk_buff *skb, struct bonding *bond, + + combined = skb_header_pointer(skb, 0, sizeof(_combined), &_combined); + if (!combined || combined->ip6.nexthdr != NEXTHDR_ICMP || +- combined->icmp6.icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT) ++ (combined->icmp6.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION && ++ combined->icmp6.icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT)) + goto out; + + saddr = &combined->ip6.saddr; +@@ -3289,7 +3290,7 @@ static int bond_na_rcv(const struct sk_buff *skb, struct bonding *bond, + else if (curr_active_slave && + time_after(slave_last_rx(bond, curr_active_slave), + curr_active_slave->last_link_up)) +- bond_validate_na(bond, slave, saddr, daddr); ++ bond_validate_na(bond, slave, daddr, saddr); + else if (curr_arp_slave && + bond_time_in_interval(bond, slave_last_tx(curr_arp_slave), 1)) + bond_validate_na(bond, slave, saddr, daddr); +diff --git a/include/net/bonding.h b/include/net/bonding.h +index ea36ab7f..c3843239 100644 +--- a/include/net/bonding.h ++++ b/include/net/bonding.h +@@ -761,13 +761,17 @@ static inline int bond_get_targets_ip(__be32 *targets, __be32 ip) + #if IS_ENABLED(CONFIG_IPV6) + static inline int bond_get_targets_ip6(struct in6_addr *targets, struct in6_addr *ip) + { ++ struct in6_addr mcaddr; + int i; + +- for (i = 0; i < BOND_MAX_NS_TARGETS; i++) +- if (ipv6_addr_equal(&targets[i], ip)) ++ for (i = 0; i < BOND_MAX_NS_TARGETS; i++) { ++ addrconf_addr_solict_mult(&targets[i], &mcaddr); ++ if ((ipv6_addr_equal(&targets[i], ip)) || ++ (ipv6_addr_equal(&mcaddr, ip))) + return i; + else if (ipv6_addr_any(&targets[i])) + break; ++ } + + return -1; + } +-- +2.35.3 + diff --git a/series.conf b/series.conf index bbd6575..ab3bd09 100644 --- a/series.conf +++ b/series.conf @@ -2279,6 +2279,7 @@ patches.kernel.org/6.2.12-049-KVM-arm64-Advertise-ID_AA64PFR0_EL1.CSV2-3-to-.patch patches.kernel.org/6.2.12-050-niu-Fix-missing-unwind-goto-in-niu_alloc_chann.patch patches.kernel.org/6.2.12-051-tcp-restrict-net.ipv4.tcp_app_win.patch + patches.kernel.org/6.2.12-052-bonding-fix-ns-validation-on-backup-slaves.patch ######################################################## # Build fixes that apply to the vanilla kernel too.