vrf: prevent adding upper devices [Linux 5.0.6]

vrf: prevent adding upper devices [Linux 5.0.6]

This Linux kernel change "vrf: prevent adding upper devices" is included in the Linux 5.0.6 release. This change is authored by Sabrina Dubroca <sd [at] queasysnail.net> on Tue Mar 26 18:22:16 2019 +0100. The commit for this change in Linux stable tree is 1a44391 (patch) which is from upstream commit 1017e09. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 1017e09.

vrf: prevent adding upper devices

[ Upstream commit 1017e0987117c32783ba7c10fe2e7ff1456ba1dc ]

VRF devices don't work with upper devices. Currently, it's possible to
add a VRF device to a bridge or team, and to create macvlan, macsec, or
ipvlan devices on top of a VRF (bond and vlan are prevented respectively
by the lack of an ndo_set_mac_address op and the NETIF_F_VLAN_CHALLENGED
feature flag).

Fix this by setting the IFF_NO_RX_HANDLER flag (introduced in commit
f5426250a6ec ("net: introduce IFF_NO_RX_HANDLER")).

Cc: David Ahern <dsahern@gmail.com>
Fixes: 193125dbd8eb ("net: Introduce VRF device driver")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There is one line of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/net/vrf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index 7c1430e..6d1a1ab 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -1273,6 +1273,7 @@ static void vrf_setup(struct net_device *dev)

    /* default to no qdisc; user can add if desired */
    dev->priv_flags |= IFF_NO_QUEUE;
+   dev->priv_flags |= IFF_NO_RX_HANDLER;

    dev->min_mtu = 0;
    dev->max_mtu = 0;

Leave a Reply

Your email address will not be published. Required fields are marked *