On Fri, 19 Mar 2021, Greg Kroah-Hartman wrote:
> From: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
>
> [ Upstream commit 2055a99da8a253a357bdfd359b3338ef3375a26c ]
>
> When slave is NULL or slave_ops->ndo_neigh_setup is NULL, no error
> return code of bond_neigh_init() is assigned.
> To fix this bug, ret is assigned with -EINVAL in these cases.
>
> Fixes: 9e99bfefdbce ("bonding: fix bond_neigh_init()")
> Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
> Signed-off-by: Jia-Ju Bai <baijiaju1990@xxxxxxxxx>
> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> ---
> drivers/net/bonding/bond_main.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 5fe5232cc3f3..fba6b6d1b430 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -3917,11 +3917,15 @@ static int bond_neigh_init(struct neighbour *n)
>
> rcu_read_lock();
> slave = bond_first_slave_rcu(bond);
> - if (!slave)
> + if (!slave) {
> + ret = -EINVAL;
> goto out;
> + }
> slave_ops = slave->dev->netdev_ops;
> - if (!slave_ops->ndo_neigh_setup)
> + if (!slave_ops->ndo_neigh_setup) {
> + ret = -EINVAL;
> goto out;
> + }
This patch is completely broken and breaks bonding functionality
altogether for me.
--
Jiri Kosina
SUSE Labs
