Linux Kernel XDP Compatibility Vulnerability in Bonding Driver

A vulnerability exists in the Linux kernel bonding driver related to the handling of transmit hash policies when an eBPF program is loaded via the XDP framework. Specifically, the issue arises in bonding modes 802.3ad and balance-xor, where the 'vlan+srcmac' hash policy is incompatible due to the absence of 802.1q payloads caused by hardware offloading. The vulnerability allows a user to attach an XDP program to a bond with a compatible hash policy, and then switch the policy to 'vlan+srcmac' without unloading the XDP program first. This creates a conflict that is not properly managed, leading to potential issues when the bond is destroyed and the XDP program is uninstalled.

Impact

Exploiting this vulnerability can cause a warning to be triggered during the uninstallation of the XDP program, indicating a failure to remove the program from the bonding interface due to the incompatible hash policy. This could disrupt network operations that rely on the bonding interface and the XDP program.

Reproduction

1. Load a native XDP program onto a bond interface set to 802.3ad or balance-xor mode, using a compatible transmit hash policy such as layer2+3. 2. While the XDP program is still active, change the transmit hash policy to vlan+srcmac. This will leave the bonding interface in a state where the XDP program is still attached, but the hash policy is now incompatible, creating a conflict that can be observed when the bond is destroyed.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to a version that includes the fix.