* ipv6: Do not leak throw route references
@ 2017-06-16 11:42 Serhey Popovych
2017-06-19 18:25 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Serhey Popovych @ 2017-06-16 11:42 UTC (permalink / raw)
To: netdev
While commit 73ba57b (ipv6: fix backtracking for throw routes)
does good job on error propagation to the fib_rules_lookup()
in fib rules core framework that also corrects throw routes
handling, it does not solve route reference leakage problem
happened when we return -EAGAIN to the fib_rules_lookup()
and leave routing table entry referenced in arg->result.
If rule with matched throw route isn't last matched in the
list we overwrite arg->result loosing reference on throw
route stored previously forever.
We also partially revert commit ab997ad (ipv6: fix the
incorrect return value of throw route) since we never return
routing table entry with dst.error == -EAGAIN when
CONFIG_IPV6_MULTIPLE_TABLES is on. Also there is no point
to check for RTF_REJECT flag since it is always set throw
route.
Fixes: 73ba57b (ipv6: fix backtracking for throw routes)
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
---
net/ipv6/fib6_rules.c | 22 ++++++----------------
net/ipv6/ip6_fib.c | 3 +--
2 files changed, 7 insertions(+), 18 deletions(-)
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 11318b7..65a3c62 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -33,7 +33,6 @@ struct fib6_rule
struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
int flags, pol_lookup_t lookup)
{
- struct rt6_info *rt;
struct fib_lookup_arg arg = {
.lookup_ptr = lookup,
.flags = FIB_LOOKUP_NOREF,
@@ -42,21 +41,11 @@ struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
fib_rules_lookup(net->ipv6.fib6_rules_ops,
flowi6_to_flowi(fl6), flags, &arg);
- rt = arg.result;
+ if (arg.result)
+ return arg.result;
- if (!rt) {
- dst_hold(&net->ipv6.ip6_null_entry->dst);
- return &net->ipv6.ip6_null_entry->dst;
- }
-
- if (rt->rt6i_flags & RTF_REJECT &&
- rt->dst.error == -EAGAIN) {
- ip6_rt_put(rt);
- rt = net->ipv6.ip6_null_entry;
- dst_hold(&rt->dst);
- }
-
- return &rt->dst;
+ dst_hold(&net->ipv6.ip6_null_entry->dst);
+ return &net->ipv6.ip6_null_entry->dst;
}
static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
@@ -117,7 +106,8 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
ipv6_addr_copy(&flp6->saddr, &saddr);
}
err = rt->dst.error;
- goto out;
+ if (err != -EAGAIN)
+ goto out;
}
again:
ip6_rt_put(rt);
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index d3cd013..32f91cd 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -249,8 +249,7 @@ struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
table = fib6_get_table(net, RT6_TABLE_MAIN);
if (table) {
rt = lookup(net, table, fl6, flags);
- if (rt->rt6i_flags & RTF_REJECT &&
- rt->dst.error == -EAGAIN) {
+ if (rt->dst.error == -EAGAIN) {
ip6_rt_put(rt);
rt = NULL;
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: ipv6: Do not leak throw route references
2017-06-16 11:42 ipv6: Do not leak throw route references Serhey Popovych
@ 2017-06-19 18:25 ` David Miller
2017-06-20 10:29 ` Serhey Popovych
0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2017-06-19 18:25 UTC (permalink / raw)
To: serhe.popovych; +Cc: netdev
From: Serhey Popovych <serhe.popovych@gmail.com>
Date: Fri, 16 Jun 2017 14:42:17 +0300
> While commit 73ba57b (ipv6: fix backtracking for throw routes)
> does good job on error propagation to the fib_rules_lookup()
> in fib rules core framework that also corrects throw routes
> handling, it does not solve route reference leakage problem
> happened when we return -EAGAIN to the fib_rules_lookup()
> and leave routing table entry referenced in arg->result.
>
> If rule with matched throw route isn't last matched in the
> list we overwrite arg->result loosing reference on throw
> route stored previously forever.
>
> We also partially revert commit ab997ad (ipv6: fix the
> incorrect return value of throw route) since we never return
> routing table entry with dst.error == -EAGAIN when
> CONFIG_IPV6_MULTIPLE_TABLES is on. Also there is no point
> to check for RTF_REJECT flag since it is always set throw
> route.
>
> Fixes: 73ba57b (ipv6: fix backtracking for throw routes)
> Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
This does not apply cleanly to the net tree, please respin.
^ permalink raw reply [flat|nested] 4+ messages in thread
* ipv6: Do not leak throw route references
2017-06-19 18:25 ` David Miller
@ 2017-06-20 10:29 ` Serhey Popovych
2017-06-20 19:35 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Serhey Popovych @ 2017-06-20 10:29 UTC (permalink / raw)
To: davem; +Cc: netdev
While commit 73ba57bfae4a ("ipv6: fix backtracking for throw routes")
does good job on error propagation to the fib_rules_lookup()
in fib rules core framework that also corrects throw routes
handling, it does not solve route reference leakage problem
happened when we return -EAGAIN to the fib_rules_lookup()
and leave routing table entry referenced in arg->result.
If rule with matched throw route isn't last matched in the
list we overwrite arg->result losing reference on throw
route stored previously forever.
We also partially revert commit ab997ad40839 ("ipv6: fix the
incorrect return value of throw route") since we never return
routing table entry with dst.error == -EAGAIN when
CONFIG_IPV6_MULTIPLE_TABLES is on. Also there is no point
to check for RTF_REJECT flag since it is always set throw
route.
Fixes: 73ba57bfae4a ("ipv6: fix backtracking for throw routes")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
---
v2: Rebased to kernel/git/davem/net.git repository
Address several scripts/checkpatch.pl issues.
net/ipv6/fib6_rules.c | 22 ++++++----------------
net/ipv6/ip6_fib.c | 3 +--
2 files changed, 7 insertions(+), 18 deletions(-)
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index eea23b5..ec849d8 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -32,7 +32,6 @@ struct fib6_rule {
struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
int flags, pol_lookup_t lookup)
{
- struct rt6_info *rt;
struct fib_lookup_arg arg = {
.lookup_ptr = lookup,
.flags = FIB_LOOKUP_NOREF,
@@ -44,21 +43,11 @@ struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
fib_rules_lookup(net->ipv6.fib6_rules_ops,
flowi6_to_flowi(fl6), flags, &arg);
- rt = arg.result;
+ if (arg.result)
+ return arg.result;
- if (!rt) {
- dst_hold(&net->ipv6.ip6_null_entry->dst);
- return &net->ipv6.ip6_null_entry->dst;
- }
-
- if (rt->rt6i_flags & RTF_REJECT &&
- rt->dst.error == -EAGAIN) {
- ip6_rt_put(rt);
- rt = net->ipv6.ip6_null_entry;
- dst_hold(&rt->dst);
- }
-
- return &rt->dst;
+ dst_hold(&net->ipv6.ip6_null_entry->dst);
+ return &net->ipv6.ip6_null_entry->dst;
}
static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
@@ -121,7 +110,8 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
flp6->saddr = saddr;
}
err = rt->dst.error;
- goto out;
+ if (err != -EAGAIN)
+ goto out;
}
again:
ip6_rt_put(rt);
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index d4bf2c6..e6b78ba 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -289,8 +289,7 @@ struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
struct rt6_info *rt;
rt = lookup(net, net->ipv6.fib6_main_tbl, fl6, flags);
- if (rt->rt6i_flags & RTF_REJECT &&
- rt->dst.error == -EAGAIN) {
+ if (rt->dst.error == -EAGAIN) {
ip6_rt_put(rt);
rt = net->ipv6.ip6_null_entry;
dst_hold(&rt->dst);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: ipv6: Do not leak throw route references
2017-06-20 10:29 ` Serhey Popovych
@ 2017-06-20 19:35 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2017-06-20 19:35 UTC (permalink / raw)
To: serhe.popovych; +Cc: netdev
From: Serhey Popovych <serhe.popovych@gmail.com>
Date: Tue, 20 Jun 2017 13:29:25 +0300
> While commit 73ba57bfae4a ("ipv6: fix backtracking for throw routes")
> does good job on error propagation to the fib_rules_lookup()
> in fib rules core framework that also corrects throw routes
> handling, it does not solve route reference leakage problem
> happened when we return -EAGAIN to the fib_rules_lookup()
> and leave routing table entry referenced in arg->result.
>
> If rule with matched throw route isn't last matched in the
> list we overwrite arg->result losing reference on throw
> route stored previously forever.
>
> We also partially revert commit ab997ad40839 ("ipv6: fix the
> incorrect return value of throw route") since we never return
> routing table entry with dst.error == -EAGAIN when
> CONFIG_IPV6_MULTIPLE_TABLES is on. Also there is no point
> to check for RTF_REJECT flag since it is always set throw
> route.
>
> Fixes: 73ba57bfae4a ("ipv6: fix backtracking for throw routes")
> Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
> ---
> v2: Rebased to kernel/git/davem/net.git repository
> Address several scripts/checkpatch.pl issues.
Applied and queue up for -stable, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-06-20 19:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-16 11:42 ipv6: Do not leak throw route references Serhey Popovych
2017-06-19 18:25 ` David Miller
2017-06-20 10:29 ` Serhey Popovych
2017-06-20 19:35 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).