<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net/ipv4/fib_semantics.c, branch linux-4.7.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ipv4: reject RTNH_F_DEAD and RTNH_F_LINKDOWN from user space</title>
<updated>2016-07-11T20:41:09+00:00</updated>
<author>
<name>Julian Anastasov</name>
<email>ja@ssi.bg</email>
</author>
<published>2016-07-10T18:11:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=80610229ef7b26615dbb6cb6e873709a60bacc9f'/>
<id>80610229ef7b26615dbb6cb6e873709a60bacc9f</id>
<content type='text'>
Vegard Nossum is reporting for a crash in fib_dump_info
when nh_dev = NULL and fib_nhs == 1:

Pid: 50, comm: netlink.exe Not tainted 4.7.0-rc5+
RIP: 0033:[&lt;00000000602b3d18&gt;]
RSP: 0000000062623890  EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000006261b800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000024 RDI: 000000006245ba00
RBP: 00000000626238f0 R08: 000000000000029c R09: 0000000000000000
R10: 0000000062468038 R11: 000000006245ba00 R12: 000000006245ba00
R13: 00000000625f96c0 R14: 00000000601e16f0 R15: 0000000000000000
Kernel panic - not syncing: Kernel mode fault at addr 0x2e0, ip 0x602b3d18
CPU: 0 PID: 50 Comm: netlink.exe Not tainted 4.7.0-rc5+ #581
Stack:
 626238f0 960226a02 00000400 000000fe
 62623910 600afca7 62623970 62623a48
 62468038 00000018 00000000 00000000
Call Trace:
 [&lt;602b3e93&gt;] rtmsg_fib+0xd3/0x190
 [&lt;602b6680&gt;] fib_table_insert+0x260/0x500
 [&lt;602b0e5d&gt;] inet_rtm_newroute+0x4d/0x60
 [&lt;60250def&gt;] rtnetlink_rcv_msg+0x8f/0x270
 [&lt;60267079&gt;] netlink_rcv_skb+0xc9/0xe0
 [&lt;60250d4b&gt;] rtnetlink_rcv+0x3b/0x50
 [&lt;60265400&gt;] netlink_unicast+0x1a0/0x2c0
 [&lt;60265e47&gt;] netlink_sendmsg+0x3f7/0x470
 [&lt;6021dc9a&gt;] sock_sendmsg+0x3a/0x90
 [&lt;6021e0d0&gt;] ___sys_sendmsg+0x300/0x360
 [&lt;6021fa64&gt;] __sys_sendmsg+0x54/0xa0
 [&lt;6021fac0&gt;] SyS_sendmsg+0x10/0x20
 [&lt;6001ea68&gt;] handle_syscall+0x88/0x90
 [&lt;600295fd&gt;] userspace+0x3fd/0x500
 [&lt;6001ac55&gt;] fork_handler+0x85/0x90

$ addr2line -e vmlinux -i 0x602b3d18
include/linux/inetdevice.h:222
net/ipv4/fib_semantics.c:1264

Problem happens when RTNH_F_LINKDOWN is provided from user space
when creating routes that do not use the flag, catched with
netlink fuzzer.

Currently, the kernel allows user space to set both flags
to nh_flags and fib_flags but this is not intentional, the
assumption was that they are not set. Fix this by rejecting
both flags with EINVAL.

Reported-by: Vegard Nossum &lt;vegard.nossum@oracle.com&gt;
Fixes: 0eeb075fad73 ("net: ipv4 sysctl option to ignore routes when nexthop link is down")
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Cc: Andy Gospodarek &lt;gospo@cumulusnetworks.com&gt;
Cc: Dinesh Dutt &lt;ddutt@cumulusnetworks.com&gt;
Cc: Scott Feldman &lt;sfeldma@gmail.com&gt;
Reviewed-by: Andy Gospodarek &lt;gospo@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Vegard Nossum is reporting for a crash in fib_dump_info
when nh_dev = NULL and fib_nhs == 1:

Pid: 50, comm: netlink.exe Not tainted 4.7.0-rc5+
RIP: 0033:[&lt;00000000602b3d18&gt;]
RSP: 0000000062623890  EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000006261b800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000024 RDI: 000000006245ba00
RBP: 00000000626238f0 R08: 000000000000029c R09: 0000000000000000
R10: 0000000062468038 R11: 000000006245ba00 R12: 000000006245ba00
R13: 00000000625f96c0 R14: 00000000601e16f0 R15: 0000000000000000
Kernel panic - not syncing: Kernel mode fault at addr 0x2e0, ip 0x602b3d18
CPU: 0 PID: 50 Comm: netlink.exe Not tainted 4.7.0-rc5+ #581
Stack:
 626238f0 960226a02 00000400 000000fe
 62623910 600afca7 62623970 62623a48
 62468038 00000018 00000000 00000000
Call Trace:
 [&lt;602b3e93&gt;] rtmsg_fib+0xd3/0x190
 [&lt;602b6680&gt;] fib_table_insert+0x260/0x500
 [&lt;602b0e5d&gt;] inet_rtm_newroute+0x4d/0x60
 [&lt;60250def&gt;] rtnetlink_rcv_msg+0x8f/0x270
 [&lt;60267079&gt;] netlink_rcv_skb+0xc9/0xe0
 [&lt;60250d4b&gt;] rtnetlink_rcv+0x3b/0x50
 [&lt;60265400&gt;] netlink_unicast+0x1a0/0x2c0
 [&lt;60265e47&gt;] netlink_sendmsg+0x3f7/0x470
 [&lt;6021dc9a&gt;] sock_sendmsg+0x3a/0x90
 [&lt;6021e0d0&gt;] ___sys_sendmsg+0x300/0x360
 [&lt;6021fa64&gt;] __sys_sendmsg+0x54/0xa0
 [&lt;6021fac0&gt;] SyS_sendmsg+0x10/0x20
 [&lt;6001ea68&gt;] handle_syscall+0x88/0x90
 [&lt;600295fd&gt;] userspace+0x3fd/0x500
 [&lt;6001ac55&gt;] fork_handler+0x85/0x90

$ addr2line -e vmlinux -i 0x602b3d18
include/linux/inetdevice.h:222
net/ipv4/fib_semantics.c:1264

Problem happens when RTNH_F_LINKDOWN is provided from user space
when creating routes that do not use the flag, catched with
netlink fuzzer.

Currently, the kernel allows user space to set both flags
to nh_flags and fib_flags but this is not intentional, the
assumption was that they are not set. Fix this by rejecting
both flags with EINVAL.

Reported-by: Vegard Nossum &lt;vegard.nossum@oracle.com&gt;
Fixes: 0eeb075fad73 ("net: ipv4 sysctl option to ignore routes when nexthop link is down")
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Cc: Andy Gospodarek &lt;gospo@cumulusnetworks.com&gt;
Cc: Dinesh Dutt &lt;ddutt@cumulusnetworks.com&gt;
Cc: Scott Feldman &lt;sfeldma@gmail.com&gt;
Reviewed-by: Andy Gospodarek &lt;gospo@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net</title>
<updated>2016-05-15T17:32:48+00:00</updated>
<author>
<name>David S. Miller</name>
<email>davem@davemloft.net</email>
</author>
<published>2016-05-15T17:32:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=909b27f706433a0b3dff79aa259de63aafe40a42'/>
<id>909b27f706433a0b3dff79aa259de63aafe40a42</id>
<content type='text'>
The nf_conntrack_core.c fix in 'net' is not relevant in 'net-next'
because we no longer have a per-netns conntrack hash.

The ip_gre.c conflict as well as the iwlwifi ones were cases of
overlapping changes.

Conflicts:
	drivers/net/wireless/intel/iwlwifi/mvm/tx.c
	net/ipv4/ip_gre.c
	net/netfilter/nf_conntrack_core.c

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The nf_conntrack_core.c fix in 'net' is not relevant in 'net-next'
because we no longer have a per-netns conntrack hash.

The ip_gre.c conflict as well as the iwlwifi ones were cases of
overlapping changes.

Conflicts:
	drivers/net/wireless/intel/iwlwifi/mvm/tx.c
	net/ipv4/ip_gre.c
	net/netfilter/nf_conntrack_core.c

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net/route: enforce hoplimit max value</title>
<updated>2016-05-14T19:33:32+00:00</updated>
<author>
<name>Paolo Abeni</name>
<email>pabeni@redhat.com</email>
</author>
<published>2016-05-13T16:33:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=626abd59e51d4d8c6367e03aae252a8aa759ac78'/>
<id>626abd59e51d4d8c6367e03aae252a8aa759ac78</id>
<content type='text'>
Currently, when creating or updating a route, no check is performed
in both ipv4 and ipv6 code to the hoplimit value.

The caller can i.e. set hoplimit to 256, and when such route will
 be used, packets will be sent with hoplimit/ttl equal to 0.

This commit adds checks for the RTAX_HOPLIMIT value, in both ipv4
ipv6 route code, substituting any value greater than 255 with 255.

This is consistent with what is currently done for ADVMSS and MTU
in the ipv4 code.

Signed-off-by: Paolo Abeni &lt;pabeni@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently, when creating or updating a route, no check is performed
in both ipv4 and ipv6 code to the hoplimit value.

The caller can i.e. set hoplimit to 256, and when such route will
 be used, packets will be sent with hoplimit/ttl equal to 0.

This commit adds checks for the RTAX_HOPLIMIT value, in both ipv4
ipv6 route code, substituting any value greater than 255 with 255.

This is consistent with what is currently done for ADVMSS and MTU
in the ipv4 code.

Signed-off-by: Paolo Abeni &lt;pabeni@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: ipv4: Consider failed nexthops in multipath routes</title>
<updated>2016-04-11T19:16:13+00:00</updated>
<author>
<name>David Ahern</name>
<email>dsa@cumulusnetworks.com</email>
</author>
<published>2016-04-07T14:21:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a6db4494d218c2e559173661ee972e048dc04fdd'/>
<id>a6db4494d218c2e559173661ee972e048dc04fdd</id>
<content type='text'>
Multipath route lookups should consider knowledge about next hops and not
select a hop that is known to be failed.

Example:

                     [h2]                   [h3]   15.0.0.5
                      |                      |
                     3|                     3|
                    [SP1]                  [SP2]--+
                     1  2                   1     2
                     |  |     /-------------+     |
                     |   \   /                    |
                     |     X                      |
                     |    / \                     |
                     |   /   \---------------\    |
                     1  2                     1   2
         12.0.0.2  [TOR1] 3-----------------3 [TOR2] 12.0.0.3
                     4                         4
                      \                       /
                        \                    /
                         \                  /
                          -------|   |-----/
                                 1   2
                                [TOR3]
                                  3|
                                   |
                                  [h1]  12.0.0.1

host h1 with IP 12.0.0.1 has 2 paths to host h3 at 15.0.0.5:

    root@h1:~# ip ro ls
    ...
    12.0.0.0/24 dev swp1  proto kernel  scope link  src 12.0.0.1
    15.0.0.0/16
            nexthop via 12.0.0.2  dev swp1 weight 1
            nexthop via 12.0.0.3  dev swp1 weight 1
    ...

If the link between tor3 and tor1 is down and the link between tor1
and tor2 then tor1 is effectively cut-off from h1. Yet the route lookups
in h1 are alternating between the 2 routes: ping 15.0.0.5 gets one and
ssh 15.0.0.5 gets the other. Connections that attempt to use the
12.0.0.2 nexthop fail since that neighbor is not reachable:

    root@h1:~# ip neigh show
    ...
    12.0.0.3 dev swp1 lladdr 00:02:00:00:00:1b REACHABLE
    12.0.0.2 dev swp1  FAILED
    ...

The failed path can be avoided by considering known neighbor information
when selecting next hops. If the neighbor lookup fails we have no
knowledge about the nexthop, so give it a shot. If there is an entry
then only select the nexthop if the state is sane. This is similar to
what fib_detect_death does.

To maintain backward compatibility use of the neighbor information is
based on a new sysctl, fib_multipath_use_neigh.

Signed-off-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Reviewed-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Multipath route lookups should consider knowledge about next hops and not
select a hop that is known to be failed.

Example:

                     [h2]                   [h3]   15.0.0.5
                      |                      |
                     3|                     3|
                    [SP1]                  [SP2]--+
                     1  2                   1     2
                     |  |     /-------------+     |
                     |   \   /                    |
                     |     X                      |
                     |    / \                     |
                     |   /   \---------------\    |
                     1  2                     1   2
         12.0.0.2  [TOR1] 3-----------------3 [TOR2] 12.0.0.3
                     4                         4
                      \                       /
                        \                    /
                         \                  /
                          -------|   |-----/
                                 1   2
                                [TOR3]
                                  3|
                                   |
                                  [h1]  12.0.0.1

host h1 with IP 12.0.0.1 has 2 paths to host h3 at 15.0.0.5:

    root@h1:~# ip ro ls
    ...
    12.0.0.0/24 dev swp1  proto kernel  scope link  src 12.0.0.1
    15.0.0.0/16
            nexthop via 12.0.0.2  dev swp1 weight 1
            nexthop via 12.0.0.3  dev swp1 weight 1
    ...

If the link between tor3 and tor1 is down and the link between tor1
and tor2 then tor1 is effectively cut-off from h1. Yet the route lookups
in h1 are alternating between the 2 routes: ping 15.0.0.5 gets one and
ssh 15.0.0.5 gets the other. Connections that attempt to use the
12.0.0.2 nexthop fail since that neighbor is not reachable:

    root@h1:~# ip neigh show
    ...
    12.0.0.3 dev swp1 lladdr 00:02:00:00:00:1b REACHABLE
    12.0.0.2 dev swp1  FAILED
    ...

The failed path can be avoided by considering known neighbor information
when selecting next hops. If the neighbor lookup fails we have no
knowledge about the nexthop, so give it a shot. If there is an entry
then only select the nexthop if the state is sane. This is similar to
what fib_detect_death does.

To maintain backward compatibility use of the neighbor information is
based on a new sysctl, fib_multipath_use_neigh.

Signed-off-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Reviewed-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Fix prefsrc lookups</title>
<updated>2015-11-05T02:34:37+00:00</updated>
<author>
<name>David Ahern</name>
<email>dsa@cumulusnetworks.com</email>
</author>
<published>2015-11-03T23:59:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e1b8d903c6c3862160d2d5036806a94786c8fc4e'/>
<id>e1b8d903c6c3862160d2d5036806a94786c8fc4e</id>
<content type='text'>
A bug report (https://bugzilla.kernel.org/show_bug.cgi?id=107071) noted
that the follwoing ip command is failing with v4.3:

    $ ip route add 10.248.5.0/24 dev bond0.250 table vlan_250 src 10.248.5.154
    RTNETLINK answers: Invalid argument

021dd3b8a142d changed the lookup of the given preferred source address to
use the table id passed in, but this assumes the local entries are in the
given table which is not necessarily true for non-VRF use cases. When
validating the preferred source fallback to the local table on failure.

Fixes: 021dd3b8a142d ("net: Add routes to the table associated with the device")
Signed-off-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
A bug report (https://bugzilla.kernel.org/show_bug.cgi?id=107071) noted
that the follwoing ip command is failing with v4.3:

    $ ip route add 10.248.5.0/24 dev bond0.250 table vlan_250 src 10.248.5.154
    RTNETLINK answers: Invalid argument

021dd3b8a142d changed the lookup of the given preferred source address to
use the table id passed in, but this assumes the local entries are in the
given table which is not necessarily true for non-VRF use cases. When
validating the preferred source fallback to the local table on failure.

Fixes: 021dd3b8a142d ("net: Add routes to the table associated with the device")
Signed-off-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net</title>
<updated>2015-11-03T18:41:45+00:00</updated>
<author>
<name>David S. Miller</name>
<email>davem@davemloft.net</email>
</author>
<published>2015-11-03T18:41:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=73186df8d7fa574345f0ad626ebe89649f8308a5'/>
<id>73186df8d7fa574345f0ad626ebe89649f8308a5</id>
<content type='text'>
Minor overlapping changes in net/ipv4/ipmr.c, in 'net' we were
fixing the "BH-ness" of the counter bumps whilst in 'net-next'
the functions were modified to take an explicit 'net' parameter.

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Minor overlapping changes in net/ipv4/ipmr.c, in 'net' we were
fixing the "BH-ness" of the counter bumps whilst in 'net-next'
the functions were modified to take an explicit 'net' parameter.

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv4: use l4 hash for locally generated multipath flows</title>
<updated>2015-11-02T19:38:43+00:00</updated>
<author>
<name>Paolo Abeni</name>
<email>pabeni@redhat.com</email>
</author>
<published>2015-10-29T21:20:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9920e48b830a0f4ec06bcbf0ec3147c88ae72bac'/>
<id>9920e48b830a0f4ec06bcbf0ec3147c88ae72bac</id>
<content type='text'>
This patch changes how the multipath hash is computed for locally
generated flows: now the hash comprises l4 information.

This allows better utilization of the available paths when the existing
flows have the same source IP and the same destination IP: with l3 hash,
even when multiple connections are in place simultaneously, a single path
will be used, while with l4 hash we can use all the available paths.

v2 changes:
- use get_hash_from_flowi4() instead of implementing just another l4 hash
  function

Signed-off-by: Paolo Abeni &lt;pabeni@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch changes how the multipath hash is computed for locally
generated flows: now the hash comprises l4 information.

This allows better utilization of the available paths when the existing
flows have the same source IP and the same destination IP: with l3 hash,
even when multiple connections are in place simultaneously, a single path
will be used, while with l4 hash we can use all the available paths.

v2 changes:
- use get_hash_from_flowi4() instead of implementing just another l4 hash
  function

Signed-off-by: Paolo Abeni &lt;pabeni@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv4: update RTNH_F_LINKDOWN flag on UP event</title>
<updated>2015-11-01T21:57:39+00:00</updated>
<author>
<name>Julian Anastasov</name>
<email>ja@ssi.bg</email>
</author>
<published>2015-10-30T08:23:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c9b3292eeb52c6834e972eb5b8fe38914771ed12'/>
<id>c9b3292eeb52c6834e972eb5b8fe38914771ed12</id>
<content type='text'>
When nexthop is part of multipath route we should clear the
LINKDOWN flag when link goes UP or when first address is added.
This is needed because we always set LINKDOWN flag when DEAD flag
was set but now on UP the nexthop is not dead anymore. Examples when
LINKDOWN bit can be forgotten when no NETDEV_CHANGE is delivered:

- link goes down (LINKDOWN is set), then link goes UP and device
shows carrier OK but LINKDOWN remains set

- last address is deleted (LINKDOWN is set), then address is
added and device shows carrier OK but LINKDOWN remains set

Steps to reproduce:
modprobe dummy
ifconfig dummy0 192.168.168.1 up

here add a multipath route where one nexthop is for dummy0:

ip route add 1.2.3.4 nexthop dummy0 nexthop SOME_OTHER_DEVICE
ifconfig dummy0 down
ifconfig dummy0 up

now ip route shows nexthop that is not dead. Now set the sysctl var:

echo 1 &gt; /proc/sys/net/ipv4/conf/dummy0/ignore_routes_with_linkdown

now ip route will show a dead nexthop because the forgotten
RTNH_F_LINKDOWN is propagated as RTNH_F_DEAD.

Fixes: 8a3d03166f19 ("net: track link-status of ipv4 nexthops")
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When nexthop is part of multipath route we should clear the
LINKDOWN flag when link goes UP or when first address is added.
This is needed because we always set LINKDOWN flag when DEAD flag
was set but now on UP the nexthop is not dead anymore. Examples when
LINKDOWN bit can be forgotten when no NETDEV_CHANGE is delivered:

- link goes down (LINKDOWN is set), then link goes UP and device
shows carrier OK but LINKDOWN remains set

- last address is deleted (LINKDOWN is set), then address is
added and device shows carrier OK but LINKDOWN remains set

Steps to reproduce:
modprobe dummy
ifconfig dummy0 192.168.168.1 up

here add a multipath route where one nexthop is for dummy0:

ip route add 1.2.3.4 nexthop dummy0 nexthop SOME_OTHER_DEVICE
ifconfig dummy0 down
ifconfig dummy0 up

now ip route shows nexthop that is not dead. Now set the sysctl var:

echo 1 &gt; /proc/sys/net/ipv4/conf/dummy0/ignore_routes_with_linkdown

now ip route will show a dead nexthop because the forgotten
RTNH_F_LINKDOWN is propagated as RTNH_F_DEAD.

Fixes: 8a3d03166f19 ("net: track link-status of ipv4 nexthops")
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv4: fix to not remove local route on link down</title>
<updated>2015-11-01T21:57:39+00:00</updated>
<author>
<name>Julian Anastasov</name>
<email>ja@ssi.bg</email>
</author>
<published>2015-10-30T08:23:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4f823defdd5b106a5e89745ee8b163c71855de1e'/>
<id>4f823defdd5b106a5e89745ee8b163c71855de1e</id>
<content type='text'>
When fib_netdev_event calls fib_disable_ip on NETDEV_DOWN event
we should not delete the local routes if the local address
is still present. The confusion comes from the fact that both
fib_netdev_event and fib_inetaddr_event use the NETDEV_DOWN
constant. Fix it by returning back the variable 'force'.

Steps to reproduce:
modprobe dummy
ifconfig dummy0 192.168.168.1 up
ifconfig dummy0 down
ip route list table local | grep dummy | grep host
local 192.168.168.1 dev dummy0  proto kernel  scope host  src 192.168.168.1

Fixes: 8a3d03166f19 ("net: track link-status of ipv4 nexthops")
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When fib_netdev_event calls fib_disable_ip on NETDEV_DOWN event
we should not delete the local routes if the local address
is still present. The confusion comes from the fact that both
fib_netdev_event and fib_inetaddr_event use the NETDEV_DOWN
constant. Fix it by returning back the variable 'force'.

Steps to reproduce:
modprobe dummy
ifconfig dummy0 192.168.168.1 up
ifconfig dummy0 down
ip route list table local | grep dummy | grep host
local 192.168.168.1 dev dummy0  proto kernel  scope host  src 192.168.168.1

Fixes: 8a3d03166f19 ("net: track link-status of ipv4 nexthops")
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Fix suspicious RCU usage in fib_rebalance</title>
<updated>2015-10-16T07:57:55+00:00</updated>
<author>
<name>David Ahern</name>
<email>dsa@cumulusnetworks.com</email>
</author>
<published>2015-10-14T23:44:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=51161aa98d0aa4eb20952e16d6c6dbb1d085330e'/>
<id>51161aa98d0aa4eb20952e16d6c6dbb1d085330e</id>
<content type='text'>
This command:
  ip route add 192.168.1.0/24 nexthop via 10.2.1.5 dev eth1 nexthop via 10.2.2.5 dev eth2

generated this suspicious RCU usage message:

[ 63.249262]
[ 63.249939] ===============================
[ 63.251571] [ INFO: suspicious RCU usage. ]
[ 63.253250] 4.3.0-rc3+ #298 Not tainted
[ 63.254724] -------------------------------
[ 63.256401] ../include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage!
[ 63.259450]
[ 63.259450] other info that might help us debug this:
[ 63.259450]
[ 63.262297]
[ 63.262297] rcu_scheduler_active = 1, debug_locks = 1
[ 63.264647] 1 lock held by ip/2870:
[ 63.265896] #0: (rtnl_mutex){+.+.+.}, at: [&lt;ffffffff813ebfb7&gt;] rtnl_lock+0x12/0x14
[ 63.268858]
[ 63.268858] stack backtrace:
[ 63.270409] CPU: 4 PID: 2870 Comm: ip Not tainted 4.3.0-rc3+ #298
[ 63.272478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 63.275745] 0000000000000001 ffff8800b8c9f8b8 ffffffff8125f73c ffff88013afcf301
[ 63.278185] ffff8800bab7a380 ffff8800b8c9f8e8 ffffffff8107bf30 ffff8800bb728000
[ 63.280634] ffff880139fe9a60 0000000000000000 ffff880139fe9a00 ffff8800b8c9f908
[ 63.283177] Call Trace:
[ 63.283959] [&lt;ffffffff8125f73c&gt;] dump_stack+0x4c/0x68
[ 63.285593] [&lt;ffffffff8107bf30&gt;] lockdep_rcu_suspicious+0xfa/0x103
[ 63.287500] [&lt;ffffffff8144d752&gt;] __in_dev_get_rcu+0x48/0x4f
[ 63.289169] [&lt;ffffffff8144d797&gt;] fib_rebalance+0x3e/0x127
[ 63.290753] [&lt;ffffffff8144d986&gt;] ? rcu_read_unlock+0x3e/0x5f
[ 63.292442] [&lt;ffffffff8144ea45&gt;] fib_create_info+0xaf9/0xdcc
[ 63.294093] [&lt;ffffffff8106c12f&gt;] ? sched_clock_local+0x12/0x75
[ 63.295791] [&lt;ffffffff8145236a&gt;] fib_table_insert+0x8c/0x451
[ 63.297493] [&lt;ffffffff8144bf9c&gt;] ? fib_get_table+0x36/0x43
[ 63.299109] [&lt;ffffffff8144c3ca&gt;] inet_rtm_newroute+0x43/0x51
[ 63.300709] [&lt;ffffffff813ef684&gt;] rtnetlink_rcv_msg+0x182/0x195
[ 63.302334] [&lt;ffffffff8107d04c&gt;] ? trace_hardirqs_on+0xd/0xf
[ 63.303888] [&lt;ffffffff813ebfb7&gt;] ? rtnl_lock+0x12/0x14
[ 63.305346] [&lt;ffffffff813ef502&gt;] ? __rtnl_unlock+0x12/0x12
[ 63.306878] [&lt;ffffffff81407c4c&gt;] netlink_rcv_skb+0x3d/0x90
[ 63.308437] [&lt;ffffffff813ec00e&gt;] rtnetlink_rcv+0x21/0x28
[ 63.309916] [&lt;ffffffff81407742&gt;] netlink_unicast+0xfa/0x17f
[ 63.311447] [&lt;ffffffff81407a5e&gt;] netlink_sendmsg+0x297/0x2dc
[ 63.313029] [&lt;ffffffff813c6cd4&gt;] sock_sendmsg_nosec+0x12/0x1d
[ 63.314597] [&lt;ffffffff813c835b&gt;] ___sys_sendmsg+0x196/0x21b
[ 63.316125] [&lt;ffffffff8100bf9f&gt;] ? native_sched_clock+0x1f/0x3c
[ 63.317671] [&lt;ffffffff8106c12f&gt;] ? sched_clock_local+0x12/0x75
[ 63.319185] [&lt;ffffffff8106c397&gt;] ? sched_clock_cpu+0x9d/0xb6
[ 63.320693] [&lt;ffffffff8107e2d7&gt;] ? __lock_is_held+0x32/0x54
[ 63.322145] [&lt;ffffffff81159fcb&gt;] ? __fget_light+0x4b/0x77
[ 63.323541] [&lt;ffffffff813c8726&gt;] __sys_sendmsg+0x3d/0x5b
[ 63.324947] [&lt;ffffffff813c8751&gt;] SyS_sendmsg+0xd/0x19
[ 63.326274] [&lt;ffffffff814c8f57&gt;] entry_SYSCALL_64_fastpath+0x12/0x6f

It looks like all of the code paths to fib_rebalance are under rtnl.

Fixes: 0e884c78ee19 ("ipv4: L3 hash-based multipath")
Cc: Peter Nørlund &lt;pch@ordbogen.com&gt;
Signed-off-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This command:
  ip route add 192.168.1.0/24 nexthop via 10.2.1.5 dev eth1 nexthop via 10.2.2.5 dev eth2

generated this suspicious RCU usage message:

[ 63.249262]
[ 63.249939] ===============================
[ 63.251571] [ INFO: suspicious RCU usage. ]
[ 63.253250] 4.3.0-rc3+ #298 Not tainted
[ 63.254724] -------------------------------
[ 63.256401] ../include/linux/inetdevice.h:205 suspicious rcu_dereference_check() usage!
[ 63.259450]
[ 63.259450] other info that might help us debug this:
[ 63.259450]
[ 63.262297]
[ 63.262297] rcu_scheduler_active = 1, debug_locks = 1
[ 63.264647] 1 lock held by ip/2870:
[ 63.265896] #0: (rtnl_mutex){+.+.+.}, at: [&lt;ffffffff813ebfb7&gt;] rtnl_lock+0x12/0x14
[ 63.268858]
[ 63.268858] stack backtrace:
[ 63.270409] CPU: 4 PID: 2870 Comm: ip Not tainted 4.3.0-rc3+ #298
[ 63.272478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 63.275745] 0000000000000001 ffff8800b8c9f8b8 ffffffff8125f73c ffff88013afcf301
[ 63.278185] ffff8800bab7a380 ffff8800b8c9f8e8 ffffffff8107bf30 ffff8800bb728000
[ 63.280634] ffff880139fe9a60 0000000000000000 ffff880139fe9a00 ffff8800b8c9f908
[ 63.283177] Call Trace:
[ 63.283959] [&lt;ffffffff8125f73c&gt;] dump_stack+0x4c/0x68
[ 63.285593] [&lt;ffffffff8107bf30&gt;] lockdep_rcu_suspicious+0xfa/0x103
[ 63.287500] [&lt;ffffffff8144d752&gt;] __in_dev_get_rcu+0x48/0x4f
[ 63.289169] [&lt;ffffffff8144d797&gt;] fib_rebalance+0x3e/0x127
[ 63.290753] [&lt;ffffffff8144d986&gt;] ? rcu_read_unlock+0x3e/0x5f
[ 63.292442] [&lt;ffffffff8144ea45&gt;] fib_create_info+0xaf9/0xdcc
[ 63.294093] [&lt;ffffffff8106c12f&gt;] ? sched_clock_local+0x12/0x75
[ 63.295791] [&lt;ffffffff8145236a&gt;] fib_table_insert+0x8c/0x451
[ 63.297493] [&lt;ffffffff8144bf9c&gt;] ? fib_get_table+0x36/0x43
[ 63.299109] [&lt;ffffffff8144c3ca&gt;] inet_rtm_newroute+0x43/0x51
[ 63.300709] [&lt;ffffffff813ef684&gt;] rtnetlink_rcv_msg+0x182/0x195
[ 63.302334] [&lt;ffffffff8107d04c&gt;] ? trace_hardirqs_on+0xd/0xf
[ 63.303888] [&lt;ffffffff813ebfb7&gt;] ? rtnl_lock+0x12/0x14
[ 63.305346] [&lt;ffffffff813ef502&gt;] ? __rtnl_unlock+0x12/0x12
[ 63.306878] [&lt;ffffffff81407c4c&gt;] netlink_rcv_skb+0x3d/0x90
[ 63.308437] [&lt;ffffffff813ec00e&gt;] rtnetlink_rcv+0x21/0x28
[ 63.309916] [&lt;ffffffff81407742&gt;] netlink_unicast+0xfa/0x17f
[ 63.311447] [&lt;ffffffff81407a5e&gt;] netlink_sendmsg+0x297/0x2dc
[ 63.313029] [&lt;ffffffff813c6cd4&gt;] sock_sendmsg_nosec+0x12/0x1d
[ 63.314597] [&lt;ffffffff813c835b&gt;] ___sys_sendmsg+0x196/0x21b
[ 63.316125] [&lt;ffffffff8100bf9f&gt;] ? native_sched_clock+0x1f/0x3c
[ 63.317671] [&lt;ffffffff8106c12f&gt;] ? sched_clock_local+0x12/0x75
[ 63.319185] [&lt;ffffffff8106c397&gt;] ? sched_clock_cpu+0x9d/0xb6
[ 63.320693] [&lt;ffffffff8107e2d7&gt;] ? __lock_is_held+0x32/0x54
[ 63.322145] [&lt;ffffffff81159fcb&gt;] ? __fget_light+0x4b/0x77
[ 63.323541] [&lt;ffffffff813c8726&gt;] __sys_sendmsg+0x3d/0x5b
[ 63.324947] [&lt;ffffffff813c8751&gt;] SyS_sendmsg+0xd/0x19
[ 63.326274] [&lt;ffffffff814c8f57&gt;] entry_SYSCALL_64_fastpath+0x12/0x6f

It looks like all of the code paths to fib_rebalance are under rtnl.

Fixes: 0e884c78ee19 ("ipv4: L3 hash-based multipath")
Cc: Peter Nørlund &lt;pch@ordbogen.com&gt;
Signed-off-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
