From patchwork Wed Jan 9 09:57:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 1022359 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=mellanox.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=Mellanox.com header.i=@Mellanox.com header.b="QpBHAaCS"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43ZPgv0xxPz9sD9 for ; Wed, 9 Jan 2019 20:57:47 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729695AbfAIJ5p (ORCPT ); Wed, 9 Jan 2019 04:57:45 -0500 Received: from mail-eopbgr60053.outbound.protection.outlook.com ([40.107.6.53]:26992 "EHLO EUR04-DB3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729281AbfAIJ5p (ORCPT ); Wed, 9 Jan 2019 04:57:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k4ZUpiXN8jUXGnscd7DvknKnkmPb25+6gokQUD1z9/0=; b=QpBHAaCSpxvitaM+b0ZPXm1UyKCKJYOZcEuSvqye2QE9fayJLXHg6rTCQmJg7XJFJH3xsrDdKQ5tP60ka947Kocv5pwLn/a6zD32wWjdM9bgQxXc+R0FvPBcaJK+nyjLpTlxZeZd592mUPr/jN3IYTbrajxDInKb4HvJaz8AgB0= Received: from AM6PR05MB6056.eurprd05.prod.outlook.com (20.179.2.148) by AM6PR05MB6328.eurprd05.prod.outlook.com (20.179.5.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.14; Wed, 9 Jan 2019 09:57:39 +0000 Received: from AM6PR05MB6056.eurprd05.prod.outlook.com ([fe80::5490:e4ea:7798:e65f]) by AM6PR05MB6056.eurprd05.prod.outlook.com ([fe80::5490:e4ea:7798:e65f%3]) with mapi id 15.20.1516.010; Wed, 9 Jan 2019 09:57:39 +0000 From: Ido Schimmel To: "netdev@vger.kernel.org" CC: "davem@davemloft.net" , "dsahern@gmail.com" , Ido Schimmel Subject: [PATCH net] net: ipv4: Fix memory leak in network namespace dismantle Thread-Topic: [PATCH net] net: ipv4: Fix memory leak in network namespace dismantle Thread-Index: AQHUqAHBTzHeUVGvqkSNZDTWcwKl7w== Date: Wed, 9 Jan 2019 09:57:39 +0000 Message-ID: <20190109095708.6120-1-idosch@mellanox.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM5PR0201CA0007.eurprd02.prod.outlook.com (2603:10a6:203:3d::17) To AM6PR05MB6056.eurprd05.prod.outlook.com (2603:10a6:20b:ab::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=idosch@mellanox.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-originating-ip: [193.47.165.251] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM6PR05MB6328; 6:XDLJ5+0KK0sAaaBXFcU3RsMcnUGfOtG2oyVJNePxLORLCdIMjJs/8WawV6LGqKnZRJzZaCIMHr6CjLVxoDXyC0VD1TcX2luO8wYT+OU0ayeU3CYBAPAudAbcfawNt92d1D/pSHNe4P1Rd+nSejZWWEeJMrR1tBfrkapnRn/fpK9gei8Vt1e0GRYAZ+25mlzszPZE7jcO+pzVZyPAm/ebAwSvGY8dUxBP1KY9zuxIQntpBDomVpnaGrdKG0AvVG3eA4ITRJ+aiex9Gl0ddDNyFP1GaJocjW/tevBxesxlLZznPAHD/U1d1t888kRTP6spoDID5KJ5gzSiUaN8eAMkZ3ecnfIQ5I7khCLLfq/Awv5SdT1+fY2n9hR8M52hYF+YqW78o+/AcDFKoAT16074pJtZwLRilDztFL1ckvaVDXGXl8dMlxr9WbkG+mHqSCIR6DOd0J/DDrlpAeOo7Nk5Yw==; 5:whom7PspgZ4j+XA6BnPQRHGg/CCI9dExATdYz7WW2ouVPQn3DDKPE1jagtfx8gqcO3Nm4LdZvHfphAxGWSPqVpnlJ8Qi4cDt/ZgNeCS0olc7Jdc1dGhXyuI+u21rryPuSf6WHSPPpNYdpxt4k3/ozDhRL6Ab49Uoedq5T3rHszAaTa7kHPKN/OUtlPmrOhrPJ4m5EAzp0e5Ie65AYA1OBQ==; 7:nEzPGOAdVEABY/b14gRH/yb0nBlII117tEBxxfJGuOLLQlKR4xxKfYouTi7cC/X+vaeal3iknkQLhts7YC2LTckon1r2d7cQgte2ne6g9gl8cc+FBXlvPvhft8BPVPiex2ifIChG03HYyry3vb+Cmg== x-ms-office365-filtering-correlation-id: 4db484c8-cca6-4cd2-2d7c-08d67618e3ef x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:AM6PR05MB6328; x-ms-traffictypediagnostic: AM6PR05MB6328: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231475)(944501520)(52105112)(6055026)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201703061421075)(201703161042150)(6042181)(201708071742011)(7699051)(76991095); SRVR:AM6PR05MB6328; BCL:0; PCL:0; RULEID:; SRVR:AM6PR05MB6328; x-forefront-prvs: 0912297777 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(199004)(189003)(50084003)(53936002)(256004)(14444005)(66066001)(186003)(25786009)(81156014)(1730700003)(81166006)(5660300001)(8936002)(386003)(6506007)(102836004)(486006)(26005)(2616005)(36756003)(97736004)(86362001)(498600001)(14454004)(476003)(1076003)(2906002)(6916009)(6436002)(107886003)(52116002)(68736007)(2351001)(71200400001)(71190400001)(99286004)(54906003)(106356001)(50226002)(6486002)(105586002)(8676002)(4326008)(39060400002)(2501003)(3846002)(6116002)(6512007)(5640700003)(305945005)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR05MB6328; H:AM6PR05MB6056.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: U3tJNGJ2Mff+VKeEBnwP92eD1YVPTrtSuvARPh3B1W7t2fSCK1iV3RuMO0BRG+fE/8wjWE2V3HxRTSdUDfcHU0N3xnI1WhwlM07EdUUwEe9Wki/kP8+TDL84bi8JYpfI7NuHVL1R/VtIdP/MpUSm5V8nfC3OLDBIawbTOOnsh2vW8GVrWuWQvCmFeQkWTqK03wcmNULZtDCRiVbFRtdHRDr0nBGVbZK8VOOm9QozGr4QJp08vpmH4KfBbJ+Y3MKnfca7N3dmr0+sqPymkCRjlxWYSPl+XGHMwq/KP7EaLZvUldti8WMUYUorCy3uObca spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4db484c8-cca6-4cd2-2d7c-08d67618e3ef X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2019 09:57:39.0766 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR05MB6328 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org IPv4 routing tables are flushed in two cases: 1. In response to events in the netdev and inetaddr notification chains 2. When a network namespace is being dismantled In both cases only routes associated with a dead nexthop group are flushed. However, a nexthop group will only be marked as dead in case it is populated with actual nexthops using a nexthop device. This is not the case when the route in question is an error route (e.g., 'blackhole', 'unreachable'). Therefore, when a network namespace is being dismantled such routes are not flushed and leaked [1]. To reproduce: # ip netns add blue # ip -n blue route add unreachable 192.0.2.0/24 # ip netns del blue Fix this by not skipping error routes that are not marked with RTNH_F_DEAD when flushing the routing tables. To prevent the flushing of such routes in case #1, add a parameter to fib_table_flush() that indicates if the table is flushed as part of namespace dismantle or not. Note that this problem does not exist in IPv6 since error routes are associated with the loopback device. [1] unreferenced object 0xffff888066650338 (size 56): comm "ip", pid 1206, jiffies 4294786063 (age 26.235s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 b0 1c 62 61 80 88 ff ff ..........ba.... e8 8b a1 64 80 88 ff ff 00 07 00 08 fe 00 00 00 ...d............ backtrace: [<00000000856ed27d>] inet_rtm_newroute+0x129/0x220 [<00000000fcdfc00a>] rtnetlink_rcv_msg+0x397/0xa20 [<00000000cb85801a>] netlink_rcv_skb+0x132/0x380 [<00000000ebc991d2>] netlink_unicast+0x4c0/0x690 [<0000000014f62875>] netlink_sendmsg+0x929/0xe10 [<00000000bac9d967>] sock_sendmsg+0xc8/0x110 [<00000000223e6485>] ___sys_sendmsg+0x77a/0x8f0 [<000000002e94f880>] __sys_sendmsg+0xf7/0x250 [<00000000ccb1fa72>] do_syscall_64+0x14d/0x610 [<00000000ffbe3dae>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<000000003a8b605b>] 0xffffffffffffffff unreferenced object 0xffff888061621c88 (size 48): comm "ip", pid 1206, jiffies 4294786063 (age 26.235s) hex dump (first 32 bytes): 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk 6b 6b 6b 6b 6b 6b 6b 6b d8 8e 26 5f 80 88 ff ff kkkkkkkk..&_.... backtrace: [<00000000733609e3>] fib_table_insert+0x978/0x1500 [<00000000856ed27d>] inet_rtm_newroute+0x129/0x220 [<00000000fcdfc00a>] rtnetlink_rcv_msg+0x397/0xa20 [<00000000cb85801a>] netlink_rcv_skb+0x132/0x380 [<00000000ebc991d2>] netlink_unicast+0x4c0/0x690 [<0000000014f62875>] netlink_sendmsg+0x929/0xe10 [<00000000bac9d967>] sock_sendmsg+0xc8/0x110 [<00000000223e6485>] ___sys_sendmsg+0x77a/0x8f0 [<000000002e94f880>] __sys_sendmsg+0xf7/0x250 [<00000000ccb1fa72>] do_syscall_64+0x14d/0x610 [<00000000ffbe3dae>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<000000003a8b605b>] 0xffffffffffffffff Fixes: 8cced9eff1d4 ("[NETNS]: Enable routing configuration in non-initial namespace.") Signed-off-by: Ido Schimmel Reviewed-by: David Ahern --- include/net/ip_fib.h | 2 +- net/ipv4/fib_frontend.c | 4 ++-- net/ipv4/fib_trie.c | 15 ++++++++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index c5969762a8f4..9c8214d2116d 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -241,7 +241,7 @@ int fib_table_delete(struct net *, struct fib_table *, struct fib_config *, struct netlink_ext_ack *extack); int fib_table_dump(struct fib_table *table, struct sk_buff *skb, struct netlink_callback *cb, struct fib_dump_filter *filter); -int fib_table_flush(struct net *net, struct fib_table *table); +int fib_table_flush(struct net *net, struct fib_table *table, bool flush_all); struct fib_table *fib_trie_unmerge(struct fib_table *main_tb); void fib_table_flush_external(struct fib_table *table); void fib_free_table(struct fib_table *tb); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 6df95be96311..fe4f6a624238 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -203,7 +203,7 @@ static void fib_flush(struct net *net) struct fib_table *tb; hlist_for_each_entry_safe(tb, tmp, head, tb_hlist) - flushed += fib_table_flush(net, tb); + flushed += fib_table_flush(net, tb, false); } if (flushed) @@ -1463,7 +1463,7 @@ static void ip_fib_net_exit(struct net *net) hlist_for_each_entry_safe(tb, tmp, head, tb_hlist) { hlist_del(&tb->tb_hlist); - fib_table_flush(net, tb); + fib_table_flush(net, tb, true); fib_free_table(tb); } } diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 237c9f72b265..a573e37e0615 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -1856,7 +1856,7 @@ void fib_table_flush_external(struct fib_table *tb) } /* Caller must hold RTNL. */ -int fib_table_flush(struct net *net, struct fib_table *tb) +int fib_table_flush(struct net *net, struct fib_table *tb, bool flush_all) { struct trie *t = (struct trie *)tb->tb_data; struct key_vector *pn = t->kv; @@ -1904,8 +1904,17 @@ int fib_table_flush(struct net *net, struct fib_table *tb) hlist_for_each_entry_safe(fa, tmp, &n->leaf, fa_list) { struct fib_info *fi = fa->fa_info; - if (!fi || !(fi->fib_flags & RTNH_F_DEAD) || - tb->tb_id != fa->tb_id) { + if (!fi || tb->tb_id != fa->tb_id || + (!(fi->fib_flags & RTNH_F_DEAD) && + !fib_props[fa->fa_type].error)) { + slen = fa->fa_slen; + continue; + } + + /* Do not flush error routes if network namespace is + * not being dismantled + */ + if (!flush_all && fib_props[fa->fa_type].error) { slen = fa->fa_slen; continue; }