Commit 27705f70 authored by Jiri Benc's avatar Jiri Benc Committed by David S. Miller

ipvlan: fix addr hash list corruption

When ipvlan interface with IP addresses attached is brought down and then
deleted, the assigned addresses are deleted twice from the address hash
list, first on the interface down and second on the link deletion.
Similarly, when an address is added while the interface is down, it is added
second time once the interface is brought up.

When the interface is down, the addresses should be kept off the hash list
for performance reasons. Ensure this is true, which also fixes the double add
problem. To fix the double free, check whether the address is hashed before
removing it.
Reported-by: default avatarDan Williams <dcbw@redhat.com>
Signed-off-by: default avatarJiri Benc <jbenc@redhat.com>
Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 63c60732
...@@ -81,12 +81,13 @@ void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr) ...@@ -81,12 +81,13 @@ void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr)
hash = (addr->atype == IPVL_IPV6) ? hash = (addr->atype == IPVL_IPV6) ?
ipvlan_get_v6_hash(&addr->ip6addr) : ipvlan_get_v6_hash(&addr->ip6addr) :
ipvlan_get_v4_hash(&addr->ip4addr); ipvlan_get_v4_hash(&addr->ip4addr);
if (hlist_unhashed(&addr->hlnode))
hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]); hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]);
} }
void ipvlan_ht_addr_del(struct ipvl_addr *addr, bool sync) void ipvlan_ht_addr_del(struct ipvl_addr *addr, bool sync)
{ {
hlist_del_rcu(&addr->hlnode); hlist_del_init_rcu(&addr->hlnode);
if (sync) if (sync)
synchronize_rcu(); synchronize_rcu();
} }
......
...@@ -622,6 +622,10 @@ static int ipvlan_add_addr6(struct ipvl_dev *ipvlan, struct in6_addr *ip6_addr) ...@@ -622,6 +622,10 @@ static int ipvlan_add_addr6(struct ipvl_dev *ipvlan, struct in6_addr *ip6_addr)
addr->atype = IPVL_IPV6; addr->atype = IPVL_IPV6;
list_add_tail_rcu(&addr->anode, &ipvlan->addrs); list_add_tail_rcu(&addr->anode, &ipvlan->addrs);
ipvlan->ipv6cnt++; ipvlan->ipv6cnt++;
/* If the interface is not up, the address will be added to the hash
* list by ipvlan_open.
*/
if (netif_running(ipvlan->dev))
ipvlan_ht_addr_add(ipvlan, addr); ipvlan_ht_addr_add(ipvlan, addr);
return 0; return 0;
...@@ -690,6 +694,10 @@ static int ipvlan_add_addr4(struct ipvl_dev *ipvlan, struct in_addr *ip4_addr) ...@@ -690,6 +694,10 @@ static int ipvlan_add_addr4(struct ipvl_dev *ipvlan, struct in_addr *ip4_addr)
addr->atype = IPVL_IPV4; addr->atype = IPVL_IPV4;
list_add_tail_rcu(&addr->anode, &ipvlan->addrs); list_add_tail_rcu(&addr->anode, &ipvlan->addrs);
ipvlan->ipv4cnt++; ipvlan->ipv4cnt++;
/* If the interface is not up, the address will be added to the hash
* list by ipvlan_open.
*/
if (netif_running(ipvlan->dev))
ipvlan_ht_addr_add(ipvlan, addr); ipvlan_ht_addr_add(ipvlan, addr);
ipvlan_set_broadcast_mac_filter(ipvlan, true); ipvlan_set_broadcast_mac_filter(ipvlan, true);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment