OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/include/net
History
msizanoen1 ee38eb8cf9 ipv6: fix memory leak in fib6_rule_suppress 
commit cdef485217d30382f3bf6448c54b4401648fe3f1 upstream.

The kernel leaks memory when a `fib` rule is present in IPv6 nftables
firewall rules and a suppress_prefix rule is present in the IPv6 routing
rules (used by certain tools such as wg-quick). In such scenarios, every
incoming packet will leak an allocation in `ip6_dst_cache` slab cache.

After some hours of `bpftrace`-ing and source code reading, I tracked
down the issue to ca7a03c417 ("ipv6: do not free rt if
FIB_LOOKUP_NOREF is set on suppress rule").

The problem with that change is that the generic `args->flags` always have
`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag
`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not
decreasing the refcount when needed.

How to reproduce:
 - Add the following nftables rule to a prerouting chain:
     meta nfproto ipv6 fib saddr . mark . iif oif missing drop
   This can be done with:
     sudo nft create table inet test
     sudo nft create chain inet test test_chain '{ type filter hook prerouting priority filter + 10; policy accept; }'
     sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop
 - Run:
     sudo ip -6 rule add table main suppress_prefixlength 0
 - Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase
   with every incoming ipv6 packet.

This patch exposes the protocol-specific flags to the protocol
specific `suppress` function, and check the protocol-specific `flags`
argument for RT6_LOOKUP_F_DST_NOREF instead of the generic
FIB_LOOKUP_NOREF when decreasing the refcount, like this.

[1]: ca7a03c417/net/ipv6/fib6_rules.c (L71)
[2]: ca7a03c417/net/ipv6/fib6_rules.c (L99)

Link: https://bugzilla.kernel.org/show_bug.cgi?id=215105
Fixes: ca7a03c417 ("ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule")
Cc: stable@vger.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-12-08 09:01:13 +01:00
..
9p treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 188 2019-05-30 11:29:21 -07:00
bluetooth Bluetooth: defer cleanup of resources in hci_unregister_dev() 2021-08-12 13:20:58 +02:00
caif net: caif: add proper error handling 2021-06-10 13:37:09 +02:00
iucv net/af_iucv: locate IUCV header via skb_network_header() 2018-09-26 09:56:07 -07:00
netfilter netfilter: nft_dynset: fix timeouts later than 23 days 2020-12-30 11:50:54 +01:00
netns ipv4: convert fib_num_tclassid_users to atomic_t 2021-12-08 09:01:12 +01:00
nfc NFC: add NCI_UNREG flag to eliminate the race 2021-12-01 09:23:35 +01:00
phonet treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
sctp sctp: move 198 addresses from unusable to private scope 2021-07-31 08:19:38 +02:00
tc_act net/sched: act_vlan: Fix modify to allow 0 2021-07-14 16:53:27 +02:00
6lowpan.h
Space.h
act_api.h net: sched: fix police ext initialization 2021-03-04 10:26:53 +01:00
addrconf.h net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-05-14 09:44:32 +02:00
af_ieee802154.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
af_rxrpc.h rxrpc: Make rxrpc_kernel_get_srtt() indicate validity 2020-09-09 19:12:23 +02:00
af_unix.h net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
af_vsock.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 321 2019-06-05 17:37:05 +02:00
ah.h
arp.h net: avoid potential false sharing in neighbor related code 2019-12-31 16:45:03 +01:00
atmclip.h
ax25.h ax25: fix possible use-after-free 2019-01-23 11:18:00 -08:00
ax88796.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
bond_3ad.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 90 2019-05-24 17:37:53 +02:00
bond_alb.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 5 2019-05-21 11:28:40 +02:00
bond_options.h bonding: add an option to specify a delay between peer notifications 2019-07-04 12:30:48 -07:00
bonding.h bonding: wait for sysfs kobject destruction before freeing struct slave 2020-12-08 10:40:24 +01:00
bpf_sk_storage.h bpf: support cloning sk storage on accept() 2019-08-17 23:18:54 +02:00
busy_poll.h net: annotate data race around sk_ll_usec 2021-07-31 08:19:38 +02:00
calipso.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
cfg80211-wext.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
cfg80211.h mac80211: properly handle A-MSDUs that start with an RFC 1042 header 2021-06-03 08:59:01 +02:00
cfg802154.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
checksum.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cipso_ipv4.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
cls_cgroup.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
codel.h
codel_impl.h
codel_qdisc.h
compat.h net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
datalink.h
dcbevent.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201 2019-05-30 11:29:52 -07:00
dcbnl.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201 2019-05-30 11:29:52 -07:00
devlink.h devlink: disallow reload operation during device cleanup 2019-11-09 19:38:36 -08:00
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 24 2019-05-21 11:52:39 +02:00
dn_route.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 24 2019-05-21 11:52:39 +02:00
drop_monitor.h net: drop_monitor: use IS_REACHABLE() to guard net_dm_hw_report() 2020-05-27 17:46:24 +02:00
dsa.h net: dsa: Pass ndo_setup_tc slave callback to drivers 2019-09-16 21:32:57 +02:00
dsfield.h
dst.h net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb 2020-07-22 09:32:47 +02:00
dst_cache.h
dst_metadata.h net: validate lwtstate->data before returning from skb_tunnel_info() 2021-07-25 14:35:15 +02:00
dst_ops.h net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
erspan.h
esp.h
ethoc.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
failover.h
fib_notifier.h net: fib: drop include of module.h from fib_notifier.h 2019-04-22 21:50:53 -07:00
fib_rules.h ipv6: fix memory leak in fib6_rule_suppress 2021-12-08 09:01:13 +01:00
firewire.h
flow.h ipv4: Initialize flowi4_multipath_hash in data path 2020-09-26 18:03:12 +02:00
flow_dissector.h net: sched: correct flower port blocking 2020-03-05 16:43:32 +01:00
flow_offload.h net: core: rename indirect block ingress cb function 2019-12-18 16:08:47 +01:00
fou.h
fq.h net/flow_dissector: switch to siphash 2019-10-23 20:13:22 -07:00
fq_impl.h net/fq_impl: Switch to kvmalloc() for memory allocation 2019-11-08 09:11:49 +01:00
garp.h
gen_stats.h net: align gnet_stats_basic_cpu struct 2018-11-17 21:37:29 -08:00
genetlink.h genetlink: remove genl_bind 2020-07-22 09:32:46 +02:00
geneve.h net: Move the definition of the default Geneve udp port to public header file 2019-03-22 12:09:31 -07:00
gre.h net: Add netif_is_gretap()/netif_is_ip6gretap() 2018-12-10 15:53:04 -08:00
gro_cells.h
gtp.h
gue.h net:gue.h:Fix shifting signed 32-bit value by 31 bits problem 2019-07-01 10:58:23 -07:00
hwbm.h net: hwbm: if CONFIG_NET_HWBM unset, make stub functions static 2019-10-25 16:24:32 -07:00
icmp.h net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 10:26:53 +01:00
ieee80211_radiotap.h wireless-drivers-next patches for 5.1 2019-02-22 12:56:24 -08:00
ieee802154_netdev.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
if_inet6.h ipv6: shrink struct ipv6_mc_socklist 2019-08-28 14:43:03 -07:00
ife.h net: ife: drop include of module.h from net/ife.h 2019-04-22 21:50:53 -07:00
ila.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
inet6_connection_sock.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
inet6_hashtables.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
inet_common.h inet: factor out inet_send_prepare() 2019-07-03 13:51:54 -07:00
inet_connection_sock.h tcp: relookup sock for RST+ACK packets handled by obsolete req sock 2021-03-30 14:35:26 +02:00
inet_ecn.h inet_ecn: Fix endianness of checksum update when setting ECT(1) 2020-12-08 10:40:25 +01:00
inet_frag.h inet: frags: re-introduce skb coalescing for local delivery 2019-08-08 15:55:10 -07:00
inet_hashtables.h dccp: Fix possible memleak in dccp_init and dccp_fini 2020-06-17 16:40:32 +02:00
inet_sock.h ip: support SO_MARK cmsg 2019-09-13 21:44:19 +02:00
inet_timewait_sock.h tcp: honor SO_PRIORITY in TIME_WAIT state 2019-09-27 12:05:02 +02:00
inetpeer.h net: ipv4: use a dedicated counter for icmp_v4 redirect packets 2019-02-08 21:50:15 -08:00
ip.h net: lwtunnel: handle MTU calculation in forwading 2021-07-14 16:53:35 +02:00
ip6_checksum.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6_fib.h net: ipv6: add fib6_nh_release_dsts stub 2021-12-01 09:23:33 +01:00
ip6_route.h net: ipv6: fix returned variable type in ip6_skb_dst_mtu 2021-08-12 13:20:57 +02:00
ip6_tunnel.h ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL 2019-06-18 20:48:45 -04:00
ip_fib.h ipv4: convert fib_num_tclassid_users to atomic_t 2021-12-08 09:01:12 +01:00
ip_tunnels.h ip_tunnels: Set tunnel option flag when tunnel metadata is present 2020-11-24 13:29:05 +01:00
ip_vs.h ipvs: allow connection reuse for unconfirmed conntrack 2020-08-19 08:16:10 +02:00
ipcomp.h
ipconfig.h
ipv6.h net: ipv6: add net argument to ip6_dst_lookup_flow 2019-12-18 16:08:40 +01:00
ipv6_frag.h inet: fix various use-after-free in defrags units 2019-06-19 11:37:47 -04:00
ipv6_stubs.h net: ipv6: add fib6_nh_release_dsts stub 2021-12-01 09:23:33 +01:00
ipx.h bonding/alb: properly access headers in bond_alb_xmit() 2020-02-11 04:35:48 -08:00
iw_handler.h
kcm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
l3mdev.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
lag.h net: Add lag.h, net_lag_port_dev_txable() 2018-07-11 23:10:19 -07:00
lapb.h
lib80211.h
llc.h llc: fix out-of-bound array index in llc_sk_dev_hash() 2021-11-17 09:48:47 +01:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h llc: fix sk_buff leak in llc_conn_service() 2019-10-08 13:23:05 -07:00
llc_if.h
llc_pdu.h net: llc: fix skb_over_panic 2021-08-04 12:27:39 +02:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h lwtunnel: Pass encap and encap type attributes to lwtunnel_fill_encap 2019-04-23 19:42:29 -07:00
mac80211.h mac80211: populate debugfs only after cfg80211 init 2020-04-29 16:33:18 +02:00
mac802154.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
mip6.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
mld.h
mpls.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
mpls_iptunnel.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
mrp.h
ncsi.h
ndisc.h net: avoid potential false sharing in neighbor related code 2019-12-31 16:45:03 +01:00
neighbour.h net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE 2021-11-17 09:48:49 +01:00
net_failover.h
net_namespace.h net: make get_net_ns return error if NET_NS is disabled 2021-06-23 14:41:25 +02:00
net_ratelimit.h
netevent.h net: ipv4: Notify about changes to ip_forward_update_priority 2018-08-01 09:52:30 -07:00
netlabel.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
netlink.h netlink: Fix nlmsg_parse as a wrapper for strict message parsing 2019-08-13 20:37:16 -07:00
netprio_cgroup.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
netrom.h net: netrom: Fix error cleanup path of nr_proto_init 2019-04-11 13:59:49 -07:00
nexthop.h net: ipv4: Fix rtnexthop len when RTA_FLOW is present 2021-10-06 15:42:33 +02:00
nl802154.h net: ieee802154: handle iftypes as u32 2021-12-01 09:23:32 +01:00
nsh.h
p8022.h
page_pool.h mm: fix struct page layout on 32-bit systems 2021-05-19 10:08:31 +02:00
ping.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pkt_cls.h net_sched: fix ops->bind_class() implementations 2020-02-01 09:34:38 +00:00
pkt_sched.h net: prevent user from passing illegal stab size 2021-10-17 10:42:34 +02:00
pptp.h
protocol.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
psample.h psample: Add a fwd declaration for skbuff 2021-08-18 08:56:59 +02:00
psnap.h
raw.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rawv6.h
red.h sch_red: fix off-by-one checks in red_check_params() 2021-04-14 08:24:14 +02:00
regulatory.h cfg80211: make wmm_rule part of the reg_rule structure 2018-08-28 11:11:47 +02:00
request_sock.h net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head 2019-10-09 21:34:31 -07:00
rose.h
route.h ipv4: Revert removal of rt_uses_gateway 2019-09-20 18:23:33 -07:00
rsi_91x.h
rtnetlink.h can: dev: Move device back to init netns on owning netns delete 2021-03-30 14:35:29 +02:00
rtnh.h net: Rename net/nexthop.h net/rtnh.h 2019-04-22 21:47:25 -07:00
sch_generic.h net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-17 09:48:28 +01:00
scm.h pids: Compute task_tgid using signal->leader_pid 2018-07-21 10:43:12 -05:00
secure_seq.h
seg6.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
seg6_hmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
seg6_local.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
slhc_vj.h
smc.h net/smc: add smcd support to the pnet table 2019-02-21 10:34:37 -08:00
snmp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sock.h af_unix: fix races in sk_peer_pid and sk_peer_cred accesses 2021-10-06 15:42:35 +02:00
sock_reuseport.h udp: correct reuseport selection with connected sockets 2019-09-16 09:02:18 +02:00
stp.h
strparser.h bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-17 09:48:48 +01:00
switchdev.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tcp.h tcp: fix SO_RCVLOWAT related hangs under mem pressure 2021-03-04 10:26:17 +01:00
tcp_states.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
timewait_sock.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tipc.h
tls.h net/tls: Fix flipped sign in tls_err_abort() calls 2021-11-02 19:46:12 +01:00
transp_v6.h ipv6: fold sockcm_cookie into ipcm6_cookie 2018-07-07 10:58:49 +09:00
tso.h
tun_proto.h
udp.h net: multicast: calculate csum of looped-back and forwarded packets 2021-11-17 09:48:21 +01:00
udp_tunnel.h ipv6: Move ipv6 stubs to a separate header file 2019-03-29 10:53:45 -07:00
udplite.h
vsock_addr.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 321 2019-06-05 17:37:05 +02:00
vxlan.h vxlan: add adjacent link to limit depth level 2019-10-24 14:53:49 -07:00
wext.h
wimax.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 268 2019-06-05 17:30:29 +02:00
x25.h
x25device.h
xdp.h xdp: page_pool related fix to cpumap 2019-06-19 11:23:13 -04:00
xdp_priv.h page_pool: do not release pool until inflight == 0. 2019-12-18 16:09:07 +01:00
xdp_sock.h xsk: add support to allow unaligned chunk placement 2019-08-31 01:08:26 +02:00
xfrm.h xfrm: xfrm_state_mtu should return at least 1280 for ipv6 2021-07-14 16:53:26 +02:00