aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorlucien <lucien.xin@gmail.com>2014-11-23 02:04:11 -0500
committerDavid S. Miller <davem@davemloft.net>2014-11-23 21:11:17 -0500
commit20ea60ca9952bd19d4b0d74719daba305aef5178 (patch)
tree8c2b69fc5c19d9721d8454337a9f21ea1bdf7075 /net
parent73112f9b08ddb32c5cdaccda61bd88dfe9baf8b2 (diff)
ip_tunnel: the lack of vti_link_ops' dellink() cause kernel panic
Now the vti_link_ops do not point the .dellink, for fb tunnel device (ip_vti0), the net_device will be removed as the default .dellink is unregister_netdevice_queue,but the tunnel still in the tunnel list, then if we add a new vti tunnel, in ip_tunnel_find(): hlist_for_each_entry_rcu(t, head, hash_node) { if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr && link == t->parms.link && ==> type == t->dev->type && ip_tunnel_key_match(&t->parms, flags, key)) break; } the panic will happen, cause dev of ip_tunnel *t is null: [ 3835.072977] IP: [<ffffffffa04103fd>] ip_tunnel_find+0x9d/0xc0 [ip_tunnel] [ 3835.073008] PGD b2c21067 PUD b7277067 PMD 0 [ 3835.073008] Oops: 0000 [#1] SMP ..... [ 3835.073008] Stack: [ 3835.073008] ffff8800b72d77f0 ffffffffa0411924 ffff8800bb956000 ffff8800b72d78e0 [ 3835.073008] ffff8800b72d78a0 0000000000000000 ffffffffa040d100 ffff8800b72d7858 [ 3835.073008] ffffffffa040b2e3 0000000000000000 0000000000000000 0000000000000000 [ 3835.073008] Call Trace: [ 3835.073008] [<ffffffffa0411924>] ip_tunnel_newlink+0x64/0x160 [ip_tunnel] [ 3835.073008] [<ffffffffa040b2e3>] vti_newlink+0x43/0x70 [ip_vti] [ 3835.073008] [<ffffffff8150d4da>] rtnl_newlink+0x4fa/0x5f0 [ 3835.073008] [<ffffffff812f68bb>] ? nla_strlcpy+0x5b/0x70 [ 3835.073008] [<ffffffff81508fb0>] ? rtnl_link_ops_get+0x40/0x60 [ 3835.073008] [<ffffffff8150d11f>] ? rtnl_newlink+0x13f/0x5f0 [ 3835.073008] [<ffffffff81509cf4>] rtnetlink_rcv_msg+0xa4/0x270 [ 3835.073008] [<ffffffff8126adf5>] ? sock_has_perm+0x75/0x90 [ 3835.073008] [<ffffffff81509c50>] ? rtnetlink_rcv+0x30/0x30 [ 3835.073008] [<ffffffff81529e39>] netlink_rcv_skb+0xa9/0xc0 [ 3835.073008] [<ffffffff81509c48>] rtnetlink_rcv+0x28/0x30 .... modprobe ip_vti ip link del ip_vti0 type vti ip link add ip_vti0 type vti rmmod ip_vti do that one or more times, kernel will panic. fix it by assigning ip_tunnel_dellink to vti_link_ops' dellink, in which we skip the unregister of fb tunnel device. do the same on ip6_vti. Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Cong Wang <cwang@twopensource.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/ip_vti.c1
-rw-r--r--net/ipv6/ip6_vti.c11
2 files changed, 12 insertions, 0 deletions
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 3e861011e4a3..1a7e979e80ba 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -528,6 +528,7 @@ static struct rtnl_link_ops vti_link_ops __read_mostly = {
528 .validate = vti_tunnel_validate, 528 .validate = vti_tunnel_validate,
529 .newlink = vti_newlink, 529 .newlink = vti_newlink,
530 .changelink = vti_changelink, 530 .changelink = vti_changelink,
531 .dellink = ip_tunnel_dellink,
531 .get_size = vti_get_size, 532 .get_size = vti_get_size,
532 .fill_info = vti_fill_info, 533 .fill_info = vti_fill_info,
533}; 534};
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 31089d153fd3..bcda14de7f84 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -905,6 +905,15 @@ static int vti6_newlink(struct net *src_net, struct net_device *dev,
905 return vti6_tnl_create2(dev); 905 return vti6_tnl_create2(dev);
906} 906}
907 907
908static void vti6_dellink(struct net_device *dev, struct list_head *head)
909{
910 struct net *net = dev_net(dev);
911 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
912
913 if (dev != ip6n->fb_tnl_dev)
914 unregister_netdevice_queue(dev, head);
915}
916
908static int vti6_changelink(struct net_device *dev, struct nlattr *tb[], 917static int vti6_changelink(struct net_device *dev, struct nlattr *tb[],
909 struct nlattr *data[]) 918 struct nlattr *data[])
910{ 919{
@@ -980,6 +989,7 @@ static struct rtnl_link_ops vti6_link_ops __read_mostly = {
980 .setup = vti6_dev_setup, 989 .setup = vti6_dev_setup,
981 .validate = vti6_validate, 990 .validate = vti6_validate,
982 .newlink = vti6_newlink, 991 .newlink = vti6_newlink,
992 .dellink = vti6_dellink,
983 .changelink = vti6_changelink, 993 .changelink = vti6_changelink,
984 .get_size = vti6_get_size, 994 .get_size = vti6_get_size,
985 .fill_info = vti6_fill_info, 995 .fill_info = vti6_fill_info,
@@ -1020,6 +1030,7 @@ static int __net_init vti6_init_net(struct net *net)
1020 if (!ip6n->fb_tnl_dev) 1030 if (!ip6n->fb_tnl_dev)
1021 goto err_alloc_dev; 1031 goto err_alloc_dev;
1022 dev_net_set(ip6n->fb_tnl_dev, net); 1032 dev_net_set(ip6n->fb_tnl_dev, net);
1033 ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
1023 1034
1024 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 1035 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
1025 if (err < 0) 1036 if (err < 0)