Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1087284pxk; Fri, 25 Sep 2020 06:02:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzv6/aJKCaBiRSjtq4smnBZhwcgagmYx5atjUs0eIpt0dOe6rxJ5xRd0R1Y/y1z3km5cYHK X-Received: by 2002:a17:906:ecf1:: with SMTP id qt17mr2636103ejb.158.1601038969320; Fri, 25 Sep 2020 06:02:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601038969; cv=none; d=google.com; s=arc-20160816; b=HvNIma4ezeP43i9Ws2anLcn/UDxD06o+boIJbbuQ+7RqZVXySI1TFAfIpFPfJsaMIT BaU2rrUSh06LGo2lui6sJoEEvOVr6dcEqRXDgR4DOG0yMWgLS1T+WPgL+dmRvAYSFDQk JqFp3JtRrJ33ZRqPH3PveYH60xNmLld7AAes+vpnGG8d2VN4qGyrqFQg9vrZb7e8fLZk mYHX2c8XTHYHZkqNs/eo51veeazPrBRklsfmTbin+ZUyd5ZydaL+L/pB0RzyBVZkLxTU W8iEdt9ltbMCeJ+l1FZGQa43gVtPwgN69m21+bYVE8ODntCVDlhXgGOmSWKA8Yx/Mn4D Gtdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6c8JCRfr30mzFwezVm/XBA2Yqxq032jXYM9QwDe8u84=; b=X8n7//Q02RScFsndfNhNL5zkIE5CmQOw4lxag4Qlotj3bYjy7ks6nTJ3eSSlPF1dax AK40G+OLIwIFFRwJvn7vtuxaKrIMQF03n/pawf9Yr1I5ZgSGYfTV12p29I/qYF0d7EqE 8V4KK31zeuOqlTJLTKhmFIn7qZHPHBWtyKPvP8XtzKz6sQEVRpcEbkkoqphejd+8FRwu bhaz5AOhUKg7vEKo0IrTT+LssCCepza3Qnx/+wmMVaCMu/4a538WsjDMR5GP+PAKh8sh zdyGMwxXy3COnHIHyPxIZkmtm1PZHEtck9Srvu/hSN14LlOsom9rlK6JmjHbWssafy3E ZEXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=STftMeV0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si1714503edx.502.2020.09.25.06.02.22; Fri, 25 Sep 2020 06:02:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=STftMeV0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729069AbgIYM6f (ORCPT + 99 others); Fri, 25 Sep 2020 08:58:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:52028 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728612AbgIYMsq (ORCPT ); Fri, 25 Sep 2020 08:48:46 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 74B1F21D7A; Fri, 25 Sep 2020 12:48:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601038126; bh=rf/ryMhn1W9pe+dBxy/105C+8nboUxa1uiq39eCG5a0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=STftMeV0USTRqB4/8p9QcE48PKv1/tc7hOqjDOiBkbA+J8bbfoVP61LS88dPLJrvI tDYBwJCH5BB6RQynxV3VVGLHzn+ICptcFht44hv3Dy3c99JgI+GLGFt+/gZY2bQJfx XfNaCDKHN0MyTZeQNEZ8dtI6jF5G0n3oxsUZalqk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kfir Itzhak , David Ahern , "David S. Miller" Subject: [PATCH 5.8 13/56] ipv4: Update exception handling for multipath routes via same device Date: Fri, 25 Sep 2020 14:48:03 +0200 Message-Id: <20200925124729.815379998@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200925124727.878494124@linuxfoundation.org> References: <20200925124727.878494124@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Ahern [ Upstream commit 2fbc6e89b2f1403189e624cabaf73e189c5e50c6 ] Kfir reported that pmtu exceptions are not created properly for deployments where multipath routes use the same device. After some digging I see 2 compounding problems: 1. ip_route_output_key_hash_rcu is updating the flowi4_oif *after* the route lookup. This is the second use case where this has been a problem (the first is related to use of vti devices with VRF). I can not find any reason for the oif to be changed after the lookup; the code goes back to the start of git. It does not seem logical so remove it. 2. fib_lookups for exceptions do not call fib_select_path to handle multipath route selection based on the hash. The end result is that the fib_lookup used to add the exception always creates it based using the first leg of the route. An example topology showing the problem: | host1 +------+ | eth0 | .209 +------+ | +------+ switch | br0 | +------+ | +---------+---------+ | host2 | host3 +------+ +------+ | eth0 | .250 | eth0 | 192.168.252.252 +------+ +------+ +-----+ +-----+ | vti | .2 | vti | 192.168.247.3 +-----+ +-----+ \ / ================================= tunnels 192.168.247.1/24 for h in host1 host2 host3; do ip netns add ${h} ip -netns ${h} link set lo up ip netns exec ${h} sysctl -wq net.ipv4.ip_forward=1 done ip netns add switch ip -netns switch li set lo up ip -netns switch link add br0 type bridge stp 0 ip -netns switch link set br0 up for n in 1 2 3; do ip -netns switch link add eth-sw type veth peer name eth-h${n} ip -netns switch li set eth-h${n} master br0 up ip -netns switch li set eth-sw netns host${n} name eth0 done ip -netns host1 addr add 192.168.252.209/24 dev eth0 ip -netns host1 link set dev eth0 up ip -netns host1 route add 192.168.247.0/24 \ nexthop via 192.168.252.250 dev eth0 nexthop via 192.168.252.252 dev eth0 ip -netns host2 addr add 192.168.252.250/24 dev eth0 ip -netns host2 link set dev eth0 up ip -netns host2 addr add 192.168.252.252/24 dev eth0 ip -netns host3 link set dev eth0 up ip netns add tunnel ip -netns tunnel li set lo up ip -netns tunnel li add br0 type bridge ip -netns tunnel li set br0 up for n in $(seq 11 20); do ip -netns tunnel addr add dev br0 192.168.247.${n}/24 done for n in 2 3 do ip -netns tunnel link add vti${n} type veth peer name eth${n} ip -netns tunnel link set eth${n} mtu 1360 master br0 up ip -netns tunnel link set vti${n} netns host${n} mtu 1360 up ip -netns host${n} addr add dev vti${n} 192.168.247.${n}/24 done ip -netns tunnel ro add default nexthop via 192.168.247.2 nexthop via 192.168.247.3 ip netns exec host1 ping -M do -s 1400 -c3 -I 192.168.252.209 192.168.247.11 ip netns exec host1 ping -M do -s 1400 -c3 -I 192.168.252.209 192.168.247.15 ip -netns host1 ro ls cache Before this patch the cache always shows exceptions against the first leg in the multipath route; 192.168.252.250 per this example. Since the hash has an initial random seed, you may need to vary the final octet more than what is listed. In my tests, using addresses between 11 and 19 usually found 1 that used both legs. With this patch, the cache will have exceptions for both legs. Fixes: 4895c771c7f0 ("ipv4: Add FIB nexthop exceptions") Reported-by: Kfir Itzhak Signed-off-by: David Ahern Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/route.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -786,8 +786,10 @@ static void __ip_do_redirect(struct rtab neigh_event_send(n, NULL); } else { if (fib_lookup(net, fl4, &res, 0) == 0) { - struct fib_nh_common *nhc = FIB_RES_NHC(res); + struct fib_nh_common *nhc; + fib_select_path(net, &res, fl4, skb); + nhc = FIB_RES_NHC(res); update_or_create_fnhe(nhc, fl4->daddr, new_gw, 0, false, jiffies + ip_rt_gc_timeout); @@ -1013,6 +1015,7 @@ out: kfree_skb(skb); static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu) { struct dst_entry *dst = &rt->dst; + struct net *net = dev_net(dst->dev); u32 old_mtu = ipv4_mtu(dst); struct fib_result res; bool lock = false; @@ -1033,9 +1036,11 @@ static void __ip_rt_update_pmtu(struct r return; rcu_read_lock(); - if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) { - struct fib_nh_common *nhc = FIB_RES_NHC(res); + if (fib_lookup(net, fl4, &res, 0) == 0) { + struct fib_nh_common *nhc; + fib_select_path(net, &res, fl4, NULL); + nhc = FIB_RES_NHC(res); update_or_create_fnhe(nhc, fl4->daddr, 0, mtu, lock, jiffies + ip_rt_mtu_expires); } @@ -2663,8 +2668,6 @@ struct rtable *ip_route_output_key_hash_ fib_select_path(net, res, fl4, skb); dev_out = FIB_RES_DEV(*res); - fl4->flowi4_oif = dev_out->ifindex; - make_route: rth = __mkroute_output(res, fl4, orig_oif, dev_out, flags);