From 64c6f4bbca748c3b2101469a76d88b7cd1c00476 Mon Sep 17 00:00:00 2001 From: David Ahern Date: Wed, 1 May 2019 18:08:34 -0700 Subject: neighbor: Reset gc_entries counter if new entry is released before insert Ian and Alan both reported seeing overflows after upgrades to 5.x kernels: neighbour: arp_cache: neighbor table overflow! Alan's mpls script helped get to the bottom of this bug. When a new entry is created the gc_entries counter is bumped in neigh_alloc to check if a new one is allowed to be created. ___neigh_create then searches for an existing entry before inserting the just allocated one. If an entry already exists, the new one is dropped in favor of the existing one. In this case the cleanup path needs to drop the gc_entries counter. There is no memory leak, only a counter leak. Fixes: 58956317c8d ("neighbor: Improve garbage collection") Reported-by: Ian Kumlien Reported-by: Alan Maguire Signed-off-by: David Ahern Tested-by: Alan Maguire Signed-off-by: David S. Miller --- net/core/neighbour.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net/core') diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 30f6fd8f68e0..aff051e5521d 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -663,6 +663,8 @@ out: out_tbl_unlock: write_unlock_bh(&tbl->lock); out_neigh_release: + if (!exempt_from_gc) + atomic_dec(&tbl->gc_entries); neigh_release(n); goto out; } -- cgit v1.2.3 From 4b2a2bfeb3f056461a90bd621e8bd7d03fa47f60 Mon Sep 17 00:00:00 2001 From: David Ahern Date: Wed, 1 May 2019 18:18:42 -0700 Subject: neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit Commit cd9ff4de0107 changed the key for IFF_POINTOPOINT devices to INADDR_ANY but neigh_xmit which is used for MPLS encapsulations was not updated to use the altered key. The result is that every packet Tx does a lookup on the gateway address which does not find an entry, a new one is created only to find the existing one in the table right before the insert since arp_constructor was updated to reset the primary key. This is seen in the allocs and destroys counters: ip -s -4 ntable show | head -10 | grep alloc which increase for each packet showing the unnecessary overhread. Fix by having neigh_xmit use __ipv4_neigh_lookup_noref for NEIGH_ARP_TABLE. Fixes: cd9ff4de0107 ("ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY") Reported-by: Alan Maguire Signed-off-by: David Ahern Tested-by: Alan Maguire Signed-off-by: David S. Miller --- net/core/neighbour.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'net/core') diff --git a/net/core/neighbour.c b/net/core/neighbour.c index aff051e5521d..9b9da5142613 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -2984,7 +2985,13 @@ int neigh_xmit(int index, struct net_device *dev, if (!tbl) goto out; rcu_read_lock_bh(); - neigh = __neigh_lookup_noref(tbl, addr, dev); + if (index == NEIGH_ARP_TABLE) { + u32 key = *((u32 *)addr); + + neigh = __ipv4_neigh_lookup_noref(dev, key); + } else { + neigh = __neigh_lookup_noref(tbl, addr, dev); + } if (!neigh) neigh = __neigh_create(tbl, addr, dev, false); err = PTR_ERR(neigh); -- cgit v1.2.3