View Issue Details

IDProjectCategoryView StatusLast Update
0007454CentOS-7kernelpublic2015-01-29 01:43
Reporteratzm 
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version7.0-1406 
Target VersionFixed in Version 
Summary0007454: kernel 3.10.0-123.4.4.el7.x86_64 crashes when vxlan interface is created with no group
DescriptionKernel 3.10.0-123.4.4.el7.x86_64 contains a known bug: https://lkml.org/lkml/2014/4/18/172

Note: the vxlan driver in the vanilla kernel 3.10.x series do not support the "multiple default destinations", but 3.10.0-123.4.4.el7 contains this function. Probably it was backported by RHEL.
Steps To Reproducefrom https://lkml.org/lkml/2014/4/18/172 :

---
node A:
$ ip link add dev vxlan42 address 2c:c2:60:00:10:20 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.1/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.2 2c:c2:60:00:01:02
$ bridge fdb add dev vxlan42 to 2c:c2:60:00:01:02 dst <IPv4 address>
$ ping 10.0.0.2

node B:
$ ip link add dev vxlan42 address 2c:c2:60:00:01:02 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.2/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.1 2c:c2:60:00:10:20
---

The last arp command on node B may replace with following command:

---
$ ip nei replace 10.0.0.1 lladdr 2c:c2:60:00:10:20 dev vxlan42
---
TagsNo tags attached.
abrt_hash
URL

Activities

toracat

toracat

2014-08-01 09:59

manager  

centos-linux-3.10-vxlan-fix-crash-when-interface-created-with-no-group-bug7454.patch (1,765 bytes)
centos patch bug #7454

Upstream commit 5933a7bbb5de66482ea8aa874a7ebaf8e67603c4

When vxlan interface is created without explicit group definition, the
default_dst protocol family is initialiazed to AF_UNSPEC and the driver
assumes IPv4 configuration. On the other side, the default_dst protocol
family is used to differentiate between IPv4 and IPv6 cases and, since,
AF_UNSPEC != AF_INET, the processing takes the IPv6 path.

Making the IPv4 assumption explicit by settting default_dst protocol
family to AF_INET4 and preventing mixing of IPv4 and IPv6 addresses in
snooped fdb entries fixes the corner case crashes.

Signed-off-by: Mike Rapoport <mike.rapoport@ravellosystems.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

Applied-by: Akemi Yagi <toracat@centos.org>

--- a/drivers/net/vxlan.c	2014-07-16 10:46:26.000000000 -0700
+++ b/drivers/net/vxlan.c	2014-08-01 02:49:03.000000000 -0700
@@ -878,6 +878,9 @@ static int vxlan_fdb_add(struct ndmsg *n
 	if (err)
 		return err;
 
+	if (vxlan->default_dst.remote_ip.sa.sa_family != ip.sa.sa_family)
+		return -EAFNOSUPPORT;
+
 	spin_lock_bh(&vxlan->hash_lock);
 	err = vxlan_fdb_create(vxlan, addr, &ip, ndm->ndm_state, flags,
 			       port, vni, ifindex, ndm->ndm_flags);
@@ -2493,9 +2496,10 @@ static int vxlan_newlink(struct net *net
 	vni = nla_get_u32(data[IFLA_VXLAN_ID]);
 	dst->remote_vni = vni;
 
+	/* Unless IPv6 is explicitly requested, assume IPv4 */
+	dst->remote_ip.sa.sa_family = AF_INET;
 	if (data[IFLA_VXLAN_GROUP]) {
 		dst->remote_ip.sin.sin_addr.s_addr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
-		dst->remote_ip.sa.sa_family = AF_INET;
 	} else if (data[IFLA_VXLAN_GROUP6]) {
 		if (!IS_ENABLED(CONFIG_IPV6))
 			return -EPFNOSUPPORT;
toracat

toracat

2014-08-01 10:00

manager   ~0020565

centos patch uploaded.
toracat

toracat

2014-08-01 10:03

manager   ~0020566

Because the distro kernel cannot be changed, the patch can only be applied to the centosplus kernel. This will be done in the next kernel update.

Could you please file a bug report upstream at http://bugzilla.redhat.com so that this gets fixed in the distro kernel?
atzm

atzm

2014-08-01 11:36

reporter   ~0020569

Thank you for your quick work.

Sure. I filed a bug report upstream (ID 1125932).
But it seems that is not public currently.
toracat

toracat

2014-08-01 12:01

manager   ~0020570

All kernel-related bug reports become private automatically. Please keep us posted with any progress.
toracat

toracat

2014-08-07 16:01

manager   ~0020610

kernel-plus-3.10.0-123.6.3.el7.centos.plus has been released with the patch.
atzm

atzm

2014-08-08 06:22

reporter   ~0020623

I've tested on kernel-plus-3.10.0-123.6.3.el7.centos.plus, and the bug seems fixed. Thank you!

Also, there is currently no progress on the upstream bugzilla.
toracat

toracat

2014-08-08 07:22

manager   ~0020625

Thanks for reporting back with the update.
atzm

atzm

2014-12-06 14:39

reporter   ~0021872

On the upstream bugzilla, the bug status was changed to DUPLICATE,CLOSED.
The bug was marked as a duplicate of bug 1130643 that I cannot see, so I can no longer track the upstream status.
toracat

toracat

2014-12-06 15:32

manager   ~0021873

That's too bad. But hopefully that means they are now in the process of getting the patch in a future kernel.
toracat

toracat

2015-01-29 01:41

manager   ~0022254

The patch is now in the distro kernel 3.10.0-123.20.1.el7, therefore no longer needs to be added to the plus kernel.

Issue History

Date Modified Username Field Change
2014-08-01 05:41 atzm New Issue
2014-08-01 09:59 toracat File Added: centos-linux-3.10-vxlan-fix-crash-when-interface-created-with-no-group-bug7454.patch
2014-08-01 10:00 toracat Note Added: 0020565
2014-08-01 10:00 toracat Status new => assigned
2014-08-01 10:03 toracat Note Added: 0020566
2014-08-01 11:36 atzm Note Added: 0020569
2014-08-01 12:01 toracat Note Added: 0020570
2014-08-07 16:01 toracat Note Added: 0020610
2014-08-08 06:22 atzm Note Added: 0020623
2014-08-08 07:22 toracat Note Added: 0020625
2014-12-06 14:39 atzm Note Added: 0021872
2014-12-06 15:32 toracat Note Added: 0021873
2015-01-29 01:41 toracat Note Added: 0022254
2015-01-29 01:43 toracat Status assigned => resolved
2015-01-29 01:43 toracat Resolution open => fixed