• Taehee Yoo's avatar
    vxlan: add adjacent link to limit depth level · 0ce1822c
    Taehee Yoo authored
    Current vxlan code doesn't limit the number of nested devices.
    Nested devices would be handled recursively and this routine needs
    huge stack memory. So, unlimited nested devices could make
    stack overflow.
    
    In order to fix this issue, this patch adds adjacent links.
    The adjacent link APIs internally check the depth level.
    
    Test commands:
        ip link add dummy0 type dummy
        ip link add vxlan0 type vxlan id 0 group 239.1.1.1 dev dummy0 \
    	    dstport 4789
        for i in {1..100}
        do
    	    let A=$i-1
    	    ip link add vxlan$i type vxlan id $i group 239.1.1.1 \
    		    dev vxlan$A dstport 4789
        done
        ip link del dummy0
    
    The top upper link is vxlan100 and the lowest link is vxlan0.
    When vxlan0 is deleting, the upper devices will be deleted recursively.
    It needs huge stack memory so it makes stack overflow.
    
    Splat looks like:
    [  229.628477] =============================================================================
    [  229.629785] BUG page->ptl (Not tainted): Padding overwritten. 0x0000000026abf214-0x0000000091f6abb2
    [  229.629785] -----------------------------------------------------------------------------
    [  229.629785]
    [  229.655439] ==================================================================
    [  229.629785] INFO: Slab 0x00000000ff7cfda8 objects=19 used=19 fp=0x00000000fe33776c flags=0x200000000010200
    [  229.655688] BUG: KASAN: stack-out-of-bounds in unmap_single_vma+0x25a/0x2e0
    [  229.655688] Read of size 8 at addr ffff888113076928 by task vlan-network-in/2334
    [  229.655688]
    [  229.629785] Padding 0000000026abf214: 00 80 14 0d 81 88 ff ff 68 91 81 14 81 88 ff ff  ........h.......
    [  229.629785] Padding 0000000001e24790: 38 91 81 14 81 88 ff ff 68 91 81 14 81 88 ff ff  8.......h.......
    [  229.629785] Padding 00000000b39397c8: 33 30 62 a7 ff ff ff ff ff eb 60 22 10 f1 ff 1f  30b.......`"....
    [  229.629785] Padding 00000000bc98f53a: 80 60 07 13 81 88 ff ff 00 80 14 0d 81 88 ff ff  .`..............
    [  229.629785] Padding 000000002aa8123d: 68 91 81 14 81 88 ff ff f7 21 17 a7 ff ff ff ff  h........!......
    [  229.629785] Padding 000000001c8c2369: 08 81 14 0d 81 88 ff ff 03 02 00 00 00 00 00 00  ................
    [  229.629785] Padding 000000004e290c5d: 21 90 a2 21 10 ed ff ff 00 00 00 00 00 fc ff df  !..!............
    [  229.629785] Padding 000000000e25d731: 18 60 07 13 81 88 ff ff c0 8b 13 05 81 88 ff ff  .`..............
    [  229.629785] Padding 000000007adc7ab3: b3 8a b5 41 00 00 00 00                          ...A....
    [  229.629785] FIX page->ptl: Restoring 0x0000000026abf214-0x0000000091f6abb2=0x5a
    [  ... ]
    
    Fixes: acaf4e70 ("net: vxlan: when lower dev unregisters remove vxlan dev as well")
    Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    0ce1822c
vxlan.c 113 KB