• David Ahern's avatar
    net: vrf: Fix dev refcnt leak due to IPv6 prefix route · 4f7f34ea
    David Ahern authored
    ifupdown2 found a kernel bug with IPv6 routes and movement from the main
    table to the VRF table. Sequence of events:
    
    Create the interface and add addresses:
        ip link add dev eth4.105 link eth4 type vlan id 105
        ip addr add dev eth4.105 8.105.105.10/24
        ip -6 addr add dev eth4.105 2008:105:105::10/64
    
    At this point IPv6 has inserted a prefix route in the main table even
    though the interface is 'down'. From there the VRF device is created:
        ip link add dev vrf105 type vrf table 105
        ip addr add dev vrf105 9.9.105.10/32
        ip -6 addr add dev vrf105 2000:9:105::10/128
        ip link set vrf105 up
    
    Then the interface is enslaved, while still in the 'down' state:
        ip link set dev eth4.105 master vrf105
    
    Since the device is down the VRF driver cycling the device does not
    send the NETDEV_UP and NETDEV_DOWN but rather the NETDEV_CHANGE event
    which does not flush the routes inserted prior.
    
    When the link is brought up
        ip link set dev eth4.105 up
    
    the prefix route is added in the VRF table, but does not remove
    the route from the main table.
    
    Fix by handling the NETDEV_CHANGEUPPER event similar what was implemented
    for IPv4 in 7f49e7a3 ("net: Flush local routes when device changes vrf
    association")
    
    Fixes: 35402e31 ("net: Add IPv6 support to VRF device")
    Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    4f7f34ea
addrconf.c 149 KB