From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6208C433ED for ; Mon, 19 Apr 2021 13:12:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 85C2B613C1 for ; Mon, 19 Apr 2021 13:12:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240083AbhDSNMc (ORCPT ); Mon, 19 Apr 2021 09:12:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:45730 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238492AbhDSNKr (ORCPT ); Mon, 19 Apr 2021 09:10:47 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 48F4C61364; Mon, 19 Apr 2021 13:10:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618837816; bh=rX390SiO/YXKxx4ZKmYe4BkaQu+3j707HAVuSfCyoLs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RjvRlAXPs0B9tno3wAocHYYa84konwO2BVsOzORcG7AEfFukumfVvNNYlOOmjIMN1 qK/cGH3aB0EQY8c62+AgnRXa09l5aX4H/mXb5iu/mRiFovz9cpXDp5S54/cpbeG+oE VEdvMNS6DbA04Hi11ydDwHTgXgk80FkfVRqo0PnY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tong Zhu , "David S. Miller" , Sasha Levin Subject: [PATCH 5.11 029/122] neighbour: Disregard DEAD dst in neigh_update Date: Mon, 19 Apr 2021 15:05:09 +0200 Message-Id: <20210419130531.151963067@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210419130530.166331793@linuxfoundation.org> References: <20210419130530.166331793@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tong Zhu [ Upstream commit d47ec7a0a7271dda08932d6208e4ab65ab0c987c ] After a short network outage, the dst_entry is timed out and put in DST_OBSOLETE_DEAD. We are in this code because arp reply comes from this neighbour after network recovers. There is a potential race condition that dst_entry is still in DST_OBSOLETE_DEAD. With that, another neighbour lookup causes more harm than good. In best case all packets in arp_queue are lost. This is counterproductive to the original goal of finding a better path for those packets. I observed a worst case with 4.x kernel where a dst_entry in DST_OBSOLETE_DEAD state is associated with loopback net_device. It leads to an ethernet header with all zero addresses. A packet with all zero source MAC address is quite deadly with mac80211, ath9k and 802.11 block ack. It fails ieee80211_find_sta_by_ifaddr in ath9k (xmit.c). Ath9k flushes tx queue (ath_tx_complete_aggr). BAW (block ack window) is not updated. BAW logic is damaged and ath9k transmission is disabled. Signed-off-by: Tong Zhu Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/core/neighbour.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 6d2d557442dc..7b413fe907d6 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -1380,7 +1380,7 @@ static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, * we can reinject the packet there. */ n2 = NULL; - if (dst) { + if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { n2 = dst_neigh_lookup_skb(dst, skb); if (n2) n1 = n2; -- 2.30.2