Bug 31232

Summary: /proc/sys/net/ipv6 has two neigh folders
Product: Networking Reporter: Andreas Sundstrom (sunkan)
Component: IPV6Assignee: Hideaki YOSHIFUJI (yoshfuji)
Status: CLOSED CODE_FIX    
Severity: low CC: alan, florian
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.38 Subsystem:
Regression: No Bisected commit-id:

Description Andreas Sundstrom 2011-03-16 22:06:28 UTC
I noticed when looking for other things that there are two neigh folders in /proc/sys/net/ipv6

Reverting this commit removes the extra neigh folder:
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=bf36076a67db6d7423d09d861a072337866f0dd9

I don't know how to fix this.
I tried removing the ',' on the row '.child = empty,' (looking at the other rows it did seem like a typo to me).

This did not change anything that I could see though.

Here is the commit I believe introduced the bug: 

--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -15,6 +15,8 @@
 #include <net/addrconf.h>
 #include <net/inet_frag.h>
 
+static struct ctl_table empty[1];
+
 static ctl_table ipv6_table_template[] = {
        {
                .procname       = "route",
@@ -35,6 +37,12 @@ static ctl_table ipv6_table_template[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec
        },
+       {
+               .procname       = "neigh",
+               .maxlen         = 0,
+               .mode           = 0555,
+               .child          = empty,
+       },
        { }
 };
 
@@ -152,7 +160,6 @@ static struct ctl_table_header *ip6_base;
 
 int ipv6_static_sysctl_register(void)
 {
-       static struct ctl_table empty[1];
        ip6_base = register_sysctl_paths(net_ipv6_ctl_path, empty);
        if (ip6_base == NULL)
                return -ENOMEM;
Comment 1 Andrew Morton 2011-03-16 22:23:27 UTC
(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Wed, 16 Mar 2011 22:06:34 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=31232
> 
>            Summary: /proc/sys/net/ipv6 has two neigh folders
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 2.6.38
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: low
>           Priority: P1
>          Component: IPV6
>         AssignedTo: yoshfuji@linux-ipv6.org
>         ReportedBy: sunkan@zappa.cx
>         Regression: No
> 
> 
> I noticed when looking for other things that there are two neigh folders in
> /proc/sys/net/ipv6
> 
> Reverting this commit removes the extra neigh folder:
>
> http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=bf36076a67db6d7423d09d861a072337866f0dd9
> 
> I don't know how to fix this.
> I tried removing the ',' on the row '.child = empty,' (looking at the other
> rows it did seem like a typo to me).
> 
> This did not change anything that I could see though.
> 
> Here is the commit I believe introduced the bug: 
> 
> --- a/net/ipv6/sysctl_net_ipv6.c
> +++ b/net/ipv6/sysctl_net_ipv6.c
> @@ -15,6 +15,8 @@
>  #include <net/addrconf.h>
>  #include <net/inet_frag.h>
> 
> +static struct ctl_table empty[1];
> +
>  static ctl_table ipv6_table_template[] = {
>         {
>                 .procname       = "route",
> @@ -35,6 +37,12 @@ static ctl_table ipv6_table_template[] = {
>                 .mode           = 0644,
>                 .proc_handler   = proc_dointvec
>         },
> +       {
> +               .procname       = "neigh",
> +               .maxlen         = 0,
> +               .mode           = 0555,
> +               .child          = empty,
> +       },
>         { }
>  };
> 
> @@ -152,7 +160,6 @@ static struct ctl_table_header *ip6_base;
> 
>  int ipv6_static_sysctl_register(void)
>  {
> -       static struct ctl_table empty[1];
>         ip6_base = register_sysctl_paths(net_ipv6_ctl_path, empty);
>         if (ip6_base == NULL)
>                 return -ENOMEM;
>
Comment 2 Eric W. Biederman 2011-03-17 04:27:28 UTC
Andrew Morton <akpm@linux-foundation.org> writes:

> (switched to email.  Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Wed, 16 Mar 2011 22:06:34 GMT
> bugzilla-daemon@bugzilla.kernel.org wrote:
>
>> https://bugzilla.kernel.org/show_bug.cgi?id=31232
>> 
>>            Summary: /proc/sys/net/ipv6 has two neigh folders
>>            Product: Networking
>>            Version: 2.5
>>     Kernel Version: 2.6.38
>>           Platform: All
>>         OS/Version: Linux
>>               Tree: Mainline
>>             Status: NEW
>>           Severity: low
>>           Priority: P1
>>          Component: IPV6
>>         AssignedTo: yoshfuji@linux-ipv6.org
>>         ReportedBy: sunkan@zappa.cx
>>         Regression: No
>> 
>> 
>> I noticed when looking for other things that there are two neigh folders in
>> /proc/sys/net/ipv6
>> 
>> Reverting this commit removes the extra neigh folder:
>>
>> http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=bf36076a67db6d7423d09d861a072337866f0dd9
>> 
>> I don't know how to fix this.
>> I tried removing the ',' on the row '.child = empty,' (looking at the other
>> rows it did seem like a typo to me).
>> 
>> This did not change anything that I could see though.
>> 
>> Here is the commit I believe introduced the bug: 

Interesting.

This is definitely a bug.  I suspect it may be another symptom of the
bug I was trying to fix.  Something somewhere is messed up with the
neigh directory.

That extra neigh entry should serve as a mount point for any later neigh
entries that are registered, so the change should be fine.

I will see if I can make the time to look into this, as this new symptom
looks as nasty as the use after free problems I was seeing earlier.

Eric


>> --- a/net/ipv6/sysctl_net_ipv6.c
>> +++ b/net/ipv6/sysctl_net_ipv6.c
>> @@ -15,6 +15,8 @@
>>  #include <net/addrconf.h>
>>  #include <net/inet_frag.h>
>> 
>> +static struct ctl_table empty[1];
>> +
>>  static ctl_table ipv6_table_template[] = {
>>         {
>>                 .procname       = "route",
>> @@ -35,6 +37,12 @@ static ctl_table ipv6_table_template[] = {
>>                 .mode           = 0644,
>>                 .proc_handler   = proc_dointvec
>>         },
>> +       {
>> +               .procname       = "neigh",
>> +               .maxlen         = 0,
>> +               .mode           = 0555,
>> +               .child          = empty,
>> +       },
>>         { }
>>  };
>> 
>> @@ -152,7 +160,6 @@ static struct ctl_table_header *ip6_base;
>> 
>>  int ipv6_static_sysctl_register(void)
>>  {
>> -       static struct ctl_table empty[1];
>>         ip6_base = register_sysctl_paths(net_ipv6_ctl_path, empty);
>>         if (ip6_base == NULL)
>>                 return -ENOMEM;
>>
Comment 3 Florian Mickler 2011-03-29 00:09:58 UTC
A patch referencing this bug report has been merged in v2.6.38-8876-g036a982:

commit 9d2a8fa96a44ba242de3a6f56acaef7a40a97b97
Author: Eric W. Biederman <ebiederm@aristanetworks.com>
Date:   Mon Mar 21 18:23:34 2011 -0700

    net ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.