xref: /openbmc/linux/net/ipv6/ip6_fib.c (revision 91db9311)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux INET6 implementation
4  *	Forwarding Information Database
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  *
9  *	Changes:
10  *	Yuji SEKIYA @USAGI:	Support default route on router node;
11  *				remove ip6_null_entry from the top of
12  *				routing table.
13  *	Ville Nuorvala:		Fixed routing subtrees.
14  */
15 
16 #define pr_fmt(fmt) "IPv6: " fmt
17 
18 #include <linux/errno.h>
19 #include <linux/types.h>
20 #include <linux/net.h>
21 #include <linux/route.h>
22 #include <linux/netdevice.h>
23 #include <linux/in6.h>
24 #include <linux/init.h>
25 #include <linux/list.h>
26 #include <linux/slab.h>
27 
28 #include <net/ip.h>
29 #include <net/ipv6.h>
30 #include <net/ndisc.h>
31 #include <net/addrconf.h>
32 #include <net/lwtunnel.h>
33 #include <net/fib_notifier.h>
34 
35 #include <net/ip6_fib.h>
36 #include <net/ip6_route.h>
37 
38 static struct kmem_cache *fib6_node_kmem __read_mostly;
39 
40 struct fib6_cleaner {
41 	struct fib6_walker w;
42 	struct net *net;
43 	int (*func)(struct fib6_info *, void *arg);
44 	int sernum;
45 	void *arg;
46 	bool skip_notify;
47 };
48 
49 #ifdef CONFIG_IPV6_SUBTREES
50 #define FWS_INIT FWS_S
51 #else
52 #define FWS_INIT FWS_L
53 #endif
54 
55 static struct fib6_info *fib6_find_prefix(struct net *net,
56 					 struct fib6_table *table,
57 					 struct fib6_node *fn);
58 static struct fib6_node *fib6_repair_tree(struct net *net,
59 					  struct fib6_table *table,
60 					  struct fib6_node *fn);
61 static int fib6_walk(struct net *net, struct fib6_walker *w);
62 static int fib6_walk_continue(struct fib6_walker *w);
63 
64 /*
65  *	A routing update causes an increase of the serial number on the
66  *	affected subtree. This allows for cached routes to be asynchronously
67  *	tested when modifications are made to the destination cache as a
68  *	result of redirects, path MTU changes, etc.
69  */
70 
71 static void fib6_gc_timer_cb(struct timer_list *t);
72 
73 #define FOR_WALKERS(net, w) \
74 	list_for_each_entry(w, &(net)->ipv6.fib6_walkers, lh)
75 
76 static void fib6_walker_link(struct net *net, struct fib6_walker *w)
77 {
78 	write_lock_bh(&net->ipv6.fib6_walker_lock);
79 	list_add(&w->lh, &net->ipv6.fib6_walkers);
80 	write_unlock_bh(&net->ipv6.fib6_walker_lock);
81 }
82 
83 static void fib6_walker_unlink(struct net *net, struct fib6_walker *w)
84 {
85 	write_lock_bh(&net->ipv6.fib6_walker_lock);
86 	list_del(&w->lh);
87 	write_unlock_bh(&net->ipv6.fib6_walker_lock);
88 }
89 
90 static int fib6_new_sernum(struct net *net)
91 {
92 	int new, old;
93 
94 	do {
95 		old = atomic_read(&net->ipv6.fib6_sernum);
96 		new = old < INT_MAX ? old + 1 : 1;
97 	} while (atomic_cmpxchg(&net->ipv6.fib6_sernum,
98 				old, new) != old);
99 	return new;
100 }
101 
102 enum {
103 	FIB6_NO_SERNUM_CHANGE = 0,
104 };
105 
106 void fib6_update_sernum(struct net *net, struct fib6_info *f6i)
107 {
108 	struct fib6_node *fn;
109 
110 	fn = rcu_dereference_protected(f6i->fib6_node,
111 			lockdep_is_held(&f6i->fib6_table->tb6_lock));
112 	if (fn)
113 		fn->fn_sernum = fib6_new_sernum(net);
114 }
115 
116 /*
117  *	Auxiliary address test functions for the radix tree.
118  *
119  *	These assume a 32bit processor (although it will work on
120  *	64bit processors)
121  */
122 
123 /*
124  *	test bit
125  */
126 #if defined(__LITTLE_ENDIAN)
127 # define BITOP_BE32_SWIZZLE	(0x1F & ~7)
128 #else
129 # define BITOP_BE32_SWIZZLE	0
130 #endif
131 
132 static __be32 addr_bit_set(const void *token, int fn_bit)
133 {
134 	const __be32 *addr = token;
135 	/*
136 	 * Here,
137 	 *	1 << ((~fn_bit ^ BITOP_BE32_SWIZZLE) & 0x1f)
138 	 * is optimized version of
139 	 *	htonl(1 << ((~fn_bit)&0x1F))
140 	 * See include/asm-generic/bitops/le.h.
141 	 */
142 	return (__force __be32)(1 << ((~fn_bit ^ BITOP_BE32_SWIZZLE) & 0x1f)) &
143 	       addr[fn_bit >> 5];
144 }
145 
146 struct fib6_info *fib6_info_alloc(gfp_t gfp_flags, bool with_fib6_nh)
147 {
148 	struct fib6_info *f6i;
149 	size_t sz = sizeof(*f6i);
150 
151 	if (with_fib6_nh)
152 		sz += sizeof(struct fib6_nh);
153 
154 	f6i = kzalloc(sz, gfp_flags);
155 	if (!f6i)
156 		return NULL;
157 
158 	/* fib6_siblings is a union with nh_list, so this initializes both */
159 	INIT_LIST_HEAD(&f6i->fib6_siblings);
160 	refcount_set(&f6i->fib6_ref, 1);
161 
162 	return f6i;
163 }
164 
165 void fib6_info_destroy_rcu(struct rcu_head *head)
166 {
167 	struct fib6_info *f6i = container_of(head, struct fib6_info, rcu);
168 
169 	WARN_ON(f6i->fib6_node);
170 
171 	if (f6i->nh)
172 		nexthop_put(f6i->nh);
173 	else
174 		fib6_nh_release(f6i->fib6_nh);
175 
176 	ip_fib_metrics_put(f6i->fib6_metrics);
177 	kfree(f6i);
178 }
179 EXPORT_SYMBOL_GPL(fib6_info_destroy_rcu);
180 
181 static struct fib6_node *node_alloc(struct net *net)
182 {
183 	struct fib6_node *fn;
184 
185 	fn = kmem_cache_zalloc(fib6_node_kmem, GFP_ATOMIC);
186 	if (fn)
187 		net->ipv6.rt6_stats->fib_nodes++;
188 
189 	return fn;
190 }
191 
192 static void node_free_immediate(struct net *net, struct fib6_node *fn)
193 {
194 	kmem_cache_free(fib6_node_kmem, fn);
195 	net->ipv6.rt6_stats->fib_nodes--;
196 }
197 
198 static void node_free_rcu(struct rcu_head *head)
199 {
200 	struct fib6_node *fn = container_of(head, struct fib6_node, rcu);
201 
202 	kmem_cache_free(fib6_node_kmem, fn);
203 }
204 
205 static void node_free(struct net *net, struct fib6_node *fn)
206 {
207 	call_rcu(&fn->rcu, node_free_rcu);
208 	net->ipv6.rt6_stats->fib_nodes--;
209 }
210 
211 static void fib6_free_table(struct fib6_table *table)
212 {
213 	inetpeer_invalidate_tree(&table->tb6_peers);
214 	kfree(table);
215 }
216 
217 static void fib6_link_table(struct net *net, struct fib6_table *tb)
218 {
219 	unsigned int h;
220 
221 	/*
222 	 * Initialize table lock at a single place to give lockdep a key,
223 	 * tables aren't visible prior to being linked to the list.
224 	 */
225 	spin_lock_init(&tb->tb6_lock);
226 	h = tb->tb6_id & (FIB6_TABLE_HASHSZ - 1);
227 
228 	/*
229 	 * No protection necessary, this is the only list mutatation
230 	 * operation, tables never disappear once they exist.
231 	 */
232 	hlist_add_head_rcu(&tb->tb6_hlist, &net->ipv6.fib_table_hash[h]);
233 }
234 
235 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
236 
237 static struct fib6_table *fib6_alloc_table(struct net *net, u32 id)
238 {
239 	struct fib6_table *table;
240 
241 	table = kzalloc(sizeof(*table), GFP_ATOMIC);
242 	if (table) {
243 		table->tb6_id = id;
244 		rcu_assign_pointer(table->tb6_root.leaf,
245 				   net->ipv6.fib6_null_entry);
246 		table->tb6_root.fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
247 		inet_peer_base_init(&table->tb6_peers);
248 	}
249 
250 	return table;
251 }
252 
253 struct fib6_table *fib6_new_table(struct net *net, u32 id)
254 {
255 	struct fib6_table *tb;
256 
257 	if (id == 0)
258 		id = RT6_TABLE_MAIN;
259 	tb = fib6_get_table(net, id);
260 	if (tb)
261 		return tb;
262 
263 	tb = fib6_alloc_table(net, id);
264 	if (tb)
265 		fib6_link_table(net, tb);
266 
267 	return tb;
268 }
269 EXPORT_SYMBOL_GPL(fib6_new_table);
270 
271 struct fib6_table *fib6_get_table(struct net *net, u32 id)
272 {
273 	struct fib6_table *tb;
274 	struct hlist_head *head;
275 	unsigned int h;
276 
277 	if (id == 0)
278 		id = RT6_TABLE_MAIN;
279 	h = id & (FIB6_TABLE_HASHSZ - 1);
280 	rcu_read_lock();
281 	head = &net->ipv6.fib_table_hash[h];
282 	hlist_for_each_entry_rcu(tb, head, tb6_hlist) {
283 		if (tb->tb6_id == id) {
284 			rcu_read_unlock();
285 			return tb;
286 		}
287 	}
288 	rcu_read_unlock();
289 
290 	return NULL;
291 }
292 EXPORT_SYMBOL_GPL(fib6_get_table);
293 
294 static void __net_init fib6_tables_init(struct net *net)
295 {
296 	fib6_link_table(net, net->ipv6.fib6_main_tbl);
297 	fib6_link_table(net, net->ipv6.fib6_local_tbl);
298 }
299 #else
300 
301 struct fib6_table *fib6_new_table(struct net *net, u32 id)
302 {
303 	return fib6_get_table(net, id);
304 }
305 
306 struct fib6_table *fib6_get_table(struct net *net, u32 id)
307 {
308 	  return net->ipv6.fib6_main_tbl;
309 }
310 
311 struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6,
312 				   const struct sk_buff *skb,
313 				   int flags, pol_lookup_t lookup)
314 {
315 	struct rt6_info *rt;
316 
317 	rt = lookup(net, net->ipv6.fib6_main_tbl, fl6, skb, flags);
318 	if (rt->dst.error == -EAGAIN) {
319 		ip6_rt_put_flags(rt, flags);
320 		rt = net->ipv6.ip6_null_entry;
321 		if (!(flags | RT6_LOOKUP_F_DST_NOREF))
322 			dst_hold(&rt->dst);
323 	}
324 
325 	return &rt->dst;
326 }
327 
328 /* called with rcu lock held; no reference taken on fib6_info */
329 int fib6_lookup(struct net *net, int oif, struct flowi6 *fl6,
330 		struct fib6_result *res, int flags)
331 {
332 	return fib6_table_lookup(net, net->ipv6.fib6_main_tbl, oif, fl6,
333 				 res, flags);
334 }
335 
336 static void __net_init fib6_tables_init(struct net *net)
337 {
338 	fib6_link_table(net, net->ipv6.fib6_main_tbl);
339 }
340 
341 #endif
342 
343 unsigned int fib6_tables_seq_read(struct net *net)
344 {
345 	unsigned int h, fib_seq = 0;
346 
347 	rcu_read_lock();
348 	for (h = 0; h < FIB6_TABLE_HASHSZ; h++) {
349 		struct hlist_head *head = &net->ipv6.fib_table_hash[h];
350 		struct fib6_table *tb;
351 
352 		hlist_for_each_entry_rcu(tb, head, tb6_hlist)
353 			fib_seq += tb->fib_seq;
354 	}
355 	rcu_read_unlock();
356 
357 	return fib_seq;
358 }
359 
360 static int call_fib6_entry_notifier(struct notifier_block *nb, struct net *net,
361 				    enum fib_event_type event_type,
362 				    struct fib6_info *rt)
363 {
364 	struct fib6_entry_notifier_info info = {
365 		.rt = rt,
366 	};
367 
368 	return call_fib6_notifier(nb, net, event_type, &info.info);
369 }
370 
371 int call_fib6_entry_notifiers(struct net *net,
372 			      enum fib_event_type event_type,
373 			      struct fib6_info *rt,
374 			      struct netlink_ext_ack *extack)
375 {
376 	struct fib6_entry_notifier_info info = {
377 		.info.extack = extack,
378 		.rt = rt,
379 	};
380 
381 	rt->fib6_table->fib_seq++;
382 	return call_fib6_notifiers(net, event_type, &info.info);
383 }
384 
385 int call_fib6_multipath_entry_notifiers(struct net *net,
386 					enum fib_event_type event_type,
387 					struct fib6_info *rt,
388 					unsigned int nsiblings,
389 					struct netlink_ext_ack *extack)
390 {
391 	struct fib6_entry_notifier_info info = {
392 		.info.extack = extack,
393 		.rt = rt,
394 		.nsiblings = nsiblings,
395 	};
396 
397 	rt->fib6_table->fib_seq++;
398 	return call_fib6_notifiers(net, event_type, &info.info);
399 }
400 
401 struct fib6_dump_arg {
402 	struct net *net;
403 	struct notifier_block *nb;
404 };
405 
406 static void fib6_rt_dump(struct fib6_info *rt, struct fib6_dump_arg *arg)
407 {
408 	if (rt == arg->net->ipv6.fib6_null_entry)
409 		return;
410 	call_fib6_entry_notifier(arg->nb, arg->net, FIB_EVENT_ENTRY_ADD, rt);
411 }
412 
413 static int fib6_node_dump(struct fib6_walker *w)
414 {
415 	struct fib6_info *rt;
416 
417 	for_each_fib6_walker_rt(w)
418 		fib6_rt_dump(rt, w->args);
419 	w->leaf = NULL;
420 	return 0;
421 }
422 
423 static void fib6_table_dump(struct net *net, struct fib6_table *tb,
424 			    struct fib6_walker *w)
425 {
426 	w->root = &tb->tb6_root;
427 	spin_lock_bh(&tb->tb6_lock);
428 	fib6_walk(net, w);
429 	spin_unlock_bh(&tb->tb6_lock);
430 }
431 
432 /* Called with rcu_read_lock() */
433 int fib6_tables_dump(struct net *net, struct notifier_block *nb)
434 {
435 	struct fib6_dump_arg arg;
436 	struct fib6_walker *w;
437 	unsigned int h;
438 
439 	w = kzalloc(sizeof(*w), GFP_ATOMIC);
440 	if (!w)
441 		return -ENOMEM;
442 
443 	w->func = fib6_node_dump;
444 	arg.net = net;
445 	arg.nb = nb;
446 	w->args = &arg;
447 
448 	for (h = 0; h < FIB6_TABLE_HASHSZ; h++) {
449 		struct hlist_head *head = &net->ipv6.fib_table_hash[h];
450 		struct fib6_table *tb;
451 
452 		hlist_for_each_entry_rcu(tb, head, tb6_hlist)
453 			fib6_table_dump(net, tb, w);
454 	}
455 
456 	kfree(w);
457 
458 	return 0;
459 }
460 
461 static int fib6_dump_node(struct fib6_walker *w)
462 {
463 	int res;
464 	struct fib6_info *rt;
465 
466 	for_each_fib6_walker_rt(w) {
467 		res = rt6_dump_route(rt, w->args, w->skip_in_node);
468 		if (res >= 0) {
469 			/* Frame is full, suspend walking */
470 			w->leaf = rt;
471 
472 			/* We'll restart from this node, so if some routes were
473 			 * already dumped, skip them next time.
474 			 */
475 			w->skip_in_node += res;
476 
477 			return 1;
478 		}
479 		w->skip_in_node = 0;
480 
481 		/* Multipath routes are dumped in one route with the
482 		 * RTA_MULTIPATH attribute. Jump 'rt' to point to the
483 		 * last sibling of this route (no need to dump the
484 		 * sibling routes again)
485 		 */
486 		if (rt->fib6_nsiblings)
487 			rt = list_last_entry(&rt->fib6_siblings,
488 					     struct fib6_info,
489 					     fib6_siblings);
490 	}
491 	w->leaf = NULL;
492 	return 0;
493 }
494 
495 static void fib6_dump_end(struct netlink_callback *cb)
496 {
497 	struct net *net = sock_net(cb->skb->sk);
498 	struct fib6_walker *w = (void *)cb->args[2];
499 
500 	if (w) {
501 		if (cb->args[4]) {
502 			cb->args[4] = 0;
503 			fib6_walker_unlink(net, w);
504 		}
505 		cb->args[2] = 0;
506 		kfree(w);
507 	}
508 	cb->done = (void *)cb->args[3];
509 	cb->args[1] = 3;
510 }
511 
512 static int fib6_dump_done(struct netlink_callback *cb)
513 {
514 	fib6_dump_end(cb);
515 	return cb->done ? cb->done(cb) : 0;
516 }
517 
518 static int fib6_dump_table(struct fib6_table *table, struct sk_buff *skb,
519 			   struct netlink_callback *cb)
520 {
521 	struct net *net = sock_net(skb->sk);
522 	struct fib6_walker *w;
523 	int res;
524 
525 	w = (void *)cb->args[2];
526 	w->root = &table->tb6_root;
527 
528 	if (cb->args[4] == 0) {
529 		w->count = 0;
530 		w->skip = 0;
531 		w->skip_in_node = 0;
532 
533 		spin_lock_bh(&table->tb6_lock);
534 		res = fib6_walk(net, w);
535 		spin_unlock_bh(&table->tb6_lock);
536 		if (res > 0) {
537 			cb->args[4] = 1;
538 			cb->args[5] = w->root->fn_sernum;
539 		}
540 	} else {
541 		if (cb->args[5] != w->root->fn_sernum) {
542 			/* Begin at the root if the tree changed */
543 			cb->args[5] = w->root->fn_sernum;
544 			w->state = FWS_INIT;
545 			w->node = w->root;
546 			w->skip = w->count;
547 			w->skip_in_node = 0;
548 		} else
549 			w->skip = 0;
550 
551 		spin_lock_bh(&table->tb6_lock);
552 		res = fib6_walk_continue(w);
553 		spin_unlock_bh(&table->tb6_lock);
554 		if (res <= 0) {
555 			fib6_walker_unlink(net, w);
556 			cb->args[4] = 0;
557 		}
558 	}
559 
560 	return res;
561 }
562 
563 static int inet6_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
564 {
565 	struct rt6_rtnl_dump_arg arg = { .filter.dump_exceptions = true,
566 					 .filter.dump_routes = true };
567 	const struct nlmsghdr *nlh = cb->nlh;
568 	struct net *net = sock_net(skb->sk);
569 	unsigned int h, s_h;
570 	unsigned int e = 0, s_e;
571 	struct fib6_walker *w;
572 	struct fib6_table *tb;
573 	struct hlist_head *head;
574 	int res = 0;
575 
576 	if (cb->strict_check) {
577 		int err;
578 
579 		err = ip_valid_fib_dump_req(net, nlh, &arg.filter, cb);
580 		if (err < 0)
581 			return err;
582 	} else if (nlmsg_len(nlh) >= sizeof(struct rtmsg)) {
583 		struct rtmsg *rtm = nlmsg_data(nlh);
584 
585 		if (rtm->rtm_flags & RTM_F_PREFIX)
586 			arg.filter.flags = RTM_F_PREFIX;
587 	}
588 
589 	w = (void *)cb->args[2];
590 	if (!w) {
591 		/* New dump:
592 		 *
593 		 * 1. hook callback destructor.
594 		 */
595 		cb->args[3] = (long)cb->done;
596 		cb->done = fib6_dump_done;
597 
598 		/*
599 		 * 2. allocate and initialize walker.
600 		 */
601 		w = kzalloc(sizeof(*w), GFP_ATOMIC);
602 		if (!w)
603 			return -ENOMEM;
604 		w->func = fib6_dump_node;
605 		cb->args[2] = (long)w;
606 	}
607 
608 	arg.skb = skb;
609 	arg.cb = cb;
610 	arg.net = net;
611 	w->args = &arg;
612 
613 	if (arg.filter.table_id) {
614 		tb = fib6_get_table(net, arg.filter.table_id);
615 		if (!tb) {
616 			if (arg.filter.dump_all_families)
617 				goto out;
618 
619 			NL_SET_ERR_MSG_MOD(cb->extack, "FIB table does not exist");
620 			return -ENOENT;
621 		}
622 
623 		if (!cb->args[0]) {
624 			res = fib6_dump_table(tb, skb, cb);
625 			if (!res)
626 				cb->args[0] = 1;
627 		}
628 		goto out;
629 	}
630 
631 	s_h = cb->args[0];
632 	s_e = cb->args[1];
633 
634 	rcu_read_lock();
635 	for (h = s_h; h < FIB6_TABLE_HASHSZ; h++, s_e = 0) {
636 		e = 0;
637 		head = &net->ipv6.fib_table_hash[h];
638 		hlist_for_each_entry_rcu(tb, head, tb6_hlist) {
639 			if (e < s_e)
640 				goto next;
641 			res = fib6_dump_table(tb, skb, cb);
642 			if (res != 0)
643 				goto out_unlock;
644 next:
645 			e++;
646 		}
647 	}
648 out_unlock:
649 	rcu_read_unlock();
650 	cb->args[1] = e;
651 	cb->args[0] = h;
652 out:
653 	res = res < 0 ? res : skb->len;
654 	if (res <= 0)
655 		fib6_dump_end(cb);
656 	return res;
657 }
658 
659 void fib6_metric_set(struct fib6_info *f6i, int metric, u32 val)
660 {
661 	if (!f6i)
662 		return;
663 
664 	if (f6i->fib6_metrics == &dst_default_metrics) {
665 		struct dst_metrics *p = kzalloc(sizeof(*p), GFP_ATOMIC);
666 
667 		if (!p)
668 			return;
669 
670 		refcount_set(&p->refcnt, 1);
671 		f6i->fib6_metrics = p;
672 	}
673 
674 	f6i->fib6_metrics->metrics[metric - 1] = val;
675 }
676 
677 /*
678  *	Routing Table
679  *
680  *	return the appropriate node for a routing tree "add" operation
681  *	by either creating and inserting or by returning an existing
682  *	node.
683  */
684 
685 static struct fib6_node *fib6_add_1(struct net *net,
686 				    struct fib6_table *table,
687 				    struct fib6_node *root,
688 				    struct in6_addr *addr, int plen,
689 				    int offset, int allow_create,
690 				    int replace_required,
691 				    struct netlink_ext_ack *extack)
692 {
693 	struct fib6_node *fn, *in, *ln;
694 	struct fib6_node *pn = NULL;
695 	struct rt6key *key;
696 	int	bit;
697 	__be32	dir = 0;
698 
699 	RT6_TRACE("fib6_add_1\n");
700 
701 	/* insert node in tree */
702 
703 	fn = root;
704 
705 	do {
706 		struct fib6_info *leaf = rcu_dereference_protected(fn->leaf,
707 					    lockdep_is_held(&table->tb6_lock));
708 		key = (struct rt6key *)((u8 *)leaf + offset);
709 
710 		/*
711 		 *	Prefix match
712 		 */
713 		if (plen < fn->fn_bit ||
714 		    !ipv6_prefix_equal(&key->addr, addr, fn->fn_bit)) {
715 			if (!allow_create) {
716 				if (replace_required) {
717 					NL_SET_ERR_MSG(extack,
718 						       "Can not replace route - no match found");
719 					pr_warn("Can't replace route, no match found\n");
720 					return ERR_PTR(-ENOENT);
721 				}
722 				pr_warn("NLM_F_CREATE should be set when creating new route\n");
723 			}
724 			goto insert_above;
725 		}
726 
727 		/*
728 		 *	Exact match ?
729 		 */
730 
731 		if (plen == fn->fn_bit) {
732 			/* clean up an intermediate node */
733 			if (!(fn->fn_flags & RTN_RTINFO)) {
734 				RCU_INIT_POINTER(fn->leaf, NULL);
735 				fib6_info_release(leaf);
736 			/* remove null_entry in the root node */
737 			} else if (fn->fn_flags & RTN_TL_ROOT &&
738 				   rcu_access_pointer(fn->leaf) ==
739 				   net->ipv6.fib6_null_entry) {
740 				RCU_INIT_POINTER(fn->leaf, NULL);
741 			}
742 
743 			return fn;
744 		}
745 
746 		/*
747 		 *	We have more bits to go
748 		 */
749 
750 		/* Try to walk down on tree. */
751 		dir = addr_bit_set(addr, fn->fn_bit);
752 		pn = fn;
753 		fn = dir ?
754 		     rcu_dereference_protected(fn->right,
755 					lockdep_is_held(&table->tb6_lock)) :
756 		     rcu_dereference_protected(fn->left,
757 					lockdep_is_held(&table->tb6_lock));
758 	} while (fn);
759 
760 	if (!allow_create) {
761 		/* We should not create new node because
762 		 * NLM_F_REPLACE was specified without NLM_F_CREATE
763 		 * I assume it is safe to require NLM_F_CREATE when
764 		 * REPLACE flag is used! Later we may want to remove the
765 		 * check for replace_required, because according
766 		 * to netlink specification, NLM_F_CREATE
767 		 * MUST be specified if new route is created.
768 		 * That would keep IPv6 consistent with IPv4
769 		 */
770 		if (replace_required) {
771 			NL_SET_ERR_MSG(extack,
772 				       "Can not replace route - no match found");
773 			pr_warn("Can't replace route, no match found\n");
774 			return ERR_PTR(-ENOENT);
775 		}
776 		pr_warn("NLM_F_CREATE should be set when creating new route\n");
777 	}
778 	/*
779 	 *	We walked to the bottom of tree.
780 	 *	Create new leaf node without children.
781 	 */
782 
783 	ln = node_alloc(net);
784 
785 	if (!ln)
786 		return ERR_PTR(-ENOMEM);
787 	ln->fn_bit = plen;
788 	RCU_INIT_POINTER(ln->parent, pn);
789 
790 	if (dir)
791 		rcu_assign_pointer(pn->right, ln);
792 	else
793 		rcu_assign_pointer(pn->left, ln);
794 
795 	return ln;
796 
797 
798 insert_above:
799 	/*
800 	 * split since we don't have a common prefix anymore or
801 	 * we have a less significant route.
802 	 * we've to insert an intermediate node on the list
803 	 * this new node will point to the one we need to create
804 	 * and the current
805 	 */
806 
807 	pn = rcu_dereference_protected(fn->parent,
808 				       lockdep_is_held(&table->tb6_lock));
809 
810 	/* find 1st bit in difference between the 2 addrs.
811 
812 	   See comment in __ipv6_addr_diff: bit may be an invalid value,
813 	   but if it is >= plen, the value is ignored in any case.
814 	 */
815 
816 	bit = __ipv6_addr_diff(addr, &key->addr, sizeof(*addr));
817 
818 	/*
819 	 *		(intermediate)[in]
820 	 *	          /	   \
821 	 *	(new leaf node)[ln] (old node)[fn]
822 	 */
823 	if (plen > bit) {
824 		in = node_alloc(net);
825 		ln = node_alloc(net);
826 
827 		if (!in || !ln) {
828 			if (in)
829 				node_free_immediate(net, in);
830 			if (ln)
831 				node_free_immediate(net, ln);
832 			return ERR_PTR(-ENOMEM);
833 		}
834 
835 		/*
836 		 * new intermediate node.
837 		 * RTN_RTINFO will
838 		 * be off since that an address that chooses one of
839 		 * the branches would not match less specific routes
840 		 * in the other branch
841 		 */
842 
843 		in->fn_bit = bit;
844 
845 		RCU_INIT_POINTER(in->parent, pn);
846 		in->leaf = fn->leaf;
847 		fib6_info_hold(rcu_dereference_protected(in->leaf,
848 				lockdep_is_held(&table->tb6_lock)));
849 
850 		/* update parent pointer */
851 		if (dir)
852 			rcu_assign_pointer(pn->right, in);
853 		else
854 			rcu_assign_pointer(pn->left, in);
855 
856 		ln->fn_bit = plen;
857 
858 		RCU_INIT_POINTER(ln->parent, in);
859 		rcu_assign_pointer(fn->parent, in);
860 
861 		if (addr_bit_set(addr, bit)) {
862 			rcu_assign_pointer(in->right, ln);
863 			rcu_assign_pointer(in->left, fn);
864 		} else {
865 			rcu_assign_pointer(in->left, ln);
866 			rcu_assign_pointer(in->right, fn);
867 		}
868 	} else { /* plen <= bit */
869 
870 		/*
871 		 *		(new leaf node)[ln]
872 		 *	          /	   \
873 		 *	     (old node)[fn] NULL
874 		 */
875 
876 		ln = node_alloc(net);
877 
878 		if (!ln)
879 			return ERR_PTR(-ENOMEM);
880 
881 		ln->fn_bit = plen;
882 
883 		RCU_INIT_POINTER(ln->parent, pn);
884 
885 		if (addr_bit_set(&key->addr, plen))
886 			RCU_INIT_POINTER(ln->right, fn);
887 		else
888 			RCU_INIT_POINTER(ln->left, fn);
889 
890 		rcu_assign_pointer(fn->parent, ln);
891 
892 		if (dir)
893 			rcu_assign_pointer(pn->right, ln);
894 		else
895 			rcu_assign_pointer(pn->left, ln);
896 	}
897 	return ln;
898 }
899 
900 static void __fib6_drop_pcpu_from(struct fib6_nh *fib6_nh,
901 				  const struct fib6_info *match,
902 				  const struct fib6_table *table)
903 {
904 	int cpu;
905 
906 	if (!fib6_nh->rt6i_pcpu)
907 		return;
908 
909 	/* release the reference to this fib entry from
910 	 * all of its cached pcpu routes
911 	 */
912 	for_each_possible_cpu(cpu) {
913 		struct rt6_info **ppcpu_rt;
914 		struct rt6_info *pcpu_rt;
915 
916 		ppcpu_rt = per_cpu_ptr(fib6_nh->rt6i_pcpu, cpu);
917 		pcpu_rt = *ppcpu_rt;
918 
919 		/* only dropping the 'from' reference if the cached route
920 		 * is using 'match'. The cached pcpu_rt->from only changes
921 		 * from a fib6_info to NULL (ip6_dst_destroy); it can never
922 		 * change from one fib6_info reference to another
923 		 */
924 		if (pcpu_rt && rcu_access_pointer(pcpu_rt->from) == match) {
925 			struct fib6_info *from;
926 
927 			from = xchg((__force struct fib6_info **)&pcpu_rt->from, NULL);
928 			fib6_info_release(from);
929 		}
930 	}
931 }
932 
933 struct fib6_nh_pcpu_arg {
934 	struct fib6_info	*from;
935 	const struct fib6_table *table;
936 };
937 
938 static int fib6_nh_drop_pcpu_from(struct fib6_nh *nh, void *_arg)
939 {
940 	struct fib6_nh_pcpu_arg *arg = _arg;
941 
942 	__fib6_drop_pcpu_from(nh, arg->from, arg->table);
943 	return 0;
944 }
945 
946 static void fib6_drop_pcpu_from(struct fib6_info *f6i,
947 				const struct fib6_table *table)
948 {
949 	/* Make sure rt6_make_pcpu_route() wont add other percpu routes
950 	 * while we are cleaning them here.
951 	 */
952 	f6i->fib6_destroying = 1;
953 	mb(); /* paired with the cmpxchg() in rt6_make_pcpu_route() */
954 
955 	if (f6i->nh) {
956 		struct fib6_nh_pcpu_arg arg = {
957 			.from = f6i,
958 			.table = table
959 		};
960 
961 		nexthop_for_each_fib6_nh(f6i->nh, fib6_nh_drop_pcpu_from,
962 					 &arg);
963 	} else {
964 		struct fib6_nh *fib6_nh;
965 
966 		fib6_nh = f6i->fib6_nh;
967 		__fib6_drop_pcpu_from(fib6_nh, f6i, table);
968 	}
969 }
970 
971 static void fib6_purge_rt(struct fib6_info *rt, struct fib6_node *fn,
972 			  struct net *net)
973 {
974 	struct fib6_table *table = rt->fib6_table;
975 
976 	fib6_drop_pcpu_from(rt, table);
977 
978 	if (rt->nh && !list_empty(&rt->nh_list))
979 		list_del_init(&rt->nh_list);
980 
981 	if (refcount_read(&rt->fib6_ref) != 1) {
982 		/* This route is used as dummy address holder in some split
983 		 * nodes. It is not leaked, but it still holds other resources,
984 		 * which must be released in time. So, scan ascendant nodes
985 		 * and replace dummy references to this route with references
986 		 * to still alive ones.
987 		 */
988 		while (fn) {
989 			struct fib6_info *leaf = rcu_dereference_protected(fn->leaf,
990 					    lockdep_is_held(&table->tb6_lock));
991 			struct fib6_info *new_leaf;
992 			if (!(fn->fn_flags & RTN_RTINFO) && leaf == rt) {
993 				new_leaf = fib6_find_prefix(net, table, fn);
994 				fib6_info_hold(new_leaf);
995 
996 				rcu_assign_pointer(fn->leaf, new_leaf);
997 				fib6_info_release(rt);
998 			}
999 			fn = rcu_dereference_protected(fn->parent,
1000 				    lockdep_is_held(&table->tb6_lock));
1001 		}
1002 	}
1003 }
1004 
1005 /*
1006  *	Insert routing information in a node.
1007  */
1008 
1009 static int fib6_add_rt2node(struct fib6_node *fn, struct fib6_info *rt,
1010 			    struct nl_info *info,
1011 			    struct netlink_ext_ack *extack)
1012 {
1013 	struct fib6_info *leaf = rcu_dereference_protected(fn->leaf,
1014 				    lockdep_is_held(&rt->fib6_table->tb6_lock));
1015 	struct fib6_info *iter = NULL;
1016 	struct fib6_info __rcu **ins;
1017 	struct fib6_info __rcu **fallback_ins = NULL;
1018 	int replace = (info->nlh &&
1019 		       (info->nlh->nlmsg_flags & NLM_F_REPLACE));
1020 	int add = (!info->nlh ||
1021 		   (info->nlh->nlmsg_flags & NLM_F_CREATE));
1022 	int found = 0;
1023 	bool rt_can_ecmp = rt6_qualify_for_ecmp(rt);
1024 	u16 nlflags = NLM_F_EXCL;
1025 	int err;
1026 
1027 	if (info->nlh && (info->nlh->nlmsg_flags & NLM_F_APPEND))
1028 		nlflags |= NLM_F_APPEND;
1029 
1030 	ins = &fn->leaf;
1031 
1032 	for (iter = leaf; iter;
1033 	     iter = rcu_dereference_protected(iter->fib6_next,
1034 				lockdep_is_held(&rt->fib6_table->tb6_lock))) {
1035 		/*
1036 		 *	Search for duplicates
1037 		 */
1038 
1039 		if (iter->fib6_metric == rt->fib6_metric) {
1040 			/*
1041 			 *	Same priority level
1042 			 */
1043 			if (info->nlh &&
1044 			    (info->nlh->nlmsg_flags & NLM_F_EXCL))
1045 				return -EEXIST;
1046 
1047 			nlflags &= ~NLM_F_EXCL;
1048 			if (replace) {
1049 				if (rt_can_ecmp == rt6_qualify_for_ecmp(iter)) {
1050 					found++;
1051 					break;
1052 				}
1053 				if (rt_can_ecmp)
1054 					fallback_ins = fallback_ins ?: ins;
1055 				goto next_iter;
1056 			}
1057 
1058 			if (rt6_duplicate_nexthop(iter, rt)) {
1059 				if (rt->fib6_nsiblings)
1060 					rt->fib6_nsiblings = 0;
1061 				if (!(iter->fib6_flags & RTF_EXPIRES))
1062 					return -EEXIST;
1063 				if (!(rt->fib6_flags & RTF_EXPIRES))
1064 					fib6_clean_expires(iter);
1065 				else
1066 					fib6_set_expires(iter, rt->expires);
1067 
1068 				if (rt->fib6_pmtu)
1069 					fib6_metric_set(iter, RTAX_MTU,
1070 							rt->fib6_pmtu);
1071 				return -EEXIST;
1072 			}
1073 			/* If we have the same destination and the same metric,
1074 			 * but not the same gateway, then the route we try to
1075 			 * add is sibling to this route, increment our counter
1076 			 * of siblings, and later we will add our route to the
1077 			 * list.
1078 			 * Only static routes (which don't have flag
1079 			 * RTF_EXPIRES) are used for ECMPv6.
1080 			 *
1081 			 * To avoid long list, we only had siblings if the
1082 			 * route have a gateway.
1083 			 */
1084 			if (rt_can_ecmp &&
1085 			    rt6_qualify_for_ecmp(iter))
1086 				rt->fib6_nsiblings++;
1087 		}
1088 
1089 		if (iter->fib6_metric > rt->fib6_metric)
1090 			break;
1091 
1092 next_iter:
1093 		ins = &iter->fib6_next;
1094 	}
1095 
1096 	if (fallback_ins && !found) {
1097 		/* No ECMP-able route found, replace first non-ECMP one */
1098 		ins = fallback_ins;
1099 		iter = rcu_dereference_protected(*ins,
1100 				    lockdep_is_held(&rt->fib6_table->tb6_lock));
1101 		found++;
1102 	}
1103 
1104 	/* Reset round-robin state, if necessary */
1105 	if (ins == &fn->leaf)
1106 		fn->rr_ptr = NULL;
1107 
1108 	/* Link this route to others same route. */
1109 	if (rt->fib6_nsiblings) {
1110 		unsigned int fib6_nsiblings;
1111 		struct fib6_info *sibling, *temp_sibling;
1112 
1113 		/* Find the first route that have the same metric */
1114 		sibling = leaf;
1115 		while (sibling) {
1116 			if (sibling->fib6_metric == rt->fib6_metric &&
1117 			    rt6_qualify_for_ecmp(sibling)) {
1118 				list_add_tail(&rt->fib6_siblings,
1119 					      &sibling->fib6_siblings);
1120 				break;
1121 			}
1122 			sibling = rcu_dereference_protected(sibling->fib6_next,
1123 				    lockdep_is_held(&rt->fib6_table->tb6_lock));
1124 		}
1125 		/* For each sibling in the list, increment the counter of
1126 		 * siblings. BUG() if counters does not match, list of siblings
1127 		 * is broken!
1128 		 */
1129 		fib6_nsiblings = 0;
1130 		list_for_each_entry_safe(sibling, temp_sibling,
1131 					 &rt->fib6_siblings, fib6_siblings) {
1132 			sibling->fib6_nsiblings++;
1133 			BUG_ON(sibling->fib6_nsiblings != rt->fib6_nsiblings);
1134 			fib6_nsiblings++;
1135 		}
1136 		BUG_ON(fib6_nsiblings != rt->fib6_nsiblings);
1137 		rt6_multipath_rebalance(temp_sibling);
1138 	}
1139 
1140 	/*
1141 	 *	insert node
1142 	 */
1143 	if (!replace) {
1144 		if (!add)
1145 			pr_warn("NLM_F_CREATE should be set when creating new route\n");
1146 
1147 add:
1148 		nlflags |= NLM_F_CREATE;
1149 
1150 		if (!info->skip_notify_kernel) {
1151 			err = call_fib6_entry_notifiers(info->nl_net,
1152 							FIB_EVENT_ENTRY_ADD,
1153 							rt, extack);
1154 			if (err) {
1155 				struct fib6_info *sibling, *next_sibling;
1156 
1157 				/* If the route has siblings, then it first
1158 				 * needs to be unlinked from them.
1159 				 */
1160 				if (!rt->fib6_nsiblings)
1161 					return err;
1162 
1163 				list_for_each_entry_safe(sibling, next_sibling,
1164 							 &rt->fib6_siblings,
1165 							 fib6_siblings)
1166 					sibling->fib6_nsiblings--;
1167 				rt->fib6_nsiblings = 0;
1168 				list_del_init(&rt->fib6_siblings);
1169 				rt6_multipath_rebalance(next_sibling);
1170 				return err;
1171 			}
1172 		}
1173 
1174 		rcu_assign_pointer(rt->fib6_next, iter);
1175 		fib6_info_hold(rt);
1176 		rcu_assign_pointer(rt->fib6_node, fn);
1177 		rcu_assign_pointer(*ins, rt);
1178 		if (!info->skip_notify)
1179 			inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags);
1180 		info->nl_net->ipv6.rt6_stats->fib_rt_entries++;
1181 
1182 		if (!(fn->fn_flags & RTN_RTINFO)) {
1183 			info->nl_net->ipv6.rt6_stats->fib_route_nodes++;
1184 			fn->fn_flags |= RTN_RTINFO;
1185 		}
1186 
1187 	} else {
1188 		int nsiblings;
1189 
1190 		if (!found) {
1191 			if (add)
1192 				goto add;
1193 			pr_warn("NLM_F_REPLACE set, but no existing node found!\n");
1194 			return -ENOENT;
1195 		}
1196 
1197 		if (!info->skip_notify_kernel) {
1198 			err = call_fib6_entry_notifiers(info->nl_net,
1199 							FIB_EVENT_ENTRY_REPLACE,
1200 							rt, extack);
1201 			if (err)
1202 				return err;
1203 		}
1204 
1205 		fib6_info_hold(rt);
1206 		rcu_assign_pointer(rt->fib6_node, fn);
1207 		rt->fib6_next = iter->fib6_next;
1208 		rcu_assign_pointer(*ins, rt);
1209 		if (!info->skip_notify)
1210 			inet6_rt_notify(RTM_NEWROUTE, rt, info, NLM_F_REPLACE);
1211 		if (!(fn->fn_flags & RTN_RTINFO)) {
1212 			info->nl_net->ipv6.rt6_stats->fib_route_nodes++;
1213 			fn->fn_flags |= RTN_RTINFO;
1214 		}
1215 		nsiblings = iter->fib6_nsiblings;
1216 		iter->fib6_node = NULL;
1217 		fib6_purge_rt(iter, fn, info->nl_net);
1218 		if (rcu_access_pointer(fn->rr_ptr) == iter)
1219 			fn->rr_ptr = NULL;
1220 		fib6_info_release(iter);
1221 
1222 		if (nsiblings) {
1223 			/* Replacing an ECMP route, remove all siblings */
1224 			ins = &rt->fib6_next;
1225 			iter = rcu_dereference_protected(*ins,
1226 				    lockdep_is_held(&rt->fib6_table->tb6_lock));
1227 			while (iter) {
1228 				if (iter->fib6_metric > rt->fib6_metric)
1229 					break;
1230 				if (rt6_qualify_for_ecmp(iter)) {
1231 					*ins = iter->fib6_next;
1232 					iter->fib6_node = NULL;
1233 					fib6_purge_rt(iter, fn, info->nl_net);
1234 					if (rcu_access_pointer(fn->rr_ptr) == iter)
1235 						fn->rr_ptr = NULL;
1236 					fib6_info_release(iter);
1237 					nsiblings--;
1238 					info->nl_net->ipv6.rt6_stats->fib_rt_entries--;
1239 				} else {
1240 					ins = &iter->fib6_next;
1241 				}
1242 				iter = rcu_dereference_protected(*ins,
1243 					lockdep_is_held(&rt->fib6_table->tb6_lock));
1244 			}
1245 			WARN_ON(nsiblings != 0);
1246 		}
1247 	}
1248 
1249 	return 0;
1250 }
1251 
1252 static void fib6_start_gc(struct net *net, struct fib6_info *rt)
1253 {
1254 	if (!timer_pending(&net->ipv6.ip6_fib_timer) &&
1255 	    (rt->fib6_flags & RTF_EXPIRES))
1256 		mod_timer(&net->ipv6.ip6_fib_timer,
1257 			  jiffies + net->ipv6.sysctl.ip6_rt_gc_interval);
1258 }
1259 
1260 void fib6_force_start_gc(struct net *net)
1261 {
1262 	if (!timer_pending(&net->ipv6.ip6_fib_timer))
1263 		mod_timer(&net->ipv6.ip6_fib_timer,
1264 			  jiffies + net->ipv6.sysctl.ip6_rt_gc_interval);
1265 }
1266 
1267 static void __fib6_update_sernum_upto_root(struct fib6_info *rt,
1268 					   int sernum)
1269 {
1270 	struct fib6_node *fn = rcu_dereference_protected(rt->fib6_node,
1271 				lockdep_is_held(&rt->fib6_table->tb6_lock));
1272 
1273 	/* paired with smp_rmb() in rt6_get_cookie_safe() */
1274 	smp_wmb();
1275 	while (fn) {
1276 		fn->fn_sernum = sernum;
1277 		fn = rcu_dereference_protected(fn->parent,
1278 				lockdep_is_held(&rt->fib6_table->tb6_lock));
1279 	}
1280 }
1281 
1282 void fib6_update_sernum_upto_root(struct net *net, struct fib6_info *rt)
1283 {
1284 	__fib6_update_sernum_upto_root(rt, fib6_new_sernum(net));
1285 }
1286 
1287 /* allow ipv4 to update sernum via ipv6_stub */
1288 void fib6_update_sernum_stub(struct net *net, struct fib6_info *f6i)
1289 {
1290 	spin_lock_bh(&f6i->fib6_table->tb6_lock);
1291 	fib6_update_sernum_upto_root(net, f6i);
1292 	spin_unlock_bh(&f6i->fib6_table->tb6_lock);
1293 }
1294 
1295 /*
1296  *	Add routing information to the routing tree.
1297  *	<destination addr>/<source addr>
1298  *	with source addr info in sub-trees
1299  *	Need to own table->tb6_lock
1300  */
1301 
1302 int fib6_add(struct fib6_node *root, struct fib6_info *rt,
1303 	     struct nl_info *info, struct netlink_ext_ack *extack)
1304 {
1305 	struct fib6_table *table = rt->fib6_table;
1306 	struct fib6_node *fn, *pn = NULL;
1307 	int err = -ENOMEM;
1308 	int allow_create = 1;
1309 	int replace_required = 0;
1310 	int sernum = fib6_new_sernum(info->nl_net);
1311 
1312 	if (info->nlh) {
1313 		if (!(info->nlh->nlmsg_flags & NLM_F_CREATE))
1314 			allow_create = 0;
1315 		if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
1316 			replace_required = 1;
1317 	}
1318 	if (!allow_create && !replace_required)
1319 		pr_warn("RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE\n");
1320 
1321 	fn = fib6_add_1(info->nl_net, table, root,
1322 			&rt->fib6_dst.addr, rt->fib6_dst.plen,
1323 			offsetof(struct fib6_info, fib6_dst), allow_create,
1324 			replace_required, extack);
1325 	if (IS_ERR(fn)) {
1326 		err = PTR_ERR(fn);
1327 		fn = NULL;
1328 		goto out;
1329 	}
1330 
1331 	pn = fn;
1332 
1333 #ifdef CONFIG_IPV6_SUBTREES
1334 	if (rt->fib6_src.plen) {
1335 		struct fib6_node *sn;
1336 
1337 		if (!rcu_access_pointer(fn->subtree)) {
1338 			struct fib6_node *sfn;
1339 
1340 			/*
1341 			 * Create subtree.
1342 			 *
1343 			 *		fn[main tree]
1344 			 *		|
1345 			 *		sfn[subtree root]
1346 			 *		   \
1347 			 *		    sn[new leaf node]
1348 			 */
1349 
1350 			/* Create subtree root node */
1351 			sfn = node_alloc(info->nl_net);
1352 			if (!sfn)
1353 				goto failure;
1354 
1355 			fib6_info_hold(info->nl_net->ipv6.fib6_null_entry);
1356 			rcu_assign_pointer(sfn->leaf,
1357 					   info->nl_net->ipv6.fib6_null_entry);
1358 			sfn->fn_flags = RTN_ROOT;
1359 
1360 			/* Now add the first leaf node to new subtree */
1361 
1362 			sn = fib6_add_1(info->nl_net, table, sfn,
1363 					&rt->fib6_src.addr, rt->fib6_src.plen,
1364 					offsetof(struct fib6_info, fib6_src),
1365 					allow_create, replace_required, extack);
1366 
1367 			if (IS_ERR(sn)) {
1368 				/* If it is failed, discard just allocated
1369 				   root, and then (in failure) stale node
1370 				   in main tree.
1371 				 */
1372 				node_free_immediate(info->nl_net, sfn);
1373 				err = PTR_ERR(sn);
1374 				goto failure;
1375 			}
1376 
1377 			/* Now link new subtree to main tree */
1378 			rcu_assign_pointer(sfn->parent, fn);
1379 			rcu_assign_pointer(fn->subtree, sfn);
1380 		} else {
1381 			sn = fib6_add_1(info->nl_net, table, FIB6_SUBTREE(fn),
1382 					&rt->fib6_src.addr, rt->fib6_src.plen,
1383 					offsetof(struct fib6_info, fib6_src),
1384 					allow_create, replace_required, extack);
1385 
1386 			if (IS_ERR(sn)) {
1387 				err = PTR_ERR(sn);
1388 				goto failure;
1389 			}
1390 		}
1391 
1392 		if (!rcu_access_pointer(fn->leaf)) {
1393 			if (fn->fn_flags & RTN_TL_ROOT) {
1394 				/* put back null_entry for root node */
1395 				rcu_assign_pointer(fn->leaf,
1396 					    info->nl_net->ipv6.fib6_null_entry);
1397 			} else {
1398 				fib6_info_hold(rt);
1399 				rcu_assign_pointer(fn->leaf, rt);
1400 			}
1401 		}
1402 		fn = sn;
1403 	}
1404 #endif
1405 
1406 	err = fib6_add_rt2node(fn, rt, info, extack);
1407 	if (!err) {
1408 		if (rt->nh)
1409 			list_add(&rt->nh_list, &rt->nh->f6i_list);
1410 		__fib6_update_sernum_upto_root(rt, sernum);
1411 		fib6_start_gc(info->nl_net, rt);
1412 	}
1413 
1414 out:
1415 	if (err) {
1416 #ifdef CONFIG_IPV6_SUBTREES
1417 		/*
1418 		 * If fib6_add_1 has cleared the old leaf pointer in the
1419 		 * super-tree leaf node we have to find a new one for it.
1420 		 */
1421 		if (pn != fn) {
1422 			struct fib6_info *pn_leaf =
1423 				rcu_dereference_protected(pn->leaf,
1424 				    lockdep_is_held(&table->tb6_lock));
1425 			if (pn_leaf == rt) {
1426 				pn_leaf = NULL;
1427 				RCU_INIT_POINTER(pn->leaf, NULL);
1428 				fib6_info_release(rt);
1429 			}
1430 			if (!pn_leaf && !(pn->fn_flags & RTN_RTINFO)) {
1431 				pn_leaf = fib6_find_prefix(info->nl_net, table,
1432 							   pn);
1433 #if RT6_DEBUG >= 2
1434 				if (!pn_leaf) {
1435 					WARN_ON(!pn_leaf);
1436 					pn_leaf =
1437 					    info->nl_net->ipv6.fib6_null_entry;
1438 				}
1439 #endif
1440 				fib6_info_hold(pn_leaf);
1441 				rcu_assign_pointer(pn->leaf, pn_leaf);
1442 			}
1443 		}
1444 #endif
1445 		goto failure;
1446 	}
1447 	return err;
1448 
1449 failure:
1450 	/* fn->leaf could be NULL and fib6_repair_tree() needs to be called if:
1451 	 * 1. fn is an intermediate node and we failed to add the new
1452 	 * route to it in both subtree creation failure and fib6_add_rt2node()
1453 	 * failure case.
1454 	 * 2. fn is the root node in the table and we fail to add the first
1455 	 * default route to it.
1456 	 */
1457 	if (fn &&
1458 	    (!(fn->fn_flags & (RTN_RTINFO|RTN_ROOT)) ||
1459 	     (fn->fn_flags & RTN_TL_ROOT &&
1460 	      !rcu_access_pointer(fn->leaf))))
1461 		fib6_repair_tree(info->nl_net, table, fn);
1462 	return err;
1463 }
1464 
1465 /*
1466  *	Routing tree lookup
1467  *
1468  */
1469 
1470 struct lookup_args {
1471 	int			offset;		/* key offset on fib6_info */
1472 	const struct in6_addr	*addr;		/* search key			*/
1473 };
1474 
1475 static struct fib6_node *fib6_node_lookup_1(struct fib6_node *root,
1476 					    struct lookup_args *args)
1477 {
1478 	struct fib6_node *fn;
1479 	__be32 dir;
1480 
1481 	if (unlikely(args->offset == 0))
1482 		return NULL;
1483 
1484 	/*
1485 	 *	Descend on a tree
1486 	 */
1487 
1488 	fn = root;
1489 
1490 	for (;;) {
1491 		struct fib6_node *next;
1492 
1493 		dir = addr_bit_set(args->addr, fn->fn_bit);
1494 
1495 		next = dir ? rcu_dereference(fn->right) :
1496 			     rcu_dereference(fn->left);
1497 
1498 		if (next) {
1499 			fn = next;
1500 			continue;
1501 		}
1502 		break;
1503 	}
1504 
1505 	while (fn) {
1506 		struct fib6_node *subtree = FIB6_SUBTREE(fn);
1507 
1508 		if (subtree || fn->fn_flags & RTN_RTINFO) {
1509 			struct fib6_info *leaf = rcu_dereference(fn->leaf);
1510 			struct rt6key *key;
1511 
1512 			if (!leaf)
1513 				goto backtrack;
1514 
1515 			key = (struct rt6key *) ((u8 *)leaf + args->offset);
1516 
1517 			if (ipv6_prefix_equal(&key->addr, args->addr, key->plen)) {
1518 #ifdef CONFIG_IPV6_SUBTREES
1519 				if (subtree) {
1520 					struct fib6_node *sfn;
1521 					sfn = fib6_node_lookup_1(subtree,
1522 								 args + 1);
1523 					if (!sfn)
1524 						goto backtrack;
1525 					fn = sfn;
1526 				}
1527 #endif
1528 				if (fn->fn_flags & RTN_RTINFO)
1529 					return fn;
1530 			}
1531 		}
1532 backtrack:
1533 		if (fn->fn_flags & RTN_ROOT)
1534 			break;
1535 
1536 		fn = rcu_dereference(fn->parent);
1537 	}
1538 
1539 	return NULL;
1540 }
1541 
1542 /* called with rcu_read_lock() held
1543  */
1544 struct fib6_node *fib6_node_lookup(struct fib6_node *root,
1545 				   const struct in6_addr *daddr,
1546 				   const struct in6_addr *saddr)
1547 {
1548 	struct fib6_node *fn;
1549 	struct lookup_args args[] = {
1550 		{
1551 			.offset = offsetof(struct fib6_info, fib6_dst),
1552 			.addr = daddr,
1553 		},
1554 #ifdef CONFIG_IPV6_SUBTREES
1555 		{
1556 			.offset = offsetof(struct fib6_info, fib6_src),
1557 			.addr = saddr,
1558 		},
1559 #endif
1560 		{
1561 			.offset = 0,	/* sentinel */
1562 		}
1563 	};
1564 
1565 	fn = fib6_node_lookup_1(root, daddr ? args : args + 1);
1566 	if (!fn || fn->fn_flags & RTN_TL_ROOT)
1567 		fn = root;
1568 
1569 	return fn;
1570 }
1571 
1572 /*
1573  *	Get node with specified destination prefix (and source prefix,
1574  *	if subtrees are used)
1575  *	exact_match == true means we try to find fn with exact match of
1576  *	the passed in prefix addr
1577  *	exact_match == false means we try to find fn with longest prefix
1578  *	match of the passed in prefix addr. This is useful for finding fn
1579  *	for cached route as it will be stored in the exception table under
1580  *	the node with longest prefix length.
1581  */
1582 
1583 
1584 static struct fib6_node *fib6_locate_1(struct fib6_node *root,
1585 				       const struct in6_addr *addr,
1586 				       int plen, int offset,
1587 				       bool exact_match)
1588 {
1589 	struct fib6_node *fn, *prev = NULL;
1590 
1591 	for (fn = root; fn ; ) {
1592 		struct fib6_info *leaf = rcu_dereference(fn->leaf);
1593 		struct rt6key *key;
1594 
1595 		/* This node is being deleted */
1596 		if (!leaf) {
1597 			if (plen <= fn->fn_bit)
1598 				goto out;
1599 			else
1600 				goto next;
1601 		}
1602 
1603 		key = (struct rt6key *)((u8 *)leaf + offset);
1604 
1605 		/*
1606 		 *	Prefix match
1607 		 */
1608 		if (plen < fn->fn_bit ||
1609 		    !ipv6_prefix_equal(&key->addr, addr, fn->fn_bit))
1610 			goto out;
1611 
1612 		if (plen == fn->fn_bit)
1613 			return fn;
1614 
1615 		if (fn->fn_flags & RTN_RTINFO)
1616 			prev = fn;
1617 
1618 next:
1619 		/*
1620 		 *	We have more bits to go
1621 		 */
1622 		if (addr_bit_set(addr, fn->fn_bit))
1623 			fn = rcu_dereference(fn->right);
1624 		else
1625 			fn = rcu_dereference(fn->left);
1626 	}
1627 out:
1628 	if (exact_match)
1629 		return NULL;
1630 	else
1631 		return prev;
1632 }
1633 
1634 struct fib6_node *fib6_locate(struct fib6_node *root,
1635 			      const struct in6_addr *daddr, int dst_len,
1636 			      const struct in6_addr *saddr, int src_len,
1637 			      bool exact_match)
1638 {
1639 	struct fib6_node *fn;
1640 
1641 	fn = fib6_locate_1(root, daddr, dst_len,
1642 			   offsetof(struct fib6_info, fib6_dst),
1643 			   exact_match);
1644 
1645 #ifdef CONFIG_IPV6_SUBTREES
1646 	if (src_len) {
1647 		WARN_ON(saddr == NULL);
1648 		if (fn) {
1649 			struct fib6_node *subtree = FIB6_SUBTREE(fn);
1650 
1651 			if (subtree) {
1652 				fn = fib6_locate_1(subtree, saddr, src_len,
1653 					   offsetof(struct fib6_info, fib6_src),
1654 					   exact_match);
1655 			}
1656 		}
1657 	}
1658 #endif
1659 
1660 	if (fn && fn->fn_flags & RTN_RTINFO)
1661 		return fn;
1662 
1663 	return NULL;
1664 }
1665 
1666 
1667 /*
1668  *	Deletion
1669  *
1670  */
1671 
1672 static struct fib6_info *fib6_find_prefix(struct net *net,
1673 					 struct fib6_table *table,
1674 					 struct fib6_node *fn)
1675 {
1676 	struct fib6_node *child_left, *child_right;
1677 
1678 	if (fn->fn_flags & RTN_ROOT)
1679 		return net->ipv6.fib6_null_entry;
1680 
1681 	while (fn) {
1682 		child_left = rcu_dereference_protected(fn->left,
1683 				    lockdep_is_held(&table->tb6_lock));
1684 		child_right = rcu_dereference_protected(fn->right,
1685 				    lockdep_is_held(&table->tb6_lock));
1686 		if (child_left)
1687 			return rcu_dereference_protected(child_left->leaf,
1688 					lockdep_is_held(&table->tb6_lock));
1689 		if (child_right)
1690 			return rcu_dereference_protected(child_right->leaf,
1691 					lockdep_is_held(&table->tb6_lock));
1692 
1693 		fn = FIB6_SUBTREE(fn);
1694 	}
1695 	return NULL;
1696 }
1697 
1698 /*
1699  *	Called to trim the tree of intermediate nodes when possible. "fn"
1700  *	is the node we want to try and remove.
1701  *	Need to own table->tb6_lock
1702  */
1703 
1704 static struct fib6_node *fib6_repair_tree(struct net *net,
1705 					  struct fib6_table *table,
1706 					  struct fib6_node *fn)
1707 {
1708 	int children;
1709 	int nstate;
1710 	struct fib6_node *child;
1711 	struct fib6_walker *w;
1712 	int iter = 0;
1713 
1714 	/* Set fn->leaf to null_entry for root node. */
1715 	if (fn->fn_flags & RTN_TL_ROOT) {
1716 		rcu_assign_pointer(fn->leaf, net->ipv6.fib6_null_entry);
1717 		return fn;
1718 	}
1719 
1720 	for (;;) {
1721 		struct fib6_node *fn_r = rcu_dereference_protected(fn->right,
1722 					    lockdep_is_held(&table->tb6_lock));
1723 		struct fib6_node *fn_l = rcu_dereference_protected(fn->left,
1724 					    lockdep_is_held(&table->tb6_lock));
1725 		struct fib6_node *pn = rcu_dereference_protected(fn->parent,
1726 					    lockdep_is_held(&table->tb6_lock));
1727 		struct fib6_node *pn_r = rcu_dereference_protected(pn->right,
1728 					    lockdep_is_held(&table->tb6_lock));
1729 		struct fib6_node *pn_l = rcu_dereference_protected(pn->left,
1730 					    lockdep_is_held(&table->tb6_lock));
1731 		struct fib6_info *fn_leaf = rcu_dereference_protected(fn->leaf,
1732 					    lockdep_is_held(&table->tb6_lock));
1733 		struct fib6_info *pn_leaf = rcu_dereference_protected(pn->leaf,
1734 					    lockdep_is_held(&table->tb6_lock));
1735 		struct fib6_info *new_fn_leaf;
1736 
1737 		RT6_TRACE("fixing tree: plen=%d iter=%d\n", fn->fn_bit, iter);
1738 		iter++;
1739 
1740 		WARN_ON(fn->fn_flags & RTN_RTINFO);
1741 		WARN_ON(fn->fn_flags & RTN_TL_ROOT);
1742 		WARN_ON(fn_leaf);
1743 
1744 		children = 0;
1745 		child = NULL;
1746 		if (fn_r)
1747 			child = fn_r, children |= 1;
1748 		if (fn_l)
1749 			child = fn_l, children |= 2;
1750 
1751 		if (children == 3 || FIB6_SUBTREE(fn)
1752 #ifdef CONFIG_IPV6_SUBTREES
1753 		    /* Subtree root (i.e. fn) may have one child */
1754 		    || (children && fn->fn_flags & RTN_ROOT)
1755 #endif
1756 		    ) {
1757 			new_fn_leaf = fib6_find_prefix(net, table, fn);
1758 #if RT6_DEBUG >= 2
1759 			if (!new_fn_leaf) {
1760 				WARN_ON(!new_fn_leaf);
1761 				new_fn_leaf = net->ipv6.fib6_null_entry;
1762 			}
1763 #endif
1764 			fib6_info_hold(new_fn_leaf);
1765 			rcu_assign_pointer(fn->leaf, new_fn_leaf);
1766 			return pn;
1767 		}
1768 
1769 #ifdef CONFIG_IPV6_SUBTREES
1770 		if (FIB6_SUBTREE(pn) == fn) {
1771 			WARN_ON(!(fn->fn_flags & RTN_ROOT));
1772 			RCU_INIT_POINTER(pn->subtree, NULL);
1773 			nstate = FWS_L;
1774 		} else {
1775 			WARN_ON(fn->fn_flags & RTN_ROOT);
1776 #endif
1777 			if (pn_r == fn)
1778 				rcu_assign_pointer(pn->right, child);
1779 			else if (pn_l == fn)
1780 				rcu_assign_pointer(pn->left, child);
1781 #if RT6_DEBUG >= 2
1782 			else
1783 				WARN_ON(1);
1784 #endif
1785 			if (child)
1786 				rcu_assign_pointer(child->parent, pn);
1787 			nstate = FWS_R;
1788 #ifdef CONFIG_IPV6_SUBTREES
1789 		}
1790 #endif
1791 
1792 		read_lock(&net->ipv6.fib6_walker_lock);
1793 		FOR_WALKERS(net, w) {
1794 			if (!child) {
1795 				if (w->node == fn) {
1796 					RT6_TRACE("W %p adjusted by delnode 1, s=%d/%d\n", w, w->state, nstate);
1797 					w->node = pn;
1798 					w->state = nstate;
1799 				}
1800 			} else {
1801 				if (w->node == fn) {
1802 					w->node = child;
1803 					if (children&2) {
1804 						RT6_TRACE("W %p adjusted by delnode 2, s=%d\n", w, w->state);
1805 						w->state = w->state >= FWS_R ? FWS_U : FWS_INIT;
1806 					} else {
1807 						RT6_TRACE("W %p adjusted by delnode 2, s=%d\n", w, w->state);
1808 						w->state = w->state >= FWS_C ? FWS_U : FWS_INIT;
1809 					}
1810 				}
1811 			}
1812 		}
1813 		read_unlock(&net->ipv6.fib6_walker_lock);
1814 
1815 		node_free(net, fn);
1816 		if (pn->fn_flags & RTN_RTINFO || FIB6_SUBTREE(pn))
1817 			return pn;
1818 
1819 		RCU_INIT_POINTER(pn->leaf, NULL);
1820 		fib6_info_release(pn_leaf);
1821 		fn = pn;
1822 	}
1823 }
1824 
1825 static void fib6_del_route(struct fib6_table *table, struct fib6_node *fn,
1826 			   struct fib6_info __rcu **rtp, struct nl_info *info)
1827 {
1828 	struct fib6_walker *w;
1829 	struct fib6_info *rt = rcu_dereference_protected(*rtp,
1830 				    lockdep_is_held(&table->tb6_lock));
1831 	struct net *net = info->nl_net;
1832 
1833 	RT6_TRACE("fib6_del_route\n");
1834 
1835 	/* Unlink it */
1836 	*rtp = rt->fib6_next;
1837 	rt->fib6_node = NULL;
1838 	net->ipv6.rt6_stats->fib_rt_entries--;
1839 	net->ipv6.rt6_stats->fib_discarded_routes++;
1840 
1841 	/* Flush all cached dst in exception table */
1842 	rt6_flush_exceptions(rt);
1843 
1844 	/* Reset round-robin state, if necessary */
1845 	if (rcu_access_pointer(fn->rr_ptr) == rt)
1846 		fn->rr_ptr = NULL;
1847 
1848 	/* Remove this entry from other siblings */
1849 	if (rt->fib6_nsiblings) {
1850 		struct fib6_info *sibling, *next_sibling;
1851 
1852 		list_for_each_entry_safe(sibling, next_sibling,
1853 					 &rt->fib6_siblings, fib6_siblings)
1854 			sibling->fib6_nsiblings--;
1855 		rt->fib6_nsiblings = 0;
1856 		list_del_init(&rt->fib6_siblings);
1857 		rt6_multipath_rebalance(next_sibling);
1858 	}
1859 
1860 	/* Adjust walkers */
1861 	read_lock(&net->ipv6.fib6_walker_lock);
1862 	FOR_WALKERS(net, w) {
1863 		if (w->state == FWS_C && w->leaf == rt) {
1864 			RT6_TRACE("walker %p adjusted by delroute\n", w);
1865 			w->leaf = rcu_dereference_protected(rt->fib6_next,
1866 					    lockdep_is_held(&table->tb6_lock));
1867 			if (!w->leaf)
1868 				w->state = FWS_U;
1869 		}
1870 	}
1871 	read_unlock(&net->ipv6.fib6_walker_lock);
1872 
1873 	/* If it was last route, call fib6_repair_tree() to:
1874 	 * 1. For root node, put back null_entry as how the table was created.
1875 	 * 2. For other nodes, expunge its radix tree node.
1876 	 */
1877 	if (!rcu_access_pointer(fn->leaf)) {
1878 		if (!(fn->fn_flags & RTN_TL_ROOT)) {
1879 			fn->fn_flags &= ~RTN_RTINFO;
1880 			net->ipv6.rt6_stats->fib_route_nodes--;
1881 		}
1882 		fn = fib6_repair_tree(net, table, fn);
1883 	}
1884 
1885 	fib6_purge_rt(rt, fn, net);
1886 
1887 	if (!info->skip_notify_kernel)
1888 		call_fib6_entry_notifiers(net, FIB_EVENT_ENTRY_DEL, rt, NULL);
1889 	if (!info->skip_notify)
1890 		inet6_rt_notify(RTM_DELROUTE, rt, info, 0);
1891 
1892 	fib6_info_release(rt);
1893 }
1894 
1895 /* Need to own table->tb6_lock */
1896 int fib6_del(struct fib6_info *rt, struct nl_info *info)
1897 {
1898 	struct fib6_node *fn = rcu_dereference_protected(rt->fib6_node,
1899 				    lockdep_is_held(&rt->fib6_table->tb6_lock));
1900 	struct fib6_table *table = rt->fib6_table;
1901 	struct net *net = info->nl_net;
1902 	struct fib6_info __rcu **rtp;
1903 	struct fib6_info __rcu **rtp_next;
1904 
1905 	if (!fn || rt == net->ipv6.fib6_null_entry)
1906 		return -ENOENT;
1907 
1908 	WARN_ON(!(fn->fn_flags & RTN_RTINFO));
1909 
1910 	/*
1911 	 *	Walk the leaf entries looking for ourself
1912 	 */
1913 
1914 	for (rtp = &fn->leaf; *rtp; rtp = rtp_next) {
1915 		struct fib6_info *cur = rcu_dereference_protected(*rtp,
1916 					lockdep_is_held(&table->tb6_lock));
1917 		if (rt == cur) {
1918 			fib6_del_route(table, fn, rtp, info);
1919 			return 0;
1920 		}
1921 		rtp_next = &cur->fib6_next;
1922 	}
1923 	return -ENOENT;
1924 }
1925 
1926 /*
1927  *	Tree traversal function.
1928  *
1929  *	Certainly, it is not interrupt safe.
1930  *	However, it is internally reenterable wrt itself and fib6_add/fib6_del.
1931  *	It means, that we can modify tree during walking
1932  *	and use this function for garbage collection, clone pruning,
1933  *	cleaning tree when a device goes down etc. etc.
1934  *
1935  *	It guarantees that every node will be traversed,
1936  *	and that it will be traversed only once.
1937  *
1938  *	Callback function w->func may return:
1939  *	0 -> continue walking.
1940  *	positive value -> walking is suspended (used by tree dumps,
1941  *	and probably by gc, if it will be split to several slices)
1942  *	negative value -> terminate walking.
1943  *
1944  *	The function itself returns:
1945  *	0   -> walk is complete.
1946  *	>0  -> walk is incomplete (i.e. suspended)
1947  *	<0  -> walk is terminated by an error.
1948  *
1949  *	This function is called with tb6_lock held.
1950  */
1951 
1952 static int fib6_walk_continue(struct fib6_walker *w)
1953 {
1954 	struct fib6_node *fn, *pn, *left, *right;
1955 
1956 	/* w->root should always be table->tb6_root */
1957 	WARN_ON_ONCE(!(w->root->fn_flags & RTN_TL_ROOT));
1958 
1959 	for (;;) {
1960 		fn = w->node;
1961 		if (!fn)
1962 			return 0;
1963 
1964 		switch (w->state) {
1965 #ifdef CONFIG_IPV6_SUBTREES
1966 		case FWS_S:
1967 			if (FIB6_SUBTREE(fn)) {
1968 				w->node = FIB6_SUBTREE(fn);
1969 				continue;
1970 			}
1971 			w->state = FWS_L;
1972 #endif
1973 			/* fall through */
1974 		case FWS_L:
1975 			left = rcu_dereference_protected(fn->left, 1);
1976 			if (left) {
1977 				w->node = left;
1978 				w->state = FWS_INIT;
1979 				continue;
1980 			}
1981 			w->state = FWS_R;
1982 			/* fall through */
1983 		case FWS_R:
1984 			right = rcu_dereference_protected(fn->right, 1);
1985 			if (right) {
1986 				w->node = right;
1987 				w->state = FWS_INIT;
1988 				continue;
1989 			}
1990 			w->state = FWS_C;
1991 			w->leaf = rcu_dereference_protected(fn->leaf, 1);
1992 			/* fall through */
1993 		case FWS_C:
1994 			if (w->leaf && fn->fn_flags & RTN_RTINFO) {
1995 				int err;
1996 
1997 				if (w->skip) {
1998 					w->skip--;
1999 					goto skip;
2000 				}
2001 
2002 				err = w->func(w);
2003 				if (err)
2004 					return err;
2005 
2006 				w->count++;
2007 				continue;
2008 			}
2009 skip:
2010 			w->state = FWS_U;
2011 			/* fall through */
2012 		case FWS_U:
2013 			if (fn == w->root)
2014 				return 0;
2015 			pn = rcu_dereference_protected(fn->parent, 1);
2016 			left = rcu_dereference_protected(pn->left, 1);
2017 			right = rcu_dereference_protected(pn->right, 1);
2018 			w->node = pn;
2019 #ifdef CONFIG_IPV6_SUBTREES
2020 			if (FIB6_SUBTREE(pn) == fn) {
2021 				WARN_ON(!(fn->fn_flags & RTN_ROOT));
2022 				w->state = FWS_L;
2023 				continue;
2024 			}
2025 #endif
2026 			if (left == fn) {
2027 				w->state = FWS_R;
2028 				continue;
2029 			}
2030 			if (right == fn) {
2031 				w->state = FWS_C;
2032 				w->leaf = rcu_dereference_protected(w->node->leaf, 1);
2033 				continue;
2034 			}
2035 #if RT6_DEBUG >= 2
2036 			WARN_ON(1);
2037 #endif
2038 		}
2039 	}
2040 }
2041 
2042 static int fib6_walk(struct net *net, struct fib6_walker *w)
2043 {
2044 	int res;
2045 
2046 	w->state = FWS_INIT;
2047 	w->node = w->root;
2048 
2049 	fib6_walker_link(net, w);
2050 	res = fib6_walk_continue(w);
2051 	if (res <= 0)
2052 		fib6_walker_unlink(net, w);
2053 	return res;
2054 }
2055 
2056 static int fib6_clean_node(struct fib6_walker *w)
2057 {
2058 	int res;
2059 	struct fib6_info *rt;
2060 	struct fib6_cleaner *c = container_of(w, struct fib6_cleaner, w);
2061 	struct nl_info info = {
2062 		.nl_net = c->net,
2063 		.skip_notify = c->skip_notify,
2064 	};
2065 
2066 	if (c->sernum != FIB6_NO_SERNUM_CHANGE &&
2067 	    w->node->fn_sernum != c->sernum)
2068 		w->node->fn_sernum = c->sernum;
2069 
2070 	if (!c->func) {
2071 		WARN_ON_ONCE(c->sernum == FIB6_NO_SERNUM_CHANGE);
2072 		w->leaf = NULL;
2073 		return 0;
2074 	}
2075 
2076 	for_each_fib6_walker_rt(w) {
2077 		res = c->func(rt, c->arg);
2078 		if (res == -1) {
2079 			w->leaf = rt;
2080 			res = fib6_del(rt, &info);
2081 			if (res) {
2082 #if RT6_DEBUG >= 2
2083 				pr_debug("%s: del failed: rt=%p@%p err=%d\n",
2084 					 __func__, rt,
2085 					 rcu_access_pointer(rt->fib6_node),
2086 					 res);
2087 #endif
2088 				continue;
2089 			}
2090 			return 0;
2091 		} else if (res == -2) {
2092 			if (WARN_ON(!rt->fib6_nsiblings))
2093 				continue;
2094 			rt = list_last_entry(&rt->fib6_siblings,
2095 					     struct fib6_info, fib6_siblings);
2096 			continue;
2097 		}
2098 		WARN_ON(res != 0);
2099 	}
2100 	w->leaf = rt;
2101 	return 0;
2102 }
2103 
2104 /*
2105  *	Convenient frontend to tree walker.
2106  *
2107  *	func is called on each route.
2108  *		It may return -2 -> skip multipath route.
2109  *			      -1 -> delete this route.
2110  *		              0  -> continue walking
2111  */
2112 
2113 static void fib6_clean_tree(struct net *net, struct fib6_node *root,
2114 			    int (*func)(struct fib6_info *, void *arg),
2115 			    int sernum, void *arg, bool skip_notify)
2116 {
2117 	struct fib6_cleaner c;
2118 
2119 	c.w.root = root;
2120 	c.w.func = fib6_clean_node;
2121 	c.w.count = 0;
2122 	c.w.skip = 0;
2123 	c.w.skip_in_node = 0;
2124 	c.func = func;
2125 	c.sernum = sernum;
2126 	c.arg = arg;
2127 	c.net = net;
2128 	c.skip_notify = skip_notify;
2129 
2130 	fib6_walk(net, &c.w);
2131 }
2132 
2133 static void __fib6_clean_all(struct net *net,
2134 			     int (*func)(struct fib6_info *, void *),
2135 			     int sernum, void *arg, bool skip_notify)
2136 {
2137 	struct fib6_table *table;
2138 	struct hlist_head *head;
2139 	unsigned int h;
2140 
2141 	rcu_read_lock();
2142 	for (h = 0; h < FIB6_TABLE_HASHSZ; h++) {
2143 		head = &net->ipv6.fib_table_hash[h];
2144 		hlist_for_each_entry_rcu(table, head, tb6_hlist) {
2145 			spin_lock_bh(&table->tb6_lock);
2146 			fib6_clean_tree(net, &table->tb6_root,
2147 					func, sernum, arg, skip_notify);
2148 			spin_unlock_bh(&table->tb6_lock);
2149 		}
2150 	}
2151 	rcu_read_unlock();
2152 }
2153 
2154 void fib6_clean_all(struct net *net, int (*func)(struct fib6_info *, void *),
2155 		    void *arg)
2156 {
2157 	__fib6_clean_all(net, func, FIB6_NO_SERNUM_CHANGE, arg, false);
2158 }
2159 
2160 void fib6_clean_all_skip_notify(struct net *net,
2161 				int (*func)(struct fib6_info *, void *),
2162 				void *arg)
2163 {
2164 	__fib6_clean_all(net, func, FIB6_NO_SERNUM_CHANGE, arg, true);
2165 }
2166 
2167 static void fib6_flush_trees(struct net *net)
2168 {
2169 	int new_sernum = fib6_new_sernum(net);
2170 
2171 	__fib6_clean_all(net, NULL, new_sernum, NULL, false);
2172 }
2173 
2174 /*
2175  *	Garbage collection
2176  */
2177 
2178 static int fib6_age(struct fib6_info *rt, void *arg)
2179 {
2180 	struct fib6_gc_args *gc_args = arg;
2181 	unsigned long now = jiffies;
2182 
2183 	/*
2184 	 *	check addrconf expiration here.
2185 	 *	Routes are expired even if they are in use.
2186 	 */
2187 
2188 	if (rt->fib6_flags & RTF_EXPIRES && rt->expires) {
2189 		if (time_after(now, rt->expires)) {
2190 			RT6_TRACE("expiring %p\n", rt);
2191 			return -1;
2192 		}
2193 		gc_args->more++;
2194 	}
2195 
2196 	/*	Also age clones in the exception table.
2197 	 *	Note, that clones are aged out
2198 	 *	only if they are not in use now.
2199 	 */
2200 	rt6_age_exceptions(rt, gc_args, now);
2201 
2202 	return 0;
2203 }
2204 
2205 void fib6_run_gc(unsigned long expires, struct net *net, bool force)
2206 {
2207 	struct fib6_gc_args gc_args;
2208 	unsigned long now;
2209 
2210 	if (force) {
2211 		spin_lock_bh(&net->ipv6.fib6_gc_lock);
2212 	} else if (!spin_trylock_bh(&net->ipv6.fib6_gc_lock)) {
2213 		mod_timer(&net->ipv6.ip6_fib_timer, jiffies + HZ);
2214 		return;
2215 	}
2216 	gc_args.timeout = expires ? (int)expires :
2217 			  net->ipv6.sysctl.ip6_rt_gc_interval;
2218 	gc_args.more = 0;
2219 
2220 	fib6_clean_all(net, fib6_age, &gc_args);
2221 	now = jiffies;
2222 	net->ipv6.ip6_rt_last_gc = now;
2223 
2224 	if (gc_args.more)
2225 		mod_timer(&net->ipv6.ip6_fib_timer,
2226 			  round_jiffies(now
2227 					+ net->ipv6.sysctl.ip6_rt_gc_interval));
2228 	else
2229 		del_timer(&net->ipv6.ip6_fib_timer);
2230 	spin_unlock_bh(&net->ipv6.fib6_gc_lock);
2231 }
2232 
2233 static void fib6_gc_timer_cb(struct timer_list *t)
2234 {
2235 	struct net *arg = from_timer(arg, t, ipv6.ip6_fib_timer);
2236 
2237 	fib6_run_gc(0, arg, true);
2238 }
2239 
2240 static int __net_init fib6_net_init(struct net *net)
2241 {
2242 	size_t size = sizeof(struct hlist_head) * FIB6_TABLE_HASHSZ;
2243 	int err;
2244 
2245 	err = fib6_notifier_init(net);
2246 	if (err)
2247 		return err;
2248 
2249 	spin_lock_init(&net->ipv6.fib6_gc_lock);
2250 	rwlock_init(&net->ipv6.fib6_walker_lock);
2251 	INIT_LIST_HEAD(&net->ipv6.fib6_walkers);
2252 	timer_setup(&net->ipv6.ip6_fib_timer, fib6_gc_timer_cb, 0);
2253 
2254 	net->ipv6.rt6_stats = kzalloc(sizeof(*net->ipv6.rt6_stats), GFP_KERNEL);
2255 	if (!net->ipv6.rt6_stats)
2256 		goto out_timer;
2257 
2258 	/* Avoid false sharing : Use at least a full cache line */
2259 	size = max_t(size_t, size, L1_CACHE_BYTES);
2260 
2261 	net->ipv6.fib_table_hash = kzalloc(size, GFP_KERNEL);
2262 	if (!net->ipv6.fib_table_hash)
2263 		goto out_rt6_stats;
2264 
2265 	net->ipv6.fib6_main_tbl = kzalloc(sizeof(*net->ipv6.fib6_main_tbl),
2266 					  GFP_KERNEL);
2267 	if (!net->ipv6.fib6_main_tbl)
2268 		goto out_fib_table_hash;
2269 
2270 	net->ipv6.fib6_main_tbl->tb6_id = RT6_TABLE_MAIN;
2271 	rcu_assign_pointer(net->ipv6.fib6_main_tbl->tb6_root.leaf,
2272 			   net->ipv6.fib6_null_entry);
2273 	net->ipv6.fib6_main_tbl->tb6_root.fn_flags =
2274 		RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
2275 	inet_peer_base_init(&net->ipv6.fib6_main_tbl->tb6_peers);
2276 
2277 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
2278 	net->ipv6.fib6_local_tbl = kzalloc(sizeof(*net->ipv6.fib6_local_tbl),
2279 					   GFP_KERNEL);
2280 	if (!net->ipv6.fib6_local_tbl)
2281 		goto out_fib6_main_tbl;
2282 	net->ipv6.fib6_local_tbl->tb6_id = RT6_TABLE_LOCAL;
2283 	rcu_assign_pointer(net->ipv6.fib6_local_tbl->tb6_root.leaf,
2284 			   net->ipv6.fib6_null_entry);
2285 	net->ipv6.fib6_local_tbl->tb6_root.fn_flags =
2286 		RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
2287 	inet_peer_base_init(&net->ipv6.fib6_local_tbl->tb6_peers);
2288 #endif
2289 	fib6_tables_init(net);
2290 
2291 	return 0;
2292 
2293 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
2294 out_fib6_main_tbl:
2295 	kfree(net->ipv6.fib6_main_tbl);
2296 #endif
2297 out_fib_table_hash:
2298 	kfree(net->ipv6.fib_table_hash);
2299 out_rt6_stats:
2300 	kfree(net->ipv6.rt6_stats);
2301 out_timer:
2302 	fib6_notifier_exit(net);
2303 	return -ENOMEM;
2304 }
2305 
2306 static void fib6_net_exit(struct net *net)
2307 {
2308 	unsigned int i;
2309 
2310 	del_timer_sync(&net->ipv6.ip6_fib_timer);
2311 
2312 	for (i = 0; i < FIB6_TABLE_HASHSZ; i++) {
2313 		struct hlist_head *head = &net->ipv6.fib_table_hash[i];
2314 		struct hlist_node *tmp;
2315 		struct fib6_table *tb;
2316 
2317 		hlist_for_each_entry_safe(tb, tmp, head, tb6_hlist) {
2318 			hlist_del(&tb->tb6_hlist);
2319 			fib6_free_table(tb);
2320 		}
2321 	}
2322 
2323 	kfree(net->ipv6.fib_table_hash);
2324 	kfree(net->ipv6.rt6_stats);
2325 	fib6_notifier_exit(net);
2326 }
2327 
2328 static struct pernet_operations fib6_net_ops = {
2329 	.init = fib6_net_init,
2330 	.exit = fib6_net_exit,
2331 };
2332 
2333 int __init fib6_init(void)
2334 {
2335 	int ret = -ENOMEM;
2336 
2337 	fib6_node_kmem = kmem_cache_create("fib6_nodes",
2338 					   sizeof(struct fib6_node),
2339 					   0, SLAB_HWCACHE_ALIGN,
2340 					   NULL);
2341 	if (!fib6_node_kmem)
2342 		goto out;
2343 
2344 	ret = register_pernet_subsys(&fib6_net_ops);
2345 	if (ret)
2346 		goto out_kmem_cache_create;
2347 
2348 	ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETROUTE, NULL,
2349 				   inet6_dump_fib, 0);
2350 	if (ret)
2351 		goto out_unregister_subsys;
2352 
2353 	__fib6_flush_trees = fib6_flush_trees;
2354 out:
2355 	return ret;
2356 
2357 out_unregister_subsys:
2358 	unregister_pernet_subsys(&fib6_net_ops);
2359 out_kmem_cache_create:
2360 	kmem_cache_destroy(fib6_node_kmem);
2361 	goto out;
2362 }
2363 
2364 void fib6_gc_cleanup(void)
2365 {
2366 	unregister_pernet_subsys(&fib6_net_ops);
2367 	kmem_cache_destroy(fib6_node_kmem);
2368 }
2369 
2370 #ifdef CONFIG_PROC_FS
2371 static int ipv6_route_seq_show(struct seq_file *seq, void *v)
2372 {
2373 	struct fib6_info *rt = v;
2374 	struct ipv6_route_iter *iter = seq->private;
2375 	struct fib6_nh *fib6_nh = rt->fib6_nh;
2376 	unsigned int flags = rt->fib6_flags;
2377 	const struct net_device *dev;
2378 
2379 	if (rt->nh)
2380 		fib6_nh = nexthop_fib6_nh(rt->nh);
2381 
2382 	seq_printf(seq, "%pi6 %02x ", &rt->fib6_dst.addr, rt->fib6_dst.plen);
2383 
2384 #ifdef CONFIG_IPV6_SUBTREES
2385 	seq_printf(seq, "%pi6 %02x ", &rt->fib6_src.addr, rt->fib6_src.plen);
2386 #else
2387 	seq_puts(seq, "00000000000000000000000000000000 00 ");
2388 #endif
2389 	if (fib6_nh->fib_nh_gw_family) {
2390 		flags |= RTF_GATEWAY;
2391 		seq_printf(seq, "%pi6", &fib6_nh->fib_nh_gw6);
2392 	} else {
2393 		seq_puts(seq, "00000000000000000000000000000000");
2394 	}
2395 
2396 	dev = fib6_nh->fib_nh_dev;
2397 	seq_printf(seq, " %08x %08x %08x %08x %8s\n",
2398 		   rt->fib6_metric, refcount_read(&rt->fib6_ref), 0,
2399 		   flags, dev ? dev->name : "");
2400 	iter->w.leaf = NULL;
2401 	return 0;
2402 }
2403 
2404 static int ipv6_route_yield(struct fib6_walker *w)
2405 {
2406 	struct ipv6_route_iter *iter = w->args;
2407 
2408 	if (!iter->skip)
2409 		return 1;
2410 
2411 	do {
2412 		iter->w.leaf = rcu_dereference_protected(
2413 				iter->w.leaf->fib6_next,
2414 				lockdep_is_held(&iter->tbl->tb6_lock));
2415 		iter->skip--;
2416 		if (!iter->skip && iter->w.leaf)
2417 			return 1;
2418 	} while (iter->w.leaf);
2419 
2420 	return 0;
2421 }
2422 
2423 static void ipv6_route_seq_setup_walk(struct ipv6_route_iter *iter,
2424 				      struct net *net)
2425 {
2426 	memset(&iter->w, 0, sizeof(iter->w));
2427 	iter->w.func = ipv6_route_yield;
2428 	iter->w.root = &iter->tbl->tb6_root;
2429 	iter->w.state = FWS_INIT;
2430 	iter->w.node = iter->w.root;
2431 	iter->w.args = iter;
2432 	iter->sernum = iter->w.root->fn_sernum;
2433 	INIT_LIST_HEAD(&iter->w.lh);
2434 	fib6_walker_link(net, &iter->w);
2435 }
2436 
2437 static struct fib6_table *ipv6_route_seq_next_table(struct fib6_table *tbl,
2438 						    struct net *net)
2439 {
2440 	unsigned int h;
2441 	struct hlist_node *node;
2442 
2443 	if (tbl) {
2444 		h = (tbl->tb6_id & (FIB6_TABLE_HASHSZ - 1)) + 1;
2445 		node = rcu_dereference_bh(hlist_next_rcu(&tbl->tb6_hlist));
2446 	} else {
2447 		h = 0;
2448 		node = NULL;
2449 	}
2450 
2451 	while (!node && h < FIB6_TABLE_HASHSZ) {
2452 		node = rcu_dereference_bh(
2453 			hlist_first_rcu(&net->ipv6.fib_table_hash[h++]));
2454 	}
2455 	return hlist_entry_safe(node, struct fib6_table, tb6_hlist);
2456 }
2457 
2458 static void ipv6_route_check_sernum(struct ipv6_route_iter *iter)
2459 {
2460 	if (iter->sernum != iter->w.root->fn_sernum) {
2461 		iter->sernum = iter->w.root->fn_sernum;
2462 		iter->w.state = FWS_INIT;
2463 		iter->w.node = iter->w.root;
2464 		WARN_ON(iter->w.skip);
2465 		iter->w.skip = iter->w.count;
2466 	}
2467 }
2468 
2469 static void *ipv6_route_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2470 {
2471 	int r;
2472 	struct fib6_info *n;
2473 	struct net *net = seq_file_net(seq);
2474 	struct ipv6_route_iter *iter = seq->private;
2475 
2476 	if (!v)
2477 		goto iter_table;
2478 
2479 	n = rcu_dereference_bh(((struct fib6_info *)v)->fib6_next);
2480 	if (n) {
2481 		++*pos;
2482 		return n;
2483 	}
2484 
2485 iter_table:
2486 	ipv6_route_check_sernum(iter);
2487 	spin_lock_bh(&iter->tbl->tb6_lock);
2488 	r = fib6_walk_continue(&iter->w);
2489 	spin_unlock_bh(&iter->tbl->tb6_lock);
2490 	if (r > 0) {
2491 		if (v)
2492 			++*pos;
2493 		return iter->w.leaf;
2494 	} else if (r < 0) {
2495 		fib6_walker_unlink(net, &iter->w);
2496 		return NULL;
2497 	}
2498 	fib6_walker_unlink(net, &iter->w);
2499 
2500 	iter->tbl = ipv6_route_seq_next_table(iter->tbl, net);
2501 	if (!iter->tbl)
2502 		return NULL;
2503 
2504 	ipv6_route_seq_setup_walk(iter, net);
2505 	goto iter_table;
2506 }
2507 
2508 static void *ipv6_route_seq_start(struct seq_file *seq, loff_t *pos)
2509 	__acquires(RCU_BH)
2510 {
2511 	struct net *net = seq_file_net(seq);
2512 	struct ipv6_route_iter *iter = seq->private;
2513 
2514 	rcu_read_lock_bh();
2515 	iter->tbl = ipv6_route_seq_next_table(NULL, net);
2516 	iter->skip = *pos;
2517 
2518 	if (iter->tbl) {
2519 		ipv6_route_seq_setup_walk(iter, net);
2520 		return ipv6_route_seq_next(seq, NULL, pos);
2521 	} else {
2522 		return NULL;
2523 	}
2524 }
2525 
2526 static bool ipv6_route_iter_active(struct ipv6_route_iter *iter)
2527 {
2528 	struct fib6_walker *w = &iter->w;
2529 	return w->node && !(w->state == FWS_U && w->node == w->root);
2530 }
2531 
2532 static void ipv6_route_seq_stop(struct seq_file *seq, void *v)
2533 	__releases(RCU_BH)
2534 {
2535 	struct net *net = seq_file_net(seq);
2536 	struct ipv6_route_iter *iter = seq->private;
2537 
2538 	if (ipv6_route_iter_active(iter))
2539 		fib6_walker_unlink(net, &iter->w);
2540 
2541 	rcu_read_unlock_bh();
2542 }
2543 
2544 const struct seq_operations ipv6_route_seq_ops = {
2545 	.start	= ipv6_route_seq_start,
2546 	.next	= ipv6_route_seq_next,
2547 	.stop	= ipv6_route_seq_stop,
2548 	.show	= ipv6_route_seq_show
2549 };
2550 #endif /* CONFIG_PROC_FS */
2551