change system file

hc

2024-10-09 244b2c5ca8b14627e4a17755e5922221e121c771

 kernel/net/ipv6/udp.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /*
2
3
  *	UDP over IPv6
3
4
  *	Linux INET6 implementation
..
..
@@ -14,11 +15,6 @@
14
15
  *					a single port at the same time.
15
16
  *      Kazunori MIYAZAWA @USAGI:       change process style to use ip6_append_data
16
17
  *      YOSHIFUJI Hideaki @USAGI:	convert /proc/net/udp6 to seq_file.
17
- *
18
- *	This program is free software; you can redistribute it and/or
19
- *      modify it under the terms of the GNU General Public License
20
- *      as published by the Free Software Foundation; either version
21
- *      2 of the License, or (at your option) any later version.
22
18
  */
23
19
 
24
20
 #include <linux/errno.h>
..
..
@@ -36,6 +32,7 @@
36
32
 #include <linux/skbuff.h>
37
33
 #include <linux/slab.h>
38
34
 #include <linux/uaccess.h>
35
+#include <linux/indirect_call_wrapper.h>
39
36
 
40
37
 #include <net/addrconf.h>
41
38
 #include <net/ndisc.h>
..
..
@@ -45,6 +42,7 @@
45
42
 #include <net/raw.h>
46
43
 #include <net/tcp_states.h>
47
44
 #include <net/ip6_checksum.h>
45
+#include <net/ip6_tunnel.h>
48
46
 #include <net/xfrm.h>
49
47
 #include <net/inet_hashtables.h>
50
48
 #include <net/inet6_hashtables.h>
..
..
@@ -56,14 +54,17 @@
56
54
 #include <trace/events/skb.h>
57
55
 #include "udp_impl.h"
58
56
 
59
-static bool udp6_lib_exact_dif_match(struct net *net, struct sk_buff *skb)
57
+static void udpv6_destruct_sock(struct sock *sk)
60
58
 {
61
-#if defined(CONFIG_NET_L3_MASTER_DEV)
62
-	if (!net->ipv4.sysctl_udp_l3mdev_accept &&
63
-	    skb && ipv6_l3mdev_skb(IP6CB(skb)->flags))
64
-		return true;
65
-#endif
66
-	return false;
59
+	udp_destruct_common(sk);
60
+	inet6_sock_destruct(sk);
61
+}
62
+
63
+int udpv6_init_sock(struct sock *sk)
64
+{
65
+	skb_queue_head_init(&udp_sk(sk)->reader_queue);
66
+	sk->sk_destruct = udpv6_destruct_sock;
67
+	return 0;
67
68
 }
68
69
 
69
70
 static u32 udp6_ehashfn(const struct net *net,
..
..
@@ -86,7 +87,7 @@
86
87
 	fhash = __ipv6_addr_jhash(faddr, udp_ipv6_hash_secret);
87
88
 
88
89
 	return __inet6_ehashfn(lhash, lport, fhash, fport,
89
-			       udp_ipv6_hash_secret + net_hash_mix(net));
90
+			       udp6_ehash_secret + net_hash_mix(net));
90
91
 }
91
92
 
92
93
 int udp_v6_get_port(struct sock *sk, unsigned short snum)
..
..
@@ -101,7 +102,7 @@
101
102
 	return udp_lib_get_port(sk, snum, hash2_nulladdr);
102
103
 }
103
104
 
104
-static void udp_v6_rehash(struct sock *sk)
105
+void udp_v6_rehash(struct sock *sk)
105
106
 {
106
107
 	u16 new_hash = ipv6_portaddr_hash(sock_net(sk),
107
108
 					  &sk->sk_v6_rcv_saddr,
..
..
@@ -113,14 +114,18 @@
113
114
 static int compute_score(struct sock *sk, struct net *net,
114
115
 			 const struct in6_addr *saddr, __be16 sport,
115
116
 			 const struct in6_addr *daddr, unsigned short hnum,
116
-			 int dif, int sdif, bool exact_dif)
117
+			 int dif, int sdif)
117
118
 {
118
119
 	int score;
119
120
 	struct inet_sock *inet;
121
+	bool dev_match;
120
122
 
121
123
 	if (!net_eq(sock_net(sk), net) ||
122
124
 	    udp_sk(sk)->udp_port_hash != hnum ||
123
125
 	    sk->sk_family != PF_INET6)
126
+		return -1;
127
+
128
+	if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
124
129
 		return -1;
125
130
 
126
131
 	score = 0;
..
..
@@ -132,27 +137,17 @@
132
137
 		score++;
133
138
 	}
134
139
 
135
-	if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
136
-		if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
137
-			return -1;
138
-		score++;
139
-	}
140
-
141
140
 	if (!ipv6_addr_any(&sk->sk_v6_daddr)) {
142
141
 		if (!ipv6_addr_equal(&sk->sk_v6_daddr, saddr))
143
142
 			return -1;
144
143
 		score++;
145
144
 	}
146
145
 
147
-	if (sk->sk_bound_dev_if || exact_dif) {
148
-		bool dev_match = (sk->sk_bound_dev_if == dif ||
149
-				  sk->sk_bound_dev_if == sdif);
150
-
151
-		if (!dev_match)
152
-			return -1;
153
-		if (sk->sk_bound_dev_if)
154
-			score++;
155
-	}
146
+	dev_match = udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif);
147
+	if (!dev_match)
148
+		return -1;
149
+	if (sk->sk_bound_dev_if)
150
+		score++;
156
151
 
157
152
 	if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
158
153
 		score++;
..
..
@@ -160,41 +155,85 @@
160
155
 	return score;
161
156
 }
162
157
 
158
+static struct sock *lookup_reuseport(struct net *net, struct sock *sk,
159
+				     struct sk_buff *skb,
160
+				     const struct in6_addr *saddr,
161
+				     __be16 sport,
162
+				     const struct in6_addr *daddr,
163
+				     unsigned int hnum)
164
+{
165
+	struct sock *reuse_sk = NULL;
166
+	u32 hash;
167
+
168
+	if (sk->sk_reuseport && sk->sk_state != TCP_ESTABLISHED) {
169
+		hash = udp6_ehashfn(net, daddr, hnum, saddr, sport);
170
+		reuse_sk = reuseport_select_sock(sk, hash, skb,
171
+						 sizeof(struct udphdr));
172
+	}
173
+	return reuse_sk;
174
+}
175
+
163
176
 /* called with rcu_read_lock() */
164
177
 static struct sock *udp6_lib_lookup2(struct net *net,
165
178
 		const struct in6_addr *saddr, __be16 sport,
166
179
 		const struct in6_addr *daddr, unsigned int hnum,
167
-		int dif, int sdif, bool exact_dif,
168
-		struct udp_hslot *hslot2, struct sk_buff *skb)
180
+		int dif, int sdif, struct udp_hslot *hslot2,
181
+		struct sk_buff *skb)
169
182
 {
170
-	struct sock *sk, *result, *reuseport_result;
183
+	struct sock *sk, *result;
171
184
 	int score, badness;
172
-	u32 hash = 0;
173
185
 
174
186
 	result = NULL;
175
187
 	badness = -1;
176
188
 	udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) {
177
189
 		score = compute_score(sk, net, saddr, sport,
178
-				      daddr, hnum, dif, sdif, exact_dif);
190
+				      daddr, hnum, dif, sdif);
179
191
 		if (score > badness) {
180
-			reuseport_result = NULL;
181
-
182
-			if (sk->sk_reuseport &&
183
-			    sk->sk_state != TCP_ESTABLISHED) {
184
-				hash = udp6_ehashfn(net, daddr, hnum,
185
-						    saddr, sport);
186
-
187
-				reuseport_result = reuseport_select_sock(sk, hash, skb,
188
-									 sizeof(struct udphdr));
189
-				if (reuseport_result && !reuseport_has_conns(sk, false))
190
-					return reuseport_result;
192
+			badness = score;
193
+			result = lookup_reuseport(net, sk, skb, saddr, sport, daddr, hnum);
194
+			if (!result) {
195
+				result = sk;
196
+				continue;
191
197
 			}
192
198
 
193
-			result = reuseport_result ? : sk;
194
-			badness = score;
199
+			/* Fall back to scoring if group has connections */
200
+			if (!reuseport_has_conns(sk))
201
+				return result;
202
+
203
+			/* Reuseport logic returned an error, keep original score. */
204
+			if (IS_ERR(result))
205
+				continue;
206
+
207
+			badness = compute_score(sk, net, saddr, sport,
208
+						daddr, hnum, dif, sdif);
195
209
 		}
196
210
 	}
197
211
 	return result;
212
+}
213
+
214
+static inline struct sock *udp6_lookup_run_bpf(struct net *net,
215
+					       struct udp_table *udptable,
216
+					       struct sk_buff *skb,
217
+					       const struct in6_addr *saddr,
218
+					       __be16 sport,
219
+					       const struct in6_addr *daddr,
220
+					       u16 hnum)
221
+{
222
+	struct sock *sk, *reuse_sk;
223
+	bool no_reuseport;
224
+
225
+	if (udptable != &udp_table)
226
+		return NULL; /* only UDP is supported */
227
+
228
+	no_reuseport = bpf_sk_lookup_run_v6(net, IPPROTO_UDP,
229
+					    saddr, sport, daddr, hnum, &sk);
230
+	if (no_reuseport || IS_ERR_OR_NULL(sk))
231
+		return sk;
232
+
233
+	reuse_sk = lookup_reuseport(net, sk, skb, saddr, sport, daddr, hnum);
234
+	if (reuse_sk)
235
+		sk = reuse_sk;
236
+	return sk;
198
237
 }
199
238
 
200
239
 /* rcu_read_lock() must be held */
..
..
@@ -204,66 +243,47 @@
204
243
 			       int dif, int sdif, struct udp_table *udptable,
205
244
 			       struct sk_buff *skb)
206
245
 {
207
-	struct sock *sk, *result;
208
246
 	unsigned short hnum = ntohs(dport);
209
-	unsigned int hash2, slot2, slot = udp_hashfn(net, hnum, udptable->mask);
210
-	struct udp_hslot *hslot2, *hslot = &udptable->hash[slot];
211
-	bool exact_dif = udp6_lib_exact_dif_match(net, skb);
212
-	int score, badness;
213
-	u32 hash = 0;
247
+	unsigned int hash2, slot2;
248
+	struct udp_hslot *hslot2;
249
+	struct sock *result, *sk;
214
250
 
215
-	if (hslot->count > 10) {
216
-		hash2 = ipv6_portaddr_hash(net, daddr, hnum);
217
-		slot2 = hash2 & udptable->mask;
218
-		hslot2 = &udptable->hash2[slot2];
219
-		if (hslot->count < hslot2->count)
220
-			goto begin;
251
+	hash2 = ipv6_portaddr_hash(net, daddr, hnum);
252
+	slot2 = hash2 & udptable->mask;
253
+	hslot2 = &udptable->hash2[slot2];
221
254
 
222
-		result = udp6_lib_lookup2(net, saddr, sport,
223
-					  daddr, hnum, dif, sdif, exact_dif,
224
-					  hslot2, skb);
225
-		if (!result) {
226
-			unsigned int old_slot2 = slot2;
227
-			hash2 = ipv6_portaddr_hash(net, &in6addr_any, hnum);
228
-			slot2 = hash2 & udptable->mask;
229
-			/* avoid searching the same slot again. */
230
-			if (unlikely(slot2 == old_slot2))
231
-				return result;
255
+	/* Lookup connected or non-wildcard sockets */
256
+	result = udp6_lib_lookup2(net, saddr, sport,
257
+				  daddr, hnum, dif, sdif,
258
+				  hslot2, skb);
259
+	if (!IS_ERR_OR_NULL(result) && result->sk_state == TCP_ESTABLISHED)
260
+		goto done;
232
261
 
233
-			hslot2 = &udptable->hash2[slot2];
234
-			if (hslot->count < hslot2->count)
235
-				goto begin;
236
-
237
-			result = udp6_lib_lookup2(net, saddr, sport,
238
-						  daddr, hnum, dif, sdif,
239
-						  exact_dif, hslot2,
240
-						  skb);
241
-		}
242
-		if (unlikely(IS_ERR(result)))
243
-			return NULL;
244
-		return result;
245
-	}
246
-begin:
247
-	result = NULL;
248
-	badness = -1;
249
-	sk_for_each_rcu(sk, &hslot->head) {
250
-		score = compute_score(sk, net, saddr, sport, daddr, hnum, dif,
251
-				      sdif, exact_dif);
252
-		if (score > badness) {
253
-			if (sk->sk_reuseport) {
254
-				hash = udp6_ehashfn(net, daddr, hnum,
255
-						    saddr, sport);
256
-				result = reuseport_select_sock(sk, hash, skb,
257
-							sizeof(struct udphdr));
258
-				if (unlikely(IS_ERR(result)))
259
-					return NULL;
260
-				if (result)
261
-					return result;
262
-			}
262
+	/* Lookup redirect from BPF */
263
+	if (static_branch_unlikely(&bpf_sk_lookup_enabled)) {
264
+		sk = udp6_lookup_run_bpf(net, udptable, skb,
265
+					 saddr, sport, daddr, hnum);
266
+		if (sk) {
263
267
 			result = sk;
264
-			badness = score;
268
+			goto done;
265
269
 		}
266
270
 	}
271
+
272
+	/* Got non-wildcard socket or error on first lookup */
273
+	if (result)
274
+		goto done;
275
+
276
+	/* Lookup wildcard sockets */
277
+	hash2 = ipv6_portaddr_hash(net, &in6addr_any, hnum);
278
+	slot2 = hash2 & udptable->mask;
279
+	hslot2 = &udptable->hash2[slot2];
280
+
281
+	result = udp6_lib_lookup2(net, saddr, sport,
282
+				  &in6addr_any, hnum, dif, sdif,
283
+				  hslot2, skb);
284
+done:
285
+	if (IS_ERR(result))
286
+		return NULL;
267
287
 	return result;
268
288
 }
269
289
 EXPORT_SYMBOL_GPL(__udp6_lib_lookup);
..
..
@@ -329,9 +349,9 @@
329
349
 	struct inet_sock *inet = inet_sk(sk);
330
350
 	struct sk_buff *skb;
331
351
 	unsigned int ulen, copied;
332
-	int peeked, peeking, off;
333
-	int err;
352
+	int off, err, peeking = flags & MSG_PEEK;
334
353
 	int is_udplite = IS_UDPLITE(sk);
354
+	struct udp_mib __percpu *mib;
335
355
 	bool checksum_valid = false;
336
356
 	int is_udp4;
337
357
 
..
..
@@ -342,9 +362,8 @@
342
362
 		return ipv6_recv_rxpmtu(sk, msg, len, addr_len);
343
363
 
344
364
 try_again:
345
-	peeking = flags & MSG_PEEK;
346
365
 	off = sk_peek_offset(sk, flags);
347
-	skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
366
+	skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
348
367
 	if (!skb)
349
368
 		return err;
350
369
 
..
..
@@ -356,6 +375,7 @@
356
375
 		msg->msg_flags |= MSG_TRUNC;
357
376
 
358
377
 	is_udp4 = (skb->protocol == htons(ETH_P_IP));
378
+	mib = __UDPX_MIB(sk, is_udp4);
359
379
 
360
380
 	/*
361
381
 	 * If checksum is needed at all, try to do it while copying the
..
..
@@ -382,26 +402,15 @@
382
402
 			goto csum_copy_err;
383
403
 	}
384
404
 	if (unlikely(err)) {
385
-		if (!peeked) {
405
+		if (!peeking) {
386
406
 			atomic_inc(&sk->sk_drops);
387
-			if (is_udp4)
388
-				UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS,
389
-					      is_udplite);
390
-			else
391
-				UDP6_INC_STATS(sock_net(sk), UDP_MIB_INERRORS,
392
-					       is_udplite);
407
+			SNMP_INC_STATS(mib, UDP_MIB_INERRORS);
393
408
 		}
394
409
 		kfree_skb(skb);
395
410
 		return err;
396
411
 	}
397
-	if (!peeked) {
398
-		if (is_udp4)
399
-			UDP_INC_STATS(sock_net(sk), UDP_MIB_INDATAGRAMS,
400
-				      is_udplite);
401
-		else
402
-			UDP6_INC_STATS(sock_net(sk), UDP_MIB_INDATAGRAMS,
403
-				       is_udplite);
404
-	}
412
+	if (!peeking)
413
+		SNMP_INC_STATS(mib, UDP_MIB_INDATAGRAMS);
405
414
 
406
415
 	sock_recv_ts_and_drops(msg, sk, skb);
407
416
 
..
..
@@ -429,6 +438,9 @@
429
438
 						(struct sockaddr *)sin6);
430
439
 	}
431
440
 
441
+	if (udp_sk(sk)->gro_enabled)
442
+		udp_cmsg_recv(msg, sk, skb);
443
+
432
444
 	if (np->rxopt.all)
433
445
 		ip6_datagram_recv_common_ctl(sk, msg, skb);
434
446
 
..
..
@@ -451,17 +463,8 @@
451
463
 csum_copy_err:
452
464
 	if (!__sk_queue_drop_skb(sk, &udp_sk(sk)->reader_queue, skb, flags,
453
465
 				 udp_skb_destructor)) {
454
-		if (is_udp4) {
455
-			UDP_INC_STATS(sock_net(sk),
456
-				      UDP_MIB_CSUMERRORS, is_udplite);
457
-			UDP_INC_STATS(sock_net(sk),
458
-				      UDP_MIB_INERRORS, is_udplite);
459
-		} else {
460
-			UDP6_INC_STATS(sock_net(sk),
461
-				       UDP_MIB_CSUMERRORS, is_udplite);
462
-			UDP6_INC_STATS(sock_net(sk),
463
-				       UDP_MIB_INERRORS, is_udplite);
464
-		}
466
+		SNMP_INC_STATS(mib, UDP_MIB_CSUMERRORS);
467
+		SNMP_INC_STATS(mib, UDP_MIB_INERRORS);
465
468
 	}
466
469
 	kfree_skb(skb);
467
470
 
..
..
@@ -471,26 +474,133 @@
471
474
 	goto try_again;
472
475
 }
473
476
 
474
-void __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
475
-		    u8 type, u8 code, int offset, __be32 info,
476
-		    struct udp_table *udptable)
477
+DEFINE_STATIC_KEY_FALSE(udpv6_encap_needed_key);
478
+void udpv6_encap_enable(void)
479
+{
480
+	static_branch_inc(&udpv6_encap_needed_key);
481
+}
482
+EXPORT_SYMBOL(udpv6_encap_enable);
483
+
484
+/* Handler for tunnels with arbitrary destination ports: no socket lookup, go
485
+ * through error handlers in encapsulations looking for a match.
486
+ */
487
+static int __udp6_lib_err_encap_no_sk(struct sk_buff *skb,
488
+				      struct inet6_skb_parm *opt,
489
+				      u8 type, u8 code, int offset, __be32 info)
490
+{
491
+	int i;
492
+
493
+	for (i = 0; i < MAX_IPTUN_ENCAP_OPS; i++) {
494
+		int (*handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
495
+			       u8 type, u8 code, int offset, __be32 info);
496
+		const struct ip6_tnl_encap_ops *encap;
497
+
498
+		encap = rcu_dereference(ip6tun_encaps[i]);
499
+		if (!encap)
500
+			continue;
501
+		handler = encap->err_handler;
502
+		if (handler && !handler(skb, opt, type, code, offset, info))
503
+			return 0;
504
+	}
505
+
506
+	return -ENOENT;
507
+}
508
+
509
+/* Try to match ICMP errors to UDP tunnels by looking up a socket without
510
+ * reversing source and destination port: this will match tunnels that force the
511
+ * same destination port on both endpoints (e.g. VXLAN, GENEVE). Note that
512
+ * lwtunnels might actually break this assumption by being configured with
513
+ * different destination ports on endpoints, in this case we won't be able to
514
+ * trace ICMP messages back to them.
515
+ *
516
+ * If this doesn't match any socket, probe tunnels with arbitrary destination
517
+ * ports (e.g. FoU, GUE): there, the receiving socket is useless, as the port
518
+ * we've sent packets to won't necessarily match the local destination port.
519
+ *
520
+ * Then ask the tunnel implementation to match the error against a valid
521
+ * association.
522
+ *
523
+ * Return an error if we can't find a match, the socket if we need further
524
+ * processing, zero otherwise.
525
+ */
526
+static struct sock *__udp6_lib_err_encap(struct net *net,
527
+					 const struct ipv6hdr *hdr, int offset,
528
+					 struct udphdr *uh,
529
+					 struct udp_table *udptable,
530
+					 struct sk_buff *skb,
531
+					 struct inet6_skb_parm *opt,
532
+					 u8 type, u8 code, __be32 info)
533
+{
534
+	int network_offset, transport_offset;
535
+	struct sock *sk;
536
+
537
+	network_offset = skb_network_offset(skb);
538
+	transport_offset = skb_transport_offset(skb);
539
+
540
+	/* Network header needs to point to the outer IPv6 header inside ICMP */
541
+	skb_reset_network_header(skb);
542
+
543
+	/* Transport header needs to point to the UDP header */
544
+	skb_set_transport_header(skb, offset);
545
+
546
+	sk = __udp6_lib_lookup(net, &hdr->daddr, uh->source,
547
+			       &hdr->saddr, uh->dest,
548
+			       inet6_iif(skb), 0, udptable, skb);
549
+	if (sk) {
550
+		int (*lookup)(struct sock *sk, struct sk_buff *skb);
551
+		struct udp_sock *up = udp_sk(sk);
552
+
553
+		lookup = READ_ONCE(up->encap_err_lookup);
554
+		if (!lookup || lookup(sk, skb))
555
+			sk = NULL;
556
+	}
557
+
558
+	if (!sk) {
559
+		sk = ERR_PTR(__udp6_lib_err_encap_no_sk(skb, opt, type, code,
560
+							offset, info));
561
+	}
562
+
563
+	skb_set_transport_header(skb, transport_offset);
564
+	skb_set_network_header(skb, network_offset);
565
+
566
+	return sk;
567
+}
568
+
569
+int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
570
+		   u8 type, u8 code, int offset, __be32 info,
571
+		   struct udp_table *udptable)
477
572
 {
478
573
 	struct ipv6_pinfo *np;
479
574
 	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
480
575
 	const struct in6_addr *saddr = &hdr->saddr;
481
576
 	const struct in6_addr *daddr = &hdr->daddr;
482
577
 	struct udphdr *uh = (struct udphdr *)(skb->data+offset);
578
+	bool tunnel = false;
483
579
 	struct sock *sk;
484
580
 	int harderr;
485
581
 	int err;
486
582
 	struct net *net = dev_net(skb->dev);
487
583
 
488
584
 	sk = __udp6_lib_lookup(net, daddr, uh->dest, saddr, uh->source,
489
-			       inet6_iif(skb), 0, udptable, NULL);
585
+			       inet6_iif(skb), inet6_sdif(skb), udptable, NULL);
490
586
 	if (!sk) {
491
-		__ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
492
-				  ICMP6_MIB_INERRORS);
493
-		return;
587
+		/* No socket for error: try tunnels before discarding */
588
+		sk = ERR_PTR(-ENOENT);
589
+		if (static_branch_unlikely(&udpv6_encap_needed_key)) {
590
+			sk = __udp6_lib_err_encap(net, hdr, offset, uh,
591
+						  udptable, skb,
592
+						  opt, type, code, info);
593
+			if (!sk)
594
+				return 0;
595
+		}
596
+
597
+		if (IS_ERR(sk)) {
598
+			__ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
599
+					  ICMP6_MIB_INERRORS);
600
+			return PTR_ERR(sk);
601
+		}
602
+
603
+		tunnel = true;
494
604
 	}
495
605
 
496
606
 	harderr = icmpv6_err_convert(type, code, &err);
..
..
@@ -504,9 +614,18 @@
504
614
 			harderr = 1;
505
615
 	}
506
616
 	if (type == NDISC_REDIRECT) {
507
-		ip6_sk_redirect(skb, sk);
617
+		if (tunnel) {
618
+			ip6_redirect(skb, sock_net(sk), inet6_iif(skb),
619
+				     sk->sk_mark, sk->sk_uid);
620
+		} else {
621
+			ip6_sk_redirect(skb, sk);
622
+		}
508
623
 		goto out;
509
624
 	}
625
+
626
+	/* Tunnels don't have an application socket: don't pass errors back */
627
+	if (tunnel)
628
+		goto out;
510
629
 
511
630
 	if (!np->recverr) {
512
631
 		if (!harderr || sk->sk_state != TCP_ESTABLISHED)
..
..
@@ -518,7 +637,7 @@
518
637
 	sk->sk_err = err;
519
638
 	sk->sk_error_report(sk);
520
639
 out:
521
-	return;
640
+	return 0;
522
641
 }
523
642
 
524
643
 static int __udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
..
..
@@ -549,21 +668,14 @@
549
668
 	return 0;
550
669
 }
551
670
 
552
-static __inline__ void udpv6_err(struct sk_buff *skb,
553
-				 struct inet6_skb_parm *opt, u8 type,
554
-				 u8 code, int offset, __be32 info)
671
+static __inline__ int udpv6_err(struct sk_buff *skb,
672
+				struct inet6_skb_parm *opt, u8 type,
673
+				u8 code, int offset, __be32 info)
555
674
 {
556
-	__udp6_lib_err(skb, opt, type, code, offset, info, &udp_table);
675
+	return __udp6_lib_err(skb, opt, type, code, offset, info, &udp_table);
557
676
 }
558
677
 
559
-static DEFINE_STATIC_KEY_FALSE(udpv6_encap_needed_key);
560
-void udpv6_encap_enable(void)
561
-{
562
-	static_branch_enable(&udpv6_encap_needed_key);
563
-}
564
-EXPORT_SYMBOL(udpv6_encap_enable);
565
-
566
-static int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
678
+static int udpv6_queue_rcv_one_skb(struct sock *sk, struct sk_buff *skb)
567
679
 {
568
680
 	struct udp_sock *up = udp_sk(sk);
569
681
 	int is_udplite = IS_UDPLITE(sk);
..
..
@@ -646,10 +758,31 @@
646
758
 	return -1;
647
759
 }
648
760
 
761
+static int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
762
+{
763
+	struct sk_buff *next, *segs;
764
+	int ret;
765
+
766
+	if (likely(!udp_unexpected_gso(sk, skb)))
767
+		return udpv6_queue_rcv_one_skb(sk, skb);
768
+
769
+	__skb_push(skb, -skb_mac_offset(skb));
770
+	segs = udp_rcv_segment(sk, skb, false);
771
+	skb_list_walk_safe(segs, skb, next) {
772
+		__skb_pull(skb, skb_transport_offset(skb));
773
+
774
+		ret = udpv6_queue_rcv_one_skb(sk, skb);
775
+		if (ret > 0)
776
+			ip6_protocol_deliver_rcu(dev_net(skb->dev), skb, ret,
777
+						 true);
778
+	}
779
+	return 0;
780
+}
781
+
649
782
 static bool __udp_v6_is_mcast_sock(struct net *net, struct sock *sk,
650
783
 				   __be16 loc_port, const struct in6_addr *loc_addr,
651
784
 				   __be16 rmt_port, const struct in6_addr *rmt_addr,
652
-				   int dif, unsigned short hnum)
785
+				   int dif, int sdif, unsigned short hnum)
653
786
 {
654
787
 	struct inet_sock *inet = inet_sk(sk);
655
788
 
..
..
@@ -661,7 +794,7 @@
661
794
 	    (inet->inet_dport && inet->inet_dport != rmt_port) ||
662
795
 	    (!ipv6_addr_any(&sk->sk_v6_daddr) &&
663
796
 		    !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr)) ||
664
-	    (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) ||
797
+	    !udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif) ||
665
798
 	    (!ipv6_addr_any(&sk->sk_v6_rcv_saddr) &&
666
799
 		    !ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr)))
667
800
 		return false;
..
..
@@ -695,6 +828,7 @@
695
828
 	unsigned int offset = offsetof(typeof(*sk), sk_node);
696
829
 	unsigned int hash2 = 0, hash2_any = 0, use_hash2 = (hslot->count > 10);
697
830
 	int dif = inet6_iif(skb);
831
+	int sdif = inet6_sdif(skb);
698
832
 	struct hlist_node *node;
699
833
 	struct sk_buff *nskb;
700
834
 
..
..
@@ -709,7 +843,8 @@
709
843
 
710
844
 	sk_for_each_entry_offset_rcu(sk, node, &hslot->head, offset) {
711
845
 		if (!__udp_v6_is_mcast_sock(net, sk, uh->dest, daddr,
712
-					    uh->source, saddr, dif, hnum))
846
+					    uh->source, saddr, dif, sdif,
847
+					    hnum))
713
848
 			continue;
714
849
 		/* If zero checksum and no_check is not on for
715
850
 		 * the socket then skip it.
..
..
@@ -769,8 +904,7 @@
769
904
 	int ret;
770
905
 
771
906
 	if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
772
-		skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
773
-					 ip6_compute_pseudo);
907
+		skb_checksum_try_convert(skb, IPPROTO_UDP, ip6_compute_pseudo);
774
908
 
775
909
 	ret = udpv6_queue_rcv_skb(sk, skb);
776
910
 
..
..
@@ -787,6 +921,7 @@
787
921
 	struct net *net = dev_net(skb->dev);
788
922
 	struct udphdr *uh;
789
923
 	struct sock *sk;
924
+	bool refcounted;
790
925
 	u32 ulen = 0;
791
926
 
792
927
 	if (!pskb_may_pull(skb, sizeof(struct udphdr)))
..
..
@@ -823,21 +958,23 @@
823
958
 		goto csum_error;
824
959
 
825
960
 	/* Check if the socket is already available, e.g. due to early demux */
826
-	sk = skb_steal_sock(skb);
961
+	sk = skb_steal_sock(skb, &refcounted);
827
962
 	if (sk) {
828
963
 		struct dst_entry *dst = skb_dst(skb);
829
964
 		int ret;
830
965
 
831
-		if (unlikely(sk->sk_rx_dst != dst))
966
+		if (unlikely(rcu_dereference(sk->sk_rx_dst) != dst))
832
967
 			udp6_sk_rx_dst_set(sk, dst);
833
968
 
834
969
 		if (!uh->check && !udp_sk(sk)->no_check6_rx) {
835
-			sock_put(sk);
970
+			if (refcounted)
971
+				sock_put(sk);
836
972
 			goto report_csum_error;
837
973
 		}
838
974
 
839
975
 		ret = udp6_unicast_rcv_skb(sk, skb, uh);
840
-		sock_put(sk);
976
+		if (refcounted)
977
+			sock_put(sk);
841
978
 		return ret;
842
979
 	}
843
980
 
..
..
@@ -904,7 +1041,7 @@
904
1041
 
905
1042
 	udp_portaddr_for_each_entry_rcu(sk, &hslot2->head) {
906
1043
 		if (sk->sk_state == TCP_ESTABLISHED &&
907
-		    INET6_MATCH(sk, net, rmt_addr, loc_addr, ports, dif, sdif))
1044
+		    inet6_match(net, sk, rmt_addr, loc_addr, ports, dif, sdif))
908
1045
 			return sk;
909
1046
 		/* Only check first socket in chain */
910
1047
 		break;
..
..
@@ -912,7 +1049,7 @@
912
1049
 	return NULL;
913
1050
 }
914
1051
 
915
-static void udp_v6_early_demux(struct sk_buff *skb)
1052
+void udp_v6_early_demux(struct sk_buff *skb)
916
1053
 {
917
1054
 	struct net *net = dev_net(skb->dev);
918
1055
 	const struct udphdr *uh;
..
..
@@ -940,7 +1077,7 @@
940
1077
 
941
1078
 	skb->sk = sk;
942
1079
 	skb->destructor = sock_efree;
943
-	dst = READ_ONCE(sk->sk_rx_dst);
1080
+	dst = rcu_dereference(sk->sk_rx_dst);
944
1081
 
945
1082
 	if (dst)
946
1083
 		dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
..
..
@@ -953,7 +1090,7 @@
953
1090
 	}
954
1091
 }
955
1092
 
956
-static __inline__ int udpv6_rcv(struct sk_buff *skb)
1093
+INDIRECT_CALLABLE_SCOPE int udpv6_rcv(struct sk_buff *skb)
957
1094
 {
958
1095
 	return __udp6_lib_rcv(skb, &udp_table, IPPROTO_UDP);
959
1096
 }
..
..
@@ -977,6 +1114,8 @@
977
1114
 static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
978
1115
 			     int addr_len)
979
1116
 {
1117
+	if (addr_len < offsetofend(struct sockaddr, sa_family))
1118
+		return -EINVAL;
980
1119
 	/* The following checks are replicated from __ip6_datagram_connect()
981
1120
 	 * and intended to prevent BPF program called below from accessing
982
1121
 	 * bytes that are out of the bound specified by user in addr_len.
..
..
@@ -998,6 +1137,9 @@
998
1137
  *	@sk:	socket we are sending on
999
1138
  *	@skb:	sk_buff containing the filled-in UDP header
1000
1139
  *		(checksum field must be zeroed out)
1140
+ *	@saddr: source address
1141
+ *	@daddr: destination address
1142
+ *	@len:	length of packet
1001
1143
  */
1002
1144
 static void udp6_hwcsum_outgoing(struct sock *sk, struct sk_buff *skb,
1003
1145
 				 const struct in6_addr *saddr,
..
..
@@ -1177,6 +1319,7 @@
1177
1319
 	ipcm6_init(&ipc6);
1178
1320
 	ipc6.gso_size = READ_ONCE(up->gso_size);
1179
1321
 	ipc6.sockc.tsflags = sk->sk_tsflags;
1322
+	ipc6.sockc.mark = sk->sk_mark;
1180
1323
 
1181
1324
 	/* destination address check */
1182
1325
 	if (sin6) {
..
..
@@ -1219,9 +1362,11 @@
1219
1362
 			msg->msg_name = &sin;
1220
1363
 			msg->msg_namelen = sizeof(sin);
1221
1364
 do_udp_sendmsg:
1222
-			if (__ipv6_only_sock(sk))
1223
-				return -ENETUNREACH;
1224
-			return udp_sendmsg(sk, msg, len);
1365
+			err = __ipv6_only_sock(sk) ?
1366
+				-ENETUNREACH : udp_sendmsg(sk, msg, len);
1367
+			msg->msg_name = sin6;
1368
+			msg->msg_namelen = addr_len;
1369
+			return err;
1225
1370
 		}
1226
1371
 	}
1227
1372
 
..
..
@@ -1266,7 +1411,7 @@
1266
1411
 			fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK;
1267
1412
 			if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1268
1413
 				flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
1269
-				if (!flowlabel)
1414
+				if (IS_ERR(flowlabel))
1270
1415
 					return -EINVAL;
1271
1416
 			}
1272
1417
 		}
..
..
@@ -1299,7 +1444,6 @@
1299
1444
 	if (!fl6.flowi6_oif)
1300
1445
 		fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
1301
1446
 
1302
-	fl6.flowi6_mark = sk->sk_mark;
1303
1447
 	fl6.flowi6_uid = sk->sk_uid;
1304
1448
 
1305
1449
 	if (msg->msg_controllen) {
..
..
@@ -1318,7 +1462,7 @@
1318
1462
 		}
1319
1463
 		if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) {
1320
1464
 			flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
1321
-			if (!flowlabel)
1465
+			if (IS_ERR(flowlabel))
1322
1466
 				return -EINVAL;
1323
1467
 		}
1324
1468
 		if (!(opt->opt_nflen|opt->opt_flen))
..
..
@@ -1335,6 +1479,7 @@
1335
1479
 	ipc6.opt = opt;
1336
1480
 
1337
1481
 	fl6.flowi6_proto = sk->sk_protocol;
1482
+	fl6.flowi6_mark = ipc6.sockc.mark;
1338
1483
 	fl6.daddr = *daddr;
1339
1484
 	if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr))
1340
1485
 		fl6.saddr = np->saddr;
..
..
@@ -1376,7 +1521,7 @@
1376
1521
 	} else if (!fl6.flowi6_oif)
1377
1522
 		fl6.flowi6_oif = np->ucast_oif;
1378
1523
 
1379
-	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
1524
+	security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
1380
1525
 
1381
1526
 	if (ipc6.tclass < 0)
1382
1527
 		ipc6.tclass = np->tclass;
..
..
@@ -1482,38 +1627,32 @@
1482
1627
 	udp_v6_flush_pending_frames(sk);
1483
1628
 	release_sock(sk);
1484
1629
 
1485
-	if (static_branch_unlikely(&udpv6_encap_needed_key) && up->encap_type) {
1486
-		void (*encap_destroy)(struct sock *sk);
1487
-		encap_destroy = READ_ONCE(up->encap_destroy);
1488
-		if (encap_destroy)
1489
-			encap_destroy(sk);
1630
+	if (static_branch_unlikely(&udpv6_encap_needed_key)) {
1631
+		if (up->encap_type) {
1632
+			void (*encap_destroy)(struct sock *sk);
1633
+			encap_destroy = READ_ONCE(up->encap_destroy);
1634
+			if (encap_destroy)
1635
+				encap_destroy(sk);
1636
+		}
1637
+		if (up->encap_enabled) {
1638
+			static_branch_dec(&udpv6_encap_needed_key);
1639
+			udp_encap_disable();
1640
+		}
1490
1641
 	}
1491
-
1492
-	inet6_destroy_sock(sk);
1493
1642
 }
1494
1643
 
1495
1644
 /*
1496
1645
  *	Socket option code for UDP
1497
1646
  */
1498
-int udpv6_setsockopt(struct sock *sk, int level, int optname,
1499
-		     char __user *optval, unsigned int optlen)
1647
+int udpv6_setsockopt(struct sock *sk, int level, int optname, sockptr_t optval,
1648
+		     unsigned int optlen)
1500
1649
 {
1501
1650
 	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1502
-		return udp_lib_setsockopt(sk, level, optname, optval, optlen,
1651
+		return udp_lib_setsockopt(sk, level, optname,
1652
+					  optval, optlen,
1503
1653
 					  udp_v6_push_pending_frames);
1504
1654
 	return ipv6_setsockopt(sk, level, optname, optval, optlen);
1505
1655
 }
1506
-
1507
-#ifdef CONFIG_COMPAT
1508
-int compat_udpv6_setsockopt(struct sock *sk, int level, int optname,
1509
-			    char __user *optval, unsigned int optlen)
1510
-{
1511
-	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1512
-		return udp_lib_setsockopt(sk, level, optname, optval, optlen,
1513
-					  udp_v6_push_pending_frames);
1514
-	return compat_ipv6_setsockopt(sk, level, optname, optval, optlen);
1515
-}
1516
-#endif
1517
1656
 
1518
1657
 int udpv6_getsockopt(struct sock *sk, int level, int optname,
1519
1658
 		     char __user *optval, int __user *optlen)
..
..
@@ -1523,22 +1662,7 @@
1523
1662
 	return ipv6_getsockopt(sk, level, optname, optval, optlen);
1524
1663
 }
1525
1664
 
1526
-#ifdef CONFIG_COMPAT
1527
-int compat_udpv6_getsockopt(struct sock *sk, int level, int optname,
1528
-			    char __user *optval, int __user *optlen)
1529
-{
1530
-	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1531
-		return udp_lib_getsockopt(sk, level, optname, optval, optlen);
1532
-	return compat_ipv6_getsockopt(sk, level, optname, optval, optlen);
1533
-}
1534
-#endif
1535
-
1536
-/* thinking of making this const? Don't.
1537
- * early_demux can change based on sysctl.
1538
- */
1539
-static struct inet6_protocol udpv6_protocol = {
1540
-	.early_demux	=	udp_v6_early_demux,
1541
-	.early_demux_handler =  udp_v6_early_demux,
1665
+static const struct inet6_protocol udpv6_protocol = {
1542
1666
 	.handler	=	udpv6_rcv,
1543
1667
 	.err_handler	=	udpv6_err,
1544
1668
 	.flags		=	INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
..
..
@@ -1598,7 +1722,7 @@
1598
1722
 	.connect		= ip6_datagram_connect,
1599
1723
 	.disconnect		= udp_disconnect,
1600
1724
 	.ioctl			= udp_ioctl,
1601
-	.init			= udp_init_sock,
1725
+	.init			= udpv6_init_sock,
1602
1726
 	.destroy		= udpv6_destroy_sock,
1603
1727
 	.setsockopt		= udpv6_setsockopt,
1604
1728
 	.getsockopt		= udpv6_getsockopt,
..
..
@@ -1615,10 +1739,6 @@
1615
1739
 	.sysctl_rmem_offset     = offsetof(struct net, ipv4.sysctl_udp_rmem_min),
1616
1740
 	.obj_size		= sizeof(struct udp6_sock),
1617
1741
 	.h.udp_table		= &udp_table,
1618
-#ifdef CONFIG_COMPAT
1619
-	.compat_setsockopt	= compat_udpv6_setsockopt,
1620
-	.compat_getsockopt	= compat_udpv6_getsockopt,
1621
-#endif
1622
1742
 	.diag_destroy		= udp_abort,
1623
1743
 };
1624
1744