kernel_5.10 no rt

hc

2023-12-11 6778948f9de86c3cfaf36725a7c87dcff9ba247f

 kernel/net/ipv6/addrconf.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /*
2
3
  *	IPv6 Address [auto]configuration
3
4
  *	Linux INET6 implementation
..
..
@@ -5,11 +6,6 @@
5
6
  *	Authors:
6
7
  *	Pedro Roque		<roque@di.fc.ul.pt>
7
8
  *	Alexey Kuznetsov	<kuznet@ms2.inr.ac.ru>
8
- *
9
- *	This program is free software; you can redistribute it and/or
10
- *      modify it under the terms of the GNU General Public License
11
- *      as published by the Free Software Foundation; either version
12
- *      2 of the License, or (at your option) any later version.
13
9
  */
14
10
 
15
11
 /*
..
..
@@ -94,6 +90,8 @@
94
90
 #include <linux/seq_file.h>
95
91
 #include <linux/export.h>
96
92
 
93
+#include <trace/hooks/ipv6.h>
94
+
97
95
 #define	INFINITY_LIFE_TIME	0xFFFFFFFF
98
96
 
99
97
 #define IPV6_MAX_STRLEN \
..
..
@@ -139,8 +137,7 @@
139
137
 }
140
138
 #endif
141
139
 
142
-static void ipv6_regen_rndid(struct inet6_dev *idev);
143
-static void ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr);
140
+static void ipv6_gen_rnd_iid(struct in6_addr *addr);
144
141
 
145
142
 static int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
146
143
 static int ipv6_count_addresses(const struct inet6_dev *idev);
..
..
@@ -168,12 +165,13 @@
168
165
 
169
166
 static void addrconf_type_change(struct net_device *dev,
170
167
 				 unsigned long event);
171
-static int addrconf_ifdown(struct net_device *dev, int how);
168
+static int addrconf_ifdown(struct net_device *dev, bool unregister);
172
169
 
173
170
 static struct fib6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
174
171
 						  int plen,
175
172
 						  const struct net_device *dev,
176
-						  u32 flags, u32 noflags);
173
+						  u32 flags, u32 noflags,
174
+						  bool no_gw);
177
175
 
178
176
 static void addrconf_dad_start(struct inet6_ifaddr *ifp);
179
177
 static void addrconf_dad_work(struct work_struct *w);
..
..
@@ -240,6 +238,7 @@
240
238
 	.enhanced_dad           = 1,
241
239
 	.addr_gen_mode		= IN6_ADDR_GEN_MODE_EUI64,
242
240
 	.disable_policy		= 0,
241
+	.rpl_seg_enabled	= 0,
243
242
 };
244
243
 
245
244
 static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
..
..
@@ -295,6 +294,7 @@
295
294
 	.enhanced_dad           = 1,
296
295
 	.addr_gen_mode		= IN6_ADDR_GEN_MODE_EUI64,
297
296
 	.disable_policy		= 0,
297
+	.rpl_seg_enabled	= 0,
298
298
 };
299
299
 
300
300
 /* Check if link is ready: is it up and is a valid qdisc available */
..
..
@@ -435,8 +435,7 @@
435
435
 	    dev->type == ARPHRD_SIT ||
436
436
 	    dev->type == ARPHRD_NONE) {
437
437
 		ndev->cnf.use_tempaddr = -1;
438
-	} else
439
-		ipv6_regen_rndid(ndev);
438
+	}
440
439
 
441
440
 	ndev->token = in6addr_any;
442
441
 
..
..
@@ -483,7 +482,7 @@
483
482
 	if (!idev) {
484
483
 		idev = ipv6_add_dev(dev);
485
484
 		if (IS_ERR(idev))
486
-			return NULL;
485
+			return idev;
487
486
 	}
488
487
 
489
488
 	if (dev->flags&IFF_UP)
..
..
@@ -547,7 +546,7 @@
547
546
 #ifdef CONFIG_IPV6_MROUTE
548
547
 	if ((all || type == NETCONFA_MC_FORWARDING) &&
549
548
 	    nla_put_s32(skb, NETCONFA_MC_FORWARDING,
550
-			devconf->mc_forwarding) < 0)
549
+			atomic_read(&devconf->mc_forwarding)) < 0)
551
550
 		goto nla_put_failure;
552
551
 #endif
553
552
 	if ((all || type == NETCONFA_PROXY_NEIGH) &&
..
..
@@ -599,6 +598,45 @@
599
598
 	[NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN]	= { .len = sizeof(int) },
600
599
 };
601
600
 
601
+static int inet6_netconf_valid_get_req(struct sk_buff *skb,
602
+				       const struct nlmsghdr *nlh,
603
+				       struct nlattr **tb,
604
+				       struct netlink_ext_ack *extack)
605
+{
606
+	int i, err;
607
+
608
+	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
609
+		NL_SET_ERR_MSG_MOD(extack, "Invalid header for netconf get request");
610
+		return -EINVAL;
611
+	}
612
+
613
+	if (!netlink_strict_get_check(skb))
614
+		return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
615
+					      tb, NETCONFA_MAX,
616
+					      devconf_ipv6_policy, extack);
617
+
618
+	err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
619
+					    tb, NETCONFA_MAX,
620
+					    devconf_ipv6_policy, extack);
621
+	if (err)
622
+		return err;
623
+
624
+	for (i = 0; i <= NETCONFA_MAX; i++) {
625
+		if (!tb[i])
626
+			continue;
627
+
628
+		switch (i) {
629
+		case NETCONFA_IFINDEX:
630
+			break;
631
+		default:
632
+			NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in netconf get request");
633
+			return -EINVAL;
634
+		}
635
+	}
636
+
637
+	return 0;
638
+}
639
+
602
640
 static int inet6_netconf_get_devconf(struct sk_buff *in_skb,
603
641
 				     struct nlmsghdr *nlh,
604
642
 				     struct netlink_ext_ack *extack)
..
..
@@ -607,14 +645,12 @@
607
645
 	struct nlattr *tb[NETCONFA_MAX+1];
608
646
 	struct inet6_dev *in6_dev = NULL;
609
647
 	struct net_device *dev = NULL;
610
-	struct netconfmsg *ncm;
611
648
 	struct sk_buff *skb;
612
649
 	struct ipv6_devconf *devconf;
613
650
 	int ifindex;
614
651
 	int err;
615
652
 
616
-	err = nlmsg_parse(nlh, sizeof(*ncm), tb, NETCONFA_MAX,
617
-			  devconf_ipv6_policy, extack);
653
+	err = inet6_netconf_valid_get_req(in_skb, nlh, tb, extack);
618
654
 	if (err < 0)
619
655
 		return err;
620
656
 
..
..
@@ -668,12 +704,28 @@
668
704
 static int inet6_netconf_dump_devconf(struct sk_buff *skb,
669
705
 				      struct netlink_callback *cb)
670
706
 {
707
+	const struct nlmsghdr *nlh = cb->nlh;
671
708
 	struct net *net = sock_net(skb->sk);
672
709
 	int h, s_h;
673
710
 	int idx, s_idx;
674
711
 	struct net_device *dev;
675
712
 	struct inet6_dev *idev;
676
713
 	struct hlist_head *head;
714
+
715
+	if (cb->strict_check) {
716
+		struct netlink_ext_ack *extack = cb->extack;
717
+		struct netconfmsg *ncm;
718
+
719
+		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
720
+			NL_SET_ERR_MSG_MOD(extack, "Invalid header for netconf dump request");
721
+			return -EINVAL;
722
+		}
723
+
724
+		if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
725
+			NL_SET_ERR_MSG_MOD(extack, "Invalid data after header in netconf dump request");
726
+			return -EINVAL;
727
+		}
728
+	}
677
729
 
678
730
 	s_h = cb->args[0];
679
731
 	s_idx = idx = cb->args[1];
..
..
@@ -694,7 +746,7 @@
694
746
 			if (inet6_netconf_fill_devconf(skb, dev->ifindex,
695
747
 						       &idev->cnf,
696
748
 						       NETLINK_CB(cb->skb).portid,
697
-						       cb->nlh->nlmsg_seq,
749
+						       nlh->nlmsg_seq,
698
750
 						       RTM_NEWNETCONF,
699
751
 						       NLM_F_MULTI,
700
752
 						       NETCONFA_ALL) < 0) {
..
..
@@ -711,7 +763,7 @@
711
763
 		if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
712
764
 					       net->ipv6.devconf_all,
713
765
 					       NETLINK_CB(cb->skb).portid,
714
-					       cb->nlh->nlmsg_seq,
766
+					       nlh->nlmsg_seq,
715
767
 					       RTM_NEWNETCONF, NLM_F_MULTI,
716
768
 					       NETCONFA_ALL) < 0)
717
769
 			goto done;
..
..
@@ -722,7 +774,7 @@
722
774
 		if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
723
775
 					       net->ipv6.devconf_dflt,
724
776
 					       NETLINK_CB(cb->skb).portid,
725
-					       cb->nlh->nlmsg_seq,
777
+					       nlh->nlmsg_seq,
726
778
 					       RTM_NEWNETCONF, NLM_F_MULTI,
727
779
 					       NETCONFA_ALL) < 0)
728
780
 			goto done;
..
..
@@ -741,6 +793,7 @@
741
793
 {
742
794
 	struct net_device *dev;
743
795
 	struct inet6_ifaddr *ifa;
796
+	LIST_HEAD(tmp_addr_list);
744
797
 
745
798
 	if (!idev)
746
799
 		return;
..
..
@@ -759,14 +812,24 @@
759
812
 		}
760
813
 	}
761
814
 
815
+	read_lock_bh(&idev->lock);
762
816
 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
763
817
 		if (ifa->flags&IFA_F_TENTATIVE)
764
818
 			continue;
819
+		list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
820
+	}
821
+	read_unlock_bh(&idev->lock);
822
+
823
+	while (!list_empty(&tmp_addr_list)) {
824
+		ifa = list_first_entry(&tmp_addr_list,
825
+				       struct inet6_ifaddr, if_list_aux);
826
+		list_del(&ifa->if_list_aux);
765
827
 		if (idev->cnf.forwarding)
766
828
 			addrconf_join_anycast(ifa);
767
829
 		else
768
830
 			addrconf_leave_anycast(ifa);
769
831
 	}
832
+
770
833
 	inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
771
834
 				     NETCONFA_FORWARDING,
772
835
 				     dev->ifindex, &idev->cnf);
..
..
@@ -1000,6 +1063,7 @@
1000
1063
 	    (addr_type & IPV6_ADDR_MULTICAST &&
1001
1064
 	     !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) ||
1002
1065
 	    (!(idev->dev->flags & IFF_LOOPBACK) &&
1066
+	     !netif_is_l3_master(idev->dev) &&
1003
1067
 	     addr_type & IPV6_ADDR_LOOPBACK))
1004
1068
 		return ERR_PTR(-EADDRNOTAVAIL);
1005
1069
 
..
..
@@ -1041,10 +1105,6 @@
1041
1105
 		f6i = NULL;
1042
1106
 		goto out;
1043
1107
 	}
1044
-
1045
-	if (net->ipv6.devconf_all->disable_policy ||
1046
-	    idev->cnf.disable_policy)
1047
-		f6i->dst_nopolicy = true;
1048
1108
 
1049
1109
 	neigh_parms_data_state_setall(idev->nd_parms);
1050
1110
 
..
..
@@ -1183,12 +1243,11 @@
1183
1243
 	struct fib6_info *f6i;
1184
1244
 
1185
1245
 	f6i = addrconf_get_prefix_route(del_peer ? &ifp->peer_addr : &ifp->addr,
1186
-				       ifp->prefix_len,
1187
-				       ifp->idev->dev,
1188
-				       0, RTF_GATEWAY | RTF_DEFAULT);
1246
+					ifp->prefix_len,
1247
+					ifp->idev->dev, 0, RTF_DEFAULT, true);
1189
1248
 	if (f6i) {
1190
1249
 		if (del_rt)
1191
-			ip6_del_rt(dev_net(ifp->idev->dev), f6i);
1250
+			ip6_del_rt(dev_net(ifp->idev->dev), f6i, false);
1192
1251
 		else {
1193
1252
 			if (!(f6i->fib6_flags & RTF_EXPIRES))
1194
1253
 				fib6_set_expires(f6i, expires);
..
..
@@ -1256,29 +1315,21 @@
1256
1315
 	in6_ifa_put(ifp);
1257
1316
 }
1258
1317
 
1259
-static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp,
1260
-				struct inet6_ifaddr *ift,
1261
-				bool block)
1318
+static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block)
1262
1319
 {
1263
1320
 	struct inet6_dev *idev = ifp->idev;
1264
-	struct in6_addr addr, *tmpaddr;
1265
1321
 	unsigned long tmp_tstamp, age;
1266
1322
 	unsigned long regen_advance;
1267
-	struct ifa6_config cfg;
1268
-	int ret = 0;
1269
1323
 	unsigned long now = jiffies;
1270
-	long max_desync_factor;
1271
1324
 	s32 cnf_temp_preferred_lft;
1325
+	struct inet6_ifaddr *ift;
1326
+	struct ifa6_config cfg;
1327
+	long max_desync_factor;
1328
+	struct in6_addr addr;
1329
+	int ret = 0;
1272
1330
 
1273
1331
 	write_lock_bh(&idev->lock);
1274
-	if (ift) {
1275
-		spin_lock_bh(&ift->lock);
1276
-		memcpy(&addr.s6_addr[8], &ift->addr.s6_addr[8], 8);
1277
-		spin_unlock_bh(&ift->lock);
1278
-		tmpaddr = &addr;
1279
-	} else {
1280
-		tmpaddr = NULL;
1281
-	}
1332
+
1282
1333
 retry:
1283
1334
 	in6_dev_hold(idev);
1284
1335
 	if (idev->cnf.use_tempaddr <= 0) {
..
..
@@ -1301,13 +1352,13 @@
1301
1352
 	}
1302
1353
 	in6_ifa_hold(ifp);
1303
1354
 	memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
1304
-	ipv6_try_regen_rndid(idev, tmpaddr);
1305
-	memcpy(&addr.s6_addr[8], idev->rndid, 8);
1355
+	ipv6_gen_rnd_iid(&addr);
1356
+
1306
1357
 	age = (now - ifp->tstamp) / HZ;
1307
1358
 
1308
1359
 	regen_advance = idev->cnf.regen_max_retry *
1309
1360
 			idev->cnf.dad_transmits *
1310
-			NEIGH_VAR(idev->nd_parms, RETRANS_TIME) / HZ;
1361
+			max(NEIGH_VAR(idev->nd_parms, RETRANS_TIME), HZ/100) / HZ;
1311
1362
 
1312
1363
 	/* recalculate max_desync_factor each time and update
1313
1364
 	 * idev->desync_factor if it's larger
..
..
@@ -1367,7 +1418,6 @@
1367
1418
 		in6_ifa_put(ifp);
1368
1419
 		in6_dev_put(idev);
1369
1420
 		pr_info("%s: retry temporary address regeneration\n", __func__);
1370
-		tmpaddr = &addr;
1371
1421
 		write_lock_bh(&idev->lock);
1372
1422
 		goto retry;
1373
1423
 	}
..
..
@@ -1854,12 +1904,13 @@
1854
1904
  *   2. does the address exist on the specific device
1855
1905
  *      (skip_dev_check = false)
1856
1906
  */
1857
-int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
1858
-			    const struct net_device *dev, bool skip_dev_check,
1859
-			    int strict, u32 banned_flags)
1907
+static struct net_device *
1908
+__ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
1909
+			  const struct net_device *dev, bool skip_dev_check,
1910
+			  int strict, u32 banned_flags)
1860
1911
 {
1861
1912
 	unsigned int hash = inet6_addr_hash(net, addr);
1862
-	const struct net_device *l3mdev;
1913
+	struct net_device *l3mdev, *ndev;
1863
1914
 	struct inet6_ifaddr *ifp;
1864
1915
 	u32 ifp_flags;
1865
1916
 
..
..
@@ -1870,10 +1921,11 @@
1870
1921
 		dev = NULL;
1871
1922
 
1872
1923
 	hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
1873
-		if (!net_eq(dev_net(ifp->idev->dev), net))
1924
+		ndev = ifp->idev->dev;
1925
+		if (!net_eq(dev_net(ndev), net))
1874
1926
 			continue;
1875
1927
 
1876
-		if (l3mdev_master_dev_rcu(ifp->idev->dev) != l3mdev)
1928
+		if (l3mdev_master_dev_rcu(ndev) != l3mdev)
1877
1929
 			continue;
1878
1930
 
1879
1931
 		/* Decouple optimistic from tentative for evaluation here.
..
..
@@ -1884,15 +1936,23 @@
1884
1936
 			    : ifp->flags;
1885
1937
 		if (ipv6_addr_equal(&ifp->addr, addr) &&
1886
1938
 		    !(ifp_flags&banned_flags) &&
1887
-		    (!dev || ifp->idev->dev == dev ||
1939
+		    (!dev || ndev == dev ||
1888
1940
 		     !(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) {
1889
1941
 			rcu_read_unlock();
1890
-			return 1;
1942
+			return ndev;
1891
1943
 		}
1892
1944
 	}
1893
1945
 
1894
1946
 	rcu_read_unlock();
1895
-	return 0;
1947
+	return NULL;
1948
+}
1949
+
1950
+int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
1951
+			    const struct net_device *dev, bool skip_dev_check,
1952
+			    int strict, u32 banned_flags)
1953
+{
1954
+	return __ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check,
1955
+					 strict, banned_flags) ? 1 : 0;
1896
1956
 }
1897
1957
 EXPORT_SYMBOL(ipv6_chk_addr_and_flags);
1898
1958
 
..
..
@@ -1944,6 +2004,21 @@
1944
2004
 }
1945
2005
 EXPORT_SYMBOL(ipv6_chk_prefix);
1946
2006
 
2007
+/**
2008
+ * ipv6_dev_find - find the first device with a given source address.
2009
+ * @net: the net namespace
2010
+ * @addr: the source address
2011
+ *
2012
+ * The caller should be protected by RCU, or RTNL.
2013
+ */
2014
+struct net_device *ipv6_dev_find(struct net *net, const struct in6_addr *addr,
2015
+				 struct net_device *dev)
2016
+{
2017
+	return __ipv6_chk_addr_and_flags(net, addr, dev, !dev, 1,
2018
+					 IFA_F_TENTATIVE);
2019
+}
2020
+EXPORT_SYMBOL(ipv6_dev_find);
2021
+
1947
2022
 struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, const struct in6_addr *addr,
1948
2023
 				     struct net_device *dev, int strict)
1949
2024
 {
..
..
@@ -1982,7 +2057,7 @@
1982
2057
 		if (ifpub) {
1983
2058
 			in6_ifa_hold(ifpub);
1984
2059
 			spin_unlock_bh(&ifp->lock);
1985
-			ipv6_create_tempaddr(ifpub, ifp, true);
2060
+			ipv6_create_tempaddr(ifpub, true);
1986
2061
 			in6_ifa_put(ifpub);
1987
2062
 		} else {
1988
2063
 			spin_unlock_bh(&ifp->lock);
..
..
@@ -2279,40 +2354,38 @@
2279
2354
 	return err;
2280
2355
 }
2281
2356
 
2282
-/* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
2283
-static void ipv6_regen_rndid(struct inet6_dev *idev)
2357
+/* Generation of a randomized Interface Identifier
2358
+ * draft-ietf-6man-rfc4941bis, Section 3.3.1
2359
+ */
2360
+
2361
+static void ipv6_gen_rnd_iid(struct in6_addr *addr)
2284
2362
 {
2285
2363
 regen:
2286
-	get_random_bytes(idev->rndid, sizeof(idev->rndid));
2287
-	idev->rndid[0] &= ~0x02;
2364
+	get_random_bytes(&addr->s6_addr[8], 8);
2288
2365
 
2289
-	/*
2290
-	 * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>:
2291
-	 * check if generated address is not inappropriate
2366
+	/* <draft-ietf-6man-rfc4941bis-08.txt>, Section 3.3.1:
2367
+	 * check if generated address is not inappropriate:
2292
2368
 	 *
2293
-	 *  - Reserved subnet anycast (RFC 2526)
2294
-	 *	11111101 11....11 1xxxxxxx
2295
-	 *  - ISATAP (RFC4214) 6.1
2296
-	 *	00-00-5E-FE-xx-xx-xx-xx
2297
-	 *  - value 0
2298
-	 *  - XXX: already assigned to an address on the device
2369
+	 * - Reserved IPv6 Interface Identifers
2370
+	 * - XXX: already assigned to an address on the device
2299
2371
 	 */
2300
-	if (idev->rndid[0] == 0xfd &&
2301
-	    (idev->rndid[1]&idev->rndid[2]&idev->rndid[3]&idev->rndid[4]&idev->rndid[5]&idev->rndid[6]) == 0xff &&
2302
-	    (idev->rndid[7]&0x80))
2303
-		goto regen;
2304
-	if ((idev->rndid[0]|idev->rndid[1]) == 0) {
2305
-		if (idev->rndid[2] == 0x5e && idev->rndid[3] == 0xfe)
2306
-			goto regen;
2307
-		if ((idev->rndid[2]|idev->rndid[3]|idev->rndid[4]|idev->rndid[5]|idev->rndid[6]|idev->rndid[7]) == 0x00)
2308
-			goto regen;
2309
-	}
2310
-}
2311
2372
 
2312
-static void  ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr)
2313
-{
2314
-	if (tmpaddr && memcmp(idev->rndid, &tmpaddr->s6_addr[8], 8) == 0)
2315
-		ipv6_regen_rndid(idev);
2373
+	/* Subnet-router anycast: 0000:0000:0000:0000 */
2374
+	if (!(addr->s6_addr32[2] | addr->s6_addr32[3]))
2375
+		goto regen;
2376
+
2377
+	/* IANA Ethernet block: 0200:5EFF:FE00:0000-0200:5EFF:FE00:5212
2378
+	 * Proxy Mobile IPv6:   0200:5EFF:FE00:5213
2379
+	 * IANA Ethernet block: 0200:5EFF:FE00:5214-0200:5EFF:FEFF:FFFF
2380
+	 */
2381
+	if (ntohl(addr->s6_addr32[2]) == 0x02005eff &&
2382
+	    (ntohl(addr->s6_addr32[3]) & 0Xff000000) == 0xfe000000)
2383
+		goto regen;
2384
+
2385
+	/* Reserved subnet anycast addresses */
2386
+	if (ntohl(addr->s6_addr32[2]) == 0xfdffffff &&
2387
+	    ntohl(addr->s6_addr32[3]) >= 0Xffffff80)
2388
+		goto regen;
2316
2389
 }
2317
2390
 
2318
2391
 u32 addrconf_rt_table(const struct net_device *dev, u32 default_table)
..
..
@@ -2374,7 +2447,8 @@
2374
2447
 static struct fib6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
2375
2448
 						  int plen,
2376
2449
 						  const struct net_device *dev,
2377
-						  u32 flags, u32 noflags)
2450
+						  u32 flags, u32 noflags,
2451
+						  bool no_gw)
2378
2452
 {
2379
2453
 	struct fib6_node *fn;
2380
2454
 	struct fib6_info *rt = NULL;
..
..
@@ -2391,7 +2465,13 @@
2391
2465
 		goto out;
2392
2466
 
2393
2467
 	for_each_fib6_node_rt_rcu(fn) {
2394
-		if (rt->fib6_nh.nh_dev->ifindex != dev->ifindex)
2468
+		/* prefix routes only use builtin fib6_nh */
2469
+		if (rt->nh)
2470
+			continue;
2471
+
2472
+		if (rt->fib6_nh->fib_nh_dev->ifindex != dev->ifindex)
2473
+			continue;
2474
+		if (no_gw && rt->fib6_nh->fib_nh_gw_family)
2395
2475
 			continue;
2396
2476
 		if ((rt->fib6_flags & flags) != flags)
2397
2477
 			continue;
..
..
@@ -2434,8 +2514,8 @@
2434
2514
 	ASSERT_RTNL();
2435
2515
 
2436
2516
 	idev = ipv6_find_idev(dev);
2437
-	if (!idev)
2438
-		return ERR_PTR(-ENOBUFS);
2517
+	if (IS_ERR(idev))
2518
+		return idev;
2439
2519
 
2440
2520
 	if (idev->cnf.disable_ipv6)
2441
2521
 		return ERR_PTR(-EACCES);
..
..
@@ -2508,7 +2588,7 @@
2508
2588
 		 * no temporary address currently exists.
2509
2589
 		 */
2510
2590
 		read_unlock_bh(&idev->lock);
2511
-		ipv6_create_tempaddr(ifp, NULL, false);
2591
+		ipv6_create_tempaddr(ifp, false);
2512
2592
 	} else {
2513
2593
 		read_unlock_bh(&idev->lock);
2514
2594
 	}
..
..
@@ -2690,12 +2770,12 @@
2690
2770
 					       pinfo->prefix_len,
2691
2771
 					       dev,
2692
2772
 					       RTF_ADDRCONF | RTF_PREFIX_RT,
2693
-					       RTF_GATEWAY | RTF_DEFAULT);
2773
+					       RTF_DEFAULT, true);
2694
2774
 
2695
2775
 		if (rt) {
2696
2776
 			/* Autoconf prefix route */
2697
2777
 			if (valid_lft == 0) {
2698
-				ip6_del_rt(net, rt);
2778
+				ip6_del_rt(net, rt, false);
2699
2779
 				rt = NULL;
2700
2780
 			} else if (addrconf_finite_timeout(rt_expires)) {
2701
2781
 				/* not infinity */
..
..
@@ -2773,6 +2853,33 @@
2773
2853
 	in6_dev_put(in6_dev);
2774
2854
 }
2775
2855
 
2856
+static int addrconf_set_sit_dstaddr(struct net *net, struct net_device *dev,
2857
+		struct in6_ifreq *ireq)
2858
+{
2859
+	struct ip_tunnel_parm p = { };
2860
+	int err;
2861
+
2862
+	if (!(ipv6_addr_type(&ireq->ifr6_addr) & IPV6_ADDR_COMPATv4))
2863
+		return -EADDRNOTAVAIL;
2864
+
2865
+	p.iph.daddr = ireq->ifr6_addr.s6_addr32[3];
2866
+	p.iph.version = 4;
2867
+	p.iph.ihl = 5;
2868
+	p.iph.protocol = IPPROTO_IPV6;
2869
+	p.iph.ttl = 64;
2870
+
2871
+	if (!dev->netdev_ops->ndo_tunnel_ctl)
2872
+		return -EOPNOTSUPP;
2873
+	err = dev->netdev_ops->ndo_tunnel_ctl(dev, &p, SIOCADDTUNNEL);
2874
+	if (err)
2875
+		return err;
2876
+
2877
+	dev = __dev_get_by_name(net, p.name);
2878
+	if (!dev)
2879
+		return -ENOBUFS;
2880
+	return dev_open(dev, NULL);
2881
+}
2882
+
2776
2883
 /*
2777
2884
  *	Set destination address.
2778
2885
  *	Special case for SIT interfaces where we create a new "virtual"
..
..
@@ -2780,61 +2887,19 @@
2780
2887
  */
2781
2888
 int addrconf_set_dstaddr(struct net *net, void __user *arg)
2782
2889
 {
2783
-	struct in6_ifreq ireq;
2784
2890
 	struct net_device *dev;
2785
-	int err = -EINVAL;
2891
+	struct in6_ifreq ireq;
2892
+	int err = -ENODEV;
2893
+
2894
+	if (!IS_ENABLED(CONFIG_IPV6_SIT))
2895
+		return -ENODEV;
2896
+	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
2897
+		return -EFAULT;
2786
2898
 
2787
2899
 	rtnl_lock();
2788
-
2789
-	err = -EFAULT;
2790
-	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
2791
-		goto err_exit;
2792
-
2793
2900
 	dev = __dev_get_by_index(net, ireq.ifr6_ifindex);
2794
-
2795
-	err = -ENODEV;
2796
-	if (!dev)
2797
-		goto err_exit;
2798
-
2799
-#if IS_ENABLED(CONFIG_IPV6_SIT)
2800
-	if (dev->type == ARPHRD_SIT) {
2801
-		const struct net_device_ops *ops = dev->netdev_ops;
2802
-		struct ifreq ifr;
2803
-		struct ip_tunnel_parm p;
2804
-
2805
-		err = -EADDRNOTAVAIL;
2806
-		if (!(ipv6_addr_type(&ireq.ifr6_addr) & IPV6_ADDR_COMPATv4))
2807
-			goto err_exit;
2808
-
2809
-		memset(&p, 0, sizeof(p));
2810
-		p.iph.daddr = ireq.ifr6_addr.s6_addr32[3];
2811
-		p.iph.saddr = 0;
2812
-		p.iph.version = 4;
2813
-		p.iph.ihl = 5;
2814
-		p.iph.protocol = IPPROTO_IPV6;
2815
-		p.iph.ttl = 64;
2816
-		ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
2817
-
2818
-		if (ops->ndo_do_ioctl) {
2819
-			mm_segment_t oldfs = get_fs();
2820
-
2821
-			set_fs(KERNEL_DS);
2822
-			err = ops->ndo_do_ioctl(dev, &ifr, SIOCADDTUNNEL);
2823
-			set_fs(oldfs);
2824
-		} else
2825
-			err = -EOPNOTSUPP;
2826
-
2827
-		if (err == 0) {
2828
-			err = -ENOBUFS;
2829
-			dev = __dev_get_by_name(net, p.name);
2830
-			if (!dev)
2831
-				goto err_exit;
2832
-			err = dev_open(dev);
2833
-		}
2834
-	}
2835
-#endif
2836
-
2837
-err_exit:
2901
+	if (dev && dev->type == ARPHRD_SIT)
2902
+		err = addrconf_set_sit_dstaddr(net, dev, &ireq);
2838
2903
 	rtnl_unlock();
2839
2904
 	return err;
2840
2905
 }
..
..
@@ -3099,11 +3164,9 @@
3099
3164
 		struct in_device *in_dev = __in_dev_get_rtnl(dev);
3100
3165
 		if (in_dev && (dev->flags & IFF_UP)) {
3101
3166
 			struct in_ifaddr *ifa;
3102
-
3103
3167
 			int flag = scope;
3104
3168
 
3105
-			for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
3106
-
3169
+			in_dev_for_each_ifa_rtnl(ifa, in_dev) {
3107
3170
 				addr.s6_addr32[3] = ifa->ifa_local;
3108
3171
 
3109
3172
 				if (ifa->ifa_scope == RT_SCOPE_LINK)
..
..
@@ -3132,7 +3195,7 @@
3132
3195
 	ASSERT_RTNL();
3133
3196
 
3134
3197
 	idev = ipv6_find_idev(dev);
3135
-	if (!idev) {
3198
+	if (IS_ERR(idev)) {
3136
3199
 		pr_debug("%s: add_dev failed\n", __func__);
3137
3200
 		return;
3138
3201
 	}
..
..
@@ -3191,11 +3254,11 @@
3191
3254
 					const struct inet6_dev *idev)
3192
3255
 {
3193
3256
 	static DEFINE_SPINLOCK(lock);
3194
-	static __u32 digest[SHA_DIGEST_WORDS];
3195
-	static __u32 workspace[SHA_WORKSPACE_WORDS];
3257
+	static __u32 digest[SHA1_DIGEST_WORDS];
3258
+	static __u32 workspace[SHA1_WORKSPACE_WORDS];
3196
3259
 
3197
3260
 	static union {
3198
-		char __data[SHA_MESSAGE_BYTES];
3261
+		char __data[SHA1_BLOCK_SIZE];
3199
3262
 		struct {
3200
3263
 			struct in6_addr secret;
3201
3264
 			__be32 prefix[2];
..
..
@@ -3220,7 +3283,7 @@
3220
3283
 retry:
3221
3284
 	spin_lock_bh(&lock);
3222
3285
 
3223
-	sha_init(digest);
3286
+	sha1_init(digest);
3224
3287
 	memset(&data, 0, sizeof(data));
3225
3288
 	memset(workspace, 0, sizeof(workspace));
3226
3289
 	memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len);
..
..
@@ -3229,7 +3292,7 @@
3229
3292
 	data.secret = secret;
3230
3293
 	data.dad_count = dad_count;
3231
3294
 
3232
-	sha_transform(digest, data.__data, workspace);
3295
+	sha1_transform(digest, data.__data, workspace);
3233
3296
 
3234
3297
 	temp = *address;
3235
3298
 	temp.s6_addr32[2] = (__force __be32)digest[0];
..
..
@@ -3276,7 +3339,7 @@
3276
3339
 	switch (idev->cnf.addr_gen_mode) {
3277
3340
 	case IN6_ADDR_GEN_MODE_RANDOM:
3278
3341
 		ipv6_gen_mode_random_init(idev);
3279
-		/* fallthrough */
3342
+		fallthrough;
3280
3343
 	case IN6_ADDR_GEN_MODE_STABLE_PRIVACY:
3281
3344
 		if (!ipv6_generate_stable_address(&addr, 0, idev))
3282
3345
 			addrconf_add_linklocal(idev, &addr,
..
..
@@ -3306,6 +3369,7 @@
3306
3369
 static void addrconf_dev_config(struct net_device *dev)
3307
3370
 {
3308
3371
 	struct inet6_dev *idev;
3372
+	bool ret = false;
3309
3373
 
3310
3374
 	ASSERT_RTNL();
3311
3375
 
..
..
@@ -3333,6 +3397,10 @@
3333
3397
 	if (IS_ERR(idev))
3334
3398
 		return;
3335
3399
 
3400
+	trace_android_vh_ipv6_gen_linklocal_addr(dev, &ret);
3401
+	if (ret)
3402
+		return;
3403
+
3336
3404
 	/* this device type has no EUI support */
3337
3405
 	if (dev->type == ARPHRD_NONE &&
3338
3406
 	    idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_EUI64)
..
..
@@ -3355,7 +3423,7 @@
3355
3423
 	 */
3356
3424
 
3357
3425
 	idev = ipv6_find_idev(dev);
3358
-	if (!idev) {
3426
+	if (IS_ERR(idev)) {
3359
3427
 		pr_debug("%s: add_dev failed\n", __func__);
3360
3428
 		return;
3361
3429
 	}
..
..
@@ -3380,7 +3448,7 @@
3380
3448
 	ASSERT_RTNL();
3381
3449
 
3382
3450
 	idev = ipv6_find_idev(dev);
3383
-	if (!idev) {
3451
+	if (IS_ERR(idev)) {
3384
3452
 		pr_debug("%s: add_dev failed\n", __func__);
3385
3453
 		return;
3386
3454
 	}
..
..
@@ -3498,9 +3566,7 @@
3498
3566
 			break;
3499
3567
 
3500
3568
 		run_pending = 1;
3501
-
3502
-		/* fall through */
3503
-
3569
+		fallthrough;
3504
3570
 	case NETDEV_UP:
3505
3571
 	case NETDEV_CHANGE:
3506
3572
 		if (dev->flags & IFF_SLAVE)
..
..
@@ -3515,8 +3581,8 @@
3515
3581
 
3516
3582
 			if (!addrconf_link_ready(dev)) {
3517
3583
 				/* device is not ready yet. */
3518
-				pr_info("ADDRCONF(NETDEV_UP): %s: link is not ready\n",
3519
-					dev->name);
3584
+				pr_debug("ADDRCONF(NETDEV_UP): %s: link is not ready\n",
3585
+					 dev->name);
3520
3586
 				break;
3521
3587
 			}
3522
3588
 
..
..
@@ -3642,7 +3708,7 @@
3642
3708
 		 * an L3 master device (e.g., VRF)
3643
3709
 		 */
3644
3710
 		if (info->upper_dev && netif_is_l3_master(info->upper_dev))
3645
-			addrconf_ifdown(dev, 0);
3711
+			addrconf_ifdown(dev, false);
3646
3712
 	}
3647
3713
 
3648
3714
 	return NOTIFY_OK;
..
..
@@ -3675,13 +3741,15 @@
3675
3741
 		(IPV6_ADDR_LINKLOCAL | IPV6_ADDR_LOOPBACK);
3676
3742
 }
3677
3743
 
3678
-static int addrconf_ifdown(struct net_device *dev, int how)
3744
+static int addrconf_ifdown(struct net_device *dev, bool unregister)
3679
3745
 {
3680
-	unsigned long event = how ? NETDEV_UNREGISTER : NETDEV_DOWN;
3746
+	unsigned long event = unregister ? NETDEV_UNREGISTER : NETDEV_DOWN;
3681
3747
 	struct net *net = dev_net(dev);
3682
3748
 	struct inet6_dev *idev;
3683
-	struct inet6_ifaddr *ifa, *tmp;
3749
+	struct inet6_ifaddr *ifa;
3750
+	LIST_HEAD(tmp_addr_list);
3684
3751
 	bool keep_addr = false;
3752
+	bool was_ready;
3685
3753
 	int state, i;
3686
3754
 
3687
3755
 	ASSERT_RTNL();
..
..
@@ -3696,7 +3764,7 @@
3696
3764
 	 * Step 1: remove reference to ipv6 device from parent device.
3697
3765
 	 *	   Do not dev_put!
3698
3766
 	 */
3699
-	if (how) {
3767
+	if (unregister) {
3700
3768
 		idev->dead = 1;
3701
3769
 
3702
3770
 		/* protected by rtnl_lock */
..
..
@@ -3710,7 +3778,7 @@
3710
3778
 	/* combine the user config with event to determine if permanent
3711
3779
 	 * addresses are to be removed from address hash table
3712
3780
 	 */
3713
-	if (!how && !idev->cnf.disable_ipv6) {
3781
+	if (!unregister && !idev->cnf.disable_ipv6) {
3714
3782
 		/* aggregate the system setting and interface setting */
3715
3783
 		int _keep_addr = net->ipv6.devconf_all->keep_addr_on_down;
3716
3784
 
..
..
@@ -3747,8 +3815,11 @@
3747
3815
 
3748
3816
 	addrconf_del_rs_timer(idev);
3749
3817
 
3750
-	/* Step 2: clear flags for stateless addrconf */
3751
-	if (!how)
3818
+	/* Step 2: clear flags for stateless addrconf, repeated down
3819
+	 *         detection
3820
+	 */
3821
+	was_ready = idev->if_flags & IF_READY;
3822
+	if (!unregister)
3752
3823
 		idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY);
3753
3824
 
3754
3825
 	/* Step 3: clear tempaddr list */
..
..
@@ -3768,16 +3839,23 @@
3768
3839
 		write_lock_bh(&idev->lock);
3769
3840
 	}
3770
3841
 
3771
-	list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
3842
+	list_for_each_entry(ifa, &idev->addr_list, if_list)
3843
+		list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
3844
+	write_unlock_bh(&idev->lock);
3845
+
3846
+	while (!list_empty(&tmp_addr_list)) {
3772
3847
 		struct fib6_info *rt = NULL;
3773
3848
 		bool keep;
3849
+
3850
+		ifa = list_first_entry(&tmp_addr_list,
3851
+				       struct inet6_ifaddr, if_list_aux);
3852
+		list_del(&ifa->if_list_aux);
3774
3853
 
3775
3854
 		addrconf_del_dad_work(ifa);
3776
3855
 
3777
3856
 		keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) &&
3778
3857
 			!addr_is_local(&ifa->addr);
3779
3858
 
3780
-		write_unlock_bh(&idev->lock);
3781
3859
 		spin_lock_bh(&ifa->lock);
3782
3860
 
3783
3861
 		if (keep) {
..
..
@@ -3797,7 +3875,7 @@
3797
3875
 		spin_unlock_bh(&ifa->lock);
3798
3876
 
3799
3877
 		if (rt)
3800
-			ip6_del_rt(net, rt);
3878
+			ip6_del_rt(net, rt, false);
3801
3879
 
3802
3880
 		if (state != INET6_IFADDR_STATE_DEAD) {
3803
3881
 			__ipv6_ifa_notify(RTM_DELADDR, ifa);
..
..
@@ -3808,27 +3886,26 @@
3808
3886
 			addrconf_leave_solict(ifa->idev, &ifa->addr);
3809
3887
 		}
3810
3888
 
3811
-		write_lock_bh(&idev->lock);
3812
3889
 		if (!keep) {
3890
+			write_lock_bh(&idev->lock);
3813
3891
 			list_del_rcu(&ifa->if_list);
3892
+			write_unlock_bh(&idev->lock);
3814
3893
 			in6_ifa_put(ifa);
3815
3894
 		}
3816
3895
 	}
3817
3896
 
3818
-	write_unlock_bh(&idev->lock);
3819
-
3820
3897
 	/* Step 5: Discard anycast and multicast list */
3821
-	if (how) {
3898
+	if (unregister) {
3822
3899
 		ipv6_ac_destroy_dev(idev);
3823
3900
 		ipv6_mc_destroy_dev(idev);
3824
-	} else {
3901
+	} else if (was_ready) {
3825
3902
 		ipv6_mc_down(idev);
3826
3903
 	}
3827
3904
 
3828
3905
 	idev->tstamp = jiffies;
3829
3906
 
3830
3907
 	/* Last: Shot the device (if unregistered) */
3831
-	if (how) {
3908
+	if (unregister) {
3832
3909
 		addrconf_sysctl_unregister(idev);
3833
3910
 		neigh_parms_release(&nd_tbl, idev->nd_parms);
3834
3911
 		neigh_ifdown(&nd_tbl, dev);
..
..
@@ -4050,7 +4127,7 @@
4050
4127
 		in6_ifa_hold(ifp);
4051
4128
 		addrconf_dad_stop(ifp, 1);
4052
4129
 		if (disable_ipv6)
4053
-			addrconf_ifdown(idev->dev, 0);
4130
+			addrconf_ifdown(idev->dev, false);
4054
4131
 		goto out;
4055
4132
 	}
4056
4133
 
..
..
@@ -4092,7 +4169,8 @@
4092
4169
 
4093
4170
 	ifp->dad_probes--;
4094
4171
 	addrconf_mod_dad_work(ifp,
4095
-			      NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME));
4172
+			      max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME),
4173
+				  HZ/100));
4096
4174
 	spin_unlock(&ifp->lock);
4097
4175
 	write_unlock_bh(&idev->lock);
4098
4176
 
..
..
@@ -4147,7 +4225,8 @@
4147
4225
 	send_rs = send_mld &&
4148
4226
 		  ipv6_accept_ra(ifp->idev) &&
4149
4227
 		  ifp->idev->cnf.rtr_solicits != 0 &&
4150
-		  (dev->flags&IFF_LOOPBACK) == 0;
4228
+		  (dev->flags & IFF_LOOPBACK) == 0 &&
4229
+		  (dev->type != ARPHRD_TUNNEL);
4151
4230
 	read_unlock_bh(&ifp->idev->lock);
4152
4231
 
4153
4232
 	/* While dad is in progress mld report's source address is in6_addrany.
..
..
@@ -4375,6 +4454,59 @@
4375
4454
 }
4376
4455
 #endif
4377
4456
 
4457
+/* RFC6554 has some algorithm to avoid loops in segment routing by
4458
+ * checking if the segments contains any of a local interface address.
4459
+ *
4460
+ * Quote:
4461
+ *
4462
+ * To detect loops in the SRH, a router MUST determine if the SRH
4463
+ * includes multiple addresses assigned to any interface on that router.
4464
+ * If such addresses appear more than once and are separated by at least
4465
+ * one address not assigned to that router.
4466
+ */
4467
+int ipv6_chk_rpl_srh_loop(struct net *net, const struct in6_addr *segs,
4468
+			  unsigned char nsegs)
4469
+{
4470
+	const struct in6_addr *addr;
4471
+	int i, ret = 0, found = 0;
4472
+	struct inet6_ifaddr *ifp;
4473
+	bool separated = false;
4474
+	unsigned int hash;
4475
+	bool hash_found;
4476
+
4477
+	rcu_read_lock();
4478
+	for (i = 0; i < nsegs; i++) {
4479
+		addr = &segs[i];
4480
+		hash = inet6_addr_hash(net, addr);
4481
+
4482
+		hash_found = false;
4483
+		hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
4484
+			if (!net_eq(dev_net(ifp->idev->dev), net))
4485
+				continue;
4486
+
4487
+			if (ipv6_addr_equal(&ifp->addr, addr)) {
4488
+				hash_found = true;
4489
+				break;
4490
+			}
4491
+		}
4492
+
4493
+		if (hash_found) {
4494
+			if (found > 1 && separated) {
4495
+				ret = 1;
4496
+				break;
4497
+			}
4498
+
4499
+			separated = false;
4500
+			found++;
4501
+		} else {
4502
+			separated = true;
4503
+		}
4504
+	}
4505
+	rcu_read_unlock();
4506
+
4507
+	return ret;
4508
+}
4509
+
4378
4510
 /*
4379
4511
  *	Periodic address status verification
4380
4512
  */
..
..
@@ -4445,7 +4577,7 @@
4445
4577
 				   !(ifp->flags&IFA_F_TENTATIVE)) {
4446
4578
 				unsigned long regen_advance = ifp->idev->cnf.regen_max_retry *
4447
4579
 					ifp->idev->cnf.dad_transmits *
4448
-					NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME) / HZ;
4580
+					max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME), HZ/100) / HZ;
4449
4581
 
4450
4582
 				if (age >= ifp->prefered_lft - regen_advance) {
4451
4583
 					struct inet6_ifaddr *ifpub = ifp->ifpub;
..
..
@@ -4461,7 +4593,7 @@
4461
4593
 						ifpub->regen_count = 0;
4462
4594
 						spin_unlock(&ifpub->lock);
4463
4595
 						rcu_read_unlock_bh();
4464
-						ipv6_create_tempaddr(ifpub, ifp, true);
4596
+						ipv6_create_tempaddr(ifpub, true);
4465
4597
 						in6_ifa_put(ifpub);
4466
4598
 						in6_ifa_put(ifp);
4467
4599
 						rcu_read_lock_bh();
..
..
@@ -4533,6 +4665,7 @@
4533
4665
 	[IFA_CACHEINFO]		= { .len = sizeof(struct ifa_cacheinfo) },
4534
4666
 	[IFA_FLAGS]		= { .len = sizeof(u32) },
4535
4667
 	[IFA_RT_PRIORITY]	= { .len = sizeof(u32) },
4668
+	[IFA_TARGET_NETNSID]	= { .type = NLA_S32 },
4536
4669
 };
4537
4670
 
4538
4671
 static int
..
..
@@ -4546,8 +4679,8 @@
4546
4679
 	u32 ifa_flags;
4547
4680
 	int err;
4548
4681
 
4549
-	err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy,
4550
-			  extack);
4682
+	err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
4683
+				     ifa_ipv6_policy, extack);
4551
4684
 	if (err < 0)
4552
4685
 		return err;
4553
4686
 
..
..
@@ -4574,15 +4707,14 @@
4574
4707
 
4575
4708
 	f6i = addrconf_get_prefix_route(modify_peer ? &ifp->peer_addr : &ifp->addr,
4576
4709
 					ifp->prefix_len,
4577
-					ifp->idev->dev,
4578
-					0, RTF_GATEWAY | RTF_DEFAULT);
4710
+					ifp->idev->dev, 0, RTF_DEFAULT, true);
4579
4711
 	if (!f6i)
4580
4712
 		return -ENOENT;
4581
4713
 
4582
4714
 	prio = ifp->rt_priority ? : IP6_RT_PRIO_ADDRCONF;
4583
4715
 	if (f6i->fib6_metric != prio) {
4584
4716
 		/* delete old one */
4585
-		ip6_del_rt(dev_net(ifp->idev->dev), f6i);
4717
+		ip6_del_rt(dev_net(ifp->idev->dev), f6i, false);
4586
4718
 
4587
4719
 		/* add new one */
4588
4720
 		addrconf_prefix_route(modify_peer ? &ifp->peer_addr : &ifp->addr,
..
..
@@ -4734,8 +4866,8 @@
4734
4866
 	struct ifa6_config cfg;
4735
4867
 	int err;
4736
4868
 
4737
-	err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy,
4738
-			  extack);
4869
+	err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
4870
+				     ifa_ipv6_policy, extack);
4739
4871
 	if (err < 0)
4740
4872
 		return err;
4741
4873
 
..
..
@@ -4777,8 +4909,8 @@
4777
4909
 			 IFA_F_MCAUTOJOIN | IFA_F_OPTIMISTIC;
4778
4910
 
4779
4911
 	idev = ipv6_find_idev(dev);
4780
-	if (!idev)
4781
-		return -ENOBUFS;
4912
+	if (IS_ERR(idev))
4913
+		return PTR_ERR(idev);
4782
4914
 
4783
4915
 	if (!ipv6_allow_optimistic_dad(net, idev))
4784
4916
 		cfg.ifa_flags &= ~IFA_F_OPTIMISTIC;
..
..
@@ -4857,19 +4989,41 @@
4857
4989
 	       + nla_total_size(4)  /* IFA_RT_PRIORITY */;
4858
4990
 }
4859
4991
 
4992
+enum addr_type_t {
4993
+	UNICAST_ADDR,
4994
+	MULTICAST_ADDR,
4995
+	ANYCAST_ADDR,
4996
+};
4997
+
4998
+struct inet6_fill_args {
4999
+	u32 portid;
5000
+	u32 seq;
5001
+	int event;
5002
+	unsigned int flags;
5003
+	int netnsid;
5004
+	int ifindex;
5005
+	enum addr_type_t type;
5006
+};
5007
+
4860
5008
 static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
4861
-			     u32 portid, u32 seq, int event, unsigned int flags)
5009
+			     struct inet6_fill_args *args)
4862
5010
 {
4863
5011
 	struct nlmsghdr  *nlh;
4864
5012
 	u32 preferred, valid;
4865
5013
 
4866
-	nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags);
5014
+	nlh = nlmsg_put(skb, args->portid, args->seq, args->event,
5015
+			sizeof(struct ifaddrmsg), args->flags);
4867
5016
 	if (!nlh)
4868
5017
 		return -EMSGSIZE;
4869
5018
 
4870
5019
 	put_ifaddrmsg(nlh, ifa->prefix_len, ifa->flags, rt_scope(ifa->scope),
4871
5020
 		      ifa->idev->dev->ifindex);
4872
5021
 
5022
+	if (args->netnsid >= 0 &&
5023
+	    nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
5024
+		goto error;
5025
+
5026
+	spin_lock_bh(&ifa->lock);
4873
5027
 	if (!((ifa->flags&IFA_F_PERMANENT) &&
4874
5028
 	      (ifa->prefered_lft == INFINITY_LIFE_TIME))) {
4875
5029
 		preferred = ifa->prefered_lft;
..
..
@@ -4891,6 +5045,7 @@
4891
5045
 		preferred = INFINITY_LIFE_TIME;
4892
5046
 		valid = INFINITY_LIFE_TIME;
4893
5047
 	}
5048
+	spin_unlock_bh(&ifa->lock);
4894
5049
 
4895
5050
 	if (!ipv6_addr_any(&ifa->peer_addr)) {
4896
5051
 		if (nla_put_in6_addr(skb, IFA_LOCAL, &ifa->addr) < 0 ||
..
..
@@ -4919,7 +5074,7 @@
4919
5074
 }
4920
5075
 
4921
5076
 static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
4922
-				u32 portid, u32 seq, int event, u16 flags)
5077
+			       struct inet6_fill_args *args)
4923
5078
 {
4924
5079
 	struct nlmsghdr  *nlh;
4925
5080
 	u8 scope = RT_SCOPE_UNIVERSE;
..
..
@@ -4928,9 +5083,16 @@
4928
5083
 	if (ipv6_addr_scope(&ifmca->mca_addr) & IFA_SITE)
4929
5084
 		scope = RT_SCOPE_SITE;
4930
5085
 
4931
-	nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags);
5086
+	nlh = nlmsg_put(skb, args->portid, args->seq, args->event,
5087
+			sizeof(struct ifaddrmsg), args->flags);
4932
5088
 	if (!nlh)
4933
5089
 		return -EMSGSIZE;
5090
+
5091
+	if (args->netnsid >= 0 &&
5092
+	    nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) {
5093
+		nlmsg_cancel(skb, nlh);
5094
+		return -EMSGSIZE;
5095
+	}
4934
5096
 
4935
5097
 	put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
4936
5098
 	if (nla_put_in6_addr(skb, IFA_MULTICAST, &ifmca->mca_addr) < 0 ||
..
..
@@ -4945,7 +5107,7 @@
4945
5107
 }
4946
5108
 
4947
5109
 static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
4948
-				u32 portid, u32 seq, int event, unsigned int flags)
5110
+			       struct inet6_fill_args *args)
4949
5111
 {
4950
5112
 	struct net_device *dev = fib6_info_nh_dev(ifaca->aca_rt);
4951
5113
 	int ifindex = dev ? dev->ifindex : 1;
..
..
@@ -4955,9 +5117,16 @@
4955
5117
 	if (ipv6_addr_scope(&ifaca->aca_addr) & IFA_SITE)
4956
5118
 		scope = RT_SCOPE_SITE;
4957
5119
 
4958
-	nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags);
5120
+	nlh = nlmsg_put(skb, args->portid, args->seq, args->event,
5121
+			sizeof(struct ifaddrmsg), args->flags);
4959
5122
 	if (!nlh)
4960
5123
 		return -EMSGSIZE;
5124
+
5125
+	if (args->netnsid >= 0 &&
5126
+	    nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) {
5127
+		nlmsg_cancel(skb, nlh);
5128
+		return -EMSGSIZE;
5129
+	}
4961
5130
 
4962
5131
 	put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
4963
5132
 	if (nla_put_in6_addr(skb, IFA_ANYCAST, &ifaca->aca_addr) < 0 ||
..
..
@@ -4971,36 +5140,27 @@
4971
5140
 	return 0;
4972
5141
 }
4973
5142
 
4974
-enum addr_type_t {
4975
-	UNICAST_ADDR,
4976
-	MULTICAST_ADDR,
4977
-	ANYCAST_ADDR,
4978
-};
4979
-
4980
5143
 /* called with rcu_read_lock() */
4981
5144
 static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb,
4982
-			  struct netlink_callback *cb, enum addr_type_t type,
4983
-			  int s_ip_idx, int *p_ip_idx)
5145
+			  struct netlink_callback *cb, int s_ip_idx,
5146
+			  struct inet6_fill_args *fillargs)
4984
5147
 {
4985
5148
 	struct ifmcaddr6 *ifmca;
4986
5149
 	struct ifacaddr6 *ifaca;
5150
+	int ip_idx = 0;
4987
5151
 	int err = 1;
4988
-	int ip_idx = *p_ip_idx;
4989
5152
 
4990
5153
 	read_lock_bh(&idev->lock);
4991
-	switch (type) {
5154
+	switch (fillargs->type) {
4992
5155
 	case UNICAST_ADDR: {
4993
5156
 		struct inet6_ifaddr *ifa;
5157
+		fillargs->event = RTM_NEWADDR;
4994
5158
 
4995
5159
 		/* unicast address incl. temp addr */
4996
5160
 		list_for_each_entry(ifa, &idev->addr_list, if_list) {
4997
5161
 			if (ip_idx < s_ip_idx)
4998
5162
 				goto next;
4999
-			err = inet6_fill_ifaddr(skb, ifa,
5000
-						NETLINK_CB(cb->skb).portid,
5001
-						cb->nlh->nlmsg_seq,
5002
-						RTM_NEWADDR,
5003
-						NLM_F_MULTI);
5163
+			err = inet6_fill_ifaddr(skb, ifa, fillargs);
5004
5164
 			if (err < 0)
5005
5165
 				break;
5006
5166
 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
..
..
@@ -5010,31 +5170,26 @@
5010
5170
 		break;
5011
5171
 	}
5012
5172
 	case MULTICAST_ADDR:
5173
+		fillargs->event = RTM_GETMULTICAST;
5174
+
5013
5175
 		/* multicast address */
5014
5176
 		for (ifmca = idev->mc_list; ifmca;
5015
5177
 		     ifmca = ifmca->next, ip_idx++) {
5016
5178
 			if (ip_idx < s_ip_idx)
5017
5179
 				continue;
5018
-			err = inet6_fill_ifmcaddr(skb, ifmca,
5019
-						  NETLINK_CB(cb->skb).portid,
5020
-						  cb->nlh->nlmsg_seq,
5021
-						  RTM_GETMULTICAST,
5022
-						  NLM_F_MULTI);
5180
+			err = inet6_fill_ifmcaddr(skb, ifmca, fillargs);
5023
5181
 			if (err < 0)
5024
5182
 				break;
5025
5183
 		}
5026
5184
 		break;
5027
5185
 	case ANYCAST_ADDR:
5186
+		fillargs->event = RTM_GETANYCAST;
5028
5187
 		/* anycast address */
5029
5188
 		for (ifaca = idev->ac_list; ifaca;
5030
5189
 		     ifaca = ifaca->aca_next, ip_idx++) {
5031
5190
 			if (ip_idx < s_ip_idx)
5032
5191
 				continue;
5033
-			err = inet6_fill_ifacaddr(skb, ifaca,
5034
-						  NETLINK_CB(cb->skb).portid,
5035
-						  cb->nlh->nlmsg_seq,
5036
-						  RTM_GETANYCAST,
5037
-						  NLM_F_MULTI);
5192
+			err = inet6_fill_ifacaddr(skb, ifaca, fillargs);
5038
5193
 			if (err < 0)
5039
5194
 				break;
5040
5195
 		}
..
..
@@ -5043,42 +5198,130 @@
5043
5198
 		break;
5044
5199
 	}
5045
5200
 	read_unlock_bh(&idev->lock);
5046
-	*p_ip_idx = ip_idx;
5201
+	cb->args[2] = ip_idx;
5047
5202
 	return err;
5203
+}
5204
+
5205
+static int inet6_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
5206
+				       struct inet6_fill_args *fillargs,
5207
+				       struct net **tgt_net, struct sock *sk,
5208
+				       struct netlink_callback *cb)
5209
+{
5210
+	struct netlink_ext_ack *extack = cb->extack;
5211
+	struct nlattr *tb[IFA_MAX+1];
5212
+	struct ifaddrmsg *ifm;
5213
+	int err, i;
5214
+
5215
+	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
5216
+		NL_SET_ERR_MSG_MOD(extack, "Invalid header for address dump request");
5217
+		return -EINVAL;
5218
+	}
5219
+
5220
+	ifm = nlmsg_data(nlh);
5221
+	if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
5222
+		NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for address dump request");
5223
+		return -EINVAL;
5224
+	}
5225
+
5226
+	fillargs->ifindex = ifm->ifa_index;
5227
+	if (fillargs->ifindex) {
5228
+		cb->answer_flags |= NLM_F_DUMP_FILTERED;
5229
+		fillargs->flags |= NLM_F_DUMP_FILTERED;
5230
+	}
5231
+
5232
+	err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
5233
+					    ifa_ipv6_policy, extack);
5234
+	if (err < 0)
5235
+		return err;
5236
+
5237
+	for (i = 0; i <= IFA_MAX; ++i) {
5238
+		if (!tb[i])
5239
+			continue;
5240
+
5241
+		if (i == IFA_TARGET_NETNSID) {
5242
+			struct net *net;
5243
+
5244
+			fillargs->netnsid = nla_get_s32(tb[i]);
5245
+			net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
5246
+			if (IS_ERR(net)) {
5247
+				fillargs->netnsid = -1;
5248
+				NL_SET_ERR_MSG_MOD(extack, "Invalid target network namespace id");
5249
+				return PTR_ERR(net);
5250
+			}
5251
+			*tgt_net = net;
5252
+		} else {
5253
+			NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in dump request");
5254
+			return -EINVAL;
5255
+		}
5256
+	}
5257
+
5258
+	return 0;
5048
5259
 }
5049
5260
 
5050
5261
 static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
5051
5262
 			   enum addr_type_t type)
5052
5263
 {
5264
+	const struct nlmsghdr *nlh = cb->nlh;
5265
+	struct inet6_fill_args fillargs = {
5266
+		.portid = NETLINK_CB(cb->skb).portid,
5267
+		.seq = cb->nlh->nlmsg_seq,
5268
+		.flags = NLM_F_MULTI,
5269
+		.netnsid = -1,
5270
+		.type = type,
5271
+	};
5053
5272
 	struct net *net = sock_net(skb->sk);
5273
+	struct net *tgt_net = net;
5274
+	int idx, s_idx, s_ip_idx;
5054
5275
 	int h, s_h;
5055
-	int idx, ip_idx;
5056
-	int s_idx, s_ip_idx;
5057
5276
 	struct net_device *dev;
5058
5277
 	struct inet6_dev *idev;
5059
5278
 	struct hlist_head *head;
5279
+	int err = 0;
5060
5280
 
5061
5281
 	s_h = cb->args[0];
5062
5282
 	s_idx = idx = cb->args[1];
5063
-	s_ip_idx = ip_idx = cb->args[2];
5283
+	s_ip_idx = cb->args[2];
5284
+
5285
+	if (cb->strict_check) {
5286
+		err = inet6_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
5287
+						  skb->sk, cb);
5288
+		if (err < 0)
5289
+			goto put_tgt_net;
5290
+
5291
+		err = 0;
5292
+		if (fillargs.ifindex) {
5293
+			dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
5294
+			if (!dev) {
5295
+				err = -ENODEV;
5296
+				goto put_tgt_net;
5297
+			}
5298
+			idev = __in6_dev_get(dev);
5299
+			if (idev) {
5300
+				err = in6_dump_addrs(idev, skb, cb, s_ip_idx,
5301
+						     &fillargs);
5302
+				if (err > 0)
5303
+					err = 0;
5304
+			}
5305
+			goto put_tgt_net;
5306
+		}
5307
+	}
5064
5308
 
5065
5309
 	rcu_read_lock();
5066
-	cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq;
5310
+	cb->seq = atomic_read(&tgt_net->ipv6.dev_addr_genid) ^ tgt_net->dev_base_seq;
5067
5311
 	for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
5068
5312
 		idx = 0;
5069
-		head = &net->dev_index_head[h];
5313
+		head = &tgt_net->dev_index_head[h];
5070
5314
 		hlist_for_each_entry_rcu(dev, head, index_hlist) {
5071
5315
 			if (idx < s_idx)
5072
5316
 				goto cont;
5073
5317
 			if (h > s_h || idx > s_idx)
5074
5318
 				s_ip_idx = 0;
5075
-			ip_idx = 0;
5076
5319
 			idev = __in6_dev_get(dev);
5077
5320
 			if (!idev)
5078
5321
 				goto cont;
5079
5322
 
5080
-			if (in6_dump_addrs(idev, skb, cb, type,
5081
-					   s_ip_idx, &ip_idx) < 0)
5323
+			if (in6_dump_addrs(idev, skb, cb, s_ip_idx,
5324
+					   &fillargs) < 0)
5082
5325
 				goto done;
5083
5326
 cont:
5084
5327
 			idx++;
..
..
@@ -5088,9 +5331,11 @@
5088
5331
 	rcu_read_unlock();
5089
5332
 	cb->args[0] = h;
5090
5333
 	cb->args[1] = idx;
5091
-	cb->args[2] = ip_idx;
5334
+put_tgt_net:
5335
+	if (fillargs.netnsid >= 0)
5336
+		put_net(tgt_net);
5092
5337
 
5093
-	return skb->len;
5338
+	return skb->len ? : err;
5094
5339
 }
5095
5340
 
5096
5341
 static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
..
..
@@ -5115,10 +5360,64 @@
5115
5360
 	return inet6_dump_addr(skb, cb, type);
5116
5361
 }
5117
5362
 
5363
+static int inet6_rtm_valid_getaddr_req(struct sk_buff *skb,
5364
+				       const struct nlmsghdr *nlh,
5365
+				       struct nlattr **tb,
5366
+				       struct netlink_ext_ack *extack)
5367
+{
5368
+	struct ifaddrmsg *ifm;
5369
+	int i, err;
5370
+
5371
+	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
5372
+		NL_SET_ERR_MSG_MOD(extack, "Invalid header for get address request");
5373
+		return -EINVAL;
5374
+	}
5375
+
5376
+	if (!netlink_strict_get_check(skb))
5377
+		return nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
5378
+					      ifa_ipv6_policy, extack);
5379
+
5380
+	ifm = nlmsg_data(nlh);
5381
+	if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
5382
+		NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for get address request");
5383
+		return -EINVAL;
5384
+	}
5385
+
5386
+	err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
5387
+					    ifa_ipv6_policy, extack);
5388
+	if (err)
5389
+		return err;
5390
+
5391
+	for (i = 0; i <= IFA_MAX; i++) {
5392
+		if (!tb[i])
5393
+			continue;
5394
+
5395
+		switch (i) {
5396
+		case IFA_TARGET_NETNSID:
5397
+		case IFA_ADDRESS:
5398
+		case IFA_LOCAL:
5399
+			break;
5400
+		default:
5401
+			NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in get address request");
5402
+			return -EINVAL;
5403
+		}
5404
+	}
5405
+
5406
+	return 0;
5407
+}
5408
+
5118
5409
 static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
5119
5410
 			     struct netlink_ext_ack *extack)
5120
5411
 {
5121
5412
 	struct net *net = sock_net(in_skb->sk);
5413
+	struct inet6_fill_args fillargs = {
5414
+		.portid = NETLINK_CB(in_skb).portid,
5415
+		.seq = nlh->nlmsg_seq,
5416
+		.event = RTM_NEWADDR,
5417
+		.flags = 0,
5418
+		.netnsid = -1,
5419
+	};
5420
+	struct net *tgt_net = net;
5122
5421
 	struct ifaddrmsg *ifm;
5123
5422
 	struct nlattr *tb[IFA_MAX+1];
5124
5423
 	struct in6_addr *addr = NULL, *peer;
..
..
@@ -5127,10 +5426,18 @@
5127
5426
 	struct sk_buff *skb;
5128
5427
 	int err;
5129
5428
 
5130
-	err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy,
5131
-			  extack);
5429
+	err = inet6_rtm_valid_getaddr_req(in_skb, nlh, tb, extack);
5132
5430
 	if (err < 0)
5133
5431
 		return err;
5432
+
5433
+	if (tb[IFA_TARGET_NETNSID]) {
5434
+		fillargs.netnsid = nla_get_s32(tb[IFA_TARGET_NETNSID]);
5435
+
5436
+		tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(in_skb).sk,
5437
+						  fillargs.netnsid);
5438
+		if (IS_ERR(tgt_net))
5439
+			return PTR_ERR(tgt_net);
5440
+	}
5134
5441
 
5135
5442
 	addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer);
5136
5443
 	if (!addr)
..
..
@@ -5138,9 +5445,9 @@
5138
5445
 
5139
5446
 	ifm = nlmsg_data(nlh);
5140
5447
 	if (ifm->ifa_index)
5141
-		dev = dev_get_by_index(net, ifm->ifa_index);
5448
+		dev = dev_get_by_index(tgt_net, ifm->ifa_index);
5142
5449
 
5143
-	ifa = ipv6_get_ifaddr(net, addr, dev, 1);
5450
+	ifa = ipv6_get_ifaddr(tgt_net, addr, dev, 1);
5144
5451
 	if (!ifa) {
5145
5452
 		err = -EADDRNOTAVAIL;
5146
5453
 		goto errout;
..
..
@@ -5152,20 +5459,22 @@
5152
5459
 		goto errout_ifa;
5153
5460
 	}
5154
5461
 
5155
-	err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(in_skb).portid,
5156
-				nlh->nlmsg_seq, RTM_NEWADDR, 0);
5462
+	err = inet6_fill_ifaddr(skb, ifa, &fillargs);
5157
5463
 	if (err < 0) {
5158
5464
 		/* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
5159
5465
 		WARN_ON(err == -EMSGSIZE);
5160
5466
 		kfree_skb(skb);
5161
5467
 		goto errout_ifa;
5162
5468
 	}
5163
-	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
5469
+	err = rtnl_unicast(skb, tgt_net, NETLINK_CB(in_skb).portid);
5164
5470
 errout_ifa:
5165
5471
 	in6_ifa_put(ifa);
5166
5472
 errout:
5167
5473
 	if (dev)
5168
5474
 		dev_put(dev);
5475
+	if (fillargs.netnsid >= 0)
5476
+		put_net(tgt_net);
5477
+
5169
5478
 	return err;
5170
5479
 }
5171
5480
 
..
..
@@ -5173,13 +5482,20 @@
5173
5482
 {
5174
5483
 	struct sk_buff *skb;
5175
5484
 	struct net *net = dev_net(ifa->idev->dev);
5485
+	struct inet6_fill_args fillargs = {
5486
+		.portid = 0,
5487
+		.seq = 0,
5488
+		.event = event,
5489
+		.flags = 0,
5490
+		.netnsid = -1,
5491
+	};
5176
5492
 	int err = -ENOBUFS;
5177
5493
 
5178
5494
 	skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC);
5179
5495
 	if (!skb)
5180
5496
 		goto errout;
5181
5497
 
5182
-	err = inet6_fill_ifaddr(skb, ifa, 0, 0, event, 0);
5498
+	err = inet6_fill_ifaddr(skb, ifa, &fillargs);
5183
5499
 	if (err < 0) {
5184
5500
 		/* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
5185
5501
 		WARN_ON(err == -EMSGSIZE);
..
..
@@ -5243,7 +5559,7 @@
5243
5559
 	array[DEVCONF_USE_OPTIMISTIC] = cnf->use_optimistic;
5244
5560
 #endif
5245
5561
 #ifdef CONFIG_IPV6_MROUTE
5246
-	array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding;
5562
+	array[DEVCONF_MC_FORWARDING] = atomic_read(&cnf->mc_forwarding);
5247
5563
 #endif
5248
5564
 	array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6;
5249
5565
 	array[DEVCONF_ACCEPT_DAD] = cnf->accept_dad;
..
..
@@ -5266,6 +5582,7 @@
5266
5582
 	array[DEVCONF_ADDR_GEN_MODE] = cnf->addr_gen_mode;
5267
5583
 	array[DEVCONF_DISABLE_POLICY] = cnf->disable_policy;
5268
5584
 	array[DEVCONF_NDISC_TCLASS] = cnf->ndisc_tclass;
5585
+	array[DEVCONF_RPL_SEG_ENABLED] = cnf->rpl_seg_enabled;
5269
5586
 }
5270
5587
 
5271
5588
 static inline size_t inet6_ifla6_size(void)
..
..
@@ -5378,13 +5695,12 @@
5378
5695
 	nla = nla_reserve(skb, IFLA_INET6_TOKEN, sizeof(struct in6_addr));
5379
5696
 	if (!nla)
5380
5697
 		goto nla_put_failure;
5381
-
5382
-	if (nla_put_u8(skb, IFLA_INET6_ADDR_GEN_MODE, idev->cnf.addr_gen_mode))
5383
-		goto nla_put_failure;
5384
-
5385
5698
 	read_lock_bh(&idev->lock);
5386
5699
 	memcpy(nla_data(nla), idev->token.s6_addr, nla_len(nla));
5387
5700
 	read_unlock_bh(&idev->lock);
5701
+
5702
+	if (nla_put_u8(skb, IFLA_INET6_ADDR_GEN_MODE, idev->cnf.addr_gen_mode))
5703
+		goto nla_put_failure;
5388
5704
 
5389
5705
 	return 0;
5390
5706
 
..
..
@@ -5486,18 +5802,6 @@
5486
5802
 	[IFLA_INET6_TOKEN]		= { .len = sizeof(struct in6_addr) },
5487
5803
 };
5488
5804
 
5489
-static int inet6_validate_link_af(const struct net_device *dev,
5490
-				  const struct nlattr *nla)
5491
-{
5492
-	struct nlattr *tb[IFLA_INET6_MAX + 1];
5493
-
5494
-	if (dev && !__in6_dev_get(dev))
5495
-		return -EAFNOSUPPORT;
5496
-
5497
-	return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy,
5498
-				NULL);
5499
-}
5500
-
5501
5805
 static int check_addr_gen_mode(int mode)
5502
5806
 {
5503
5807
 	if (mode != IN6_ADDR_GEN_MODE_EUI64 &&
..
..
@@ -5518,17 +5822,50 @@
5518
5822
 	return 1;
5519
5823
 }
5520
5824
 
5825
+static int inet6_validate_link_af(const struct net_device *dev,
5826
+				  const struct nlattr *nla)
5827
+{
5828
+	struct nlattr *tb[IFLA_INET6_MAX + 1];
5829
+	struct inet6_dev *idev = NULL;
5830
+	int err;
5831
+
5832
+	if (dev) {
5833
+		idev = __in6_dev_get(dev);
5834
+		if (!idev)
5835
+			return -EAFNOSUPPORT;
5836
+	}
5837
+
5838
+	err = nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla,
5839
+					  inet6_af_policy, NULL);
5840
+	if (err)
5841
+		return err;
5842
+
5843
+	if (!tb[IFLA_INET6_TOKEN] && !tb[IFLA_INET6_ADDR_GEN_MODE])
5844
+		return -EINVAL;
5845
+
5846
+	if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
5847
+		u8 mode = nla_get_u8(tb[IFLA_INET6_ADDR_GEN_MODE]);
5848
+
5849
+		if (check_addr_gen_mode(mode) < 0)
5850
+			return -EINVAL;
5851
+		if (dev && check_stable_privacy(idev, dev_net(dev), mode) < 0)
5852
+			return -EINVAL;
5853
+	}
5854
+
5855
+	return 0;
5856
+}
5857
+
5521
5858
 static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
5522
5859
 {
5523
-	int err = -EINVAL;
5524
5860
 	struct inet6_dev *idev = __in6_dev_get(dev);
5525
5861
 	struct nlattr *tb[IFLA_INET6_MAX + 1];
5862
+	int err;
5526
5863
 
5527
5864
 	if (!idev)
5528
5865
 		return -EAFNOSUPPORT;
5529
5866
 
5530
-	if (nla_parse_nested(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0)
5531
-		BUG();
5867
+	if (nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0)
5868
+		return -EINVAL;
5532
5869
 
5533
5870
 	if (tb[IFLA_INET6_TOKEN]) {
5534
5871
 		err = inet6_set_iftoken(idev, nla_data(tb[IFLA_INET6_TOKEN]));
..
..
@@ -5539,15 +5876,10 @@
5539
5876
 	if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
5540
5877
 		u8 mode = nla_get_u8(tb[IFLA_INET6_ADDR_GEN_MODE]);
5541
5878
 
5542
-		if (check_addr_gen_mode(mode) < 0 ||
5543
-		    check_stable_privacy(idev, dev_net(dev), mode) < 0)
5544
-			return -EINVAL;
5545
-
5546
5879
 		idev->cnf.addr_gen_mode = mode;
5547
-		err = 0;
5548
5880
 	}
5549
5881
 
5550
-	return err;
5882
+	return 0;
5551
5883
 }
5552
5884
 
5553
5885
 static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
..
..
@@ -5579,7 +5911,7 @@
5579
5911
 	    nla_put_u8(skb, IFLA_OPERSTATE,
5580
5912
 		       netif_running(dev) ? dev->operstate : IF_OPER_DOWN))
5581
5913
 		goto nla_put_failure;
5582
-	protoinfo = nla_nest_start(skb, IFLA_PROTINFO);
5914
+	protoinfo = nla_nest_start_noflag(skb, IFLA_PROTINFO);
5583
5915
 	if (!protoinfo)
5584
5916
 		goto nla_put_failure;
5585
5917
 
..
..
@@ -5595,6 +5927,31 @@
5595
5927
 	return -EMSGSIZE;
5596
5928
 }
5597
5929
 
5930
+static int inet6_valid_dump_ifinfo(const struct nlmsghdr *nlh,
5931
+				   struct netlink_ext_ack *extack)
5932
+{
5933
+	struct ifinfomsg *ifm;
5934
+
5935
+	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
5936
+		NL_SET_ERR_MSG_MOD(extack, "Invalid header for link dump request");
5937
+		return -EINVAL;
5938
+	}
5939
+
5940
+	if (nlmsg_attrlen(nlh, sizeof(*ifm))) {
5941
+		NL_SET_ERR_MSG_MOD(extack, "Invalid data after header");
5942
+		return -EINVAL;
5943
+	}
5944
+
5945
+	ifm = nlmsg_data(nlh);
5946
+	if (ifm->__ifi_pad || ifm->ifi_type || ifm->ifi_flags ||
5947
+	    ifm->ifi_change || ifm->ifi_index) {
5948
+		NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for dump request");
5949
+		return -EINVAL;
5950
+	}
5951
+
5952
+	return 0;
5953
+}
5954
+
5598
5955
 static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
5599
5956
 {
5600
5957
 	struct net *net = sock_net(skb->sk);
..
..
@@ -5603,6 +5960,16 @@
5603
5960
 	struct net_device *dev;
5604
5961
 	struct inet6_dev *idev;
5605
5962
 	struct hlist_head *head;
5963
+
5964
+	/* only requests using strict checking can pass data to
5965
+	 * influence the dump
5966
+	 */
5967
+	if (cb->strict_check) {
5968
+		int err = inet6_valid_dump_ifinfo(cb->nlh, cb->extack);
5969
+
5970
+		if (err < 0)
5971
+			return err;
5972
+	}
5606
5973
 
5607
5974
 	s_h = cb->args[0];
5608
5975
 	s_idx = cb->args[1];
..
..
@@ -5771,12 +6138,13 @@
5771
6138
 			struct fib6_info *rt;
5772
6139
 
5773
6140
 			rt = addrconf_get_prefix_route(&ifp->peer_addr, 128,
5774
-						       ifp->idev->dev, 0, 0);
6141
+						       ifp->idev->dev, 0, 0,
6142
+						       false);
5775
6143
 			if (rt)
5776
-				ip6_del_rt(net, rt);
6144
+				ip6_del_rt(net, rt, false);
5777
6145
 		}
5778
6146
 		if (ifp->rt) {
5779
-			ip6_del_rt(net, ifp->rt);
6147
+			ip6_del_rt(net, ifp->rt, false);
5780
6148
 			ifp->rt = NULL;
5781
6149
 		}
5782
6150
 		rt_genid_bump_ipv6(net);
..
..
@@ -5795,9 +6163,8 @@
5795
6163
 
5796
6164
 #ifdef CONFIG_SYSCTL
5797
6165
 
5798
-static
5799
-int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
5800
-			   void __user *buffer, size_t *lenp, loff_t *ppos)
6166
+static int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
6167
+		void *buffer, size_t *lenp, loff_t *ppos)
5801
6168
 {
5802
6169
 	int *valp = ctl->data;
5803
6170
 	int val = *valp;
..
..
@@ -5821,9 +6188,8 @@
5821
6188
 	return ret;
5822
6189
 }
5823
6190
 
5824
-static
5825
-int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
5826
-			void __user *buffer, size_t *lenp, loff_t *ppos)
6191
+static int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
6192
+		void *buffer, size_t *lenp, loff_t *ppos)
5827
6193
 {
5828
6194
 	struct inet6_dev *idev = ctl->extra1;
5829
6195
 	int min_mtu = IPV6_MIN_MTU;
..
..
@@ -5893,9 +6259,8 @@
5893
6259
 	return 0;
5894
6260
 }
5895
6261
 
5896
-static
5897
-int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
5898
-			    void __user *buffer, size_t *lenp, loff_t *ppos)
6262
+static int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
6263
+		void *buffer, size_t *lenp, loff_t *ppos)
5899
6264
 {
5900
6265
 	int *valp = ctl->data;
5901
6266
 	int val = *valp;
..
..
@@ -5919,9 +6284,8 @@
5919
6284
 	return ret;
5920
6285
 }
5921
6286
 
5922
-static
5923
-int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
5924
-			      void __user *buffer, size_t *lenp, loff_t *ppos)
6287
+static int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
6288
+		void *buffer, size_t *lenp, loff_t *ppos)
5925
6289
 {
5926
6290
 	int *valp = ctl->data;
5927
6291
 	int ret;
..
..
@@ -5962,7 +6326,7 @@
5962
6326
 }
5963
6327
 
5964
6328
 static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
5965
-					 void __user *buffer, size_t *lenp,
6329
+					 void *buffer, size_t *lenp,
5966
6330
 					 loff_t *ppos)
5967
6331
 {
5968
6332
 	int ret = 0;
..
..
@@ -6024,7 +6388,7 @@
6024
6388
 }
6025
6389
 
6026
6390
 static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
6027
-					 void __user *buffer, size_t *lenp,
6391
+					 void *buffer, size_t *lenp,
6028
6392
 					 loff_t *ppos)
6029
6393
 {
6030
6394
 	int err;
..
..
@@ -6091,8 +6455,7 @@
6091
6455
 
6092
6456
 static
6093
6457
 int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
6094
-						int write,
6095
-						void __user *buffer,
6458
+						int write, void *buffer,
6096
6459
 						size_t *lenp,
6097
6460
 						loff_t *ppos)
6098
6461
 {
..
..
@@ -6137,16 +6500,17 @@
6137
6500
 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
6138
6501
 		spin_lock(&ifa->lock);
6139
6502
 		if (ifa->rt) {
6140
-			struct fib6_info *rt = ifa->rt;
6503
+			/* host routes only use builtin fib6_nh */
6504
+			struct fib6_nh *nh = ifa->rt->fib6_nh;
6141
6505
 			int cpu;
6142
6506
 
6143
6507
 			rcu_read_lock();
6144
6508
 			ifa->rt->dst_nopolicy = val ? true : false;
6145
-			if (rt->rt6i_pcpu) {
6509
+			if (nh->rt6i_pcpu) {
6146
6510
 				for_each_possible_cpu(cpu) {
6147
6511
 					struct rt6_info **rtp;
6148
6512
 
6149
-					rtp = per_cpu_ptr(rt->rt6i_pcpu, cpu);
6513
+					rtp = per_cpu_ptr(nh->rt6i_pcpu, cpu);
6150
6514
 					addrconf_set_nopolicy(*rtp, val);
6151
6515
 				}
6152
6516
 			}
..
..
@@ -6191,10 +6555,8 @@
6191
6555
 	return 0;
6192
6556
 }
6193
6557
 
6194
-static
6195
-int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
6196
-				   void __user *buffer, size_t *lenp,
6197
-				   loff_t *ppos)
6558
+static int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
6559
+				   void *buffer, size_t *lenp, loff_t *ppos)
6198
6560
 {
6199
6561
 	int *valp = ctl->data;
6200
6562
 	int val = *valp;
..
..
@@ -6216,8 +6578,6 @@
6216
6578
 }
6217
6579
 
6218
6580
 static int minus_one = -1;
6219
-static const int zero = 0;
6220
-static const int one = 1;
6221
6581
 static const int two_five_five = 255;
6222
6582
 
6223
6583
 static const struct ctl_table addrconf_sysctl[] = {
..
..
@@ -6234,7 +6594,7 @@
6234
6594
 		.maxlen		= sizeof(int),
6235
6595
 		.mode		= 0644,
6236
6596
 		.proc_handler	= proc_dointvec_minmax,
6237
-		.extra1		= (void *)&one,
6597
+		.extra1		= (void *)SYSCTL_ONE,
6238
6598
 		.extra2		= (void *)&two_five_five,
6239
6599
 	},
6240
6600
 	{
..
..
@@ -6600,8 +6960,15 @@
6600
6960
 		.maxlen		= sizeof(int),
6601
6961
 		.mode		= 0644,
6602
6962
 		.proc_handler	= proc_dointvec_minmax,
6603
-		.extra1		= (void *)&zero,
6963
+		.extra1		= (void *)SYSCTL_ZERO,
6604
6964
 		.extra2		= (void *)&two_five_five,
6965
+	},
6966
+	{
6967
+		.procname	= "rpl_seg_enabled",
6968
+		.data		= &ipv6_devconf.rpl_seg_enabled,
6969
+		.maxlen		= sizeof(int),
6970
+		.mode		= 0644,
6971
+		.proc_handler	= proc_dointvec,
6605
6972
 	},
6606
6973
 	{
6607
6974
 		/* sentinel */
..
..
@@ -6710,6 +7077,28 @@
6710
7077
 	dflt = kmemdup(&ipv6_devconf_dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL);
6711
7078
 	if (!dflt)
6712
7079
 		goto err_alloc_dflt;
7080
+
7081
+	if (!net_eq(net, &init_net)) {
7082
+		switch (net_inherit_devconf()) {
7083
+		case 1:  /* copy from init_net */
7084
+			memcpy(all, init_net.ipv6.devconf_all,
7085
+			       sizeof(ipv6_devconf));
7086
+			memcpy(dflt, init_net.ipv6.devconf_dflt,
7087
+			       sizeof(ipv6_devconf_dflt));
7088
+			break;
7089
+		case 3: /* copy from the current netns */
7090
+			memcpy(all, current->nsproxy->net_ns->ipv6.devconf_all,
7091
+			       sizeof(ipv6_devconf));
7092
+			memcpy(dflt,
7093
+			       current->nsproxy->net_ns->ipv6.devconf_dflt,
7094
+			       sizeof(ipv6_devconf_dflt));
7095
+			break;
7096
+		case 0:
7097
+		case 2:
7098
+			/* use compiled values */
7099
+			break;
7100
+		}
7101
+	}
6713
7102
 
6714
7103
 	/* these will be inherited by all namespaces */
6715
7104
 	dflt->autoconf = ipv6_defaults.autoconf;
..
..
@@ -6900,9 +7289,9 @@
6900
7289
 	for_each_netdev(&init_net, dev) {
6901
7290
 		if (__in6_dev_get(dev) == NULL)
6902
7291
 			continue;
6903
-		addrconf_ifdown(dev, 1);
7292
+		addrconf_ifdown(dev, true);
6904
7293
 	}
6905
-	addrconf_ifdown(init_net.loopback_dev, 2);
7294
+	addrconf_ifdown(init_net.loopback_dev, true);
6906
7295
 
6907
7296
 	/*
6908
7297
 	 *	Check hash table.