linux/net
Wei Wang 2ea2352ede ipv6: prevent user from adding cached routes
Cached routes should only be created by the system when receiving pmtu
discovery or ip redirect msg. Users should not be allowed to create
cached routes.

Furthermore, after the patch series to move cached routes into exception
table, user added cached routes will trigger the following warning in
fib6_add():

WARNING: CPU: 0 PID: 2985 at net/ipv6/ip6_fib.c:1137
fib6_add+0x20d9/0x2c10 net/ipv6/ip6_fib.c:1137
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 2985 Comm: syzkaller320388 Not tainted 4.14.0-rc3+ #74
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 panic+0x1e4/0x417 kernel/panic.c:181
 __warn+0x1c4/0x1d9 kernel/panic.c:542
 report_bug+0x211/0x2d0 lib/bug.c:183
 fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:178
 do_trap_no_signal arch/x86/kernel/traps.c:212 [inline]
 do_trap+0x260/0x390 arch/x86/kernel/traps.c:261
 do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:298
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:311
 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:905
RIP: 0010:fib6_add+0x20d9/0x2c10 net/ipv6/ip6_fib.c:1137
RSP: 0018:ffff8801cf09f6a0 EFLAGS: 00010297
RAX: ffff8801ce45e340 RBX: 1ffff10039e13eec RCX: ffff8801d749c814
RDX: 0000000000000000 RSI: ffff8801d749c700 RDI: ffff8801d749c780
RBP: ffff8801cf09fa08 R08: 0000000000000000 R09: ffff8801cf09f360
R10: ffff8801cf09f2d8 R11: 1ffff10039c8befb R12: 0000000000000001
R13: dffffc0000000000 R14: ffff8801d749c700 R15: ffffffff860655c0
 __ip6_ins_rt+0x6c/0x90 net/ipv6/route.c:1011
 ip6_route_add+0x148/0x1a0 net/ipv6/route.c:2782
 ipv6_route_ioctl+0x4d5/0x690 net/ipv6/route.c:3291
 inet6_ioctl+0xef/0x1e0 net/ipv6/af_inet6.c:521
 sock_do_ioctl+0x65/0xb0 net/socket.c:961
 sock_ioctl+0x2c2/0x440 net/socket.c:1058
 vfs_ioctl fs/ioctl.c:45 [inline]
 do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
 SYSC_ioctl fs/ioctl.c:700 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
 entry_SYSCALL_64_fastpath+0x1f/0xbe

So we fix this by failing the attemp to add cached routes from userspace
with returning EINVAL error.

Fixes: 2b760fcf5c ("ipv6: hook up exception table to store dst cache")
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-29 12:18:58 +09:00
..
6lowpan
9p net/9p: switch p9_fd_read to kernel_write 2017-09-04 19:05:16 -04:00
802
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-05 18:19:22 -07:00
appletalk
atm net: atm/mpc: Stop using open-coded timer .data field 2017-10-25 13:07:37 +09:00
ax25 net: ax25: Convert timers to use timer_setup() 2017-10-25 12:03:56 +09:00
batman-adv batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation 2017-10-17 08:09:47 +02:00
bluetooth Bluetooth: Fix compiler warning with selftest duration calculation 2017-10-06 21:49:13 +03:00
bpf bpf: add meta pointer for direct access 2017-09-26 13:36:44 -07:00
bridge bridge: vlan: signal if anything changed on vlan add 2017-10-29 11:03:43 +09:00
caif
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-22 13:39:14 +01:00
ceph libceph: don't allow bidirectional swap of pg-upmap-items 2017-09-19 20:34:29 +02:00
core bonding: remove rtmsg_ifinfo called after bond_lower_state_changed 2017-10-25 10:54:39 +09:00
dcb
dccp net: dccp: Convert timers to use timer_setup() 2017-10-25 12:59:19 +09:00
decnet decnet: af_decnet: mark expected switch fall-throughs 2017-10-18 14:10:29 +01:00
dns_resolver KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
dsa net: dsa: move fixed link registration helpers 2017-10-28 18:50:12 +09:00
ethernet
hsr net: hsr: Convert timers to use timer_setup() 2017-10-25 13:00:27 +09:00
ieee802154 Merge remote-tracking branch 'net-next/master' 2017-10-18 17:40:18 +02:00
ife
ipv4 tcp: Remove "linux/unaligned/access_ok.h" include. 2017-10-29 11:14:08 +09:00
ipv6 ipv6: prevent user from adding cached routes 2017-10-29 12:18:58 +09:00
ipx net: ipx: mark expected switch fall-through 2017-10-18 14:13:08 +01:00
iucv
kcm kcm: Remove redundant unlikely() 2017-09-26 09:54:06 -07:00
key
l2tp l2tp: initialise PPP sessions before registering them 2017-10-29 11:16:22 +09:00
l3mdev
lapb net/lapb: Convert timers to use timer_setup() 2017-10-18 12:39:36 +01:00
llc net: LLC: Convert timers to use timer_setup() 2017-10-25 12:06:25 +09:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-22 13:39:14 +01:00
mac802154 mac802154: Fix MAC header and payload encrypted 2017-09-20 13:37:16 +02:00
mpls ip_tunnel: fix building with NET_IP_TUNNEL=m 2017-10-12 12:21:11 -07:00
ncsi net/ncsi: Fix length of GVI response packet 2017-10-21 01:56:38 +01:00
netfilter bpf: Add file mode configuration into bpf maps 2017-10-20 13:32:59 +01:00
netlabel
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-22 13:39:14 +01:00
netrom net: netrom: nr_in: mark expected switch fall-through 2017-10-22 02:00:33 +01:00
nfc net: nfc: llcp_core: use setup_timer() helper. 2017-09-25 13:19:20 -07:00
nsh nsh: add GSO support 2017-08-29 15:16:52 -07:00
openvswitch openvswitch: conntrack: mark expected switch fall-through 2017-10-22 02:01:26 +01:00
packet net: af_packet: Convert timers to use timer_setup() 2017-10-25 13:01:12 +09:00
phonet net: phonet: mark phonet_protocol as const 2017-10-07 23:15:08 +01:00
psample
qrtr net: qrtr: Support decoding incoming v2 packets 2017-10-11 15:28:39 -07:00
rds RDS: IB: Initialize max_items based on underlying device attributes 2017-10-05 21:16:33 -07:00
rfkill
rose net: rose: mark expected switch fall-throughs 2017-10-22 02:02:26 +01:00
rxrpc net: rxrpc: mark expected switch fall-throughs 2017-10-24 18:27:06 +09:00
sched net/sched: Add support for HW offloading for CBS 2017-10-27 09:49:24 -07:00
sctp net: sctp: Convert timers to use timer_setup() 2017-10-25 12:02:09 +09:00
smc smc: add SMC rendezvous protocol 2017-10-26 18:00:29 +09:00
strparser strparser: initialize all callbacks 2017-08-24 21:57:50 -07:00
sunrpc sunrpc: Convert timers to use timer_setup() 2017-10-18 12:40:27 +01:00
switchdev
tipc tipc: fix a dangling pointer 2017-10-26 17:46:53 +09:00
tls tls: make tls_sw_free_resources static 2017-09-14 09:55:21 -07:00
unix net: af_unix: mark expected switch fall-through 2017-10-22 03:07:50 +01:00
vmw_vsock vsock: always call vsock_init_tables() 2017-10-26 17:45:58 +09:00
wimax
wireless Three fixes for the recently added new code: 2017-10-14 18:36:46 -07:00
x25 net: x25: mark expected switch fall-throughs 2017-10-22 03:08:46 +01:00
xfrm xfrm: Convert timers to use timer_setup() 2017-10-18 12:39:37 +01:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
Kconfig net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
Makefile nsh: add GSO support 2017-08-29 15:16:52 -07:00
socket.c
sysctl_net.c