2ea2352ede
Cached routes should only be created by the system when receiving pmtu
discovery or ip redirect msg. Users should not be allowed to create
cached routes.
Furthermore, after the patch series to move cached routes into exception
table, user added cached routes will trigger the following warning in
fib6_add():
WARNING: CPU: 0 PID: 2985 at net/ipv6/ip6_fib.c:1137
fib6_add+0x20d9/0x2c10 net/ipv6/ip6_fib.c:1137
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2985 Comm: syzkaller320388 Not tainted 4.14.0-rc3+ #74
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
panic+0x1e4/0x417 kernel/panic.c:181
__warn+0x1c4/0x1d9 kernel/panic.c:542
report_bug+0x211/0x2d0 lib/bug.c:183
fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:178
do_trap_no_signal arch/x86/kernel/traps.c:212 [inline]
do_trap+0x260/0x390 arch/x86/kernel/traps.c:261
do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:298
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:311
invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:905
RIP: 0010:fib6_add+0x20d9/0x2c10 net/ipv6/ip6_fib.c:1137
RSP: 0018:ffff8801cf09f6a0 EFLAGS: 00010297
RAX: ffff8801ce45e340 RBX: 1ffff10039e13eec RCX: ffff8801d749c814
RDX: 0000000000000000 RSI: ffff8801d749c700 RDI: ffff8801d749c780
RBP: ffff8801cf09fa08 R08: 0000000000000000 R09: ffff8801cf09f360
R10: ffff8801cf09f2d8 R11: 1ffff10039c8befb R12: 0000000000000001
R13: dffffc0000000000 R14: ffff8801d749c700 R15: ffffffff860655c0
__ip6_ins_rt+0x6c/0x90 net/ipv6/route.c:1011
ip6_route_add+0x148/0x1a0 net/ipv6/route.c:2782
ipv6_route_ioctl+0x4d5/0x690 net/ipv6/route.c:3291
inet6_ioctl+0xef/0x1e0 net/ipv6/af_inet6.c:521
sock_do_ioctl+0x65/0xb0 net/socket.c:961
sock_ioctl+0x2c2/0x440 net/socket.c:1058
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
So we fix this by failing the attemp to add cached routes from userspace
with returning EINVAL error.
Fixes: 2b760fcf5c ("ipv6: hook up exception table to store dst cache")
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
64 lines
1.8 KiB
C
64 lines
1.8 KiB
C
/*
|
|
* Linux INET6 implementation
|
|
*
|
|
* Authors:
|
|
* Pedro Roque <roque@di.fc.ul.pt>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _UAPI_LINUX_IPV6_ROUTE_H
|
|
#define _UAPI_LINUX_IPV6_ROUTE_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/in6.h> /* For struct in6_addr. */
|
|
|
|
#define RTF_DEFAULT 0x00010000 /* default - learned via ND */
|
|
#define RTF_ALLONLINK 0x00020000 /* (deprecated and will be removed)
|
|
fallback, no routers on link */
|
|
#define RTF_ADDRCONF 0x00040000 /* addrconf route - RA */
|
|
#define RTF_PREFIX_RT 0x00080000 /* A prefix only route - RA */
|
|
#define RTF_ANYCAST 0x00100000 /* Anycast */
|
|
|
|
#define RTF_NONEXTHOP 0x00200000 /* route with no nexthop */
|
|
#define RTF_EXPIRES 0x00400000
|
|
|
|
#define RTF_ROUTEINFO 0x00800000 /* route information - RA */
|
|
|
|
#define RTF_CACHE 0x01000000 /* read-only: can not be set by user */
|
|
#define RTF_FLOW 0x02000000 /* flow significant route */
|
|
#define RTF_POLICY 0x04000000 /* policy route */
|
|
|
|
#define RTF_PREF(pref) ((pref) << 27)
|
|
#define RTF_PREF_MASK 0x18000000
|
|
|
|
#define RTF_PCPU 0x40000000 /* read-only: can not be set by user */
|
|
#define RTF_LOCAL 0x80000000
|
|
|
|
|
|
struct in6_rtmsg {
|
|
struct in6_addr rtmsg_dst;
|
|
struct in6_addr rtmsg_src;
|
|
struct in6_addr rtmsg_gateway;
|
|
__u32 rtmsg_type;
|
|
__u16 rtmsg_dst_len;
|
|
__u16 rtmsg_src_len;
|
|
__u32 rtmsg_metric;
|
|
unsigned long rtmsg_info;
|
|
__u32 rtmsg_flags;
|
|
int rtmsg_ifindex;
|
|
};
|
|
|
|
#define RTMSG_NEWDEVICE 0x11
|
|
#define RTMSG_DELDEVICE 0x12
|
|
#define RTMSG_NEWROUTE 0x21
|
|
#define RTMSG_DELROUTE 0x22
|
|
|
|
#define IP6_RT_PRIO_USER 1024
|
|
#define IP6_RT_PRIO_ADDRCONF 256
|
|
|
|
#endif /* _UAPI_LINUX_IPV6_ROUTE_H */
|