From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
David Ahern <dsahern@kernel.org>
Cc: Joanne Koong <joannelkoong@gmail.com>,
Kuniyuki Iwashima <kuniyu@amazon.com>,
Kuniyuki Iwashima <kuni1840@gmail.com>, <netdev@vger.kernel.org>,
Andrei Vagin <avagin@google.com>
Subject: [PATCH v2 net 2/6] tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
Date: Mon, 11 Sep 2023 11:36:56 -0700 [thread overview]
Message-ID: <20230911183700.60878-3-kuniyu@amazon.com> (raw)
In-Reply-To: <20230911183700.60878-1-kuniyu@amazon.com>
Andrei Vagin reported bind() regression with strace logs.
If we bind() a TCPv6 socket to ::FFFF:0.0.0.0 and then bind() a TCPv4
socket to 127.0.0.1, the 2nd bind() should fail but now succeeds.
from socket import *
s1 = socket(AF_INET6, SOCK_STREAM)
s1.bind(('::ffff:0.0.0.0', 0))
s2 = socket(AF_INET, SOCK_STREAM)
s2.bind(('127.0.0.1', s1.getsockname()[1]))
During the 2nd bind(), if tb->family is AF_INET6 and sk->sk_family is
AF_INET in inet_bind2_bucket_match_addr_any(), we still need to check
if tb has the v4-mapped-v6 wildcard address.
The example above does not work after commit 5456262d2baa ("net: Fix
incorrect address comparison when searching for a bind2 bucket"), but
the blamed change is not the commit.
Before the commit, the leading zeros of ::FFFF:0.0.0.0 were treated
as 0.0.0.0, and the sequence above worked by chance. Technically, this
case has been broken since bhash2 was introduced.
Note that if we bind() two sockets to 127.0.0.1 and then ::FFFF:0.0.0.0,
the 2nd bind() fails properly because we fall back to using bhash to
detect conflicts for the v4-mapped-v6 address.
Fixes: 28044fc1d495 ("net: Add a bhash2 table hashed by port and address")
Reported-by: Andrei Vagin <avagin@google.com>
Closes: https://lore.kernel.org/netdev/ZPuYBOFC8zsK6r9T@google.com/
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
include/net/ipv6.h | 5 +++++
net/ipv4/inet_hashtables.c | 3 ++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 0675be0f3fa0..56d8217ea6cf 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -784,6 +784,11 @@ static inline bool ipv6_addr_v4mapped(const struct in6_addr *a)
cpu_to_be32(0x0000ffff))) == 0UL;
}
+static inline bool ipv6_addr_v4mapped_any(const struct in6_addr *a)
+{
+ return ipv6_addr_v4mapped(a) && ipv4_is_zeronet(a->s6_addr32[3]);
+}
+
static inline bool ipv6_addr_v4mapped_loopback(const struct in6_addr *a)
{
return ipv6_addr_v4mapped(a) && ipv4_is_loopback(a->s6_addr32[3]);
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 5c54f2804174..a58b04052ca6 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -839,7 +839,8 @@ bool inet_bind2_bucket_match_addr_any(const struct inet_bind2_bucket *tb, const
#if IS_ENABLED(CONFIG_IPV6)
if (sk->sk_family != tb->family) {
if (sk->sk_family == AF_INET)
- return ipv6_addr_any(&tb->v6_rcv_saddr);
+ return ipv6_addr_any(&tb->v6_rcv_saddr) ||
+ ipv6_addr_v4mapped_any(&tb->v6_rcv_saddr);
return false;
}
--
2.30.2
next prev parent reply other threads:[~2023-09-11 18:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-11 18:36 [PATCH v2 net 0/6] tcp: Fix bind() regression for v4-mapped-v6 address Kuniyuki Iwashima
2023-09-11 18:36 ` [PATCH v2 net 1/6] tcp: Factorise sk_family-independent comparison in inet_bind2_bucket_match(_addr_any) Kuniyuki Iwashima
2023-09-12 4:48 ` Eric Dumazet
2023-09-11 18:36 ` Kuniyuki Iwashima [this message]
2023-09-12 4:58 ` [PATCH v2 net 2/6] tcp: Fix bind() regression for v4-mapped-v6 wildcard address Eric Dumazet
2023-09-11 18:36 ` [PATCH v2 net 3/6] tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address Kuniyuki Iwashima
2023-09-12 4:59 ` Eric Dumazet
2023-09-12 7:25 ` Andrei Vagin
2023-09-12 7:59 ` Kuniyuki Iwashima
2023-09-12 14:29 ` Andrei Vagin
2023-09-11 18:36 ` [PATCH v2 net 4/6] selftest: tcp: Fix address length in bind_wildcard.c Kuniyuki Iwashima
2023-09-11 18:36 ` [PATCH v2 net 5/6] selftest: tcp: Move expected_errno into each test case " Kuniyuki Iwashima
2023-09-11 18:37 ` [PATCH v2 net 6/6] selftest: tcp: Add v4-mapped-v6 cases " Kuniyuki Iwashima
2023-09-11 18:54 ` [PATCH v2 net 0/6] tcp: Fix bind() regression for v4-mapped-v6 address Martin KaFai Lau
2023-09-13 6:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230911183700.60878-3-kuniyu@amazon.com \
--to=kuniyu@amazon.com \
--cc=avagin@google.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=joannelkoong@gmail.com \
--cc=kuba@kernel.org \
--cc=kuni1840@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).