• Maciej Żenczykowski's avatar
    net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() · 630e4576
    Maciej Żenczykowski authored
    Found by virtue of ipv6 raw sockets not honouring the per-socket
    IP{,V6}_FREEBIND setting.
    
    Based on hits found via:
      git grep '[.]ip_nonlocal_bind'
    We fix both raw ipv6 sockets to honour IP{,V6}_FREEBIND and IP{,V6}_TRANSPARENT,
    and we fix sctp sockets to honour IP{,V6}_TRANSPARENT (they already honoured
    FREEBIND), and not just the ipv6 'ip_nonlocal_bind' sysctl.
    
    The helper is defined as:
      static inline bool ipv6_can_nonlocal_bind(struct net *net, struct inet_sock *inet) {
        return net->ipv6.sysctl.ip_nonlocal_bind || inet->freebind || inet->transparent;
      }
    so this change only widens the accepted opt-outs and is thus a clean bugfix.
    
    I'm not entirely sure what 'fixes' tag to add, since this is AFAICT an ancient bug,
    but IMHO this should be applied to stable kernels as far back as possible.
    As such I'm adding a 'fixes' tag with the commit that originally added the helper,
    which happened in 4.19.  Backporting to older LTS kernels (at least 4.9 and 4.14)
    would presumably require open-coding it or backporting the helper as well.
    
    Other possibly relevant commits:
      v4.18-rc6-1502-g83ba4645 net: add helpers checking if socket can be bound to nonlocal address
      v4.18-rc6-1431-gd0c1f011 net/ipv6: allow any source address for sendmsg pktinfo with ip_nonlocal_bind
      v4.14-rc5-271-gb71d21c2 sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND
      v4.7-rc7-1883-g9b974202 sctp: support ipv6 nonlocal bind
      v4.1-12247-g35a256fe ipv6: Nonlocal bind
    
    Cc: Lorenzo Colitti <lorenzo@google.com>
    Fixes: 83ba4645 ("net: add helpers checking if socket can be bound to nonlocal address")
    Signed-off-by: default avatarMaciej Żenczykowski <maze@google.com>
    Reviewed-By: default avatarLorenzo Colitti <lorenzo@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    630e4576
ipv6.c 30.7 KB