From patchwork Tue Mar 27 17:11:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Bianconi X-Patchwork-Id: 891729 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 409cxT1V8Rz9s08 for ; Wed, 28 Mar 2018 04:11:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754668AbeC0RLi (ORCPT ); Tue, 27 Mar 2018 13:11:38 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:54988 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750753AbeC0RLg (ORCPT ); Tue, 27 Mar 2018 13:11:36 -0400 Received: by mail-wm0-f67.google.com with SMTP id h76so171968wme.4 for ; Tue, 27 Mar 2018 10:11:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=B3EC92M2axPdI5lAHvj7ht21yBH4EnMf14XrKI1UhY0=; b=OV1hs4K2DOiGS/aRIAPctMvys4AhE/R4wjhvl4+MMHR2ffK7qB1mltFT9yNQpR+NCz fbbxqiNHnj8suGR1WSIvJzHOIx2Okp/No5e6aREPuiXeBlXo3ZZGhbdcJ1DI9eL5AvhG lb/4GsQuJmUgwj8Ye3QHtXwKQUWYKBWWHesMoSld/1TB3dBGIRsX/etrn8YjOHOuRmHu 30e86FgCF6V0QN3x+ztBTbLzANC0yLnKkhcc8Lai+mDsAV2IQ+zZtw5zDdmVROim7RQQ L7mgSnMoGV8eug7paA1rTLB8XHXZYvz8Zazch7IviOscMly0UpY3fRXiH7dxAo0wdhzS 7iHg== X-Gm-Message-State: AElRT7F74e97wJynp0QxadYauUC/LTxT86nua2ltrJvGjDfMBTI6UjST a6bmUhVbdV9i7158+y/MCj+O7W9sr3A= X-Google-Smtp-Source: AIpwx4+Li4tPZMWppaN2g0bTj6iBqPSJg1K+y/1YJB2g+LoIuvIHMhwM4IPWTfjhqT2L/G5mOvh6Ow== X-Received: by 10.28.170.205 with SMTP id t196mr103774wme.42.1522170695016; Tue, 27 Mar 2018 10:11:35 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-mxp-t.redhat.com. [149.6.153.186]) by smtp.gmail.com with ESMTPSA id g186sm2242444wmd.41.2018.03.27.10.11.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 27 Mar 2018 10:11:34 -0700 (PDT) From: Lorenzo Bianconi To: davem@davemloft.net Cc: netdev@vger.kernel.org Subject: [PATCH net-next 1/2] ipv6: do not set routes if disable_ipv6 has been enabled Date: Tue, 27 Mar 2018 19:11:25 +0200 Message-Id: <3635f139e31e1c28803ed6d76743c8d8da2c2d3d.1522166051.git.lorenzo.bianconi@redhat.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Do not allow to set ipv6 routes from userspace if disable_ipv6 has been enabled. The issue can be triggered using the following reproducer: - sysctl net.ipv6.conf.all.disable_ipv6=1 - ip -6 route add a:b:c:d::/64 dev em1 - ip -6 route show a:b:c:d::/64 dev em1 metric 1024 pref medium Fix it checking disable_ipv6 value in ip6_route_info_create routine Signed-off-by: Lorenzo Bianconi --- net/ipv6/route.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 1d0eaa69874d..672fd7fdb037 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2917,6 +2917,11 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg, if (!dev) goto out; + if (idev->cnf.disable_ipv6) { + err = -EACCES; + goto out; + } + if (!(dev->flags & IFF_UP)) { NL_SET_ERR_MSG(extack, "Nexthop device is not up"); err = -ENETDOWN;