From patchwork Sun Mar 12 23:01:48 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hannes Frederic Sowa <hannes@stressinduktion.org>
X-Patchwork-Id: 737923
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3vhGkf1YPcz9s78
	for <patchwork-incoming@ozlabs.org>;
	Mon, 13 Mar 2017 10:03:22 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=stressinduktion.org
	header.i=@stressinduktion.org header.b="LQfSiKoN";
	dkim=pass (1024-bit key;
	unprotected) header.d=messagingengine.com
	header.i=@messagingengine.com header.b="pywmCMxk";
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S935766AbdCLXDT (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 12 Mar 2017 19:03:19 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:39113 "EHLO
	out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S935571AbdCLXCc (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sun, 12 Mar 2017 19:02:32 -0400
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id 9029220791
	for <netdev@vger.kernel.org>; Sun, 12 Mar 2017 19:02:15 -0400 (EDT)
Received: from frontend2 ([10.202.2.161])
	by compute7.internal (MEProxy); Sun, 12 Mar 2017 19:02:15 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	stressinduktion.org; h=date:from:in-reply-to:message-id
	:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc
	:x-sasl-enc; s=mesmtp; bh=9JtC9orZ3lJqclFVClNB1Ky20WY=; b=LQfSiK
	oNktG241Br2nc+bWt1SRGdC+6zmdohvSuhun91Wodn/p8RCLCiOhQjGiHSG+vpMz
	EjuBhCUMrUW++PwE/jrglZInmgQMRe40CTWAHFtp8NF/2rZPb4tEhXUNFNCoNa2H
	f/22dR7mb1T3L7ew6Hg3CKdsw79BsEJ+xUQks=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=date:from:in-reply-to:message-id
	:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc
	:x-sasl-enc; s=smtpout; bh=9JtC9orZ3lJqclFVClNB1Ky20WY=; b=pywmC
	MxkGohWsyCsXhHX4A3M8O36YMBx1hEOOSIkDiR34QFvRvC+3k9+QQyVf4QeQXXs5
	b4mG+oTGH2p2DkPTsCBH0KM+FtG54OwIw9mqgxO4Ns+8mCFO8eiFofumykhkn189
	THMKo5CANGkKOacqCY/4YZjsFnIwsSJJMgVZOE=
X-ME-Sender: <xms:d9PFWA74ltVhZ1A9TfUeWYNbyckE-y9IkgODM81RztZwJWkAw7tWyw>
X-Sasl-enc: w558C/+Cd5hUJXpCvcysMqI2X8zu2Hbw5N/XbxjJK8K/ 1489359735
Received: from m.localhost.localhost (unknown [213.55.211.72])
	by mail.messagingengine.com (Postfix) with ESMTPA id 0ED41240CF
	for <netdev@vger.kernel.org>; Sun, 12 Mar 2017 19:02:14 -0400 (EDT)
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: netdev@vger.kernel.org
Subject: [PATCH net-next RFC v1 24/27] afnetns: check afnetns user_ns in
	inet6_bind
Date: Mon, 13 Mar 2017 00:01:48 +0100
Message-Id: <20170312230151.5185-25-hannes@stressinduktion.org>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20170312230151.5185-1-hannes@stressinduktion.org>
References: <20170312230151.5185-1-hannes@stressinduktion.org>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
 net/ipv6/af_inet6.c | 40 ++++++++++++++++++++++++++++++++--------
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 30aff01eba5be0..4aa221826e753c 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -273,6 +273,26 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
 	goto out;
 }
 
+static int inet6_allow_bind(struct net *net, struct in6_addr *addr,
+			    unsigned short snum, struct net_device *dev)
+{
+	struct user_namespace *user_ns;
+#if IS_ENABLED(CONFIG_AFNETNS)
+	struct afnetns *afnetns;
+
+	afnetns = ipv6_get_ifaddr_afnetns_rcu(net, addr, dev);
+	user_ns = afnetns ? afnetns->user_ns : net->user_ns;
+#else
+	user_ns = net->user_ns;
+#endif
+
+	if (snum && snum < inet_prot_sock(net) &&
+	    !ns_capable(user_ns, CAP_NET_BIND_SERVICE))
+		return -EADDRNOTAVAIL;
+
+	return 0;
+}
+
 
 /* bind for INET6 API */
 int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
@@ -301,11 +321,6 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	if ((addr_type & IPV6_ADDR_MULTICAST) && sock->type == SOCK_STREAM)
 		return -EINVAL;
 
-	snum = ntohs(addr->sin6_port);
-	if (snum && snum < inet_prot_sock(net) &&
-	    !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
-		return -EACCES;
-
 	lock_sock(sk);
 
 	/* Check these errors (active socket, double bind). */
@@ -314,6 +329,8 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 		goto out;
 	}
 
+	snum = ntohs(addr->sin6_port);
+
 	/* Check if the address belongs to the host. */
 	if (addr_type == IPV6_ADDR_MAPPED) {
 		/* Binding to v4-mapped address on a v6-only socket
@@ -330,10 +347,12 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 		else
 			err = 0;
 	} else {
+		struct net_device *dev = NULL;
+
+		rcu_read_lock();
+
 		if (addr_type != IPV6_ADDR_ANY) {
-			struct net_device *dev = NULL;
 
-			rcu_read_lock();
 			if (__ipv6_addr_needs_scope_id(addr_type)) {
 				if (addr_len >= sizeof(struct sockaddr_in6) &&
 				    addr->sin6_scope_id) {
@@ -371,8 +390,13 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 					goto out_unlock;
 				}
 			}
-			rcu_read_unlock();
 		}
+
+		err = inet6_allow_bind(net, &addr->sin6_addr, snum, dev);
+		if (err)
+			goto out_unlock;
+
+		rcu_read_unlock();
 	}
 
 	inet->inet_rcv_saddr = v4addr;