From: Greg Kroah-Hartman Date: Tue, 31 Mar 2026 16:06:54 +0000 (+0200) Subject: 6.6-stable patches X-Git-Tag: v6.6.131~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0761e9952bc2c6d261f1863bdb98a121d44a2ef;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: tcp-fix-bind-regression-for-v6-only-wildcard-and-v4-mapped-v6-non-wildcard-addresses.patch --- diff --git a/queue-6.6/series b/queue-6.6/series index 743e2bf288..10ca982dfd 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -172,3 +172,4 @@ btrfs-fix-lost-error-when-running-device-stats-on-mu.patch dmaengine-idxd-remove-usage-of-the-deprecated-ida_si.patch dmaengine-idxd-fix-freeing-the-allocated-ida-too-lat.patch futex-clear-stale-exiting-pointer-in-futex_lock_pi-retry-path.patch +tcp-fix-bind-regression-for-v6-only-wildcard-and-v4-mapped-v6-non-wildcard-addresses.patch diff --git a/queue-6.6/tcp-fix-bind-regression-for-v6-only-wildcard-and-v4-mapped-v6-non-wildcard-addresses.patch b/queue-6.6/tcp-fix-bind-regression-for-v6-only-wildcard-and-v4-mapped-v6-non-wildcard-addresses.patch new file mode 100644 index 0000000000..55ab31a03b --- /dev/null +++ b/queue-6.6/tcp-fix-bind-regression-for-v6-only-wildcard-and-v4-mapped-v6-non-wildcard-addresses.patch @@ -0,0 +1,73 @@ +From ea111449501ea32bf6da82750de860243691efc7 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Tue, 26 Mar 2024 13:42:44 -0700 +Subject: tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. + +From: Kuniyuki Iwashima + +commit ea111449501ea32bf6da82750de860243691efc7 upstream. + +Commit 5e07e672412b ("tcp: Use bhash2 for v4-mapped-v6 non-wildcard +address.") introduced bind() regression for v4-mapped-v6 address. + +When we bind() the following two addresses on the same port, the 2nd +bind() should succeed but fails now. + + 1. [::] w/ IPV6_ONLY + 2. ::ffff:127.0.0.1 + +After the chagne, v4-mapped-v6 uses bhash2 instead of bhash to +detect conflict faster, but I forgot to add a necessary change. + +During the 2nd bind(), inet_bind2_bucket_match_addr_any() returns +the tb2 bucket of [::], and inet_bhash2_conflict() finally calls +inet_bind_conflict(), which returns true, meaning conflict. + + inet_bhash2_addr_any_conflict + |- inet_bind2_bucket_match_addr_any <-- return [::] bucket + `- inet_bhash2_conflict + `- __inet_bhash2_conflict <-- checks IPV6_ONLY for AF_INET + | but not for v4-mapped-v6 address + `- inet_bind_conflict <-- does not check address + +inet_bind_conflict() does not check socket addresses because +__inet_bhash2_conflict() is expected to do so. + +However, it checks IPV6_V6ONLY attribute only against AF_INET +socket, and not for v4-mapped-v6 address. + +As a result, v4-mapped-v6 address conflicts with v6-only wildcard +address. + +To avoid that, let's add the missing test to use bhash2 for +v4-mapped-v6 address. + +Fixes: 5e07e672412b ("tcp: Use bhash2 for v4-mapped-v6 non-wildcard address.") +Signed-off-by: Kuniyuki Iwashima +Link: https://lore.kernel.org/r/20240326204251.51301-2-kuniyu@amazon.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/inet_connection_sock.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/net/ipv4/inet_connection_sock.c ++++ b/net/ipv4/inet_connection_sock.c +@@ -185,8 +185,15 @@ static bool __inet_bhash2_conflict(const + kuid_t sk_uid, bool relax, + bool reuseport_cb_ok, bool reuseport_ok) + { +- if (sk->sk_family == AF_INET && ipv6_only_sock(sk2)) +- return false; ++ if (ipv6_only_sock(sk2)) { ++ if (sk->sk_family == AF_INET) ++ return false; ++ ++#if IS_ENABLED(CONFIG_IPV6) ++ if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) ++ return false; ++#endif ++ } + + return inet_bind_conflict(sk, sk2, sk_uid, relax, + reuseport_cb_ok, reuseport_ok);