Patch "tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address." has been added to the 6.5-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 16 Sep 2023 22:42:10 -0400

This is a note to let you know that I've just added the patch titled

    tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.

to the 6.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tcp-fix-bind-regression-for-v4-mapped-v6-non-wildcar.patch
and it can be found in the queue-6.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit b75efcdb69d85d6771222677378b07791943247e
Author: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Date:   Mon Sep 11 11:36:57 2023 -0700

    tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
    
    [ Upstream commit c48ef9c4aed3632566b57ba66cec6ec78624d4cb ]
    
    Since bhash2 was introduced, the example below does not work as expected.
    These two bind() should conflict, but the 2nd bind() now succeeds.
    
      from socket import *
    
      s1 = socket(AF_INET6, SOCK_STREAM)
      s1.bind(('::ffff:127.0.0.1', 0))
    
      s2 = socket(AF_INET, SOCK_STREAM)
      s2.bind(('127.0.0.1', s1.getsockname()[1]))
    
    During the 2nd bind() in inet_csk_get_port(), inet_bind2_bucket_find()
    fails to find the 1st socket's tb2, so inet_bind2_bucket_create() allocates
    a new tb2 for the 2nd socket.  Then, we call inet_csk_bind_conflict() that
    checks conflicts in the new tb2 by inet_bhash2_conflict().  However, the
    new tb2 does not include the 1st socket, thus the bind() finally succeeds.
    
    In this case, inet_bind2_bucket_match() must check if AF_INET6 tb2 has
    the conflicting v4-mapped-v6 address so that inet_bind2_bucket_find()
    returns the 1st socket's tb2.
    
    Note that if we bind two sockets to 127.0.0.1 and then ::FFFF:127.0.0.1,
    the 2nd bind() fails properly for the same reason mentinoed in the previous
    commit.
    
    Fixes: 28044fc1d495 ("net: Add a bhash2 table hashed by port and address")
    Signed-off-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
    Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
    Acked-by: Andrei Vagin <avagin@xxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index fb13a28577b01..ae5e786a0598d 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -800,8 +800,13 @@ static bool inet_bind2_bucket_match(const struct inet_bind2_bucket *tb,
 		return false;
 
 #if IS_ENABLED(CONFIG_IPV6)
-	if (sk->sk_family != tb->family)
+	if (sk->sk_family != tb->family) {
+		if (sk->sk_family == AF_INET)
+			return ipv6_addr_v4mapped(&tb->v6_rcv_saddr) &&
+				tb->v6_rcv_saddr.s6_addr32[3] == sk->sk_rcv_saddr;
+
 		return false;
+	}
 
 	if (sk->sk_family == AF_INET6)
 		return ipv6_addr_equal(&tb->v6_rcv_saddr, &sk->sk_v6_rcv_saddr);






