Commit 3bc179bc authored by Breno Leitao's avatar Breno Leitao Committed by Jakub Kicinski
Browse files

netpoll: fix IPv6 local-address corruption 



netpoll_setup() decides whether to auto-populate the local source
address by testing np->local_ip.ip, which only inspects the first 4
bytes of the union inet_addr storage.

For an IPv6 netpoll whose caller-supplied local address has a zero
high-32 bits (::1, ::<suffix>, IPv4-mapped ::ffff:a.b.c.d, etc.), this
misdetects the address as unset (which they are not, but the first
4 bytes are empty), calls netpoll_take_ipv6() and overwrites it with
whatever matching link-local/global address the device happens to expose
first.

Introduce a helper netpoll_local_ip_unset() that picks the correct
family-aware test (ipv6_addr_any() for IPv6, !.ip for IPv4) and use it
from netpoll_setup().

Reproducer is something like:

  echo "::2" > local_ip
  echo 1     > enabled
  cat local_ip
  # before this fix: 2001:db8::1   (caller-supplied ::2 was clobbered)
  # after  this fix: ::2

Fixes: b7394d24 ("netpoll: prepare for ipv6")
Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
Link: https://patch.msgid.link/20260424-netpoll_fix-v1-1-3a55348c625f@debian.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 2b9f6f70

net/core/netpoll.c

+18 −1
Original line number Diff line number Diff line
@@ -704,6 +704,23 @@ static int netpoll_take_ipv4(struct netpoll *np, struct net_device *ndev) 
	return 0;

}



/*

 * Test whether the caller left np->local_ip unset, so that

 * netpoll_setup() should auto-populate it from the egress device.

 *

 * np->local_ip is a union of __be32 (IPv4) and struct in6_addr (IPv6),

 * so an IPv6 address whose first 4 bytes are zero (e.g. ::1, ::2,

 * IPv4-mapped ::ffff:a.b.c.d) must not be tested via the IPv4 arm —

 * doing so would misclassify a caller-supplied address as unset and

 * silently overwrite it with whatever address the device exposes.

 */

static bool netpoll_local_ip_unset(const struct netpoll *np)

{

	if (np->ipv6)

		return ipv6_addr_any(&np->local_ip.in6);

	return !np->local_ip.ip;

}



int netpoll_setup(struct netpoll *np)

{

	struct net *net = current->nsproxy->net_ns;
@@ -747,7 +764,7 @@ int netpoll_setup(struct netpoll *np) 
		rtnl_lock();

	}



	if (!np->local_ip.ip) {

	if (netpoll_local_ip_unset(np)) {

		if (!np->ipv6) {

			err = netpoll_take_ipv4(np, ndev);

			if (err)