1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* IPv6 Address [auto]configuration
4	* Linux INET6 implementation
5	*
6	* Authors:
7	* Pedro Roque <roque@di.fc.ul.pt>
8	* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9	*/
10
11	/*
12	* Changes:
13	*
14	* Janos Farkas : delete timer on ifdown
15	* <chexum@bankinf.banki.hu>
16	* Andi Kleen : kill double kfree on module
17	* unload.
18	* Maciej W. Rozycki : FDDI support
19	* sekiya@USAGI : Don't send too many RS
20	* packets.
21	* yoshfuji@USAGI : Fixed interval between DAD
22	* packets.
23	* YOSHIFUJI Hideaki @USAGI : improved accuracy of
24	* address validation timer.
25	* YOSHIFUJI Hideaki @USAGI : Privacy Extensions (RFC3041)
26	* support.
27	* Yuji SEKIYA @USAGI : Don't assign a same IPv6
28	* address on a same interface.
29	* YOSHIFUJI Hideaki @USAGI : ARCnet support
30	* YOSHIFUJI Hideaki @USAGI : convert /proc/net/if_inet6 to
31	* seq_file.
32	* YOSHIFUJI Hideaki @USAGI : improved source address
33	* selection; consider scope,
34	* status etc.
35	*/
36
37	#define pr_fmt(fmt) "IPv6: " fmt
38
39	#include <linux/errno.h>
40	#include <linux/types.h>
41	#include <linux/kernel.h>
42	#include <linux/sched/signal.h>
43	#include <linux/socket.h>
44	#include <linux/sockios.h>
45	#include <linux/net.h>
46	#include <linux/inet.h>
47	#include <linux/in6.h>
48	#include <linux/netdevice.h>
49	#include <linux/if_addr.h>
50	#include <linux/if_arp.h>
51	#include <linux/if_arcnet.h>
52	#include <linux/if_infiniband.h>
53	#include <linux/route.h>
54	#include <linux/inetdevice.h>
55	#include <linux/init.h>
56	#include <linux/slab.h>
57	#ifdef CONFIG_SYSCTL
58	#include <linux/sysctl.h>
59	#endif
60	#include <linux/capability.h>
61	#include <linux/delay.h>
62	#include <linux/notifier.h>
63	#include <linux/string.h>
64	#include <linux/hash.h>
65
66	#include <net/net_namespace.h>
67	#include <net/sock.h>
68	#include <net/snmp.h>
69
70	#include <net/6lowpan.h>
71	#include <net/firewire.h>
72	#include <net/ipv6.h>
73	#include <net/protocol.h>
74	#include <net/ndisc.h>
75	#include <net/ip6_route.h>
76	#include <net/addrconf.h>
77	#include <net/tcp.h>
78	#include <net/ip.h>
79	#include <net/netlink.h>
80	#include <net/pkt_sched.h>
81	#include <net/l3mdev.h>
82	#include <linux/if_tunnel.h>
83	#include <linux/rtnetlink.h>
84	#include <linux/netconf.h>
85	#include <linux/random.h>
86	#include <linux/uaccess.h>
87	#include <asm/unaligned.h>
88
89	#include <linux/proc_fs.h>
90	#include <linux/seq_file.h>
91	#include <linux/export.h>
92	#include <linux/ioam6.h>
93
94	#define INFINITY_LIFE_TIME 0xFFFFFFFF
95
96	#define IPV6_MAX_STRLEN \
97	sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")
98
99	static inline u32 cstamp_delta(unsigned long cstamp)
100	{
101	return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
102	}
103
104	static inline s32 rfc3315_s14_backoff_init(s32 irt)
105	{
106	/* multiply 'initial retransmission time' by 0.9 .. 1.1 */
107	u64 tmp = get_random_u32_inclusive(floor: 900000, ceil: 1100000) * (u64)irt;
108	do_div(tmp, 1000000);
109	return (s32)tmp;
110	}
111
112	static inline s32 rfc3315_s14_backoff_update(s32 rt, s32 mrt)
113	{
114	/* multiply 'retransmission timeout' by 1.9 .. 2.1 */
115	u64 tmp = get_random_u32_inclusive(floor: 1900000, ceil: 2100000) * (u64)rt;
116	do_div(tmp, 1000000);
117	if ((s32)tmp > mrt) {
118	/* multiply 'maximum retransmission time' by 0.9 .. 1.1 */
119	tmp = get_random_u32_inclusive(floor: 900000, ceil: 1100000) * (u64)mrt;
120	do_div(tmp, 1000000);
121	}
122	return (s32)tmp;
123	}
124
125	#ifdef CONFIG_SYSCTL
126	static int addrconf_sysctl_register(struct inet6_dev *idev);
127	static void addrconf_sysctl_unregister(struct inet6_dev *idev);
128	#else
129	static inline int addrconf_sysctl_register(struct inet6_dev *idev)
130	{
131	return 0;
132	}
133
134	static inline void addrconf_sysctl_unregister(struct inet6_dev *idev)
135	{
136	}
137	#endif
138
139	static void ipv6_gen_rnd_iid(struct in6_addr *addr);
140
141	static int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
142	static int ipv6_count_addresses(const struct inet6_dev *idev);
143	static int ipv6_generate_stable_address(struct in6_addr *addr,
144	u8 dad_count,
145	const struct inet6_dev *idev);
146
147	#define IN6_ADDR_HSIZE_SHIFT 8
148	#define IN6_ADDR_HSIZE (1 << IN6_ADDR_HSIZE_SHIFT)
149
150	static void addrconf_verify(struct net *net);
151	static void addrconf_verify_rtnl(struct net *net);
152
153	static struct workqueue_struct *addrconf_wq;
154
155	static void addrconf_join_anycast(struct inet6_ifaddr *ifp);
156	static void addrconf_leave_anycast(struct inet6_ifaddr *ifp);
157
158	static void addrconf_type_change(struct net_device *dev,
159	unsigned long event);
160	static int addrconf_ifdown(struct net_device *dev, bool unregister);
161
162	static struct fib6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
163	int plen,
164	const struct net_device *dev,
165	u32 flags, u32 noflags,
166	bool no_gw);
167
168	static void addrconf_dad_start(struct inet6_ifaddr *ifp);
169	static void addrconf_dad_work(struct work_struct *w);
170	static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id,
171	bool send_na);
172	static void addrconf_dad_run(struct inet6_dev *idev, bool restart);
173	static void addrconf_rs_timer(struct timer_list *t);
174	static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
175	static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
176
177	static void inet6_prefix_notify(int event, struct inet6_dev *idev,
178	struct prefix_info *pinfo);
179
180	static struct ipv6_devconf ipv6_devconf __read_mostly = {
181	.forwarding = 0,
182	.hop_limit = IPV6_DEFAULT_HOPLIMIT,
183	.mtu6 = IPV6_MIN_MTU,
184	.accept_ra = 1,
185	.accept_redirects = 1,
186	.autoconf = 1,
187	.force_mld_version = 0,
188	.mldv1_unsolicited_report_interval = 10 * HZ,
189	.mldv2_unsolicited_report_interval = HZ,
190	.dad_transmits = 1,
191	.rtr_solicits = MAX_RTR_SOLICITATIONS,
192	.rtr_solicit_interval = RTR_SOLICITATION_INTERVAL,
193	.rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL,
194	.rtr_solicit_delay = MAX_RTR_SOLICITATION_DELAY,
195	.use_tempaddr = 0,
196	.temp_valid_lft = TEMP_VALID_LIFETIME,
197	.temp_prefered_lft = TEMP_PREFERRED_LIFETIME,
198	.regen_max_retry = REGEN_MAX_RETRY,
199	.max_desync_factor = MAX_DESYNC_FACTOR,
200	.max_addresses = IPV6_MAX_ADDRESSES,
201	.accept_ra_defrtr = 1,
202	.ra_defrtr_metric = IP6_RT_PRIO_USER,
203	.accept_ra_from_local = 0,
204	.accept_ra_min_hop_limit= 1,
205	.accept_ra_min_lft = 0,
206	.accept_ra_pinfo = 1,
207	#ifdef CONFIG_IPV6_ROUTER_PREF
208	.accept_ra_rtr_pref = 1,
209	.rtr_probe_interval = 60 * HZ,
210	#ifdef CONFIG_IPV6_ROUTE_INFO
211	.accept_ra_rt_info_min_plen = 0,
212	.accept_ra_rt_info_max_plen = 0,
213	#endif
214	#endif
215	.proxy_ndp = 0,
216	.accept_source_route = 0, /* we do not accept RH0 by default. */
217	.disable_ipv6 = 0,
218	.accept_dad = 0,
219	.suppress_frag_ndisc = 1,
220	.accept_ra_mtu = 1,
221	.stable_secret = {
222	.initialized = false,
223	},
224	.use_oif_addrs_only = 0,
225	.ignore_routes_with_linkdown = 0,
226	.keep_addr_on_down = 0,
227	.seg6_enabled = 0,
228	#ifdef CONFIG_IPV6_SEG6_HMAC
229	.seg6_require_hmac = 0,
230	#endif
231	.enhanced_dad = 1,
232	.addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64,
233	.disable_policy = 0,
234	.rpl_seg_enabled = 0,
235	.ioam6_enabled = 0,
236	.ioam6_id = IOAM6_DEFAULT_IF_ID,
237	.ioam6_id_wide = IOAM6_DEFAULT_IF_ID_WIDE,
238	.ndisc_evict_nocarrier = 1,
239	.ra_honor_pio_life = 0,
240	};
241
242	static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
243	.forwarding = 0,
244	.hop_limit = IPV6_DEFAULT_HOPLIMIT,
245	.mtu6 = IPV6_MIN_MTU,
246	.accept_ra = 1,
247	.accept_redirects = 1,
248	.autoconf = 1,
249	.force_mld_version = 0,
250	.mldv1_unsolicited_report_interval = 10 * HZ,
251	.mldv2_unsolicited_report_interval = HZ,
252	.dad_transmits = 1,
253	.rtr_solicits = MAX_RTR_SOLICITATIONS,
254	.rtr_solicit_interval = RTR_SOLICITATION_INTERVAL,
255	.rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL,
256	.rtr_solicit_delay = MAX_RTR_SOLICITATION_DELAY,
257	.use_tempaddr = 0,
258	.temp_valid_lft = TEMP_VALID_LIFETIME,
259	.temp_prefered_lft = TEMP_PREFERRED_LIFETIME,
260	.regen_max_retry = REGEN_MAX_RETRY,
261	.max_desync_factor = MAX_DESYNC_FACTOR,
262	.max_addresses = IPV6_MAX_ADDRESSES,
263	.accept_ra_defrtr = 1,
264	.ra_defrtr_metric = IP6_RT_PRIO_USER,
265	.accept_ra_from_local = 0,
266	.accept_ra_min_hop_limit= 1,
267	.accept_ra_min_lft = 0,
268	.accept_ra_pinfo = 1,
269	#ifdef CONFIG_IPV6_ROUTER_PREF
270	.accept_ra_rtr_pref = 1,
271	.rtr_probe_interval = 60 * HZ,
272	#ifdef CONFIG_IPV6_ROUTE_INFO
273	.accept_ra_rt_info_min_plen = 0,
274	.accept_ra_rt_info_max_plen = 0,
275	#endif
276	#endif
277	.proxy_ndp = 0,
278	.accept_source_route = 0, /* we do not accept RH0 by default. */
279	.disable_ipv6 = 0,
280	.accept_dad = 1,
281	.suppress_frag_ndisc = 1,
282	.accept_ra_mtu = 1,
283	.stable_secret = {
284	.initialized = false,
285	},
286	.use_oif_addrs_only = 0,
287	.ignore_routes_with_linkdown = 0,
288	.keep_addr_on_down = 0,
289	.seg6_enabled = 0,
290	#ifdef CONFIG_IPV6_SEG6_HMAC
291	.seg6_require_hmac = 0,
292	#endif
293	.enhanced_dad = 1,
294	.addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64,
295	.disable_policy = 0,
296	.rpl_seg_enabled = 0,
297	.ioam6_enabled = 0,
298	.ioam6_id = IOAM6_DEFAULT_IF_ID,
299	.ioam6_id_wide = IOAM6_DEFAULT_IF_ID_WIDE,
300	.ndisc_evict_nocarrier = 1,
301	.ra_honor_pio_life = 0,
302	};
303
304	/* Check if link is ready: is it up and is a valid qdisc available */
305	static inline bool addrconf_link_ready(const struct net_device *dev)
306	{
307	return netif_oper_up(dev) && !qdisc_tx_is_noop(dev);
308	}
309
310	static void addrconf_del_rs_timer(struct inet6_dev *idev)
311	{
312	if (del_timer(timer: &idev->rs_timer))
313	__in6_dev_put(idev);
314	}
315
316	static void addrconf_del_dad_work(struct inet6_ifaddr *ifp)
317	{
318	if (cancel_delayed_work(dwork: &ifp->dad_work))
319	__in6_ifa_put(ifp);
320	}
321
322	static void addrconf_mod_rs_timer(struct inet6_dev *idev,
323	unsigned long when)
324	{
325	if (!mod_timer(timer: &idev->rs_timer, expires: jiffies + when))
326	in6_dev_hold(idev);
327	}
328
329	static void addrconf_mod_dad_work(struct inet6_ifaddr *ifp,
330	unsigned long delay)
331	{
332	in6_ifa_hold(ifp);
333	if (mod_delayed_work(wq: addrconf_wq, dwork: &ifp->dad_work, delay))
334	in6_ifa_put(ifp);
335	}
336
337	static int snmp6_alloc_dev(struct inet6_dev *idev)
338	{
339	int i;
340
341	idev->stats.ipv6 = alloc_percpu_gfp(struct ipstats_mib, GFP_KERNEL_ACCOUNT);
342	if (!idev->stats.ipv6)
343	goto err_ip;
344
345	for_each_possible_cpu(i) {
346	struct ipstats_mib *addrconf_stats;
347	addrconf_stats = per_cpu_ptr(idev->stats.ipv6, i);
348	u64_stats_init(syncp: &addrconf_stats->syncp);
349	}
350
351
352	idev->stats.icmpv6dev = kzalloc(size: sizeof(struct icmpv6_mib_device),
353	GFP_KERNEL);
354	if (!idev->stats.icmpv6dev)
355	goto err_icmp;
356	idev->stats.icmpv6msgdev = kzalloc(size: sizeof(struct icmpv6msg_mib_device),
357	GFP_KERNEL_ACCOUNT);
358	if (!idev->stats.icmpv6msgdev)
359	goto err_icmpmsg;
360
361	return 0;
362
363	err_icmpmsg:
364	kfree(objp: idev->stats.icmpv6dev);
365	err_icmp:
366	free_percpu(pdata: idev->stats.ipv6);
367	err_ip:
368	return -ENOMEM;
369	}
370
371	static struct inet6_dev *ipv6_add_dev(struct net_device *dev)
372	{
373	struct inet6_dev *ndev;
374	int err = -ENOMEM;
375
376	ASSERT_RTNL();
377
378	if (dev->mtu < IPV6_MIN_MTU && dev != blackhole_netdev)
379	return ERR_PTR(error: -EINVAL);
380
381	ndev = kzalloc(size: sizeof(*ndev), GFP_KERNEL_ACCOUNT);
382	if (!ndev)
383	return ERR_PTR(error: err);
384
385	rwlock_init(&ndev->lock);
386	ndev->dev = dev;
387	INIT_LIST_HEAD(list: &ndev->addr_list);
388	timer_setup(&ndev->rs_timer, addrconf_rs_timer, 0);
389	memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf));
390
391	if (ndev->cnf.stable_secret.initialized)
392	ndev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
393
394	ndev->cnf.mtu6 = dev->mtu;
395	ndev->ra_mtu = 0;
396	ndev->nd_parms = neigh_parms_alloc(dev, tbl: &nd_tbl);
397	if (!ndev->nd_parms) {
398	kfree(objp: ndev);
399	return ERR_PTR(error: err);
400	}
401	if (ndev->cnf.forwarding)
402	dev_disable_lro(dev);
403	/* We refer to the device */
404	netdev_hold(dev, tracker: &ndev->dev_tracker, GFP_KERNEL);
405
406	if (snmp6_alloc_dev(idev: ndev) < 0) {
407	netdev_dbg(dev, "%s: cannot allocate memory for statistics\n",
408	__func__);
409	neigh_parms_release(tbl: &nd_tbl, parms: ndev->nd_parms);
410	netdev_put(dev, tracker: &ndev->dev_tracker);
411	kfree(objp: ndev);
412	return ERR_PTR(error: err);
413	}
414
415	if (dev != blackhole_netdev) {
416	if (snmp6_register_dev(idev: ndev) < 0) {
417	netdev_dbg(dev, "%s: cannot create /proc/net/dev_snmp6/%s\n",
418	__func__, dev->name);
419	goto err_release;
420	}
421	}
422	/* One reference from device. */
423	refcount_set(r: &ndev->refcnt, n: 1);
424
425	if (dev->flags & (IFF_NOARP | IFF_LOOPBACK))
426	ndev->cnf.accept_dad = -1;
427
428	#if IS_ENABLED(CONFIG_IPV6_SIT)
429	if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) {
430	pr_info("%s: Disabled Multicast RS\n", dev->name);
431	ndev->cnf.rtr_solicits = 0;
432	}
433	#endif
434
435	INIT_LIST_HEAD(list: &ndev->tempaddr_list);
436	ndev->desync_factor = U32_MAX;
437	if ((dev->flags&IFF_LOOPBACK) ||
438	dev->type == ARPHRD_TUNNEL ||
439	dev->type == ARPHRD_TUNNEL6 ||
440	dev->type == ARPHRD_SIT ||
441	dev->type == ARPHRD_NONE) {
442	ndev->cnf.use_tempaddr = -1;
443	}
444
445	ndev->token = in6addr_any;
446
447	if (netif_running(dev) && addrconf_link_ready(dev))
448	ndev->if_flags |= IF_READY;
449
450	ipv6_mc_init_dev(idev: ndev);
451	ndev->tstamp = jiffies;
452	if (dev != blackhole_netdev) {
453	err = addrconf_sysctl_register(idev: ndev);
454	if (err) {
455	ipv6_mc_destroy_dev(idev: ndev);
456	snmp6_unregister_dev(idev: ndev);
457	goto err_release;
458	}
459	}
460	/* protected by rtnl_lock */
461	rcu_assign_pointer(dev->ip6_ptr, ndev);
462
463	if (dev != blackhole_netdev) {
464	/* Join interface-local all-node multicast group */
465	ipv6_dev_mc_inc(dev, addr: &in6addr_interfacelocal_allnodes);
466
467	/* Join all-node multicast group */
468	ipv6_dev_mc_inc(dev, addr: &in6addr_linklocal_allnodes);
469
470	/* Join all-router multicast group if forwarding is set */
471	if (ndev->cnf.forwarding && (dev->flags & IFF_MULTICAST))
472	ipv6_dev_mc_inc(dev, addr: &in6addr_linklocal_allrouters);
473	}
474	return ndev;
475
476	err_release:
477	neigh_parms_release(tbl: &nd_tbl, parms: ndev->nd_parms);
478	ndev->dead = 1;
479	in6_dev_finish_destroy(idev: ndev);
480	return ERR_PTR(error: err);
481	}
482
483	static struct inet6_dev *ipv6_find_idev(struct net_device *dev)
484	{
485	struct inet6_dev *idev;
486
487	ASSERT_RTNL();
488
489	idev = __in6_dev_get(dev);
490	if (!idev) {
491	idev = ipv6_add_dev(dev);
492	if (IS_ERR(ptr: idev))
493	return idev;
494	}
495
496	if (dev->flags&IFF_UP)
497	ipv6_mc_up(idev);
498	return idev;
499	}
500
501	static int inet6_netconf_msgsize_devconf(int type)
502	{
503	int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
504	+ nla_total_size(payload: 4); /* NETCONFA_IFINDEX */
505	bool all = false;
506
507	if (type == NETCONFA_ALL)
508	all = true;
509
510	if (all || type == NETCONFA_FORWARDING)
511	size += nla_total_size(payload: 4);
512	#ifdef CONFIG_IPV6_MROUTE
513	if (all || type == NETCONFA_MC_FORWARDING)
514	size += nla_total_size(payload: 4);
515	#endif
516	if (all || type == NETCONFA_PROXY_NEIGH)
517	size += nla_total_size(payload: 4);
518
519	if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
520	size += nla_total_size(payload: 4);
521
522	return size;
523	}
524
525	static int inet6_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
526	struct ipv6_devconf *devconf, u32 portid,
527	u32 seq, int event, unsigned int flags,
528	int type)
529	{
530	struct nlmsghdr *nlh;
531	struct netconfmsg *ncm;
532	bool all = false;
533
534	nlh = nlmsg_put(skb, portid, seq, type: event, payload: sizeof(struct netconfmsg),
535	flags);
536	if (!nlh)
537	return -EMSGSIZE;
538
539	if (type == NETCONFA_ALL)
540	all = true;
541
542	ncm = nlmsg_data(nlh);
543	ncm->ncm_family = AF_INET6;
544
545	if (nla_put_s32(skb, attrtype: NETCONFA_IFINDEX, value: ifindex) < 0)
546	goto nla_put_failure;
547
548	if (!devconf)
549	goto out;
550
551	if ((all || type == NETCONFA_FORWARDING) &&
552	nla_put_s32(skb, attrtype: NETCONFA_FORWARDING, value: devconf->forwarding) < 0)
553	goto nla_put_failure;
554	#ifdef CONFIG_IPV6_MROUTE
555	if ((all || type == NETCONFA_MC_FORWARDING) &&
556	nla_put_s32(skb, attrtype: NETCONFA_MC_FORWARDING,
557	value: atomic_read(v: &devconf->mc_forwarding)) < 0)
558	goto nla_put_failure;
559	#endif
560	if ((all || type == NETCONFA_PROXY_NEIGH) &&
561	nla_put_s32(skb, attrtype: NETCONFA_PROXY_NEIGH, value: devconf->proxy_ndp) < 0)
562	goto nla_put_failure;
563
564	if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
565	nla_put_s32(skb, attrtype: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
566	value: devconf->ignore_routes_with_linkdown) < 0)
567	goto nla_put_failure;
568
569	out:
570	nlmsg_end(skb, nlh);
571	return 0;
572
573	nla_put_failure:
574	nlmsg_cancel(skb, nlh);
575	return -EMSGSIZE;
576	}
577
578	void inet6_netconf_notify_devconf(struct net *net, int event, int type,
579	int ifindex, struct ipv6_devconf *devconf)
580	{
581	struct sk_buff *skb;
582	int err = -ENOBUFS;
583
584	skb = nlmsg_new(payload: inet6_netconf_msgsize_devconf(type), GFP_KERNEL);
585	if (!skb)
586	goto errout;
587
588	err = inet6_netconf_fill_devconf(skb, ifindex, devconf, portid: 0, seq: 0,
589	event, flags: 0, type);
590	if (err < 0) {
591	/* -EMSGSIZE implies BUG in inet6_netconf_msgsize_devconf() */
592	WARN_ON(err == -EMSGSIZE);
593	kfree_skb(skb);
594	goto errout;
595	}
596	rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_NETCONF, NULL, GFP_KERNEL);
597	return;
598	errout:
599	rtnl_set_sk_err(net, RTNLGRP_IPV6_NETCONF, error: err);
600	}
601
602	static const struct nla_policy devconf_ipv6_policy[NETCONFA_MAX+1] = {
603	[NETCONFA_IFINDEX] = { .len = sizeof(int) },
604	[NETCONFA_FORWARDING] = { .len = sizeof(int) },
605	[NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
606	[NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
607	};
608
609	static int inet6_netconf_valid_get_req(struct sk_buff *skb,
610	const struct nlmsghdr *nlh,
611	struct nlattr **tb,
612	struct netlink_ext_ack *extack)
613	{
614	int i, err;
615
616	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(struct netconfmsg))) {
617	NL_SET_ERR_MSG_MOD(extack, "Invalid header for netconf get request");
618	return -EINVAL;
619	}
620
621	if (!netlink_strict_get_check(skb))
622	return nlmsg_parse_deprecated(nlh, hdrlen: sizeof(struct netconfmsg),
623	tb, NETCONFA_MAX,
624	policy: devconf_ipv6_policy, extack);
625
626	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(struct netconfmsg),
627	tb, NETCONFA_MAX,
628	policy: devconf_ipv6_policy, extack);
629	if (err)
630	return err;
631
632	for (i = 0; i <= NETCONFA_MAX; i++) {
633	if (!tb[i])
634	continue;
635
636	switch (i) {
637	case NETCONFA_IFINDEX:
638	break;
639	default:
640	NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in netconf get request");
641	return -EINVAL;
642	}
643	}
644
645	return 0;
646	}
647
648	static int inet6_netconf_get_devconf(struct sk_buff *in_skb,
649	struct nlmsghdr *nlh,
650	struct netlink_ext_ack *extack)
651	{
652	struct net *net = sock_net(sk: in_skb->sk);
653	struct nlattr *tb[NETCONFA_MAX+1];
654	struct inet6_dev *in6_dev = NULL;
655	struct net_device *dev = NULL;
656	struct sk_buff *skb;
657	struct ipv6_devconf *devconf;
658	int ifindex;
659	int err;
660
661	err = inet6_netconf_valid_get_req(skb: in_skb, nlh, tb, extack);
662	if (err < 0)
663	return err;
664
665	if (!tb[NETCONFA_IFINDEX])
666	return -EINVAL;
667
668	err = -EINVAL;
669	ifindex = nla_get_s32(nla: tb[NETCONFA_IFINDEX]);
670	switch (ifindex) {
671	case NETCONFA_IFINDEX_ALL:
672	devconf = net->ipv6.devconf_all;
673	break;
674	case NETCONFA_IFINDEX_DEFAULT:
675	devconf = net->ipv6.devconf_dflt;
676	break;
677	default:
678	dev = dev_get_by_index(net, ifindex);
679	if (!dev)
680	return -EINVAL;
681	in6_dev = in6_dev_get(dev);
682	if (!in6_dev)
683	goto errout;
684	devconf = &in6_dev->cnf;
685	break;
686	}
687
688	err = -ENOBUFS;
689	skb = nlmsg_new(payload: inet6_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
690	if (!skb)
691	goto errout;
692
693	err = inet6_netconf_fill_devconf(skb, ifindex, devconf,
694	NETLINK_CB(in_skb).portid,
695	seq: nlh->nlmsg_seq, RTM_NEWNETCONF, flags: 0,
696	NETCONFA_ALL);
697	if (err < 0) {
698	/* -EMSGSIZE implies BUG in inet6_netconf_msgsize_devconf() */
699	WARN_ON(err == -EMSGSIZE);
700	kfree_skb(skb);
701	goto errout;
702	}
703	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
704	errout:
705	if (in6_dev)
706	in6_dev_put(idev: in6_dev);
707	dev_put(dev);
708	return err;
709	}
710
711	static int inet6_netconf_dump_devconf(struct sk_buff *skb,
712	struct netlink_callback *cb)
713	{
714	const struct nlmsghdr *nlh = cb->nlh;
715	struct net *net = sock_net(sk: skb->sk);
716	int h, s_h;
717	int idx, s_idx;
718	struct net_device *dev;
719	struct inet6_dev *idev;
720	struct hlist_head *head;
721
722	if (cb->strict_check) {
723	struct netlink_ext_ack *extack = cb->extack;
724	struct netconfmsg *ncm;
725
726	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ncm))) {
727	NL_SET_ERR_MSG_MOD(extack, "Invalid header for netconf dump request");
728	return -EINVAL;
729	}
730
731	if (nlmsg_attrlen(nlh, hdrlen: sizeof(*ncm))) {
732	NL_SET_ERR_MSG_MOD(extack, "Invalid data after header in netconf dump request");
733	return -EINVAL;
734	}
735	}
736
737	s_h = cb->args[0];
738	s_idx = idx = cb->args[1];
739
740	for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
741	idx = 0;
742	head = &net->dev_index_head[h];
743	rcu_read_lock();
744	cb->seq = atomic_read(v: &net->ipv6.dev_addr_genid) ^
745	net->dev_base_seq;
746	hlist_for_each_entry_rcu(dev, head, index_hlist) {
747	if (idx < s_idx)
748	goto cont;
749	idev = __in6_dev_get(dev);
750	if (!idev)
751	goto cont;
752
753	if (inet6_netconf_fill_devconf(skb, ifindex: dev->ifindex,
754	devconf: &idev->cnf,
755	NETLINK_CB(cb->skb).portid,
756	seq: nlh->nlmsg_seq,
757	RTM_NEWNETCONF,
758	NLM_F_MULTI,
759	NETCONFA_ALL) < 0) {
760	rcu_read_unlock();
761	goto done;
762	}
763	nl_dump_check_consistent(cb, nlh: nlmsg_hdr(skb));
764	cont:
765	idx++;
766	}
767	rcu_read_unlock();
768	}
769	if (h == NETDEV_HASHENTRIES) {
770	if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
771	devconf: net->ipv6.devconf_all,
772	NETLINK_CB(cb->skb).portid,
773	seq: nlh->nlmsg_seq,
774	RTM_NEWNETCONF, NLM_F_MULTI,
775	NETCONFA_ALL) < 0)
776	goto done;
777	else
778	h++;
779	}
780	if (h == NETDEV_HASHENTRIES + 1) {
781	if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
782	devconf: net->ipv6.devconf_dflt,
783	NETLINK_CB(cb->skb).portid,
784	seq: nlh->nlmsg_seq,
785	RTM_NEWNETCONF, NLM_F_MULTI,
786	NETCONFA_ALL) < 0)
787	goto done;
788	else
789	h++;
790	}
791	done:
792	cb->args[0] = h;
793	cb->args[1] = idx;
794
795	return skb->len;
796	}
797
798	#ifdef CONFIG_SYSCTL
799	static void dev_forward_change(struct inet6_dev *idev)
800	{
801	struct net_device *dev;
802	struct inet6_ifaddr *ifa;
803	LIST_HEAD(tmp_addr_list);
804
805	if (!idev)
806	return;
807	dev = idev->dev;
808	if (idev->cnf.forwarding)
809	dev_disable_lro(dev);
810	if (dev->flags & IFF_MULTICAST) {
811	if (idev->cnf.forwarding) {
812	ipv6_dev_mc_inc(dev, addr: &in6addr_linklocal_allrouters);
813	ipv6_dev_mc_inc(dev, addr: &in6addr_interfacelocal_allrouters);
814	ipv6_dev_mc_inc(dev, addr: &in6addr_sitelocal_allrouters);
815	} else {
816	ipv6_dev_mc_dec(dev, addr: &in6addr_linklocal_allrouters);
817	ipv6_dev_mc_dec(dev, addr: &in6addr_interfacelocal_allrouters);
818	ipv6_dev_mc_dec(dev, addr: &in6addr_sitelocal_allrouters);
819	}
820	}
821
822	read_lock_bh(&idev->lock);
823	list_for_each_entry(ifa, &idev->addr_list, if_list) {
824	if (ifa->flags&IFA_F_TENTATIVE)
825	continue;
826	list_add_tail(new: &ifa->if_list_aux, head: &tmp_addr_list);
827	}
828	read_unlock_bh(&idev->lock);
829
830	while (!list_empty(head: &tmp_addr_list)) {
831	ifa = list_first_entry(&tmp_addr_list,
832	struct inet6_ifaddr, if_list_aux);
833	list_del(entry: &ifa->if_list_aux);
834	if (idev->cnf.forwarding)
835	addrconf_join_anycast(ifp: ifa);
836	else
837	addrconf_leave_anycast(ifp: ifa);
838	}
839
840	inet6_netconf_notify_devconf(net: dev_net(dev), RTM_NEWNETCONF,
841	type: NETCONFA_FORWARDING,
842	ifindex: dev->ifindex, devconf: &idev->cnf);
843	}
844
845
846	static void addrconf_forward_change(struct net *net, __s32 newf)
847	{
848	struct net_device *dev;
849	struct inet6_dev *idev;
850
851	for_each_netdev(net, dev) {
852	idev = __in6_dev_get(dev);
853	if (idev) {
854	int changed = (!idev->cnf.forwarding) ^ (!newf);
855	idev->cnf.forwarding = newf;
856	if (changed)
857	dev_forward_change(idev);
858	}
859	}
860	}
861
862	static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf)
863	{
864	struct net *net;
865	int old;
866
867	if (!rtnl_trylock())
868	return restart_syscall();
869
870	net = (struct net *)table->extra2;
871	old = *p;
872	*p = newf;
873
874	if (p == &net->ipv6.devconf_dflt->forwarding) {
875	if ((!newf) ^ (!old))
876	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
877	type: NETCONFA_FORWARDING,
878	NETCONFA_IFINDEX_DEFAULT,
879	devconf: net->ipv6.devconf_dflt);
880	rtnl_unlock();
881	return 0;
882	}
883
884	if (p == &net->ipv6.devconf_all->forwarding) {
885	int old_dflt = net->ipv6.devconf_dflt->forwarding;
886
887	net->ipv6.devconf_dflt->forwarding = newf;
888	if ((!newf) ^ (!old_dflt))
889	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
890	type: NETCONFA_FORWARDING,
891	NETCONFA_IFINDEX_DEFAULT,
892	devconf: net->ipv6.devconf_dflt);
893
894	addrconf_forward_change(net, newf);
895	if ((!newf) ^ (!old))
896	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
897	type: NETCONFA_FORWARDING,
898	NETCONFA_IFINDEX_ALL,
899	devconf: net->ipv6.devconf_all);
900	} else if ((!newf) ^ (!old))
901	dev_forward_change(idev: (struct inet6_dev *)table->extra1);
902	rtnl_unlock();
903
904	if (newf)
905	rt6_purge_dflt_routers(net);
906	return 1;
907	}
908
909	static void addrconf_linkdown_change(struct net *net, __s32 newf)
910	{
911	struct net_device *dev;
912	struct inet6_dev *idev;
913
914	for_each_netdev(net, dev) {
915	idev = __in6_dev_get(dev);
916	if (idev) {
917	int changed = (!idev->cnf.ignore_routes_with_linkdown) ^ (!newf);
918
919	idev->cnf.ignore_routes_with_linkdown = newf;
920	if (changed)
921	inet6_netconf_notify_devconf(net: dev_net(dev),
922	RTM_NEWNETCONF,
923	type: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
924	ifindex: dev->ifindex,
925	devconf: &idev->cnf);
926	}
927	}
928	}
929
930	static int addrconf_fixup_linkdown(struct ctl_table *table, int *p, int newf)
931	{
932	struct net *net;
933	int old;
934
935	if (!rtnl_trylock())
936	return restart_syscall();
937
938	net = (struct net *)table->extra2;
939	old = *p;
940	*p = newf;
941
942	if (p == &net->ipv6.devconf_dflt->ignore_routes_with_linkdown) {
943	if ((!newf) ^ (!old))
944	inet6_netconf_notify_devconf(net,
945	RTM_NEWNETCONF,
946	type: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
947	NETCONFA_IFINDEX_DEFAULT,
948	devconf: net->ipv6.devconf_dflt);
949	rtnl_unlock();
950	return 0;
951	}
952
953	if (p == &net->ipv6.devconf_all->ignore_routes_with_linkdown) {
954	net->ipv6.devconf_dflt->ignore_routes_with_linkdown = newf;
955	addrconf_linkdown_change(net, newf);
956	if ((!newf) ^ (!old))
957	inet6_netconf_notify_devconf(net,
958	RTM_NEWNETCONF,
959	type: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
960	NETCONFA_IFINDEX_ALL,
961	devconf: net->ipv6.devconf_all);
962	}
963	rtnl_unlock();
964
965	return 1;
966	}
967
968	#endif
969
970	/* Nobody refers to this ifaddr, destroy it */
971	void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp)
972	{
973	WARN_ON(!hlist_unhashed(&ifp->addr_lst));
974
975	#ifdef NET_REFCNT_DEBUG
976	pr_debug("%s\n", __func__);
977	#endif
978
979	in6_dev_put(idev: ifp->idev);
980
981	if (cancel_delayed_work(dwork: &ifp->dad_work))
982	pr_notice("delayed DAD work was pending while freeing ifa=%p\n",
983	ifp);
984
985	if (ifp->state != INET6_IFADDR_STATE_DEAD) {
986	pr_warn("Freeing alive inet6 address %p\n", ifp);
987	return;
988	}
989
990	kfree_rcu(ifp, rcu);
991	}
992
993	static void
994	ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp)
995	{
996	struct list_head *p;
997	int ifp_scope = ipv6_addr_src_scope(addr: &ifp->addr);
998
999	/*
1000	* Each device address list is sorted in order of scope -
1001	* global before linklocal.
1002	*/
1003	list_for_each(p, &idev->addr_list) {
1004	struct inet6_ifaddr *ifa
1005	= list_entry(p, struct inet6_ifaddr, if_list);
1006	if (ifp_scope >= ipv6_addr_src_scope(addr: &ifa->addr))
1007	break;
1008	}
1009
1010	list_add_tail_rcu(new: &ifp->if_list, head: p);
1011	}
1012
1013	static u32 inet6_addr_hash(const struct net *net, const struct in6_addr *addr)
1014	{
1015	u32 val = ipv6_addr_hash(a: addr) ^ net_hash_mix(net);
1016
1017	return hash_32(val, IN6_ADDR_HSIZE_SHIFT);
1018	}
1019
1020	static bool ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
1021	struct net_device *dev, unsigned int hash)
1022	{
1023	struct inet6_ifaddr *ifp;
1024
1025	hlist_for_each_entry(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) {
1026	if (ipv6_addr_equal(a1: &ifp->addr, a2: addr)) {
1027	if (!dev || ifp->idev->dev == dev)
1028	return true;
1029	}
1030	}
1031	return false;
1032	}
1033
1034	static int ipv6_add_addr_hash(struct net_device *dev, struct inet6_ifaddr *ifa)
1035	{
1036	struct net *net = dev_net(dev);
1037	unsigned int hash = inet6_addr_hash(net, addr: &ifa->addr);
1038	int err = 0;
1039
1040	spin_lock_bh(lock: &net->ipv6.addrconf_hash_lock);
1041
1042	/* Ignore adding duplicate addresses on an interface */
1043	if (ipv6_chk_same_addr(net, addr: &ifa->addr, dev, hash)) {
1044	netdev_dbg(dev, "ipv6_add_addr: already assigned\n");
1045	err = -EEXIST;
1046	} else {
1047	hlist_add_head_rcu(n: &ifa->addr_lst, h: &net->ipv6.inet6_addr_lst[hash]);
1048	}
1049
1050	spin_unlock_bh(lock: &net->ipv6.addrconf_hash_lock);
1051
1052	return err;
1053	}
1054
1055	/* On success it returns ifp with increased reference count */
1056
1057	static struct inet6_ifaddr *
1058	ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg,
1059	bool can_block, struct netlink_ext_ack *extack)
1060	{
1061	gfp_t gfp_flags = can_block ? GFP_KERNEL : GFP_ATOMIC;
1062	int addr_type = ipv6_addr_type(addr: cfg->pfx);
1063	struct net *net = dev_net(dev: idev->dev);
1064	struct inet6_ifaddr *ifa = NULL;
1065	struct fib6_info *f6i = NULL;
1066	int err = 0;
1067
1068	if (addr_type == IPV6_ADDR_ANY) {
1069	NL_SET_ERR_MSG_MOD(extack, "Invalid address");
1070	return ERR_PTR(error: -EADDRNOTAVAIL);
1071	} else if (addr_type & IPV6_ADDR_MULTICAST &&
1072	!(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) {
1073	NL_SET_ERR_MSG_MOD(extack, "Cannot assign multicast address without \"IFA_F_MCAUTOJOIN\" flag");
1074	return ERR_PTR(error: -EADDRNOTAVAIL);
1075	} else if (!(idev->dev->flags & IFF_LOOPBACK) &&
1076	!netif_is_l3_master(dev: idev->dev) &&
1077	addr_type & IPV6_ADDR_LOOPBACK) {
1078	NL_SET_ERR_MSG_MOD(extack, "Cannot assign loopback address on this device");
1079	return ERR_PTR(error: -EADDRNOTAVAIL);
1080	}
1081
1082	if (idev->dead) {
1083	NL_SET_ERR_MSG_MOD(extack, "device is going away");
1084	err = -ENODEV;
1085	goto out;
1086	}
1087
1088	if (idev->cnf.disable_ipv6) {
1089	NL_SET_ERR_MSG_MOD(extack, "IPv6 is disabled on this device");
1090	err = -EACCES;
1091	goto out;
1092	}
1093
1094	/* validator notifier needs to be blocking;
1095	* do not call in atomic context
1096	*/
1097	if (can_block) {
1098	struct in6_validator_info i6vi = {
1099	.i6vi_addr = *cfg->pfx,
1100	.i6vi_dev = idev,
1101	.extack = extack,
1102	};
1103
1104	err = inet6addr_validator_notifier_call_chain(val: NETDEV_UP, v: &i6vi);
1105	err = notifier_to_errno(ret: err);
1106	if (err < 0)
1107	goto out;
1108	}
1109
1110	ifa = kzalloc(size: sizeof(*ifa), flags: gfp_flags | __GFP_ACCOUNT);
1111	if (!ifa) {
1112	err = -ENOBUFS;
1113	goto out;
1114	}
1115
1116	f6i = addrconf_f6i_alloc(net, idev, addr: cfg->pfx, anycast: false, gfp_flags, extack);
1117	if (IS_ERR(ptr: f6i)) {
1118	err = PTR_ERR(ptr: f6i);
1119	f6i = NULL;
1120	goto out;
1121	}
1122
1123	neigh_parms_data_state_setall(p: idev->nd_parms);
1124
1125	ifa->addr = *cfg->pfx;
1126	if (cfg->peer_pfx)
1127	ifa->peer_addr = *cfg->peer_pfx;
1128
1129	spin_lock_init(&ifa->lock);
1130	INIT_DELAYED_WORK(&ifa->dad_work, addrconf_dad_work);
1131	INIT_HLIST_NODE(h: &ifa->addr_lst);
1132	ifa->scope = cfg->scope;
1133	ifa->prefix_len = cfg->plen;
1134	ifa->rt_priority = cfg->rt_priority;
1135	ifa->flags = cfg->ifa_flags;
1136	ifa->ifa_proto = cfg->ifa_proto;
1137	/* No need to add the TENTATIVE flag for addresses with NODAD */
1138	if (!(cfg->ifa_flags & IFA_F_NODAD))
1139	ifa->flags |= IFA_F_TENTATIVE;
1140	ifa->valid_lft = cfg->valid_lft;
1141	ifa->prefered_lft = cfg->preferred_lft;
1142	ifa->cstamp = ifa->tstamp = jiffies;
1143	ifa->tokenized = false;
1144
1145	ifa->rt = f6i;
1146
1147	ifa->idev = idev;
1148	in6_dev_hold(idev);
1149
1150	/* For caller */
1151	refcount_set(r: &ifa->refcnt, n: 1);
1152
1153	rcu_read_lock();
1154
1155	err = ipv6_add_addr_hash(dev: idev->dev, ifa);
1156	if (err < 0) {
1157	rcu_read_unlock();
1158	goto out;
1159	}
1160
1161	write_lock_bh(&idev->lock);
1162
1163	/* Add to inet6_dev unicast addr list. */
1164	ipv6_link_dev_addr(idev, ifp: ifa);
1165
1166	if (ifa->flags&IFA_F_TEMPORARY) {
1167	list_add(new: &ifa->tmp_list, head: &idev->tempaddr_list);
1168	in6_ifa_hold(ifp: ifa);
1169	}
1170
1171	in6_ifa_hold(ifp: ifa);
1172	write_unlock_bh(&idev->lock);
1173
1174	rcu_read_unlock();
1175
1176	inet6addr_notifier_call_chain(val: NETDEV_UP, v: ifa);
1177	out:
1178	if (unlikely(err < 0)) {
1179	fib6_info_release(f6i);
1180
1181	if (ifa) {
1182	if (ifa->idev)
1183	in6_dev_put(idev: ifa->idev);
1184	kfree(objp: ifa);
1185	}
1186	ifa = ERR_PTR(error: err);
1187	}
1188
1189	return ifa;
1190	}
1191
1192	enum cleanup_prefix_rt_t {
1193	CLEANUP_PREFIX_RT_NOP, /* no cleanup action for prefix route */
1194	CLEANUP_PREFIX_RT_DEL, /* delete the prefix route */
1195	CLEANUP_PREFIX_RT_EXPIRE, /* update the lifetime of the prefix route */
1196	};
1197
1198	/*
1199	* Check, whether the prefix for ifp would still need a prefix route
1200	* after deleting ifp. The function returns one of the CLEANUP_PREFIX_RT_*
1201	* constants.
1202	*
1203	* 1) we don't purge prefix if address was not permanent.
1204	* prefix is managed by its own lifetime.
1205	* 2) we also don't purge, if the address was IFA_F_NOPREFIXROUTE.
1206	* 3) if there are no addresses, delete prefix.
1207	* 4) if there are still other permanent address(es),
1208	* corresponding prefix is still permanent.
1209	* 5) if there are still other addresses with IFA_F_NOPREFIXROUTE,
1210	* don't purge the prefix, assume user space is managing it.
1211	* 6) otherwise, update prefix lifetime to the
1212	* longest valid lifetime among the corresponding
1213	* addresses on the device.
1214	* Note: subsequent RA will update lifetime.
1215	**/
1216	static enum cleanup_prefix_rt_t
1217	check_cleanup_prefix_route(struct inet6_ifaddr *ifp, unsigned long *expires)
1218	{
1219	struct inet6_ifaddr *ifa;
1220	struct inet6_dev *idev = ifp->idev;
1221	unsigned long lifetime;
1222	enum cleanup_prefix_rt_t action = CLEANUP_PREFIX_RT_DEL;
1223
1224	*expires = jiffies;
1225
1226	list_for_each_entry(ifa, &idev->addr_list, if_list) {
1227	if (ifa == ifp)
1228	continue;
1229	if (ifa->prefix_len != ifp->prefix_len ||
1230	!ipv6_prefix_equal(addr1: &ifa->addr, addr2: &ifp->addr,
1231	prefixlen: ifp->prefix_len))
1232	continue;
1233	if (ifa->flags & (IFA_F_PERMANENT | IFA_F_NOPREFIXROUTE))
1234	return CLEANUP_PREFIX_RT_NOP;
1235
1236	action = CLEANUP_PREFIX_RT_EXPIRE;
1237
1238	spin_lock(lock: &ifa->lock);
1239
1240	lifetime = addrconf_timeout_fixup(timeout: ifa->valid_lft, HZ);
1241	/*
1242	* Note: Because this address is
1243	* not permanent, lifetime <
1244	* LONG_MAX / HZ here.
1245	*/
1246	if (time_before(*expires, ifa->tstamp + lifetime * HZ))
1247	*expires = ifa->tstamp + lifetime * HZ;
1248	spin_unlock(lock: &ifa->lock);
1249	}
1250
1251	return action;
1252	}
1253
1254	static void
1255	cleanup_prefix_route(struct inet6_ifaddr *ifp, unsigned long expires,
1256	bool del_rt, bool del_peer)
1257	{
1258	struct fib6_info *f6i;
1259
1260	f6i = addrconf_get_prefix_route(pfx: del_peer ? &ifp->peer_addr : &ifp->addr,
1261	plen: ifp->prefix_len,
1262	dev: ifp->idev->dev, flags: 0, RTF_DEFAULT, no_gw: true);
1263	if (f6i) {
1264	if (del_rt)
1265	ip6_del_rt(net: dev_net(dev: ifp->idev->dev), f6i, skip_notify: false);
1266	else {
1267	if (!(f6i->fib6_flags & RTF_EXPIRES))
1268	fib6_set_expires(f6i, expires);
1269	fib6_info_release(f6i);
1270	}
1271	}
1272	}
1273
1274
1275	/* This function wants to get referenced ifp and releases it before return */
1276
1277	static void ipv6_del_addr(struct inet6_ifaddr *ifp)
1278	{
1279	enum cleanup_prefix_rt_t action = CLEANUP_PREFIX_RT_NOP;
1280	struct net *net = dev_net(dev: ifp->idev->dev);
1281	unsigned long expires;
1282	int state;
1283
1284	ASSERT_RTNL();
1285
1286	spin_lock_bh(lock: &ifp->lock);
1287	state = ifp->state;
1288	ifp->state = INET6_IFADDR_STATE_DEAD;
1289	spin_unlock_bh(lock: &ifp->lock);
1290
1291	if (state == INET6_IFADDR_STATE_DEAD)
1292	goto out;
1293
1294	spin_lock_bh(lock: &net->ipv6.addrconf_hash_lock);
1295	hlist_del_init_rcu(n: &ifp->addr_lst);
1296	spin_unlock_bh(lock: &net->ipv6.addrconf_hash_lock);
1297
1298	write_lock_bh(&ifp->idev->lock);
1299
1300	if (ifp->flags&IFA_F_TEMPORARY) {
1301	list_del(entry: &ifp->tmp_list);
1302	if (ifp->ifpub) {
1303	in6_ifa_put(ifp: ifp->ifpub);
1304	ifp->ifpub = NULL;
1305	}
1306	__in6_ifa_put(ifp);
1307	}
1308
1309	if (ifp->flags & IFA_F_PERMANENT && !(ifp->flags & IFA_F_NOPREFIXROUTE))
1310	action = check_cleanup_prefix_route(ifp, expires: &expires);
1311
1312	list_del_rcu(entry: &ifp->if_list);
1313	__in6_ifa_put(ifp);
1314
1315	write_unlock_bh(&ifp->idev->lock);
1316
1317	addrconf_del_dad_work(ifp);
1318
1319	ipv6_ifa_notify(RTM_DELADDR, ifa: ifp);
1320
1321	inet6addr_notifier_call_chain(val: NETDEV_DOWN, v: ifp);
1322
1323	if (action != CLEANUP_PREFIX_RT_NOP) {
1324	cleanup_prefix_route(ifp, expires,
1325	del_rt: action == CLEANUP_PREFIX_RT_DEL, del_peer: false);
1326	}
1327
1328	/* clean up prefsrc entries */
1329	rt6_remove_prefsrc(ifp);
1330	out:
1331	in6_ifa_put(ifp);
1332	}
1333
1334	static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block)
1335	{
1336	struct inet6_dev *idev = ifp->idev;
1337	unsigned long tmp_tstamp, age;
1338	unsigned long regen_advance;
1339	unsigned long now = jiffies;
1340	s32 cnf_temp_preferred_lft;
1341	struct inet6_ifaddr *ift;
1342	struct ifa6_config cfg;
1343	long max_desync_factor;
1344	struct in6_addr addr;
1345	int ret = 0;
1346
1347	write_lock_bh(&idev->lock);
1348
1349	retry:
1350	in6_dev_hold(idev);
1351	if (idev->cnf.use_tempaddr <= 0) {
1352	write_unlock_bh(&idev->lock);
1353	pr_info("%s: use_tempaddr is disabled\n", __func__);
1354	in6_dev_put(idev);
1355	ret = -1;
1356	goto out;
1357	}
1358	spin_lock_bh(lock: &ifp->lock);
1359	if (ifp->regen_count++ >= idev->cnf.regen_max_retry) {
1360	idev->cnf.use_tempaddr = -1; /*XXX*/
1361	spin_unlock_bh(lock: &ifp->lock);
1362	write_unlock_bh(&idev->lock);
1363	pr_warn("%s: regeneration time exceeded - disabled temporary address support\n",
1364	__func__);
1365	in6_dev_put(idev);
1366	ret = -1;
1367	goto out;
1368	}
1369	in6_ifa_hold(ifp);
1370	memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
1371	ipv6_gen_rnd_iid(addr: &addr);
1372
1373	age = (now - ifp->tstamp) / HZ;
1374
1375	regen_advance = idev->cnf.regen_max_retry *
1376	idev->cnf.dad_transmits *
1377	max(NEIGH_VAR(idev->nd_parms, RETRANS_TIME), HZ/100) / HZ;
1378
1379	/* recalculate max_desync_factor each time and update
1380	* idev->desync_factor if it's larger
1381	*/
1382	cnf_temp_preferred_lft = READ_ONCE(idev->cnf.temp_prefered_lft);
1383	max_desync_factor = min_t(long,
1384	idev->cnf.max_desync_factor,
1385	cnf_temp_preferred_lft - regen_advance);
1386
1387	if (unlikely(idev->desync_factor > max_desync_factor)) {
1388	if (max_desync_factor > 0) {
1389	get_random_bytes(buf: &idev->desync_factor,
1390	len: sizeof(idev->desync_factor));
1391	idev->desync_factor %= max_desync_factor;
1392	} else {
1393	idev->desync_factor = 0;
1394	}
1395	}
1396
1397	memset(&cfg, 0, sizeof(cfg));
1398	cfg.valid_lft = min_t(__u32, ifp->valid_lft,
1399	idev->cnf.temp_valid_lft + age);
1400	cfg.preferred_lft = cnf_temp_preferred_lft + age - idev->desync_factor;
1401	cfg.preferred_lft = min_t(__u32, ifp->prefered_lft, cfg.preferred_lft);
1402	cfg.preferred_lft = min_t(__u32, cfg.valid_lft, cfg.preferred_lft);
1403
1404	cfg.plen = ifp->prefix_len;
1405	tmp_tstamp = ifp->tstamp;
1406	spin_unlock_bh(lock: &ifp->lock);
1407
1408	write_unlock_bh(&idev->lock);
1409
1410	/* From RFC 4941:
1411	*
1412	* A temporary address is created only if this calculated Preferred
1413	* Lifetime is greater than REGEN_ADVANCE time units. In
1414	* particular, an implementation must not create a temporary address
1415	* with a zero Preferred Lifetime.
1416	*
1417	* Clamp the preferred lifetime to a minimum of regen_advance, unless
1418	* that would exceed valid_lft.
1419	*
1420	* Use age calculation as in addrconf_verify to avoid unnecessary
1421	* temporary addresses being generated.
1422	*/
1423	age = (now - tmp_tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
1424	if (cfg.preferred_lft <= regen_advance + age)
1425	cfg.preferred_lft = regen_advance + age + 1;
1426	if (cfg.preferred_lft > cfg.valid_lft) {
1427	in6_ifa_put(ifp);
1428	in6_dev_put(idev);
1429	ret = -1;
1430	goto out;
1431	}
1432
1433	cfg.ifa_flags = IFA_F_TEMPORARY;
1434	/* set in addrconf_prefix_rcv() */
1435	if (ifp->flags & IFA_F_OPTIMISTIC)
1436	cfg.ifa_flags |= IFA_F_OPTIMISTIC;
1437
1438	cfg.pfx = &addr;
1439	cfg.scope = ipv6_addr_scope(addr: cfg.pfx);
1440
1441	ift = ipv6_add_addr(idev, cfg: &cfg, can_block: block, NULL);
1442	if (IS_ERR(ptr: ift)) {
1443	in6_ifa_put(ifp);
1444	in6_dev_put(idev);
1445	pr_info("%s: retry temporary address regeneration\n", __func__);
1446	write_lock_bh(&idev->lock);
1447	goto retry;
1448	}
1449
1450	spin_lock_bh(lock: &ift->lock);
1451	ift->ifpub = ifp;
1452	ift->cstamp = now;
1453	ift->tstamp = tmp_tstamp;
1454	spin_unlock_bh(lock: &ift->lock);
1455
1456	addrconf_dad_start(ifp: ift);
1457	in6_ifa_put(ifp: ift);
1458	in6_dev_put(idev);
1459	out:
1460	return ret;
1461	}
1462
1463	/*
1464	* Choose an appropriate source address (RFC3484)
1465	*/
1466	enum {
1467	IPV6_SADDR_RULE_INIT = 0,
1468	IPV6_SADDR_RULE_LOCAL,
1469	IPV6_SADDR_RULE_SCOPE,
1470	IPV6_SADDR_RULE_PREFERRED,
1471	#ifdef CONFIG_IPV6_MIP6
1472	IPV6_SADDR_RULE_HOA,
1473	#endif
1474	IPV6_SADDR_RULE_OIF,
1475	IPV6_SADDR_RULE_LABEL,
1476	IPV6_SADDR_RULE_PRIVACY,
1477	IPV6_SADDR_RULE_ORCHID,
1478	IPV6_SADDR_RULE_PREFIX,
1479	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1480	IPV6_SADDR_RULE_NOT_OPTIMISTIC,
1481	#endif
1482	IPV6_SADDR_RULE_MAX
1483	};
1484
1485	struct ipv6_saddr_score {
1486	int rule;
1487	int addr_type;
1488	struct inet6_ifaddr *ifa;
1489	DECLARE_BITMAP(scorebits, IPV6_SADDR_RULE_MAX);
1490	int scopedist;
1491	int matchlen;
1492	};
1493
1494	struct ipv6_saddr_dst {
1495	const struct in6_addr *addr;
1496	int ifindex;
1497	int scope;
1498	int label;
1499	unsigned int prefs;
1500	};
1501
1502	static inline int ipv6_saddr_preferred(int type)
1503	{
1504	if (type & (IPV6_ADDR_MAPPED|IPV6_ADDR_COMPATv4|IPV6_ADDR_LOOPBACK))
1505	return 1;
1506	return 0;
1507	}
1508
1509	static bool ipv6_use_optimistic_addr(struct net *net,
1510	struct inet6_dev *idev)
1511	{
1512	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1513	if (!idev)
1514	return false;
1515	if (!net->ipv6.devconf_all->optimistic_dad && !idev->cnf.optimistic_dad)
1516	return false;
1517	if (!net->ipv6.devconf_all->use_optimistic && !idev->cnf.use_optimistic)
1518	return false;
1519
1520	return true;
1521	#else
1522	return false;
1523	#endif
1524	}
1525
1526	static bool ipv6_allow_optimistic_dad(struct net *net,
1527	struct inet6_dev *idev)
1528	{
1529	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1530	if (!idev)
1531	return false;
1532	if (!net->ipv6.devconf_all->optimistic_dad && !idev->cnf.optimistic_dad)
1533	return false;
1534
1535	return true;
1536	#else
1537	return false;
1538	#endif
1539	}
1540
1541	static int ipv6_get_saddr_eval(struct net *net,
1542	struct ipv6_saddr_score *score,
1543	struct ipv6_saddr_dst *dst,
1544	int i)
1545	{
1546	int ret;
1547
1548	if (i <= score->rule) {
1549	switch (i) {
1550	case IPV6_SADDR_RULE_SCOPE:
1551	ret = score->scopedist;
1552	break;
1553	case IPV6_SADDR_RULE_PREFIX:
1554	ret = score->matchlen;
1555	break;
1556	default:
1557	ret = !!test_bit(i, score->scorebits);
1558	}
1559	goto out;
1560	}
1561
1562	switch (i) {
1563	case IPV6_SADDR_RULE_INIT:
1564	/* Rule 0: remember if hiscore is not ready yet */
1565	ret = !!score->ifa;
1566	break;
1567	case IPV6_SADDR_RULE_LOCAL:
1568	/* Rule 1: Prefer same address */
1569	ret = ipv6_addr_equal(a1: &score->ifa->addr, a2: dst->addr);
1570	break;
1571	case IPV6_SADDR_RULE_SCOPE:
1572	/* Rule 2: Prefer appropriate scope
1573	*
1574	* ret
1575	* ^
1576	* -1 | d 15
1577	* ---+--+-+---> scope
1578	* |
1579	* | d is scope of the destination.
1580	* B-d | \
1581	* | \ <- smaller scope is better if
1582	* B-15 | \ if scope is enough for destination.
1583	* | ret = B - scope (-1 <= scope >= d <= 15).
1584	* d-C-1 | /
1585	* |/ <- greater is better
1586	* -C / if scope is not enough for destination.
1587	* /| ret = scope - C (-1 <= d < scope <= 15).
1588	*
1589	* d - C - 1 < B -15 (for all -1 <= d <= 15).
1590	* C > d + 14 - B >= 15 + 14 - B = 29 - B.
1591	* Assume B = 0 and we get C > 29.
1592	*/
1593	ret = __ipv6_addr_src_scope(type: score->addr_type);
1594	if (ret >= dst->scope)
1595	ret = -ret;
1596	else
1597	ret -= 128; /* 30 is enough */
1598	score->scopedist = ret;
1599	break;
1600	case IPV6_SADDR_RULE_PREFERRED:
1601	{
1602	/* Rule 3: Avoid deprecated and optimistic addresses */
1603	u8 avoid = IFA_F_DEPRECATED;
1604
1605	if (!ipv6_use_optimistic_addr(net, idev: score->ifa->idev))
1606	avoid |= IFA_F_OPTIMISTIC;
1607	ret = ipv6_saddr_preferred(type: score->addr_type) ||
1608	!(score->ifa->flags & avoid);
1609	break;
1610	}
1611	#ifdef CONFIG_IPV6_MIP6
1612	case IPV6_SADDR_RULE_HOA:
1613	{
1614	/* Rule 4: Prefer home address */
1615	int prefhome = !(dst->prefs & IPV6_PREFER_SRC_COA);
1616	ret = !(score->ifa->flags & IFA_F_HOMEADDRESS) ^ prefhome;
1617	break;
1618	}
1619	#endif
1620	case IPV6_SADDR_RULE_OIF:
1621	/* Rule 5: Prefer outgoing interface */
1622	ret = (!dst->ifindex ||
1623	dst->ifindex == score->ifa->idev->dev->ifindex);
1624	break;
1625	case IPV6_SADDR_RULE_LABEL:
1626	/* Rule 6: Prefer matching label */
1627	ret = ipv6_addr_label(net,
1628	addr: &score->ifa->addr, type: score->addr_type,
1629	ifindex: score->ifa->idev->dev->ifindex) == dst->label;
1630	break;
1631	case IPV6_SADDR_RULE_PRIVACY:
1632	{
1633	/* Rule 7: Prefer public address
1634	* Note: prefer temporary address if use_tempaddr >= 2
1635	*/
1636	int preftmp = dst->prefs & (IPV6_PREFER_SRC_PUBLIC|IPV6_PREFER_SRC_TMP) ?
1637	!!(dst->prefs & IPV6_PREFER_SRC_TMP) :
1638	score->ifa->idev->cnf.use_tempaddr >= 2;
1639	ret = (!(score->ifa->flags & IFA_F_TEMPORARY)) ^ preftmp;
1640	break;
1641	}
1642	case IPV6_SADDR_RULE_ORCHID:
1643	/* Rule 8-: Prefer ORCHID vs ORCHID or
1644	* non-ORCHID vs non-ORCHID
1645	*/
1646	ret = !(ipv6_addr_orchid(a: &score->ifa->addr) ^
1647	ipv6_addr_orchid(a: dst->addr));
1648	break;
1649	case IPV6_SADDR_RULE_PREFIX:
1650	/* Rule 8: Use longest matching prefix */
1651	ret = ipv6_addr_diff(a1: &score->ifa->addr, a2: dst->addr);
1652	if (ret > score->ifa->prefix_len)
1653	ret = score->ifa->prefix_len;
1654	score->matchlen = ret;
1655	break;
1656	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1657	case IPV6_SADDR_RULE_NOT_OPTIMISTIC:
1658	/* Optimistic addresses still have lower precedence than other
1659	* preferred addresses.
1660	*/
1661	ret = !(score->ifa->flags & IFA_F_OPTIMISTIC);
1662	break;
1663	#endif
1664	default:
1665	ret = 0;
1666	}
1667
1668	if (ret)
1669	__set_bit(i, score->scorebits);
1670	score->rule = i;
1671	out:
1672	return ret;
1673	}
1674
1675	static int __ipv6_dev_get_saddr(struct net *net,
1676	struct ipv6_saddr_dst *dst,
1677	struct inet6_dev *idev,
1678	struct ipv6_saddr_score *scores,
1679	int hiscore_idx)
1680	{
1681	struct ipv6_saddr_score *score = &scores[1 - hiscore_idx], *hiscore = &scores[hiscore_idx];
1682
1683	list_for_each_entry_rcu(score->ifa, &idev->addr_list, if_list) {
1684	int i;
1685
1686	/*
1687	* - Tentative Address (RFC2462 section 5.4)
1688	* - A tentative address is not considered
1689	* "assigned to an interface" in the traditional
1690	* sense, unless it is also flagged as optimistic.
1691	* - Candidate Source Address (section 4)
1692	* - In any case, anycast addresses, multicast
1693	* addresses, and the unspecified address MUST
1694	* NOT be included in a candidate set.
1695	*/
1696	if ((score->ifa->flags & IFA_F_TENTATIVE) &&
1697	(!(score->ifa->flags & IFA_F_OPTIMISTIC)))
1698	continue;
1699
1700	score->addr_type = __ipv6_addr_type(addr: &score->ifa->addr);
1701
1702	if (unlikely(score->addr_type == IPV6_ADDR_ANY ||
1703	score->addr_type & IPV6_ADDR_MULTICAST)) {
1704	net_dbg_ratelimited("ADDRCONF: unspecified / multicast address assigned as unicast address on %s",
1705	idev->dev->name);
1706	continue;
1707	}
1708
1709	score->rule = -1;
1710	bitmap_zero(dst: score->scorebits, nbits: IPV6_SADDR_RULE_MAX);
1711
1712	for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) {
1713	int minihiscore, miniscore;
1714
1715	minihiscore = ipv6_get_saddr_eval(net, score: hiscore, dst, i);
1716	miniscore = ipv6_get_saddr_eval(net, score, dst, i);
1717
1718	if (minihiscore > miniscore) {
1719	if (i == IPV6_SADDR_RULE_SCOPE &&
1720	score->scopedist > 0) {
1721	/*
1722	* special case:
1723	* each remaining entry
1724	* has too small (not enough)
1725	* scope, because ifa entries
1726	* are sorted by their scope
1727	* values.
1728	*/
1729	goto out;
1730	}
1731	break;
1732	} else if (minihiscore < miniscore) {
1733	swap(hiscore, score);
1734	hiscore_idx = 1 - hiscore_idx;
1735
1736	/* restore our iterator */
1737	score->ifa = hiscore->ifa;
1738
1739	break;
1740	}
1741	}
1742	}
1743	out:
1744	return hiscore_idx;
1745	}
1746
1747	static int ipv6_get_saddr_master(struct net *net,
1748	const struct net_device *dst_dev,
1749	const struct net_device *master,
1750	struct ipv6_saddr_dst *dst,
1751	struct ipv6_saddr_score *scores,
1752	int hiscore_idx)
1753	{
1754	struct inet6_dev *idev;
1755
1756	idev = __in6_dev_get(dev: dst_dev);
1757	if (idev)
1758	hiscore_idx = __ipv6_dev_get_saddr(net, dst, idev,
1759	scores, hiscore_idx);
1760
1761	idev = __in6_dev_get(dev: master);
1762	if (idev)
1763	hiscore_idx = __ipv6_dev_get_saddr(net, dst, idev,
1764	scores, hiscore_idx);
1765
1766	return hiscore_idx;
1767	}
1768
1769	int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
1770	const struct in6_addr *daddr, unsigned int prefs,
1771	struct in6_addr *saddr)
1772	{
1773	struct ipv6_saddr_score scores[2], *hiscore;
1774	struct ipv6_saddr_dst dst;
1775	struct inet6_dev *idev;
1776	struct net_device *dev;
1777	int dst_type;
1778	bool use_oif_addr = false;
1779	int hiscore_idx = 0;
1780	int ret = 0;
1781
1782	dst_type = __ipv6_addr_type(addr: daddr);
1783	dst.addr = daddr;
1784	dst.ifindex = dst_dev ? dst_dev->ifindex : 0;
1785	dst.scope = __ipv6_addr_src_scope(type: dst_type);
1786	dst.label = ipv6_addr_label(net, addr: daddr, type: dst_type, ifindex: dst.ifindex);
1787	dst.prefs = prefs;
1788
1789	scores[hiscore_idx].rule = -1;
1790	scores[hiscore_idx].ifa = NULL;
1791
1792	rcu_read_lock();
1793
1794	/* Candidate Source Address (section 4)
1795	* - multicast and link-local destination address,
1796	* the set of candidate source address MUST only
1797	* include addresses assigned to interfaces
1798	* belonging to the same link as the outgoing
1799	* interface.
1800	* (- For site-local destination addresses, the
1801	* set of candidate source addresses MUST only
1802	* include addresses assigned to interfaces
1803	* belonging to the same site as the outgoing
1804	* interface.)
1805	* - "It is RECOMMENDED that the candidate source addresses
1806	* be the set of unicast addresses assigned to the
1807	* interface that will be used to send to the destination
1808	* (the 'outgoing' interface)." (RFC 6724)
1809	*/
1810	if (dst_dev) {
1811	idev = __in6_dev_get(dev: dst_dev);
1812	if ((dst_type & IPV6_ADDR_MULTICAST) ||
1813	dst.scope <= IPV6_ADDR_SCOPE_LINKLOCAL ||
1814	(idev && idev->cnf.use_oif_addrs_only)) {
1815	use_oif_addr = true;
1816	}
1817	}
1818
1819	if (use_oif_addr) {
1820	if (idev)
1821	hiscore_idx = __ipv6_dev_get_saddr(net, dst: &dst, idev, scores, hiscore_idx);
1822	} else {
1823	const struct net_device *master;
1824	int master_idx = 0;
1825
1826	/* if dst_dev exists and is enslaved to an L3 device, then
1827	* prefer addresses from dst_dev and then the master over
1828	* any other enslaved devices in the L3 domain.
1829	*/
1830	master = l3mdev_master_dev_rcu(dev: dst_dev);
1831	if (master) {
1832	master_idx = master->ifindex;
1833
1834	hiscore_idx = ipv6_get_saddr_master(net, dst_dev,
1835	master, dst: &dst,
1836	scores, hiscore_idx);
1837
1838	if (scores[hiscore_idx].ifa)
1839	goto out;
1840	}
1841
1842	for_each_netdev_rcu(net, dev) {
1843	/* only consider addresses on devices in the
1844	* same L3 domain
1845	*/
1846	if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1847	continue;
1848	idev = __in6_dev_get(dev);
1849	if (!idev)
1850	continue;
1851	hiscore_idx = __ipv6_dev_get_saddr(net, dst: &dst, idev, scores, hiscore_idx);
1852	}
1853	}
1854
1855	out:
1856	hiscore = &scores[hiscore_idx];
1857	if (!hiscore->ifa)
1858	ret = -EADDRNOTAVAIL;
1859	else
1860	*saddr = hiscore->ifa->addr;
1861
1862	rcu_read_unlock();
1863	return ret;
1864	}
1865	EXPORT_SYMBOL(ipv6_dev_get_saddr);
1866
1867	static int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
1868	u32 banned_flags)
1869	{
1870	struct inet6_ifaddr *ifp;
1871	int err = -EADDRNOTAVAIL;
1872
1873	list_for_each_entry_reverse(ifp, &idev->addr_list, if_list) {
1874	if (ifp->scope > IFA_LINK)
1875	break;
1876	if (ifp->scope == IFA_LINK &&
1877	!(ifp->flags & banned_flags)) {
1878	*addr = ifp->addr;
1879	err = 0;
1880	break;
1881	}
1882	}
1883	return err;
1884	}
1885
1886	int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
1887	u32 banned_flags)
1888	{
1889	struct inet6_dev *idev;
1890	int err = -EADDRNOTAVAIL;
1891
1892	rcu_read_lock();
1893	idev = __in6_dev_get(dev);
1894	if (idev) {
1895	read_lock_bh(&idev->lock);
1896	err = __ipv6_get_lladdr(idev, addr, banned_flags);
1897	read_unlock_bh(&idev->lock);
1898	}
1899	rcu_read_unlock();
1900	return err;
1901	}
1902
1903	static int ipv6_count_addresses(const struct inet6_dev *idev)
1904	{
1905	const struct inet6_ifaddr *ifp;
1906	int cnt = 0;
1907
1908	rcu_read_lock();
1909	list_for_each_entry_rcu(ifp, &idev->addr_list, if_list)
1910	cnt++;
1911	rcu_read_unlock();
1912	return cnt;
1913	}
1914
1915	int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
1916	const struct net_device *dev, int strict)
1917	{
1918	return ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check: !dev,
1919	strict, IFA_F_TENTATIVE);
1920	}
1921	EXPORT_SYMBOL(ipv6_chk_addr);
1922
1923	/* device argument is used to find the L3 domain of interest. If
1924	* skip_dev_check is set, then the ifp device is not checked against
1925	* the passed in dev argument. So the 2 cases for addresses checks are:
1926	* 1. does the address exist in the L3 domain that dev is part of
1927	* (skip_dev_check = true), or
1928	*
1929	* 2. does the address exist on the specific device
1930	* (skip_dev_check = false)
1931	*/
1932	static struct net_device *
1933	__ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
1934	const struct net_device *dev, bool skip_dev_check,
1935	int strict, u32 banned_flags)
1936	{
1937	unsigned int hash = inet6_addr_hash(net, addr);
1938	struct net_device *l3mdev, *ndev;
1939	struct inet6_ifaddr *ifp;
1940	u32 ifp_flags;
1941
1942	rcu_read_lock();
1943
1944	l3mdev = l3mdev_master_dev_rcu(dev: dev);
1945	if (skip_dev_check)
1946	dev = NULL;
1947
1948	hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) {
1949	ndev = ifp->idev->dev;
1950
1951	if (l3mdev_master_dev_rcu(dev: ndev) != l3mdev)
1952	continue;
1953
1954	/* Decouple optimistic from tentative for evaluation here.
1955	* Ban optimistic addresses explicitly, when required.
1956	*/
1957	ifp_flags = (ifp->flags&IFA_F_OPTIMISTIC)
1958	? (ifp->flags&~IFA_F_TENTATIVE)
1959	: ifp->flags;
1960	if (ipv6_addr_equal(a1: &ifp->addr, a2: addr) &&
1961	!(ifp_flags&banned_flags) &&
1962	(!dev || ndev == dev ||
1963	!(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) {
1964	rcu_read_unlock();
1965	return ndev;
1966	}
1967	}
1968
1969	rcu_read_unlock();
1970	return NULL;
1971	}
1972
1973	int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
1974	const struct net_device *dev, bool skip_dev_check,
1975	int strict, u32 banned_flags)
1976	{
1977	return __ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check,
1978	strict, banned_flags) ? 1 : 0;
1979	}
1980	EXPORT_SYMBOL(ipv6_chk_addr_and_flags);
1981
1982
1983	/* Compares an address/prefix_len with addresses on device @dev.
1984	* If one is found it returns true.
1985	*/
1986	bool ipv6_chk_custom_prefix(const struct in6_addr *addr,
1987	const unsigned int prefix_len, struct net_device *dev)
1988	{
1989	const struct inet6_ifaddr *ifa;
1990	const struct inet6_dev *idev;
1991	bool ret = false;
1992
1993	rcu_read_lock();
1994	idev = __in6_dev_get(dev);
1995	if (idev) {
1996	list_for_each_entry_rcu(ifa, &idev->addr_list, if_list) {
1997	ret = ipv6_prefix_equal(addr1: addr, addr2: &ifa->addr, prefixlen: prefix_len);
1998	if (ret)
1999	break;
2000	}
2001	}
2002	rcu_read_unlock();
2003
2004	return ret;
2005	}
2006	EXPORT_SYMBOL(ipv6_chk_custom_prefix);
2007
2008	int ipv6_chk_prefix(const struct in6_addr *addr, struct net_device *dev)
2009	{
2010	const struct inet6_ifaddr *ifa;
2011	const struct inet6_dev *idev;
2012	int onlink;
2013
2014	onlink = 0;
2015	rcu_read_lock();
2016	idev = __in6_dev_get(dev);
2017	if (idev) {
2018	list_for_each_entry_rcu(ifa, &idev->addr_list, if_list) {
2019	onlink = ipv6_prefix_equal(addr1: addr, addr2: &ifa->addr,
2020	prefixlen: ifa->prefix_len);
2021	if (onlink)
2022	break;
2023	}
2024	}
2025	rcu_read_unlock();
2026	return onlink;
2027	}
2028	EXPORT_SYMBOL(ipv6_chk_prefix);
2029
2030	/**
2031	* ipv6_dev_find - find the first device with a given source address.
2032	* @net: the net namespace
2033	* @addr: the source address
2034	* @dev: used to find the L3 domain of interest
2035	*
2036	* The caller should be protected by RCU, or RTNL.
2037	*/
2038	struct net_device *ipv6_dev_find(struct net *net, const struct in6_addr *addr,
2039	struct net_device *dev)
2040	{
2041	return __ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check: !dev, strict: 1,
2042	IFA_F_TENTATIVE);
2043	}
2044	EXPORT_SYMBOL(ipv6_dev_find);
2045
2046	struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, const struct in6_addr *addr,
2047	struct net_device *dev, int strict)
2048	{
2049	unsigned int hash = inet6_addr_hash(net, addr);
2050	struct inet6_ifaddr *ifp, *result = NULL;
2051
2052	rcu_read_lock();
2053	hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) {
2054	if (ipv6_addr_equal(a1: &ifp->addr, a2: addr)) {
2055	if (!dev || ifp->idev->dev == dev ||
2056	!(ifp->scope&(IFA_LINK|IFA_HOST) || strict)) {
2057	result = ifp;
2058	in6_ifa_hold(ifp);
2059	break;
2060	}
2061	}
2062	}
2063	rcu_read_unlock();
2064
2065	return result;
2066	}
2067
2068	/* Gets referenced address, destroys ifaddr */
2069
2070	static void addrconf_dad_stop(struct inet6_ifaddr *ifp, int dad_failed)
2071	{
2072	if (dad_failed)
2073	ifp->flags |= IFA_F_DADFAILED;
2074
2075	if (ifp->flags&IFA_F_TEMPORARY) {
2076	struct inet6_ifaddr *ifpub;
2077	spin_lock_bh(lock: &ifp->lock);
2078	ifpub = ifp->ifpub;
2079	if (ifpub) {
2080	in6_ifa_hold(ifp: ifpub);
2081	spin_unlock_bh(lock: &ifp->lock);
2082	ipv6_create_tempaddr(ifp: ifpub, block: true);
2083	in6_ifa_put(ifp: ifpub);
2084	} else {
2085	spin_unlock_bh(lock: &ifp->lock);
2086	}
2087	ipv6_del_addr(ifp);
2088	} else if (ifp->flags&IFA_F_PERMANENT || !dad_failed) {
2089	spin_lock_bh(lock: &ifp->lock);
2090	addrconf_del_dad_work(ifp);
2091	ifp->flags |= IFA_F_TENTATIVE;
2092	if (dad_failed)
2093	ifp->flags &= ~IFA_F_OPTIMISTIC;
2094	spin_unlock_bh(lock: &ifp->lock);
2095	if (dad_failed)
2096	ipv6_ifa_notify(event: 0, ifa: ifp);
2097	in6_ifa_put(ifp);
2098	} else {
2099	ipv6_del_addr(ifp);
2100	}
2101	}
2102
2103	static int addrconf_dad_end(struct inet6_ifaddr *ifp)
2104	{
2105	int err = -ENOENT;
2106
2107	spin_lock_bh(lock: &ifp->lock);
2108	if (ifp->state == INET6_IFADDR_STATE_DAD) {
2109	ifp->state = INET6_IFADDR_STATE_POSTDAD;
2110	err = 0;
2111	}
2112	spin_unlock_bh(lock: &ifp->lock);
2113
2114	return err;
2115	}
2116
2117	void addrconf_dad_failure(struct sk_buff *skb, struct inet6_ifaddr *ifp)
2118	{
2119	struct inet6_dev *idev = ifp->idev;
2120	struct net *net = dev_net(dev: idev->dev);
2121
2122	if (addrconf_dad_end(ifp)) {
2123	in6_ifa_put(ifp);
2124	return;
2125	}
2126
2127	net_info_ratelimited("%s: IPv6 duplicate address %pI6c used by %pM detected!\n",
2128	ifp->idev->dev->name, &ifp->addr, eth_hdr(skb)->h_source);
2129
2130	spin_lock_bh(lock: &ifp->lock);
2131
2132	if (ifp->flags & IFA_F_STABLE_PRIVACY) {
2133	struct in6_addr new_addr;
2134	struct inet6_ifaddr *ifp2;
2135	int retries = ifp->stable_privacy_retry + 1;
2136	struct ifa6_config cfg = {
2137	.pfx = &new_addr,
2138	.plen = ifp->prefix_len,
2139	.ifa_flags = ifp->flags,
2140	.valid_lft = ifp->valid_lft,
2141	.preferred_lft = ifp->prefered_lft,
2142	.scope = ifp->scope,
2143	};
2144
2145	if (retries > net->ipv6.sysctl.idgen_retries) {
2146	net_info_ratelimited("%s: privacy stable address generation failed because of DAD conflicts!\n",
2147	ifp->idev->dev->name);
2148	goto errdad;
2149	}
2150
2151	new_addr = ifp->addr;
2152	if (ipv6_generate_stable_address(addr: &new_addr, dad_count: retries,
2153	idev))
2154	goto errdad;
2155
2156	spin_unlock_bh(lock: &ifp->lock);
2157
2158	if (idev->cnf.max_addresses &&
2159	ipv6_count_addresses(idev) >=
2160	idev->cnf.max_addresses)
2161	goto lock_errdad;
2162
2163	net_info_ratelimited("%s: generating new stable privacy address because of DAD conflict\n",
2164	ifp->idev->dev->name);
2165
2166	ifp2 = ipv6_add_addr(idev, cfg: &cfg, can_block: false, NULL);
2167	if (IS_ERR(ptr: ifp2))
2168	goto lock_errdad;
2169
2170	spin_lock_bh(lock: &ifp2->lock);
2171	ifp2->stable_privacy_retry = retries;
2172	ifp2->state = INET6_IFADDR_STATE_PREDAD;
2173	spin_unlock_bh(lock: &ifp2->lock);
2174
2175	addrconf_mod_dad_work(ifp: ifp2, delay: net->ipv6.sysctl.idgen_delay);
2176	in6_ifa_put(ifp: ifp2);
2177	lock_errdad:
2178	spin_lock_bh(lock: &ifp->lock);
2179	}
2180
2181	errdad:
2182	/* transition from _POSTDAD to _ERRDAD */
2183	ifp->state = INET6_IFADDR_STATE_ERRDAD;
2184	spin_unlock_bh(lock: &ifp->lock);
2185
2186	addrconf_mod_dad_work(ifp, delay: 0);
2187	in6_ifa_put(ifp);
2188	}
2189
2190	/* Join to solicited addr multicast group.
2191	* caller must hold RTNL */
2192	void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr)
2193	{
2194	struct in6_addr maddr;
2195
2196	if (dev->flags&(IFF_LOOPBACK|IFF_NOARP))
2197	return;
2198
2199	addrconf_addr_solict_mult(addr, solicited: &maddr);
2200	ipv6_dev_mc_inc(dev, addr: &maddr);
2201	}
2202
2203	/* caller must hold RTNL */
2204	void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr)
2205	{
2206	struct in6_addr maddr;
2207
2208	if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP))
2209	return;
2210
2211	addrconf_addr_solict_mult(addr, solicited: &maddr);
2212	__ipv6_dev_mc_dec(idev, addr: &maddr);
2213	}
2214
2215	/* caller must hold RTNL */
2216	static void addrconf_join_anycast(struct inet6_ifaddr *ifp)
2217	{
2218	struct in6_addr addr;
2219
2220	if (ifp->prefix_len >= 127) /* RFC 6164 */
2221	return;
2222	ipv6_addr_prefix(pfx: &addr, addr: &ifp->addr, plen: ifp->prefix_len);
2223	if (ipv6_addr_any(a: &addr))
2224	return;
2225	__ipv6_dev_ac_inc(idev: ifp->idev, addr: &addr);
2226	}
2227
2228	/* caller must hold RTNL */
2229	static void addrconf_leave_anycast(struct inet6_ifaddr *ifp)
2230	{
2231	struct in6_addr addr;
2232
2233	if (ifp->prefix_len >= 127) /* RFC 6164 */
2234	return;
2235	ipv6_addr_prefix(pfx: &addr, addr: &ifp->addr, plen: ifp->prefix_len);
2236	if (ipv6_addr_any(a: &addr))
2237	return;
2238	__ipv6_dev_ac_dec(idev: ifp->idev, addr: &addr);
2239	}
2240
2241	static int addrconf_ifid_6lowpan(u8 *eui, struct net_device *dev)
2242	{
2243	switch (dev->addr_len) {
2244	case ETH_ALEN:
2245	memcpy(eui, dev->dev_addr, 3);
2246	eui[3] = 0xFF;
2247	eui[4] = 0xFE;
2248	memcpy(eui + 5, dev->dev_addr + 3, 3);
2249	break;
2250	case EUI64_ADDR_LEN:
2251	memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN);
2252	eui[0] ^= 2;
2253	break;
2254	default:
2255	return -1;
2256	}
2257
2258	return 0;
2259	}
2260
2261	static int addrconf_ifid_ieee1394(u8 *eui, struct net_device *dev)
2262	{
2263	const union fwnet_hwaddr *ha;
2264
2265	if (dev->addr_len != FWNET_ALEN)
2266	return -1;
2267
2268	ha = (const union fwnet_hwaddr *)dev->dev_addr;
2269
2270	memcpy(eui, &ha->uc.uniq_id, sizeof(ha->uc.uniq_id));
2271	eui[0] ^= 2;
2272	return 0;
2273	}
2274
2275	static int addrconf_ifid_arcnet(u8 *eui, struct net_device *dev)
2276	{
2277	/* XXX: inherit EUI-64 from other interface -- yoshfuji */
2278	if (dev->addr_len != ARCNET_ALEN)
2279	return -1;
2280	memset(eui, 0, 7);
2281	eui[7] = *(u8 *)dev->dev_addr;
2282	return 0;
2283	}
2284
2285	static int addrconf_ifid_infiniband(u8 *eui, struct net_device *dev)
2286	{
2287	if (dev->addr_len != INFINIBAND_ALEN)
2288	return -1;
2289	memcpy(eui, dev->dev_addr + 12, 8);
2290	eui[0] |= 2;
2291	return 0;
2292	}
2293
2294	static int __ipv6_isatap_ifid(u8 *eui, __be32 addr)
2295	{
2296	if (addr == 0)
2297	return -1;
2298	eui[0] = (ipv4_is_zeronet(addr) || ipv4_is_private_10(addr) ||
2299	ipv4_is_loopback(addr) || ipv4_is_linklocal_169(addr) ||
2300	ipv4_is_private_172(addr) || ipv4_is_test_192(addr) ||
2301	ipv4_is_anycast_6to4(addr) || ipv4_is_private_192(addr) ||
2302	ipv4_is_test_198(addr) || ipv4_is_multicast(addr) ||
2303	ipv4_is_lbcast(addr)) ? 0x00 : 0x02;
2304	eui[1] = 0;
2305	eui[2] = 0x5E;
2306	eui[3] = 0xFE;
2307	memcpy(eui + 4, &addr, 4);
2308	return 0;
2309	}
2310
2311	static int addrconf_ifid_sit(u8 *eui, struct net_device *dev)
2312	{
2313	if (dev->priv_flags & IFF_ISATAP)
2314	return __ipv6_isatap_ifid(eui, addr: *(__be32 *)dev->dev_addr);
2315	return -1;
2316	}
2317
2318	static int addrconf_ifid_gre(u8 *eui, struct net_device *dev)
2319	{
2320	return __ipv6_isatap_ifid(eui, addr: *(__be32 *)dev->dev_addr);
2321	}
2322
2323	static int addrconf_ifid_ip6tnl(u8 *eui, struct net_device *dev)
2324	{
2325	memcpy(eui, dev->perm_addr, 3);
2326	memcpy(eui + 5, dev->perm_addr + 3, 3);
2327	eui[3] = 0xFF;
2328	eui[4] = 0xFE;
2329	eui[0] ^= 2;
2330	return 0;
2331	}
2332
2333	static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
2334	{
2335	switch (dev->type) {
2336	case ARPHRD_ETHER:
2337	case ARPHRD_FDDI:
2338	return addrconf_ifid_eui48(eui, dev);
2339	case ARPHRD_ARCNET:
2340	return addrconf_ifid_arcnet(eui, dev);
2341	case ARPHRD_INFINIBAND:
2342	return addrconf_ifid_infiniband(eui, dev);
2343	case ARPHRD_SIT:
2344	return addrconf_ifid_sit(eui, dev);
2345	case ARPHRD_IPGRE:
2346	case ARPHRD_TUNNEL:
2347	return addrconf_ifid_gre(eui, dev);
2348	case ARPHRD_6LOWPAN:
2349	return addrconf_ifid_6lowpan(eui, dev);
2350	case ARPHRD_IEEE1394:
2351	return addrconf_ifid_ieee1394(eui, dev);
2352	case ARPHRD_TUNNEL6:
2353	case ARPHRD_IP6GRE:
2354	case ARPHRD_RAWIP:
2355	return addrconf_ifid_ip6tnl(eui, dev);
2356	}
2357	return -1;
2358	}
2359
2360	static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
2361	{
2362	int err = -1;
2363	struct inet6_ifaddr *ifp;
2364
2365	read_lock_bh(&idev->lock);
2366	list_for_each_entry_reverse(ifp, &idev->addr_list, if_list) {
2367	if (ifp->scope > IFA_LINK)
2368	break;
2369	if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) {
2370	memcpy(eui, ifp->addr.s6_addr+8, 8);
2371	err = 0;
2372	break;
2373	}
2374	}
2375	read_unlock_bh(&idev->lock);
2376	return err;
2377	}
2378
2379	/* Generation of a randomized Interface Identifier
2380	* draft-ietf-6man-rfc4941bis, Section 3.3.1
2381	*/
2382
2383	static void ipv6_gen_rnd_iid(struct in6_addr *addr)
2384	{
2385	regen:
2386	get_random_bytes(buf: &addr->s6_addr[8], len: 8);
2387
2388	/* <draft-ietf-6man-rfc4941bis-08.txt>, Section 3.3.1:
2389	* check if generated address is not inappropriate:
2390	*
2391	* - Reserved IPv6 Interface Identifiers
2392	* - XXX: already assigned to an address on the device
2393	*/
2394
2395	/* Subnet-router anycast: 0000:0000:0000:0000 */
2396	if (!(addr->s6_addr32[2] | addr->s6_addr32[3]))
2397	goto regen;
2398
2399	/* IANA Ethernet block: 0200:5EFF:FE00:0000-0200:5EFF:FE00:5212
2400	* Proxy Mobile IPv6: 0200:5EFF:FE00:5213
2401	* IANA Ethernet block: 0200:5EFF:FE00:5214-0200:5EFF:FEFF:FFFF
2402	*/
2403	if (ntohl(addr->s6_addr32[2]) == 0x02005eff &&
2404	(ntohl(addr->s6_addr32[3]) & 0Xff000000) == 0xfe000000)
2405	goto regen;
2406
2407	/* Reserved subnet anycast addresses */
2408	if (ntohl(addr->s6_addr32[2]) == 0xfdffffff &&
2409	ntohl(addr->s6_addr32[3]) >= 0Xffffff80)
2410	goto regen;
2411	}
2412
2413	/*
2414	* Add prefix route.
2415	*/
2416
2417	static void
2418	addrconf_prefix_route(struct in6_addr *pfx, int plen, u32 metric,
2419	struct net_device *dev, unsigned long expires,
2420	u32 flags, gfp_t gfp_flags)
2421	{
2422	struct fib6_config cfg = {
2423	.fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_PREFIX,
2424	.fc_metric = metric ? : IP6_RT_PRIO_ADDRCONF,
2425	.fc_ifindex = dev->ifindex,
2426	.fc_expires = expires,
2427	.fc_dst_len = plen,
2428	.fc_flags = RTF_UP | flags,
2429	.fc_nlinfo.nl_net = dev_net(dev),
2430	.fc_protocol = RTPROT_KERNEL,
2431	.fc_type = RTN_UNICAST,
2432	};
2433
2434	cfg.fc_dst = *pfx;
2435
2436	/* Prevent useless cloning on PtP SIT.
2437	This thing is done here expecting that the whole
2438	class of non-broadcast devices need not cloning.
2439	*/
2440	#if IS_ENABLED(CONFIG_IPV6_SIT)
2441	if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT))
2442	cfg.fc_flags |= RTF_NONEXTHOP;
2443	#endif
2444
2445	ip6_route_add(cfg: &cfg, gfp_flags, NULL);
2446	}
2447
2448
2449	static struct fib6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
2450	int plen,
2451	const struct net_device *dev,
2452	u32 flags, u32 noflags,
2453	bool no_gw)
2454	{
2455	struct fib6_node *fn;
2456	struct fib6_info *rt = NULL;
2457	struct fib6_table *table;
2458	u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_PREFIX;
2459
2460	table = fib6_get_table(net: dev_net(dev), id: tb_id);
2461	if (!table)
2462	return NULL;
2463
2464	rcu_read_lock();
2465	fn = fib6_locate(root: &table->tb6_root, daddr: pfx, dst_len: plen, NULL, src_len: 0, exact_match: true);
2466	if (!fn)
2467	goto out;
2468
2469	for_each_fib6_node_rt_rcu(fn) {
2470	/* prefix routes only use builtin fib6_nh */
2471	if (rt->nh)
2472	continue;
2473
2474	if (rt->fib6_nh->fib_nh_dev->ifindex != dev->ifindex)
2475	continue;
2476	if (no_gw && rt->fib6_nh->fib_nh_gw_family)
2477	continue;
2478	if ((rt->fib6_flags & flags) != flags)
2479	continue;
2480	if ((rt->fib6_flags & noflags) != 0)
2481	continue;
2482	if (!fib6_info_hold_safe(f6i: rt))
2483	continue;
2484	break;
2485	}
2486	out:
2487	rcu_read_unlock();
2488	return rt;
2489	}
2490
2491
2492	/* Create "default" multicast route to the interface */
2493
2494	static void addrconf_add_mroute(struct net_device *dev)
2495	{
2496	struct fib6_config cfg = {
2497	.fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_LOCAL,
2498	.fc_metric = IP6_RT_PRIO_ADDRCONF,
2499	.fc_ifindex = dev->ifindex,
2500	.fc_dst_len = 8,
2501	.fc_flags = RTF_UP,
2502	.fc_type = RTN_MULTICAST,
2503	.fc_nlinfo.nl_net = dev_net(dev),
2504	.fc_protocol = RTPROT_KERNEL,
2505	};
2506
2507	ipv6_addr_set(addr: &cfg.fc_dst, htonl(0xFF000000), w2: 0, w3: 0, w4: 0);
2508
2509	ip6_route_add(cfg: &cfg, GFP_KERNEL, NULL);
2510	}
2511
2512	static struct inet6_dev *addrconf_add_dev(struct net_device *dev)
2513	{
2514	struct inet6_dev *idev;
2515
2516	ASSERT_RTNL();
2517
2518	idev = ipv6_find_idev(dev);
2519	if (IS_ERR(ptr: idev))
2520	return idev;
2521
2522	if (idev->cnf.disable_ipv6)
2523	return ERR_PTR(error: -EACCES);
2524
2525	/* Add default multicast route */
2526	if (!(dev->flags & IFF_LOOPBACK) && !netif_is_l3_master(dev))
2527	addrconf_add_mroute(dev);
2528
2529	return idev;
2530	}
2531
2532	static void manage_tempaddrs(struct inet6_dev *idev,
2533	struct inet6_ifaddr *ifp,
2534	__u32 valid_lft, __u32 prefered_lft,
2535	bool create, unsigned long now)
2536	{
2537	u32 flags;
2538	struct inet6_ifaddr *ift;
2539
2540	read_lock_bh(&idev->lock);
2541	/* update all temporary addresses in the list */
2542	list_for_each_entry(ift, &idev->tempaddr_list, tmp_list) {
2543	int age, max_valid, max_prefered;
2544
2545	if (ifp != ift->ifpub)
2546	continue;
2547
2548	/* RFC 4941 section 3.3:
2549	* If a received option will extend the lifetime of a public
2550	* address, the lifetimes of temporary addresses should
2551	* be extended, subject to the overall constraint that no
2552	* temporary addresses should ever remain "valid" or "preferred"
2553	* for a time longer than (TEMP_VALID_LIFETIME) or
2554	* (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR), respectively.
2555	*/
2556	age = (now - ift->cstamp) / HZ;
2557	max_valid = idev->cnf.temp_valid_lft - age;
2558	if (max_valid < 0)
2559	max_valid = 0;
2560
2561	max_prefered = idev->cnf.temp_prefered_lft -
2562	idev->desync_factor - age;
2563	if (max_prefered < 0)
2564	max_prefered = 0;
2565
2566	if (valid_lft > max_valid)
2567	valid_lft = max_valid;
2568
2569	if (prefered_lft > max_prefered)
2570	prefered_lft = max_prefered;
2571
2572	spin_lock(lock: &ift->lock);
2573	flags = ift->flags;
2574	ift->valid_lft = valid_lft;
2575	ift->prefered_lft = prefered_lft;
2576	ift->tstamp = now;
2577	if (prefered_lft > 0)
2578	ift->flags &= ~IFA_F_DEPRECATED;
2579
2580	spin_unlock(lock: &ift->lock);
2581	if (!(flags&IFA_F_TENTATIVE))
2582	ipv6_ifa_notify(event: 0, ifa: ift);
2583	}
2584
2585	/* Also create a temporary address if it's enabled but no temporary
2586	* address currently exists.
2587	* However, we get called with valid_lft == 0, prefered_lft == 0, create == false
2588	* as part of cleanup (ie. deleting the mngtmpaddr).
2589	* We don't want that to result in creating a new temporary ip address.
2590	*/
2591	if (list_empty(head: &idev->tempaddr_list) && (valid_lft || prefered_lft))
2592	create = true;
2593
2594	if (create && idev->cnf.use_tempaddr > 0) {
2595	/* When a new public address is created as described
2596	* in [ADDRCONF], also create a new temporary address.
2597	*/
2598	read_unlock_bh(&idev->lock);
2599	ipv6_create_tempaddr(ifp, block: false);
2600	} else {
2601	read_unlock_bh(&idev->lock);
2602	}
2603	}
2604
2605	static bool is_addr_mode_generate_stable(struct inet6_dev *idev)
2606	{
2607	return idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY ||
2608	idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM;
2609	}
2610
2611	int addrconf_prefix_rcv_add_addr(struct net *net, struct net_device *dev,
2612	const struct prefix_info *pinfo,
2613	struct inet6_dev *in6_dev,
2614	const struct in6_addr *addr, int addr_type,
2615	u32 addr_flags, bool sllao, bool tokenized,
2616	__u32 valid_lft, u32 prefered_lft)
2617	{
2618	struct inet6_ifaddr *ifp = ipv6_get_ifaddr(net, addr, dev, strict: 1);
2619	int create = 0, update_lft = 0;
2620
2621	if (!ifp && valid_lft) {
2622	int max_addresses = in6_dev->cnf.max_addresses;
2623	struct ifa6_config cfg = {
2624	.pfx = addr,
2625	.plen = pinfo->prefix_len,
2626	.ifa_flags = addr_flags,
2627	.valid_lft = valid_lft,
2628	.preferred_lft = prefered_lft,
2629	.scope = addr_type & IPV6_ADDR_SCOPE_MASK,
2630	.ifa_proto = IFAPROT_KERNEL_RA
2631	};
2632
2633	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
2634	if ((net->ipv6.devconf_all->optimistic_dad ||
2635	in6_dev->cnf.optimistic_dad) &&
2636	!net->ipv6.devconf_all->forwarding && sllao)
2637	cfg.ifa_flags |= IFA_F_OPTIMISTIC;
2638	#endif
2639
2640	/* Do not allow to create too much of autoconfigured
2641	* addresses; this would be too easy way to crash kernel.
2642	*/
2643	if (!max_addresses ||
2644	ipv6_count_addresses(idev: in6_dev) < max_addresses)
2645	ifp = ipv6_add_addr(idev: in6_dev, cfg: &cfg, can_block: false, NULL);
2646
2647	if (IS_ERR_OR_NULL(ptr: ifp))
2648	return -1;
2649
2650	create = 1;
2651	spin_lock_bh(lock: &ifp->lock);
2652	ifp->flags |= IFA_F_MANAGETEMPADDR;
2653	ifp->cstamp = jiffies;
2654	ifp->tokenized = tokenized;
2655	spin_unlock_bh(lock: &ifp->lock);
2656	addrconf_dad_start(ifp);
2657	}
2658
2659	if (ifp) {
2660	u32 flags;
2661	unsigned long now;
2662	u32 stored_lft;
2663
2664	/* update lifetime (RFC2462 5.5.3 e) */
2665	spin_lock_bh(lock: &ifp->lock);
2666	now = jiffies;
2667	if (ifp->valid_lft > (now - ifp->tstamp) / HZ)
2668	stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ;
2669	else
2670	stored_lft = 0;
2671
2672	/* RFC4862 Section 5.5.3e:
2673	* "Note that the preferred lifetime of the
2674	* corresponding address is always reset to
2675	* the Preferred Lifetime in the received
2676	* Prefix Information option, regardless of
2677	* whether the valid lifetime is also reset or
2678	* ignored."
2679	*
2680	* So we should always update prefered_lft here.
2681	*/
2682	update_lft = !create && stored_lft;
2683
2684	if (update_lft && !in6_dev->cnf.ra_honor_pio_life) {
2685	const u32 minimum_lft = min_t(u32,
2686	stored_lft, MIN_VALID_LIFETIME);
2687	valid_lft = max(valid_lft, minimum_lft);
2688	}
2689
2690	if (update_lft) {
2691	ifp->valid_lft = valid_lft;
2692	ifp->prefered_lft = prefered_lft;
2693	ifp->tstamp = now;
2694	flags = ifp->flags;
2695	ifp->flags &= ~IFA_F_DEPRECATED;
2696	spin_unlock_bh(lock: &ifp->lock);
2697
2698	if (!(flags&IFA_F_TENTATIVE))
2699	ipv6_ifa_notify(event: 0, ifa: ifp);
2700	} else
2701	spin_unlock_bh(lock: &ifp->lock);
2702
2703	manage_tempaddrs(idev: in6_dev, ifp, valid_lft, prefered_lft,
2704	create, now);
2705
2706	in6_ifa_put(ifp);
2707	addrconf_verify(net);
2708	}
2709
2710	return 0;
2711	}
2712	EXPORT_SYMBOL_GPL(addrconf_prefix_rcv_add_addr);
2713
2714	void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao)
2715	{
2716	struct prefix_info *pinfo;
2717	__u32 valid_lft;
2718	__u32 prefered_lft;
2719	int addr_type, err;
2720	u32 addr_flags = 0;
2721	struct inet6_dev *in6_dev;
2722	struct net *net = dev_net(dev);
2723
2724	pinfo = (struct prefix_info *) opt;
2725
2726	if (len < sizeof(struct prefix_info)) {
2727	netdev_dbg(dev, "addrconf: prefix option too short\n");
2728	return;
2729	}
2730
2731	/*
2732	* Validation checks ([ADDRCONF], page 19)
2733	*/
2734
2735	addr_type = ipv6_addr_type(addr: &pinfo->prefix);
2736
2737	if (addr_type & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL))
2738	return;
2739
2740	valid_lft = ntohl(pinfo->valid);
2741	prefered_lft = ntohl(pinfo->prefered);
2742
2743	if (prefered_lft > valid_lft) {
2744	net_warn_ratelimited("addrconf: prefix option has invalid lifetime\n");
2745	return;
2746	}
2747
2748	in6_dev = in6_dev_get(dev);
2749
2750	if (!in6_dev) {
2751	net_dbg_ratelimited("addrconf: device %s not configured\n",
2752	dev->name);
2753	return;
2754	}
2755
2756	if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft)
2757	goto put;
2758
2759	/*
2760	* Two things going on here:
2761	* 1) Add routes for on-link prefixes
2762	* 2) Configure prefixes with the auto flag set
2763	*/
2764
2765	if (pinfo->onlink) {
2766	struct fib6_info *rt;
2767	unsigned long rt_expires;
2768
2769	/* Avoid arithmetic overflow. Really, we could
2770	* save rt_expires in seconds, likely valid_lft,
2771	* but it would require division in fib gc, that it
2772	* not good.
2773	*/
2774	if (HZ > USER_HZ)
2775	rt_expires = addrconf_timeout_fixup(timeout: valid_lft, HZ);
2776	else
2777	rt_expires = addrconf_timeout_fixup(timeout: valid_lft, USER_HZ);
2778
2779	if (addrconf_finite_timeout(timeout: rt_expires))
2780	rt_expires *= HZ;
2781
2782	rt = addrconf_get_prefix_route(pfx: &pinfo->prefix,
2783	plen: pinfo->prefix_len,
2784	dev,
2785	RTF_ADDRCONF | RTF_PREFIX_RT,
2786	RTF_DEFAULT, no_gw: true);
2787
2788	if (rt) {
2789	/* Autoconf prefix route */
2790	if (valid_lft == 0) {
2791	ip6_del_rt(net, f6i: rt, skip_notify: false);
2792	rt = NULL;
2793	} else if (addrconf_finite_timeout(timeout: rt_expires)) {
2794	/* not infinity */
2795	fib6_set_expires(f6i: rt, expires: jiffies + rt_expires);
2796	} else {
2797	fib6_clean_expires(f6i: rt);
2798	}
2799	} else if (valid_lft) {
2800	clock_t expires = 0;
2801	int flags = RTF_ADDRCONF | RTF_PREFIX_RT;
2802	if (addrconf_finite_timeout(timeout: rt_expires)) {
2803	/* not infinity */
2804	flags |= RTF_EXPIRES;
2805	expires = jiffies_to_clock_t(x: rt_expires);
2806	}
2807	addrconf_prefix_route(pfx: &pinfo->prefix, plen: pinfo->prefix_len,
2808	metric: 0, dev, expires, flags,
2809	GFP_ATOMIC);
2810	}
2811	fib6_info_release(f6i: rt);
2812	}
2813
2814	/* Try to figure out our local address for this prefix */
2815
2816	if (pinfo->autoconf && in6_dev->cnf.autoconf) {
2817	struct in6_addr addr;
2818	bool tokenized = false, dev_addr_generated = false;
2819
2820	if (pinfo->prefix_len == 64) {
2821	memcpy(&addr, &pinfo->prefix, 8);
2822
2823	if (!ipv6_addr_any(a: &in6_dev->token)) {
2824	read_lock_bh(&in6_dev->lock);
2825	memcpy(addr.s6_addr + 8,
2826	in6_dev->token.s6_addr + 8, 8);
2827	read_unlock_bh(&in6_dev->lock);
2828	tokenized = true;
2829	} else if (is_addr_mode_generate_stable(idev: in6_dev) &&
2830	!ipv6_generate_stable_address(addr: &addr, dad_count: 0,
2831	idev: in6_dev)) {
2832	addr_flags |= IFA_F_STABLE_PRIVACY;
2833	goto ok;
2834	} else if (ipv6_generate_eui64(eui: addr.s6_addr + 8, dev) &&
2835	ipv6_inherit_eui64(eui: addr.s6_addr + 8, idev: in6_dev)) {
2836	goto put;
2837	} else {
2838	dev_addr_generated = true;
2839	}
2840	goto ok;
2841	}
2842	net_dbg_ratelimited("IPv6 addrconf: prefix with wrong length %d\n",
2843	pinfo->prefix_len);
2844	goto put;
2845
2846	ok:
2847	err = addrconf_prefix_rcv_add_addr(net, dev, pinfo, in6_dev,
2848	&addr, addr_type,
2849	addr_flags, sllao,
2850	tokenized, valid_lft,
2851	prefered_lft);
2852	if (err)
2853	goto put;
2854
2855	/* Ignore error case here because previous prefix add addr was
2856	* successful which will be notified.
2857	*/
2858	ndisc_ops_prefix_rcv_add_addr(net, dev, pinfo, in6_dev, addr: &addr,
2859	addr_type, addr_flags, sllao,
2860	tokenized, valid_lft,
2861	prefered_lft,
2862	dev_addr_generated);
2863	}
2864	inet6_prefix_notify(RTM_NEWPREFIX, idev: in6_dev, pinfo);
2865	put:
2866	in6_dev_put(idev: in6_dev);
2867	}
2868
2869	static int addrconf_set_sit_dstaddr(struct net *net, struct net_device *dev,
2870	struct in6_ifreq *ireq)
2871	{
2872	struct ip_tunnel_parm p = { };
2873	int err;
2874
2875	if (!(ipv6_addr_type(addr: &ireq->ifr6_addr) & IPV6_ADDR_COMPATv4))
2876	return -EADDRNOTAVAIL;
2877
2878	p.iph.daddr = ireq->ifr6_addr.s6_addr32[3];
2879	p.iph.version = 4;
2880	p.iph.ihl = 5;
2881	p.iph.protocol = IPPROTO_IPV6;
2882	p.iph.ttl = 64;
2883
2884	if (!dev->netdev_ops->ndo_tunnel_ctl)
2885	return -EOPNOTSUPP;
2886	err = dev->netdev_ops->ndo_tunnel_ctl(dev, &p, SIOCADDTUNNEL);
2887	if (err)
2888	return err;
2889
2890	dev = __dev_get_by_name(net, name: p.name);
2891	if (!dev)
2892	return -ENOBUFS;
2893	return dev_open(dev, NULL);
2894	}
2895
2896	/*
2897	* Set destination address.
2898	* Special case for SIT interfaces where we create a new "virtual"
2899	* device.
2900	*/
2901	int addrconf_set_dstaddr(struct net *net, void __user *arg)
2902	{
2903	struct net_device *dev;
2904	struct in6_ifreq ireq;
2905	int err = -ENODEV;
2906
2907	if (!IS_ENABLED(CONFIG_IPV6_SIT))
2908	return -ENODEV;
2909	if (copy_from_user(to: &ireq, from: arg, n: sizeof(struct in6_ifreq)))
2910	return -EFAULT;
2911
2912	rtnl_lock();
2913	dev = __dev_get_by_index(net, ifindex: ireq.ifr6_ifindex);
2914	if (dev && dev->type == ARPHRD_SIT)
2915	err = addrconf_set_sit_dstaddr(net, dev, ireq: &ireq);
2916	rtnl_unlock();
2917	return err;
2918	}
2919
2920	static int ipv6_mc_config(struct sock *sk, bool join,
2921	const struct in6_addr *addr, int ifindex)
2922	{
2923	int ret;
2924
2925	ASSERT_RTNL();
2926
2927	lock_sock(sk);
2928	if (join)
2929	ret = ipv6_sock_mc_join(sk, ifindex, addr);
2930	else
2931	ret = ipv6_sock_mc_drop(sk, ifindex, addr);
2932	release_sock(sk);
2933
2934	return ret;
2935	}
2936
2937	/*
2938	* Manual configuration of address on an interface
2939	*/
2940	static int inet6_addr_add(struct net *net, int ifindex,
2941	struct ifa6_config *cfg,
2942	struct netlink_ext_ack *extack)
2943	{
2944	struct inet6_ifaddr *ifp;
2945	struct inet6_dev *idev;
2946	struct net_device *dev;
2947	unsigned long timeout;
2948	clock_t expires;
2949	u32 flags;
2950
2951	ASSERT_RTNL();
2952
2953	if (cfg->plen > 128) {
2954	NL_SET_ERR_MSG_MOD(extack, "Invalid prefix length");
2955	return -EINVAL;
2956	}
2957
2958	/* check the lifetime */
2959	if (!cfg->valid_lft || cfg->preferred_lft > cfg->valid_lft) {
2960	NL_SET_ERR_MSG_MOD(extack, "address lifetime invalid");
2961	return -EINVAL;
2962	}
2963
2964	if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR && cfg->plen != 64) {
2965	NL_SET_ERR_MSG_MOD(extack, "address with \"mngtmpaddr\" flag must have a prefix length of 64");
2966	return -EINVAL;
2967	}
2968
2969	dev = __dev_get_by_index(net, ifindex);
2970	if (!dev)
2971	return -ENODEV;
2972
2973	idev = addrconf_add_dev(dev);
2974	if (IS_ERR(ptr: idev)) {
2975	NL_SET_ERR_MSG_MOD(extack, "IPv6 is disabled on this device");
2976	return PTR_ERR(ptr: idev);
2977	}
2978
2979	if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) {
2980	int ret = ipv6_mc_config(sk: net->ipv6.mc_autojoin_sk,
2981	join: true, addr: cfg->pfx, ifindex);
2982
2983	if (ret < 0) {
2984	NL_SET_ERR_MSG_MOD(extack, "Multicast auto join failed");
2985	return ret;
2986	}
2987	}
2988
2989	cfg->scope = ipv6_addr_scope(addr: cfg->pfx);
2990
2991	timeout = addrconf_timeout_fixup(timeout: cfg->valid_lft, HZ);
2992	if (addrconf_finite_timeout(timeout)) {
2993	expires = jiffies_to_clock_t(x: timeout * HZ);
2994	cfg->valid_lft = timeout;
2995	flags = RTF_EXPIRES;
2996	} else {
2997	expires = 0;
2998	flags = 0;
2999	cfg->ifa_flags |= IFA_F_PERMANENT;
3000	}
3001
3002	timeout = addrconf_timeout_fixup(timeout: cfg->preferred_lft, HZ);
3003	if (addrconf_finite_timeout(timeout)) {
3004	if (timeout == 0)
3005	cfg->ifa_flags |= IFA_F_DEPRECATED;
3006	cfg->preferred_lft = timeout;
3007	}
3008
3009	ifp = ipv6_add_addr(idev, cfg, can_block: true, extack);
3010	if (!IS_ERR(ptr: ifp)) {
3011	if (!(cfg->ifa_flags & IFA_F_NOPREFIXROUTE)) {
3012	addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len,
3013	metric: ifp->rt_priority, dev, expires,
3014	flags, GFP_KERNEL);
3015	}
3016
3017	/* Send a netlink notification if DAD is enabled and
3018	* optimistic flag is not set
3019	*/
3020	if (!(ifp->flags & (IFA_F_OPTIMISTIC | IFA_F_NODAD)))
3021	ipv6_ifa_notify(event: 0, ifa: ifp);
3022	/*
3023	* Note that section 3.1 of RFC 4429 indicates
3024	* that the Optimistic flag should not be set for
3025	* manually configured addresses
3026	*/
3027	addrconf_dad_start(ifp);
3028	if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR)
3029	manage_tempaddrs(idev, ifp, valid_lft: cfg->valid_lft,
3030	prefered_lft: cfg->preferred_lft, create: true, now: jiffies);
3031	in6_ifa_put(ifp);
3032	addrconf_verify_rtnl(net);
3033	return 0;
3034	} else if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) {
3035	ipv6_mc_config(sk: net->ipv6.mc_autojoin_sk, join: false,
3036	addr: cfg->pfx, ifindex);
3037	}
3038
3039	return PTR_ERR(ptr: ifp);
3040	}
3041
3042	static int inet6_addr_del(struct net *net, int ifindex, u32 ifa_flags,
3043	const struct in6_addr *pfx, unsigned int plen,
3044	struct netlink_ext_ack *extack)
3045	{
3046	struct inet6_ifaddr *ifp;
3047	struct inet6_dev *idev;
3048	struct net_device *dev;
3049
3050	if (plen > 128) {
3051	NL_SET_ERR_MSG_MOD(extack, "Invalid prefix length");
3052	return -EINVAL;
3053	}
3054
3055	dev = __dev_get_by_index(net, ifindex);
3056	if (!dev) {
3057	NL_SET_ERR_MSG_MOD(extack, "Unable to find the interface");
3058	return -ENODEV;
3059	}
3060
3061	idev = __in6_dev_get(dev);
3062	if (!idev) {
3063	NL_SET_ERR_MSG_MOD(extack, "IPv6 is disabled on this device");
3064	return -ENXIO;
3065	}
3066
3067	read_lock_bh(&idev->lock);
3068	list_for_each_entry(ifp, &idev->addr_list, if_list) {
3069	if (ifp->prefix_len == plen &&
3070	ipv6_addr_equal(a1: pfx, a2: &ifp->addr)) {
3071	in6_ifa_hold(ifp);
3072	read_unlock_bh(&idev->lock);
3073
3074	if (!(ifp->flags & IFA_F_TEMPORARY) &&
3075	(ifa_flags & IFA_F_MANAGETEMPADDR))
3076	manage_tempaddrs(idev, ifp, valid_lft: 0, prefered_lft: 0, create: false,
3077	now: jiffies);
3078	ipv6_del_addr(ifp);
3079	addrconf_verify_rtnl(net);
3080	if (ipv6_addr_is_multicast(addr: pfx)) {
3081	ipv6_mc_config(sk: net->ipv6.mc_autojoin_sk,
3082	join: false, addr: pfx, ifindex: dev->ifindex);
3083	}
3084	return 0;
3085	}
3086	}
3087	read_unlock_bh(&idev->lock);
3088
3089	NL_SET_ERR_MSG_MOD(extack, "address not found");
3090	return -EADDRNOTAVAIL;
3091	}
3092
3093
3094	int addrconf_add_ifaddr(struct net *net, void __user *arg)
3095	{
3096	struct ifa6_config cfg = {
3097	.ifa_flags = IFA_F_PERMANENT,
3098	.preferred_lft = INFINITY_LIFE_TIME,
3099	.valid_lft = INFINITY_LIFE_TIME,
3100	};
3101	struct in6_ifreq ireq;
3102	int err;
3103
3104	if (!ns_capable(ns: net->user_ns, CAP_NET_ADMIN))
3105	return -EPERM;
3106
3107	if (copy_from_user(to: &ireq, from: arg, n: sizeof(struct in6_ifreq)))
3108	return -EFAULT;
3109
3110	cfg.pfx = &ireq.ifr6_addr;
3111	cfg.plen = ireq.ifr6_prefixlen;
3112
3113	rtnl_lock();
3114	err = inet6_addr_add(net, ifindex: ireq.ifr6_ifindex, cfg: &cfg, NULL);
3115	rtnl_unlock();
3116	return err;
3117	}
3118
3119	int addrconf_del_ifaddr(struct net *net, void __user *arg)
3120	{
3121	struct in6_ifreq ireq;
3122	int err;
3123
3124	if (!ns_capable(ns: net->user_ns, CAP_NET_ADMIN))
3125	return -EPERM;
3126
3127	if (copy_from_user(to: &ireq, from: arg, n: sizeof(struct in6_ifreq)))
3128	return -EFAULT;
3129
3130	rtnl_lock();
3131	err = inet6_addr_del(net, ifindex: ireq.ifr6_ifindex, ifa_flags: 0, pfx: &ireq.ifr6_addr,
3132	plen: ireq.ifr6_prefixlen, NULL);
3133	rtnl_unlock();
3134	return err;
3135	}
3136
3137	static void add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
3138	int plen, int scope, u8 proto)
3139	{
3140	struct inet6_ifaddr *ifp;
3141	struct ifa6_config cfg = {
3142	.pfx = addr,
3143	.plen = plen,
3144	.ifa_flags = IFA_F_PERMANENT,
3145	.valid_lft = INFINITY_LIFE_TIME,
3146	.preferred_lft = INFINITY_LIFE_TIME,
3147	.scope = scope,
3148	.ifa_proto = proto
3149	};
3150
3151	ifp = ipv6_add_addr(idev, cfg: &cfg, can_block: true, NULL);
3152	if (!IS_ERR(ptr: ifp)) {
3153	spin_lock_bh(lock: &ifp->lock);
3154	ifp->flags &= ~IFA_F_TENTATIVE;
3155	spin_unlock_bh(lock: &ifp->lock);
3156	rt_genid_bump_ipv6(net: dev_net(dev: idev->dev));
3157	ipv6_ifa_notify(RTM_NEWADDR, ifa: ifp);
3158	in6_ifa_put(ifp);
3159	}
3160	}
3161
3162	#if IS_ENABLED(CONFIG_IPV6_SIT) || IS_ENABLED(CONFIG_NET_IPGRE) || IS_ENABLED(CONFIG_IPV6_GRE)
3163	static void add_v4_addrs(struct inet6_dev *idev)
3164	{
3165	struct in6_addr addr;
3166	struct net_device *dev;
3167	struct net *net = dev_net(dev: idev->dev);
3168	int scope, plen, offset = 0;
3169	u32 pflags = 0;
3170
3171	ASSERT_RTNL();
3172
3173	memset(&addr, 0, sizeof(struct in6_addr));
3174	/* in case of IP6GRE the dev_addr is an IPv6 and therefore we use only the last 4 bytes */
3175	if (idev->dev->addr_len == sizeof(struct in6_addr))
3176	offset = sizeof(struct in6_addr) - 4;
3177	memcpy(&addr.s6_addr32[3], idev->dev->dev_addr + offset, 4);
3178
3179	if (!(idev->dev->flags & IFF_POINTOPOINT) && idev->dev->type == ARPHRD_SIT) {
3180	scope = IPV6_ADDR_COMPATv4;
3181	plen = 96;
3182	pflags |= RTF_NONEXTHOP;
3183	} else {
3184	if (idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_NONE)
3185	return;
3186
3187	addr.s6_addr32[0] = htonl(0xfe800000);
3188	scope = IFA_LINK;
3189	plen = 64;
3190	}
3191
3192	if (addr.s6_addr32[3]) {
3193	add_addr(idev, addr: &addr, plen, scope, IFAPROT_UNSPEC);
3194	addrconf_prefix_route(pfx: &addr, plen, metric: 0, dev: idev->dev, expires: 0, flags: pflags,
3195	GFP_KERNEL);
3196	return;
3197	}
3198
3199	for_each_netdev(net, dev) {
3200	struct in_device *in_dev = __in_dev_get_rtnl(dev);
3201	if (in_dev && (dev->flags & IFF_UP)) {
3202	struct in_ifaddr *ifa;
3203	int flag = scope;
3204
3205	in_dev_for_each_ifa_rtnl(ifa, in_dev) {
3206	addr.s6_addr32[3] = ifa->ifa_local;
3207
3208	if (ifa->ifa_scope == RT_SCOPE_LINK)
3209	continue;
3210	if (ifa->ifa_scope >= RT_SCOPE_HOST) {
3211	if (idev->dev->flags&IFF_POINTOPOINT)
3212	continue;
3213	flag |= IFA_HOST;
3214	}
3215
3216	add_addr(idev, addr: &addr, plen, scope: flag,
3217	IFAPROT_UNSPEC);
3218	addrconf_prefix_route(pfx: &addr, plen, metric: 0, dev: idev->dev,
3219	expires: 0, flags: pflags, GFP_KERNEL);
3220	}
3221	}
3222	}
3223	}
3224	#endif
3225
3226	static void init_loopback(struct net_device *dev)
3227	{
3228	struct inet6_dev *idev;
3229
3230	/* ::1 */
3231
3232	ASSERT_RTNL();
3233
3234	idev = ipv6_find_idev(dev);
3235	if (IS_ERR(ptr: idev)) {
3236	pr_debug("%s: add_dev failed\n", __func__);
3237	return;
3238	}
3239
3240	add_addr(idev, addr: &in6addr_loopback, plen: 128, IFA_HOST, IFAPROT_KERNEL_LO);
3241	}
3242
3243	void addrconf_add_linklocal(struct inet6_dev *idev,
3244	const struct in6_addr *addr, u32 flags)
3245	{
3246	struct ifa6_config cfg = {
3247	.pfx = addr,
3248	.plen = 64,
3249	.ifa_flags = flags | IFA_F_PERMANENT,
3250	.valid_lft = INFINITY_LIFE_TIME,
3251	.preferred_lft = INFINITY_LIFE_TIME,
3252	.scope = IFA_LINK,
3253	.ifa_proto = IFAPROT_KERNEL_LL
3254	};
3255	struct inet6_ifaddr *ifp;
3256
3257	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
3258	if ((dev_net(dev: idev->dev)->ipv6.devconf_all->optimistic_dad ||
3259	idev->cnf.optimistic_dad) &&
3260	!dev_net(dev: idev->dev)->ipv6.devconf_all->forwarding)
3261	cfg.ifa_flags |= IFA_F_OPTIMISTIC;
3262	#endif
3263
3264	ifp = ipv6_add_addr(idev, cfg: &cfg, can_block: true, NULL);
3265	if (!IS_ERR(ptr: ifp)) {
3266	addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len, metric: 0, dev: idev->dev,
3267	expires: 0, flags: 0, GFP_ATOMIC);
3268	addrconf_dad_start(ifp);
3269	in6_ifa_put(ifp);
3270	}
3271	}
3272	EXPORT_SYMBOL_GPL(addrconf_add_linklocal);
3273
3274	static bool ipv6_reserved_interfaceid(struct in6_addr address)
3275	{
3276	if ((address.s6_addr32[2] | address.s6_addr32[3]) == 0)
3277	return true;
3278
3279	if (address.s6_addr32[2] == htonl(0x02005eff) &&
3280	((address.s6_addr32[3] & htonl(0xfe000000)) == htonl(0xfe000000)))
3281	return true;
3282
3283	if (address.s6_addr32[2] == htonl(0xfdffffff) &&
3284	((address.s6_addr32[3] & htonl(0xffffff80)) == htonl(0xffffff80)))
3285	return true;
3286
3287	return false;
3288	}
3289
3290	static int ipv6_generate_stable_address(struct in6_addr *address,
3291	u8 dad_count,
3292	const struct inet6_dev *idev)
3293	{
3294	static DEFINE_SPINLOCK(lock);
3295	static __u32 digest[SHA1_DIGEST_WORDS];
3296	static __u32 workspace[SHA1_WORKSPACE_WORDS];
3297
3298	static union {
3299	char __data[SHA1_BLOCK_SIZE];
3300	struct {
3301	struct in6_addr secret;
3302	__be32 prefix[2];
3303	unsigned char hwaddr[MAX_ADDR_LEN];
3304	u8 dad_count;
3305	} __packed;
3306	} data;
3307
3308	struct in6_addr secret;
3309	struct in6_addr temp;
3310	struct net *net = dev_net(dev: idev->dev);
3311
3312	BUILD_BUG_ON(sizeof(data.__data) != sizeof(data));
3313
3314	if (idev->cnf.stable_secret.initialized)
3315	secret = idev->cnf.stable_secret.secret;
3316	else if (net->ipv6.devconf_dflt->stable_secret.initialized)
3317	secret = net->ipv6.devconf_dflt->stable_secret.secret;
3318	else
3319	return -1;
3320
3321	retry:
3322	spin_lock_bh(lock: &lock);
3323
3324	sha1_init(buf: digest);
3325	memset(&data, 0, sizeof(data));
3326	memset(workspace, 0, sizeof(workspace));
3327	memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len);
3328	data.prefix[0] = address->s6_addr32[0];
3329	data.prefix[1] = address->s6_addr32[1];
3330	data.secret = secret;
3331	data.dad_count = dad_count;
3332
3333	sha1_transform(digest, data: data.__data, W: workspace);
3334
3335	temp = *address;
3336	temp.s6_addr32[2] = (__force __be32)digest[0];
3337	temp.s6_addr32[3] = (__force __be32)digest[1];
3338
3339	spin_unlock_bh(lock: &lock);
3340
3341	if (ipv6_reserved_interfaceid(address: temp)) {
3342	dad_count++;
3343	if (dad_count > dev_net(dev: idev->dev)->ipv6.sysctl.idgen_retries)
3344	return -1;
3345	goto retry;
3346	}
3347
3348	*address = temp;
3349	return 0;
3350	}
3351
3352	static void ipv6_gen_mode_random_init(struct inet6_dev *idev)
3353	{
3354	struct ipv6_stable_secret *s = &idev->cnf.stable_secret;
3355
3356	if (s->initialized)
3357	return;
3358	s = &idev->cnf.stable_secret;
3359	get_random_bytes(buf: &s->secret, len: sizeof(s->secret));
3360	s->initialized = true;
3361	}
3362
3363	static void addrconf_addr_gen(struct inet6_dev *idev, bool prefix_route)
3364	{
3365	struct in6_addr addr;
3366
3367	/* no link local addresses on L3 master devices */
3368	if (netif_is_l3_master(dev: idev->dev))
3369	return;
3370
3371	/* no link local addresses on devices flagged as slaves */
3372	if (idev->dev->priv_flags & IFF_NO_ADDRCONF)
3373	return;
3374
3375	ipv6_addr_set(addr: &addr, htonl(0xFE800000), w2: 0, w3: 0, w4: 0);
3376
3377	switch (idev->cnf.addr_gen_mode) {
3378	case IN6_ADDR_GEN_MODE_RANDOM:
3379	ipv6_gen_mode_random_init(idev);
3380	fallthrough;
3381	case IN6_ADDR_GEN_MODE_STABLE_PRIVACY:
3382	if (!ipv6_generate_stable_address(address: &addr, dad_count: 0, idev))
3383	addrconf_add_linklocal(idev, &addr,
3384	IFA_F_STABLE_PRIVACY);
3385	else if (prefix_route)
3386	addrconf_prefix_route(pfx: &addr, plen: 64, metric: 0, dev: idev->dev,
3387	expires: 0, flags: 0, GFP_KERNEL);
3388	break;
3389	case IN6_ADDR_GEN_MODE_EUI64:
3390	/* addrconf_add_linklocal also adds a prefix_route and we
3391	* only need to care about prefix routes if ipv6_generate_eui64
3392	* couldn't generate one.
3393	*/
3394	if (ipv6_generate_eui64(eui: addr.s6_addr + 8, dev: idev->dev) == 0)
3395	addrconf_add_linklocal(idev, &addr, 0);
3396	else if (prefix_route)
3397	addrconf_prefix_route(pfx: &addr, plen: 64, metric: 0, dev: idev->dev,
3398	expires: 0, flags: 0, GFP_KERNEL);
3399	break;
3400	case IN6_ADDR_GEN_MODE_NONE:
3401	default:
3402	/* will not add any link local address */
3403	break;
3404	}
3405	}
3406
3407	static void addrconf_dev_config(struct net_device *dev)
3408	{
3409	struct inet6_dev *idev;
3410
3411	ASSERT_RTNL();
3412
3413	if ((dev->type != ARPHRD_ETHER) &&
3414	(dev->type != ARPHRD_FDDI) &&
3415	(dev->type != ARPHRD_ARCNET) &&
3416	(dev->type != ARPHRD_INFINIBAND) &&
3417	(dev->type != ARPHRD_IEEE1394) &&
3418	(dev->type != ARPHRD_TUNNEL6) &&
3419	(dev->type != ARPHRD_6LOWPAN) &&
3420	(dev->type != ARPHRD_TUNNEL) &&
3421	(dev->type != ARPHRD_NONE) &&
3422	(dev->type != ARPHRD_RAWIP)) {
3423	/* Alas, we support only Ethernet autoconfiguration. */
3424	idev = __in6_dev_get(dev);
3425	if (!IS_ERR_OR_NULL(ptr: idev) && dev->flags & IFF_UP &&
3426	dev->flags & IFF_MULTICAST)
3427	ipv6_mc_up(idev);
3428	return;
3429	}
3430
3431	idev = addrconf_add_dev(dev);
3432	if (IS_ERR(ptr: idev))
3433	return;
3434
3435	/* this device type has no EUI support */
3436	if (dev->type == ARPHRD_NONE &&
3437	idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_EUI64)
3438	idev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_RANDOM;
3439
3440	addrconf_addr_gen(idev, prefix_route: false);
3441	}
3442
3443	#if IS_ENABLED(CONFIG_IPV6_SIT)
3444	static void addrconf_sit_config(struct net_device *dev)
3445	{
3446	struct inet6_dev *idev;
3447
3448	ASSERT_RTNL();
3449
3450	/*
3451	* Configure the tunnel with one of our IPv4
3452	* addresses... we should configure all of
3453	* our v4 addrs in the tunnel
3454	*/
3455
3456	idev = ipv6_find_idev(dev);
3457	if (IS_ERR(ptr: idev)) {
3458	pr_debug("%s: add_dev failed\n", __func__);
3459	return;
3460	}
3461
3462	if (dev->priv_flags & IFF_ISATAP) {
3463	addrconf_addr_gen(idev, prefix_route: false);
3464	return;
3465	}
3466
3467	add_v4_addrs(idev);
3468
3469	if (dev->flags&IFF_POINTOPOINT)
3470	addrconf_add_mroute(dev);
3471	}
3472	#endif
3473
3474	#if IS_ENABLED(CONFIG_NET_IPGRE) || IS_ENABLED(CONFIG_IPV6_GRE)
3475	static void addrconf_gre_config(struct net_device *dev)
3476	{
3477	struct inet6_dev *idev;
3478
3479	ASSERT_RTNL();
3480
3481	idev = ipv6_find_idev(dev);
3482	if (IS_ERR(ptr: idev)) {
3483	pr_debug("%s: add_dev failed\n", __func__);
3484	return;
3485	}
3486
3487	if (dev->type == ARPHRD_ETHER) {
3488	addrconf_addr_gen(idev, prefix_route: true);
3489	return;
3490	}
3491
3492	add_v4_addrs(idev);
3493
3494	if (dev->flags & IFF_POINTOPOINT)
3495	addrconf_add_mroute(dev);
3496	}
3497	#endif
3498
3499	static void addrconf_init_auto_addrs(struct net_device *dev)
3500	{
3501	switch (dev->type) {
3502	#if IS_ENABLED(CONFIG_IPV6_SIT)
3503	case ARPHRD_SIT:
3504	addrconf_sit_config(dev);
3505	break;
3506	#endif
3507	#if IS_ENABLED(CONFIG_NET_IPGRE) || IS_ENABLED(CONFIG_IPV6_GRE)
3508	case ARPHRD_IP6GRE:
3509	case ARPHRD_IPGRE:
3510	addrconf_gre_config(dev);
3511	break;
3512	#endif
3513	case ARPHRD_LOOPBACK:
3514	init_loopback(dev);
3515	break;
3516
3517	default:
3518	addrconf_dev_config(dev);
3519	break;
3520	}
3521	}
3522
3523	static int fixup_permanent_addr(struct net *net,
3524	struct inet6_dev *idev,
3525	struct inet6_ifaddr *ifp)
3526	{
3527	/* !fib6_node means the host route was removed from the
3528	* FIB, for example, if 'lo' device is taken down. In that
3529	* case regenerate the host route.
3530	*/
3531	if (!ifp->rt || !ifp->rt->fib6_node) {
3532	struct fib6_info *f6i, *prev;
3533
3534	f6i = addrconf_f6i_alloc(net, idev, addr: &ifp->addr, anycast: false,
3535	GFP_ATOMIC, NULL);
3536	if (IS_ERR(ptr: f6i))
3537	return PTR_ERR(ptr: f6i);
3538
3539	/* ifp->rt can be accessed outside of rtnl */
3540	spin_lock(lock: &ifp->lock);
3541	prev = ifp->rt;
3542	ifp->rt = f6i;
3543	spin_unlock(lock: &ifp->lock);
3544
3545	fib6_info_release(f6i: prev);
3546	}
3547
3548	if (!(ifp->flags & IFA_F_NOPREFIXROUTE)) {
3549	addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len,
3550	metric: ifp->rt_priority, dev: idev->dev, expires: 0, flags: 0,
3551	GFP_ATOMIC);
3552	}
3553
3554	if (ifp->state == INET6_IFADDR_STATE_PREDAD)
3555	addrconf_dad_start(ifp);
3556
3557	return 0;
3558	}
3559
3560	static void addrconf_permanent_addr(struct net *net, struct net_device *dev)
3561	{
3562	struct inet6_ifaddr *ifp, *tmp;
3563	struct inet6_dev *idev;
3564
3565	idev = __in6_dev_get(dev);
3566	if (!idev)
3567	return;
3568
3569	write_lock_bh(&idev->lock);
3570
3571	list_for_each_entry_safe(ifp, tmp, &idev->addr_list, if_list) {
3572	if ((ifp->flags & IFA_F_PERMANENT) &&
3573	fixup_permanent_addr(net, idev, ifp) < 0) {
3574	write_unlock_bh(&idev->lock);
3575	in6_ifa_hold(ifp);
3576	ipv6_del_addr(ifp);
3577	write_lock_bh(&idev->lock);
3578
3579	net_info_ratelimited("%s: Failed to add prefix route for address %pI6c; dropping\n",
3580	idev->dev->name, &ifp->addr);
3581	}
3582	}
3583
3584	write_unlock_bh(&idev->lock);
3585	}
3586
3587	static int addrconf_notify(struct notifier_block *this, unsigned long event,
3588	void *ptr)
3589	{
3590	struct net_device *dev = netdev_notifier_info_to_dev(info: ptr);
3591	struct netdev_notifier_change_info *change_info;
3592	struct netdev_notifier_changeupper_info *info;
3593	struct inet6_dev *idev = __in6_dev_get(dev);
3594	struct net *net = dev_net(dev);
3595	int run_pending = 0;
3596	int err;
3597
3598	switch (event) {
3599	case NETDEV_REGISTER:
3600	if (!idev && dev->mtu >= IPV6_MIN_MTU) {
3601	idev = ipv6_add_dev(dev);
3602	if (IS_ERR(ptr: idev))
3603	return notifier_from_errno(err: PTR_ERR(ptr: idev));
3604	}
3605	break;
3606
3607	case NETDEV_CHANGEMTU:
3608	/* if MTU under IPV6_MIN_MTU stop IPv6 on this interface. */
3609	if (dev->mtu < IPV6_MIN_MTU) {
3610	addrconf_ifdown(dev, unregister: dev != net->loopback_dev);
3611	break;
3612	}
3613
3614	if (idev) {
3615	rt6_mtu_change(dev, mtu: dev->mtu);
3616	idev->cnf.mtu6 = dev->mtu;
3617	break;
3618	}
3619
3620	/* allocate new idev */
3621	idev = ipv6_add_dev(dev);
3622	if (IS_ERR(ptr: idev))
3623	break;
3624
3625	/* device is still not ready */
3626	if (!(idev->if_flags & IF_READY))
3627	break;
3628
3629	run_pending = 1;
3630	fallthrough;
3631	case NETDEV_UP:
3632	case NETDEV_CHANGE:
3633	if (idev && idev->cnf.disable_ipv6)
3634	break;
3635
3636	if (dev->priv_flags & IFF_NO_ADDRCONF) {
3637	if (event == NETDEV_UP && !IS_ERR_OR_NULL(ptr: idev) &&
3638	dev->flags & IFF_UP && dev->flags & IFF_MULTICAST)
3639	ipv6_mc_up(idev);
3640	break;
3641	}
3642
3643	if (event == NETDEV_UP) {
3644	/* restore routes for permanent addresses */
3645	addrconf_permanent_addr(net, dev);
3646
3647	if (!addrconf_link_ready(dev)) {
3648	/* device is not ready yet. */
3649	pr_debug("ADDRCONF(NETDEV_UP): %s: link is not ready\n",
3650	dev->name);
3651	break;
3652	}
3653
3654	if (!idev && dev->mtu >= IPV6_MIN_MTU)
3655	idev = ipv6_add_dev(dev);
3656
3657	if (!IS_ERR_OR_NULL(ptr: idev)) {
3658	idev->if_flags |= IF_READY;
3659	run_pending = 1;
3660	}
3661	} else if (event == NETDEV_CHANGE) {
3662	if (!addrconf_link_ready(dev)) {
3663	/* device is still not ready. */
3664	rt6_sync_down_dev(dev, event);
3665	break;
3666	}
3667
3668	if (!IS_ERR_OR_NULL(ptr: idev)) {
3669	if (idev->if_flags & IF_READY) {
3670	/* device is already configured -
3671	* but resend MLD reports, we might
3672	* have roamed and need to update
3673	* multicast snooping switches
3674	*/
3675	ipv6_mc_up(idev);
3676	change_info = ptr;
3677	if (change_info->flags_changed & IFF_NOARP)
3678	addrconf_dad_run(idev, restart: true);
3679	rt6_sync_up(dev, RTNH_F_LINKDOWN);
3680	break;
3681	}
3682	idev->if_flags |= IF_READY;
3683	}
3684
3685	pr_debug("ADDRCONF(NETDEV_CHANGE): %s: link becomes ready\n",
3686	dev->name);
3687
3688	run_pending = 1;
3689	}
3690
3691	addrconf_init_auto_addrs(dev);
3692
3693	if (!IS_ERR_OR_NULL(ptr: idev)) {
3694	if (run_pending)
3695	addrconf_dad_run(idev, restart: false);
3696
3697	/* Device has an address by now */
3698	rt6_sync_up(dev, RTNH_F_DEAD);
3699
3700	/*
3701	* If the MTU changed during the interface down,
3702	* when the interface up, the changed MTU must be
3703	* reflected in the idev as well as routers.
3704	*/
3705	if (idev->cnf.mtu6 != dev->mtu &&
3706	dev->mtu >= IPV6_MIN_MTU) {
3707	rt6_mtu_change(dev, mtu: dev->mtu);
3708	idev->cnf.mtu6 = dev->mtu;
3709	}
3710	idev->tstamp = jiffies;
3711	inet6_ifinfo_notify(RTM_NEWLINK, idev);
3712
3713	/*
3714	* If the changed mtu during down is lower than
3715	* IPV6_MIN_MTU stop IPv6 on this interface.
3716	*/
3717	if (dev->mtu < IPV6_MIN_MTU)
3718	addrconf_ifdown(dev, unregister: dev != net->loopback_dev);
3719	}
3720	break;
3721
3722	case NETDEV_DOWN:
3723	case NETDEV_UNREGISTER:
3724	/*
3725	* Remove all addresses from this interface.
3726	*/
3727	addrconf_ifdown(dev, unregister: event != NETDEV_DOWN);
3728	break;
3729
3730	case NETDEV_CHANGENAME:
3731	if (idev) {
3732	snmp6_unregister_dev(idev);
3733	addrconf_sysctl_unregister(idev);
3734	err = addrconf_sysctl_register(idev);
3735	if (err)
3736	return notifier_from_errno(err);
3737	err = snmp6_register_dev(idev);
3738	if (err) {
3739	addrconf_sysctl_unregister(idev);
3740	return notifier_from_errno(err);
3741	}
3742	}
3743	break;
3744
3745	case NETDEV_PRE_TYPE_CHANGE:
3746	case NETDEV_POST_TYPE_CHANGE:
3747	if (idev)
3748	addrconf_type_change(dev, event);
3749	break;
3750
3751	case NETDEV_CHANGEUPPER:
3752	info = ptr;
3753
3754	/* flush all routes if dev is linked to or unlinked from
3755	* an L3 master device (e.g., VRF)
3756	*/
3757	if (info->upper_dev && netif_is_l3_master(dev: info->upper_dev))
3758	addrconf_ifdown(dev, unregister: false);
3759	}
3760
3761	return NOTIFY_OK;
3762	}
3763
3764	/*
3765	* addrconf module should be notified of a device going up
3766	*/
3767	static struct notifier_block ipv6_dev_notf = {
3768	.notifier_call = addrconf_notify,
3769	.priority = ADDRCONF_NOTIFY_PRIORITY,
3770	};
3771
3772	static void addrconf_type_change(struct net_device *dev, unsigned long event)
3773	{
3774	struct inet6_dev *idev;
3775	ASSERT_RTNL();
3776
3777	idev = __in6_dev_get(dev);
3778
3779	if (event == NETDEV_POST_TYPE_CHANGE)
3780	ipv6_mc_remap(idev);
3781	else if (event == NETDEV_PRE_TYPE_CHANGE)
3782	ipv6_mc_unmap(idev);
3783	}
3784
3785	static bool addr_is_local(const struct in6_addr *addr)
3786	{
3787	return ipv6_addr_type(addr) &
3788	(IPV6_ADDR_LINKLOCAL | IPV6_ADDR_LOOPBACK);
3789	}
3790
3791	static int addrconf_ifdown(struct net_device *dev, bool unregister)
3792	{
3793	unsigned long event = unregister ? NETDEV_UNREGISTER : NETDEV_DOWN;
3794	struct net *net = dev_net(dev);
3795	struct inet6_dev *idev;
3796	struct inet6_ifaddr *ifa;
3797	LIST_HEAD(tmp_addr_list);
3798	bool keep_addr = false;
3799	bool was_ready;
3800	int state, i;
3801
3802	ASSERT_RTNL();
3803
3804	rt6_disable_ip(dev, event);
3805
3806	idev = __in6_dev_get(dev);
3807	if (!idev)
3808	return -ENODEV;
3809
3810	/*
3811	* Step 1: remove reference to ipv6 device from parent device.
3812	* Do not dev_put!
3813	*/
3814	if (unregister) {
3815	idev->dead = 1;
3816
3817	/* protected by rtnl_lock */
3818	RCU_INIT_POINTER(dev->ip6_ptr, NULL);
3819
3820	/* Step 1.5: remove snmp6 entry */
3821	snmp6_unregister_dev(idev);
3822
3823	}
3824
3825	/* combine the user config with event to determine if permanent
3826	* addresses are to be removed from address hash table
3827	*/
3828	if (!unregister && !idev->cnf.disable_ipv6) {
3829	/* aggregate the system setting and interface setting */
3830	int _keep_addr = net->ipv6.devconf_all->keep_addr_on_down;
3831
3832	if (!_keep_addr)
3833	_keep_addr = idev->cnf.keep_addr_on_down;
3834
3835	keep_addr = (_keep_addr > 0);
3836	}
3837
3838	/* Step 2: clear hash table */
3839	for (i = 0; i < IN6_ADDR_HSIZE; i++) {
3840	struct hlist_head *h = &net->ipv6.inet6_addr_lst[i];
3841
3842	spin_lock_bh(lock: &net->ipv6.addrconf_hash_lock);
3843	restart:
3844	hlist_for_each_entry_rcu(ifa, h, addr_lst) {
3845	if (ifa->idev == idev) {
3846	addrconf_del_dad_work(ifp: ifa);
3847	/* combined flag + permanent flag decide if
3848	* address is retained on a down event
3849	*/
3850	if (!keep_addr ||
3851	!(ifa->flags & IFA_F_PERMANENT) ||
3852	addr_is_local(addr: &ifa->addr)) {
3853	hlist_del_init_rcu(n: &ifa->addr_lst);
3854	goto restart;
3855	}
3856	}
3857	}
3858	spin_unlock_bh(lock: &net->ipv6.addrconf_hash_lock);
3859	}
3860
3861	write_lock_bh(&idev->lock);
3862
3863	addrconf_del_rs_timer(idev);
3864
3865	/* Step 2: clear flags for stateless addrconf, repeated down
3866	* detection
3867	*/
3868	was_ready = idev->if_flags & IF_READY;
3869	if (!unregister)
3870	idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY);
3871
3872	/* Step 3: clear tempaddr list */
3873	while (!list_empty(head: &idev->tempaddr_list)) {
3874	ifa = list_first_entry(&idev->tempaddr_list,
3875	struct inet6_ifaddr, tmp_list);
3876	list_del(entry: &ifa->tmp_list);
3877	write_unlock_bh(&idev->lock);
3878	spin_lock_bh(lock: &ifa->lock);
3879
3880	if (ifa->ifpub) {
3881	in6_ifa_put(ifp: ifa->ifpub);
3882	ifa->ifpub = NULL;
3883	}
3884	spin_unlock_bh(lock: &ifa->lock);
3885	in6_ifa_put(ifp: ifa);
3886	write_lock_bh(&idev->lock);
3887	}
3888
3889	list_for_each_entry(ifa, &idev->addr_list, if_list)
3890	list_add_tail(new: &ifa->if_list_aux, head: &tmp_addr_list);
3891	write_unlock_bh(&idev->lock);
3892
3893	while (!list_empty(head: &tmp_addr_list)) {
3894	struct fib6_info *rt = NULL;
3895	bool keep;
3896
3897	ifa = list_first_entry(&tmp_addr_list,
3898	struct inet6_ifaddr, if_list_aux);
3899	list_del(entry: &ifa->if_list_aux);
3900
3901	addrconf_del_dad_work(ifp: ifa);
3902
3903	keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) &&
3904	!addr_is_local(addr: &ifa->addr);
3905
3906	spin_lock_bh(lock: &ifa->lock);
3907
3908	if (keep) {
3909	/* set state to skip the notifier below */
3910	state = INET6_IFADDR_STATE_DEAD;
3911	ifa->state = INET6_IFADDR_STATE_PREDAD;
3912	if (!(ifa->flags & IFA_F_NODAD))
3913	ifa->flags |= IFA_F_TENTATIVE;
3914
3915	rt = ifa->rt;
3916	ifa->rt = NULL;
3917	} else {
3918	state = ifa->state;
3919	ifa->state = INET6_IFADDR_STATE_DEAD;
3920	}
3921
3922	spin_unlock_bh(lock: &ifa->lock);
3923
3924	if (rt)
3925	ip6_del_rt(net, f6i: rt, skip_notify: false);
3926
3927	if (state != INET6_IFADDR_STATE_DEAD) {
3928	__ipv6_ifa_notify(RTM_DELADDR, ifa);
3929	inet6addr_notifier_call_chain(val: NETDEV_DOWN, v: ifa);
3930	} else {
3931	if (idev->cnf.forwarding)
3932	addrconf_leave_anycast(ifp: ifa);
3933	addrconf_leave_solict(idev: ifa->idev, addr: &ifa->addr);
3934	}
3935
3936	if (!keep) {
3937	write_lock_bh(&idev->lock);
3938	list_del_rcu(entry: &ifa->if_list);
3939	write_unlock_bh(&idev->lock);
3940	in6_ifa_put(ifp: ifa);
3941	}
3942	}
3943
3944	/* Step 5: Discard anycast and multicast list */
3945	if (unregister) {
3946	ipv6_ac_destroy_dev(idev);
3947	ipv6_mc_destroy_dev(idev);
3948	} else if (was_ready) {
3949	ipv6_mc_down(idev);
3950	}
3951
3952	idev->tstamp = jiffies;
3953	idev->ra_mtu = 0;
3954
3955	/* Last: Shot the device (if unregistered) */
3956	if (unregister) {
3957	addrconf_sysctl_unregister(idev);
3958	neigh_parms_release(tbl: &nd_tbl, parms: idev->nd_parms);
3959	neigh_ifdown(tbl: &nd_tbl, dev);
3960	in6_dev_put(idev);
3961	}
3962	return 0;
3963	}
3964
3965	static void addrconf_rs_timer(struct timer_list *t)
3966	{
3967	struct inet6_dev *idev = from_timer(idev, t, rs_timer);
3968	struct net_device *dev = idev->dev;
3969	struct in6_addr lladdr;
3970
3971	write_lock(&idev->lock);
3972	if (idev->dead || !(idev->if_flags & IF_READY))
3973	goto out;
3974
3975	if (!ipv6_accept_ra(idev))
3976	goto out;
3977
3978	/* Announcement received after solicitation was sent */
3979	if (idev->if_flags & IF_RA_RCVD)
3980	goto out;
3981
3982	if (idev->rs_probes++ < idev->cnf.rtr_solicits || idev->cnf.rtr_solicits < 0) {
3983	write_unlock(&idev->lock);
3984	if (!ipv6_get_lladdr(dev, addr: &lladdr, IFA_F_TENTATIVE))
3985	ndisc_send_rs(dev, saddr: &lladdr,
3986	daddr: &in6addr_linklocal_allrouters);
3987	else
3988	goto put;
3989
3990	write_lock(&idev->lock);
3991	idev->rs_interval = rfc3315_s14_backoff_update(
3992	rt: idev->rs_interval, mrt: idev->cnf.rtr_solicit_max_interval);
3993	/* The wait after the last probe can be shorter */
3994	addrconf_mod_rs_timer(idev, when: (idev->rs_probes ==
3995	idev->cnf.rtr_solicits) ?
3996	idev->cnf.rtr_solicit_delay :
3997	idev->rs_interval);
3998	} else {
3999	/*
4000	* Note: we do not support deprecated "all on-link"
4001	* assumption any longer.
4002	*/
4003	pr_debug("%s: no IPv6 routers present\n", idev->dev->name);
4004	}
4005
4006	out:
4007	write_unlock(&idev->lock);
4008	put:
4009	in6_dev_put(idev);
4010	}
4011
4012	/*
4013	* Duplicate Address Detection
4014	*/
4015	static void addrconf_dad_kick(struct inet6_ifaddr *ifp)
4016	{
4017	unsigned long rand_num;
4018	struct inet6_dev *idev = ifp->idev;
4019	u64 nonce;
4020
4021	if (ifp->flags & IFA_F_OPTIMISTIC)
4022	rand_num = 0;
4023	else
4024	rand_num = get_random_u32_below(ceil: idev->cnf.rtr_solicit_delay ? : 1);
4025
4026	nonce = 0;
4027	if (idev->cnf.enhanced_dad ||
4028	dev_net(dev: idev->dev)->ipv6.devconf_all->enhanced_dad) {
4029	do
4030	get_random_bytes(buf: &nonce, len: 6);
4031	while (nonce == 0);
4032	}
4033	ifp->dad_nonce = nonce;
4034	ifp->dad_probes = idev->cnf.dad_transmits;
4035	addrconf_mod_dad_work(ifp, delay: rand_num);
4036	}
4037
4038	static void addrconf_dad_begin(struct inet6_ifaddr *ifp)
4039	{
4040	struct inet6_dev *idev = ifp->idev;
4041	struct net_device *dev = idev->dev;
4042	bool bump_id, notify = false;
4043	struct net *net;
4044
4045	addrconf_join_solict(dev, addr: &ifp->addr);
4046
4047	read_lock_bh(&idev->lock);
4048	spin_lock(lock: &ifp->lock);
4049	if (ifp->state == INET6_IFADDR_STATE_DEAD)
4050	goto out;
4051
4052	net = dev_net(dev);
4053	if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
4054	(net->ipv6.devconf_all->accept_dad < 1 &&
4055	idev->cnf.accept_dad < 1) ||
4056	!(ifp->flags&IFA_F_TENTATIVE) ||
4057	ifp->flags & IFA_F_NODAD) {
4058	bool send_na = false;
4059
4060	if (ifp->flags & IFA_F_TENTATIVE &&
4061	!(ifp->flags & IFA_F_OPTIMISTIC))
4062	send_na = true;
4063	bump_id = ifp->flags & IFA_F_TENTATIVE;
4064	ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED);
4065	spin_unlock(lock: &ifp->lock);
4066	read_unlock_bh(&idev->lock);
4067
4068	addrconf_dad_completed(ifp, bump_id, send_na);
4069	return;
4070	}
4071
4072	if (!(idev->if_flags & IF_READY)) {
4073	spin_unlock(lock: &ifp->lock);
4074	read_unlock_bh(&idev->lock);
4075	/*
4076	* If the device is not ready:
4077	* - keep it tentative if it is a permanent address.
4078	* - otherwise, kill it.
4079	*/
4080	in6_ifa_hold(ifp);
4081	addrconf_dad_stop(ifp, dad_failed: 0);
4082	return;
4083	}
4084
4085	/*
4086	* Optimistic nodes can start receiving
4087	* Frames right away
4088	*/
4089	if (ifp->flags & IFA_F_OPTIMISTIC) {
4090	ip6_ins_rt(net, f6i: ifp->rt);
4091	if (ipv6_use_optimistic_addr(net, idev)) {
4092	/* Because optimistic nodes can use this address,
4093	* notify listeners. If DAD fails, RTM_DELADDR is sent.
4094	*/
4095	notify = true;
4096	}
4097	}
4098
4099	addrconf_dad_kick(ifp);
4100	out:
4101	spin_unlock(lock: &ifp->lock);
4102	read_unlock_bh(&idev->lock);
4103	if (notify)
4104	ipv6_ifa_notify(RTM_NEWADDR, ifa: ifp);
4105	}
4106
4107	static void addrconf_dad_start(struct inet6_ifaddr *ifp)
4108	{
4109	bool begin_dad = false;
4110
4111	spin_lock_bh(lock: &ifp->lock);
4112	if (ifp->state != INET6_IFADDR_STATE_DEAD) {
4113	ifp->state = INET6_IFADDR_STATE_PREDAD;
4114	begin_dad = true;
4115	}
4116	spin_unlock_bh(lock: &ifp->lock);
4117
4118	if (begin_dad)
4119	addrconf_mod_dad_work(ifp, delay: 0);
4120	}
4121
4122	static void addrconf_dad_work(struct work_struct *w)
4123	{
4124	struct inet6_ifaddr *ifp = container_of(to_delayed_work(w),
4125	struct inet6_ifaddr,
4126	dad_work);
4127	struct inet6_dev *idev = ifp->idev;
4128	bool bump_id, disable_ipv6 = false;
4129	struct in6_addr mcaddr;
4130
4131	enum {
4132	DAD_PROCESS,
4133	DAD_BEGIN,
4134	DAD_ABORT,
4135	} action = DAD_PROCESS;
4136
4137	rtnl_lock();
4138
4139	spin_lock_bh(lock: &ifp->lock);
4140	if (ifp->state == INET6_IFADDR_STATE_PREDAD) {
4141	action = DAD_BEGIN;
4142	ifp->state = INET6_IFADDR_STATE_DAD;
4143	} else if (ifp->state == INET6_IFADDR_STATE_ERRDAD) {
4144	action = DAD_ABORT;
4145	ifp->state = INET6_IFADDR_STATE_POSTDAD;
4146
4147	if ((dev_net(dev: idev->dev)->ipv6.devconf_all->accept_dad > 1 ||
4148	idev->cnf.accept_dad > 1) &&
4149	!idev->cnf.disable_ipv6 &&
4150	!(ifp->flags & IFA_F_STABLE_PRIVACY)) {
4151	struct in6_addr addr;
4152
4153	addr.s6_addr32[0] = htonl(0xfe800000);
4154	addr.s6_addr32[1] = 0;
4155
4156	if (!ipv6_generate_eui64(eui: addr.s6_addr + 8, dev: idev->dev) &&
4157	ipv6_addr_equal(a1: &ifp->addr, a2: &addr)) {
4158	/* DAD failed for link-local based on MAC */
4159	idev->cnf.disable_ipv6 = 1;
4160
4161	pr_info("%s: IPv6 being disabled!\n",
4162	ifp->idev->dev->name);
4163	disable_ipv6 = true;
4164	}
4165	}
4166	}
4167	spin_unlock_bh(lock: &ifp->lock);
4168
4169	if (action == DAD_BEGIN) {
4170	addrconf_dad_begin(ifp);
4171	goto out;
4172	} else if (action == DAD_ABORT) {
4173	in6_ifa_hold(ifp);
4174	addrconf_dad_stop(ifp, dad_failed: 1);
4175	if (disable_ipv6)
4176	addrconf_ifdown(dev: idev->dev, unregister: false);
4177	goto out;
4178	}
4179
4180	if (!ifp->dad_probes && addrconf_dad_end(ifp))
4181	goto out;
4182
4183	write_lock_bh(&idev->lock);
4184	if (idev->dead || !(idev->if_flags & IF_READY)) {
4185	write_unlock_bh(&idev->lock);
4186	goto out;
4187	}
4188
4189	spin_lock(lock: &ifp->lock);
4190	if (ifp->state == INET6_IFADDR_STATE_DEAD) {
4191	spin_unlock(lock: &ifp->lock);
4192	write_unlock_bh(&idev->lock);
4193	goto out;
4194	}
4195
4196	if (ifp->dad_probes == 0) {
4197	bool send_na = false;
4198
4199	/*
4200	* DAD was successful
4201	*/
4202
4203	if (ifp->flags & IFA_F_TENTATIVE &&
4204	!(ifp->flags & IFA_F_OPTIMISTIC))
4205	send_na = true;
4206	bump_id = ifp->flags & IFA_F_TENTATIVE;
4207	ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED);
4208	spin_unlock(lock: &ifp->lock);
4209	write_unlock_bh(&idev->lock);
4210
4211	addrconf_dad_completed(ifp, bump_id, send_na);
4212
4213	goto out;
4214	}
4215
4216	ifp->dad_probes--;
4217	addrconf_mod_dad_work(ifp,
4218	max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME),
4219	HZ/100));
4220	spin_unlock(lock: &ifp->lock);
4221	write_unlock_bh(&idev->lock);
4222
4223	/* send a neighbour solicitation for our addr */
4224	addrconf_addr_solict_mult(addr: &ifp->addr, solicited: &mcaddr);
4225	ndisc_send_ns(dev: ifp->idev->dev, solicit: &ifp->addr, daddr: &mcaddr, saddr: &in6addr_any,
4226	nonce: ifp->dad_nonce);
4227	out:
4228	in6_ifa_put(ifp);
4229	rtnl_unlock();
4230	}
4231
4232	/* ifp->idev must be at least read locked */
4233	static bool ipv6_lonely_lladdr(struct inet6_ifaddr *ifp)
4234	{
4235	struct inet6_ifaddr *ifpiter;
4236	struct inet6_dev *idev = ifp->idev;
4237
4238	list_for_each_entry_reverse(ifpiter, &idev->addr_list, if_list) {
4239	if (ifpiter->scope > IFA_LINK)
4240	break;
4241	if (ifp != ifpiter && ifpiter->scope == IFA_LINK &&
4242	(ifpiter->flags & (IFA_F_PERMANENT|IFA_F_TENTATIVE|
4243	IFA_F_OPTIMISTIC|IFA_F_DADFAILED)) ==
4244	IFA_F_PERMANENT)
4245	return false;
4246	}
4247	return true;
4248	}
4249
4250	static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id,
4251	bool send_na)
4252	{
4253	struct net_device *dev = ifp->idev->dev;
4254	struct in6_addr lladdr;
4255	bool send_rs, send_mld;
4256
4257	addrconf_del_dad_work(ifp);
4258
4259	/*
4260	* Configure the address for reception. Now it is valid.
4261	*/
4262
4263	ipv6_ifa_notify(RTM_NEWADDR, ifa: ifp);
4264
4265	/* If added prefix is link local and we are prepared to process
4266	router advertisements, start sending router solicitations.
4267	*/
4268
4269	read_lock_bh(&ifp->idev->lock);
4270	send_mld = ifp->scope == IFA_LINK && ipv6_lonely_lladdr(ifp);
4271	send_rs = send_mld &&
4272	ipv6_accept_ra(idev: ifp->idev) &&
4273	ifp->idev->cnf.rtr_solicits != 0 &&
4274	(dev->flags & IFF_LOOPBACK) == 0 &&
4275	(dev->type != ARPHRD_TUNNEL) &&
4276	!netif_is_team_port(dev);
4277	read_unlock_bh(&ifp->idev->lock);
4278
4279	/* While dad is in progress mld report's source address is in6_addrany.
4280	* Resend with proper ll now.
4281	*/
4282	if (send_mld)
4283	ipv6_mc_dad_complete(idev: ifp->idev);
4284
4285	/* send unsolicited NA if enabled */
4286	if (send_na &&
4287	(ifp->idev->cnf.ndisc_notify ||
4288	dev_net(dev)->ipv6.devconf_all->ndisc_notify)) {
4289	ndisc_send_na(dev, daddr: &in6addr_linklocal_allnodes, solicited_addr: &ifp->addr,
4290	/*router=*/ !!ifp->idev->cnf.forwarding,
4291	/*solicited=*/ false, /*override=*/ true,
4292	/*inc_opt=*/ true);
4293	}
4294
4295	if (send_rs) {
4296	/*
4297	* If a host as already performed a random delay
4298	* [...] as part of DAD [...] there is no need
4299	* to delay again before sending the first RS
4300	*/
4301	if (ipv6_get_lladdr(dev, addr: &lladdr, IFA_F_TENTATIVE))
4302	return;
4303	ndisc_send_rs(dev, saddr: &lladdr, daddr: &in6addr_linklocal_allrouters);
4304
4305	write_lock_bh(&ifp->idev->lock);
4306	spin_lock(lock: &ifp->lock);
4307	ifp->idev->rs_interval = rfc3315_s14_backoff_init(
4308	irt: ifp->idev->cnf.rtr_solicit_interval);
4309	ifp->idev->rs_probes = 1;
4310	ifp->idev->if_flags |= IF_RS_SENT;
4311	addrconf_mod_rs_timer(idev: ifp->idev, when: ifp->idev->rs_interval);
4312	spin_unlock(lock: &ifp->lock);
4313	write_unlock_bh(&ifp->idev->lock);
4314	}
4315
4316	if (bump_id)
4317	rt_genid_bump_ipv6(net: dev_net(dev));
4318
4319	/* Make sure that a new temporary address will be created
4320	* before this temporary address becomes deprecated.
4321	*/
4322	if (ifp->flags & IFA_F_TEMPORARY)
4323	addrconf_verify_rtnl(net: dev_net(dev));
4324	}
4325
4326	static void addrconf_dad_run(struct inet6_dev *idev, bool restart)
4327	{
4328	struct inet6_ifaddr *ifp;
4329
4330	read_lock_bh(&idev->lock);
4331	list_for_each_entry(ifp, &idev->addr_list, if_list) {
4332	spin_lock(lock: &ifp->lock);
4333	if ((ifp->flags & IFA_F_TENTATIVE &&
4334	ifp->state == INET6_IFADDR_STATE_DAD) || restart) {
4335	if (restart)
4336	ifp->state = INET6_IFADDR_STATE_PREDAD;
4337	addrconf_dad_kick(ifp);
4338	}
4339	spin_unlock(lock: &ifp->lock);
4340	}
4341	read_unlock_bh(&idev->lock);
4342	}
4343
4344	#ifdef CONFIG_PROC_FS
4345	struct if6_iter_state {
4346	struct seq_net_private p;
4347	int bucket;
4348	int offset;
4349	};
4350
4351	static struct inet6_ifaddr *if6_get_first(struct seq_file *seq, loff_t pos)
4352	{
4353	struct if6_iter_state *state = seq->private;
4354	struct net *net = seq_file_net(seq);
4355	struct inet6_ifaddr *ifa = NULL;
4356	int p = 0;
4357
4358	/* initial bucket if pos is 0 */
4359	if (pos == 0) {
4360	state->bucket = 0;
4361	state->offset = 0;
4362	}
4363
4364	for (; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) {
4365	hlist_for_each_entry_rcu(ifa, &net->ipv6.inet6_addr_lst[state->bucket],
4366	addr_lst) {
4367	/* sync with offset */
4368	if (p < state->offset) {
4369	p++;
4370	continue;
4371	}
4372	return ifa;
4373	}
4374
4375	/* prepare for next bucket */
4376	state->offset = 0;
4377	p = 0;
4378	}
4379	return NULL;
4380	}
4381
4382	static struct inet6_ifaddr *if6_get_next(struct seq_file *seq,
4383	struct inet6_ifaddr *ifa)
4384	{
4385	struct if6_iter_state *state = seq->private;
4386	struct net *net = seq_file_net(seq);
4387
4388	hlist_for_each_entry_continue_rcu(ifa, addr_lst) {
4389	state->offset++;
4390	return ifa;
4391	}
4392
4393	state->offset = 0;
4394	while (++state->bucket < IN6_ADDR_HSIZE) {
4395	hlist_for_each_entry_rcu(ifa,
4396	&net->ipv6.inet6_addr_lst[state->bucket], addr_lst) {
4397	return ifa;
4398	}
4399	}
4400
4401	return NULL;
4402	}
4403
4404	static void *if6_seq_start(struct seq_file *seq, loff_t *pos)
4405	__acquires(rcu)
4406	{
4407	rcu_read_lock();
4408	return if6_get_first(seq, pos: *pos);
4409	}
4410
4411	static void *if6_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4412	{
4413	struct inet6_ifaddr *ifa;
4414
4415	ifa = if6_get_next(seq, ifa: v);
4416	++*pos;
4417	return ifa;
4418	}
4419
4420	static void if6_seq_stop(struct seq_file *seq, void *v)
4421	__releases(rcu)
4422	{
4423	rcu_read_unlock();
4424	}
4425
4426	static int if6_seq_show(struct seq_file *seq, void *v)
4427	{
4428	struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
4429	seq_printf(m: seq, fmt: "%pi6 %02x %02x %02x %02x %8s\n",
4430	&ifp->addr,
4431	ifp->idev->dev->ifindex,
4432	ifp->prefix_len,
4433	ifp->scope,
4434	(u8) ifp->flags,
4435	ifp->idev->dev->name);
4436	return 0;
4437	}
4438
4439	static const struct seq_operations if6_seq_ops = {
4440	.start = if6_seq_start,
4441	.next = if6_seq_next,
4442	.show = if6_seq_show,
4443	.stop = if6_seq_stop,
4444	};
4445
4446	static int __net_init if6_proc_net_init(struct net *net)
4447	{
4448	if (!proc_create_net("if_inet6", 0444, net->proc_net, &if6_seq_ops,
4449	sizeof(struct if6_iter_state)))
4450	return -ENOMEM;
4451	return 0;
4452	}
4453
4454	static void __net_exit if6_proc_net_exit(struct net *net)
4455	{
4456	remove_proc_entry("if_inet6", net->proc_net);
4457	}
4458
4459	static struct pernet_operations if6_proc_net_ops = {
4460	.init = if6_proc_net_init,
4461	.exit = if6_proc_net_exit,
4462	};
4463
4464	int __init if6_proc_init(void)
4465	{
4466	return register_pernet_subsys(&if6_proc_net_ops);
4467	}
4468
4469	void if6_proc_exit(void)
4470	{
4471	unregister_pernet_subsys(&if6_proc_net_ops);
4472	}
4473	#endif /* CONFIG_PROC_FS */
4474
4475	#if IS_ENABLED(CONFIG_IPV6_MIP6)
4476	/* Check if address is a home address configured on any interface. */
4477	int ipv6_chk_home_addr(struct net *net, const struct in6_addr *addr)
4478	{
4479	unsigned int hash = inet6_addr_hash(net, addr);
4480	struct inet6_ifaddr *ifp = NULL;
4481	int ret = 0;
4482
4483	rcu_read_lock();
4484	hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) {
4485	if (ipv6_addr_equal(a1: &ifp->addr, a2: addr) &&
4486	(ifp->flags & IFA_F_HOMEADDRESS)) {
4487	ret = 1;
4488	break;
4489	}
4490	}
4491	rcu_read_unlock();
4492	return ret;
4493	}
4494	#endif
4495
4496	/* RFC6554 has some algorithm to avoid loops in segment routing by
4497	* checking if the segments contains any of a local interface address.
4498	*
4499	* Quote:
4500	*
4501	* To detect loops in the SRH, a router MUST determine if the SRH
4502	* includes multiple addresses assigned to any interface on that router.
4503	* If such addresses appear more than once and are separated by at least
4504	* one address not assigned to that router.
4505	*/
4506	int ipv6_chk_rpl_srh_loop(struct net *net, const struct in6_addr *segs,
4507	unsigned char nsegs)
4508	{
4509	const struct in6_addr *addr;
4510	int i, ret = 0, found = 0;
4511	struct inet6_ifaddr *ifp;
4512	bool separated = false;
4513	unsigned int hash;
4514	bool hash_found;
4515
4516	rcu_read_lock();
4517	for (i = 0; i < nsegs; i++) {
4518	addr = &segs[i];
4519	hash = inet6_addr_hash(net, addr);
4520
4521	hash_found = false;
4522	hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) {
4523
4524	if (ipv6_addr_equal(a1: &ifp->addr, a2: addr)) {
4525	hash_found = true;
4526	break;
4527	}
4528	}
4529
4530	if (hash_found) {
4531	if (found > 1 && separated) {
4532	ret = 1;
4533	break;
4534	}
4535
4536	separated = false;
4537	found++;
4538	} else {
4539	separated = true;
4540	}
4541	}
4542	rcu_read_unlock();
4543
4544	return ret;
4545	}
4546
4547	/*
4548	* Periodic address status verification
4549	*/
4550
4551	static void addrconf_verify_rtnl(struct net *net)
4552	{
4553	unsigned long now, next, next_sec, next_sched;
4554	struct inet6_ifaddr *ifp;
4555	int i;
4556
4557	ASSERT_RTNL();
4558
4559	rcu_read_lock_bh();
4560	now = jiffies;
4561	next = round_jiffies_up(j: now + ADDR_CHECK_FREQUENCY);
4562
4563	cancel_delayed_work(dwork: &net->ipv6.addr_chk_work);
4564
4565	for (i = 0; i < IN6_ADDR_HSIZE; i++) {
4566	restart:
4567	hlist_for_each_entry_rcu_bh(ifp, &net->ipv6.inet6_addr_lst[i], addr_lst) {
4568	unsigned long age;
4569
4570	/* When setting preferred_lft to a value not zero or
4571	* infinity, while valid_lft is infinity
4572	* IFA_F_PERMANENT has a non-infinity life time.
4573	*/
4574	if ((ifp->flags & IFA_F_PERMANENT) &&
4575	(ifp->prefered_lft == INFINITY_LIFE_TIME))
4576	continue;
4577
4578	spin_lock(lock: &ifp->lock);
4579	/* We try to batch several events at once. */
4580	age = (now - ifp->tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
4581
4582	if ((ifp->flags&IFA_F_TEMPORARY) &&
4583	!(ifp->flags&IFA_F_TENTATIVE) &&
4584	ifp->prefered_lft != INFINITY_LIFE_TIME &&
4585	!ifp->regen_count && ifp->ifpub) {
4586	/* This is a non-regenerated temporary addr. */
4587
4588	unsigned long regen_advance = ifp->idev->cnf.regen_max_retry *
4589	ifp->idev->cnf.dad_transmits *
4590	max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME), HZ/100) / HZ;
4591
4592	if (age + regen_advance >= ifp->prefered_lft) {
4593	struct inet6_ifaddr *ifpub = ifp->ifpub;
4594	if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next))
4595	next = ifp->tstamp + ifp->prefered_lft * HZ;
4596
4597	ifp->regen_count++;
4598	in6_ifa_hold(ifp);
4599	in6_ifa_hold(ifp: ifpub);
4600	spin_unlock(lock: &ifp->lock);
4601
4602	spin_lock(lock: &ifpub->lock);
4603	ifpub->regen_count = 0;
4604	spin_unlock(lock: &ifpub->lock);
4605	rcu_read_unlock_bh();
4606	ipv6_create_tempaddr(ifp: ifpub, block: true);
4607	in6_ifa_put(ifp: ifpub);
4608	in6_ifa_put(ifp);
4609	rcu_read_lock_bh();
4610	goto restart;
4611	} else if (time_before(ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ, next))
4612	next = ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ;
4613	}
4614
4615	if (ifp->valid_lft != INFINITY_LIFE_TIME &&
4616	age >= ifp->valid_lft) {
4617	spin_unlock(lock: &ifp->lock);
4618	in6_ifa_hold(ifp);
4619	rcu_read_unlock_bh();
4620	ipv6_del_addr(ifp);
4621	rcu_read_lock_bh();
4622	goto restart;
4623	} else if (ifp->prefered_lft == INFINITY_LIFE_TIME) {
4624	spin_unlock(lock: &ifp->lock);
4625	continue;
4626	} else if (age >= ifp->prefered_lft) {
4627	/* jiffies - ifp->tstamp > age >= ifp->prefered_lft */
4628	int deprecate = 0;
4629
4630	if (!(ifp->flags&IFA_F_DEPRECATED)) {
4631	deprecate = 1;
4632	ifp->flags |= IFA_F_DEPRECATED;
4633	}
4634
4635	if ((ifp->valid_lft != INFINITY_LIFE_TIME) &&
4636	(time_before(ifp->tstamp + ifp->valid_lft * HZ, next)))
4637	next = ifp->tstamp + ifp->valid_lft * HZ;
4638
4639	spin_unlock(lock: &ifp->lock);
4640
4641	if (deprecate) {
4642	in6_ifa_hold(ifp);
4643
4644	ipv6_ifa_notify(event: 0, ifa: ifp);
4645	in6_ifa_put(ifp);
4646	goto restart;
4647	}
4648	} else {
4649	/* ifp->prefered_lft <= ifp->valid_lft */
4650	if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next))
4651	next = ifp->tstamp + ifp->prefered_lft * HZ;
4652	spin_unlock(lock: &ifp->lock);
4653	}
4654	}
4655	}
4656
4657	next_sec = round_jiffies_up(j: next);
4658	next_sched = next;
4659
4660	/* If rounded timeout is accurate enough, accept it. */
4661	if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
4662	next_sched = next_sec;
4663
4664	/* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
4665	if (time_before(next_sched, jiffies + ADDRCONF_TIMER_FUZZ_MAX))
4666	next_sched = jiffies + ADDRCONF_TIMER_FUZZ_MAX;
4667
4668	pr_debug("now = %lu, schedule = %lu, rounded schedule = %lu => %lu\n",
4669	now, next, next_sec, next_sched);
4670	mod_delayed_work(wq: addrconf_wq, dwork: &net->ipv6.addr_chk_work, delay: next_sched - now);
4671	rcu_read_unlock_bh();
4672	}
4673
4674	static void addrconf_verify_work(struct work_struct *w)
4675	{
4676	struct net *net = container_of(to_delayed_work(w), struct net,
4677	ipv6.addr_chk_work);
4678
4679	rtnl_lock();
4680	addrconf_verify_rtnl(net);
4681	rtnl_unlock();
4682	}
4683
4684	static void addrconf_verify(struct net *net)
4685	{
4686	mod_delayed_work(wq: addrconf_wq, dwork: &net->ipv6.addr_chk_work, delay: 0);
4687	}
4688
4689	static struct in6_addr *extract_addr(struct nlattr *addr, struct nlattr *local,
4690	struct in6_addr **peer_pfx)
4691	{
4692	struct in6_addr *pfx = NULL;
4693
4694	*peer_pfx = NULL;
4695
4696	if (addr)
4697	pfx = nla_data(nla: addr);
4698
4699	if (local) {
4700	if (pfx && nla_memcmp(nla: local, data: pfx, size: sizeof(*pfx)))
4701	*peer_pfx = pfx;
4702	pfx = nla_data(nla: local);
4703	}
4704
4705	return pfx;
4706	}
4707
4708	static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = {
4709	[IFA_ADDRESS] = { .len = sizeof(struct in6_addr) },
4710	[IFA_LOCAL] = { .len = sizeof(struct in6_addr) },
4711	[IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
4712	[IFA_FLAGS] = { .len = sizeof(u32) },
4713	[IFA_RT_PRIORITY] = { .len = sizeof(u32) },
4714	[IFA_TARGET_NETNSID] = { .type = NLA_S32 },
4715	[IFA_PROTO] = { .type = NLA_U8 },
4716	};
4717
4718	static int
4719	inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
4720	struct netlink_ext_ack *extack)
4721	{
4722	struct net *net = sock_net(sk: skb->sk);
4723	struct ifaddrmsg *ifm;
4724	struct nlattr *tb[IFA_MAX+1];
4725	struct in6_addr *pfx, *peer_pfx;
4726	u32 ifa_flags;
4727	int err;
4728
4729	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX,
4730	policy: ifa_ipv6_policy, extack);
4731	if (err < 0)
4732	return err;
4733
4734	ifm = nlmsg_data(nlh);
4735	pfx = extract_addr(addr: tb[IFA_ADDRESS], local: tb[IFA_LOCAL], peer_pfx: &peer_pfx);
4736	if (!pfx)
4737	return -EINVAL;
4738
4739	ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(nla: tb[IFA_FLAGS]) : ifm->ifa_flags;
4740
4741	/* We ignore other flags so far. */
4742	ifa_flags &= IFA_F_MANAGETEMPADDR;
4743
4744	return inet6_addr_del(net, ifindex: ifm->ifa_index, ifa_flags, pfx,
4745	plen: ifm->ifa_prefixlen, extack);
4746	}
4747
4748	static int modify_prefix_route(struct inet6_ifaddr *ifp,
4749	unsigned long expires, u32 flags,
4750	bool modify_peer)
4751	{
4752	struct fib6_info *f6i;
4753	u32 prio;
4754
4755	f6i = addrconf_get_prefix_route(pfx: modify_peer ? &ifp->peer_addr : &ifp->addr,
4756	plen: ifp->prefix_len,
4757	dev: ifp->idev->dev, flags: 0, RTF_DEFAULT, no_gw: true);
4758	if (!f6i)
4759	return -ENOENT;
4760
4761	prio = ifp->rt_priority ? : IP6_RT_PRIO_ADDRCONF;
4762	if (f6i->fib6_metric != prio) {
4763	/* delete old one */
4764	ip6_del_rt(net: dev_net(dev: ifp->idev->dev), f6i, skip_notify: false);
4765
4766	/* add new one */
4767	addrconf_prefix_route(pfx: modify_peer ? &ifp->peer_addr : &ifp->addr,
4768	plen: ifp->prefix_len,
4769	metric: ifp->rt_priority, dev: ifp->idev->dev,
4770	expires, flags, GFP_KERNEL);
4771	} else {
4772	if (!expires)
4773	fib6_clean_expires(f6i);
4774	else
4775	fib6_set_expires(f6i, expires);
4776
4777	fib6_info_release(f6i);
4778	}
4779
4780	return 0;
4781	}
4782
4783	static int inet6_addr_modify(struct net *net, struct inet6_ifaddr *ifp,
4784	struct ifa6_config *cfg)
4785	{
4786	u32 flags;
4787	clock_t expires;
4788	unsigned long timeout;
4789	bool was_managetempaddr;
4790	bool had_prefixroute;
4791	bool new_peer = false;
4792
4793	ASSERT_RTNL();
4794
4795	if (!cfg->valid_lft || cfg->preferred_lft > cfg->valid_lft)
4796	return -EINVAL;
4797
4798	if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR &&
4799	(ifp->flags & IFA_F_TEMPORARY || ifp->prefix_len != 64))
4800	return -EINVAL;
4801
4802	if (!(ifp->flags & IFA_F_TENTATIVE) || ifp->flags & IFA_F_DADFAILED)
4803	cfg->ifa_flags &= ~IFA_F_OPTIMISTIC;
4804
4805	timeout = addrconf_timeout_fixup(timeout: cfg->valid_lft, HZ);
4806	if (addrconf_finite_timeout(timeout)) {
4807	expires = jiffies_to_clock_t(x: timeout * HZ);
4808	cfg->valid_lft = timeout;
4809	flags = RTF_EXPIRES;
4810	} else {
4811	expires = 0;
4812	flags = 0;
4813	cfg->ifa_flags |= IFA_F_PERMANENT;
4814	}
4815
4816	timeout = addrconf_timeout_fixup(timeout: cfg->preferred_lft, HZ);
4817	if (addrconf_finite_timeout(timeout)) {
4818	if (timeout == 0)
4819	cfg->ifa_flags |= IFA_F_DEPRECATED;
4820	cfg->preferred_lft = timeout;
4821	}
4822
4823	if (cfg->peer_pfx &&
4824	memcmp(p: &ifp->peer_addr, q: cfg->peer_pfx, size: sizeof(struct in6_addr))) {
4825	if (!ipv6_addr_any(a: &ifp->peer_addr))
4826	cleanup_prefix_route(ifp, expires, del_rt: true, del_peer: true);
4827	new_peer = true;
4828	}
4829
4830	spin_lock_bh(lock: &ifp->lock);
4831	was_managetempaddr = ifp->flags & IFA_F_MANAGETEMPADDR;
4832	had_prefixroute = ifp->flags & IFA_F_PERMANENT &&
4833	!(ifp->flags & IFA_F_NOPREFIXROUTE);
4834	ifp->flags &= ~(IFA_F_DEPRECATED | IFA_F_PERMANENT | IFA_F_NODAD |
4835	IFA_F_HOMEADDRESS | IFA_F_MANAGETEMPADDR |
4836	IFA_F_NOPREFIXROUTE);
4837	ifp->flags |= cfg->ifa_flags;
4838	ifp->tstamp = jiffies;
4839	ifp->valid_lft = cfg->valid_lft;
4840	ifp->prefered_lft = cfg->preferred_lft;
4841	ifp->ifa_proto = cfg->ifa_proto;
4842
4843	if (cfg->rt_priority && cfg->rt_priority != ifp->rt_priority)
4844	ifp->rt_priority = cfg->rt_priority;
4845
4846	if (new_peer)
4847	ifp->peer_addr = *cfg->peer_pfx;
4848
4849	spin_unlock_bh(lock: &ifp->lock);
4850	if (!(ifp->flags&IFA_F_TENTATIVE))
4851	ipv6_ifa_notify(event: 0, ifa: ifp);
4852
4853	if (!(cfg->ifa_flags & IFA_F_NOPREFIXROUTE)) {
4854	int rc = -ENOENT;
4855
4856	if (had_prefixroute)
4857	rc = modify_prefix_route(ifp, expires, flags, modify_peer: false);
4858
4859	/* prefix route could have been deleted; if so restore it */
4860	if (rc == -ENOENT) {
4861	addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len,
4862	metric: ifp->rt_priority, dev: ifp->idev->dev,
4863	expires, flags, GFP_KERNEL);
4864	}
4865
4866	if (had_prefixroute && !ipv6_addr_any(a: &ifp->peer_addr))
4867	rc = modify_prefix_route(ifp, expires, flags, modify_peer: true);
4868
4869	if (rc == -ENOENT && !ipv6_addr_any(a: &ifp->peer_addr)) {
4870	addrconf_prefix_route(pfx: &ifp->peer_addr, plen: ifp->prefix_len,
4871	metric: ifp->rt_priority, dev: ifp->idev->dev,
4872	expires, flags, GFP_KERNEL);
4873	}
4874	} else if (had_prefixroute) {
4875	enum cleanup_prefix_rt_t action;
4876	unsigned long rt_expires;
4877
4878	write_lock_bh(&ifp->idev->lock);
4879	action = check_cleanup_prefix_route(ifp, expires: &rt_expires);
4880	write_unlock_bh(&ifp->idev->lock);
4881
4882	if (action != CLEANUP_PREFIX_RT_NOP) {
4883	cleanup_prefix_route(ifp, expires: rt_expires,
4884	del_rt: action == CLEANUP_PREFIX_RT_DEL, del_peer: false);
4885	}
4886	}
4887
4888	if (was_managetempaddr || ifp->flags & IFA_F_MANAGETEMPADDR) {
4889	if (was_managetempaddr &&
4890	!(ifp->flags & IFA_F_MANAGETEMPADDR)) {
4891	cfg->valid_lft = 0;
4892	cfg->preferred_lft = 0;
4893	}
4894	manage_tempaddrs(idev: ifp->idev, ifp, valid_lft: cfg->valid_lft,
4895	prefered_lft: cfg->preferred_lft, create: !was_managetempaddr,
4896	now: jiffies);
4897	}
4898
4899	addrconf_verify_rtnl(net);
4900
4901	return 0;
4902	}
4903
4904	static int
4905	inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
4906	struct netlink_ext_ack *extack)
4907	{
4908	struct net *net = sock_net(sk: skb->sk);
4909	struct ifaddrmsg *ifm;
4910	struct nlattr *tb[IFA_MAX+1];
4911	struct in6_addr *peer_pfx;
4912	struct inet6_ifaddr *ifa;
4913	struct net_device *dev;
4914	struct inet6_dev *idev;
4915	struct ifa6_config cfg;
4916	int err;
4917
4918	err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX,
4919	policy: ifa_ipv6_policy, extack);
4920	if (err < 0)
4921	return err;
4922
4923	memset(&cfg, 0, sizeof(cfg));
4924
4925	ifm = nlmsg_data(nlh);
4926	cfg.pfx = extract_addr(addr: tb[IFA_ADDRESS], local: tb[IFA_LOCAL], peer_pfx: &peer_pfx);
4927	if (!cfg.pfx)
4928	return -EINVAL;
4929
4930	cfg.peer_pfx = peer_pfx;
4931	cfg.plen = ifm->ifa_prefixlen;
4932	if (tb[IFA_RT_PRIORITY])
4933	cfg.rt_priority = nla_get_u32(nla: tb[IFA_RT_PRIORITY]);
4934
4935	if (tb[IFA_PROTO])
4936	cfg.ifa_proto = nla_get_u8(nla: tb[IFA_PROTO]);
4937
4938	cfg.valid_lft = INFINITY_LIFE_TIME;
4939	cfg.preferred_lft = INFINITY_LIFE_TIME;
4940
4941	if (tb[IFA_CACHEINFO]) {
4942	struct ifa_cacheinfo *ci;
4943
4944	ci = nla_data(nla: tb[IFA_CACHEINFO]);
4945	cfg.valid_lft = ci->ifa_valid;
4946	cfg.preferred_lft = ci->ifa_prefered;
4947	}
4948
4949	dev = __dev_get_by_index(net, ifindex: ifm->ifa_index);
4950	if (!dev) {
4951	NL_SET_ERR_MSG_MOD(extack, "Unable to find the interface");
4952	return -ENODEV;
4953	}
4954
4955	if (tb[IFA_FLAGS])
4956	cfg.ifa_flags = nla_get_u32(nla: tb[IFA_FLAGS]);
4957	else
4958	cfg.ifa_flags = ifm->ifa_flags;
4959
4960	/* We ignore other flags so far. */
4961	cfg.ifa_flags &= IFA_F_NODAD | IFA_F_HOMEADDRESS |
4962	IFA_F_MANAGETEMPADDR | IFA_F_NOPREFIXROUTE |
4963	IFA_F_MCAUTOJOIN | IFA_F_OPTIMISTIC;
4964
4965	idev = ipv6_find_idev(dev);
4966	if (IS_ERR(ptr: idev))
4967	return PTR_ERR(ptr: idev);
4968
4969	if (!ipv6_allow_optimistic_dad(net, idev))
4970	cfg.ifa_flags &= ~IFA_F_OPTIMISTIC;
4971
4972	if (cfg.ifa_flags & IFA_F_NODAD &&
4973	cfg.ifa_flags & IFA_F_OPTIMISTIC) {
4974	NL_SET_ERR_MSG(extack, "IFA_F_NODAD and IFA_F_OPTIMISTIC are mutually exclusive");
4975	return -EINVAL;
4976	}
4977
4978	ifa = ipv6_get_ifaddr(net, addr: cfg.pfx, dev, strict: 1);
4979	if (!ifa) {
4980	/*
4981	* It would be best to check for !NLM_F_CREATE here but
4982	* userspace already relies on not having to provide this.
4983	*/
4984	return inet6_addr_add(net, ifindex: ifm->ifa_index, cfg: &cfg, extack);
4985	}
4986
4987	if (nlh->nlmsg_flags & NLM_F_EXCL ||
4988	!(nlh->nlmsg_flags & NLM_F_REPLACE)) {
4989	NL_SET_ERR_MSG_MOD(extack, "address already assigned");
4990	err = -EEXIST;
4991	} else {
4992	err = inet6_addr_modify(net, ifp: ifa, cfg: &cfg);
4993	}
4994
4995	in6_ifa_put(ifp: ifa);
4996
4997	return err;
4998	}
4999
5000	static void put_ifaddrmsg(struct nlmsghdr *nlh, u8 prefixlen, u32 flags,
5001	u8 scope, int ifindex)
5002	{
5003	struct ifaddrmsg *ifm;
5004
5005	ifm = nlmsg_data(nlh);
5006	ifm->ifa_family = AF_INET6;
5007	ifm->ifa_prefixlen = prefixlen;
5008	ifm->ifa_flags = flags;
5009	ifm->ifa_scope = scope;
5010	ifm->ifa_index = ifindex;
5011	}
5012
5013	static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
5014	unsigned long tstamp, u32 preferred, u32 valid)
5015	{
5016	struct ifa_cacheinfo ci;
5017
5018	ci.cstamp = cstamp_delta(cstamp);
5019	ci.tstamp = cstamp_delta(cstamp: tstamp);
5020	ci.ifa_prefered = preferred;
5021	ci.ifa_valid = valid;
5022
5023	return nla_put(skb, attrtype: IFA_CACHEINFO, attrlen: sizeof(ci), data: &ci);
5024	}
5025
5026	static inline int rt_scope(int ifa_scope)
5027	{
5028	if (ifa_scope & IFA_HOST)
5029	return RT_SCOPE_HOST;
5030	else if (ifa_scope & IFA_LINK)
5031	return RT_SCOPE_LINK;
5032	else if (ifa_scope & IFA_SITE)
5033	return RT_SCOPE_SITE;
5034	else
5035	return RT_SCOPE_UNIVERSE;
5036	}
5037
5038	static inline int inet6_ifaddr_msgsize(void)
5039	{
5040	return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
5041	+ nla_total_size(payload: 16) /* IFA_LOCAL */
5042	+ nla_total_size(payload: 16) /* IFA_ADDRESS */
5043	+ nla_total_size(payload: sizeof(struct ifa_cacheinfo))
5044	+ nla_total_size(payload: 4) /* IFA_FLAGS */
5045	+ nla_total_size(payload: 1) /* IFA_PROTO */
5046	+ nla_total_size(payload: 4) /* IFA_RT_PRIORITY */;
5047	}
5048
5049	enum addr_type_t {
5050	UNICAST_ADDR,
5051	MULTICAST_ADDR,
5052	ANYCAST_ADDR,
5053	};
5054
5055	struct inet6_fill_args {
5056	u32 portid;
5057	u32 seq;
5058	int event;
5059	unsigned int flags;
5060	int netnsid;
5061	int ifindex;
5062	enum addr_type_t type;
5063	};
5064
5065	static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
5066	struct inet6_fill_args *args)
5067	{
5068	struct nlmsghdr *nlh;
5069	u32 preferred, valid;
5070
5071	nlh = nlmsg_put(skb, portid: args->portid, seq: args->seq, type: args->event,
5072	payload: sizeof(struct ifaddrmsg), flags: args->flags);
5073	if (!nlh)
5074	return -EMSGSIZE;
5075
5076	put_ifaddrmsg(nlh, prefixlen: ifa->prefix_len, flags: ifa->flags, scope: rt_scope(ifa_scope: ifa->scope),
5077	ifindex: ifa->idev->dev->ifindex);
5078
5079	if (args->netnsid >= 0 &&
5080	nla_put_s32(skb, attrtype: IFA_TARGET_NETNSID, value: args->netnsid))
5081	goto error;
5082
5083	spin_lock_bh(lock: &ifa->lock);
5084	if (!((ifa->flags&IFA_F_PERMANENT) &&
5085	(ifa->prefered_lft == INFINITY_LIFE_TIME))) {
5086	preferred = ifa->prefered_lft;
5087	valid = ifa->valid_lft;
5088	if (preferred != INFINITY_LIFE_TIME) {
5089	long tval = (jiffies - ifa->tstamp)/HZ;
5090	if (preferred > tval)
5091	preferred -= tval;
5092	else
5093	preferred = 0;
5094	if (valid != INFINITY_LIFE_TIME) {
5095	if (valid > tval)
5096	valid -= tval;
5097	else
5098	valid = 0;
5099	}
5100	}
5101	} else {
5102	preferred = INFINITY_LIFE_TIME;
5103	valid = INFINITY_LIFE_TIME;
5104	}
5105	spin_unlock_bh(lock: &ifa->lock);
5106
5107	if (!ipv6_addr_any(a: &ifa->peer_addr)) {
5108	if (nla_put_in6_addr(skb, attrtype: IFA_LOCAL, addr: &ifa->addr) < 0 ||
5109	nla_put_in6_addr(skb, attrtype: IFA_ADDRESS, addr: &ifa->peer_addr) < 0)
5110	goto error;
5111	} else
5112	if (nla_put_in6_addr(skb, attrtype: IFA_ADDRESS, addr: &ifa->addr) < 0)
5113	goto error;
5114
5115	if (ifa->rt_priority &&
5116	nla_put_u32(skb, attrtype: IFA_RT_PRIORITY, value: ifa->rt_priority))
5117	goto error;
5118
5119	if (put_cacheinfo(skb, cstamp: ifa->cstamp, tstamp: ifa->tstamp, preferred, valid) < 0)
5120	goto error;
5121
5122	if (nla_put_u32(skb, attrtype: IFA_FLAGS, value: ifa->flags) < 0)
5123	goto error;
5124
5125	if (ifa->ifa_proto &&
5126	nla_put_u8(skb, attrtype: IFA_PROTO, value: ifa->ifa_proto))
5127	goto error;
5128
5129	nlmsg_end(skb, nlh);
5130	return 0;
5131
5132	error:
5133	nlmsg_cancel(skb, nlh);
5134	return -EMSGSIZE;
5135	}
5136
5137	static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
5138	struct inet6_fill_args *args)
5139	{
5140	struct nlmsghdr *nlh;
5141	u8 scope = RT_SCOPE_UNIVERSE;
5142	int ifindex = ifmca->idev->dev->ifindex;
5143
5144	if (ipv6_addr_scope(addr: &ifmca->mca_addr) & IFA_SITE)
5145	scope = RT_SCOPE_SITE;
5146
5147	nlh = nlmsg_put(skb, portid: args->portid, seq: args->seq, type: args->event,
5148	payload: sizeof(struct ifaddrmsg), flags: args->flags);
5149	if (!nlh)
5150	return -EMSGSIZE;
5151
5152	if (args->netnsid >= 0 &&
5153	nla_put_s32(skb, attrtype: IFA_TARGET_NETNSID, value: args->netnsid)) {
5154	nlmsg_cancel(skb, nlh);
5155	return -EMSGSIZE;
5156	}
5157
5158	put_ifaddrmsg(nlh, prefixlen: 128, IFA_F_PERMANENT, scope, ifindex);
5159	if (nla_put_in6_addr(skb, attrtype: IFA_MULTICAST, addr: &ifmca->mca_addr) < 0 ||
5160	put_cacheinfo(skb, cstamp: ifmca->mca_cstamp, tstamp: ifmca->mca_tstamp,
5161	INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) {
5162	nlmsg_cancel(skb, nlh);
5163	return -EMSGSIZE;
5164	}
5165
5166	nlmsg_end(skb, nlh);
5167	return 0;
5168	}
5169
5170	static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
5171	struct inet6_fill_args *args)
5172	{
5173	struct net_device *dev = fib6_info_nh_dev(f6i: ifaca->aca_rt);
5174	int ifindex = dev ? dev->ifindex : 1;
5175	struct nlmsghdr *nlh;
5176	u8 scope = RT_SCOPE_UNIVERSE;
5177
5178	if (ipv6_addr_scope(addr: &ifaca->aca_addr) & IFA_SITE)
5179	scope = RT_SCOPE_SITE;
5180
5181	nlh = nlmsg_put(skb, portid: args->portid, seq: args->seq, type: args->event,
5182	payload: sizeof(struct ifaddrmsg), flags: args->flags);
5183	if (!nlh)
5184	return -EMSGSIZE;
5185
5186	if (args->netnsid >= 0 &&
5187	nla_put_s32(skb, attrtype: IFA_TARGET_NETNSID, value: args->netnsid)) {
5188	nlmsg_cancel(skb, nlh);
5189	return -EMSGSIZE;
5190	}
5191
5192	put_ifaddrmsg(nlh, prefixlen: 128, IFA_F_PERMANENT, scope, ifindex);
5193	if (nla_put_in6_addr(skb, attrtype: IFA_ANYCAST, addr: &ifaca->aca_addr) < 0 ||
5194	put_cacheinfo(skb, cstamp: ifaca->aca_cstamp, tstamp: ifaca->aca_tstamp,
5195	INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) {
5196	nlmsg_cancel(skb, nlh);
5197	return -EMSGSIZE;
5198	}
5199
5200	nlmsg_end(skb, nlh);
5201	return 0;
5202	}
5203
5204	/* called with rcu_read_lock() */
5205	static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb,
5206	struct netlink_callback *cb, int s_ip_idx,
5207	struct inet6_fill_args *fillargs)
5208	{
5209	struct ifmcaddr6 *ifmca;
5210	struct ifacaddr6 *ifaca;
5211	int ip_idx = 0;
5212	int err = 1;
5213
5214	read_lock_bh(&idev->lock);
5215	switch (fillargs->type) {
5216	case UNICAST_ADDR: {
5217	struct inet6_ifaddr *ifa;
5218	fillargs->event = RTM_NEWADDR;
5219
5220	/* unicast address incl. temp addr */
5221	list_for_each_entry(ifa, &idev->addr_list, if_list) {
5222	if (ip_idx < s_ip_idx)
5223	goto next;
5224	err = inet6_fill_ifaddr(skb, ifa, args: fillargs);
5225	if (err < 0)
5226	break;
5227	nl_dump_check_consistent(cb, nlh: nlmsg_hdr(skb));
5228	next:
5229	ip_idx++;
5230	}
5231	break;
5232	}
5233	case MULTICAST_ADDR:
5234	read_unlock_bh(&idev->lock);
5235	fillargs->event = RTM_GETMULTICAST;
5236
5237	/* multicast address */
5238	for (ifmca = rtnl_dereference(idev->mc_list);
5239	ifmca;
5240	ifmca = rtnl_dereference(ifmca->next), ip_idx++) {
5241	if (ip_idx < s_ip_idx)
5242	continue;
5243	err = inet6_fill_ifmcaddr(skb, ifmca, args: fillargs);
5244	if (err < 0)
5245	break;
5246	}
5247	read_lock_bh(&idev->lock);
5248	break;
5249	case ANYCAST_ADDR:
5250	fillargs->event = RTM_GETANYCAST;
5251	/* anycast address */
5252	for (ifaca = idev->ac_list; ifaca;
5253	ifaca = ifaca->aca_next, ip_idx++) {
5254	if (ip_idx < s_ip_idx)
5255	continue;
5256	err = inet6_fill_ifacaddr(skb, ifaca, args: fillargs);
5257	if (err < 0)
5258	break;
5259	}
5260	break;
5261	default:
5262	break;
5263	}
5264	read_unlock_bh(&idev->lock);
5265	cb->args[2] = ip_idx;
5266	return err;
5267	}
5268
5269	static int inet6_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
5270	struct inet6_fill_args *fillargs,
5271	struct net **tgt_net, struct sock *sk,
5272	struct netlink_callback *cb)
5273	{
5274	struct netlink_ext_ack *extack = cb->extack;
5275	struct nlattr *tb[IFA_MAX+1];
5276	struct ifaddrmsg *ifm;
5277	int err, i;
5278
5279	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ifm))) {
5280	NL_SET_ERR_MSG_MOD(extack, "Invalid header for address dump request");
5281	return -EINVAL;
5282	}
5283
5284	ifm = nlmsg_data(nlh);
5285	if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
5286	NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for address dump request");
5287	return -EINVAL;
5288	}
5289
5290	fillargs->ifindex = ifm->ifa_index;
5291	if (fillargs->ifindex) {
5292	cb->answer_flags |= NLM_F_DUMP_FILTERED;
5293	fillargs->flags |= NLM_F_DUMP_FILTERED;
5294	}
5295
5296	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX,
5297	policy: ifa_ipv6_policy, extack);
5298	if (err < 0)
5299	return err;
5300
5301	for (i = 0; i <= IFA_MAX; ++i) {
5302	if (!tb[i])
5303	continue;
5304
5305	if (i == IFA_TARGET_NETNSID) {
5306	struct net *net;
5307
5308	fillargs->netnsid = nla_get_s32(nla: tb[i]);
5309	net = rtnl_get_net_ns_capable(sk, netnsid: fillargs->netnsid);
5310	if (IS_ERR(ptr: net)) {
5311	fillargs->netnsid = -1;
5312	NL_SET_ERR_MSG_MOD(extack, "Invalid target network namespace id");
5313	return PTR_ERR(ptr: net);
5314	}
5315	*tgt_net = net;
5316	} else {
5317	NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in dump request");
5318	return -EINVAL;
5319	}
5320	}
5321
5322	return 0;
5323	}
5324
5325	static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
5326	enum addr_type_t type)
5327	{
5328	const struct nlmsghdr *nlh = cb->nlh;
5329	struct inet6_fill_args fillargs = {
5330	.portid = NETLINK_CB(cb->skb).portid,
5331	.seq = cb->nlh->nlmsg_seq,
5332	.flags = NLM_F_MULTI,
5333	.netnsid = -1,
5334	.type = type,
5335	};
5336	struct net *tgt_net = sock_net(sk: skb->sk);
5337	int idx, s_idx, s_ip_idx;
5338	int h, s_h;
5339	struct net_device *dev;
5340	struct inet6_dev *idev;
5341	struct hlist_head *head;
5342	int err = 0;
5343
5344	s_h = cb->args[0];
5345	s_idx = idx = cb->args[1];
5346	s_ip_idx = cb->args[2];
5347
5348	if (cb->strict_check) {
5349	err = inet6_valid_dump_ifaddr_req(nlh, fillargs: &fillargs, tgt_net: &tgt_net,
5350	sk: skb->sk, cb);
5351	if (err < 0)
5352	goto put_tgt_net;
5353
5354	err = 0;
5355	if (fillargs.ifindex) {
5356	dev = __dev_get_by_index(net: tgt_net, ifindex: fillargs.ifindex);
5357	if (!dev) {
5358	err = -ENODEV;
5359	goto put_tgt_net;
5360	}
5361	idev = __in6_dev_get(dev);
5362	if (idev) {
5363	err = in6_dump_addrs(idev, skb, cb, s_ip_idx,
5364	fillargs: &fillargs);
5365	if (err > 0)
5366	err = 0;
5367	}
5368	goto put_tgt_net;
5369	}
5370	}
5371
5372	rcu_read_lock();
5373	cb->seq = atomic_read(v: &tgt_net->ipv6.dev_addr_genid) ^ tgt_net->dev_base_seq;
5374	for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
5375	idx = 0;
5376	head = &tgt_net->dev_index_head[h];
5377	hlist_for_each_entry_rcu(dev, head, index_hlist) {
5378	if (idx < s_idx)
5379	goto cont;
5380	if (h > s_h || idx > s_idx)
5381	s_ip_idx = 0;
5382	idev = __in6_dev_get(dev);
5383	if (!idev)
5384	goto cont;
5385
5386	if (in6_dump_addrs(idev, skb, cb, s_ip_idx,
5387	fillargs: &fillargs) < 0)
5388	goto done;
5389	cont:
5390	idx++;
5391	}
5392	}
5393	done:
5394	rcu_read_unlock();
5395	cb->args[0] = h;
5396	cb->args[1] = idx;
5397	put_tgt_net:
5398	if (fillargs.netnsid >= 0)
5399	put_net(net: tgt_net);
5400
5401	return skb->len ? : err;
5402	}
5403
5404	static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
5405	{
5406	enum addr_type_t type = UNICAST_ADDR;
5407
5408	return inet6_dump_addr(skb, cb, type);
5409	}
5410
5411	static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb)
5412	{
5413	enum addr_type_t type = MULTICAST_ADDR;
5414
5415	return inet6_dump_addr(skb, cb, type);
5416	}
5417
5418
5419	static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
5420	{
5421	enum addr_type_t type = ANYCAST_ADDR;
5422
5423	return inet6_dump_addr(skb, cb, type);
5424	}
5425
5426	static int inet6_rtm_valid_getaddr_req(struct sk_buff *skb,
5427	const struct nlmsghdr *nlh,
5428	struct nlattr **tb,
5429	struct netlink_ext_ack *extack)
5430	{
5431	struct ifaddrmsg *ifm;
5432	int i, err;
5433
5434	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ifm))) {
5435	NL_SET_ERR_MSG_MOD(extack, "Invalid header for get address request");
5436	return -EINVAL;
5437	}
5438
5439	if (!netlink_strict_get_check(skb))
5440	return nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX,
5441	policy: ifa_ipv6_policy, extack);
5442
5443	ifm = nlmsg_data(nlh);
5444	if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
5445	NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for get address request");
5446	return -EINVAL;
5447	}
5448
5449	err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX,
5450	policy: ifa_ipv6_policy, extack);
5451	if (err)
5452	return err;
5453
5454	for (i = 0; i <= IFA_MAX; i++) {
5455	if (!tb[i])
5456	continue;
5457
5458	switch (i) {
5459	case IFA_TARGET_NETNSID:
5460	case IFA_ADDRESS:
5461	case IFA_LOCAL:
5462	break;
5463	default:
5464	NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in get address request");
5465	return -EINVAL;
5466	}
5467	}
5468
5469	return 0;
5470	}
5471
5472	static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
5473	struct netlink_ext_ack *extack)
5474	{
5475	struct net *tgt_net = sock_net(sk: in_skb->sk);
5476	struct inet6_fill_args fillargs = {
5477	.portid = NETLINK_CB(in_skb).portid,
5478	.seq = nlh->nlmsg_seq,
5479	.event = RTM_NEWADDR,
5480	.flags = 0,
5481	.netnsid = -1,
5482	};
5483	struct ifaddrmsg *ifm;
5484	struct nlattr *tb[IFA_MAX+1];
5485	struct in6_addr *addr = NULL, *peer;
5486	struct net_device *dev = NULL;
5487	struct inet6_ifaddr *ifa;
5488	struct sk_buff *skb;
5489	int err;
5490
5491	err = inet6_rtm_valid_getaddr_req(skb: in_skb, nlh, tb, extack);
5492	if (err < 0)
5493	return err;
5494
5495	if (tb[IFA_TARGET_NETNSID]) {
5496	fillargs.netnsid = nla_get_s32(nla: tb[IFA_TARGET_NETNSID]);
5497
5498	tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(in_skb).sk,
5499	netnsid: fillargs.netnsid);
5500	if (IS_ERR(ptr: tgt_net))
5501	return PTR_ERR(ptr: tgt_net);
5502	}
5503
5504	addr = extract_addr(addr: tb[IFA_ADDRESS], local: tb[IFA_LOCAL], peer_pfx: &peer);
5505	if (!addr)
5506	return -EINVAL;
5507
5508	ifm = nlmsg_data(nlh);
5509	if (ifm->ifa_index)
5510	dev = dev_get_by_index(net: tgt_net, ifindex: ifm->ifa_index);
5511
5512	ifa = ipv6_get_ifaddr(net: tgt_net, addr, dev, strict: 1);
5513	if (!ifa) {
5514	err = -EADDRNOTAVAIL;
5515	goto errout;
5516	}
5517
5518	skb = nlmsg_new(payload: inet6_ifaddr_msgsize(), GFP_KERNEL);
5519	if (!skb) {
5520	err = -ENOBUFS;
5521	goto errout_ifa;
5522	}
5523
5524	err = inet6_fill_ifaddr(skb, ifa, args: &fillargs);
5525	if (err < 0) {
5526	/* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
5527	WARN_ON(err == -EMSGSIZE);
5528	kfree_skb(skb);
5529	goto errout_ifa;
5530	}
5531	err = rtnl_unicast(skb, net: tgt_net, NETLINK_CB(in_skb).portid);
5532	errout_ifa:
5533	in6_ifa_put(ifp: ifa);
5534	errout:
5535	dev_put(dev);
5536	if (fillargs.netnsid >= 0)
5537	put_net(net: tgt_net);
5538
5539	return err;
5540	}
5541
5542	static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
5543	{
5544	struct sk_buff *skb;
5545	struct net *net = dev_net(dev: ifa->idev->dev);
5546	struct inet6_fill_args fillargs = {
5547	.portid = 0,
5548	.seq = 0,
5549	.event = event,
5550	.flags = 0,
5551	.netnsid = -1,
5552	};
5553	int err = -ENOBUFS;
5554
5555	skb = nlmsg_new(payload: inet6_ifaddr_msgsize(), GFP_ATOMIC);
5556	if (!skb)
5557	goto errout;
5558
5559	err = inet6_fill_ifaddr(skb, ifa, args: &fillargs);
5560	if (err < 0) {
5561	/* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
5562	WARN_ON(err == -EMSGSIZE);
5563	kfree_skb(skb);
5564	goto errout;
5565	}
5566	rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
5567	return;
5568	errout:
5569	if (err < 0)
5570	rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, error: err);
5571	}
5572
5573	static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
5574	__s32 *array, int bytes)
5575	{
5576	BUG_ON(bytes < (DEVCONF_MAX * 4));
5577
5578	memset(array, 0, bytes);
5579	array[DEVCONF_FORWARDING] = cnf->forwarding;
5580	array[DEVCONF_HOPLIMIT] = cnf->hop_limit;
5581	array[DEVCONF_MTU6] = cnf->mtu6;
5582	array[DEVCONF_ACCEPT_RA] = cnf->accept_ra;
5583	array[DEVCONF_ACCEPT_REDIRECTS] = cnf->accept_redirects;
5584	array[DEVCONF_AUTOCONF] = cnf->autoconf;
5585	array[DEVCONF_DAD_TRANSMITS] = cnf->dad_transmits;
5586	array[DEVCONF_RTR_SOLICITS] = cnf->rtr_solicits;
5587	array[DEVCONF_RTR_SOLICIT_INTERVAL] =
5588	jiffies_to_msecs(j: cnf->rtr_solicit_interval);
5589	array[DEVCONF_RTR_SOLICIT_MAX_INTERVAL] =
5590	jiffies_to_msecs(j: cnf->rtr_solicit_max_interval);
5591	array[DEVCONF_RTR_SOLICIT_DELAY] =
5592	jiffies_to_msecs(j: cnf->rtr_solicit_delay);
5593	array[DEVCONF_FORCE_MLD_VERSION] = cnf->force_mld_version;
5594	array[DEVCONF_MLDV1_UNSOLICITED_REPORT_INTERVAL] =
5595	jiffies_to_msecs(j: cnf->mldv1_unsolicited_report_interval);
5596	array[DEVCONF_MLDV2_UNSOLICITED_REPORT_INTERVAL] =
5597	jiffies_to_msecs(j: cnf->mldv2_unsolicited_report_interval);
5598	array[DEVCONF_USE_TEMPADDR] = cnf->use_tempaddr;
5599	array[DEVCONF_TEMP_VALID_LFT] = cnf->temp_valid_lft;
5600	array[DEVCONF_TEMP_PREFERED_LFT] = cnf->temp_prefered_lft;
5601	array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry;
5602	array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
5603	array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
5604	array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr;
5605	array[DEVCONF_RA_DEFRTR_METRIC] = cnf->ra_defrtr_metric;
5606	array[DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT] = cnf->accept_ra_min_hop_limit;
5607	array[DEVCONF_ACCEPT_RA_PINFO] = cnf->accept_ra_pinfo;
5608	#ifdef CONFIG_IPV6_ROUTER_PREF
5609	array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref;
5610	array[DEVCONF_RTR_PROBE_INTERVAL] =
5611	jiffies_to_msecs(j: cnf->rtr_probe_interval);
5612	#ifdef CONFIG_IPV6_ROUTE_INFO
5613	array[DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN] = cnf->accept_ra_rt_info_min_plen;
5614	array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen;
5615	#endif
5616	#endif
5617	array[DEVCONF_PROXY_NDP] = cnf->proxy_ndp;
5618	array[DEVCONF_ACCEPT_SOURCE_ROUTE] = cnf->accept_source_route;
5619	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
5620	array[DEVCONF_OPTIMISTIC_DAD] = cnf->optimistic_dad;
5621	array[DEVCONF_USE_OPTIMISTIC] = cnf->use_optimistic;
5622	#endif
5623	#ifdef CONFIG_IPV6_MROUTE
5624	array[DEVCONF_MC_FORWARDING] = atomic_read(v: &cnf->mc_forwarding);
5625	#endif
5626	array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6;
5627	array[DEVCONF_ACCEPT_DAD] = cnf->accept_dad;
5628	array[DEVCONF_FORCE_TLLAO] = cnf->force_tllao;
5629	array[DEVCONF_NDISC_NOTIFY] = cnf->ndisc_notify;
5630	array[DEVCONF_SUPPRESS_FRAG_NDISC] = cnf->suppress_frag_ndisc;
5631	array[DEVCONF_ACCEPT_RA_FROM_LOCAL] = cnf->accept_ra_from_local;
5632	array[DEVCONF_ACCEPT_RA_MTU] = cnf->accept_ra_mtu;
5633	array[DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN] = cnf->ignore_routes_with_linkdown;
5634	/* we omit DEVCONF_STABLE_SECRET for now */
5635	array[DEVCONF_USE_OIF_ADDRS_ONLY] = cnf->use_oif_addrs_only;
5636	array[DEVCONF_DROP_UNICAST_IN_L2_MULTICAST] = cnf->drop_unicast_in_l2_multicast;
5637	array[DEVCONF_DROP_UNSOLICITED_NA] = cnf->drop_unsolicited_na;
5638	array[DEVCONF_KEEP_ADDR_ON_DOWN] = cnf->keep_addr_on_down;
5639	array[DEVCONF_SEG6_ENABLED] = cnf->seg6_enabled;
5640	#ifdef CONFIG_IPV6_SEG6_HMAC
5641	array[DEVCONF_SEG6_REQUIRE_HMAC] = cnf->seg6_require_hmac;
5642	#endif
5643	array[DEVCONF_ENHANCED_DAD] = cnf->enhanced_dad;
5644	array[DEVCONF_ADDR_GEN_MODE] = cnf->addr_gen_mode;
5645	array[DEVCONF_DISABLE_POLICY] = cnf->disable_policy;
5646	array[DEVCONF_NDISC_TCLASS] = cnf->ndisc_tclass;
5647	array[DEVCONF_RPL_SEG_ENABLED] = cnf->rpl_seg_enabled;
5648	array[DEVCONF_IOAM6_ENABLED] = cnf->ioam6_enabled;
5649	array[DEVCONF_IOAM6_ID] = cnf->ioam6_id;
5650	array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide;
5651	array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier;
5652	array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na;
5653	array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft;
5654	}
5655
5656	static inline size_t inet6_ifla6_size(void)
5657	{
5658	return nla_total_size(payload: 4) /* IFLA_INET6_FLAGS */
5659	+ nla_total_size(payload: sizeof(struct ifla_cacheinfo))
5660	+ nla_total_size(payload: DEVCONF_MAX * 4) /* IFLA_INET6_CONF */
5661	+ nla_total_size(IPSTATS_MIB_MAX * 8) /* IFLA_INET6_STATS */
5662	+ nla_total_size(ICMP6_MIB_MAX * 8) /* IFLA_INET6_ICMP6STATS */
5663	+ nla_total_size(payload: sizeof(struct in6_addr)) /* IFLA_INET6_TOKEN */
5664	+ nla_total_size(payload: 1) /* IFLA_INET6_ADDR_GEN_MODE */
5665	+ nla_total_size(payload: 4) /* IFLA_INET6_RA_MTU */
5666	+ 0;
5667	}
5668
5669	static inline size_t inet6_if_nlmsg_size(void)
5670	{
5671	return NLMSG_ALIGN(sizeof(struct ifinfomsg))
5672	+ nla_total_size(IFNAMSIZ) /* IFLA_IFNAME */
5673	+ nla_total_size(MAX_ADDR_LEN) /* IFLA_ADDRESS */
5674	+ nla_total_size(payload: 4) /* IFLA_MTU */
5675	+ nla_total_size(payload: 4) /* IFLA_LINK */
5676	+ nla_total_size(payload: 1) /* IFLA_OPERSTATE */
5677	+ nla_total_size(payload: inet6_ifla6_size()); /* IFLA_PROTINFO */
5678	}
5679
5680	static inline void __snmp6_fill_statsdev(u64 *stats, atomic_long_t *mib,
5681	int bytes)
5682	{
5683	int i;
5684	int pad = bytes - sizeof(u64) * ICMP6_MIB_MAX;
5685	BUG_ON(pad < 0);
5686
5687	/* Use put_unaligned() because stats may not be aligned for u64. */
5688	put_unaligned(ICMP6_MIB_MAX, &stats[0]);
5689	for (i = 1; i < ICMP6_MIB_MAX; i++)
5690	put_unaligned(atomic_long_read(&mib[i]), &stats[i]);
5691
5692	memset(&stats[ICMP6_MIB_MAX], 0, pad);
5693	}
5694
5695	static inline void __snmp6_fill_stats64(u64 *stats, void __percpu *mib,
5696	int bytes, size_t syncpoff)
5697	{
5698	int i, c;
5699	u64 buff[IPSTATS_MIB_MAX];
5700	int pad = bytes - sizeof(u64) * IPSTATS_MIB_MAX;
5701
5702	BUG_ON(pad < 0);
5703
5704	memset(buff, 0, sizeof(buff));
5705	buff[0] = IPSTATS_MIB_MAX;
5706
5707	for_each_possible_cpu(c) {
5708	for (i = 1; i < IPSTATS_MIB_MAX; i++)
5709	buff[i] += snmp_get_cpu_field64(mib, cpu: c, offct: i, syncp_offset: syncpoff);
5710	}
5711
5712	memcpy(stats, buff, IPSTATS_MIB_MAX * sizeof(u64));
5713	memset(&stats[IPSTATS_MIB_MAX], 0, pad);
5714	}
5715
5716	static void snmp6_fill_stats(u64 *stats, struct inet6_dev *idev, int attrtype,
5717	int bytes)
5718	{
5719	switch (attrtype) {
5720	case IFLA_INET6_STATS:
5721	__snmp6_fill_stats64(stats, mib: idev->stats.ipv6, bytes,
5722	offsetof(struct ipstats_mib, syncp));
5723	break;
5724	case IFLA_INET6_ICMP6STATS:
5725	__snmp6_fill_statsdev(stats, mib: idev->stats.icmpv6dev->mibs, bytes);
5726	break;
5727	}
5728	}
5729
5730	static int inet6_fill_ifla6_attrs(struct sk_buff *skb, struct inet6_dev *idev,
5731	u32 ext_filter_mask)
5732	{
5733	struct nlattr *nla;
5734	struct ifla_cacheinfo ci;
5735
5736	if (nla_put_u32(skb, attrtype: IFLA_INET6_FLAGS, value: idev->if_flags))
5737	goto nla_put_failure;
5738	ci.max_reasm_len = IPV6_MAXPLEN;
5739	ci.tstamp = cstamp_delta(cstamp: idev->tstamp);
5740	ci.reachable_time = jiffies_to_msecs(j: idev->nd_parms->reachable_time);
5741	ci.retrans_time = jiffies_to_msecs(NEIGH_VAR(idev->nd_parms, RETRANS_TIME));
5742	if (nla_put(skb, attrtype: IFLA_INET6_CACHEINFO, attrlen: sizeof(ci), data: &ci))
5743	goto nla_put_failure;
5744	nla = nla_reserve(skb, attrtype: IFLA_INET6_CONF, attrlen: DEVCONF_MAX * sizeof(s32));
5745	if (!nla)
5746	goto nla_put_failure;
5747	ipv6_store_devconf(cnf: &idev->cnf, array: nla_data(nla), bytes: nla_len(nla));
5748
5749	/* XXX - MC not implemented */
5750
5751	if (ext_filter_mask & RTEXT_FILTER_SKIP_STATS)
5752	return 0;
5753
5754	nla = nla_reserve(skb, attrtype: IFLA_INET6_STATS, IPSTATS_MIB_MAX * sizeof(u64));
5755	if (!nla)
5756	goto nla_put_failure;
5757	snmp6_fill_stats(stats: nla_data(nla), idev, attrtype: IFLA_INET6_STATS, bytes: nla_len(nla));
5758
5759	nla = nla_reserve(skb, attrtype: IFLA_INET6_ICMP6STATS, ICMP6_MIB_MAX * sizeof(u64));
5760	if (!nla)
5761	goto nla_put_failure;
5762	snmp6_fill_stats(stats: nla_data(nla), idev, attrtype: IFLA_INET6_ICMP6STATS, bytes: nla_len(nla));
5763
5764	nla = nla_reserve(skb, attrtype: IFLA_INET6_TOKEN, attrlen: sizeof(struct in6_addr));
5765	if (!nla)
5766	goto nla_put_failure;
5767	read_lock_bh(&idev->lock);
5768	memcpy(nla_data(nla), idev->token.s6_addr, nla_len(nla));
5769	read_unlock_bh(&idev->lock);
5770
5771	if (nla_put_u8(skb, attrtype: IFLA_INET6_ADDR_GEN_MODE, value: idev->cnf.addr_gen_mode))
5772	goto nla_put_failure;
5773
5774	if (idev->ra_mtu &&
5775	nla_put_u32(skb, attrtype: IFLA_INET6_RA_MTU, value: idev->ra_mtu))
5776	goto nla_put_failure;
5777
5778	return 0;
5779
5780	nla_put_failure:
5781	return -EMSGSIZE;
5782	}
5783
5784	static size_t inet6_get_link_af_size(const struct net_device *dev,
5785	u32 ext_filter_mask)
5786	{
5787	if (!__in6_dev_get(dev))
5788	return 0;
5789
5790	return inet6_ifla6_size();
5791	}
5792
5793	static int inet6_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
5794	u32 ext_filter_mask)
5795	{
5796	struct inet6_dev *idev = __in6_dev_get(dev);
5797
5798	if (!idev)
5799	return -ENODATA;
5800
5801	if (inet6_fill_ifla6_attrs(skb, idev, ext_filter_mask) < 0)
5802	return -EMSGSIZE;
5803
5804	return 0;
5805	}
5806
5807	static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token,
5808	struct netlink_ext_ack *extack)
5809	{
5810	struct inet6_ifaddr *ifp;
5811	struct net_device *dev = idev->dev;
5812	bool clear_token, update_rs = false;
5813	struct in6_addr ll_addr;
5814
5815	ASSERT_RTNL();
5816
5817	if (!token)
5818	return -EINVAL;
5819
5820	if (dev->flags & IFF_LOOPBACK) {
5821	NL_SET_ERR_MSG_MOD(extack, "Device is loopback");
5822	return -EINVAL;
5823	}
5824
5825	if (dev->flags & IFF_NOARP) {
5826	NL_SET_ERR_MSG_MOD(extack,
5827	"Device does not do neighbour discovery");
5828	return -EINVAL;
5829	}
5830
5831	if (!ipv6_accept_ra(idev)) {
5832	NL_SET_ERR_MSG_MOD(extack,
5833	"Router advertisement is disabled on device");
5834	return -EINVAL;
5835	}
5836
5837	if (idev->cnf.rtr_solicits == 0) {
5838	NL_SET_ERR_MSG(extack,
5839	"Router solicitation is disabled on device");
5840	return -EINVAL;
5841	}
5842
5843	write_lock_bh(&idev->lock);
5844
5845	BUILD_BUG_ON(sizeof(token->s6_addr) != 16);
5846	memcpy(idev->token.s6_addr + 8, token->s6_addr + 8, 8);
5847
5848	write_unlock_bh(&idev->lock);
5849
5850	clear_token = ipv6_addr_any(a: token);
5851	if (clear_token)
5852	goto update_lft;
5853
5854	if (!idev->dead && (idev->if_flags & IF_READY) &&
5855	!ipv6_get_lladdr(dev, addr: &ll_addr, IFA_F_TENTATIVE |
5856	IFA_F_OPTIMISTIC)) {
5857	/* If we're not ready, then normal ifup will take care
5858	* of this. Otherwise, we need to request our rs here.
5859	*/
5860	ndisc_send_rs(dev, saddr: &ll_addr, daddr: &in6addr_linklocal_allrouters);
5861	update_rs = true;
5862	}
5863
5864	update_lft:
5865	write_lock_bh(&idev->lock);
5866
5867	if (update_rs) {
5868	idev->if_flags |= IF_RS_SENT;
5869	idev->rs_interval = rfc3315_s14_backoff_init(
5870	irt: idev->cnf.rtr_solicit_interval);
5871	idev->rs_probes = 1;
5872	addrconf_mod_rs_timer(idev, when: idev->rs_interval);
5873	}
5874
5875	/* Well, that's kinda nasty ... */
5876	list_for_each_entry(ifp, &idev->addr_list, if_list) {
5877	spin_lock(lock: &ifp->lock);
5878	if (ifp->tokenized) {
5879	ifp->valid_lft = 0;
5880	ifp->prefered_lft = 0;
5881	}
5882	spin_unlock(lock: &ifp->lock);
5883	}
5884
5885	write_unlock_bh(&idev->lock);
5886	inet6_ifinfo_notify(RTM_NEWLINK, idev);
5887	addrconf_verify_rtnl(net: dev_net(dev));
5888	return 0;
5889	}
5890
5891	static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = {
5892	[IFLA_INET6_ADDR_GEN_MODE] = { .type = NLA_U8 },
5893	[IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) },
5894	[IFLA_INET6_RA_MTU] = { .type = NLA_REJECT,
5895	.reject_message =
5896	"IFLA_INET6_RA_MTU can not be set" },
5897	};
5898
5899	static int check_addr_gen_mode(int mode)
5900	{
5901	if (mode != IN6_ADDR_GEN_MODE_EUI64 &&
5902	mode != IN6_ADDR_GEN_MODE_NONE &&
5903	mode != IN6_ADDR_GEN_MODE_STABLE_PRIVACY &&
5904	mode != IN6_ADDR_GEN_MODE_RANDOM)
5905	return -EINVAL;
5906	return 1;
5907	}
5908
5909	static int check_stable_privacy(struct inet6_dev *idev, struct net *net,
5910	int mode)
5911	{
5912	if (mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY &&
5913	!idev->cnf.stable_secret.initialized &&
5914	!net->ipv6.devconf_dflt->stable_secret.initialized)
5915	return -EINVAL;
5916	return 1;
5917	}
5918
5919	static int inet6_validate_link_af(const struct net_device *dev,
5920	const struct nlattr *nla,
5921	struct netlink_ext_ack *extack)
5922	{
5923	struct nlattr *tb[IFLA_INET6_MAX + 1];
5924	struct inet6_dev *idev = NULL;
5925	int err;
5926
5927	if (dev) {
5928	idev = __in6_dev_get(dev);
5929	if (!idev)
5930	return -EAFNOSUPPORT;
5931	}
5932
5933	err = nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla,
5934	policy: inet6_af_policy, extack);
5935	if (err)
5936	return err;
5937
5938	if (!tb[IFLA_INET6_TOKEN] && !tb[IFLA_INET6_ADDR_GEN_MODE])
5939	return -EINVAL;
5940
5941	if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
5942	u8 mode = nla_get_u8(nla: tb[IFLA_INET6_ADDR_GEN_MODE]);
5943
5944	if (check_addr_gen_mode(mode) < 0)
5945	return -EINVAL;
5946	if (dev && check_stable_privacy(idev, net: dev_net(dev), mode) < 0)
5947	return -EINVAL;
5948	}
5949
5950	return 0;
5951	}
5952
5953	static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla,
5954	struct netlink_ext_ack *extack)
5955	{
5956	struct inet6_dev *idev = __in6_dev_get(dev);
5957	struct nlattr *tb[IFLA_INET6_MAX + 1];
5958	int err;
5959
5960	if (!idev)
5961	return -EAFNOSUPPORT;
5962
5963	if (nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0)
5964	return -EINVAL;
5965
5966	if (tb[IFLA_INET6_TOKEN]) {
5967	err = inet6_set_iftoken(idev, token: nla_data(nla: tb[IFLA_INET6_TOKEN]),
5968	extack);
5969	if (err)
5970	return err;
5971	}
5972
5973	if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
5974	u8 mode = nla_get_u8(nla: tb[IFLA_INET6_ADDR_GEN_MODE]);
5975
5976	idev->cnf.addr_gen_mode = mode;
5977	}
5978
5979	return 0;
5980	}
5981
5982	static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
5983	u32 portid, u32 seq, int event, unsigned int flags)
5984	{
5985	struct net_device *dev = idev->dev;
5986	struct ifinfomsg *hdr;
5987	struct nlmsghdr *nlh;
5988	void *protoinfo;
5989
5990	nlh = nlmsg_put(skb, portid, seq, type: event, payload: sizeof(*hdr), flags);
5991	if (!nlh)
5992	return -EMSGSIZE;
5993
5994	hdr = nlmsg_data(nlh);
5995	hdr->ifi_family = AF_INET6;
5996	hdr->__ifi_pad = 0;
5997	hdr->ifi_type = dev->type;
5998	hdr->ifi_index = dev->ifindex;
5999	hdr->ifi_flags = dev_get_flags(dev);
6000	hdr->ifi_change = 0;
6001
6002	if (nla_put_string(skb, attrtype: IFLA_IFNAME, str: dev->name) ||
6003	(dev->addr_len &&
6004	nla_put(skb, attrtype: IFLA_ADDRESS, attrlen: dev->addr_len, data: dev->dev_addr)) ||
6005	nla_put_u32(skb, attrtype: IFLA_MTU, value: dev->mtu) ||
6006	(dev->ifindex != dev_get_iflink(dev) &&
6007	nla_put_u32(skb, attrtype: IFLA_LINK, value: dev_get_iflink(dev))) ||
6008	nla_put_u8(skb, attrtype: IFLA_OPERSTATE,
6009	value: netif_running(dev) ? dev->operstate : IF_OPER_DOWN))
6010	goto nla_put_failure;
6011	protoinfo = nla_nest_start_noflag(skb, IFLA_PROTINFO);
6012	if (!protoinfo)
6013	goto nla_put_failure;
6014
6015	if (inet6_fill_ifla6_attrs(skb, idev, ext_filter_mask: 0) < 0)
6016	goto nla_put_failure;
6017
6018	nla_nest_end(skb, start: protoinfo);
6019	nlmsg_end(skb, nlh);
6020	return 0;
6021
6022	nla_put_failure:
6023	nlmsg_cancel(skb, nlh);
6024	return -EMSGSIZE;
6025	}
6026
6027	static int inet6_valid_dump_ifinfo(const struct nlmsghdr *nlh,
6028	struct netlink_ext_ack *extack)
6029	{
6030	struct ifinfomsg *ifm;
6031
6032	if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ifm))) {
6033	NL_SET_ERR_MSG_MOD(extack, "Invalid header for link dump request");
6034	return -EINVAL;
6035	}
6036
6037	if (nlmsg_attrlen(nlh, hdrlen: sizeof(*ifm))) {
6038	NL_SET_ERR_MSG_MOD(extack, "Invalid data after header");
6039	return -EINVAL;
6040	}
6041
6042	ifm = nlmsg_data(nlh);
6043	if (ifm->__ifi_pad || ifm->ifi_type || ifm->ifi_flags ||
6044	ifm->ifi_change || ifm->ifi_index) {
6045	NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for dump request");
6046	return -EINVAL;
6047	}
6048
6049	return 0;
6050	}
6051
6052	static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
6053	{
6054	struct net *net = sock_net(sk: skb->sk);
6055	int h, s_h;
6056	int idx = 0, s_idx;
6057	struct net_device *dev;
6058	struct inet6_dev *idev;
6059	struct hlist_head *head;
6060
6061	/* only requests using strict checking can pass data to
6062	* influence the dump
6063	*/
6064	if (cb->strict_check) {
6065	int err = inet6_valid_dump_ifinfo(nlh: cb->nlh, extack: cb->extack);
6066
6067	if (err < 0)
6068	return err;
6069	}
6070
6071	s_h = cb->args[0];
6072	s_idx = cb->args[1];
6073
6074	rcu_read_lock();
6075	for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
6076	idx = 0;
6077	head = &net->dev_index_head[h];
6078	hlist_for_each_entry_rcu(dev, head, index_hlist) {
6079	if (idx < s_idx)
6080	goto cont;
6081	idev = __in6_dev_get(dev);
6082	if (!idev)
6083	goto cont;
6084	if (inet6_fill_ifinfo(skb, idev,
6085	NETLINK_CB(cb->skb).portid,
6086	seq: cb->nlh->nlmsg_seq,
6087	RTM_NEWLINK, NLM_F_MULTI) < 0)
6088	goto out;
6089	cont:
6090	idx++;
6091	}
6092	}
6093	out:
6094	rcu_read_unlock();
6095	cb->args[1] = idx;
6096	cb->args[0] = h;
6097
6098	return skb->len;
6099	}
6100
6101	void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
6102	{
6103	struct sk_buff *skb;
6104	struct net *net = dev_net(dev: idev->dev);
6105	int err = -ENOBUFS;
6106
6107	skb = nlmsg_new(payload: inet6_if_nlmsg_size(), GFP_ATOMIC);
6108	if (!skb)
6109	goto errout;
6110
6111	err = inet6_fill_ifinfo(skb, idev, portid: 0, seq: 0, event, flags: 0);
6112	if (err < 0) {
6113	/* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */
6114	WARN_ON(err == -EMSGSIZE);
6115	kfree_skb(skb);
6116	goto errout;
6117	}
6118	rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_IFINFO, NULL, GFP_ATOMIC);
6119	return;
6120	errout:
6121	if (err < 0)
6122	rtnl_set_sk_err(net, RTNLGRP_IPV6_IFINFO, error: err);
6123	}
6124
6125	static inline size_t inet6_prefix_nlmsg_size(void)
6126	{
6127	return NLMSG_ALIGN(sizeof(struct prefixmsg))
6128	+ nla_total_size(payload: sizeof(struct in6_addr))
6129	+ nla_total_size(payload: sizeof(struct prefix_cacheinfo));
6130	}
6131
6132	static int inet6_fill_prefix(struct sk_buff *skb, struct inet6_dev *idev,
6133	struct prefix_info *pinfo, u32 portid, u32 seq,
6134	int event, unsigned int flags)
6135	{
6136	struct prefixmsg *pmsg;
6137	struct nlmsghdr *nlh;
6138	struct prefix_cacheinfo ci;
6139
6140	nlh = nlmsg_put(skb, portid, seq, type: event, payload: sizeof(*pmsg), flags);
6141	if (!nlh)
6142	return -EMSGSIZE;
6143
6144	pmsg = nlmsg_data(nlh);
6145	pmsg->prefix_family = AF_INET6;
6146	pmsg->prefix_pad1 = 0;
6147	pmsg->prefix_pad2 = 0;
6148	pmsg->prefix_ifindex = idev->dev->ifindex;
6149	pmsg->prefix_len = pinfo->prefix_len;
6150	pmsg->prefix_type = pinfo->type;
6151	pmsg->prefix_pad3 = 0;
6152	pmsg->prefix_flags = 0;
6153	if (pinfo->onlink)
6154	pmsg->prefix_flags |= IF_PREFIX_ONLINK;
6155	if (pinfo->autoconf)
6156	pmsg->prefix_flags |= IF_PREFIX_AUTOCONF;
6157
6158	if (nla_put(skb, attrtype: PREFIX_ADDRESS, attrlen: sizeof(pinfo->prefix), data: &pinfo->prefix))
6159	goto nla_put_failure;
6160	ci.preferred_time = ntohl(pinfo->prefered);
6161	ci.valid_time = ntohl(pinfo->valid);
6162	if (nla_put(skb, attrtype: PREFIX_CACHEINFO, attrlen: sizeof(ci), data: &ci))
6163	goto nla_put_failure;
6164	nlmsg_end(skb, nlh);
6165	return 0;
6166
6167	nla_put_failure:
6168	nlmsg_cancel(skb, nlh);
6169	return -EMSGSIZE;
6170	}
6171
6172	static void inet6_prefix_notify(int event, struct inet6_dev *idev,
6173	struct prefix_info *pinfo)
6174	{
6175	struct sk_buff *skb;
6176	struct net *net = dev_net(dev: idev->dev);
6177	int err = -ENOBUFS;
6178
6179	skb = nlmsg_new(payload: inet6_prefix_nlmsg_size(), GFP_ATOMIC);
6180	if (!skb)
6181	goto errout;
6182
6183	err = inet6_fill_prefix(skb, idev, pinfo, portid: 0, seq: 0, event, flags: 0);
6184	if (err < 0) {
6185	/* -EMSGSIZE implies BUG in inet6_prefix_nlmsg_size() */
6186	WARN_ON(err == -EMSGSIZE);
6187	kfree_skb(skb);
6188	goto errout;
6189	}
6190	rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC);
6191	return;
6192	errout:
6193	if (err < 0)
6194	rtnl_set_sk_err(net, RTNLGRP_IPV6_PREFIX, error: err);
6195	}
6196
6197	static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
6198	{
6199	struct net *net = dev_net(dev: ifp->idev->dev);
6200
6201	if (event)
6202	ASSERT_RTNL();
6203
6204	inet6_ifa_notify(event: event ? : RTM_NEWADDR, ifa: ifp);
6205
6206	switch (event) {
6207	case RTM_NEWADDR:
6208	/*
6209	* If the address was optimistic we inserted the route at the
6210	* start of our DAD process, so we don't need to do it again.
6211	* If the device was taken down in the middle of the DAD
6212	* cycle there is a race where we could get here without a
6213	* host route, so nothing to insert. That will be fixed when
6214	* the device is brought up.
6215	*/
6216	if (ifp->rt && !rcu_access_pointer(ifp->rt->fib6_node)) {
6217	ip6_ins_rt(net, f6i: ifp->rt);
6218	} else if (!ifp->rt && (ifp->idev->dev->flags & IFF_UP)) {
6219	pr_warn("BUG: Address %pI6c on device %s is missing its host route.\n",
6220	&ifp->addr, ifp->idev->dev->name);
6221	}
6222
6223	if (ifp->idev->cnf.forwarding)
6224	addrconf_join_anycast(ifp);
6225	if (!ipv6_addr_any(a: &ifp->peer_addr))
6226	addrconf_prefix_route(pfx: &ifp->peer_addr, plen: 128,
6227	metric: ifp->rt_priority, dev: ifp->idev->dev,
6228	expires: 0, flags: 0, GFP_ATOMIC);
6229	break;
6230	case RTM_DELADDR:
6231	if (ifp->idev->cnf.forwarding)
6232	addrconf_leave_anycast(ifp);
6233	addrconf_leave_solict(idev: ifp->idev, addr: &ifp->addr);
6234	if (!ipv6_addr_any(a: &ifp->peer_addr)) {
6235	struct fib6_info *rt;
6236
6237	rt = addrconf_get_prefix_route(pfx: &ifp->peer_addr, plen: 128,
6238	dev: ifp->idev->dev, flags: 0, noflags: 0,
6239	no_gw: false);
6240	if (rt)
6241	ip6_del_rt(net, f6i: rt, skip_notify: false);
6242	}
6243	if (ifp->rt) {
6244	ip6_del_rt(net, f6i: ifp->rt, skip_notify: false);
6245	ifp->rt = NULL;
6246	}
6247	rt_genid_bump_ipv6(net);
6248	break;
6249	}
6250	atomic_inc(v: &net->ipv6.dev_addr_genid);
6251	}
6252
6253	static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
6254	{
6255	if (likely(ifp->idev->dead == 0))
6256	__ipv6_ifa_notify(event, ifp);
6257	}
6258
6259	#ifdef CONFIG_SYSCTL
6260
6261	static int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
6262	void *buffer, size_t *lenp, loff_t *ppos)
6263	{
6264	int *valp = ctl->data;
6265	int val = *valp;
6266	loff_t pos = *ppos;
6267	struct ctl_table lctl;
6268	int ret;
6269
6270	/*
6271	* ctl->data points to idev->cnf.forwarding, we should
6272	* not modify it until we get the rtnl lock.
6273	*/
6274	lctl = *ctl;
6275	lctl.data = &val;
6276
6277	ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
6278
6279	if (write)
6280	ret = addrconf_fixup_forwarding(table: ctl, p: valp, newf: val);
6281	if (ret)
6282	*ppos = pos;
6283	return ret;
6284	}
6285
6286	static int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
6287	void *buffer, size_t *lenp, loff_t *ppos)
6288	{
6289	struct inet6_dev *idev = ctl->extra1;
6290	int min_mtu = IPV6_MIN_MTU;
6291	struct ctl_table lctl;
6292
6293	lctl = *ctl;
6294	lctl.extra1 = &min_mtu;
6295	lctl.extra2 = idev ? &idev->dev->mtu : NULL;
6296
6297	return proc_dointvec_minmax(&lctl, write, buffer, lenp, ppos);
6298	}
6299
6300	static void dev_disable_change(struct inet6_dev *idev)
6301	{
6302	struct netdev_notifier_info info;
6303
6304	if (!idev || !idev->dev)
6305	return;
6306
6307	netdev_notifier_info_init(info: &info, dev: idev->dev);
6308	if (idev->cnf.disable_ipv6)
6309	addrconf_notify(NULL, event: NETDEV_DOWN, ptr: &info);
6310	else
6311	addrconf_notify(NULL, event: NETDEV_UP, ptr: &info);
6312	}
6313
6314	static void addrconf_disable_change(struct net *net, __s32 newf)
6315	{
6316	struct net_device *dev;
6317	struct inet6_dev *idev;
6318
6319	for_each_netdev(net, dev) {
6320	idev = __in6_dev_get(dev);
6321	if (idev) {
6322	int changed = (!idev->cnf.disable_ipv6) ^ (!newf);
6323	idev->cnf.disable_ipv6 = newf;
6324	if (changed)
6325	dev_disable_change(idev);
6326	}
6327	}
6328	}
6329
6330	static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
6331	{
6332	struct net *net;
6333	int old;
6334
6335	if (!rtnl_trylock())
6336	return restart_syscall();
6337
6338	net = (struct net *)table->extra2;
6339	old = *p;
6340	*p = newf;
6341
6342	if (p == &net->ipv6.devconf_dflt->disable_ipv6) {
6343	rtnl_unlock();
6344	return 0;
6345	}
6346
6347	if (p == &net->ipv6.devconf_all->disable_ipv6) {
6348	net->ipv6.devconf_dflt->disable_ipv6 = newf;
6349	addrconf_disable_change(net, newf);
6350	} else if ((!newf) ^ (!old))
6351	dev_disable_change(idev: (struct inet6_dev *)table->extra1);
6352
6353	rtnl_unlock();
6354	return 0;
6355	}
6356
6357	static int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
6358	void *buffer, size_t *lenp, loff_t *ppos)
6359	{
6360	int *valp = ctl->data;
6361	int val = *valp;
6362	loff_t pos = *ppos;
6363	struct ctl_table lctl;
6364	int ret;
6365
6366	/*
6367	* ctl->data points to idev->cnf.disable_ipv6, we should
6368	* not modify it until we get the rtnl lock.
6369	*/
6370	lctl = *ctl;
6371	lctl.data = &val;
6372
6373	ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
6374
6375	if (write)
6376	ret = addrconf_disable_ipv6(table: ctl, p: valp, newf: val);
6377	if (ret)
6378	*ppos = pos;
6379	return ret;
6380	}
6381
6382	static int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
6383	void *buffer, size_t *lenp, loff_t *ppos)
6384	{
6385	int *valp = ctl->data;
6386	int ret;
6387	int old, new;
6388
6389	old = *valp;
6390	ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
6391	new = *valp;
6392
6393	if (write && old != new) {
6394	struct net *net = ctl->extra2;
6395
6396	if (!rtnl_trylock())
6397	return restart_syscall();
6398
6399	if (valp == &net->ipv6.devconf_dflt->proxy_ndp)
6400	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
6401	type: NETCONFA_PROXY_NEIGH,
6402	NETCONFA_IFINDEX_DEFAULT,
6403	devconf: net->ipv6.devconf_dflt);
6404	else if (valp == &net->ipv6.devconf_all->proxy_ndp)
6405	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
6406	type: NETCONFA_PROXY_NEIGH,
6407	NETCONFA_IFINDEX_ALL,
6408	devconf: net->ipv6.devconf_all);
6409	else {
6410	struct inet6_dev *idev = ctl->extra1;
6411
6412	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
6413	type: NETCONFA_PROXY_NEIGH,
6414	ifindex: idev->dev->ifindex,
6415	devconf: &idev->cnf);
6416	}
6417	rtnl_unlock();
6418	}
6419
6420	return ret;
6421	}
6422
6423	static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
6424	void *buffer, size_t *lenp,
6425	loff_t *ppos)
6426	{
6427	int ret = 0;
6428	u32 new_val;
6429	struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1;
6430	struct net *net = (struct net *)ctl->extra2;
6431	struct ctl_table tmp = {
6432	.data = &new_val,
6433	.maxlen = sizeof(new_val),
6434	.mode = ctl->mode,
6435	};
6436
6437	if (!rtnl_trylock())
6438	return restart_syscall();
6439
6440	new_val = *((u32 *)ctl->data);
6441
6442	ret = proc_douintvec(&tmp, write, buffer, lenp, ppos);
6443	if (ret != 0)
6444	goto out;
6445
6446	if (write) {
6447	if (check_addr_gen_mode(mode: new_val) < 0) {
6448	ret = -EINVAL;
6449	goto out;
6450	}
6451
6452	if (idev) {
6453	if (check_stable_privacy(idev, net, mode: new_val) < 0) {
6454	ret = -EINVAL;
6455	goto out;
6456	}
6457
6458	if (idev->cnf.addr_gen_mode != new_val) {
6459	idev->cnf.addr_gen_mode = new_val;
6460	addrconf_init_auto_addrs(dev: idev->dev);
6461	}
6462	} else if (&net->ipv6.devconf_all->addr_gen_mode == ctl->data) {
6463	struct net_device *dev;
6464
6465	net->ipv6.devconf_dflt->addr_gen_mode = new_val;
6466	for_each_netdev(net, dev) {
6467	idev = __in6_dev_get(dev);
6468	if (idev &&
6469	idev->cnf.addr_gen_mode != new_val) {
6470	idev->cnf.addr_gen_mode = new_val;
6471	addrconf_init_auto_addrs(dev: idev->dev);
6472	}
6473	}
6474	}
6475
6476	*((u32 *)ctl->data) = new_val;
6477	}
6478
6479	out:
6480	rtnl_unlock();
6481
6482	return ret;
6483	}
6484
6485	static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
6486	void *buffer, size_t *lenp,
6487	loff_t *ppos)
6488	{
6489	int err;
6490	struct in6_addr addr;
6491	char str[IPV6_MAX_STRLEN];
6492	struct ctl_table lctl = *ctl;
6493	struct net *net = ctl->extra2;
6494	struct ipv6_stable_secret *secret = ctl->data;
6495
6496	if (&net->ipv6.devconf_all->stable_secret == ctl->data)
6497	return -EIO;
6498
6499	lctl.maxlen = IPV6_MAX_STRLEN;
6500	lctl.data = str;
6501
6502	if (!rtnl_trylock())
6503	return restart_syscall();
6504
6505	if (!write && !secret->initialized) {
6506	err = -EIO;
6507	goto out;
6508	}
6509
6510	err = snprintf(buf: str, size: sizeof(str), fmt: "%pI6", &secret->secret);
6511	if (err >= sizeof(str)) {
6512	err = -EIO;
6513	goto out;
6514	}
6515
6516	err = proc_dostring(&lctl, write, buffer, lenp, ppos);
6517	if (err || !write)
6518	goto out;
6519
6520	if (in6_pton(src: str, srclen: -1, dst: addr.in6_u.u6_addr8, delim: -1, NULL) != 1) {
6521	err = -EIO;
6522	goto out;
6523	}
6524
6525	secret->initialized = true;
6526	secret->secret = addr;
6527
6528	if (&net->ipv6.devconf_dflt->stable_secret == ctl->data) {
6529	struct net_device *dev;
6530
6531	for_each_netdev(net, dev) {
6532	struct inet6_dev *idev = __in6_dev_get(dev);
6533
6534	if (idev) {
6535	idev->cnf.addr_gen_mode =
6536	IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
6537	}
6538	}
6539	} else {
6540	struct inet6_dev *idev = ctl->extra1;
6541
6542	idev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
6543	}
6544
6545	out:
6546	rtnl_unlock();
6547
6548	return err;
6549	}
6550
6551	static
6552	int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
6553	int write, void *buffer,
6554	size_t *lenp,
6555	loff_t *ppos)
6556	{
6557	int *valp = ctl->data;
6558	int val = *valp;
6559	loff_t pos = *ppos;
6560	struct ctl_table lctl;
6561	int ret;
6562
6563	/* ctl->data points to idev->cnf.ignore_routes_when_linkdown
6564	* we should not modify it until we get the rtnl lock.
6565	*/
6566	lctl = *ctl;
6567	lctl.data = &val;
6568
6569	ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
6570
6571	if (write)
6572	ret = addrconf_fixup_linkdown(table: ctl, p: valp, newf: val);
6573	if (ret)
6574	*ppos = pos;
6575	return ret;
6576	}
6577
6578	static
6579	void addrconf_set_nopolicy(struct rt6_info *rt, int action)
6580	{
6581	if (rt) {
6582	if (action)
6583	rt->dst.flags |= DST_NOPOLICY;
6584	else
6585	rt->dst.flags &= ~DST_NOPOLICY;
6586	}
6587	}
6588
6589	static
6590	void addrconf_disable_policy_idev(struct inet6_dev *idev, int val)
6591	{
6592	struct inet6_ifaddr *ifa;
6593
6594	read_lock_bh(&idev->lock);
6595	list_for_each_entry(ifa, &idev->addr_list, if_list) {
6596	spin_lock(lock: &ifa->lock);
6597	if (ifa->rt) {
6598	/* host routes only use builtin fib6_nh */
6599	struct fib6_nh *nh = ifa->rt->fib6_nh;
6600	int cpu;
6601
6602	rcu_read_lock();
6603	ifa->rt->dst_nopolicy = val ? true : false;
6604	if (nh->rt6i_pcpu) {
6605	for_each_possible_cpu(cpu) {
6606	struct rt6_info **rtp;
6607
6608	rtp = per_cpu_ptr(nh->rt6i_pcpu, cpu);
6609	addrconf_set_nopolicy(rt: *rtp, action: val);
6610	}
6611	}
6612	rcu_read_unlock();
6613	}
6614	spin_unlock(lock: &ifa->lock);
6615	}
6616	read_unlock_bh(&idev->lock);
6617	}
6618
6619	static
6620	int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val)
6621	{
6622	struct inet6_dev *idev;
6623	struct net *net;
6624
6625	if (!rtnl_trylock())
6626	return restart_syscall();
6627
6628	*valp = val;
6629
6630	net = (struct net *)ctl->extra2;
6631	if (valp == &net->ipv6.devconf_dflt->disable_policy) {
6632	rtnl_unlock();
6633	return 0;
6634	}
6635
6636	if (valp == &net->ipv6.devconf_all->disable_policy) {
6637	struct net_device *dev;
6638
6639	for_each_netdev(net, dev) {
6640	idev = __in6_dev_get(dev);
6641	if (idev)
6642	addrconf_disable_policy_idev(idev, val);
6643	}
6644	} else {
6645	idev = (struct inet6_dev *)ctl->extra1;
6646	addrconf_disable_policy_idev(idev, val);
6647	}
6648
6649	rtnl_unlock();
6650	return 0;
6651	}
6652
6653	static int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
6654	void *buffer, size_t *lenp, loff_t *ppos)
6655	{
6656	int *valp = ctl->data;
6657	int val = *valp;
6658	loff_t pos = *ppos;
6659	struct ctl_table lctl;
6660	int ret;
6661
6662	lctl = *ctl;
6663	lctl.data = &val;
6664	ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
6665
6666	if (write && (*valp != val))
6667	ret = addrconf_disable_policy(ctl, valp, val);
6668
6669	if (ret)
6670	*ppos = pos;
6671
6672	return ret;
6673	}
6674
6675	static int minus_one = -1;
6676	static const int two_five_five = 255;
6677	static u32 ioam6_if_id_max = U16_MAX;
6678
6679	static const struct ctl_table addrconf_sysctl[] = {
6680	{
6681	.procname = "forwarding",
6682	.data = &ipv6_devconf.forwarding,
6683	.maxlen = sizeof(int),
6684	.mode = 0644,
6685	.proc_handler = addrconf_sysctl_forward,
6686	},
6687	{
6688	.procname = "hop_limit",
6689	.data = &ipv6_devconf.hop_limit,
6690	.maxlen = sizeof(int),
6691	.mode = 0644,
6692	.proc_handler = proc_dointvec_minmax,
6693	.extra1 = (void *)SYSCTL_ONE,
6694	.extra2 = (void *)&two_five_five,
6695	},
6696	{
6697	.procname = "mtu",
6698	.data = &ipv6_devconf.mtu6,
6699	.maxlen = sizeof(int),
6700	.mode = 0644,
6701	.proc_handler = addrconf_sysctl_mtu,
6702	},
6703	{
6704	.procname = "accept_ra",
6705	.data = &ipv6_devconf.accept_ra,
6706	.maxlen = sizeof(int),
6707	.mode = 0644,
6708	.proc_handler = proc_dointvec,
6709	},
6710	{
6711	.procname = "accept_redirects",
6712	.data = &ipv6_devconf.accept_redirects,
6713	.maxlen = sizeof(int),
6714	.mode = 0644,
6715	.proc_handler = proc_dointvec,
6716	},
6717	{
6718	.procname = "autoconf",
6719	.data = &ipv6_devconf.autoconf,
6720	.maxlen = sizeof(int),
6721	.mode = 0644,
6722	.proc_handler = proc_dointvec,
6723	},
6724	{
6725	.procname = "dad_transmits",
6726	.data = &ipv6_devconf.dad_transmits,
6727	.maxlen = sizeof(int),
6728	.mode = 0644,
6729	.proc_handler = proc_dointvec,
6730	},
6731	{
6732	.procname = "router_solicitations",
6733	.data = &ipv6_devconf.rtr_solicits,
6734	.maxlen = sizeof(int),
6735	.mode = 0644,
6736	.proc_handler = proc_dointvec_minmax,
6737	.extra1 = &minus_one,
6738	},
6739	{
6740	.procname = "router_solicitation_interval",
6741	.data = &ipv6_devconf.rtr_solicit_interval,
6742	.maxlen = sizeof(int),
6743	.mode = 0644,
6744	.proc_handler = proc_dointvec_jiffies,
6745	},
6746	{
6747	.procname = "router_solicitation_max_interval",
6748	.data = &ipv6_devconf.rtr_solicit_max_interval,
6749	.maxlen = sizeof(int),
6750	.mode = 0644,
6751	.proc_handler = proc_dointvec_jiffies,
6752	},
6753	{
6754	.procname = "router_solicitation_delay",
6755	.data = &ipv6_devconf.rtr_solicit_delay,
6756	.maxlen = sizeof(int),
6757	.mode = 0644,
6758	.proc_handler = proc_dointvec_jiffies,
6759	},
6760	{
6761	.procname = "force_mld_version",
6762	.data = &ipv6_devconf.force_mld_version,
6763	.maxlen = sizeof(int),
6764	.mode = 0644,
6765	.proc_handler = proc_dointvec,
6766	},
6767	{
6768	.procname = "mldv1_unsolicited_report_interval",
6769	.data =
6770	&ipv6_devconf.mldv1_unsolicited_report_interval,
6771	.maxlen = sizeof(int),
6772	.mode = 0644,
6773	.proc_handler = proc_dointvec_ms_jiffies,
6774	},
6775	{
6776	.procname = "mldv2_unsolicited_report_interval",
6777	.data =
6778	&ipv6_devconf.mldv2_unsolicited_report_interval,
6779	.maxlen = sizeof(int),
6780	.mode = 0644,
6781	.proc_handler = proc_dointvec_ms_jiffies,
6782	},
6783	{
6784	.procname = "use_tempaddr",
6785	.data = &ipv6_devconf.use_tempaddr,
6786	.maxlen = sizeof(int),
6787	.mode = 0644,
6788	.proc_handler = proc_dointvec,
6789	},
6790	{
6791	.procname = "temp_valid_lft",
6792	.data = &ipv6_devconf.temp_valid_lft,
6793	.maxlen = sizeof(int),
6794	.mode = 0644,
6795	.proc_handler = proc_dointvec,
6796	},
6797	{
6798	.procname = "temp_prefered_lft",
6799	.data = &ipv6_devconf.temp_prefered_lft,
6800	.maxlen = sizeof(int),
6801	.mode = 0644,
6802	.proc_handler = proc_dointvec,
6803	},
6804	{
6805	.procname = "regen_max_retry",
6806	.data = &ipv6_devconf.regen_max_retry,
6807	.maxlen = sizeof(int),
6808	.mode = 0644,
6809	.proc_handler = proc_dointvec,
6810	},
6811	{
6812	.procname = "max_desync_factor",
6813	.data = &ipv6_devconf.max_desync_factor,
6814	.maxlen = sizeof(int),
6815	.mode = 0644,
6816	.proc_handler = proc_dointvec,
6817	},
6818	{
6819	.procname = "max_addresses",
6820	.data = &ipv6_devconf.max_addresses,
6821	.maxlen = sizeof(int),
6822	.mode = 0644,
6823	.proc_handler = proc_dointvec,
6824	},
6825	{
6826	.procname = "accept_ra_defrtr",
6827	.data = &ipv6_devconf.accept_ra_defrtr,
6828	.maxlen = sizeof(int),
6829	.mode = 0644,
6830	.proc_handler = proc_dointvec,
6831	},
6832	{
6833	.procname = "ra_defrtr_metric",
6834	.data = &ipv6_devconf.ra_defrtr_metric,
6835	.maxlen = sizeof(u32),
6836	.mode = 0644,
6837	.proc_handler = proc_douintvec_minmax,
6838	.extra1 = (void *)SYSCTL_ONE,
6839	},
6840	{
6841	.procname = "accept_ra_min_hop_limit",
6842	.data = &ipv6_devconf.accept_ra_min_hop_limit,
6843	.maxlen = sizeof(int),
6844	.mode = 0644,
6845	.proc_handler = proc_dointvec,
6846	},
6847	{
6848	.procname = "accept_ra_min_lft",
6849	.data = &ipv6_devconf.accept_ra_min_lft,
6850	.maxlen = sizeof(int),
6851	.mode = 0644,
6852	.proc_handler = proc_dointvec,
6853	},
6854	{
6855	.procname = "accept_ra_pinfo",
6856	.data = &ipv6_devconf.accept_ra_pinfo,
6857	.maxlen = sizeof(int),
6858	.mode = 0644,
6859	.proc_handler = proc_dointvec,
6860	},
6861	{
6862	.procname = "ra_honor_pio_life",
6863	.data = &ipv6_devconf.ra_honor_pio_life,
6864	.maxlen = sizeof(u8),
6865	.mode = 0644,
6866	.proc_handler = proc_dou8vec_minmax,
6867	.extra1 = SYSCTL_ZERO,
6868	.extra2 = SYSCTL_ONE,
6869	},
6870	#ifdef CONFIG_IPV6_ROUTER_PREF
6871	{
6872	.procname = "accept_ra_rtr_pref",
6873	.data = &ipv6_devconf.accept_ra_rtr_pref,
6874	.maxlen = sizeof(int),
6875	.mode = 0644,
6876	.proc_handler = proc_dointvec,
6877	},
6878	{
6879	.procname = "router_probe_interval",
6880	.data = &ipv6_devconf.rtr_probe_interval,
6881	.maxlen = sizeof(int),
6882	.mode = 0644,
6883	.proc_handler = proc_dointvec_jiffies,
6884	},
6885	#ifdef CONFIG_IPV6_ROUTE_INFO
6886	{
6887	.procname = "accept_ra_rt_info_min_plen",
6888	.data = &ipv6_devconf.accept_ra_rt_info_min_plen,
6889	.maxlen = sizeof(int),
6890	.mode = 0644,
6891	.proc_handler = proc_dointvec,
6892	},
6893	{
6894	.procname = "accept_ra_rt_info_max_plen",
6895	.data = &ipv6_devconf.accept_ra_rt_info_max_plen,
6896	.maxlen = sizeof(int),
6897	.mode = 0644,
6898	.proc_handler = proc_dointvec,
6899	},
6900	#endif
6901	#endif
6902	{
6903	.procname = "proxy_ndp",
6904	.data = &ipv6_devconf.proxy_ndp,
6905	.maxlen = sizeof(int),
6906	.mode = 0644,
6907	.proc_handler = addrconf_sysctl_proxy_ndp,
6908	},
6909	{
6910	.procname = "accept_source_route",
6911	.data = &ipv6_devconf.accept_source_route,
6912	.maxlen = sizeof(int),
6913	.mode = 0644,
6914	.proc_handler = proc_dointvec,
6915	},
6916	#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
6917	{
6918	.procname = "optimistic_dad",
6919	.data = &ipv6_devconf.optimistic_dad,
6920	.maxlen = sizeof(int),
6921	.mode = 0644,
6922	.proc_handler = proc_dointvec,
6923	},
6924	{
6925	.procname = "use_optimistic",
6926	.data = &ipv6_devconf.use_optimistic,
6927	.maxlen = sizeof(int),
6928	.mode = 0644,
6929	.proc_handler = proc_dointvec,
6930	},
6931	#endif
6932	#ifdef CONFIG_IPV6_MROUTE
6933	{
6934	.procname = "mc_forwarding",
6935	.data = &ipv6_devconf.mc_forwarding,
6936	.maxlen = sizeof(int),
6937	.mode = 0444,
6938	.proc_handler = proc_dointvec,
6939	},
6940	#endif
6941	{
6942	.procname = "disable_ipv6",
6943	.data = &ipv6_devconf.disable_ipv6,
6944	.maxlen = sizeof(int),
6945	.mode = 0644,
6946	.proc_handler = addrconf_sysctl_disable,
6947	},
6948	{
6949	.procname = "accept_dad",
6950	.data = &ipv6_devconf.accept_dad,
6951	.maxlen = sizeof(int),
6952	.mode = 0644,
6953	.proc_handler = proc_dointvec,
6954	},
6955	{
6956	.procname = "force_tllao",
6957	.data = &ipv6_devconf.force_tllao,
6958	.maxlen = sizeof(int),
6959	.mode = 0644,
6960	.proc_handler = proc_dointvec
6961	},
6962	{
6963	.procname = "ndisc_notify",
6964	.data = &ipv6_devconf.ndisc_notify,
6965	.maxlen = sizeof(int),
6966	.mode = 0644,
6967	.proc_handler = proc_dointvec
6968	},
6969	{
6970	.procname = "suppress_frag_ndisc",
6971	.data = &ipv6_devconf.suppress_frag_ndisc,
6972	.maxlen = sizeof(int),
6973	.mode = 0644,
6974	.proc_handler = proc_dointvec
6975	},
6976	{
6977	.procname = "accept_ra_from_local",
6978	.data = &ipv6_devconf.accept_ra_from_local,
6979	.maxlen = sizeof(int),
6980	.mode = 0644,
6981	.proc_handler = proc_dointvec,
6982	},
6983	{
6984	.procname = "accept_ra_mtu",
6985	.data = &ipv6_devconf.accept_ra_mtu,
6986	.maxlen = sizeof(int),
6987	.mode = 0644,
6988	.proc_handler = proc_dointvec,
6989	},
6990	{
6991	.procname = "stable_secret",
6992	.data = &ipv6_devconf.stable_secret,
6993	.maxlen = IPV6_MAX_STRLEN,
6994	.mode = 0600,
6995	.proc_handler = addrconf_sysctl_stable_secret,
6996	},
6997	{
6998	.procname = "use_oif_addrs_only",
6999	.data = &ipv6_devconf.use_oif_addrs_only,
7000	.maxlen = sizeof(int),
7001	.mode = 0644,
7002	.proc_handler = proc_dointvec,
7003	},
7004	{
7005	.procname = "ignore_routes_with_linkdown",
7006	.data = &ipv6_devconf.ignore_routes_with_linkdown,
7007	.maxlen = sizeof(int),
7008	.mode = 0644,
7009	.proc_handler = addrconf_sysctl_ignore_routes_with_linkdown,
7010	},
7011	{
7012	.procname = "drop_unicast_in_l2_multicast",
7013	.data = &ipv6_devconf.drop_unicast_in_l2_multicast,
7014	.maxlen = sizeof(int),
7015	.mode = 0644,
7016	.proc_handler = proc_dointvec,
7017	},
7018	{
7019	.procname = "drop_unsolicited_na",
7020	.data = &ipv6_devconf.drop_unsolicited_na,
7021	.maxlen = sizeof(int),
7022	.mode = 0644,
7023	.proc_handler = proc_dointvec,
7024	},
7025	{
7026	.procname = "keep_addr_on_down",
7027	.data = &ipv6_devconf.keep_addr_on_down,
7028	.maxlen = sizeof(int),
7029	.mode = 0644,
7030	.proc_handler = proc_dointvec,
7031
7032	},
7033	{
7034	.procname = "seg6_enabled",
7035	.data = &ipv6_devconf.seg6_enabled,
7036	.maxlen = sizeof(int),
7037	.mode = 0644,
7038	.proc_handler = proc_dointvec,
7039	},
7040	#ifdef CONFIG_IPV6_SEG6_HMAC
7041	{
7042	.procname = "seg6_require_hmac",
7043	.data = &ipv6_devconf.seg6_require_hmac,
7044	.maxlen = sizeof(int),
7045	.mode = 0644,
7046	.proc_handler = proc_dointvec,
7047	},
7048	#endif
7049	{
7050	.procname = "enhanced_dad",
7051	.data = &ipv6_devconf.enhanced_dad,
7052	.maxlen = sizeof(int),
7053	.mode = 0644,
7054	.proc_handler = proc_dointvec,
7055	},
7056	{
7057	.procname = "addr_gen_mode",
7058	.data = &ipv6_devconf.addr_gen_mode,
7059	.maxlen = sizeof(int),
7060	.mode = 0644,
7061	.proc_handler = addrconf_sysctl_addr_gen_mode,
7062	},
7063	{
7064	.procname = "disable_policy",
7065	.data = &ipv6_devconf.disable_policy,
7066	.maxlen = sizeof(int),
7067	.mode = 0644,
7068	.proc_handler = addrconf_sysctl_disable_policy,
7069	},
7070	{
7071	.procname = "ndisc_tclass",
7072	.data = &ipv6_devconf.ndisc_tclass,
7073	.maxlen = sizeof(int),
7074	.mode = 0644,
7075	.proc_handler = proc_dointvec_minmax,
7076	.extra1 = (void *)SYSCTL_ZERO,
7077	.extra2 = (void *)&two_five_five,
7078	},
7079	{
7080	.procname = "rpl_seg_enabled",
7081	.data = &ipv6_devconf.rpl_seg_enabled,
7082	.maxlen = sizeof(int),
7083	.mode = 0644,
7084	.proc_handler = proc_dointvec,
7085	},
7086	{
7087	.procname = "ioam6_enabled",
7088	.data = &ipv6_devconf.ioam6_enabled,
7089	.maxlen = sizeof(u8),
7090	.mode = 0644,
7091	.proc_handler = proc_dou8vec_minmax,
7092	.extra1 = (void *)SYSCTL_ZERO,
7093	.extra2 = (void *)SYSCTL_ONE,
7094	},
7095	{
7096	.procname = "ioam6_id",
7097	.data = &ipv6_devconf.ioam6_id,
7098	.maxlen = sizeof(u32),
7099	.mode = 0644,
7100	.proc_handler = proc_douintvec_minmax,
7101	.extra1 = (void *)SYSCTL_ZERO,
7102	.extra2 = (void *)&ioam6_if_id_max,
7103	},
7104	{
7105	.procname = "ioam6_id_wide",
7106	.data = &ipv6_devconf.ioam6_id_wide,
7107	.maxlen = sizeof(u32),
7108	.mode = 0644,
7109	.proc_handler = proc_douintvec,
7110	},
7111	{
7112	.procname = "ndisc_evict_nocarrier",
7113	.data = &ipv6_devconf.ndisc_evict_nocarrier,
7114	.maxlen = sizeof(u8),
7115	.mode = 0644,
7116	.proc_handler = proc_dou8vec_minmax,
7117	.extra1 = (void *)SYSCTL_ZERO,
7118	.extra2 = (void *)SYSCTL_ONE,
7119	},
7120	{
7121	.procname = "accept_untracked_na",
7122	.data = &ipv6_devconf.accept_untracked_na,
7123	.maxlen = sizeof(int),
7124	.mode = 0644,
7125	.proc_handler = proc_dointvec_minmax,
7126	.extra1 = SYSCTL_ZERO,
7127	.extra2 = SYSCTL_TWO,
7128	},
7129	{
7130	/* sentinel */
7131	}
7132	};
7133
7134	static int __addrconf_sysctl_register(struct net *net, char *dev_name,
7135	struct inet6_dev *idev, struct ipv6_devconf *p)
7136	{
7137	int i, ifindex;
7138	struct ctl_table *table;
7139	char path[sizeof("net/ipv6/conf/") + IFNAMSIZ];
7140
7141	table = kmemdup(p: addrconf_sysctl, size: sizeof(addrconf_sysctl), GFP_KERNEL_ACCOUNT);
7142	if (!table)
7143	goto out;
7144
7145	for (i = 0; table[i].data; i++) {
7146	table[i].data += (char *)p - (char *)&ipv6_devconf;
7147	/* If one of these is already set, then it is not safe to
7148	* overwrite either of them: this makes proc_dointvec_minmax
7149	* usable.
7150	*/
7151	if (!table[i].extra1 && !table[i].extra2) {
7152	table[i].extra1 = idev; /* embedded; no ref */
7153	table[i].extra2 = net;
7154	}
7155	}
7156
7157	snprintf(buf: path, size: sizeof(path), fmt: "net/ipv6/conf/%s", dev_name);
7158
7159	p->sysctl_header = register_net_sysctl_sz(net, path, table,
7160	ARRAY_SIZE(addrconf_sysctl));
7161	if (!p->sysctl_header)
7162	goto free;
7163
7164	if (!strcmp(dev_name, "all"))
7165	ifindex = NETCONFA_IFINDEX_ALL;
7166	else if (!strcmp(dev_name, "default"))
7167	ifindex = NETCONFA_IFINDEX_DEFAULT;
7168	else
7169	ifindex = idev->dev->ifindex;
7170	inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
7171	ifindex, devconf: p);
7172	return 0;
7173
7174	free:
7175	kfree(objp: table);
7176	out:
7177	return -ENOBUFS;
7178	}
7179
7180	static void __addrconf_sysctl_unregister(struct net *net,
7181	struct ipv6_devconf *p, int ifindex)
7182	{
7183	struct ctl_table *table;
7184
7185	if (!p->sysctl_header)
7186	return;
7187
7188	table = p->sysctl_header->ctl_table_arg;
7189	unregister_net_sysctl_table(header: p->sysctl_header);
7190	p->sysctl_header = NULL;
7191	kfree(objp: table);
7192
7193	inet6_netconf_notify_devconf(net, RTM_DELNETCONF, type: 0, ifindex, NULL);
7194	}
7195
7196	static int addrconf_sysctl_register(struct inet6_dev *idev)
7197	{
7198	int err;
7199
7200	if (!sysctl_dev_name_is_allowed(name: idev->dev->name))
7201	return -EINVAL;
7202
7203	err = neigh_sysctl_register(dev: idev->dev, p: idev->nd_parms,
7204	proc_handler: &ndisc_ifinfo_sysctl_change);
7205	if (err)
7206	return err;
7207	err = __addrconf_sysctl_register(net: dev_net(dev: idev->dev), dev_name: idev->dev->name,
7208	idev, p: &idev->cnf);
7209	if (err)
7210	neigh_sysctl_unregister(p: idev->nd_parms);
7211
7212	return err;
7213	}
7214
7215	static void addrconf_sysctl_unregister(struct inet6_dev *idev)
7216	{
7217	__addrconf_sysctl_unregister(net: dev_net(dev: idev->dev), p: &idev->cnf,
7218	ifindex: idev->dev->ifindex);
7219	neigh_sysctl_unregister(p: idev->nd_parms);
7220	}
7221
7222
7223	#endif
7224
7225	static int __net_init addrconf_init_net(struct net *net)
7226	{
7227	int err = -ENOMEM;
7228	struct ipv6_devconf *all, *dflt;
7229
7230	spin_lock_init(&net->ipv6.addrconf_hash_lock);
7231	INIT_DEFERRABLE_WORK(&net->ipv6.addr_chk_work, addrconf_verify_work);
7232	net->ipv6.inet6_addr_lst = kcalloc(IN6_ADDR_HSIZE,
7233	size: sizeof(struct hlist_head),
7234	GFP_KERNEL);
7235	if (!net->ipv6.inet6_addr_lst)
7236	goto err_alloc_addr;
7237
7238	all = kmemdup(p: &ipv6_devconf, size: sizeof(ipv6_devconf), GFP_KERNEL);
7239	if (!all)
7240	goto err_alloc_all;
7241
7242	dflt = kmemdup(p: &ipv6_devconf_dflt, size: sizeof(ipv6_devconf_dflt), GFP_KERNEL);
7243	if (!dflt)
7244	goto err_alloc_dflt;
7245
7246	if (!net_eq(net1: net, net2: &init_net)) {
7247	switch (net_inherit_devconf()) {
7248	case 1: /* copy from init_net */
7249	memcpy(all, init_net.ipv6.devconf_all,
7250	sizeof(ipv6_devconf));
7251	memcpy(dflt, init_net.ipv6.devconf_dflt,
7252	sizeof(ipv6_devconf_dflt));
7253	break;
7254	case 3: /* copy from the current netns */
7255	memcpy(all, current->nsproxy->net_ns->ipv6.devconf_all,
7256	sizeof(ipv6_devconf));
7257	memcpy(dflt,
7258	current->nsproxy->net_ns->ipv6.devconf_dflt,
7259	sizeof(ipv6_devconf_dflt));
7260	break;
7261	case 0:
7262	case 2:
7263	/* use compiled values */
7264	break;
7265	}
7266	}
7267
7268	/* these will be inherited by all namespaces */
7269	dflt->autoconf = ipv6_defaults.autoconf;
7270	dflt->disable_ipv6 = ipv6_defaults.disable_ipv6;
7271
7272	dflt->stable_secret.initialized = false;
7273	all->stable_secret.initialized = false;
7274
7275	net->ipv6.devconf_all = all;
7276	net->ipv6.devconf_dflt = dflt;
7277
7278	#ifdef CONFIG_SYSCTL
7279	err = __addrconf_sysctl_register(net, dev_name: "all", NULL, p: all);
7280	if (err < 0)
7281	goto err_reg_all;
7282
7283	err = __addrconf_sysctl_register(net, dev_name: "default", NULL, p: dflt);
7284	if (err < 0)
7285	goto err_reg_dflt;
7286	#endif
7287	return 0;
7288
7289	#ifdef CONFIG_SYSCTL
7290	err_reg_dflt:
7291	__addrconf_sysctl_unregister(net, p: all, NETCONFA_IFINDEX_ALL);
7292	err_reg_all:
7293	kfree(objp: dflt);
7294	net->ipv6.devconf_dflt = NULL;
7295	#endif
7296	err_alloc_dflt:
7297	kfree(objp: all);
7298	net->ipv6.devconf_all = NULL;
7299	err_alloc_all:
7300	kfree(objp: net->ipv6.inet6_addr_lst);
7301	err_alloc_addr:
7302	return err;
7303	}
7304
7305	static void __net_exit addrconf_exit_net(struct net *net)
7306	{
7307	int i;
7308
7309	#ifdef CONFIG_SYSCTL
7310	__addrconf_sysctl_unregister(net, p: net->ipv6.devconf_dflt,
7311	NETCONFA_IFINDEX_DEFAULT);
7312	__addrconf_sysctl_unregister(net, p: net->ipv6.devconf_all,
7313	NETCONFA_IFINDEX_ALL);
7314	#endif
7315	kfree(objp: net->ipv6.devconf_dflt);
7316	net->ipv6.devconf_dflt = NULL;
7317	kfree(objp: net->ipv6.devconf_all);
7318	net->ipv6.devconf_all = NULL;
7319
7320	cancel_delayed_work_sync(dwork: &net->ipv6.addr_chk_work);
7321	/*
7322	* Check hash table, then free it.
7323	*/
7324	for (i = 0; i < IN6_ADDR_HSIZE; i++)
7325	WARN_ON_ONCE(!hlist_empty(&net->ipv6.inet6_addr_lst[i]));
7326
7327	kfree(objp: net->ipv6.inet6_addr_lst);
7328	net->ipv6.inet6_addr_lst = NULL;
7329	}
7330
7331	static struct pernet_operations addrconf_ops = {
7332	.init = addrconf_init_net,
7333	.exit = addrconf_exit_net,
7334	};
7335
7336	static struct rtnl_af_ops inet6_ops __read_mostly = {
7337	.family = AF_INET6,
7338	.fill_link_af = inet6_fill_link_af,
7339	.get_link_af_size = inet6_get_link_af_size,
7340	.validate_link_af = inet6_validate_link_af,
7341	.set_link_af = inet6_set_link_af,
7342	};
7343
7344	/*
7345	* Init / cleanup code
7346	*/
7347
7348	int __init addrconf_init(void)
7349	{
7350	struct inet6_dev *idev;
7351	int err;
7352
7353	err = ipv6_addr_label_init();
7354	if (err < 0) {
7355	pr_crit("%s: cannot initialize default policy table: %d\n",
7356	__func__, err);
7357	goto out;
7358	}
7359
7360	err = register_pernet_subsys(&addrconf_ops);
7361	if (err < 0)
7362	goto out_addrlabel;
7363
7364	addrconf_wq = create_workqueue("ipv6_addrconf");
7365	if (!addrconf_wq) {
7366	err = -ENOMEM;
7367	goto out_nowq;
7368	}
7369
7370	rtnl_lock();
7371	idev = ipv6_add_dev(dev: blackhole_netdev);
7372	rtnl_unlock();
7373	if (IS_ERR(ptr: idev)) {
7374	err = PTR_ERR(ptr: idev);
7375	goto errlo;
7376	}
7377
7378	ip6_route_init_special_entries();
7379
7380	register_netdevice_notifier(nb: &ipv6_dev_notf);
7381
7382	addrconf_verify(net: &init_net);
7383
7384	rtnl_af_register(ops: &inet6_ops);
7385
7386	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETLINK,
7387	NULL, inet6_dump_ifinfo, flags: 0);
7388	if (err < 0)
7389	goto errout;
7390
7391	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_NEWADDR,
7392	inet6_rtm_newaddr, NULL, flags: 0);
7393	if (err < 0)
7394	goto errout;
7395	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_DELADDR,
7396	inet6_rtm_deladdr, NULL, flags: 0);
7397	if (err < 0)
7398	goto errout;
7399	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETADDR,
7400	inet6_rtm_getaddr, inet6_dump_ifaddr,
7401	flags: RTNL_FLAG_DOIT_UNLOCKED);
7402	if (err < 0)
7403	goto errout;
7404	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETMULTICAST,
7405	NULL, inet6_dump_ifmcaddr, flags: 0);
7406	if (err < 0)
7407	goto errout;
7408	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETANYCAST,
7409	NULL, inet6_dump_ifacaddr, flags: 0);
7410	if (err < 0)
7411	goto errout;
7412	err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETNETCONF,
7413	inet6_netconf_get_devconf,
7414	inet6_netconf_dump_devconf,
7415	flags: RTNL_FLAG_DOIT_UNLOCKED);
7416	if (err < 0)
7417	goto errout;
7418	err = ipv6_addr_label_rtnl_register();
7419	if (err < 0)
7420	goto errout;
7421
7422	return 0;
7423	errout:
7424	rtnl_unregister_all(PF_INET6);
7425	rtnl_af_unregister(ops: &inet6_ops);
7426	unregister_netdevice_notifier(nb: &ipv6_dev_notf);
7427	errlo:
7428	destroy_workqueue(wq: addrconf_wq);
7429	out_nowq:
7430	unregister_pernet_subsys(&addrconf_ops);
7431	out_addrlabel:
7432	ipv6_addr_label_cleanup();
7433	out:
7434	return err;
7435	}
7436
7437	void addrconf_cleanup(void)
7438	{
7439	struct net_device *dev;
7440
7441	unregister_netdevice_notifier(nb: &ipv6_dev_notf);
7442	unregister_pernet_subsys(&addrconf_ops);
7443	ipv6_addr_label_cleanup();
7444
7445	rtnl_af_unregister(ops: &inet6_ops);
7446
7447	rtnl_lock();
7448
7449	/* clean dev list */
7450	for_each_netdev(&init_net, dev) {
7451	if (__in6_dev_get(dev) == NULL)
7452	continue;
7453	addrconf_ifdown(dev, unregister: true);
7454	}
7455	addrconf_ifdown(dev: init_net.loopback_dev, unregister: true);
7456
7457	rtnl_unlock();
7458
7459	destroy_workqueue(wq: addrconf_wq);
7460	}
7461