WSL2-Linux-Kernel/net/ipv6
Kuniyuki Iwashima 0dad0e75d6 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
[ Upstream commit 23be1e0e2a83a8543214d2599a31d9a2185a796b ]

Initially, commit 4237c75c0a ("[MLSXFRM]: Auto-labeling of child
sockets") introduced security_inet_conn_request() in some functions
where reqsk is allocated.  The hook is added just after the allocation,
so reqsk's IPv6 remote address was not initialised then.

However, SELinux/Smack started to read it in netlbl_req_setattr()
after commit e1adea9270 ("calipso: Allow request sockets to be
relabelled by the lsm.").

Commit 284904aa79 ("lsm: Relocate the IPv4 security_inet_conn_request()
hooks") fixed that kind of issue only in TCPv4 because IPv6 labeling was
not supported at that time.  Finally, the same issue was introduced again
in IPv6.

Let's apply the same fix on DCCPv6 and TCPv6.

Fixes: e1adea9270 ("calipso: Allow request sockets to be relabelled by the lsm.")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-11-20 11:08:28 +01:00
..
ila ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() 2023-03-17 08:48:54 +01:00
netfilter netfilter: tproxy: fix deadlock due to missing BH disable 2023-03-17 08:48:55 +01:00
Kconfig ipv6: ioam: Support for IOAM injection with lwtunnels 2021-07-21 08:14:33 -07:00
Makefile ipv6: ioam: Support for IOAM injection with lwtunnels 2021-07-21 08:14:33 -07:00
addrconf.c net: release reference to inet6_dev pointer 2023-10-19 23:05:35 +02:00
addrconf_core.c ipv6: add ipv6_dev_find to stubs 2021-03-30 13:29:39 -07:00
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-16 09:58:18 +01:00
af_inet6.c dccp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 13:51:54 +02:00
ah6.c xfrm: remove hdr_offset indirection 2021-06-11 14:48:50 +02:00
anycast.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-07-30 16:30:55 -07:00
calipso.c cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-04 15:26:57 -08:00
datagram.c ipv6: Fix datagram socket connection with DSCP. 2023-02-22 12:57:09 +01:00
esp6.c net: ipv6: fix return value check in esp_remove_trailer 2023-10-25 11:58:57 +02:00
esp6_offload.c xfrm: Linearize the skb after offloading if needed. 2023-06-28 10:29:46 +02:00
exthdrs.c ipv6: rpl: Fix Route of Death. 2023-06-14 11:13:02 +02:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-30 13:55:31 +01:00
exthdrs_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
fib6_notifier.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
fib6_rules.c ipv6: fix memory leak in fib6_rule_suppress 2021-12-08 09:04:43 +01:00
fou6.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
icmp.c icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). 2023-07-23 13:47:41 +02:00
inet6_connection_sock.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
inet6_hashtables.c ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH() 2022-08-17 14:23:36 +02:00
ioam6.c ipv6: ioam: move the check for undefined bits 2021-10-12 11:49:49 +01:00
ioam6_iptunnel.c ipv6: ioam: move the check for undefined bits 2021-10-12 11:49:49 +01:00
ip6_checksum.c
ip6_fib.c ipv6: annotate accesses to fn->fn_sernum 2022-02-01 17:27:09 +01:00
ip6_flowlabel.c ipv6: per-netns exclusive flowlabel checks 2022-02-23 12:03:10 +01:00
ip6_gre.c net:ipv6: check return value of pskb_trim() 2023-07-27 08:47:01 +02:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-02-23 11:29:52 -08:00
ip6_input.c tcp/udp: Make early_demux back namespacified. 2022-11-10 18:15:38 +01:00
ip6_offload.c gso: do not skip outer ip header in case of ipip and net_failover 2022-03-02 11:47:56 +01:00
ip6_offload.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6_output.c ipv6: avoid atomic fragment on GSO packets 2023-11-20 11:08:16 +01:00
ip6_tunnel.c net: tunnels: annotate lockless accesses to dev->needed_headroom 2023-03-22 13:31:26 +01:00
ip6_udp_tunnel.c net: Make locking in sock_bindtoindex optional 2020-06-01 14:57:14 -07:00
ip6_vti.c ip6_vti: fix slab-use-after-free in decode_session6 2023-08-26 14:23:32 +02:00
ip6mr.c ip6mr: Fix skb_under_panic in ip6mr_cache_report() 2023-08-11 15:13:53 +02:00
ipcomp6.c xfrm: remove hdr_offset indirection 2021-06-11 14:48:50 +02:00
ipv6_sockglue.c udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). 2023-04-26 13:51:54 +02:00
mcast.c net: mld: fix reference count leak in mld_{query | report}_work() 2022-08-03 12:03:51 +02:00
mcast_snoop.c net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-04-27 14:02:06 -07:00
mip6.c xfrm: ipv6: move mip6_rthdr_offset into xfrm core 2021-06-11 14:48:50 +02:00
ndisc.c net: change accept_ra_min_rtr_lft to affect all RA lifetimes 2023-10-19 23:05:35 +02:00
netfilter.c netfilter: Update ip6_route_me_harder to consider L3 domain 2022-05-09 09:14:41 +02:00
output_core.c ipv6: use prandom_u32() for ID generation 2021-05-31 22:12:08 -07:00
ping.c ping6: Fix send to link-local addresses with VRF. 2023-06-21 15:59:16 +02:00
proc.c net: udp: introduce UDP_MIB_MEMERRORS for udp_mem 2020-11-09 15:34:44 -08:00
protocol.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
raw.c ipv{4,6}/raw: fix output xfrm lookup wrt protocol 2023-06-05 09:21:26 +02:00
reassembly.c ipv6: record frag_max_size in atomic fragments in input path 2021-05-21 15:02:25 -07:00
route.c ipv6: Add lwtunnel encap size of all siblings in nexthop calculation 2023-03-11 13:57:28 +01:00
rpl.c net: rpl: fix rpl header size calculation 2023-04-26 13:51:49 +02:00
rpl_iptunnel.c net: ipv6: rpl_iptunnel: simplify the return expression of rpl_do_srh() 2020-12-08 16:22:54 -08:00
seg6.c ipv6: sr: fix out-of-bounds read when setting HMAC data. 2022-09-15 11:30:06 +02:00
seg6_hmac.c net: ipv6: unexport __init-annotated seg6_hmac_net_init() 2022-07-07 17:53:26 +02:00
seg6_iptunnel.c seg6: fix skb checksum evaluation in SRH encapsulation/insertion 2022-07-21 21:24:30 +02:00
seg6_local.c seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors 2022-07-21 21:24:30 +02:00
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-05-17 11:50:16 +02:00
syncookies.c dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:08:28 +01:00
sysctl_net_ipv6.c ipv6: ioam: Data plane support for Pre-allocated Trace 2021-07-21 08:14:33 -07:00
tcp_ipv6.c tcp: annotate data-races around tcp_rsk(req)->ts_recent 2023-07-27 08:47:01 +02:00
tcpv6_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tunnel6.c tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels 2020-07-09 12:52:37 +02:00
udp.c ipv6: Add reasons for skb drops to __udp6_lib_rcv 2023-09-19 12:22:32 +02:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2023-04-26 13:51:54 +02:00
udp_offload.c udp: properly complete L4 GRO over UDP tunnel packet 2021-03-30 17:06:49 -07:00
udplite.c udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). 2023-05-30 13:55:31 +01:00
xfrm6_input.c xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets 2023-06-28 10:29:46 +02:00
xfrm6_output.c xfrm: fix tunnel model fragmentation behavior 2022-04-08 14:22:46 +02:00
xfrm6_policy.c xfrm6: fix inet6_dev refcount underflow problem 2023-10-25 11:59:04 +02:00
xfrm6_protocol.c xfrm: add support for UDPv6 encapsulation of ESP 2020-04-28 11:28:36 +02:00
xfrm6_state.c xfrm: remove output_finish indirection from xfrm_state_afinfo 2020-05-06 09:40:08 +02:00
xfrm6_tunnel.c xfrm: remove description from xfrm_type struct 2021-06-09 09:38:52 +02:00