~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/addrconf.c

Version: ~ [ linux-5.19-rc3 ] ~ [ linux-5.18.5 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.48 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.123 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.199 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.248 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.284 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.319 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *      IPv6 Address [auto]configuration
  3  *      Linux INET6 implementation
  4  *
  5  *      Authors:
  6  *      Pedro Roque             <roque@di.fc.ul.pt>
  7  *      Alexey Kuznetsov        <kuznet@ms2.inr.ac.ru>
  8  *
  9  *      This program is free software; you can redistribute it and/or
 10  *      modify it under the terms of the GNU General Public License
 11  *      as published by the Free Software Foundation; either version
 12  *      2 of the License, or (at your option) any later version.
 13  */
 14 
 15 /*
 16  *      Changes:
 17  *
 18  *      Janos Farkas                    :       delete timer on ifdown
 19  *      <chexum@bankinf.banki.hu>
 20  *      Andi Kleen                      :       kill double kfree on module
 21  *                                              unload.
 22  *      Maciej W. Rozycki               :       FDDI support
 23  *      sekiya@USAGI                    :       Don't send too many RS
 24  *                                              packets.
 25  *      yoshfuji@USAGI                  :       Fixed interval between DAD
 26  *                                              packets.
 27  *      YOSHIFUJI Hideaki @USAGI        :       improved accuracy of
 28  *                                              address validation timer.
 29  *      YOSHIFUJI Hideaki @USAGI        :       Privacy Extensions (RFC3041)
 30  *                                              support.
 31  *      Yuji SEKIYA @USAGI              :       Don't assign a same IPv6
 32  *                                              address on a same interface.
 33  *      YOSHIFUJI Hideaki @USAGI        :       ARCnet support
 34  *      YOSHIFUJI Hideaki @USAGI        :       convert /proc/net/if_inet6 to
 35  *                                              seq_file.
 36  *      YOSHIFUJI Hideaki @USAGI        :       improved source address
 37  *                                              selection; consider scope,
 38  *                                              status etc.
 39  */
 40 
 41 #define pr_fmt(fmt) "IPv6: " fmt
 42 
 43 #include <linux/errno.h>
 44 #include <linux/types.h>
 45 #include <linux/kernel.h>
 46 #include <linux/sched/signal.h>
 47 #include <linux/socket.h>
 48 #include <linux/sockios.h>
 49 #include <linux/net.h>
 50 #include <linux/inet.h>
 51 #include <linux/in6.h>
 52 #include <linux/netdevice.h>
 53 #include <linux/if_addr.h>
 54 #include <linux/if_arp.h>
 55 #include <linux/if_arcnet.h>
 56 #include <linux/if_infiniband.h>
 57 #include <linux/route.h>
 58 #include <linux/inetdevice.h>
 59 #include <linux/init.h>
 60 #include <linux/slab.h>
 61 #ifdef CONFIG_SYSCTL
 62 #include <linux/sysctl.h>
 63 #endif
 64 #include <linux/capability.h>
 65 #include <linux/delay.h>
 66 #include <linux/notifier.h>
 67 #include <linux/string.h>
 68 #include <linux/hash.h>
 69 
 70 #include <net/net_namespace.h>
 71 #include <net/sock.h>
 72 #include <net/snmp.h>
 73 
 74 #include <net/6lowpan.h>
 75 #include <net/firewire.h>
 76 #include <net/ipv6.h>
 77 #include <net/protocol.h>
 78 #include <net/ndisc.h>
 79 #include <net/ip6_route.h>
 80 #include <net/addrconf.h>
 81 #include <net/tcp.h>
 82 #include <net/ip.h>
 83 #include <net/netlink.h>
 84 #include <net/pkt_sched.h>
 85 #include <net/l3mdev.h>
 86 #include <linux/if_tunnel.h>
 87 #include <linux/rtnetlink.h>
 88 #include <linux/netconf.h>
 89 #include <linux/random.h>
 90 #include <linux/uaccess.h>
 91 #include <asm/unaligned.h>
 92 
 93 #include <linux/proc_fs.h>
 94 #include <linux/seq_file.h>
 95 #include <linux/export.h>
 96 
 97 /* Set to 3 to get tracing... */
 98 #define ACONF_DEBUG 2
 99 
100 #if ACONF_DEBUG >= 3
101 #define ADBG(fmt, ...) printk(fmt, ##__VA_ARGS__)
102 #else
103 #define ADBG(fmt, ...) do { if (0) printk(fmt, ##__VA_ARGS__); } while (0)
104 #endif
105 
106 #define INFINITY_LIFE_TIME      0xFFFFFFFF
107 
108 #define IPV6_MAX_STRLEN \
109         sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")
110 
111 static inline u32 cstamp_delta(unsigned long cstamp)
112 {
113         return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
114 }
115 
116 static inline s32 rfc3315_s14_backoff_init(s32 irt)
117 {
118         /* multiply 'initial retransmission time' by 0.9 .. 1.1 */
119         u64 tmp = (900000 + prandom_u32() % 200001) * (u64)irt;
120         do_div(tmp, 1000000);
121         return (s32)tmp;
122 }
123 
124 static inline s32 rfc3315_s14_backoff_update(s32 rt, s32 mrt)
125 {
126         /* multiply 'retransmission timeout' by 1.9 .. 2.1 */
127         u64 tmp = (1900000 + prandom_u32() % 200001) * (u64)rt;
128         do_div(tmp, 1000000);
129         if ((s32)tmp > mrt) {
130                 /* multiply 'maximum retransmission time' by 0.9 .. 1.1 */
131                 tmp = (900000 + prandom_u32() % 200001) * (u64)mrt;
132                 do_div(tmp, 1000000);
133         }
134         return (s32)tmp;
135 }
136 
137 #ifdef CONFIG_SYSCTL
138 static int addrconf_sysctl_register(struct inet6_dev *idev);
139 static void addrconf_sysctl_unregister(struct inet6_dev *idev);
140 #else
141 static inline int addrconf_sysctl_register(struct inet6_dev *idev)
142 {
143         return 0;
144 }
145 
146 static inline void addrconf_sysctl_unregister(struct inet6_dev *idev)
147 {
148 }
149 #endif
150 
151 static void ipv6_regen_rndid(struct inet6_dev *idev);
152 static void ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr);
153 
154 static int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
155 static int ipv6_count_addresses(struct inet6_dev *idev);
156 static int ipv6_generate_stable_address(struct in6_addr *addr,
157                                         u8 dad_count,
158                                         const struct inet6_dev *idev);
159 
160 /*
161  *      Configured unicast address hash table
162  */
163 static struct hlist_head inet6_addr_lst[IN6_ADDR_HSIZE];
164 static DEFINE_SPINLOCK(addrconf_hash_lock);
165 
166 static void addrconf_verify(void);
167 static void addrconf_verify_rtnl(void);
168 static void addrconf_verify_work(struct work_struct *);
169 
170 static struct workqueue_struct *addrconf_wq;
171 static DECLARE_DELAYED_WORK(addr_chk_work, addrconf_verify_work);
172 
173 static void addrconf_join_anycast(struct inet6_ifaddr *ifp);
174 static void addrconf_leave_anycast(struct inet6_ifaddr *ifp);
175 
176 static void addrconf_type_change(struct net_device *dev,
177                                  unsigned long event);
178 static int addrconf_ifdown(struct net_device *dev, int how);
179 
180 static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
181                                                   int plen,
182                                                   const struct net_device *dev,
183                                                   u32 flags, u32 noflags);
184 
185 static void addrconf_dad_start(struct inet6_ifaddr *ifp);
186 static void addrconf_dad_work(struct work_struct *w);
187 static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id);
188 static void addrconf_dad_run(struct inet6_dev *idev);
189 static void addrconf_rs_timer(unsigned long data);
190 static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
191 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
192 
193 static void inet6_prefix_notify(int event, struct inet6_dev *idev,
194                                 struct prefix_info *pinfo);
195 static bool ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
196                                struct net_device *dev);
197 
198 static struct ipv6_devconf ipv6_devconf __read_mostly = {
199         .forwarding             = 0,
200         .hop_limit              = IPV6_DEFAULT_HOPLIMIT,
201         .mtu6                   = IPV6_MIN_MTU,
202         .accept_ra              = 1,
203         .accept_redirects       = 1,
204         .autoconf               = 1,
205         .force_mld_version      = 0,
206         .mldv1_unsolicited_report_interval = 10 * HZ,
207         .mldv2_unsolicited_report_interval = HZ,
208         .dad_transmits          = 1,
209         .rtr_solicits           = MAX_RTR_SOLICITATIONS,
210         .rtr_solicit_interval   = RTR_SOLICITATION_INTERVAL,
211         .rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL,
212         .rtr_solicit_delay      = MAX_RTR_SOLICITATION_DELAY,
213         .use_tempaddr           = 0,
214         .temp_valid_lft         = TEMP_VALID_LIFETIME,
215         .temp_prefered_lft      = TEMP_PREFERRED_LIFETIME,
216         .regen_max_retry        = REGEN_MAX_RETRY,
217         .max_desync_factor      = MAX_DESYNC_FACTOR,
218         .max_addresses          = IPV6_MAX_ADDRESSES,
219         .accept_ra_defrtr       = 1,
220         .accept_ra_from_local   = 0,
221         .accept_ra_min_hop_limit= 1,
222         .accept_ra_pinfo        = 1,
223 #ifdef CONFIG_IPV6_ROUTER_PREF
224         .accept_ra_rtr_pref     = 1,
225         .rtr_probe_interval     = 60 * HZ,
226 #ifdef CONFIG_IPV6_ROUTE_INFO
227         .accept_ra_rt_info_min_plen = 0,
228         .accept_ra_rt_info_max_plen = 0,
229 #endif
230 #endif
231         .proxy_ndp              = 0,
232         .accept_source_route    = 0,    /* we do not accept RH0 by default. */
233         .disable_ipv6           = 0,
234         .accept_dad             = 1,
235         .suppress_frag_ndisc    = 1,
236         .accept_ra_mtu          = 1,
237         .stable_secret          = {
238                 .initialized = false,
239         },
240         .use_oif_addrs_only     = 0,
241         .ignore_routes_with_linkdown = 0,
242         .keep_addr_on_down      = 0,
243         .seg6_enabled           = 0,
244 #ifdef CONFIG_IPV6_SEG6_HMAC
245         .seg6_require_hmac      = 0,
246 #endif
247         .enhanced_dad           = 1,
248         .addr_gen_mode          = IN6_ADDR_GEN_MODE_EUI64,
249         .disable_policy         = 0,
250 };
251 
252 static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
253         .forwarding             = 0,
254         .hop_limit              = IPV6_DEFAULT_HOPLIMIT,
255         .mtu6                   = IPV6_MIN_MTU,
256         .accept_ra              = 1,
257         .accept_redirects       = 1,
258         .autoconf               = 1,
259         .force_mld_version      = 0,
260         .mldv1_unsolicited_report_interval = 10 * HZ,
261         .mldv2_unsolicited_report_interval = HZ,
262         .dad_transmits          = 1,
263         .rtr_solicits           = MAX_RTR_SOLICITATIONS,
264         .rtr_solicit_interval   = RTR_SOLICITATION_INTERVAL,
265         .rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL,
266         .rtr_solicit_delay      = MAX_RTR_SOLICITATION_DELAY,
267         .use_tempaddr           = 0,
268         .temp_valid_lft         = TEMP_VALID_LIFETIME,
269         .temp_prefered_lft      = TEMP_PREFERRED_LIFETIME,
270         .regen_max_retry        = REGEN_MAX_RETRY,
271         .max_desync_factor      = MAX_DESYNC_FACTOR,
272         .max_addresses          = IPV6_MAX_ADDRESSES,
273         .accept_ra_defrtr       = 1,
274         .accept_ra_from_local   = 0,
275         .accept_ra_min_hop_limit= 1,
276         .accept_ra_pinfo        = 1,
277 #ifdef CONFIG_IPV6_ROUTER_PREF
278         .accept_ra_rtr_pref     = 1,
279         .rtr_probe_interval     = 60 * HZ,
280 #ifdef CONFIG_IPV6_ROUTE_INFO
281         .accept_ra_rt_info_min_plen = 0,
282         .accept_ra_rt_info_max_plen = 0,
283 #endif
284 #endif
285         .proxy_ndp              = 0,
286         .accept_source_route    = 0,    /* we do not accept RH0 by default. */
287         .disable_ipv6           = 0,
288         .accept_dad             = 1,
289         .suppress_frag_ndisc    = 1,
290         .accept_ra_mtu          = 1,
291         .stable_secret          = {
292                 .initialized = false,
293         },
294         .use_oif_addrs_only     = 0,
295         .ignore_routes_with_linkdown = 0,
296         .keep_addr_on_down      = 0,
297         .seg6_enabled           = 0,
298 #ifdef CONFIG_IPV6_SEG6_HMAC
299         .seg6_require_hmac      = 0,
300 #endif
301         .enhanced_dad           = 1,
302         .addr_gen_mode          = IN6_ADDR_GEN_MODE_EUI64,
303         .disable_policy         = 0,
304 };
305 
306 /* Check if a valid qdisc is available */
307 static inline bool addrconf_qdisc_ok(const struct net_device *dev)
308 {
309         return !qdisc_tx_is_noop(dev);
310 }
311 
312 static void addrconf_del_rs_timer(struct inet6_dev *idev)
313 {
314         if (del_timer(&idev->rs_timer))
315                 __in6_dev_put(idev);
316 }
317 
318 static void addrconf_del_dad_work(struct inet6_ifaddr *ifp)
319 {
320         if (cancel_delayed_work(&ifp->dad_work))
321                 __in6_ifa_put(ifp);
322 }
323 
324 static void addrconf_mod_rs_timer(struct inet6_dev *idev,
325                                   unsigned long when)
326 {
327         if (!timer_pending(&idev->rs_timer))
328                 in6_dev_hold(idev);
329         mod_timer(&idev->rs_timer, jiffies + when);
330 }
331 
332 static void addrconf_mod_dad_work(struct inet6_ifaddr *ifp,
333                                    unsigned long delay)
334 {
335         in6_ifa_hold(ifp);
336         if (mod_delayed_work(addrconf_wq, &ifp->dad_work, delay))
337                 in6_ifa_put(ifp);
338 }
339 
340 static int snmp6_alloc_dev(struct inet6_dev *idev)
341 {
342         int i;
343 
344         idev->stats.ipv6 = alloc_percpu(struct ipstats_mib);
345         if (!idev->stats.ipv6)
346                 goto err_ip;
347 
348         for_each_possible_cpu(i) {
349                 struct ipstats_mib *addrconf_stats;
350                 addrconf_stats = per_cpu_ptr(idev->stats.ipv6, i);
351                 u64_stats_init(&addrconf_stats->syncp);
352         }
353 
354 
355         idev->stats.icmpv6dev = kzalloc(sizeof(struct icmpv6_mib_device),
356                                         GFP_KERNEL);
357         if (!idev->stats.icmpv6dev)
358                 goto err_icmp;
359         idev->stats.icmpv6msgdev = kzalloc(sizeof(struct icmpv6msg_mib_device),
360                                            GFP_KERNEL);
361         if (!idev->stats.icmpv6msgdev)
362                 goto err_icmpmsg;
363 
364         return 0;
365 
366 err_icmpmsg:
367         kfree(idev->stats.icmpv6dev);
368 err_icmp:
369         free_percpu(idev->stats.ipv6);
370 err_ip:
371         return -ENOMEM;
372 }
373 
374 static struct inet6_dev *ipv6_add_dev(struct net_device *dev)
375 {
376         struct inet6_dev *ndev;
377         int err = -ENOMEM;
378 
379         ASSERT_RTNL();
380 
381         if (dev->mtu < IPV6_MIN_MTU)
382                 return ERR_PTR(-EINVAL);
383 
384         ndev = kzalloc(sizeof(struct inet6_dev), GFP_KERNEL);
385         if (!ndev)
386                 return ERR_PTR(err);
387 
388         rwlock_init(&ndev->lock);
389         ndev->dev = dev;
390         INIT_LIST_HEAD(&ndev->addr_list);
391         setup_timer(&ndev->rs_timer, addrconf_rs_timer,
392                     (unsigned long)ndev);
393         memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf));
394 
395         if (ndev->cnf.stable_secret.initialized)
396                 ndev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
397         else
398                 ndev->cnf.addr_gen_mode = ipv6_devconf_dflt.addr_gen_mode;
399 
400         ndev->cnf.mtu6 = dev->mtu;
401         ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
402         if (!ndev->nd_parms) {
403                 kfree(ndev);
404                 return ERR_PTR(err);
405         }
406         if (ndev->cnf.forwarding)
407                 dev_disable_lro(dev);
408         /* We refer to the device */
409         dev_hold(dev);
410 
411         if (snmp6_alloc_dev(ndev) < 0) {
412                 ADBG(KERN_WARNING
413                         "%s: cannot allocate memory for statistics; dev=%s.\n",
414                         __func__, dev->name);
415                 neigh_parms_release(&nd_tbl, ndev->nd_parms);
416                 dev_put(dev);
417                 kfree(ndev);
418                 return ERR_PTR(err);
419         }
420 
421         if (snmp6_register_dev(ndev) < 0) {
422                 ADBG(KERN_WARNING
423                         "%s: cannot create /proc/net/dev_snmp6/%s\n",
424                         __func__, dev->name);
425                 goto err_release;
426         }
427 
428         /* One reference from device. */
429         refcount_set(&ndev->refcnt, 1);
430 
431         if (dev->flags & (IFF_NOARP | IFF_LOOPBACK))
432                 ndev->cnf.accept_dad = -1;
433 
434 #if IS_ENABLED(CONFIG_IPV6_SIT)
435         if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) {
436                 pr_info("%s: Disabled Multicast RS\n", dev->name);
437                 ndev->cnf.rtr_solicits = 0;
438         }
439 #endif
440 
441         INIT_LIST_HEAD(&ndev->tempaddr_list);
442         ndev->desync_factor = U32_MAX;
443         if ((dev->flags&IFF_LOOPBACK) ||
444             dev->type == ARPHRD_TUNNEL ||
445             dev->type == ARPHRD_TUNNEL6 ||
446             dev->type == ARPHRD_SIT ||
447             dev->type == ARPHRD_NONE) {
448                 ndev->cnf.use_tempaddr = -1;
449         } else
450                 ipv6_regen_rndid(ndev);
451 
452         ndev->token = in6addr_any;
453 
454         if (netif_running(dev) && addrconf_qdisc_ok(dev))
455                 ndev->if_flags |= IF_READY;
456 
457         ipv6_mc_init_dev(ndev);
458         ndev->tstamp = jiffies;
459         err = addrconf_sysctl_register(ndev);
460         if (err) {
461                 ipv6_mc_destroy_dev(ndev);
462                 snmp6_unregister_dev(ndev);
463                 goto err_release;
464         }
465         /* protected by rtnl_lock */
466         rcu_assign_pointer(dev->ip6_ptr, ndev);
467 
468         /* Join interface-local all-node multicast group */
469         ipv6_dev_mc_inc(dev, &in6addr_interfacelocal_allnodes);
470 
471         /* Join all-node multicast group */
472         ipv6_dev_mc_inc(dev, &in6addr_linklocal_allnodes);
473 
474         /* Join all-router multicast group if forwarding is set */
475         if (ndev->cnf.forwarding && (dev->flags & IFF_MULTICAST))
476                 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allrouters);
477 
478         return ndev;
479 
480 err_release:
481         neigh_parms_release(&nd_tbl, ndev->nd_parms);
482         ndev->dead = 1;
483         in6_dev_finish_destroy(ndev);
484         return ERR_PTR(err);
485 }
486 
487 static struct inet6_dev *ipv6_find_idev(struct net_device *dev)
488 {
489         struct inet6_dev *idev;
490 
491         ASSERT_RTNL();
492 
493         idev = __in6_dev_get(dev);
494         if (!idev) {
495                 idev = ipv6_add_dev(dev);
496                 if (IS_ERR(idev))
497                         return NULL;
498         }
499 
500         if (dev->flags&IFF_UP)
501                 ipv6_mc_up(idev);
502         return idev;
503 }
504 
505 static int inet6_netconf_msgsize_devconf(int type)
506 {
507         int size =  NLMSG_ALIGN(sizeof(struct netconfmsg))
508                     + nla_total_size(4);        /* NETCONFA_IFINDEX */
509         bool all = false;
510 
511         if (type == NETCONFA_ALL)
512                 all = true;
513 
514         if (all || type == NETCONFA_FORWARDING)
515                 size += nla_total_size(4);
516 #ifdef CONFIG_IPV6_MROUTE
517         if (all || type == NETCONFA_MC_FORWARDING)
518                 size += nla_total_size(4);
519 #endif
520         if (all || type == NETCONFA_PROXY_NEIGH)
521                 size += nla_total_size(4);
522 
523         if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
524                 size += nla_total_size(4);
525 
526         return size;
527 }
528 
529 static int inet6_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
530                                       struct ipv6_devconf *devconf, u32 portid,
531                                       u32 seq, int event, unsigned int flags,
532                                       int type)
533 {
534         struct nlmsghdr  *nlh;
535         struct netconfmsg *ncm;
536         bool all = false;
537 
538         nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
539                         flags);
540         if (!nlh)
541                 return -EMSGSIZE;
542 
543         if (type == NETCONFA_ALL)
544                 all = true;
545 
546         ncm = nlmsg_data(nlh);
547         ncm->ncm_family = AF_INET6;
548 
549         if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
550                 goto nla_put_failure;
551 
552         if (!devconf)
553                 goto out;
554 
555         if ((all || type == NETCONFA_FORWARDING) &&
556             nla_put_s32(skb, NETCONFA_FORWARDING, devconf->forwarding) < 0)
557                 goto nla_put_failure;
558 #ifdef CONFIG_IPV6_MROUTE
559         if ((all || type == NETCONFA_MC_FORWARDING) &&
560             nla_put_s32(skb, NETCONFA_MC_FORWARDING,
561                         devconf->mc_forwarding) < 0)
562                 goto nla_put_failure;
563 #endif
564         if ((all || type == NETCONFA_PROXY_NEIGH) &&
565             nla_put_s32(skb, NETCONFA_PROXY_NEIGH, devconf->proxy_ndp) < 0)
566                 goto nla_put_failure;
567 
568         if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
569             nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
570                         devconf->ignore_routes_with_linkdown) < 0)
571                 goto nla_put_failure;
572 
573 out:
574         nlmsg_end(skb, nlh);
575         return 0;
576 
577 nla_put_failure:
578         nlmsg_cancel(skb, nlh);
579         return -EMSGSIZE;
580 }
581 
582 void inet6_netconf_notify_devconf(struct net *net, int event, int type,
583                                   int ifindex, struct ipv6_devconf *devconf)
584 {
585         struct sk_buff *skb;
586         int err = -ENOBUFS;
587 
588         skb = nlmsg_new(inet6_netconf_msgsize_devconf(type), GFP_KERNEL);
589         if (!skb)
590                 goto errout;
591 
592         err = inet6_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
593                                          event, 0, type);
594         if (err < 0) {
595                 /* -EMSGSIZE implies BUG in inet6_netconf_msgsize_devconf() */
596                 WARN_ON(err == -EMSGSIZE);
597                 kfree_skb(skb);
598                 goto errout;
599         }
600         rtnl_notify(skb, net, 0, RTNLGRP_IPV6_NETCONF, NULL, GFP_KERNEL);
601         return;
602 errout:
603         rtnl_set_sk_err(net, RTNLGRP_IPV6_NETCONF, err);
604 }
605 
606 static const struct nla_policy devconf_ipv6_policy[NETCONFA_MAX+1] = {
607         [NETCONFA_IFINDEX]      = { .len = sizeof(int) },
608         [NETCONFA_FORWARDING]   = { .len = sizeof(int) },
609         [NETCONFA_PROXY_NEIGH]  = { .len = sizeof(int) },
610         [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN]  = { .len = sizeof(int) },
611 };
612 
613 static int inet6_netconf_get_devconf(struct sk_buff *in_skb,
614                                      struct nlmsghdr *nlh,
615                                      struct netlink_ext_ack *extack)
616 {
617         struct net *net = sock_net(in_skb->sk);
618         struct nlattr *tb[NETCONFA_MAX+1];
619         struct netconfmsg *ncm;
620         struct sk_buff *skb;
621         struct ipv6_devconf *devconf;
622         struct inet6_dev *in6_dev;
623         struct net_device *dev;
624         int ifindex;
625         int err;
626 
627         err = nlmsg_parse(nlh, sizeof(*ncm), tb, NETCONFA_MAX,
628                           devconf_ipv6_policy, extack);
629         if (err < 0)
630                 goto errout;
631 
632         err = -EINVAL;
633         if (!tb[NETCONFA_IFINDEX])
634                 goto errout;
635 
636         ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
637         switch (ifindex) {
638         case NETCONFA_IFINDEX_ALL:
639                 devconf = net->ipv6.devconf_all;
640                 break;
641         case NETCONFA_IFINDEX_DEFAULT:
642                 devconf = net->ipv6.devconf_dflt;
643                 break;
644         default:
645                 dev = __dev_get_by_index(net, ifindex);
646                 if (!dev)
647                         goto errout;
648                 in6_dev = __in6_dev_get(dev);
649                 if (!in6_dev)
650                         goto errout;
651                 devconf = &in6_dev->cnf;
652                 break;
653         }
654 
655         err = -ENOBUFS;
656         skb = nlmsg_new(inet6_netconf_msgsize_devconf(NETCONFA_ALL), GFP_ATOMIC);
657         if (!skb)
658                 goto errout;
659 
660         err = inet6_netconf_fill_devconf(skb, ifindex, devconf,
661                                          NETLINK_CB(in_skb).portid,
662                                          nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
663                                          NETCONFA_ALL);
664         if (err < 0) {
665                 /* -EMSGSIZE implies BUG in inet6_netconf_msgsize_devconf() */
666                 WARN_ON(err == -EMSGSIZE);
667                 kfree_skb(skb);
668                 goto errout;
669         }
670         err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
671 errout:
672         return err;
673 }
674 
675 static int inet6_netconf_dump_devconf(struct sk_buff *skb,
676                                       struct netlink_callback *cb)
677 {
678         struct net *net = sock_net(skb->sk);
679         int h, s_h;
680         int idx, s_idx;
681         struct net_device *dev;
682         struct inet6_dev *idev;
683         struct hlist_head *head;
684 
685         s_h = cb->args[0];
686         s_idx = idx = cb->args[1];
687 
688         for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
689                 idx = 0;
690                 head = &net->dev_index_head[h];
691                 rcu_read_lock();
692                 cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^
693                           net->dev_base_seq;
694                 hlist_for_each_entry_rcu(dev, head, index_hlist) {
695                         if (idx < s_idx)
696                                 goto cont;
697                         idev = __in6_dev_get(dev);
698                         if (!idev)
699                                 goto cont;
700 
701                         if (inet6_netconf_fill_devconf(skb, dev->ifindex,
702                                                        &idev->cnf,
703                                                        NETLINK_CB(cb->skb).portid,
704                                                        cb->nlh->nlmsg_seq,
705                                                        RTM_NEWNETCONF,
706                                                        NLM_F_MULTI,
707                                                        NETCONFA_ALL) < 0) {
708                                 rcu_read_unlock();
709                                 goto done;
710                         }
711                         nl_dump_check_consistent(cb, nlmsg_hdr(skb));
712 cont:
713                         idx++;
714                 }
715                 rcu_read_unlock();
716         }
717         if (h == NETDEV_HASHENTRIES) {
718                 if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
719                                                net->ipv6.devconf_all,
720                                                NETLINK_CB(cb->skb).portid,
721                                                cb->nlh->nlmsg_seq,
722                                                RTM_NEWNETCONF, NLM_F_MULTI,
723                                                NETCONFA_ALL) < 0)
724                         goto done;
725                 else
726                         h++;
727         }
728         if (h == NETDEV_HASHENTRIES + 1) {
729                 if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
730                                                net->ipv6.devconf_dflt,
731                                                NETLINK_CB(cb->skb).portid,
732                                                cb->nlh->nlmsg_seq,
733                                                RTM_NEWNETCONF, NLM_F_MULTI,
734                                                NETCONFA_ALL) < 0)
735                         goto done;
736                 else
737                         h++;
738         }
739 done:
740         cb->args[0] = h;
741         cb->args[1] = idx;
742 
743         return skb->len;
744 }
745 
746 #ifdef CONFIG_SYSCTL
747 static void dev_forward_change(struct inet6_dev *idev)
748 {
749         struct net_device *dev;
750         struct inet6_ifaddr *ifa;
751 
752         if (!idev)
753                 return;
754         dev = idev->dev;
755         if (idev->cnf.forwarding)
756                 dev_disable_lro(dev);
757         if (dev->flags & IFF_MULTICAST) {
758                 if (idev->cnf.forwarding) {
759                         ipv6_dev_mc_inc(dev, &in6addr_linklocal_allrouters);
760                         ipv6_dev_mc_inc(dev, &in6addr_interfacelocal_allrouters);
761                         ipv6_dev_mc_inc(dev, &in6addr_sitelocal_allrouters);
762                 } else {
763                         ipv6_dev_mc_dec(dev, &in6addr_linklocal_allrouters);
764                         ipv6_dev_mc_dec(dev, &in6addr_interfacelocal_allrouters);
765                         ipv6_dev_mc_dec(dev, &in6addr_sitelocal_allrouters);
766                 }
767         }
768 
769         list_for_each_entry(ifa, &idev->addr_list, if_list) {
770                 if (ifa->flags&IFA_F_TENTATIVE)
771                         continue;
772                 if (idev->cnf.forwarding)
773                         addrconf_join_anycast(ifa);
774                 else
775                         addrconf_leave_anycast(ifa);
776         }
777         inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
778                                      NETCONFA_FORWARDING,
779                                      dev->ifindex, &idev->cnf);
780 }
781 
782 
783 static void addrconf_forward_change(struct net *net, __s32 newf)
784 {
785         struct net_device *dev;
786         struct inet6_dev *idev;
787 
788         for_each_netdev(net, dev) {
789                 idev = __in6_dev_get(dev);
790                 if (idev) {
791                         int changed = (!idev->cnf.forwarding) ^ (!newf);
792                         idev->cnf.forwarding = newf;
793                         if (changed)
794                                 dev_forward_change(idev);
795                 }
796         }
797 }
798 
799 static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf)
800 {
801         struct net *net;
802         int old;
803 
804         if (!rtnl_trylock())
805                 return restart_syscall();
806 
807         net = (struct net *)table->extra2;
808         old = *p;
809         *p = newf;
810 
811         if (p == &net->ipv6.devconf_dflt->forwarding) {
812                 if ((!newf) ^ (!old))
813                         inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
814                                                      NETCONFA_FORWARDING,
815                                                      NETCONFA_IFINDEX_DEFAULT,
816                                                      net->ipv6.devconf_dflt);
817                 rtnl_unlock();
818                 return 0;
819         }
820 
821         if (p == &net->ipv6.devconf_all->forwarding) {
822                 int old_dflt = net->ipv6.devconf_dflt->forwarding;
823 
824                 net->ipv6.devconf_dflt->forwarding = newf;
825                 if ((!newf) ^ (!old_dflt))
826                         inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
827                                                      NETCONFA_FORWARDING,
828                                                      NETCONFA_IFINDEX_DEFAULT,
829                                                      net->ipv6.devconf_dflt);
830 
831                 addrconf_forward_change(net, newf);
832                 if ((!newf) ^ (!old))
833                         inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
834                                                      NETCONFA_FORWARDING,
835                                                      NETCONFA_IFINDEX_ALL,
836                                                      net->ipv6.devconf_all);
837         } else if ((!newf) ^ (!old))
838                 dev_forward_change((struct inet6_dev *)table->extra1);
839         rtnl_unlock();
840 
841         if (newf)
842                 rt6_purge_dflt_routers(net);
843         return 1;
844 }
845 
846 static void addrconf_linkdown_change(struct net *net, __s32 newf)
847 {
848         struct net_device *dev;
849         struct inet6_dev *idev;
850 
851         for_each_netdev(net, dev) {
852                 idev = __in6_dev_get(dev);
853                 if (idev) {
854                         int changed = (!idev->cnf.ignore_routes_with_linkdown) ^ (!newf);
855 
856                         idev->cnf.ignore_routes_with_linkdown = newf;
857                         if (changed)
858                                 inet6_netconf_notify_devconf(dev_net(dev),
859                                                              RTM_NEWNETCONF,
860                                                              NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
861                                                              dev->ifindex,
862                                                              &idev->cnf);
863                 }
864         }
865 }
866 
867 static int addrconf_fixup_linkdown(struct ctl_table *table, int *p, int newf)
868 {
869         struct net *net;
870         int old;
871 
872         if (!rtnl_trylock())
873                 return restart_syscall();
874 
875         net = (struct net *)table->extra2;
876         old = *p;
877         *p = newf;
878 
879         if (p == &net->ipv6.devconf_dflt->ignore_routes_with_linkdown) {
880                 if ((!newf) ^ (!old))
881                         inet6_netconf_notify_devconf(net,
882                                                      RTM_NEWNETCONF,
883                                                      NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
884                                                      NETCONFA_IFINDEX_DEFAULT,
885                                                      net->ipv6.devconf_dflt);
886                 rtnl_unlock();
887                 return 0;
888         }
889 
890         if (p == &net->ipv6.devconf_all->ignore_routes_with_linkdown) {
891                 net->ipv6.devconf_dflt->ignore_routes_with_linkdown = newf;
892                 addrconf_linkdown_change(net, newf);
893                 if ((!newf) ^ (!old))
894                         inet6_netconf_notify_devconf(net,
895                                                      RTM_NEWNETCONF,
896                                                      NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
897                                                      NETCONFA_IFINDEX_ALL,
898                                                      net->ipv6.devconf_all);
899         }
900         rtnl_unlock();
901 
902         return 1;
903 }
904 
905 #endif
906 
907 /* Nobody refers to this ifaddr, destroy it */
908 void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp)
909 {
910         WARN_ON(!hlist_unhashed(&ifp->addr_lst));
911 
912 #ifdef NET_REFCNT_DEBUG
913         pr_debug("%s\n", __func__);
914 #endif
915 
916         in6_dev_put(ifp->idev);
917 
918         if (cancel_delayed_work(&ifp->dad_work))
919                 pr_notice("delayed DAD work was pending while freeing ifa=%p\n",
920                           ifp);
921 
922         if (ifp->state != INET6_IFADDR_STATE_DEAD) {
923                 pr_warn("Freeing alive inet6 address %p\n", ifp);
924                 return;
925         }
926         ip6_rt_put(ifp->rt);
927 
928         kfree_rcu(ifp, rcu);
929 }
930 
931 static void
932 ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp)
933 {
934         struct list_head *p;
935         int ifp_scope = ipv6_addr_src_scope(&ifp->addr);
936 
937         /*
938          * Each device address list is sorted in order of scope -
939          * global before linklocal.
940          */
941         list_for_each(p, &idev->addr_list) {
942                 struct inet6_ifaddr *ifa
943                         = list_entry(p, struct inet6_ifaddr, if_list);
944                 if (ifp_scope >= ipv6_addr_src_scope(&ifa->addr))
945                         break;
946         }
947 
948         list_add_tail(&ifp->if_list, p);
949 }
950 
951 static u32 inet6_addr_hash(const struct in6_addr *addr)
952 {
953         return hash_32(ipv6_addr_hash(addr), IN6_ADDR_HSIZE_SHIFT);
954 }
955 
956 /* On success it returns ifp with increased reference count */
957 
958 static struct inet6_ifaddr *
959 ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
960               const struct in6_addr *peer_addr, int pfxlen,
961               int scope, u32 flags, u32 valid_lft, u32 prefered_lft)
962 {
963         struct net *net = dev_net(idev->dev);
964         struct inet6_ifaddr *ifa = NULL;
965         struct rt6_info *rt;
966         struct in6_validator_info i6vi;
967         unsigned int hash;
968         int err = 0;
969         int addr_type = ipv6_addr_type(addr);
970 
971         if (addr_type == IPV6_ADDR_ANY ||
972             addr_type & IPV6_ADDR_MULTICAST ||
973             (!(idev->dev->flags & IFF_LOOPBACK) &&
974              addr_type & IPV6_ADDR_LOOPBACK))
975                 return ERR_PTR(-EADDRNOTAVAIL);
976 
977         rcu_read_lock_bh();
978 
979         in6_dev_hold(idev);
980 
981         if (idev->dead) {
982                 err = -ENODEV;                  /*XXX*/
983                 goto out2;
984         }
985 
986         if (idev->cnf.disable_ipv6) {
987                 err = -EACCES;
988                 goto out2;
989         }
990 
991         i6vi.i6vi_addr = *addr;
992         i6vi.i6vi_dev = idev;
993         rcu_read_unlock_bh();
994 
995         err = inet6addr_validator_notifier_call_chain(NETDEV_UP, &i6vi);
996 
997         rcu_read_lock_bh();
998         err = notifier_to_errno(err);
999         if (err)
1000                 goto out2;
1001 
1002         spin_lock(&addrconf_hash_lock);
1003 
1004         /* Ignore adding duplicate addresses on an interface */
1005         if (ipv6_chk_same_addr(dev_net(idev->dev), addr, idev->dev)) {
1006                 ADBG("ipv6_add_addr: already assigned\n");
1007                 err = -EEXIST;
1008                 goto out;
1009         }
1010 
1011         ifa = kzalloc(sizeof(struct inet6_ifaddr), GFP_ATOMIC);
1012 
1013         if (!ifa) {
1014                 ADBG("ipv6_add_addr: malloc failed\n");
1015                 err = -ENOBUFS;
1016                 goto out;
1017         }
1018 
1019         rt = addrconf_dst_alloc(idev, addr, false);
1020         if (IS_ERR(rt)) {
1021                 err = PTR_ERR(rt);
1022                 goto out;
1023         }
1024 
1025         if (net->ipv6.devconf_all->disable_policy ||
1026             idev->cnf.disable_policy)
1027                 rt->dst.flags |= DST_NOPOLICY;
1028 
1029         neigh_parms_data_state_setall(idev->nd_parms);
1030 
1031         ifa->addr = *addr;
1032         if (peer_addr)
1033                 ifa->peer_addr = *peer_addr;
1034 
1035         spin_lock_init(&ifa->lock);
1036         INIT_DELAYED_WORK(&ifa->dad_work, addrconf_dad_work);
1037         INIT_HLIST_NODE(&ifa->addr_lst);
1038         ifa->scope = scope;
1039         ifa->prefix_len = pfxlen;
1040         ifa->flags = flags;
1041         /* No need to add the TENTATIVE flag for addresses with NODAD */
1042         if (!(flags & IFA_F_NODAD))
1043                 ifa->flags |= IFA_F_TENTATIVE;
1044         ifa->valid_lft = valid_lft;
1045         ifa->prefered_lft = prefered_lft;
1046         ifa->cstamp = ifa->tstamp = jiffies;
1047         ifa->tokenized = false;
1048 
1049         ifa->rt = rt;
1050 
1051         ifa->idev = idev;
1052         /* For caller */
1053         refcount_set(&ifa->refcnt, 1);
1054 
1055         /* Add to big hash table */
1056         hash = inet6_addr_hash(addr);
1057 
1058         hlist_add_head_rcu(&ifa->addr_lst, &inet6_addr_lst[hash]);
1059         spin_unlock(&addrconf_hash_lock);
1060 
1061         write_lock(&idev->lock);
1062         /* Add to inet6_dev unicast addr list. */
1063         ipv6_link_dev_addr(idev, ifa);
1064 
1065         if (ifa->flags&IFA_F_TEMPORARY) {
1066                 list_add(&ifa->tmp_list, &idev->tempaddr_list);
1067                 in6_ifa_hold(ifa);
1068         }
1069 
1070         in6_ifa_hold(ifa);
1071         write_unlock(&idev->lock);
1072 out2:
1073         rcu_read_unlock_bh();
1074 
1075         if (likely(err == 0))
1076                 inet6addr_notifier_call_chain(NETDEV_UP, ifa);
1077         else {
1078                 kfree(ifa);
1079                 in6_dev_put(idev);
1080                 ifa = ERR_PTR(err);
1081         }
1082 
1083         return ifa;
1084 out:
1085         spin_unlock(&addrconf_hash_lock);
1086         goto out2;
1087 }
1088 
1089 enum cleanup_prefix_rt_t {
1090         CLEANUP_PREFIX_RT_NOP,    /* no cleanup action for prefix route */
1091         CLEANUP_PREFIX_RT_DEL,    /* delete the prefix route */
1092         CLEANUP_PREFIX_RT_EXPIRE, /* update the lifetime of the prefix route */
1093 };
1094 
1095 /*
1096  * Check, whether the prefix for ifp would still need a prefix route
1097  * after deleting ifp. The function returns one of the CLEANUP_PREFIX_RT_*
1098  * constants.
1099  *
1100  * 1) we don't purge prefix if address was not permanent.
1101  *    prefix is managed by its own lifetime.
1102  * 2) we also don't purge, if the address was IFA_F_NOPREFIXROUTE.
1103  * 3) if there are no addresses, delete prefix.
1104  * 4) if there are still other permanent address(es),
1105  *    corresponding prefix is still permanent.
1106  * 5) if there are still other addresses with IFA_F_NOPREFIXROUTE,
1107  *    don't purge the prefix, assume user space is managing it.
1108  * 6) otherwise, update prefix lifetime to the
1109  *    longest valid lifetime among the corresponding
1110  *    addresses on the device.
1111  *    Note: subsequent RA will update lifetime.
1112  **/
1113 static enum cleanup_prefix_rt_t
1114 check_cleanup_prefix_route(struct inet6_ifaddr *ifp, unsigned long *expires)
1115 {
1116         struct inet6_ifaddr *ifa;
1117         struct inet6_dev *idev = ifp->idev;
1118         unsigned long lifetime;
1119         enum cleanup_prefix_rt_t action = CLEANUP_PREFIX_RT_DEL;
1120 
1121         *expires = jiffies;
1122 
1123         list_for_each_entry(ifa, &idev->addr_list, if_list) {
1124                 if (ifa == ifp)
1125                         continue;
1126                 if (!ipv6_prefix_equal(&ifa->addr, &ifp->addr,
1127                                        ifp->prefix_len))
1128                         continue;
1129                 if (ifa->flags & (IFA_F_PERMANENT | IFA_F_NOPREFIXROUTE))
1130                         return CLEANUP_PREFIX_RT_NOP;
1131 
1132                 action = CLEANUP_PREFIX_RT_EXPIRE;
1133 
1134                 spin_lock(&ifa->lock);
1135 
1136                 lifetime = addrconf_timeout_fixup(ifa->valid_lft, HZ);
1137                 /*
1138                  * Note: Because this address is
1139                  * not permanent, lifetime <
1140                  * LONG_MAX / HZ here.
1141                  */
1142                 if (time_before(*expires, ifa->tstamp + lifetime * HZ))
1143                         *expires = ifa->tstamp + lifetime * HZ;
1144                 spin_unlock(&ifa->lock);
1145         }
1146 
1147         return action;
1148 }
1149 
1150 static void
1151 cleanup_prefix_route(struct inet6_ifaddr *ifp, unsigned long expires, bool del_rt)
1152 {
1153         struct rt6_info *rt;
1154 
1155         rt = addrconf_get_prefix_route(&ifp->addr,
1156                                        ifp->prefix_len,
1157                                        ifp->idev->dev,
1158                                        0, RTF_GATEWAY | RTF_DEFAULT);
1159         if (rt) {
1160                 if (del_rt)
1161                         ip6_del_rt(rt);
1162                 else {
1163                         if (!(rt->rt6i_flags & RTF_EXPIRES))
1164                                 rt6_set_expires(rt, expires);
1165                         ip6_rt_put(rt);
1166                 }
1167         }
1168 }
1169 
1170 
1171 /* This function wants to get referenced ifp and releases it before return */
1172 
1173 static void ipv6_del_addr(struct inet6_ifaddr *ifp)
1174 {
1175         int state;
1176         enum cleanup_prefix_rt_t action = CLEANUP_PREFIX_RT_NOP;
1177         unsigned long expires;
1178 
1179         ASSERT_RTNL();
1180 
1181         spin_lock_bh(&ifp->lock);
1182         state = ifp->state;
1183         ifp->state = INET6_IFADDR_STATE_DEAD;
1184         spin_unlock_bh(&ifp->lock);
1185 
1186         if (state == INET6_IFADDR_STATE_DEAD)
1187                 goto out;
1188 
1189         spin_lock_bh(&addrconf_hash_lock);
1190         hlist_del_init_rcu(&ifp->addr_lst);
1191         spin_unlock_bh(&addrconf_hash_lock);
1192 
1193         write_lock_bh(&ifp->idev->lock);
1194 
1195         if (ifp->flags&IFA_F_TEMPORARY) {
1196                 list_del(&ifp->tmp_list);
1197                 if (ifp->ifpub) {
1198                         in6_ifa_put(ifp->ifpub);
1199                         ifp->ifpub = NULL;
1200                 }
1201                 __in6_ifa_put(ifp);
1202         }
1203 
1204         if (ifp->flags & IFA_F_PERMANENT && !(ifp->flags & IFA_F_NOPREFIXROUTE))
1205                 action = check_cleanup_prefix_route(ifp, &expires);
1206 
1207         list_del_init(&ifp->if_list);
1208         __in6_ifa_put(ifp);
1209 
1210         write_unlock_bh(&ifp->idev->lock);
1211 
1212         addrconf_del_dad_work(ifp);
1213 
1214         ipv6_ifa_notify(RTM_DELADDR, ifp);
1215 
1216         inet6addr_notifier_call_chain(NETDEV_DOWN, ifp);
1217 
1218         if (action != CLEANUP_PREFIX_RT_NOP) {
1219                 cleanup_prefix_route(ifp, expires,
1220                         action == CLEANUP_PREFIX_RT_DEL);
1221         }
1222 
1223         /* clean up prefsrc entries */
1224         rt6_remove_prefsrc(ifp);
1225 out:
1226         in6_ifa_put(ifp);
1227 }
1228 
1229 static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, struct inet6_ifaddr *ift)
1230 {
1231         struct inet6_dev *idev = ifp->idev;
1232         struct in6_addr addr, *tmpaddr;
1233         unsigned long tmp_prefered_lft, tmp_valid_lft, tmp_tstamp, age;
1234         unsigned long regen_advance;
1235         int tmp_plen;
1236         int ret = 0;
1237         u32 addr_flags;
1238         unsigned long now = jiffies;
1239         long max_desync_factor;
1240         s32 cnf_temp_preferred_lft;
1241 
1242         write_lock_bh(&idev->lock);
1243         if (ift) {
1244                 spin_lock_bh(&ift->lock);
1245                 memcpy(&addr.s6_addr[8], &ift->addr.s6_addr[8], 8);
1246                 spin_unlock_bh(&ift->lock);
1247                 tmpaddr = &addr;
1248         } else {
1249                 tmpaddr = NULL;
1250         }
1251 retry:
1252         in6_dev_hold(idev);
1253         if (idev->cnf.use_tempaddr <= 0) {
1254                 write_unlock_bh(&idev->lock);
1255                 pr_info("%s: use_tempaddr is disabled\n", __func__);
1256                 in6_dev_put(idev);
1257                 ret = -1;
1258                 goto out;
1259         }
1260         spin_lock_bh(&ifp->lock);
1261         if (ifp->regen_count++ >= idev->cnf.regen_max_retry) {
1262                 idev->cnf.use_tempaddr = -1;    /*XXX*/
1263                 spin_unlock_bh(&ifp->lock);
1264                 write_unlock_bh(&idev->lock);
1265                 pr_warn("%s: regeneration time exceeded - disabled temporary address support\n",
1266                         __func__);
1267                 in6_dev_put(idev);
1268                 ret = -1;
1269                 goto out;
1270         }
1271         in6_ifa_hold(ifp);
1272         memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
1273         ipv6_try_regen_rndid(idev, tmpaddr);
1274         memcpy(&addr.s6_addr[8], idev->rndid, 8);
1275         age = (now - ifp->tstamp) / HZ;
1276 
1277         regen_advance = idev->cnf.regen_max_retry *
1278                         idev->cnf.dad_transmits *
1279                         NEIGH_VAR(idev->nd_parms, RETRANS_TIME) / HZ;
1280 
1281         /* recalculate max_desync_factor each time and update
1282          * idev->desync_factor if it's larger
1283          */
1284         cnf_temp_preferred_lft = READ_ONCE(idev->cnf.temp_prefered_lft);
1285         max_desync_factor = min_t(__u32,
1286                                   idev->cnf.max_desync_factor,
1287                                   cnf_temp_preferred_lft - regen_advance);
1288 
1289         if (unlikely(idev->desync_factor > max_desync_factor)) {
1290                 if (max_desync_factor > 0) {
1291                         get_random_bytes(&idev->desync_factor,
1292                                          sizeof(idev->desync_factor));
1293                         idev->desync_factor %= max_desync_factor;
1294                 } else {
1295                         idev->desync_factor = 0;
1296                 }
1297         }
1298 
1299         tmp_valid_lft = min_t(__u32,
1300                               ifp->valid_lft,
1301                               idev->cnf.temp_valid_lft + age);
1302         tmp_prefered_lft = cnf_temp_preferred_lft + age -
1303                             idev->desync_factor;
1304         tmp_prefered_lft = min_t(__u32, ifp->prefered_lft, tmp_prefered_lft);
1305         tmp_plen = ifp->prefix_len;
1306         tmp_tstamp = ifp->tstamp;
1307         spin_unlock_bh(&ifp->lock);
1308 
1309         write_unlock_bh(&idev->lock);
1310 
1311         /* A temporary address is created only if this calculated Preferred
1312          * Lifetime is greater than REGEN_ADVANCE time units.  In particular,
1313          * an implementation must not create a temporary address with a zero
1314          * Preferred Lifetime.
1315          * Use age calculation as in addrconf_verify to avoid unnecessary
1316          * temporary addresses being generated.
1317          */
1318         age = (now - tmp_tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
1319         if (tmp_prefered_lft <= regen_advance + age) {
1320                 in6_ifa_put(ifp);
1321                 in6_dev_put(idev);
1322                 ret = -1;
1323                 goto out;
1324         }
1325 
1326         addr_flags = IFA_F_TEMPORARY;
1327         /* set in addrconf_prefix_rcv() */
1328         if (ifp->flags & IFA_F_OPTIMISTIC)
1329                 addr_flags |= IFA_F_OPTIMISTIC;
1330 
1331         ift = ipv6_add_addr(idev, &addr, NULL, tmp_plen,
1332                             ipv6_addr_scope(&addr), addr_flags,
1333                             tmp_valid_lft, tmp_prefered_lft);
1334         if (IS_ERR(ift)) {
1335                 in6_ifa_put(ifp);
1336                 in6_dev_put(idev);
1337                 pr_info("%s: retry temporary address regeneration\n", __func__);
1338                 tmpaddr = &addr;
1339                 write_lock_bh(&idev->lock);
1340                 goto retry;
1341         }
1342 
1343         spin_lock_bh(&ift->lock);
1344         ift->ifpub = ifp;
1345         ift->cstamp = now;
1346         ift->tstamp = tmp_tstamp;
1347         spin_unlock_bh(&ift->lock);
1348 
1349         addrconf_dad_start(ift);
1350         in6_ifa_put(ift);
1351         in6_dev_put(idev);
1352 out:
1353         return ret;
1354 }
1355 
1356 /*
1357  *      Choose an appropriate source address (RFC3484)
1358  */
1359 enum {
1360         IPV6_SADDR_RULE_INIT = 0,
1361         IPV6_SADDR_RULE_LOCAL,
1362         IPV6_SADDR_RULE_SCOPE,
1363         IPV6_SADDR_RULE_PREFERRED,
1364 #ifdef CONFIG_IPV6_MIP6
1365         IPV6_SADDR_RULE_HOA,
1366 #endif
1367         IPV6_SADDR_RULE_OIF,
1368         IPV6_SADDR_RULE_LABEL,
1369         IPV6_SADDR_RULE_PRIVACY,
1370         IPV6_SADDR_RULE_ORCHID,
1371         IPV6_SADDR_RULE_PREFIX,
1372 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1373         IPV6_SADDR_RULE_NOT_OPTIMISTIC,
1374 #endif
1375         IPV6_SADDR_RULE_MAX
1376 };
1377 
1378 struct ipv6_saddr_score {
1379         int                     rule;
1380         int                     addr_type;
1381         struct inet6_ifaddr     *ifa;
1382         DECLARE_BITMAP(scorebits, IPV6_SADDR_RULE_MAX);
1383         int                     scopedist;
1384         int                     matchlen;
1385 };
1386 
1387 struct ipv6_saddr_dst {
1388         const struct in6_addr *addr;
1389         int ifindex;
1390         int scope;
1391         int label;
1392         unsigned int prefs;
1393 };
1394 
1395 static inline int ipv6_saddr_preferred(int type)
1396 {
1397         if (type & (IPV6_ADDR_MAPPED|IPV6_ADDR_COMPATv4|IPV6_ADDR_LOOPBACK))
1398                 return 1;
1399         return 0;
1400 }
1401 
1402 static inline bool ipv6_use_optimistic_addr(struct inet6_dev *idev)
1403 {
1404 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1405         return idev && idev->cnf.optimistic_dad && idev->cnf.use_optimistic;
1406 #else
1407         return false;
1408 #endif
1409 }
1410 
1411 static int ipv6_get_saddr_eval(struct net *net,
1412                                struct ipv6_saddr_score *score,
1413                                struct ipv6_saddr_dst *dst,
1414                                int i)
1415 {
1416         int ret;
1417 
1418         if (i <= score->rule) {
1419                 switch (i) {
1420                 case IPV6_SADDR_RULE_SCOPE:
1421                         ret = score->scopedist;
1422                         break;
1423                 case IPV6_SADDR_RULE_PREFIX:
1424                         ret = score->matchlen;
1425                         break;
1426                 default:
1427                         ret = !!test_bit(i, score->scorebits);
1428                 }
1429                 goto out;
1430         }
1431 
1432         switch (i) {
1433         case IPV6_SADDR_RULE_INIT:
1434                 /* Rule 0: remember if hiscore is not ready yet */
1435                 ret = !!score->ifa;
1436                 break;
1437         case IPV6_SADDR_RULE_LOCAL:
1438                 /* Rule 1: Prefer same address */
1439                 ret = ipv6_addr_equal(&score->ifa->addr, dst->addr);
1440                 break;
1441         case IPV6_SADDR_RULE_SCOPE:
1442                 /* Rule 2: Prefer appropriate scope
1443                  *
1444                  *      ret
1445                  *       ^
1446                  *    -1 |  d 15
1447                  *    ---+--+-+---> scope
1448                  *       |
1449                  *       |             d is scope of the destination.
1450                  *  B-d  |  \
1451                  *       |   \      <- smaller scope is better if
1452                  *  B-15 |    \        if scope is enough for destination.
1453                  *       |             ret = B - scope (-1 <= scope >= d <= 15).
1454                  * d-C-1 | /
1455                  *       |/         <- greater is better
1456                  *   -C  /             if scope is not enough for destination.
1457                  *      /|             ret = scope - C (-1 <= d < scope <= 15).
1458                  *
1459                  * d - C - 1 < B -15 (for all -1 <= d <= 15).
1460                  * C > d + 14 - B >= 15 + 14 - B = 29 - B.
1461                  * Assume B = 0 and we get C > 29.
1462                  */
1463                 ret = __ipv6_addr_src_scope(score->addr_type);
1464                 if (ret >= dst->scope)
1465                         ret = -ret;
1466                 else
1467                         ret -= 128;     /* 30 is enough */
1468                 score->scopedist = ret;
1469                 break;
1470         case IPV6_SADDR_RULE_PREFERRED:
1471             {
1472                 /* Rule 3: Avoid deprecated and optimistic addresses */
1473                 u8 avoid = IFA_F_DEPRECATED;
1474 
1475                 if (!ipv6_use_optimistic_addr(score->ifa->idev))
1476                         avoid |= IFA_F_OPTIMISTIC;
1477                 ret = ipv6_saddr_preferred(score->addr_type) ||
1478                       !(score->ifa->flags & avoid);
1479                 break;
1480             }
1481 #ifdef CONFIG_IPV6_MIP6
1482         case IPV6_SADDR_RULE_HOA:
1483             {
1484                 /* Rule 4: Prefer home address */
1485                 int prefhome = !(dst->prefs & IPV6_PREFER_SRC_COA);
1486                 ret = !(score->ifa->flags & IFA_F_HOMEADDRESS) ^ prefhome;
1487                 break;
1488             }
1489 #endif
1490         case IPV6_SADDR_RULE_OIF:
1491                 /* Rule 5: Prefer outgoing interface */
1492                 ret = (!dst->ifindex ||
1493                        dst->ifindex == score->ifa->idev->dev->ifindex);
1494                 break;
1495         case IPV6_SADDR_RULE_LABEL:
1496                 /* Rule 6: Prefer matching label */
1497                 ret = ipv6_addr_label(net,
1498                                       &score->ifa->addr, score->addr_type,
1499                                       score->ifa->idev->dev->ifindex) == dst->label;
1500                 break;
1501         case IPV6_SADDR_RULE_PRIVACY:
1502             {
1503                 /* Rule 7: Prefer public address
1504                  * Note: prefer temporary address if use_tempaddr >= 2
1505                  */
1506                 int preftmp = dst->prefs & (IPV6_PREFER_SRC_PUBLIC|IPV6_PREFER_SRC_TMP) ?
1507                                 !!(dst->prefs & IPV6_PREFER_SRC_TMP) :
1508                                 score->ifa->idev->cnf.use_tempaddr >= 2;
1509                 ret = (!(score->ifa->flags & IFA_F_TEMPORARY)) ^ preftmp;
1510                 break;
1511             }
1512         case IPV6_SADDR_RULE_ORCHID:
1513                 /* Rule 8-: Prefer ORCHID vs ORCHID or
1514                  *          non-ORCHID vs non-ORCHID
1515                  */
1516                 ret = !(ipv6_addr_orchid(&score->ifa->addr) ^
1517                         ipv6_addr_orchid(dst->addr));
1518                 break;
1519         case IPV6_SADDR_RULE_PREFIX:
1520                 /* Rule 8: Use longest matching prefix */
1521                 ret = ipv6_addr_diff(&score->ifa->addr, dst->addr);
1522                 if (ret > score->ifa->prefix_len)
1523                         ret = score->ifa->prefix_len;
1524                 score->matchlen = ret;
1525                 break;
1526 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1527         case IPV6_SADDR_RULE_NOT_OPTIMISTIC:
1528                 /* Optimistic addresses still have lower precedence than other
1529                  * preferred addresses.
1530                  */
1531                 ret = !(score->ifa->flags & IFA_F_OPTIMISTIC);
1532                 break;
1533 #endif
1534         default:
1535                 ret = 0;
1536         }
1537 
1538         if (ret)
1539                 __set_bit(i, score->scorebits);
1540         score->rule = i;
1541 out:
1542         return ret;
1543 }
1544 
1545 static int __ipv6_dev_get_saddr(struct net *net,
1546                                 struct ipv6_saddr_dst *dst,
1547                                 struct inet6_dev *idev,
1548                                 struct ipv6_saddr_score *scores,
1549                                 int hiscore_idx)
1550 {
1551         struct ipv6_saddr_score *score = &scores[1 - hiscore_idx], *hiscore = &scores[hiscore_idx];
1552 
1553         read_lock_bh(&idev->lock);
1554         list_for_each_entry(score->ifa, &idev->addr_list, if_list) {
1555                 int i;
1556 
1557                 /*
1558                  * - Tentative Address (RFC2462 section 5.4)
1559                  *  - A tentative address is not considered
1560                  *    "assigned to an interface" in the traditional
1561                  *    sense, unless it is also flagged as optimistic.
1562                  * - Candidate Source Address (section 4)
1563                  *  - In any case, anycast addresses, multicast
1564                  *    addresses, and the unspecified address MUST
1565                  *    NOT be included in a candidate set.
1566                  */
1567                 if ((score->ifa->flags & IFA_F_TENTATIVE) &&
1568                     (!(score->ifa->flags & IFA_F_OPTIMISTIC)))
1569                         continue;
1570 
1571                 score->addr_type = __ipv6_addr_type(&score->ifa->addr);
1572 
1573                 if (unlikely(score->addr_type == IPV6_ADDR_ANY ||
1574                              score->addr_type & IPV6_ADDR_MULTICAST)) {
1575                         net_dbg_ratelimited("ADDRCONF: unspecified / multicast address assigned as unicast address on %s",
1576                                             idev->dev->name);
1577                         continue;
1578                 }
1579 
1580                 score->rule = -1;
1581                 bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX);
1582 
1583                 for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) {
1584                         int minihiscore, miniscore;
1585 
1586                         minihiscore = ipv6_get_saddr_eval(net, hiscore, dst, i);
1587                         miniscore = ipv6_get_saddr_eval(net, score, dst, i);
1588 
1589                         if (minihiscore > miniscore) {
1590                                 if (i == IPV6_SADDR_RULE_SCOPE &&
1591                                     score->scopedist > 0) {
1592                                         /*
1593                                          * special case:
1594                                          * each remaining entry
1595                                          * has too small (not enough)
1596                                          * scope, because ifa entries
1597                                          * are sorted by their scope
1598                                          * values.
1599                                          */
1600                                         goto out;
1601                                 }
1602                                 break;
1603                         } else if (minihiscore < miniscore) {
1604                                 if (hiscore->ifa)
1605                                         in6_ifa_put(hiscore->ifa);
1606 
1607                                 in6_ifa_hold(score->ifa);
1608 
1609                                 swap(hiscore, score);
1610                                 hiscore_idx = 1 - hiscore_idx;
1611 
1612                                 /* restore our iterator */
1613                                 score->ifa = hiscore->ifa;
1614 
1615                                 break;
1616                         }
1617                 }
1618         }
1619 out:
1620         read_unlock_bh(&idev->lock);
1621         return hiscore_idx;
1622 }
1623 
1624 static int ipv6_get_saddr_master(struct net *net,
1625                                  const struct net_device *dst_dev,
1626                                  const struct net_device *master,
1627                                  struct ipv6_saddr_dst *dst,
1628                                  struct ipv6_saddr_score *scores,
1629                                  int hiscore_idx)
1630 {
1631         struct inet6_dev *idev;
1632 
1633         idev = __in6_dev_get(dst_dev);
1634         if (idev)
1635                 hiscore_idx = __ipv6_dev_get_saddr(net, dst, idev,
1636                                                    scores, hiscore_idx);
1637 
1638         idev = __in6_dev_get(master);
1639         if (idev)
1640                 hiscore_idx = __ipv6_dev_get_saddr(net, dst, idev,
1641                                                    scores, hiscore_idx);
1642 
1643         return hiscore_idx;
1644 }
1645 
1646 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev,
1647                        const struct in6_addr *daddr, unsigned int prefs,
1648                        struct in6_addr *saddr)
1649 {
1650         struct ipv6_saddr_score scores[2], *hiscore;
1651         struct ipv6_saddr_dst dst;
1652         struct inet6_dev *idev;
1653         struct net_device *dev;
1654         int dst_type;
1655         bool use_oif_addr = false;
1656         int hiscore_idx = 0;
1657 
1658         dst_type = __ipv6_addr_type(daddr);
1659         dst.addr = daddr;
1660         dst.ifindex = dst_dev ? dst_dev->ifindex : 0;
1661         dst.scope = __ipv6_addr_src_scope(dst_type);
1662         dst.label = ipv6_addr_label(net, daddr, dst_type, dst.ifindex);
1663         dst.prefs = prefs;
1664 
1665         scores[hiscore_idx].rule = -1;
1666         scores[hiscore_idx].ifa = NULL;
1667 
1668         rcu_read_lock();
1669 
1670         /* Candidate Source Address (section 4)
1671          *  - multicast and link-local destination address,
1672          *    the set of candidate source address MUST only
1673          *    include addresses assigned to interfaces
1674          *    belonging to the same link as the outgoing
1675          *    interface.
1676          * (- For site-local destination addresses, the
1677          *    set of candidate source addresses MUST only
1678          *    include addresses assigned to interfaces
1679          *    belonging to the same site as the outgoing
1680          *    interface.)
1681          *  - "It is RECOMMENDED that the candidate source addresses
1682          *    be the set of unicast addresses assigned to the
1683          *    interface that will be used to send to the destination
1684          *    (the 'outgoing' interface)." (RFC 6724)
1685          */
1686         if (dst_dev) {
1687                 idev = __in6_dev_get(dst_dev);
1688                 if ((dst_type & IPV6_ADDR_MULTICAST) ||
1689                     dst.scope <= IPV6_ADDR_SCOPE_LINKLOCAL ||
1690                     (idev && idev->cnf.use_oif_addrs_only)) {
1691                         use_oif_addr = true;
1692                 }
1693         }
1694 
1695         if (use_oif_addr) {
1696                 if (idev)
1697                         hiscore_idx = __ipv6_dev_get_saddr(net, &dst, idev, scores, hiscore_idx);
1698         } else {
1699                 const struct net_device *master;
1700                 int master_idx = 0;
1701 
1702                 /* if dst_dev exists and is enslaved to an L3 device, then
1703                  * prefer addresses from dst_dev and then the master over
1704                  * any other enslaved devices in the L3 domain.
1705                  */
1706                 master = l3mdev_master_dev_rcu(dst_dev);
1707                 if (master) {
1708                         master_idx = master->ifindex;
1709 
1710                         hiscore_idx = ipv6_get_saddr_master(net, dst_dev,
1711                                                             master, &dst,
1712                                                             scores, hiscore_idx);
1713 
1714                         if (scores[hiscore_idx].ifa)
1715                                 goto out;
1716                 }
1717 
1718                 for_each_netdev_rcu(net, dev) {
1719                         /* only consider addresses on devices in the
1720                          * same L3 domain
1721                          */
1722                         if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1723                                 continue;
1724                         idev = __in6_dev_get(dev);
1725                         if (!idev)
1726                                 continue;
1727                         hiscore_idx = __ipv6_dev_get_saddr(net, &dst, idev, scores, hiscore_idx);
1728                 }
1729         }
1730 
1731 out:
1732         rcu_read_unlock();
1733 
1734         hiscore = &scores[hiscore_idx];
1735         if (!hiscore->ifa)
1736                 return -EADDRNOTAVAIL;
1737 
1738         *saddr = hiscore->ifa->addr;
1739         in6_ifa_put(hiscore->ifa);
1740         return 0;
1741 }
1742 EXPORT_SYMBOL(ipv6_dev_get_saddr);
1743 
1744 int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
1745                       u32 banned_flags)
1746 {
1747         struct inet6_ifaddr *ifp;
1748         int err = -EADDRNOTAVAIL;
1749 
1750         list_for_each_entry_reverse(ifp, &idev->addr_list, if_list) {
1751                 if (ifp->scope > IFA_LINK)
1752                         break;
1753                 if (ifp->scope == IFA_LINK &&
1754                     !(ifp->flags & banned_flags)) {
1755                         *addr = ifp->addr;
1756                         err = 0;
1757                         break;
1758                 }
1759         }
1760         return err;
1761 }
1762 
1763 int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
1764                     u32 banned_flags)
1765 {
1766         struct inet6_dev *idev;
1767         int err = -EADDRNOTAVAIL;
1768 
1769         rcu_read_lock();
1770         idev = __in6_dev_get(dev);
1771         if (idev) {
1772                 read_lock_bh(&idev->lock);
1773                 err = __ipv6_get_lladdr(idev, addr, banned_flags);
1774                 read_unlock_bh(&idev->lock);
1775         }
1776         rcu_read_unlock();
1777         return err;
1778 }
1779 
1780 static int ipv6_count_addresses(struct inet6_dev *idev)
1781 {
1782         int cnt = 0;
1783         struct inet6_ifaddr *ifp;
1784 
1785         read_lock_bh(&idev->lock);
1786         list_for_each_entry(ifp, &idev->addr_list, if_list)
1787                 cnt++;
1788         read_unlock_bh(&idev->lock);
1789         return cnt;
1790 }
1791 
1792 int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
1793                   const struct net_device *dev, int strict)
1794 {
1795         return ipv6_chk_addr_and_flags(net, addr, dev, strict, IFA_F_TENTATIVE);
1796 }
1797 EXPORT_SYMBOL(ipv6_chk_addr);
1798 
1799 int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
1800                             const struct net_device *dev, int strict,
1801                             u32 banned_flags)
1802 {
1803         struct inet6_ifaddr *ifp;
1804         unsigned int hash = inet6_addr_hash(addr);
1805         u32 ifp_flags;
1806 
1807         rcu_read_lock_bh();
1808         hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
1809                 if (!net_eq(dev_net(ifp->idev->dev), net))
1810                         continue;
1811                 /* Decouple optimistic from tentative for evaluation here.
1812                  * Ban optimistic addresses explicitly, when required.
1813                  */
1814                 ifp_flags = (ifp->flags&IFA_F_OPTIMISTIC)
1815                             ? (ifp->flags&~IFA_F_TENTATIVE)
1816                             : ifp->flags;
1817                 if (ipv6_addr_equal(&ifp->addr, addr) &&
1818                     !(ifp_flags&banned_flags) &&
1819                     (!dev || ifp->idev->dev == dev ||
1820                      !(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) {
1821                         rcu_read_unlock_bh();
1822                         return 1;
1823                 }
1824         }
1825 
1826         rcu_read_unlock_bh();
1827         return 0;
1828 }
1829 EXPORT_SYMBOL(ipv6_chk_addr_and_flags);
1830 
1831 static bool ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
1832                                struct net_device *dev)
1833 {
1834         unsigned int hash = inet6_addr_hash(addr);
1835         struct inet6_ifaddr *ifp;
1836 
1837         hlist_for_each_entry(ifp, &inet6_addr_lst[hash], addr_lst) {
1838                 if (!net_eq(dev_net(ifp->idev->dev), net))
1839                         continue;
1840                 if (ipv6_addr_equal(&ifp->addr, addr)) {
1841                         if (!dev || ifp->idev->dev == dev)
1842                                 return true;
1843                 }
1844         }
1845         return false;
1846 }
1847 
1848 /* Compares an address/prefix_len with addresses on device @dev.
1849  * If one is found it returns true.
1850  */
1851 bool ipv6_chk_custom_prefix(const struct in6_addr *addr,
1852         const unsigned int prefix_len, struct net_device *dev)
1853 {
1854         struct inet6_dev *idev;
1855         struct inet6_ifaddr *ifa;
1856         bool ret = false;
1857 
1858         rcu_read_lock();
1859         idev = __in6_dev_get(dev);
1860         if (idev) {
1861                 read_lock_bh(&idev->lock);
1862                 list_for_each_entry(ifa, &idev->addr_list, if_list) {
1863                         ret = ipv6_prefix_equal(addr, &ifa->addr, prefix_len);
1864                         if (ret)
1865                                 break;
1866                 }
1867                 read_unlock_bh(&idev->lock);
1868         }
1869         rcu_read_unlock();
1870 
1871         return ret;
1872 }
1873 EXPORT_SYMBOL(ipv6_chk_custom_prefix);
1874 
1875 int ipv6_chk_prefix(const struct in6_addr *addr, struct net_device *dev)
1876 {
1877         struct inet6_dev *idev;
1878         struct inet6_ifaddr *ifa;
1879         int     onlink;
1880 
1881         onlink = 0;
1882         rcu_read_lock();
1883         idev = __in6_dev_get(dev);
1884         if (idev) {
1885                 read_lock_bh(&idev->lock);
1886                 list_for_each_entry(ifa, &idev->addr_list, if_list) {
1887                         onlink = ipv6_prefix_equal(addr, &ifa->addr,
1888                                                    ifa->prefix_len);
1889                         if (onlink)
1890                                 break;
1891                 }
1892                 read_unlock_bh(&idev->lock);
1893         }
1894         rcu_read_unlock();
1895         return onlink;
1896 }
1897 EXPORT_SYMBOL(ipv6_chk_prefix);
1898 
1899 struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, const struct in6_addr *addr,
1900                                      struct net_device *dev, int strict)
1901 {
1902         struct inet6_ifaddr *ifp, *result = NULL;
1903         unsigned int hash = inet6_addr_hash(addr);
1904 
1905         rcu_read_lock_bh();
1906         hlist_for_each_entry_rcu_bh(ifp, &inet6_addr_lst[hash], addr_lst) {
1907                 if (!net_eq(dev_net(ifp->idev->dev), net))
1908                         continue;
1909                 if (ipv6_addr_equal(&ifp->addr, addr)) {
1910                         if (!dev || ifp->idev->dev == dev ||
1911                             !(ifp->scope&(IFA_LINK|IFA_HOST) || strict)) {
1912                                 result = ifp;
1913                                 in6_ifa_hold(ifp);
1914                                 break;
1915                         }
1916                 }
1917         }
1918         rcu_read_unlock_bh();
1919 
1920         return result;
1921 }
1922 
1923 /* Gets referenced address, destroys ifaddr */
1924 
1925 static void addrconf_dad_stop(struct inet6_ifaddr *ifp, int dad_failed)
1926 {
1927         if (dad_failed)
1928                 ifp->flags |= IFA_F_DADFAILED;
1929 
1930         if (ifp->flags&IFA_F_TEMPORARY) {
1931                 struct inet6_ifaddr *ifpub;
1932                 spin_lock_bh(&ifp->lock);
1933                 ifpub = ifp->ifpub;
1934                 if (ifpub) {
1935                         in6_ifa_hold(ifpub);
1936                         spin_unlock_bh(&ifp->lock);
1937                         ipv6_create_tempaddr(ifpub, ifp);
1938                         in6_ifa_put(ifpub);
1939                 } else {
1940                         spin_unlock_bh(&ifp->lock);
1941                 }
1942                 ipv6_del_addr(ifp);
1943         } else if (ifp->flags&IFA_F_PERMANENT || !dad_failed) {
1944                 spin_lock_bh(&ifp->lock);
1945                 addrconf_del_dad_work(ifp);
1946                 ifp->flags |= IFA_F_TENTATIVE;
1947                 spin_unlock_bh(&ifp->lock);
1948                 if (dad_failed)
1949                         ipv6_ifa_notify(0, ifp);
1950                 in6_ifa_put(ifp);
1951         } else {
1952                 ipv6_del_addr(ifp);
1953         }
1954 }
1955 
1956 static int addrconf_dad_end(struct inet6_ifaddr *ifp)
1957 {
1958         int err = -ENOENT;
1959 
1960         spin_lock_bh(&ifp->lock);
1961         if (ifp->state == INET6_IFADDR_STATE_DAD) {
1962                 ifp->state = INET6_IFADDR_STATE_POSTDAD;
1963                 err = 0;
1964         }
1965         spin_unlock_bh(&ifp->lock);
1966 
1967         return err;
1968 }
1969 
1970 void addrconf_dad_failure(struct inet6_ifaddr *ifp)
1971 {
1972         struct inet6_dev *idev = ifp->idev;
1973         struct net *net = dev_net(ifp->idev->dev);
1974 
1975         if (addrconf_dad_end(ifp)) {
1976                 in6_ifa_put(ifp);
1977                 return;
1978         }
1979 
1980         net_info_ratelimited("%s: IPv6 duplicate address %pI6c detected!\n",
1981                              ifp->idev->dev->name, &ifp->addr);
1982 
1983         spin_lock_bh(&ifp->lock);
1984 
1985         if (ifp->flags & IFA_F_STABLE_PRIVACY) {
1986                 int scope = ifp->scope;
1987                 u32 flags = ifp->flags;
1988                 struct in6_addr new_addr;
1989                 struct inet6_ifaddr *ifp2;
1990                 u32 valid_lft, preferred_lft;
1991                 int pfxlen = ifp->prefix_len;
1992                 int retries = ifp->stable_privacy_retry + 1;
1993 
1994                 if (retries > net->ipv6.sysctl.idgen_retries) {
1995                         net_info_ratelimited("%s: privacy stable address generation failed because of DAD conflicts!\n",
1996                                              ifp->idev->dev->name);
1997                         goto errdad;
1998                 }
1999 
2000                 new_addr = ifp->addr;
2001                 if (ipv6_generate_stable_address(&new_addr, retries,
2002                                                  idev))
2003                         goto errdad;
2004 
2005                 valid_lft = ifp->valid_lft;
2006                 preferred_lft = ifp->prefered_lft;
2007 
2008                 spin_unlock_bh(&ifp->lock);
2009 
2010                 if (idev->cnf.max_addresses &&
2011                     ipv6_count_addresses(idev) >=
2012                     idev->cnf.max_addresses)
2013                         goto lock_errdad;
2014 
2015                 net_info_ratelimited("%s: generating new stable privacy address because of DAD conflict\n",
2016                                      ifp->idev->dev->name);
2017 
2018                 ifp2 = ipv6_add_addr(idev, &new_addr, NULL, pfxlen,
2019                                      scope, flags, valid_lft,
2020                                      preferred_lft);
2021                 if (IS_ERR(ifp2))
2022                         goto lock_errdad;
2023 
2024                 spin_lock_bh(&ifp2->lock);
2025                 ifp2->stable_privacy_retry = retries;
2026                 ifp2->state = INET6_IFADDR_STATE_PREDAD;
2027                 spin_unlock_bh(&ifp2->lock);
2028 
2029                 addrconf_mod_dad_work(ifp2, net->ipv6.sysctl.idgen_delay);
2030                 in6_ifa_put(ifp2);
2031 lock_errdad:
2032                 spin_lock_bh(&ifp->lock);
2033         }
2034 
2035 errdad:
2036         /* transition from _POSTDAD to _ERRDAD */
2037         ifp->state = INET6_IFADDR_STATE_ERRDAD;
2038         spin_unlock_bh(&ifp->lock);
2039 
2040         addrconf_mod_dad_work(ifp, 0);
2041         in6_ifa_put(ifp);
2042 }
2043 
2044 /* Join to solicited addr multicast group.
2045  * caller must hold RTNL */
2046 void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr)
2047 {
2048         struct in6_addr maddr;
2049 
2050         if (dev->flags&(IFF_LOOPBACK|IFF_NOARP))
2051                 return;
2052 
2053         addrconf_addr_solict_mult(addr, &maddr);
2054         ipv6_dev_mc_inc(dev, &maddr);
2055 }
2056 
2057 /* caller must hold RTNL */
2058 void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr)
2059 {
2060         struct in6_addr maddr;
2061 
2062         if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP))
2063                 return;
2064 
2065         addrconf_addr_solict_mult(addr, &maddr);
2066         __ipv6_dev_mc_dec(idev, &maddr);
2067 }
2068 
2069 /* caller must hold RTNL */
2070 static void addrconf_join_anycast(struct inet6_ifaddr *ifp)
2071 {
2072         struct in6_addr addr;
2073 
2074         if (ifp->prefix_len >= 127) /* RFC 6164 */
2075                 return;
2076         ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len);
2077         if (ipv6_addr_any(&addr))
2078                 return;
2079         __ipv6_dev_ac_inc(ifp->idev, &addr);
2080 }
2081 
2082 /* caller must hold RTNL */
2083 static void addrconf_leave_anycast(struct inet6_ifaddr *ifp)
2084 {
2085         struct in6_addr addr;
2086 
2087         if (ifp->prefix_len >= 127) /* RFC 6164 */
2088                 return;
2089         ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len);
2090         if (ipv6_addr_any(&addr))
2091                 return;
2092         __ipv6_dev_ac_dec(ifp->idev, &addr);
2093 }
2094 
2095 static int addrconf_ifid_6lowpan(u8 *eui, struct net_device *dev)
2096 {
2097         switch (dev->addr_len) {
2098         case ETH_ALEN:
2099                 memcpy(eui, dev->dev_addr, 3);
2100                 eui[3] = 0xFF;
2101                 eui[4] = 0xFE;
2102                 memcpy(eui + 5, dev->dev_addr + 3, 3);
2103                 break;
2104         case EUI64_ADDR_LEN:
2105                 memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN);
2106                 eui[0] ^= 2;
2107                 break;
2108         default:
2109                 return -1;
2110         }
2111 
2112         return 0;
2113 }
2114 
2115 static int addrconf_ifid_ieee1394(u8 *eui, struct net_device *dev)
2116 {
2117         union fwnet_hwaddr *ha;
2118 
2119         if (dev->addr_len != FWNET_ALEN)
2120                 return -1;
2121 
2122         ha = (union fwnet_hwaddr *)dev->dev_addr;
2123 
2124         memcpy(eui, &ha->uc.uniq_id, sizeof(ha->uc.uniq_id));
2125         eui[0] ^= 2;
2126         return 0;
2127 }
2128 
2129 static int addrconf_ifid_arcnet(u8 *eui, struct net_device *dev)
2130 {
2131         /* XXX: inherit EUI-64 from other interface -- yoshfuji */
2132         if (dev->addr_len != ARCNET_ALEN)
2133                 return -1;
2134         memset(eui, 0, 7);
2135         eui[7] = *(u8 *)dev->dev_addr;
2136         return 0;
2137 }
2138 
2139 static int addrconf_ifid_infiniband(u8 *eui, struct net_device *dev)
2140 {
2141         if (dev->addr_len != INFINIBAND_ALEN)
2142                 return -1;
2143         memcpy(eui, dev->dev_addr + 12, 8);
2144         eui[0] |= 2;
2145         return 0;
2146 }
2147 
2148 static int __ipv6_isatap_ifid(u8 *eui, __be32 addr)
2149 {
2150         if (addr == 0)
2151                 return -1;
2152         eui[0] = (ipv4_is_zeronet(addr) || ipv4_is_private_10(addr) ||
2153                   ipv4_is_loopback(addr) || ipv4_is_linklocal_169(addr) ||
2154                   ipv4_is_private_172(addr) || ipv4_is_test_192(addr) ||
2155                   ipv4_is_anycast_6to4(addr) || ipv4_is_private_192(addr) ||
2156                   ipv4_is_test_198(addr) || ipv4_is_multicast(addr) ||
2157                   ipv4_is_lbcast(addr)) ? 0x00 : 0x02;
2158         eui[1] = 0;
2159         eui[2] = 0x5E;
2160         eui[3] = 0xFE;
2161         memcpy(eui + 4, &addr, 4);
2162         return 0;
2163 }
2164 
2165 static int addrconf_ifid_sit(u8 *eui, struct net_device *dev)
2166 {
2167         if (dev->priv_flags & IFF_ISATAP)
2168                 return __ipv6_isatap_ifid(eui, *(__be32 *)dev->dev_addr);
2169         return -1;
2170 }
2171 
2172 static int addrconf_ifid_gre(u8 *eui, struct net_device *dev)
2173 {
2174         return __ipv6_isatap_ifid(eui, *(__be32 *)dev->dev_addr);
2175 }
2176 
2177 static int addrconf_ifid_ip6tnl(u8 *eui, struct net_device *dev)
2178 {
2179         memcpy(eui, dev->perm_addr, 3);
2180         memcpy(eui + 5, dev->perm_addr + 3, 3);
2181         eui[3] = 0xFF;
2182         eui[4] = 0xFE;
2183         eui[0] ^= 2;
2184         return 0;
2185 }
2186 
2187 static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
2188 {
2189         switch (dev->type) {
2190         case ARPHRD_ETHER:
2191         case ARPHRD_FDDI:
2192                 return addrconf_ifid_eui48(eui, dev);
2193         case ARPHRD_ARCNET:
2194                 return addrconf_ifid_arcnet(eui, dev);
2195         case ARPHRD_INFINIBAND:
2196                 return addrconf_ifid_infiniband(eui, dev);
2197         case ARPHRD_SIT:
2198                 return addrconf_ifid_sit(eui, dev);
2199         case ARPHRD_IPGRE:
2200         case ARPHRD_TUNNEL:
2201                 return addrconf_ifid_gre(eui, dev);
2202         case ARPHRD_6LOWPAN:
2203                 return addrconf_ifid_6lowpan(eui, dev);
2204         case ARPHRD_IEEE1394:
2205                 return addrconf_ifid_ieee1394(eui, dev);
2206         case ARPHRD_TUNNEL6:
2207         case ARPHRD_IP6GRE:
2208                 return addrconf_ifid_ip6tnl(eui, dev);
2209         }
2210         return -1;
2211 }
2212 
2213 static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
2214 {
2215         int err = -1;
2216         struct inet6_ifaddr *ifp;
2217 
2218         read_lock_bh(&idev->lock);
2219         list_for_each_entry_reverse(ifp, &idev->addr_list, if_list) {
2220                 if (ifp->scope > IFA_LINK)
2221                         break;
2222                 if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) {
2223                         memcpy(eui, ifp->addr.s6_addr+8, 8);
2224                         err = 0;
2225                         break;
2226                 }
2227         }
2228         read_unlock_bh(&idev->lock);
2229         return err;
2230 }
2231 
2232 /* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
2233 static void ipv6_regen_rndid(struct inet6_dev *idev)
2234 {
2235 regen:
2236         get_random_bytes(idev->rndid, sizeof(idev->rndid));
2237         idev->rndid[0] &= ~0x02;
2238 
2239         /*
2240          * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>:
2241          * check if generated address is not inappropriate
2242          *
2243          *  - Reserved subnet anycast (RFC 2526)
2244          *      11111101 11....11 1xxxxxxx
2245          *  - ISATAP (RFC4214) 6.1
2246          *      00-00-5E-FE-xx-xx-xx-xx
2247          *  - value 0
2248          *  - XXX: already assigned to an address on the device
2249          */
2250         if (idev->rndid[0] == 0xfd &&
2251             (idev->rndid[1]&idev->rndid[2]&idev->rndid[3]&idev->rndid[4]&idev->rndid[5]&idev->rndid[6]) == 0xff &&
2252             (idev->rndid[7]&0x80))
2253                 goto regen;
2254         if ((idev->rndid[0]|idev->rndid[1]) == 0) {
2255                 if (idev->rndid[2] == 0x5e && idev->rndid[3] == 0xfe)
2256                         goto regen;
2257                 if ((idev->rndid[2]|idev->rndid[3]|idev->rndid[4]|idev->rndid[5]|idev->rndid[6]|idev->rndid[7]) == 0x00)
2258                         goto regen;
2259         }
2260 }
2261 
2262 static void  ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr)
2263 {
2264         if (tmpaddr && memcmp(idev->rndid, &tmpaddr->s6_addr[8], 8) == 0)
2265                 ipv6_regen_rndid(idev);
2266 }
2267 
2268 /*
2269  *      Add prefix route.
2270  */
2271 
2272 static void
2273 addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
2274                       unsigned long expires, u32 flags)
2275 {
2276         struct fib6_config cfg = {
2277                 .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_PREFIX,
2278                 .fc_metric = IP6_RT_PRIO_ADDRCONF,
2279                 .fc_ifindex = dev->ifindex,
2280                 .fc_expires = expires,
2281                 .fc_dst_len = plen,
2282                 .fc_flags = RTF_UP | flags,
2283                 .fc_nlinfo.nl_net = dev_net(dev),
2284                 .fc_protocol = RTPROT_KERNEL,
2285         };
2286 
2287         cfg.fc_dst = *pfx;
2288 
2289         /* Prevent useless cloning on PtP SIT.
2290            This thing is done here expecting that the whole
2291            class of non-broadcast devices need not cloning.
2292          */
2293 #if IS_ENABLED(CONFIG_IPV6_SIT)
2294         if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT))
2295                 cfg.fc_flags |= RTF_NONEXTHOP;
2296 #endif
2297 
2298         ip6_route_add(&cfg, NULL);
2299 }
2300 
2301 
2302 static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx,
2303                                                   int plen,
2304                                                   const struct net_device *dev,
2305                                                   u32 flags, u32 noflags)
2306 {
2307         struct fib6_node *fn;
2308         struct rt6_info *rt = NULL;
2309         struct fib6_table *table;
2310         u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_PREFIX;
2311 
2312         table = fib6_get_table(dev_net(dev), tb_id);
2313         if (!table)
2314                 return NULL;
2315 
2316         read_lock_bh(&table->tb6_lock);
2317         fn = fib6_locate(&table->tb6_root, pfx, plen, NULL, 0);
2318         if (!fn)
2319                 goto out;
2320 
2321         noflags |= RTF_CACHE;
2322         for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
2323                 if (rt->dst.dev->ifindex != dev->ifindex)
2324                         continue;
2325                 if ((rt->rt6i_flags & flags) != flags)
2326                         continue;
2327                 if ((rt->rt6i_flags & noflags) != 0)
2328                         continue;
2329                 dst_hold(&rt->dst);
2330                 break;
2331         }
2332 out:
2333         read_unlock_bh(&table->tb6_lock);
2334         return rt;
2335 }
2336 
2337 
2338 /* Create "default" multicast route to the interface */
2339 
2340 static void addrconf_add_mroute(struct net_device *dev)
2341 {
2342         struct fib6_config cfg = {
2343                 .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_LOCAL,
2344                 .fc_metric = IP6_RT_PRIO_ADDRCONF,
2345                 .fc_ifindex = dev->ifindex,
2346                 .fc_dst_len = 8,
2347                 .fc_flags = RTF_UP,
2348                 .fc_nlinfo.nl_net = dev_net(dev),
2349         };
2350 
2351         ipv6_addr_set(&cfg.fc_dst, htonl(0xFF000000), 0, 0, 0);
2352 
2353         ip6_route_add(&cfg, NULL);
2354 }
2355 
2356 static struct inet6_dev *addrconf_add_dev(struct net_device *dev)
2357 {
2358         struct inet6_dev *idev;
2359 
2360         ASSERT_RTNL();
2361 
2362         idev = ipv6_find_idev(dev);
2363         if (!idev)
2364                 return ERR_PTR(-ENOBUFS);
2365 
2366         if (idev->cnf.disable_ipv6)
2367                 return ERR_PTR(-EACCES);
2368 
2369         /* Add default multicast route */
2370         if (!(dev->flags & IFF_LOOPBACK) && !netif_is_l3_master(dev))
2371                 addrconf_add_mroute(dev);
2372 
2373         return idev;
2374 }
2375 
2376 static void manage_tempaddrs(struct inet6_dev *idev,
2377                              struct inet6_ifaddr *ifp,
2378                              __u32 valid_lft, __u32 prefered_lft,
2379                              bool create, unsigned long now)
2380 {
2381         u32 flags;
2382         struct inet6_ifaddr *ift;
2383 
2384         read_lock_bh(&idev->lock);
2385         /* update all temporary addresses in the list */
2386         list_for_each_entry(ift, &idev->tempaddr_list, tmp_list) {
2387                 int age, max_valid, max_prefered;
2388 
2389                 if (ifp != ift->ifpub)
2390                         continue;
2391 
2392                 /* RFC 4941 section 3.3:
2393                  * If a received option will extend the lifetime of a public
2394                  * address, the lifetimes of temporary addresses should
2395                  * be extended, subject to the overall constraint that no
2396                  * temporary addresses should ever remain "valid" or "preferred"
2397                  * for a time longer than (TEMP_VALID_LIFETIME) or
2398                  * (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR), respectively.
2399                  */
2400                 age = (now - ift->cstamp) / HZ;
2401                 max_valid = idev->cnf.temp_valid_lft - age;
2402                 if (max_valid < 0)
2403                         max_valid = 0;
2404 
2405                 max_prefered = idev->cnf.temp_prefered_lft -
2406                                idev->desync_factor - age;
2407                 if (max_prefered < 0)
2408                         max_prefered = 0;
2409 
2410                 if (valid_lft > max_valid)
2411                         valid_lft = max_valid;
2412 
2413                 if (prefered_lft > max_prefered)
2414                         prefered_lft = max_prefered;
2415 
2416                 spin_lock(&ift->lock);
2417                 flags = ift->flags;
2418                 ift->valid_lft = valid_lft;
2419                 ift->prefered_lft = prefered_lft;
2420                 ift->tstamp = now;
2421                 if (prefered_lft > 0)
2422                         ift->flags &= ~IFA_F_DEPRECATED;
2423 
2424                 spin_unlock(&ift->lock);
2425                 if (!(flags&IFA_F_TENTATIVE))
2426                         ipv6_ifa_notify(0, ift);
2427         }
2428 
2429         if ((create || list_empty(&idev->tempaddr_list)) &&
2430             idev->cnf.use_tempaddr > 0) {
2431                 /* When a new public address is created as described
2432                  * in [ADDRCONF], also create a new temporary address.
2433                  * Also create a temporary address if it's enabled but
2434                  * no temporary address currently exists.
2435                  */
2436                 read_unlock_bh(&idev->lock);
2437                 ipv6_create_tempaddr(ifp, NULL);
2438         } else {
2439                 read_unlock_bh(&idev->lock);
2440         }
2441 }
2442 
2443 static bool is_addr_mode_generate_stable(struct inet6_dev *idev)
2444 {
2445         return idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY ||
2446                idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM;
2447 }
2448 
2449 int addrconf_prefix_rcv_add_addr(struct net *net, struct net_device *dev,
2450                                  const struct prefix_info *pinfo,
2451                                  struct inet6_dev *in6_dev,
2452                                  const struct in6_addr *addr, int addr_type,
2453                                  u32 addr_flags, bool sllao, bool tokenized,
2454                                  __u32 valid_lft, u32 prefered_lft)
2455 {
2456         struct inet6_ifaddr *ifp = ipv6_get_ifaddr(net, addr, dev, 1);
2457         int create = 0, update_lft = 0;
2458 
2459         if (!ifp && valid_lft) {
2460                 int max_addresses = in6_dev->cnf.max_addresses;
2461 
2462 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
2463                 if (in6_dev->cnf.optimistic_dad &&
2464                     !net->ipv6.devconf_all->forwarding && sllao)
2465                         addr_flags |= IFA_F_OPTIMISTIC;
2466 #endif
2467 
2468                 /* Do not allow to create too much of autoconfigured
2469                  * addresses; this would be too easy way to crash kernel.
2470                  */
2471                 if (!max_addresses ||
2472                     ipv6_count_addresses(in6_dev) < max_addresses)
2473                         ifp = ipv6_add_addr(in6_dev, addr, NULL,
2474                                             pinfo->prefix_len,
2475                                             addr_type&IPV6_ADDR_SCOPE_MASK,
2476                                             addr_flags, valid_lft,
2477                                             prefered_lft);
2478 
2479                 if (IS_ERR_OR_NULL(ifp))
2480                         return -1;
2481 
2482                 update_lft = 0;
2483                 create = 1;
2484                 spin_lock_bh(&ifp->lock);
2485                 ifp->flags |= IFA_F_MANAGETEMPADDR;
2486                 ifp->cstamp = jiffies;
2487                 ifp->tokenized = tokenized;
2488                 spin_unlock_bh(&ifp->lock);
2489                 addrconf_dad_start(ifp);
2490         }
2491 
2492         if (ifp) {
2493                 u32 flags;
2494                 unsigned long now;
2495                 u32 stored_lft;
2496 
2497                 /* update lifetime (RFC2462 5.5.3 e) */
2498                 spin_lock_bh(&ifp->lock);
2499                 now = jiffies;
2500                 if (ifp->valid_lft > (now - ifp->tstamp) / HZ)
2501                         stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ;
2502                 else
2503                         stored_lft = 0;
2504                 if (!update_lft && !create && stored_lft) {
2505                         const u32 minimum_lft = min_t(u32,
2506                                 stored_lft, MIN_VALID_LIFETIME);
2507                         valid_lft = max(valid_lft, minimum_lft);
2508 
2509                         /* RFC4862 Section 5.5.3e:
2510                          * "Note that the preferred lifetime of the
2511                          *  corresponding address is always reset to
2512                          *  the Preferred Lifetime in the received
2513                          *  Prefix Information option, regardless of
2514                          *  whether the valid lifetime is also reset or
2515                          *  ignored."
2516                          *
2517                          * So we should always update prefered_lft here.
2518                          */
2519                         update_lft = 1;
2520                 }
2521 
2522                 if (update_lft) {
2523                         ifp->valid_lft = valid_lft;
2524                         ifp->prefered_lft = prefered_lft;
2525                         ifp->tstamp = now;
2526                         flags = ifp->flags;
2527                         ifp->flags &= ~IFA_F_DEPRECATED;
2528                         spin_unlock_bh(&ifp->lock);
2529 
2530                         if (!(flags&IFA_F_TENTATIVE))
2531                                 ipv6_ifa_notify(0, ifp);
2532                 } else
2533                         spin_unlock_bh(&ifp->lock);
2534 
2535                 manage_tempaddrs(in6_dev, ifp, valid_lft, prefered_lft,
2536                                  create, now);
2537 
2538                 in6_ifa_put(ifp);
2539                 addrconf_verify();
2540         }
2541 
2542         return 0;
2543 }
2544 EXPORT_SYMBOL_GPL(addrconf_prefix_rcv_add_addr);
2545 
2546 void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao)
2547 {
2548         struct prefix_info *pinfo;
2549         __u32 valid_lft;
2550         __u32 prefered_lft;
2551         int addr_type, err;
2552         u32 addr_flags = 0;
2553         struct inet6_dev *in6_dev;
2554         struct net *net = dev_net(dev);
2555 
2556         pinfo = (struct prefix_info *) opt;
2557 
2558         if (len < sizeof(struct prefix_info)) {
2559                 ADBG("addrconf: prefix option too short\n");
2560                 return;
2561         }
2562 
2563         /*
2564          *      Validation checks ([ADDRCONF], page 19)
2565          */
2566 
2567         addr_type = ipv6_addr_type(&pinfo->prefix);
2568 
2569         if (addr_type & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL))
2570                 return;
2571 
2572         valid_lft = ntohl(pinfo->valid);
2573         prefered_lft = ntohl(pinfo->prefered);
2574 
2575         if (prefered_lft > valid_lft) {
2576                 net_warn_ratelimited("addrconf: prefix option has invalid lifetime\n");
2577                 return;
2578         }
2579 
2580         in6_dev = in6_dev_get(dev);
2581 
2582         if (!in6_dev) {
2583                 net_dbg_ratelimited("addrconf: device %s not configured\n",
2584                                     dev->name);
2585                 return;
2586         }
2587 
2588         /*
2589          *      Two things going on here:
2590          *      1) Add routes for on-link prefixes
2591          *      2) Configure prefixes with the auto flag set
2592          */
2593 
2594         if (pinfo->onlink) {
2595                 struct rt6_info *rt;
2596                 unsigned long rt_expires;
2597 
2598                 /* Avoid arithmetic overflow. Really, we could
2599                  * save rt_expires in seconds, likely valid_lft,
2600                  * but it would require division in fib gc, that it
2601                  * not good.
2602                  */
2603                 if (HZ > USER_HZ)
2604                         rt_expires = addrconf_timeout_fixup(valid_lft, HZ);
2605                 else
2606                         rt_expires = addrconf_timeout_fixup(valid_lft, USER_HZ);
2607 
2608                 if (addrconf_finite_timeout(rt_expires))
2609                         rt_expires *= HZ;
2610 
2611                 rt = addrconf_get_prefix_route(&pinfo->prefix,
2612                                                pinfo->prefix_len,
2613                                                dev,
2614                                                RTF_ADDRCONF | RTF_PREFIX_RT,
2615                                                RTF_GATEWAY | RTF_DEFAULT);
2616 
2617                 if (rt) {
2618                         /* Autoconf prefix route */
2619                         if (valid_lft == 0) {
2620                                 ip6_del_rt(rt);
2621                                 rt = NULL;
2622                         } else if (addrconf_finite_timeout(rt_expires)) {
2623                                 /* not infinity */
2624                                 rt6_set_expires(rt, jiffies + rt_expires);
2625                         } else {
2626                                 rt6_clean_expires(rt);
2627                         }
2628                 } else if (valid_lft) {
2629                         clock_t expires = 0;
2630                         int flags = RTF_ADDRCONF | RTF_PREFIX_RT;
2631                         if (addrconf_finite_timeout(rt_expires)) {
2632                                 /* not infinity */
2633                                 flags |= RTF_EXPIRES;
2634                                 expires = jiffies_to_clock_t(rt_expires);
2635                         }
2636                         addrconf_prefix_route(&pinfo->prefix, pinfo->prefix_len,
2637                                               dev, expires, flags);
2638                 }
2639                 ip6_rt_put(rt);
2640         }
2641 
2642         /* Try to figure out our local address for this prefix */
2643 
2644         if (pinfo->autoconf && in6_dev->cnf.autoconf) {
2645                 struct in6_addr addr;
2646                 bool tokenized = false, dev_addr_generated = false;
2647 
2648                 if (pinfo->prefix_len == 64) {
2649                         memcpy(&addr, &pinfo->prefix, 8);
2650 
2651                         if (!ipv6_addr_any(&in6_dev->token)) {
2652                                 read_lock_bh(&in6_dev->lock);
2653                                 memcpy(addr.s6_addr + 8,
2654                                        in6_dev->token.s6_addr + 8, 8);
2655                                 read_unlock_bh(&in6_dev->lock);
2656                                 tokenized = true;
2657                         } else if (is_addr_mode_generate_stable(in6_dev) &&
2658                                    !ipv6_generate_stable_address(&addr, 0,
2659                                                                  in6_dev)) {
2660                                 addr_flags |= IFA_F_STABLE_PRIVACY;
2661                                 goto ok;
2662                         } else if (ipv6_generate_eui64(addr.s6_addr + 8, dev) &&
2663                                    ipv6_inherit_eui64(addr.s6_addr + 8, in6_dev)) {
2664                                 goto put;
2665                         } else {
2666                                 dev_addr_generated = true;
2667                         }
2668                         goto ok;
2669                 }
2670                 net_dbg_ratelimited("IPv6 addrconf: prefix with wrong length %d\n",
2671                                     pinfo->prefix_len);
2672                 goto put;
2673 
2674 ok:
2675                 err = addrconf_prefix_rcv_add_addr(net, dev, pinfo, in6_dev,
2676                                                    &addr, addr_type,
2677                                                    addr_flags, sllao,
2678                                                    tokenized, valid_lft,
2679                                                    prefered_lft);
2680                 if (err)
2681                         goto put;
2682 
2683                 /* Ignore error case here because previous prefix add addr was
2684                  * successful which will be notified.
2685                  */
2686                 ndisc_ops_prefix_rcv_add_addr(net, dev, pinfo, in6_dev, &addr,
2687                                               addr_type, addr_flags, sllao,
2688                                               tokenized, valid_lft,
2689                                               prefered_lft,
2690                                               dev_addr_generated);
2691         }
2692         inet6_prefix_notify(RTM_NEWPREFIX, in6_dev, pinfo);
2693 put:
2694         in6_dev_put(in6_dev);
2695 }
2696 
2697 /*
2698  *      Set destination address.
2699  *      Special case for SIT interfaces where we create a new "virtual"
2700  *      device.
2701  */
2702 int addrconf_set_dstaddr(struct net *net, void __user *arg)
2703 {
2704         struct in6_ifreq ireq;
2705         struct net_device *dev;
2706         int err = -EINVAL;
2707 
2708         rtnl_lock();
2709 
2710         err = -EFAULT;
2711         if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
2712                 goto err_exit;
2713 
2714         dev = __dev_get_by_index(net, ireq.ifr6_ifindex);
2715 
2716         err = -ENODEV;
2717         if (!dev)
2718                 goto err_exit;
2719 
2720 #if IS_ENABLED(CONFIG_IPV6_SIT)
2721         if (dev->type == ARPHRD_SIT) {
2722                 const struct net_device_ops *ops = dev->netdev_ops;
2723                 struct ifreq ifr;
2724                 struct ip_tunnel_parm p;
2725 
2726                 err = -EADDRNOTAVAIL;
2727                 if (!(ipv6_addr_type(&ireq.ifr6_addr) & IPV6_ADDR_COMPATv4))
2728                         goto err_exit;
2729 
2730                 memset(&p, 0, sizeof(p));
2731                 p.iph.daddr = ireq.ifr6_addr.s6_addr32[3];
2732                 p.iph.saddr = 0;
2733                 p.iph.version = 4;
2734                 p.iph.ihl = 5;
2735                 p.iph.protocol = IPPROTO_IPV6;
2736                 p.iph.ttl = 64;
2737                 ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
2738 
2739                 if (ops->ndo_do_ioctl) {
2740                         mm_segment_t oldfs = get_fs();
2741 
2742                         set_fs(KERNEL_DS);
2743                         err = ops->ndo_do_ioctl(dev, &ifr, SIOCADDTUNNEL);
2744                         set_fs(oldfs);
2745                 } else
2746                         err = -EOPNOTSUPP;
2747 
2748                 if (err == 0) {
2749                         err = -ENOBUFS;
2750                         dev = __dev_get_by_name(net, p.name);
2751                         if (!dev)
2752                                 goto err_exit;
2753                         err = dev_open(dev);
2754                 }
2755         }
2756 #endif
2757 
2758 err_exit:
2759         rtnl_unlock();
2760         return err;
2761 }
2762 
2763 static int ipv6_mc_config(struct sock *sk, bool join,
2764                           const struct in6_addr *addr, int ifindex)
2765 {
2766         int ret;
2767 
2768         ASSERT_RTNL();
2769 
2770         lock_sock(sk);
2771         if (join)
2772                 ret = ipv6_sock_mc_join(sk, ifindex, addr);
2773         else
2774                 ret = ipv6_sock_mc_drop(sk, ifindex, addr);
2775         release_sock(sk);
2776 
2777         return ret;
2778 }
2779 
2780 /*
2781  *      Manual configuration of address on an interface
2782  */
2783 static int inet6_addr_add(struct net *net, int ifindex,
2784                           const struct in6_addr *pfx,
2785                           const struct in6_addr *peer_pfx,
2786                           unsigned int plen, __u32 ifa_flags,
2787                           __u32 prefered_lft, __u32 valid_lft)
2788 {
2789         struct inet6_ifaddr *ifp;
2790         struct inet6_dev *idev;
2791         struct net_device *dev;
2792         unsigned long timeout;
2793         clock_t expires;
2794         int scope;
2795         u32 flags;
2796 
2797         ASSERT_RTNL();
2798 
2799         if (plen > 128)
2800                 return -EINVAL;
2801 
2802         /* check the lifetime */
2803         if (!valid_lft || prefered_lft > valid_lft)
2804                 return -EINVAL;
2805 
2806         if (ifa_flags & IFA_F_MANAGETEMPADDR && plen != 64)
2807                 return -EINVAL;
2808 
2809         dev = __dev_get_by_index(net, ifindex);
2810         if (!dev)
2811                 return -ENODEV;
2812 
2813         idev = addrconf_add_dev(dev);
2814         if (IS_ERR(idev))
2815                 return PTR_ERR(idev);
2816 
2817         if (ifa_flags & IFA_F_MCAUTOJOIN) {
2818                 int ret = ipv6_mc_config(net->ipv6.mc_autojoin_sk,
2819                                          true, pfx, ifindex);
2820 
2821                 if (ret < 0)
2822                         return ret;
2823         }
2824 
2825         scope = ipv6_addr_scope(pfx);
2826 
2827         timeout = addrconf_timeout_fixup(valid_lft, HZ);
2828         if (addrconf_finite_timeout(timeout)) {
2829                 expires = jiffies_to_clock_t(timeout * HZ);
2830                 valid_lft = timeout;
2831                 flags = RTF_EXPIRES;
2832         } else {
2833                 expires = 0;
2834                 flags = 0;
2835                 ifa_flags |= IFA_F_PERMANENT;
2836         }
2837 
2838         timeout = addrconf_timeout_fixup(prefered_lft, HZ);
2839         if (addrconf_finite_timeout(timeout)) {
2840                 if (timeout == 0)
2841                         ifa_flags |= IFA_F_DEPRECATED;
2842                 prefered_lft = timeout;
2843         }
2844 
2845         ifp = ipv6_add_addr(idev, pfx, peer_pfx, plen, scope, ifa_flags,
2846                             valid_lft, prefered_lft);
2847 
2848         if (!IS_ERR(ifp)) {
2849                 if (!(ifa_flags & IFA_F_NOPREFIXROUTE)) {
2850                         addrconf_prefix_route(&ifp->addr, ifp->prefix_len, dev,
2851                                               expires, flags);
2852                 }
2853 
2854                 /*
2855                  * Note that section 3.1 of RFC 4429 indicates
2856                  * that the Optimistic flag should not be set for
2857                  * manually configured addresses
2858                  */
2859                 addrconf_dad_start(ifp);
2860                 if (ifa_flags & IFA_F_MANAGETEMPADDR)
2861                         manage_tempaddrs(idev, ifp, valid_lft, prefered_lft,
2862                                          true, jiffies);
2863                 in6_ifa_put(ifp);
2864                 addrconf_verify_rtnl();
2865                 return 0;
2866         } else if (ifa_flags & IFA_F_MCAUTOJOIN) {
2867                 ipv6_mc_config(net->ipv6.mc_autojoin_sk,
2868                                false, pfx, ifindex);
2869         }
2870 
2871         return PTR_ERR(ifp);
2872 }
2873 
2874 static int inet6_addr_del(struct net *net, int ifindex, u32 ifa_flags,
2875                           const struct in6_addr *pfx, unsigned int plen)
2876 {
2877         struct inet6_ifaddr *ifp;
2878         struct inet6_dev *idev;
2879         struct net_device *dev;
2880 
2881         if (plen > 128)
2882                 return -EINVAL;
2883 
2884         dev = __dev_get_by_index(net, ifindex);
2885         if (!dev)
2886                 return -ENODEV;
2887 
2888         idev = __in6_dev_get(dev);
2889         if (!idev)
2890                 return -ENXIO;
2891 
2892         read_lock_bh(&idev->lock);
2893         list_for_each_entry(ifp, &idev->addr_list, if_list) {
2894                 if (ifp->prefix_len == plen &&
2895                     ipv6_addr_equal(pfx, &ifp->addr)) {
2896                         in6_ifa_hold(ifp);
2897                         read_unlock_bh(&idev->lock);
2898 
2899                         if (!(ifp->flags & IFA_F_TEMPORARY) &&
2900                             (ifa_flags & IFA_F_MANAGETEMPADDR))
2901                                 manage_tempaddrs(idev, ifp, 0, 0, false,
2902                                                  jiffies);
2903                         ipv6_del_addr(ifp);
2904                         addrconf_verify_rtnl();
2905                         if (ipv6_addr_is_multicast(pfx)) {
2906                                 ipv6_mc_config(net->ipv6.mc_autojoin_sk,
2907                                                false, pfx, dev->ifindex);
2908                         }
2909                         return 0;
2910                 }
2911         }
2912         read_unlock_bh(&idev->lock);
2913         return -EADDRNOTAVAIL;
2914 }
2915 
2916 
2917 int addrconf_add_ifaddr(struct net *net, void __user *arg)
2918 {
2919         struct in6_ifreq ireq;
2920         int err;
2921 
2922         if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
2923                 return -EPERM;
2924 
2925         if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
2926                 return -EFAULT;
2927 
2928         rtnl_lock();
2929         err = inet6_addr_add(net, ireq.ifr6_ifindex, &ireq.ifr6_addr, NULL,
2930                              ireq.ifr6_prefixlen, IFA_F_PERMANENT,
2931                              INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
2932         rtnl_unlock();
2933         return err;
2934 }
2935 
2936 int addrconf_del_ifaddr(struct net *net, void __user *arg)
2937 {
2938         struct in6_ifreq ireq;
2939         int err;
2940 
2941         if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
2942                 return -EPERM;
2943 
2944         if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
2945                 return -EFAULT;
2946 
2947         rtnl_lock();
2948         err = inet6_addr_del(net, ireq.ifr6_ifindex, 0, &ireq.ifr6_addr,
2949                              ireq.ifr6_prefixlen);
2950         rtnl_unlock();
2951         return err;
2952 }
2953 
2954 static void add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
2955                      int plen, int scope)
2956 {
2957         struct inet6_ifaddr *ifp;
2958 
2959         ifp = ipv6_add_addr(idev, addr, NULL, plen,
2960                             scope, IFA_F_PERMANENT,
2961                             INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
2962         if (!IS_ERR(ifp)) {
2963                 spin_lock_bh(&ifp->lock);
2964                 ifp->flags &= ~IFA_F_TENTATIVE;
2965                 spin_unlock_bh(&ifp->lock);
2966                 rt_genid_bump_ipv6(dev_net(idev->dev));
2967                 ipv6_ifa_notify(RTM_NEWADDR, ifp);
2968                 in6_ifa_put(ifp);
2969         }
2970 }
2971 
2972 #if IS_ENABLED(CONFIG_IPV6_SIT)
2973 static void sit_add_v4_addrs(struct inet6_dev *idev)
2974 {
2975         struct in6_addr addr;
2976         struct net_device *dev;
2977         struct net *net = dev_net(idev->dev);
2978         int scope, plen;
2979         u32 pflags = 0;
2980 
2981         ASSERT_RTNL();
2982 
2983         memset(&addr, 0, sizeof(struct in6_addr));
2984         memcpy(&addr.s6_addr32[3], idev->dev->dev_addr, 4);
2985 
2986         if (idev->dev->flags&IFF_POINTOPOINT) {
2987                 addr.s6_addr32[0] = htonl(0xfe800000);
2988                 scope = IFA_LINK;
2989                 plen = 64;
2990         } else {
2991                 scope = IPV6_ADDR_COMPATv4;
2992                 plen = 96;
2993                 pflags |= RTF_NONEXTHOP;
2994         }
2995 
2996         if (addr.s6_addr32[3]) {
2997                 add_addr(idev, &addr, plen, scope);
2998                 addrconf_prefix_route(&addr, plen, idev->dev, 0, pflags);
2999                 return;
3000         }
3001 
3002         for_each_netdev(net, dev) {
3003                 struct in_device *in_dev = __in_dev_get_rtnl(dev);
3004                 if (in_dev && (dev->flags & IFF_UP)) {
3005                         struct in_ifaddr *ifa;
3006 
3007                         int flag = scope;
3008 
3009                         for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
3010 
3011                                 addr.s6_addr32[3] = ifa->ifa_local;
3012 
3013                                 if (ifa->ifa_scope == RT_SCOPE_LINK)
3014                                         continue;
3015                                 if (ifa->ifa_scope >= RT_SCOPE_HOST) {
3016                                         if (idev->dev->flags&IFF_POINTOPOINT)
3017                                                 continue;
3018                                         flag |= IFA_HOST;
3019                                 }
3020 
3021                                 add_addr(idev, &addr, plen, flag);
3022                                 addrconf_prefix_route(&addr, plen, idev->dev, 0,
3023                                                       pflags);
3024                         }
3025                 }
3026         }
3027 }
3028 #endif
3029 
3030 static void init_loopback(struct net_device *dev)
3031 {
3032         struct inet6_dev  *idev;
3033         struct net_device *sp_dev;
3034         struct inet6_ifaddr *sp_ifa;
3035         struct rt6_info *sp_rt;
3036 
3037         /* ::1 */
3038 
3039         ASSERT_RTNL();
3040 
3041         idev = ipv6_find_idev(dev);
3042         if (!idev) {
3043                 pr_debug("%s: add_dev failed\n", __func__);
3044                 return;
3045         }
3046 
3047         add_addr(idev, &in6addr_loopback, 128, IFA_HOST);
3048 
3049         /* Add routes to other interface's IPv6 addresses */
3050         for_each_netdev(dev_net(dev), sp_dev) {
3051                 if (!strcmp(sp_dev->name, dev->name))
3052                         continue;
3053 
3054                 idev = __in6_dev_get(sp_dev);
3055                 if (!idev)
3056                         continue;
3057 
3058                 read_lock_bh(&idev->lock);
3059                 list_for_each_entry(sp_ifa, &idev->addr_list, if_list) {
3060 
3061                         if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE))
3062                                 continue;
3063 
3064                         if (sp_ifa->rt) {
3065                                 /* This dst has been added to garbage list when
3066                                  * lo device down, release this obsolete dst and
3067                                  * reallocate a new router for ifa.
3068                                  */
3069                                 if (!atomic_read(&sp_ifa->rt->rt6i_ref)) {
3070                                         ip6_rt_put(sp_ifa->rt);
3071                                         sp_ifa->rt = NULL;
3072                                 } else {
3073                                         continue;
3074                                 }
3075                         }
3076 
3077                         sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, false);
3078 
3079                         /* Failure cases are ignored */
3080                         if (!IS_ERR(sp_rt)) {
3081                                 sp_ifa->rt = sp_rt;
3082                                 ip6_ins_rt(sp_rt);
3083                         }
3084                 }
3085                 read_unlock_bh(&idev->lock);
3086         }
3087 }
3088 
3089 void addrconf_add_linklocal(struct inet6_dev *idev,
3090                             const struct in6_addr *addr, u32 flags)
3091 {
3092         struct inet6_ifaddr *ifp;
3093         u32 addr_flags = flags | IFA_F_PERMANENT;
3094 
3095 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
3096         if (idev->cnf.optimistic_dad &&
3097             !dev_net(idev->dev)->ipv6.devconf_all->forwarding)
3098                 addr_flags |= IFA_F_OPTIMISTIC;
3099 #endif
3100 
3101         ifp = ipv6_add_addr(idev, addr, NULL, 64, IFA_LINK, addr_flags,
3102                             INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
3103         if (!IS_ERR(ifp)) {
3104                 addrconf_prefix_route(&ifp->addr, ifp->prefix_len, idev->dev, 0, 0);
3105                 addrconf_dad_start(ifp);
3106                 in6_ifa_put(ifp);
3107         }
3108 }
3109 EXPORT_SYMBOL_GPL(addrconf_add_linklocal);
3110 
3111 static bool ipv6_reserved_interfaceid(struct in6_addr address)
3112 {
3113         if ((address.s6_addr32[2] | address.s6_addr32[3]) == 0)
3114                 return true;
3115 
3116         if (address.s6_addr32[2] == htonl(0x02005eff) &&
3117             ((address.s6_addr32[3] & htonl(0xfe000000)) == htonl(0xfe000000)))
3118                 return true;
3119 
3120         if (address.s6_addr32[2] == htonl(0xfdffffff) &&
3121             ((address.s6_addr32[3] & htonl(0xffffff80)) == htonl(0xffffff80)))
3122                 return true;
3123 
3124         return false;
3125 }
3126 
3127 static int ipv6_generate_stable_address(struct in6_addr *address,
3128                                         u8 dad_count,
3129                                         const struct inet6_dev *idev)
3130 {
3131         static DEFINE_SPINLOCK(lock);
3132         static __u32 digest[SHA_DIGEST_WORDS];
3133         static __u32 workspace[SHA_WORKSPACE_WORDS];
3134 
3135         static union {
3136                 char __data[SHA_MESSAGE_BYTES];
3137                 struct {
3138                         struct in6_addr secret;
3139                         __be32 prefix[2];
3140                         unsigned char hwaddr[MAX_ADDR_LEN];
3141                         u8 dad_count;
3142                 } __packed;
3143         } data;
3144 
3145         struct in6_addr secret;
3146         struct in6_addr temp;
3147         struct net *net = dev_net(idev->dev);
3148 
3149         BUILD_BUG_ON(sizeof(data.__data) != sizeof(data));
3150 
3151         if (idev->cnf.stable_secret.initialized)
3152                 secret = idev->cnf.stable_secret.secret;
3153         else if (net->ipv6.devconf_dflt->stable_secret.initialized)
3154                 secret = net->ipv6.devconf_dflt->stable_secret.secret;
3155         else
3156                 return -1;
3157 
3158 retry:
3159         spin_lock_bh(&lock);
3160 
3161         sha_init(digest);
3162         memset(&data, 0, sizeof(data));
3163         memset(workspace, 0, sizeof(workspace));
3164         memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len);
3165         data.prefix[0] = address->s6_addr32[0];
3166         data.prefix[1] = address->s6_addr32[1];
3167         data.secret = secret;
3168         data.dad_count = dad_count;
3169 
3170         sha_transform(digest, data.__data, workspace);
3171 
3172         temp = *address;
3173         temp.s6_addr32[2] = (__force __be32)digest[0];
3174         temp.s6_addr32[3] = (__force __be32)digest[1];
3175 
3176         spin_unlock_bh(&lock);
3177 
3178         if (ipv6_reserved_interfaceid(temp)) {
3179                 dad_count++;
3180                 if (dad_count > dev_net(idev->dev)->ipv6.sysctl.idgen_retries)
3181                         return -1;
3182                 goto retry;
3183         }
3184 
3185         *address = temp;
3186         return 0;
3187 }
3188 
3189 static void ipv6_gen_mode_random_init(struct inet6_dev *idev)
3190 {
3191         struct ipv6_stable_secret *s = &idev->cnf.stable_secret;
3192 
3193         if (s->initialized)
3194                 return;
3195         s = &idev->cnf.stable_secret;
3196         get_random_bytes(&s->secret, sizeof(s->secret));
3197         s->initialized = true;
3198 }
3199 
3200 static void addrconf_addr_gen(struct inet6_dev *idev, bool prefix_route)
3201 {
3202         struct in6_addr addr;
3203 
3204         /* no link local addresses on L3 master devices */
3205         if (netif_is_l3_master(idev->dev))
3206                 return;
3207 
3208         ipv6_addr_set(&addr, htonl(0xFE800000), 0, 0, 0);
3209 
3210         switch (idev->cnf.addr_gen_mode) {
3211         case IN6_ADDR_GEN_MODE_RANDOM:
3212                 ipv6_gen_mode_random_init(idev);
3213                 /* fallthrough */
3214         case IN6_ADDR_GEN_MODE_STABLE_PRIVACY:
3215                 if (!ipv6_generate_stable_address(&addr, 0, idev))
3216                         addrconf_add_linklocal(idev, &addr,
3217                                                IFA_F_STABLE_PRIVACY);
3218                 else if (prefix_route)
3219                         addrconf_prefix_route(&addr, 64, idev->dev, 0, 0);
3220                 break;
3221         case IN6_ADDR_GEN_MODE_EUI64:
3222                 /* addrconf_add_linklocal also adds a prefix_route and we
3223                  * only need to care about prefix routes if ipv6_generate_eui64
3224                  * couldn't generate one.
3225                  */
3226                 if (ipv6_generate_eui64(addr.s6_addr + 8, idev->dev) == 0)
3227                         addrconf_add_linklocal(idev, &addr, 0);
3228                 else if (prefix_route)
3229                         addrconf_prefix_route(&addr, 64, idev->dev, 0, 0);
3230                 break;
3231         case IN6_ADDR_GEN_MODE_NONE:
3232         default:
3233                 /* will not add any link local address */
3234                 break;
3235         }
3236 }
3237 
3238 static void addrconf_dev_config(struct net_device *dev)
3239 {
3240         struct inet6_dev *idev;
3241 
3242         ASSERT_RTNL();
3243 
3244         if ((dev->type != ARPHRD_ETHER) &&
3245             (dev->type != ARPHRD_FDDI) &&
3246             (dev->type != ARPHRD_ARCNET) &&
3247             (dev->type != ARPHRD_INFINIBAND) &&
3248             (dev->type != ARPHRD_IEEE1394) &&
3249             (dev->type != ARPHRD_TUNNEL6) &&
3250             (dev->type != ARPHRD_6LOWPAN) &&
3251             (dev->type != ARPHRD_IP6GRE) &&
3252             (dev->type != ARPHRD_IPGRE) &&
3253             (dev->type != ARPHRD_TUNNEL) &&
3254             (dev->type != ARPHRD_NONE)) {
3255                 /* Alas, we support only Ethernet autoconfiguration. */
3256                 return;
3257         }
3258 
3259         idev = addrconf_add_dev(dev);
3260         if (IS_ERR(idev))
3261                 return;
3262 
3263         /* this device type has no EUI support */
3264         if (dev->type == ARPHRD_NONE &&
3265             idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_EUI64)
3266                 idev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_RANDOM;
3267 
3268         addrconf_addr_gen(idev, false);
3269 }
3270 
3271 #if IS_ENABLED(CONFIG_IPV6_SIT)
3272 static void addrconf_sit_config(struct net_device *dev)
3273 {
3274         struct inet6_dev *idev;
3275 
3276         ASSERT_RTNL();
3277 
3278         /*
3279          * Configure the tunnel with one of our IPv4
3280          * addresses... we should configure all of
3281          * our v4 addrs in the tunnel
3282          */
3283 
3284         idev = ipv6_find_idev(dev);
3285         if (!idev) {
3286                 pr_debug("%s: add_dev failed\n", __func__);
3287                 return;
3288         }
3289 
3290         if (dev->priv_flags & IFF_ISATAP) {
3291                 addrconf_addr_gen(idev, false);
3292                 return;
3293         }
3294 
3295         sit_add_v4_addrs(idev);
3296 
3297         if (dev->flags&IFF_POINTOPOINT)
3298                 addrconf_add_mroute(dev);
3299 }
3300 #endif
3301 
3302 #if IS_ENABLED(CONFIG_NET_IPGRE)
3303 static void addrconf_gre_config(struct net_device *dev)
3304 {
3305         struct inet6_dev *idev;
3306 
3307         ASSERT_RTNL();
3308 
3309         idev = ipv6_find_idev(dev);
3310         if (!idev) {
3311                 pr_debug("%s: add_dev failed\n", __func__);
3312                 return;
3313         }
3314 
3315         addrconf_addr_gen(idev, true);
3316         if (dev->flags & IFF_POINTOPOINT)
3317                 addrconf_add_mroute(dev);
3318 }
3319 #endif
3320 
3321 static int fixup_permanent_addr(struct inet6_dev *idev,
3322                                 struct inet6_ifaddr *ifp)
3323 {
3324         /* rt6i_ref == 0 means the host route was removed from the
3325          * FIB, for example, if 'lo' device is taken down. In that
3326          * case regenerate the host route.
3327          */
3328         if (!ifp->rt || !atomic_read(&ifp->rt->rt6i_ref)) {
3329                 struct rt6_info *rt, *prev;
3330 
3331                 rt = addrconf_dst_alloc(idev, &ifp->addr, false);
3332                 if (unlikely(IS_ERR(rt)))
3333                         return PTR_ERR(rt);
3334 
3335                 /* ifp->rt can be accessed outside of rtnl */
3336                 spin_lock(&ifp->lock);
3337                 prev = ifp->rt;
3338                 ifp->rt = rt;
3339                 spin_unlock(&ifp->lock);
3340 
3341                 ip6_rt_put(prev);
3342         }
3343 
3344         if (!(ifp->flags & IFA_F_NOPREFIXROUTE)) {
3345                 addrconf_prefix_route(&ifp->addr, ifp->prefix_len,
3346                                       idev->dev, 0, 0);
3347         }
3348 
3349         if (ifp->state == INET6_IFADDR_STATE_PREDAD)
3350                 addrconf_dad_start(ifp);
3351 
3352         return 0;
3353 }
3354 
3355 static void addrconf_permanent_addr(struct net_device *dev)
3356 {
3357         struct inet6_ifaddr *ifp, *tmp;
3358         struct inet6_dev *idev;
3359 
3360         idev = __in6_dev_get(dev);
3361         if (!idev)
3362                 return;
3363 
3364         write_lock_bh(&idev->lock);
3365 
3366         list_for_each_entry_safe(ifp, tmp, &idev->addr_list, if_list) {
3367                 if ((ifp->flags & IFA_F_PERMANENT) &&
3368                     fixup_permanent_addr(idev, ifp) < 0) {
3369                         write_unlock_bh(&idev->lock);
3370                         in6_ifa_hold(ifp);
3371                         ipv6_del_addr(ifp);
3372                         write_lock_bh(&idev->lock);
3373 
3374                         net_info_ratelimited("%s: Failed to add prefix route for address %pI6c; dropping\n",
3375                                              idev->dev->name, &ifp->addr);
3376                 }
3377         }
3378 
3379         write_unlock_bh(&idev->lock);
3380 }
3381 
3382 static int addrconf_notify(struct notifier_block *this, unsigned long event,
3383                            void *ptr)
3384 {
3385         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3386         struct netdev_notifier_changeupper_info *info;
3387         struct inet6_dev *idev = __in6_dev_get(dev);
3388         struct net *net = dev_net(dev);
3389         int run_pending = 0;
3390         int err;
3391 
3392         switch (event) {
3393         case NETDEV_REGISTER:
3394                 if (!idev && dev->mtu >= IPV6_MIN_MTU) {
3395                         idev = ipv6_add_dev(dev);
3396                         if (IS_ERR(idev))
3397                                 return notifier_from_errno(PTR_ERR(idev));
3398                 }
3399                 break;
3400 
3401         case NETDEV_CHANGEMTU:
3402                 /* if MTU under IPV6_MIN_MTU stop IPv6 on this interface. */
3403                 if (dev->mtu < IPV6_MIN_MTU) {
3404                         addrconf_ifdown(dev, dev != net->loopback_dev);
3405                         break;
3406                 }
3407 
3408                 if (idev) {
3409                         rt6_mtu_change(dev, dev->mtu);
3410                         idev->cnf.mtu6 = dev->mtu;
3411                         break;
3412                 }
3413 
3414                 /* allocate new idev */
3415                 idev = ipv6_add_dev(dev);
3416                 if (IS_ERR(idev))
3417                         break;
3418 
3419                 /* device is still not ready */
3420                 if (!(idev->if_flags & IF_READY))
3421                         break;
3422 
3423                 run_pending = 1;
3424 
3425                 /* fall through */
3426 
3427         case NETDEV_UP:
3428         case NETDEV_CHANGE:
3429                 if (dev->flags & IFF_SLAVE)
3430                         break;
3431 
3432                 if (idev && idev->cnf.disable_ipv6)
3433                         break;
3434 
3435                 if (event == NETDEV_UP) {
3436                         /* restore routes for permanent addresses */
3437                         addrconf_permanent_addr(dev);
3438 
3439                         if (!addrconf_qdisc_ok(dev)) {
3440                                 /* device is not ready yet. */
3441                                 pr_info("ADDRCONF(NETDEV_UP): %s: link is not ready\n",
3442                                         dev->name);
3443                                 break;
3444                         }
3445 
3446                         if (!idev && dev->mtu >= IPV6_MIN_MTU)
3447                                 idev = ipv6_add_dev(dev);
3448 
3449                         if (!IS_ERR_OR_NULL(idev)) {
3450                                 idev->if_flags |= IF_READY;
3451                                 run_pending = 1;
3452                         }
3453                 } else if (event == NETDEV_CHANGE) {
3454                         if (!addrconf_qdisc_ok(dev)) {
3455                                 /* device is still not ready. */
3456                                 break;
3457                         }
3458 
3459                         if (idev) {
3460                                 if (idev->if_flags & IF_READY) {
3461                                         /* device is already configured -
3462                                          * but resend MLD reports, we might
3463                                          * have roamed and need to update
3464                                          * multicast snooping switches
3465                                          */
3466                                         ipv6_mc_up(idev);
3467                                         break;
3468                                 }
3469                                 idev->if_flags |= IF_READY;
3470                         }
3471 
3472                         pr_info("ADDRCONF(NETDEV_CHANGE): %s: link becomes ready\n",
3473                                 dev->name);
3474 
3475                         run_pending = 1;
3476                 }
3477 
3478                 switch (dev->type) {
3479 #if IS_ENABLED(CONFIG_IPV6_SIT)
3480                 case ARPHRD_SIT:
3481                         addrconf_sit_config(dev);
3482                         break;
3483 #endif
3484 #if IS_ENABLED(CONFIG_NET_IPGRE)
3485                 case ARPHRD_IPGRE:
3486                         addrconf_gre_config(dev);
3487                         break;
3488 #endif
3489                 case ARPHRD_LOOPBACK:
3490                         init_loopback(dev);
3491                         break;
3492 
3493                 default:
3494                         addrconf_dev_config(dev);
3495                         break;
3496                 }
3497 
3498                 if (!IS_ERR_OR_NULL(idev)) {
3499                         if (run_pending)
3500                                 addrconf_dad_run(idev);
3501 
3502                         /*
3503                          * If the MTU changed during the interface down,
3504                          * when the interface up, the changed MTU must be
3505                          * reflected in the idev as well as routers.
3506                          */
3507                         if (idev->cnf.mtu6 != dev->mtu &&
3508                             dev->mtu >= IPV6_MIN_MTU) {
3509                                 rt6_mtu_change(dev, dev->mtu);
3510                                 idev->cnf.mtu6 = dev->mtu;
3511                         }
3512                         idev->tstamp = jiffies;
3513                         inet6_ifinfo_notify(RTM_NEWLINK, idev);
3514 
3515                         /*
3516                          * If the changed mtu during down is lower than
3517                          * IPV6_MIN_MTU stop IPv6 on this interface.
3518                          */
3519                         if (dev->mtu < IPV6_MIN_MTU)
3520                                 addrconf_ifdown(dev, dev != net->loopback_dev);
3521                 }
3522                 break;
3523 
3524         case NETDEV_DOWN:
3525         case NETDEV_UNREGISTER:
3526                 /*
3527                  *      Remove all addresses from this interface.
3528                  */
3529                 addrconf_ifdown(dev, event != NETDEV_DOWN);
3530                 break;
3531 
3532         case NETDEV_CHANGENAME:
3533                 if (idev) {
3534                         snmp6_unregister_dev(idev);
3535                         addrconf_sysctl_unregister(idev);
3536                         err = addrconf_sysctl_register(idev);
3537                         if (err)
3538                                 return notifier_from_errno(err);
3539                         err = snmp6_register_dev(idev);
3540                         if (err) {
3541                                 addrconf_sysctl_unregister(idev);
3542                                 return notifier_from_errno(err);
3543                         }
3544                 }
3545                 break;
3546 
3547         case NETDEV_PRE_TYPE_CHANGE:
3548         case NETDEV_POST_TYPE_CHANGE:
3549                 if (idev)
3550                         addrconf_type_change(dev, event);
3551                 break;
3552 
3553         case NETDEV_CHANGEUPPER:
3554                 info = ptr;
3555 
3556                 /* flush all routes if dev is linked to or unlinked from
3557                  * an L3 master device (e.g., VRF)
3558                  */
3559                 if (info->upper_dev && netif_is_l3_master(info->upper_dev))
3560                         addrconf_ifdown(dev, 0);
3561         }
3562 
3563         return NOTIFY_OK;
3564 }
3565 
3566 /*
3567  *      addrconf module should be notified of a device going up
3568  */
3569 static struct notifier_block ipv6_dev_notf = {
3570         .notifier_call = addrconf_notify,
3571         .priority = ADDRCONF_NOTIFY_PRIORITY,
3572 };
3573 
3574 static void addrconf_type_change(struct net_device *dev, unsigned long event)
3575 {
3576         struct inet6_dev *idev;
3577         ASSERT_RTNL();
3578 
3579         idev = __in6_dev_get(dev);
3580 
3581         if (event == NETDEV_POST_TYPE_CHANGE)
3582                 ipv6_mc_remap(idev);
3583         else if (event == NETDEV_PRE_TYPE_CHANGE)
3584                 ipv6_mc_unmap(idev);
3585 }
3586 
3587 static bool addr_is_local(const struct in6_addr *addr)
3588 {
3589         return ipv6_addr_type(addr) &
3590                 (IPV6_ADDR_LINKLOCAL | IPV6_ADDR_LOOPBACK);
3591 }
3592 
3593 static int addrconf_ifdown(struct net_device *dev, int how)
3594 {
3595         struct net *net = dev_net(dev);
3596         struct inet6_dev *idev;
3597         struct inet6_ifaddr *ifa, *tmp;
3598         struct list_head del_list;
3599         int _keep_addr;
3600         bool keep_addr;
3601         int state, i;
3602 
3603         ASSERT_RTNL();
3604 
3605         rt6_ifdown(net, dev);
3606         neigh_ifdown(&nd_tbl, dev);
3607 
3608         idev = __in6_dev_get(dev);
3609         if (!idev)
3610                 return -ENODEV;
3611 
3612         /*
3613          * Step 1: remove reference to ipv6 device from parent device.
3614          *         Do not dev_put!
3615          */
3616         if (how) {
3617                 idev->dead = 1;
3618 
3619                 /* protected by rtnl_lock */
3620                 RCU_INIT_POINTER(dev->ip6_ptr, NULL);
3621 
3622                 /* Step 1.5: remove snmp6 entry */
3623                 snmp6_unregister_dev(idev);
3624 
3625         }
3626 
3627         /* aggregate the system setting and interface setting */
3628         _keep_addr = net->ipv6.devconf_all->keep_addr_on_down;
3629         if (!_keep_addr)
3630                 _keep_addr = idev->cnf.keep_addr_on_down;
3631 
3632         /* combine the user config with event to determine if permanent
3633          * addresses are to be removed from address hash table
3634          */
3635         keep_addr = !(how || _keep_addr <= 0 || idev->cnf.disable_ipv6);
3636 
3637         /* Step 2: clear hash table */
3638         for (i = 0; i < IN6_ADDR_HSIZE; i++) {
3639                 struct hlist_head *h = &inet6_addr_lst[i];
3640 
3641                 spin_lock_bh(&addrconf_hash_lock);
3642 restart:
3643                 hlist_for_each_entry_rcu(ifa, h, addr_lst) {
3644                         if (ifa->idev == idev) {
3645                                 addrconf_del_dad_work(ifa);
3646                                 /* combined flag + permanent flag decide if
3647                                  * address is retained on a down event
3648                                  */
3649                                 if (!keep_addr ||
3650                                     !(ifa->flags & IFA_F_PERMANENT) ||
3651                                     addr_is_local(&ifa->addr)) {
3652                                         hlist_del_init_rcu(&ifa->addr_lst);
3653                                         goto restart;
3654                                 }
3655                         }
3656                 }
3657                 spin_unlock_bh(&addrconf_hash_lock);
3658         }
3659 
3660         write_lock_bh(&idev->lock);
3661 
3662         addrconf_del_rs_timer(idev);
3663 
3664         /* Step 2: clear flags for stateless addrconf */
3665         if (!how)
3666                 idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY);
3667 
3668         /* Step 3: clear tempaddr list */
3669         while (!list_empty(&idev->tempaddr_list)) {
3670                 ifa = list_first_entry(&idev->tempaddr_list,
3671                                        struct inet6_ifaddr, tmp_list);
3672                 list_del(&ifa->tmp_list);
3673                 write_unlock_bh(&idev->lock);
3674                 spin_lock_bh(&ifa->lock);
3675 
3676                 if (ifa->ifpub) {
3677                         in6_ifa_put(ifa->ifpub);
3678                         ifa->ifpub = NULL;
3679                 }
3680                 spin_unlock_bh(&ifa->lock);
3681                 in6_ifa_put(ifa);
3682                 write_lock_bh(&idev->lock);
3683         }
3684 
3685         /* re-combine the user config with event to determine if permanent
3686          * addresses are to be removed from the interface list
3687          */
3688         keep_addr = (!how && _keep_addr > 0 && !idev->cnf.disable_ipv6);
3689 
3690         INIT_LIST_HEAD(&del_list);
3691         list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
3692                 struct rt6_info *rt = NULL;
3693                 bool keep;
3694 
3695                 addrconf_del_dad_work(ifa);
3696 
3697                 keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) &&
3698                         !addr_is_local(&ifa->addr);
3699                 if (!keep)
3700                         list_move(&ifa->if_list, &del_list);
3701 
3702                 write_unlock_bh(&idev->lock);
3703                 spin_lock_bh(&ifa->lock);
3704 
3705                 if (keep) {
3706                         /* set state to skip the notifier below */
3707                         state = INET6_IFADDR_STATE_DEAD;
3708                         ifa->state = INET6_IFADDR_STATE_PREDAD;
3709                         if (!(ifa->flags & IFA_F_NODAD))
3710                                 ifa->flags |= IFA_F_TENTATIVE;
3711 
3712                         rt = ifa->rt;
3713                         ifa->rt = NULL;
3714                 } else {
3715                         state = ifa->state;
3716                         ifa->state = INET6_IFADDR_STATE_DEAD;
3717                 }
3718 
3719                 spin_unlock_bh(&ifa->lock);
3720 
3721                 if (rt)
3722                         ip6_del_rt(rt);
3723 
3724                 if (state != INET6_IFADDR_STATE_DEAD) {
3725                         __ipv6_ifa_notify(RTM_DELADDR, ifa);
3726                         inet6addr_notifier_call_chain(NETDEV_DOWN, ifa);
3727                 } else {
3728                         if (idev->cnf.forwarding)
3729                                 addrconf_leave_anycast(ifa);
3730                         addrconf_leave_solict(ifa->idev, &ifa->addr);
3731                 }
3732 
3733                 write_lock_bh(&idev->lock);
3734         }
3735 
3736         write_unlock_bh(&idev->lock);
3737 
3738         /* now clean up addresses to be removed */
3739         while (!list_empty(&del_list)) {
3740                 ifa = list_first_entry(&del_list,
3741                                        struct inet6_ifaddr, if_list);
3742                 list_del(&ifa->if_list);
3743 
3744                 in6_ifa_put(ifa);
3745         }
3746 
3747         /* Step 5: Discard anycast and multicast list */
3748         if (how) {
3749                 ipv6_ac_destroy_dev(idev);
3750                 ipv6_mc_destroy_dev(idev);
3751         } else {
3752                 ipv6_mc_down(idev);
3753         }
3754 
3755         idev->tstamp = jiffies;
3756 
3757         /* Last: Shot the device (if unregistered) */
3758         if (how) {
3759                 addrconf_sysctl_unregister(idev);
3760                 neigh_parms_release(&nd_tbl, idev->nd_parms);
3761                 neigh_ifdown(&nd_tbl, dev);
3762                 in6_dev_put(idev);
3763         }
3764         return 0;
3765 }
3766 
3767 static void addrconf_rs_timer(unsigned long data)
3768 {
3769         struct inet6_dev *idev = (struct inet6_dev *)data;
3770         struct net_device *dev = idev->dev;
3771         struct in6_addr lladdr;
3772 
3773         write_lock(&idev->lock);
3774         if (idev->dead || !(idev->if_flags & IF_READY))
3775                 goto out;
3776 
3777         if (!ipv6_accept_ra(idev))
3778                 goto out;
3779 
3780         /* Announcement received after solicitation was sent */
3781         if (idev->if_flags & IF_RA_RCVD)
3782                 goto out;
3783 
3784         if (idev->rs_probes++ < idev->cnf.rtr_solicits || idev->cnf.rtr_solicits < 0) {
3785                 write_unlock(&idev->lock);
3786                 if (!ipv6_get_lladdr(dev, &lladdr, IFA_F_TENTATIVE))
3787                         ndisc_send_rs(dev, &lladdr,
3788                                       &in6addr_linklocal_allrouters);
3789                 else
3790                         goto put;
3791 
3792                 write_lock(&idev->lock);
3793                 idev->rs_interval = rfc3315_s14_backoff_update(
3794                         idev->rs_interval, idev->cnf.rtr_solicit_max_interval);
3795                 /* The wait after the last probe can be shorter */
3796                 addrconf_mod_rs_timer(idev, (idev->rs_probes ==
3797                                              idev->cnf.rtr_solicits) ?
3798                                       idev->cnf.rtr_solicit_delay :
3799                                       idev->rs_interval);
3800         } else {
3801                 /*
3802                  * Note: we do not support deprecated "all on-link"
3803                  * assumption any longer.
3804                  */
3805                 pr_debug("%s: no IPv6 routers present\n", idev->dev->name);
3806         }
3807 
3808 out:
3809         write_unlock(&idev->lock);
3810 put:
3811         in6_dev_put(idev);
3812 }
3813 
3814 /*
3815  *      Duplicate Address Detection
3816  */
3817 static void addrconf_dad_kick(struct inet6_ifaddr *ifp)
3818 {
3819         unsigned long rand_num;
3820         struct inet6_dev *idev = ifp->idev;
3821         u64 nonce;
3822 
3823         if (ifp->flags & IFA_F_OPTIMISTIC)
3824                 rand_num = 0;
3825         else
3826                 rand_num = prandom_u32() % (idev->cnf.rtr_solicit_delay ? : 1);
3827 
3828         nonce = 0;
3829         if (idev->cnf.enhanced_dad ||
3830             dev_net(idev->dev)->ipv6.devconf_all->enhanced_dad) {
3831                 do
3832                         get_random_bytes(&nonce, 6);
3833                 while (nonce == 0);
3834         }
3835         ifp->dad_nonce = nonce;
3836         ifp->dad_probes = idev->cnf.dad_transmits;
3837         addrconf_mod_dad_work(ifp, rand_num);
3838 }
3839 
3840 static void addrconf_dad_begin(struct inet6_ifaddr *ifp)
3841 {
3842         struct inet6_dev *idev = ifp->idev;
3843         struct net_device *dev = idev->dev;
3844         bool bump_id, notify = false;
3845 
3846         addrconf_join_solict(dev, &ifp->addr);
3847 
3848         prandom_seed((__force u32) ifp->addr.s6_addr32[3]);
3849 
3850         read_lock_bh(&idev->lock);
3851         spin_lock(&ifp->lock);
3852         if (ifp->state == INET6_IFADDR_STATE_DEAD)
3853                 goto out;
3854 
3855         if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
3856             idev->cnf.accept_dad < 1 ||
3857             !(ifp->flags&IFA_F_TENTATIVE) ||
3858             ifp->flags & IFA_F_NODAD) {
3859                 bump_id = ifp->flags & IFA_F_TENTATIVE;
3860                 ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED);
3861                 spin_unlock(&ifp->lock);
3862                 read_unlock_bh(&idev->lock);
3863 
3864                 addrconf_dad_completed(ifp, bump_id);
3865                 return;
3866         }
3867 
3868         if (!(idev->if_flags & IF_READY)) {
3869                 spin_unlock(&ifp->lock);
3870                 read_unlock_bh(&idev->lock);
3871                 /*
3872                  * If the device is not ready:
3873                  * - keep it tentative if it is a permanent address.
3874                  * - otherwise, kill it.
3875                  */
3876                 in6_ifa_hold(ifp);
3877                 addrconf_dad_stop(ifp, 0);
3878                 return;
3879         }
3880 
3881         /*
3882          * Optimistic nodes can start receiving
3883          * Frames right away
3884          */
3885         if (ifp->flags & IFA_F_OPTIMISTIC) {
3886                 ip6_ins_rt(ifp->rt);
3887                 if (ipv6_use_optimistic_addr(idev)) {
3888                         /* Because optimistic nodes can use this address,
3889                          * notify listeners. If DAD fails, RTM_DELADDR is sent.
3890                          */
3891                         notify = true;
3892                 }
3893         }
3894 
3895         addrconf_dad_kick(ifp);
3896 out:
3897         spin_unlock(&ifp->lock);
3898         read_unlock_bh(&idev->lock);
3899         if (notify)
3900                 ipv6_ifa_notify(RTM_NEWADDR, ifp);
3901 }
3902 
3903 static void addrconf_dad_start(struct inet6_ifaddr *ifp)
3904 {
3905         bool begin_dad = false;
3906 
3907         spin_lock_bh(&ifp->lock);
3908         if (ifp->state != INET6_IFADDR_STATE_DEAD) {
3909                 ifp->state = INET6_IFADDR_STATE_PREDAD;
3910                 begin_dad = true;
3911         }
3912         spin_unlock_bh(&ifp->lock);
3913 
3914         if (begin_dad)
3915                 addrconf_mod_dad_work(ifp, 0);
3916 }
3917 
3918 static void addrconf_dad_work(struct work_struct *w)
3919 {
3920         struct inet6_ifaddr *ifp = container_of(to_delayed_work(w),
3921                                                 struct inet6_ifaddr,
3922                                                 dad_work);
3923         struct inet6_dev *idev = ifp->idev;
3924         bool bump_id, disable_ipv6 = false;
3925         struct in6_addr mcaddr;
3926 
3927         enum {
3928                 DAD_PROCESS,
3929                 DAD_BEGIN,
3930                 DAD_ABORT,
3931         } action = DAD_PROCESS;
3932 
3933         rtnl_lock();
3934 
3935         spin_lock_bh(&ifp->lock);
3936         if (ifp->state == INET6_IFADDR_STATE_PREDAD) {
3937                 action = DAD_BEGIN;
3938                 ifp->state = INET6_IFADDR_STATE_DAD;
3939         } else if (ifp->state == INET6_IFADDR_STATE_ERRDAD) {
3940                 action = DAD_ABORT;
3941                 ifp->state = INET6_IFADDR_STATE_POSTDAD;
3942 
3943                 if (idev->cnf.accept_dad > 1 && !idev->cnf.disable_ipv6 &&
3944                     !(ifp->flags & IFA_F_STABLE_PRIVACY)) {
3945                         struct in6_addr addr;
3946 
3947                         addr.s6_addr32[0] = htonl(0xfe800000);
3948                         addr.s6_addr32[1] = 0;
3949 
3950                         if (!ipv6_generate_eui64(addr.s6_addr + 8, idev->dev) &&
3951                             ipv6_addr_equal(&ifp->addr, &addr)) {
3952                                 /* DAD failed for link-local based on MAC */
3953                                 idev->cnf.disable_ipv6 = 1;
3954 
3955                                 pr_info("%s: IPv6 being disabled!\n",
3956                                         ifp->idev->dev->name);
3957                                 disable_ipv6 = true;
3958                         }
3959                 }
3960         }
3961         spin_unlock_bh(&ifp->lock);
3962 
3963         if (action == DAD_BEGIN) {
3964                 addrconf_dad_begin(ifp);
3965                 goto out;
3966         } else if (action == DAD_ABORT) {
3967                 in6_ifa_hold(ifp);
3968                 addrconf_dad_stop(ifp, 1);
3969                 if (disable_ipv6)
3970                         addrconf_ifdown(idev->dev, 0);
3971                 goto out;
3972         }
3973 
3974         if (!ifp->dad_probes && addrconf_dad_end(ifp))
3975                 goto out;
3976 
3977         write_lock_bh(&idev->lock);
3978         if (idev->dead || !(idev->if_flags & IF_READY)) {
3979                 write_unlock_bh(&idev->lock);
3980                 goto out;
3981         }
3982 
3983         spin_lock(&ifp->lock);
3984         if (ifp->state == INET6_IFADDR_STATE_DEAD) {
3985                 spin_unlock(&ifp->lock);
3986                 write_unlock_bh(&idev->lock);
3987                 goto out;
3988         }
3989 
3990         if (ifp->dad_probes == 0) {
3991                 /*
3992                  * DAD was successful
3993                  */
3994 
3995                 bump_id = ifp->flags & IFA_F_TENTATIVE;
3996                 ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED);
3997                 spin_unlock(&ifp->lock);
3998                 write_unlock_bh(&idev->lock);
3999 
4000                 addrconf_dad_completed(ifp, bump_id);
4001 
4002                 goto out;
4003         }
4004 
4005         ifp->dad_probes--;
4006         addrconf_mod_dad_work(ifp,
4007                               NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME));
4008         spin_unlock(&ifp->lock);
4009         write_unlock_bh(&idev->lock);
4010 
4011         /* send a neighbour solicitation for our addr */
4012         addrconf_addr_solict_mult(&ifp->addr, &mcaddr);
4013         ndisc_send_ns(ifp->idev->dev, &ifp->addr, &mcaddr, &in6addr_any,
4014                       ifp->dad_nonce);
4015 out:
4016         in6_ifa_put(ifp);
4017         rtnl_unlock();
4018 }
4019 
4020 /* ifp->idev must be at least read locked */
4021 static bool ipv6_lonely_lladdr(struct inet6_ifaddr *ifp)
4022 {
4023         struct inet6_ifaddr *ifpiter;
4024         struct inet6_dev *idev = ifp->idev;
4025 
4026         list_for_each_entry_reverse(ifpiter, &idev->addr_list, if_list) {
4027                 if (ifpiter->scope > IFA_LINK)
4028                         break;
4029                 if (ifp != ifpiter && ifpiter->scope == IFA_LINK &&
4030                     (ifpiter->flags & (IFA_F_PERMANENT|IFA_F_TENTATIVE|
4031                                        IFA_F_OPTIMISTIC|IFA_F_DADFAILED)) ==
4032                     IFA_F_PERMANENT)
4033                         return false;
4034         }
4035         return true;
4036 }
4037 
4038 static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id)
4039 {
4040         struct net_device *dev = ifp->idev->dev;
4041         struct in6_addr lladdr;
4042         bool send_rs, send_mld;
4043 
4044         addrconf_del_dad_work(ifp);
4045 
4046         /*
4047          *      Configure the address for reception. Now it is valid.
4048          */
4049 
4050         ipv6_ifa_notify(RTM_NEWADDR, ifp);
4051 
4052         /* If added prefix is link local and we are prepared to process
4053            router advertisements, start sending router solicitations.
4054          */
4055 
4056         read_lock_bh(&ifp->idev->lock);
4057         send_mld = ifp->scope == IFA_LINK && ipv6_lonely_lladdr(ifp);
4058         send_rs = send_mld &&
4059                   ipv6_accept_ra(ifp->idev) &&
4060                   ifp->idev->cnf.rtr_solicits != 0 &&
4061                   (dev->flags&IFF_LOOPBACK) == 0;
4062         read_unlock_bh(&ifp->idev->lock);
4063 
4064         /* While dad is in progress mld report's source address is in6_addrany.
4065          * Resend with proper ll now.
4066          */
4067         if (send_mld)
4068                 ipv6_mc_dad_complete(ifp->idev);
4069 
4070         if (send_rs) {
4071                 /*
4072                  *      If a host as already performed a random delay
4073                  *      [...] as part of DAD [...] there is no need
4074                  *      to delay again before sending the first RS
4075                  */
4076                 if (ipv6_get_lladdr(dev, &lladdr, IFA_F_TENTATIVE))
4077                         return;
4078                 ndisc_send_rs(dev, &lladdr, &in6addr_linklocal_allrouters);
4079 
4080                 write_lock_bh(&ifp->idev->lock);
4081                 spin_lock(&ifp->lock);
4082                 ifp->idev->rs_interval = rfc3315_s14_backoff_init(
4083                         ifp->idev->cnf.rtr_solicit_interval);
4084                 ifp->idev->rs_probes = 1;
4085                 ifp->idev->if_flags |= IF_RS_SENT;
4086                 addrconf_mod_rs_timer(ifp->idev, ifp->idev->rs_interval);
4087                 spin_unlock(&ifp->lock);
4088                 write_unlock_bh(&ifp->idev->lock);
4089         }
4090 
4091         if (bump_id)
4092                 rt_genid_bump_ipv6(dev_net(dev));
4093 
4094         /* Make sure that a new temporary address will be created
4095          * before this temporary address becomes deprecated.
4096          */
4097         if (ifp->flags & IFA_F_TEMPORARY)
4098                 addrconf_verify_rtnl();
4099 }
4100 
4101 static void addrconf_dad_run(struct inet6_dev *idev)
4102 {
4103         struct inet6_ifaddr *ifp;
4104 
4105         read_lock_bh(&idev->lock);
4106         list_for_each_entry(ifp, &idev->addr_list, if_list) {
4107                 spin_lock(&ifp->lock);
4108                 if (ifp->flags & IFA_F_TENTATIVE &&
4109                     ifp->state == INET6_IFADDR_STATE_DAD)
4110                         addrconf_dad_kick(ifp);
4111                 spin_unlock(&ifp->lock);
4112         }
4113         read_unlock_bh(&idev->lock);
4114 }
4115 
4116 #ifdef CONFIG_PROC_FS
4117 struct if6_iter_state {
4118         struct seq_net_private p;
4119         int bucket;
4120         int offset;
4121 };
4122 
4123 static struct inet6_ifaddr *if6_get_first(struct seq_file *seq, loff_t pos)
4124 {
4125         struct inet6_ifaddr *ifa = NULL;
4126         struct if6_iter_state *state = seq->private;
4127         struct net *net = seq_file_net(seq);
4128         int p = 0;
4129 
4130         /* initial bucket if pos is 0 */
4131         if (pos == 0) {
4132                 state->bucket = 0;
4133                 state->offset = 0;
4134         }
4135 
4136         for (; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) {
4137                 hlist_for_each_entry_rcu_bh(ifa, &inet6_addr_lst[state->bucket],
4138                                          addr_lst) {
4139                         if (!net_eq(dev_net(ifa->idev->dev), net))
4140                                 continue;
4141                         /* sync with offset */
4142                         if (p < state->offset) {
4143                                 p++;
4144                                 continue;
4145                         }
4146                         state->offset++;
4147                         return ifa;
4148                 }
4149 
4150                 /* prepare for next bucket */
4151                 state->offset = 0;
4152                 p = 0;
4153         }
4154         return NULL;
4155 }
4156 
4157 static struct inet6_ifaddr *if6_get_next(struct seq_file *seq,
4158                                          struct inet6_ifaddr *ifa)
4159 {
4160         struct if6_iter_state *state = seq->private;
4161         struct net *net = seq_file_net(seq);
4162 
4163         hlist_for_each_entry_continue_rcu_bh(ifa, addr_lst) {
4164                 if (!net_eq(dev_net(ifa->idev->dev), net))
4165                         continue;
4166                 state->offset++;
4167                 return ifa;
4168         }
4169 
4170         while (++state->bucket < IN6_ADDR_HSIZE) {
4171                 state->offset = 0;
4172                 hlist_for_each_entry_rcu_bh(ifa,
4173                                      &inet6_addr_lst[state->bucket], addr_lst) {
4174                         if (!net_eq(dev_net(ifa->idev->dev), net))
4175                                 continue;
4176                         state->offset++;
4177                         return ifa;
4178                 }
4179         }
4180 
4181         return NULL;
4182 }
4183 
4184 static void *if6_seq_start(struct seq_file *seq, loff_t *pos)
4185         __acquires(rcu_bh)
4186 {
4187         rcu_read_lock_bh();
4188         return if6_get_first(seq, *pos);
4189 }
4190 
4191 static void *if6_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4192 {
4193         struct inet6_ifaddr *ifa;
4194 
4195         ifa = if6_get_next(seq, v);
4196         ++*pos;
4197         return ifa;
4198 }
4199 
4200 static void if6_seq_stop(struct seq_file *seq, void *v)
4201         __releases(rcu_bh)
4202 {
4203         rcu_read_unlock_bh();
4204 }
4205 
4206 static int if6_seq_show(struct seq_file *seq, void *v)
4207 {
4208         struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
4209         seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
4210                    &ifp->addr,
4211                    ifp->idev->dev->ifindex,
4212                    ifp->prefix_len,
4213                    ifp->scope,
4214                    (u8) ifp->flags,
4215                    ifp->idev->dev->name);
4216         return 0;
4217 }
4218 
4219 static const struct seq_operations if6_seq_ops = {
4220         .start  = if6_seq_start,
4221         .next   = if6_seq_next,
4222         .show   = if6_seq_show,
4223         .stop   = if6_seq_stop,
4224 };
4225 
4226 static int if6_seq_open(struct inode *inode, struct file *file)
4227 {
4228         return seq_open_net(inode, file, &if6_seq_ops,
4229                             sizeof(struct if6_iter_state));
4230 }
4231 
4232 static const struct file_operations if6_fops = {
4233         .owner          = THIS_MODULE,
4234         .open           = if6_seq_open,
4235         .read           = seq_read,
4236         .llseek         = seq_lseek,
4237         .release        = seq_release_net,
4238 };
4239 
4240 static int __net_init if6_proc_net_init(struct net *net)
4241 {
4242         if (!proc_create("if_inet6", S_IRUGO, net->proc_net, &if6_fops))
4243                 return -ENOMEM;
4244         return 0;
4245 }
4246 
4247 static void __net_exit if6_proc_net_exit(struct net *net)
4248 {
4249         remove_proc_entry("if_inet6", net->proc_net);
4250 }
4251 
4252 static struct pernet_operations if6_proc_net_ops = {
4253         .init = if6_proc_net_init,
4254         .exit = if6_proc_net_exit,
4255 };
4256 
4257 int __init if6_proc_init(void)
4258 {
4259         return register_pernet_subsys(&if6_proc_net_ops);
4260 }
4261 
4262 void if6_proc_exit(void)
4263 {
4264         unregister_pernet_subsys(&if6_proc_net_ops);
4265 }
4266 #endif  /* CONFIG_PROC_FS */
4267 
4268 #if IS_ENABLED(CONFIG_IPV6_MIP6)
4269 /* Check if address is a home address configured on any interface. */
4270 int ipv6_chk_home_addr(struct net *net, const struct in6_addr *addr)
4271 {
4272         int ret = 0;
4273         struct inet6_ifaddr *ifp = NULL;
4274         unsigned int hash = inet6_addr_hash(addr);
4275 
4276         rcu_read_lock_bh();
4277         hlist_for_each_entry_rcu_bh(ifp, &inet6_addr_lst[hash], addr_lst) {
4278                 if (!net_eq(dev_net(ifp->idev->dev), net))
4279                         continue;
4280                 if (ipv6_addr_equal(&ifp->addr, addr) &&
4281                     (ifp->flags & IFA_F_HOMEADDRESS)) {
4282                         ret = 1;
4283                         break;
4284                 }
4285         }
4286         rcu_read_unlock_bh();
4287         return ret;
4288 }
4289 #endif
4290 
4291 /*
4292  *      Periodic address status verification
4293  */
4294 
4295 static void addrconf_verify_rtnl(void)
4296 {
4297         unsigned long now, next, next_sec, next_sched;
4298         struct inet6_ifaddr *ifp;
4299         int i;
4300 
4301         ASSERT_RTNL();
4302 
4303         rcu_read_lock_bh();
4304         now = jiffies;
4305         next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
4306 
4307         cancel_delayed_work(&addr_chk_work);
4308 
4309         for (i = 0; i < IN6_ADDR_HSIZE; i++) {
4310 restart:
4311                 hlist_for_each_entry_rcu_bh(ifp, &inet6_addr_lst[i], addr_lst) {
4312                         unsigned long age;
4313 
4314                         /* When setting preferred_lft to a value not zero or
4315                          * infinity, while valid_lft is infinity
4316                          * IFA_F_PERMANENT has a non-infinity life time.
4317                          */
4318                         if ((ifp->flags & IFA_F_PERMANENT) &&
4319                             (ifp->prefered_lft == INFINITY_LIFE_TIME))
4320                                 continue;
4321 
4322                         spin_lock(&ifp->lock);
4323                         /* We try to batch several events at once. */
4324                         age = (now - ifp->tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
4325 
4326                         if (ifp->valid_lft != INFINITY_LIFE_TIME &&
4327                             age >= ifp->valid_lft) {
4328                                 spin_unlock(&ifp->lock);
4329                                 in6_ifa_hold(ifp);
4330                                 ipv6_del_addr(ifp);
4331                                 goto restart;
4332                         } else if (ifp->prefered_lft == INFINITY_LIFE_TIME) {
4333                                 spin_unlock(&ifp->lock);
4334                                 continue;
4335                         } else if (age >= ifp->prefered_lft) {
4336                                 /* jiffies - ifp->tstamp > age >= ifp->prefered_lft */
4337                                 int deprecate = 0;
4338 
4339                                 if (!(ifp->flags&IFA_F_DEPRECATED)) {
4340                                         deprecate = 1;
4341                                         ifp->flags |= IFA_F_DEPRECATED;
4342                                 }
4343 
4344                                 if ((ifp->valid_lft != INFINITY_LIFE_TIME) &&
4345                                     (time_before(ifp->tstamp + ifp->valid_lft * HZ, next)))
4346                                         next = ifp->tstamp + ifp->valid_lft * HZ;
4347 
4348                                 spin_unlock(&ifp->lock);
4349 
4350                                 if (deprecate) {
4351                                         in6_ifa_hold(ifp);
4352 
4353                                         ipv6_ifa_notify(0, ifp);
4354                                         in6_ifa_put(ifp);
4355                                         goto restart;
4356                                 }
4357                         } else if ((ifp->flags&IFA_F_TEMPORARY) &&
4358                                    !(ifp->flags&IFA_F_TENTATIVE)) {
4359                                 unsigned long regen_advance = ifp->idev->cnf.regen_max_retry *
4360                                         ifp->idev->cnf.dad_transmits *
4361                                         NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME) / HZ;
4362 
4363                                 if (age >= ifp->prefered_lft - regen_advance) {
4364                                         struct inet6_ifaddr *ifpub = ifp->ifpub;
4365                                         if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next))
4366                                                 next = ifp->tstamp + ifp->prefered_lft * HZ;
4367                                         if (!ifp->regen_count && ifpub) {
4368                                                 ifp->regen_count++;
4369                                                 in6_ifa_hold(ifp);
4370                                                 in6_ifa_hold(ifpub);
4371                                                 spin_unlock(&ifp->lock);
4372 
4373                                                 spin_lock(&ifpub->lock);
4374                                                 ifpub->regen_count = 0;
4375                                                 spin_unlock(&ifpub->lock);
4376                                                 ipv6_create_tempaddr(ifpub, ifp);
4377                                                 in6_ifa_put(ifpub);
4378                                                 in6_ifa_put(ifp);
4379                                                 goto restart;
4380                                         }
4381                                 } else if (time_before(ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ, next))
4382                                         next = ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ;
4383                                 spin_unlock(&ifp->lock);
4384                         } else {
4385                                 /* ifp->prefered_lft <= ifp->valid_lft */
4386                                 if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next))
4387                                         next = ifp->tstamp + ifp->prefered_lft * HZ;
4388                                 spin_unlock(&ifp->lock);
4389                         }
4390                 }
4391         }
4392 
4393         next_sec = round_jiffies_up(next);
4394         next_sched = next;
4395 
4396         /* If rounded timeout is accurate enough, accept it. */
4397         if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
4398                 next_sched = next_sec;
4399 
4400         /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
4401         if (time_before(next_sched, jiffies + ADDRCONF_TIMER_FUZZ_MAX))
4402                 next_sched = jiffies + ADDRCONF_TIMER_FUZZ_MAX;
4403 
4404         ADBG(KERN_DEBUG "now = %lu, schedule = %lu, rounded schedule = %lu => %lu\n",
4405               now, next, next_sec, next_sched);
4406         mod_delayed_work(addrconf_wq, &addr_chk_work, next_sched - now);
4407         rcu_read_unlock_bh();
4408 }
4409 
4410 static void addrconf_verify_work(struct work_struct *w)
4411 {
4412         rtnl_lock();
4413         addrconf_verify_rtnl();
4414         rtnl_unlock();
4415 }
4416 
4417 static void addrconf_verify(void)
4418 {
4419         mod_delayed_work(addrconf_wq, &addr_chk_work, 0);
4420 }
4421 
4422 static struct in6_addr *extract_addr(struct nlattr *addr, struct nlattr *local,
4423                                      struct in6_addr **peer_pfx)
4424 {
4425         struct in6_addr *pfx = NULL;
4426 
4427         *peer_pfx = NULL;
4428 
4429         if (addr)
4430                 pfx = nla_data(addr);
4431 
4432         if (local) {
4433                 if (pfx && nla_memcmp(local, pfx, sizeof(*pfx)))
4434                         *peer_pfx = pfx;
4435                 pfx = nla_data(local);
4436         }
4437 
4438         return pfx;
4439 }
4440 
4441 static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = {
4442         [IFA_ADDRESS]           = { .len = sizeof(struct in6_addr) },
4443         [IFA_LOCAL]             = { .len = sizeof(struct in6_addr) },
4444         [IFA_CACHEINFO]         = { .len = sizeof(struct ifa_cacheinfo) },
4445         [IFA_FLAGS]             = { .len = sizeof(u32) },
4446 };
4447 
4448 static int
4449 inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
4450                   struct netlink_ext_ack *extack)
4451 {
4452         struct net *net = sock_net(skb->sk);
4453         struct ifaddrmsg *ifm;
4454         struct nlattr *tb[IFA_MAX+1];
4455         struct in6_addr *pfx, *peer_pfx;
4456         u32 ifa_flags;
4457         int err;
4458 
4459         err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy,
4460                           extack);
4461         if (err < 0)
4462                 return err;
4463 
4464         ifm = nlmsg_data(nlh);
4465         pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer_pfx);
4466         if (!pfx)
4467                 return -EINVAL;
4468 
4469         ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : ifm->ifa_flags;
4470 
4471         /* We ignore other flags so far. */
4472         ifa_flags &= IFA_F_MANAGETEMPADDR;
4473 
4474         return inet6_addr_del(net, ifm->ifa_index, ifa_flags, pfx,
4475                               ifm->ifa_prefixlen);
4476 }
4477 
4478 static int inet6_addr_modify(struct inet6_ifaddr *ifp, u32 ifa_flags,
4479                              u32 prefered_lft, u32 valid_lft)
4480 {
4481         u32 flags;
4482         clock_t expires;
4483         unsigned long timeout;
4484         bool was_managetempaddr;
4485         bool had_prefixroute;
4486 
4487         ASSERT_RTNL();
4488 
4489         if (!valid_lft || (prefered_lft > valid_lft))
4490                 return -EINVAL;
4491 
4492         if (ifa_flags & IFA_F_MANAGETEMPADDR &&
4493             (ifp->flags & IFA_F_TEMPORARY || ifp->prefix_len != 64))
4494                 return -EINVAL;
4495 
4496         timeout = addrconf_timeout_fixup(valid_lft, HZ);
4497         if (addrconf_finite_timeout(timeout)) {
4498                 expires = jiffies_to_clock_t(timeout * HZ);
4499                 valid_lft = timeout;
4500                 flags = RTF_EXPIRES;
4501         } else {
4502                 expires = 0;
4503                 flags = 0;
4504                 ifa_flags |= IFA_F_PERMANENT;
4505         }
4506 
4507         timeout = addrconf_timeout_fixup(prefered_lft, HZ);
4508         if (addrconf_finite_timeout(timeout)) {
4509                 if (timeout == 0)
4510                         ifa_flags |= IFA_F_DEPRECATED;
4511                 prefered_lft = timeout;
4512         }
4513 
4514         spin_lock_bh(&ifp->lock);
4515         was_managetempaddr = ifp->flags & IFA_F_MANAGETEMPADDR;
4516         had_prefixroute = ifp->flags & IFA_F_PERMANENT &&
4517                           !(ifp->flags & IFA_F_NOPREFIXROUTE);
4518         ifp->flags &= ~(IFA_F_DEPRECATED | IFA_F_PERMANENT | IFA_F_NODAD |
4519                         IFA_F_HOMEADDRESS | IFA_F_MANAGETEMPADDR |
4520                         IFA_F_NOPREFIXROUTE);
4521         ifp->flags |= ifa_flags;
4522         ifp->tstamp = jiffies;
4523         ifp->valid_lft = valid_lft;
4524         ifp->prefered_lft = prefered_lft;
4525 
4526         spin_unlock_bh(&ifp->lock);
4527         if (!(ifp->flags&IFA_F_TENTATIVE))
4528                 ipv6_ifa_notify(0, ifp);
4529 
4530         if (!(ifa_flags & IFA_F_NOPREFIXROUTE)) {
4531                 addrconf_prefix_route(&ifp->addr, ifp->prefix_len, ifp->idev->dev,
4532                                       expires, flags);
4533         } else if (had_prefixroute) {
4534                 enum cleanup_prefix_rt_t action;
4535                 unsigned long rt_expires;
4536 
4537                 write_lock_bh(&ifp->idev->lock);
4538                 action = check_cleanup_prefix_route(ifp, &rt_expires);
4539                 write_unlock_bh(&ifp->idev->lock);
4540 
4541                 if (action != CLEANUP_PREFIX_RT_NOP) {
4542                         cleanup_prefix_route(ifp, rt_expires,
4543                                 action == CLEANUP_PREFIX_RT_DEL);
4544                 }
4545         }
4546 
4547         if (was_managetempaddr || ifp->flags & IFA_F_MANAGETEMPADDR) {
4548                 if (was_managetempaddr && !(ifp->flags & IFA_F_MANAGETEMPADDR))
4549                         valid_lft = prefered_lft = 0;
4550                 manage_tempaddrs(ifp->idev, ifp, valid_lft, prefered_lft,
4551                                  !was_managetempaddr, jiffies);
4552         }
4553 
4554         addrconf_verify_rtnl();
4555 
4556         return 0;
4557 }
4558 
4559 static int
4560 inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
4561                   struct netlink_ext_ack *extack)
4562 {
4563         struct net *net = sock_net(skb->sk);
4564         struct ifaddrmsg *ifm;
4565         struct nlattr *tb[IFA_MAX+1];
4566         struct in6_addr *pfx, *peer_pfx;
4567         struct inet6_ifaddr *ifa;
4568         struct net_device *dev;
4569         u32 valid_lft = INFINITY_LIFE_TIME, preferred_lft = INFINITY_LIFE_TIME;
4570         u32 ifa_flags;
4571         int err;
4572 
4573         err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy,
4574                           extack);
4575         if (err < 0)
4576                 return err;
4577 
4578         ifm = nlmsg_data(nlh);
4579         pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer_pfx);
4580         if (!pfx)
4581                 return -EINVAL;
4582 
4583         if (tb[IFA_CACHEINFO]) {
4584                 struct ifa_cacheinfo *ci;
4585 
4586                 ci = nla_data(tb[IFA_CACHEINFO]);
4587                 valid_lft = ci->ifa_valid;
4588                 preferred_lft = ci->ifa_prefered;
4589         } else {
4590                 preferred_lft = INFINITY_LIFE_TIME;
4591                 valid_lft = INFINITY_LIFE_TIME;
4592         }
4593 
4594         dev =  __dev_get_by_index(net, ifm->ifa_index);
4595         if (!dev)
4596                 return -ENODEV;
4597 
4598         ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : ifm->ifa_flags;
4599 
4600         /* We ignore other flags so far. */
4601         ifa_flags &= IFA_F_NODAD | IFA_F_HOMEADDRESS | IFA_F_MANAGETEMPADDR |
4602                      IFA_F_NOPREFIXROUTE | IFA_F_MCAUTOJOIN;
4603 
4604         ifa = ipv6_get_ifaddr(net, pfx, dev, 1);
4605         if (!ifa) {
4606                 /*
4607                  * It would be best to check for !NLM_F_CREATE here but
4608                  * userspace already relies on not having to provide this.
4609                  */
4610                 return inet6_addr_add(net, ifm->ifa_index, pfx, peer_pfx,
4611                                       ifm->ifa_prefixlen, ifa_flags,
4612                                       preferred_lft, valid_lft);
4613         }
4614 
4615         if (nlh->nlmsg_flags & NLM_F_EXCL ||
4616             !(nlh->nlmsg_flags & NLM_F_REPLACE))
4617                 err = -EEXIST;
4618         else
4619                 err = inet6_addr_modify(ifa, ifa_flags, preferred_lft, valid_lft);
4620 
4621         in6_ifa_put(ifa);
4622 
4623         return err;
4624 }
4625 
4626 static void put_ifaddrmsg(struct nlmsghdr *nlh, u8 prefixlen, u32 flags,
4627                           u8 scope, int ifindex)
4628 {
4629         struct ifaddrmsg *ifm;
4630 
4631         ifm = nlmsg_data(nlh);
4632         ifm->ifa_family = AF_INET6;
4633         ifm->ifa_prefixlen = prefixlen;
4634         ifm->ifa_flags = flags;
4635         ifm->ifa_scope = scope;
4636         ifm->ifa_index = ifindex;
4637 }
4638 
4639 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
4640                          unsigned long tstamp, u32 preferred, u32 valid)
4641 {
4642         struct ifa_cacheinfo ci;
4643 
4644         ci.cstamp = cstamp_delta(cstamp);
4645         ci.tstamp = cstamp_delta(tstamp);
4646         ci.ifa_prefered = preferred;
4647         ci.ifa_valid = valid;
4648 
4649         return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
4650 }
4651 
4652 static inline int rt_scope(int ifa_scope)
4653 {
4654         if (ifa_scope & IFA_HOST)
4655                 return RT_SCOPE_HOST;
4656         else if (ifa_scope & IFA_LINK)
4657                 return RT_SCOPE_LINK;
4658         else if (ifa_scope & IFA_SITE)
4659                 return RT_SCOPE_SITE;
4660         else
4661                 return RT_SCOPE_UNIVERSE;
4662 }
4663 
4664 static inline int inet6_ifaddr_msgsize(void)
4665 {
4666         return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
4667                + nla_total_size(16) /* IFA_LOCAL */
4668                + nla_total_size(16) /* IFA_ADDRESS */
4669                + nla_total_size(sizeof(struct ifa_cacheinfo))
4670                + nla_total_size(4)  /* IFA_FLAGS */;
4671 }
4672 
4673 static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
4674                              u32 portid, u32 seq, int event, unsigned int flags)
4675 {
4676         struct nlmsghdr  *nlh;
4677         u32 preferred, valid;
4678 
4679         nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags);
4680         if (!nlh)
4681                 return -EMSGSIZE;
4682 
4683         put_ifaddrmsg(nlh, ifa->prefix_len, ifa->flags, rt_scope(ifa->scope),
4684                       ifa->idev->dev->ifindex);
4685 
4686         if (!((ifa->flags&IFA_F_PERMANENT) &&
4687               (ifa->prefered_lft == INFINITY_LIFE_TIME))) {
4688                 preferred = ifa->prefered_lft;
4689                 valid = ifa->valid_lft;
4690                 if (preferred != INFINITY_LIFE_TIME) {
4691                         long tval = (jiffies - ifa->tstamp)/HZ;
4692                         if (preferred > tval)
4693                                 preferred -= tval;
4694                         else
4695                                 preferred = 0;
4696                         if (valid != INFINITY_LIFE_TIME) {
4697                                 if (valid > tval)
4698                                         valid -= tval;
4699                                 else
4700                                         valid = 0;
4701                         }
4702                 }
4703         } else {
4704                 preferred = INFINITY_LIFE_TIME;
4705                 valid = INFINITY_LIFE_TIME;
4706         }
4707 
4708         if (!ipv6_addr_any(&ifa->peer_addr)) {
4709                 if (nla_put_in6_addr(skb, IFA_LOCAL, &ifa->addr) < 0 ||
4710                     nla_put_in6_addr(skb, IFA_ADDRESS, &ifa->peer_addr) < 0)
4711                         goto error;
4712         } else
4713                 if (nla_put_in6_addr(skb, IFA_ADDRESS, &ifa->addr) < 0)
4714                         goto error;
4715 
4716         if (put_cacheinfo(skb, ifa->cstamp, ifa->tstamp, preferred, valid) < 0)
4717                 goto error;
4718 
4719         if (nla_put_u32(skb, IFA_FLAGS, ifa->flags) < 0)
4720                 goto error;
4721 
4722         nlmsg_end(skb, nlh);
4723         return 0;
4724 
4725 error:
4726         nlmsg_cancel(skb, nlh);
4727         return -EMSGSIZE;
4728 }
4729 
4730 static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
4731                                 u32 portid, u32 seq, int event, u16 flags)
4732 {
4733         struct nlmsghdr  *nlh;
4734         u8 scope = RT_SCOPE_UNIVERSE;
4735         int ifindex = ifmca->idev->dev->ifindex;
4736 
4737         if (ipv6_addr_scope(&ifmca->mca_addr) & IFA_SITE)
4738                 scope = RT_SCOPE_SITE;
4739 
4740         nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags);
4741         if (!nlh)
4742                 return -EMSGSIZE;
4743 
4744         put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
4745         if (nla_put_in6_addr(skb, IFA_MULTICAST, &ifmca->mca_addr) < 0 ||
4746             put_cacheinfo(skb, ifmca->mca_cstamp, ifmca->mca_tstamp,
4747                           INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) {
4748                 nlmsg_cancel(skb, nlh);
4749                 return -EMSGSIZE;
4750         }
4751 
4752         nlmsg_end(skb, nlh);
4753         return 0;
4754 }
4755 
4756 static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
4757                                 u32 portid, u32 seq, int event, unsigned int flags)
4758 {
4759         struct nlmsghdr  *nlh;
4760         u8 scope = RT_SCOPE_UNIVERSE;
4761         int ifindex = ifaca->aca_idev->dev->ifindex;
4762 
4763         if (ipv6_addr_scope(&ifaca->aca_addr) & IFA_SITE)
4764                 scope = RT_SCOPE_SITE;
4765 
4766         nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct ifaddrmsg), flags);
4767         if (!nlh)
4768                 return -EMSGSIZE;
4769 
4770         put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
4771         if (nla_put_in6_addr(skb, IFA_ANYCAST, &ifaca->aca_addr) < 0 ||
4772             put_cacheinfo(skb, ifaca->aca_cstamp, ifaca->aca_tstamp,
4773                           INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) {
4774                 nlmsg_cancel(skb, nlh);
4775                 return -EMSGSIZE;
4776         }
4777 
4778         nlmsg_end(skb, nlh);
4779         return 0;
4780 }
4781 
4782 enum addr_type_t {
4783         UNICAST_ADDR,
4784         MULTICAST_ADDR,
4785         ANYCAST_ADDR,
4786 };
4787 
4788 /* called with rcu_read_lock() */
4789 static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb,
4790                           struct netlink_callback *cb, enum addr_type_t type,
4791                           int s_ip_idx, int *p_ip_idx)
4792 {
4793         struct ifmcaddr6 *ifmca;
4794         struct ifacaddr6 *ifaca;
4795         int err = 1;
4796         int ip_idx = *p_ip_idx;
4797 
4798         read_lock_bh(&idev->lock);
4799         switch (type) {
4800         case UNICAST_ADDR: {
4801                 struct inet6_ifaddr *ifa;
4802 
4803                 /* unicast address incl. temp addr */
4804                 list_for_each_entry(ifa, &idev->addr_list, if_list) {
4805                         if (++ip_idx < s_ip_idx)
4806                                 continue;
4807                         err = inet6_fill_ifaddr(skb, ifa,
4808                                                 NETLINK_CB(cb->skb).portid,
4809                                                 cb->nlh->nlmsg_seq,
4810                                                 RTM_NEWADDR,
4811                                                 NLM_F_MULTI);
4812                         if (err < 0)
4813                                 break;
4814                         nl_dump_check_consistent(cb, nlmsg_hdr(skb));
4815                 }
4816                 break;
4817         }
4818         case MULTICAST_ADDR:
4819                 /* multicast address */
4820                 for (ifmca = idev->mc_list; ifmca;
4821                      ifmca = ifmca->next, ip_idx++) {
4822                         if (ip_idx < s_ip_idx)
4823                                 continue;
4824                         err = inet6_fill_ifmcaddr(skb, ifmca,
4825                                                   NETLINK_CB(cb->skb).portid,
4826                                                   cb->nlh->nlmsg_seq,
4827                                                   RTM_GETMULTICAST,
4828                                                   NLM_F_MULTI);
4829                         if (err < 0)
4830                                 break;
4831                 }
4832                 break;
4833         case ANYCAST_ADDR:
4834                 /* anycast address */
4835                 for (ifaca = idev->ac_list; ifaca;
4836                      ifaca = ifaca->aca_next, ip_idx++) {
4837                         if (ip_idx < s_ip_idx)
4838                                 continue;
4839                         err = inet6_fill_ifacaddr(skb, ifaca,
4840                                                   NETLINK_CB(cb->skb).portid,
4841                                                   cb->nlh->nlmsg_seq,
4842                                                   RTM_GETANYCAST,
4843                                                   NLM_F_MULTI);
4844                         if (err < 0)
4845                                 break;
4846                 }
4847                 break;
4848         default:
4849                 break;
4850         }
4851         read_unlock_bh(&idev->lock);
4852         *p_ip_idx = ip_idx;
4853         return err;
4854 }
4855 
4856 static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
4857                            enum addr_type_t type)
4858 {
4859         struct net *net = sock_net(skb->sk);
4860         int h, s_h;
4861         int idx, ip_idx;
4862         int s_idx, s_ip_idx;
4863         struct net_device *dev;
4864         struct inet6_dev *idev;
4865         struct hlist_head *head;
4866 
4867         s_h = cb->args[0];
4868         s_idx = idx = cb->args[1];
4869         s_ip_idx = ip_idx = cb->args[2];
4870 
4871         rcu_read_lock();
4872         cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq;
4873         for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
4874                 idx = 0;
4875                 head = &net->dev_index_head[h];
4876                 hlist_for_each_entry_rcu(dev, head, index_hlist) {
4877                         if (idx < s_idx)
4878                                 goto cont;
4879                         if (h > s_h || idx > s_idx)
4880                                 s_ip_idx = 0;
4881                         ip_idx = 0;
4882                         idev = __in6_dev_get(dev);
4883                         if (!idev)
4884                                 goto cont;
4885 
4886                         if (in6_dump_addrs(idev, skb, cb, type,
4887                                            s_ip_idx, &ip_idx) < 0)
4888                                 goto done;
4889 cont:
4890                         idx++;
4891                 }
4892         }
4893 done:
4894         rcu_read_unlock();
4895         cb->args[0] = h;
4896         cb->args[1] = idx;
4897         cb->args[2] = ip_idx;
4898 
4899         return skb->len;
4900 }
4901 
4902 static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
4903 {
4904         enum addr_type_t type = UNICAST_ADDR;
4905 
4906         return inet6_dump_addr(skb, cb, type);
4907 }
4908 
4909 static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb)
4910 {
4911         enum addr_type_t type = MULTICAST_ADDR;
4912 
4913         return inet6_dump_addr(skb, cb, type);
4914 }
4915 
4916 
4917 static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
4918 {
4919         enum addr_type_t type = ANYCAST_ADDR;
4920 
4921         return inet6_dump_addr(skb, cb, type);
4922 }
4923 
4924 static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
4925                              struct netlink_ext_ack *extack)
4926 {
4927         struct net *net = sock_net(in_skb->sk);
4928         struct ifaddrmsg *ifm;
4929         struct nlattr *tb[IFA_MAX+1];
4930         struct in6_addr *addr = NULL, *peer;
4931         struct net_device *dev = NULL;
4932         struct inet6_ifaddr *ifa;
4933         struct sk_buff *skb;
4934         int err;
4935 
4936         err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy,
4937                           extack);
4938         if (err < 0)
4939                 goto errout;
4940 
4941         addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer);
4942         if (!addr) {
4943                 err = -EINVAL;
4944                 goto errout;
4945         }
4946 
4947         ifm = nlmsg_data(nlh);
4948         if (ifm->ifa_index)
4949                 dev = __dev_get_by_index(net, ifm->ifa_index);
4950 
4951         ifa = ipv6_get_ifaddr(net, addr, dev, 1);
4952         if (!ifa) {
4953                 err = -EADDRNOTAVAIL;
4954                 goto errout;
4955         }
4956 
4957         skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_KERNEL);
4958         if (!skb) {
4959                 err = -ENOBUFS;
4960                 goto errout_ifa;
4961         }
4962 
4963         err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(in_skb).portid,
4964                                 nlh->nlmsg_seq, RTM_NEWADDR, 0);
4965         if (err < 0) {
4966                 /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
4967                 WARN_ON(err == -EMSGSIZE);
4968                 kfree_skb(skb);
4969                 goto errout_ifa;
4970         }
4971         err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
4972 errout_ifa:
4973         in6_ifa_put(ifa);
4974 errout:
4975         return err;
4976 }
4977 
4978 static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
4979 {
4980         struct sk_buff *skb;
4981         struct net *net = dev_net(ifa->idev->dev);
4982         int err = -ENOBUFS;
4983 
4984         /* Don't send DELADDR notification for TENTATIVE address,
4985          * since NEWADDR notification is sent only after removing
4986          * TENTATIVE flag, if DAD has not failed.
4987          */
4988         if (ifa->flags & IFA_F_TENTATIVE && !(ifa->flags & IFA_F_DADFAILED) &&
4989             event == RTM_DELADDR)
4990                 return;
4991 
4992         skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC);
4993         if (!skb)
4994                 goto errout;
4995 
4996         err = inet6_fill_ifaddr(skb, ifa, 0, 0, event, 0);
4997         if (err < 0) {
4998                 /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
4999                 WARN_ON(err == -EMSGSIZE);
5000                 kfree_skb(skb);
5001                 goto errout;
5002         }
5003         rtnl_notify(skb, net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
5004         return;
5005 errout:
5006         if (err < 0)
5007                 rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, err);
5008 }
5009 
5010 static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
5011                                 __s32 *array, int bytes)
5012 {
5013         BUG_ON(bytes < (DEVCONF_MAX * 4));
5014 
5015         memset(array, 0, bytes);
5016         array[DEVCONF_FORWARDING] = cnf->forwarding;
5017         array[DEVCONF_HOPLIMIT] = cnf->hop_limit;
5018         array[DEVCONF_MTU6] = cnf->mtu6;
5019         array[DEVCONF_ACCEPT_RA] = cnf->accept_ra;
5020         array[DEVCONF_ACCEPT_REDIRECTS] = cnf->accept_redirects;
5021         array[DEVCONF_AUTOCONF] = cnf->autoconf;
5022         array[DEVCONF_DAD_TRANSMITS] = cnf->dad_transmits;
5023         array[DEVCONF_RTR_SOLICITS] = cnf->rtr_solicits;
5024         array[DEVCONF_RTR_SOLICIT_INTERVAL] =
5025                 jiffies_to_msecs(cnf->rtr_solicit_interval);
5026         array[DEVCONF_RTR_SOLICIT_MAX_INTERVAL] =
5027                 jiffies_to_msecs(cnf->rtr_solicit_max_interval);
5028         array[DEVCONF_RTR_SOLICIT_DELAY] =
5029                 jiffies_to_msecs(cnf->rtr_solicit_delay);
5030         array[DEVCONF_FORCE_MLD_VERSION] = cnf->force_mld_version;
5031         array[DEVCONF_MLDV1_UNSOLICITED_REPORT_INTERVAL] =
5032                 jiffies_to_msecs(cnf->mldv1_unsolicited_report_interval);
5033         array[DEVCONF_MLDV2_UNSOLICITED_REPORT_INTERVAL] =
5034                 jiffies_to_msecs(cnf->mldv2_unsolicited_report_interval);
5035         array[DEVCONF_USE_TEMPADDR] = cnf->use_tempaddr;
5036         array[DEVCONF_TEMP_VALID_LFT] = cnf->temp_valid_lft;
5037         array[DEVCONF_TEMP_PREFERED_LFT] = cnf->temp_prefered_lft;
5038         array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry;
5039         array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
5040         array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
5041         array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr;
5042         array[DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT] = cnf->accept_ra_min_hop_limit;
5043         array[DEVCONF_ACCEPT_RA_PINFO] = cnf->accept_ra_pinfo;
5044 #ifdef CONFIG_IPV6_ROUTER_PREF
5045         array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref;
5046         array[DEVCONF_RTR_PROBE_INTERVAL] =
5047                 jiffies_to_msecs(cnf->rtr_probe_interval);
5048 #ifdef CONFIG_IPV6_ROUTE_INFO
5049         array[DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN] = cnf->accept_ra_rt_info_min_plen;
5050         array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen;
5051 #endif
5052 #endif
5053         array[DEVCONF_PROXY_NDP] = cnf->proxy_ndp;
5054         array[DEVCONF_ACCEPT_SOURCE_ROUTE] = cnf->accept_source_route;
5055 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
5056         array[DEVCONF_OPTIMISTIC_DAD] = cnf->optimistic_dad;
5057         array[DEVCONF_USE_OPTIMISTIC] = cnf->use_optimistic;
5058 #endif
5059 #ifdef CONFIG_IPV6_MROUTE
5060         array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding;
5061 #endif
5062         array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6;
5063         array[DEVCONF_ACCEPT_DAD] = cnf->accept_dad;
5064         array[DEVCONF_FORCE_TLLAO] = cnf->force_tllao;
5065         array[DEVCONF_NDISC_NOTIFY] = cnf->ndisc_notify;
5066         array[DEVCONF_SUPPRESS_FRAG_NDISC] = cnf->suppress_frag_ndisc;
5067         array[DEVCONF_ACCEPT_RA_FROM_LOCAL] = cnf->accept_ra_from_local;
5068         array[DEVCONF_ACCEPT_RA_MTU] = cnf->accept_ra_mtu;
5069         array[DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN] = cnf->ignore_routes_with_linkdown;
5070         /* we omit DEVCONF_STABLE_SECRET for now */
5071         array[DEVCONF_USE_OIF_ADDRS_ONLY] = cnf->use_oif_addrs_only;
5072         array[DEVCONF_DROP_UNICAST_IN_L2_MULTICAST] = cnf->drop_unicast_in_l2_multicast;
5073         array[DEVCONF_DROP_UNSOLICITED_NA] = cnf->drop_unsolicited_na;
5074         array[DEVCONF_KEEP_ADDR_ON_DOWN] = cnf->keep_addr_on_down;
5075         array[DEVCONF_SEG6_ENABLED] = cnf->seg6_enabled;
5076 #ifdef CONFIG_IPV6_SEG6_HMAC
5077         array[DEVCONF_SEG6_REQUIRE_HMAC] = cnf->seg6_require_hmac;
5078 #endif
5079         array[DEVCONF_ENHANCED_DAD] = cnf->enhanced_dad;
5080         array[DEVCONF_ADDR_GEN_MODE] = cnf->addr_gen_mode;
5081         array[DEVCONF_DISABLE_POLICY] = cnf->disable_policy;
5082 }
5083 
5084 static inline size_t inet6_ifla6_size(void)
5085 {
5086         return nla_total_size(4) /* IFLA_INET6_FLAGS */
5087              + nla_total_size(sizeof(struct ifla_cacheinfo))
5088              + nla_total_size(DEVCONF_MAX * 4) /* IFLA_INET6_CONF */
5089              + nla_total_size(IPSTATS_MIB_MAX * 8) /* IFLA_INET6_STATS */
5090              + nla_total_size(ICMP6_MIB_MAX * 8) /* IFLA_INET6_ICMP6STATS */
5091              + nla_total_size(sizeof(struct in6_addr)); /* IFLA_INET6_TOKEN */
5092 }
5093 
5094 static inline size_t inet6_if_nlmsg_size(void)
5095 {
5096         return NLMSG_ALIGN(sizeof(struct ifinfomsg))
5097                + nla_total_size(IFNAMSIZ) /* IFLA_IFNAME */
5098                + nla_total_size(MAX_ADDR_LEN) /* IFLA_ADDRESS */
5099                + nla_total_size(4) /* IFLA_MTU */
5100                + nla_total_size(4) /* IFLA_LINK */
5101                + nla_total_size(1) /* IFLA_OPERSTATE */
5102                + nla_total_size(inet6_ifla6_size()); /* IFLA_PROTINFO */
5103 }
5104 
5105 static inline void __snmp6_fill_statsdev(u64 *stats, atomic_long_t *mib,
5106                                         int bytes)
5107 {
5108         int i;
5109         int pad = bytes - sizeof(u64) * ICMP6_MIB_MAX;
5110         BUG_ON(pad < 0);
5111 
5112         /* Use put_unaligned() because stats may not be aligned for u64. */
5113         put_unaligned(ICMP6_MIB_MAX, &stats[0]);
5114         for (i = 1; i < ICMP6_MIB_MAX; i++)
5115                 put_unaligned(atomic_long_read(&mib[i]), &stats[i]);
5116 
5117         memset(&stats[ICMP6_MIB_MAX], 0, pad);
5118 }
5119 
5120 static inline void __snmp6_fill_stats64(u64 *stats, void __percpu *mib,
5121                                         int bytes, size_t syncpoff)
5122 {
5123         int i, c;
5124         u64 buff[IPSTATS_MIB_MAX];
5125         int pad = bytes - sizeof(u64) * IPSTATS_MIB_MAX;
5126 
5127         BUG_ON(pad < 0);
5128 
5129         memset(buff, 0, sizeof(buff));
5130         buff[0] = IPSTATS_MIB_MAX;
5131 
5132         for_each_possible_cpu(c) {
5133                 for (i = 1; i < IPSTATS_MIB_MAX; i++)
5134                         buff[i] += snmp_get_cpu_field64(mib, c, i, syncpoff);
5135         }
5136 
5137         memcpy(stats, buff, IPSTATS_MIB_MAX * sizeof(u64));
5138         memset(&stats[IPSTATS_MIB_MAX], 0, pad);
5139 }
5140 
5141 static void snmp6_fill_stats(u64 *stats, struct inet6_dev *idev, int attrtype,
5142                              int bytes)
5143 {
5144         switch (attrtype) {
5145         case IFLA_INET6_STATS:
5146                 __snmp6_fill_stats64(stats, idev->stats.ipv6, bytes,
5147                                      offsetof(struct ipstats_mib, syncp));
5148                 break;
5149         case IFLA_INET6_ICMP6STATS:
5150                 __snmp6_fill_statsdev(stats, idev->stats.icmpv6dev->mibs, bytes);
5151                 break;
5152         }
5153 }
5154 
5155 static int inet6_fill_ifla6_attrs(struct sk_buff *skb, struct inet6_dev *idev,
5156                                   u32 ext_filter_mask)
5157 {
5158         struct nlattr *nla;
5159         struct ifla_cacheinfo ci;
5160 
5161         if (nla_put_u32(skb, IFLA_INET6_FLAGS, idev->if_flags))
5162                 goto nla_put_failure;
5163         ci.max_reasm_len = IPV6_MAXPLEN;
5164         ci.tstamp = cstamp_delta(idev->tstamp);
5165         ci.reachable_time = jiffies_to_msecs(idev->nd_parms->reachable_time);
5166         ci.retrans_time = jiffies_to_msecs(NEIGH_VAR(idev->nd_parms, RETRANS_TIME));
5167         if (nla_put(skb, IFLA_INET6_CACHEINFO, sizeof(ci), &ci))
5168                 goto nla_put_failure;
5169         nla = nla_reserve(skb, IFLA_INET6_CONF, DEVCONF_MAX * sizeof(s32));
5170         if (!nla)
5171                 goto nla_put_failure;
5172         ipv6_store_devconf(&idev->cnf, nla_data(nla), nla_len(nla));
5173 
5174         /* XXX - MC not implemented */
5175 
5176         if (ext_filter_mask & RTEXT_FILTER_SKIP_STATS)
5177                 return 0;
5178 
5179         nla = nla_reserve(skb, IFLA_INET6_STATS, IPSTATS_MIB_MAX * sizeof(u64));
5180         if (!nla)
5181                 goto nla_put_failure;
5182         snmp6_fill_stats(nla_data(nla), idev, IFLA_INET6_STATS, nla_len(nla));
5183 
5184         nla = nla_reserve(skb, IFLA_INET6_ICMP6STATS, ICMP6_MIB_MAX * sizeof(u64));
5185         if (!nla)
5186                 goto nla_put_failure;
5187         snmp6_fill_stats(nla_data(nla), idev, IFLA_INET6_ICMP6STATS, nla_len(nla));
5188 
5189         nla = nla_reserve(skb, IFLA_INET6_TOKEN, sizeof(struct in6_addr));
5190         if (!nla)
5191                 goto nla_put_failure;
5192 
5193         if (nla_put_u8(skb, IFLA_INET6_ADDR_GEN_MODE, idev->cnf.addr_gen_mode))
5194                 goto nla_put_failure;
5195 
5196         read_lock_bh(&idev->lock);
5197         memcpy(nla_data(nla), idev->token.s6_addr, nla_len(nla));
5198         read_unlock_bh(&idev->lock);
5199 
5200         return 0;
5201 
5202 nla_put_failure:
5203         return -EMSGSIZE;
5204 }
5205 
5206 static size_t inet6_get_link_af_size(const struct net_device *dev,
5207                                      u32 ext_filter_mask)
5208 {
5209         if (!__in6_dev_get(dev))
5210                 return 0;
5211 
5212         return inet6_ifla6_size();
5213 }
5214 
5215 static int inet6_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
5216                               u32 ext_filter_mask)
5217 {
5218         struct inet6_dev *idev = __in6_dev_get(dev);
5219 
5220         if (!idev)
5221                 return -ENODATA;
5222 
5223         if (inet6_fill_ifla6_attrs(skb, idev, ext_filter_mask) < 0)
5224                 return -EMSGSIZE;
5225 
5226         return 0;
5227 }
5228 
5229 static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
5230 {
5231         struct inet6_ifaddr *ifp;
5232         struct net_device *dev = idev->dev;
5233         bool clear_token, update_rs = false;
5234         struct in6_addr ll_addr;
5235 
5236         ASSERT_RTNL();
5237 
5238         if (!token)
5239                 return -EINVAL;
5240         if (dev->flags & (IFF_LOOPBACK | IFF_NOARP))
5241                 return -EINVAL;
5242         if (!ipv6_accept_ra(idev))
5243                 return -EINVAL;
5244         if (idev->cnf.rtr_solicits == 0)
5245                 return -EINVAL;
5246 
5247         write_lock_bh(&idev->lock);
5248 
5249         BUILD_BUG_ON(sizeof(token->s6_addr) != 16);
5250         memcpy(idev->token.s6_addr + 8, token->s6_addr + 8, 8);
5251 
5252         write_unlock_bh(&idev->lock);
5253 
5254         clear_token = ipv6_addr_any(token);
5255         if (clear_token)
5256                 goto update_lft;
5257 
5258         if (!idev->dead && (idev->if_flags & IF_READY) &&
5259             !ipv6_get_lladdr(dev, &ll_addr, IFA_F_TENTATIVE |
5260                              IFA_F_OPTIMISTIC)) {
5261                 /* If we're not ready, then normal ifup will take care
5262                  * of this. Otherwise, we need to request our rs here.
5263                  */
5264                 ndisc_send_rs(dev, &ll_addr, &in6addr_linklocal_allrouters);
5265                 update_rs = true;
5266         }
5267 
5268 update_lft:
5269         write_lock_bh(&idev->lock);
5270 
5271         if (update_rs) {
5272                 idev->if_flags |= IF_RS_SENT;
5273                 idev->rs_interval = rfc3315_s14_backoff_init(
5274                         idev->cnf.rtr_solicit_interval);
5275                 idev->rs_probes = 1;
5276                 addrconf_mod_rs_timer(idev, idev->rs_interval);
5277         }
5278 
5279         /* Well, that's kinda nasty ... */
5280         list_for_each_entry(ifp, &idev->addr_list, if_list) {
5281                 spin_lock(&ifp->lock);
5282                 if (ifp->tokenized) {
5283                         ifp->valid_lft = 0;
5284                         ifp->prefered_lft = 0;
5285                 }
5286                 spin_unlock(&ifp->lock);
5287         }
5288 
5289         write_unlock_bh(&idev->lock);
5290         inet6_ifinfo_notify(RTM_NEWLINK, idev);
5291         addrconf_verify_rtnl();
5292         return 0;
5293 }
5294 
5295 static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = {
5296         [IFLA_INET6_ADDR_GEN_MODE]      = { .type = NLA_U8 },
5297         [IFLA_INET6_TOKEN]              = { .len = sizeof(struct in6_addr) },
5298 };
5299 
5300 static int inet6_validate_link_af(const struct net_device *dev,
5301                                   const struct nlattr *nla)
5302 {
5303         struct nlattr *tb[IFLA_INET6_MAX + 1];
5304 
5305         if (dev && !__in6_dev_get(dev))
5306                 return -EAFNOSUPPORT;
5307 
5308         return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy,
5309                                 NULL);
5310 }
5311 
5312 static int check_addr_gen_mode(int mode)
5313 {
5314         if (mode != IN6_ADDR_GEN_MODE_EUI64 &&
5315             mode != IN6_ADDR_GEN_MODE_NONE &&
5316             mode != IN6_ADDR_GEN_MODE_STABLE_PRIVACY &&
5317             mode != IN6_ADDR_GEN_MODE_RANDOM)
5318                 return -EINVAL;
5319         return 1;
5320 }
5321 
5322 static int check_stable_privacy(struct inet6_dev *idev, struct net *net,
5323                                 int mode)
5324 {
5325         if (mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY &&
5326             !idev->cnf.stable_secret.initialized &&
5327             !net->ipv6.devconf_dflt->stable_secret.initialized)
5328                 return -EINVAL;
5329         return 1;
5330 }
5331 
5332 static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
5333 {
5334         int err = -EINVAL;
5335         struct inet6_dev *idev = __in6_dev_get(dev);
5336         struct nlattr *tb[IFLA_INET6_MAX + 1];
5337 
5338         if (!idev)
5339                 return -EAFNOSUPPORT;
5340 
5341         if (nla_parse_nested(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0)
5342                 BUG();
5343 
5344         if (tb[IFLA_INET6_TOKEN]) {
5345                 err = inet6_set_iftoken(idev, nla_data(tb[IFLA_INET6_TOKEN]));
5346                 if (err)
5347                         return err;
5348         }
5349 
5350         if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
5351                 u8 mode = nla_get_u8(tb[IFLA_INET6_ADDR_GEN_MODE]);
5352 
5353                 if (check_addr_gen_mode(mode) < 0 ||
5354                     check_stable_privacy(idev, dev_net(dev), mode) < 0)
5355                         return -EINVAL;
5356 
5357                 idev->cnf.addr_gen_mode = mode;
5358                 err = 0;
5359         }
5360 
5361         return err;
5362 }
5363 
5364 static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
5365                              u32 portid, u32 seq, int event, unsigned int flags)
5366 {
5367         struct net_device *dev = idev->dev;
5368         struct ifinfomsg *hdr;
5369         struct nlmsghdr *nlh;
5370         void *protoinfo;
5371 
5372         nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
5373         if (!nlh)
5374                 return -EMSGSIZE;
5375 
5376         hdr = nlmsg_data(nlh);
5377         hdr->ifi_family = AF_INET6;
5378         hdr->__ifi_pad = 0;
5379         hdr->ifi_type = dev->type;
5380         hdr->ifi_index = dev->ifindex;
5381         hdr->ifi_flags = dev_get_flags(dev);
5382         hdr->ifi_change = 0;
5383 
5384         if (nla_put_string(skb, IFLA_IFNAME, dev->name) ||
5385             (dev->addr_len &&
5386              nla_put(skb, IFLA_ADDRESS, dev->addr_len, dev->dev_addr)) ||
5387             nla_put_u32(skb, IFLA_MTU, dev->mtu) ||
5388             (dev->ifindex != dev_get_iflink(dev) &&
5389              nla_put_u32(skb, IFLA_LINK, dev_get_iflink(dev))) ||
5390             nla_put_u8(skb, IFLA_OPERSTATE,
5391                        netif_running(dev) ? dev->operstate : IF_OPER_DOWN))
5392                 goto nla_put_failure;
5393         protoinfo = nla_nest_start(skb, IFLA_PROTINFO);
5394         if (!protoinfo)
5395                 goto nla_put_failure;
5396 
5397         if (inet6_fill_ifla6_attrs(skb, idev, 0) < 0)
5398                 goto nla_put_failure;
5399 
5400         nla_nest_end(skb, protoinfo);
5401         nlmsg_end(skb, nlh);
5402         return 0;
5403 
5404 nla_put_failure:
5405         nlmsg_cancel(skb, nlh);
5406         return -EMSGSIZE;
5407 }
5408 
5409 static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
5410 {
5411         struct net *net = sock_net(skb->sk);
5412         int h, s_h;
5413         int idx = 0, s_idx;
5414         struct net_device *dev;
5415         struct inet6_dev *idev;
5416         struct hlist_head *head;
5417 
5418         s_h = cb->args[0];
5419         s_idx = cb->args[1];
5420 
5421         rcu_read_lock();
5422         for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
5423                 idx = 0;
5424                 head = &net->dev_index_head[h];
5425                 hlist_for_each_entry_rcu(dev, head, index_hlist) {
5426                         if (idx < s_idx)
5427                                 goto cont;
5428                         idev = __in6_dev_get(dev);
5429                         if (!idev)
5430                                 goto cont;
5431                         if (inet6_fill_ifinfo(skb, idev,
5432                                               NETLINK_CB(cb->skb).portid,
5433                                               cb->nlh->nlmsg_seq,
5434                                               RTM_NEWLINK, NLM_F_MULTI) < 0)
5435                                 goto out;
5436 cont:
5437                         idx++;
5438                 }
5439         }
5440 out:
5441         rcu_read_unlock();
5442         cb->args[1] = idx;
5443         cb->args[0] = h;
5444 
5445         return skb->len;
5446 }
5447 
5448 void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
5449 {
5450         struct sk_buff *skb;
5451         struct net *net = dev_net(idev->dev);
5452         int err = -ENOBUFS;
5453 
5454         skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC);
5455         if (!skb)
5456                 goto errout;
5457 
5458         err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0);
5459         if (err < 0) {
5460                 /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */
5461                 WARN_ON(err == -EMSGSIZE);
5462                 kfree_skb(skb);
5463                 goto errout;
5464         }
5465         rtnl_notify(skb, net, 0, RTNLGRP_IPV6_IFINFO, NULL, GFP_ATOMIC);
5466         return;
5467 errout:
5468         if (err < 0)
5469                 rtnl_set_sk_err(net, RTNLGRP_IPV6_IFINFO, err);
5470 }
5471 
5472 static inline size_t inet6_prefix_nlmsg_size(void)
5473 {
5474         return NLMSG_ALIGN(sizeof(struct prefixmsg))
5475                + nla_total_size(sizeof(struct in6_addr))
5476                + nla_total_size(sizeof(struct prefix_cacheinfo));
5477 }
5478 
5479 static int inet6_fill_prefix(struct sk_buff *skb, struct inet6_dev *idev,
5480                              struct prefix_info *pinfo, u32 portid, u32 seq,
5481                              int event, unsigned int flags)
5482 {
5483         struct prefixmsg *pmsg;
5484         struct nlmsghdr *nlh;
5485         struct prefix_cacheinfo ci;
5486 
5487         nlh = nlmsg_put(skb, portid, seq, event, sizeof(*pmsg), flags);
5488         if (!nlh)
5489                 return -EMSGSIZE;
5490 
5491         pmsg = nlmsg_data(nlh);
5492         pmsg->prefix_family = AF_INET6;
5493         pmsg->prefix_pad1 = 0;
5494         pmsg->prefix_pad2 = 0;
5495         pmsg->prefix_ifindex = idev->dev->ifindex;
5496         pmsg->prefix_len = pinfo->prefix_len;
5497         pmsg->prefix_type = pinfo->type;
5498         pmsg->prefix_pad3 = 0;
5499         pmsg->prefix_flags = 0;
5500         if (pinfo->onlink)
5501                 pmsg->prefix_flags |= IF_PREFIX_ONLINK;
5502         if (pinfo->autoconf)
5503                 pmsg->prefix_flags |= IF_PREFIX_AUTOCONF;
5504 
5505         if (nla_put(skb, PREFIX_ADDRESS, sizeof(pinfo->prefix), &pinfo->prefix))
5506                 goto nla_put_failure;
5507         ci.preferred_time = ntohl(pinfo->prefered);
5508         ci.valid_time = ntohl(pinfo->valid);
5509         if (nla_put(skb, PREFIX_CACHEINFO, sizeof(ci), &ci))
5510                 goto nla_put_failure;
5511         nlmsg_end(skb, nlh);
5512         return 0;
5513 
5514 nla_put_failure:
5515         nlmsg_cancel(skb, nlh);
5516         return -EMSGSIZE;
5517 }
5518 
5519 static void inet6_prefix_notify(int event, struct inet6_dev *idev,
5520                          struct prefix_info *pinfo)
5521 {
5522         struct sk_buff *skb;
5523         struct net *net = dev_net(idev->dev);
5524         int err = -ENOBUFS;
5525 
5526         skb = nlmsg_new(inet6_prefix_nlmsg_size(), GFP_ATOMIC);
5527         if (!skb)
5528                 goto errout;
5529 
5530         err = inet6_fill_prefix(skb, idev, pinfo, 0, 0, event, 0);
5531         if (err < 0) {
5532                 /* -EMSGSIZE implies BUG in inet6_prefix_nlmsg_size() */
5533                 WARN_ON(err == -EMSGSIZE);
5534                 kfree_skb(skb);
5535                 goto errout;
5536         }
5537         rtnl_notify(skb, net, 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC);
5538         return;
5539 errout:
5540         if (err < 0)
5541                 rtnl_set_sk_err(net, RTNLGRP_IPV6_PREFIX, err);
5542 }
5543 
5544 static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
5545 {
5546         struct net *net = dev_net(ifp->idev->dev);
5547 
5548         if (event)
5549                 ASSERT_RTNL();
5550 
5551         inet6_ifa_notify(event ? : RTM_NEWADDR, ifp);
5552 
5553         switch (event) {
5554         case RTM_NEWADDR:
5555                 /*
5556                  * If the address was optimistic
5557                  * we inserted the route at the start of
5558                  * our DAD process, so we don't need
5559                  * to do it again
5560                  */
5561                 if (!rcu_access_pointer(ifp->rt->rt6i_node))
5562                         ip6_ins_rt(ifp->rt);
5563                 if (ifp->idev->cnf.forwarding)
5564                         addrconf_join_anycast(ifp);
5565                 if (!ipv6_addr_any(&ifp->peer_addr))
5566                         addrconf_prefix_route(&ifp->peer_addr, 128,
5567                                               ifp->idev->dev, 0, 0);
5568                 break;
5569         case RTM_DELADDR:
5570                 if (ifp->idev->cnf.forwarding)
5571                         addrconf_leave_anycast(ifp);
5572                 addrconf_leave_solict(ifp->idev, &ifp->addr);
5573                 if (!ipv6_addr_any(&ifp->peer_addr)) {
5574                         struct rt6_info *rt;
5575 
5576                         rt = addrconf_get_prefix_route(&ifp->peer_addr, 128,
5577                                                        ifp->idev->dev, 0, 0);
5578                         if (rt)
5579                                 ip6_del_rt(rt);
5580                 }
5581                 if (ifp->rt) {
5582                         if (dst_hold_safe(&ifp->rt->dst))
5583                                 ip6_del_rt(ifp->rt);
5584                 }
5585                 rt_genid_bump_ipv6(net);
5586                 break;
5587         }
5588         atomic_inc(&net->ipv6.dev_addr_genid);
5589 }
5590 
5591 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
5592 {
5593         rcu_read_lock_bh();
5594         if (likely(ifp->idev->dead == 0))
5595                 __ipv6_ifa_notify(event, ifp);
5596         rcu_read_unlock_bh();
5597 }
5598 
5599 #ifdef CONFIG_SYSCTL
5600 
5601 static
5602 int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
5603                            void __user *buffer, size_t *lenp, loff_t *ppos)
5604 {
5605         int *valp = ctl->data;
5606         int val = *valp;
5607         loff_t pos = *ppos;
5608         struct ctl_table lctl;
5609         int ret;
5610 
5611         /*
5612          * ctl->data points to idev->cnf.forwarding, we should
5613          * not modify it until we get the rtnl lock.
5614          */
5615         lctl = *ctl;
5616         lctl.data = &val;
5617 
5618         ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
5619 
5620         if (write)
5621                 ret = addrconf_fixup_forwarding(ctl, valp, val);
5622         if (ret)
5623                 *ppos = pos;
5624         return ret;
5625 }
5626 
5627 static
5628 int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
5629                         void __user *buffer, size_t *lenp, loff_t *ppos)
5630 {
5631         struct inet6_dev *idev = ctl->extra1;
5632         int min_mtu = IPV6_MIN_MTU;
5633         struct ctl_table lctl;
5634 
5635         lctl = *ctl;
5636         lctl.extra1 = &min_mtu;
5637         lctl.extra2 = idev ? &idev->dev->mtu : NULL;
5638 
5639         return proc_dointvec_minmax(&lctl, write, buffer, lenp, ppos);
5640 }
5641 
5642 static void dev_disable_change(struct inet6_dev *idev)
5643 {
5644         struct netdev_notifier_info info;
5645 
5646         if (!idev || !idev->dev)
5647                 return;
5648 
5649         netdev_notifier_info_init(&info, idev->dev);
5650         if (idev->cnf.disable_ipv6)
5651                 addrconf_notify(NULL, NETDEV_DOWN, &info);
5652         else
5653                 addrconf_notify(NULL, NETDEV_UP, &info);
5654 }
5655 
5656 static void addrconf_disable_change(struct net *net, __s32 newf)
5657 {
5658         struct net_device *dev;
5659         struct inet6_dev *idev;
5660 
5661         for_each_netdev(net, dev) {
5662                 idev = __in6_dev_get(dev);
5663                 if (idev) {
5664                         int changed = (!idev->cnf.disable_ipv6) ^ (!newf);
5665                         idev->cnf.disable_ipv6 = newf;
5666                         if (changed)
5667                                 dev_disable_change(idev);
5668                 }
5669         }
5670 }
5671 
5672 static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf)
5673 {
5674         struct net *net;
5675         int old;
5676 
5677         if (!rtnl_trylock())
5678                 return restart_syscall();
5679 
5680         net = (struct net *)table->extra2;
5681         old = *p;
5682         *p = newf;
5683 
5684         if (p == &net->ipv6.devconf_dflt->disable_ipv6) {
5685                 rtnl_unlock();
5686                 return 0;
5687         }
5688 
5689         if (p == &net->ipv6.devconf_all->disable_ipv6) {
5690                 net->ipv6.devconf_dflt->disable_ipv6 = newf;
5691                 addrconf_disable_change(net, newf);
5692         } else if ((!newf) ^ (!old))
5693                 dev_disable_change((struct inet6_dev *)table->extra1);
5694 
5695         rtnl_unlock();
5696         return 0;
5697 }
5698 
5699 static
5700 int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
5701                             void __user *buffer, size_t *lenp, loff_t *ppos)
5702 {
5703         int *valp = ctl->data;
5704         int val = *valp;
5705         loff_t pos = *ppos;
5706         struct ctl_table lctl;
5707         int ret;
5708 
5709         /*
5710          * ctl->data points to idev->cnf.disable_ipv6, we should
5711          * not modify it until we get the rtnl lock.
5712          */
5713         lctl = *ctl;
5714         lctl.data = &val;
5715 
5716         ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
5717 
5718         if (write)
5719                 ret = addrconf_disable_ipv6(ctl, valp, val);
5720         if (ret)
5721                 *ppos = pos;
5722         return ret;
5723 }
5724 
5725 static
5726 int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write,
5727                               void __user *buffer, size_t *lenp, loff_t *ppos)
5728 {
5729         int *valp = ctl->data;
5730         int ret;
5731         int old, new;
5732 
5733         old = *valp;
5734         ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
5735         new = *valp;
5736 
5737         if (write && old != new) {
5738                 struct net *net = ctl->extra2;
5739 
5740                 if (!rtnl_trylock())
5741                         return restart_syscall();
5742 
5743                 if (valp == &net->ipv6.devconf_dflt->proxy_ndp)
5744                         inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
5745                                                      NETCONFA_PROXY_NEIGH,
5746                                                      NETCONFA_IFINDEX_DEFAULT,
5747                                                      net->ipv6.devconf_dflt);
5748                 else if (valp == &net->ipv6.devconf_all->proxy_ndp)
5749                         inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
5750                                                      NETCONFA_PROXY_NEIGH,
5751                                                      NETCONFA_IFINDEX_ALL,
5752                                                      net->ipv6.devconf_all);
5753                 else {
5754                         struct inet6_dev *idev = ctl->extra1;
5755 
5756                         inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
5757                                                      NETCONFA_PROXY_NEIGH,
5758                                                      idev->dev->ifindex,
5759                                                      &idev->cnf);
5760                 }
5761                 rtnl_unlock();
5762         }
5763 
5764         return ret;
5765 }
5766 
5767 static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write,
5768                                          void __user *buffer, size_t *lenp,
5769                                          loff_t *ppos)
5770 {
5771         int ret = 0;
5772         int new_val;
5773         struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1;
5774         struct net *net = (struct net *)ctl->extra2;
5775 
5776         if (!rtnl_trylock())
5777                 return restart_syscall();
5778 
5779         ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
5780 
5781         if (write) {
5782                 new_val = *((int *)ctl->data);
5783 
5784                 if (check_addr_gen_mode(new_val) < 0) {
5785                         ret = -EINVAL;
5786                         goto out;
5787                 }
5788 
5789                 /* request for default */
5790                 if (&net->ipv6.devconf_dflt->addr_gen_mode == ctl->data) {
5791                         ipv6_devconf_dflt.addr_gen_mode = new_val;
5792 
5793                 /* request for individual net device */
5794                 } else {
5795                         if (!idev)
5796                                 goto out;
5797 
5798                         if (check_stable_privacy(idev, net, new_val) < 0) {
5799                                 ret = -EINVAL;
5800                                 goto out;
5801                         }
5802 
5803                         if (idev->cnf.addr_gen_mode != new_val) {
5804                                 idev->cnf.addr_gen_mode = new_val;
5805                                 addrconf_dev_config(idev->dev);
5806                         }
5807                 }
5808         }
5809 
5810 out:
5811         rtnl_unlock();
5812 
5813         return ret;
5814 }
5815 
5816 static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
5817                                          void __user *buffer, size_t *lenp,
5818                                          loff_t *ppos)
5819 {
5820         int err;
5821         struct in6_addr addr;
5822         char str[IPV6_MAX_STRLEN];
5823         struct ctl_table lctl = *ctl;
5824         struct net *net = ctl->extra2;
5825         struct ipv6_stable_secret *secret = ctl->data;
5826 
5827         if (&net->ipv6.devconf_all->stable_secret == ctl->data)
5828                 return -EIO;
5829 
5830         lctl.maxlen = IPV6_MAX_STRLEN;
5831         lctl.data = str;
5832 
5833         if (!rtnl_trylock())
5834                 return restart_syscall();
5835 
5836         if (!write && !secret->initialized) {
5837                 err = -EIO;
5838                 goto out;
5839         }
5840 
5841         err = snprintf(str, sizeof(str), "%pI6", &secret->secret);
5842         if (err >= sizeof(str)) {
5843                 err = -EIO;
5844                 goto out;
5845         }
5846 
5847         err = proc_dostring(&lctl, write, buffer, lenp, ppos);
5848         if (err || !write)
5849                 goto out;
5850 
5851         if (in6_pton(str, -1, addr.in6_u.u6_addr8, -1, NULL) != 1) {
5852                 err = -EIO;
5853                 goto out;
5854         }
5855 
5856         secret->initialized = true;
5857         secret->secret = addr;
5858 
5859         if (&net->ipv6.devconf_dflt->stable_secret == ctl->data) {
5860                 struct net_device *dev;
5861 
5862                 for_each_netdev(net, dev) {
5863                         struct inet6_dev *idev = __in6_dev_get(dev);
5864 
5865                         if (idev) {
5866                                 idev->cnf.addr_gen_mode =
5867                                         IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
5868                         }
5869                 }
5870         } else {
5871                 struct inet6_dev *idev = ctl->extra1;
5872 
5873                 idev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
5874         }
5875 
5876 out:
5877         rtnl_unlock();
5878 
5879         return err;
5880 }
5881 
5882 static
5883 int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
5884                                                 int write,
5885                                                 void __user *buffer,
5886                                                 size_t *lenp,
5887                                                 loff_t *ppos)
5888 {
5889         int *valp = ctl->data;
5890         int val = *valp;
5891         loff_t pos = *ppos;
5892         struct ctl_table lctl;
5893         int ret;
5894 
5895         /* ctl->data points to idev->cnf.ignore_routes_when_linkdown
5896          * we should not modify it until we get the rtnl lock.
5897          */
5898         lctl = *ctl;
5899         lctl.data = &val;
5900 
5901         ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
5902 
5903         if (write)
5904                 ret = addrconf_fixup_linkdown(ctl, valp, val);
5905         if (ret)
5906                 *ppos = pos;
5907         return ret;
5908 }
5909 
5910 static
5911 void addrconf_set_nopolicy(struct rt6_info *rt, int action)
5912 {
5913         if (rt) {
5914                 if (action)
5915                         rt->dst.flags |= DST_NOPOLICY;
5916                 else
5917                         rt->dst.flags &= ~DST_NOPOLICY;
5918         }
5919 }
5920 
5921 static
5922 void addrconf_disable_policy_idev(struct inet6_dev *idev, int val)
5923 {
5924         struct inet6_ifaddr *ifa;
5925 
5926         read_lock_bh(&idev->lock);
5927         list_for_each_entry(ifa, &idev->addr_list, if_list) {
5928                 spin_lock(&ifa->lock);
5929                 if (ifa->rt) {
5930                         struct rt6_info *rt = ifa->rt;
5931                         struct fib6_table *table = rt->rt6i_table;
5932                         int cpu;
5933 
5934                         read_lock(&table->tb6_lock);
5935                         addrconf_set_nopolicy(ifa->rt, val);
5936                         if (rt->rt6i_pcpu) {
5937                                 for_each_possible_cpu(cpu) {
5938                                         struct rt6_info **rtp;
5939 
5940                                         rtp = per_cpu_ptr(rt->rt6i_pcpu, cpu);
5941                                         addrconf_set_nopolicy(*rtp, val);
5942                                 }
5943                         }
5944                         read_unlock(&table->tb6_lock);
5945                 }
5946                 spin_unlock(&ifa->lock);
5947         }
5948         read_unlock_bh(&idev->lock);
5949 }
5950 
5951 static
5952 int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val)
5953 {
5954         struct inet6_dev *idev;
5955         struct net *net;
5956 
5957         if (!rtnl_trylock())
5958                 return restart_syscall();
5959 
5960         *valp = val;
5961 
5962         net = (struct net *)ctl->extra2;
5963         if (valp == &net->ipv6.devconf_dflt->disable_policy) {
5964                 rtnl_unlock();
5965                 return 0;
5966         }
5967 
5968         if (valp == &net->ipv6.devconf_all->disable_policy)  {
5969                 struct net_device *dev;
5970 
5971                 for_each_netdev(net, dev) {
5972                         idev = __in6_dev_get(dev);
5973                         if (idev)
5974                                 addrconf_disable_policy_idev(idev, val);
5975                 }
5976         } else {
5977                 idev = (struct inet6_dev *)ctl->extra1;
5978                 addrconf_disable_policy_idev(idev, val);
5979         }
5980 
5981         rtnl_unlock();
5982         return 0;
5983 }
5984 
5985 static
5986 int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write,
5987                                    void __user *buffer, size_t *lenp,
5988                                    loff_t *ppos)
5989 {
5990         int *valp = ctl->data;
5991         int val = *valp;
5992         loff_t pos = *ppos;
5993         struct ctl_table lctl;
5994         int ret;
5995 
5996         lctl = *ctl;
5997         lctl.data = &val;
5998         ret = proc_dointvec(&lctl, write, buffer, lenp, ppos);
5999 
6000         if (write && (*valp != val))
6001                 ret = addrconf_disable_policy(ctl, valp, val);
6002 
6003         if (ret)
6004                 *ppos = pos;
6005 
6006         return ret;
6007 }
6008 
6009 static int minus_one = -1;
6010 static const int one = 1;
6011 static const int two_five_five = 255;
6012 
6013 static const struct ctl_table addrconf_sysctl[] = {
6014         {
6015                 .procname       = "forwarding",
6016                 .data           = &ipv6_devconf.forwarding,
6017                 .maxlen         = sizeof(int),
6018                 .mode           = 0644,
6019                 .proc_handler   = addrconf_sysctl_forward,
6020         },
6021         {
6022                 .procname       = "hop_limit",