Re: [PATCH 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot

From: Florian Westphal
Date: Tue Aug 20 2019 - 01:36:15 EST

Next message: Walter Wu: "Re: [PATCH v4] kasan: add memory corruption identification for software tag-based mode"
Previous message: kbuild test robot: "Re: [RT PATCH v2] net/xfrm/xfrm_ipcomp: Protect scratch buffer with local_lock"
In reply to: Leonardo Bras: "[PATCH 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Next in thread: Leonardo Bras: "Re: [PATCH 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Leonardo Bras <leonardo@xxxxxxxxxxxxx> wrote:
> If IPv6 is disabled on boot (ipv6.disable=1), but nft_fib_inet ends up
> dealing with a IPv6 package, it causes a kernel panic in
> fib6_node_lookup_1(), crashing in bad_page_fault.
>
> The panic is caused by trying to deference a very low address (0x38
> in ppc64le), due to ipv6.fib6_main_tbl = NULL.
> BUG: Kernel NULL pointer dereference at 0x00000038
>
> Fix this behavior by dropping IPv6 packages if !ipv6_mod_enabled().

Wouldn't fib_netdev.c have the same problem?

If so, might be better to place this test in both
nft_fib6_eval_type and nft_fib6_eval.

Next message: Walter Wu: "Re: [PATCH v4] kasan: add memory corruption identification for software tag-based mode"
Previous message: kbuild test robot: "Re: [RT PATCH v2] net/xfrm/xfrm_ipcomp: Protect scratch buffer with local_lock"
In reply to: Leonardo Bras: "[PATCH 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Next in thread: Leonardo Bras: "Re: [PATCH 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]