[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8b204974-1466-0046-9c11-b624e06b0755@iogearbox.net>
Date: Thu, 4 Oct 2018 20:46:55 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Joe Stringer <joe@...d.net.nz>
Cc: netdev <netdev@...r.kernel.org>, ast@...nel.org
Subject: Re: [PATCH bpf-next] net: core: Fix build with CONFIG_IPV6=m
On 10/04/2018 08:33 PM, Joe Stringer wrote:
> On Thu, 4 Oct 2018 at 01:48, Daniel Borkmann <daniel@...earbox.net> wrote:
>>
>> On 10/03/2018 07:32 AM, Joe Stringer wrote:
>>> Stephen Rothwell reports the following link failure with IPv6 as module:
>>>
>>> x86_64-linux-gnu-ld: net/core/filter.o: in function `sk_lookup':
>>> (.text+0x19219): undefined reference to `__udp6_lib_lookup'
>>>
>>> Fix the build by only enabling the IPv6 socket lookup if IPv6 support is
>>> compiled into the kernel.
>>>
>>> Signed-off-by: Joe Stringer <joe@...d.net.nz>
>>> ---
>>> net/core/filter.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/core/filter.c b/net/core/filter.c
>>> index 591c698bc517..30c6b2d3ef16 100644
>>> --- a/net/core/filter.c
>>> +++ b/net/core/filter.c
>>> @@ -4838,7 +4838,7 @@ struct sock *sk_lookup(struct net *net, struct bpf_sock_tuple *tuple,
>>> sk = __udp4_lib_lookup(net, src4, tuple->ipv4.sport,
>>> dst4, tuple->ipv4.dport,
>>> dif, sdif, &udp_table, skb);
>>> -#if IS_ENABLED(CONFIG_IPV6)
>>> +#if IS_REACHABLE(CONFIG_IPV6)
>>> } else {
>>> struct in6_addr *src6 = (struct in6_addr *)&tuple->ipv6.saddr;
>>> struct in6_addr *dst6 = (struct in6_addr *)&tuple->ipv6.daddr;
>>>
>>
>> Applied as a quick fix, thanks Joe, but ideally this should also work when ipv6
>> is compiled as a module. There's the ipv6_bpf_stub, which does that job for other
>> helpers that would call into v6 code out of the builtin filter.c, so I think we
>> should follow the same approach here as well. See commit d74bad4e74ee ("bpf:
>> Hooks for sys_connect").
>
> Thanks for the pointers, I'll look into that.
>
> To confirm my understanding, is it possible to unload the IPv6 module?
> I don't see any code that uninitializes "ipv6_bpf_stub". Seems like a
> simple conditional check on that variable should be enough to gate its
> usage from packet paths where sk_lookup could be invoked (Given that
> the system could receive any packets, including IPv6 when the module
> is not loaded).
No unload, this has been removed via 8ce440610357 ("ipv6: do not allow
ipv6 module to be removed").
Thanks,
Daniel
Powered by blists - more mailing lists