[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <59150cd5-9950-2479-a992-94dcdaa5e63c@6wind.com>
Date: Thu, 7 Apr 2022 18:10:49 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Eric Dumazet <edumazet@...gle.com>,
kongweibin <kongweibin2@...wei.com>
Cc: David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Willem de Bruijn <willemb@...gle.com>,
Pavel Begunkov <asml.silence@...il.com>,
David Ahern <dsahern@...nel.org>,
Vasily Averin <vvs@...tuozzo.com>,
Martin KaFai Lau <kafai@...com>,
LKML <linux-kernel@...r.kernel.org>,
netdev <netdev@...r.kernel.org>, rose.chen@...wei.com,
liaichun@...wei.com
Subject: Re: [PATCH] ipv6:fix crash when idev is NULL
Le 07/04/2022 à 16:08, Eric Dumazet a écrit :
[snip]
>
> And CC patch author for feedback.
Thanks Eric.
>
> In this case I suspect:
>
> commit ccd27f05ae7b8ebc40af5b004e94517a919aa862
> Author: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> Date: Tue Jul 6 11:13:35 2021 +0200
>
> ipv6: fix 'disable_policy' for fwd packets
I agree.
>
>
>
>> ---
>> net/ipv6/ip6_output.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
>> index 54cabf1c2..347b5600d 100644
>> --- a/net/ipv6/ip6_output.c
>> +++ b/net/ipv6/ip6_output.c
>> @@ -495,6 +495,9 @@ int ip6_forward(struct sk_buff *skb)
>> u32 mtu;
>>
>> idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
>> + if (!idev)
>> + goto drop;
>> +
>> if (net->ipv6.devconf_all->forwarding == 0)
>> goto error;
Dropping packet in this case may introduce another regression, because there was
no drop before commit ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets").
Maybe something like this:
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -485,7 +485,7 @@ int ip6_forward(struct sk_buff *skb)
goto drop;
if (!net->ipv6.devconf_all->disable_policy &&
- !idev->cnf.disable_policy &&
+ (!idev || !idev->cnf.disable_policy) &&
!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
__IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
goto drop;
I could submit it formally tomorrow.
Regards,
Nicolas
Powered by blists - more mailing lists