lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251025160905.3857885-191-sashal@kernel.org>
Date: Sat, 25 Oct 2025 11:57:02 -0400
From: Sasha Levin <sashal@...nel.org>
To: patches@...ts.linux.dev,
	stable@...r.kernel.org
Cc: David Ahern <dsahern@...nel.org>,
	Simon Horman <horms@...nel.org>,
	Jakub Kicinski <kuba@...nel.org>,
	Sasha Levin <sashal@...nel.org>,
	davem@...emloft.net,
	edumazet@...gle.com,
	pabeni@...hat.com,
	netdev@...r.kernel.org
Subject: [PATCH AUTOSEL 6.17-5.4] selftests: Disable dad for ipv6 in fcnal-test.sh

From: David Ahern <dsahern@...nel.org>

[ Upstream commit 53d591730ea34f97a82f7ec6e7c987ca6e34dc21 ]

Constrained test environment; duplicate address detection is not needed
and causes races so disable it.

Signed-off-by: David Ahern <dsahern@...nel.org>
Reviewed-by: Simon Horman <horms@...nel.org>
Link: https://patch.msgid.link/20250910025828.38900-1-dsahern@kernel.org
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---

LLM Generated explanations, may be completely bogus:

YES

**Rationale**
- Fixes real test flakiness: IPv6 Duplicate Address Detection (DAD) in
  constrained netns-based selftests can leave addresses “tentative” and
  create timing races. Disabling DAD makes IPv6 addresses usable
  immediately, eliminating nondeterministic failures the commit message
  calls out.
- Small, surgical change: Adds two `sysctl` writes in the namespace
  setup function to disable DAD; no broader logic changes.
- Consistent with existing practice: Many net selftests already disable
  DAD to stabilize execution, so this aligns `fcnal-test.sh` with the
  rest of the suite.

**Scope and Risk**
- Test-only change under `tools/testing/selftests/`; no impact on kernel
  runtime or userspace APIs.
- No architectural changes; confined to `create_ns()` namespace
  initialization.
- Low regression risk: `fcnal-test.sh` does not validate DAD behavior
  and already uses `nodad` where needed and even sleeps for DAD in
  places, indicating this is purely to avoid races, not to test DAD.

**Code References**
- New sysctls added to `create_ns()` disable DAD for both existing and
  future interfaces in the ns:
  - `tools/testing/selftests/net/fcnal-test.sh:427`: `ip netns exec
    ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0`
  - `tools/testing/selftests/net/fcnal-test.sh:428`: `ip netns exec
    ${ns} sysctl -qw net.ipv6.conf.all.accept_dad=0`
- Context shows this is part of standard IPv6 netns setup already
  setting related sysctls:
  - `tools/testing/selftests/net/fcnal-test.sh:424`:
    `net.ipv6.conf.all.keep_addr_on_down=1`
  - `tools/testing/selftests/net/fcnal-test.sh:425`:
    `net.ipv6.conf.all.forwarding=1`
  - `tools/testing/selftests/net/fcnal-test.sh:426`:
    `net.ipv6.conf.default.forwarding=1`
- The script already works around DAD in specific places (underscoring
  the race):
  - `tools/testing/selftests/net/fcnal-test.sh:4084`: `sleep 5 # DAD`
  - Multiple address additions use `nodad` (e.g.,
    `tools/testing/selftests/net/fcnal-test.sh:393`, `3324`, `3602`,
    `4076`, `4125`, `4129`).
- Precedent across other net selftests (common pattern to disable DAD):
  - `tools/testing/selftests/net/traceroute.sh:65`:
    `net.ipv6.conf.default.accept_dad=0`
  - `tools/testing/selftests/net/fib_nexthops.sh:168`:
    `net.ipv6.conf.all.accept_dad=0`
  - `tools/testing/selftests/net/fib_nexthops.sh:169`:
    `net.ipv6.conf.default.accept_dad=0`

**Stable Criteria**
- Fixes important flakiness affecting users of stable selftests.
- Minimal, contained change with negligible risk.
- No features or architectural shifts; strictly improves test
  determinism.
- Touches only selftests; safe for all stable series carrying this test.

Given the above, this is a good candidate for stable backport to keep
the selftests reliable and deterministic.

 tools/testing/selftests/net/fcnal-test.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index f0fb114764b24..cf535c23a959a 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -424,6 +424,8 @@ create_ns()
 	ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1
 	ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1
 	ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.forwarding=1
+	ip netns exec ${ns} sysctl -qw net.ipv6.conf.default.accept_dad=0
+	ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.accept_dad=0
 }
 
 # create veth pair to connect namespaces and apply addresses.
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ