From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85DEBC433EF for ; Thu, 7 Apr 2022 16:10:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345615AbiDGQMy (ORCPT ); Thu, 7 Apr 2022 12:12:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232236AbiDGQMx (ORCPT ); Thu, 7 Apr 2022 12:12:53 -0400 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7AA0885950 for ; Thu, 7 Apr 2022 09:10:52 -0700 (PDT) Received: by mail-wr1-x431.google.com with SMTP id w21so8596884wra.2 for ; Thu, 07 Apr 2022 09:10:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google; h=message-id:date:mime-version:user-agent:reply-to:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=x3pmqaNa0PtoIU8gER1caXrBLSF1ODzqLerDmxXVK74=; b=MgRcFKvzVOm0BRJ319dcP8h1WJEwcpMeVvWHzlMWQr0kErX58XxhIu7uM1vZ0ppypR LZhIW2MhkAeb1lep7tKBBvc/Bx1daATg6H0d8iJcak05ID3LNkRl1I21jJDE8tnwdywY 5x8nJQHS4JNm8I7KCMbjnWQOx2ji0VycJiunDlt9/CVHtp6Q9JdkK41obWdoNhMd68cX OwUXm0x/HcMIAcTbwhZsxI3dNpA2/9q1teuEl9daUDS0hPYh/+n/ksmmi+K92PMhUH9b 4jVWenunsBgb7yAwVgMqQotVzS0oouIz+ZuEXQFXB3cXWxJ/oPdgElH9k8HCXeaA997o Aq9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:reply-to :subject:content-language:to:cc:references:from:organization :in-reply-to:content-transfer-encoding; bh=x3pmqaNa0PtoIU8gER1caXrBLSF1ODzqLerDmxXVK74=; b=gEwMH/SXtEAQS17oZDtpsDz4ESOj+Y7rcChLYkoPCK6ft5EEnNe5movqe8my1KFM6o BlkCytPZqQVogO6NJx1ybRb3e+++0xfLJnH6GlfsaU87JpcH8uhtVC+oTGTmNd+74nAb ntmsJaD1GM4D+Gu3Vzo7MFqWTaflGyHsoso+p7OZH8SZ8oIDT29rCMU22aBuAnkuB4LD Pz49vN1cP9XNrMZIA69TjoNFnVIR6RqP3Q/AO2gqI7wSSBnLqhSScGTRi0DMNO1RKcZy GmotXinn/d/fy/b14+1kP33rqK1N2+ZWvno/gv6v8VNxlDHFaz2u/Px6fANtbf29peRu TROA== X-Gm-Message-State: AOAM530iMT8bwZvwxm3ATaJCrtU7UsTlcpbIIyTBtD4TWzKVz3EFEW2z qYTxOhUw9rzxe7LrlW+NjJX4sQ== X-Google-Smtp-Source: ABdhPJw3v3eQrWyaBWPZCs/0STYwsAh4zpwNJHkq77RkY9jCBCfXuw86xtXgxD9aX1BYf7EwzrEKNg== X-Received: by 2002:adf:f90e:0:b0:203:e0fd:e9af with SMTP id b14-20020adff90e000000b00203e0fde9afmr11446956wrr.154.1649347850954; Thu, 07 Apr 2022 09:10:50 -0700 (PDT) Received: from ?IPV6:2a01:e0a:b41:c160:6115:f172:4f40:31e9? ([2a01:e0a:b41:c160:6115:f172:4f40:31e9]) by smtp.gmail.com with ESMTPSA id f9-20020adff589000000b002060fcd92e9sm11380422wro.14.2022.04.07.09.10.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Apr 2022 09:10:50 -0700 (PDT) Message-ID: <59150cd5-9950-2479-a992-94dcdaa5e63c@6wind.com> Date: Thu, 7 Apr 2022 18:10:49 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Reply-To: nicolas.dichtel@6wind.com Subject: Re: [PATCH] ipv6:fix crash when idev is NULL Content-Language: en-US To: Eric Dumazet , kongweibin Cc: David Miller , Jakub Kicinski , Willem de Bruijn , Pavel Begunkov , David Ahern , Vasily Averin , Martin KaFai Lau , LKML , netdev , rose.chen@huawei.com, liaichun@huawei.com References: <20220407112512.2099221-1-kongweibin2@huawei.com> From: Nicolas Dichtel Organization: 6WIND In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 07/04/2022 à 16:08, Eric Dumazet a écrit : [snip] > > And CC patch author for feedback. Thanks Eric. > > In this case I suspect: > > commit ccd27f05ae7b8ebc40af5b004e94517a919aa862 > Author: Nicolas Dichtel > Date: Tue Jul 6 11:13:35 2021 +0200 > > ipv6: fix 'disable_policy' for fwd packets I agree. > > > >> --- >> net/ipv6/ip6_output.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c >> index 54cabf1c2..347b5600d 100644 >> --- a/net/ipv6/ip6_output.c >> +++ b/net/ipv6/ip6_output.c >> @@ -495,6 +495,9 @@ int ip6_forward(struct sk_buff *skb) >> u32 mtu; >> >> idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif)); >> + if (!idev) >> + goto drop; >> + >> if (net->ipv6.devconf_all->forwarding == 0) >> goto error; Dropping packet in this case may introduce another regression, because there was no drop before commit ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets"). Maybe something like this: --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -485,7 +485,7 @@ int ip6_forward(struct sk_buff *skb) goto drop; if (!net->ipv6.devconf_all->disable_policy && - !idev->cnf.disable_policy && + (!idev || !idev->cnf.disable_policy) && !xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS); goto drop; I could submit it formally tomorrow. Regards, Nicolas