From: Fernando Fernandez Mancera <fmancera@suse.de>
To: David Ahern <dsahern@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>
Cc: "Ricardo B. Marlière" <rbm@suse.com>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Simon Horman" <horms@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Eduard Zingerman" <eddyz87@gmail.com>,
"Song Liu" <song@kernel.org>,
"Yonghong Song" <yonghong.song@linux.dev>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@kernel.org>,
"Stanislav Fomichev" <sdf@fomichev.me>,
"Hao Luo" <haoluo@google.com>, "Jiri Olsa" <jolsa@kernel.org>,
"Ido Schimmel" <idosch@nvidia.com>,
"Guillaume Nault" <gnault@redhat.com>,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH 09/11 net-next v5] bpf: remove ipv6_bpf_stub completely and use direct function calls
Date: Thu, 26 Mar 2026 00:41:32 +0100 [thread overview]
Message-ID: <77792d0f-925f-4600-913c-b9dcdf8e9ea9@suse.de> (raw)
In-Reply-To: <93822084-f558-4194-be2b-cb328b81e412@kernel.org>
On 3/25/26 11:40 PM, David Ahern wrote:
> On 3/25/26 2:29 PM, Fernando Fernandez Mancera wrote:
>> Hi Martin,
>>
>> I don't think so. The IS_ENABLED(CONFIG_IPV6) check here is just to
>> prevent an undefined reference when compiling with CONFIG_IPV6=n. Note
>> that this code isn't reachable when ipv6.disable=1 is set during
>> booting, as it would have crashed even before this change because
>> ipv6_stub->nd_tbl is NULL if the IPV6 is disabled since booting.
>>
>> We addressed the vulnerable paths already during this series:
>>
>> https://lore.kernel.org/netdev/20260307-net-nd_tbl_fixes-v4-0-e2677e85628c@suse.com/#
>
> What about the use case of IPv4 routes with IPv6 nexthop address? Has
> that been tested with a bpf forwarding program?
>
Hi David, I did the following testing:
1. ipv6.disabled=1 since booting - the IPv6 nexthop cannot be added to
the IPv4 route at all.
2. ipv6.disabled=1 after booting but before configuring the IPv4 route -
same result as above.
3. ipv6.disabled=1 after booting and after the IPv4 is configured - the
neighbor lookup is fine as the nd_tbl is initialized. It didn't crash.
I did tracing to make sure that code path was hit. I tested the
forwarding with 3 namespaces 1<-->2<-->3 loading the BPF program on the
second one performing the bpf_fib_lookup() instruction.
I could do more testing regarding this if needed, let me know.
Thanks,
Fernando.
next prev parent reply other threads:[~2026-03-25 23:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 12:08 [PATCH 00/11 net-next v5] Convert CONFIG_IPV6 to built-in and remove stubs Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 01/11 net-next v5] ipv6: convert CONFIG_IPV6 to built-in only and clean up Kconfigs Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 02/11 net-next v5] net: remove EXPORT_IPV6_MOD() and EXPORT_IPV6_MOD_GPL() macros Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 03/11 net-next v5] ipv6: replace IS_BUILTIN(CONFIG_IPV6) with IS_ENABLED(CONFIG_IPV6) Fernando Fernandez Mancera
2026-03-25 17:33 ` Martin KaFai Lau
2026-03-25 12:08 ` [PATCH 04/11 net-next v5] ipv6: remove dynamic ICMPv6 sender registration infrastructure Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 05/11 net-next v5] ipv6: prepare headers for ipv6_stub removal Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 06/11 net-next v5] drivers: net: drop ipv6_stub usage and use direct function calls Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 07/11 net-next v5] ipv4: " Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 08/11 net-next v5] net: convert remaining ipv6_stub users to " Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 09/11 net-next v5] bpf: remove ipv6_bpf_stub completely and use " Fernando Fernandez Mancera
2026-03-25 19:11 ` Martin KaFai Lau
2026-03-25 20:29 ` Fernando Fernandez Mancera
2026-03-25 21:36 ` Martin KaFai Lau
2026-03-25 22:40 ` David Ahern
2026-03-25 23:41 ` Fernando Fernandez Mancera [this message]
2026-03-25 12:08 ` [PATCH 10/11 net-next v5] ipv6: remove ipv6_stub infrastructure completely Fernando Fernandez Mancera
2026-03-25 12:08 ` [PATCH 11/11 net-next v5] netfilter: remove nf_ipv6_ops and use direct function calls Fernando Fernandez Mancera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=77792d0f-925f-4600-913c-b9dcdf8e9ea9@suse.de \
--to=fmancera@suse.de \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=haoluo@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rbm@suse.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox