Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp6093394ybl; Tue, 27 Aug 2019 14:21:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqyftT4wIwXMuubMiJ4dmP8y3HHhMdiWqZ45KMbm1Cp3ANEHC8zZdEh3bWPQa76YlyvYuEp6 X-Received: by 2002:a63:c304:: with SMTP id c4mr461450pgd.126.1566940893154; Tue, 27 Aug 2019 14:21:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566940893; cv=none; d=google.com; s=arc-20160816; b=B+X+e88Ss9XoQk8GSJeDfJ88Sfy4K0C7d8LuinnCErsKCPxcER7ltHm85MAeYFkfLE k/7gJsCRQykjYuhVkLkKQKIWK8xVxSOn7OCnQFZWXGnWNn4dxGjIUw1bl2Ch/Wx411/A HX3sbkDeNEQbMcN2RdGVSDkP7SplW6D4DANMsEZVoM4bi5lAElm/7i/AfJhJVprMEaua RCv8uOpGTt/0pNY0PP8G8661QZszKwtSy37mzS1oY5TyT0CH4mR0Gs6LWA+bnmtqNpXp 8FU/gExGG9oiJBzVxpDISSIoDSPY1dTbOOcnoVeGmnxUeHBFG8LZ8yLzAdvfCzUn54CM XvJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=JOXgB7Rr3/fW/0irVArQlLwvDbvfeoYfgZOwIOXPLeQ=; b=HlPdaW6VIDAmdK0x8j57DcOCfk/3orHXoyahAnXS53j4xNYfbw4ZKGUm0U94/+4Y+L RMR94W+PHhaJldosD6OcRzyjd6mcPqACcX3/dfo38Qj173Lh+5dkUYCNDam94ep3qx48 hYDqUQWQNsxJPkqp3USF77vSJ8neNMUgd2Z6V54JraR+9ZX7YWD84SeuJz7mgitPxRJM v3mbSiQhkXabYFONq9w5CkXYo+Bq1gDvcpYc1jYfSiyuWC/Yzkx0DRgFL05ZPZ2D7aa3 B/AETd1Mugc6QQTOovJG9vSNRlt3xcEAUIs0M0GO8Cm7W62hkTK8qFOpGrcyjuuABKyu VKPA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 91si217884ply.113.2019.08.27.14.21.16; Tue, 27 Aug 2019 14:21:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730695AbfH0VTy (ORCPT + 99 others); Tue, 27 Aug 2019 17:19:54 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:50866 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726871AbfH0VTx (ORCPT ); Tue, 27 Aug 2019 17:19:53 -0400 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::d71]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id A682A1534D21E; Tue, 27 Aug 2019 14:19:52 -0700 (PDT) Date: Tue, 27 Aug 2019 14:19:50 -0700 (PDT) Message-Id: <20190827.141950.540994003351676048.davem@davemloft.net> To: leonardo@linux.ibm.com Cc: pablo@netfilter.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kadlec@netfilter.org, fw@strlen.de, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org Subject: Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot From: David Miller In-Reply-To: <77c43754ff72e9a2e8048ccd032351cf0186080a.camel@linux.ibm.com> References: <20190821141505.2394-1-leonardo@linux.ibm.com> <20190827103541.vzwqwg4jlbuzajxu@salvia> <77c43754ff72e9a2e8048ccd032351cf0186080a.camel@linux.ibm.com> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 27 Aug 2019 14:19:53 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Leonardo Bras Date: Tue, 27 Aug 2019 14:34:14 -0300 > I could reproduce this bug on a host ('ipv6.disable=1') starting a > guest with a virtio-net interface with 'filterref' over a virtual > bridge. It crashes the host during guest boot (just before login). > > By that I could understand that a guest IPv6 network traffic > (viavirtio-net) may cause this kernel panic. Really this is bad and I suspected bridging to be involved somehow. If ipv6 is disabled ipv6 traffic should not pass through the machine by any means whatsoever. Otherwise there is no point to the knob and we will keep having to add hack checks all over the tree instead of fixing the fundamental issue.