Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp2498607ybe; Tue, 3 Sep 2019 13:56:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqxq1gfIR8zloKJjUj7A4fdvOmRiyXhrxRvtTWwX5vCRtSIIGh0XIxLUEL8BfO0bWRDoVsiW X-Received: by 2002:aa7:85c7:: with SMTP id z7mr5604809pfn.58.1567544216080; Tue, 03 Sep 2019 13:56:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567544216; cv=none; d=google.com; s=arc-20160816; b=jJg+v6+N64VSagMFp6io9uFWunrwlTyMl+avVGwE3LJ0Vy62G+b02EqlLkwXSeqzrd Apeb0L2xxRDng/IalR8ZxR0+TvY6ohWZwnViGxfQEC0zL1Fn+7l2+/Nz2IZiwiGNhTZF Bwtqk96ZoR8DXg2wgMdWUBeNWts019BJFgwFuD1P42gNB0e8K5V1Rc9hwl8aaqVmP7kM oE60qXuQsRAPMCROWPtbhRMQv2HhjaWdVLJg8CbYFCGa0ylkHrHgsRQHQDGk3Ul6qLJ9 QTixc9oEZCkdrR3zhBydO9iVupWisg/S3DfYy0I3+qecpZDKwzFwrPNmgfIfeEMkoi2k zMFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=FVbGYUSuFjoegCJgu/1Yu0WTtjCDOXZpagx08NfAZ2A=; b=UJa0CFoe6PiMQODo7jTz6zWHTGjuGuU8iD7VKCrg2Nc8ycT423STFjeSvIoEEYiKam dBmKGxvKhKK6X4NDMfeF+90nQxq/NGis+Auuy8S+0OBQVoJ+2bc0yEA2JBP9nRLJuu6m Wq63PGHKer3T7rneL6HNQZRhfbGojpngTKIrDqEtH2MOv3D8+BOxRhPArwkhEYBkam3h 72K6M8a/+e5AUITR76d0F91ZtJF1vn1SMzYBvQ7zVR1OAc03K4speKuTTGXHvjeaZi8y ooZ637+j8LyTuc0yh17j5qWQePacfHWvYkVil3SGglrNZz9kHkeGEsP+YEVO227DpZ+q ToPg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t1si15737069plo.8.2019.09.03.13.56.40; Tue, 03 Sep 2019 13:56:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727654AbfICUzk (ORCPT + 99 others); Tue, 3 Sep 2019 16:55:40 -0400 Received: from correo.us.es ([193.147.175.20]:34184 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726894AbfICUzj (ORCPT ); Tue, 3 Sep 2019 16:55:39 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id A3A91B6C74 for ; Tue, 3 Sep 2019 22:55:35 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 925A2DA8E8 for ; Tue, 3 Sep 2019 22:55:35 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 797B3B7FFE; Tue, 3 Sep 2019 22:55:35 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 709EED2B1F; Tue, 3 Sep 2019 22:55:33 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Tue, 03 Sep 2019 22:55:33 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from us.es (sys.soleta.eu [212.170.55.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: 1984lsi) by entrada.int (Postfix) with ESMTPSA id 403494251481; Tue, 3 Sep 2019 22:55:33 +0200 (CEST) Date: Tue, 3 Sep 2019 22:55:34 +0200 X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: Leonardo Bras Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Jozsef Kadlecsik , Florian Westphal , Roopa Prabhu , Nikolay Aleksandrov , "David S. Miller" Subject: Re: [PATCH v4 1/2] netfilter: Terminate rule eval if protocol=IPv6 and ipv6 module is disabled Message-ID: <20190903205534.bxcty7pja5bvru5f@salvia> References: <20190830181354.26279-1-leonardo@linux.ibm.com> <20190830181354.26279-2-leonardo@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190830181354.26279-2-leonardo@linux.ibm.com> User-Agent: NeoMutt/20170113 (1.7.2) X-Virus-Scanned: ClamAV using ClamSMTP Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 30, 2019 at 03:13:53PM -0300, Leonardo Bras wrote: > If IPv6 is disabled on boot (ipv6.disable=1), but nft_fib_inet ends up > dealing with a IPv6 packet, it causes a kernel panic in > fib6_node_lookup_1(), crashing in bad_page_fault. > > The panic is caused by trying to deference a very low address (0x38 > in ppc64le), due to ipv6.fib6_main_tbl = NULL. > BUG: Kernel NULL pointer dereference at 0x00000038 > > The kernel panic was reproduced in a host that disabled IPv6 on boot and > have to process guest packets (coming from a bridge) using it's ip6tables. > > Terminate rule evaluation when packet protocol is IPv6 but the ipv6 module > is not loaded. Patch is applied, thanks.