Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot

From: David Miller
Date: Tue Aug 27 2019 - 17:19:54 EST

Next message: Srinivas Kandagatla: "Re: [alsa-devel] [RESEND PATCH v4 1/4] dt-bindings: soundwire: add slave bindings"
Previous message: Martin Blumenstingl: "Re: [PATCHv4 0/3] Odroid c2 usb fixs"
In reply to: Leonardo Bras: "Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Next in thread: Leonardo Bras: "Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leonardo Bras <leonardo@xxxxxxxxxxxxx>
Date: Tue, 27 Aug 2019 14:34:14 -0300

> I could reproduce this bug on a host ('ipv6.disable=1') starting a
> guest with a virtio-net interface with 'filterref' over a virtual
> bridge. It crashes the host during guest boot (just before login).
>
> By that I could understand that a guest IPv6 network traffic
> (viavirtio-net) may cause this kernel panic.

Really this is bad and I suspected bridging to be involved somehow.

If ipv6 is disabled ipv6 traffic should not pass through the machine
by any means whatsoever. Otherwise there is no point to the knob
and we will keep having to add hack checks all over the tree instead
of fixing the fundamental issue.

Next message: Srinivas Kandagatla: "Re: [alsa-devel] [RESEND PATCH v4 1/4] dt-bindings: soundwire: add slave bindings"
Previous message: Martin Blumenstingl: "Re: [PATCHv4 0/3] Odroid c2 usb fixs"
In reply to: Leonardo Bras: "Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Next in thread: Leonardo Bras: "Re: [PATCH v2 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]