Re: [PATCH] ipv6:fix crash when idev is NULL

From: Nicolas Dichtel
Date: Thu Apr 07 2022 - 12:10:58 EST



Le 07/04/2022 à 16:08, Eric Dumazet a écrit :
[snip]
>
> And CC patch author for feedback.
Thanks Eric.

>
> In this case I suspect:
>
> commit ccd27f05ae7b8ebc40af5b004e94517a919aa862
> Author: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
> Date: Tue Jul 6 11:13:35 2021 +0200
>
> ipv6: fix 'disable_policy' for fwd packets
I agree.

>
>
>
>> ---
>> net/ipv6/ip6_output.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
>> index 54cabf1c2..347b5600d 100644
>> --- a/net/ipv6/ip6_output.c
>> +++ b/net/ipv6/ip6_output.c
>> @@ -495,6 +495,9 @@ int ip6_forward(struct sk_buff *skb)
>> u32 mtu;
>>
>> idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
>> + if (!idev)
>> + goto drop;
>> +
>> if (net->ipv6.devconf_all->forwarding == 0)
>> goto error;

Dropping packet in this case may introduce another regression, because there was
no drop before commit ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets").

Maybe something like this:
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -485,7 +485,7 @@ int ip6_forward(struct sk_buff *skb)
goto drop;

if (!net->ipv6.devconf_all->disable_policy &&
- !idev->cnf.disable_policy &&
+ (!idev || !idev->cnf.disable_policy) &&
!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
__IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
goto drop;

I could submit it formally tomorrow.


Regards,
Nicolas