Re: [PATCH net] ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline

2017-09-18 Thread David Miller 
From: Xin Long 
Date: Fri, 15 Sep 2017 15:58:33 +0800

> If ipv6 has been disabled from cmdline since kernel started, it makes
> no sense to allow users to create any ip6 tunnel. Otherwise, it could
> some potential problem.
> 
> Jianlin found a kernel crash caused by this in ip6_gre when he set
> ipv6.disable=1 in grub:
> 
> [  209.588865] Unable to handle kernel paging request for data at address 
> 0x0080
> [  209.588872] Faulting instruction address: 0xc0a3aa6c
> [  209.588879] Oops: Kernel access of bad area, sig: 11 [#1]
> [  209.589062] NIP [c0a3aa6c] fib_rules_lookup+0x4c/0x260
> [  209.589071] LR [c0b9ad90] fib6_rule_lookup+0x50/0xb0
> [  209.589076] Call Trace:
> [  209.589097] fib6_rule_lookup+0x50/0xb0
> [  209.589106] rt6_lookup+0xc4/0x110
> [  209.589116] ip6gre_tnl_link_config+0x214/0x2f0 [ip6_gre]
> [  209.589125] ip6gre_newlink+0x138/0x3a0 [ip6_gre]
> [  209.589134] rtnl_newlink+0x798/0xb80
> [  209.589142] rtnetlink_rcv_msg+0xec/0x390
> [  209.589151] netlink_rcv_skb+0x138/0x150
> [  209.589159] rtnetlink_rcv+0x48/0x70
> [  209.589169] netlink_unicast+0x538/0x640
> [  209.589175] netlink_sendmsg+0x40c/0x480
> [  209.589184] ___sys_sendmsg+0x384/0x4e0
> [  209.589194] SyS_sendmsg+0xd4/0x140
> [  209.589201] SyS_socketcall+0x3e0/0x4f0
> [  209.589209] system_call+0x38/0xe0
> 
> This patch is to return -EOPNOTSUPP in ip6_tunnel_init if ipv6 has been
> disabled from cmdline.
> 
> Reported-by: Jianlin Shi 
> Signed-off-by: Xin Long 

Applied and queued up for -stable, thanks.

[PATCH net] ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline

2017-09-15 Thread Xin Long 
If ipv6 has been disabled from cmdline since kernel started, it makes
no sense to allow users to create any ip6 tunnel. Otherwise, it could
some potential problem.

Jianlin found a kernel crash caused by this in ip6_gre when he set
ipv6.disable=1 in grub:

[  209.588865] Unable to handle kernel paging request for data at address 
0x0080
[  209.588872] Faulting instruction address: 0xc0a3aa6c
[  209.588879] Oops: Kernel access of bad area, sig: 11 [#1]
[  209.589062] NIP [c0a3aa6c] fib_rules_lookup+0x4c/0x260
[  209.589071] LR [c0b9ad90] fib6_rule_lookup+0x50/0xb0
[  209.589076] Call Trace:
[  209.589097] fib6_rule_lookup+0x50/0xb0
[  209.589106] rt6_lookup+0xc4/0x110
[  209.589116] ip6gre_tnl_link_config+0x214/0x2f0 [ip6_gre]
[  209.589125] ip6gre_newlink+0x138/0x3a0 [ip6_gre]
[  209.589134] rtnl_newlink+0x798/0xb80
[  209.589142] rtnetlink_rcv_msg+0xec/0x390
[  209.589151] netlink_rcv_skb+0x138/0x150
[  209.589159] rtnetlink_rcv+0x48/0x70
[  209.589169] netlink_unicast+0x538/0x640
[  209.589175] netlink_sendmsg+0x40c/0x480
[  209.589184] ___sys_sendmsg+0x384/0x4e0
[  209.589194] SyS_sendmsg+0xd4/0x140
[  209.589201] SyS_socketcall+0x3e0/0x4f0
[  209.589209] system_call+0x38/0xe0

This patch is to return -EOPNOTSUPP in ip6_tunnel_init if ipv6 has been
disabled from cmdline.

Reported-by: Jianlin Shi 
Signed-off-by: Xin Long 
---
 net/ipv6/ip6_tunnel.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index ae73164..f2f21c2 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -2259,6 +2259,9 @@ static int __init ip6_tunnel_init(void)
 {
int  err;
 
+   if (!ipv6_mod_enabled())
+   return -EOPNOTSUPP;
+
err = register_pernet_device(_tnl_net_ops);
if (err < 0)
goto out_pernet;
-- 
2.1.0