If IPv6 is disabled on boot (ipv6.disable=1), but nft_fib_inet ends up
dealing with a IPv6 package, it causes a kernel panic in
fib6_node_lookup_1(), crashing in bad_page_fault.
The panic is caused by trying to deference a very low address (0x38
in ppc64le), due to ipv6.fib6_main_tbl = NULL.
BUG: Kernel NULL pointer dereference at 0x00000038
Fix this behavior by dropping IPv6 packages if !ipv6_mod_enabled().
Signed-off-by: Leonardo Bras <leonardo@xxxxxxxxxxxxx>
---
net/netfilter/nft_fib_inet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/netfilter/nft_fib_inet.c b/net/netfilter/nft_fib_inet.c
index 465432e0531b..0017afab3c51 100644
--- a/net/netfilter/nft_fib_inet.c
+++ b/net/netfilter/nft_fib_inet.c
@@ -2,6 +2,7 @@
#include <linux/kernel.h>
#include <linux/init.h>
+#include <linux/ipv6.h>
#include <linux/module.h>
#include <linux/netlink.h>
#include <linux/netfilter.h>
@@ -28,6 +29,8 @@ static void nft_fib_inet_eval(const struct nft_expr *expr,
}
break;
case NFPROTO_IPV6:
+ if (!ipv6_mod_enabled())
+ break;
switch (priv->result) {
case NFT_FIB_RESULT_OIF:
case NFT_FIB_RESULT_OIFNAME:
--
2.20.1
