On Fri, Oct 06, 2023 at 07:52:19AM +0200, Greg KH wrote:
> On Thu, Oct 05, 2023 at 02:37:59PM -0700, Patrick Rohr wrote:
> > On Mon, Sep 25, 2023 at 2:10 PM Patrick Rohr <prohr@xxxxxxxxxx> wrote:
> > >
> > > This series adds a new sysctl accept_ra_min_lft which enforces a minimum
> > > lifetime value for individual RA sections; in particular, router
> > > lifetime, PIO preferred lifetime, and RIO lifetime. If any of those
> > > lifetimes are lower than the configured value, the specific RA section
> > > is ignored.
> > >
> > > This fixes a potential denial of service attack vector where rogue WiFi
> > > routers (or devices) can send RAs with low lifetimes to actively drain a
> > > mobile device's battery (by preventing sleep).
> > >
> > > In addition to this change, Android uses hardware offloads to drop RAs
> > > for a fraction of the minimum of all lifetimes present in the RA (some
> > > networks have very frequent RAs (5s) with high lifetimes (2h)). Despite
> > > this, we have encountered networks that set the router lifetime to 30s
> > > which results in very frequent CPU wakeups. Instead of disabling IPv6
> > > (and dropping IPv6 ethertype in the WiFi firmware) entirely on such
> > > networks, misconfigured routers must be ignored while still processing
> > > RAs from other IPv6 routers on the same network (i.e. to support IoT
> > > applications).
> > >
> > > Patches:
> > > - 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft")
> > > - 5027d54a9c30 ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes")
> > > - 5cb249686e67 ("net: release reference to inet6_dev pointer")
> > >
> > > Patrick Rohr (3):
> > > net: add sysctl accept_ra_min_rtr_lft
> > > net: change accept_ra_min_rtr_lft to affect all RA lifetimes
> > > net: release reference to inet6_dev pointer
> > >
> > > Documentation/networking/ip-sysctl.rst | 8 ++++++++
> > > include/linux/ipv6.h | 1 +
> > > include/uapi/linux/ipv6.h | 1 +
> > > net/ipv6/addrconf.c | 13 +++++++++++++
> > > net/ipv6/ndisc.c | 13 +++++++++++--
> > > 5 files changed, 34 insertions(+), 2 deletions(-)
> > >
> > > --
> > > 2.42.0.515.g380fc7ccd1-goog
> > >
> >
> > Was this rejected?
> > Any resolution on this (ACK or NAK) would be useful. Thanks!
>
> They are in our "to get to" queue, which is very long still due to
> multiple conferences and travel.
>
> But I will note, you didn't put the git id of the patches in the patches
> themselves, so it will take me extra work to add them there when
> applying.
>
> Also, why just 6.1? What about newer stable kernels? You can't update
> and have a regression, right?
Note, because of this, we can not take these patches now at all anyway :(
thanks,
greg k-h
