• Ido Schimmel's avatar
    ipv6: Fix crash when IPv6 is administratively disabled · 76dd0728
    Ido Schimmel authored
    The global 'raw_v6_hashinfo' variable can be accessed even when IPv6 is
    administratively disabled via the 'ipv6.disable=1' kernel command line
    option, leading to a crash [1].
    
    Fix by restoring the original behavior and always initializing the
    variable, regardless of IPv6 support being administratively disabled or
    not.
    
    [1]
     BUG: unable to handle page fault for address: ffffffffffffffc8
     #PF: supervisor read access in kernel mode
     #PF: error_code(0x0000) - not-present page
     PGD 173e18067 P4D 173e18067 PUD 173e1a067 PMD 0
     Oops: 0000 [#1] PREEMPT SMP KASAN
     CPU: 3 PID: 271 Comm: ss Not tainted 6.0.0-rc4-custom-00136-g0727a9a5 #1396
     Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014
     RIP: 0010:raw_diag_dump+0x310/0x7f0
     [...]
     Call Trace:
      <TASK>
      __inet_diag_dump+0x10f/0x2e0
      netlink_dump+0x575/0xfd0
      __netlink_dump_start+0x67b/0x940
      inet_diag_handler_cmd+0x273/0x2d0
      sock_diag_rcv_msg+0x317/0x440
      netlink_rcv_skb+0x15e/0x430
      sock_diag_rcv+0x2b/0x40
      netlink_unicast+0x53b/0x800
      netlink_sendmsg+0x945/0xe60
      ____sys_sendmsg+0x747/0x960
      ___sys_sendmsg+0x13a/0x1e0
      __sys_sendmsg+0x118/0x1e0
      do_syscall_64+0x34/0x80
      entry_SYSCALL_64_after_hwframe+0x63/0xcd
    
    Fixes: 1da177e4 ("Linux-2.6.12-rc2")
    Fixes: 0daf07e5 ("raw: convert raw sockets to RCU")
    Reported-by: default avatarRoberto Ricci <rroberto2r@gmail.com>
    Tested-by: default avatarRoberto Ricci <rroberto2r@gmail.com>
    Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
    Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
    Link: https://lore.kernel.org/r/20220916084821.229287-1-idosch@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
    76dd0728
af_inet6.c 31.4 KB