| From e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0 Mon Sep 17 00:00:00 2001 |
| From: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
| Date: Fri, 8 Apr 2022 16:03:42 +0200 |
| Subject: ipv6: fix panic when forwarding a pkt with no in6 dev |
| |
| From: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
| |
| commit e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0 upstream. |
| |
| kongweibin reported a kernel panic in ip6_forward() when input interface |
| has no in6 dev associated. |
| |
| The following tc commands were used to reproduce this panic: |
| tc qdisc del dev vxlan100 root |
| tc qdisc add dev vxlan100 root netem corrupt 5% |
| |
| CC: stable@vger.kernel.org |
| Fixes: ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets") |
| Reported-by: kongweibin <kongweibin2@huawei.com> |
| Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
| Reviewed-by: David Ahern <dsahern@kernel.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/ip6_output.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/net/ipv6/ip6_output.c |
| +++ b/net/ipv6/ip6_output.c |
| @@ -508,7 +508,7 @@ int ip6_forward(struct sk_buff *skb) |
| goto drop; |
| |
| if (!net->ipv6.devconf_all->disable_policy && |
| - !idev->cnf.disable_policy && |
| + (!idev || !idev->cnf.disable_policy) && |
| !xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { |
| __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS); |
| goto drop; |
