Re: [PATCH net 1/3] bpf: bpf_out_neigh_v4: Fix nd_tbl NULL dereference when IPv6 is disabled

[Daniel Borkmann]

On 3/3/26 12:18 PM, Fernando Fernandez Mancera wrote:
> On 3/3/26 2:11 AM, Jakub Kicinski wrote:
> > On Mon, 2 Mar 2026 06:58:46 +0100 Daniel Borkmann wrote:
> > > >        } else if (nh->nh_family == AF_INET6) {
> > > > +        if (!ipv6_stub->nd_tbl) {
> > > > +            rcu_read_unlock();
> > > > +            goto out_drop;
> > > > +        }
> > >
> > > Can we just completely get rid of allowing IPv6 as a module?
> > > So either its built-in or not available at all, and then we
> > > can get rid of the stub completely rather than adding checks
> > > in various places which also brings a small performance benefit
> > > of not having indirect calls in some places.
> >
> > +1 fwiw, if someone complains we can revert it back in
> > feels like a complete waste of everyone's time to maintain it
> > https://lore.kernel.org/all/20260224180544.3c865751@xxxxxxxxxx/
>
> Dropping IPv6 as a module sounds good to me. I could prepare a patch for net-next as RFC to start the discussion/feedback loop.
>
> Anyway, I think we still need to fix these crashes on net tree first.
Maybe the "fix" could be to just switch IPV6 from tristate to bool in
the Kconfig, and then once net merges into net-next we could deconstruct
all the helper cruft which makes the late on-demand module loading of
IPv6 work.

If Jakub thinks this is too risky, then sure we can go with the approach
in the patches here (maybe add unlikely to the branches as well), and
the rest would go all via net-next including reverting these ones here
again.

Thanks,
Daniel