Re: [PATCH 3/6] net: Guard Legacy IP entry points with CONFIG_LEGACY_IP
From: bot+bpf-ci
Date: Wed Apr 01 2026 - 05:44:53 EST
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -1922,7 +1922,15 @@ static int __init inet_init(void)
> /*
> * Tell SOCKET that we are alive...
> */
> + /* Initialize the socket-side protocol switch tables. */
> + for (r = &inetsw[0]; r < &inetsw[SOCK_MAX]; ++r)
> + INIT_LIST_HEAD(r);
> +
> +#ifdef CONFIG_XFRM
> + xfrm_init();
> +#endif
>
> +#ifdef CONFIG_LEGACY_IP
> (void)sock_register(&inet_family_ops);
Moving xfrm_init() here places it before sock_register(), but
xfrm_init() calls xfrm_nat_keepalive_init(AF_INET) which creates
per-cpu PF_INET sockets via this chain:
xfrm_init()
xfrm_nat_keepalive_init(AF_INET)
nat_keepalive_sk_init(&nat_keepalive_sk_ipv4, PF_INET)
inet_ctl_sock_create(&sk, PF_INET, ...)
sock_create_kern()
__sock_create()
pf = rcu_dereference(net_families[PF_INET]);
if (!pf) -> returns -EAFNOSUPPORT
Since sock_register(&inet_family_ops) has not been called yet,
net_families[PF_INET] is still NULL at this point. This causes
xfrm_nat_keepalive_init(AF_INET) to silently fail (the return
value is not checked by xfrm_init()), leaving the IPv4 XFRM NAT
keepalive sockets uninitialized.
This affects the default CONFIG_LEGACY_IP=y configuration as
well, not just IPv6-only builds. Would it be better to leave
xfrm_init() after sock_register(), or move the
xfrm_nat_keepalive_init(AF_INET) call into xfrm4_init() where
it would run after IPv4 socket registration is complete?
Previously, xfrm_init() was called from ip_rt_init() which ran
well after sock_register():
inet_init()
sock_register(&inet_family_ops) <-- AF_INET available
...
ip_init()
ip_rt_init()
xfrm_init() <-- worked fine
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/23838411859