lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 23 Aug 2020 04:10:54 +0800
From:   kernel test robot <lkp@...el.com>
To:     Hangbin Liu <liuhangbin@...il.com>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: net/ipv6/ndisc.c:1362 ndisc_router_discovery() warn: unsigned
 'rtime' is never less than zero.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   c3d8f220d01220a5b253e422be407d068dc65511
commit: 19e16d220f0adbf899a652dfb1fde2e3a95153e9 neigh: support smaller retrans_time settting
date:   5 months ago
config: mips-randconfig-m031-20200823 (attached as .config)
compiler: mipsel-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

smatch warnings:
net/ipv6/ndisc.c:1362 ndisc_router_discovery() warn: unsigned 'rtime' is never less than zero.

# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19e16d220f0adbf899a652dfb1fde2e3a95153e9
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 19e16d220f0adbf899a652dfb1fde2e3a95153e9
vim +/rtime +1362 net/ipv6/ndisc.c

  1238	
  1239		if (in6_dev->if_flags & IF_RS_SENT) {
  1240			/*
  1241			 *	flag that an RA was received after an RS was sent
  1242			 *	out on this interface.
  1243			 */
  1244			in6_dev->if_flags |= IF_RA_RCVD;
  1245		}
  1246	
  1247		/*
  1248		 * Remember the managed/otherconf flags from most recently
  1249		 * received RA message (RFC 2462) -- yoshfuji
  1250		 */
  1251		old_if_flags = in6_dev->if_flags;
  1252		in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
  1253					IF_RA_OTHERCONF)) |
  1254					(ra_msg->icmph.icmp6_addrconf_managed ?
  1255						IF_RA_MANAGED : 0) |
  1256					(ra_msg->icmph.icmp6_addrconf_other ?
  1257						IF_RA_OTHERCONF : 0);
  1258	
  1259		if (old_if_flags != in6_dev->if_flags)
  1260			send_ifinfo_notify = true;
  1261	
  1262		if (!in6_dev->cnf.accept_ra_defrtr) {
  1263			ND_PRINTK(2, info,
  1264				  "RA: %s, defrtr is false for dev: %s\n",
  1265				  __func__, skb->dev->name);
  1266			goto skip_defrtr;
  1267		}
  1268	
  1269		/* Do not accept RA with source-addr found on local machine unless
  1270		 * accept_ra_from_local is set to true.
  1271		 */
  1272		net = dev_net(in6_dev->dev);
  1273		if (!in6_dev->cnf.accept_ra_from_local &&
  1274		    ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
  1275			ND_PRINTK(2, info,
  1276				  "RA from local address detected on dev: %s: default router ignored\n",
  1277				  skb->dev->name);
  1278			goto skip_defrtr;
  1279		}
  1280	
  1281		lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
  1282	
  1283	#ifdef CONFIG_IPV6_ROUTER_PREF
  1284		pref = ra_msg->icmph.icmp6_router_pref;
  1285		/* 10b is handled as if it were 00b (medium) */
  1286		if (pref == ICMPV6_ROUTER_PREF_INVALID ||
  1287		    !in6_dev->cnf.accept_ra_rtr_pref)
  1288			pref = ICMPV6_ROUTER_PREF_MEDIUM;
  1289	#endif
  1290		/* routes added from RAs do not use nexthop objects */
  1291		rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
  1292		if (rt) {
  1293			neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
  1294						 rt->fib6_nh->fib_nh_dev, NULL,
  1295						  &ipv6_hdr(skb)->saddr);
  1296			if (!neigh) {
  1297				ND_PRINTK(0, err,
  1298					  "RA: %s got default router without neighbour\n",
  1299					  __func__);
  1300				fib6_info_release(rt);
  1301				return;
  1302			}
  1303		}
  1304		if (rt && lifetime == 0) {
  1305			ip6_del_rt(net, rt);
  1306			rt = NULL;
  1307		}
  1308	
  1309		ND_PRINTK(3, info, "RA: rt: %p  lifetime: %d, for dev: %s\n",
  1310			  rt, lifetime, skb->dev->name);
  1311		if (!rt && lifetime) {
  1312			ND_PRINTK(3, info, "RA: adding default router\n");
  1313	
  1314			rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
  1315						 skb->dev, pref);
  1316			if (!rt) {
  1317				ND_PRINTK(0, err,
  1318					  "RA: %s failed to add default route\n",
  1319					  __func__);
  1320				return;
  1321			}
  1322	
  1323			neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
  1324						 rt->fib6_nh->fib_nh_dev, NULL,
  1325						  &ipv6_hdr(skb)->saddr);
  1326			if (!neigh) {
  1327				ND_PRINTK(0, err,
  1328					  "RA: %s got default router without neighbour\n",
  1329					  __func__);
  1330				fib6_info_release(rt);
  1331				return;
  1332			}
  1333			neigh->flags |= NTF_ROUTER;
  1334		} else if (rt) {
  1335			rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
  1336		}
  1337	
  1338		if (rt)
  1339			fib6_set_expires(rt, jiffies + (HZ * lifetime));
  1340		if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
  1341		    ra_msg->icmph.icmp6_hop_limit) {
  1342			if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
  1343				in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
  1344				fib6_metric_set(rt, RTAX_HOPLIMIT,
  1345						ra_msg->icmph.icmp6_hop_limit);
  1346			} else {
  1347				ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
  1348			}
  1349		}
  1350	
  1351	skip_defrtr:
  1352	
  1353		/*
  1354		 *	Update Reachable Time and Retrans Timer
  1355		 */
  1356	
  1357		if (in6_dev->nd_parms) {
  1358			unsigned long rtime = ntohl(ra_msg->retrans_timer);
  1359	
  1360			if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
  1361				rtime = (rtime*HZ)/1000;
> 1362				if (rtime < HZ/100)
  1363					rtime = HZ/100;
  1364				NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
  1365				in6_dev->tstamp = jiffies;
  1366				send_ifinfo_notify = true;
  1367			}
  1368	
  1369			rtime = ntohl(ra_msg->reachable_time);
  1370			if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
  1371				rtime = (rtime*HZ)/1000;
  1372	
  1373				if (rtime < HZ/10)
  1374					rtime = HZ/10;
  1375	
  1376				if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
  1377					NEIGH_VAR_SET(in6_dev->nd_parms,
  1378						      BASE_REACHABLE_TIME, rtime);
  1379					NEIGH_VAR_SET(in6_dev->nd_parms,
  1380						      GC_STALETIME, 3 * rtime);
  1381					in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
  1382					in6_dev->tstamp = jiffies;
  1383					send_ifinfo_notify = true;
  1384				}
  1385			}
  1386		}
  1387	
  1388		/*
  1389		 *	Send a notify if RA changed managed/otherconf flags or timer settings
  1390		 */
  1391		if (send_ifinfo_notify)
  1392			inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
  1393	
  1394	skip_linkparms:
  1395	
  1396		/*
  1397		 *	Process options.
  1398		 */
  1399	
  1400		if (!neigh)
  1401			neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
  1402					       skb->dev, 1);
  1403		if (neigh) {
  1404			u8 *lladdr = NULL;
  1405			if (ndopts.nd_opts_src_lladdr) {
  1406				lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
  1407							     skb->dev);
  1408				if (!lladdr) {
  1409					ND_PRINTK(2, warn,
  1410						  "RA: invalid link-layer address length\n");
  1411					goto out;
  1412				}
  1413			}
  1414			ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
  1415				     NEIGH_UPDATE_F_WEAK_OVERRIDE|
  1416				     NEIGH_UPDATE_F_OVERRIDE|
  1417				     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
  1418				     NEIGH_UPDATE_F_ISROUTER,
  1419				     NDISC_ROUTER_ADVERTISEMENT, &ndopts);
  1420		}
  1421	
  1422		if (!ipv6_accept_ra(in6_dev)) {
  1423			ND_PRINTK(2, info,
  1424				  "RA: %s, accept_ra is false for dev: %s\n",
  1425				  __func__, skb->dev->name);
  1426			goto out;
  1427		}
  1428	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (29066 bytes)

Powered by blists - more mailing lists