lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <201704270759.QTwxqqhI%fengguang.wu@intel.com>
Date:   Thu, 27 Apr 2017 07:41:05 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Donatas Abraitis <donatas.abraitis@...il.com>
Cc:     kbuild-all@...org, davem@...emloft.net, netdev@...r.kernel.org,
        stable@...r.kernel.org, donatas.abraitis@...il.com
Subject: Re: [PATCH net-next v1] net: ipv6: make sure multicast packets are
 not forwarded beyond the different scopes

Hi Donatas,

[auto build test ERROR on net-next/master]

url:    https://github.com/0day-ci/linux/commits/Donatas-Abraitis/net-ipv6-make-sure-multicast-packets-are-not-forwarded-beyond-the-different-scopes/20170426-180846
config: x86_64-rhel (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   net//ipv6/ip6_input.c: In function 'ipv6_rcv':
>> net//ipv6/ip6_input.c:174:10: error: expected ')' before 'goto'
             goto err;
             ^~~~
>> net//ipv6/ip6_input.c:225:1: error: expected expression before '}' token
    }
    ^
>> net//ipv6/ip6_input.c:166:3: error: label 'err' used but not defined
      goto err;
      ^~~~
>> net//ipv6/ip6_input.c:95:3: error: label 'drop' used but not defined
      goto drop;
      ^~~~
   net//ipv6/ip6_input.c:77:6: warning: unused variable 'pkt_len' [-Wunused-variable]
     u32 pkt_len;
         ^~~~~~~
   net//ipv6/ip6_input.c:225:1: warning: control reaches end of non-void function [-Wreturn-type]
    }
    ^

vim +174 net//ipv6/ip6_input.c

    89	
    90		__IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_IN, skb->len);
    91	
    92		if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
    93		    !idev || unlikely(idev->cnf.disable_ipv6)) {
    94			__IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
  > 95			goto drop;
    96		}
    97	
    98		memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
    99	
   100		/*
   101		 * Store incoming device index. When the packet will
   102		 * be queued, we cannot refer to skb->dev anymore.
   103		 *
   104		 * BTW, when we send a packet for our own local address on a
   105		 * non-loopback interface (e.g. ethX), it is being delivered
   106		 * via the loopback interface (lo) here; skb->dev = loopback_dev.
   107		 * It, however, should be considered as if it is being
   108		 * arrived via the sending interface (ethX), because of the
   109		 * nature of scoping architecture. --yoshfuji
   110		 */
   111		IP6CB(skb)->iif = skb_valid_dst(skb) ? ip6_dst_idev(skb_dst(skb))->dev->ifindex : dev->ifindex;
   112	
   113		if (unlikely(!pskb_may_pull(skb, sizeof(*hdr))))
   114			goto err;
   115	
   116		hdr = ipv6_hdr(skb);
   117	
   118		if (hdr->version != 6)
   119			goto err;
   120	
   121		__IP6_ADD_STATS(net, idev,
   122				IPSTATS_MIB_NOECTPKTS +
   123					(ipv6_get_dsfield(hdr) & INET_ECN_MASK),
   124				max_t(unsigned short, 1, skb_shinfo(skb)->gso_segs));
   125		/*
   126		 * RFC4291 2.5.3
   127		 * The loopback address must not be used as the source address in IPv6
   128		 * packets that are sent outside of a single node. [..]
   129		 * A packet received on an interface with a destination address
   130		 * of loopback must be dropped.
   131		 */
   132		if ((ipv6_addr_loopback(&hdr->saddr) ||
   133		     ipv6_addr_loopback(&hdr->daddr)) &&
   134		     !(dev->flags & IFF_LOOPBACK))
   135			goto err;
   136	
   137		/* RFC4291 Errata ID: 3480
   138		 * Interface-Local scope spans only a single interface on a
   139		 * node and is useful only for loopback transmission of
   140		 * multicast.  Packets with interface-local scope received
   141		 * from another node must be discarded.
   142		 */
   143		if (!(skb->pkt_type == PACKET_LOOPBACK ||
   144		      dev->flags & IFF_LOOPBACK) &&
   145		    ipv6_addr_is_multicast(&hdr->daddr) &&
   146		    IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 1)
   147			goto err;
   148	
   149		/* If enabled, drop unicast packets that were encapsulated in link-layer
   150		 * multicast or broadcast to protected against the so-called "hole-196"
   151		 * attack in 802.11 wireless.
   152		 */
   153		if (!ipv6_addr_is_multicast(&hdr->daddr) &&
   154		    (skb->pkt_type == PACKET_BROADCAST ||
   155		     skb->pkt_type == PACKET_MULTICAST) &&
   156		    idev->cnf.drop_unicast_in_l2_multicast)
   157			goto err;
   158	
   159		/* RFC4291 2.7
   160		 * Nodes must not originate a packet to a multicast address whose scope
   161		 * field contains the reserved value 0; if such a packet is received, it
   162		 * must be silently dropped.
   163		 */
   164		if (ipv6_addr_is_multicast(&hdr->daddr) &&
   165		    IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0)
 > 166			goto err;
   167	
   168		/* RFC4291 2.7
   169		 * Routers must not forward any multicast packets beyond of the scope
   170		 * indicated by the scop field in the destination multicast address.
   171		*/
   172		if (ipv6_addr_is_multicast(&hdr->daddr) &&
   173		    IPV6_ADDR_MC_SCOPE(&hdr->daddr) != IPV6_ADDR_MC_SCOPE(&hdr->saddr)
 > 174		        goto err;
   175	
   176		/*
   177		 * RFC4291 2.7
   178		 * Multicast addresses must not be used as source addresses in IPv6
   179		 * packets or appear in any Routing header.
   180		 */
   181		if (ipv6_addr_is_multicast(&hdr->saddr))
   182			goto err;
   183	
   184		skb->transport_header = skb->network_header + sizeof(*hdr);
   185		IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
   186	
   187		pkt_len = ntohs(hdr->payload_len);
   188	
   189		/* pkt_len may be zero if Jumbo payload option is present */
   190		if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
   191			if (pkt_len + sizeof(struct ipv6hdr) > skb->len) {
   192				__IP6_INC_STATS(net,
   193						idev, IPSTATS_MIB_INTRUNCATEDPKTS);
   194				goto drop;
   195			}
   196			if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) {
   197				__IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
   198				goto drop;
   199			}
   200			hdr = ipv6_hdr(skb);
   201		}
   202	
   203		if (hdr->nexthdr == NEXTHDR_HOP) {
   204			if (ipv6_parse_hopopts(skb) < 0) {
   205				__IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
   206				rcu_read_unlock();
   207				return NET_RX_DROP;
   208			}
   209		}
   210	
   211		rcu_read_unlock();
   212	
   213		/* Must drop socket now because of tproxy. */
   214		skb_orphan(skb);
   215	
   216		return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
   217			       net, NULL, skb, dev, NULL,
   218			       ip6_rcv_finish);
   219	err:
   220		__IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
   221	drop:
   222		rcu_read_unlock();
   223		kfree_skb(skb);
   224		return NET_RX_DROP;
 > 225	}
   226	
   227	/*
   228	 *	Deliver the packet to the host

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Download attachment ".config.gz" of type "application/gzip" (38891 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ