| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200903121832.GD8299@kadam>
Date: Thu, 3 Sep 2020 15:18:33 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
netdev@...r.kernel.org
Cc: lkp@...el.com, Dan Carpenter <error27@...il.com>,
kbuild-all@...ts.01.org, roopa@...dia.com,
bridge@...ts.linux-foundation.org, davem@...emloft.net,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
Subject: Re: [PATCH net-next v2 04/15] net: bridge: mcast: add support for
group-and-source specific queries
Hi Nikolay,
url: https://github.com/0day-ci/linux/commits/Nikolay-Aleksandrov/net-bridge-mcast-initial-IGMPv3-support-part-1/20200902-193339
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git dc1a9bf2c8169d9f607502162af1858a73a18cb8
config: i386-randconfig-m021-20200902 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
New smatch warnings:
net/bridge/br_multicast.c:359 br_ip4_multicast_alloc_query() error: use kfree_skb() here instead of kfree(skb)
Old smatch warnings:
net/bridge/br_multicast.c:711 br_multicast_add_group() error: potential null dereference 'mp'. (br_multicast_new_group returns null)
# https://github.com/0day-ci/linux/commit/6ed1da60b015f4e607ee2dcaaf557306a1bd3b57
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Nikolay-Aleksandrov/net-bridge-mcast-initial-IGMPv3-support-part-1/20200902-193339
git checkout 6ed1da60b015f4e607ee2dcaaf557306a1bd3b57
vim +359 net/bridge/br_multicast.c
8ef2a9a5985499 YOSHIFUJI Hideaki 2010-04-18 230 static struct sk_buff *br_ip4_multicast_alloc_query(struct net_bridge *br,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 231 struct net_bridge_port_group *pg,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 232 __be32 ip_dst, __be32 group,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 233 bool with_srcs, bool over_lmqt,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 234 u8 sflag, u8 *igmp_type)
eb1d16414339a6 Herbert Xu 2010-02-27 235 {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 236 struct net_bridge_port *p = pg ? pg->port : NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 237 struct net_bridge_group_src *ent;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 238 size_t pkt_size, igmp_hdr_size;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 239 unsigned long now = jiffies;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 240 struct igmpv3_query *ihv3;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 241 void *csum_start = NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 242 __sum16 *csum = NULL;
eb1d16414339a6 Herbert Xu 2010-02-27 243 struct sk_buff *skb;
eb1d16414339a6 Herbert Xu 2010-02-27 244 struct igmphdr *ih;
eb1d16414339a6 Herbert Xu 2010-02-27 245 struct ethhdr *eth;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 246 unsigned long lmqt;
eb1d16414339a6 Herbert Xu 2010-02-27 247 struct iphdr *iph;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 248 u16 lmqt_srcs = 0;
eb1d16414339a6 Herbert Xu 2010-02-27 249
5e9235853d652a Nikolay Aleksandrov 2016-11-21 250 igmp_hdr_size = sizeof(*ih);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 251 if (br->multicast_igmp_version == 3) {
5e9235853d652a Nikolay Aleksandrov 2016-11-21 252 igmp_hdr_size = sizeof(*ihv3);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 253 if (pg && with_srcs) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 254 lmqt = now + (br->multicast_last_member_interval *
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 255 br->multicast_last_member_count);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 256 hlist_for_each_entry(ent, &pg->src_list, node) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 257 if (over_lmqt == time_after(ent->timer.expires,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 258 lmqt) &&
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 259 ent->src_query_rexmit_cnt > 0)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 260 lmqt_srcs++;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 261 }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 262
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 263 if (!lmqt_srcs)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 264 return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 265 igmp_hdr_size += lmqt_srcs * sizeof(__be32);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 266 }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 267 }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 268
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 269 pkt_size = sizeof(*eth) + sizeof(*iph) + 4 + igmp_hdr_size;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 270 if ((p && pkt_size > p->dev->mtu) ||
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 271 pkt_size > br->dev->mtu)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 272 return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 273
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 274 skb = netdev_alloc_skb_ip_align(br->dev, pkt_size);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
eb1d16414339a6 Herbert Xu 2010-02-27 275 if (!skb)
eb1d16414339a6 Herbert Xu 2010-02-27 276 goto out;
eb1d16414339a6 Herbert Xu 2010-02-27 277
eb1d16414339a6 Herbert Xu 2010-02-27 278 skb->protocol = htons(ETH_P_IP);
eb1d16414339a6 Herbert Xu 2010-02-27 279
eb1d16414339a6 Herbert Xu 2010-02-27 280 skb_reset_mac_header(skb);
eb1d16414339a6 Herbert Xu 2010-02-27 281 eth = eth_hdr(skb);
eb1d16414339a6 Herbert Xu 2010-02-27 282
e5a727f6632654 Joe Perches 2014-02-23 283 ether_addr_copy(eth->h_source, br->dev->dev_addr);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 284 ip_eth_mc_map(ip_dst, eth->h_dest);
eb1d16414339a6 Herbert Xu 2010-02-27 285 eth->h_proto = htons(ETH_P_IP);
eb1d16414339a6 Herbert Xu 2010-02-27 286 skb_put(skb, sizeof(*eth));
eb1d16414339a6 Herbert Xu 2010-02-27 287
eb1d16414339a6 Herbert Xu 2010-02-27 288 skb_set_network_header(skb, skb->len);
eb1d16414339a6 Herbert Xu 2010-02-27 289 iph = ip_hdr(skb);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 290 iph->tot_len = htons(pkt_size - sizeof(*eth));
eb1d16414339a6 Herbert Xu 2010-02-27 291
eb1d16414339a6 Herbert Xu 2010-02-27 292 iph->version = 4;
eb1d16414339a6 Herbert Xu 2010-02-27 293 iph->ihl = 6;
eb1d16414339a6 Herbert Xu 2010-02-27 294 iph->tos = 0xc0;
eb1d16414339a6 Herbert Xu 2010-02-27 295 iph->id = 0;
eb1d16414339a6 Herbert Xu 2010-02-27 296 iph->frag_off = htons(IP_DF);
eb1d16414339a6 Herbert Xu 2010-02-27 297 iph->ttl = 1;
eb1d16414339a6 Herbert Xu 2010-02-27 298 iph->protocol = IPPROTO_IGMP;
675779adbf7c80 Nikolay Aleksandrov 2018-09-26 299 iph->saddr = br_opt_get(br, BROPT_MULTICAST_QUERY_USE_IFADDR) ?
1c8ad5bfa2be50 Cong Wang 2013-05-21 300 inet_select_addr(br->dev, 0, RT_SCOPE_LINK) : 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 301 iph->daddr = ip_dst;
eb1d16414339a6 Herbert Xu 2010-02-27 302 ((u8 *)&iph[1])[0] = IPOPT_RA;
eb1d16414339a6 Herbert Xu 2010-02-27 303 ((u8 *)&iph[1])[1] = 4;
eb1d16414339a6 Herbert Xu 2010-02-27 304 ((u8 *)&iph[1])[2] = 0;
eb1d16414339a6 Herbert Xu 2010-02-27 305 ((u8 *)&iph[1])[3] = 0;
eb1d16414339a6 Herbert Xu 2010-02-27 306 ip_send_check(iph);
eb1d16414339a6 Herbert Xu 2010-02-27 307 skb_put(skb, 24);
eb1d16414339a6 Herbert Xu 2010-02-27 308
eb1d16414339a6 Herbert Xu 2010-02-27 309 skb_set_transport_header(skb, skb->len);
1080ab95e3c7bd Nikolay Aleksandrov 2016-06-28 310 *igmp_type = IGMP_HOST_MEMBERSHIP_QUERY;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 311
5e9235853d652a Nikolay Aleksandrov 2016-11-21 312 switch (br->multicast_igmp_version) {
5e9235853d652a Nikolay Aleksandrov 2016-11-21 313 case 2:
5e9235853d652a Nikolay Aleksandrov 2016-11-21 314 ih = igmp_hdr(skb);
eb1d16414339a6 Herbert Xu 2010-02-27 315 ih->type = IGMP_HOST_MEMBERSHIP_QUERY;
eb1d16414339a6 Herbert Xu 2010-02-27 316 ih->code = (group ? br->multicast_last_member_interval :
eb1d16414339a6 Herbert Xu 2010-02-27 317 br->multicast_query_response_interval) /
eb1d16414339a6 Herbert Xu 2010-02-27 318 (HZ / IGMP_TIMER_SCALE);
eb1d16414339a6 Herbert Xu 2010-02-27 319 ih->group = group;
eb1d16414339a6 Herbert Xu 2010-02-27 320 ih->csum = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 321 csum = &ih->csum;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 322 csum_start = (void *)ih;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 323 break;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 324 case 3:
5e9235853d652a Nikolay Aleksandrov 2016-11-21 325 ihv3 = igmpv3_query_hdr(skb);
5e9235853d652a Nikolay Aleksandrov 2016-11-21 326 ihv3->type = IGMP_HOST_MEMBERSHIP_QUERY;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 327 ihv3->code = (group ? br->multicast_last_member_interval :
5e9235853d652a Nikolay Aleksandrov 2016-11-21 328 br->multicast_query_response_interval) /
5e9235853d652a Nikolay Aleksandrov 2016-11-21 329 (HZ / IGMP_TIMER_SCALE);
5e9235853d652a Nikolay Aleksandrov 2016-11-21 330 ihv3->group = group;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 331 ihv3->qqic = br->multicast_query_interval / HZ;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 332 ihv3->nsrcs = htons(lmqt_srcs);
5e9235853d652a Nikolay Aleksandrov 2016-11-21 333 ihv3->resv = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 334 ihv3->suppress = sflag;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 335 ihv3->qrv = 2;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 336 ihv3->csum = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 337 csum = &ihv3->csum;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 338 csum_start = (void *)ihv3;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 339 if (!pg || !with_srcs)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 340 break;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 341
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 342 lmqt_srcs = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 343 hlist_for_each_entry(ent, &pg->src_list, node) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 344 if (over_lmqt == time_after(ent->timer.expires,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 345 lmqt) &&
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 346 ent->src_query_rexmit_cnt > 0) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 347 ihv3->srcs[lmqt_srcs++] = ent->addr.u.ip4;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 348 ent->src_query_rexmit_cnt--;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 349 }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 350 }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 351 if (WARN_ON(lmqt_srcs != ntohs(ihv3->nsrcs))) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 352 kfree_skb(skb);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 353 return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 354 }
5e9235853d652a Nikolay Aleksandrov 2016-11-21 355 break;
5e9235853d652a Nikolay Aleksandrov 2016-11-21 356 }
eb1d16414339a6 Herbert Xu 2010-02-27 357
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 358 if (WARN_ON(!csum || !csum_start)) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 @359 kfree(skb);
This should be kfree_skb(skb);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 360 return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 361 }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 362
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 363 *csum = ip_compute_csum(csum_start, igmp_hdr_size);
5e9235853d652a Nikolay Aleksandrov 2016-11-21 364 skb_put(skb, igmp_hdr_size);
eb1d16414339a6 Herbert Xu 2010-02-27 365 __skb_pull(skb, sizeof(*eth));
eb1d16414339a6 Herbert Xu 2010-02-27 366
eb1d16414339a6 Herbert Xu 2010-02-27 367 out:
eb1d16414339a6 Herbert Xu 2010-02-27 368 return skb;
eb1d16414339a6 Herbert Xu 2010-02-27 369 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (30741 bytes)
Powered by blists - more mailing lists