Once my last patchset got applied, I got slapped by an automatic smatch
and build bot. Here are two patches fixing the according issues, a potential
null pointer dereference and a compile error when compiling without IPv6.
[PATCH 1/2] is probably not the ideal solution - the assignment of the
group and max_delay is still a mess and has subtle differences between
IGMPv2, IGMPv3, MLDv1 and MLDv2. That should probably be fixed $later.
But for now, I think the easier fix might be better, restoring the
behaviour before my "adhere to querier mechanism" patch and therefore
keeping things bisect'able.
Cheers, Linus
"New smatch warnings:
net/bridge/br_multicast.c:1368 br_ip6_multicast_query() error:
we previously assumed 'group' could be null (see line 1349)"
In the rare (sort of broken) case of a query having a Maximum
Response Delay of zero, we could create a potential null pointer
dereference.
Fixing this by skipping the multicast specific MLD Query parsing again
if no multicast group address is available.
Introduced by dc4eb53a996a78bfb8ea07b47423ff5a3aadc362
("bridge: adhere to querier election mechanism specified by RFCs")
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Linus Lüssing <[email protected]>
---
net/bridge/br_multicast.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index cd3cf39..876e5fb 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1373,6 +1373,8 @@ static int br_ip6_multicast_query(struct net_bridge *br,
br_multicast_query_received(br, port, &br->ip6_other_query,
&saddr, max_delay);
goto out;
+ } else if (!group) {
+ goto out;
}
mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group, vid);
--
1.7.10.4
Some fields in "struct net_bridge" aren't available when compiling the
kernel without IPv6 support. Therefore adding a check/macro to skip the
complaining code sections in that case.
Introduced by 2cd4143192e8c60f66cb32c3a30c76d0470a372d
("bridge: memorize and export selected IGMP/MLD querier port")
Reported-by: kbuild test robot <[email protected]>
Signed-off-by: Linus Lüssing <[email protected]>
---
net/bridge/br_multicast.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 876e5fb..abfa0b65 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -2246,11 +2246,13 @@ bool br_multicast_has_querier_adjacent(struct net_device *dev, int proto)
rcu_dereference(br->ip4_querier.port) == port)
goto unlock;
break;
+#if IS_ENABLED(CONFIG_IPV6)
case ETH_P_IPV6:
if (!timer_pending(&br->ip6_other_query.timer) ||
rcu_dereference(br->ip6_querier.port) == port)
goto unlock;
break;
+#endif
default:
goto unlock;
}
--
1.7.10.4
From: Linus L?ssing <[email protected]>
Date: Thu, 12 Jun 2014 01:41:22 +0200
> Once my last patchset got applied, I got slapped by an automatic smatch
> and build bot. Here are two patches fixing the according issues, a potential
> null pointer dereference and a compile error when compiling without IPv6.
Series applied, thanks.