2022-04-16 01:04:37

by Dan Carpenter

[permalink] [raw]
Subject: [saeed:net-next 243/261] net/ipv6/ip6_input.c:169 ip6_rcv_core() error: we previously assumed 'idev' could be null (see line 167)

tree: https://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git net-next
head: 8ac2beba64a8c9072480094c86b9eab8b6cebd99
commit: 4daf841a2ef3b2e987894c8107d309ce2b67c202 [243/261] net: ipv6: add skb drop reasons to ip6_rcv_core()
config: i386-randconfig-m021 (https://download.01.org/0day-ci/archive/20220414/[email protected]/config)
compiler: gcc-11 (Debian 11.2.0-19) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>

New smatch warnings:
net/ipv6/ip6_input.c:169 ip6_rcv_core() error: we previously assumed 'idev' could be null (see line 167)

vim +/idev +169 net/ipv6/ip6_input.c

d8269e2cbf908f Edward Cree 2018-07-05 145 static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev,
d8269e2cbf908f Edward Cree 2018-07-05 146 struct net *net)
^1da177e4c3f41 Linus Torvalds 2005-04-16 147 {
4daf841a2ef3b2 Menglong Dong 2022-04-13 148 enum skb_drop_reason reason;
b71d1d426d263b Eric Dumazet 2011-04-22 149 const struct ipv6hdr *hdr;
^1da177e4c3f41 Linus Torvalds 2005-04-16 150 u32 pkt_len;
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 151 struct inet6_dev *idev;
^1da177e4c3f41 Linus Torvalds 2005-04-16 152
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 153 if (skb->pkt_type == PACKET_OTHERHOST) {
794c24e9921f32 Jeffrey Ji 2022-04-06 154 dev_core_stats_rx_otherhost_dropped_inc(skb->dev);
4daf841a2ef3b2 Menglong Dong 2022-04-13 155 kfree_skb_reason(skb, SKB_DROP_REASON_OTHERHOST);
d8269e2cbf908f Edward Cree 2018-07-05 156 return NULL;
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 157 }
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 158
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 159 rcu_read_lock();
^1da177e4c3f41 Linus Torvalds 2005-04-16 160
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 161 idev = __in6_dev_get(skb->dev);
a11d206d0f88e0 YOSHIFUJI Hideaki 2006-11-04 162
c2005eb01044e8 Eric Dumazet 2016-04-27 163 __IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_IN, skb->len);
^1da177e4c3f41 Linus Torvalds 2005-04-16 164
4daf841a2ef3b2 Menglong Dong 2022-04-13 165 SKB_DR_SET(reason, NOT_SPECIFIED);
778d80be526995 YOSHIFUJI Hideaki 2008-06-28 166 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
778d80be526995 YOSHIFUJI Hideaki 2008-06-28 @167 !idev || unlikely(idev->cnf.disable_ipv6)) {
^^^^^
Check for NULL

1d0155035918aa Eric Dumazet 2016-04-27 168 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
4daf841a2ef3b2 Menglong Dong 2022-04-13 @169 if (unlikely(idev->cnf.disable_ipv6))
^^^^^^
Patch adds unchecked dereference.

4daf841a2ef3b2 Menglong Dong 2022-04-13 170 SKB_DR_SET(reason, IPV6DISABLED);
71f6f6dfdf7c7a Jesper Nilsson 2009-03-27 171 goto drop;
^1da177e4c3f41 Linus Torvalds 2005-04-16 172 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 173
6b7fdc3ae18a05 Guillaume Chazarain 2006-07-24 174 memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
6b7fdc3ae18a05 Guillaume Chazarain 2006-07-24 175

--
0-DAY CI Kernel Test Service
https://01.org/lkp