From: Wei Wang <wei...@google.com>
Date: Fri, 13 Oct 2017 15:01:08 -0700
> From: Wei Wang <wei...@google.com>
>
> In fib6_locate(), we need to first make sure fn is not NULL before doing
> FIB6_SUBTREE(fn) to avoid crash.
>
> This fixes the following static checker warning:
> net/ipv6/ip6_fib.c:1462 fib6_locate()
> warn: variable dereferenced before check 'fn' (see line 1459)
>
> net/ipv6/ip6_fib.c
> 1458 if (src_len) {
> 1459 struct fib6_node *subtree = FIB6_SUBTREE(fn);
> ^^^^^^^^^^^^^^^^
> We shifted this dereference
>
> 1460
> 1461 WARN_ON(saddr == NULL);
> 1462 if (fn && subtree)
> ^^
> before the check for NULL.
>
> 1463 fn = fib6_locate_1(subtree, saddr, src_len,
> 1464 offsetof(struct rt6_info,
> rt6i_src)
>
> Fixes: 66f5d6ce53e6 ("ipv6: replace rwlock with rcu and spinlock in
> fib6_table")
> Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
> Signed-off-by: Wei Wang <wei...@google.com>
> Acked-by: Eric Dumazet <eduma...@google.com>
Applied.
