Re: [PATCH net-next v2 04/15] net: bridge: mcast: add support for group-and-source specific queries

Dan Carpenter Thu, 03 Sep 2020 05:26:58 -0700

Hi Nikolay,

url:    
https://github.com/0day-ci/linux/commits/Nikolay-Aleksandrov/net-bridge-mcast-initial-IGMPv3-support-part-1/20200902-193339
base:   https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git 
dc1a9bf2c8169d9f607502162af1858a73a18cb8
config: i386-randconfig-m021-20200902 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0


If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>

New smatch warnings:
net/bridge/br_multicast.c:359 br_ip4_multicast_alloc_query() error: use 
kfree_skb() here instead of kfree(skb)

Old smatch warnings:
net/bridge/br_multicast.c:711 br_multicast_add_group() error: potential null 
dereference 'mp'.  (br_multicast_new_group returns null)

# 
https://github.com/0day-ci/linux/commit/6ed1da60b015f4e607ee2dcaaf557306a1bd3b57
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review 
Nikolay-Aleksandrov/net-bridge-mcast-initial-IGMPv3-support-part-1/20200902-193339
git checkout 6ed1da60b015f4e607ee2dcaaf557306a1bd3b57
vim +359 net/bridge/br_multicast.c

8ef2a9a5985499 YOSHIFUJI Hideaki   2010-04-18  230  static struct sk_buff 
*br_ip4_multicast_alloc_query(struct net_bridge *br,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  231                              
                    struct net_bridge_port_group *pg,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  232                              
                    __be32 ip_dst, __be32 group,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  233                              
                    bool with_srcs, bool over_lmqt,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  234                              
                    u8 sflag, u8 *igmp_type)
eb1d16414339a6 Herbert Xu          2010-02-27  235  {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  236      struct net_bridge_port 
*p = pg ? pg->port : NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  237      struct 
net_bridge_group_src *ent;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  238      size_t pkt_size, 
igmp_hdr_size;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  239      unsigned long now = 
jiffies;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  240      struct igmpv3_query 
*ihv3;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  241      void *csum_start = NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  242      __sum16 *csum = NULL;
eb1d16414339a6 Herbert Xu          2010-02-27  243      struct sk_buff *skb;
eb1d16414339a6 Herbert Xu          2010-02-27  244      struct igmphdr *ih;
eb1d16414339a6 Herbert Xu          2010-02-27  245      struct ethhdr *eth;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  246      unsigned long lmqt;
eb1d16414339a6 Herbert Xu          2010-02-27  247      struct iphdr *iph;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  248      u16 lmqt_srcs = 0;
eb1d16414339a6 Herbert Xu          2010-02-27  249  
5e9235853d652a Nikolay Aleksandrov 2016-11-21  250      igmp_hdr_size = 
sizeof(*ih);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  251      if 
(br->multicast_igmp_version == 3) {
5e9235853d652a Nikolay Aleksandrov 2016-11-21  252              igmp_hdr_size = 
sizeof(*ihv3);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  253              if (pg && 
with_srcs) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  254                      lmqt = 
now + (br->multicast_last_member_interval *
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  255                              
      br->multicast_last_member_count);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  256                      
hlist_for_each_entry(ent, &pg->src_list, node) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  257                              
if (over_lmqt == time_after(ent->timer.expires,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  258                              
                            lmqt) &&
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  259                              
    ent->src_query_rexmit_cnt > 0)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  260                              
        lmqt_srcs++;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  261                      }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  262  
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  263                      if 
(!lmqt_srcs)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  264                              
return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  265                      
igmp_hdr_size += lmqt_srcs * sizeof(__be32);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  266              }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  267      }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  268  
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  269      pkt_size = sizeof(*eth) 
+ sizeof(*iph) + 4 + igmp_hdr_size;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  270      if ((p && pkt_size > 
p->dev->mtu) ||
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  271          pkt_size > 
br->dev->mtu)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  272              return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  273  
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  274      skb = 
netdev_alloc_skb_ip_align(br->dev, pkt_size);
                                                        
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

eb1d16414339a6 Herbert Xu          2010-02-27  275      if (!skb)
eb1d16414339a6 Herbert Xu          2010-02-27  276              goto out;
eb1d16414339a6 Herbert Xu          2010-02-27  277  
eb1d16414339a6 Herbert Xu          2010-02-27  278      skb->protocol = 
htons(ETH_P_IP);
eb1d16414339a6 Herbert Xu          2010-02-27  279  
eb1d16414339a6 Herbert Xu          2010-02-27  280      
skb_reset_mac_header(skb);
eb1d16414339a6 Herbert Xu          2010-02-27  281      eth = eth_hdr(skb);
eb1d16414339a6 Herbert Xu          2010-02-27  282  
e5a727f6632654 Joe Perches         2014-02-23  283      
ether_addr_copy(eth->h_source, br->dev->dev_addr);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  284      ip_eth_mc_map(ip_dst, 
eth->h_dest);
eb1d16414339a6 Herbert Xu          2010-02-27  285      eth->h_proto = 
htons(ETH_P_IP);
eb1d16414339a6 Herbert Xu          2010-02-27  286      skb_put(skb, 
sizeof(*eth));
eb1d16414339a6 Herbert Xu          2010-02-27  287  
eb1d16414339a6 Herbert Xu          2010-02-27  288      
skb_set_network_header(skb, skb->len);
eb1d16414339a6 Herbert Xu          2010-02-27  289      iph = ip_hdr(skb);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  290      iph->tot_len = 
htons(pkt_size - sizeof(*eth));
eb1d16414339a6 Herbert Xu          2010-02-27  291  
eb1d16414339a6 Herbert Xu          2010-02-27  292      iph->version = 4;
eb1d16414339a6 Herbert Xu          2010-02-27  293      iph->ihl = 6;
eb1d16414339a6 Herbert Xu          2010-02-27  294      iph->tos = 0xc0;
eb1d16414339a6 Herbert Xu          2010-02-27  295      iph->id = 0;
eb1d16414339a6 Herbert Xu          2010-02-27  296      iph->frag_off = 
htons(IP_DF);
eb1d16414339a6 Herbert Xu          2010-02-27  297      iph->ttl = 1;
eb1d16414339a6 Herbert Xu          2010-02-27  298      iph->protocol = 
IPPROTO_IGMP;
675779adbf7c80 Nikolay Aleksandrov 2018-09-26  299      iph->saddr = 
br_opt_get(br, BROPT_MULTICAST_QUERY_USE_IFADDR) ?
1c8ad5bfa2be50 Cong Wang           2013-05-21  300                   
inet_select_addr(br->dev, 0, RT_SCOPE_LINK) : 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  301      iph->daddr = ip_dst;
eb1d16414339a6 Herbert Xu          2010-02-27  302      ((u8 *)&iph[1])[0] = 
IPOPT_RA;
eb1d16414339a6 Herbert Xu          2010-02-27  303      ((u8 *)&iph[1])[1] = 4;
eb1d16414339a6 Herbert Xu          2010-02-27  304      ((u8 *)&iph[1])[2] = 0;
eb1d16414339a6 Herbert Xu          2010-02-27  305      ((u8 *)&iph[1])[3] = 0;
eb1d16414339a6 Herbert Xu          2010-02-27  306      ip_send_check(iph);
eb1d16414339a6 Herbert Xu          2010-02-27  307      skb_put(skb, 24);
eb1d16414339a6 Herbert Xu          2010-02-27  308  
eb1d16414339a6 Herbert Xu          2010-02-27  309      
skb_set_transport_header(skb, skb->len);
1080ab95e3c7bd Nikolay Aleksandrov 2016-06-28  310      *igmp_type = 
IGMP_HOST_MEMBERSHIP_QUERY;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  311  
5e9235853d652a Nikolay Aleksandrov 2016-11-21  312      switch 
(br->multicast_igmp_version) {
5e9235853d652a Nikolay Aleksandrov 2016-11-21  313      case 2:
5e9235853d652a Nikolay Aleksandrov 2016-11-21  314              ih = 
igmp_hdr(skb);
eb1d16414339a6 Herbert Xu          2010-02-27  315              ih->type = 
IGMP_HOST_MEMBERSHIP_QUERY;
eb1d16414339a6 Herbert Xu          2010-02-27  316              ih->code = 
(group ? br->multicast_last_member_interval :
eb1d16414339a6 Herbert Xu          2010-02-27  317                              
    br->multicast_query_response_interval) /
eb1d16414339a6 Herbert Xu          2010-02-27  318                         (HZ 
/ IGMP_TIMER_SCALE);
eb1d16414339a6 Herbert Xu          2010-02-27  319              ih->group = 
group;
eb1d16414339a6 Herbert Xu          2010-02-27  320              ih->csum = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  321              csum = 
&ih->csum;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  322              csum_start = 
(void *)ih;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  323              break;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  324      case 3:
5e9235853d652a Nikolay Aleksandrov 2016-11-21  325              ihv3 = 
igmpv3_query_hdr(skb);
5e9235853d652a Nikolay Aleksandrov 2016-11-21  326              ihv3->type = 
IGMP_HOST_MEMBERSHIP_QUERY;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  327              ihv3->code = 
(group ? br->multicast_last_member_interval :
5e9235853d652a Nikolay Aleksandrov 2016-11-21  328                              
      br->multicast_query_response_interval) /
5e9235853d652a Nikolay Aleksandrov 2016-11-21  329                           
(HZ / IGMP_TIMER_SCALE);
5e9235853d652a Nikolay Aleksandrov 2016-11-21  330              ihv3->group = 
group;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  331              ihv3->qqic = 
br->multicast_query_interval / HZ;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  332              ihv3->nsrcs = 
htons(lmqt_srcs);
5e9235853d652a Nikolay Aleksandrov 2016-11-21  333              ihv3->resv = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  334              ihv3->suppress 
= sflag;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  335              ihv3->qrv = 2;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  336              ihv3->csum = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  337              csum = 
&ihv3->csum;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  338              csum_start = 
(void *)ihv3;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  339              if (!pg || 
!with_srcs)
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  340                      break;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  341  
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  342              lmqt_srcs = 0;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  343              
hlist_for_each_entry(ent, &pg->src_list, node) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  344                      if 
(over_lmqt == time_after(ent->timer.expires,
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  345                              
                    lmqt) &&
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  346                          
ent->src_query_rexmit_cnt > 0) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  347                              
ihv3->srcs[lmqt_srcs++] = ent->addr.u.ip4;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  348                              
ent->src_query_rexmit_cnt--;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  349                      }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  350              }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  351              if 
(WARN_ON(lmqt_srcs != ntohs(ihv3->nsrcs))) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  352                      
kfree_skb(skb);
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  353                      return 
NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  354              }
5e9235853d652a Nikolay Aleksandrov 2016-11-21  355              break;
5e9235853d652a Nikolay Aleksandrov 2016-11-21  356      }
eb1d16414339a6 Herbert Xu          2010-02-27  357  
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  358      if (WARN_ON(!csum || 
!csum_start)) {
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 @359              kfree(skb);

This should be kfree_skb(skb);

6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  360              return NULL;
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  361      }
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  362  
6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02  363      *csum = 
ip_compute_csum(csum_start, igmp_hdr_size);
5e9235853d652a Nikolay Aleksandrov 2016-11-21  364      skb_put(skb, 
igmp_hdr_size);
eb1d16414339a6 Herbert Xu          2010-02-27  365      __skb_pull(skb, 
sizeof(*eth));
eb1d16414339a6 Herbert Xu          2010-02-27  366  
eb1d16414339a6 Herbert Xu          2010-02-27  367  out:
eb1d16414339a6 Herbert Xu          2010-02-27  368      return skb;
eb1d16414339a6 Herbert Xu          2010-02-27  369  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org

.config.gz
Description: application/gzip

Re: [PATCH net-next v2 04/15] net: bridge: mcast: add support for group-and-source specific queries

Reply via email to