Hi,
Static analysis with Coverity had detected an uninitialized pointer read
in function ocelot_flower_parse_key in
drivers/net/ethernet/mscc/ocelot_flower.c introduced by commit:
commit 75944fda1dfe836fdd406bef6cb3cc8a80f7af83
Author: Xiaoliang Yang <xiaoliang.yan...@nxp.com>
Date: Fri Oct 2 15:02:23 2020 +0300
net: mscc: ocelot: offload ingress skbedit and vlan actions to VCAP IS1
The analysis is as follows:
531
10. Condition flow_rule_match_key(rule,
FLOW_DISSECTOR_KEY_IPV4_ADDRS), taking true branch.
11. Condition proto == 2048, taking true branch.
532 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS) &&
533 proto == ETH_P_IP) {
12. var_decl: Declaring variable match without initializer.
534 struct flow_match_ipv4_addrs match;
535 u8 *tmp;
536
13. Condition filter->block_id == VCAP_ES0, taking false branch.
537 if (filter->block_id == VCAP_ES0) {
538 NL_SET_ERR_MSG_MOD(extack,
539 "VCAP ES0 cannot match on
IP address");
540 return -EOPNOTSUPP;
541 }
542
14. Condition filter->block_id == VCAP_IS1, taking true branch.
Uninitialized pointer read (UNINIT)
15. uninit_use: Using uninitialized value match.mask.
543 if (filter->block_id == VCAP_IS1 && *(u32
*)&match.mask->dst) {
544 NL_SET_ERR_MSG_MOD(extack,
545 "Key type S1_NORMAL cannot
match on destination IP");
546 return -EOPNOTSUPP;
547 }
match is declared in line 534 and is not initialized and the
uninitialized match.mask is being dereferenced on line 543. Not sure
what intent was on this and how to fix, hence I'm reporting this issue.
Colin
