[PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset

[PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset

[Linus Lüssing]

Once my last patchset got applied, I got slapped by an automatic smatch
and build bot. Here are two patches fixing the according issues, a potential
null pointer dereference and a compile error when compiling without IPv6.

[PATCH 1/2] is probably not the ideal solution - the assignment of the
group and max_delay is still a mess and has subtle differences between
IGMPv2, IGMPv3, MLDv1 and MLDv2. That should probably be fixed $later.
But for now, I think the easier fix might be better, restoring the
behaviour before my "adhere to querier mechanism" patch and therefore
keeping things bisect'able.

Cheers, Linus

[PATCH 1/2] bridge: fix smatch warning / potential null pointer dereference

[Linus Lüssing]

 "New smatch warnings:
  net/bridge/br_multicast.c:1368 br_ip6_multicast_query() error:
    we previously assumed 'group' could be null (see line 1349)"

In the rare (sort of broken) case of a query having a Maximum
Response Delay of zero, we could create a potential null pointer
dereference.

Fixing this by skipping the multicast specific MLD Query parsing again
if no multicast group address is available.

Introduced by dc4eb53a996a78bfb8ea07b47423ff5a3aadc362
("bridge: adhere to querier election mechanism specified by RFCs")

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
 net/bridge/br_multicast.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index cd3cf39..876e5fb 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1373,6 +1373,8 @@ static int br_ip6_multicast_query(struct net_bridge *br,
 		br_multicast_query_received(br, port, &br->ip6_other_query,
 					    &saddr, max_delay);
 		goto out;
+	} else if (!group) {
+		goto out;
 	}
 
 	mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group, vid);
-- 
1.7.10.4

[PATCH 2/2] bridge: fix compile error when compiling without IPv6 support

[Linus Lüssing]

Some fields in "struct net_bridge" aren't available when compiling the
kernel without IPv6 support. Therefore adding a check/macro to skip the
complaining code sections in that case.

Introduced by 2cd4143192e8c60f66cb32c3a30c76d0470a372d
("bridge: memorize and export selected IGMP/MLD querier port")

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
 net/bridge/br_multicast.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 876e5fb..abfa0b65 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -2246,11 +2246,13 @@ bool br_multicast_has_querier_adjacent(struct net_device *dev, int proto)
 		    rcu_dereference(br->ip4_querier.port) == port)
 			goto unlock;
 		break;
+#if IS_ENABLED(CONFIG_IPV6)
 	case ETH_P_IPV6:
 		if (!timer_pending(&br->ip6_other_query.timer) ||
 		    rcu_dereference(br->ip6_querier.port) == port)
 			goto unlock;
 		break;
+#endif
 	default:
 		goto unlock;
 	}
-- 
1.7.10.4

Re: [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset

[David Miller]

From: Linus Lüssing <linus.luessing@web.de>
Date: Thu, 12 Jun 2014 01:41:22 +0200

> Once my last patchset got applied, I got slapped by an automatic smatch
> and build bot. Here are two patches fixing the according issues, a potential
> null pointer dereference and a compile error when compiling without IPv6.

Series applied, thanks.