* [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset
@ 2014-06-11 23:41 Linus Lüssing
2014-06-11 23:41 ` [PATCH 1/2] bridge: fix smatch warning / potential null pointer dereference Linus Lüssing
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Linus Lüssing @ 2014-06-11 23:41 UTC (permalink / raw)
To: netdev
Cc: bridge, Stephen Hemminger, David S. Miller, linux-kernel,
Linus Lüssing
Once my last patchset got applied, I got slapped by an automatic smatch
and build bot. Here are two patches fixing the according issues, a potential
null pointer dereference and a compile error when compiling without IPv6.
[PATCH 1/2] is probably not the ideal solution - the assignment of the
group and max_delay is still a mess and has subtle differences between
IGMPv2, IGMPv3, MLDv1 and MLDv2. That should probably be fixed $later.
But for now, I think the easier fix might be better, restoring the
behaviour before my "adhere to querier mechanism" patch and therefore
keeping things bisect'able.
Cheers, Linus
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] bridge: fix smatch warning / potential null pointer dereference
2014-06-11 23:41 [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset Linus Lüssing
@ 2014-06-11 23:41 ` Linus Lüssing
2014-06-11 23:41 ` [PATCH 2/2] bridge: fix compile error when compiling without IPv6 support Linus Lüssing
2014-06-12 18:00 ` [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Linus Lüssing @ 2014-06-11 23:41 UTC (permalink / raw)
To: netdev
Cc: bridge, Stephen Hemminger, David S. Miller, linux-kernel,
Linus Lüssing
"New smatch warnings:
net/bridge/br_multicast.c:1368 br_ip6_multicast_query() error:
we previously assumed 'group' could be null (see line 1349)"
In the rare (sort of broken) case of a query having a Maximum
Response Delay of zero, we could create a potential null pointer
dereference.
Fixing this by skipping the multicast specific MLD Query parsing again
if no multicast group address is available.
Introduced by dc4eb53a996a78bfb8ea07b47423ff5a3aadc362
("bridge: adhere to querier election mechanism specified by RFCs")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
net/bridge/br_multicast.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index cd3cf39..876e5fb 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1373,6 +1373,8 @@ static int br_ip6_multicast_query(struct net_bridge *br,
br_multicast_query_received(br, port, &br->ip6_other_query,
&saddr, max_delay);
goto out;
+ } else if (!group) {
+ goto out;
}
mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group, vid);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] bridge: fix compile error when compiling without IPv6 support
2014-06-11 23:41 [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset Linus Lüssing
2014-06-11 23:41 ` [PATCH 1/2] bridge: fix smatch warning / potential null pointer dereference Linus Lüssing
@ 2014-06-11 23:41 ` Linus Lüssing
2014-06-12 18:00 ` [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Linus Lüssing @ 2014-06-11 23:41 UTC (permalink / raw)
To: netdev
Cc: bridge, Stephen Hemminger, David S. Miller, linux-kernel,
Linus Lüssing
Some fields in "struct net_bridge" aren't available when compiling the
kernel without IPv6 support. Therefore adding a check/macro to skip the
complaining code sections in that case.
Introduced by 2cd4143192e8c60f66cb32c3a30c76d0470a372d
("bridge: memorize and export selected IGMP/MLD querier port")
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
net/bridge/br_multicast.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 876e5fb..abfa0b65 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -2246,11 +2246,13 @@ bool br_multicast_has_querier_adjacent(struct net_device *dev, int proto)
rcu_dereference(br->ip4_querier.port) == port)
goto unlock;
break;
+#if IS_ENABLED(CONFIG_IPV6)
case ETH_P_IPV6:
if (!timer_pending(&br->ip6_other_query.timer) ||
rcu_dereference(br->ip6_querier.port) == port)
goto unlock;
break;
+#endif
default:
goto unlock;
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset
2014-06-11 23:41 [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset Linus Lüssing
2014-06-11 23:41 ` [PATCH 1/2] bridge: fix smatch warning / potential null pointer dereference Linus Lüssing
2014-06-11 23:41 ` [PATCH 2/2] bridge: fix compile error when compiling without IPv6 support Linus Lüssing
@ 2014-06-12 18:00 ` David Miller
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2014-06-12 18:00 UTC (permalink / raw)
To: linus.luessing; +Cc: netdev, bridge, stephen, linux-kernel
From: Linus Lüssing <linus.luessing@web.de>
Date: Thu, 12 Jun 2014 01:41:22 +0200
> Once my last patchset got applied, I got slapped by an automatic smatch
> and build bot. Here are two patches fixing the according issues, a potential
> null pointer dereference and a compile error when compiling without IPv6.
Series applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-12 18:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-11 23:41 [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset Linus Lüssing
2014-06-11 23:41 ` [PATCH 1/2] bridge: fix smatch warning / potential null pointer dereference Linus Lüssing
2014-06-11 23:41 ` [PATCH 2/2] bridge: fix compile error when compiling without IPv6 support Linus Lüssing
2014-06-12 18:00 ` [PATCH 0/2 net-next] bridge: fix bugs introduced by last multicast patchset David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).