Hi Nikolay, url: https://github.com/0day-ci/linux/commits/Nikolay-Aleksandrov/net-bridge-mcast-initial-IGMPv3-support-part-1/20200902-193339 base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git dc1a9bf2c8169d9f607502162af1858a73a18cb8 config: i386-randconfig-m021-20200902 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> New smatch warnings: net/bridge/br_multicast.c:359 br_ip4_multicast_alloc_query() error: use kfree_skb() here instead of kfree(skb) Old smatch warnings: net/bridge/br_multicast.c:711 br_multicast_add_group() error: potential null dereference 'mp'. (br_multicast_new_group returns null) # https://github.com/0day-ci/linux/commit/6ed1da60b015f4e607ee2dcaaf557306a1bd3b57 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Nikolay-Aleksandrov/net-bridge-mcast-initial-IGMPv3-support-part-1/20200902-193339 git checkout 6ed1da60b015f4e607ee2dcaaf557306a1bd3b57 vim +359 net/bridge/br_multicast.c 8ef2a9a5985499 YOSHIFUJI Hideaki 2010-04-18 230 static struct sk_buff *br_ip4_multicast_alloc_query(struct net_bridge *br, 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 231 struct net_bridge_port_group *pg, 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 232 __be32 ip_dst, __be32 group, 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 233 bool with_srcs, bool over_lmqt, 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 234 u8 sflag, u8 *igmp_type) eb1d16414339a6 Herbert Xu 2010-02-27 235 { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 236 struct net_bridge_port *p = pg ? pg->port : NULL; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 237 struct net_bridge_group_src *ent; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 238 size_t pkt_size, igmp_hdr_size; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 239 unsigned long now = jiffies; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 240 struct igmpv3_query *ihv3; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 241 void *csum_start = NULL; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 242 __sum16 *csum = NULL; eb1d16414339a6 Herbert Xu 2010-02-27 243 struct sk_buff *skb; eb1d16414339a6 Herbert Xu 2010-02-27 244 struct igmphdr *ih; eb1d16414339a6 Herbert Xu 2010-02-27 245 struct ethhdr *eth; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 246 unsigned long lmqt; eb1d16414339a6 Herbert Xu 2010-02-27 247 struct iphdr *iph; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 248 u16 lmqt_srcs = 0; eb1d16414339a6 Herbert Xu 2010-02-27 249 5e9235853d652a Nikolay Aleksandrov 2016-11-21 250 igmp_hdr_size = sizeof(*ih); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 251 if (br->multicast_igmp_version == 3) { 5e9235853d652a Nikolay Aleksandrov 2016-11-21 252 igmp_hdr_size = sizeof(*ihv3); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 253 if (pg && with_srcs) { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 254 lmqt = now + (br->multicast_last_member_interval * 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 255 br->multicast_last_member_count); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 256 hlist_for_each_entry(ent, &pg->src_list, node) { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 257 if (over_lmqt == time_after(ent->timer.expires, 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 258 lmqt) && 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 259 ent->src_query_rexmit_cnt > 0) 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 260 lmqt_srcs++; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 261 } 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 262 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 263 if (!lmqt_srcs) 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 264 return NULL; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 265 igmp_hdr_size += lmqt_srcs * sizeof(__be32); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 266 } 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 267 } 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 268 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 269 pkt_size = sizeof(*eth) + sizeof(*iph) + 4 + igmp_hdr_size; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 270 if ((p && pkt_size > p->dev->mtu) || 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 271 pkt_size > br->dev->mtu) 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 272 return NULL; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 273 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 274 skb = netdev_alloc_skb_ip_align(br->dev, pkt_size); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ eb1d16414339a6 Herbert Xu 2010-02-27 275 if (!skb) eb1d16414339a6 Herbert Xu 2010-02-27 276 goto out; eb1d16414339a6 Herbert Xu 2010-02-27 277 eb1d16414339a6 Herbert Xu 2010-02-27 278 skb->protocol = htons(ETH_P_IP); eb1d16414339a6 Herbert Xu 2010-02-27 279 eb1d16414339a6 Herbert Xu 2010-02-27 280 skb_reset_mac_header(skb); eb1d16414339a6 Herbert Xu 2010-02-27 281 eth = eth_hdr(skb); eb1d16414339a6 Herbert Xu 2010-02-27 282 e5a727f6632654 Joe Perches 2014-02-23 283 ether_addr_copy(eth->h_source, br->dev->dev_addr); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 284 ip_eth_mc_map(ip_dst, eth->h_dest); eb1d16414339a6 Herbert Xu 2010-02-27 285 eth->h_proto = htons(ETH_P_IP); eb1d16414339a6 Herbert Xu 2010-02-27 286 skb_put(skb, sizeof(*eth)); eb1d16414339a6 Herbert Xu 2010-02-27 287 eb1d16414339a6 Herbert Xu 2010-02-27 288 skb_set_network_header(skb, skb->len); eb1d16414339a6 Herbert Xu 2010-02-27 289 iph = ip_hdr(skb); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 290 iph->tot_len = htons(pkt_size - sizeof(*eth)); eb1d16414339a6 Herbert Xu 2010-02-27 291 eb1d16414339a6 Herbert Xu 2010-02-27 292 iph->version = 4; eb1d16414339a6 Herbert Xu 2010-02-27 293 iph->ihl = 6; eb1d16414339a6 Herbert Xu 2010-02-27 294 iph->tos = 0xc0; eb1d16414339a6 Herbert Xu 2010-02-27 295 iph->id = 0; eb1d16414339a6 Herbert Xu 2010-02-27 296 iph->frag_off = htons(IP_DF); eb1d16414339a6 Herbert Xu 2010-02-27 297 iph->ttl = 1; eb1d16414339a6 Herbert Xu 2010-02-27 298 iph->protocol = IPPROTO_IGMP; 675779adbf7c80 Nikolay Aleksandrov 2018-09-26 299 iph->saddr = br_opt_get(br, BROPT_MULTICAST_QUERY_USE_IFADDR) ? 1c8ad5bfa2be50 Cong Wang 2013-05-21 300 inet_select_addr(br->dev, 0, RT_SCOPE_LINK) : 0; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 301 iph->daddr = ip_dst; eb1d16414339a6 Herbert Xu 2010-02-27 302 ((u8 *)&iph[1])[0] = IPOPT_RA; eb1d16414339a6 Herbert Xu 2010-02-27 303 ((u8 *)&iph[1])[1] = 4; eb1d16414339a6 Herbert Xu 2010-02-27 304 ((u8 *)&iph[1])[2] = 0; eb1d16414339a6 Herbert Xu 2010-02-27 305 ((u8 *)&iph[1])[3] = 0; eb1d16414339a6 Herbert Xu 2010-02-27 306 ip_send_check(iph); eb1d16414339a6 Herbert Xu 2010-02-27 307 skb_put(skb, 24); eb1d16414339a6 Herbert Xu 2010-02-27 308 eb1d16414339a6 Herbert Xu 2010-02-27 309 skb_set_transport_header(skb, skb->len); 1080ab95e3c7bd Nikolay Aleksandrov 2016-06-28 310 *igmp_type = IGMP_HOST_MEMBERSHIP_QUERY; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 311 5e9235853d652a Nikolay Aleksandrov 2016-11-21 312 switch (br->multicast_igmp_version) { 5e9235853d652a Nikolay Aleksandrov 2016-11-21 313 case 2: 5e9235853d652a Nikolay Aleksandrov 2016-11-21 314 ih = igmp_hdr(skb); eb1d16414339a6 Herbert Xu 2010-02-27 315 ih->type = IGMP_HOST_MEMBERSHIP_QUERY; eb1d16414339a6 Herbert Xu 2010-02-27 316 ih->code = (group ? br->multicast_last_member_interval : eb1d16414339a6 Herbert Xu 2010-02-27 317 br->multicast_query_response_interval) / eb1d16414339a6 Herbert Xu 2010-02-27 318 (HZ / IGMP_TIMER_SCALE); eb1d16414339a6 Herbert Xu 2010-02-27 319 ih->group = group; eb1d16414339a6 Herbert Xu 2010-02-27 320 ih->csum = 0; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 321 csum = &ih->csum; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 322 csum_start = (void *)ih; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 323 break; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 324 case 3: 5e9235853d652a Nikolay Aleksandrov 2016-11-21 325 ihv3 = igmpv3_query_hdr(skb); 5e9235853d652a Nikolay Aleksandrov 2016-11-21 326 ihv3->type = IGMP_HOST_MEMBERSHIP_QUERY; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 327 ihv3->code = (group ? br->multicast_last_member_interval : 5e9235853d652a Nikolay Aleksandrov 2016-11-21 328 br->multicast_query_response_interval) / 5e9235853d652a Nikolay Aleksandrov 2016-11-21 329 (HZ / IGMP_TIMER_SCALE); 5e9235853d652a Nikolay Aleksandrov 2016-11-21 330 ihv3->group = group; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 331 ihv3->qqic = br->multicast_query_interval / HZ; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 332 ihv3->nsrcs = htons(lmqt_srcs); 5e9235853d652a Nikolay Aleksandrov 2016-11-21 333 ihv3->resv = 0; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 334 ihv3->suppress = sflag; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 335 ihv3->qrv = 2; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 336 ihv3->csum = 0; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 337 csum = &ihv3->csum; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 338 csum_start = (void *)ihv3; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 339 if (!pg || !with_srcs) 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 340 break; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 341 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 342 lmqt_srcs = 0; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 343 hlist_for_each_entry(ent, &pg->src_list, node) { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 344 if (over_lmqt == time_after(ent->timer.expires, 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 345 lmqt) && 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 346 ent->src_query_rexmit_cnt > 0) { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 347 ihv3->srcs[lmqt_srcs++] = ent->addr.u.ip4; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 348 ent->src_query_rexmit_cnt--; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 349 } 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 350 } 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 351 if (WARN_ON(lmqt_srcs != ntohs(ihv3->nsrcs))) { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 352 kfree_skb(skb); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 353 return NULL; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 354 } 5e9235853d652a Nikolay Aleksandrov 2016-11-21 355 break; 5e9235853d652a Nikolay Aleksandrov 2016-11-21 356 } eb1d16414339a6 Herbert Xu 2010-02-27 357 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 358 if (WARN_ON(!csum || !csum_start)) { 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 @359 kfree(skb); This should be kfree_skb(skb); 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 360 return NULL; 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 361 } 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 362 6ed1da60b015f4 Nikolay Aleksandrov 2020-09-02 363 *csum = ip_compute_csum(csum_start, igmp_hdr_size); 5e9235853d652a Nikolay Aleksandrov 2016-11-21 364 skb_put(skb, igmp_hdr_size); eb1d16414339a6 Herbert Xu 2010-02-27 365 __skb_pull(skb, sizeof(*eth)); eb1d16414339a6 Herbert Xu 2010-02-27 366 eb1d16414339a6 Herbert Xu 2010-02-27 367 out: eb1d16414339a6 Herbert Xu 2010-02-27 368 return skb; eb1d16414339a6 Herbert Xu 2010-02-27 369 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip