Hello Antony Antony,
Commit 63b21caba17e ("xfrm: introduce forwarding of ICMP Error
messages") from Jan 19, 2024 (linux-next), leads to the following
Smatch static checker warning:
net/xfrm/xfrm_policy.c:3728 __xfrm_policy_check()
error: 'pol' dereferencing possible ERR_PTR()
net/xfrm/xfrm_policy.c
3700 }
3701
3702 if (!pol)
3703 pol = xfrm_policy_lookup(net, &fl, family, dir, if_id);
3704
3705 if (IS_ERR(pol)) {
3706 XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);
3707 return 0;
3708 }
3709
3710 if (!pol && dir == XFRM_POLICY_FWD)
3711 pol = xfrm_in_fwd_icmp(skb, &fl, family, if_id);
^^^^^^^^^^^^^^^^^^^^^^
The patch adds this assignment. xfrm_in_fwd_icmp() can return both NULL
and error pointers.
3712
3713 if (!pol) {
3714 if (net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) {
3715 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS);
3716 return 0;
3717 }
3718
3719 if (sp && secpath_has_nontransport(sp, 0, &xerr_idx)) {
3720 xfrm_secpath_reject(xerr_idx, skb, &fl);
3721 XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS);
3722 return 0;
3723 }
3724 return 1;
3725 }
3726
3727 /* This lockless write can happen from different cpus. */
3728 WRITE_ONCE(pol->curlft.use_time, ktime_get_real_seconds());
^^^^^^^^^^^^^^^^^^^^
Potential error pointer dereference.
3729
3730 pols[0] = pol;
regards,
dan carpenter
