Web lists-archives.com

net/ipv4/netfilter/ipt_CLUSTERIP.c:513 clusterip_tg_check() error: potential null dereference 'config'. (clusterip_config_init returns null)




tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   fa3d493f7a573b4e4e2538486e912093a0161c1b
commit: 5a86d68bcf02f2d1e9a5897dd482079fd5f75e7f netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
date:   3 months ago

New smatch warnings:
net/ipv4/netfilter/ipt_CLUSTERIP.c:513 clusterip_tg_check() error: potential null dereference 'config'.  (clusterip_config_init returns null)

Old smatch warnings:
net/ipv4/netfilter/ipt_CLUSTERIP.c:134 clusterip_config_entry_put() warn: inconsistent returns 'spin_lock:&cn->lock'.
  Locked on:   line 134
  Unlocked on: line 132

vim +/config +513 net/ipv4/netfilter/ipt_CLUSTERIP.c

   456	
   457	static int clusterip_tg_check(const struct xt_tgchk_param *par)
   458	{
   459		struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
   460		const struct ipt_entry *e = par->entryinfo;
   461		struct clusterip_config *config;
   462		int ret, i;
   463	
   464		if (par->nft_compat) {
   465			pr_err("cannot use CLUSTERIP target from nftables compat\n");
   466			return -EOPNOTSUPP;
   467		}
   468	
   469		if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP &&
   470		    cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT &&
   471		    cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
   472			pr_info("unknown mode %u\n", cipinfo->hash_mode);
   473			return -EINVAL;
   474	
   475		}
   476		if (e->ip.dmsk.s_addr != htonl(0xffffffff) ||
   477		    e->ip.dst.s_addr == 0) {
   478			pr_info("Please specify destination IP\n");
   479			return -EINVAL;
   480		}
   481		if (cipinfo->num_local_nodes > ARRAY_SIZE(cipinfo->local_nodes)) {
   482			pr_info("bad num_local_nodes %u\n", cipinfo->num_local_nodes);
   483			return -EINVAL;
   484		}
   485		for (i = 0; i < cipinfo->num_local_nodes; i++) {
   486			if (cipinfo->local_nodes[i] - 1 >=
   487			    sizeof(config->local_nodes) * 8) {
   488				pr_info("bad local_nodes[%d] %u\n",
   489					i, cipinfo->local_nodes[i]);
   490				return -EINVAL;
   491			}
   492		}
   493	
   494		config = clusterip_config_find_get(par->net, e->ip.dst.s_addr, 1);
   495		if (!config) {
   496			if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
   497				pr_info("no config found for %pI4, need 'new'\n",
   498					&e->ip.dst.s_addr);
   499				return -EINVAL;
   500			} else {
   501				config = clusterip_config_init(par->net, cipinfo,
   502							       e->ip.dst.s_addr,
   503							       e->ip.iniface);
   504				if (IS_ERR(config))
   505					return PTR_ERR(config);
   506			}
   507		}
   508	
   509		ret = nf_ct_netns_get(par->net, par->family);
   510		if (ret < 0) {
   511			pr_info("cannot load conntrack support for proto=%u\n",
   512				par->family);
 > 513			clusterip_config_entry_put(config);
   514			clusterip_config_put(config);
   515			return ret;
   516		}
   517	
   518		if (!par->net->xt.clusterip_deprecated_warning) {
   519			pr_info("ipt_CLUSTERIP is deprecated and it will removed soon, "
   520				"use xt_cluster instead\n");
   521			par->net->xt.clusterip_deprecated_warning = true;
   522		}
   523	
   524		cipinfo->config = config;
   525		return ret;
   526	}
   527	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation