Re: [PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check

2016-11-27 Thread David Miller 
From: Manjeet Pawar 
Date: Thu, 24 Nov 2016 16:11:57 +0530

> From: Rohit Thapliyal 
> 
> np checked for NULL and then dereferenced. It should be modified
> for NULL case.
> 
> Signed-off-by: Rohit Thapliyal 
> Signed-off-by: Manjeet Pawar 
> Signed-off-by: Hannes Frederic Sowa 
> Reviewed-by: Akhilesh Kumar 

I do not think inet6_sk(sk) can ever be NULL in this function.

All callers fall into two categories:

1) Calls where arguments already dereference np in some way to
   pass arguments to ip6_xmit():

net/dccp/ipv6.c:err = ip6_xmit(sk, skb, , opt, np->tclass);
net/ipv6/inet6_connection_sock.c:   res = ip6_xmit(sk, skb, , 
rcu_dereference(np->opt),
net/ipv6/tcp_ipv6.c:err = ip6_xmit(sk, skb, fl6, opt, np->tclass);
net/sctp/ipv6.c:res = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), 
np->tclass);

2) Calls where the socket is a "control" socket which is initialized
   at procotol registration time and therefore definitely has
   a proper inet6_sk() pointer set up.

net/dccp/ipv6.c:ip6_xmit(ctl_sk, skb, , NULL, 0);
net/ipv6/tcp_ipv6.c:ip6_xmit(ctl_sk, buff, , NULL, tclass);

Therefore, I think we should simply remove the NULL test entirely.

[PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check

2016-11-24 Thread Manjeet Pawar 
From: Rohit Thapliyal 

np checked for NULL and then dereferenced. It should be modified
for NULL case.

Signed-off-by: Rohit Thapliyal 
Signed-off-by: Manjeet Pawar 
Signed-off-by: Hannes Frederic Sowa 
Reviewed-by: Akhilesh Kumar 

---
v1->v2: Modified as per the suggestion of Hannes
np ? np->autoflowlabel : ip6_default_np_autolabel(net)

 net/ipv6/ip6_output.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 59eb4ed..d734b5e 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -215,11 +215,14 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, 
struct flowi6 *fl6,
 */
if (np)
hlimit = np->hop_limit;
+
if (hlimit < 0)
hlimit = ip6_dst_hoplimit(dst);
 
-   ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
-np->autoflowlabel, fl6));
+   ip6_flow_hdr(hdr, tclass,
+   ip6_make_flowlabel(net, skb, fl6->flowlabel,
+   np ? np->autoflowlabel : ip6_default_np_autolabel(net),
+   fl6));
 
hdr->payload_len = htons(seg_len);
hdr->nexthdr = proto;
-- 
1.9.1