Re: [PATCH] net/ipv4/ip_fragment:fix missing Flags reserved bit set in iphdr

From: Dan Carpenter
Date: Thu May 06 2021 - 05:38:24 EST


Hi meijusan,

url: https://github.com/0day-ci/linux/commits/meijusan/net-ipv4-ip_fragment-fix-missing-Flags-reserved-bit-set-in-iphdr/20210505-212826
base: https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git master
config: i386-randconfig-m021-20210505 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
net/ipv4/ip_output.c:655 ip_fraglist_prepare() error: uninitialized symbol 'ip_evil'.

vim +/ip_evil +655 net/ipv4/ip_output.c

c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 631 void ip_fraglist_prepare(struct sk_buff *skb, struct ip_fraglist_iter *iter)
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 632 {
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 633 unsigned int hlen = iter->hlen;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 634 struct iphdr *iph = iter->iph;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 635 struct sk_buff *frag;
c6cde148fcd3bf meijusan 2021-05-05 636 bool ip_evil;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 637
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 638 frag = iter->frag;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 639 frag->ip_summed = CHECKSUM_NONE;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 640 skb_reset_transport_header(frag);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 641 __skb_push(frag, hlen);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 642 skb_reset_network_header(frag);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 643 memcpy(skb_network_header(frag), iph, hlen);
c6cde148fcd3bf meijusan 2021-05-05 644 if (ntohs(iph->frag_off) & IP_EVIL)
c6cde148fcd3bf meijusan 2021-05-05 645 ip_evil = true;

"ip_evil" is never set to false.

c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 646 iter->iph = ip_hdr(frag);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 647 iph = iter->iph;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 648 iph->tot_len = htons(frag->len);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 649 ip_copy_metadata(frag, skb);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 650 iter->offset += skb->len - hlen;
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 651 iph->frag_off = htons(iter->offset >> 3);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 652 if (frag->next)
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 653 iph->frag_off |= htons(IP_MF);
c6cde148fcd3bf meijusan 2021-05-05 654
c6cde148fcd3bf meijusan 2021-05-05 @655 if (ip_evil)
c6cde148fcd3bf meijusan 2021-05-05 656 iph->frag_off |= htons(IP_EVIL);
c6cde148fcd3bf meijusan 2021-05-05 657
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 658 /* Ready, complete checksum */
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 659 ip_send_check(iph);
c8b17be0b7a45d Pablo Neira Ayuso 2019-05-29 660 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx