Re: [PATCH] net: ipv6: Fix NULL dereference in ipv6_route_check_nh

From: David Ahern
Date: Thu Mar 27 2025 - 09:41:44 EST

Next message: Mateusz Guzik: "Re: [tip:timers/core] [posix] 1535cb8028: stress-ng.epoll.ops_per_sec 36.2% regression"
Previous message: Matthew Wilcox: "Re: [PATCH] mm/vmalloc: fix mischeck pfn valid in vmap_pfns"
In reply to: Sabrina Dubroca: "Re: [PATCH] net: ipv6: Fix NULL dereference in ipv6_route_check_nh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/26/25 6:57 AM, Sabrina Dubroca wrote:
> 2025-03-26, 16:22:15 +0530, Purva Yeshi wrote:
>> Fix Smatch-detected error:
>> net/ipv6/route.c:3427 ip6_route_check_nh() error:
>> we previously assumed '_dev' could be null
>
> I don't think this can actually happen. ip6_route_check_nh only gets
> called via fib6_nh_init -> ip6_validate_gw -> ip6_route_check_nh, and
> ip6_validate_gw unconditionally does dev = *_dev. Which is fine,
> because its only caller (fib6_nh_init) passes &dev, so that can't be
> NULL (and same for idev).

And fib6_nh_init has:

struct net_device *dev = NULL;
struct inet6_dev *idev = NULL;

>
>> Ensure _dev and idev are checked for NULL before dereferencing in
>> ip6_route_check_nh. Assign NULL explicitly when fib_nh_dev is NULL
>> to prevent unintended dereferences.
>
> That's a separate issue (if it's really possible - I haven't checked)
> than the smatch report you're quoting above. And if it is, it would
> deserve a Fixes tag for the commit introducing this code.

I do not believe it is a problem.

Next message: Mateusz Guzik: "Re: [tip:timers/core] [posix] 1535cb8028: stress-ng.epoll.ops_per_sec 36.2% regression"
Previous message: Matthew Wilcox: "Re: [PATCH] mm/vmalloc: fix mischeck pfn valid in vmap_pfns"
In reply to: Sabrina Dubroca: "Re: [PATCH] net: ipv6: Fix NULL dereference in ipv6_route_check_nh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]