From: Vytas Dauksa <vytas.dauksa@smoothwall.net>
Date: Fri, 4 Apr 2014 15:10:14 +0000 (+0100)
Subject: netfilter: ipset: Removed invalid IPSET_ATTR_MARKMASK validation
X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=ecc245c2bd5dcee91e6818fd3e7fb6454ad2ca06;p=deliverable%2Flinux.git

netfilter: ipset: Removed invalid IPSET_ATTR_MARKMASK validation

Markmask is an u32, hence it can't be greater then 4294967295 ( i.e.
0xffffffff ). This was causing smatch warning:
 net/netfilter/ipset/ip_set_hash_gen.h:1084 hash_ipmark_create() warn:
 impossible condition '(markmask > 4294967295) => (0-u32max > u32max)'

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---

diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 61c7fb052802..0398a92da6cc 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -1093,7 +1093,7 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
 	if (tb[IPSET_ATTR_MARKMASK]) {
 		markmask = ntohl(nla_get_u32(tb[IPSET_ATTR_MARKMASK]));
 
-		if ((markmask > 4294967295u) || markmask == 0)
+		if (markmask == 0)
 			return -IPSET_ERR_INVALID_MARKMASK;
 	}
 #endif