public inbox for [email protected]
 help / color / mirror / Atom feed
* [ammarfaizi2-block:dhowells/linux-fs/rxrpc-ringless-5 29/79] net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb'.
@ 2022-11-07  8:02 Dan Carpenter
  2022-11-16 13:57 ` David Howells
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2022-11-07  8:02 UTC (permalink / raw)
  To: oe-kbuild, David Howells
  Cc: lkp, oe-kbuild-all, Ammar Faizi, GNU/Weeb Mailing List

tree:   https://github.com/ammarfaizi2/linux-block dhowells/linux-fs/rxrpc-ringless-5
head:   ae32660a904fd27bf548d6bb4a3fc340645da2ca
commit: ea8a55f838fb351b99eb2558a82492dc41246871 [29/79] rxrpc: Move error processing into the local endpoint I/O thread
config: openrisc-randconfig-m031-20221106
compiler: or1k-linux-gcc (GCC) 12.1.0

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <[email protected]>
| Reported-by: Dan Carpenter <[email protected]>

New smatch warnings:
net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb'.

Old smatch warnings:
net/rxrpc/io_thread.c:210 rxrpc_input_packet() warn: passing freed memory 'skb'

vim +/skb +52 net/rxrpc/io_thread.c

ea8a55f838fb35 David Howells 2022-10-10  43  void rxrpc_error_report(struct sock *sk)
ea8a55f838fb35 David Howells 2022-10-10  44  {
ea8a55f838fb35 David Howells 2022-10-10  45  	struct rxrpc_local *local;
ea8a55f838fb35 David Howells 2022-10-10  46  	struct sk_buff *skb;
ea8a55f838fb35 David Howells 2022-10-10  47  
ea8a55f838fb35 David Howells 2022-10-10  48  	rcu_read_lock();
ea8a55f838fb35 David Howells 2022-10-10  49  	local = rcu_dereference_sk_user_data(sk);
ea8a55f838fb35 David Howells 2022-10-10  50  	if (unlikely(!local)) {
ea8a55f838fb35 David Howells 2022-10-10  51  		rcu_read_unlock();
ea8a55f838fb35 David Howells 2022-10-10 @52  		kfree_skb(skb);

"skb" is uninitialized.

ea8a55f838fb35 David Howells 2022-10-10  53  		return;
ea8a55f838fb35 David Howells 2022-10-10  54  	}
ea8a55f838fb35 David Howells 2022-10-10  55  
ea8a55f838fb35 David Howells 2022-10-10  56  	while ((skb = skb_dequeue(&sk->sk_error_queue))) {
ea8a55f838fb35 David Howells 2022-10-10  57  		skb->mark = RXRPC_SKB_MARK_ERROR;
ea8a55f838fb35 David Howells 2022-10-10  58  		rxrpc_new_skb(skb, rxrpc_skb_received);
ea8a55f838fb35 David Howells 2022-10-10  59  		skb_queue_tail(&local->rx_queue, skb);
ea8a55f838fb35 David Howells 2022-10-10  60  	}
ea8a55f838fb35 David Howells 2022-10-10  61  
ea8a55f838fb35 David Howells 2022-10-10  62  	rxrpc_wake_up_io_thread(local);
ea8a55f838fb35 David Howells 2022-10-10  63  	rcu_read_unlock();
ea8a55f838fb35 David Howells 2022-10-10  64  }

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [ammarfaizi2-block:dhowells/linux-fs/rxrpc-ringless-5 29/79] net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb'.
  2022-11-07  8:02 [ammarfaizi2-block:dhowells/linux-fs/rxrpc-ringless-5 29/79] net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb' Dan Carpenter
@ 2022-11-16 13:57 ` David Howells
  2022-11-16 18:49   ` Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: David Howells @ 2022-11-16 13:57 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: dhowells, oe-kbuild, lkp, oe-kbuild-all, Ammar Faizi,
	GNU/Weeb Mailing List

Dan Carpenter <[email protected]> wrote:

> New smatch warnings:
> net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb'.

Fixed that.

> Old smatch warnings:
> net/rxrpc/io_thread.c:210 rxrpc_input_packet() warn: passing freed memory 'skb'

Do you know if that's still there?  "Old" in what sense?

David


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [ammarfaizi2-block:dhowells/linux-fs/rxrpc-ringless-5 29/79] net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb'.
  2022-11-16 13:57 ` David Howells
@ 2022-11-16 18:49   ` Dan Carpenter
  0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2022-11-16 18:49 UTC (permalink / raw)
  To: David Howells
  Cc: oe-kbuild, lkp, oe-kbuild-all, Ammar Faizi, GNU/Weeb Mailing List

On Wed, Nov 16, 2022 at 01:57:43PM +0000, David Howells wrote:
> Dan Carpenter <[email protected]> wrote:
> 
> > New smatch warnings:
> > net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb'.
> 
> Fixed that.
> 
> > Old smatch warnings:
> > net/rxrpc/io_thread.c:210 rxrpc_input_packet() warn: passing freed memory 'skb'
> 
> Do you know if that's still there?  "Old" in what sense?
> 

The file name has changed so it took me a while to track this down.
This is fine.  The "skb" pointer here is just used for tracing and not
dereferenced.

net/rxrpc/input.c
   563          /* Unshare the packet so that it can be modified for in-place
   564           * decryption.
   565           */
   566          if (sp->hdr.securityIndex != 0) {
   567                  struct sk_buff *nskb = skb_unshare(skb, GFP_ATOMIC);
                                                           ^^^
There is still a reference to "skb" somewhere but we drop ours.

   568                  if (!nskb) {
   569                          rxrpc_eaten_skb(skb, rxrpc_skb_unshared_nomem);
                                                ^^^
This would be a bug if it were dereferenced but it's just tracing stuff
that doesn't dereference the "skb" pointer.

   570                          return;
   571                  }
   572  
   573                  if (nskb != skb) {
   574                          rxrpc_eaten_skb(skb, rxrpc_skb_received);
   575                          skb = nskb;
   576                          rxrpc_new_skb(skb, rxrpc_skb_unshared);
   577                          sp = rxrpc_skb(skb);
   578                  }
   579          }

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-11-16 18:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-07  8:02 [ammarfaizi2-block:dhowells/linux-fs/rxrpc-ringless-5 29/79] net/rxrpc/io_thread.c:52 rxrpc_error_report() error: uninitialized symbol 'skb' Dan Carpenter
2022-11-16 13:57 ` David Howells
2022-11-16 18:49   ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox