lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202512100952.cr9q1lGr-lkp@intel.com>
Date: Wed, 10 Dec 2025 09:36:05 +0800
From: kernel test robot <lkp@...el.com>
To: Wang Liang <wangliang74@...wei.com>, chuck.lever@...cle.com,
	davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
	pabeni@...hat.com, horms@...nel.org, brauner@...nel.org
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
	kernel-tls-handshake@...ts.linux.dev, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, yuehaibing@...wei.com,
	zhangchangzhong@...wei.com, wangliang74@...wei.com
Subject: Re: [PATCH net] net/handshake: Fix null-ptr-deref in
 handshake_complete()

Hi Wang,

kernel test robot noticed the following build errors:

[auto build test ERROR on net/main]

url:    https://github.com/intel-lab-lkp/linux/commits/Wang-Liang/net-handshake-Fix-null-ptr-deref-in-handshake_complete/20251209-194006
base:   net/main
patch link:    https://lore.kernel.org/r/20251209115852.3827876-1-wangliang74%40huawei.com
patch subject: [PATCH net] net/handshake: Fix null-ptr-deref in handshake_complete()
config: arm-mps2_defconfig (https://download.01.org/0day-ci/archive/20251210/202512100952.cr9q1lGr-lkp@intel.com/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 6ec8c4351cfc1d0627d1633b02ea787bd29c77d8)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251210/202512100952.cr9q1lGr-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512100952.cr9q1lGr-lkp@intel.com/

All errors (new ones prefixed by >>):

>> net/handshake/netlink.c:110:3: error: cannot jump from this goto statement to its label
     110 |                 goto out_status;
         |                 ^
   net/handshake/netlink.c:114:13: note: jump bypasses initialization of variable with __attribute__((cleanup))
     114 |         FD_PREPARE(fdf, O_CLOEXEC, sock->file);
         |                    ^
   net/handshake/netlink.c:104:3: error: cannot jump from this goto statement to its label
     104 |                 goto out_status;
         |                 ^
   net/handshake/netlink.c:114:13: note: jump bypasses initialization of variable with __attribute__((cleanup))
     114 |         FD_PREPARE(fdf, O_CLOEXEC, sock->file);
         |                    ^
   net/handshake/netlink.c:100:3: error: cannot jump from this goto statement to its label
     100 |                 goto out_status;
         |                 ^
   net/handshake/netlink.c:114:13: note: jump bypasses initialization of variable with __attribute__((cleanup))
     114 |         FD_PREPARE(fdf, O_CLOEXEC, sock->file);
         |                    ^
   3 errors generated.


vim +110 net/handshake/netlink.c

    89	
    90	int handshake_nl_accept_doit(struct sk_buff *skb, struct genl_info *info)
    91	{
    92		struct net *net = sock_net(skb->sk);
    93		struct handshake_net *hn = handshake_pernet(net);
    94		struct handshake_req *req = NULL;
    95		struct socket *sock;
    96		int class, err;
    97	
    98		err = -EOPNOTSUPP;
    99		if (!hn)
   100			goto out_status;
   101	
   102		err = -EINVAL;
   103		if (GENL_REQ_ATTR_CHECK(info, HANDSHAKE_A_ACCEPT_HANDLER_CLASS))
   104			goto out_status;
   105		class = nla_get_u32(info->attrs[HANDSHAKE_A_ACCEPT_HANDLER_CLASS]);
   106	
   107		err = -EAGAIN;
   108		req = handshake_req_next(hn, class);
   109		if (!req)
 > 110			goto out_status;
   111	
   112		sock = req->hr_sk->sk_socket;
   113	
   114		FD_PREPARE(fdf, O_CLOEXEC, sock->file);
   115		if (fdf.err) {
   116			err = fdf.err;
   117			goto out_complete;
   118		}
   119	
   120		get_file(sock->file); /* FD_PREPARE() consumes a reference. */
   121		err = req->hr_proto->hp_accept(req, info, fd_prepare_fd(fdf));
   122		if (err)
   123			goto out_complete; /* Automatic cleanup handles fput */
   124	
   125		trace_handshake_cmd_accept(net, req, req->hr_sk, fd_prepare_fd(fdf));
   126		fd_publish(fdf);
   127		return 0;
   128	
   129	out_complete:
   130		handshake_complete(req, -EIO, NULL);
   131	out_status:
   132		trace_handshake_cmd_accept_err(net, req, NULL, err);
   133		return err;
   134	}
   135	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ