| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jul 2021 08:38:16 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Jiang Wang <jiang.wang@...edance.com>, netdev@...r.kernel.org
Cc: clang-built-linux <clang-built-linux@...glegroups.com>,
kbuild-all@...ts.01.org, cong.wang@...edance.com,
duanxiongchun@...edance.com, xieyongji@...edance.com,
chaiwen.cc@...edance.com, Jakub Kicinski <kuba@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
Jakub Sitnicki <jakub@...udflare.com>,
Lorenz Bauer <lmb@...udflare.com>
Subject: Re: [PATCH bpf-next v1 2/5] af_unix: add unix_stream_proto for
sockmap
Hi Jiang,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on bpf-next/master]
url:
https://github.com/0day-ci/linux/commits/Jiang-Wang/sockmap-add-sockmap-support-for-unix-stream-socket/20210727-081531
base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
master
:::::: branch date: 16 hours ago
:::::: commit date: 16 hours ago
config: x86_64-randconfig-c001-20210726 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project
c658b472f3e61e1818e1909bf02f3d65470018a5)
reproduce (this is a W=1 build):
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
-O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
#
https://github.com/0day-ci/linux/commit/607ed02e3232aa57995e87230faad770b810a64a
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review
Jiang-Wang/sockmap-add-sockmap-support-for-unix-stream-socket/20210727-081531
git checkout 607ed02e3232aa57995e87230faad770b810a64a
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross
ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
clang-analyzer warnings: (new ones prefixed by >>)
BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member)
&& \
^
net/bridge/br_multicast.c:970:3: note: Taking false branch
hlist_for_each_entry(ent, &pg->src_list, node) {
^
include/linux/list.h:993:13: note: expanded from macro
'hlist_for_each_entry'
for (pos = hlist_entry_safe((head)->first, typeof(*(pos)),
member);\
^
include/linux/list.h:983:15: note: expanded from macro
'hlist_entry_safe'
____ptr ? hlist_entry(____ptr, type, member) : NULL; \
^
include/linux/list.h:972:40: note: expanded from macro 'hlist_entry'
#define hlist_entry(ptr, type, member) container_of(ptr,type,member)
^
note: (skipping 2 expansions in backtrace; use
-fmacro-backtrace-limit=0 to see all)
include/linux/compiler_types.h:328:2: note: expanded from macro
'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_,
__COUNTER__)
^
include/linux/compiler_types.h:316:2: note: expanded from macro
'_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:308:3: note: expanded from macro
'__compiletime_assert'
if (!(condition))
\
^
net/bridge/br_multicast.c:970:3: note: Loop condition is false.
Exiting loop
hlist_for_each_entry(ent, &pg->src_list, node) {
^
include/linux/list.h:993:13: note: expanded from macro
'hlist_for_each_entry'
for (pos = hlist_entry_safe((head)->first, typeof(*(pos)),
member);\
^
include/linux/list.h:983:15: note: expanded from macro
'hlist_entry_safe'
____ptr ? hlist_entry(____ptr, type, member) : NULL; \
^
include/linux/list.h:972:40: note: expanded from macro 'hlist_entry'
#define hlist_entry(ptr, type, member) container_of(ptr,type,member)
^
note: (skipping 2 expansions in backtrace; use
-fmacro-backtrace-limit=0 to see all)
include/linux/compiler_types.h:328:2: note: expanded from macro
'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_,
__COUNTER__)
^
include/linux/compiler_types.h:316:2: note: expanded from macro
'_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:306:2: note: expanded from macro
'__compiletime_assert'
do {
\
^
net/bridge/br_multicast.c:970:3: note: Loop condition is true.
Entering loop body
hlist_for_each_entry(ent, &pg->src_list, node) {
^
include/linux/list.h:993:2: note: expanded from macro
'hlist_for_each_entry'
for (pos = hlist_entry_safe((head)->first, typeof(*(pos)),
member);\
^
net/bridge/br_multicast.c:971:21: note: Left side of '&&' is true
if (over_llqt == time_after(ent->timer.expires,
^
include/linux/jiffies.h:105:3: note: expanded from macro 'time_after'
(typecheck(unsigned long, a) && \
^
include/linux/typecheck.h:9:27: note: expanded from macro 'typecheck'
#define typecheck(type,x) \
^
net/bridge/br_multicast.c:971:21: note: Left side of '&&' is true
if (over_llqt == time_after(ent->timer.expires,
^
include/linux/jiffies.h:105:3: note: expanded from macro 'time_after'
(typecheck(unsigned long, a) && \
^
include/linux/typecheck.h:9:27: note: expanded from macro 'typecheck'
#define typecheck(type,x) \
^
net/bridge/br_multicast.c:971:21: note: The left operand of '-' is a
garbage value
if (over_llqt == time_after(ent->timer.expires,
^
include/linux/jiffies.h:107:15: note: expanded from macro 'time_after'
((long)((b) - (a)) < 0))
~ ^
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
7 warnings generated.
>> net/unix/af_unix.c:837:7: warning: Access to field 'type' results in a dereference of a null pointer (loaded from variable 'sock') [clang-analyzer-core.NullDereference]
if (sock->type == SOCK_STREAM)
^
net/unix/af_unix.c:1299:6: note: 'err' is >= 0
if (err < 0)
^~~
net/unix/af_unix.c:1299:2: note: Taking false branch
if (err < 0)
^
net/unix/af_unix.c:1303:6: note: Assuming the condition is false
if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1303:44: note: Left side of '&&' is false
if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
^
net/unix/af_unix.c:1317:37: note: Passing null pointer value via 2nd
parameter 'sock'
newsk = unix_create1(sock_net(sk), NULL, 0, sock->type);
^
include/linux/stddef.h:8:14: note: expanded from macro 'NULL'
#define NULL ((void *)0)
^~~~~~~~~~~
net/unix/af_unix.c:1317:10: note: Calling 'unix_create1'
newsk = unix_create1(sock_net(sk), NULL, 0, sock->type);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:828:6: note: Assuming the condition is false
if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:828:2: note: Taking false branch
if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
^
net/unix/af_unix.c:831:6: note: Assuming 'type' is equal to 0
if (type != 0) {
^~~~~~~~~
net/unix/af_unix.c:831:2: note: Taking false branch
if (type != 0) {
^
net/unix/af_unix.c:837:7: note: Access to field 'type' results in a
dereference of a null pointer (loaded from variable 'sock')
if (sock->type == SOCK_STREAM)
^~~~
net/unix/af_unix.c:1251:34: warning: Dereference of null pointer
[clang-analyzer-core.NullDereference]
sk->sk_state = other->sk_state = TCP_ESTABLISHED;
~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1189:6: note: Assuming the condition is false
if (alen < offsetofend(struct sockaddr, sa_family))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1189:2: note: Taking false branch
if (alen < offsetofend(struct sockaddr, sa_family))
^
net/unix/af_unix.c:1192:6: note: Assuming field 'sa_family' is equal
to AF_UNSPEC
if (addr->sa_family != AF_UNSPEC) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1192:2: note: Taking false branch
if (addr->sa_family != AF_UNSPEC) {
^
net/unix/af_unix.c:1228:3: note: Null pointer value stored to 'other'
other = NULL;
^~~~~~~~~~~~
net/unix/af_unix.c:1235:6: note: Assuming field 'peer' is null
if (unix_peer(sk)) {
^
net/unix/af_unix.c:180:23: note: expanded from macro 'unix_peer'
#define unix_peer(sk) (unix_sk(sk)->peer)
^~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1235:2: note: Taking false branch
if (unix_peer(sk)) {
^
net/unix/af_unix.c:1247:3: note: Calling 'unix_state_double_unlock'
unix_state_double_unlock(sk, other);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1170:15: note: 'sk1' is not equal to 'sk2'
if (unlikely(sk1 == sk2) || !sk2) {
^
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
net/unix/af_unix.c:1170:6: note: Left side of '||' is false
if (unlikely(sk1 == sk2) || !sk2) {
^
include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
net/unix/af_unix.c:1170:31: note: 'sk2' is null
if (unlikely(sk1 == sk2) || !sk2) {
^~~
net/unix/af_unix.c:1170:2: note: Taking true branch
if (unlikely(sk1 == sk2) || !sk2) {
^
net/unix/af_unix.c:1171:3: note: Calling 'spin_unlock'
unix_state_unlock(sk1);
^
include/net/af_unix.h:51:30: note: expanded from macro
'unix_state_unlock'
#define unix_state_unlock(s) spin_unlock(&unix_sk(s)->lock)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/spinlock.h:394:2: note: Value assigned to field
'peer', which participates in a condition later
raw_spin_unlock(&lock->rlock);
^
include/linux/spinlock.h:284:32: note: expanded from macro
'raw_spin_unlock'
#define raw_spin_unlock(lock) _raw_spin_unlock(lock)
^~~~~~~~~~~~~~~~~~~~~~
net/unix/af_unix.c:1171:3: note: Returning from 'spin_unlock'
unix_state_unlock(sk1);
vim +837 net/unix/af_unix.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 821 607ed02e3232aa Jiang
Wang 2021-07-27 822 static struct sock *unix_create1(struct net
*net, struct socket *sock, int kern, int type)
^1da177e4c3f41 Linus Torvalds 2005-04-16 823 {
^1da177e4c3f41 Linus Torvalds 2005-04-16 824 struct sock *sk = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 825 struct unix_sock *u;
^1da177e4c3f41 Linus Torvalds 2005-04-16 826 518de9b39e8545 Eric
Dumazet 2010-10-26 827 atomic_long_inc(&unix_nr_socks);
518de9b39e8545 Eric Dumazet 2010-10-26 828 if
(atomic_long_read(&unix_nr_socks) > 2 * get_max_files())
^1da177e4c3f41 Linus Torvalds 2005-04-16 829 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 830 607ed02e3232aa Jiang
Wang 2021-07-27 831 if (type != 0) {
607ed02e3232aa Jiang Wang 2021-07-27 832 if (type == SOCK_STREAM)
607ed02e3232aa Jiang Wang 2021-07-27 833 sk = sk_alloc(net,
PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern);
607ed02e3232aa Jiang Wang 2021-07-27 834 else /*for seqpacket */
607ed02e3232aa Jiang Wang 2021-07-27 835 sk = sk_alloc(net,
PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern);
607ed02e3232aa Jiang Wang 2021-07-27 836 } else {
607ed02e3232aa Jiang Wang 2021-07-27 @837 if (sock->type ==
SOCK_STREAM)
607ed02e3232aa Jiang Wang 2021-07-27 838 sk = sk_alloc(net,
PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern);
607ed02e3232aa Jiang Wang 2021-07-27 839 else
607ed02e3232aa Jiang Wang 2021-07-27 840 sk = sk_alloc(net,
PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern);
607ed02e3232aa Jiang Wang 2021-07-27 841 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 842 if (!sk)
^1da177e4c3f41 Linus Torvalds 2005-04-16 843 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 844 ^1da177e4c3f41 Linus
Torvalds 2005-04-16 845 sock_init_data(sock, sk);
^1da177e4c3f41 Linus Torvalds 2005-04-16 846 3aa9799e13645f Vladimir
Davydov 2016-07-26 847 sk->sk_allocation = GFP_KERNEL_ACCOUNT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 848 sk->sk_write_space =
unix_write_space;
a0a53c8ba95451 Denis V. Lunev 2007-12-11 849
sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen;
^1da177e4c3f41 Linus Torvalds 2005-04-16 850 sk->sk_destruct =
unix_sock_destructor;
^1da177e4c3f41 Linus Torvalds 2005-04-16 851 u = unix_sk(sk);
40ffe67d2e89c7 Al Viro 2012-03-14 852 u->path.dentry = NULL;
40ffe67d2e89c7 Al Viro 2012-03-14 853 u->path.mnt = NULL;
fd19f329a32bdc Benjamin LaHaise 2006-01-03 854 spin_lock_init(&u->lock);
516e0cc5646f37 Al Viro 2008-07-26 855
atomic_long_set(&u->inflight, 0);
1fd05ba5a2f2aa Miklos Szeredi 2007-07-11 856 INIT_LIST_HEAD(&u->link);
6e1ce3c3451291 Linus Torvalds 2016-09-01 857
mutex_init(&u->iolock); /* single task reading lock */
6e1ce3c3451291 Linus Torvalds 2016-09-01 858
mutex_init(&u->bindlock); /* single task binding lock */
^1da177e4c3f41 Linus Torvalds 2005-04-16 859
init_waitqueue_head(&u->peer_wait);
7d267278a9ece9 Rainer Weikusat 2015-11-20 860
init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay);
3c32da19a858fb Kirill Tkhai 2019-12-09 861 memset(&u->scm_stat,
0, sizeof(struct scm_stat));
7123aaa3a14165 Eric Dumazet 2012-06-08 862
unix_insert_socket(unix_sockets_unbound(sk), sk);
^1da177e4c3f41 Linus Torvalds 2005-04-16 863 out:
284b327be2f86c Pavel Emelyanov 2007-11-10 864 if (sk == NULL)
518de9b39e8545 Eric Dumazet 2010-10-26 865
atomic_long_dec(&unix_nr_socks);
920de804bca61f Eric Dumazet 2008-11-24 866 else {
920de804bca61f Eric Dumazet 2008-11-24 867 local_bh_disable();
a8076d8db98de6 Eric Dumazet 2008-11-17 868
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
920de804bca61f Eric Dumazet 2008-11-24 869 local_bh_enable();
920de804bca61f Eric Dumazet 2008-11-24 870 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 871 return sk;
^1da177e4c3f41 Linus Torvalds 2005-04-16 872 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 873
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (33620 bytes)
View attachment "Attached Message Part" of type "text/plain" (151 bytes)
Powered by blists - more mailing lists