| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Aug 2022 15:03:40 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org, Dmitry Safonov <dima@...sta.com>,
Eric Dumazet <edumazet@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org
Cc: lkp@...el.com, kbuild-all@...ts.01.org, netdev@...r.kernel.org,
Dmitry Safonov <dima@...sta.com>,
Andy Lutomirski <luto@...capital.net>,
Ard Biesheuvel <ardb@...nel.org>,
Bob Gilligan <gilligan@...sta.com>,
David Ahern <dsahern@...nel.org>,
Eric Biggers <ebiggers@...nel.org>,
Francesco Ruggeri <fruggeri@...sta.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Ivan Delalande <colona@...sta.com>,
Jakub Kicinski <kuba@...nel.org>,
Leonard Crestez <cdleonard@...il.com>,
Paolo Abeni <pabeni@...hat.com>,
Salam Noureddine <noureddine@...sta.com>,
Shuah Khan <skhan@...uxfoundation.org>,
linux-crypto@...r.kernel.org
Subject: [kbuild] Re: [PATCH 11/31] net/tcp: Add TCP-AO sign to outgoing
packets
Hi Dmitry,
url: https://github.com/intel-lab-lkp/linux/commits/Dmitry-Safonov/net-tcp-Add-TCP-AO-support/20220819-010628
base: e34cfee65ec891a319ce79797dda18083af33a76
config: x86_64-randconfig-m001 (https://download.01.org/0day-ci/archive/20220822/202208221901.Fs6wW5Jd-lkp@intel.com/config )
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
smatch warnings:
net/ipv4/tcp_output.c:640 tcp_options_write() error: uninitialized symbol 'maclen'.
net/ipv4/tcp_output.c:686 tcp_options_write() error: we previously assumed 'tp' could be null (see line 626)
vim +/maclen +640 net/ipv4/tcp_output.c
ea66758c1795cef Paolo Abeni 2022-05-04 608 static void tcp_options_write(struct tcphdr *th, struct tcp_sock *tp,
85df6b860d509a9 Dmitry Safonov 2022-08-18 609 struct tcp_out_options *opts,
85df6b860d509a9 Dmitry Safonov 2022-08-18 610 struct tcp_ao_key *ao_key)
bd0388ae7707502 William Allen Simpson 2009-12-02 611 {
ea66758c1795cef Paolo Abeni 2022-05-04 612 __be32 *ptr = (__be32 *)(th + 1);
2100c8d2d9db23c Yuchung Cheng 2012-07-19 613 u16 options = opts->options; /* mungable copy */
bd0388ae7707502 William Allen Simpson 2009-12-02 614
bd0388ae7707502 William Allen Simpson 2009-12-02 615 if (unlikely(OPTION_MD5 & options)) {
1a2c6181c4a1922 Christoph Paasch 2013-03-17 616 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1a2c6181c4a1922 Christoph Paasch 2013-03-17 617 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
bd0388ae7707502 William Allen Simpson 2009-12-02 618 /* overload cookie hash location */
bd0388ae7707502 William Allen Simpson 2009-12-02 619 opts->hash_location = (__u8 *)ptr;
33ad798c924b4a1 Adam Langley 2008-07-19 620 ptr += 4;
33ad798c924b4a1 Adam Langley 2008-07-19 621 }
85df6b860d509a9 Dmitry Safonov 2022-08-18 622 #ifdef CONFIG_TCP_AO
85df6b860d509a9 Dmitry Safonov 2022-08-18 623 if (unlikely(OPTION_AO & options)) {
85df6b860d509a9 Dmitry Safonov 2022-08-18 624 u8 maclen;
33ad798c924b4a1 Adam Langley 2008-07-19 625
85df6b860d509a9 Dmitry Safonov 2022-08-18 @626 if (tp) {
Can "tp" really be NULL? Everything else assumes it can't.
85df6b860d509a9 Dmitry Safonov 2022-08-18 627 struct tcp_ao_info *ao_info;
85df6b860d509a9 Dmitry Safonov 2022-08-18 628
85df6b860d509a9 Dmitry Safonov 2022-08-18 629 ao_info = rcu_dereference_check(tp->ao_info,
85df6b860d509a9 Dmitry Safonov 2022-08-18 630 lockdep_sock_is_held(&tp->inet_conn.icsk_inet.sk));
85df6b860d509a9 Dmitry Safonov 2022-08-18 631 if (WARN_ON_ONCE(!ao_key || !ao_info || !ao_info->rnext_key))
85df6b860d509a9 Dmitry Safonov 2022-08-18 632 goto out_ao;
85df6b860d509a9 Dmitry Safonov 2022-08-18 633 maclen = tcp_ao_maclen(ao_key);
85df6b860d509a9 Dmitry Safonov 2022-08-18 634 *ptr++ = htonl((TCPOPT_AO << 24) |
85df6b860d509a9 Dmitry Safonov 2022-08-18 635 (tcp_ao_len(ao_key) << 16) |
85df6b860d509a9 Dmitry Safonov 2022-08-18 636 (ao_key->sndid << 8) |
85df6b860d509a9 Dmitry Safonov 2022-08-18 637 (ao_info->rnext_key->rcvid));
85df6b860d509a9 Dmitry Safonov 2022-08-18 638 }
"maclen" not initialized on else path.
85df6b860d509a9 Dmitry Safonov 2022-08-18 639 opts->hash_location = (__u8 *)ptr;
85df6b860d509a9 Dmitry Safonov 2022-08-18 @640 ptr += maclen / sizeof(*ptr);
Uninitialized.
85df6b860d509a9 Dmitry Safonov 2022-08-18 641 if (unlikely(maclen % sizeof(*ptr))) {
85df6b860d509a9 Dmitry Safonov 2022-08-18 642 memset(ptr, TCPOPT_NOP, sizeof(*ptr));
85df6b860d509a9 Dmitry Safonov 2022-08-18 643 ptr++;
85df6b860d509a9 Dmitry Safonov 2022-08-18 644 }
85df6b860d509a9 Dmitry Safonov 2022-08-18 645 }
85df6b860d509a9 Dmitry Safonov 2022-08-18 646 out_ao:
85df6b860d509a9 Dmitry Safonov 2022-08-18 647 #endif
fd6149d332973ba Ilpo Järvinen 2008-10-23 648 if (unlikely(opts->mss)) {
fd6149d332973ba Ilpo Järvinen 2008-10-23 649 *ptr++ = htonl((TCPOPT_MSS << 24) |
fd6149d332973ba Ilpo Järvinen 2008-10-23 650 (TCPOLEN_MSS << 16) |
fd6149d332973ba Ilpo Järvinen 2008-10-23 651 opts->mss);
fd6149d332973ba Ilpo Järvinen 2008-10-23 652 }
fd6149d332973ba Ilpo Järvinen 2008-10-23 653
bd0388ae7707502 William Allen Simpson 2009-12-02 654 if (likely(OPTION_TS & options)) {
bd0388ae7707502 William Allen Simpson 2009-12-02 655 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
33ad798c924b4a1 Adam Langley 2008-07-19 656 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
33ad798c924b4a1 Adam Langley 2008-07-19 657 (TCPOLEN_SACK_PERM << 16) |
33ad798c924b4a1 Adam Langley 2008-07-19 658 (TCPOPT_TIMESTAMP << 8) |
33ad798c924b4a1 Adam Langley 2008-07-19 659 TCPOLEN_TIMESTAMP);
bd0388ae7707502 William Allen Simpson 2009-12-02 660 options &= ~OPTION_SACK_ADVERTISE;
33ad798c924b4a1 Adam Langley 2008-07-19 661 } else {
496c98dff8e3538 YOSHIFUJI Hideaki 2006-10-10 662 *ptr++ = htonl((TCPOPT_NOP << 24) |
40efc6fa179f440 Stephen Hemminger 2006-01-03 663 (TCPOPT_NOP << 16) |
40efc6fa179f440 Stephen Hemminger 2006-01-03 664 (TCPOPT_TIMESTAMP << 8) |
40efc6fa179f440 Stephen Hemminger 2006-01-03 665 TCPOLEN_TIMESTAMP);
40efc6fa179f440 Stephen Hemminger 2006-01-03 666 }
33ad798c924b4a1 Adam Langley 2008-07-19 667 *ptr++ = htonl(opts->tsval);
33ad798c924b4a1 Adam Langley 2008-07-19 668 *ptr++ = htonl(opts->tsecr);
33ad798c924b4a1 Adam Langley 2008-07-19 669 }
33ad798c924b4a1 Adam Langley 2008-07-19 670
bd0388ae7707502 William Allen Simpson 2009-12-02 671 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
33ad798c924b4a1 Adam Langley 2008-07-19 672 *ptr++ = htonl((TCPOPT_NOP << 24) |
33ad798c924b4a1 Adam Langley 2008-07-19 673 (TCPOPT_NOP << 16) |
33ad798c924b4a1 Adam Langley 2008-07-19 674 (TCPOPT_SACK_PERM << 8) |
33ad798c924b4a1 Adam Langley 2008-07-19 675 TCPOLEN_SACK_PERM);
33ad798c924b4a1 Adam Langley 2008-07-19 676 }
33ad798c924b4a1 Adam Langley 2008-07-19 677
bd0388ae7707502 William Allen Simpson 2009-12-02 678 if (unlikely(OPTION_WSCALE & options)) {
33ad798c924b4a1 Adam Langley 2008-07-19 679 *ptr++ = htonl((TCPOPT_NOP << 24) |
33ad798c924b4a1 Adam Langley 2008-07-19 680 (TCPOPT_WINDOW << 16) |
33ad798c924b4a1 Adam Langley 2008-07-19 681 (TCPOLEN_WINDOW << 8) |
33ad798c924b4a1 Adam Langley 2008-07-19 682 opts->ws);
33ad798c924b4a1 Adam Langley 2008-07-19 683 }
33ad798c924b4a1 Adam Langley 2008-07-19 684
33ad798c924b4a1 Adam Langley 2008-07-19 685 if (unlikely(opts->num_sack_blocks)) {
33ad798c924b4a1 Adam Langley 2008-07-19 @686 struct tcp_sack_block *sp = tp->rx_opt.dsack ?
Unchecked dereference.
33ad798c924b4a1 Adam Langley 2008-07-19 687 tp->duplicate_sack : tp->selective_acks;
40efc6fa179f440 Stephen Hemminger 2006-01-03 688 int this_sack;
40efc6fa179f440 Stephen Hemminger 2006-01-03 689
40efc6fa179f440 Stephen Hemminger 2006-01-03 690 *ptr++ = htonl((TCPOPT_NOP << 24) |
40efc6fa179f440 Stephen Hemminger 2006-01-03 691 (TCPOPT_NOP << 16) |
40efc6fa179f440 Stephen Hemminger 2006-01-03 692 (TCPOPT_SACK << 8) |
33ad798c924b4a1 Adam Langley 2008-07-19 693 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
40efc6fa179f440 Stephen Hemminger 2006-01-03 694 TCPOLEN_SACK_PERBLOCK)));
2de979bd7da9c8b Stephen Hemminger 2007-03-08 695
33ad798c924b4a1 Adam Langley 2008-07-19 696 for (this_sack = 0; this_sack < opts->num_sack_blocks;
33ad798c924b4a1 Adam Langley 2008-07-19 697 ++this_sack) {
40efc6fa179f440 Stephen Hemminger 2006-01-03 698 *ptr++ = htonl(sp[this_sack].start_seq);
40efc6fa179f440 Stephen Hemminger 2006-01-03 699 *ptr++ = htonl(sp[this_sack].end_seq);
40efc6fa179f440 Stephen Hemminger 2006-01-03 700 }
2de979bd7da9c8b Stephen Hemminger 2007-03-08 701
40efc6fa179f440 Stephen Hemminger 2006-01-03 702 tp->rx_opt.dsack = 0;
40efc6fa179f440 Stephen Hemminger 2006-01-03 703 }
2100c8d2d9db23c Yuchung Cheng 2012-07-19 704
2100c8d2d9db23c Yuchung Cheng 2012-07-19 705 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) {
2100c8d2d9db23c Yuchung Cheng 2012-07-19 706 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie;
7f9b838b71eb78a Daniel Lee 2015-04-06 707 u8 *p = (u8 *)ptr;
7f9b838b71eb78a Daniel Lee 2015-04-06 708 u32 len; /* Fast Open option length */
2100c8d2d9db23c Yuchung Cheng 2012-07-19 709
7f9b838b71eb78a Daniel Lee 2015-04-06 710 if (foc->exp) {
7f9b838b71eb78a Daniel Lee 2015-04-06 711 len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len;
7f9b838b71eb78a Daniel Lee 2015-04-06 712 *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) |
2100c8d2d9db23c Yuchung Cheng 2012-07-19 713 TCPOPT_FASTOPEN_MAGIC);
7f9b838b71eb78a Daniel Lee 2015-04-06 714 p += TCPOLEN_EXP_FASTOPEN_BASE;
7f9b838b71eb78a Daniel Lee 2015-04-06 715 } else {
7f9b838b71eb78a Daniel Lee 2015-04-06 716 len = TCPOLEN_FASTOPEN_BASE + foc->len;
7f9b838b71eb78a Daniel Lee 2015-04-06 717 *p++ = TCPOPT_FASTOPEN;
7f9b838b71eb78a Daniel Lee 2015-04-06 718 *p++ = len;
7f9b838b71eb78a Daniel Lee 2015-04-06 719 }
2100c8d2d9db23c Yuchung Cheng 2012-07-19 720
7f9b838b71eb78a Daniel Lee 2015-04-06 721 memcpy(p, foc->val, foc->len);
7f9b838b71eb78a Daniel Lee 2015-04-06 722 if ((len & 3) == 2) {
7f9b838b71eb78a Daniel Lee 2015-04-06 723 p[foc->len] = TCPOPT_NOP;
7f9b838b71eb78a Daniel Lee 2015-04-06 724 p[foc->len + 1] = TCPOPT_NOP;
2100c8d2d9db23c Yuchung Cheng 2012-07-19 725 }
7f9b838b71eb78a Daniel Lee 2015-04-06 726 ptr += (len + 3) >> 2;
2100c8d2d9db23c Yuchung Cheng 2012-07-19 727 }
60e2a7780793bae Ursula Braun 2017-10-25 728
60e2a7780793bae Ursula Braun 2017-10-25 729 smc_options_write(ptr, &options);
eda7acddf8080bb Peter Krystad 2020-01-21 730
ea66758c1795cef Paolo Abeni 2022-05-04 731 mptcp_options_write(th, ptr, tp, opts);
^^
Not checked here either.
60e2a7780793bae Ursula Braun 2017-10-25 732 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
_______________________________________________
kbuild mailing list -- kbuild@...ts.01.org
To unsubscribe send an email to kbuild-leave@...ts.01.org
Powered by blists - more mailing lists