lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <11c76aa6-4c19-4f1d-86dd-e94e683dbd64@kili.mountain>
Date:   Fri, 14 Apr 2023 09:32:51 +0300
From:   Dan Carpenter <error27@...il.com>
To:     David Ahern <dsahern@...nel.org>
Cc:     Haoyi Liu <iccccc@...t.edu.cn>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        hust-os-kernel-patches@...glegroups.com, yalongz@...t.edu.cn,
        Dongliang Mu <dzm91@...t.edu.cn>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v2] net/ipv6: silence 'passing zero to
 ERR_PTR()' warning

On Thu, Apr 13, 2023 at 06:32:24PM -0600, David Ahern wrote:
> On 4/13/23 4:10 AM, Haoyi Liu wrote:
> > Smatch complains that if xfrm_lookup() returns NULL then this does a
> > weird thing with "err":
> 
> xfrm_lookup is a wrapper around xfrm_lookup_with_ifid which returns
> either either a valid dst or ERR_PTR(err).

Also it can return NULL.

net/xfrm/xfrm_policy.c
  3229                  dst = dst_orig;
  3230          }
  3231  ok:
  3232          xfrm_pols_put(pols, drop_pols);
  3233          if (dst && dst->xfrm &&
                    ^^^
"dst" is NULL.

  3234              dst->xfrm->props.mode == XFRM_MODE_TUNNEL)
  3235                  dst->flags |= DST_XFRM_TUNNEL;
  3236          return dst;
                ^^^^^^^^^^^
  3237  

So in the original code what happened here was:

net/ipv6/icmp.c
   395          dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
   396          if (!IS_ERR(dst2)) {

xfrm_lookup() returns NULL.  NULL is not an error pointer.

   397                  dst_release(dst);
   398                  dst = dst2;

We set "dst" to NULL.

   399          } else {
   400                  err = PTR_ERR(dst2);
   401                  if (err == -EPERM) {
   402                          dst_release(dst);
   403                          return dst2;
   404                  } else
   405                          goto relookup_failed;
   406          }
   407  
   408  relookup_failed:
   409          if (dst)
   410                  return dst;

dst is not NULL so we don't return it.

   411          return ERR_PTR(err);

However "err" is not set so we do return NULL and Smatch complains about
that.

Returning ERR_PTR(0); is not necessarily a bug, however 80% of the time
in newly introduced code it is a bug.  Here, returning NULL is correct.
So this is a false positive, but the code is just wibbly winding and so
difficult to read.

   412  }

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ