lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202601041445.FfX5dT9n-lkp@intel.com>
Date: Sun, 4 Jan 2026 15:09:27 +0800
From: kernel test robot <lkp@...el.com>
To: Jamal Hadi Salim <jhs@...atatu.com>, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
	horms@...nel.org, andrew+netdev@...n.ch
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
	netdev@...r.kernel.org, xiyou.wangcong@...il.com, jiri@...nulli.us,
	victor@...atatu.com, Jamal Hadi Salim <jhs@...atatu.com>
Subject: Re: [PATCH net 1/2] net/sched: act_mirred: Fix leak when redirecting
 to self on egress

Hi Jamal,

kernel test robot noticed the following build warnings:

[auto build test WARNING on net/main]

url:    https://github.com/intel-lab-lkp/linux/commits/Jamal-Hadi-Salim/selftests-tc-testing-Add-test-case-redirecting-to-self-on-egress/20251231-031934
base:   net/main
patch link:    https://lore.kernel.org/r/20251230191814.213789-1-jhs%40mojatatu.com
patch subject: [PATCH net 1/2] net/sched: act_mirred: Fix leak when redirecting to self on egress
config: hexagon-allmodconfig (https://download.01.org/0day-ci/archive/20260104/202601041445.FfX5dT9n-lkp@intel.com/config)
compiler: clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260104/202601041445.FfX5dT9n-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202601041445.FfX5dT9n-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> net/sched/act_mirred.c:271:41: warning: variable 'at_ingress' is uninitialized when used here [-Wuninitialized]
     271 |         if (dev == skb->dev && want_ingress == at_ingress) {
         |                                                ^~~~~~~~~~
   net/sched/act_mirred.c:256:17: note: initialize the variable 'at_ingress' to silence this warning
     256 |         bool at_ingress;
         |                        ^
         |                         = 0
   1 warning generated.


vim +/at_ingress +271 net/sched/act_mirred.c

   246	
   247	static int tcf_mirred_to_dev(struct sk_buff *skb, struct tcf_mirred *m,
   248				     struct net_device *dev,
   249				     const bool m_mac_header_xmit, int m_eaction,
   250				     int retval)
   251	{
   252		struct sk_buff *skb_to_send = skb;
   253		bool want_ingress;
   254		bool is_redirect;
   255		bool expects_nh;
   256		bool at_ingress;
   257		bool dont_clone;
   258		int mac_len;
   259		bool at_nh;
   260		int err;
   261	
   262		is_redirect = tcf_mirred_is_act_redirect(m_eaction);
   263		if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) {
   264			net_notice_ratelimited("tc mirred to Houston: device %s is down\n",
   265					       dev->name);
   266			goto err_cant_do;
   267		}
   268	
   269		want_ingress = tcf_mirred_act_wants_ingress(m_eaction);
   270	
 > 271		if (dev == skb->dev && want_ingress == at_ingress) {
   272			pr_notice_once("tc mirred: Loop (%s:%s --> %s:%s)\n",
   273				       netdev_name(skb->dev),
   274				       at_ingress ? "ingress" : "egress",
   275				       netdev_name(dev),
   276				       want_ingress ? "ingress" : "egress");
   277			goto err_cant_do;
   278		}
   279	
   280		/* we could easily avoid the clone only if called by ingress and clsact;
   281		 * since we can't easily detect the clsact caller, skip clone only for
   282		 * ingress - that covers the TC S/W datapath.
   283		 */
   284		at_ingress = skb_at_tc_ingress(skb);
   285		dont_clone = skb_at_tc_ingress(skb) && is_redirect &&
   286			tcf_mirred_can_reinsert(retval);
   287		if (!dont_clone) {
   288			skb_to_send = skb_clone(skb, GFP_ATOMIC);
   289			if (!skb_to_send)
   290				goto err_cant_do;
   291		}
   292	
   293		/* All mirred/redirected skbs should clear previous ct info */
   294		nf_reset_ct(skb_to_send);
   295		if (want_ingress && !at_ingress) /* drop dst for egress -> ingress */
   296			skb_dst_drop(skb_to_send);
   297	
   298		expects_nh = want_ingress || !m_mac_header_xmit;
   299		at_nh = skb->data == skb_network_header(skb);
   300		if (at_nh != expects_nh) {
   301			mac_len = at_ingress ? skb->mac_len :
   302				  skb_network_offset(skb);
   303			if (expects_nh) {
   304				/* target device/action expect data at nh */
   305				skb_pull_rcsum(skb_to_send, mac_len);
   306			} else {
   307				/* target device/action expect data at mac */
   308				skb_push_rcsum(skb_to_send, mac_len);
   309			}
   310		}
   311	
   312		skb_to_send->skb_iif = skb->dev->ifindex;
   313		skb_to_send->dev = dev;
   314	
   315		if (is_redirect) {
   316			if (skb == skb_to_send)
   317				retval = TC_ACT_CONSUMED;
   318	
   319			skb_set_redirected(skb_to_send, skb_to_send->tc_at_ingress);
   320	
   321			err = tcf_mirred_forward(at_ingress, want_ingress, skb_to_send);
   322		} else {
   323			err = tcf_mirred_forward(at_ingress, want_ingress, skb_to_send);
   324		}
   325		if (err)
   326			tcf_action_inc_overlimit_qstats(&m->common);
   327	
   328		return retval;
   329	
   330	err_cant_do:
   331		if (is_redirect)
   332			retval = TC_ACT_SHOT;
   333		tcf_action_inc_overlimit_qstats(&m->common);
   334		return retval;
   335	}
   336	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ