From: Dan Carpenter <dan.carpenter@oracle•com>
To: kbuild@lists•01.org, Ursula Braun <ubraun@linux•ibm.com>
Cc: lkp@intel•com, Dan Carpenter <error27@gmail•com>,
kbuild-all@lists•01.org, netdev@vger•kernel.org,
Guvenc Gulce <guvenc@linux•ibm.com>,
Karsten Graul <kgraul@linux•ibm.com>
Subject: [net-next:master 903/970] net/smc/smc_close.c:214 smc_close_active() warn: variable dereferenced before check 'smc->clcsock' (see line 211)
Date: Mon, 14 Sep 2020 17:29:59 +0300 [thread overview]
Message-ID: <20200914142959.GA4282@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 3927 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git master
head: 5a6bd84f815485800699f55c78f690b2ed35f0c5
commit: a60a2b1e0af1a7517ba41689b39e9df90ef09041 [903/970] net/smc: reduce active tcp_listen workers
config: i386-randconfig-m021-20200911 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel•com>
Reported-by: Dan Carpenter <dan.carpenter@oracle•com>
smatch warnings:
net/smc/smc_close.c:214 smc_close_active() warn: variable dereferenced before check 'smc->clcsock' (see line 211)
net/smc/smc_close.c:214 smc_close_active() warn: variable dereferenced before check 'smc->clcsock->sk' (see line 211)
# https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=a60a2b1e0af1a7517ba41689b39e9df90ef09041
git remote add net-next https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
git fetch --no-tags net-next master
git checkout a60a2b1e0af1a7517ba41689b39e9df90ef09041
vim +214 net/smc/smc_close.c
b38d732477e4211 Ursula Braun 2017-01-09 189 int smc_close_active(struct smc_sock *smc)
b38d732477e4211 Ursula Braun 2017-01-09 190 {
b38d732477e4211 Ursula Braun 2017-01-09 191 struct smc_cdc_conn_state_flags *txflags =
b38d732477e4211 Ursula Braun 2017-01-09 192 &smc->conn.local_tx_ctrl.conn_state_flags;
b38d732477e4211 Ursula Braun 2017-01-09 193 struct smc_connection *conn = &smc->conn;
b38d732477e4211 Ursula Braun 2017-01-09 194 struct sock *sk = &smc->sk;
b38d732477e4211 Ursula Braun 2017-01-09 195 int old_state;
8c96feeeb39ba0b Ursula Braun 2017-09-21 196 long timeout;
b38d732477e4211 Ursula Braun 2017-01-09 197 int rc = 0;
b38d732477e4211 Ursula Braun 2017-01-09 198
8c96feeeb39ba0b Ursula Braun 2017-09-21 199 timeout = current->flags & PF_EXITING ?
8c96feeeb39ba0b Ursula Braun 2017-09-21 200 0 : sock_flag(sk, SOCK_LINGER) ?
8c96feeeb39ba0b Ursula Braun 2017-09-21 201 sk->sk_lingertime : SMC_MAX_STREAM_WAIT_TIMEOUT;
b38d732477e4211 Ursula Braun 2017-01-09 202
b38d732477e4211 Ursula Braun 2017-01-09 203 old_state = sk->sk_state;
bbb96bf2366e502 Ursula Braun 2018-01-24 204 again:
bbb96bf2366e502 Ursula Braun 2018-01-24 205 switch (sk->sk_state) {
b38d732477e4211 Ursula Braun 2017-01-09 206 case SMC_INIT:
b38d732477e4211 Ursula Braun 2017-01-09 207 sk->sk_state = SMC_CLOSED;
b38d732477e4211 Ursula Braun 2017-01-09 208 break;
b38d732477e4211 Ursula Braun 2017-01-09 209 case SMC_LISTEN:
b38d732477e4211 Ursula Braun 2017-01-09 210 sk->sk_state = SMC_CLOSED;
a60a2b1e0af1a75 Ursula Braun 2020-09-10 @211 smc->clcsock->sk->sk_data_ready = smc->clcsk_data_ready;
^^^^^^^^^^^^^^^^^
Dereferences
a60a2b1e0af1a75 Ursula Braun 2020-09-10 212 smc->clcsock->sk->sk_user_data = NULL;
b38d732477e4211 Ursula Braun 2017-01-09 213 sk->sk_state_change(sk); /* wake up accept */
a60a2b1e0af1a75 Ursula Braun 2020-09-10 @214 if (smc->clcsock && smc->clcsock->sk)
^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^
Checks for NULL too late?
b38d732477e4211 Ursula Braun 2017-01-09 215 rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR);
b38d732477e4211 Ursula Braun 2017-01-09 216 smc_close_cleanup_listen(sk);
3d502067599f0db Ursula Braun 2018-03-13 217 release_sock(sk);
3d502067599f0db Ursula Braun 2018-03-13 218 flush_work(&smc->tcp_listen_work);
3d502067599f0db Ursula Braun 2018-03-13 219 lock_sock(sk);
b38d732477e4211 Ursula Braun 2017-01-09 220 break;
b38d732477e4211 Ursula Braun 2017-01-09 221 case SMC_ACTIVE:
b38d732477e4211 Ursula Braun 2017-01-09 222 smc_close_stream_wait(smc, timeout);
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 32156 bytes --]
reply other threads:[~2020-09-14 14:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200914142959.GA4282@kadam \
--to=dan.carpenter@oracle$(echo .)com \
--cc=error27@gmail$(echo .)com \
--cc=guvenc@linux$(echo .)ibm.com \
--cc=kbuild-all@lists$(echo .)01.org \
--cc=kbuild@lists$(echo .)01.org \
--cc=kgraul@linux$(echo .)ibm.com \
--cc=lkp@intel$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=ubraun@linux$(echo .)ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox