Re: [bug report] ppp: fix 'ppp_mp_reconstruct bad seq' errors

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: linux-ppp@vger.kernel.org
Subject: Re: [bug report] ppp: fix 'ppp_mp_reconstruct bad seq' errors
Date: Mon, 02 Aug 2021 11:43:21 +0000	[thread overview]
Message-ID: <20210802114321.GH25548@kadam> (raw)
In-Reply-To: <20210729141617.GC1267@kili>

On Fri, Jul 30, 2021 at 01:15:39PM -0400, James Carlson wrote:
> >>     2798 			skb_queue_walk_safe(list, p, tmp) {
> >>     2799 				if (p = head)
> > 
> > One of the weak points of Smatch is how it parses lists...  Also it
> > doesn't have any implications for this if (p = head) condition.
> 
> This is where things break down.  That queue walker macro on line 2798
> re-assigns 'p'.  The code marches over the list and says "anything that
> still exists up to (but not including) the head for this completed
> packet is trash."  Note that *NOTHING* here is harming 'head' or
> anything in the list that follows that buffer -- which includes 'tail.'

Crud...  I can't believe I misread this code twice.

I'm not actually sure why Smatch doesn't get this correct.  I wanted to
blame it on the new unpublished bits but even the published code is
buggy.  :/  I will investigate and fix this.

Thanks for taking the time on this.

regards,
dan carpenter

next prev parent reply	other threads:[~2021-08-02 11:43 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-29 14:16 [bug report] ppp: fix 'ppp_mp_reconstruct bad seq' errors Dan Carpenter
2021-07-29 21:08 ` James Carlson
2021-07-30  8:48 ` Dan Carpenter
2021-07-30 17:15 ` James Carlson
2021-07-31 18:36 ` James Carlson
2021-08-02 11:43 ` Dan Carpenter [this message]
2021-08-02 12:37 ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210802114321.GH25548@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=linux-ppp@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.