From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: Re: [PATCH net 2/2] ipv4: make exception cache less predictible
Date: Tue, 31 Aug 2021 01:43:13 +0800 [thread overview]
Message-ID: <202108310136.TL90plMR-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 16586 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
In-Reply-To: <20210829221615.2057201-3-eric.dumazet@gmail.com>
References: <20210829221615.2057201-3-eric.dumazet@gmail.com>
TO: Eric Dumazet <eric.dumazet@gmail.com>
TO: "David S . Miller" <davem@davemloft.net>
TO: Jakub Kicinski <kuba@kernel.org>
CC: netdev <netdev@vger.kernel.org>
CC: Eric Dumazet <edumazet@google.com>
CC: Willy Tarreau <w@1wt.eu>
CC: Keyu Man <kman001@ucr.edu>
CC: David Ahern <dsahern@kernel.org>
Hi Eric,
I love your patch! Perhaps something to improve:
[auto build test WARNING on net/master]
url: https://github.com/0day-ci/linux/commits/Eric-Dumazet/inet-make-exception-handling-less-predictible/20210830-061726
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git 57f780f1c43362b86fd23d20bd940e2468237716
:::::: branch date: 19 hours ago
:::::: commit date: 19 hours ago
config: x86_64-randconfig-c007-20210830 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 4b1fde8a2b681dad2ce0c082a5d6422caa06b0bc)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/adf305d00ec06cb771dc960f0d7bd62d07561371
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Eric-Dumazet/inet-make-exception-handling-less-predictible/20210830-061726
git checkout adf305d00ec06cb771dc960f0d7bd62d07561371
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~~~~~~
net/ipv6/addrconf.c:3543:4: note: Taking false branch
if (!IS_ERR_OR_NULL(idev)) {
^
net/ipv6/addrconf.c:3577:3: note: Control jumps to the 'default' case at line 3592
switch (dev->type) {
^
net/ipv6/addrconf.c:3594:4: note: Execution continues on line 3597
break;
^
net/ipv6/addrconf.c:3597:7: note: Assuming the condition is true
if (!IS_ERR_OR_NULL(idev)) {
^~~~~~~~~~~~~~~~~~~~~
net/ipv6/addrconf.c:3597:3: note: Taking true branch
if (!IS_ERR_OR_NULL(idev)) {
^
net/ipv6/addrconf.c:3598:8: note: 'run_pending' is 0
if (run_pending)
^~~~~~~~~~~
net/ipv6/addrconf.c:3598:4: note: Taking false branch
if (run_pending)
^
net/ipv6/addrconf.c:3609:8: note: Dereference of null pointer
if (idev->cnf.mtu6 != dev->mtu &&
^~~~~~~~~~~~~~
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
15 warnings generated.
net/ipv6/sit.c:275:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(parms->name, dev->name);
^~~~~~
net/ipv6/sit.c:275:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(parms->name, dev->name);
^~~~~~
net/ipv6/sit.c:339:4: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = -ENOMEM;
^ ~~~~~~~
net/ipv6/sit.c:339:4: note: Value stored to 'ret' is never read
ret = -ENOMEM;
^ ~~~~~~~
net/ipv6/sit.c:1451:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(tunnel->parms.name, dev->name);
^~~~~~
net/ipv6/sit.c:1451:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(tunnel->parms.name, dev->name);
^~~~~~
net/ipv6/sit.c:1930:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(t->parms.name, sitn->fb_tunnel_dev->name);
^~~~~~
net/ipv6/sit.c:1930:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(t->parms.name, sitn->fb_tunnel_dev->name);
^~~~~~
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
14 warnings generated.
>> net/ipv4/route.c:575:7: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
rt = rcu_dereference(fnhe->fnhe_rth_input);
^
include/linux/rcupdate.h:596:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
^
include/linux/rcupdate.h:528:2: note: expanded from macro 'rcu_dereference_check'
__rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu)
^
include/linux/rcupdate.h:389:48: note: expanded from macro '__rcu_dereference_check'
typeof(*p) *________p1 = (typeof(*p) *__force)READ_ONCE(p); \
^
include/asm-generic/rwonce.h:50:2: note: expanded from macro 'READ_ONCE'
__READ_ONCE(x); \
^
include/asm-generic/rwonce.h:44:24: note: expanded from macro '__READ_ONCE'
#define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x))
^
net/ipv4/route.c:592:34: note: 'oldest' initialized to a null pointer value
struct fib_nh_exception *fnhe, *oldest = NULL;
^~~~~~
net/ipv4/route.c:594:2: note: Loop condition is true. Entering loop body
for (fnhe_p = &hash->chain; ; fnhe_p = &fnhe->fnhe_next) {
^
net/ipv4/route.c:595:10: note: Assuming the condition is false
fnhe = rcu_dereference_protected(*fnhe_p,
^
include/linux/rcupdate.h:587:2: note: expanded from macro 'rcu_dereference_protected'
__rcu_dereference_protected((p), (c), __rcu)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rcupdate.h:396:19: note: expanded from macro '__rcu_dereference_protected'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rcupdate.h:318:8: note: expanded from macro 'RCU_LOCKDEP_WARN'
if ((c) && debug_lockdep_rcu_enabled() && !__warned) { \
^
net/ipv4/route.c:595:10: note: Left side of '&&' is false
fnhe = rcu_dereference_protected(*fnhe_p,
^
include/linux/rcupdate.h:587:2: note: expanded from macro 'rcu_dereference_protected'
__rcu_dereference_protected((p), (c), __rcu)
^
include/linux/rcupdate.h:396:2: note: expanded from macro '__rcu_dereference_protected'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
^
include/linux/rcupdate.h:318:11: note: expanded from macro 'RCU_LOCKDEP_WARN'
if ((c) && debug_lockdep_rcu_enabled() && !__warned) { \
^
net/ipv4/route.c:595:10: note: Loop condition is false. Exiting loop
fnhe = rcu_dereference_protected(*fnhe_p,
^
include/linux/rcupdate.h:587:2: note: expanded from macro 'rcu_dereference_protected'
__rcu_dereference_protected((p), (c), __rcu)
^
include/linux/rcupdate.h:396:2: note: expanded from macro '__rcu_dereference_protected'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
^
include/linux/rcupdate.h:316:2: note: expanded from macro 'RCU_LOCKDEP_WARN'
do { \
^
net/ipv4/route.c:597:7: note: Assuming 'fnhe' is null
if (!fnhe)
^~~~~
net/ipv4/route.c:597:3: note: Taking true branch
if (!fnhe)
^
net/ipv4/route.c:598:4: note: Execution continues on line 605
break;
^
net/ipv4/route.c:605:20: note: Passing null pointer value via 1st parameter 'fnhe'
fnhe_flush_routes(oldest);
^~~~~~
net/ipv4/route.c:605:2: note: Calling 'fnhe_flush_routes'
fnhe_flush_routes(oldest);
^~~~~~~~~~~~~~~~~~~~~~~~~
net/ipv4/route.c:575:7: note: Left side of '||' is false
rt = rcu_dereference(fnhe->fnhe_rth_input);
^
include/linux/rcupdate.h:596:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
^
include/linux/rcupdate.h:528:2: note: expanded from macro 'rcu_dereference_check'
__rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu)
^
include/linux/rcupdate.h:389:48: note: expanded from macro '__rcu_dereference_check'
typeof(*p) *________p1 = (typeof(*p) *__force)READ_ONCE(p); \
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:290:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
net/ipv4/route.c:575:7: note: Left side of '||' is false
rt = rcu_dereference(fnhe->fnhe_rth_input);
^
include/linux/rcupdate.h:596:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
vim +575 net/ipv4/route.c
4895c771c7f006 David S. Miller 2012-07-17 570
2ffae99d1fac27 Timo Teräs 2013-06-27 571 static void fnhe_flush_routes(struct fib_nh_exception *fnhe)
2ffae99d1fac27 Timo Teräs 2013-06-27 572 {
2ffae99d1fac27 Timo Teräs 2013-06-27 573 struct rtable *rt;
2ffae99d1fac27 Timo Teräs 2013-06-27 574
2ffae99d1fac27 Timo Teräs 2013-06-27 @575 rt = rcu_dereference(fnhe->fnhe_rth_input);
2ffae99d1fac27 Timo Teräs 2013-06-27 576 if (rt) {
2ffae99d1fac27 Timo Teräs 2013-06-27 577 RCU_INIT_POINTER(fnhe->fnhe_rth_input, NULL);
95c47f9cf5e028 Wei Wang 2017-06-17 578 dst_dev_put(&rt->dst);
0830106c539001 Wei Wang 2017-06-17 579 dst_release(&rt->dst);
2ffae99d1fac27 Timo Teräs 2013-06-27 580 }
2ffae99d1fac27 Timo Teräs 2013-06-27 581 rt = rcu_dereference(fnhe->fnhe_rth_output);
2ffae99d1fac27 Timo Teräs 2013-06-27 582 if (rt) {
2ffae99d1fac27 Timo Teräs 2013-06-27 583 RCU_INIT_POINTER(fnhe->fnhe_rth_output, NULL);
95c47f9cf5e028 Wei Wang 2017-06-17 584 dst_dev_put(&rt->dst);
0830106c539001 Wei Wang 2017-06-17 585 dst_release(&rt->dst);
2ffae99d1fac27 Timo Teräs 2013-06-27 586 }
2ffae99d1fac27 Timo Teräs 2013-06-27 587 }
2ffae99d1fac27 Timo Teräs 2013-06-27 588
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 27600 bytes --]
next reply other threads:[~2021-08-30 17:43 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 17:43 kernel test robot [this message]
2021-08-31 7:48 ` [PATCH net 2/2] ipv4: make exception cache less predictible kernel test robot
2021-08-31 7:48 ` kernel test robot
2021-08-31 15:13 ` Eric Dumazet
2021-08-31 15:13 ` Eric Dumazet
2021-09-01 5:51 ` kernel test robot
2021-09-01 5:51 ` kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2021-08-30 2:39 kernel test robot
2021-08-30 11:34 ` Dan Carpenter
2021-08-30 11:34 ` Dan Carpenter
2021-08-29 22:16 [PATCH net 0/2] inet: make exception handling " Eric Dumazet
2021-08-29 22:16 ` [PATCH net 2/2] ipv4: make exception cache " Eric Dumazet
2021-08-30 0:40 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202108310136.TL90plMR-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.