[bug report] netfilter: nf_tables: add register tracking infrastructure

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org
Subject: [bug report] netfilter: nf_tables: add register tracking infrastructure
Date: Wed, 12 Jan 2022 14:16:08 +0300	[thread overview]
Message-ID: <20220112111608.GA3019@kili> (raw)

Hello Pablo Neira Ayuso,

The patch 12e4ecfa244b: "netfilter: nf_tables: add register tracking
infrastructure" from Jan 9, 2022, leads to the following Smatch
static checker warning:

	net/netfilter/nf_tables_api.c:8303 nf_tables_commit_chain_prepare()
	error: uninitialized symbol 'last'.

net/netfilter/nf_tables_api.c
    8259 static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *chain)
    8260 {
    8261         const struct nft_expr *expr, *last;
                                               ^^^^

    8262         struct nft_regs_track track = {};
    8263         unsigned int size, data_size;
    8264         void *data, *data_boundary;
    8265         struct nft_rule_dp *prule;
    8266         struct nft_rule *rule;
    8267         int i;
    8268 
    8269         /* already handled or inactive chain? */
    8270         if (chain->blob_next || !nft_is_active_next(net, chain))
    8271                 return 0;
    8272 
    8273         rule = list_entry(&chain->rules, struct nft_rule, list);
    8274         i = 0;
    8275 
    8276         list_for_each_entry_continue(rule, &chain->rules, list) {
    8277                 if (nft_is_active_next(net, rule)) {
    8278                         data_size += sizeof(*prule) + rule->dlen;
    8279                         if (data_size > INT_MAX)
    8280                                 return -ENOMEM;
    8281                 }
    8282         }
    8283         data_size += offsetof(struct nft_rule_dp, data);        /* last rule */
    8284 
    8285         chain->blob_next = nf_tables_chain_alloc_rules(data_size);
    8286         if (!chain->blob_next)
    8287                 return -ENOMEM;
    8288 
    8289         data = (void *)chain->blob_next->data;
    8290         data_boundary = data + data_size;
    8291         size = 0;
    8292 
    8293         list_for_each_entry_continue(rule, &chain->rules, list) {
    8294                 if (!nft_is_active_next(net, rule))
    8295                         continue;
    8296 
    8297                 prule = (struct nft_rule_dp *)data;
    8298                 data += offsetof(struct nft_rule_dp, data);
    8299                 if (WARN_ON_ONCE(data > data_boundary))
    8300                         return -ENOMEM;
    8301 
    8302                 size = 0;
--> 8303                 track.last = last;
                                      ^^^^
"last" is initialized on the next line

    8304                 nft_rule_for_each_expr(expr, last, rule) {
                                                      ^^^^
here

    8305                         track.cur = expr;
    8306 
    8307                         if (expr->ops->reduce &&
    8308                             expr->ops->reduce(&track, expr)) {
    8309                                 expr = track.cur;
    8310                                 continue;
    8311                         }
    8312 
    8313                         if (WARN_ON_ONCE(data + expr->ops->size > data_boundary))
    8314                                 return -ENOMEM;
    8315 
    8316                         memcpy(data + size, expr, expr->ops->size);
    8317                         size += expr->ops->size;
    8318                 }
    8319                 if (WARN_ON_ONCE(size >= 1 << 12))
    8320                         return -ENOMEM;
    8321 
    8322                 prule->handle = rule->handle;
    8323                 prule->dlen = size;
    8324                 prule->is_last = 0;
    8325 
    8326                 data += size;
    8327                 size = 0;
    8328                 chain->blob_next->size += (unsigned long)(data - (void *)prule);
    8329         }
    8330 
    8331         prule = (struct nft_rule_dp *)data;
    8332         data += offsetof(struct nft_rule_dp, data);
    8333         if (WARN_ON_ONCE(data > data_boundary))
    8334                 return -ENOMEM;
    8335 
    8336         nft_last_rule(chain->blob_next, prule);
    8337 
    8338         return 0;
    8339 }

regards,
dan carpenter

next             reply	other threads:[~2022-01-12 11:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-12 11:16 Dan Carpenter [this message]
2022-01-12 11:32 ` [bug report] netfilter: nf_tables: add register tracking infrastructure Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220112111608.GA3019@kili \
    --to=dan.carpenter@oracle.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.