From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: Re: [PATCH net] net: netfilter: Fix use-after-free in get_info()
Date: Thu, 24 Oct 2024 01:07:40 +0800 [thread overview]
Message-ID: <202410240020.Cqi2d68p-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
In-Reply-To: <20241022085753.2069639-1-dongchenchen2@huawei.com>
References: <20241022085753.2069639-1-dongchenchen2@huawei.com>
TO: Dong Chenchen <dongchenchen2@huawei.com>
TO: pablo@netfilter.org
TO: kadlec@netfilter.org
TO: davem@davemloft.net
TO: edumazet@google.com
TO: kuba@kernel.org
TO: pabeni@redhat.com
TO: fw@strlen.de
TO: kuniyu@amazon.com
CC: netfilter-devel@vger.kernel.org
CC: netdev@vger.kernel.org
CC: yuehaibing@huawei.com
CC: Dong Chenchen <dongchenchen2@huawei.com>
Hi Dong,
kernel test robot noticed the following build warnings:
[auto build test WARNING on net/main]
url: https://github.com/intel-lab-lkp/linux/commits/Dong-Chenchen/net-netfilter-Fix-use-after-free-in-get_info/20241022-165936
base: net/main
patch link: https://lore.kernel.org/r/20241022085753.2069639-1-dongchenchen2%40huawei.com
patch subject: [PATCH net] net: netfilter: Fix use-after-free in get_info()
:::::: branch date: 32 hours ago
:::::: commit date: 32 hours ago
config: x86_64-randconfig-161-20241023 (https://download.01.org/0day-ci/archive/20241024/202410240020.Cqi2d68p-lkp@intel.com/config)
compiler: clang version 18.1.8 (https://github.com/llvm/llvm-project 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202410240020.Cqi2d68p-lkp@intel.com/
smatch warnings:
net/netfilter/x_tables.c:1280 xt_find_table_lock() warn: passing zero to 'ERR_PTR'
vim +/ERR_PTR +1280 net/netfilter/x_tables.c
1ef4d6d1af2d0c Florian Westphal 2021-04-21 1233
03d13b6868a261 Florian Westphal 2017-12-08 1234 /* Find table by name, grabs mutex & ref. Returns ERR_PTR on error. */
76108cea065cda Jan Engelhardt 2008-10-08 1235 struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
76108cea065cda Jan Engelhardt 2008-10-08 1236 const char *name)
2e4e6a17af35be Harald Welte 2006-01-12 1237 {
1d610d4d31a8ed Florian Westphal 2021-04-01 1238 struct xt_pernet *xt_net = net_generic(net, xt_pernet_id);
fdacd57c79b79a Florian Westphal 2021-08-03 1239 struct module *owner = NULL;
fdacd57c79b79a Florian Westphal 2021-08-03 1240 struct xt_template *tmpl;
fdacd57c79b79a Florian Westphal 2021-08-03 1241 struct xt_table *t;
f4f502d5a8ea29 Dong Chenchen 2024-10-22 1242 int err = -ENOENT;
2e4e6a17af35be Harald Welte 2006-01-12 1243
7926dbfa4bc14e Pablo Neira Ayuso 2014-07-31 1244 mutex_lock(&xt[af].mutex);
1d610d4d31a8ed Florian Westphal 2021-04-01 1245 list_for_each_entry(t, &xt_net->tables[af], list)
2e4e6a17af35be Harald Welte 2006-01-12 1246 if (strcmp(t->name, name) == 0 && try_module_get(t->me))
2e4e6a17af35be Harald Welte 2006-01-12 1247 return t;
b9e69e12739718 Florian Westphal 2016-02-25 1248
fdacd57c79b79a Florian Westphal 2021-08-03 1249 /* Table doesn't exist in this netns, check larval list */
fdacd57c79b79a Florian Westphal 2021-08-03 1250 list_for_each_entry(tmpl, &xt_templates[af], list) {
fdacd57c79b79a Florian Westphal 2021-08-03 1251 if (strcmp(tmpl->name, name))
b9e69e12739718 Florian Westphal 2016-02-25 1252 continue;
fdacd57c79b79a Florian Westphal 2021-08-03 1253 if (!try_module_get(tmpl->me))
03d13b6868a261 Florian Westphal 2017-12-08 1254 goto out;
fdacd57c79b79a Florian Westphal 2021-08-03 1255
fdacd57c79b79a Florian Westphal 2021-08-03 1256 owner = tmpl->me;
fdacd57c79b79a Florian Westphal 2021-08-03 1257
b9e69e12739718 Florian Westphal 2016-02-25 1258 mutex_unlock(&xt[af].mutex);
fdacd57c79b79a Florian Westphal 2021-08-03 1259 err = tmpl->table_init(net);
03d13b6868a261 Florian Westphal 2017-12-08 1260 if (err < 0) {
fdacd57c79b79a Florian Westphal 2021-08-03 1261 module_put(owner);
03d13b6868a261 Florian Westphal 2017-12-08 1262 return ERR_PTR(err);
b9e69e12739718 Florian Westphal 2016-02-25 1263 }
b9e69e12739718 Florian Westphal 2016-02-25 1264
b9e69e12739718 Florian Westphal 2016-02-25 1265 mutex_lock(&xt[af].mutex);
b9e69e12739718 Florian Westphal 2016-02-25 1266 break;
b9e69e12739718 Florian Westphal 2016-02-25 1267 }
b9e69e12739718 Florian Westphal 2016-02-25 1268
f4f502d5a8ea29 Dong Chenchen 2024-10-22 1269 if (err < 0)
f4f502d5a8ea29 Dong Chenchen 2024-10-22 1270 goto out;
f4f502d5a8ea29 Dong Chenchen 2024-10-22 1271
b9e69e12739718 Florian Westphal 2016-02-25 1272 /* and once again: */
1d610d4d31a8ed Florian Westphal 2021-04-01 1273 list_for_each_entry(t, &xt_net->tables[af], list)
b9e69e12739718 Florian Westphal 2016-02-25 1274 if (strcmp(t->name, name) == 0)
b9e69e12739718 Florian Westphal 2016-02-25 1275 return t;
b9e69e12739718 Florian Westphal 2016-02-25 1276
fdacd57c79b79a Florian Westphal 2021-08-03 1277 module_put(owner);
b9e69e12739718 Florian Westphal 2016-02-25 1278 out:
9e19bb6d7a0959 Ingo Molnar 2006-03-25 1279 mutex_unlock(&xt[af].mutex);
f4f502d5a8ea29 Dong Chenchen 2024-10-22 @1280 return ERR_PTR(err);
2e4e6a17af35be Harald Welte 2006-01-12 1281 }
2e4e6a17af35be Harald Welte 2006-01-12 1282 EXPORT_SYMBOL_GPL(xt_find_table_lock);
2e4e6a17af35be Harald Welte 2006-01-12 1283
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-10-23 17:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-23 17:07 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-10-23 1:28 [PATCH net] net: netfilter: Fix use-after-free in get_info() dongchenchen (A)
2024-10-22 8:57 Dong Chenchen
2024-10-22 9:22 ` Yue Haibing
2024-10-22 9:48 ` Florian Westphal
2024-10-23 7:03 ` dongchenchen (A)
2024-10-22 15:33 ` Simon Horman
2024-10-23 6:32 ` dongchenchen (A)
2024-10-23 6:52 ` dongchenchen (A)
2024-10-23 17:16 ` Dan Carpenter
2024-10-24 1:57 ` dongchenchen (A)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202410240020.Cqi2d68p-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.