From: Petr Machata <petrm@nvidia.com>
To: Dan Carpenter <error27@gmail.com>
Cc: Petr Machata <petrm@nvidia.com>,
Daniel Machon <daniel.machon@microchip.com>,
<netdev@vger.kernel.org>, <davem@davemloft.net>,
<edumazet@google.com>, <kuba@kernel.org>, <pabeni@redhat.com>,
<lars.povlsen@microchip.com>, <Steen.Hegelund@microchip.com>,
<UNGLinuxDriver@microchip.com>, <joe@perches.com>,
<horatiu.vultur@microchip.com>, <Julia.Lawall@inria.fr>,
<vladimir.oltean@nxp.com>, <maxime.chevallier@bootlin.com>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net-next v2 3/6] net: dcb: add new rewrite table
Date: Thu, 19 Jan 2023 10:38:03 +0100 [thread overview]
Message-ID: <87wn5i7soz.fsf@nvidia.com> (raw)
In-Reply-To: <Y8gLRF7/0sttKkPx@kadam>
Dan Carpenter <error27@gmail.com> writes:
> On Wed, Jan 18, 2023 at 11:54:23AM +0100, Petr Machata wrote:
>> > +
>> > + spin_lock_bh(&dcb_lock);
>> > + list_for_each_entry(itr, &dcb_rewr_list, list) {
>> > + if (itr->ifindex == netdev->ifindex) {
>> > + enum ieee_attrs_app type =
>> > + dcbnl_app_attr_type_get(itr->app.selector);
>> > + err = nla_put(skb, type, sizeof(itr->app), &itr->app);
>> > + if (err) {
>> > + spin_unlock_bh(&dcb_lock);
>>
>> This should cancel the nest started above.
>>
>
> If you see a bug like this, you may as well ask Julia or me to add a
> static checker warning for it. We're both already on the CC list but we
> might not be following the conversation closely...
I'll try to remember next time.
> In Smatch, I thought it would be easy but it turned out I need to add
> a hack around to change the second nla_nest_start_noflag() from unknown
> to valid pointer.
>
> diff --git a/check_unwind.c b/check_unwind.c
> index a397afd2346b..3128476cbeb6 100644
> --- a/check_unwind.c
> +++ b/check_unwind.c
> @@ -94,6 +94,11 @@ static struct ref_func_info func_table[] = {
>
> { "ieee80211_alloc_hw", ALLOC, -1, "$", &valid_ptr_min_sval, &valid_ptr_max_sval },
> { "ieee80211_free_hw", RELEASE, 0, "$" },
> +
> + { "nla_nest_start_noflag", ALLOC, 0, "$", &valid_ptr_min_sval, &valid_ptr_max_sval },
> + { "nla_nest_start", ALLOC, 0, "$", &valid_ptr_min_sval, &valid_ptr_max_sval },
> + { "nla_nest_end", RELEASE, 0, "$" },
> + { "nla_nest_cancel", RELEASE, 0, "$" },
> };
>
> static struct smatch_state *unmatched_state(struct sm_state *sm)
> diff --git a/smatch_data/db/kernel.return_fixes b/smatch_data/db/kernel.return_fixes
> index fa4ed4ba5f0f..4782c5e10cdb 100644
> --- a/smatch_data/db/kernel.return_fixes
> +++ b/smatch_data/db/kernel.return_fixes
> @@ -90,3 +90,4 @@ dma_resv_wait_timeout s64min-(-1),1-s64max 1-s64max[<=$3]
> mmc_io_rw_direct_host s32min-(-1),1-s32max (-4095)-(-1)
> ad3552r_transfer s32min-(-1),1-s32max (-4095)-(-1)
> adin1110_read_reg s32min-(-1),1-s32max (-4095)-(-1)
> +nla_nest_start_noflag 0-u64max 4096-ptr_max
>
> Unfortunately, there is something weird going on and only my unreleased
> version of Smatch finds the bug:
>
> net/dcb/dcbnl.c:1306 dcbnl_ieee_fill() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1160,1171,1184,1197,1207,1217,1222,1232,1257.
> net/dcb/dcbnl.c:1502 dcbnl_cee_fill() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1502.
Looking at a couple of those, yeah, it looks legit. Those are missing
the cancel on error returns.
> I have been working on that check recently... Both the released and
> unreleased versions of Smatch have the following complaints:
>
> net/dcb/dcbnl.c:400 dcbnl_getnumtcs() warn: 'skb' from nla_nest_start_noflag() not released on lines: 396.
> net/dcb/dcbnl.c:1061 dcbnl_build_peer_app() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1061.
> net/dcb/dcbnl.c:1359 dcbnl_cee_pg_fill() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1324,1342.
Likewise. Strange that each version reports a different subset. Or is
that just selective quoting?
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Petr Machata <petrm@nvidia.com>
To: Dan Carpenter <error27@gmail.com>
Cc: Petr Machata <petrm@nvidia.com>,
Daniel Machon <daniel.machon@microchip.com>,
<netdev@vger.kernel.org>, <davem@davemloft.net>,
<edumazet@google.com>, <kuba@kernel.org>, <pabeni@redhat.com>,
<lars.povlsen@microchip.com>, <Steen.Hegelund@microchip.com>,
<UNGLinuxDriver@microchip.com>, <joe@perches.com>,
<horatiu.vultur@microchip.com>, <Julia.Lawall@inria.fr>,
<vladimir.oltean@nxp.com>, <maxime.chevallier@bootlin.com>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net-next v2 3/6] net: dcb: add new rewrite table
Date: Thu, 19 Jan 2023 10:38:03 +0100 [thread overview]
Message-ID: <87wn5i7soz.fsf@nvidia.com> (raw)
In-Reply-To: <Y8gLRF7/0sttKkPx@kadam>
Dan Carpenter <error27@gmail.com> writes:
> On Wed, Jan 18, 2023 at 11:54:23AM +0100, Petr Machata wrote:
>> > +
>> > + spin_lock_bh(&dcb_lock);
>> > + list_for_each_entry(itr, &dcb_rewr_list, list) {
>> > + if (itr->ifindex == netdev->ifindex) {
>> > + enum ieee_attrs_app type =
>> > + dcbnl_app_attr_type_get(itr->app.selector);
>> > + err = nla_put(skb, type, sizeof(itr->app), &itr->app);
>> > + if (err) {
>> > + spin_unlock_bh(&dcb_lock);
>>
>> This should cancel the nest started above.
>>
>
> If you see a bug like this, you may as well ask Julia or me to add a
> static checker warning for it. We're both already on the CC list but we
> might not be following the conversation closely...
I'll try to remember next time.
> In Smatch, I thought it would be easy but it turned out I need to add
> a hack around to change the second nla_nest_start_noflag() from unknown
> to valid pointer.
>
> diff --git a/check_unwind.c b/check_unwind.c
> index a397afd2346b..3128476cbeb6 100644
> --- a/check_unwind.c
> +++ b/check_unwind.c
> @@ -94,6 +94,11 @@ static struct ref_func_info func_table[] = {
>
> { "ieee80211_alloc_hw", ALLOC, -1, "$", &valid_ptr_min_sval, &valid_ptr_max_sval },
> { "ieee80211_free_hw", RELEASE, 0, "$" },
> +
> + { "nla_nest_start_noflag", ALLOC, 0, "$", &valid_ptr_min_sval, &valid_ptr_max_sval },
> + { "nla_nest_start", ALLOC, 0, "$", &valid_ptr_min_sval, &valid_ptr_max_sval },
> + { "nla_nest_end", RELEASE, 0, "$" },
> + { "nla_nest_cancel", RELEASE, 0, "$" },
> };
>
> static struct smatch_state *unmatched_state(struct sm_state *sm)
> diff --git a/smatch_data/db/kernel.return_fixes b/smatch_data/db/kernel.return_fixes
> index fa4ed4ba5f0f..4782c5e10cdb 100644
> --- a/smatch_data/db/kernel.return_fixes
> +++ b/smatch_data/db/kernel.return_fixes
> @@ -90,3 +90,4 @@ dma_resv_wait_timeout s64min-(-1),1-s64max 1-s64max[<=$3]
> mmc_io_rw_direct_host s32min-(-1),1-s32max (-4095)-(-1)
> ad3552r_transfer s32min-(-1),1-s32max (-4095)-(-1)
> adin1110_read_reg s32min-(-1),1-s32max (-4095)-(-1)
> +nla_nest_start_noflag 0-u64max 4096-ptr_max
>
> Unfortunately, there is something weird going on and only my unreleased
> version of Smatch finds the bug:
>
> net/dcb/dcbnl.c:1306 dcbnl_ieee_fill() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1160,1171,1184,1197,1207,1217,1222,1232,1257.
> net/dcb/dcbnl.c:1502 dcbnl_cee_fill() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1502.
Looking at a couple of those, yeah, it looks legit. Those are missing
the cancel on error returns.
> I have been working on that check recently... Both the released and
> unreleased versions of Smatch have the following complaints:
>
> net/dcb/dcbnl.c:400 dcbnl_getnumtcs() warn: 'skb' from nla_nest_start_noflag() not released on lines: 396.
> net/dcb/dcbnl.c:1061 dcbnl_build_peer_app() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1061.
> net/dcb/dcbnl.c:1359 dcbnl_cee_pg_fill() warn: 'skb' from nla_nest_start_noflag() not released on lines: 1324,1342.
Likewise. Strange that each version reports a different subset. Or is
that just selective quoting?
next prev parent reply other threads:[~2023-01-19 9:58 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-16 14:48 [PATCH net-next v2 0/6] Introduce new DCB rewrite table Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-16 14:48 ` [PATCH net-next v2 1/6] net: dcb: modify dcb_app_add to take list_head ptr as parameter Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-18 11:02 ` Petr Machata
2023-01-18 11:02 ` Petr Machata
2023-01-16 14:48 ` [PATCH net-next v2 2/6] net: dcb: add new common function for set/del of app/rewr entries Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-18 10:26 ` Petr Machata
2023-01-18 10:26 ` Petr Machata
2023-01-18 11:03 ` Petr Machata
2023-01-18 11:03 ` Petr Machata
2023-01-18 13:56 ` Daniel.Machon
2023-01-18 13:56 ` Daniel.Machon
2023-01-18 15:42 ` Petr Machata
2023-01-18 15:42 ` Petr Machata
2023-01-16 14:48 ` [PATCH net-next v2 3/6] net: dcb: add new rewrite table Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-18 10:54 ` Petr Machata
2023-01-18 10:54 ` Petr Machata
2023-01-18 13:47 ` Daniel.Machon
2023-01-18 13:47 ` Daniel.Machon
2023-01-18 15:20 ` Petr Machata
2023-01-18 15:20 ` Petr Machata
2023-01-18 15:07 ` Dan Carpenter
2023-01-18 15:07 ` Dan Carpenter
2023-01-18 15:11 ` Dan Carpenter
2023-01-18 15:11 ` Dan Carpenter
2023-01-19 9:38 ` Petr Machata [this message]
2023-01-19 9:38 ` Petr Machata
2023-01-16 14:48 ` [PATCH net-next v2 4/6] net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-18 11:01 ` Petr Machata
2023-01-18 11:01 ` Petr Machata
2023-01-16 14:48 ` [PATCH net-next v2 5/6] net: microchip: sparx5: add support for PCP rewrite Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-16 14:48 ` [PATCH net-next v2 6/6] net: microchip: sparx5: add support for DSCP rewrite Daniel Machon
2023-01-16 14:48 ` Daniel Machon
2023-01-18 11:00 ` [PATCH net-next v2 0/6] Introduce new DCB rewrite table Simon Horman
2023-01-18 11:00 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wn5i7soz.fsf@nvidia.com \
--to=petrm@nvidia.com \
--cc=Julia.Lawall@inria.fr \
--cc=Steen.Hegelund@microchip.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=daniel.machon@microchip.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=error27@gmail.com \
--cc=horatiu.vultur@microchip.com \
--cc=joe@perches.com \
--cc=kuba@kernel.org \
--cc=lars.povlsen@microchip.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maxime.chevallier@bootlin.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=vladimir.oltean@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.