From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Fastabend <john.fastabend@gmail.com>
Subject: Re: [PATCH 1/2] bpf: sockmap, fix uninitialized variable
Date: Thu, 17 May 2018 10:27:32 -0700
Message-ID: <dd511eb3-abbf-1822-8bcc-7bcc6ca68b6c@gmail.com>
References: <cover.1526565461.git.gustavo@embeddedor.com>
 <11073635016901e9e84c2f34f20d412073b26297.1526565461.git.gustavo@embeddedor.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
To: "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <11073635016901e9e84c2f34f20d412073b26297.1526565461.git.gustavo@embeddedor.com>
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

On 05/17/2018 07:08 AM, Gustavo A. R. Silva wrote:
> There is a potential execution path in which variable err is
> returned without being properly initialized previously.
> 
> Fix this by initializing variable err to 0.
> 
> Addresses-Coverity-ID: 1468964 ("Uninitialized scalar variable")
> Fixes: e5cd3abcb31a ("bpf: sockmap, refactor sockmap routines to work
> with hashmap")
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
>  kernel/bpf/sockmap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
> index c6de139..41b41fc 100644
> --- a/kernel/bpf/sockmap.c
> +++ b/kernel/bpf/sockmap.c
> @@ -1713,7 +1713,7 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map,
>  	struct smap_psock_map_entry *e = NULL;
>  	struct smap_psock *psock;
>  	bool new = false;
> -	int err;
> +	int err = 0;
>  
>  	/* 1. If sock map has BPF programs those will be inherited by the
>  	 * sock being added. If the sock is already attached to BPF programs
> 

Thanks for catching this and the quick fix. The path to hit this case
is to add a sock to a map (without a BPF program) where the sock already
has been added to another map. I don't have any tests for the case with
socks in multiple maps so I'll add some to the selftests so I remember
this case.

The alternative fix would be to always 'return 0' at the end of the
function, but I think its probably better to init err here like above.

Acked-by: John Fastabend <john.fastabend@gmail.com>