Re: [PATCH] tcp: fix race condition when creating child sockets from syncookies

From: Dan Carpenter
Date: Mon Oct 26 2020 - 04:28:19 EST


Hi Ricardo,

url: https://github.com/0day-ci/linux/commits/Ricardo-Dias/tcp-fix-race-condition-when-creating-child-sockets-from-syncookies/20201023-191433
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git 105faa8742437c28815b2a3eb8314ebc5fd9288c
config: i386-randconfig-m021-20201022 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
net/ipv4/inet_hashtables.c:570 inet_ehash_insert_chk_dup() error: uninitialized symbol 'dif'.

vim +/dif +570 net/ipv4/inet_hashtables.c

35d7202175fe2c3 Ricardo Dias 2020-10-23 544 struct sock *inet_ehash_insert_chk_dup(struct sock *sk)
35d7202175fe2c3 Ricardo Dias 2020-10-23 545 {
35d7202175fe2c3 Ricardo Dias 2020-10-23 546 struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
35d7202175fe2c3 Ricardo Dias 2020-10-23 547 struct hlist_nulls_head *list;
35d7202175fe2c3 Ricardo Dias 2020-10-23 548 struct inet_ehash_bucket *head;
35d7202175fe2c3 Ricardo Dias 2020-10-23 549 const struct hlist_nulls_node *node;
35d7202175fe2c3 Ricardo Dias 2020-10-23 550 struct sock *esk;
35d7202175fe2c3 Ricardo Dias 2020-10-23 551 spinlock_t *lock; /* protects hashinfo socket entry */
35d7202175fe2c3 Ricardo Dias 2020-10-23 552 struct net *net = sock_net(sk);
35d7202175fe2c3 Ricardo Dias 2020-10-23 553 const int dif, sdif = sk->sk_bound_dev_if;
^^^^^^^
"dif" is never initialized.

35d7202175fe2c3 Ricardo Dias 2020-10-23 554
35d7202175fe2c3 Ricardo Dias 2020-10-23 555 INET_ADDR_COOKIE(acookie, sk->sk_daddr, sk->sk_rcv_saddr);
35d7202175fe2c3 Ricardo Dias 2020-10-23 556 const __portpair ports = INET_COMBINED_PORTS(sk->sk_dport, sk->sk_num);
35d7202175fe2c3 Ricardo Dias 2020-10-23 557
35d7202175fe2c3 Ricardo Dias 2020-10-23 558 WARN_ON_ONCE(!sk_unhashed(sk));
35d7202175fe2c3 Ricardo Dias 2020-10-23 559
35d7202175fe2c3 Ricardo Dias 2020-10-23 560 sk->sk_hash = sk_ehashfn(sk);
35d7202175fe2c3 Ricardo Dias 2020-10-23 561 head = inet_ehash_bucket(hashinfo, sk->sk_hash);
35d7202175fe2c3 Ricardo Dias 2020-10-23 562 list = &head->chain;
35d7202175fe2c3 Ricardo Dias 2020-10-23 563 lock = inet_ehash_lockp(hashinfo, sk->sk_hash);
35d7202175fe2c3 Ricardo Dias 2020-10-23 564
35d7202175fe2c3 Ricardo Dias 2020-10-23 565 spin_lock(lock);
35d7202175fe2c3 Ricardo Dias 2020-10-23 566 begin:
35d7202175fe2c3 Ricardo Dias 2020-10-23 567 sk_nulls_for_each_rcu(esk, node, list) {
35d7202175fe2c3 Ricardo Dias 2020-10-23 568 if (esk->sk_hash != sk->sk_hash)
35d7202175fe2c3 Ricardo Dias 2020-10-23 569 continue;
35d7202175fe2c3 Ricardo Dias 2020-10-23 @570 if (likely(INET_MATCH(esk, net, acookie,
35d7202175fe2c3 Ricardo Dias 2020-10-23 571 sk->sk_daddr, sk->sk_rcv_saddr, ports,
35d7202175fe2c3 Ricardo Dias 2020-10-23 572 dif, sdif))) {
^^^
warning.

35d7202175fe2c3 Ricardo Dias 2020-10-23 573 if (unlikely(!refcount_inc_not_zero(&esk->sk_refcnt)))
35d7202175fe2c3 Ricardo Dias 2020-10-23 574 goto out;
35d7202175fe2c3 Ricardo Dias 2020-10-23 575 if (unlikely(!INET_MATCH(esk, net, acookie,
35d7202175fe2c3 Ricardo Dias 2020-10-23 576 sk->sk_daddr,
35d7202175fe2c3 Ricardo Dias 2020-10-23 577 sk->sk_rcv_saddr, ports,
35d7202175fe2c3 Ricardo Dias 2020-10-23 578 dif, sdif))) {
35d7202175fe2c3 Ricardo Dias 2020-10-23 579 sock_gen_put(esk);
35d7202175fe2c3 Ricardo Dias 2020-10-23 580 goto begin;
35d7202175fe2c3 Ricardo Dias 2020-10-23 581 }
35d7202175fe2c3 Ricardo Dias 2020-10-23 582 goto found;
35d7202175fe2c3 Ricardo Dias 2020-10-23 583 }
35d7202175fe2c3 Ricardo Dias 2020-10-23 584 }
35d7202175fe2c3 Ricardo Dias 2020-10-23 585 out:
35d7202175fe2c3 Ricardo Dias 2020-10-23 586 esk = NULL;
35d7202175fe2c3 Ricardo Dias 2020-10-23 587 __sk_nulls_add_node_rcu(sk, list);
35d7202175fe2c3 Ricardo Dias 2020-10-23 588 found:
35d7202175fe2c3 Ricardo Dias 2020-10-23 589 spin_unlock(lock);
35d7202175fe2c3 Ricardo Dias 2020-10-23 590 if (esk) {
35d7202175fe2c3 Ricardo Dias 2020-10-23 591 percpu_counter_inc(sk->sk_prot->orphan_count);
35d7202175fe2c3 Ricardo Dias 2020-10-23 592 inet_sk_set_state(sk, TCP_CLOSE);
35d7202175fe2c3 Ricardo Dias 2020-10-23 593 sock_set_flag(sk, SOCK_DEAD);
35d7202175fe2c3 Ricardo Dias 2020-10-23 594 inet_csk_destroy_sock(sk);
35d7202175fe2c3 Ricardo Dias 2020-10-23 595 }
35d7202175fe2c3 Ricardo Dias 2020-10-23 596 return esk;
35d7202175fe2c3 Ricardo Dias 2020-10-23 597 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip