Message ID | 11073635016901e9e84c2f34f20d412073b26297.1526565461.git.gustavo@embeddedor.com |
---|---|
State | Accepted, archived |
Delegated to: | BPF Maintainers |
Headers | show |
Series | bpf: sockmap, fix uninitialized variable and double-free | expand |
On 05/17/2018 07:08 AM, Gustavo A. R. Silva wrote: > There is a potential execution path in which variable err is > returned without being properly initialized previously. > > Fix this by initializing variable err to 0. > > Addresses-Coverity-ID: 1468964 ("Uninitialized scalar variable") > Fixes: e5cd3abcb31a ("bpf: sockmap, refactor sockmap routines to work > with hashmap") > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > --- > kernel/bpf/sockmap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c > index c6de139..41b41fc 100644 > --- a/kernel/bpf/sockmap.c > +++ b/kernel/bpf/sockmap.c > @@ -1713,7 +1713,7 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map, > struct smap_psock_map_entry *e = NULL; > struct smap_psock *psock; > bool new = false; > - int err; > + int err = 0; > > /* 1. If sock map has BPF programs those will be inherited by the > * sock being added. If the sock is already attached to BPF programs > Thanks for catching this and the quick fix. The path to hit this case is to add a sock to a map (without a BPF program) where the sock already has been added to another map. I don't have any tests for the case with socks in multiple maps so I'll add some to the selftests so I remember this case. The alternative fix would be to always 'return 0' at the end of the function, but I think its probably better to init err here like above. Acked-by: John Fastabend <john.fastabend@gmail.com>
Hi John, On 05/17/2018 12:27 PM, John Fastabend wrote: > On 05/17/2018 07:08 AM, Gustavo A. R. Silva wrote: >> There is a potential execution path in which variable err is >> returned without being properly initialized previously. >> >> Fix this by initializing variable err to 0. >> >> Addresses-Coverity-ID: 1468964 ("Uninitialized scalar variable") >> Fixes: e5cd3abcb31a ("bpf: sockmap, refactor sockmap routines to work >> with hashmap") >> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> >> --- >> kernel/bpf/sockmap.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c >> index c6de139..41b41fc 100644 >> --- a/kernel/bpf/sockmap.c >> +++ b/kernel/bpf/sockmap.c >> @@ -1713,7 +1713,7 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map, >> struct smap_psock_map_entry *e = NULL; >> struct smap_psock *psock; >> bool new = false; >> - int err; >> + int err = 0; >> >> /* 1. If sock map has BPF programs those will be inherited by the >> * sock being added. If the sock is already attached to BPF programs >> > > Thanks for catching this and the quick fix. The path to hit this case > is to add a sock to a map (without a BPF program) where the sock already > has been added to another map. I don't have any tests for the case with > socks in multiple maps so I'll add some to the selftests so I remember > this case. > Glad to help. :) > The alternative fix would be to always 'return 0' at the end of the > function, but I think its probably better to init err here like above. > Yeah. I think initializing err is better in this case. > Acked-by: John Fastabend <john.fastabend@gmail.com> > Thank you -- Gustavo
diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c index c6de139..41b41fc 100644 --- a/kernel/bpf/sockmap.c +++ b/kernel/bpf/sockmap.c @@ -1713,7 +1713,7 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map, struct smap_psock_map_entry *e = NULL; struct smap_psock *psock; bool new = false; - int err; + int err = 0; /* 1. If sock map has BPF programs those will be inherited by the * sock being added. If the sock is already attached to BPF programs
There is a potential execution path in which variable err is returned without being properly initialized previously. Fix this by initializing variable err to 0. Addresses-Coverity-ID: 1468964 ("Uninitialized scalar variable") Fixes: e5cd3abcb31a ("bpf: sockmap, refactor sockmap routines to work with hashmap") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- kernel/bpf/sockmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)