CC: clang-built-linux(a)googlegroups.com CC: kbuild-all(a)lists.01.org In-Reply-To: <20210727001252.1287673-3-jiang.wang@bytedance.com> References: <20210727001252.1287673-3-jiang.wang@bytedance.com> TO: Jiang Wang TO: netdev(a)vger.kernel.org CC: cong.wang(a)bytedance.com CC: duanxiongchun(a)bytedance.com CC: xieyongji(a)bytedance.com CC: chaiwen.cc(a)bytedance.com CC: Jakub Kicinski CC: John Fastabend CC: Daniel Borkmann CC: Jakub Sitnicki CC: Lorenz Bauer Hi Jiang, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on bpf-next/master] url: https://github.com/0day-ci/linux/commits/Jiang-Wang/sockmap-add-sockmap-support-for-unix-stream-socket/20210727-081531 base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master :::::: branch date: 16 hours ago :::::: commit date: 16 hours ago config: x86_64-randconfig-c001-20210726 (attached as .config) compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project c658b472f3e61e1818e1909bf02f3d65470018a5) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://github.com/0day-ci/linux/commit/607ed02e3232aa57995e87230faad770b810a64a git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Jiang-Wang/sockmap-add-sockmap-support-for-unix-stream-socket/20210727-081531 git checkout 607ed02e3232aa57995e87230faad770b810a64a # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot clang-analyzer warnings: (new ones prefixed by >>) BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ net/bridge/br_multicast.c:970:3: note: Taking false branch hlist_for_each_entry(ent, &pg->src_list, node) { ^ include/linux/list.h:993:13: note: expanded from macro 'hlist_for_each_entry' for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\ ^ include/linux/list.h:983:15: note: expanded from macro 'hlist_entry_safe' ____ptr ? hlist_entry(____ptr, type, member) : NULL; \ ^ include/linux/list.h:972:40: note: expanded from macro 'hlist_entry' #define hlist_entry(ptr, type, member) container_of(ptr,type,member) ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:308:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ net/bridge/br_multicast.c:970:3: note: Loop condition is false. Exiting loop hlist_for_each_entry(ent, &pg->src_list, node) { ^ include/linux/list.h:993:13: note: expanded from macro 'hlist_for_each_entry' for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\ ^ include/linux/list.h:983:15: note: expanded from macro 'hlist_entry_safe' ____ptr ? hlist_entry(____ptr, type, member) : NULL; \ ^ include/linux/list.h:972:40: note: expanded from macro 'hlist_entry' #define hlist_entry(ptr, type, member) container_of(ptr,type,member) ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:306:2: note: expanded from macro '__compiletime_assert' do { \ ^ net/bridge/br_multicast.c:970:3: note: Loop condition is true. Entering loop body hlist_for_each_entry(ent, &pg->src_list, node) { ^ include/linux/list.h:993:2: note: expanded from macro 'hlist_for_each_entry' for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\ ^ net/bridge/br_multicast.c:971:21: note: Left side of '&&' is true if (over_llqt == time_after(ent->timer.expires, ^ include/linux/jiffies.h:105:3: note: expanded from macro 'time_after' (typecheck(unsigned long, a) && \ ^ include/linux/typecheck.h:9:27: note: expanded from macro 'typecheck' #define typecheck(type,x) \ ^ net/bridge/br_multicast.c:971:21: note: Left side of '&&' is true if (over_llqt == time_after(ent->timer.expires, ^ include/linux/jiffies.h:105:3: note: expanded from macro 'time_after' (typecheck(unsigned long, a) && \ ^ include/linux/typecheck.h:9:27: note: expanded from macro 'typecheck' #define typecheck(type,x) \ ^ net/bridge/br_multicast.c:971:21: note: The left operand of '-' is a garbage value if (over_llqt == time_after(ent->timer.expires, ^ include/linux/jiffies.h:107:15: note: expanded from macro 'time_after' ((long)((b) - (a)) < 0)) ~ ^ Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. >> net/unix/af_unix.c:837:7: warning: Access to field 'type' results in a dereference of a null pointer (loaded from variable 'sock') [clang-analyzer-core.NullDereference] if (sock->type == SOCK_STREAM) ^ net/unix/af_unix.c:1299:6: note: 'err' is >= 0 if (err < 0) ^~~ net/unix/af_unix.c:1299:2: note: Taking false branch if (err < 0) ^ net/unix/af_unix.c:1303:6: note: Assuming the condition is false if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1303:44: note: Left side of '&&' is false if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && ^ net/unix/af_unix.c:1317:37: note: Passing null pointer value via 2nd parameter 'sock' newsk = unix_create1(sock_net(sk), NULL, 0, sock->type); ^ include/linux/stddef.h:8:14: note: expanded from macro 'NULL' #define NULL ((void *)0) ^~~~~~~~~~~ net/unix/af_unix.c:1317:10: note: Calling 'unix_create1' newsk = unix_create1(sock_net(sk), NULL, 0, sock->type); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:828:6: note: Assuming the condition is false if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:828:2: note: Taking false branch if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) ^ net/unix/af_unix.c:831:6: note: Assuming 'type' is equal to 0 if (type != 0) { ^~~~~~~~~ net/unix/af_unix.c:831:2: note: Taking false branch if (type != 0) { ^ net/unix/af_unix.c:837:7: note: Access to field 'type' results in a dereference of a null pointer (loaded from variable 'sock') if (sock->type == SOCK_STREAM) ^~~~ net/unix/af_unix.c:1251:34: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] sk->sk_state = other->sk_state = TCP_ESTABLISHED; ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1189:6: note: Assuming the condition is false if (alen < offsetofend(struct sockaddr, sa_family)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1189:2: note: Taking false branch if (alen < offsetofend(struct sockaddr, sa_family)) ^ net/unix/af_unix.c:1192:6: note: Assuming field 'sa_family' is equal to AF_UNSPEC if (addr->sa_family != AF_UNSPEC) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1192:2: note: Taking false branch if (addr->sa_family != AF_UNSPEC) { ^ net/unix/af_unix.c:1228:3: note: Null pointer value stored to 'other' other = NULL; ^~~~~~~~~~~~ net/unix/af_unix.c:1235:6: note: Assuming field 'peer' is null if (unix_peer(sk)) { ^ net/unix/af_unix.c:180:23: note: expanded from macro 'unix_peer' #define unix_peer(sk) (unix_sk(sk)->peer) ^~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1235:2: note: Taking false branch if (unix_peer(sk)) { ^ net/unix/af_unix.c:1247:3: note: Calling 'unix_state_double_unlock' unix_state_double_unlock(sk, other); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1170:15: note: 'sk1' is not equal to 'sk2' if (unlikely(sk1 == sk2) || !sk2) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ net/unix/af_unix.c:1170:6: note: Left side of '||' is false if (unlikely(sk1 == sk2) || !sk2) { ^ include/linux/compiler.h:78:22: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ net/unix/af_unix.c:1170:31: note: 'sk2' is null if (unlikely(sk1 == sk2) || !sk2) { ^~~ net/unix/af_unix.c:1170:2: note: Taking true branch if (unlikely(sk1 == sk2) || !sk2) { ^ net/unix/af_unix.c:1171:3: note: Calling 'spin_unlock' unix_state_unlock(sk1); ^ include/net/af_unix.h:51:30: note: expanded from macro 'unix_state_unlock' #define unix_state_unlock(s) spin_unlock(&unix_sk(s)->lock) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/spinlock.h:394:2: note: Value assigned to field 'peer', which participates in a condition later raw_spin_unlock(&lock->rlock); ^ include/linux/spinlock.h:284:32: note: expanded from macro 'raw_spin_unlock' #define raw_spin_unlock(lock) _raw_spin_unlock(lock) ^~~~~~~~~~~~~~~~~~~~~~ net/unix/af_unix.c:1171:3: note: Returning from 'spin_unlock' unix_state_unlock(sk1); vim +837 net/unix/af_unix.c ^1da177e4c3f41 Linus Torvalds 2005-04-16 821 607ed02e3232aa Jiang Wang 2021-07-27 822 static struct sock *unix_create1(struct net *net, struct socket *sock, int kern, int type) ^1da177e4c3f41 Linus Torvalds 2005-04-16 823 { ^1da177e4c3f41 Linus Torvalds 2005-04-16 824 struct sock *sk = NULL; ^1da177e4c3f41 Linus Torvalds 2005-04-16 825 struct unix_sock *u; ^1da177e4c3f41 Linus Torvalds 2005-04-16 826 518de9b39e8545 Eric Dumazet 2010-10-26 827 atomic_long_inc(&unix_nr_socks); 518de9b39e8545 Eric Dumazet 2010-10-26 828 if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) ^1da177e4c3f41 Linus Torvalds 2005-04-16 829 goto out; ^1da177e4c3f41 Linus Torvalds 2005-04-16 830 607ed02e3232aa Jiang Wang 2021-07-27 831 if (type != 0) { 607ed02e3232aa Jiang Wang 2021-07-27 832 if (type == SOCK_STREAM) 607ed02e3232aa Jiang Wang 2021-07-27 833 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern); 607ed02e3232aa Jiang Wang 2021-07-27 834 else /*for seqpacket */ 607ed02e3232aa Jiang Wang 2021-07-27 835 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern); 607ed02e3232aa Jiang Wang 2021-07-27 836 } else { 607ed02e3232aa Jiang Wang 2021-07-27 @837 if (sock->type == SOCK_STREAM) 607ed02e3232aa Jiang Wang 2021-07-27 838 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_stream_proto, kern); 607ed02e3232aa Jiang Wang 2021-07-27 839 else 607ed02e3232aa Jiang Wang 2021-07-27 840 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_dgram_proto, kern); 607ed02e3232aa Jiang Wang 2021-07-27 841 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 842 if (!sk) ^1da177e4c3f41 Linus Torvalds 2005-04-16 843 goto out; ^1da177e4c3f41 Linus Torvalds 2005-04-16 844 ^1da177e4c3f41 Linus Torvalds 2005-04-16 845 sock_init_data(sock, sk); ^1da177e4c3f41 Linus Torvalds 2005-04-16 846 3aa9799e13645f Vladimir Davydov 2016-07-26 847 sk->sk_allocation = GFP_KERNEL_ACCOUNT; ^1da177e4c3f41 Linus Torvalds 2005-04-16 848 sk->sk_write_space = unix_write_space; a0a53c8ba95451 Denis V. Lunev 2007-12-11 849 sk->sk_max_ack_backlog = net->unx.sysctl_max_dgram_qlen; ^1da177e4c3f41 Linus Torvalds 2005-04-16 850 sk->sk_destruct = unix_sock_destructor; ^1da177e4c3f41 Linus Torvalds 2005-04-16 851 u = unix_sk(sk); 40ffe67d2e89c7 Al Viro 2012-03-14 852 u->path.dentry = NULL; 40ffe67d2e89c7 Al Viro 2012-03-14 853 u->path.mnt = NULL; fd19f329a32bdc Benjamin LaHaise 2006-01-03 854 spin_lock_init(&u->lock); 516e0cc5646f37 Al Viro 2008-07-26 855 atomic_long_set(&u->inflight, 0); 1fd05ba5a2f2aa Miklos Szeredi 2007-07-11 856 INIT_LIST_HEAD(&u->link); 6e1ce3c3451291 Linus Torvalds 2016-09-01 857 mutex_init(&u->iolock); /* single task reading lock */ 6e1ce3c3451291 Linus Torvalds 2016-09-01 858 mutex_init(&u->bindlock); /* single task binding lock */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 859 init_waitqueue_head(&u->peer_wait); 7d267278a9ece9 Rainer Weikusat 2015-11-20 860 init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); 3c32da19a858fb Kirill Tkhai 2019-12-09 861 memset(&u->scm_stat, 0, sizeof(struct scm_stat)); 7123aaa3a14165 Eric Dumazet 2012-06-08 862 unix_insert_socket(unix_sockets_unbound(sk), sk); ^1da177e4c3f41 Linus Torvalds 2005-04-16 863 out: 284b327be2f86c Pavel Emelyanov 2007-11-10 864 if (sk == NULL) 518de9b39e8545 Eric Dumazet 2010-10-26 865 atomic_long_dec(&unix_nr_socks); 920de804bca61f Eric Dumazet 2008-11-24 866 else { 920de804bca61f Eric Dumazet 2008-11-24 867 local_bh_disable(); a8076d8db98de6 Eric Dumazet 2008-11-17 868 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 920de804bca61f Eric Dumazet 2008-11-24 869 local_bh_enable(); 920de804bca61f Eric Dumazet 2008-11-24 870 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 871 return sk; ^1da177e4c3f41 Linus Torvalds 2005-04-16 872 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 873 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org