* net/mctp/route.c:371:4: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
@ 2021-11-08 1:18 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-11-08 1:18 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 23255 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Jeremy Kerr <jk@codeconstruct.com.au>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 6b75d88fa81b122cce37ebf17428a849ccd3d0f1
commit: 4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899 mctp: Add tracepoints for tag/key handling
date: 6 weeks ago
:::::: branch date: 6 hours ago
:::::: commit date: 6 weeks ago
config: arm-randconfig-c002-20210930 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 28981015526f2192440c18f18e8a20cd11b0779c)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 4f9e1ba6de45aa8797a83f1fe5b82ec4bac16899
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
include/linux/spinlock_api_up.h:40:31: note: expanded from macro '__LOCK_IRQSAVE'
do { local_irq_save(flags); __LOCK(lock); } while (0)
^
include/linux/spinlock_api_up.h:31:8: note: expanded from macro '__LOCK'
do { preempt_disable(); ___LOCK(lock); } while (0)
^
include/linux/preempt.h:179:27: note: expanded from macro 'preempt_disable'
#define preempt_disable() \
^
net/mctp/route.c:208:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&net->mctp.keys_lock, flags);
^
include/linux/spinlock.h:393:2: note: expanded from macro 'spin_lock_irqsave'
raw_spin_lock_irqsave(spinlock_check(lock), flags); \
^
include/linux/spinlock.h:278:3: note: expanded from macro 'raw_spin_lock_irqsave'
_raw_spin_lock_irqsave(lock, flags); \
^
include/linux/spinlock_api_up.h:68:45: note: expanded from macro '_raw_spin_lock_irqsave'
#define _raw_spin_lock_irqsave(lock, flags) __LOCK_IRQSAVE(lock, flags)
^
include/linux/spinlock_api_up.h:40:31: note: expanded from macro '__LOCK_IRQSAVE'
do { local_irq_save(flags); __LOCK(lock); } while (0)
^
include/linux/spinlock_api_up.h:31:27: note: expanded from macro '__LOCK'
do { preempt_disable(); ___LOCK(lock); } while (0)
^
include/linux/spinlock_api_up.h:28:3: note: expanded from macro '___LOCK'
do { __acquire(lock); (void)(lock); } while (0)
^
net/mctp/route.c:208:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&net->mctp.keys_lock, flags);
^
include/linux/spinlock.h:393:2: note: expanded from macro 'spin_lock_irqsave'
raw_spin_lock_irqsave(spinlock_check(lock), flags); \
^
include/linux/spinlock.h:278:3: note: expanded from macro 'raw_spin_lock_irqsave'
_raw_spin_lock_irqsave(lock, flags); \
^
include/linux/spinlock_api_up.h:68:45: note: expanded from macro '_raw_spin_lock_irqsave'
#define _raw_spin_lock_irqsave(lock, flags) __LOCK_IRQSAVE(lock, flags)
^
include/linux/spinlock_api_up.h:40:31: note: expanded from macro '__LOCK_IRQSAVE'
do { local_irq_save(flags); __LOCK(lock); } while (0)
^
include/linux/spinlock_api_up.h:31:3: note: expanded from macro '__LOCK'
do { preempt_disable(); ___LOCK(lock); } while (0)
^
net/mctp/route.c:208:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&net->mctp.keys_lock, flags);
^
include/linux/spinlock.h:393:2: note: expanded from macro 'spin_lock_irqsave'
raw_spin_lock_irqsave(spinlock_check(lock), flags); \
^
include/linux/spinlock.h:278:3: note: expanded from macro 'raw_spin_lock_irqsave'
_raw_spin_lock_irqsave(lock, flags); \
^
include/linux/spinlock_api_up.h:68:45: note: expanded from macro '_raw_spin_lock_irqsave'
#define _raw_spin_lock_irqsave(lock, flags) __LOCK_IRQSAVE(lock, flags)
^
include/linux/spinlock_api_up.h:40:3: note: expanded from macro '__LOCK_IRQSAVE'
do { local_irq_save(flags); __LOCK(lock); } while (0)
^
net/mctp/route.c:208:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&net->mctp.keys_lock, flags);
^
include/linux/spinlock.h:393:2: note: expanded from macro 'spin_lock_irqsave'
raw_spin_lock_irqsave(spinlock_check(lock), flags); \
^
include/linux/spinlock.h:276:2: note: expanded from macro 'raw_spin_lock_irqsave'
do { \
^
net/mctp/route.c:208:2: note: Loop condition is false. Exiting loop
spin_lock_irqsave(&net->mctp.keys_lock, flags);
^
include/linux/spinlock.h:391:43: note: expanded from macro 'spin_lock_irqsave'
#define spin_lock_irqsave(lock, flags) \
^
net/mctp/route.c:214:2: note: Calling 'mctp_key_unref'
mctp_key_unref(key);
^~~~~~~~~~~~~~~~~~~
net/mctp/route.c:154:2: note: Taking true branch
if (refcount_dec_and_test(&key->refs))
^
net/mctp/route.c:155:3: note: Memory is released
kfree(key);
^~~~~~~~~~
net/mctp/route.c:214:2: note: Returning; memory was released
mctp_key_unref(key);
^~~~~~~~~~~~~~~~~~~
net/mctp/route.c:217:2: note: Calling 'mctp_key_unref'
mctp_key_unref(key);
^~~~~~~~~~~~~~~~~~~
net/mctp/route.c:154:2: note: Taking true branch
if (refcount_dec_and_test(&key->refs))
^
net/mctp/route.c:155:3: note: Attempt to free released memory
kfree(key);
^~~~~~~~~~
>> net/mctp/route.c:371:4: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
trace_mctp_key_acquire(key);
^ ~~~
net/mctp/route.c:280:6: note: Assuming the condition is false
if (skb->len < sizeof(struct mctp_hdr) + 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/mctp/route.c:280:2: note: Taking false branch
if (skb->len < sizeof(struct mctp_hdr) + 1)
^
net/mctp/route.c:287:6: note: Assuming field 'ver' is equal to 1
if (mh->ver != 1)
^~~~~~~~~~~~
net/mctp/route.c:287:2: note: Taking false branch
if (mh->ver != 1)
^
net/mctp/route.c:300:6: note: Assuming the condition is true
if (flags & MCTP_HDR_FLAG_SOM) {
^~~~~~~~~~~~~~~~~~~~~~~~~
net/mctp/route.c:300:2: note: Taking true branch
if (flags & MCTP_HDR_FLAG_SOM) {
^
net/mctp/route.c:301:7: note: 'key' is null
if (key) {
^~~
net/mctp/route.c:301:3: note: Taking false branch
if (key) {
^
net/mctp/route.c:310:8: note: 'key' is null
if (key) {
^~~
net/mctp/route.c:310:4: note: Taking false branch
if (key) {
^
net/mctp/route.c:319:8: note: 'key' is null
if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
^~~
net/mctp/route.c:319:7: note: Left side of '&&' is true
if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
^
net/mctp/route.c:319:16: note: 'msk' is null
if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
^~~
net/mctp/route.c:319:7: note: Left side of '&&' is true
if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
^
net/mctp/route.c:319:24: note: Assuming the condition is true
if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
^~~~~~~~~~~~~~~~~~~~~~
net/mctp/route.c:319:3: note: Taking true branch
if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
^
net/mctp/route.c:322:8: note: 'msk' is non-null
if (!msk) {
^~~
net/mctp/route.c:322:3: note: Taking false branch
if (!msk) {
^
net/mctp/route.c:330:7: note: Assuming the condition is false
if (flags & MCTP_HDR_FLAG_EOM) {
^~~~~~~~~~~~~~~~~~~~~~~~~
net/mctp/route.c:330:3: note: Taking false branch
if (flags & MCTP_HDR_FLAG_EOM) {
^
net/mctp/route.c:348:8: note: 'key' is null
if (!key) {
^~~
net/mctp/route.c:348:3: note: Taking true branch
if (!key) {
^
net/mctp/route.c:349:10: note: Calling 'mctp_key_alloc'
key = mctp_key_alloc(msk, mh->dest, mh->src,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/mctp/route.c:138:6: note: Assuming 'key' is non-null
if (!key)
^~~~
net/mctp/route.c:138:2: note: Taking false branch
if (!key)
^
net/mctp/route.c:146:2: note: Loop condition is false. Exiting loop
spin_lock_init(&key->lock);
^
include/linux/spinlock.h:353:34: note: expanded from macro 'spin_lock_init'
# define spin_lock_init(_lock) \
^
net/mctp/route.c:349:10: note: Returning from 'mctp_key_alloc'
key = mctp_key_alloc(msk, mh->dest, mh->src,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/mctp/route.c:351:9: note: 'key' is non-null
if (!key) {
^~~
net/mctp/route.c:351:4: note: Taking false branch
if (!key) {
^
net/mctp/route.c:368:8: note: Assuming 'rc' is not equal to 0
if (rc)
^~
net/mctp/route.c:368:4: note: Taking true branch
if (rc)
^
net/mctp/route.c:369:5: note: Memory is released
kfree(key);
vim +371 net/mctp/route.c
4a992bbd365094 Jeremy Kerr 2021-07-29 260
889b7da23abf92 Jeremy Kerr 2021-07-29 261 static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
889b7da23abf92 Jeremy Kerr 2021-07-29 262 {
833ef3b91de692 Jeremy Kerr 2021-07-29 263 struct net *net = dev_net(skb->dev);
833ef3b91de692 Jeremy Kerr 2021-07-29 264 struct mctp_sk_key *key;
833ef3b91de692 Jeremy Kerr 2021-07-29 265 struct mctp_sock *msk;
833ef3b91de692 Jeremy Kerr 2021-07-29 266 struct mctp_hdr *mh;
4a992bbd365094 Jeremy Kerr 2021-07-29 267 unsigned long f;
4a992bbd365094 Jeremy Kerr 2021-07-29 268 u8 tag, flags;
4a992bbd365094 Jeremy Kerr 2021-07-29 269 int rc;
833ef3b91de692 Jeremy Kerr 2021-07-29 270
833ef3b91de692 Jeremy Kerr 2021-07-29 271 msk = NULL;
4a992bbd365094 Jeremy Kerr 2021-07-29 272 rc = -EINVAL;
833ef3b91de692 Jeremy Kerr 2021-07-29 273
833ef3b91de692 Jeremy Kerr 2021-07-29 274 /* we may be receiving a locally-routed packet; drop source sk
833ef3b91de692 Jeremy Kerr 2021-07-29 275 * accounting
833ef3b91de692 Jeremy Kerr 2021-07-29 276 */
833ef3b91de692 Jeremy Kerr 2021-07-29 277 skb_orphan(skb);
833ef3b91de692 Jeremy Kerr 2021-07-29 278
833ef3b91de692 Jeremy Kerr 2021-07-29 279 /* ensure we have enough data for a header and a type */
833ef3b91de692 Jeremy Kerr 2021-07-29 280 if (skb->len < sizeof(struct mctp_hdr) + 1)
4a992bbd365094 Jeremy Kerr 2021-07-29 281 goto out;
833ef3b91de692 Jeremy Kerr 2021-07-29 282
833ef3b91de692 Jeremy Kerr 2021-07-29 283 /* grab header, advance data ptr */
833ef3b91de692 Jeremy Kerr 2021-07-29 284 mh = mctp_hdr(skb);
833ef3b91de692 Jeremy Kerr 2021-07-29 285 skb_pull(skb, sizeof(struct mctp_hdr));
833ef3b91de692 Jeremy Kerr 2021-07-29 286
833ef3b91de692 Jeremy Kerr 2021-07-29 287 if (mh->ver != 1)
4a992bbd365094 Jeremy Kerr 2021-07-29 288 goto out;
833ef3b91de692 Jeremy Kerr 2021-07-29 289
4a992bbd365094 Jeremy Kerr 2021-07-29 290 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
4a992bbd365094 Jeremy Kerr 2021-07-29 291 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
833ef3b91de692 Jeremy Kerr 2021-07-29 292
833ef3b91de692 Jeremy Kerr 2021-07-29 293 rcu_read_lock();
4a992bbd365094 Jeremy Kerr 2021-07-29 294
73c618456dc5cf Jeremy Kerr 2021-09-29 295 /* lookup socket / reasm context, exactly matching (src,dest,tag).
73c618456dc5cf Jeremy Kerr 2021-09-29 296 * we hold a ref on the key, and key->lock held.
73c618456dc5cf Jeremy Kerr 2021-09-29 297 */
73c618456dc5cf Jeremy Kerr 2021-09-29 298 key = mctp_lookup_key(net, skb, mh->src, &f);
833ef3b91de692 Jeremy Kerr 2021-07-29 299
4a992bbd365094 Jeremy Kerr 2021-07-29 300 if (flags & MCTP_HDR_FLAG_SOM) {
4a992bbd365094 Jeremy Kerr 2021-07-29 301 if (key) {
4a992bbd365094 Jeremy Kerr 2021-07-29 302 msk = container_of(key->sk, struct mctp_sock, sk);
4a992bbd365094 Jeremy Kerr 2021-07-29 303 } else {
4a992bbd365094 Jeremy Kerr 2021-07-29 304 /* first response to a broadcast? do a more general
4a992bbd365094 Jeremy Kerr 2021-07-29 305 * key lookup to find the socket, but don't use this
4a992bbd365094 Jeremy Kerr 2021-07-29 306 * key for reassembly - we'll create a more specific
4a992bbd365094 Jeremy Kerr 2021-07-29 307 * one for future packets if required (ie, !EOM).
4a992bbd365094 Jeremy Kerr 2021-07-29 308 */
73c618456dc5cf Jeremy Kerr 2021-09-29 309 key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f);
4a992bbd365094 Jeremy Kerr 2021-07-29 310 if (key) {
4a992bbd365094 Jeremy Kerr 2021-07-29 311 msk = container_of(key->sk,
4a992bbd365094 Jeremy Kerr 2021-07-29 312 struct mctp_sock, sk);
73c618456dc5cf Jeremy Kerr 2021-09-29 313 spin_unlock_irqrestore(&key->lock, f);
73c618456dc5cf Jeremy Kerr 2021-09-29 314 mctp_key_unref(key);
4a992bbd365094 Jeremy Kerr 2021-07-29 315 key = NULL;
4a992bbd365094 Jeremy Kerr 2021-07-29 316 }
4a992bbd365094 Jeremy Kerr 2021-07-29 317 }
833ef3b91de692 Jeremy Kerr 2021-07-29 318
4a992bbd365094 Jeremy Kerr 2021-07-29 319 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
833ef3b91de692 Jeremy Kerr 2021-07-29 320 msk = mctp_lookup_bind(net, skb);
833ef3b91de692 Jeremy Kerr 2021-07-29 321
4a992bbd365094 Jeremy Kerr 2021-07-29 322 if (!msk) {
4a992bbd365094 Jeremy Kerr 2021-07-29 323 rc = -ENOENT;
4a992bbd365094 Jeremy Kerr 2021-07-29 324 goto out_unlock;
4a992bbd365094 Jeremy Kerr 2021-07-29 325 }
833ef3b91de692 Jeremy Kerr 2021-07-29 326
4a992bbd365094 Jeremy Kerr 2021-07-29 327 /* single-packet message? deliver to socket, clean up any
4a992bbd365094 Jeremy Kerr 2021-07-29 328 * pending key.
4a992bbd365094 Jeremy Kerr 2021-07-29 329 */
4a992bbd365094 Jeremy Kerr 2021-07-29 330 if (flags & MCTP_HDR_FLAG_EOM) {
833ef3b91de692 Jeremy Kerr 2021-07-29 331 sock_queue_rcv_skb(&msk->sk, skb);
4a992bbd365094 Jeremy Kerr 2021-07-29 332 if (key) {
4a992bbd365094 Jeremy Kerr 2021-07-29 333 /* we've hit a pending reassembly; not much we
4a992bbd365094 Jeremy Kerr 2021-07-29 334 * can do but drop it
4a992bbd365094 Jeremy Kerr 2021-07-29 335 */
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 336 trace_mctp_key_release(key,
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 337 MCTP_TRACE_KEY_REPLIED);
4a992bbd365094 Jeremy Kerr 2021-07-29 338 __mctp_key_unlock_drop(key, net, f);
73c618456dc5cf Jeremy Kerr 2021-09-29 339 key = NULL;
4a992bbd365094 Jeremy Kerr 2021-07-29 340 }
4a992bbd365094 Jeremy Kerr 2021-07-29 341 rc = 0;
4a992bbd365094 Jeremy Kerr 2021-07-29 342 goto out_unlock;
4a992bbd365094 Jeremy Kerr 2021-07-29 343 }
833ef3b91de692 Jeremy Kerr 2021-07-29 344
4a992bbd365094 Jeremy Kerr 2021-07-29 345 /* broadcast response or a bind() - create a key for further
4a992bbd365094 Jeremy Kerr 2021-07-29 346 * packets for this message
4a992bbd365094 Jeremy Kerr 2021-07-29 347 */
4a992bbd365094 Jeremy Kerr 2021-07-29 348 if (!key) {
4a992bbd365094 Jeremy Kerr 2021-07-29 349 key = mctp_key_alloc(msk, mh->dest, mh->src,
4a992bbd365094 Jeremy Kerr 2021-07-29 350 tag, GFP_ATOMIC);
4a992bbd365094 Jeremy Kerr 2021-07-29 351 if (!key) {
4a992bbd365094 Jeremy Kerr 2021-07-29 352 rc = -ENOMEM;
4a992bbd365094 Jeremy Kerr 2021-07-29 353 goto out_unlock;
4a992bbd365094 Jeremy Kerr 2021-07-29 354 }
833ef3b91de692 Jeremy Kerr 2021-07-29 355
73c618456dc5cf Jeremy Kerr 2021-09-29 356 /* we can queue without the key lock here, as the
4a992bbd365094 Jeremy Kerr 2021-07-29 357 * key isn't observable yet
4a992bbd365094 Jeremy Kerr 2021-07-29 358 */
4a992bbd365094 Jeremy Kerr 2021-07-29 359 mctp_frag_queue(key, skb);
4a992bbd365094 Jeremy Kerr 2021-07-29 360
4a992bbd365094 Jeremy Kerr 2021-07-29 361 /* if the key_add fails, we've raced with another
4a992bbd365094 Jeremy Kerr 2021-07-29 362 * SOM packet with the same src, dest and tag. There's
4a992bbd365094 Jeremy Kerr 2021-07-29 363 * no way to distinguish future packets, so all we
4a992bbd365094 Jeremy Kerr 2021-07-29 364 * can do is drop; we'll free the skb on exit from
4a992bbd365094 Jeremy Kerr 2021-07-29 365 * this function.
4a992bbd365094 Jeremy Kerr 2021-07-29 366 */
4a992bbd365094 Jeremy Kerr 2021-07-29 367 rc = mctp_key_add(key, msk);
4a992bbd365094 Jeremy Kerr 2021-07-29 368 if (rc)
4a992bbd365094 Jeremy Kerr 2021-07-29 369 kfree(key);
4a992bbd365094 Jeremy Kerr 2021-07-29 370
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 @371 trace_mctp_key_acquire(key);
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 372
73c618456dc5cf Jeremy Kerr 2021-09-29 373 /* we don't need to release key->lock on exit */
73c618456dc5cf Jeremy Kerr 2021-09-29 374 key = NULL;
4a992bbd365094 Jeremy Kerr 2021-07-29 375
73c618456dc5cf Jeremy Kerr 2021-09-29 376 } else {
4a992bbd365094 Jeremy Kerr 2021-07-29 377 if (key->reasm_head || key->reasm_dead) {
4a992bbd365094 Jeremy Kerr 2021-07-29 378 /* duplicate start? drop everything */
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 379 trace_mctp_key_release(key,
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 380 MCTP_TRACE_KEY_INVALIDATED);
4a992bbd365094 Jeremy Kerr 2021-07-29 381 __mctp_key_unlock_drop(key, net, f);
4a992bbd365094 Jeremy Kerr 2021-07-29 382 rc = -EEXIST;
73c618456dc5cf Jeremy Kerr 2021-09-29 383 key = NULL;
4a992bbd365094 Jeremy Kerr 2021-07-29 384 } else {
4a992bbd365094 Jeremy Kerr 2021-07-29 385 rc = mctp_frag_queue(key, skb);
4a992bbd365094 Jeremy Kerr 2021-07-29 386 }
4a992bbd365094 Jeremy Kerr 2021-07-29 387 }
4a992bbd365094 Jeremy Kerr 2021-07-29 388
4a992bbd365094 Jeremy Kerr 2021-07-29 389 } else if (key) {
4a992bbd365094 Jeremy Kerr 2021-07-29 390 /* this packet continues a previous message; reassemble
4a992bbd365094 Jeremy Kerr 2021-07-29 391 * using the message-specific key
4a992bbd365094 Jeremy Kerr 2021-07-29 392 */
4a992bbd365094 Jeremy Kerr 2021-07-29 393
4a992bbd365094 Jeremy Kerr 2021-07-29 394 /* we need to be continuing an existing reassembly... */
4a992bbd365094 Jeremy Kerr 2021-07-29 395 if (!key->reasm_head)
4a992bbd365094 Jeremy Kerr 2021-07-29 396 rc = -EINVAL;
4a992bbd365094 Jeremy Kerr 2021-07-29 397 else
4a992bbd365094 Jeremy Kerr 2021-07-29 398 rc = mctp_frag_queue(key, skb);
4a992bbd365094 Jeremy Kerr 2021-07-29 399
4a992bbd365094 Jeremy Kerr 2021-07-29 400 /* end of message? deliver to socket, and we're done with
4a992bbd365094 Jeremy Kerr 2021-07-29 401 * the reassembly/response key
4a992bbd365094 Jeremy Kerr 2021-07-29 402 */
4a992bbd365094 Jeremy Kerr 2021-07-29 403 if (!rc && flags & MCTP_HDR_FLAG_EOM) {
4a992bbd365094 Jeremy Kerr 2021-07-29 404 sock_queue_rcv_skb(key->sk, key->reasm_head);
4a992bbd365094 Jeremy Kerr 2021-07-29 405 key->reasm_head = NULL;
4f9e1ba6de45aa Jeremy Kerr 2021-09-29 406 trace_mctp_key_release(key, MCTP_TRACE_KEY_REPLIED);
4a992bbd365094 Jeremy Kerr 2021-07-29 407 __mctp_key_unlock_drop(key, net, f);
73c618456dc5cf Jeremy Kerr 2021-09-29 408 key = NULL;
4a992bbd365094 Jeremy Kerr 2021-07-29 409 }
4a992bbd365094 Jeremy Kerr 2021-07-29 410
4a992bbd365094 Jeremy Kerr 2021-07-29 411 } else {
4a992bbd365094 Jeremy Kerr 2021-07-29 412 /* not a start, no matching key */
4a992bbd365094 Jeremy Kerr 2021-07-29 413 rc = -ENOENT;
4a992bbd365094 Jeremy Kerr 2021-07-29 414 }
4a992bbd365094 Jeremy Kerr 2021-07-29 415
4a992bbd365094 Jeremy Kerr 2021-07-29 416 out_unlock:
833ef3b91de692 Jeremy Kerr 2021-07-29 417 rcu_read_unlock();
73c618456dc5cf Jeremy Kerr 2021-09-29 418 if (key) {
73c618456dc5cf Jeremy Kerr 2021-09-29 419 spin_unlock_irqrestore(&key->lock, f);
73c618456dc5cf Jeremy Kerr 2021-09-29 420 mctp_key_unref(key);
73c618456dc5cf Jeremy Kerr 2021-09-29 421 }
4a992bbd365094 Jeremy Kerr 2021-07-29 422 out:
4a992bbd365094 Jeremy Kerr 2021-07-29 423 if (rc)
889b7da23abf92 Jeremy Kerr 2021-07-29 424 kfree_skb(skb);
4a992bbd365094 Jeremy Kerr 2021-07-29 425 return rc;
4a992bbd365094 Jeremy Kerr 2021-07-29 426 }
4a992bbd365094 Jeremy Kerr 2021-07-29 427
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 32950 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-11-08 1:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-08 1:18 net/mctp/route.c:371:4: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.