* net/core/skmsg.c:590:3: warning: Attempt to free released memory [clang-analyzer-unix.Malloc]
@ 2022-03-27 10:09 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-03-27 10:09 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 15775 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Wang Yufen <wangyufen@huawei.com>
CC: Daniel Borkmann <daniel@iogearbox.net>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f022814633e1c600507b3a99691b4d624c2813f0
commit: 938d3480b92fa5e454b7734294f12a7b75126f09 bpf, sockmap: Fix memleak in sk_psock_queue_msg
date: 12 days ago
:::::: branch date: 12 hours ago
:::::: commit date: 12 days ago
config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220327/202203271851.cnkzmIo7-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 902f4708fe1d03b0de7e5315ef875006a6adc319)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=938d3480b92fa5e454b7734294f12a7b75126f09
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 938d3480b92fa5e454b7734294f12a7b75126f09
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
include/linux/printk.h:446:26: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^
include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap'
__printk_index_emit(_fmt, NULL, NULL); \
^
include/linux/printk.h:370:7: note: expanded from macro '__printk_index_emit'
if (__builtin_constant_p(_fmt) && __builtin_constant_p(_level)) { \
^
include/linux/hid.h:1036:3: note: Taking true branch
pr_warn_ratelimited("%s: Invalid code %d type %d\n",
^
include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited'
printk(fmt, ##__VA_ARGS__); \
^
include/linux/printk.h:446:26: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^
include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap'
__printk_index_emit(_fmt, NULL, NULL); \
^
include/linux/printk.h:370:3: note: expanded from macro '__printk_index_emit'
if (__builtin_constant_p(_fmt) && __builtin_constant_p(_level)) { \
^
include/linux/compiler.h:56:23: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
include/linux/hid.h:1036:3: note: '?' condition is true
pr_warn_ratelimited("%s: Invalid code %d type %d\n",
^
include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited'
printk(fmt, ##__VA_ARGS__); \
^
include/linux/printk.h:446:26: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^
include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap'
__printk_index_emit(_fmt, NULL, NULL); \
^
include/linux/printk.h:379:12: note: expanded from macro '__printk_index_emit'
.fmt = __builtin_constant_p(_fmt) ? (_fmt) : NULL, \
^
include/linux/hid.h:1036:3: note: '?' condition is true
pr_warn_ratelimited("%s: Invalid code %d type %d\n",
^
include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited'
printk(fmt, ##__VA_ARGS__); \
^
include/linux/printk.h:446:26: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^
include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap'
__printk_index_emit(_fmt, NULL, NULL); \
^
include/linux/printk.h:383:14: note: expanded from macro '__printk_index_emit'
.level = __builtin_constant_p(_level) ? (_level) : NULL, \
^
include/linux/hid.h:1036:3: note: Loop condition is false. Exiting loop
pr_warn_ratelimited("%s: Invalid code %d type %d\n",
^
include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited'
printk(fmt, ##__VA_ARGS__); \
^
include/linux/printk.h:446:26: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^
include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap'
__printk_index_emit(_fmt, NULL, NULL); \
^
include/linux/printk.h:369:2: note: expanded from macro '__printk_index_emit'
do { \
^
include/linux/hid.h:1037:9: note: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input')
input->name, c, type);
^
include/linux/printk.h:656:49: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~
include/linux/printk.h:640:17: note: expanded from macro 'printk_ratelimited'
printk(fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
include/linux/printk.h:446:60: note: expanded from macro 'printk'
#define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
^~~~~~~~~~~
include/linux/printk.h:418:19: note: expanded from macro 'printk_index_wrap'
_p_func(_fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
1 warning generated.
>> net/core/skmsg.c:590:3: warning: Attempt to free released memory [clang-analyzer-unix.Malloc]
kfree(msg);
^
net/core/skmsg.c:1160:6: note: Assuming 'skb' is non-null
if (!skb) {
^
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
net/core/skmsg.c:1160:2: note: '?' condition is false
if (!skb) {
^
include/linux/compiler.h:56:28: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^
net/core/skmsg.c:1160:7: note: 'skb' is non-null
if (!skb) {
^
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value'
(cond) ? \
^~~~
net/core/skmsg.c:1160:2: note: '?' condition is false
if (!skb) {
^
include/linux/compiler.h:56:28: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
include/linux/compiler.h:58:69: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^
include/linux/compiler.h:69:2: note: expanded from macro '__trace_if_value'
(cond) ? \
^
net/core/skmsg.c:1160:2: note: Taking false branch
if (!skb) {
^
include/linux/compiler.h:56:23: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
net/core/skmsg.c:1167:15: note: Assuming 'psock' is non-null
if (unlikely(!psock)) {
^
include/linux/compiler.h:48:41: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
net/core/skmsg.c:1167:16: note: 'psock' is non-null
if (unlikely(!psock)) {
^
include/linux/compiler.h:48:68: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:35:19: note: expanded from macro '__branch_check__'
expect, is_constant); \
^~~~~~~~~~~
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
net/core/skmsg.c:1167:2: note: '?' condition is false
if (unlikely(!psock)) {
^
include/linux/compiler.h:56:28: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^
net/core/skmsg.c:1167:16: note: 'psock' is non-null
if (unlikely(!psock)) {
^
include/linux/compiler.h:48:41: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
vim +590 net/core/skmsg.c
6fa9201a898983d John Fastabend 2020-11-16 572
6fa9201a898983d John Fastabend 2020-11-16 573 /* Puts an skb on the ingress queue of the socket already assigned to the
6fa9201a898983d John Fastabend 2020-11-16 574 * skb. In this case we do not need to check memory limits or skb_set_owner_r
6fa9201a898983d John Fastabend 2020-11-16 575 * because the skb is already accounted for here.
6fa9201a898983d John Fastabend 2020-11-16 576 */
7303524e04af49a Liu Jian 2021-10-29 577 static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb,
7303524e04af49a Liu Jian 2021-10-29 578 u32 off, u32 len)
6fa9201a898983d John Fastabend 2020-11-16 579 {
6fa9201a898983d John Fastabend 2020-11-16 580 struct sk_msg *msg = kzalloc(sizeof(*msg), __GFP_NOWARN | GFP_ATOMIC);
6fa9201a898983d John Fastabend 2020-11-16 581 struct sock *sk = psock->sk;
7e6b27a69167f97 John Fastabend 2021-07-12 582 int err;
6fa9201a898983d John Fastabend 2020-11-16 583
6fa9201a898983d John Fastabend 2020-11-16 584 if (unlikely(!msg))
6fa9201a898983d John Fastabend 2020-11-16 585 return -EAGAIN;
6fa9201a898983d John Fastabend 2020-11-16 586 sk_msg_init(msg);
144748eb0c44509 John Fastabend 2021-04-01 587 skb_set_owner_r(skb, sk);
7303524e04af49a Liu Jian 2021-10-29 588 err = sk_psock_skb_ingress_enqueue(skb, off, len, psock, sk, msg);
7e6b27a69167f97 John Fastabend 2021-07-12 589 if (err < 0)
7e6b27a69167f97 John Fastabend 2021-07-12 @590 kfree(msg);
7e6b27a69167f97 John Fastabend 2021-07-12 591 return err;
6fa9201a898983d John Fastabend 2020-11-16 592 }
6fa9201a898983d John Fastabend 2020-11-16 593
:::::: The code@line 590 was first introduced by commit
:::::: 7e6b27a69167f97c56b5437871d29e9722c3e470 bpf, sockmap: Fix potential memory leak on unlikely error case
:::::: TO: John Fastabend <john.fastabend@gmail.com>
:::::: CC: Daniel Borkmann <daniel@iogearbox.net>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-03-27 10:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-27 10:09 net/core/skmsg.c:590:3: warning: Attempt to free released memory [clang-analyzer-unix.Malloc] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.