From: Colin Ian King <colin.king@canonical.com>
To: Yuval Mintz <yuvalm@mellanox.com>,
Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: ipmr, ip6mr: Unite dumproute flows
Date: Wed, 17 Oct 2018 19:22:16 +0100 [thread overview]
Message-ID: <c3d958d0-9916-48d9-ad8d-076cda75c93f@canonical.com> (raw)
Hi,
Static analysis on linux-next has picked up a potential bug with commit:
commit 7b0db85737db3f4d76b2a412e4f19eae59b8b494
Author: Yuval Mintz <yuvalm@mellanox.com>
Date: Wed Feb 28 23:29:39 2018 +0200
ipmr, ip6mr: Unite dumproute flows
in function mr_table_dump(), s_e is and never seems to change, so the
check if (e < s_e) is never true: See code below, as annotated by
CoverityScan:
317 }
assignment: Assigning: e = 0U.
318 e = 0;
assignment: Assigning: s_e = 0U.
319 s_e = 0;
320
321 spin_lock_bh(lock);
322 list_for_each_entry(mfc, &mrt->mfc_unres_queue, list) {
at_least: At condition e < s_e, the value of e must be at least 0.
const: At condition e < s_e, the value of s_e must be equal to 0.
dead_error_condition: The condition e < s_e cannot be true.
323 if (e < s_e)
CID 1474511 (#1 of 1): Logically dead code (DEADCODE)
dead_error_line: Execution cannot reach this statement: goto next_entry2;.
324 goto next_entry2;
325 if (filter->dev &&
326 !mr_mfc_uses_dev(mrt, mfc, filter->dev))
327 goto next_entry2;
328
329 err = fill(mrt, skb, NETLINK_CB(cb->skb).portid,
330 cb->nlh->nlmsg_seq, mfc, RTM_NEWROUTE, flags);
331 if (err < 0) {
332 spin_unlock_bh(lock);
333 goto out;
334 }
335next_entry2:
incr: Incrementing e. The value of e is now 1.
incr: Incrementing e. The value of e is now 2.
336 e++;
Note that the zero'ing of e and s_e for ipmr and ip6mr was added in by
earlier commits:
commit 8fb472c09b9df478a062eacc7841448e40fc3c17
Author: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Date: Thu Jan 12 15:53:33 2017 +0100
ipmr: improve hash scalability
commit 87c418bf1323d57140f4b448715f64de3fbb7e91
Author: Yuval Mintz <yuvalm@mellanox.com>
Date: Wed Feb 28 23:29:31 2018 +0200
ip6mr: Align hash implementation to ipmr
Anyhow, this looks incorrect, but I'm not familiar with this code to
suggest the correct fix.
Colin
next reply other threads:[~2018-10-18 2:19 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 18:22 Colin Ian King [this message]
2018-10-17 18:49 ` ipmr, ip6mr: Unite dumproute flows Nikolay Aleksandrov
2018-10-17 19:34 ` [PATCH net] net: ipmr: fix unresolved entry dumps Nikolay Aleksandrov
2018-10-17 19:35 ` Nikolay Aleksandrov
2018-10-18 5:36 ` David Miller
2018-10-18 15:16 ` David Ahern
2018-10-18 23:46 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c3d958d0-9916-48d9-ad8d-076cda75c93f@canonical.com \
--to=colin.king@canonical.com \
--cc=davem@davemloft.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=yoshfuji@linux-ipv6.org \
--cc=yuvalm@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.