[PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[Dan Carpenter]

The "pkt" was supposed to have been deleted in a previous patch.  It
leads to an uninitialized variable bug.

Fixes: 72f0c6fb0579 ("rxrpc: Allocate ACK records at proposal and queue for transmission")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Applies to net-next.

 net/rxrpc/output.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index 46432e70a16b..04f945e042ab 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -202,7 +202,6 @@ static void rxrpc_cancel_rtt_probe(struct rxrpc_call *call,
 static int rxrpc_send_ack_packet(struct rxrpc_local *local, struct rxrpc_txbuf *txb)
 {
 	struct rxrpc_connection *conn;
-	struct rxrpc_ack_buffer *pkt;
 	struct rxrpc_call *call = txb->call;
 	struct msghdr msg;
 	struct kvec iov[1];
@@ -270,7 +269,6 @@ static int rxrpc_send_ack_packet(struct rxrpc_local *local, struct rxrpc_txbuf *
 		rxrpc_set_keepalive(call);
 	}
 
-	kfree(pkt);
 	return ret;
 }
 
-- 
2.35.1

Re: [PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[David Howells]

Dan Carpenter <error27@gmail.com> wrote:

> The "pkt" was supposed to have been deleted in a previous patch.  It
> leads to an uninitialized variable bug.

Weird.  I don't get a compiler warning and the kernel doesn't crash, despite
transmitting millions of acks.

If I disassemble the built code, I see:

   0xffffffff81b09e89 <+723>:   xor    %edi,%edi
   0xffffffff81b09e8b <+725>:   call   0xffffffff811c0bc1 <kfree>

I'm not sure why it's sticking 0 in EDI, though.

David

Re: [PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[Dan Carpenter]

On Thu, Nov 17, 2022 at 09:44:24AM +0000, David Howells wrote:
> Dan Carpenter <error27@gmail.com> wrote:
> 
> > The "pkt" was supposed to have been deleted in a previous patch.  It
> > leads to an uninitialized variable bug.
> 
> Weird.  I don't get a compiler warning and the kernel doesn't crash, despite
> transmitting millions of acks.
> 
> If I disassemble the built code, I see:
> 
>    0xffffffff81b09e89 <+723>:   xor    %edi,%edi
>    0xffffffff81b09e8b <+725>:   call   0xffffffff811c0bc1 <kfree>
> 
> I'm not sure why it's sticking 0 in EDI, though.

We disabled GCC's check for uninitialized variables.  It could be that
you have the .config to automatically zero out stack variables.

CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y

regards,
dan carpenter

Re: [PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[David Howells]

Dan Carpenter <error27@gmail.com> wrote:

> We disabled GCC's check for uninitialized variables.  It could be that
> you have the .config to automatically zero out stack variables.
> 
> CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
> CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
> CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y

Ah.  Is there a way to reenable that?

David

Re: [PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[David Howells]

Dan Carpenter <error27@gmail.com> wrote:

> The "pkt" was supposed to have been deleted in a previous patch.  It
> leads to an uninitialized variable bug.
> 
> Fixes: 72f0c6fb0579 ("rxrpc: Allocate ACK records at proposal and queue for transmission")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Acked-by: David Howells <dhowells@redhat.com>

Re: [PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[Dan Carpenter]

On Thu, Nov 17, 2022 at 11:59:32AM +0000, David Howells wrote:
> Dan Carpenter <error27@gmail.com> wrote:
> 
> > We disabled GCC's check for uninitialized variables.  It could be that
> > you have the .config to automatically zero out stack variables.
> > 
> > CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y
> > CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_BARE=y
> > CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y
> 
> Ah.  Is there a way to reenable that?

make W=2 will do it, but W=2 sucks...

regards,
dan carpenter

Re: [PATCH net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net-next.git (master)
by David S. Miller <davem@davemloft.net>:

On Thu, 17 Nov 2022 10:44:02 +0300 you wrote:
> The "pkt" was supposed to have been deleted in a previous patch.  It
> leads to an uninitialized variable bug.
> 
> Fixes: 72f0c6fb0579 ("rxrpc: Allocate ACK records at proposal and queue for transmission")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> Applies to net-next.
> 
> [...]

Here is the summary with links:
  - [net-next] rxrpc: uninitialized variable in rxrpc_send_ack_packet()
    https://git.kernel.org/netdev/net-next/c/38461894838b

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html