netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] netfilter: nf_flow_table_offload: Don't use offset uninitialized in flow_offload_port_{d,s}nat
@ 2019-11-26 20:12 Nathan Chancellor
  2019-11-26 21:22 ` Nick Desaulniers
  2019-11-29  8:04 ` Pablo Neira Ayuso
  0 siblings, 2 replies; 3+ messages in thread
From: Nathan Chancellor @ 2019-11-26 20:12 UTC (permalink / raw)
  To: Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal
  Cc: netfilter-devel, coreteam, netdev, linux-kernel,
	clang-built-linux, Nathan Chancellor

Clang warns (trimmed the second warning for brevity):

../net/netfilter/nf_flow_table_offload.c:342:2: warning: variable
'offset' is used uninitialized whenever switch default is taken
[-Wsometimes-uninitialized]
        default:
        ^~~~~~~
../net/netfilter/nf_flow_table_offload.c:346:57: note: uninitialized use
occurs here
        flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
                                                               ^~~~~~
../net/netfilter/nf_flow_table_offload.c:331:12: note: initialize the
variable 'offset' to silence this warning
        u32 offset;
                  ^
                   = 0

Match what was done in the flow_offload_ipv{4,6}_{d,s}nat functions and
just return in the default case, since port would also be uninitialized.

Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Link: https://github.com/ClangBuiltLinux/linux/issues/780
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
---
 net/netfilter/nf_flow_table_offload.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index c54c9a6cc981..a77a6e1cfd64 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -340,7 +340,7 @@ static void flow_offload_port_snat(struct net *net,
 		offset = 0; /* offsetof(struct tcphdr, dest); */
 		break;
 	default:
-		break;
+		return;
 	}
 
 	flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
@@ -367,7 +367,7 @@ static void flow_offload_port_dnat(struct net *net,
 		offset = 0; /* offsetof(struct tcphdr, dest); */
 		break;
 	default:
-		break;
+		return;
 	}
 
 	flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
-- 
2.24.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table_offload: Don't use offset uninitialized in flow_offload_port_{d,s}nat
  2019-11-26 20:12 [PATCH] netfilter: nf_flow_table_offload: Don't use offset uninitialized in flow_offload_port_{d,s}nat Nathan Chancellor
@ 2019-11-26 21:22 ` Nick Desaulniers
  2019-11-29  8:04 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Nick Desaulniers @ 2019-11-26 21:22 UTC (permalink / raw)
  To: Nathan Chancellor
  Cc: Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal,
	netfilter-devel, coreteam, Network Development, LKML,
	clang-built-linux

On Tue, Nov 26, 2019 at 12:13 PM Nathan Chancellor
<natechancellor@gmail.com> wrote:
>
> Clang warns (trimmed the second warning for brevity):
>
> ../net/netfilter/nf_flow_table_offload.c:342:2: warning: variable
> 'offset' is used uninitialized whenever switch default is taken
> [-Wsometimes-uninitialized]
>         default:
>         ^~~~~~~
> ../net/netfilter/nf_flow_table_offload.c:346:57: note: uninitialized use
> occurs here
>         flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
>                                                                ^~~~~~
> ../net/netfilter/nf_flow_table_offload.c:331:12: note: initialize the
> variable 'offset' to silence this warning
>         u32 offset;
>                   ^
>                    = 0
>
> Match what was done in the flow_offload_ipv{4,6}_{d,s}nat functions and
> just return in the default case, since port would also be uninitialized.

Thanks for the patch. I have a report of this from kernelci bot, would
you mind crediting it:
Reported-by: kernelci.org bot <bot@kernelci.org>
Looks like `port` is uninitialized (prior to your patch), too.
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
These two functions look identical except for the mask. The
maintainers should consider reusing more code between them and passing
in the mask.

>
> Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
> Link: https://github.com/ClangBuiltLinux/linux/issues/780
> Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
> ---
>  net/netfilter/nf_flow_table_offload.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
> index c54c9a6cc981..a77a6e1cfd64 100644
> --- a/net/netfilter/nf_flow_table_offload.c
> +++ b/net/netfilter/nf_flow_table_offload.c
> @@ -340,7 +340,7 @@ static void flow_offload_port_snat(struct net *net,
>                 offset = 0; /* offsetof(struct tcphdr, dest); */
>                 break;
>         default:
> -               break;
> +               return;
>         }
>
>         flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
> @@ -367,7 +367,7 @@ static void flow_offload_port_dnat(struct net *net,
>                 offset = 0; /* offsetof(struct tcphdr, dest); */
>                 break;
>         default:
> -               break;
> +               return;
>         }
>
>         flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
> --
> 2.24.0
>
> --
> You received this message because you are subscribed to the Google Groups "Clang Built Linux" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20191126201226.51857-1-natechancellor%40gmail.com.



-- 
Thanks,
~Nick Desaulniers

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table_offload: Don't use offset uninitialized in flow_offload_port_{d,s}nat
  2019-11-26 20:12 [PATCH] netfilter: nf_flow_table_offload: Don't use offset uninitialized in flow_offload_port_{d,s}nat Nathan Chancellor
  2019-11-26 21:22 ` Nick Desaulniers
@ 2019-11-29  8:04 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-11-29  8:04 UTC (permalink / raw)
  To: Nathan Chancellor
  Cc: Jozsef Kadlecsik, Florian Westphal, netfilter-devel, coreteam,
	netdev, linux-kernel, clang-built-linux

On Tue, Nov 26, 2019 at 01:12:26PM -0700, Nathan Chancellor wrote:
> Clang warns (trimmed the second warning for brevity):
> 
> ../net/netfilter/nf_flow_table_offload.c:342:2: warning: variable
> 'offset' is used uninitialized whenever switch default is taken
> [-Wsometimes-uninitialized]
>         default:
>         ^~~~~~~
> ../net/netfilter/nf_flow_table_offload.c:346:57: note: uninitialized use
> occurs here
>         flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
>                                                                ^~~~~~
> ../net/netfilter/nf_flow_table_offload.c:331:12: note: initialize the
> variable 'offset' to silence this warning
>         u32 offset;
>                   ^
>                    = 0
> 
> Match what was done in the flow_offload_ipv{4,6}_{d,s}nat functions and
> just return in the default case, since port would also be uninitialized.

Applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-29  8:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-26 20:12 [PATCH] netfilter: nf_flow_table_offload: Don't use offset uninitialized in flow_offload_port_{d,s}nat Nathan Chancellor
2019-11-26 21:22 ` Nick Desaulniers
2019-11-29  8:04 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).