Re: [cel:topic-the-not-so-distant-future 55/82] net/sunrpc/svc.c:1466 svc_process() error: we previously assumed 'p' could be null (see line 1454)

From: Chuck Lever III <chuck.lever@oracle.com>
To: Dan Carpenter <error27@gmail.com>
Cc: "oe-kbuild@lists.linux.dev" <oe-kbuild@lists.linux.dev>,
	"lkp@intel.com" <lkp@intel.com>,
	"oe-kbuild-all@lists.linux.dev" <oe-kbuild-all@lists.linux.dev>
Subject: Re: [cel:topic-the-not-so-distant-future 55/82] net/sunrpc/svc.c:1466 svc_process() error: we previously assumed 'p' could be null (see line 1454)
Date: Tue, 6 Dec 2022 15:07:10 +0000	[thread overview]
Message-ID: <F6956FA9-4F2F-4716-8C2D-EBD81136443A@oracle.com> (raw)
In-Reply-To: <202212060740.k4dCGCg8-lkp@intel.com>

> On Dec 6, 2022, at 1:37 AM, Dan Carpenter <error27@gmail.com> wrote:
> 
> tree:   git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux topic-the-not-so-distant-future
> head:   f8e9d79160e851ed451ae369605a41aa7e8eb41d
> commit: 3dde04ad0247bb28b707b6f2cfeec67ed229da03 [55/82] SUNRPC: Hoist svcxdr_init_decode() into svc_process()
> config: i386-randconfig-m021-20221205
> compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
> 
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@intel.com>
> | Reported-by: Dan Carpenter <error27@gmail.com>
> 
> smatch warnings:
> net/sunrpc/svc.c:1466 svc_process() error: we previously assumed 'p' could be null (see line 1454)

Agreed, that's a bug. Fix squashed into this commit.

> vim +/p +1466 net/sunrpc/svc.c
> 
> 1cad7ea6fe98dc Ricardo Labiaga 2009-04-01  1448  	rqstp->rq_res.buflen = PAGE_SIZE;
> 1cad7ea6fe98dc Ricardo Labiaga 2009-04-01  1449  	rqstp->rq_res.tail[0].iov_base = NULL;
> 1cad7ea6fe98dc Ricardo Labiaga 2009-04-01  1450  	rqstp->rq_res.tail[0].iov_len = 0;
> 1cad7ea6fe98dc Ricardo Labiaga 2009-04-01  1451  
> 3dde04ad0247bb Chuck Lever     2022-11-06  1452  	svcxdr_init_decode(rqstp);
> 3dde04ad0247bb Chuck Lever     2022-11-06  1453  	p = xdr_inline_decode(&rqstp->rq_arg_stream, XDR_UNIT * 2);
> 3dde04ad0247bb Chuck Lever     2022-11-06 @1454  	if (unlikely(!p))
> 81593c4dff3226 Chuck Lever     2022-09-12  1455  		goto out_baddir;
>                                                                ^^^^^^^^^^^^^^^^
> p is NULL
> 
> 
> 3dde04ad0247bb Chuck Lever     2022-11-06  1456  	rqstp->rq_xid = *p++;
> 3dde04ad0247bb Chuck Lever     2022-11-06  1457  	if (unlikely(*p != rpc_call))
> 3dde04ad0247bb Chuck Lever     2022-11-06  1458  		goto out_baddir;
> 3dde04ad0247bb Chuck Lever     2022-11-06  1459  
> d9ca78fb91eb62 Chuck Lever     2022-11-06  1460  	if (!svc_process_common(rqstp, resv))
> 860a0d9e511f27 Jeff Layton     2014-10-28  1461  		goto out_drop;
> 0b9547bf6b9431 Chuck Lever     2018-03-27  1462  	return svc_send(rqstp);
> 860a0d9e511f27 Jeff Layton     2014-10-28  1463  
> 81593c4dff3226 Chuck Lever     2022-09-12  1464  out_baddir:
> 81593c4dff3226 Chuck Lever     2022-09-12  1465  	svc_printk(rqstp, "bad direction 0x%08x, dropping request\n",
> 3dde04ad0247bb Chuck Lever     2022-11-06 @1466  		   be32_to_cpu(*p));
>                                                                               ^^
> Dereferenced
> 
> 81593c4dff3226 Chuck Lever     2022-09-12  1467  	rqstp->rq_server->sv_stats->rpcbadfmt++;
> 860a0d9e511f27 Jeff Layton     2014-10-28  1468  out_drop:
> 4b5b3ba16be1b1 Andy Adamson    2011-01-06  1469  	svc_drop(rqstp);
> 4b5b3ba16be1b1 Andy Adamson    2011-01-06  1470  	return 0;
> 4b5b3ba16be1b1 Andy Adamson    2011-01-06  1471  }
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://01.org/lkp
> 

--
Chuck Lever