CC: [email protected] BCC: [email protected] CC: [email protected] TO: Cong Wang <[email protected]>
tree: https://github.com/congwang/linux.git net-next head: 0700b0bb26ca936a676359afeefae4e67baee300 commit: 2c8c2dd9e27f1bfab8c5a98a6b93e90d13f85f90 [1/2] tcp: clean up tcp_read_sock() code :::::: branch date: 6 hours ago :::::: commit date: 6 hours ago config: i386-randconfig-m021 (https://download.01.org/0day-ci/archive/20220228/[email protected]/config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> New smatch warnings: net/ipv4/tcp.c:2140 tcp_zerocopy_receive() error: uninitialized symbol 'offset'. Old smatch warnings: net/ipv4/tcp.c:4193 do_tcp_getsockopt() warn: check for integer overflow 'len' vim +/offset +2140 net/ipv4/tcp.c 7eeba1706eba6d Arjun Roy 2021-01-20 2058 94ab9eb9b234dd Arjun Roy 2020-12-02 2059 #define TCP_ZEROCOPY_PAGE_BATCH_SIZE 32 05255b823a6173 Eric Dumazet 2018-04-27 2060 static int tcp_zerocopy_receive(struct sock *sk, 7eeba1706eba6d Arjun Roy 2021-01-20 2061 struct tcp_zerocopy_receive *zc, 7eeba1706eba6d Arjun Roy 2021-01-20 2062 struct scm_timestamping_internal *tss) 05255b823a6173 Eric Dumazet 2018-04-27 2063 { 94ab9eb9b234dd Arjun Roy 2020-12-02 2064 u32 length = 0, offset, vma_len, avail_len, copylen = 0; 05255b823a6173 Eric Dumazet 2018-04-27 2065 unsigned long address = (unsigned long)zc->address; 94ab9eb9b234dd Arjun Roy 2020-12-02 2066 struct page *pages[TCP_ZEROCOPY_PAGE_BATCH_SIZE]; 18fb76ed53865c Arjun Roy 2020-12-02 2067 s32 copybuf_len = zc->copybuf_len; 18fb76ed53865c Arjun Roy 2020-12-02 2068 struct tcp_sock *tp = tcp_sk(sk); 05255b823a6173 Eric Dumazet 2018-04-27 2069 const skb_frag_t *frags = NULL; 94ab9eb9b234dd Arjun Roy 2020-12-02 2070 unsigned int pages_to_map = 0; 05255b823a6173 Eric Dumazet 2018-04-27 2071 struct vm_area_struct *vma; 05255b823a6173 Eric Dumazet 2018-04-27 2072 struct sk_buff *skb = NULL; 18fb76ed53865c Arjun Roy 2020-12-02 2073 u32 seq = tp->copied_seq; 94ab9eb9b234dd Arjun Roy 2020-12-02 2074 u32 total_bytes_to_map; 18fb76ed53865c Arjun Roy 2020-12-02 2075 int inq = tcp_inq(sk); 93ab6cc6916277 Eric Dumazet 2018-04-16 2076 int ret; 93ab6cc6916277 Eric Dumazet 2018-04-16 2077 18fb76ed53865c Arjun Roy 2020-12-02 2078 zc->copybuf_len = 0; 7eeba1706eba6d Arjun Roy 2021-01-20 2079 zc->msg_flags = 0; 18fb76ed53865c Arjun Roy 2020-12-02 2080 05255b823a6173 Eric Dumazet 2018-04-27 2081 if (address & (PAGE_SIZE - 1) || address != zc->address) 93ab6cc6916277 Eric Dumazet 2018-04-16 2082 return -EINVAL; 93ab6cc6916277 Eric Dumazet 2018-04-16 2083 93ab6cc6916277 Eric Dumazet 2018-04-16 2084 if (sk->sk_state == TCP_LISTEN) 05255b823a6173 Eric Dumazet 2018-04-27 2085 return -ENOTCONN; 93ab6cc6916277 Eric Dumazet 2018-04-16 2086 93ab6cc6916277 Eric Dumazet 2018-04-16 2087 sock_rps_record_flow(sk); 93ab6cc6916277 Eric Dumazet 2018-04-16 2088 f21a3c48039891 Arjun Roy 2020-12-02 2089 if (inq && inq <= copybuf_len) 7eeba1706eba6d Arjun Roy 2021-01-20 2090 return receive_fallback_to_copy(sk, zc, inq, tss); f21a3c48039891 Arjun Roy 2020-12-02 2091 936ced415751f7 Arjun Roy 2020-12-02 2092 if (inq < PAGE_SIZE) { 936ced415751f7 Arjun Roy 2020-12-02 2093 zc->length = 0; 936ced415751f7 Arjun Roy 2020-12-02 2094 zc->recv_skip_hint = inq; 936ced415751f7 Arjun Roy 2020-12-02 2095 if (!inq && sock_flag(sk, SOCK_DONE)) 936ced415751f7 Arjun Roy 2020-12-02 2096 return -EIO; 936ced415751f7 Arjun Roy 2020-12-02 2097 return 0; 936ced415751f7 Arjun Roy 2020-12-02 2098 } 936ced415751f7 Arjun Roy 2020-12-02 2099 d8ed45c5dcd455 Michel Lespinasse 2020-06-08 2100 mmap_read_lock(current->mm); 05255b823a6173 Eric Dumazet 2018-04-27 2101 47bdd1db16e67e Liam Howlett 2021-06-28 2102 vma = vma_lookup(current->mm, address); 47bdd1db16e67e Liam Howlett 2021-06-28 2103 if (!vma || vma->vm_ops != &tcp_vm_ops) { d8ed45c5dcd455 Michel Lespinasse 2020-06-08 2104 mmap_read_unlock(current->mm); e776af608f692a Eric Dumazet 2020-05-14 2105 return -EINVAL; e776af608f692a Eric Dumazet 2020-05-14 2106 } 18fb76ed53865c Arjun Roy 2020-12-02 2107 vma_len = min_t(unsigned long, zc->length, vma->vm_end - address); 18fb76ed53865c Arjun Roy 2020-12-02 2108 avail_len = min_t(u32, vma_len, inq); 94ab9eb9b234dd Arjun Roy 2020-12-02 2109 total_bytes_to_map = avail_len & ~(PAGE_SIZE - 1); 94ab9eb9b234dd Arjun Roy 2020-12-02 2110 if (total_bytes_to_map) { 94ab9eb9b234dd Arjun Roy 2020-12-02 2111 if (!(zc->flags & TCP_RECEIVE_ZEROCOPY_FLAG_TLB_CLEAN_HINT)) 94ab9eb9b234dd Arjun Roy 2020-12-02 2112 zap_page_range(vma, address, total_bytes_to_map); 94ab9eb9b234dd Arjun Roy 2020-12-02 2113 zc->length = total_bytes_to_map; 05255b823a6173 Eric Dumazet 2018-04-27 2114 zc->recv_skip_hint = 0; 8f2b02931175ca Soheil Hassas Yeganeh 2018-09-26 2115 } else { 18fb76ed53865c Arjun Roy 2020-12-02 2116 zc->length = avail_len; 18fb76ed53865c Arjun Roy 2020-12-02 2117 zc->recv_skip_hint = avail_len; 8f2b02931175ca Soheil Hassas Yeganeh 2018-09-26 2118 } 05255b823a6173 Eric Dumazet 2018-04-27 2119 ret = 0; 05255b823a6173 Eric Dumazet 2018-04-27 2120 while (length + PAGE_SIZE <= zc->length) { 98917cf0d6eda0 Arjun Roy 2020-12-02 2121 int mappable_offset; 94ab9eb9b234dd Arjun Roy 2020-12-02 2122 struct page *page; 98917cf0d6eda0 Arjun Roy 2020-12-02 2123 05255b823a6173 Eric Dumazet 2018-04-27 2124 if (zc->recv_skip_hint < PAGE_SIZE) { 7fba5309efe24e Arjun Roy 2020-12-02 2125 u32 offset_frag; 7fba5309efe24e Arjun Roy 2020-12-02 2126 05255b823a6173 Eric Dumazet 2018-04-27 2127 if (skb) { 0e627190563e8b Arjun Roy 2019-12-15 2128 if (zc->recv_skip_hint > 0) 0e627190563e8b Arjun Roy 2019-12-15 2129 break; 05255b823a6173 Eric Dumazet 2018-04-27 2130 skb = skb->next; 05255b823a6173 Eric Dumazet 2018-04-27 2131 offset = seq - TCP_SKB_CB(skb)->seq; 05255b823a6173 Eric Dumazet 2018-04-27 2132 } else { 93ab6cc6916277 Eric Dumazet 2018-04-16 2133 skb = tcp_recv_skb(sk, seq, &offset); 05255b823a6173 Eric Dumazet 2018-04-27 2134 } 7eeba1706eba6d Arjun Roy 2021-01-20 2135 7eeba1706eba6d Arjun Roy 2021-01-20 2136 if (TCP_SKB_CB(skb)->has_rxtstamp) { 7eeba1706eba6d Arjun Roy 2021-01-20 2137 tcp_update_recv_tstamps(skb, tss); 7eeba1706eba6d Arjun Roy 2021-01-20 2138 zc->msg_flags |= TCP_CMSG_TS; 7eeba1706eba6d Arjun Roy 2021-01-20 2139 } 05255b823a6173 Eric Dumazet 2018-04-27 @2140 zc->recv_skip_hint = skb->len - offset; 7fba5309efe24e Arjun Roy 2020-12-02 2141 frags = skb_advance_to_frag(skb, offset, &offset_frag); 7fba5309efe24e Arjun Roy 2020-12-02 2142 if (!frags || offset_frag) 05255b823a6173 Eric Dumazet 2018-04-27 2143 break; 93ab6cc6916277 Eric Dumazet 2018-04-16 2144 } 789762ceec8f33 Soheil Hassas Yeganeh 2018-09-26 2145 98917cf0d6eda0 Arjun Roy 2020-12-02 2146 mappable_offset = find_next_mappable_frag(frags, 98917cf0d6eda0 Arjun Roy 2020-12-02 2147 zc->recv_skip_hint); 98917cf0d6eda0 Arjun Roy 2020-12-02 2148 if (mappable_offset) { 98917cf0d6eda0 Arjun Roy 2020-12-02 2149 zc->recv_skip_hint = mappable_offset; 05255b823a6173 Eric Dumazet 2018-04-27 2150 break; 789762ceec8f33 Soheil Hassas Yeganeh 2018-09-26 2151 } 94ab9eb9b234dd Arjun Roy 2020-12-02 2152 page = skb_frag_page(frags); 94ab9eb9b234dd Arjun Roy 2020-12-02 2153 prefetchw(page); 94ab9eb9b234dd Arjun Roy 2020-12-02 2154 pages[pages_to_map++] = page; 05255b823a6173 Eric Dumazet 2018-04-27 2155 length += PAGE_SIZE; 05255b823a6173 Eric Dumazet 2018-04-27 2156 zc->recv_skip_hint -= PAGE_SIZE; 05255b823a6173 Eric Dumazet 2018-04-27 2157 frags++; 94ab9eb9b234dd Arjun Roy 2020-12-02 2158 if (pages_to_map == TCP_ZEROCOPY_PAGE_BATCH_SIZE || 94ab9eb9b234dd Arjun Roy 2020-12-02 2159 zc->recv_skip_hint < PAGE_SIZE) { 94ab9eb9b234dd Arjun Roy 2020-12-02 2160 /* Either full batch, or we're about to go to next skb 94ab9eb9b234dd Arjun Roy 2020-12-02 2161 * (and we cannot unroll failed ops across skbs). 94ab9eb9b234dd Arjun Roy 2020-12-02 2162 */ 94ab9eb9b234dd Arjun Roy 2020-12-02 2163 ret = tcp_zerocopy_vm_insert_batch(vma, pages, 94ab9eb9b234dd Arjun Roy 2020-12-02 2164 pages_to_map, 94ab9eb9b234dd Arjun Roy 2020-12-02 2165 &address, &length, 94ab9eb9b234dd Arjun Roy 2020-12-02 2166 &seq, zc, 94ab9eb9b234dd Arjun Roy 2020-12-02 2167 total_bytes_to_map); 3763a24c727ecf Arjun Roy 2020-06-07 2168 if (ret) 3763a24c727ecf Arjun Roy 2020-06-07 2169 goto out; 94ab9eb9b234dd Arjun Roy 2020-12-02 2170 pages_to_map = 0; 3763a24c727ecf Arjun Roy 2020-06-07 2171 } 3763a24c727ecf Arjun Roy 2020-06-07 2172 } 94ab9eb9b234dd Arjun Roy 2020-12-02 2173 if (pages_to_map) { 94ab9eb9b234dd Arjun Roy 2020-12-02 2174 ret = tcp_zerocopy_vm_insert_batch(vma, pages, pages_to_map, 94ab9eb9b234dd Arjun Roy 2020-12-02 2175 &address, &length, &seq, 94ab9eb9b234dd Arjun Roy 2020-12-02 2176 zc, total_bytes_to_map); 93ab6cc6916277 Eric Dumazet 2018-04-16 2177 } 05255b823a6173 Eric Dumazet 2018-04-27 2178 out: d8ed45c5dcd455 Michel Lespinasse 2020-06-08 2179 mmap_read_unlock(current->mm); 18fb76ed53865c Arjun Roy 2020-12-02 2180 /* Try to copy straggler data. */ 18fb76ed53865c Arjun Roy 2020-12-02 2181 if (!ret) 7eeba1706eba6d Arjun Roy 2021-01-20 2182 copylen = tcp_zc_handle_leftover(zc, sk, skb, &seq, copybuf_len, tss); 18fb76ed53865c Arjun Roy 2020-12-02 2183 18fb76ed53865c Arjun Roy 2020-12-02 2184 if (length + copylen) { 7db48e98393028 Eric Dumazet 2019-10-10 2185 WRITE_ONCE(tp->copied_seq, seq); 93ab6cc6916277 Eric Dumazet 2018-04-16 2186 tcp_rcv_space_adjust(sk); 93ab6cc6916277 Eric Dumazet 2018-04-16 2187 93ab6cc6916277 Eric Dumazet 2018-04-16 2188 /* Clean up data we have read: This will do ACK frames. */ 93ab6cc6916277 Eric Dumazet 2018-04-16 2189 tcp_recv_skb(sk, seq, &offset); 18fb76ed53865c Arjun Roy 2020-12-02 2190 tcp_cleanup_rbuf(sk, length + copylen); 93ab6cc6916277 Eric Dumazet 2018-04-16 2191 ret = 0; 05255b823a6173 Eric Dumazet 2018-04-27 2192 if (length == zc->length) 05255b823a6173 Eric Dumazet 2018-04-27 2193 zc->recv_skip_hint = 0; 05255b823a6173 Eric Dumazet 2018-04-27 2194 } else { 05255b823a6173 Eric Dumazet 2018-04-27 2195 if (!zc->recv_skip_hint && sock_flag(sk, SOCK_DONE)) 05255b823a6173 Eric Dumazet 2018-04-27 2196 ret = -EIO; 05255b823a6173 Eric Dumazet 2018-04-27 2197 } 05255b823a6173 Eric Dumazet 2018-04-27 2198 zc->length = length; 93ab6cc6916277 Eric Dumazet 2018-04-16 2199 return ret; 93ab6cc6916277 Eric Dumazet 2018-04-16 2200 } 05255b823a6173 Eric Dumazet 2018-04-27 2201 #endif 93ab6cc6916277 Eric Dumazet 2018-04-16 2202 :::::: The code at line 2140 was first introduced by commit :::::: 05255b823a6173525587f29c4e8f1ca33fd7677d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive :::::: TO: Eric Dumazet <[email protected]> :::::: CC: David S. Miller <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
