CC: [email protected] CC: [email protected] BCC: [email protected] CC: [email protected] TO: Wang Yufen <[email protected]> CC: Daniel Borkmann <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: f022814633e1c600507b3a99691b4d624c2813f0 commit: 938d3480b92fa5e454b7734294f12a7b75126f09 bpf, sockmap: Fix memleak in sk_psock_queue_msg date: 12 days ago :::::: branch date: 12 hours ago :::::: commit date: 12 days ago config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220327/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 902f4708fe1d03b0de7e5315ef875006a6adc319) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=938d3480b92fa5e454b7734294f12a7b75126f09 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 938d3480b92fa5e454b7734294f12a7b75126f09 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) include/linux/printk.h:446:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:370:7: note: expanded from macro '__printk_index_emit' if (__builtin_constant_p(_fmt) && __builtin_constant_p(_level)) { \ ^ include/linux/hid.h:1036:3: note: Taking true branch pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:446:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:370:3: note: expanded from macro '__printk_index_emit' if (__builtin_constant_p(_fmt) && __builtin_constant_p(_level)) { \ ^ include/linux/compiler.h:56:23: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/hid.h:1036:3: note: '?' condition is true pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:446:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:379:12: note: expanded from macro '__printk_index_emit' .fmt = __builtin_constant_p(_fmt) ? (_fmt) : NULL, \ ^ include/linux/hid.h:1036:3: note: '?' condition is true pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:446:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:383:14: note: expanded from macro '__printk_index_emit' .level = __builtin_constant_p(_level) ? (_level) : NULL, \ ^ include/linux/hid.h:1036:3: note: Loop condition is false. Exiting loop pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:656:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:640:3: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^ include/linux/printk.h:446:26: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^ include/linux/printk.h:417:3: note: expanded from macro 'printk_index_wrap' __printk_index_emit(_fmt, NULL, NULL); \ ^ include/linux/printk.h:369:2: note: expanded from macro '__printk_index_emit' do { \ ^ include/linux/hid.h:1037:9: note: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input') input->name, c, type); ^ include/linux/printk.h:656:49: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~ include/linux/printk.h:640:17: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^~~~~~~~~~~ include/linux/printk.h:446:60: note: expanded from macro 'printk' #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__) ^~~~~~~~~~~ include/linux/printk.h:418:19: note: expanded from macro 'printk_index_wrap' _p_func(_fmt, ##__VA_ARGS__); \ ^~~~~~~~~~~ 1 warning generated. >> net/core/skmsg.c:590:3: warning: Attempt to free released memory >> [clang-analyzer-unix.Malloc] kfree(msg); ^ net/core/skmsg.c:1160:6: note: Assuming 'skb' is non-null if (!skb) { ^ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^~~~ include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^~~~ net/core/skmsg.c:1160:2: note: '?' condition is false if (!skb) { ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^ net/core/skmsg.c:1160:7: note: 'skb' is non-null if (!skb) { ^ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^~~~ include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^~~~ include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value' (cond) ? \ ^~~~ net/core/skmsg.c:1160:2: note: '?' condition is false if (!skb) { ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:69: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^ include/linux/compiler.h:69:2: note: expanded from macro '__trace_if_value' (cond) ? \ ^ net/core/skmsg.c:1160:2: note: Taking false branch if (!skb) { ^ include/linux/compiler.h:56:23: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ net/core/skmsg.c:1167:15: note: Assuming 'psock' is non-null if (unlikely(!psock)) { ^ include/linux/compiler.h:48:41: note: expanded from macro 'unlikely' # define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x))) ^ include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__' ______r = __builtin_expect(!!(x), expect); \ ^ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^~~~ include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^~~~ net/core/skmsg.c:1167:16: note: 'psock' is non-null if (unlikely(!psock)) { ^ include/linux/compiler.h:48:68: note: expanded from macro 'unlikely' # define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x))) ^ include/linux/compiler.h:35:19: note: expanded from macro '__branch_check__' expect, is_constant); \ ^~~~~~~~~~~ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^~~~ include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^~~~ net/core/skmsg.c:1167:2: note: '?' condition is false if (unlikely(!psock)) { ^ include/linux/compiler.h:56:28: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) ^ include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var' #define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond)) ^ net/core/skmsg.c:1167:16: note: 'psock' is non-null if (unlikely(!psock)) { ^ include/linux/compiler.h:48:41: note: expanded from macro 'unlikely' # define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x))) ^ include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__' ______r = __builtin_expect(!!(x), expect); \ ^ include/linux/compiler.h:56:47: note: expanded from macro 'if' #define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) ) vim +590 net/core/skmsg.c 6fa9201a898983d John Fastabend 2020-11-16 572 6fa9201a898983d John Fastabend 2020-11-16 573 /* Puts an skb on the ingress queue of the socket already assigned to the 6fa9201a898983d John Fastabend 2020-11-16 574 * skb. In this case we do not need to check memory limits or skb_set_owner_r 6fa9201a898983d John Fastabend 2020-11-16 575 * because the skb is already accounted for here. 6fa9201a898983d John Fastabend 2020-11-16 576 */ 7303524e04af49a Liu Jian 2021-10-29 577 static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb, 7303524e04af49a Liu Jian 2021-10-29 578 u32 off, u32 len) 6fa9201a898983d John Fastabend 2020-11-16 579 { 6fa9201a898983d John Fastabend 2020-11-16 580 struct sk_msg *msg = kzalloc(sizeof(*msg), __GFP_NOWARN | GFP_ATOMIC); 6fa9201a898983d John Fastabend 2020-11-16 581 struct sock *sk = psock->sk; 7e6b27a69167f97 John Fastabend 2021-07-12 582 int err; 6fa9201a898983d John Fastabend 2020-11-16 583 6fa9201a898983d John Fastabend 2020-11-16 584 if (unlikely(!msg)) 6fa9201a898983d John Fastabend 2020-11-16 585 return -EAGAIN; 6fa9201a898983d John Fastabend 2020-11-16 586 sk_msg_init(msg); 144748eb0c44509 John Fastabend 2021-04-01 587 skb_set_owner_r(skb, sk); 7303524e04af49a Liu Jian 2021-10-29 588 err = sk_psock_skb_ingress_enqueue(skb, off, len, psock, sk, msg); 7e6b27a69167f97 John Fastabend 2021-07-12 589 if (err < 0) 7e6b27a69167f97 John Fastabend 2021-07-12 @590 kfree(msg); 7e6b27a69167f97 John Fastabend 2021-07-12 591 return err; 6fa9201a898983d John Fastabend 2020-11-16 592 } 6fa9201a898983d John Fastabend 2020-11-16 593 :::::: The code at line 590 was first introduced by commit :::::: 7e6b27a69167f97c56b5437871d29e9722c3e470 bpf, sockmap: Fix potential memory leak on unlikely error case :::::: TO: John Fastabend <[email protected]> :::::: CC: Daniel Borkmann <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
