Add the case if sk is NULL in sock_{put, hold},
The caller is free to use it.
Signed-off-by: Yajun Deng <[email protected]>
---
include/net/sock.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 6e761451c927..8821ec0d4147 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -699,7 +699,8 @@ static inline bool __sk_del_node_init(struct sock *sk)
static __always_inline void sock_hold(struct sock *sk)
{
- refcount_inc(&sk->sk_refcnt);
+ if (sk)
+ refcount_inc(&sk->sk_refcnt);
}
/* Ungrab socket in the context, which assumes that socket refcnt
@@ -1811,7 +1812,7 @@ void sock_init_data(struct socket *sock, struct sock *sk);
/* Ungrab socket and destroy it, if it was the last reference. */
static inline void sock_put(struct sock *sk)
{
- if (refcount_dec_and_test(&sk->sk_refcnt))
+ if (sk && refcount_dec_and_test(&sk->sk_refcnt))
sk_free(sk);
}
/* Generic version of sock_put(), dealing with all sockets
--
2.32.0
On Fri, 6 Aug 2021 14:38:15 +0800 Yajun Deng wrote:
> Add the case if sk is NULL in sock_{put, hold},
> The caller is free to use it.
>
> Signed-off-by: Yajun Deng <[email protected]>
The obvious complaint about this patch (and your previous netdev patch)
is that you're spraying branches everywhere in the code. Sure, it may
be okay for free(), given how expensive of an operation that is but
is having refcounting functions accept NULL really the best practice?
Can you give us examples in the kernel where that's the case?
August 6, 2021 9:11 PM, "Jakub Kicinski" <[email protected]> wrote:
> On Fri, 6 Aug 2021 14:38:15 +0800 Yajun Deng wrote:
>
>> Add the case if sk is NULL in sock_{put, hold},
>> The caller is free to use it.
>>
>> Signed-off-by: Yajun Deng <[email protected]>
>
> The obvious complaint about this patch (and your previous netdev patch)
> is that you're spraying branches everywhere in the code. Sure, it may
Sorry for that, I'll be more normative in later submission.
> be okay for free(), given how expensive of an operation that is but
> is having refcounting functions accept NULL really the best practice?
>
> Can you give us examples in the kernel where that's the case?
0 include/net/neighbour.h neigh_clone()
1 include/linux/cgroup.h get_cgroup_ns() and put_cgroup_ns() (This is very similar to my submission)
2 include/linux/ipc_namespace.h get_ipc_ns()
3 include/linux/posix_acl.h posix_acl_dup()
4 include/linux/pid.h get_pid()
5 include/linux/user_namespace.h get_user_ns()
On 8/6/21 8:38 AM, Yajun Deng wrote:
> Add the case if sk is NULL in sock_{put, hold},
> The caller is free to use it.
>
Can we please stop adding code like that all over the places ?
This is wrong, fix the callers that are lazy, or fix the real bug
if this is a syzbot report.
On 8/9/21 8:12 AM, [email protected] wrote:
> August 6, 2021 9:11 PM, "Jakub Kicinski" <[email protected]> wrote:
>
>> On Fri, 6 Aug 2021 14:38:15 +0800 Yajun Deng wrote:
>>
>>> Add the case if sk is NULL in sock_{put, hold},
>>> The caller is free to use it.
>>>
>>> Signed-off-by: Yajun Deng <[email protected]>
>>
>> The obvious complaint about this patch (and your previous netdev patch)
>> is that you're spraying branches everywhere in the code. Sure, it may
>
> Sorry for that, I'll be more normative in later submission.
>> be okay for free(), given how expensive of an operation that is but
>> is having refcounting functions accept NULL really the best practice?
>>
>> Can you give us examples in the kernel where that's the case?
>
> 0 include/net/neighbour.h neigh_clone()
> 1 include/linux/cgroup.h get_cgroup_ns() and put_cgroup_ns() (This is very similar to my submission)
> 2 include/linux/ipc_namespace.h get_ipc_ns()
> 3 include/linux/posix_acl.h posix_acl_dup()
> 4 include/linux/pid.h get_pid()
> 5 include/linux/user_namespace.h get_user_ns()
>
These helpers might be called with NULL pointers by design.
sock_put() and sock_hold() are never called with NULL.
Same for put_page() and hundreds of other functions.
By factorizing a conditional in the function, hoping to remove one in few callers,
we add more conditional branches (and increase code size)
On Mon, Aug 09, 2021 at 11:34:31AM +0200, Eric Dumazet wrote:
>
>
> On 8/9/21 8:12 AM, [email protected] wrote:
> > August 6, 2021 9:11 PM, "Jakub Kicinski" <[email protected]> wrote:
> >
> >> On Fri, 6 Aug 2021 14:38:15 +0800 Yajun Deng wrote:
> >>
> >>> Add the case if sk is NULL in sock_{put, hold},
> >>> The caller is free to use it.
> >>>
> >>> Signed-off-by: Yajun Deng <[email protected]>
> >>
> >> The obvious complaint about this patch (and your previous netdev patch)
> >> is that you're spraying branches everywhere in the code. Sure, it may
> >
> > Sorry for that, I'll be more normative in later submission.
> >> be okay for free(), given how expensive of an operation that is but
> >> is having refcounting functions accept NULL really the best practice?
> >>
> >> Can you give us examples in the kernel where that's the case?
> >
> > 0 include/net/neighbour.h neigh_clone()
> > 1 include/linux/cgroup.h get_cgroup_ns() and put_cgroup_ns() (This is very similar to my submission)
> > 2 include/linux/ipc_namespace.h get_ipc_ns()
> > 3 include/linux/posix_acl.h posix_acl_dup()
> > 4 include/linux/pid.h get_pid()
> > 5 include/linux/user_namespace.h get_user_ns()
> >
>
> These helpers might be called with NULL pointers by design.
>
> sock_put() and sock_hold() are never called with NULL.
>
> Same for put_page() and hundreds of other functions.
>
> By factorizing a conditional in the function, hoping to remove one in few callers,
> we add more conditional branches (and increase code size)
You can add into your list that such "if NULL" checks add false
impression that NULL can be there and it is valid.
Thanks
>