Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2860661rwb; Thu, 17 Nov 2022 17:47:00 -0800 (PST) X-Google-Smtp-Source: AA0mqf6OKd7OY7Ql6mnJTVHB7MyYPOUXGZFaG9d96hapXUIOZ86ibjZyjxAiDhaLYE4tPT4N+m4r X-Received: by 2002:a63:e802:0:b0:46f:ed3a:f36c with SMTP id s2-20020a63e802000000b0046fed3af36cmr4656976pgh.372.1668736020236; Thu, 17 Nov 2022 17:47:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668736020; cv=none; d=google.com; s=arc-20160816; b=aWrZKXlKKBr9wl3+V9+N0g1zPh4odVCz7TiBVdz9MsAMDbehpCLJTrl8a7jt95x0Vn Y+GCUQ2of+X2jGHQAcG7Hu5+yqdyxLzmyTjfSEW+U5iKDBDgl6ETBcyVoOo3Xu6qJrHG 3/EjCjh9SJ5DQb/oCRY3MiDYEnXL6mFi4DnytYjrIhSNa2o9IMcdMjGwNsReOkx505ug 0+QdfYEWPawMC/VZbl8at0pc8ALqQLkbVyikJnUk+mGYnr8O7bvDesg5JCkZlQz+kphs V0S1jYo9/kXlof6YnxNNjRz82EsOoHzlEdFI+5QOI7Es87WaaB2YiIA9L9mQNLbA9Ir0 /V/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=R4T4enbQOsqO6XmAV2f5zgRx0vHX3wK4skHjCmqpICo=; b=eU5y0MNSGOTuXNlLdIPhzmRYR1crtG2mDZEe3wVTLTZv/0/tJbMl2pJ8cL7EKOfuth FlO+4abo6W9C1OdWATJ2ljpa91BmWmafwvn8rcBHJSPFnYZZ/lWszd/drenzvDEN6lli dqO7DCJZskZRrvcM2lyhd76DgQdwt3UluobgcUSQi4TzLWOo45zPINb8rDU5Do0LdwEo avDi5GfefDlvjeCPzkjCs39x6P84qNi5CUtxwKqer6ybpgSOoT4gZp9JwMY+yh9andDH +BDmkKOK9nH3JlWT14lPuoIfTQ9Iaw5Uru1bWWls4rTpd0RNihwBbtXZyfLpimRVzGbw x37Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=tRE8MM8c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r30-20020a63515e000000b00476bfca388fsi2540385pgl.627.2022.11.17.17.46.47; Thu, 17 Nov 2022 17:47:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=tRE8MM8c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235133AbiKRBYv (ORCPT + 92 others); Thu, 17 Nov 2022 20:24:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235041AbiKRBYu (ORCPT ); Thu, 17 Nov 2022 20:24:50 -0500 Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3FC269DE7 for ; Thu, 17 Nov 2022 17:24:48 -0800 (PST) Received: by mail-io1-xd35.google.com with SMTP id r81so2831432iod.2 for ; Thu, 17 Nov 2022 17:24:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=R4T4enbQOsqO6XmAV2f5zgRx0vHX3wK4skHjCmqpICo=; b=tRE8MM8ca79bEn0b3rkDQO5fw0/vkOWKZR1tr+6audLccXPFKXC4mMpzZrEnQ9Rstr I4lbu9pQcWPcS5m05iK8xB2g6dLdJikgg+I7JKxU3RSpVo7rYenwhKYV+maXu5Gnb8sa da9yZCzhVhRxfwlmoD01NV8jLinl+wLctMmxx2+PLcrUNdxNQUJolSTlrIXOg62ccbhf Pt+GqFxBC4fZ4c2/o5Z94wZuBvxnvPMnVz6W13PArWGHzVfScmN/bqWlDq8KiDpmkyNS gU6G67Z5VCRqDUGFk9bhZz3789ejikfK7LH83pOfy0jt0E/NQgtBT4+wDBKuO6302iyQ kP+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=R4T4enbQOsqO6XmAV2f5zgRx0vHX3wK4skHjCmqpICo=; b=iE89Fs/Q0pX5+2YgalBwQo3udNDXwM+i1BCk4+sOhUp7ovgkWeLNfLn2VaKL8kZFaz JYBLZwKbBsiRlVAnUJBoOZ7P/UhnXFZ7K1CieG6i76cjZ1C9qovZ8HYMVpjgKH/9jxBn hR6idtTPvnq6/yhKSPmj9Msk7fkWbMHybNprXZJzqsdc7iNUGXBys8wUsa9YfUlAyKwZ 6rwnuqizzA9w0VnWUKqHEqJcEjXjMLXbzBMxuGG4eSUq2uj+qWLcyYaQOQk1Zj6m6kuo pMfYWLejbKutZDxnnxmvNSClgLYdZGgYgl41HNT7PhOeZxgi1/mZO70VJjWv1xoYoui1 ELPw== X-Gm-Message-State: ANoB5pm4CFue83nq6U7T6m7L26DpvQEn78BPlwpj0WoTYBuPqHiGJlVv pxON5QyPGoUij0AvJJquWBeyMk7rYbEJNHRCaSwJwQ== X-Received: by 2002:a6b:6d0d:0:b0:6c4:ad4d:b23a with SMTP id a13-20020a6b6d0d000000b006c4ad4db23amr2378611iod.2.1668734687862; Thu, 17 Nov 2022 17:24:47 -0800 (PST) MIME-Version: 1.0 References: <202211171422.7A7A7A9@keescook> <202211171513.28D070E@keescook> <202211171624.963F44FCE@keescook> In-Reply-To: <202211171624.963F44FCE@keescook> From: Eric Dumazet Date: Thu, 17 Nov 2022 17:24:36 -0800 Message-ID: Subject: Re: Coverity: __sock_gen_cookie(): Error handling issues To: Kees Cook Cc: linux-kernel@vger.kernel.org, Marc Kleine-Budde , Paolo Abeni , Stefano Garzarella , Jakub Kicinski , Nikolay Aleksandrov , "David S. Miller" , Florian Fainelli , netdev@vger.kernel.org, "Gustavo A. R. Silva" , linux-next@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 17, 2022 at 4:25 PM Kees Cook wrote: > > On Thu, Nov 17, 2022 at 03:22:22PM -0800, Eric Dumazet wrote: > > On Thu, Nov 17, 2022 at 3:14 PM Kees Cook wrote: > > > > > > On Thu, Nov 17, 2022 at 02:49:55PM -0800, Eric Dumazet wrote: > > > > On Thu, Nov 17, 2022 at 2:22 PM coverity-bot wrote: > > > > > > > > > > Hello! > > > > > > > > > > This is an experimental semi-automated report about issues detected by > > > > > Coverity from a scan of next-20221117 as part of the linux-next scan project: > > > > > https://scan.coverity.com/projects/linux-next-weekly-scan > > > > > > > > > > You're getting this email because you were associated with the identified > > > > > lines of code (noted below) that were touched by commits: > > > > > > > > > > Wed Nov 16 12:42:01 2022 +0000 > > > > > 4ebf802cf1c6 ("net: __sock_gen_cookie() cleanup") > > > > > > > > > > Coverity reported the following: > > > > > > > > > > *** CID 1527347: Error handling issues (CHECKED_RETURN) > > > > > net/core/sock_diag.c:33 in __sock_gen_cookie() > > > > > 27 { > > > > > 28 u64 res = atomic64_read(&sk->sk_cookie); > > > > > 29 > > > > > 30 if (!res) { > > > > > 31 u64 new = gen_cookie_next(&sock_cookie); > > > > > 32 > > > > > vvv CID 1527347: Error handling issues (CHECKED_RETURN) > > > > > vvv Calling "atomic64_try_cmpxchg" without checking return value (as is done elsewhere 8 out of 9 times). > > > > > 33 atomic64_try_cmpxchg(&sk->sk_cookie, &res, new); > > > > > > > > > > > > Hmmm. for some reason I thought @res was always updated... > > > > > > > > A fix would be to read sk->sk_cookie, but I guess your tool will still > > > > complain we do not care > > > > of atomic64_try_cmpxchg() return value ? > > > > > > > > diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c > > > > index b11593cae5a09b15a10d6ba35bccc22263cb8fc8..58efb9c1c8dd4f8e5a3009a0176e1b96487daaff > > > > 100644 > > > > --- a/net/core/sock_diag.c > > > > +++ b/net/core/sock_diag.c > > > > @@ -31,6 +31,10 @@ u64 __sock_gen_cookie(struct sock *sk) > > > > u64 new = gen_cookie_next(&sock_cookie); > > > > > > > > atomic64_try_cmpxchg(&sk->sk_cookie, &res, new); > > > > + /* Another cpu/thread might have won the race, > > > > + * reload the final value. > > > > + */ > > > > + res = atomic64_read(&sk->sk_cookie); > > > > } > > > > return res; > > > > } > > > > > > I think it's saying it was expecting an update loop -- i.e. to make sure > > > the value actually got swapped (the "try" part...)? > > > > The value has been updated, either by us or someone else. > > > > We do not particularly care who won the race, since the value is > > updated once only. > > Ah! Okay, now I understand the added comment. Thanks :) I guess we could simply go back to atomic64_cmpxchg() to avoid a false positive. This boils to avoid the loop we had prior to 4ebf802cf1c6 diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c index b11593cae5a09b15a10d6ba35bccc22263cb8fc8..7b9e321e0f6b15f2fb7af9f53fceb874439cbd02 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -30,7 +30,11 @@ u64 __sock_gen_cookie(struct sock *sk) if (!res) { u64 new = gen_cookie_next(&sock_cookie); - atomic64_try_cmpxchg(&sk->sk_cookie, &res, new); + atomic64_cmpxchg(&sk->sk_cookie, res, new); + /* Another cpu/thread might have won the race, + * load the final value. + */ + res = atomic64_read(&sk->sk_cookie); } return res; }