2024-05-04 11:23:37

by Dan Carpenter

[permalink] [raw]
Subject: [bug report] SUNRPC: Fix svcauth_gss_proxy_init()

Hello Chuck Lever,

Commit 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct
24, 2019 (linux-next), leads to the following Smatch static checker
warning:

net/sunrpc/auth_gss/svcauth_gss.c:1039 gss_free_in_token_pages()
warn: iterator 'i' not incremented

net/sunrpc/auth_gss/svcauth_gss.c
1034 static void gss_free_in_token_pages(struct gssp_in_token *in_token)
1035 {
1036 u32 inlen;
1037 int i;
1038
--> 1039 i = 0;
1040 inlen = in_token->page_len;
1041 while (inlen) {
1042 if (in_token->pages[i])
1043 put_page(in_token->pages[i]);
^
This puts page zero over and over.

1044 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
1045 }
1046
1047 kfree(in_token->pages);
1048 in_token->pages = NULL;
1049 }

regards,
dan carpenter


2024-05-04 15:18:53

by Chuck Lever III

[permalink] [raw]
Subject: Re: [bug report] SUNRPC: Fix svcauth_gss_proxy_init()

On Sat, May 04, 2024 at 02:23:23PM +0300, Dan Carpenter wrote:
> Hello Chuck Lever,
>
> Commit 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct
> 24, 2019 (linux-next), leads to the following Smatch static checker
> warning:
>
> net/sunrpc/auth_gss/svcauth_gss.c:1039 gss_free_in_token_pages()
> warn: iterator 'i' not incremented

We haven't seen a problem in practice, thus it's likely that
->page_len is rarely if ever larger than a page. I will post a fix
in a day or two. Thanks, Dan!


> net/sunrpc/auth_gss/svcauth_gss.c
> 1034 static void gss_free_in_token_pages(struct gssp_in_token *in_token)
> 1035 {
> 1036 u32 inlen;
> 1037 int i;
> 1038
> --> 1039 i = 0;
> 1040 inlen = in_token->page_len;
> 1041 while (inlen) {
> 1042 if (in_token->pages[i])
> 1043 put_page(in_token->pages[i]);
> ^
> This puts page zero over and over.
>
> 1044 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
> 1045 }
> 1046
> 1047 kfree(in_token->pages);
> 1048 in_token->pages = NULL;
> 1049 }
>
> regards,
> dan carpenter
>

--
Chuck Lever