[bug report] [AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both
Dan Carpenter
dan.carpenter at oracle.com
Wed Nov 29 23:37:06 PST 2017
Hello David Howells,
The patch 17926a79320a: "[AF_RXRPC]: Provide secure RxRPC sockets for
use by userspace and kernel both" from Apr 26, 2007, leads to the
following static checker warning:
net/rxrpc/af_rxrpc.c:898 rxrpc_release_sock()
error: we previously assumed 'rx->local' could be null (see line 887)
net/rxrpc/af_rxrpc.c
874 switch (sk->sk_state) {
875 case RXRPC_SERVER_BOUND:
876 case RXRPC_SERVER_BOUND2:
877 case RXRPC_SERVER_LISTENING:
878 case RXRPC_SERVER_LISTEN_DISABLED:
879 rx->local->service_closed = true;
^^^^^^^^^
Unchecked dereference
880 break;
881 }
882
883 spin_lock_bh(&sk->sk_receive_queue.lock);
884 sk->sk_state = RXRPC_CLOSE;
885 spin_unlock_bh(&sk->sk_receive_queue.lock);
886
887 if (rx->local && rcu_access_pointer(rx->local->service) == rx) {
^^^^^^^^^
Checked dereference
888 write_lock(&rx->local->services_lock);
889 rcu_assign_pointer(rx->local->service, NULL);
890 write_unlock(&rx->local->services_lock);
891 }
892
893 /* try to flush out this socket */
894 rxrpc_discard_prealloc(rx);
895 rxrpc_release_calls_on_socket(rx);
896 flush_workqueue(rxrpc_workqueue);
897 rxrpc_purge_queue(&sk->sk_receive_queue);
898 rxrpc_queue_work(&rx->local->rxnet->service_conn_reaper);
^^^^^^^^^
Unchecked
899 rxrpc_queue_work(&rx->local->rxnet->client_conn_reaper);
900
901 rxrpc_put_local(rx->local);
902 rx->local = NULL;
903 key_put(rx->key);
904 rx->key = NULL;
905 key_put(rx->securities);
906 rx->securities = NULL;
907 sock_put(sk);
908
909 _leave(" = 0");
910 return 0;
911 }
regards,
dan carpenter
More information about the linux-afs
mailing list