SUNRPC: Fix gss_free_in_token_pages()

Message ID	20240506205245.4455-1-cel@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4BA8EBB for <linux-nfs@vger.kernel.org>; Mon, 6 May 2024 20:52:52 +0000 (UTC) From: cel@kernel.org To: <linux-nfs@vger.kernel.org> Cc: Chuck Lever <chuck.lever@oracle.com>, Dan Carpenter <dan.carpenter@linaro.org> Subject: [PATCH] SUNRPC: Fix gss_free_in_token_pages() Date: Mon, 6 May 2024 16:52:45 -0400 Message-ID: <20240506205245.4455-1-cel@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	SUNRPC: Fix gss_free_in_token_pages() \| expand SUNRPC: Fix gss_free_in_token_pages()

Message ID

20240506205245.4455-1-cel@kernel.org (mailing list archive)

State

New

Headers

From: cel@kernel.org
To: <linux-nfs@vger.kernel.org>
Cc: Chuck Lever <chuck.lever@oracle.com>,
	Dan Carpenter <dan.carpenter@linaro.org>
Subject: [PATCH] SUNRPC: Fix gss_free_in_token_pages()
Date: Mon,  6 May 2024 16:52:45 -0400
Message-ID: <20240506205245.4455-1-cel@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

SUNRPC: Fix gss_free_in_token_pages() | expand

Commit Message

Chuck Lever May 6, 2024, 8:52 p.m. UTC

From: Chuck Lever <chuck.lever@oracle.com>

Commit 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct
24, 2019 (linux-next), leads to the following Smatch static checker
warning:

	net/sunrpc/auth_gss/svcauth_gss.c:1039 gss_free_in_token_pages()
	warn: iterator 'i' not incremented

net/sunrpc/auth_gss/svcauth_gss.c
    1034 static void gss_free_in_token_pages(struct gssp_in_token *in_token)
    1035 {
    1036         u32 inlen;
    1037         int i;
    1038
--> 1039         i = 0;
    1040         inlen = in_token->page_len;
    1041         while (inlen) {
    1042                 if (in_token->pages[i])
    1043                         put_page(in_token->pages[i]);
                                                         ^
This puts page zero over and over.

    1044                 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
    1045         }
    1046
    1047         kfree(in_token->pages);
    1048         in_token->pages = NULL;
    1049 }

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 net/sunrpc/auth_gss/svcauth_gss.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


base-commit: 939cb14d51a150e3c12ef7a8ce0ba04ce6131bd2

Comments

Trond Myklebust May 6, 2024, 9:05 p.m. UTC | #1

On Mon, 2024-05-06 at 16:52 -0400, cel@kernel.org wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> Commit 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct
> 24, 2019 (linux-next), leads to the following Smatch static checker
> warning:
> 
> 	net/sunrpc/auth_gss/svcauth_gss.c:1039
> gss_free_in_token_pages()
> 	warn: iterator 'i' not incremented
> 
> net/sunrpc/auth_gss/svcauth_gss.c
>     1034 static void gss_free_in_token_pages(struct gssp_in_token
> *in_token)
>     1035 {
>     1036         u32 inlen;
>     1037         int i;
>     1038
> --> 1039         i = 0;
>     1040         inlen = in_token->page_len;
>     1041         while (inlen) {
>     1042                 if (in_token->pages[i])
>     1043                         put_page(in_token->pages[i]);
>                                                          ^
> This puts page zero over and over.
> 
>     1044                 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE :
> inlen;
>     1045         }
>     1046
>     1047         kfree(in_token->pages);
>     1048         in_token->pages = NULL;
>     1049 }
> 
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Fixes: 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()")
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>  net/sunrpc/auth_gss/svcauth_gss.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/sunrpc/auth_gss/svcauth_gss.c
> b/net/sunrpc/auth_gss/svcauth_gss.c
> index 24de94184700..bdd8273d74d3 100644
> --- a/net/sunrpc/auth_gss/svcauth_gss.c
> +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -1040,7 +1040,7 @@ static void gss_free_in_token_pages(struct
> gssp_in_token *in_token)
>  	inlen = in_token->page_len;
>  	while (inlen) {
>  		if (in_token->pages[i])
> -			put_page(in_token->pages[i]);
> +			put_page(in_token->pages[i++]);

Wouldn't it be both more efficient and transparent just to break out of
the loop once you hit a NULL page? You already know the remainder of
the array will also be NULL.

>  		inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
>  	}
>  
> 
> base-commit: 939cb14d51a150e3c12ef7a8ce0ba04ce6131bd2

Chuck Lever May 6, 2024, 9:13 p.m. UTC | #2

On Mon, May 06, 2024 at 09:05:34PM +0000, Trond Myklebust wrote:
> On Mon, 2024-05-06 at 16:52 -0400, cel@kernel.org wrote:
> > From: Chuck Lever <chuck.lever@oracle.com>
> > 
> > Commit 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct
> > 24, 2019 (linux-next), leads to the following Smatch static checker
> > warning:
> > 
> > 	net/sunrpc/auth_gss/svcauth_gss.c:1039
> > gss_free_in_token_pages()
> > 	warn: iterator 'i' not incremented
> > 
> > net/sunrpc/auth_gss/svcauth_gss.c
> >     1034 static void gss_free_in_token_pages(struct gssp_in_token
> > *in_token)
> >     1035 {
> >     1036         u32 inlen;
> >     1037         int i;
> >     1038
> > --> 1039         i = 0;
> >     1040         inlen = in_token->page_len;
> >     1041         while (inlen) {
> >     1042                 if (in_token->pages[i])
> >     1043                         put_page(in_token->pages[i]);
> >                                                          ^
> > This puts page zero over and over.
> > 
> >     1044                 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE :
> > inlen;
> >     1045         }
> >     1046
> >     1047         kfree(in_token->pages);
> >     1048         in_token->pages = NULL;
> >     1049 }
> > 
> > Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Fixes: 5866efa8cbfb ("SUNRPC: Fix svcauth_gss_proxy_init()")
> > Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> > ---
> >  net/sunrpc/auth_gss/svcauth_gss.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/net/sunrpc/auth_gss/svcauth_gss.c
> > b/net/sunrpc/auth_gss/svcauth_gss.c
> > index 24de94184700..bdd8273d74d3 100644
> > --- a/net/sunrpc/auth_gss/svcauth_gss.c
> > +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> > @@ -1040,7 +1040,7 @@ static void gss_free_in_token_pages(struct
> > gssp_in_token *in_token)
> >  	inlen = in_token->page_len;
> >  	while (inlen) {
> >  		if (in_token->pages[i])
> > -			put_page(in_token->pages[i]);
> > +			put_page(in_token->pages[i++]);
> 
> Wouldn't it be both more efficient and transparent just to break out of
> the loop once you hit a NULL page? You already know the remainder of
> the array will also be NULL.

Based on the way that the ->pages[] array is constructed in
gss_read_proxy_verf() ? I guess that is true.


> >  		inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
> >  	}
> >  
> > 
> > base-commit: 939cb14d51a150e3c12ef7a8ce0ba04ce6131bd2

diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 24de94184700..bdd8273d74d3 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1040,7 +1040,7 @@  static void gss_free_in_token_pages(struct gssp_in_token *in_token)
 	inlen = in_token->page_len;
 	while (inlen) {
 		if (in_token->pages[i])
-			put_page(in_token->pages[i]);
+			put_page(in_token->pages[i++]);
 		inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
 	}

SUNRPC: Fix gss_free_in_token_pages()

Commit Message

Comments

Patch