| Message ID | 20230221092206.39741-1-hbh25y@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net: dccp: delete redundant ackvec record in dccp_insert_options() | expand |
On Tue, Feb 21, 2023 at 10:22 AM Hangyu Hua <hbh25y@gmail.com> wrote: > > A useless record can be insert into av_records when dccp_insert_options() > fails after dccp_insert_option_ackvec(). Repeated triggering may cause > av_records to have a lot of useless record with the same avr_ack_seqno. > > Fixes: 8b7b6c75c638 ("dccp: Integrate feature-negotiation insertion code") > Signed-off-by: Hangyu Hua <hbh25y@gmail.com> > --- > net/dccp/options.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/net/dccp/options.c b/net/dccp/options.c > index d24cad05001e..8aa4abeb15ea 100644 > --- a/net/dccp/options.c > +++ b/net/dccp/options.c > @@ -549,6 +549,8 @@ static void dccp_insert_option_padding(struct sk_buff *skb) > int dccp_insert_options(struct sock *sk, struct sk_buff *skb) > { > struct dccp_sock *dp = dccp_sk(sk); > + struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec; > + struct dccp_ackvec_record *avr; > > DCCP_SKB_CB(skb)->dccpd_opt_len = 0; > > @@ -577,16 +579,22 @@ int dccp_insert_options(struct sock *sk, struct sk_buff *skb) > > if (dp->dccps_hc_rx_insert_options) { > if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb)) > - return -1; > + goto delete_ackvec; > dp->dccps_hc_rx_insert_options = 0; > } > > if (dp->dccps_timestamp_echo != 0 && > dccp_insert_option_timestamp_echo(dp, NULL, skb)) > - return -1; > + goto delete_ackvec; > > dccp_insert_option_padding(skb); > return 0; > + > +delete_ackvec: > + avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq); Why avr would be not NULL ? > + list_del(&avr->avr_node); > + kmem_cache_free(dccp_ackvec_record_slab, avr); > + return -1; > } Are you really using DCCP and/or how have you tested this patch ? net/dccp/ackvec.c:15:static struct kmem_cache *dccp_ackvec_record_slab; I doubt this patch has been compiled. I would rather mark DCCP deprecated and stop trying to fix it.
Hi Hangyu,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
[also build test WARNING on net/master horms-ipvs/master linus/master v6.2 next-20230221]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
patch link: https://lore.kernel.org/r/20230221092206.39741-1-hbh25y%40gmail.com
patch subject: [PATCH] net: dccp: delete redundant ackvec record in dccp_insert_options()
config: ia64-allyesconfig (https://download.01.org/0day-ci/archive/20230221/202302212123.tdzm6fp4-lkp@intel.com/config)
compiler: ia64-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/ea44b55ba82bbe3f35b51212bf839f507a30b70b
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
git checkout ea44b55ba82bbe3f35b51212bf839f507a30b70b
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=ia64 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=ia64 SHELL=/bin/bash net/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202302212123.tdzm6fp4-lkp@intel.com/
All warnings (new ones prefixed by >>):
net/dccp/options.c: In function 'dccp_insert_options':
net/dccp/options.c:594:15: error: implicit declaration of function 'dccp_ackvec_lookup'; did you mean 'dccp_ackvec_input'? [-Werror=implicit-function-declaration]
594 | avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
| ^~~~~~~~~~~~~~~~~~
| dccp_ackvec_input
>> net/dccp/options.c:594:13: warning: assignment to 'struct dccp_ackvec_record *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
594 | avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
| ^
net/dccp/options.c:596:25: error: 'dccp_ackvec_record_slab' undeclared (first use in this function); did you mean 'dccp_ackvec_record'?
596 | kmem_cache_free(dccp_ackvec_record_slab, avr);
| ^~~~~~~~~~~~~~~~~~~~~~~
| dccp_ackvec_record
net/dccp/options.c:596:25: note: each undeclared identifier is reported only once for each function it appears in
cc1: some warnings being treated as errors
vim +594 net/dccp/options.c
548
549 int dccp_insert_options(struct sock *sk, struct sk_buff *skb)
550 {
551 struct dccp_sock *dp = dccp_sk(sk);
552 struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec;
553 struct dccp_ackvec_record *avr;
554
555 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
556
557 if (dp->dccps_send_ndp_count && dccp_insert_option_ndp(sk, skb))
558 return -1;
559
560 if (DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATA) {
561
562 /* Feature Negotiation */
563 if (dccp_feat_insert_opts(dp, NULL, skb))
564 return -1;
565
566 if (DCCP_SKB_CB(skb)->dccpd_type == DCCP_PKT_REQUEST) {
567 /*
568 * Obtain RTT sample from Request/Response exchange.
569 * This is currently used for TFRC initialisation.
570 */
571 if (dccp_insert_option_timestamp(skb))
572 return -1;
573
574 } else if (dccp_ackvec_pending(sk) &&
575 dccp_insert_option_ackvec(sk, skb)) {
576 return -1;
577 }
578 }
579
580 if (dp->dccps_hc_rx_insert_options) {
581 if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb))
582 goto delete_ackvec;
583 dp->dccps_hc_rx_insert_options = 0;
584 }
585
586 if (dp->dccps_timestamp_echo != 0 &&
587 dccp_insert_option_timestamp_echo(dp, NULL, skb))
588 goto delete_ackvec;
589
590 dccp_insert_option_padding(skb);
591 return 0;
592
593 delete_ackvec:
> 594 avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
595 list_del(&avr->avr_node);
596 kmem_cache_free(dccp_ackvec_record_slab, avr);
597 return -1;
598 }
599
Hi Hangyu,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
[also build test WARNING on net/master horms-ipvs/master linus/master v6.2 next-20230221]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
patch link: https://lore.kernel.org/r/20230221092206.39741-1-hbh25y%40gmail.com
patch subject: [PATCH] net: dccp: delete redundant ackvec record in dccp_insert_options()
config: i386-randconfig-a013-20230220 (https://download.01.org/0day-ci/archive/20230221/202302212209.2xKQbnhl-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/ea44b55ba82bbe3f35b51212bf839f507a30b70b
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
git checkout ea44b55ba82bbe3f35b51212bf839f507a30b70b
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash net/dccp/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202302212209.2xKQbnhl-lkp@intel.com/
All warnings (new ones prefixed by >>):
net/dccp/options.c:594:8: error: implicit declaration of function 'dccp_ackvec_lookup' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
^
>> net/dccp/options.c:594:6: warning: incompatible integer to pointer conversion assigning to 'struct dccp_ackvec_record *' from 'int' [-Wint-conversion]
avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/dccp/options.c:596:18: error: use of undeclared identifier 'dccp_ackvec_record_slab'; did you mean 'dccp_ackvec_clear_state'?
kmem_cache_free(dccp_ackvec_record_slab, avr);
^~~~~~~~~~~~~~~~~~~~~~~
dccp_ackvec_clear_state
net/dccp/ackvec.h:110:6: note: 'dccp_ackvec_clear_state' declared here
void dccp_ackvec_clear_state(struct dccp_ackvec *av, const u64 ackno);
^
1 warning and 2 errors generated.
vim +594 net/dccp/options.c
548
549 int dccp_insert_options(struct sock *sk, struct sk_buff *skb)
550 {
551 struct dccp_sock *dp = dccp_sk(sk);
552 struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec;
553 struct dccp_ackvec_record *avr;
554
555 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
556
557 if (dp->dccps_send_ndp_count && dccp_insert_option_ndp(sk, skb))
558 return -1;
559
560 if (DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATA) {
561
562 /* Feature Negotiation */
563 if (dccp_feat_insert_opts(dp, NULL, skb))
564 return -1;
565
566 if (DCCP_SKB_CB(skb)->dccpd_type == DCCP_PKT_REQUEST) {
567 /*
568 * Obtain RTT sample from Request/Response exchange.
569 * This is currently used for TFRC initialisation.
570 */
571 if (dccp_insert_option_timestamp(skb))
572 return -1;
573
574 } else if (dccp_ackvec_pending(sk) &&
575 dccp_insert_option_ackvec(sk, skb)) {
576 return -1;
577 }
578 }
579
580 if (dp->dccps_hc_rx_insert_options) {
581 if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb))
582 goto delete_ackvec;
583 dp->dccps_hc_rx_insert_options = 0;
584 }
585
586 if (dp->dccps_timestamp_echo != 0 &&
587 dccp_insert_option_timestamp_echo(dp, NULL, skb))
588 goto delete_ackvec;
589
590 dccp_insert_option_padding(skb);
591 return 0;
592
593 delete_ackvec:
> 594 avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
595 list_del(&avr->avr_node);
596 kmem_cache_free(dccp_ackvec_record_slab, avr);
597 return -1;
598 }
599
Hi Hangyu,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on net-next/master]
[also build test ERROR on net/master horms-ipvs/master linus/master v6.2 next-20230221]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
patch link: https://lore.kernel.org/r/20230221092206.39741-1-hbh25y%40gmail.com
patch subject: [PATCH] net: dccp: delete redundant ackvec record in dccp_insert_options()
config: i386-randconfig-a013-20230220 (https://download.01.org/0day-ci/archive/20230222/202302220054.Y70E8KTB-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/ea44b55ba82bbe3f35b51212bf839f507a30b70b
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
git checkout ea44b55ba82bbe3f35b51212bf839f507a30b70b
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash net/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202302220054.Y70E8KTB-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/dccp/options.c:594:8: error: implicit declaration of function 'dccp_ackvec_lookup' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
^
net/dccp/options.c:594:6: warning: incompatible integer to pointer conversion assigning to 'struct dccp_ackvec_record *' from 'int' [-Wint-conversion]
avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> net/dccp/options.c:596:18: error: use of undeclared identifier 'dccp_ackvec_record_slab'; did you mean 'dccp_ackvec_clear_state'?
kmem_cache_free(dccp_ackvec_record_slab, avr);
^~~~~~~~~~~~~~~~~~~~~~~
dccp_ackvec_clear_state
net/dccp/ackvec.h:110:6: note: 'dccp_ackvec_clear_state' declared here
void dccp_ackvec_clear_state(struct dccp_ackvec *av, const u64 ackno);
^
1 warning and 2 errors generated.
vim +/dccp_ackvec_lookup +594 net/dccp/options.c
548
549 int dccp_insert_options(struct sock *sk, struct sk_buff *skb)
550 {
551 struct dccp_sock *dp = dccp_sk(sk);
552 struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec;
553 struct dccp_ackvec_record *avr;
554
555 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
556
557 if (dp->dccps_send_ndp_count && dccp_insert_option_ndp(sk, skb))
558 return -1;
559
560 if (DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATA) {
561
562 /* Feature Negotiation */
563 if (dccp_feat_insert_opts(dp, NULL, skb))
564 return -1;
565
566 if (DCCP_SKB_CB(skb)->dccpd_type == DCCP_PKT_REQUEST) {
567 /*
568 * Obtain RTT sample from Request/Response exchange.
569 * This is currently used for TFRC initialisation.
570 */
571 if (dccp_insert_option_timestamp(skb))
572 return -1;
573
574 } else if (dccp_ackvec_pending(sk) &&
575 dccp_insert_option_ackvec(sk, skb)) {
576 return -1;
577 }
578 }
579
580 if (dp->dccps_hc_rx_insert_options) {
581 if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb))
582 goto delete_ackvec;
583 dp->dccps_hc_rx_insert_options = 0;
584 }
585
586 if (dp->dccps_timestamp_echo != 0 &&
587 dccp_insert_option_timestamp_echo(dp, NULL, skb))
588 goto delete_ackvec;
589
590 dccp_insert_option_padding(skb);
591 return 0;
592
593 delete_ackvec:
> 594 avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
595 list_del(&avr->avr_node);
> 596 kmem_cache_free(dccp_ackvec_record_slab, avr);
597 return -1;
598 }
599
Hi Hangyu,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on net-next/master]
[also build test ERROR on net/master horms-ipvs/master linus/master v6.2 next-20230221]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
patch link: https://lore.kernel.org/r/20230221092206.39741-1-hbh25y%40gmail.com
patch subject: [PATCH] net: dccp: delete redundant ackvec record in dccp_insert_options()
config: s390-randconfig-r011-20230220 (https://download.01.org/0day-ci/archive/20230222/202302220153.QeW2n6o4-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project db89896bbbd2251fff457699635acbbedeead27f)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://github.com/intel-lab-lkp/linux/commit/ea44b55ba82bbe3f35b51212bf839f507a30b70b
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Hangyu-Hua/net-dccp-delete-redundant-ackvec-record-in-dccp_insert_options/20230221-172448
git checkout ea44b55ba82bbe3f35b51212bf839f507a30b70b
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 SHELL=/bin/bash net/dccp/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202302220153.QeW2n6o4-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from net/dccp/options.c:10:
In file included from include/linux/dccp.h:13:
In file included from include/net/inet_connection_sock.h:21:
In file included from include/net/inet_sock.h:19:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from net/dccp/options.c:10:
In file included from include/linux/dccp.h:13:
In file included from include/net/inet_connection_sock.h:21:
In file included from include/net/inet_sock.h:19:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from net/dccp/options.c:10:
In file included from include/linux/dccp.h:13:
In file included from include/net/inet_connection_sock.h:21:
In file included from include/net/inet_sock.h:19:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:28:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:692:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:700:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:708:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:717:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:726:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:735:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
>> net/dccp/options.c:594:8: error: call to undeclared function 'dccp_ackvec_lookup'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
^
>> net/dccp/options.c:594:6: error: incompatible integer to pointer conversion assigning to 'struct dccp_ackvec_record *' from 'int' [-Wint-conversion]
avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> net/dccp/options.c:596:18: error: use of undeclared identifier 'dccp_ackvec_record_slab'; did you mean 'dccp_ackvec_clear_state'?
kmem_cache_free(dccp_ackvec_record_slab, avr);
^~~~~~~~~~~~~~~~~~~~~~~
dccp_ackvec_clear_state
net/dccp/ackvec.h:110:6: note: 'dccp_ackvec_clear_state' declared here
void dccp_ackvec_clear_state(struct dccp_ackvec *av, const u64 ackno);
^
12 warnings and 3 errors generated.
vim +/dccp_ackvec_lookup +594 net/dccp/options.c
548
549 int dccp_insert_options(struct sock *sk, struct sk_buff *skb)
550 {
551 struct dccp_sock *dp = dccp_sk(sk);
552 struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec;
553 struct dccp_ackvec_record *avr;
554
555 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
556
557 if (dp->dccps_send_ndp_count && dccp_insert_option_ndp(sk, skb))
558 return -1;
559
560 if (DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATA) {
561
562 /* Feature Negotiation */
563 if (dccp_feat_insert_opts(dp, NULL, skb))
564 return -1;
565
566 if (DCCP_SKB_CB(skb)->dccpd_type == DCCP_PKT_REQUEST) {
567 /*
568 * Obtain RTT sample from Request/Response exchange.
569 * This is currently used for TFRC initialisation.
570 */
571 if (dccp_insert_option_timestamp(skb))
572 return -1;
573
574 } else if (dccp_ackvec_pending(sk) &&
575 dccp_insert_option_ackvec(sk, skb)) {
576 return -1;
577 }
578 }
579
580 if (dp->dccps_hc_rx_insert_options) {
581 if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb))
582 goto delete_ackvec;
583 dp->dccps_hc_rx_insert_options = 0;
584 }
585
586 if (dp->dccps_timestamp_echo != 0 &&
587 dccp_insert_option_timestamp_echo(dp, NULL, skb))
588 goto delete_ackvec;
589
590 dccp_insert_option_padding(skb);
591 return 0;
592
593 delete_ackvec:
> 594 avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq);
595 list_del(&avr->avr_node);
> 596 kmem_cache_free(dccp_ackvec_record_slab, avr);
597 return -1;
598 }
599
On 21/2/2023 20:46, Eric Dumazet wrote: > On Tue, Feb 21, 2023 at 10:22 AM Hangyu Hua <hbh25y@gmail.com> wrote: >> >> A useless record can be insert into av_records when dccp_insert_options() >> fails after dccp_insert_option_ackvec(). Repeated triggering may cause >> av_records to have a lot of useless record with the same avr_ack_seqno. >> >> Fixes: 8b7b6c75c638 ("dccp: Integrate feature-negotiation insertion code") >> Signed-off-by: Hangyu Hua <hbh25y@gmail.com> >> --- >> net/dccp/options.c | 12 ++++++++++-- >> 1 file changed, 10 insertions(+), 2 deletions(-) >> >> diff --git a/net/dccp/options.c b/net/dccp/options.c >> index d24cad05001e..8aa4abeb15ea 100644 >> --- a/net/dccp/options.c >> +++ b/net/dccp/options.c >> @@ -549,6 +549,8 @@ static void dccp_insert_option_padding(struct sk_buff *skb) >> int dccp_insert_options(struct sock *sk, struct sk_buff *skb) >> { >> struct dccp_sock *dp = dccp_sk(sk); >> + struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec; >> + struct dccp_ackvec_record *avr; >> >> DCCP_SKB_CB(skb)->dccpd_opt_len = 0; >> >> @@ -577,16 +579,22 @@ int dccp_insert_options(struct sock *sk, struct sk_buff *skb) >> >> if (dp->dccps_hc_rx_insert_options) { >> if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb)) >> - return -1; >> + goto delete_ackvec; >> dp->dccps_hc_rx_insert_options = 0; >> } >> >> if (dp->dccps_timestamp_echo != 0 && >> dccp_insert_option_timestamp_echo(dp, NULL, skb)) >> - return -1; >> + goto delete_ackvec; >> >> dccp_insert_option_padding(skb); >> return 0; >> + >> +delete_ackvec: >> + avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq); > > Why avr would be not NULL ? > >> + list_del(&avr->avr_node); >> + kmem_cache_free(dccp_ackvec_record_slab, avr); >> + return -1; >> } > > Are you really using DCCP and/or how have you tested this patch ? > > net/dccp/ackvec.c:15:static struct kmem_cache *dccp_ackvec_record_slab; > > I doubt this patch has been compiled. > > I would rather mark DCCP deprecated and stop trying to fix it. My bad. I will fix these problems. Thanks, Hangyu
diff --git a/net/dccp/options.c b/net/dccp/options.c index d24cad05001e..8aa4abeb15ea 100644 --- a/net/dccp/options.c +++ b/net/dccp/options.c @@ -549,6 +549,8 @@ static void dccp_insert_option_padding(struct sk_buff *skb) int dccp_insert_options(struct sock *sk, struct sk_buff *skb) { struct dccp_sock *dp = dccp_sk(sk); + struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec; + struct dccp_ackvec_record *avr; DCCP_SKB_CB(skb)->dccpd_opt_len = 0; @@ -577,16 +579,22 @@ int dccp_insert_options(struct sock *sk, struct sk_buff *skb) if (dp->dccps_hc_rx_insert_options) { if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb)) - return -1; + goto delete_ackvec; dp->dccps_hc_rx_insert_options = 0; } if (dp->dccps_timestamp_echo != 0 && dccp_insert_option_timestamp_echo(dp, NULL, skb)) - return -1; + goto delete_ackvec; dccp_insert_option_padding(skb); return 0; + +delete_ackvec: + avr = dccp_ackvec_lookup(&av->av_records, DCCP_SKB_CB(skb)->dccpd_seq); + list_del(&avr->avr_node); + kmem_cache_free(dccp_ackvec_record_slab, avr); + return -1; } int dccp_insert_options_rsk(struct dccp_request_sock *dreq, struct sk_buff *skb)
A useless record can be insert into av_records when dccp_insert_options() fails after dccp_insert_option_ackvec(). Repeated triggering may cause av_records to have a lot of useless record with the same avr_ack_seqno. Fixes: 8b7b6c75c638 ("dccp: Integrate feature-negotiation insertion code") Signed-off-by: Hangyu Hua <hbh25y@gmail.com> --- net/dccp/options.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)