| 2018-01-25 12:41:03 |
Daniel Axtens |
description |
Coverity reports:
*** CID 1464330: Uninitialized variables (MISSING_RETURN)
/arch/x86/net/bpf_jit_comp.c: 1088 in bpf_int_jit_compile()
1082 int i;
1083 1084 if (!bpf_jit_enable)
1085 return prog;
1086 1087 if (!prog || !prog->len)
>>> CID 1464330: Uninitialized variables (MISSING_RETURN)
>>> Arriving at the end of a function without returning a value.
1088 return;
1089 1090 addrs = kmalloc(prog->len * sizeof(*addrs), GFP_KERNEL);
1091 if (!addrs)
1092 return prog;
1093
This is a result of 3098d8eae421 ("bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis"), which is a cherry-pick of d1c55ab5e41f upstream. In that patch, the return type of bpf_int_jit_compile was changed from void to struct bpf_prog*. That patch changed some of the return statements.
It did not, however, change the return statement of the (!prog || !prog->len) check, as in upstream the (!prog || !prog->len) check was dropped in 93a73d442d37 ("bpf, x86/arm64: remove useless checks on prog"):
"""
There is never such a situation, where bpf_int_jit_compile() is
called with either prog as NULL or len as 0, so the tests are
unnecessary and confusing as people would just copy them.
"""
However, we haven't picked up 93a73d442d37, so when we cherry-picked d1c55ab5e41f, that branch remained unmodified, hence the static analysis warning.
Impact
======
If the branch is not dead and someone can hit it, an undefined value can be returned, which could cause issues.
Fix
===
For consistency and in case the branch is not actually dead on Xenial, we should do a fixup to 'return prog;'
Regression Potential
====================
Limited to the BPF jit which is off by default.
Limited to a branch that should be dead code anyway.
Limited to an error handling path. |
SRU Justification
=================
Coverity reports:
*** CID 1464330: Uninitialized variables (MISSING_RETURN)
/arch/x86/net/bpf_jit_comp.c: 1088 in bpf_int_jit_compile()
1082 int i;
1083 1084 if (!bpf_jit_enable)
1085 return prog;
1086 1087 if (!prog || !prog->len)
>>> CID 1464330: Uninitialized variables (MISSING_RETURN)
>>> Arriving at the end of a function without returning a value.
1088 return;
1089 1090 addrs = kmalloc(prog->len * sizeof(*addrs), GFP_KERNEL);
1091 if (!addrs)
1092 return prog;
1093
This is a result of 3098d8eae421 ("bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis"), which is a cherry-pick of d1c55ab5e41f upstream. In that patch, the return type of bpf_int_jit_compile was changed from void to struct bpf_prog*. That patch changed some of the return statements.
It did not, however, change the return statement of the (!prog || !prog->len) check, as in upstream the (!prog || !prog->len) check was dropped in 93a73d442d37 ("bpf, x86/arm64: remove useless checks on prog"):
"""
There is never such a situation, where bpf_int_jit_compile() is
called with either prog as NULL or len as 0, so the tests are
unnecessary and confusing as people would just copy them.
"""
However, we haven't picked up 93a73d442d37, so when we cherry-picked d1c55ab5e41f, that branch remained unmodified, hence the static analysis warning.
Impact
======
If the branch is not dead and someone can hit it, an undefined value can be returned, which could cause issues.
Fix
===
For consistency and in case the branch is not actually dead on Xenial, we should do a fixup to 'return prog;'
Regression Potential
====================
Limited to the BPF jit which is off by default.
Limited to a branch that should be dead code anyway.
Limited to an error handling path. |
|
