> -----Original Message-----
> From: David Miller <da...@davemloft.net>
> Sent: Friday, December 21, 2018 10:39 PM
> To: Vakul Garg <vakul.g...@nxp.com>
> Cc: netdev@vger.kernel.org; bor...@mellanox.com;
> avia...@mellanox.com; davejwat...@fb.com; doro...@fb.com
> Subject: Re: [PATCH net-next] tls: Do not call sk_memcopy_from_iter with
> zero length
>
> From: Vakul Garg <vakul.g...@nxp.com>
> Date: Fri, 21 Dec 2018 15:16:52 +0000
>
> > @@ -943,10 +943,12 @@ int tls_sw_sendmsg(struct sock *sk, struct
> msghdr *msg, size_t size)
> > tls_ctx->tx.overhead_size);
> > }
> >
> > - ret = sk_msg_memcopy_from_iter(sk, &msg->msg_iter,
> msg_pl,
> > - try_to_copy);
> > - if (ret < 0)
> > - goto trim_sgl;
> > + if (try_to_copy) {
> > + ret = sk_msg_memcopy_from_iter(sk, &msg-
> >msg_iter,
> > + msg_pl, try_to_copy);
> > + if (ret < 0)
> > + goto trim_sgl;
> > + }
>
> This leaves 'ret' uninitialized, and the code below here uses it's value.
The variable 'ret' is already set to the return value of
tls_clone_plaintext_msg().
In case try_to_copy != 0, the value of 'ret' is overwritten with return value
of sk_msg_memcopy_from_iter().
In case try_to_copy == 0, the value of 'ret' remains same as the one set to
return value of tls_clone_plaintext_msg().
Subsequently, 'if (full_record || eor)' does not fufill, we continue and do not
read 'ret'.
If 'if (full_record || eor)' evaluates true, value of ret is overwritten by
return value of bpf_exec_tx_verdict().
So I do not find the problem.
Kindly advise if I am missing your point.
