Public bug reported:
SRU Justification
=================
Coverity reports:
*** CID 1464330: Uninitialized variables (MISSING_RETURN)
/arch/x86/net/bpf_jit_comp.c: 1088 in bpf_int_jit_compile()
1082 int i;
1083 1084 if (!bpf_jit_enable)
1085 return prog;
1086 1087 if (!prog || !prog->len)
>>> CID 1464330: Uninitialized variables (MISSING_RETURN)
>>> Arriving at the end of a function without returning a value.
1088 return;
1089 1090 addrs = kmalloc(prog->len * sizeof(*addrs), GFP_KERNEL);
1091 if (!addrs)
1092 return prog;
1093
This is a result of 3098d8eae421 ("bpf: prepare
bpf_int_jit_compile/bpf_prog_select_runtime apis"), which is a cherry-
pick of d1c55ab5e41f upstream. In that patch, the return type of
bpf_int_jit_compile was changed from void to struct bpf_prog*. That
patch changed some of the return statements.
It did not, however, change the return statement of the (!prog ||
!prog->len) check, as in upstream the (!prog || !prog->len) check was
dropped in 93a73d442d37 ("bpf, x86/arm64: remove useless checks on
prog"):
"""
There is never such a situation, where bpf_int_jit_compile() is
called with either prog as NULL or len as 0, so the tests are
unnecessary and confusing as people would just copy them.
"""
However, we haven't picked up 93a73d442d37, so when we cherry-picked
d1c55ab5e41f, that branch remained unmodified, hence the static analysis
warning.
Impact
======
If the branch is not dead and someone can hit it, an undefined value can
be returned, which could cause issues.
Fix
===
For consistency and in case the branch is not actually dead on Xenial,
we should do a fixup to 'return prog;'
Regression Potential
====================
Limited to the BPF jit which is off by default.
Limited to a branch that should be dead code anyway.
Limited to an error handling path.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Confirmed
** Description changed:
+ SRU Justification
+ =================
+
Coverity reports:
*** CID 1464330: Uninitialized variables (MISSING_RETURN)
/arch/x86/net/bpf_jit_comp.c: 1088 in bpf_int_jit_compile()
1082 int i;
1083 1084 if (!bpf_jit_enable)
1085 return prog;
1086 1087 if (!prog || !prog->len)
>>> CID 1464330: Uninitialized variables (MISSING_RETURN)
>>> Arriving at the end of a function without returning a value.
1088 return;
1089 1090 addrs = kmalloc(prog->len * sizeof(*addrs),
GFP_KERNEL);
1091 if (!addrs)
1092 return prog;
1093
This is a result of 3098d8eae421 ("bpf: prepare
bpf_int_jit_compile/bpf_prog_select_runtime apis"), which is a cherry-
pick of d1c55ab5e41f upstream. In that patch, the return type of
bpf_int_jit_compile was changed from void to struct bpf_prog*. That
patch changed some of the return statements.
It did not, however, change the return statement of the (!prog ||
!prog->len) check, as in upstream the (!prog || !prog->len) check was
dropped in 93a73d442d37 ("bpf, x86/arm64: remove useless checks on
prog"):
"""
There is never such a situation, where bpf_int_jit_compile() is
called with either prog as NULL or len as 0, so the tests are
unnecessary and confusing as people would just copy them.
"""
However, we haven't picked up 93a73d442d37, so when we cherry-picked
d1c55ab5e41f, that branch remained unmodified, hence the static analysis
warning.
Impact
======
If the branch is not dead and someone can hit it, an undefined value can
be returned, which could cause issues.
Fix
===
For consistency and in case the branch is not actually dead on Xenial,
we should do a fixup to 'return prog;'
Regression Potential
====================
Limited to the BPF jit which is off by default.
Limited to a branch that should be dead code anyway.
Limited to an error handling path.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745364
Title:
x86/net/bpf: return statement missing value
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1745364/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
