On Thu, Nov 17, 2022 at 02:49:55PM -0800, Eric Dumazet wrote: > On Thu, Nov 17, 2022 at 2:22 PM coverity-bot <keescook@xxxxxxxxxxxx> wrote: > > > > Hello! > > > > This is an experimental semi-automated report about issues detected by > > Coverity from a scan of next-20221117 as part of the linux-next scan project: > > https://scan.coverity.com/projects/linux-next-weekly-scan > > > > You're getting this email because you were associated with the identified > > lines of code (noted below) that were touched by commits: > > > > Wed Nov 16 12:42:01 2022 +0000 > > 4ebf802cf1c6 ("net: __sock_gen_cookie() cleanup") > > > > Coverity reported the following: > > > > *** CID 1527347: Error handling issues (CHECKED_RETURN) > > net/core/sock_diag.c:33 in __sock_gen_cookie() > > 27 { > > 28 u64 res = atomic64_read(&sk->sk_cookie); > > 29 > > 30 if (!res) { > > 31 u64 new = gen_cookie_next(&sock_cookie); > > 32 > > vvv CID 1527347: Error handling issues (CHECKED_RETURN) > > vvv Calling "atomic64_try_cmpxchg" without checking return value (as is done elsewhere 8 out of 9 times). > > 33 atomic64_try_cmpxchg(&sk->sk_cookie, &res, new); > > > Hmmm. for some reason I thought @res was always updated... > > A fix would be to read sk->sk_cookie, but I guess your tool will still > complain we do not care > of atomic64_try_cmpxchg() return value ? > > diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c > index b11593cae5a09b15a10d6ba35bccc22263cb8fc8..58efb9c1c8dd4f8e5a3009a0176e1b96487daaff > 100644 > --- a/net/core/sock_diag.c > +++ b/net/core/sock_diag.c > @@ -31,6 +31,10 @@ u64 __sock_gen_cookie(struct sock *sk) > u64 new = gen_cookie_next(&sock_cookie); > > atomic64_try_cmpxchg(&sk->sk_cookie, &res, new); > + /* Another cpu/thread might have won the race, > + * reload the final value. > + */ > + res = atomic64_read(&sk->sk_cookie); > } > return res; > } I think it's saying it was expecting an update loop -- i.e. to make sure the value actually got swapped (the "try" part...)? -- Kees Cook
