Arnd Bergmann <a...@arndb.de> wrote:
> A change to the retransmission handling in rxrpc caused a use-before-init
> bug in rxrpc_data_ready(), as indicated by "gcc -Wmaybe-uninitialized":
>
> net/rxrpc/input.c: In function 'rxrpc_data_ready':
> net/rxrpc/input.c:735:34: error: 'call' may be used uninitialized in this
> function [-Werror=maybe-uninitialized]
>
> This moves the initialization of the local variable before the first
> user, which presumably is what was intended here.
>
> Signed-off-by: Arnd Bergmann <a...@arndb.de>
> Fixes: 18bfeba50dfd ("rxrpc: Perform terminal call ACK/ABORT retransmission
> from conn processor")
> ---
> Cc: David Howells <dhowe...@redhat.com>
> Cc: "David S. Miller" <da...@davemloft.net>
> Cc: netdev@vger.kernel.org
>
> net/rxrpc/input.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
> index 66cdeb56f44f..3c22e43a58fd 100644
> --- a/net/rxrpc/input.c
> +++ b/net/rxrpc/input.c
> @@ -728,6 +728,10 @@ void rxrpc_data_ready(struct sock *sk)
> if (sp->hdr.callNumber < chan->last_call)
> goto discard_unlock;
>
> + call = rcu_dereference(chan->call);
> + if (!call || atomic_read(&call->usage) == 0)
> + goto cant_route_call;
> +
> if (sp->hdr.callNumber == chan->last_call) {
> /* For the previous service call, if completed
> * successfully, we discard all further packets.
> @@ -744,10 +748,6 @@ void rxrpc_data_ready(struct sock *sk)
> goto out_unlock;
> }
>
> - call = rcu_dereference(chan->call);
> - if (!call || atomic_read(&call->usage) == 0)
> - goto cant_route_call;
> -
> rxrpc_post_packet_to_call(call, skb);
> goto out_unlock;
> }
You can't rearrange these like this. I have a different fix.
David
