From patchwork Wed Aug 31 12:39:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 101891 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp314038qga; Wed, 31 Aug 2016 05:39:50 -0700 (PDT) X-Received: by 10.202.93.213 with SMTP id r204mr9193787oib.81.1472647190480; Wed, 31 Aug 2016 05:39:50 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s7si36781473ots.128.2016.08.31.05.39.49; Wed, 31 Aug 2016 05:39:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934124AbcHaMjp (ORCPT + 27 others); Wed, 31 Aug 2016 08:39:45 -0400 Received: from mout.kundenserver.de ([212.227.126.187]:62299 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932687AbcHaMjn (ORCPT ); Wed, 31 Aug 2016 08:39:43 -0400 Received: from wuerfel.lan. ([176.7.54.107]) by mrelayeu.kundenserver.de (mreue005) with ESMTPA (Nemesis) id 0MKdiF-1bdi1T2wD9-0020cp; Wed, 31 Aug 2016 14:39:33 +0200 From: Arnd Bergmann To: "David S. Miller" , David Howells Cc: netdev@vger.kernel.org, Arnd Bergmann , linux-kernel@vger.kernel.org Subject: [PATCH 2/2] rxrpc: fix undefined behavior in rxrpc_mark_call_released Date: Wed, 31 Aug 2016 14:39:02 +0200 Message-Id: <20160831123911.3467676-2-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20160831123911.3467676-1-arnd@arndb.de> References: <20160831123911.3467676-1-arnd@arndb.de> X-Provags-ID: V03:K0:2mnR79RaZIqd9DpdpqUhmDfT6c55ei6me7RmdE4HXAuTwN93nD3 y8+ONSCKAAwIcvdzuQgMGLeWOksrXAPmGukLWoLYvoOB/e2coOjebYHHBTdhcRAG/2GuIEA 9NYZJDygNlWeOUlzpsKxPp2ABPUvUc87jnmdsTPcVabokpscBasrCg5J3YyWzailzhBOsuh Du/uQ1gLQFEyX2fIsCQgw== X-UI-Out-Filterresults: notjunk:1; V01:K0:MpB7eCQY70Y=:uOGkwlpKQVZ70pWI9BgFdt foU+pmWQLqi4LuC2Gg0MruwJlThZsFhpLUuKWB6w/ic1xJBakpOpCJoutMLdsQlB9wL+xzeKw ZvH4KaWlzBLc0KAUawXCvdy3l3GoDtQ7s/Sm/hJoU7wCdfsaEXpA3F4Vr/k+ZysNPpyN4A9Uo AImXcBClKfDetocKvtBshAzgcyLRlZmPAbDcXbwMlqT0zIZnrs4u8yZQKK+yYQ0STGHs22DtX g2YW9j9nhmbuWZQE1r1/GSU3Wgt8GYgK+APF9rbNB9mZLrxaQO5WYKeDZZmSi9DQbRnSTlVkL hcEP48d1Scai9okhWkPYsuQqntr9J+keCqBCxeIhfG667Lp2Cgb+FBBIGIxabOQcD9O7He1TJ CrEaoyKfoT/kRil4cDw60y5xEvpsfxZaKb949t966AS3rQ7KkU74ykHsYA9uI0XABcidwbmCb olCNJ31dXFHs+KMy8KzVwc7yi0lASplkqKIzlcrwGzuS8JpDlGAM+BSnr2RtfeaxtceVY7bfY 9td8glLWXDRyuBYchhjtNtBlDAyOaQZlzbMrxsJU+oOPm2ll50cl45oaxRbp0zHWp64Jm5Pqg oHDHEJ7gymWo8stARzqgzv/KL/M92arRVNV581Vhfa2XaD2yPpWxh9qwlNa8u32sUVPhyVDXv 4mAWAEJhHCSgRMp279GnseI89WuxmIJC/Fwlc8ZWXqqfYTpryoqnDW4eNV+HdEysdKng= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gcc -Wmaybe-initialized correctly points out a newly introduced bug through which we can end up calling rxrpc_queue_call() for a dead connection: net/rxrpc/call_object.c: In function 'rxrpc_mark_call_released': net/rxrpc/call_object.c:600:5: error: 'sched' may be used uninitialized in this function [-Werror=maybe-uninitialized] This sets the 'sched' variable to zero to restore the previous behavior. Signed-off-by: Arnd Bergmann Fixes: f5c17aaeb2ae ("rxrpc: Calls should only have one terminal state") --- net/rxrpc/call_object.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.9.0 diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index 104ee8b1de06..2daec1eaec6f 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -595,6 +595,8 @@ static void rxrpc_mark_call_released(struct rxrpc_call *call) sched = __rxrpc_abort_call(call, RX_CALL_DEAD, ECONNRESET); if (!test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events)) sched = true; + } else { + sched = 0; } write_unlock(&call->state_lock); if (sched)