lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202205031012.L7O6Uj9A-lkp@intel.com>
Date:   Tue, 3 May 2022 10:47:14 +0800
From:   kernel test robot <lkp@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org, Steve French <stfrench@...rosoft.com>
Subject: [samba-ksmbd:for-next 17/26] fs/cifs/smb2ops.c:4961:7: warning:
 variable 'length' is used uninitialized whenever 'if' condition is false

tree:   git://git.samba.org/ksmbd.git for-next
head:   422ce10d22e2de32427ff611478747dd27af50f8
commit: fb82dff413832d7afbef54d40c2bd6828a0699a5 [17/26] cifs: Change the I/O paths to use an iterator rather than a page list
config: x86_64-randconfig-a011-20220502 (https://download.01.org/0day-ci/archive/20220503/202205031012.L7O6Uj9A-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 363b3a645a1e30011cc8da624f13dac5fd915628)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        git remote add samba-ksmbd git://git.samba.org/ksmbd.git
        git fetch --no-tags samba-ksmbd for-next
        git checkout fb82dff413832d7afbef54d40c2bd6828a0699a5
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash fs/cifs/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

>> fs/cifs/smb2ops.c:4961:7: warning: variable 'length' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
                   if (rdata->result != 0) {
                       ^~~~~~~~~~~~~~~~~~
   fs/cifs/smb2ops.c:4993:9: note: uninitialized use occurs here
           return length;
                  ^~~~~~
   fs/cifs/smb2ops.c:4961:3: note: remove the 'if' if its condition is always true
                   if (rdata->result != 0) {
                   ^~~~~~~~~~~~~~~~~~~~~~~~
   fs/cifs/smb2ops.c:4860:12: note: initialize the variable 'length' to silence this warning
           int length;
                     ^
                      = 0
   1 warning generated.


vim +4961 fs/cifs/smb2ops.c

c42a6abe3012832 Pavel Shilovsky    2016-11-17  4847  
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4848  static int
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4849  handle_read_data(struct TCP_Server_Info *server, struct mid_q_entry *mid,
fb82dff413832d7 David Howells      2022-01-24  4850  		 char *buf, unsigned int buf_len, struct xarray *pages,
fb82dff413832d7 David Howells      2022-01-24  4851  		 unsigned int pages_len, bool is_offloaded)
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4852  {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4853  	unsigned int data_offset;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4854  	unsigned int data_len;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4855  	unsigned int cur_off;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4856  	unsigned int cur_page_idx;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4857  	unsigned int pad_len;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4858  	struct cifs_readdata *rdata = mid->callback_data;
0d35e382e4e96a4 Ronnie Sahlberg    2021-11-05  4859  	struct smb2_hdr *shdr = (struct smb2_hdr *)buf;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4860  	int length;
74dcf418fe34465 Long Li            2017-11-22  4861  	bool use_rdma_mr = false;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4862  
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4863  	if (shdr->Command != SMB2_READ) {
3175eb9b577e82b Ronnie Sahlberg    2019-09-04  4864  		cifs_server_dbg(VFS, "only big read responses are supported\n");
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4865  		return -ENOTSUPP;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4866  	}
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4867  
511c54a2f69195b Pavel Shilovsky    2017-07-08  4868  	if (server->ops->is_session_expired &&
511c54a2f69195b Pavel Shilovsky    2017-07-08  4869  	    server->ops->is_session_expired(buf)) {
de9ac0a6e9efdff Rohith Surabattula 2020-10-28  4870  		if (!is_offloaded)
183eea2ee5ba968 Shyam Prasad N     2021-07-19  4871  			cifs_reconnect(server, true);
511c54a2f69195b Pavel Shilovsky    2017-07-08  4872  		return -1;
511c54a2f69195b Pavel Shilovsky    2017-07-08  4873  	}
511c54a2f69195b Pavel Shilovsky    2017-07-08  4874  
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4875  	if (server->ops->is_status_pending &&
66265f134acfb20 Pavel Shilovsky    2019-01-23  4876  			server->ops->is_status_pending(buf, server))
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4877  		return -1;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4878  
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4879  	/* set up first two iov to get credits */
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4880  	rdata->iov[0].iov_base = buf;
bb1bccb60c2ebd9 Pavel Shilovsky    2019-01-17  4881  	rdata->iov[0].iov_len = 0;
bb1bccb60c2ebd9 Pavel Shilovsky    2019-01-17  4882  	rdata->iov[1].iov_base = buf;
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4883  	rdata->iov[1].iov_len =
bb1bccb60c2ebd9 Pavel Shilovsky    2019-01-17  4884  		min_t(unsigned int, buf_len, server->vals->read_rsp_size);
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4885  	cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4886  		 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4887  	cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4888  		 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4889  
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4890  	rdata->result = server->ops->map_error(buf, true);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4891  	if (rdata->result != 0) {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4892  		cifs_dbg(FYI, "%s: server returned error %d\n",
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4893  			 __func__, rdata->result);
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4894  		/* normal error on read response */
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4895  		if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4896  			mid->mid_state = MID_RESPONSE_RECEIVED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4897  		else
ec678eae746dd25 Pavel Shilovsky    2019-01-18  4898  			dequeue_mid(mid, false);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4899  		return 0;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4900  	}
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4901  
1fc6ad2f10ad6f5 Ronnie Sahlberg    2018-06-01  4902  	data_offset = server->ops->read_data_offset(buf);
74dcf418fe34465 Long Li            2017-11-22  4903  #ifdef CONFIG_CIFS_SMB_DIRECT
74dcf418fe34465 Long Li            2017-11-22  4904  	use_rdma_mr = rdata->mr;
74dcf418fe34465 Long Li            2017-11-22  4905  #endif
74dcf418fe34465 Long Li            2017-11-22  4906  	data_len = server->ops->read_data_length(buf, use_rdma_mr);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4907  
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4908  	if (data_offset < server->vals->read_rsp_size) {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4909  		/*
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4910  		 * win2k8 sometimes sends an offset of 0 when the read
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4911  		 * is beyond the EOF. Treat it as if the data starts just after
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4912  		 * the header.
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4913  		 */
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4914  		cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4915  			 __func__, data_offset);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4916  		data_offset = server->vals->read_rsp_size;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4917  	} else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4918  		/* data_offset is beyond the end of smallbuf */
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4919  		cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4920  			 __func__, data_offset);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4921  		rdata->result = -EIO;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4922  		if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4923  			mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4924  		else
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4925  			dequeue_mid(mid, rdata->result);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4926  		return 0;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4927  	}
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4928  
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4929  	pad_len = data_offset - server->vals->read_rsp_size;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4930  
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4931  	if (buf_len <= data_offset) {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4932  		/* read response payload is in pages */
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4933  		cur_page_idx = pad_len / PAGE_SIZE;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4934  		cur_off = pad_len % PAGE_SIZE;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4935  
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4936  		if (cur_page_idx != 0) {
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4937  			/* data offset is beyond the 1st page of response */
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4938  			cifs_dbg(FYI, "%s: data offset (%u) beyond 1st page of response\n",
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4939  				 __func__, data_offset);
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4940  			rdata->result = -EIO;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4941  			if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4942  				mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4943  			else
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4944  				dequeue_mid(mid, rdata->result);
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4945  			return 0;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4946  		}
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4947  
fb82dff413832d7 David Howells      2022-01-24  4948  		if (data_len > pages_len - pad_len) {
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4949  			/* data_len is corrupt -- discard frame */
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4950  			rdata->result = -EIO;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4951  			if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4952  				mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4953  			else
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4954  				dequeue_mid(mid, rdata->result);
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4955  			return 0;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4956  		}
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4957  
fb82dff413832d7 David Howells      2022-01-24  4958  		/* Copy the data to the output I/O iterator. */
fb82dff413832d7 David Howells      2022-01-24  4959  		rdata->result = cifs_copy_pages_to_iter(pages, pages_len,
fb82dff413832d7 David Howells      2022-01-24  4960  							cur_off, &rdata->iter);
c42a6abe3012832 Pavel Shilovsky    2016-11-17 @4961  		if (rdata->result != 0) {
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4962  			if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4963  				mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4964  			else
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4965  				dequeue_mid(mid, rdata->result);
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4966  			return 0;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4967  		}
fb82dff413832d7 David Howells      2022-01-24  4968  		rdata->got_bytes = pages_len;
c42a6abe3012832 Pavel Shilovsky    2016-11-17  4969  
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4970  	} else if (buf_len >= data_offset + data_len) {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4971  		/* read response payload is in buf */
fb82dff413832d7 David Howells      2022-01-24  4972  		WARN_ONCE(pages && !xa_empty(pages),
fb82dff413832d7 David Howells      2022-01-24  4973  			  "read data can be either in buf or in pages");
fb82dff413832d7 David Howells      2022-01-24  4974  		length = copy_to_iter(buf + data_offset, data_len, &rdata->iter);
fb82dff413832d7 David Howells      2022-01-24  4975  		if (length < 0)
fb82dff413832d7 David Howells      2022-01-24  4976  			return length;
fb82dff413832d7 David Howells      2022-01-24  4977                 rdata->got_bytes = data_len;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4978  	} else {
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4979  		/* read response payload cannot be in both buf and pages */
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4980  		WARN_ONCE(1, "buf can not contain only a part of read data");
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4981  		rdata->result = -EIO;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4982  		if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4983  			mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4984  		else
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4985  			dequeue_mid(mid, rdata->result);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4986  		return 0;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4987  	}
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4988  
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4989  	if (is_offloaded)
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4990  		mid->mid_state = MID_RESPONSE_RECEIVED;
ac873aa3dc21707 Rohith Surabattula 2020-10-29  4991  	else
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4992  		dequeue_mid(mid, false);
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4993  	return length;
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4994  }
4326ed2f6a16ae9 Pavel Shilovsky    2016-11-17  4995  

:::::: The code at line 4961 was first introduced by commit
:::::: c42a6abe3012832a68a371dabe17c2ced97e62ad CIFS: Add capability to decrypt big read responses

:::::: TO: Pavel Shilovsky <pshilov@...rosoft.com>
:::::: CC: Steve French <smfrench@...il.com>

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ