| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 10:34:59 +0800
From: kernel test robot <yujie.liu@...el.com>
To: David Howells <dhowells@...hat.com>
CC: <llvm@...ts.linux.dev>, <kbuild-all@...ts.01.org>,
GNU/Weeb Mailing List <gwml@...r.gnuweeb.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [ammarfaizi2-block:dhowells/linux-fs/cifs-netfs 5/41]
fs/cifs/smb2ops.c:4995:2: warning: Undefined or garbage value returned to
caller [clang-analyzer-core.uninitialized.UndefReturn]
tree: https://github.com/ammarfaizi2/linux-block dhowells/linux-fs/cifs-netfs
head: 1fc71b6b30f6d2a981c163b77c9aee0aecaecb29
commit: 36c9de734b21b4bc60b7ee86228659d416d53470 [5/41] cifs: Change the I/O paths to use an iterator rather than a page list
config: x86_64-randconfig-c007 (https://download.01.org/0day-ci/archive/20220601/202206010953.pjbFFc6d-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0fbe3f3f486e01448121f7931a4ca29fac1504ab)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/ammarfaizi2/linux-block/commit/36c9de734b21b4bc60b7ee86228659d416d53470
git remote add ammarfaizi2-block https://github.com/ammarfaizi2/linux-block
git fetch --no-tags ammarfaizi2-block dhowells/linux-fs/cifs-netfs
git checkout 36c9de734b21b4bc60b7ee86228659d416d53470
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <yujie.liu@...el.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> fs/cifs/smb2ops.c:4995:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
return length;
^ ~~~~~~
vim +4995 fs/cifs/smb2ops.c
c42a6abe301283 Pavel Shilovsky 2016-11-17 4849
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4850 static int
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4851 handle_read_data(struct TCP_Server_Info *server, struct mid_q_entry *mid,
36c9de734b21b4 David Howells 2022-01-24 4852 char *buf, unsigned int buf_len, struct xarray *pages,
36c9de734b21b4 David Howells 2022-01-24 4853 unsigned int pages_len, bool is_offloaded)
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4854 {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4855 unsigned int data_offset;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4856 unsigned int data_len;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4857 unsigned int cur_off;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4858 unsigned int cur_page_idx;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4859 unsigned int pad_len;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4860 struct cifs_readdata *rdata = mid->callback_data;
0d35e382e4e96a Ronnie Sahlberg 2021-11-05 4861 struct smb2_hdr *shdr = (struct smb2_hdr *)buf;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 @4862 int length;
74dcf418fe3446 Long Li 2017-11-22 4863 bool use_rdma_mr = false;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4864
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4865 if (shdr->Command != SMB2_READ) {
3175eb9b577e82 Ronnie Sahlberg 2019-09-04 4866 cifs_server_dbg(VFS, "only big read responses are supported\n");
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4867 return -ENOTSUPP;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4868 }
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4869
511c54a2f69195 Pavel Shilovsky 2017-07-08 4870 if (server->ops->is_session_expired &&
511c54a2f69195 Pavel Shilovsky 2017-07-08 4871 server->ops->is_session_expired(buf)) {
de9ac0a6e9efdf Rohith Surabattula 2020-10-28 4872 if (!is_offloaded)
183eea2ee5ba96 Shyam Prasad N 2021-07-19 4873 cifs_reconnect(server, true);
511c54a2f69195 Pavel Shilovsky 2017-07-08 4874 return -1;
511c54a2f69195 Pavel Shilovsky 2017-07-08 4875 }
511c54a2f69195 Pavel Shilovsky 2017-07-08 4876
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4877 if (server->ops->is_status_pending &&
66265f134acfb2 Pavel Shilovsky 2019-01-23 4878 server->ops->is_status_pending(buf, server))
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4879 return -1;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4880
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4881 /* set up first two iov to get credits */
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4882 rdata->iov[0].iov_base = buf;
bb1bccb60c2ebd Pavel Shilovsky 2019-01-17 4883 rdata->iov[0].iov_len = 0;
bb1bccb60c2ebd Pavel Shilovsky 2019-01-17 4884 rdata->iov[1].iov_base = buf;
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4885 rdata->iov[1].iov_len =
bb1bccb60c2ebd Pavel Shilovsky 2019-01-17 4886 min_t(unsigned int, buf_len, server->vals->read_rsp_size);
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4887 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4888 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4889 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4890 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4891
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4892 rdata->result = server->ops->map_error(buf, true);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4893 if (rdata->result != 0) {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4894 cifs_dbg(FYI, "%s: server returned error %d\n",
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4895 __func__, rdata->result);
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4896 /* normal error on read response */
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4897 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4898 mid->mid_state = MID_RESPONSE_RECEIVED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4899 else
ec678eae746dd2 Pavel Shilovsky 2019-01-18 4900 dequeue_mid(mid, false);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4901 return 0;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4902 }
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4903
1fc6ad2f10ad6f Ronnie Sahlberg 2018-06-01 4904 data_offset = server->ops->read_data_offset(buf);
74dcf418fe3446 Long Li 2017-11-22 4905 #ifdef CONFIG_CIFS_SMB_DIRECT
74dcf418fe3446 Long Li 2017-11-22 4906 use_rdma_mr = rdata->mr;
74dcf418fe3446 Long Li 2017-11-22 4907 #endif
74dcf418fe3446 Long Li 2017-11-22 4908 data_len = server->ops->read_data_length(buf, use_rdma_mr);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4909
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4910 if (data_offset < server->vals->read_rsp_size) {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4911 /*
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4912 * win2k8 sometimes sends an offset of 0 when the read
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4913 * is beyond the EOF. Treat it as if the data starts just after
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4914 * the header.
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4915 */
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4916 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4917 __func__, data_offset);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4918 data_offset = server->vals->read_rsp_size;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4919 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4920 /* data_offset is beyond the end of smallbuf */
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4921 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4922 __func__, data_offset);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4923 rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4924 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4925 mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4926 else
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4927 dequeue_mid(mid, rdata->result);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4928 return 0;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4929 }
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4930
c42a6abe301283 Pavel Shilovsky 2016-11-17 4931 pad_len = data_offset - server->vals->read_rsp_size;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4932
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4933 if (buf_len <= data_offset) {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4934 /* read response payload is in pages */
c42a6abe301283 Pavel Shilovsky 2016-11-17 4935 cur_page_idx = pad_len / PAGE_SIZE;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4936 cur_off = pad_len % PAGE_SIZE;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4937
c42a6abe301283 Pavel Shilovsky 2016-11-17 4938 if (cur_page_idx != 0) {
c42a6abe301283 Pavel Shilovsky 2016-11-17 4939 /* data offset is beyond the 1st page of response */
c42a6abe301283 Pavel Shilovsky 2016-11-17 4940 cifs_dbg(FYI, "%s: data offset (%u) beyond 1st page of response\n",
c42a6abe301283 Pavel Shilovsky 2016-11-17 4941 __func__, data_offset);
c42a6abe301283 Pavel Shilovsky 2016-11-17 4942 rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4943 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4944 mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4945 else
c42a6abe301283 Pavel Shilovsky 2016-11-17 4946 dequeue_mid(mid, rdata->result);
c42a6abe301283 Pavel Shilovsky 2016-11-17 4947 return 0;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4948 }
c42a6abe301283 Pavel Shilovsky 2016-11-17 4949
36c9de734b21b4 David Howells 2022-01-24 4950 if (data_len > pages_len - pad_len) {
c42a6abe301283 Pavel Shilovsky 2016-11-17 4951 /* data_len is corrupt -- discard frame */
c42a6abe301283 Pavel Shilovsky 2016-11-17 4952 rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4953 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4954 mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4955 else
c42a6abe301283 Pavel Shilovsky 2016-11-17 4956 dequeue_mid(mid, rdata->result);
c42a6abe301283 Pavel Shilovsky 2016-11-17 4957 return 0;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4958 }
c42a6abe301283 Pavel Shilovsky 2016-11-17 4959
36c9de734b21b4 David Howells 2022-01-24 4960 /* Copy the data to the output I/O iterator. */
36c9de734b21b4 David Howells 2022-01-24 4961 rdata->result = cifs_copy_pages_to_iter(pages, pages_len,
36c9de734b21b4 David Howells 2022-01-24 4962 cur_off, &rdata->iter);
c42a6abe301283 Pavel Shilovsky 2016-11-17 4963 if (rdata->result != 0) {
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4964 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4965 mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4966 else
c42a6abe301283 Pavel Shilovsky 2016-11-17 4967 dequeue_mid(mid, rdata->result);
c42a6abe301283 Pavel Shilovsky 2016-11-17 4968 return 0;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4969 }
36c9de734b21b4 David Howells 2022-01-24 4970 rdata->got_bytes = pages_len;
c42a6abe301283 Pavel Shilovsky 2016-11-17 4971
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4972 } else if (buf_len >= data_offset + data_len) {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4973 /* read response payload is in buf */
36c9de734b21b4 David Howells 2022-01-24 4974 WARN_ONCE(pages && !xa_empty(pages),
36c9de734b21b4 David Howells 2022-01-24 4975 "read data can be either in buf or in pages");
36c9de734b21b4 David Howells 2022-01-24 4976 length = copy_to_iter(buf + data_offset, data_len, &rdata->iter);
36c9de734b21b4 David Howells 2022-01-24 4977 if (length < 0)
36c9de734b21b4 David Howells 2022-01-24 4978 return length;
36c9de734b21b4 David Howells 2022-01-24 4979 rdata->got_bytes = data_len;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4980 } else {
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4981 /* read response payload cannot be in both buf and pages */
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4982 WARN_ONCE(1, "buf can not contain only a part of read data");
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4983 rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4984 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4985 mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4986 else
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4987 dequeue_mid(mid, rdata->result);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4988 return 0;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4989 }
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4990
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4991 if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4992 mid->mid_state = MID_RESPONSE_RECEIVED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29 4993 else
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4994 dequeue_mid(mid, false);
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 @4995 return length;
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4996 }
4326ed2f6a16ae Pavel Shilovsky 2016-11-17 4997
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists