lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <bde8f635-f9c7-dd5c-0f66-c18e71a17b1a@intel.com>
Date:   Tue, 7 Jun 2022 10:34:59 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     David Howells <dhowells@...hat.com>
CC:     <llvm@...ts.linux.dev>, <kbuild-all@...ts.01.org>,
        GNU/Weeb Mailing List <gwml@...r.gnuweeb.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [ammarfaizi2-block:dhowells/linux-fs/cifs-netfs 5/41]
 fs/cifs/smb2ops.c:4995:2: warning: Undefined or garbage value returned to
 caller [clang-analyzer-core.uninitialized.UndefReturn]

tree:   https://github.com/ammarfaizi2/linux-block dhowells/linux-fs/cifs-netfs
head:   1fc71b6b30f6d2a981c163b77c9aee0aecaecb29
commit: 36c9de734b21b4bc60b7ee86228659d416d53470 [5/41] cifs: Change the I/O paths to use an iterator rather than a page list
config: x86_64-randconfig-c007 (https://download.01.org/0day-ci/archive/20220601/202206010953.pjbFFc6d-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0fbe3f3f486e01448121f7931a4ca29fac1504ab)
reproduce (this is a W=1 build):
         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
         chmod +x ~/bin/make.cross
         # https://github.com/ammarfaizi2/linux-block/commit/36c9de734b21b4bc60b7ee86228659d416d53470
         git remote add ammarfaizi2-block https://github.com/ammarfaizi2/linux-block
         git fetch --no-tags ammarfaizi2-block dhowells/linux-fs/cifs-netfs
         git checkout 36c9de734b21b4bc60b7ee86228659d416d53470
         # save the config file
         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <yujie.liu@...el.com>


clang-analyzer warnings: (new ones prefixed by >>)

 >> fs/cifs/smb2ops.c:4995:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
            return length;
            ^      ~~~~~~

vim +4995 fs/cifs/smb2ops.c

c42a6abe301283 Pavel Shilovsky    2016-11-17  4849
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4850  static int
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4851  handle_read_data(struct TCP_Server_Info *server, struct mid_q_entry *mid,
36c9de734b21b4 David Howells      2022-01-24  4852  		 char *buf, unsigned int buf_len, struct xarray *pages,
36c9de734b21b4 David Howells      2022-01-24  4853  		 unsigned int pages_len, bool is_offloaded)
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4854  {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4855  	unsigned int data_offset;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4856  	unsigned int data_len;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4857  	unsigned int cur_off;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4858  	unsigned int cur_page_idx;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4859  	unsigned int pad_len;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4860  	struct cifs_readdata *rdata = mid->callback_data;
0d35e382e4e96a Ronnie Sahlberg    2021-11-05  4861  	struct smb2_hdr *shdr = (struct smb2_hdr *)buf;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17 @4862  	int length;
74dcf418fe3446 Long Li            2017-11-22  4863  	bool use_rdma_mr = false;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4864
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4865  	if (shdr->Command != SMB2_READ) {
3175eb9b577e82 Ronnie Sahlberg    2019-09-04  4866  		cifs_server_dbg(VFS, "only big read responses are supported\n");
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4867  		return -ENOTSUPP;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4868  	}
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4869
511c54a2f69195 Pavel Shilovsky    2017-07-08  4870  	if (server->ops->is_session_expired &&
511c54a2f69195 Pavel Shilovsky    2017-07-08  4871  	    server->ops->is_session_expired(buf)) {
de9ac0a6e9efdf Rohith Surabattula 2020-10-28  4872  		if (!is_offloaded)
183eea2ee5ba96 Shyam Prasad N     2021-07-19  4873  			cifs_reconnect(server, true);
511c54a2f69195 Pavel Shilovsky    2017-07-08  4874  		return -1;
511c54a2f69195 Pavel Shilovsky    2017-07-08  4875  	}
511c54a2f69195 Pavel Shilovsky    2017-07-08  4876
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4877  	if (server->ops->is_status_pending &&
66265f134acfb2 Pavel Shilovsky    2019-01-23  4878  			server->ops->is_status_pending(buf, server))
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4879  		return -1;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4880
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4881  	/* set up first two iov to get credits */
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4882  	rdata->iov[0].iov_base = buf;
bb1bccb60c2ebd Pavel Shilovsky    2019-01-17  4883  	rdata->iov[0].iov_len = 0;
bb1bccb60c2ebd Pavel Shilovsky    2019-01-17  4884  	rdata->iov[1].iov_base = buf;
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4885  	rdata->iov[1].iov_len =
bb1bccb60c2ebd Pavel Shilovsky    2019-01-17  4886  		min_t(unsigned int, buf_len, server->vals->read_rsp_size);
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4887  	cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4888  		 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4889  	cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4890  		 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4891
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4892  	rdata->result = server->ops->map_error(buf, true);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4893  	if (rdata->result != 0) {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4894  		cifs_dbg(FYI, "%s: server returned error %d\n",
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4895  			 __func__, rdata->result);
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4896  		/* normal error on read response */
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4897  		if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4898  			mid->mid_state = MID_RESPONSE_RECEIVED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4899  		else
ec678eae746dd2 Pavel Shilovsky    2019-01-18  4900  			dequeue_mid(mid, false);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4901  		return 0;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4902  	}
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4903
1fc6ad2f10ad6f Ronnie Sahlberg    2018-06-01  4904  	data_offset = server->ops->read_data_offset(buf);
74dcf418fe3446 Long Li            2017-11-22  4905  #ifdef CONFIG_CIFS_SMB_DIRECT
74dcf418fe3446 Long Li            2017-11-22  4906  	use_rdma_mr = rdata->mr;
74dcf418fe3446 Long Li            2017-11-22  4907  #endif
74dcf418fe3446 Long Li            2017-11-22  4908  	data_len = server->ops->read_data_length(buf, use_rdma_mr);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4909
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4910  	if (data_offset < server->vals->read_rsp_size) {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4911  		/*
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4912  		 * win2k8 sometimes sends an offset of 0 when the read
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4913  		 * is beyond the EOF. Treat it as if the data starts just after
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4914  		 * the header.
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4915  		 */
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4916  		cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4917  			 __func__, data_offset);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4918  		data_offset = server->vals->read_rsp_size;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4919  	} else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4920  		/* data_offset is beyond the end of smallbuf */
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4921  		cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4922  			 __func__, data_offset);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4923  		rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4924  		if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4925  			mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4926  		else
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4927  			dequeue_mid(mid, rdata->result);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4928  		return 0;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4929  	}
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4930
c42a6abe301283 Pavel Shilovsky    2016-11-17  4931  	pad_len = data_offset - server->vals->read_rsp_size;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4932
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4933  	if (buf_len <= data_offset) {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4934  		/* read response payload is in pages */
c42a6abe301283 Pavel Shilovsky    2016-11-17  4935  		cur_page_idx = pad_len / PAGE_SIZE;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4936  		cur_off = pad_len % PAGE_SIZE;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4937
c42a6abe301283 Pavel Shilovsky    2016-11-17  4938  		if (cur_page_idx != 0) {
c42a6abe301283 Pavel Shilovsky    2016-11-17  4939  			/* data offset is beyond the 1st page of response */
c42a6abe301283 Pavel Shilovsky    2016-11-17  4940  			cifs_dbg(FYI, "%s: data offset (%u) beyond 1st page of response\n",
c42a6abe301283 Pavel Shilovsky    2016-11-17  4941  				 __func__, data_offset);
c42a6abe301283 Pavel Shilovsky    2016-11-17  4942  			rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4943  			if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4944  				mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4945  			else
c42a6abe301283 Pavel Shilovsky    2016-11-17  4946  				dequeue_mid(mid, rdata->result);
c42a6abe301283 Pavel Shilovsky    2016-11-17  4947  			return 0;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4948  		}
c42a6abe301283 Pavel Shilovsky    2016-11-17  4949
36c9de734b21b4 David Howells      2022-01-24  4950  		if (data_len > pages_len - pad_len) {
c42a6abe301283 Pavel Shilovsky    2016-11-17  4951  			/* data_len is corrupt -- discard frame */
c42a6abe301283 Pavel Shilovsky    2016-11-17  4952  			rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4953  			if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4954  				mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4955  			else
c42a6abe301283 Pavel Shilovsky    2016-11-17  4956  				dequeue_mid(mid, rdata->result);
c42a6abe301283 Pavel Shilovsky    2016-11-17  4957  			return 0;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4958  		}
c42a6abe301283 Pavel Shilovsky    2016-11-17  4959
36c9de734b21b4 David Howells      2022-01-24  4960  		/* Copy the data to the output I/O iterator. */
36c9de734b21b4 David Howells      2022-01-24  4961  		rdata->result = cifs_copy_pages_to_iter(pages, pages_len,
36c9de734b21b4 David Howells      2022-01-24  4962  							cur_off, &rdata->iter);
c42a6abe301283 Pavel Shilovsky    2016-11-17  4963  		if (rdata->result != 0) {
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4964  			if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4965  				mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4966  			else
c42a6abe301283 Pavel Shilovsky    2016-11-17  4967  				dequeue_mid(mid, rdata->result);
c42a6abe301283 Pavel Shilovsky    2016-11-17  4968  			return 0;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4969  		}
36c9de734b21b4 David Howells      2022-01-24  4970  		rdata->got_bytes = pages_len;
c42a6abe301283 Pavel Shilovsky    2016-11-17  4971
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4972  	} else if (buf_len >= data_offset + data_len) {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4973  		/* read response payload is in buf */
36c9de734b21b4 David Howells      2022-01-24  4974  		WARN_ONCE(pages && !xa_empty(pages),
36c9de734b21b4 David Howells      2022-01-24  4975  			  "read data can be either in buf or in pages");
36c9de734b21b4 David Howells      2022-01-24  4976  		length = copy_to_iter(buf + data_offset, data_len, &rdata->iter);
36c9de734b21b4 David Howells      2022-01-24  4977  		if (length < 0)
36c9de734b21b4 David Howells      2022-01-24  4978  			return length;
36c9de734b21b4 David Howells      2022-01-24  4979  		rdata->got_bytes = data_len;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4980  	} else {
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4981  		/* read response payload cannot be in both buf and pages */
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4982  		WARN_ONCE(1, "buf can not contain only a part of read data");
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4983  		rdata->result = -EIO;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4984  		if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4985  			mid->mid_state = MID_RESPONSE_MALFORMED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4986  		else
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4987  			dequeue_mid(mid, rdata->result);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4988  		return 0;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4989  	}
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4990
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4991  	if (is_offloaded)
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4992  		mid->mid_state = MID_RESPONSE_RECEIVED;
ac873aa3dc2170 Rohith Surabattula 2020-10-29  4993  	else
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4994  		dequeue_mid(mid, false);
4326ed2f6a16ae Pavel Shilovsky    2016-11-17 @4995  	return length;
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4996  }
4326ed2f6a16ae Pavel Shilovsky    2016-11-17  4997

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ