[cifs:for-next 7/9] fs/cifs/file.c:3203 cifs_send_async_read() warn: unsigned 'cur_len' is never less than zero.

[kbuild test robot]

tree:   git://git.samba.org/sfrench/cifs-2.6.git for-next
head:   81b4dd0ea7cd93a6ebb5d6d0f22e77a463397bc2
commit: 27d00133fadd8753e1856889dea2da4cb22910a3 [7/9] CIFS: Add support for direct I/O read

New smatch warnings:
fs/cifs/file.c:3203 cifs_send_async_read() warn: unsigned 'cur_len' is never less than zero.

Old smatch warnings:
fs/cifs/file.c:3608 cifs_read() warn: variable dereferenced before check 'tcon->ses' (see line 3583)

vim +/cur_len +3203 fs/cifs/file.c

  3164	
  3165	static int
  3166	cifs_send_async_read(loff_t offset, size_t len, struct cifsFileInfo *open_file,
  3167			     struct cifs_sb_info *cifs_sb, struct list_head *rdata_list,
  3168			     struct cifs_aio_ctx *ctx)
  3169	{
  3170		struct cifs_readdata *rdata;
  3171		unsigned int npages, rsize, credits;
  3172		size_t cur_len;
  3173		int rc;
  3174		pid_t pid;
  3175		struct TCP_Server_Info *server;
  3176		struct page **pagevec;
  3177		size_t start;
  3178		struct iov_iter direct_iov = ctx->iter;
  3179	
  3180		server = tlink_tcon(open_file->tlink)->ses->server;
  3181	
  3182		if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_RWPIDFORWARD)
  3183			pid = open_file->pid;
  3184		else
  3185			pid = current->tgid;
  3186	
  3187		if (ctx->direct_io)
  3188			iov_iter_advance(&direct_iov, offset - ctx->pos);
  3189	
  3190		do {
  3191			rc = server->ops->wait_mtu_credits(server, cifs_sb->rsize,
  3192							   &rsize, &credits);
  3193			if (rc)
  3194				break;
  3195	
  3196			cur_len = min_t(const size_t, len, rsize);
  3197	
  3198			if (ctx->direct_io) {
  3199	
  3200				cur_len = iov_iter_get_pages_alloc(
  3201						&direct_iov, &pagevec,
  3202						cur_len, &start);
> 3203				if (cur_len < 0) {
  3204					cifs_dbg(VFS,
  3205						"couldn't get user pages (cur_len=%zd)"
  3206						" iter type %d"
  3207						" iov_offset %zd count %zd\n",
  3208						cur_len, direct_iov.type, direct_iov.iov_offset,
  3209						direct_iov.count);
  3210					dump_stack();
  3211					break;
  3212				}
  3213				iov_iter_advance(&direct_iov, cur_len);
  3214	
  3215				rdata = cifs_readdata_direct_alloc(
  3216						pagevec, cifs_uncached_readv_complete);
  3217				if (!rdata) {
  3218					add_credits_and_wake_if(server, credits, 0);
  3219					rc = -ENOMEM;
  3220					break;
  3221				}
  3222	
  3223				npages = (cur_len + start + PAGE_SIZE-1) / PAGE_SIZE;
  3224				rdata->page_offset = start;
  3225				rdata->tailsz = npages > 1 ?
  3226					cur_len-(PAGE_SIZE-start)-(npages-2)*PAGE_SIZE :
  3227					cur_len;
  3228	
  3229			} else {
  3230	
  3231				npages = DIV_ROUND_UP(cur_len, PAGE_SIZE);
  3232				/* allocate a readdata struct */
  3233				rdata = cifs_readdata_alloc(npages,
  3234						    cifs_uncached_readv_complete);
  3235				if (!rdata) {
  3236					add_credits_and_wake_if(server, credits, 0);
  3237					rc = -ENOMEM;
  3238					break;
  3239				}
  3240	
  3241				rc = cifs_read_allocate_pages(rdata, npages);
  3242				if (rc)
  3243					goto error;
  3244	
  3245				rdata->tailsz = PAGE_SIZE;
  3246			}
  3247	
  3248			rdata->cfile = cifsFileInfo_get(open_file);
  3249			rdata->nr_pages = npages;
  3250			rdata->offset = offset;
  3251			rdata->bytes = cur_len;
  3252			rdata->pid = pid;
  3253			rdata->pagesz = PAGE_SIZE;
  3254			rdata->read_into_pages = cifs_uncached_read_into_pages;
  3255			rdata->copy_into_pages = cifs_uncached_copy_into_pages;
  3256			rdata->credits = credits;
  3257			rdata->ctx = ctx;
  3258			kref_get(&ctx->refcount);
  3259	
  3260			if (!rdata->cfile->invalidHandle ||
  3261			    !(rc = cifs_reopen_file(rdata->cfile, true)))
  3262				rc = server->ops->async_readv(rdata);
  3263	error:
  3264			if (rc) {
  3265				add_credits_and_wake_if(server, rdata->credits, 0);
  3266				kref_put(&rdata->refcount,
  3267					cifs_uncached_readdata_release);
  3268				if (rc == -EAGAIN) {
  3269					iov_iter_revert(&direct_iov, cur_len);
  3270					continue;
  3271				}
  3272				break;
  3273			}
  3274	
  3275			list_add_tail(&rdata->list, rdata_list);
  3276			offset += cur_len;
  3277			len -= cur_len;
  3278		} while (len > 0);
  3279	
  3280		return rc;
  3281	}
  3282	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation