[cifs:for-next 7/9] fs/cifs/file.c:3203 cifs_send_async_read() warn: unsigned 'cur_len' is never less than zero.
Steve French
smfrench at gmail.com
Thu Nov 1 19:37:49 UTC 2018
added a trivial followon patch to fix this warning and pushed to
cifs-2.6.git for-next
thx
On Thu, Nov 1, 2018 at 11:35 AM kbuild test robot <lkp at intel.com> wrote:
>
> tree: git://git.samba.org/sfrench/cifs-2.6.git for-next
> head: 81b4dd0ea7cd93a6ebb5d6d0f22e77a463397bc2
> commit: 27d00133fadd8753e1856889dea2da4cb22910a3 [7/9] CIFS: Add support for direct I/O read
>
> New smatch warnings:
> fs/cifs/file.c:3203 cifs_send_async_read() warn: unsigned 'cur_len' is never less than zero.
>
> Old smatch warnings:
> fs/cifs/file.c:3608 cifs_read() warn: variable dereferenced before check 'tcon->ses' (see line 3583)
>
> vim +/cur_len +3203 fs/cifs/file.c
>
> 3164
> 3165 static int
> 3166 cifs_send_async_read(loff_t offset, size_t len, struct cifsFileInfo *open_file,
> 3167 struct cifs_sb_info *cifs_sb, struct list_head *rdata_list,
> 3168 struct cifs_aio_ctx *ctx)
> 3169 {
> 3170 struct cifs_readdata *rdata;
> 3171 unsigned int npages, rsize, credits;
> 3172 size_t cur_len;
> 3173 int rc;
> 3174 pid_t pid;
> 3175 struct TCP_Server_Info *server;
> 3176 struct page **pagevec;
> 3177 size_t start;
> 3178 struct iov_iter direct_iov = ctx->iter;
> 3179
> 3180 server = tlink_tcon(open_file->tlink)->ses->server;
> 3181
> 3182 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_RWPIDFORWARD)
> 3183 pid = open_file->pid;
> 3184 else
> 3185 pid = current->tgid;
> 3186
> 3187 if (ctx->direct_io)
> 3188 iov_iter_advance(&direct_iov, offset - ctx->pos);
> 3189
> 3190 do {
> 3191 rc = server->ops->wait_mtu_credits(server, cifs_sb->rsize,
> 3192 &rsize, &credits);
> 3193 if (rc)
> 3194 break;
> 3195
> 3196 cur_len = min_t(const size_t, len, rsize);
> 3197
> 3198 if (ctx->direct_io) {
> 3199
> 3200 cur_len = iov_iter_get_pages_alloc(
> 3201 &direct_iov, &pagevec,
> 3202 cur_len, &start);
> > 3203 if (cur_len < 0) {
> 3204 cifs_dbg(VFS,
> 3205 "couldn't get user pages (cur_len=%zd)"
> 3206 " iter type %d"
> 3207 " iov_offset %zd count %zd\n",
> 3208 cur_len, direct_iov.type, direct_iov.iov_offset,
> 3209 direct_iov.count);
> 3210 dump_stack();
> 3211 break;
> 3212 }
> 3213 iov_iter_advance(&direct_iov, cur_len);
> 3214
> 3215 rdata = cifs_readdata_direct_alloc(
> 3216 pagevec, cifs_uncached_readv_complete);
> 3217 if (!rdata) {
> 3218 add_credits_and_wake_if(server, credits, 0);
> 3219 rc = -ENOMEM;
> 3220 break;
> 3221 }
> 3222
> 3223 npages = (cur_len + start + PAGE_SIZE-1) / PAGE_SIZE;
> 3224 rdata->page_offset = start;
> 3225 rdata->tailsz = npages > 1 ?
> 3226 cur_len-(PAGE_SIZE-start)-(npages-2)*PAGE_SIZE :
> 3227 cur_len;
> 3228
> 3229 } else {
> 3230
> 3231 npages = DIV_ROUND_UP(cur_len, PAGE_SIZE);
> 3232 /* allocate a readdata struct */
> 3233 rdata = cifs_readdata_alloc(npages,
> 3234 cifs_uncached_readv_complete);
> 3235 if (!rdata) {
> 3236 add_credits_and_wake_if(server, credits, 0);
> 3237 rc = -ENOMEM;
> 3238 break;
> 3239 }
> 3240
> 3241 rc = cifs_read_allocate_pages(rdata, npages);
> 3242 if (rc)
> 3243 goto error;
> 3244
> 3245 rdata->tailsz = PAGE_SIZE;
> 3246 }
> 3247
> 3248 rdata->cfile = cifsFileInfo_get(open_file);
> 3249 rdata->nr_pages = npages;
> 3250 rdata->offset = offset;
> 3251 rdata->bytes = cur_len;
> 3252 rdata->pid = pid;
> 3253 rdata->pagesz = PAGE_SIZE;
> 3254 rdata->read_into_pages = cifs_uncached_read_into_pages;
> 3255 rdata->copy_into_pages = cifs_uncached_copy_into_pages;
> 3256 rdata->credits = credits;
> 3257 rdata->ctx = ctx;
> 3258 kref_get(&ctx->refcount);
> 3259
> 3260 if (!rdata->cfile->invalidHandle ||
> 3261 !(rc = cifs_reopen_file(rdata->cfile, true)))
> 3262 rc = server->ops->async_readv(rdata);
> 3263 error:
> 3264 if (rc) {
> 3265 add_credits_and_wake_if(server, rdata->credits, 0);
> 3266 kref_put(&rdata->refcount,
> 3267 cifs_uncached_readdata_release);
> 3268 if (rc == -EAGAIN) {
> 3269 iov_iter_revert(&direct_iov, cur_len);
> 3270 continue;
> 3271 }
> 3272 break;
> 3273 }
> 3274
> 3275 list_add_tail(&rdata->list, rdata_list);
> 3276 offset += cur_len;
> 3277 len -= cur_len;
> 3278 } while (len > 0);
> 3279
> 3280 return rc;
> 3281 }
> 3282
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
Thanks,
Steve
More information about the samba-technical
mailing list