[cifs:for-next 35/38] fs/cifs/smb2ops.c:1152:10-17: WARNING opportunity for memdup_user
kbuild test robot
lkp at intel.com
Thu Oct 11 11:14:11 UTC 2018
tree: git://git.samba.org/sfrench/cifs-2.6.git for-next
head: 18fbe0748eeacc27f619fa2010fedd7172a81d34
commit: 957f8728d5e175c8660d36d8d334e5a6f1e7f521 [35/38] cifs: add IOCTL for QUERY_INFO passthrough to userspace
coccinelle warnings: (new ones prefixed by >>)
>> fs/cifs/smb2ops.c:1152:10-17: WARNING opportunity for memdup_user
vim +1152 fs/cifs/smb2ops.c
1120
1121 static int
1122 smb2_ioctl_query_info(const unsigned int xid,
1123 struct cifsFileInfo *file,
1124 unsigned long p)
1125 {
1126 struct cifs_tcon *tcon = tlink_tcon(file->tlink);
1127 struct cifs_ses *ses = tcon->ses;
1128 char __user *arg = (char __user *)p;
1129 struct smb_query_info qi;
1130 struct smb_query_info __user *pqi;
1131 int rc = 0;
1132 int flags = 0;
1133 struct smb_rqst rqst;
1134 struct kvec iov[1];
1135 struct kvec rsp_iov;
1136 int resp_buftype;
1137 struct smb2_query_info_rsp *rsp = NULL;
1138 void *buffer;
1139
1140 if (copy_from_user(&qi, arg, sizeof(struct smb_query_info)))
1141 return -EFAULT;
1142
1143 if (qi.output_buffer_length > 1024)
1144 return -EINVAL;
1145
1146 if (!ses || !(ses->server))
1147 return -EIO;
1148
1149 if (smb3_encryption_required(tcon))
1150 flags |= CIFS_TRANSFORM_REQ;
1151
> 1152 buffer = kmalloc(qi.output_buffer_length, GFP_KERNEL);
1153 if (buffer == NULL)
1154 return -ENOMEM;
1155
1156 if (copy_from_user(buffer, arg + sizeof(struct smb_query_info),
1157 qi.output_buffer_length)) {
1158 kfree(buffer);
1159 return -EFAULT;
1160 }
1161
1162 memset(&rqst, 0, sizeof(struct smb_rqst));
1163 memset(&iov, 0, sizeof(iov));
1164 rqst.rq_iov = iov;
1165 rqst.rq_nvec = 1;
1166
1167 rc = SMB2_query_info_init(tcon, &rqst, file->fid.persistent_fid,
1168 file->fid.volatile_fid,
1169 qi.file_info_class, qi.info_type,
1170 qi.additional_information,
1171 qi.input_buffer_length,
1172 qi.output_buffer_length, buffer);
1173 kfree(buffer);
1174 if (rc)
1175 goto iqinf_exit;
1176
1177 rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);
1178 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
1179 if (rc)
1180 goto iqinf_exit;
1181
1182 pqi = (struct smb_query_info __user *)arg;
1183 if (le32_to_cpu(rsp->OutputBufferLength) < qi.input_buffer_length)
1184 qi.input_buffer_length = le32_to_cpu(rsp->OutputBufferLength);
1185 if (copy_to_user(&pqi->input_buffer_length, &qi.input_buffer_length,
1186 sizeof(qi.input_buffer_length))) {
1187 rc = -EFAULT;
1188 goto iqinf_exit;
1189 }
1190 if (copy_to_user(pqi + 1, rsp->Buffer, qi.input_buffer_length)) {
1191 rc = -EFAULT;
1192 goto iqinf_exit;
1193 }
1194
1195 iqinf_exit:
1196 SMB2_query_info_free(&rqst);
1197 free_rsp_buf(resp_buftype, rsp);
1198 return rc;
1199 }
1200
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
More information about the samba-technical
mailing list