[cifs:for-next 8/10] fs/cifs/smb2pdu.c:2580:19: warning: 'in_data_buf' may be used uninitialized in this function

kbuild test robot lkp at intel.com
Fri May 17 04:04:41 UTC 2019 

tree:   git://git.samba.org/sfrench/cifs-2.6.git for-next
head:   dece44e381ab4a9fd1021db45ba4472e8c85becb
commit: 2c87d6a94d162e68ca393cb87719dae8737f55c0 [8/10] cifs: Allocate memory for all iovs in smb2_ioctl
config: openrisc-allmodconfig (attached as .config)
compiler: or1k-linux-gcc (GCC) 6.0.0 20160327 (experimental)
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        git checkout 2c87d6a94d162e68ca393cb87719dae8737f55c0
        # save the attached .config to linux build tree
        make.cross ARCH=openrisc 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp at intel.com>

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   fs/cifs/smb2pdu.c: In function 'SMB2_ioctl_init':
>> fs/cifs/smb2pdu.c:2580:19: warning: 'in_data_buf' may be used uninitialized in this function [-Wmaybe-uninitialized]
      iov[1].iov_base = in_data_buf;
      ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~

vim +/in_data_buf +2580 fs/cifs/smb2pdu.c

  2530	
  2531	int
  2532	SMB2_ioctl_init(struct cifs_tcon *tcon, struct smb_rqst *rqst,
  2533			u64 persistent_fid, u64 volatile_fid, u32 opcode,
  2534			bool is_fsctl, char *in_data, u32 indatalen,
  2535			__u32 max_response_size)
  2536	{
  2537		struct smb2_ioctl_req *req;
  2538		struct kvec *iov = rqst->rq_iov;
  2539		unsigned int total_len;
  2540		int rc;
  2541		char *in_data_buf;
  2542	
  2543		rc = smb2_plain_req_init(SMB2_IOCTL, tcon, (void **) &req, &total_len);
  2544		if (rc)
  2545			return rc;
  2546	
  2547		if (indatalen) {
  2548			/*
  2549			 * indatalen is usually small at a couple of bytes max, so
  2550			 * just allocate through generic pool
  2551			 */
  2552			in_data_buf = kmalloc(indatalen, GFP_NOFS);
  2553			if (!in_data_buf) {
  2554				cifs_small_buf_release(req);
  2555				return -ENOMEM;
  2556			}
  2557			memcpy(in_data_buf, in_data, indatalen);
  2558		}
  2559	
  2560		req->CtlCode = cpu_to_le32(opcode);
  2561		req->PersistentFileId = persistent_fid;
  2562		req->VolatileFileId = volatile_fid;
  2563	
  2564		iov[0].iov_base = (char *)req;
  2565		/*
  2566		 * If no input data, the size of ioctl struct in
  2567		 * protocol spec still includes a 1 byte data buffer,
  2568		 * but if input data passed to ioctl, we do not
  2569		 * want to double count this, so we do not send
  2570		 * the dummy one byte of data in iovec[0] if sending
  2571		 * input data (in iovec[1]).
  2572		 */
  2573		if (indatalen) {
  2574			req->InputCount = cpu_to_le32(indatalen);
  2575			/* do not set InputOffset if no input data */
  2576			req->InputOffset =
  2577			       cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer));
  2578			rqst->rq_nvec = 2;
  2579			iov[0].iov_len = total_len - 1;
> 2580			iov[1].iov_base = in_data_buf;
  2581			iov[1].iov_len = indatalen;
  2582		} else {
  2583			rqst->rq_nvec = 1;
  2584			iov[0].iov_len = total_len;
  2585		}
  2586	
  2587		req->OutputOffset = 0;
  2588		req->OutputCount = 0; /* MBZ */
  2589	
  2590		/*
  2591		 * In most cases max_response_size is set to 16K (CIFSMaxBufSize)
  2592		 * We Could increase default MaxOutputResponse, but that could require
  2593		 * more credits. Windows typically sets this smaller, but for some
  2594		 * ioctls it may be useful to allow server to send more. No point
  2595		 * limiting what the server can send as long as fits in one credit
  2596		 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want
  2597		 * to increase this limit up in the future.
  2598		 * Note that for snapshot queries that servers like Azure expect that
  2599		 * the first query be minimal size (and just used to get the number/size
  2600		 * of previous versions) so response size must be specified as EXACTLY
  2601		 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple
  2602		 * of eight bytes.  Currently that is the only case where we set max
  2603		 * response size smaller.
  2604		 */
  2605		req->MaxOutputResponse = cpu_to_le32(max_response_size);
  2606	
  2607		if (is_fsctl)
  2608			req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
  2609		else
  2610			req->Flags = 0;
  2611	
  2612		/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
  2613		if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
  2614			req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
  2615	
  2616		return 0;
  2617	}
  2618	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .config.gz
Type: application/gzip
Size: 48230 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190517/f902a77b/config.gz>

More information about the samba-technical mailing list