[cifs:for-next 15/15] fs/cifs/transport.c:1247 SendReceive() warn: variable dereferenced before check 'ses' (see line 1245)
Dan Carpenter
dan.carpenter at oracle.com
Fri Sep 6 08:13:04 UTC 2019
tree: git://git.samba.org/sfrench/cifs-2.6.git for-next
head: 2808c6639104c5aea1fccdf692deab0ccf00914f
commit: 2808c6639104c5aea1fccdf692deab0ccf00914f [15/15] cifs: add new debugging macro cifs_server_dbg
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp at intel.com>
Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
New smatch warnings:
fs/cifs/transport.c:1247 SendReceive() warn: variable dereferenced before check 'ses' (see line 1245)
fs/cifs/transport.c:1342 SendReceive() warn: inconsistent returns 'mutex:&ses->server->srv_mutex'.
Locked on: line 1249
Unlocked on: line 1284
fs/cifs/transport.c:1342 SendReceive() warn: inconsistent returns 'mutex:&server->srv_mutex'.
Locked on: line 1284
Unlocked on: line 1249
fs/cifs/smb2pdu.c:2763 SMB2_ioctl() warn: variable dereferenced before check 'ses' (see line 2762)
fs/cifs/smb2pdu.c:3067 query_info() warn: variable dereferenced before check 'ses' (see line 3061)
git remote add cifs git://git.samba.org/sfrench/cifs-2.6.git
git remote update cifs
git checkout 2808c6639104c5aea1fccdf692deab0ccf00914f
vim +/ses +1247 fs/cifs/transport.c
96daf2b09178d8 Steve French 2011-05-27 1235 SendReceive(const unsigned int xid, struct cifs_ses *ses,
^1da177e4c3f41 Linus Torvalds 2005-04-16 1236 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
480b1cb9dad894 Ronnie Sahlberg 2019-03-08 1237 int *pbytes_returned, const int flags)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1238 {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1239 int rc = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1240 struct mid_q_entry *midQ;
fb2036d817584d Pavel Shilovsky 2016-11-23 1241 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
fb2036d817584d Pavel Shilovsky 2016-11-23 1242 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
fb2036d817584d Pavel Shilovsky 2016-11-23 1243 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
34f4deb7c56c6f Pavel Shilovsky 2019-01-16 1244 struct cifs_credits credits = { .value = 1, .instance = 0 };
2808c6639104c5 Ronnie Sahlberg 2019-08-28 @1245 struct TCP_Server_Info *server = ses->server;
^^^^^^^^^^^
Dereference
^1da177e4c3f41 Linus Torvalds 2005-04-16 1246
^1da177e4c3f41 Linus Torvalds 2005-04-16 @1247 if (ses == NULL) {
^^^^^^^^^^^
Check
f96637be081141 Joe Perches 2013-05-04 1248 cifs_dbg(VFS, "Null smb session\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1249 return -EIO;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1250 }
2808c6639104c5 Ronnie Sahlberg 2019-08-28 1251 if (server == NULL) {
f96637be081141 Joe Perches 2013-05-04 1252 cifs_dbg(VFS, "Null tcp session\n");
^1da177e4c3f41 Linus Torvalds 2005-04-16 1253 return -EIO;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1254 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1255
2808c6639104c5 Ronnie Sahlberg 2019-08-28 1256 if (server->tcpStatus == CifsExiting)
31ca3bc3c569f9 Steve French 2005-04-28 1257 return -ENOENT;
31ca3bc3c569f9 Steve French 2005-04-28 1258
^1da177e4c3f41 Linus Torvalds 2005-04-16 1259 /* Ensure that we do not send more than 50 overlapping requests
^1da177e4c3f41 Linus Torvalds 2005-04-16 1260 to the same server. We may make this configurable later or
^1da177e4c3f41 Linus Torvalds 2005-04-16 1261 use ses->maxReq */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1262
fb2036d817584d Pavel Shilovsky 2016-11-23 1263 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
2808c6639104c5 Ronnie Sahlberg 2019-08-28 1264 cifs_server_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
fb2036d817584d Pavel Shilovsky 2016-11-23 1265 len);
6d9c6d543165d1 Volker Lendecke 2008-12-08 1266 return -EIO;
6d9c6d543165d1 Volker Lendecke 2008-12-08 1267 }
6d9c6d543165d1 Volker Lendecke 2008-12-08 1268
2808c6639104c5 Ronnie Sahlberg 2019-08-28 1269 rc = wait_for_free_request(server, flags, &credits.instance);
7ee1af765dfa31 Jeremy Allison 2006-08-02 1270 if (rc)
7ee1af765dfa31 Jeremy Allison 2006-08-02 1271 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1272
^1da177e4c3f41 Linus Torvalds 2005-04-16 1273 /* make sure that we sign in the same order that we send on this socket
^1da177e4c3f41 Linus Torvalds 2005-04-16 1274 and avoid races inside tcp sendmsg code that could cause corruption
^1da177e4c3f41 Linus Torvalds 2005-04-16 1275 of smb data */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1276
2808c6639104c5 Ronnie Sahlberg 2019-08-28 1277 mutex_lock(&server->srv_mutex);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1278
7ee1af765dfa31 Jeremy Allison 2006-08-02 1279 rc = allocate_mid(ses, in_buf, &midQ);
7ee1af765dfa31 Jeremy Allison 2006-08-02 1280 if (rc) {
72ca545b2d83ac Jeff Layton 2008-12-01 1281 mutex_unlock(&ses->server->srv_mutex);
^^^^^^^^^^^^^^^^^^^^^^
This isn't a bug, but Smatch wants you to use "&server->srv_mutex"
instead of &ses->server->srv_mutex. They are equivalent.
7ee1af765dfa31 Jeremy Allison 2006-08-02 1282 /* Update # of requests on wire to server */
2808c6639104c5 Ronnie Sahlberg 2019-08-28 1283 add_credits(server, &credits, 0);
7ee1af765dfa31 Jeremy Allison 2006-08-02 1284 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1285 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1286
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
More information about the samba-technical
mailing list