Hi Namjae, I love your patch! Perhaps something to improve: [auto build test WARNING on linus/master] [also build test WARNING on v5.15-rc1 next-20210917] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Namjae-Jeon/ksmbd-add-request-buffer-validation-in-smb2_set_info/20210918-174717 base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4357f03d6611753936e4d52fc251b54a6afb1b54 config: hexagon-randconfig-r022-20210918 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project c8b3d7d6d6de37af68b2f379d0e37304f78e115f) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/57e7ede2bf2d38cb0f368f2fc54d646168b3d119 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Namjae-Jeon/ksmbd-add-request-buffer-validation-in-smb2_set_info/20210918-174717 git checkout 57e7ede2bf2d38cb0f368f2fc54d646168b3d119 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 ARCH=hexagon If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot All warnings (new ones prefixed by >>): >> fs/ksmbd/smb2pdu.c:7037:6: warning: variable 'ret' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] if (chunk_count == 0) ^~~~~~~~~~~~~~~~ fs/ksmbd/smb2pdu.c:7120:9: note: uninitialized use occurs here return ret; ^~~ fs/ksmbd/smb2pdu.c:7037:2: note: remove the 'if' if its condition is always false if (chunk_count == 0) ^~~~~~~~~~~~~~~~~~~~~ fs/ksmbd/smb2pdu.c:7020:9: note: initialize the variable 'ret' to silence this warning int ret, cnt_code; ^ = 0 1 warning generated. vim +7037 fs/ksmbd/smb2pdu.c 7009 7010 static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req, 7011 struct smb2_ioctl_rsp *rsp) 7012 { 7013 struct copychunk_ioctl_req *ci_req; 7014 struct copychunk_ioctl_rsp *ci_rsp; 7015 struct ksmbd_file *src_fp = NULL, *dst_fp = NULL; 7016 struct srv_copychunk *chunks; 7017 unsigned int i, chunk_count, chunk_count_written = 0; 7018 unsigned int chunk_size_written = 0; 7019 loff_t total_size_written = 0; 7020 int ret, cnt_code; 7021 7022 cnt_code = le32_to_cpu(req->CntCode); 7023 ci_req = (struct copychunk_ioctl_req *)&req->Buffer[0]; 7024 ci_rsp = (struct copychunk_ioctl_rsp *)&rsp->Buffer[0]; 7025 7026 rsp->VolatileFileId = req->VolatileFileId; 7027 rsp->PersistentFileId = req->PersistentFileId; 7028 ci_rsp->ChunksWritten = 7029 cpu_to_le32(ksmbd_server_side_copy_max_chunk_count()); 7030 ci_rsp->ChunkBytesWritten = 7031 cpu_to_le32(ksmbd_server_side_copy_max_chunk_size()); 7032 ci_rsp->TotalBytesWritten = 7033 cpu_to_le32(ksmbd_server_side_copy_max_total_size()); 7034 7035 chunks = (struct srv_copychunk *)&ci_req->Chunks[0]; 7036 chunk_count = le32_to_cpu(ci_req->ChunkCount); > 7037 if (chunk_count == 0) 7038 goto out; 7039 total_size_written = 0; 7040 7041 /* verify the SRV_COPYCHUNK_COPY packet */ 7042 if (chunk_count > ksmbd_server_side_copy_max_chunk_count() || 7043 le32_to_cpu(req->InputCount) < 7044 offsetof(struct copychunk_ioctl_req, Chunks) + 7045 chunk_count * sizeof(struct srv_copychunk)) { 7046 rsp->hdr.Status = STATUS_INVALID_PARAMETER; 7047 return -EINVAL; 7048 } 7049 7050 for (i = 0; i < chunk_count; i++) { 7051 if (le32_to_cpu(chunks[i].Length) == 0 || 7052 le32_to_cpu(chunks[i].Length) > ksmbd_server_side_copy_max_chunk_size()) 7053 break; 7054 total_size_written += le32_to_cpu(chunks[i].Length); 7055 } 7056 7057 if (i < chunk_count || 7058 total_size_written > ksmbd_server_side_copy_max_total_size()) { 7059 rsp->hdr.Status = STATUS_INVALID_PARAMETER; 7060 return -EINVAL; 7061 } 7062 7063 src_fp = ksmbd_lookup_foreign_fd(work, 7064 le64_to_cpu(ci_req->ResumeKey[0])); 7065 dst_fp = ksmbd_lookup_fd_slow(work, 7066 le64_to_cpu(req->VolatileFileId), 7067 le64_to_cpu(req->PersistentFileId)); 7068 ret = -EINVAL; 7069 if (!src_fp || 7070 src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) { 7071 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; 7072 goto out; 7073 } 7074 7075 if (!dst_fp) { 7076 rsp->hdr.Status = STATUS_FILE_CLOSED; 7077 goto out; 7078 } 7079 7080 /* 7081 * FILE_READ_DATA should only be included in 7082 * the FSCTL_COPYCHUNK case 7083 */ 7084 if (cnt_code == FSCTL_COPYCHUNK && 7085 !(dst_fp->daccess & (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE))) { 7086 rsp->hdr.Status = STATUS_ACCESS_DENIED; 7087 goto out; 7088 } 7089 7090 ret = ksmbd_vfs_copy_file_ranges(work, src_fp, dst_fp, 7091 chunks, chunk_count, 7092 &chunk_count_written, 7093 &chunk_size_written, 7094 &total_size_written); 7095 if (ret < 0) { 7096 if (ret == -EACCES) 7097 rsp->hdr.Status = STATUS_ACCESS_DENIED; 7098 if (ret == -EAGAIN) 7099 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; 7100 else if (ret == -EBADF) 7101 rsp->hdr.Status = STATUS_INVALID_HANDLE; 7102 else if (ret == -EFBIG || ret == -ENOSPC) 7103 rsp->hdr.Status = STATUS_DISK_FULL; 7104 else if (ret == -EINVAL) 7105 rsp->hdr.Status = STATUS_INVALID_PARAMETER; 7106 else if (ret == -EISDIR) 7107 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; 7108 else if (ret == -E2BIG) 7109 rsp->hdr.Status = STATUS_INVALID_VIEW_SIZE; 7110 else 7111 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; 7112 } 7113 7114 ci_rsp->ChunksWritten = cpu_to_le32(chunk_count_written); 7115 ci_rsp->ChunkBytesWritten = cpu_to_le32(chunk_size_written); 7116 ci_rsp->TotalBytesWritten = cpu_to_le32(total_size_written); 7117 out: 7118 ksmbd_fd_put(work, src_fp); 7119 ksmbd_fd_put(work, dst_fp); 7120 return ret; 7121 } 7122 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org