* fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476]
@ 2022-06-15 22:58 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-06-15 22:58 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 16496 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check first_new_problem: fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Tanner Love <tannerlove@google.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: afe9eb14ea1cbac5d91ca04eb64810d2d9fa22b0
commit: a358f40600b3b39ae3906b6118625b99c0aa7a34 once: implement DO_ONCE_LITE for non-fast-path "do once" functionality
date: 12 months ago
:::::: branch date: 3 hours ago
:::::: commit date: 12 months ago
config: i386-randconfig-c001-20220613 (https://download.01.org/0day-ci/archive/20220616/202206160622.tpWgArPl-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a358f40600b3b39ae3906b6118625b99c0aa7a34
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout a358f40600b3b39ae3906b6118625b99c0aa7a34
# save the config file
ARCH=i386 KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
fs/cifs/cifssmb.c: In function 'CIFS_open':
>> fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] [-Wanalyzer-null-dereference]
1386 | if (tcon->ses->capabilities & CAP_UNIX)
| ~~~~^~~~~
'CIFSSMBSetPathInfo': events 1-2
|
| 5838 | CIFSSMBSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to 'CIFSSMBSetPathInfo'
|......
| 5855 | rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'smb_init' from 'CIFSSMBSetPathInfo'
| 5856 | (void **) &pSMBr);
| | ~~~~~~~~~~~~~~~~~
|
+--> 'smb_init': events 3-6
|
| 353 | smb_init(int smb_command, int wct, struct cifs_tcon *tcon,
| | ^~~~~~~~
| | |
| | (3) entry to 'smb_init'
|......
| 359 | if (rc)
| | ~
| | |
| | (4) following 'false' branch (when 'rc == 0')...
|......
| 362 | return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
| | ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (6) calling '__smb_init' from 'smb_init'
| | (5) ...to here
|
+--> '__smb_init': events 7-12
|
| 327 | __smb_init(int smb_command, int wct, struct cifs_tcon *tcon,
| | ^~~~~~~~~~
| | |
| | (7) entry to '__smb_init'
|......
| 331 | if (*request_buf == NULL) {
| | ~
| | |
| | (8) following 'false' branch...
|......
| 339 | if (response_buf)
| | ~~ ~
| | | |
| | | (10) following 'true' branch (when 'response_buf' is non-NULL)...
| | (9) ...to here
| 340 | *response_buf = *request_buf;
| | ~
| | |
| | (11) ...to here
|......
| 345 | if (tcon != NULL)
| | ~
| | |
| | (12) following 'false' branch (when 'tcon' is NULL)...
|
'__smb_init': event 13
|
|cc1:
| (13): ...to here
|
<------+
|
'smb_init': event 14
|
| 362 | return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (14) returning to 'smb_init' from '__smb_init'
|
<------+
|
'CIFSSMBSetPathInfo': events 15-17
|
| 5855 | rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) returning to 'CIFSSMBSetPathInfo' from 'smb_init'
| 5856 | (void **) &pSMBr);
| | ~~~~~~~~~~~~~~~~~
| 5857 | if (rc)
| | ~
| | |
| | (16) following 'false' branch (when 'rc == 0')...
|......
| 5860 | if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
| | ~~
| | |
| | (17) ...to here
|
'CIFSSMBSetPathInfo': events 18-19
|
|include/linux/fortify-string.h:189:12:
| 189 | if (p_size < size || q_size < size)
| | ^
vim +/tcon +1386 fs/cifs/cifssmb.c
a9d02ad49013c8 Steve French 2005-08-24 1319
^1da177e4c3f41 Linus Torvalds 2005-04-16 1320 int
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1321 CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock,
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1322 FILE_ALL_INFO *buf)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1323 {
1afdea4f19a97e Colin Ian King 2019-07-23 1324 int rc;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1325 OPEN_REQ *req = NULL;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1326 OPEN_RSP *rsp = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1327 int bytes_returned;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1328 int name_len;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1329 __u16 count;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1330 struct cifs_sb_info *cifs_sb = oparms->cifs_sb;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1331 struct cifs_tcon *tcon = oparms->tcon;
2baa2682531ff0 Steve French 2014-09-27 1332 int remap = cifs_remap(cifs_sb);
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1333 const struct nls_table *nls = cifs_sb->local_nls;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1334 int create_options = oparms->create_options;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1335 int desired_access = oparms->desired_access;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1336 int disposition = oparms->disposition;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1337 const char *path = oparms->path;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1338
^1da177e4c3f41 Linus Torvalds 2005-04-16 1339 openRetry:
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1340 rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **)&req,
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1341 (void **)&rsp);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1342 if (rc)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1343 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1344
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1345 /* no commands go after this */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1346 req->AndXCommand = 0xFF;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1347
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1348 if (req->hdr.Flags2 & SMBFLG2_UNICODE) {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1349 /* account for one byte pad to word boundary */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1350 count = 1;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1351 name_len = cifsConvertToUTF16((__le16 *)(req->fileName + 1),
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1352 path, PATH_MAX, nls, remap);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1353 /* trailing null */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1354 name_len++;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1355 name_len *= 2;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1356 req->NameLength = cpu_to_le16(name_len);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1357 } else {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1358 /* BB improve check for buffer overruns BB */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1359 /* no pad */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1360 count = 0;
340625e618e1b3 Ronnie Sahlberg 2019-08-27 1361 name_len = copy_path_name(req->fileName, path);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1362 req->NameLength = cpu_to_le16(name_len);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1363 }
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1364
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1365 if (*oplock & REQ_OPLOCK)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1366 req->OpenFlags = cpu_to_le32(REQ_OPLOCK);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1367 else if (*oplock & REQ_BATCHOPLOCK)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1368 req->OpenFlags = cpu_to_le32(REQ_BATCHOPLOCK);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1369
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1370 req->DesiredAccess = cpu_to_le32(desired_access);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1371 req->AllocationSize = 0;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1372
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1373 /*
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1374 * Set file as system file if special file such as fifo and server
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1375 * expecting SFU style and no Unix extensions.
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1376 */
eda3c029899cbf Steve French 2005-07-21 1377 if (create_options & CREATE_OPTION_SPECIAL)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1378 req->FileAttributes = cpu_to_le32(ATTR_SYSTEM);
eda3c029899cbf Steve French 2005-07-21 1379 else
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1380 req->FileAttributes = cpu_to_le32(ATTR_NORMAL);
67750fb9e07940 Jeff Layton 2008-05-09 1381
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1382 /*
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1383 * XP does not handle ATTR_POSIX_SEMANTICS but it helps speed up case
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1384 * sensitive checks for other servers such as Samba.
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1385 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 @1386 if (tcon->ses->capabilities & CAP_UNIX)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1387 req->FileAttributes |= cpu_to_le32(ATTR_POSIX_SEMANTICS);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1388
67750fb9e07940 Jeff Layton 2008-05-09 1389 if (create_options & CREATE_OPTION_READONLY)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1390 req->FileAttributes |= cpu_to_le32(ATTR_READONLY);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1391
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1392 req->ShareAccess = cpu_to_le32(FILE_SHARE_ALL);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1393 req->CreateDisposition = cpu_to_le32(disposition);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1394 req->CreateOptions = cpu_to_le32(create_options & CREATE_OPTIONS_MASK);
67750fb9e07940 Jeff Layton 2008-05-09 1395
09d1db5c613123 Steve French 2005-04-28 1396 /* BB Expirement with various impersonation levels and verify */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1397 req->ImpersonationLevel = cpu_to_le32(SECURITY_IMPERSONATION);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1398 req->SecurityFlags = SECURITY_CONTEXT_TRACKING|SECURITY_EFFECTIVE_ONLY;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1399
^1da177e4c3f41 Linus Torvalds 2005-04-16 1400 count += name_len;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1401 inc_rfc1001_len(req, count);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1402
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1403 req->ByteCount = cpu_to_le16(count);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1404 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req,
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1405 (struct smb_hdr *)rsp, &bytes_returned, 0);
44c581866e2ae4 Pavel Shilovsky 2012-05-28 1406 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1407 if (rc) {
f96637be081141 Joe Perches 2013-05-04 1408 cifs_dbg(FYI, "Error in Open = %d\n", rc);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1409 cifs_buf_release(req);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1410 if (rc == -EAGAIN)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1411 goto openRetry;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1412 return rc;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1413 }
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1414
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1415 /* 1 byte no need to le_to_cpu */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1416 *oplock = rsp->OplockLevel;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1417 /* cifs fid stays in le */
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1418 oparms->fid->netfid = rsp->Fid;
86f740f2aed5ea Aurelien Aptel 2020-02-21 1419 oparms->fid->access = desired_access;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1420
^1da177e4c3f41 Linus Torvalds 2005-04-16 1421 /* Let caller know file was created so we can set the mode. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1422 /* Do we care about the CreateAction in any other cases? */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1423 if (cpu_to_le32(FILE_CREATE) == rsp->CreateAction)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1424 *oplock |= CIFS_CREATE_ACTION;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1425
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1426 if (buf) {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1427 /* copy from CreationTime to Attributes */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1428 memcpy((char *)buf, (char *)&rsp->CreationTime, 36);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1429 /* the file_info buf is endian converted by caller */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1430 buf->AllocationSize = rsp->AllocationSize;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1431 buf->EndOfFile = rsp->EndOfFile;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1432 buf->NumberOfLinks = cpu_to_le32(1);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1433 buf->DeletePending = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1434 }
a5a2b489bae8f6 Steve French 2005-08-20 1435
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1436 cifs_buf_release(req);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1437 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1438 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1439
:::::: The code at line 1386 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
* fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476]
@ 2022-06-15 20:15 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-06-15 20:15 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 16496 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check first_new_problem: fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Tanner Love <tannerlove@google.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 979086f5e0066b4eff66e1eee123da228489985c
commit: a358f40600b3b39ae3906b6118625b99c0aa7a34 once: implement DO_ONCE_LITE for non-fast-path "do once" functionality
date: 12 months ago
:::::: branch date: 4 hours ago
:::::: commit date: 12 months ago
config: i386-randconfig-c001-20220613 (https://download.01.org/0day-ci/archive/20220616/202206160424.O3ChW9zW-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a358f40600b3b39ae3906b6118625b99c0aa7a34
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout a358f40600b3b39ae3906b6118625b99c0aa7a34
# save the config file
ARCH=i386 KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
fs/cifs/cifssmb.c: In function 'CIFS_open':
>> fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] [-Wanalyzer-null-dereference]
1386 | if (tcon->ses->capabilities & CAP_UNIX)
| ~~~~^~~~~
'CIFSSMBSetPathInfo': events 1-2
|
| 5838 | CIFSSMBSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to 'CIFSSMBSetPathInfo'
|......
| 5855 | rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'smb_init' from 'CIFSSMBSetPathInfo'
| 5856 | (void **) &pSMBr);
| | ~~~~~~~~~~~~~~~~~
|
+--> 'smb_init': events 3-6
|
| 353 | smb_init(int smb_command, int wct, struct cifs_tcon *tcon,
| | ^~~~~~~~
| | |
| | (3) entry to 'smb_init'
|......
| 359 | if (rc)
| | ~
| | |
| | (4) following 'false' branch (when 'rc == 0')...
|......
| 362 | return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
| | ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (6) calling '__smb_init' from 'smb_init'
| | (5) ...to here
|
+--> '__smb_init': events 7-12
|
| 327 | __smb_init(int smb_command, int wct, struct cifs_tcon *tcon,
| | ^~~~~~~~~~
| | |
| | (7) entry to '__smb_init'
|......
| 331 | if (*request_buf == NULL) {
| | ~
| | |
| | (8) following 'false' branch...
|......
| 339 | if (response_buf)
| | ~~ ~
| | | |
| | | (10) following 'true' branch (when 'response_buf' is non-NULL)...
| | (9) ...to here
| 340 | *response_buf = *request_buf;
| | ~
| | |
| | (11) ...to here
|......
| 345 | if (tcon != NULL)
| | ~
| | |
| | (12) following 'false' branch (when 'tcon' is NULL)...
|
'__smb_init': event 13
|
|cc1:
| (13): ...to here
|
<------+
|
'smb_init': event 14
|
| 362 | return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (14) returning to 'smb_init' from '__smb_init'
|
<------+
|
'CIFSSMBSetPathInfo': events 15-17
|
| 5855 | rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) returning to 'CIFSSMBSetPathInfo' from 'smb_init'
| 5856 | (void **) &pSMBr);
| | ~~~~~~~~~~~~~~~~~
| 5857 | if (rc)
| | ~
| | |
| | (16) following 'false' branch (when 'rc == 0')...
|......
| 5860 | if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
| | ~~
| | |
| | (17) ...to here
|
'CIFSSMBSetPathInfo': events 18-19
|
|include/linux/fortify-string.h:189:12:
| 189 | if (p_size < size || q_size < size)
| | ^
vim +/tcon +1386 fs/cifs/cifssmb.c
a9d02ad49013c8 Steve French 2005-08-24 1319
^1da177e4c3f41 Linus Torvalds 2005-04-16 1320 int
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1321 CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock,
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1322 FILE_ALL_INFO *buf)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1323 {
1afdea4f19a97e Colin Ian King 2019-07-23 1324 int rc;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1325 OPEN_REQ *req = NULL;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1326 OPEN_RSP *rsp = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1327 int bytes_returned;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1328 int name_len;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1329 __u16 count;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1330 struct cifs_sb_info *cifs_sb = oparms->cifs_sb;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1331 struct cifs_tcon *tcon = oparms->tcon;
2baa2682531ff0 Steve French 2014-09-27 1332 int remap = cifs_remap(cifs_sb);
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1333 const struct nls_table *nls = cifs_sb->local_nls;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1334 int create_options = oparms->create_options;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1335 int desired_access = oparms->desired_access;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1336 int disposition = oparms->disposition;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1337 const char *path = oparms->path;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1338
^1da177e4c3f41 Linus Torvalds 2005-04-16 1339 openRetry:
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1340 rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **)&req,
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1341 (void **)&rsp);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1342 if (rc)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1343 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1344
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1345 /* no commands go after this */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1346 req->AndXCommand = 0xFF;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1347
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1348 if (req->hdr.Flags2 & SMBFLG2_UNICODE) {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1349 /* account for one byte pad to word boundary */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1350 count = 1;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1351 name_len = cifsConvertToUTF16((__le16 *)(req->fileName + 1),
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1352 path, PATH_MAX, nls, remap);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1353 /* trailing null */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1354 name_len++;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1355 name_len *= 2;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1356 req->NameLength = cpu_to_le16(name_len);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1357 } else {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1358 /* BB improve check for buffer overruns BB */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1359 /* no pad */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1360 count = 0;
340625e618e1b3 Ronnie Sahlberg 2019-08-27 1361 name_len = copy_path_name(req->fileName, path);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1362 req->NameLength = cpu_to_le16(name_len);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1363 }
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1364
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1365 if (*oplock & REQ_OPLOCK)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1366 req->OpenFlags = cpu_to_le32(REQ_OPLOCK);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1367 else if (*oplock & REQ_BATCHOPLOCK)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1368 req->OpenFlags = cpu_to_le32(REQ_BATCHOPLOCK);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1369
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1370 req->DesiredAccess = cpu_to_le32(desired_access);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1371 req->AllocationSize = 0;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1372
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1373 /*
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1374 * Set file as system file if special file such as fifo and server
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1375 * expecting SFU style and no Unix extensions.
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1376 */
eda3c029899cbf Steve French 2005-07-21 1377 if (create_options & CREATE_OPTION_SPECIAL)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1378 req->FileAttributes = cpu_to_le32(ATTR_SYSTEM);
eda3c029899cbf Steve French 2005-07-21 1379 else
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1380 req->FileAttributes = cpu_to_le32(ATTR_NORMAL);
67750fb9e07940 Jeff Layton 2008-05-09 1381
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1382 /*
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1383 * XP does not handle ATTR_POSIX_SEMANTICS but it helps speed up case
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1384 * sensitive checks for other servers such as Samba.
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1385 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 @1386 if (tcon->ses->capabilities & CAP_UNIX)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1387 req->FileAttributes |= cpu_to_le32(ATTR_POSIX_SEMANTICS);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1388
67750fb9e07940 Jeff Layton 2008-05-09 1389 if (create_options & CREATE_OPTION_READONLY)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1390 req->FileAttributes |= cpu_to_le32(ATTR_READONLY);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1391
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1392 req->ShareAccess = cpu_to_le32(FILE_SHARE_ALL);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1393 req->CreateDisposition = cpu_to_le32(disposition);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1394 req->CreateOptions = cpu_to_le32(create_options & CREATE_OPTIONS_MASK);
67750fb9e07940 Jeff Layton 2008-05-09 1395
09d1db5c613123 Steve French 2005-04-28 1396 /* BB Expirement with various impersonation levels and verify */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1397 req->ImpersonationLevel = cpu_to_le32(SECURITY_IMPERSONATION);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1398 req->SecurityFlags = SECURITY_CONTEXT_TRACKING|SECURITY_EFFECTIVE_ONLY;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1399
^1da177e4c3f41 Linus Torvalds 2005-04-16 1400 count += name_len;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1401 inc_rfc1001_len(req, count);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1402
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1403 req->ByteCount = cpu_to_le16(count);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1404 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req,
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1405 (struct smb_hdr *)rsp, &bytes_returned, 0);
44c581866e2ae4 Pavel Shilovsky 2012-05-28 1406 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1407 if (rc) {
f96637be081141 Joe Perches 2013-05-04 1408 cifs_dbg(FYI, "Error in Open = %d\n", rc);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1409 cifs_buf_release(req);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1410 if (rc == -EAGAIN)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1411 goto openRetry;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1412 return rc;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1413 }
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1414
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1415 /* 1 byte no need to le_to_cpu */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1416 *oplock = rsp->OplockLevel;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1417 /* cifs fid stays in le */
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1418 oparms->fid->netfid = rsp->Fid;
86f740f2aed5ea Aurelien Aptel 2020-02-21 1419 oparms->fid->access = desired_access;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1420
^1da177e4c3f41 Linus Torvalds 2005-04-16 1421 /* Let caller know file was created so we can set the mode. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1422 /* Do we care about the CreateAction in any other cases? */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1423 if (cpu_to_le32(FILE_CREATE) == rsp->CreateAction)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1424 *oplock |= CIFS_CREATE_ACTION;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1425
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1426 if (buf) {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1427 /* copy from CreationTime to Attributes */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1428 memcpy((char *)buf, (char *)&rsp->CreationTime, 36);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1429 /* the file_info buf is endian converted by caller */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1430 buf->AllocationSize = rsp->AllocationSize;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1431 buf->EndOfFile = rsp->EndOfFile;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1432 buf->NumberOfLinks = cpu_to_le32(1);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1433 buf->DeletePending = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1434 }
a5a2b489bae8f6 Steve French 2005-08-20 1435
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1436 cifs_buf_release(req);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1437 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1438 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1439
:::::: The code at line 1386 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
* fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476]
@ 2022-06-14 10:04 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-06-14 10:04 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 16497 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check first_new_problem: fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Tanner Love <tannerlove@google.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: b13baccc3850ca8b8cccbf8ed9912dbaa0fdf7f3
commit: a358f40600b3b39ae3906b6118625b99c0aa7a34 once: implement DO_ONCE_LITE for non-fast-path "do once" functionality
date: 12 months ago
:::::: branch date: 35 hours ago
:::::: commit date: 12 months ago
config: i386-randconfig-c001-20220613 (https://download.01.org/0day-ci/archive/20220614/202206141711.csuZqKbT-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a358f40600b3b39ae3906b6118625b99c0aa7a34
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout a358f40600b3b39ae3906b6118625b99c0aa7a34
# save the config file
ARCH=i386 KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
fs/cifs/cifssmb.c: In function 'CIFS_open':
>> fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] [-Wanalyzer-null-dereference]
1386 | if (tcon->ses->capabilities & CAP_UNIX)
| ~~~~^~~~~
'CIFSSMBSetPathInfo': events 1-2
|
| 5838 | CIFSSMBSetPathInfo(const unsigned int xid, struct cifs_tcon *tcon,
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to 'CIFSSMBSetPathInfo'
|......
| 5855 | rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'smb_init' from 'CIFSSMBSetPathInfo'
| 5856 | (void **) &pSMBr);
| | ~~~~~~~~~~~~~~~~~
|
+--> 'smb_init': events 3-6
|
| 353 | smb_init(int smb_command, int wct, struct cifs_tcon *tcon,
| | ^~~~~~~~
| | |
| | (3) entry to 'smb_init'
|......
| 359 | if (rc)
| | ~
| | |
| | (4) following 'false' branch (when 'rc == 0')...
|......
| 362 | return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
| | ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (6) calling '__smb_init' from 'smb_init'
| | (5) ...to here
|
+--> '__smb_init': events 7-12
|
| 327 | __smb_init(int smb_command, int wct, struct cifs_tcon *tcon,
| | ^~~~~~~~~~
| | |
| | (7) entry to '__smb_init'
|......
| 331 | if (*request_buf == NULL) {
| | ~
| | |
| | (8) following 'false' branch...
|......
| 339 | if (response_buf)
| | ~~ ~
| | | |
| | | (10) following 'true' branch (when 'response_buf' is non-NULL)...
| | (9) ...to here
| 340 | *response_buf = *request_buf;
| | ~
| | |
| | (11) ...to here
|......
| 345 | if (tcon != NULL)
| | ~
| | |
| | (12) following 'false' branch (when 'tcon' is NULL)...
|
'__smb_init': event 13
|
|cc1:
| (13): ...to here
|
<------+
|
'smb_init': event 14
|
| 362 | return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (14) returning to 'smb_init' from '__smb_init'
|
<------+
|
'CIFSSMBSetPathInfo': events 15-17
|
| 5855 | rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) returning to 'CIFSSMBSetPathInfo' from 'smb_init'
| 5856 | (void **) &pSMBr);
| | ~~~~~~~~~~~~~~~~~
| 5857 | if (rc)
| | ~
| | |
| | (16) following 'false' branch (when 'rc == 0')...
|......
| 5860 | if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
| | ~~
| | |
| | (17) ...to here
|
'CIFSSMBSetPathInfo': events 18-19
|
|include/linux/fortify-string.h:189:12:
| 189 | if (p_size < size || q_size < size)
| | ^
vim +/tcon +1386 fs/cifs/cifssmb.c
a9d02ad49013c8 Steve French 2005-08-24 1319
^1da177e4c3f41 Linus Torvalds 2005-04-16 1320 int
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1321 CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock,
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1322 FILE_ALL_INFO *buf)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1323 {
1afdea4f19a97e Colin Ian King 2019-07-23 1324 int rc;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1325 OPEN_REQ *req = NULL;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1326 OPEN_RSP *rsp = NULL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1327 int bytes_returned;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1328 int name_len;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1329 __u16 count;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1330 struct cifs_sb_info *cifs_sb = oparms->cifs_sb;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1331 struct cifs_tcon *tcon = oparms->tcon;
2baa2682531ff0 Steve French 2014-09-27 1332 int remap = cifs_remap(cifs_sb);
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1333 const struct nls_table *nls = cifs_sb->local_nls;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1334 int create_options = oparms->create_options;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1335 int desired_access = oparms->desired_access;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1336 int disposition = oparms->disposition;
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1337 const char *path = oparms->path;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1338
^1da177e4c3f41 Linus Torvalds 2005-04-16 1339 openRetry:
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1340 rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **)&req,
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1341 (void **)&rsp);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1342 if (rc)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1343 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1344
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1345 /* no commands go after this */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1346 req->AndXCommand = 0xFF;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1347
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1348 if (req->hdr.Flags2 & SMBFLG2_UNICODE) {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1349 /* account for one byte pad to word boundary */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1350 count = 1;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1351 name_len = cifsConvertToUTF16((__le16 *)(req->fileName + 1),
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1352 path, PATH_MAX, nls, remap);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1353 /* trailing null */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1354 name_len++;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1355 name_len *= 2;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1356 req->NameLength = cpu_to_le16(name_len);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1357 } else {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1358 /* BB improve check for buffer overruns BB */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1359 /* no pad */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1360 count = 0;
340625e618e1b3 Ronnie Sahlberg 2019-08-27 1361 name_len = copy_path_name(req->fileName, path);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1362 req->NameLength = cpu_to_le16(name_len);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1363 }
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1364
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1365 if (*oplock & REQ_OPLOCK)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1366 req->OpenFlags = cpu_to_le32(REQ_OPLOCK);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1367 else if (*oplock & REQ_BATCHOPLOCK)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1368 req->OpenFlags = cpu_to_le32(REQ_BATCHOPLOCK);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1369
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1370 req->DesiredAccess = cpu_to_le32(desired_access);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1371 req->AllocationSize = 0;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1372
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1373 /*
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1374 * Set file as system file if special file such as fifo and server
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1375 * expecting SFU style and no Unix extensions.
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1376 */
eda3c029899cbf Steve French 2005-07-21 1377 if (create_options & CREATE_OPTION_SPECIAL)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1378 req->FileAttributes = cpu_to_le32(ATTR_SYSTEM);
eda3c029899cbf Steve French 2005-07-21 1379 else
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1380 req->FileAttributes = cpu_to_le32(ATTR_NORMAL);
67750fb9e07940 Jeff Layton 2008-05-09 1381
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1382 /*
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1383 * XP does not handle ATTR_POSIX_SEMANTICS but it helps speed up case
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1384 * sensitive checks for other servers such as Samba.
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1385 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 @1386 if (tcon->ses->capabilities & CAP_UNIX)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1387 req->FileAttributes |= cpu_to_le32(ATTR_POSIX_SEMANTICS);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1388
67750fb9e07940 Jeff Layton 2008-05-09 1389 if (create_options & CREATE_OPTION_READONLY)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1390 req->FileAttributes |= cpu_to_le32(ATTR_READONLY);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1391
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1392 req->ShareAccess = cpu_to_le32(FILE_SHARE_ALL);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1393 req->CreateDisposition = cpu_to_le32(disposition);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1394 req->CreateOptions = cpu_to_le32(create_options & CREATE_OPTIONS_MASK);
67750fb9e07940 Jeff Layton 2008-05-09 1395
09d1db5c613123 Steve French 2005-04-28 1396 /* BB Expirement with various impersonation levels and verify */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1397 req->ImpersonationLevel = cpu_to_le32(SECURITY_IMPERSONATION);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1398 req->SecurityFlags = SECURITY_CONTEXT_TRACKING|SECURITY_EFFECTIVE_ONLY;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1399
^1da177e4c3f41 Linus Torvalds 2005-04-16 1400 count += name_len;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1401 inc_rfc1001_len(req, count);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1402
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1403 req->ByteCount = cpu_to_le16(count);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1404 rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req,
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1405 (struct smb_hdr *)rsp, &bytes_returned, 0);
44c581866e2ae4 Pavel Shilovsky 2012-05-28 1406 cifs_stats_inc(&tcon->stats.cifs_stats.num_opens);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1407 if (rc) {
f96637be081141 Joe Perches 2013-05-04 1408 cifs_dbg(FYI, "Error in Open = %d\n", rc);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1409 cifs_buf_release(req);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1410 if (rc == -EAGAIN)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1411 goto openRetry;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1412 return rc;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1413 }
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1414
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1415 /* 1 byte no need to le_to_cpu */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1416 *oplock = rsp->OplockLevel;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1417 /* cifs fid stays in le */
d81b8a40e2ece0 Pavel Shilovsky 2014-01-16 1418 oparms->fid->netfid = rsp->Fid;
86f740f2aed5ea Aurelien Aptel 2020-02-21 1419 oparms->fid->access = desired_access;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1420
^1da177e4c3f41 Linus Torvalds 2005-04-16 1421 /* Let caller know file was created so we can set the mode. */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1422 /* Do we care about the CreateAction in any other cases? */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1423 if (cpu_to_le32(FILE_CREATE) == rsp->CreateAction)
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1424 *oplock |= CIFS_CREATE_ACTION;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1425
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1426 if (buf) {
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1427 /* copy from CreationTime to Attributes */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1428 memcpy((char *)buf, (char *)&rsp->CreationTime, 36);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1429 /* the file_info buf is endian converted by caller */
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1430 buf->AllocationSize = rsp->AllocationSize;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1431 buf->EndOfFile = rsp->EndOfFile;
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1432 buf->NumberOfLinks = cpu_to_le32(1);
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1433 buf->DeletePending = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1434 }
a5a2b489bae8f6 Steve French 2005-08-20 1435
9bf4fa01f9aaf2 Pavel Shilovsky 2014-01-16 1436 cifs_buf_release(req);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1437 return rc;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1438 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1439
:::::: The code at line 1386 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-15 22:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-15 22:58 fs/cifs/cifssmb.c:1386:17: warning: dereference of NULL 'tcon' [CWE-476] kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-06-15 20:15 kernel test robot
2022-06-14 10:04 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.