linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Namjae Jeon <linkinjeon@kernel.org>
To: kernel test robot <lkp@intel.com>
Cc: linux-cifs@vger.kernel.org, llvm@lists.linux.dev,
	kbuild-all@lists.01.org,
	"Ronnie Sahlberg" <ronniesahlberg@gmail.com>,
	"Ralph Böhme" <slow@samba.org>,
	"Steve French" <smfrench@gmail.com>
Subject: Re: [PATCH 2/4] ksmbd: add validation in smb2_ioctl
Date: Sun, 19 Sep 2021 06:43:51 +0900	[thread overview]
Message-ID: <CAKYAXd_jE3MwfwqbSxJ0E5DjPxU9mSH11onkqFcumbdMO21w8Q@mail.gmail.com> (raw)
In-Reply-To: <202109190257.fZUGN7K6-lkp@intel.com>

2021-09-19 3:51 GMT+09:00, kernel test robot <lkp@intel.com>:
> Hi Namjae,
Hi,

I will fix it, Thanks for your report!
>
> I love your patch! Perhaps something to improve:
>
> [auto build test WARNING on linus/master]
> [also build test WARNING on v5.15-rc1 next-20210917]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch]
>
> url:
> https://github.com/0day-ci/linux/commits/Namjae-Jeon/ksmbd-add-request-buffer-validation-in-smb2_set_info/20210918-174717
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> 4357f03d6611753936e4d52fc251b54a6afb1b54
> config: hexagon-randconfig-r022-20210918 (attached as .config)
> compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project
> c8b3d7d6d6de37af68b2f379d0e37304f78e115f)
> reproduce (this is a W=1 build):
>         wget
> https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
> ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         #
> https://github.com/0day-ci/linux/commit/57e7ede2bf2d38cb0f368f2fc54d646168b3d119
>         git remote add linux-review https://github.com/0day-ci/linux
>         git fetch --no-tags linux-review
> Namjae-Jeon/ksmbd-add-request-buffer-validation-in-smb2_set_info/20210918-174717
>         git checkout 57e7ede2bf2d38cb0f368f2fc54d646168b3d119
>         # save the attached .config to linux build tree
>         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1
> ARCH=hexagon
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
> All warnings (new ones prefixed by >>):
>
>>> fs/ksmbd/smb2pdu.c:7037:6: warning: variable 'ret' is used uninitialized
>>> whenever 'if' condition is true [-Wsometimes-uninitialized]
>            if (chunk_count == 0)
>                ^~~~~~~~~~~~~~~~
>    fs/ksmbd/smb2pdu.c:7120:9: note: uninitialized use occurs here
>            return ret;
>                   ^~~
>    fs/ksmbd/smb2pdu.c:7037:2: note: remove the 'if' if its condition is
> always false
>            if (chunk_count == 0)
>            ^~~~~~~~~~~~~~~~~~~~~
>    fs/ksmbd/smb2pdu.c:7020:9: note: initialize the variable 'ret' to silence
> this warning
>            int ret, cnt_code;
>                   ^
>                    = 0
>    1 warning generated.
>
>
> vim +7037 fs/ksmbd/smb2pdu.c
>
>   7009	
>   7010	static int fsctl_copychunk(struct ksmbd_work *work, struct
> smb2_ioctl_req *req,
>   7011				   struct smb2_ioctl_rsp *rsp)
>   7012	{
>   7013		struct copychunk_ioctl_req *ci_req;
>   7014		struct copychunk_ioctl_rsp *ci_rsp;
>   7015		struct ksmbd_file *src_fp = NULL, *dst_fp = NULL;
>   7016		struct srv_copychunk *chunks;
>   7017		unsigned int i, chunk_count, chunk_count_written = 0;
>   7018		unsigned int chunk_size_written = 0;
>   7019		loff_t total_size_written = 0;
>   7020		int ret, cnt_code;
>   7021	
>   7022		cnt_code = le32_to_cpu(req->CntCode);
>   7023		ci_req = (struct copychunk_ioctl_req *)&req->Buffer[0];
>   7024		ci_rsp = (struct copychunk_ioctl_rsp *)&rsp->Buffer[0];
>   7025	
>   7026		rsp->VolatileFileId = req->VolatileFileId;
>   7027		rsp->PersistentFileId = req->PersistentFileId;
>   7028		ci_rsp->ChunksWritten =
>   7029			cpu_to_le32(ksmbd_server_side_copy_max_chunk_count());
>   7030		ci_rsp->ChunkBytesWritten =
>   7031			cpu_to_le32(ksmbd_server_side_copy_max_chunk_size());
>   7032		ci_rsp->TotalBytesWritten =
>   7033			cpu_to_le32(ksmbd_server_side_copy_max_total_size());
>   7034	
>   7035		chunks = (struct srv_copychunk *)&ci_req->Chunks[0];
>   7036		chunk_count = le32_to_cpu(ci_req->ChunkCount);
>> 7037		if (chunk_count == 0)
>   7038			goto out;
>   7039		total_size_written = 0;
>   7040	
>   7041		/* verify the SRV_COPYCHUNK_COPY packet */
>   7042		if (chunk_count > ksmbd_server_side_copy_max_chunk_count() ||
>   7043		    le32_to_cpu(req->InputCount) <
>   7044		     offsetof(struct copychunk_ioctl_req, Chunks) +
>   7045		     chunk_count * sizeof(struct srv_copychunk)) {
>   7046			rsp->hdr.Status = STATUS_INVALID_PARAMETER;
>   7047			return -EINVAL;
>   7048		}
>   7049	
>   7050		for (i = 0; i < chunk_count; i++) {
>   7051			if (le32_to_cpu(chunks[i].Length) == 0 ||
>   7052			    le32_to_cpu(chunks[i].Length) >
> ksmbd_server_side_copy_max_chunk_size())
>   7053				break;
>   7054			total_size_written += le32_to_cpu(chunks[i].Length);
>   7055		}
>   7056	
>   7057		if (i < chunk_count ||
>   7058		    total_size_written > ksmbd_server_side_copy_max_total_size()) {
>   7059			rsp->hdr.Status = STATUS_INVALID_PARAMETER;
>   7060			return -EINVAL;
>   7061		}
>   7062	
>   7063		src_fp = ksmbd_lookup_foreign_fd(work,
>   7064						 le64_to_cpu(ci_req->ResumeKey[0]));
>   7065		dst_fp = ksmbd_lookup_fd_slow(work,
>   7066					      le64_to_cpu(req->VolatileFileId),
>   7067					      le64_to_cpu(req->PersistentFileId));
>   7068		ret = -EINVAL;
>   7069		if (!src_fp ||
>   7070		    src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) {
>   7071			rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
>   7072			goto out;
>   7073		}
>   7074	
>   7075		if (!dst_fp) {
>   7076			rsp->hdr.Status = STATUS_FILE_CLOSED;
>   7077			goto out;
>   7078		}
>   7079	
>   7080		/*
>   7081		 * FILE_READ_DATA should only be included in
>   7082		 * the FSCTL_COPYCHUNK case
>   7083		 */
>   7084		if (cnt_code == FSCTL_COPYCHUNK &&
>   7085		    !(dst_fp->daccess & (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE)))
> {
>   7086			rsp->hdr.Status = STATUS_ACCESS_DENIED;
>   7087			goto out;
>   7088		}
>   7089	
>   7090		ret = ksmbd_vfs_copy_file_ranges(work, src_fp, dst_fp,
>   7091						 chunks, chunk_count,
>   7092						 &chunk_count_written,
>   7093						 &chunk_size_written,
>   7094						 &total_size_written);
>   7095		if (ret < 0) {
>   7096			if (ret == -EACCES)
>   7097				rsp->hdr.Status = STATUS_ACCESS_DENIED;
>   7098			if (ret == -EAGAIN)
>   7099				rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
>   7100			else if (ret == -EBADF)
>   7101				rsp->hdr.Status = STATUS_INVALID_HANDLE;
>   7102			else if (ret == -EFBIG || ret == -ENOSPC)
>   7103				rsp->hdr.Status = STATUS_DISK_FULL;
>   7104			else if (ret == -EINVAL)
>   7105				rsp->hdr.Status = STATUS_INVALID_PARAMETER;
>   7106			else if (ret == -EISDIR)
>   7107				rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
>   7108			else if (ret == -E2BIG)
>   7109				rsp->hdr.Status = STATUS_INVALID_VIEW_SIZE;
>   7110			else
>   7111				rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
>   7112		}
>   7113	
>   7114		ci_rsp->ChunksWritten = cpu_to_le32(chunk_count_written);
>   7115		ci_rsp->ChunkBytesWritten = cpu_to_le32(chunk_size_written);
>   7116		ci_rsp->TotalBytesWritten = cpu_to_le32(total_size_written);
>   7117	out:
>   7118		ksmbd_fd_put(work, src_fp);
>   7119		ksmbd_fd_put(work, dst_fp);
>   7120		return ret;
>   7121	}
>   7122	
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>

  reply	other threads:[~2021-09-18 21:43 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-18  9:45 [PATCH 1/4] ksmbd: add request buffer validation in smb2_set_info Namjae Jeon
2021-09-18  9:45 ` [PATCH 2/4] ksmbd: add validation in smb2_ioctl Namjae Jeon
2021-09-18 18:51   ` kernel test robot
2021-09-18 21:43     ` Namjae Jeon [this message]
2021-09-18  9:45 ` [PATCH 3/4] ksmbd: add validatioin for FILE_FULL_EA_INFORMATION of smb2_get_info Namjae Jeon
2021-09-18 15:55   ` Steve French
2021-09-18 17:57     ` Steve French
2021-09-18 18:10     ` Ralph Boehme
2021-09-18  9:45 ` [PATCH 4/4] ksmbd: add buffer validation for SMB2_CREATE_CONTEXT Namjae Jeon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKYAXd_jE3MwfwqbSxJ0E5DjPxU9mSH11onkqFcumbdMO21w8Q@mail.gmail.com \
    --to=linkinjeon@kernel.org \
    --cc=kbuild-all@lists.01.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=llvm@lists.linux.dev \
    --cc=ronniesahlberg@gmail.com \
    --cc=slow@samba.org \
    --cc=smfrench@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).