I had forgotten to push a one line fix for this we did earlier - I
just merged it with the previous patch and repushed.
On Fri, Jun 22, 2018 at 6:03 AM Dan Carpenter via samba-technical
<samba-technical@xxxxxxxxxxxxxxx> wrote:
>
> tree: git://git.samba.org/sfrench/cifs-2.6.git for-next
> head: a0b287ee23a7ad77c1222301f7550625ca2e0d3b
> commit: a0b287ee23a7ad77c1222301f7550625ca2e0d3b [7/7] CIFS: fix memory leak and remove dead code
>
> smatch warnings:
> fs/cifs/smb2pdu.c:2056 smb311_posix_mkdir() error: uninitialized symbol 'rsp'.
>
> git remote add cifs git://git.samba.org/sfrench/cifs-2.6.git
> git remote update cifs
> git checkout a0b287ee23a7ad77c1222301f7550625ca2e0d3b
> vim +/rsp +2056 fs/cifs/smb2pdu.c
>
> f0712928 Aurelien Aptel 2017-02-22 1913
> bea851b8 Steve French 2018-06-14 1914 #ifdef CONFIG_CIFS_SMB311
> bea851b8 Steve French 2018-06-14 1915 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
> bea851b8 Steve French 2018-06-14 1916 umode_t mode, struct cifs_tcon *tcon,
> bea851b8 Steve French 2018-06-14 1917 const char *full_path,
> bea851b8 Steve French 2018-06-14 1918 struct cifs_sb_info *cifs_sb)
> bea851b8 Steve French 2018-06-14 1919 {
> bea851b8 Steve French 2018-06-14 1920 struct smb_rqst rqst;
> bea851b8 Steve French 2018-06-14 1921 struct smb2_create_req *req;
> bea851b8 Steve French 2018-06-14 1922 struct smb2_create_rsp *rsp;
> bea851b8 Steve French 2018-06-14 1923 struct TCP_Server_Info *server;
> bea851b8 Steve French 2018-06-14 1924 struct cifs_ses *ses = tcon->ses;
> bea851b8 Steve French 2018-06-14 1925 struct kvec iov[3]; /* make sure at least one for each open context */
> bea851b8 Steve French 2018-06-14 1926 struct kvec rsp_iov = {NULL, 0};
> bea851b8 Steve French 2018-06-14 1927 int resp_buftype;
> bea851b8 Steve French 2018-06-14 1928 int uni_path_len;
> bea851b8 Steve French 2018-06-14 1929 __le16 *copy_path = NULL;
> bea851b8 Steve French 2018-06-14 1930 int copy_size;
> bea851b8 Steve French 2018-06-14 1931 int rc = 0;
> bea851b8 Steve French 2018-06-14 1932 unsigned int n_iov = 2;
> bea851b8 Steve French 2018-06-14 1933 __u32 file_attributes = 0;
> bea851b8 Steve French 2018-06-14 1934 char *pc_buf = NULL;
> bea851b8 Steve French 2018-06-14 1935 int flags = 0;
> bea851b8 Steve French 2018-06-14 1936 unsigned int total_len;
> a0b287ee Aurelien Aptel 2018-06-19 1937 __le16 *utf16_path = NULL;
> bea851b8 Steve French 2018-06-14 1938
> bea851b8 Steve French 2018-06-14 1939 cifs_dbg(FYI, "mkdir\n");
> bea851b8 Steve French 2018-06-14 1940
> a0b287ee Aurelien Aptel 2018-06-19 1941 /* resource #1: path allocation */
> a0b287ee Aurelien Aptel 2018-06-19 1942 utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
> a0b287ee Aurelien Aptel 2018-06-19 1943 if (!utf16_path)
> a0b287ee Aurelien Aptel 2018-06-19 1944 return -ENOMEM;
> a0b287ee Aurelien Aptel 2018-06-19 1945
> bea851b8 Steve French 2018-06-14 1946 if (ses && (ses->server))
> bea851b8 Steve French 2018-06-14 1947 server = ses->server;
> a0b287ee Aurelien Aptel 2018-06-19 1948 else {
> a0b287ee Aurelien Aptel 2018-06-19 1949 rc = -EIO;
> a0b287ee Aurelien Aptel 2018-06-19 1950 goto err_free_path;
> a0b287ee Aurelien Aptel 2018-06-19 1951 }
> bea851b8 Steve French 2018-06-14 1952
> a0b287ee Aurelien Aptel 2018-06-19 1953 /* resource #2: request */
> bea851b8 Steve French 2018-06-14 1954 rc = smb2_plain_req_init(SMB2_CREATE, tcon, (void **) &req, &total_len);
> bea851b8 Steve French 2018-06-14 1955 if (rc)
> a0b287ee Aurelien Aptel 2018-06-19 1956 goto err_free_path;
> a0b287ee Aurelien Aptel 2018-06-19 1957
> bea851b8 Steve French 2018-06-14 1958
> bea851b8 Steve French 2018-06-14 1959 if (smb3_encryption_required(tcon))
> bea851b8 Steve French 2018-06-14 1960 flags |= CIFS_TRANSFORM_REQ;
> bea851b8 Steve French 2018-06-14 1961
> bea851b8 Steve French 2018-06-14 1962 req->ImpersonationLevel = IL_IMPERSONATION;
> bea851b8 Steve French 2018-06-14 1963 req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
> bea851b8 Steve French 2018-06-14 1964 /* File attributes ignored on open (used in create though) */
> bea851b8 Steve French 2018-06-14 1965 req->FileAttributes = cpu_to_le32(file_attributes);
> bea851b8 Steve French 2018-06-14 1966 req->ShareAccess = FILE_SHARE_ALL_LE;
> bea851b8 Steve French 2018-06-14 1967 req->CreateDisposition = cpu_to_le32(FILE_CREATE);
> bea851b8 Steve French 2018-06-14 1968 req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE);
> bea851b8 Steve French 2018-06-14 1969
> bea851b8 Steve French 2018-06-14 1970 iov[0].iov_base = (char *)req;
> bea851b8 Steve French 2018-06-14 1971 /* -1 since last byte is buf[0] which is sent below (path) */
> bea851b8 Steve French 2018-06-14 1972 iov[0].iov_len = total_len - 1;
> bea851b8 Steve French 2018-06-14 1973
> bea851b8 Steve French 2018-06-14 1974 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
> bea851b8 Steve French 2018-06-14 1975
> bea851b8 Steve French 2018-06-14 1976 /* [MS-SMB2] 2.2.13 NameOffset:
> bea851b8 Steve French 2018-06-14 1977 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
> bea851b8 Steve French 2018-06-14 1978 * the SMB2 header, the file name includes a prefix that will
> bea851b8 Steve French 2018-06-14 1979 * be processed during DFS name normalization as specified in
> bea851b8 Steve French 2018-06-14 1980 * section 3.3.5.9. Otherwise, the file name is relative to
> bea851b8 Steve French 2018-06-14 1981 * the share that is identified by the TreeId in the SMB2
> bea851b8 Steve French 2018-06-14 1982 * header.
> bea851b8 Steve French 2018-06-14 1983 */
> bea851b8 Steve French 2018-06-14 1984 if (tcon->share_flags & SHI1005_FLAGS_DFS) {
> bea851b8 Steve French 2018-06-14 1985 int name_len;
> bea851b8 Steve French 2018-06-14 1986
> bea851b8 Steve French 2018-06-14 1987 req->sync_hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
> bea851b8 Steve French 2018-06-14 1988 rc = alloc_path_with_tree_prefix(©_path, ©_size,
> bea851b8 Steve French 2018-06-14 1989 &name_len,
> a0b287ee Aurelien Aptel 2018-06-19 1990 tcon->treeName, utf16_path);
> a0b287ee Aurelien Aptel 2018-06-19 1991 if (rc)
> a0b287ee Aurelien Aptel 2018-06-19 1992 goto err_free_req;
> a0b287ee Aurelien Aptel 2018-06-19 1993
> bea851b8 Steve French 2018-06-14 1994 req->NameLength = cpu_to_le16(name_len * 2);
> bea851b8 Steve French 2018-06-14 1995 uni_path_len = copy_size;
> a0b287ee Aurelien Aptel 2018-06-19 1996 /* free before overwriting resource */
> a0b287ee Aurelien Aptel 2018-06-19 1997 kfree(utf16_path);
> a0b287ee Aurelien Aptel 2018-06-19 1998 utf16_path = copy_path;
> bea851b8 Steve French 2018-06-14 1999 } else {
> a0b287ee Aurelien Aptel 2018-06-19 2000 uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
> bea851b8 Steve French 2018-06-14 2001 /* MUST set path len (NameLength) to 0 opening root of share */
> bea851b8 Steve French 2018-06-14 2002 req->NameLength = cpu_to_le16(uni_path_len - 2);
> bea851b8 Steve French 2018-06-14 2003 if (uni_path_len % 8 != 0) {
> bea851b8 Steve French 2018-06-14 2004 copy_size = roundup(uni_path_len, 8);
> bea851b8 Steve French 2018-06-14 2005 copy_path = kzalloc(copy_size, GFP_KERNEL);
> bea851b8 Steve French 2018-06-14 2006 if (!copy_path) {
> a0b287ee Aurelien Aptel 2018-06-19 2007 rc = -ENOMEM;
> a0b287ee Aurelien Aptel 2018-06-19 2008 goto err_free_req;
> bea851b8 Steve French 2018-06-14 2009 }
> a0b287ee Aurelien Aptel 2018-06-19 2010 memcpy((char *)copy_path, (const char *)utf16_path,
> bea851b8 Steve French 2018-06-14 2011 uni_path_len);
> bea851b8 Steve French 2018-06-14 2012 uni_path_len = copy_size;
> a0b287ee Aurelien Aptel 2018-06-19 2013 /* free before overwriting resource */
> a0b287ee Aurelien Aptel 2018-06-19 2014 kfree(utf16_path);
> a0b287ee Aurelien Aptel 2018-06-19 2015 utf16_path = copy_path;
> bea851b8 Steve French 2018-06-14 2016 }
> bea851b8 Steve French 2018-06-14 2017 }
> bea851b8 Steve French 2018-06-14 2018
> bea851b8 Steve French 2018-06-14 2019 iov[1].iov_len = uni_path_len;
> a0b287ee Aurelien Aptel 2018-06-19 2020 iov[1].iov_base = utf16_path;
> bea851b8 Steve French 2018-06-14 2021 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
> bea851b8 Steve French 2018-06-14 2022
> bea851b8 Steve French 2018-06-14 2023 if (tcon->posix_extensions) {
> a0b287ee Aurelien Aptel 2018-06-19 2024 /* resource #3: posix buf */
> bea851b8 Steve French 2018-06-14 2025 rc = add_posix_context(iov, &n_iov, mode);
> a0b287ee Aurelien Aptel 2018-06-19 2026 if (rc)
> a0b287ee Aurelien Aptel 2018-06-19 2027 goto err_free_req;
> bea851b8 Steve French 2018-06-14 2028 pc_buf = iov[n_iov-1].iov_base;
> bea851b8 Steve French 2018-06-14 2029 }
> bea851b8 Steve French 2018-06-14 2030
> bea851b8 Steve French 2018-06-14 2031
> bea851b8 Steve French 2018-06-14 2032 memset(&rqst, 0, sizeof(struct smb_rqst));
> bea851b8 Steve French 2018-06-14 2033 rqst.rq_iov = iov;
> bea851b8 Steve French 2018-06-14 2034 rqst.rq_nvec = n_iov;
> bea851b8 Steve French 2018-06-14 2035
> a0b287ee Aurelien Aptel 2018-06-19 2036 /* resource #4: response buffer */
> a0b287ee Aurelien Aptel 2018-06-19 2037 rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);
> a0b287ee Aurelien Aptel 2018-06-19 2038 if (rc) {
> bea851b8 Steve French 2018-06-14 2039 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
> bea851b8 Steve French 2018-06-14 2040 trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
> a0b287ee Aurelien Aptel 2018-06-19 2041 CREATE_NOT_FILE,
> a0b287ee Aurelien Aptel 2018-06-19 2042 FILE_WRITE_ATTRIBUTES, rc);
> a0b287ee Aurelien Aptel 2018-06-19 2043 goto err_free_rsp_buf;
> ^^^^^^^^^^^^^^^^^^^^^^
> a0b287ee Aurelien Aptel 2018-06-19 2044 }
> a0b287ee Aurelien Aptel 2018-06-19 2045
> a0b287ee Aurelien Aptel 2018-06-19 2046 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
> ^^^^^^
> Initialized too late.
>
> bea851b8 Steve French 2018-06-14 2047 trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid,
> bea851b8 Steve French 2018-06-14 2048 ses->Suid, CREATE_NOT_FILE,
> bea851b8 Steve French 2018-06-14 2049 FILE_WRITE_ATTRIBUTES);
> bea851b8 Steve French 2018-06-14 2050
> bea851b8 Steve French 2018-06-14 2051 SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
> bea851b8 Steve French 2018-06-14 2052
> bea851b8 Steve French 2018-06-14 2053 /* Eventually save off posix specific response info and timestaps */
> bea851b8 Steve French 2018-06-14 2054
> a0b287ee Aurelien Aptel 2018-06-19 2055 err_free_rsp_buf:
> bea851b8 Steve French 2018-06-14 @2056 free_rsp_buf(resp_buftype, rsp);
> a0b287ee Aurelien Aptel 2018-06-19 2057 kfree(pc_buf);
> a0b287ee Aurelien Aptel 2018-06-19 2058 err_free_req:
> a0b287ee Aurelien Aptel 2018-06-19 2059 cifs_small_buf_release(req);
> a0b287ee Aurelien Aptel 2018-06-19 2060 err_free_path:
> a0b287ee Aurelien Aptel 2018-06-19 2061 kfree(utf16_path);
> bea851b8 Steve French 2018-06-14 2062 return rc;
> bea851b8 Steve French 2018-06-14 2063 }
> bea851b8 Steve French 2018-06-14 2064 #endif /* SMB311 */
> bea851b8 Steve French 2018-06-14 2065
>
> :::::: The code at line 2056 was first introduced by commit
> :::::: bea851b8babe6c87c36e97c9de0dd0bea0dd5802 smb3: Fix mode on mkdir on smb311 mounts
>
> :::::: TO: Steve French <stfrench@xxxxxxxxxxxxx>
> :::::: CC: Steve French <stfrench@xxxxxxxxxxxxx>
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
