tree: git://git.samba.org/sfrench/cifs-2.6.git for-next head: 2808c6639104c5aea1fccdf692deab0ccf00914f commit: 2808c6639104c5aea1fccdf692deab0ccf00914f [15/15] cifs: add new debugging macro cifs_server_dbg If you fix the issue, kindly add following tag Reported-by: kbuild test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> New smatch warnings: fs/cifs/transport.c:1247 SendReceive() warn: variable dereferenced before check 'ses' (see line 1245) fs/cifs/transport.c:1342 SendReceive() warn: inconsistent returns 'mutex:&ses->server->srv_mutex'. Locked on: line 1249 Unlocked on: line 1284 fs/cifs/transport.c:1342 SendReceive() warn: inconsistent returns 'mutex:&server->srv_mutex'. Locked on: line 1284 Unlocked on: line 1249 fs/cifs/smb2pdu.c:2763 SMB2_ioctl() warn: variable dereferenced before check 'ses' (see line 2762) fs/cifs/smb2pdu.c:3067 query_info() warn: variable dereferenced before check 'ses' (see line 3061) git remote add cifs git://git.samba.org/sfrench/cifs-2.6.git git remote update cifs git checkout 2808c6639104c5aea1fccdf692deab0ccf00914f vim +/ses +1247 fs/cifs/transport.c 96daf2b09178d8 Steve French 2011-05-27 1235 SendReceive(const unsigned int xid, struct cifs_ses *ses, ^1da177e4c3f41 Linus Torvalds 2005-04-16 1236 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 480b1cb9dad894 Ronnie Sahlberg 2019-03-08 1237 int *pbytes_returned, const int flags) ^1da177e4c3f41 Linus Torvalds 2005-04-16 1238 { ^1da177e4c3f41 Linus Torvalds 2005-04-16 1239 int rc = 0; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1240 struct mid_q_entry *midQ; fb2036d817584d Pavel Shilovsky 2016-11-23 1241 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); fb2036d817584d Pavel Shilovsky 2016-11-23 1242 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; fb2036d817584d Pavel Shilovsky 2016-11-23 1243 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 34f4deb7c56c6f Pavel Shilovsky 2019-01-16 1244 struct cifs_credits credits = { .value = 1, .instance = 0 }; 2808c6639104c5 Ronnie Sahlberg 2019-08-28 @1245 struct TCP_Server_Info *server = ses->server; ^^^^^^^^^^^ Dereference ^1da177e4c3f41 Linus Torvalds 2005-04-16 1246 ^1da177e4c3f41 Linus Torvalds 2005-04-16 @1247 if (ses == NULL) { ^^^^^^^^^^^ Check f96637be081141 Joe Perches 2013-05-04 1248 cifs_dbg(VFS, "Null smb session\n"); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1249 return -EIO; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1250 } 2808c6639104c5 Ronnie Sahlberg 2019-08-28 1251 if (server == NULL) { f96637be081141 Joe Perches 2013-05-04 1252 cifs_dbg(VFS, "Null tcp session\n"); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1253 return -EIO; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1254 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 1255 2808c6639104c5 Ronnie Sahlberg 2019-08-28 1256 if (server->tcpStatus == CifsExiting) 31ca3bc3c569f9 Steve French 2005-04-28 1257 return -ENOENT; 31ca3bc3c569f9 Steve French 2005-04-28 1258 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1259 /* Ensure that we do not send more than 50 overlapping requests ^1da177e4c3f41 Linus Torvalds 2005-04-16 1260 to the same server. We may make this configurable later or ^1da177e4c3f41 Linus Torvalds 2005-04-16 1261 use ses->maxReq */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 1262 fb2036d817584d Pavel Shilovsky 2016-11-23 1263 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 2808c6639104c5 Ronnie Sahlberg 2019-08-28 1264 cifs_server_dbg(VFS, "Illegal length, greater than maximum frame, %d\n", fb2036d817584d Pavel Shilovsky 2016-11-23 1265 len); 6d9c6d543165d1 Volker Lendecke 2008-12-08 1266 return -EIO; 6d9c6d543165d1 Volker Lendecke 2008-12-08 1267 } 6d9c6d543165d1 Volker Lendecke 2008-12-08 1268 2808c6639104c5 Ronnie Sahlberg 2019-08-28 1269 rc = wait_for_free_request(server, flags, &credits.instance); 7ee1af765dfa31 Jeremy Allison 2006-08-02 1270 if (rc) 7ee1af765dfa31 Jeremy Allison 2006-08-02 1271 return rc; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1272 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1273 /* make sure that we sign in the same order that we send on this socket ^1da177e4c3f41 Linus Torvalds 2005-04-16 1274 and avoid races inside tcp sendmsg code that could cause corruption ^1da177e4c3f41 Linus Torvalds 2005-04-16 1275 of smb data */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 1276 2808c6639104c5 Ronnie Sahlberg 2019-08-28 1277 mutex_lock(&server->srv_mutex); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1278 7ee1af765dfa31 Jeremy Allison 2006-08-02 1279 rc = allocate_mid(ses, in_buf, &midQ); 7ee1af765dfa31 Jeremy Allison 2006-08-02 1280 if (rc) { 72ca545b2d83ac Jeff Layton 2008-12-01 1281 mutex_unlock(&ses->server->srv_mutex); ^^^^^^^^^^^^^^^^^^^^^^ This isn't a bug, but Smatch wants you to use "&server->srv_mutex" instead of &ses->server->srv_mutex. They are equivalent. 7ee1af765dfa31 Jeremy Allison 2006-08-02 1282 /* Update # of requests on wire to server */ 2808c6639104c5 Ronnie Sahlberg 2019-08-28 1283 add_credits(server, &credits, 0); 7ee1af765dfa31 Jeremy Allison 2006-08-02 1284 return rc; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1285 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 1286 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation