Hello Aurelien Aptel,
The patch feeaec621c09: "cifs: multichannel: move channel selection
above transport layer" from Apr 24, 2020, leads to the following
static checker warning:
fs/cifs/smb2pdu.c:149 smb2_hdr_assemble()
error: we previously assumed 'tcon->ses' could be null (see line 133)
fs/cifs/smb2pdu.c
120 shdr->ProcessId = cpu_to_le32((__u16)current->tgid);
121
122 if (!tcon)
123 goto out;
124
125 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
126 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
127 if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
128 shdr->CreditCharge = cpu_to_le16(1);
129 /* else CreditCharge MBZ */
130
131 shdr->TreeId = tcon->tid;
132 /* Uid is not converted */
133 if (tcon->ses)
^^^^^^^^^
Check for NULL.
134 shdr->SessionId = tcon->ses->Suid;
135
136 /*
137 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
138 * to pass the path on the Open SMB prefixed by \\server\share.
139 * Not sure when we would need to do the augmented path (if ever) and
140 * setting this flag breaks the SMB2 open operation since it is
141 * illegal to send an empty path name (without \\server\share prefix)
142 * when the DFS flag is set in the SMB open header. We could
143 * consider setting the flag on all operations other than open
144 * but it is safer to net set it for now.
145 */
146 /* if (tcon->share_flags & SHI1005_FLAGS_DFS)
147 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
148
149 if (server && server->sign && !smb3_encryption_required(tcon))
^^^^
Unchecked dereference inside the function. There used to be a bunch
of checks for NULL "tcon->ses" but some of them were replaces with a
check for "server" instead.
150 shdr->Flags |= SMB2_FLAGS_SIGNED;
151 out:
152 return;
153 }
regards,
dan carpenter
