Re: [bug report] cifs: do not search for channel if server is terminating

Steve French <smfrench@xxxxxxxxx> · Mon, 5 Feb 2024 14:54:28 -0600

Shyam,
Let me know if any objections to this fix, similar to what was pointed
out by Dan.

See attached.


On Mon, Feb 5, 2024 at 2:52 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> Hello Shyam Prasad N,
>
> This is a semi-automatic email about new static checker warnings.
>
>     fs/smb/client/sess.c:88 cifs_ses_get_chan_index()
>     warn: variable dereferenced before check 'server' (see line 79)
>
> fs/smb/client/sess.c
>     78          /* if the channel is waiting for termination */
>     79          if (server->terminate)
>                     ^^^^^^^^^^^^^^^^^
> The patch adds an unchecked dereference
>
>     80                  return CIFS_INVAL_CHAN_INDEX;
>     81
>     82          for (i = 0; i < ses->chan_count; i++) {
>     83                  if (ses->chans[i].server == server)
>     84                          return i;
>     85          }
>     86
>     87          /* If we didn't find the channel, it is likely a bug */
>     88          if (server)
>                     ^^^^^^
> But the existing code assumed that server could be NULL
>
>     89                  cifs_dbg(VFS, "unable to get chan index for server: 0x%llx",
>     90                           server->conn_id);
>
> regards,
> dan carpenter
>


-- 
Thanks,

Steve
From afb511be9dfb27ff57b9213ef56c264eaff6db34 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@xxxxxxxxxxxxx>
Date: Mon, 5 Feb 2024 14:43:17 -0600
Subject: [PATCH] smb3: add missing null server pointer check

Address static checker warning in cifs_ses_get_chan_index():
    warn: variable dereferenced before check 'server'
To be consistent, and reduce risk, we should add another check
for null server pointer.

Fixes: 88675b22d34e ("cifs: do not search for channel if server is terminating")
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Cc: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
---
 fs/smb/client/sess.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index ed4bd88dd528..476d54fceb50 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -76,7 +76,7 @@ cifs_ses_get_chan_index(struct cifs_ses *ses,
 	unsigned int i;
 
 	/* if the channel is waiting for termination */
-	if (server->terminate)
+	if (server && server->terminate)
 		return CIFS_INVAL_CHAN_INDEX;
 
 	for (i = 0; i < ses->chan_count; i++) {
-- 
2.40.1





