From patchwork Sun Apr 22 15:30:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 10355473 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8E9086023A for ; Sun, 22 Apr 2018 15:30:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 789D228956 for ; Sun, 22 Apr 2018 15:30:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6C5B028985; Sun, 22 Apr 2018 15:30:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_TVD_MIME_EPI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3599F28956 for ; Sun, 22 Apr 2018 15:30:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754754AbeDVPaZ (ORCPT ); Sun, 22 Apr 2018 11:30:25 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:32934 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755416AbeDVPaW (ORCPT ); Sun, 22 Apr 2018 11:30:22 -0400 Received: by mail-pg0-f67.google.com with SMTP id i194so6644652pgd.0; Sun, 22 Apr 2018 08:30:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K95F+71Yc2D7Knt5bcVc//ndkJKegNYose/dzITn48s=; b=JvZSevT1rH9FTyh2dsWFa8tTBoEZ9VaoyTxg49gnE2NZsFW4Y5maXyFjn/idBYt/53 axlBubCe/fD4O1ZHp6cUFQ6TdrGzmcy1hfyAoS+ONVVwQNYMFgldkgC9YPbgxXqRiaHL iD3qnp/0uRo8iIVkgi9jsz4XOD0pdvQV60MwJzyIOfnWMgGSF+uJVyyecOKDRt3+KKyf tKhUjCY+mrZEAhqHUSqB6+FIHRVRWRf0W+rBcna0NGgbtRKf9+PTGaI3VoA2a/NgDybR QUdIZs5acgT2JmiwPpySknUoLCGwmK19Wha+ZDCr7fO2rnRz41kx1Ui1MM86O/0wCO6l y+Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K95F+71Yc2D7Knt5bcVc//ndkJKegNYose/dzITn48s=; b=E2FMy6ndbXqTQpRt5l+MvGx/SC3/ymFveyOANpD++r/OE0gjRo4KGMPrTzdR9a3NPs xjbC06wCIH6Dxrn0TOEvY9moiR8GxT5qkElADLKUJu6W5bFaoMO+2llad5IRmxoUFaJ2 uvek4q1HVJD10SWlxQurx3J/z975NZXazojGBhtvf+2zSK3jJQ/oovssOaN9iucbuW8P AVpffeUQe3x2h0nB17gmcDwRmgfUj1p4GLqS8Y14hnKUWR5mUDt7exb7E8fsQmNllGqm LfKz0QL+4G1mSetETkPvOkKYC5gm6xGcOVC7xzoNi3BpFEeAVOlnPD6uac08jTjtG+n7 9uhA== X-Gm-Message-State: ALQs6tDvZ3inv1Py+d6Kckj0zD6BoJScGTPhOdq6/Vm3lHCpZg38cUfO HT/5d6HAg0FT1He9Ua1ugJMHVxeh1LmCzxJP/So= X-Google-Smtp-Source: AIpwx4+6d6dMSo4HlmFBV/IfeyV8UuUvdcPMkOTGSet605Z7XFoEDDIZvCAyU4MvMjGSjPRCqrwXmuu9rbe/BbdU6B0= X-Received: by 10.98.68.135 with SMTP id m7mr16823888pfi.57.1524411021300; Sun, 22 Apr 2018 08:30:21 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.152.97 with HTTP; Sun, 22 Apr 2018 08:30:00 -0700 (PDT) In-Reply-To: References: <20170207131841.GC31552@mwanda> From: Steve French Date: Sun, 22 Apr 2018 10:30:00 -0500 Message-ID: Subject: Re: [patch] CIFS: set *resp_buf_type to NO_BUFFER on error To: Pavel Shilovsky Cc: Dan Carpenter , linux-cifs , kernel-janitors , Pavel Shilovsky Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Looks like missed merging this one. The code paths have changed around this - but on error they seem to ignore the resp_buf_type field, but looks like it would be cleaner to initialize it, so created an updated patch to do roughly the same thing and merged into cifs-2.6.git for-next Dan, Any objections? On Tue, Feb 7, 2017 at 7:00 PM, Pavel Shilovsky wrote: > 2017-02-07 5:18 GMT-08:00 Dan Carpenter : >> We recently shuffled this code around and introduced a new error path >> before *resp_buf_type gets initialized. It creates uninitialized >> variable bugs in the callers. >> >> fs/cifs/smb2pdu.c:579 SMB2_negotiate() >> error: uninitialized symbol 'resp_buftype'. >> >> Fixes: 738f9de5cdb9 ("CIFS: Send RFC1001 length in a separate iov") >> Signed-off-by: Dan Carpenter >> >> diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c >> index 526f0533cb4e..8fa5e058fb15 100644 >> --- a/fs/cifs/transport.c >> +++ b/fs/cifs/transport.c >> @@ -807,6 +807,8 @@ SendReceive2(const unsigned int xid, struct cifs_ses *ses, >> struct kvec *new_iov; >> int rc; >> >> + *resp_buf_type = CIFS_NO_BUFFER; /* no response buf yet */ >> + >> new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1), GFP_KERNEL); >> if (!new_iov) >> return -ENOMEM; >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > Good catch, thanks! > > Reviewed-by: Pavel Shilovsky > > -- > Best regards, > Pavel Shilovsky > From c09c13668f624ede336489ef8412c2471c5c3afc Mon Sep 17 00:00:00 2001 From: Steve French Date: Sun, 22 Apr 2018 10:24:19 -0500 Subject: [PATCH] CIFS: set *resp_buf_type to NO_BUFFER on error Dan Carpenter had pointed this out a while ago, but the code around this had changed so wasn't causing any problems since that field was not used in this error path. Still, it is cleaner to always initialize this field, so changing the error path to set it. CC: Dan Carpenter Signed-off-by: Steve French --- fs/cifs/transport.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 8f6f25918229..3fb0e433b8e2 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -834,8 +834,11 @@ SendReceive2(const unsigned int xid, struct cifs_ses *ses, if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1), GFP_KERNEL); - if (!new_iov) + if (!new_iov) { + /* otherwise cifs_send_recv below sets resp_buf_type */ + *resp_buf_type = CIFS_NO_BUFFER; return -ENOMEM; + } } else new_iov = s_iov; -- 2.14.1