:::::: :::::: Manual check reason: "low confidence static check warning: fs/cifs/smb2ops.c:598:3: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]" ::::::
CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: linux-ker...@vger.kernel.org TO: Shyam Prasad N <spra...@microsoft.com> CC: Steve French <stfre...@microsoft.com> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 0cec3f24a7cedc726f8790d693aaff2c535dc4ce commit: aa45dadd34e44fcd6a9df4b395bee5b5633b4cec cifs: change iface_list from array to sorted linked list date: 6 weeks ago :::::: branch date: 3 hours ago :::::: commit date: 6 weeks ago config: arm-randconfig-c002-20220731 (https://download.01.org/0day-ci/archive/20220802/202208020423.kitrvaqb-...@intel.com/config) compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 52cd00cabf479aa7eb6dbb063b7ba41ea57bce9e) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aa45dadd34e44fcd6a9df4b395bee5b5633b4cec git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout aa45dadd34e44fcd6a9df4b395bee5b5633b4cec # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <l...@intel.com> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~ drivers/md/dm-stats.c:1128:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 if (sscanf(argv[1], "%d%c", &id, &dummy) != 1 || id < 0) ^~~~~~ drivers/md/dm-stats.c:1168:6: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] if (sscanf(argv[1], "%d%c", &id, &dummy) != 1 || id < 0) ^~~~~~ drivers/md/dm-stats.c:1168:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 if (sscanf(argv[1], "%d%c", &id, &dummy) != 1 || id < 0) ^~~~~~ drivers/md/dm-stats.c:1173:7: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] sscanf(argv[2], "%lu%c", &idx_start, &dummy) != 1) ^~~~~~ drivers/md/dm-stats.c:1173:7: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 sscanf(argv[2], "%lu%c", &idx_start, &dummy) != 1) ^~~~~~ drivers/md/dm-stats.c:1176:7: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] sscanf(argv[3], "%lu%c", &idx_len, &dummy) != 1) ^~~~~~ drivers/md/dm-stats.c:1176:7: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 sscanf(argv[3], "%lu%c", &idx_len, &dummy) != 1) ^~~~~~ drivers/md/dm-stats.c:1193:6: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] if (sscanf(argv[1], "%d%c", &id, &dummy) != 1 || id < 0) ^~~~~~ drivers/md/dm-stats.c:1193:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 if (sscanf(argv[1], "%d%c", &id, &dummy) != 1 || id < 0) ^~~~~~ Suppressed 44 warnings (44 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 53 warnings generated. drivers/crypto/ccree/cc_cipher.c:321:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(&hki, key, keylen); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:321:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(&hki, key, keylen); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:472:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(ctx_p->user.key, key, keylen); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:472:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(ctx_p->user.key, key, keylen); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:870:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(req->iv, req_ctx->iv, ivsize); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:870:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(req->iv, req_ctx->iv, ivsize); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:994:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(req_ctx, 0, sizeof(*req_ctx)); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:994:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(req_ctx, 0, sizeof(*req_ctx)); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:1003:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(req_ctx, 0, sizeof(*req_ctx)); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:1003:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(req_ctx, 0, sizeof(*req_ctx)); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:1428:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(alg, &tmpl->template_skcipher, sizeof(*alg)); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:1428:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(alg, &tmpl->template_skcipher, sizeof(*alg)); ^~~~~~ drivers/crypto/ccree/cc_cipher.c:1430:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); ^~~~~~~~ drivers/crypto/ccree/cc_cipher.c:1430:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", tmpl->name); ^~~~~~~~ drivers/crypto/ccree/cc_cipher.c:1431:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", ^~~~~~~~ drivers/crypto/ccree/cc_cipher.c:1431:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", ^~~~~~~~ Suppressed 45 warnings (45 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 129 warnings generated. fs/cifs/smb2ops.c:546:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&tmp_iface, 0, sizeof(tmp_iface)); ^~~~~~ fs/cifs/smb2ops.c:546:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&tmp_iface, 0, sizeof(tmp_iface)); ^~~~~~ fs/cifs/smb2ops.c:561:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(&addr4->sin_addr, &p4->IPv4Address, 4); ^~~~~~ fs/cifs/smb2ops.c:561:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(&addr4->sin_addr, &p4->IPv4Address, 4); ^~~~~~ fs/cifs/smb2ops.c:573:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(&addr6->sin6_addr, &p6->IPv6Address, 16); ^~~~~~ fs/cifs/smb2ops.c:573:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(&addr6->sin6_addr, &p6->IPv6Address, 16); ^~~~~~ >> fs/cifs/smb2ops.c:598:3: warning: Use of memory after it is freed >> [clang-analyzer-unix.Malloc] list_for_each_entry_safe(iface, niface, &ses->iface_list, ^ include/linux/list.h:762:7: note: expanded from macro 'list_for_each_entry_safe' n = list_next_entry(pos, member); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:564:2: note: expanded from macro 'list_next_entry' list_entry((pos)->member.next, typeof(*(pos)), member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:520:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/container_of.h:18:25: note: expanded from macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~~~ fs/cifs/smb2ops.c:538:2: note: Loop condition is true. Entering loop body list_for_each_entry_safe(iface, niface, &ses->iface_list, ^ include/linux/list.h:761:2: note: expanded from macro 'list_for_each_entry_safe' for (pos = list_first_entry(head, typeof(*pos), member), \ ^ fs/cifs/smb2ops.c:541:3: note: Calling 'kref_put' kref_put(&iface->refcount, release_iface); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/kref.h:64:2: note: Taking true branch if (refcount_dec_and_test(&kref->refcount)) { ^ include/linux/kref.h:65:3: note: Calling 'release_iface' release(kref); ^~~~~~~~~~~~~ fs/cifs/cifsglob.h:953:2: note: Memory is released kfree(iface); ^~~~~~~~~~~~ include/linux/kref.h:65:3: note: Returning; memory was released release(kref); ^~~~~~~~~~~~~ fs/cifs/smb2ops.c:541:3: note: Returning; memory was released kref_put(&iface->refcount, release_iface); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:538:2: note: Loop condition is false. Execution continues on line 543 list_for_each_entry_safe(iface, niface, &ses->iface_list, ^ include/linux/list.h:761:2: note: expanded from macro 'list_for_each_entry_safe' for (pos = list_first_entry(head, typeof(*pos), member), \ ^ fs/cifs/smb2ops.c:545:9: note: Assuming the condition is true while (bytes_left >= sizeof(*p)) { ^~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:545:2: note: Loop condition is true. Entering loop body while (bytes_left >= sizeof(*p)) { ^ fs/cifs/smb2ops.c:548:28: note: Assuming the condition is false tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0; ^ include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu' #define le32_to_cpu __le32_to_cpu ^ include/uapi/linux/byteorder/little_endian.h:35:27: note: expanded from macro '__le32_to_cpu' #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) ^~~~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:548:28: note: '?' condition is false tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0; ^ include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu' #define le32_to_cpu __le32_to_cpu ^ include/uapi/linux/byteorder/little_endian.h:35:26: note: expanded from macro '__le32_to_cpu' #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) ^ fs/cifs/smb2ops.c:549:27: note: Assuming the condition is true tmp_iface.rss_capable = le32_to_cpu(p->Capability & RSS_CAPABLE) ? 1 : 0; ^ include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu' #define le32_to_cpu __le32_to_cpu ^ include/uapi/linux/byteorder/little_endian.h:35:27: note: expanded from macro '__le32_to_cpu' #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) ^~~~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:549:27: note: '?' condition is true tmp_iface.rss_capable = le32_to_cpu(p->Capability & RSS_CAPABLE) ? 1 : 0; ^ include/linux/byteorder/generic.h:89:21: note: expanded from macro 'le32_to_cpu' #define le32_to_cpu __le32_to_cpu ^ include/uapi/linux/byteorder/little_endian.h:35:26: note: expanded from macro '__le32_to_cpu' #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) ^ fs/cifs/smb2ops.c:551:3: note: Control jumps to 'case 2:' at line 557 switch (p->Family) { ^ fs/cifs/smb2ops.c:566:4: note: Taking false branch cifs_dbg(FYI, "%s: ipv4 %pI4\n", __func__, ^ fs/cifs/cifs_debug.h:76:2: note: expanded from macro 'cifs_dbg' if ((type) & ONCE) \ ^ fs/cifs/smb2ops.c:566:4: note: Left side of '&&' is true cifs_dbg(FYI, "%s: ipv4 %pI4\n", __func__, ^ fs/cifs/cifs_debug.h:79:3: note: expanded from macro 'cifs_dbg' cifs_dbg_func(ratelimited, type, fmt, ##__VA_ARGS__); \ vim +598 fs/cifs/smb2ops.c fe856be475f7cf Aurelien Aptel 2018-06-14 511 fe856be475f7cf Aurelien Aptel 2018-06-14 512 static int fe856be475f7cf Aurelien Aptel 2018-06-14 513 parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf, fe856be475f7cf Aurelien Aptel 2018-06-14 514 size_t buf_len, aa45dadd34e44f Shyam Prasad N 2022-01-01 515 struct cifs_ses *ses) fe856be475f7cf Aurelien Aptel 2018-06-14 516 { fe856be475f7cf Aurelien Aptel 2018-06-14 517 struct network_interface_info_ioctl_rsp *p; fe856be475f7cf Aurelien Aptel 2018-06-14 518 struct sockaddr_in *addr4; fe856be475f7cf Aurelien Aptel 2018-06-14 519 struct sockaddr_in6 *addr6; fe856be475f7cf Aurelien Aptel 2018-06-14 520 struct iface_info_ipv4 *p4; fe856be475f7cf Aurelien Aptel 2018-06-14 521 struct iface_info_ipv6 *p6; aa45dadd34e44f Shyam Prasad N 2022-01-01 522 struct cifs_server_iface *info = NULL, *iface = NULL, *niface = NULL; aa45dadd34e44f Shyam Prasad N 2022-01-01 523 struct cifs_server_iface tmp_iface; fe856be475f7cf Aurelien Aptel 2018-06-14 524 ssize_t bytes_left; fe856be475f7cf Aurelien Aptel 2018-06-14 525 size_t next = 0; fe856be475f7cf Aurelien Aptel 2018-06-14 526 int nb_iface = 0; aa45dadd34e44f Shyam Prasad N 2022-01-01 527 int rc = 0, ret = 0; fe856be475f7cf Aurelien Aptel 2018-06-14 528 fe856be475f7cf Aurelien Aptel 2018-06-14 529 bytes_left = buf_len; fe856be475f7cf Aurelien Aptel 2018-06-14 530 p = buf; fe856be475f7cf Aurelien Aptel 2018-06-14 531 aa45dadd34e44f Shyam Prasad N 2022-01-01 532 spin_lock(&ses->iface_lock); fe856be475f7cf Aurelien Aptel 2018-06-14 533 /* aa45dadd34e44f Shyam Prasad N 2022-01-01 534 * Go through iface_list and do kref_put to remove aa45dadd34e44f Shyam Prasad N 2022-01-01 535 * any unused ifaces. ifaces in use will be removed aa45dadd34e44f Shyam Prasad N 2022-01-01 536 * when the last user calls a kref_put on it fe856be475f7cf Aurelien Aptel 2018-06-14 537 */ aa45dadd34e44f Shyam Prasad N 2022-01-01 538 list_for_each_entry_safe(iface, niface, &ses->iface_list, aa45dadd34e44f Shyam Prasad N 2022-01-01 539 iface_head) { aa45dadd34e44f Shyam Prasad N 2022-01-01 540 iface->is_active = 0; aa45dadd34e44f Shyam Prasad N 2022-01-01 541 kref_put(&iface->refcount, release_iface); fe856be475f7cf Aurelien Aptel 2018-06-14 542 } aa45dadd34e44f Shyam Prasad N 2022-01-01 543 spin_unlock(&ses->iface_lock); fe856be475f7cf Aurelien Aptel 2018-06-14 544 fe856be475f7cf Aurelien Aptel 2018-06-14 545 while (bytes_left >= sizeof(*p)) { aa45dadd34e44f Shyam Prasad N 2022-01-01 546 memset(&tmp_iface, 0, sizeof(tmp_iface)); aa45dadd34e44f Shyam Prasad N 2022-01-01 547 tmp_iface.speed = le64_to_cpu(p->LinkSpeed); aa45dadd34e44f Shyam Prasad N 2022-01-01 548 tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0; aa45dadd34e44f Shyam Prasad N 2022-01-01 549 tmp_iface.rss_capable = le32_to_cpu(p->Capability & RSS_CAPABLE) ? 1 : 0; fe856be475f7cf Aurelien Aptel 2018-06-14 550 fe856be475f7cf Aurelien Aptel 2018-06-14 551 switch (p->Family) { fe856be475f7cf Aurelien Aptel 2018-06-14 552 /* fe856be475f7cf Aurelien Aptel 2018-06-14 553 * The kernel and wire socket structures have the same fe856be475f7cf Aurelien Aptel 2018-06-14 554 * layout and use network byte order but make the fe856be475f7cf Aurelien Aptel 2018-06-14 555 * conversion explicit in case either one changes. fe856be475f7cf Aurelien Aptel 2018-06-14 556 */ fe856be475f7cf Aurelien Aptel 2018-06-14 557 case INTERNETWORK: aa45dadd34e44f Shyam Prasad N 2022-01-01 558 addr4 = (struct sockaddr_in *)&tmp_iface.sockaddr; fe856be475f7cf Aurelien Aptel 2018-06-14 559 p4 = (struct iface_info_ipv4 *)p->Buffer; fe856be475f7cf Aurelien Aptel 2018-06-14 560 addr4->sin_family = AF_INET; fe856be475f7cf Aurelien Aptel 2018-06-14 561 memcpy(&addr4->sin_addr, &p4->IPv4Address, 4); fe856be475f7cf Aurelien Aptel 2018-06-14 562 fe856be475f7cf Aurelien Aptel 2018-06-14 563 /* [MS-SMB2] 2.2.32.5.1.1 Clients MUST ignore these */ fe856be475f7cf Aurelien Aptel 2018-06-14 564 addr4->sin_port = cpu_to_be16(CIFS_PORT); fe856be475f7cf Aurelien Aptel 2018-06-14 565 fe856be475f7cf Aurelien Aptel 2018-06-14 566 cifs_dbg(FYI, "%s: ipv4 %pI4\n", __func__, fe856be475f7cf Aurelien Aptel 2018-06-14 567 &addr4->sin_addr); fe856be475f7cf Aurelien Aptel 2018-06-14 568 break; fe856be475f7cf Aurelien Aptel 2018-06-14 569 case INTERNETWORKV6: aa45dadd34e44f Shyam Prasad N 2022-01-01 570 addr6 = (struct sockaddr_in6 *)&tmp_iface.sockaddr; fe856be475f7cf Aurelien Aptel 2018-06-14 571 p6 = (struct iface_info_ipv6 *)p->Buffer; fe856be475f7cf Aurelien Aptel 2018-06-14 572 addr6->sin6_family = AF_INET6; fe856be475f7cf Aurelien Aptel 2018-06-14 573 memcpy(&addr6->sin6_addr, &p6->IPv6Address, 16); fe856be475f7cf Aurelien Aptel 2018-06-14 574 fe856be475f7cf Aurelien Aptel 2018-06-14 575 /* [MS-SMB2] 2.2.32.5.1.2 Clients MUST ignore these */ fe856be475f7cf Aurelien Aptel 2018-06-14 576 addr6->sin6_flowinfo = 0; fe856be475f7cf Aurelien Aptel 2018-06-14 577 addr6->sin6_scope_id = 0; fe856be475f7cf Aurelien Aptel 2018-06-14 578 addr6->sin6_port = cpu_to_be16(CIFS_PORT); fe856be475f7cf Aurelien Aptel 2018-06-14 579 fe856be475f7cf Aurelien Aptel 2018-06-14 580 cifs_dbg(FYI, "%s: ipv6 %pI6\n", __func__, fe856be475f7cf Aurelien Aptel 2018-06-14 581 &addr6->sin6_addr); fe856be475f7cf Aurelien Aptel 2018-06-14 582 break; fe856be475f7cf Aurelien Aptel 2018-06-14 583 default: fe856be475f7cf Aurelien Aptel 2018-06-14 584 cifs_dbg(VFS, fe856be475f7cf Aurelien Aptel 2018-06-14 585 "%s: skipping unsupported socket family\n", fe856be475f7cf Aurelien Aptel 2018-06-14 586 __func__); fe856be475f7cf Aurelien Aptel 2018-06-14 587 goto next_iface; fe856be475f7cf Aurelien Aptel 2018-06-14 588 } fe856be475f7cf Aurelien Aptel 2018-06-14 589 aa45dadd34e44f Shyam Prasad N 2022-01-01 590 /* aa45dadd34e44f Shyam Prasad N 2022-01-01 591 * The iface_list is assumed to be sorted by speed. aa45dadd34e44f Shyam Prasad N 2022-01-01 592 * Check if the new interface exists in that list. aa45dadd34e44f Shyam Prasad N 2022-01-01 593 * NEVER change iface. it could be in use. aa45dadd34e44f Shyam Prasad N 2022-01-01 594 * Add a new one instead aa45dadd34e44f Shyam Prasad N 2022-01-01 595 */ aa45dadd34e44f Shyam Prasad N 2022-01-01 596 spin_lock(&ses->iface_lock); aa45dadd34e44f Shyam Prasad N 2022-01-01 597 iface = niface = NULL; aa45dadd34e44f Shyam Prasad N 2022-01-01 @598 list_for_each_entry_safe(iface, niface, &ses->iface_list, aa45dadd34e44f Shyam Prasad N 2022-01-01 599 iface_head) { aa45dadd34e44f Shyam Prasad N 2022-01-01 600 ret = iface_cmp(iface, &tmp_iface); aa45dadd34e44f Shyam Prasad N 2022-01-01 601 if (!ret) { aa45dadd34e44f Shyam Prasad N 2022-01-01 602 /* just get a ref so that it doesn't get picked/freed */ aa45dadd34e44f Shyam Prasad N 2022-01-01 603 iface->is_active = 1; aa45dadd34e44f Shyam Prasad N 2022-01-01 604 kref_get(&iface->refcount); aa45dadd34e44f Shyam Prasad N 2022-01-01 605 spin_unlock(&ses->iface_lock); aa45dadd34e44f Shyam Prasad N 2022-01-01 606 goto next_iface; aa45dadd34e44f Shyam Prasad N 2022-01-01 607 } else if (ret < 0) { aa45dadd34e44f Shyam Prasad N 2022-01-01 608 /* all remaining ifaces are slower */ aa45dadd34e44f Shyam Prasad N 2022-01-01 609 kref_get(&iface->refcount); aa45dadd34e44f Shyam Prasad N 2022-01-01 610 break; aa45dadd34e44f Shyam Prasad N 2022-01-01 611 } aa45dadd34e44f Shyam Prasad N 2022-01-01 612 } aa45dadd34e44f Shyam Prasad N 2022-01-01 613 spin_unlock(&ses->iface_lock); aa45dadd34e44f Shyam Prasad N 2022-01-01 614 aa45dadd34e44f Shyam Prasad N 2022-01-01 615 /* no match. insert the entry in the list */ aa45dadd34e44f Shyam Prasad N 2022-01-01 616 info = kmalloc(sizeof(struct cifs_server_iface), aa45dadd34e44f Shyam Prasad N 2022-01-01 617 GFP_KERNEL); aa45dadd34e44f Shyam Prasad N 2022-01-01 618 if (!info) { aa45dadd34e44f Shyam Prasad N 2022-01-01 619 rc = -ENOMEM; aa45dadd34e44f Shyam Prasad N 2022-01-01 620 goto out; aa45dadd34e44f Shyam Prasad N 2022-01-01 621 } aa45dadd34e44f Shyam Prasad N 2022-01-01 622 memcpy(info, &tmp_iface, sizeof(tmp_iface)); aa45dadd34e44f Shyam Prasad N 2022-01-01 623 aa45dadd34e44f Shyam Prasad N 2022-01-01 624 /* add this new entry to the list */ aa45dadd34e44f Shyam Prasad N 2022-01-01 625 kref_init(&info->refcount); aa45dadd34e44f Shyam Prasad N 2022-01-01 626 info->is_active = 1; aa45dadd34e44f Shyam Prasad N 2022-01-01 627 aa45dadd34e44f Shyam Prasad N 2022-01-01 628 cifs_dbg(FYI, "%s: adding iface %zu\n", __func__, ses->iface_count); aa45dadd34e44f Shyam Prasad N 2022-01-01 629 cifs_dbg(FYI, "%s: speed %zu bps\n", __func__, info->speed); aa45dadd34e44f Shyam Prasad N 2022-01-01 630 cifs_dbg(FYI, "%s: capabilities 0x%08x\n", __func__, aa45dadd34e44f Shyam Prasad N 2022-01-01 631 le32_to_cpu(p->Capability)); aa45dadd34e44f Shyam Prasad N 2022-01-01 632 aa45dadd34e44f Shyam Prasad N 2022-01-01 633 spin_lock(&ses->iface_lock); aa45dadd34e44f Shyam Prasad N 2022-01-01 634 if (!list_entry_is_head(iface, &ses->iface_list, iface_head)) { aa45dadd34e44f Shyam Prasad N 2022-01-01 635 list_add_tail(&info->iface_head, &iface->iface_head); aa45dadd34e44f Shyam Prasad N 2022-01-01 636 kref_put(&iface->refcount, release_iface); aa45dadd34e44f Shyam Prasad N 2022-01-01 637 } else aa45dadd34e44f Shyam Prasad N 2022-01-01 638 list_add_tail(&info->iface_head, &ses->iface_list); aa45dadd34e44f Shyam Prasad N 2022-01-01 639 spin_unlock(&ses->iface_lock); aa45dadd34e44f Shyam Prasad N 2022-01-01 640 aa45dadd34e44f Shyam Prasad N 2022-01-01 641 ses->iface_count++; aa45dadd34e44f Shyam Prasad N 2022-01-01 642 ses->iface_last_update = jiffies; fe856be475f7cf Aurelien Aptel 2018-06-14 643 next_iface: aa45dadd34e44f Shyam Prasad N 2022-01-01 644 nb_iface++; fe856be475f7cf Aurelien Aptel 2018-06-14 645 next = le32_to_cpu(p->Next); aa45dadd34e44f Shyam Prasad N 2022-01-01 646 if (!next) { aa45dadd34e44f Shyam Prasad N 2022-01-01 647 bytes_left -= sizeof(*p); fe856be475f7cf Aurelien Aptel 2018-06-14 648 break; aa45dadd34e44f Shyam Prasad N 2022-01-01 649 } fe856be475f7cf Aurelien Aptel 2018-06-14 650 p = (struct network_interface_info_ioctl_rsp *)((u8 *)p+next); fe856be475f7cf Aurelien Aptel 2018-06-14 651 bytes_left -= next; fe856be475f7cf Aurelien Aptel 2018-06-14 652 } fe856be475f7cf Aurelien Aptel 2018-06-14 653 aa45dadd34e44f Shyam Prasad N 2022-01-01 654 if (!nb_iface) { aa45dadd34e44f Shyam Prasad N 2022-01-01 655 cifs_dbg(VFS, "%s: malformed interface info\n", __func__); fe856be475f7cf Aurelien Aptel 2018-06-14 656 rc = -EINVAL; fe856be475f7cf Aurelien Aptel 2018-06-14 657 goto out; fe856be475f7cf Aurelien Aptel 2018-06-14 658 } fe856be475f7cf Aurelien Aptel 2018-06-14 659 aa45dadd34e44f Shyam Prasad N 2022-01-01 660 /* Azure rounds the buffer size up 8, to a 16 byte boundary */ aa45dadd34e44f Shyam Prasad N 2022-01-01 661 if ((bytes_left > 8) || p->Next) aa45dadd34e44f Shyam Prasad N 2022-01-01 662 cifs_dbg(VFS, "%s: incomplete interface info\n", __func__); fe856be475f7cf Aurelien Aptel 2018-06-14 663 35adffed079fdc Aurelien Aptel 2019-09-20 664 aa45dadd34e44f Shyam Prasad N 2022-01-01 665 if (!ses->iface_count) { aa45dadd34e44f Shyam Prasad N 2022-01-01 666 rc = -EINVAL; aa45dadd34e44f Shyam Prasad N 2022-01-01 667 goto out; aa45dadd34e44f Shyam Prasad N 2022-01-01 668 } aa45dadd34e44f Shyam Prasad N 2022-01-01 669 aa45dadd34e44f Shyam Prasad N 2022-01-01 670 out: aa45dadd34e44f Shyam Prasad N 2022-01-01 671 return rc; 35adffed079fdc Aurelien Aptel 2019-09-20 672 } fe856be475f7cf Aurelien Aptel 2018-06-14 673 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org
