[PATCH 164/308] ksmbd: fix read on the uninitialized send_ctx

From: Namjae Jeon namjae.jeon@samsung.com

mainline inclusion from mainline-5.15-rc1 commit b8fc94cdb144467d88f35344076fd3621af93a17 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA

Reference: https://git.kernel.org/torvalds/linux/c/b8fc94cdb144

-------------------------------

If st->status is not SMB_DIRECT_CS_CONNECTED, It will jump done label and accessing the uninitialized send_ctxi by smb_direct_flush_send_list will cause kernel oops. This patch just return -ENOTCONN to avoid it.

Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/transport_rdma.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c index 171fb3dd018a..d5728c84a15a 100644 --- a/fs/ksmbd/transport_rdma.c +++ b/fs/ksmbd/transport_rdma.c @@ -1207,10 +1207,8 @@ static int smb_direct_writev(struct ksmbd_transport *t, struct kvec vec; struct smb_direct_send_ctx send_ctx;

- if (st->status != SMB_DIRECT_CS_CONNECTED) { - ret = -ENOTCONN; - goto done; - } + if (st->status != SMB_DIRECT_CS_CONNECTED) + return -ENOTCONN;

//FIXME: skip RFC1002 header.. buflen -= 4;