From: Namjae Jeon namjae.jeon@samsung.com
mainline inclusion from mainline-5.15-rc1 commit f19b3967fb0967aa02b8bfe26ce186ca7525dff7 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/f19b3967fb09
-------------------------------
Coverity Scan seems to report false alarm.
*** CID 1505930: (USE_AFTER_FREE) /fs/ksmbd/smb2pdu.c: 2527 in smb2_open()
CID 1505930: (USE_AFTER_FREE) Passing freed pointer "context" as an argument to "check_context_err".
This patch remove unneeded check_context_err to make coverity scan happy.
Reported-by: Coverity Scan scan-admin@coverity.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/oplock.c | 3 +- fs/ksmbd/smb2pdu.c | 73 +++++++++++++++------------------------------- 2 files changed, 26 insertions(+), 50 deletions(-)
diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 96e486ebf2e1..8bb62aae6e32 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1446,7 +1446,8 @@ struct lease_ctx_info *parse_lease_state(void *open_req) * @open_req: buffer containing smb2 file open(create) request * @tag: context name to search for * - * Return: pointer to requested context, NULL if @str context not found + * Return: pointer to requested context, NULL if @str context not found + * or error pointer if name length is invalid. */ struct create_context *smb2_find_context_vals(void *open_req, const char *tag) { diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index b842768fc209..73958167c4f4 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -2122,21 +2122,6 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path) return rc; }
-static inline int check_context_err(void *ctx, char *str) -{ - int err; - - err = PTR_ERR(ctx); - ksmbd_debug(SMB, "find context %s err %d\n", str, err ? err : -ENOENT); - - if (err == -EINVAL) { - pr_err("bad name length\n"); - return err; - } - - return 0; -} - static noinline int smb2_set_stream_name_xattr(struct path *path, struct ksmbd_file *fp, char *stream_name, int s_type) @@ -2512,11 +2497,10 @@ int smb2_open(struct ksmbd_work *work) if (req->CreateContextsOffset) { /* Parse non-durable handle create contexts */ context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, SMB2_CREATE_EA_BUFFER); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { ea_buf = (struct create_ea_buf_req *)context; if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) { rsp->hdr.Status = STATUS_ACCESS_DENIED; @@ -2527,12 +2511,10 @@ int smb2_open(struct ksmbd_work *work)
context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, - SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { ksmbd_debug(SMB, "get query maximal access context\n"); maximal_access_ctxt = 1; @@ -2540,12 +2522,10 @@ int smb2_open(struct ksmbd_work *work)
context = smb2_find_context_vals(req, SMB2_CREATE_TIMEWARP_REQUEST); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, - SMB2_CREATE_TIMEWARP_REQUEST); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { ksmbd_debug(SMB, "get timewarp context\n"); rc = -EBADF; goto err_out1; @@ -2554,12 +2534,10 @@ int smb2_open(struct ksmbd_work *work) if (tcon->posix_extensions) { context = smb2_find_context_vals(req, SMB2_CREATE_TAG_POSIX); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, - SMB2_CREATE_TAG_POSIX); - if (rc < 0) - goto err_out1; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out1; + } else if (context) { struct create_posix *posix = (struct create_posix *)context; ksmbd_debug(SMB, "get posix context\n"); @@ -2947,12 +2925,10 @@ int smb2_open(struct ksmbd_work *work)
az_req = (struct create_alloc_size_req *)smb2_find_context_vals(req, SMB2_CREATE_ALLOCATION_SIZE); - if (IS_ERR_OR_NULL(az_req)) { - rc = check_context_err(az_req, - SMB2_CREATE_ALLOCATION_SIZE); - if (rc < 0) - goto err_out; - } else { + if (IS_ERR(az_req)) { + rc = PTR_ERR(az_req); + goto err_out; + } else if (az_req) { loff_t alloc_size = le64_to_cpu(az_req->AllocationSize); int err;
@@ -2969,11 +2945,10 @@ int smb2_open(struct ksmbd_work *work) }
context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID); - if (IS_ERR_OR_NULL(context)) { - rc = check_context_err(context, SMB2_CREATE_QUERY_ON_DISK_ID); - if (rc < 0) - goto err_out; - } else { + if (IS_ERR(context)) { + rc = PTR_ERR(context); + goto err_out; + } else if (context) { ksmbd_debug(SMB, "get query on disk id context\n"); query_disk_id = 1; }