From: Stefan Metzmacher <metze@samba.org>
To: Asim Viladi Oglu Manizada <manizada@pm.me>,
Steve French <smfrench@gmail.com>,
Namjae Jeon <linkinjeon@kernel.org>
Cc: kernel test robot <lkp@intel.com>,
llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev,
Steve French <stfrench@microsoft.com>,
"linux-cifs@vger.kernel.org" <linux-cifs@vger.kernel.org>
Subject: Re: [samba-ksmbd:ksmbd-for-next-next 11/12] fs/smb/server/smb2pdu.c:5723:3: warning: variable 'pntsd' is uninitialized when used here
Date: Mon, 23 Mar 2026 09:56:55 +0100 [thread overview]
Message-ID: <b859bfa1-7844-4b23-91a4-bbd526ffc19b@samba.org> (raw)
In-Reply-To: <202603180118.ClDWNtId-lkp@intel.com>
Hi,
I'm seeing the same thing in ksmbd-for-next now:
6a0795e46296589d8eba6c194586e9e65974d73f ksmbd: fix OOB write in QUERY_INFO for compound requests
smatch generates this error now:
server/smb2pdu.c:5801 smb2_get_info_sec() error: uninitialized symbol 'pntsd'.
metze
Am 17.03.26 um 18:55 schrieb kernel test robot:
> tree: git://git.samba.org/ksmbd.git ksmbd-for-next-next
> head: a58d8c8b3d5daee33fb03f4d41ea278ae6e6ffc9
> commit: 095198efe2c86423f647b242687c50e34e355d3a [11/12] ksmbd: fix heap OOB write in QUERY_INFO for compound requests
> config: arm-randconfig-003-20260317 (https://download.01.org/0day-ci/archive/20260318/202603180118.ClDWNtId-lkp@intel.com/config)
> compiler: clang version 23.0.0git (https://github.com/llvm/llvm-project 4abb927bacf37f18f6359a41639a6d1b3bffffb5)
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260318/202603180118.ClDWNtId-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202603180118.ClDWNtId-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
>>> fs/smb/server/smb2pdu.c:5723:3: warning: variable 'pntsd' is uninitialized when used here [-Wuninitialized]
> 5723 | pntsd->revision = cpu_to_le16(1);
> | ^~~~~
> fs/smb/server/smb2pdu.c:5708:24: note: initialize the variable 'pntsd' to silence this warning
> 5708 | struct smb_ntsd *pntsd, *ppntsd = NULL;
> | ^
> | = NULL
> 1 warning generated.
>
>
> vim +/pntsd +5723 fs/smb/server/smb2pdu.c
>
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5701
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5702 static int smb2_get_info_sec(struct ksmbd_work *work,
> 64b39f4a2fd293 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-30 5703 struct smb2_query_info_req *req,
> cb4517201b8acd fs/ksmbd/smb2pdu.c Namjae Jeon 2021-11-03 5704 struct smb2_query_info_rsp *rsp)
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5705 {
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5706 struct ksmbd_file *fp;
> 4609e1f18e19c3 fs/ksmbd/smb2pdu.c Christian Brauner 2023-01-13 5707 struct mnt_idmap *idmap;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5708 struct smb_ntsd *pntsd, *ppntsd = NULL;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5709 struct smb_fattr fattr = {{0}};
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5710 struct inode *inode;
> 8f0541186e9ad1 fs/ksmbd/smb2pdu.c Namjae Jeon 2022-08-02 5711 __u32 secdesclen = 0;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5712 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5713 int addition_info = le32_to_cpu(req->AdditionalInformation);
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5714 int rc = 0, ppntsd_size = 0, max_len;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5715 size_t scratch_len;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5716
> e294f78d347851 fs/ksmbd/smb2pdu.c Namjae Jeon 2021-06-28 5717 if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO |
> e294f78d347851 fs/ksmbd/smb2pdu.c Namjae Jeon 2021-06-28 5718 PROTECTED_DACL_SECINFO |
> e294f78d347851 fs/ksmbd/smb2pdu.c Namjae Jeon 2021-06-28 5719 UNPROTECTED_DACL_SECINFO)) {
> 8e537d1465e740 fs/ksmbd/smb2pdu.c Namjae Jeon 2021-11-21 5720 ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n",
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5721 addition_info);
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5722
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 @5723 pntsd->revision = cpu_to_le16(1);
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5724 pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED);
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5725 pntsd->osidoffset = 0;
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5726 pntsd->gsidoffset = 0;
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5727 pntsd->sacloffset = 0;
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5728 pntsd->dacloffset = 0;
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5729
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5730 secdesclen = sizeof(struct smb_ntsd);
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5731 rsp->OutputBufferLength = cpu_to_le32(secdesclen);
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5732
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5733 return 0;
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5734 }
> ced2b26a76cd1d fs/cifsd/smb2pdu.c Sebastian Gottschall 2021-04-27 5735
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5736 if (work->next_smb2_rcv_hdr_off) {
> 2d004c6cae567e fs/ksmbd/smb2pdu.c Paulo Alcantara 2022-03-21 5737 if (!has_file_id(req->VolatileFileId)) {
> 3867369ef8f760 fs/ksmbd/smb2pdu.c Namjae Jeon 2021-07-08 5738 ksmbd_debug(SMB, "Compound request set FID = %llu\n",
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5739 work->compound_fid);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5740 id = work->compound_fid;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5741 pid = work->compound_pfid;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5742 }
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5743 }
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5744
> 3867369ef8f760 fs/ksmbd/smb2pdu.c Namjae Jeon 2021-07-08 5745 if (!has_file_id(id)) {
> 2d004c6cae567e fs/ksmbd/smb2pdu.c Paulo Alcantara 2022-03-21 5746 id = req->VolatileFileId;
> 2d004c6cae567e fs/ksmbd/smb2pdu.c Paulo Alcantara 2022-03-21 5747 pid = req->PersistentFileId;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5748 }
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5749
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5750 fp = ksmbd_lookup_fd_slow(work, id, pid);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5751 if (!fp)
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5752 return -ENOENT;
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5753
> 4609e1f18e19c3 fs/ksmbd/smb2pdu.c Christian Brauner 2023-01-13 5754 idmap = file_mnt_idmap(fp->filp);
> ab0b263b749ade fs/ksmbd/smb2pdu.c Namjae Jeon 2021-06-29 5755 inode = file_inode(fp->filp);
> e67fe63341b811 fs/ksmbd/smb2pdu.c Christian Brauner 2023-01-13 5756 ksmbd_acls_fattr(&fattr, idmap, inode);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5757
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5758 if (test_share_config_flag(work->tcon->share_conf,
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5759 KSMBD_SHARE_FLAG_ACL_XATTR))
> 4609e1f18e19c3 fs/ksmbd/smb2pdu.c Christian Brauner 2023-01-13 5760 ppntsd_size = ksmbd_vfs_get_sd_xattr(work->conn, idmap,
> 8f0541186e9ad1 fs/ksmbd/smb2pdu.c Namjae Jeon 2022-08-02 5761 fp->filp->f_path.dentry,
> 8f0541186e9ad1 fs/ksmbd/smb2pdu.c Namjae Jeon 2022-08-02 5762 &ppntsd);
> 8f0541186e9ad1 fs/ksmbd/smb2pdu.c Namjae Jeon 2022-08-02 5763
> 8f0541186e9ad1 fs/ksmbd/smb2pdu.c Namjae Jeon 2022-08-02 5764 /* Check if sd buffer size exceeds response buffer size */
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5765 max_len = smb2_calc_max_out_buf_len(work,
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5766 offsetof(struct smb2_query_info_rsp, Buffer),
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5767 le32_to_cpu(req->OutputBufferLength));
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5768 if (max_len < 0) {
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5769 rc = -EINVAL;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5770 goto out;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5771 }
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5772
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5773 scratch_len = smb_acl_sec_desc_scratch_len(&fattr, ppntsd,
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5774 ppntsd_size, addition_info);
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5775 pntsd = kvmalloc(scratch_len, KSMBD_DEFAULT_GFP);
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5776 if (!pntsd) {
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5777 rc = -ENOMEM;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5778 goto out;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5779 }
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5780
> 4d7ca4090184c1 fs/ksmbd/smb2pdu.c Christian Brauner 2023-01-13 5781 rc = build_sec_desc(idmap, pntsd, ppntsd, ppntsd_size,
> 8f0541186e9ad1 fs/ksmbd/smb2pdu.c Namjae Jeon 2022-08-02 5782 addition_info, &secdesclen, &fattr);
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5783
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5784 out:
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5785 posix_acl_release(fattr.cf_acls);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5786 posix_acl_release(fattr.cf_dacls);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5787 kfree(ppntsd);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5788 ksmbd_fd_put(work, fp);
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5789 if (rc) {
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5790 kvfree(pntsd);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5791 return rc;
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5792 }
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5793
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5794 rsp->OutputBufferLength = cpu_to_le32(secdesclen);
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5795 return ksmbd_iov_pin_rsp_read(work, (void *)rsp,
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5796 offsetof(struct smb2_query_info_rsp, Buffer),
> 095198efe2c864 fs/smb/server/smb2pdu.c Asim Viladi Oglu Manizada 2026-03-16 5797 pntsd, secdesclen);
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5798 }
> e2f34481b24db2 fs/cifsd/smb2pdu.c Namjae Jeon 2021-03-16 5799
>
> :::::: The code at line 5723 was first introduced by commit
> :::::: ced2b26a76cd1db0b6ccb39e0bc873177c9bda21 cifsd: Fix regression in smb2_get_info
>
> :::::: TO: Sebastian Gottschall <s.gottschall@dd-wrt.com>
> :::::: CC: Steve French <stfrench@microsoft.com>
>
b
next prev parent reply other threads:[~2026-03-23 8:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-17 17:55 [samba-ksmbd:ksmbd-for-next-next 11/12] fs/smb/server/smb2pdu.c:5723:3: warning: variable 'pntsd' is uninitialized when used here kernel test robot
2026-03-23 8:56 ` Stefan Metzmacher [this message]
2026-03-23 13:21 ` Steve French
2026-03-23 14:43 ` Namjae Jeon
2026-03-23 14:52 ` Stefan Metzmacher
2026-03-23 15:38 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b859bfa1-7844-4b23-91a4-bbd526ffc19b@samba.org \
--to=metze@samba.org \
--cc=linkinjeon@kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=manizada@pm.me \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=smfrench@gmail.com \
--cc=stfrench@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.