* [linux-next:master 13671/13793] fs/smb/server/smb2pdu.c:7821:40: sparse: sparse: cast to restricted __le16
@ 2024-03-18 17:42 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2024-03-18 17:42 UTC (permalink / raw)
To: Namjae Jeon; +Cc: oe-kbuild-all, Linux Memory Management List, Steve French
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 2e93f143ca010a5013528e1cfdc895f024fe8c21
commit: eb143b7ceab55d75f33833f9289f7194ed9c4f73 [13671/13793] ksmbd: fix potencial out-of-bounds when buffer offset is invalid
config: i386-randconfig-r122-20240318 (https://download.01.org/0day-ci/archive/20240319/202403190118.CmBL5MpO-lkp@intel.com/config)
compiler: clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240319/202403190118.CmBL5MpO-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202403190118.CmBL5MpO-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> fs/smb/server/smb2pdu.c:7821:40: sparse: sparse: cast to restricted __le16
>> fs/smb/server/smb2pdu.c:7821:40: sparse: sparse: cast from restricted __le32
fs/smb/server/smb2pdu.c:7957:32: sparse: sparse: cast to restricted __le16
fs/smb/server/smb2pdu.c:7957:32: sparse: sparse: cast from restricted __le32
vim +7821 fs/smb/server/smb2pdu.c
7814
7815 static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id,
7816 unsigned int out_buf_len,
7817 struct smb2_ioctl_req *req,
7818 struct smb2_ioctl_rsp *rsp)
7819 {
7820 struct ksmbd_rpc_command *rpc_resp;
> 7821 char *data_buf = (char *)req + le16_to_cpu(req->InputOffset);
7822 int nbytes = 0;
7823
7824 rpc_resp = ksmbd_rpc_ioctl(work->sess, id, data_buf,
7825 le32_to_cpu(req->InputCount));
7826 if (rpc_resp) {
7827 if (rpc_resp->flags == KSMBD_RPC_SOME_NOT_MAPPED) {
7828 /*
7829 * set STATUS_SOME_NOT_MAPPED response
7830 * for unknown domain sid.
7831 */
7832 rsp->hdr.Status = STATUS_SOME_NOT_MAPPED;
7833 } else if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) {
7834 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7835 goto out;
7836 } else if (rpc_resp->flags != KSMBD_RPC_OK) {
7837 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7838 goto out;
7839 }
7840
7841 nbytes = rpc_resp->payload_sz;
7842 if (rpc_resp->payload_sz > out_buf_len) {
7843 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
7844 nbytes = out_buf_len;
7845 }
7846
7847 if (!rpc_resp->payload_sz) {
7848 rsp->hdr.Status =
7849 STATUS_UNEXPECTED_IO_ERROR;
7850 goto out;
7851 }
7852
7853 memcpy((char *)rsp->Buffer, rpc_resp->payload, nbytes);
7854 }
7855 out:
7856 kvfree(rpc_resp);
7857 return nbytes;
7858 }
7859
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-18 17:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-18 17:42 [linux-next:master 13671/13793] fs/smb/server/smb2pdu.c:7821:40: sparse: sparse: cast to restricted __le16 kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).