[kbuild] drivers/tty/vt/vt.c:1139 vc_allocate() warn: impossible condition '(vc->vc_screenbuf_size > (1 << (17 + 16 - 1))) => (0-u32max > 4294967296)'

Sat, 10 Apr 2021 11:58:02 -0700 

CC: [email protected]
CC: [email protected]
TO: Tetsuo Handa <[email protected]>
CC: "Greg Kroah-Hartman" <[email protected]>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 
master
head:   95c7b07551879c8ad4d6dca10c02de46ddbf55a8
commit: ce684552a266cb1c7cc2f7e623f38567adec6653 vt: Reject zero-sized screen 
buffer size.
date:   9 months ago
:::::: branch date: 2 hours ago
:::::: commit date: 9 months ago
config: ia64-randconfig-m031-20210410 (attached as .config)
compiler: ia64-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>

New smatch warnings:
drivers/tty/vt/vt.c:1139 vc_allocate() warn: impossible condition 
'(vc->vc_screenbuf_size > (1 << (17 + 16 - 1))) => (0-u32max > 4294967296)'

Old smatch warnings:
drivers/tty/vt/vt.c:1221 vc_do_resize() warn: impossible condition 
'(new_screen_size > (1 << (17 + 16 - 1))) => (0-u32max > 4294967296)'
drivers/tty/vt/vt.c:1828 cursor_report() warn: format string contains unusual 
character '\x1b'
drivers/tty/vt/vt.c:1846 mouse_report() warn: format string contains unusual 
character '\x1b'

vim +1139 drivers/tty/vt/vt.c

ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1102  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1103  int 
vc_allocate(unsigned int currcons) /* return 0 on success */
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1104  {
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1105         
struct vt_notifier_param param;
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1106         
struct vc_data *vc;
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1107         
int err;
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1108  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1109         
WARN_CONSOLE_UNLOCKED();
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1110  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1111         
if (currcons >= MAX_NR_CONSOLES)
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1112         
        return -ENXIO;
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1113  
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1114         
if (vc_cons[currcons].d)
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1115         
        return 0;
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1116  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1117         
/* due to the granularity of kmalloc, we waste some memory here */
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1118         
/* the alloc is done in two steps, to optimize the common situation
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1119         
   of a 25x80 console (structsize=216, screenbuf_size=4000) */
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1120         
/* although the numbers above are not valid since long ago, the
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1121         
   point is still up-to-date and the comment still has its value
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1122         
   even if only as a historical artifact.  --mj, July 1998 */
b293d758470e97 drivers/char/vt.c   Samuel Thibault     2007-10-18  1123         
param.vc = vc = kzalloc(sizeof(struct vc_data), GFP_KERNEL);
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1124         
if (!vc)
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1125         
        return -ENOMEM;
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1126  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1127         
vc_cons[currcons].d = vc;
ff917ba4f1a618 drivers/char/vt.c   Alan Cox            2010-06-01  1128         
tty_port_init(&vc->port);
ca4463bf8438b4 drivers/tty/vt/vt.c Eric Biggers        2020-03-21  1129         
vc->port.ops = &vc_port_ops;
c2c88f109eebb9 drivers/char/vt.c   Bernhard Walle      2007-03-16  1130         
INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1131  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1132         
visual_init(vc, currcons, 1);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1133  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1134         
if (!*vc->vc_uni_pagedir_loc)
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1135         
        con_set_default_unimap(vc);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1136  
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1137         
err = -EINVAL;
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1138         
if (vc->vc_cols > VC_MAXCOL || vc->vc_rows > VC_MAXROW ||
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12 @1139         
    vc->vc_screenbuf_size > KMALLOC_MAX_SIZE || !vc->vc_screenbuf_size)
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1140         
        goto err_free;
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1141         
err = -ENOMEM;
21eff69aaaa0e7 drivers/tty/vt/vt.c Alexander Potapenko 2018-06-14  1142         
vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_KERNEL);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1143         
if (!vc->vc_screenbuf)
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1144         
        goto err_free;
f6c06b6807ff92 drivers/char/vt.c   Matthew Garrett     2009-11-13  1145  
f6c06b6807ff92 drivers/char/vt.c   Matthew Garrett     2009-11-13  1146         
/* If no drivers have overridden us and the user didn't pass a
f6c06b6807ff92 drivers/char/vt.c   Matthew Garrett     2009-11-13  1147         
   boot option, default to displaying the cursor */
f6c06b6807ff92 drivers/char/vt.c   Matthew Garrett     2009-11-13  1148         
if (global_cursor_default == -1)
f6c06b6807ff92 drivers/char/vt.c   Matthew Garrett     2009-11-13  1149         
        global_cursor_default = 1;
f6c06b6807ff92 drivers/char/vt.c   Matthew Garrett     2009-11-13  1150  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1151         
vc_init(vc, vc->vc_rows, vc->vc_cols, 1);
4995f8ef9d3aac drivers/char/vt.c   Kay Sievers         2009-03-09  1152         
vcs_make_sysfs(currcons);
b293d758470e97 drivers/char/vt.c   Samuel Thibault     2007-10-18  1153         
atomic_notifier_call_chain(&vt_notifier_list, VT_ALLOCATE, &param);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1154  
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1155         
return 0;
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1156  
err_free:
a1ad1cc9704f64 drivers/tty/vt/vt.c Grzegorz Halat      2019-04-26  1157         
visual_deinit(vc);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1158         
kfree(vc);
34902b7f2754e6 drivers/tty/vt/vt.c Jiri Slaby          2016-03-31  1159         
vc_cons[currcons].d = NULL;
ce684552a266cb drivers/tty/vt/vt.c Tetsuo Handa        2020-07-12  1160         
return err;
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1161  }
^1da177e4c3f41 drivers/char/vt.c   Linus Torvalds      2005-04-16  1162  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]

Attachment: .config.gz
Description: application/gzip

_______________________________________________
kbuild mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to