CC: [email protected] CC: [email protected] TO: Ronnie Sahlberg <[email protected]> CC: Steve French <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: d8079fac168168b25677dc16c00ffaf9fb7df723 commit: 2485bd7557a7edb4520b4072af464f0a08c8efe0 cifs: only write 64kb at a time when fallocating a small region of a file date: 3 days ago :::::: branch date: 6 hours ago :::::: commit date: 3 days ago config: x86_64-randconfig-c001-20210725 (attached as .config) compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 3f2c1e99e44d028d5e9dd685f3c568f2661f2f68) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2485bd7557a7edb4520b4072af464f0a08c8efe0 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 2485bd7557a7edb4520b4072af464f0a08c8efe0 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross clang-analyzer ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) net/lapb/lapb_iface.c:47:2: note: Memory is released kfree(lapb); ^~~~~~~~~~~ net/lapb/lapb_iface.c:58:3: note: Returning; memory was released via 1st parameter lapb_free_cb(lapb); ^~~~~~~~~~~~~~~~~~ net/lapb/lapb_iface.c:68:3: note: Returning; memory was released via 1st parameter lapb_put(lapb); ^~~~~~~~~~~~~~ net/lapb/lapb_iface.c:200:2: note: Returning; memory was released via 1st parameter __lapb_remove_cb(lapb); ^~~~~~~~~~~~~~~~~~~~~~ net/lapb/lapb_iface.c:202:2: note: Use of memory after it is freed lapb_put(lapb); ^ ~~~~ Suppressed 9 warnings (9 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. drivers/media/dvb-frontends/stv090x.c:2289:23: warning: The result of the '/' expression is undefined [clang-analyzer-core.UndefinedBinaryOperatorResult] steps_max = (car_max / inc) + 1; /* min steps = 3 */ ^ drivers/media/dvb-frontends/stv090x.c:2405:2: note: Calling 'stv090x_get_loop_params' stv090x_get_loop_params(state, &inc, &timeout_step, &steps_max); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/dvb-frontends/stv090x.c:2251:6: note: Assuming 'car_max' is <= 16384 if (car_max > 0x4000) ^~~~~~~~~~~~~~~~ drivers/media/dvb-frontends/stv090x.c:2251:2: note: Taking false branch if (car_max > 0x4000) ^ drivers/media/dvb-frontends/stv090x.c:2260:2: note: Control jumps to 'case STV090x_SEARCH_DVBS2:' at line 2267 switch (state->search_mode) { ^ drivers/media/dvb-frontends/stv090x.c:2270:3: note: Execution continues on line 2278 break; ^ drivers/media/dvb-frontends/stv090x.c:2279:7: note: Assuming 'inc' is <= 'car_max' if ((inc > car_max) || (inc < 0)) ^~~~~~~~~~~~~ drivers/media/dvb-frontends/stv090x.c:2279:6: note: Left side of '||' is false if ((inc > car_max) || (inc < 0)) ^ drivers/media/dvb-frontends/stv090x.c:2279:26: note: Assuming 'inc' is >= 0 if ((inc > car_max) || (inc < 0)) ^~~~~~~ drivers/media/dvb-frontends/stv090x.c:2279:2: note: Taking false branch if ((inc > car_max) || (inc < 0)) ^ drivers/media/dvb-frontends/stv090x.c:2283:6: note: Assuming 'srate' is <= 0 if (srate > 0) ^~~~~~~~~ drivers/media/dvb-frontends/stv090x.c:2283:2: note: Taking false branch if (srate > 0) ^ drivers/media/dvb-frontends/stv090x.c:2286:7: note: 'timeout' is > 100 if ((timeout > 100) || (timeout < 0)) ^~~~~~~ drivers/media/dvb-frontends/stv090x.c:2286:22: note: Left side of '||' is true if ((timeout > 100) || (timeout < 0)) ^ drivers/media/dvb-frontends/stv090x.c:2289:23: note: The result of the '/' expression is undefined steps_max = (car_max / inc) + 1; /* min steps = 3 */ ~~~~~~~~^~~~~ drivers/media/dvb-frontends/stv090x.c:2960:2: warning: Value stored to 'reg' is never read [clang-analyzer-deadcode.DeadStores] reg = STV090x_READ_DEMOD(state, TMGOBS); ^ drivers/media/dvb-frontends/stv090x.c:2960:2: note: Value stored to 'reg' is never read Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (6 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 13 warnings generated. >> fs/cifs/smb2ops.c:3646:2: warning: Undefined or garbage value returned to >> caller [clang-analyzer-core.uninitialized.UndefReturn] return rc; ^ fs/cifs/smb2ops.c:3668:6: note: Assuming 'rc' is 0 if (rc) ^~ fs/cifs/smb2ops.c:3668:2: note: Taking false branch if (rc) ^ fs/cifs/smb2ops.c:3673:6: note: Assuming 'out_data_len' is not equal to 0 if (out_data_len == 0) ^~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:3673:2: note: Taking false branch if (out_data_len == 0) ^ fs/cifs/smb2ops.c:3677:6: note: Assuming 'buf' is not equal to NULL if (buf == NULL) { ^~~~~~~~~~~ fs/cifs/smb2ops.c:3677:2: note: Taking false branch if (buf == NULL) { ^ fs/cifs/smb2ops.c:3683:2: note: Loop condition is true. Entering loop body while (len) { ^ fs/cifs/smb2ops.c:3687:7: note: 'out_data_len' is not equal to 0 if (out_data_len == 0) { ^~~~~~~~~~~~ fs/cifs/smb2ops.c:3687:3: note: Taking false branch if (out_data_len == 0) { ^ fs/cifs/smb2ops.c:3693:7: note: Assuming the condition is false if (out_data_len < sizeof(struct file_allocated_range_buffer)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:3693:3: note: Taking false branch if (out_data_len < sizeof(struct file_allocated_range_buffer)) { ^ fs/cifs/smb2ops.c:3698:7: note: Assuming 'off' is < field 'file_offset' if (off < le64_to_cpu(tmp_data->file_offset)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:3698:3: note: Taking true branch if (off < le64_to_cpu(tmp_data->file_offset)) { ^ fs/cifs/smb2ops.c:3705:8: note: Assuming 'len' is >= 'l' if (len < l) ^~~~~~~ fs/cifs/smb2ops.c:3705:4: note: Taking false branch if (len < l) ^ fs/cifs/smb2ops.c:3707:9: note: Calling 'smb3_simple_fallocate_write_range' rc = smb3_simple_fallocate_write_range(xid, tcon, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/cifs/smb2ops.c:3620:6: note: 'rc' declared without an initial value int rc, nbytes; ^~ fs/cifs/smb2ops.c:3629:2: note: Loop condition is false. Execution continues on line 3646 while (len) { ^ fs/cifs/smb2ops.c:3646:2: note: Undefined or garbage value returned to caller return rc; ^ ~~ fs/cifs/smb2ops.c:4178:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(message, "R"); ^~~~~~ fs/cifs/smb2ops.c:4178:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(message, "R"); ^~~~~~ fs/cifs/smb2ops.c:4182:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(message, "H"); ^~~~~~ fs/cifs/smb2ops.c:4182:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(message, "H"); ^~~~~~ fs/cifs/smb2ops.c:4186:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(message, "W"); ^~~~~~ fs/cifs/smb2ops.c:4186:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(message, "W"); ^~~~~~ Suppressed 9 warnings (9 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. vim +3646 fs/cifs/smb2ops.c 31742c5a331766 Steve French 2014-08-17 3612 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3613 static int smb3_simple_fallocate_write_range(unsigned int xid, 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3614 struct cifs_tcon *tcon, 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3615 struct cifsFileInfo *cfile, 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3616 loff_t off, loff_t len, 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3617 char *buf) 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3618 { 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3619 struct cifs_io_parms io_parms = {0}; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3620 int rc, nbytes; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3621 struct kvec iov[2]; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3622 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3623 io_parms.netfid = cfile->fid.netfid; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3624 io_parms.pid = current->tgid; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3625 io_parms.tcon = tcon; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3626 io_parms.persistent_fid = cfile->fid.persistent_fid; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3627 io_parms.volatile_fid = cfile->fid.volatile_fid; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3628 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3629 while (len) { 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3630 io_parms.offset = off; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3631 io_parms.length = len; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3632 if (io_parms.length > SMB2_MAX_BUFFER_SIZE) 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3633 io_parms.length = SMB2_MAX_BUFFER_SIZE; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3634 /* iov[0] is reserved for smb header */ 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3635 iov[1].iov_base = buf; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3636 iov[1].iov_len = io_parms.length; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3637 rc = SMB2_write(xid, &io_parms, &nbytes, iov, 1); 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3638 if (rc) 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3639 break; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3640 if (nbytes > len) 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3641 return -EINVAL; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3642 buf += nbytes; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3643 off += nbytes; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3644 len -= nbytes; 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3645 } 2485bd7557a7ed Ronnie Sahlberg 2021-07-22 @3646 return rc; 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3647 } 966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3648 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
