CC: [email protected] CC: [email protected] CC: Linux Memory Management List <[email protected]> TO: Qu Wenruo <[email protected]> CC: David Sterba <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: 8d4b477da1a807199ca60e0829357ce7aa6758d5 commit: a3044f3fb1b552c15aa143dd089d3a03d6371d64 [3772/4668] btrfs: rework lzo_decompress_bio() to make it subpage compatible :::::: branch date: 5 hours ago :::::: commit date: 2 days ago config: x86_64-randconfig-c001-20210729 (attached as .config) compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project c49df15c278857adecd12db6bb1cdc96885f7079) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a3044f3fb1b552c15aa143dd089d3a03d6371d64 git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git fetch --no-tags linux-next master git checkout a3044f3fb1b552c15aa143dd089d3a03d6371d64 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sound/pci/asihpi/hpi6205.c:388:2: note: Taking false branch HPI_DEBUG_LOG(VERBOSE, "start of switch\n"); ^ sound/pci/asihpi/hpidebug.h:47:3: note: expanded from macro 'HPI_DEBUG_LOG' if (hpi_debug_level >= HPI_DEBUG_LEVEL_##level) { \ ^ sound/pci/asihpi/hpi6205.c:388:2: note: Loop condition is false. Exiting loop HPI_DEBUG_LOG(VERBOSE, "start of switch\n"); ^ sound/pci/asihpi/hpidebug.h:46:2: note: expanded from macro 'HPI_DEBUG_LOG' do { \ ^ sound/pci/asihpi/hpi6205.c:389:2: note: Control jumps to 'case HPI_TYPE_REQUEST:' at line 390 switch (phm->type) { ^ sound/pci/asihpi/hpi6205.c:391:3: note: Control jumps to the 'default' case at line 412 switch (phm->object) { ^ sound/pci/asihpi/hpi6205.c:413:4: note: Calling 'hw_message' hw_message(pao, phm, phr); ^~~~~~~~~~~~~~~~~~~~~~~~~ sound/pci/asihpi/hpi6205.c:2174:2: note: Calling 'cond_lock' hpios_dsplock_lock(pao); ^ sound/pci/asihpi/hpios.h:124:36: note: expanded from macro 'hpios_dsplock_lock' #define hpios_dsplock_lock(obj) cond_lock(&(obj)->dsp_lock) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ sound/pci/asihpi/hpios.h:99:6: note: Calling 'arch_local_save_flags' if (irqs_disabled()) { ^ include/linux/irqflags.h:254:3: note: expanded from macro 'irqs_disabled' raw_local_save_flags(_flags); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/irqflags.h:182:11: note: expanded from macro 'raw_local_save_flags' flags = arch_local_save_flags(); \ ^~~~~~~~~~~~~~~~~~~~~~~ arch/x86/include/asm/paravirt.h:683:9: note: Assigned value is garbage or undefined return PVOP_ALT_CALLEE0(unsigned long, irq.save_fl, "pushf; pop %%rax;", ^ arch/x86/include/asm/paravirt_types.h:522:2: note: expanded from macro 'PVOP_ALT_CALLEE0' __PVOP_ALT_CALLEESAVE(rettype, op, alt, cond) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/include/asm/paravirt_types.h:486:2: note: expanded from macro '__PVOP_ALT_CALLEESAVE' ____PVOP_ALT_CALL(PVOP_RETVAL(rettype), op.func, alt, cond, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/include/asm/paravirt_types.h:460:3: note: expanded from macro '____PVOP_ALT_CALL' PVOP_CALL_ARGS; \ ^~~~~~~~~~~~~~ arch/x86/include/asm/paravirt_types.h:404:16: note: expanded from macro 'PVOP_CALL_ARGS' unsigned long __edi = __edi, __esi = __esi, \ ^ ~~~~~ Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. sound/firewire/fireface/ff.c:31:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ff->card->shortname, name); ^~~~~~ sound/firewire/fireface/ff.c:31:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ff->card->shortname, name); ^~~~~~ sound/firewire/fireface/ff.c:32:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ff->card->mixername, name); ^~~~~~ sound/firewire/fireface/ff.c:32:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ff->card->mixername, name); ^~~~~~ Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. sound/firewire/fireface/ff-hwdep.c:181:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(hwdep->name, ff->card->driver); ^~~~~~ sound/firewire/fireface/ff-hwdep.c:181:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(hwdep->name, ff->card->driver); ^~~~~~ Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. >> fs/btrfs/lzo.c:382:6: warning: Branch condition evaluates to a garbage value >> [clang-analyzer-core.uninitialized.Branch] if (!ret) ^~~~ fs/btrfs/lzo.c:303:32: note: Left side of '&&' is false struct workspace *workspace = list_entry(ws, struct workspace, list); ^ include/linux/list.h:511:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^ include/linux/kernel.h:495:61: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ fs/btrfs/lzo.c:303:32: note: Taking false branch struct workspace *workspace = list_entry(ws, struct workspace, list); ^ include/linux/list.h:511:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^ include/linux/kernel.h:495:2: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:308:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ fs/btrfs/lzo.c:303:32: note: Loop condition is false. Exiting loop struct workspace *workspace = list_entry(ws, struct workspace, list); ^ include/linux/list.h:511:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^ include/linux/kernel.h:495:2: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:306:2: note: expanded from macro '__compiletime_assert' do { \ ^ fs/btrfs/lzo.c:306:2: note: 'ret' declared without an initial value int ret; ^~~~~~~ fs/btrfs/lzo.c:324:15: note: Assuming '__UNIQUE_ID___x2408' is >= '__UNIQUE_ID___y2409' if (len_in > min_t(size_t, BTRFS_MAX_COMPRESSED, cb->compressed_len) || ^ include/linux/minmax.h:104:27: note: expanded from macro 'min_t' #define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp' __cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once' __cmp(unique_x, unique_y, op); }) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/minmax.h:28:26: note: expanded from macro '__cmp' #define __cmp(x, y, op) ((x) op (y) ? (x) : (y)) ^~~~~~~~~~ fs/btrfs/lzo.c:324:15: note: '?' condition is false if (len_in > min_t(size_t, BTRFS_MAX_COMPRESSED, cb->compressed_len) || ^ include/linux/minmax.h:104:27: note: expanded from macro 'min_t' #define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <) ^ include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp' __cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op)) ^ include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once' __cmp(unique_x, unique_y, op); }) ^ include/linux/minmax.h:28:26: note: expanded from macro '__cmp' #define __cmp(x, y, op) ((x) op (y) ? (x) : (y)) ^ fs/btrfs/lzo.c:324:6: note: Assuming the condition is false if (len_in > min_t(size_t, BTRFS_MAX_COMPRESSED, cb->compressed_len) || ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/btrfs/lzo.c:324:6: note: Left side of '||' is false fs/btrfs/lzo.c:325:6: note: Assuming the condition is false round_up(len_in, sectorsize) < cb->compressed_len) { ^ include/linux/math.h:24:24: note: expanded from macro 'round_up' #define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) ^ fs/btrfs/lzo.c:324:2: note: Taking false branch if (len_in > min_t(size_t, BTRFS_MAX_COMPRESSED, cb->compressed_len) || ^ fs/btrfs/lzo.c:333:9: note: Assuming 'cur_in' is >= 'len_in' vim +382 fs/btrfs/lzo.c a6fa6fae40ec33 Li Zefan 2010-10-25 300 a3044f3fb1b552 Qu Wenruo 2021-07-26 301 int lzo_decompress_bio(struct list_head *ws, struct compressed_bio *cb) a3044f3fb1b552 Qu Wenruo 2021-07-26 302 { a3044f3fb1b552 Qu Wenruo 2021-07-26 303 struct workspace *workspace = list_entry(ws, struct workspace, list); a3044f3fb1b552 Qu Wenruo 2021-07-26 304 const struct btrfs_fs_info *fs_info = btrfs_sb(cb->inode->i_sb); a3044f3fb1b552 Qu Wenruo 2021-07-26 305 const u32 sectorsize = fs_info->sectorsize; a3044f3fb1b552 Qu Wenruo 2021-07-26 306 int ret; a3044f3fb1b552 Qu Wenruo 2021-07-26 307 /* Compressed data length, can be unaligned */ a3044f3fb1b552 Qu Wenruo 2021-07-26 308 u32 len_in; a3044f3fb1b552 Qu Wenruo 2021-07-26 309 /* Offset inside the compressed data */ a3044f3fb1b552 Qu Wenruo 2021-07-26 310 u32 cur_in = 0; a3044f3fb1b552 Qu Wenruo 2021-07-26 311 /* Bytes decompressed so far */ a3044f3fb1b552 Qu Wenruo 2021-07-26 312 u32 cur_out = 0; a3044f3fb1b552 Qu Wenruo 2021-07-26 313 a3044f3fb1b552 Qu Wenruo 2021-07-26 314 len_in = read_compress_length(page_address(cb->compressed_pages[0])); a3044f3fb1b552 Qu Wenruo 2021-07-26 315 cur_in += LZO_LEN; a6fa6fae40ec33 Li Zefan 2010-10-25 316 a3044f3fb1b552 Qu Wenruo 2021-07-26 317 /* a3044f3fb1b552 Qu Wenruo 2021-07-26 318 * LZO header length check a3044f3fb1b552 Qu Wenruo 2021-07-26 319 * a3044f3fb1b552 Qu Wenruo 2021-07-26 320 * The total length should not exceed the maximum extent length, a3044f3fb1b552 Qu Wenruo 2021-07-26 321 * and all sectors should be used. a3044f3fb1b552 Qu Wenruo 2021-07-26 322 * If this happens, it means the compressed extent is corrupted. a3044f3fb1b552 Qu Wenruo 2021-07-26 323 */ a3044f3fb1b552 Qu Wenruo 2021-07-26 324 if (len_in > min_t(size_t, BTRFS_MAX_COMPRESSED, cb->compressed_len) || a3044f3fb1b552 Qu Wenruo 2021-07-26 325 round_up(len_in, sectorsize) < cb->compressed_len) { a3044f3fb1b552 Qu Wenruo 2021-07-26 326 btrfs_err(fs_info, a3044f3fb1b552 Qu Wenruo 2021-07-26 327 "invalid lzo header, lzo len %u compressed len %u", a3044f3fb1b552 Qu Wenruo 2021-07-26 328 len_in, cb->compressed_len); a3044f3fb1b552 Qu Wenruo 2021-07-26 329 return -EUCLEAN; a6fa6fae40ec33 Li Zefan 2010-10-25 330 } ca9b688c1c9a21 Li Zefan 2011-02-16 331 a3044f3fb1b552 Qu Wenruo 2021-07-26 332 /* Go through each lzo segment */ a3044f3fb1b552 Qu Wenruo 2021-07-26 333 while (cur_in < len_in) { a3044f3fb1b552 Qu Wenruo 2021-07-26 334 struct page *cur_page; a3044f3fb1b552 Qu Wenruo 2021-07-26 335 /* Length of the compressed segment */ a3044f3fb1b552 Qu Wenruo 2021-07-26 336 u32 seg_len; a3044f3fb1b552 Qu Wenruo 2021-07-26 337 u32 sector_bytes_left; a3044f3fb1b552 Qu Wenruo 2021-07-26 338 size_t out_len = lzo1x_worst_compress(sectorsize); a6fa6fae40ec33 Li Zefan 2010-10-25 339 a3044f3fb1b552 Qu Wenruo 2021-07-26 340 /* a3044f3fb1b552 Qu Wenruo 2021-07-26 341 * We should always have enough space for one segment header a3044f3fb1b552 Qu Wenruo 2021-07-26 342 * inside current sector. a3044f3fb1b552 Qu Wenruo 2021-07-26 343 */ a3044f3fb1b552 Qu Wenruo 2021-07-26 344 ASSERT(cur_in / sectorsize == a3044f3fb1b552 Qu Wenruo 2021-07-26 345 (cur_in + LZO_LEN - 1) / sectorsize); a3044f3fb1b552 Qu Wenruo 2021-07-26 346 cur_page = cb->compressed_pages[cur_in / PAGE_SIZE]; a3044f3fb1b552 Qu Wenruo 2021-07-26 347 ASSERT(cur_page); a3044f3fb1b552 Qu Wenruo 2021-07-26 348 seg_len = read_compress_length(page_address(cur_page) + a3044f3fb1b552 Qu Wenruo 2021-07-26 349 offset_in_page(cur_in)); a3044f3fb1b552 Qu Wenruo 2021-07-26 350 cur_in += LZO_LEN; a3044f3fb1b552 Qu Wenruo 2021-07-26 351 a3044f3fb1b552 Qu Wenruo 2021-07-26 352 /* Copy the compressed segment payload into workspace */ a3044f3fb1b552 Qu Wenruo 2021-07-26 353 copy_compressed_segment(cb, workspace->cbuf, seg_len, &cur_in); a3044f3fb1b552 Qu Wenruo 2021-07-26 354 a3044f3fb1b552 Qu Wenruo 2021-07-26 355 /* Decompress the data */ a3044f3fb1b552 Qu Wenruo 2021-07-26 356 ret = lzo1x_decompress_safe(workspace->cbuf, seg_len, a3044f3fb1b552 Qu Wenruo 2021-07-26 357 workspace->buf, &out_len); a6fa6fae40ec33 Li Zefan 2010-10-25 358 if (ret != LZO_E_OK) { a3044f3fb1b552 Qu Wenruo 2021-07-26 359 btrfs_err(fs_info, "failed to decompress"); 60e1975acb48fc Zach Brown 2014-05-09 360 ret = -EIO; a3044f3fb1b552 Qu Wenruo 2021-07-26 361 goto out; a6fa6fae40ec33 Li Zefan 2010-10-25 362 } a6fa6fae40ec33 Li Zefan 2010-10-25 363 a3044f3fb1b552 Qu Wenruo 2021-07-26 364 /* Copy the data into inode pages */ a3044f3fb1b552 Qu Wenruo 2021-07-26 365 ret = btrfs_decompress_buf2page(workspace->buf, out_len, cb, cur_out); a3044f3fb1b552 Qu Wenruo 2021-07-26 366 cur_out += out_len; a6fa6fae40ec33 Li Zefan 2010-10-25 367 a3044f3fb1b552 Qu Wenruo 2021-07-26 368 /* All data read, exit */ a3044f3fb1b552 Qu Wenruo 2021-07-26 369 if (ret == 0) a3044f3fb1b552 Qu Wenruo 2021-07-26 370 goto out; a3044f3fb1b552 Qu Wenruo 2021-07-26 371 ret = 0; a3044f3fb1b552 Qu Wenruo 2021-07-26 372 a3044f3fb1b552 Qu Wenruo 2021-07-26 373 /* Check if the sector has enough space for a segment header */ a3044f3fb1b552 Qu Wenruo 2021-07-26 374 sector_bytes_left = sectorsize - (cur_in % sectorsize); a3044f3fb1b552 Qu Wenruo 2021-07-26 375 if (sector_bytes_left >= LZO_LEN) a3044f3fb1b552 Qu Wenruo 2021-07-26 376 continue; a3044f3fb1b552 Qu Wenruo 2021-07-26 377 a3044f3fb1b552 Qu Wenruo 2021-07-26 378 /* Skip the padding zeros */ a3044f3fb1b552 Qu Wenruo 2021-07-26 379 cur_in += sector_bytes_left; a6fa6fae40ec33 Li Zefan 2010-10-25 380 } a3044f3fb1b552 Qu Wenruo 2021-07-26 381 out: 2f19cad94cee3c Chris Mason 2014-11-30 @382 if (!ret) 349a1afaaa6d83 Qu Wenruo 2021-07-05 383 zero_fill_bio(cb->orig_bio); a6fa6fae40ec33 Li Zefan 2010-10-25 384 return ret; a6fa6fae40ec33 Li Zefan 2010-10-25 385 } a6fa6fae40ec33 Li Zefan 2010-10-25 386 :::::: The code at line 382 was first introduced by commit :::::: 2f19cad94cee3c9bd52d0c9ca584ef506302fb7c btrfs: zero out left over bytes after processing compression streams :::::: TO: Chris Mason <[email protected]> :::::: CC: Linus Torvalds <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
