CC: [email protected] CC: [email protected] CC: [email protected] TO: "Darrick J. Wong" <[email protected]> CC: Chandan Babu R <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 761c6d7ec820f123b931e7b8ef7ec7c8564e450f commit: 27c14b5daa82861220d6fa6e27b51f05f21ffaa7 xfs: ensure inobt record walks always make forward progress date: 9 months ago :::::: branch date: 25 hours ago :::::: commit date: 9 months ago config: x86_64-randconfig-c001-20210810 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project c5c3cdb9c92895a63993cee70d2dd776ff9519c3) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27c14b5daa82861220d6fa6e27b51f05f21ffaa7 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 27c14b5daa82861220d6fa6e27b51f05f21ffaa7 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~ fs/xfs/libxfs/xfs_iext_tree.c:524:2: note: Loop condition is false. Execution continues on line 528 for (i = nr_entries; i > pos; i--) { ^ fs/xfs/libxfs/xfs_iext_tree.c:528:18: note: Array access (via field 'keys') results in a null pointer dereference node->keys[pos] = offset; ~~~~ ^ fs/xfs/libxfs/xfs_iext_tree.c:661:24: warning: Array access (via field 'recs') results in a null pointer dereference [clang-analyzer-core.NullDereference] cur->leaf->recs[i] = cur->leaf->recs[i - 1]; ^ ~~~~ fs/xfs/libxfs/xfs_iext_tree.c:638:6: note: Assuming field 'if_height' is not equal to 0 if (ifp->if_height == 0) ^~~~~~~~~~~~~~~~~~~ fs/xfs/libxfs/xfs_iext_tree.c:638:2: note: Taking false branch if (ifp->if_height == 0) ^ fs/xfs/libxfs/xfs_iext_tree.c:640:11: note: Assuming field 'if_height' is not equal to 1 else if (ifp->if_height == 1) ^~~~~~~~~~~~~~~~~~~ fs/xfs/libxfs/xfs_iext_tree.c:640:7: note: Taking false branch else if (ifp->if_height == 1) ^ fs/xfs/libxfs/xfs_iext_tree.c:648:6: note: Assuming 'nr_entries' is not equal to RECS_PER_LEAF if (nr_entries == RECS_PER_LEAF) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/xfs/libxfs/xfs_iext_tree.c:648:2: note: Taking false branch if (nr_entries == RECS_PER_LEAF) ^ fs/xfs/libxfs/xfs_iext_tree.c:655:6: note: Assuming 'new' is equal to field 'leaf' if (cur->leaf != new && cur->pos == 0 && nr_entries > 0) { ^~~~~~~~~~~~~~~~ fs/xfs/libxfs/xfs_iext_tree.c:655:23: note: Left side of '&&' is false if (cur->leaf != new && cur->pos == 0 && nr_entries > 0) { ^ fs/xfs/libxfs/xfs_iext_tree.c:660:23: note: Assuming 'i' is > field 'pos' for (i = nr_entries; i > cur->pos; i--) ^~~~~~~~~~~~ fs/xfs/libxfs/xfs_iext_tree.c:660:2: note: Loop condition is true. Entering loop body for (i = nr_entries; i > cur->pos; i--) ^ fs/xfs/libxfs/xfs_iext_tree.c:661:24: note: Array access (via field 'recs') results in a null pointer dereference cur->leaf->recs[i] = cur->leaf->recs[i - 1]; ^ ~~~~ Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. drivers/acpi/ac.c:259:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(acpi_device_name(device), ACPI_AC_DEVICE_NAME); ^~~~~~ drivers/acpi/ac.c:259:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(acpi_device_name(device), ACPI_AC_DEVICE_NAME); ^~~~~~ drivers/acpi/ac.c:260:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(acpi_device_class(device), ACPI_AC_CLASS); ^~~~~~ drivers/acpi/ac.c:260:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(acpi_device_class(device), ACPI_AC_CLASS); ^~~~~~ Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. >> fs/xfs/xfs_iwalk.c:365:2: warning: Value stored to 'irec' is never read >> [clang-analyzer-deadcode.DeadStores] irec = &iwag->recs[iwag->nr_recs - 1]; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/xfs/xfs_iwalk.c:365:2: note: Value stored to 'irec' is never read irec = &iwag->recs[iwag->nr_recs - 1]; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 9 warnings (8 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. fs/ntfs/dir.c:1107:2: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores] rc = err = 0; ^ ~~~~~~~ fs/ntfs/dir.c:1107:2: note: Value stored to 'rc' is never read rc = err = 0; ^ ~~~~~~~ fs/ntfs/dir.c:1306:36: warning: Access to field 'magic' results in a dereference of a null pointer (loaded from variable 'ia') [clang-analyzer-core.NullDereference] if (unlikely(!ntfs_is_indx_record(ia->magic))) { ^ fs/ntfs/layout.h:139:50: note: expanded from macro 'ntfs_is_indx_record' #define ntfs_is_indx_record(x) ( ntfs_is_magic (x, INDX) ) ^ fs/ntfs/layout.h:124:45: note: expanded from macro 'ntfs_is_magic' #define ntfs_is_magic(x, m) __ntfs_is_magic(x, magic_##m) ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ fs/ntfs/dir.c:1110:6: note: Assuming the condition is false if (actor->pos >= i_size + vol->mft_record_size) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ntfs/dir.c:1110:2: note: Taking false branch if (actor->pos >= i_size + vol->mft_record_size) ^ fs/ntfs/dir.c:1113:7: note: Calling 'dir_emit_dots' if (!dir_emit_dots(file, actor)) ^~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fs.h:3405:6: note: Assuming field 'pos' is not equal to 0 if (ctx->pos == 0) { ^~~~~~~~~~~~~ include/linux/fs.h:3405:2: note: Taking false branch if (ctx->pos == 0) { ^ include/linux/fs.h:3410:6: note: Assuming field 'pos' is not equal to 1 if (ctx->pos == 1) { ^~~~~~~~~~~~~ include/linux/fs.h:3410:2: note: Taking false branch if (ctx->pos == 1) { ^ include/linux/fs.h:3415:2: note: Returning the value 1, which participates in a condition later return true; ^~~~~~~~~~~ fs/ntfs/dir.c:1113:7: note: Returning from 'dir_emit_dots' if (!dir_emit_dots(file, actor)) ^~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ntfs/dir.c:1113:2: note: Taking false branch if (!dir_emit_dots(file, actor)) ^ fs/ntfs/dir.c:1122:15: note: Assuming 'name' is non-null if (unlikely(!name)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ fs/ntfs/dir.c:1122:2: note: Taking false branch if (unlikely(!name)) { ^ fs/ntfs/dir.c:1127:6: note: Assuming field 'pos' is >= field 'mft_record_size' if (actor->pos >= vol->mft_record_size) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ntfs/dir.c:1127:2: note: Taking true branch if (actor->pos >= vol->mft_record_size) ^ fs/ntfs/dir.c:1128:3: note: Control jumps to line 1215 goto skip_index_root; ^ fs/ntfs/dir.c:1215:2: note: Null pointer value stored to 'kaddr' kaddr = NULL; ^~~~~~~~~~~~ fs/ntfs/dir.c:1222:6: note: Calling 'IS_ERR' if (IS_ERR(bmp_vi)) { ^~~~~~~~~~~~~~ include/linux/err.h:36:9: note: Assuming the condition is false return IS_ERR_VALUE((unsigned long)ptr); ^ include/linux/err.h:22:34: note: expanded from macro 'IS_ERR_VALUE' #define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO) ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/err.h:36:2: note: Returning zero, which participates in a condition later return IS_ERR_VALUE((unsigned long)ptr); vim +/irec +365 fs/xfs/xfs_iwalk.c a211432c27ffa3 Darrick J. Wong 2019-07-02 336 a211432c27ffa3 Darrick J. Wong 2019-07-02 337 /* a211432c27ffa3 Darrick J. Wong 2019-07-02 338 * The inobt record cache is full, so preserve the inobt cursor state and a211432c27ffa3 Darrick J. Wong 2019-07-02 339 * run callbacks on the cached inobt records. When we're done, restore the a211432c27ffa3 Darrick J. Wong 2019-07-02 340 * cursor state to wherever the cursor would have been had the cache not been a211432c27ffa3 Darrick J. Wong 2019-07-02 341 * full (and therefore we could've just incremented the cursor) if *@has_more a211432c27ffa3 Darrick J. Wong 2019-07-02 342 * is true. On exit, *@has_more will indicate whether or not the caller should a211432c27ffa3 Darrick J. Wong 2019-07-02 343 * try for more inode records. a211432c27ffa3 Darrick J. Wong 2019-07-02 344 */ a211432c27ffa3 Darrick J. Wong 2019-07-02 345 STATIC int a211432c27ffa3 Darrick J. Wong 2019-07-02 346 xfs_iwalk_run_callbacks( a211432c27ffa3 Darrick J. Wong 2019-07-02 347 struct xfs_iwalk_ag *iwag, a211432c27ffa3 Darrick J. Wong 2019-07-02 348 xfs_agnumber_t agno, a211432c27ffa3 Darrick J. Wong 2019-07-02 349 struct xfs_btree_cur **curpp, a211432c27ffa3 Darrick J. Wong 2019-07-02 350 struct xfs_buf **agi_bpp, a211432c27ffa3 Darrick J. Wong 2019-07-02 351 int *has_more) a211432c27ffa3 Darrick J. Wong 2019-07-02 352 { a211432c27ffa3 Darrick J. Wong 2019-07-02 353 struct xfs_mount *mp = iwag->mp; a211432c27ffa3 Darrick J. Wong 2019-07-02 354 struct xfs_trans *tp = iwag->tp; a211432c27ffa3 Darrick J. Wong 2019-07-02 355 struct xfs_inobt_rec_incore *irec; 27c14b5daa8286 Darrick J. Wong 2020-11-14 356 xfs_agino_t next_agino; a211432c27ffa3 Darrick J. Wong 2019-07-02 357 int error; a211432c27ffa3 Darrick J. Wong 2019-07-02 358 27c14b5daa8286 Darrick J. Wong 2020-11-14 359 next_agino = XFS_INO_TO_AGINO(mp, iwag->lastino) + 1; 27c14b5daa8286 Darrick J. Wong 2020-11-14 360 a211432c27ffa3 Darrick J. Wong 2019-07-02 361 ASSERT(iwag->nr_recs > 0); a211432c27ffa3 Darrick J. Wong 2019-07-02 362 a211432c27ffa3 Darrick J. Wong 2019-07-02 363 /* Delete cursor but remember the last record we cached... */ a211432c27ffa3 Darrick J. Wong 2019-07-02 364 xfs_iwalk_del_inobt(tp, curpp, agi_bpp, 0); a211432c27ffa3 Darrick J. Wong 2019-07-02 @365 irec = &iwag->recs[iwag->nr_recs - 1]; 27c14b5daa8286 Darrick J. Wong 2020-11-14 366 ASSERT(next_agino == irec->ir_startino + XFS_INODES_PER_CHUNK); a211432c27ffa3 Darrick J. Wong 2019-07-02 367 a211432c27ffa3 Darrick J. Wong 2019-07-02 368 error = xfs_iwalk_ag_recs(iwag); a211432c27ffa3 Darrick J. Wong 2019-07-02 369 if (error) a211432c27ffa3 Darrick J. Wong 2019-07-02 370 return error; a211432c27ffa3 Darrick J. Wong 2019-07-02 371 a211432c27ffa3 Darrick J. Wong 2019-07-02 372 /* ...empty the cache... */ a211432c27ffa3 Darrick J. Wong 2019-07-02 373 iwag->nr_recs = 0; a211432c27ffa3 Darrick J. Wong 2019-07-02 374 a211432c27ffa3 Darrick J. Wong 2019-07-02 375 if (!has_more) a211432c27ffa3 Darrick J. Wong 2019-07-02 376 return 0; a211432c27ffa3 Darrick J. Wong 2019-07-02 377 a211432c27ffa3 Darrick J. Wong 2019-07-02 378 /* ...and recreate the cursor just past where we left off. */ a211432c27ffa3 Darrick J. Wong 2019-07-02 379 error = xfs_inobt_cur(mp, tp, agno, XFS_BTNUM_INO, curpp, agi_bpp); a211432c27ffa3 Darrick J. Wong 2019-07-02 380 if (error) a211432c27ffa3 Darrick J. Wong 2019-07-02 381 return error; a211432c27ffa3 Darrick J. Wong 2019-07-02 382 27c14b5daa8286 Darrick J. Wong 2020-11-14 383 return xfs_inobt_lookup(*curpp, next_agino, XFS_LOOKUP_GE, has_more); a211432c27ffa3 Darrick J. Wong 2019-07-02 384 } a211432c27ffa3 Darrick J. Wong 2019-07-02 385 :::::: The code at line 365 was first introduced by commit :::::: a211432c27ffa32d9978f6c18f5af0c3f8ad2ad1 xfs: create simplified inode walk function :::::: TO: Darrick J. Wong <[email protected]> :::::: CC: Darrick J. Wong <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
