CC: [email protected] CC: [email protected] CC: [email protected] TO: Ard Biesheuvel <[email protected]>
tree: git://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git arm-irq-stacks head: 85ec0bb9f3cc04ae3e961329ade49e19017b91d2 commit: 94c2069714b10e90ccfe2fbfc6337b33eabc80d9 [12/15] ARM: unwind: dump exception stack from calling frame :::::: branch date: 2 days ago :::::: commit date: 2 days ago config: arm-randconfig-c002-20210919 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project c8b3d7d6d6de37af68b2f379d0e37304f78e115f) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/commit/?id=94c2069714b10e90ccfe2fbfc6337b33eabc80d9 git remote add ardb git://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git git fetch --no-tags ardb arm-irq-stacks git checkout 94c2069714b10e90ccfe2fbfc6337b33eabc80d9 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~ fs/affs/bitmap.c:339:13: warning: Access to field 'b_data' results in a dereference of a null pointer (loaded from variable 'bh') [clang-analyzer-core.NullDereference] ((__be32 *)bh->b_data)[0] = 0; ^~ fs/affs/bitmap.c:247:39: note: 'bh' initialized to a null pointer value struct buffer_head *bmap_bh = NULL, *bh = NULL; ^~ fs/affs/bitmap.c:253:6: note: Assuming the condition is false if (*flags & SB_RDONLY) ^~~~~~~~~~~~~~~~~~ fs/affs/bitmap.c:253:2: note: Taking false branch if (*flags & SB_RDONLY) ^ fs/affs/bitmap.c:256:6: note: Assuming field 'bm_flag' is not equal to 0 if (!AFFS_ROOT_TAIL(sb, sbi->s_root_bh)->bm_flag) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/affs/bitmap.c:256:2: note: Taking false branch if (!AFFS_ROOT_TAIL(sb, sbi->s_root_bh)->bm_flag) { ^ fs/affs/bitmap.c:268:23: note: Calling 'kzalloc' bm = sbi->s_bitmap = kzalloc(size, GFP_KERNEL); ^~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:721:9: note: Calling 'kmalloc' return kmalloc(size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:579:2: note: Taking false branch if (__builtin_constant_p(size)) { ^ include/linux/slab.h:596:2: note: Returning pointer, which participates in a condition later return __kmalloc(size, flags); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:721:9: note: Returning from 'kmalloc' return kmalloc(size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:721:2: note: Returning pointer, which participates in a condition later return kmalloc(size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/affs/bitmap.c:268:23: note: Returning from 'kzalloc' bm = sbi->s_bitmap = kzalloc(size, GFP_KERNEL); ^~~~~~~~~~~~~~~~~~~~~~~~~ fs/affs/bitmap.c:269:6: note: Assuming field 's_bitmap' is non-null if (!sbi->s_bitmap) { ^~~~~~~~~~~~~~ fs/affs/bitmap.c:269:2: note: Taking false branch if (!sbi->s_bitmap) { ^ fs/affs/bitmap.c:278:30: note: Assuming 'i' is <= 0 for (i = sbi->s_bmap_count; i > 0; bm++, i--) { ^~~~~ fs/affs/bitmap.c:278:2: note: Loop condition is false. Execution continues on line 315 for (i = sbi->s_bmap_count; i > 0; bm++, i--) { ^ fs/affs/bitmap.c:317:2: note: Taking false branch pr_debug("last word: %d %d %d\n", offset, offset / 32 + 1, mask); ^ include/linux/printk.h:576:2: note: expanded from macro 'pr_debug' no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:131:2: note: expanded from macro 'no_printk' if (0) \ ^ fs/affs/bitmap.c:320:6: note: Assuming 'mask' is 0 if (mask) { ^~~~ fs/affs/bitmap.c:320:2: note: Taking false branch if (mask) { ^ fs/affs/bitmap.c:337:9: note: Assuming the condition is false while (++offset < sb->s_blocksize / 4) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/affs/bitmap.c:337:2: note: Loop condition is false. Execution continues on line 339 while (++offset < sb->s_blocksize / 4) ^ fs/affs/bitmap.c:339:13: note: Access to field 'b_data' results in a dereference of a null pointer (loaded from variable 'bh') ((__be32 *)bh->b_data)[0] = 0; ^~ Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (8 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. Suppressed 11 warnings (8 in non-user code, 3 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (8 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (3 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 17 warnings generated. >> arch/arm/kernel/traps.c:67:16: warning: Value stored to 'end' during its >> initialization is never read [clang-analyzer-deadcode.DeadStores] unsigned long end = frame + 4 + sizeof(struct pt_regs); ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/traps.c:67:16: note: Value stored to 'end' during its initialization is never read unsigned long end = frame + 4 + sizeof(struct pt_regs); ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/traps.c:184:4: warning: Value stored to 'p' is never read [clang-analyzer-deadcode.DeadStores] p += sprintf(p, "bad PC value"); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/traps.c:184:4: note: Value stored to 'p' is never read p += sprintf(p, "bad PC value"); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 15 warnings (8 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (8 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (8 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 14 warnings generated. kernel/rcu/refscale.c:619:4: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, "\n"); ^~~~~~ kernel/rcu/refscale.c:619:4: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, "\n"); ^~~~~~ kernel/rcu/refscale.c:620:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, buf1); ^~~~~~ kernel/rcu/refscale.c:620:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, buf1); ^~~~~~ kernel/rcu/refscale.c:624:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, "\n"); ^~~~~~ kernel/rcu/refscale.c:624:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, "\n"); ^~~~~~ kernel/rcu/refscale.c:703:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, "\n"); ^~~~~~ kernel/rcu/refscale.c:703:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, "\n"); ^~~~~~ kernel/rcu/refscale.c:704:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, "Runs\tTime(ns)\n"); ^~~~~~ kernel/rcu/refscale.c:704:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, "Runs\tTime(ns)\n"); ^~~~~~ kernel/rcu/refscale.c:715:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, buf1); ^~~~~~ kernel/rcu/refscale.c:715:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, buf1); ^~~~~~ Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. fs/eventfd.c:285:8: warning: Value stored to 'res' is never read [clang-analyzer-deadcode.DeadStores] for (res = 0;;) { ^ ~ fs/eventfd.c:285:8: note: Value stored to 'res' is never read for (res = 0;;) { ^ ~ Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. fs/userfaultfd.c:985:14: warning: Access to field 'flags' results in a dereference of a null pointer (loaded from variable 'new') [clang-analyzer-core.NullDereference] O_RDWR | (new->flags & UFFD_SHARED_FCNTL_FLAGS), inode); ^ fs/userfaultfd.c:1008:2: note: 'fork_nctx' initialized to a null pointer value struct userfaultfd_ctx *fork_nctx = NULL; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/userfaultfd.c:1013:2: note: Loop condition is true. Entering loop body for (;;) { vim +/end +67 arch/arm/kernel/traps.c ^1da177e4c3f41 Linus Torvalds 2005-04-16 63 5489ab50c22771 Dmitry Safonov 2020-06-08 64 void dump_backtrace_entry(unsigned long where, unsigned long from, 5489ab50c22771 Dmitry Safonov 2020-06-08 65 unsigned long frame, const char *loglvl) ^1da177e4c3f41 Linus Torvalds 2005-04-16 66 { 40ff1ddb557028 Vincent Whitchurch 2019-12-16 @67 unsigned long end = frame + 4 + sizeof(struct pt_regs); 40ff1ddb557028 Vincent Whitchurch 2019-12-16 68 :::::: The code at line 67 was first introduced by commit :::::: 40ff1ddb5570284e039e0ff14d7a859a73dc3673 ARM: 8948/1: Prevent OOB access in stacktrace :::::: TO: Vincent Whitchurch <[email protected]> :::::: CC: Russell King <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
