CC: [email protected] CC: [email protected] CC: [email protected] TO: Ard Biesheuvel <[email protected]> CC: Arnd Bergmann <[email protected]>
tree: git://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git
arm-vmap-stacks-v4
head: 311ad8e1c5904ed9cd8aee3eb1ec4f4966a0d756
commit: 4281481db9ece7c5b8f6359d54759a318e080a57 [5/16] ARM: unwind: dump
exception stack from calling frame
:::::: branch date: 23 hours ago
:::::: commit date: 6 days ago
config: arm-randconfig-c002-20211119 (attached as .config)
reproduce (this is a W=1 build):
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
#
https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/commit/?id=4281481db9ece7c5b8f6359d54759a318e080a57
git remote add ardb
git://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git
git fetch --no-tags ardb arm-vmap-stacks-v4
git checkout 4281481db9ece7c5b8f6359d54759a318e080a57
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm
clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
clang-analyzer warnings: (new ones prefixed by >>)
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:22: note: Although the value stored to 'f' is used
in the enclosing expression, the value is never actually read from 'f'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:26: warning: Although the value stored to 'g' is
used in the enclosing expression, the value is never actually read from 'g'
[clang-analyzer-deadcode.DeadStores]
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:26: note: Although the value stored to 'g' is used
in the enclosing expression, the value is never actually read from 'g'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:30: warning: Although the value stored to 'h' is
used in the enclosing expression, the value is never actually read from 'h'
[clang-analyzer-deadcode.DeadStores]
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:30: note: Although the value stored to 'h' is used
in the enclosing expression, the value is never actually read from 'h'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:34: warning: Although the value stored to 'ss1' is
used in the enclosing expression, the value is never actually read from 'ss1'
[clang-analyzer-deadcode.DeadStores]
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:34: note: Although the value stored to 'ss1' is
used in the enclosing expression, the value is never actually read from 'ss1'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~~~~~~~
crypto/sm3_generic.c:121:40: warning: Although the value stored to 'ss2' is
used in the enclosing expression, the value is never actually read from 'ss2'
[clang-analyzer-deadcode.DeadStores]
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~
crypto/sm3_generic.c:121:40: note: Although the value stored to 'ss2' is
used in the enclosing expression, the value is never actually read from 'ss2'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~~~~~~~
crypto/sm3_generic.c:121:46: warning: Although the value stored to 'tt1' is
used in the enclosing expression, the value is never actually read from 'tt1'
[clang-analyzer-deadcode.DeadStores]
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~
crypto/sm3_generic.c:121:46: note: Although the value stored to 'tt1' is
used in the enclosing expression, the value is never actually read from 'tt1'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~~~~~~~
crypto/sm3_generic.c:121:52: warning: Although the value stored to 'tt2' is
used in the enclosing expression, the value is never actually read from 'tt2'
[clang-analyzer-deadcode.DeadStores]
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~
crypto/sm3_generic.c:121:52: note: Although the value stored to 'tt2' is
used in the enclosing expression, the value is never actually read from 'tt2'
a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
^ ~
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
2 warnings generated.
drivers/video/backlight/qcom-wled.c:1124:3: warning: Value stored to 'rc' is
never read [clang-analyzer-deadcode.DeadStores]
rc = regmap_update_bits(wled->regmap, addr,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/video/backlight/qcom-wled.c:1124:3: note: Value stored to 'rc' is
never read
rc = regmap_update_bits(wled->regmap, addr,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
7 warnings generated.
drivers/video/backlight/sky81452-backlight.c:129:5: warning: Call to
function 'strcat' is insecure as it does not provide bounding of the memory
buffer. Replace unbounded copy functions with analogous functions that support
length arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(buf, tmp);
^~~~~~
drivers/video/backlight/sky81452-backlight.c:129:5: note: Call to function
'strcat' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(buf, tmp);
^~~~~~
drivers/video/backlight/sky81452-backlight.c:133:3: warning: Call to
function 'strcat' is insecure as it does not provide bounding of the memory
buffer. Replace unbounded copy functions with analogous functions that support
length arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(buf, "\n");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:133:3: note: Call to function
'strcat' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(buf, "\n");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:135:3: warning: Call to
function 'strcpy' is insecure as it does not provide bounding of the memory
buffer. Replace unbounded copy functions with analogous functions that support
length arguments such as 'strlcpy'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcpy(buf, "none\n");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:135:3: note: Call to function
'strcpy' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcpy'. CWE-119
strcpy(buf, "none\n");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:155:3: warning: Call to
function 'strcat' is insecure as it does not provide bounding of the memory
buffer. Replace unbounded copy functions with analogous functions that support
length arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(buf, "over-current ");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:155:3: note: Call to function
'strcat' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(buf, "over-current ");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:158:3: warning: Call to
function 'strcat' is insecure as it does not provide bounding of the memory
buffer. Replace unbounded copy functions with analogous functions that support
length arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(buf, "over-temperature");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:158:3: note: Call to function
'strcat' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(buf, "over-temperature");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:160:2: warning: Call to
function 'strcat' is insecure as it does not provide bounding of the memory
buffer. Replace unbounded copy functions with analogous functions that support
length arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(buf, "\n");
^~~~~~
drivers/video/backlight/sky81452-backlight.c:160:2: note: Call to function
'strcat' is insecure as it does not provide bounding of the memory buffer.
Replace unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(buf, "\n");
^~~~~~
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (1 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (1 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
13 warnings generated.
>> arch/arm/kernel/traps.c:67:16: warning: Value stored to 'end' during its
>> initialization is never read [clang-analyzer-deadcode.DeadStores]
unsigned long end = frame + 4 + sizeof(struct pt_regs);
^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/arm/kernel/traps.c:67:16: note: Value stored to 'end' during its
initialization is never read
unsigned long end = frame + 4 + sizeof(struct pt_regs);
^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/arm/kernel/traps.c:184:4: warning: Value stored to 'p' is never read
[clang-analyzer-deadcode.DeadStores]
p += sprintf(p, "bad PC value");
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/arm/kernel/traps.c:184:4: note: Value stored to 'p' is never read
p += sprintf(p, "bad PC value");
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 11 warnings (11 with check filters).
1 warning generated.
Suppressed 1 warnings (1 with check filters).
3 warnings generated.
Suppressed 3 warnings (3 with check filters).
1 warning generated.
arch/arm/kernel/devtree.c:232:6: warning: Access to field 'dt_fixup' results
in a dereference of a null pointer (loaded from variable 'mdesc')
[clang-analyzer-core.NullDereference]
if (mdesc->dt_fixup)
^~~~~
arch/arm/kernel/devtree.c:206:6: note: Assuming 'dt_virt' is non-null
if (!dt_virt || !early_init_dt_verify(dt_virt))
^~~~~~~~
arch/arm/kernel/devtree.c:206:6: note: Left side of '||' is false
arch/arm/kernel/devtree.c:206:18: note: Assuming the condition is false
if (!dt_virt || !early_init_dt_verify(dt_virt))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/arm/kernel/devtree.c:206:2: note: Taking false branch
if (!dt_virt || !early_init_dt_verify(dt_virt))
^
arch/arm/kernel/devtree.c:209:2: note: Value assigned to 'mdesc'
mdesc = of_flat_dt_match_machine(mdesc_best, arch_get_next_mach);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/arm/kernel/devtree.c:211:6: note: Assuming 'mdesc' is null
if (!mdesc) {
^~~~~~
arch/arm/kernel/devtree.c:211:2: note: Taking true branch
if (!mdesc) {
^
arch/arm/kernel/devtree.c:221:10: note: Assuming 'size' is <= 0
while (size > 0) {
^~~~~~~~
arch/arm/kernel/devtree.c:221:3: note: Loop condition is false. Execution
continues on line 226
while (size > 0) {
^
arch/arm/kernel/devtree.c:232:6: note: Access to field 'dt_fixup' results in
a dereference of a null pointer (loaded from variable 'mdesc')
if (mdesc->dt_fixup)
^~~~~
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use
-system-headers to display errors from system headers as well.
1 warning generated.
drivers/gpio/gpio-xilinx.c:101:13: warning: The left expression of the
compound assignment is an uninitialized value. The computed value will also be
garbage [clang-analyzer-core.uninitialized.Assign]
map[index] &= ~(0xFFFFFFFFul << offset);
^
drivers/gpio/gpio-xilinx.c:162:2: note: Calling 'xgpio_read_ch'
xgpio_read_ch(chip, XGPIO_DATA_OFFSET, bit, state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpio/gpio-xilinx.c:120:2: note: Calling 'xgpio_set_value32'
xgpio_set_value32(a, bit, xgpio_readreg(addr));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/gpio/gpio-xilinx.c:98:2: note: 'index' initialized here
const size_t index = BIT_WORD(bit);
^~~~~~~~~~~~~~~~~~
drivers/gpio/gpio-xilinx.c:101:13: note: The left expression of the compound
assignment is an uninitialized value. The computed value will also be garbage
map[index] &= ~(0xFFFFFFFFul << offset);
~~~~~~~~~~ ^
3 warnings generated.
drivers/pwm/core.c:427:20: warning: Value stored to 'last' during its
initialization is never read [clang-analyzer-deadcode.DeadStores]
struct pwm_state *last = &pwm->last;
^~~~ ~~~~~~~~~~
drivers/pwm/core.c:427:20: note: Value stored to 'last' during its
initialization is never read
struct pwm_state *last = &pwm->last;
^~~~ ~~~~~~~~~~
drivers/pwm/core.c:428:19: warning: Value stored to 'chip' during its
initialization is never read [clang-analyzer-deadcode.DeadStores]
struct pwm_chip *chip = pwm->chip;
^~~~ ~~~~~~~~~
drivers/pwm/core.c:428:19: note: Value stored to 'chip' during its
initialization is never read
struct pwm_chip *chip = pwm->chip;
^~~~ ~~~~~~~~~
drivers/pwm/core.c:825:13: warning: Access to field 'name' results in a
dereference of a null pointer (loaded from variable 'np')
[clang-analyzer-core.NullDereference]
con_id = np->name;
^
drivers/pwm/core.c:1157:6: note: Assuming the condition is true
if (is_of_node(fwnode))
^~~~~~~~~~~~~~~~~~
drivers/pwm/core.c:1157:2: note: Taking true branch
if (is_of_node(fwnode))
^
drivers/pwm/core.c:1158:25: note: Assuming the condition is false
pwm = of_pwm_get(dev, to_of_node(fwnode), con_id);
^
include/linux/of.h:164:3: note: expanded from macro 'to_of_node'
is_of_node(__to_of_node_fwnode) ? \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/pwm/core.c:1158:25: note: '?' condition is false
pwm = of_pwm_get(dev, to_of_node(fwnode), con_id);
vim +/end +67 arch/arm/kernel/traps.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 63
5489ab50c22771 Dmitry Safonov 2020-06-08 64 void
dump_backtrace_entry(unsigned long where, unsigned long from,
5489ab50c22771 Dmitry Safonov 2020-06-08 65
unsigned long frame, const char *loglvl)
^1da177e4c3f41 Linus Torvalds 2005-04-16 66 {
40ff1ddb557028 Vincent Whitchurch 2019-12-16 @67 unsigned long end =
frame + 4 + sizeof(struct pt_regs);
40ff1ddb557028 Vincent Whitchurch 2019-12-16 68
:::::: The code at line 67 was first introduced by commit
:::::: 40ff1ddb5570284e039e0ff14d7a859a73dc3673 ARM: 8948/1: Prevent OOB access
in stacktrace
:::::: TO: Vincent Whitchurch <[email protected]>
:::::: CC: Russell King <[email protected]>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
