CC: [email protected]
CC: [email protected]
CC: [email protected]
TO: Ard Biesheuvel <[email protected]>
CC: Arnd Bergmann <[email protected]>

tree:   git://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git 
arm-vmap-stacks-v4
head:   311ad8e1c5904ed9cd8aee3eb1ec4f4966a0d756
commit: 4281481db9ece7c5b8f6359d54759a318e080a57 [5/16] ARM: unwind: dump 
exception stack from calling frame
:::::: branch date: 23 hours ago
:::::: commit date: 6 days ago
config: arm-randconfig-c002-20211119 (attached as .config)
reproduce (this is a W=1 build):
        wget 
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install arm cross compiling tool for clang build
        # apt-get install binutils-arm-linux-gnueabi
        # 
https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/commit/?id=4281481db9ece7c5b8f6359d54759a318e080a57
        git remote add ardb 
git://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git
        git fetch --no-tags ardb arm-vmap-stacks-v4
        git checkout 4281481db9ece7c5b8f6359d54759a318e080a57
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm 
clang-analyzer 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>


clang-analyzer warnings: (new ones prefixed by >>)
                               ^   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:22: note: Although the value stored to 'f' is used 
in the enclosing expression, the value is never actually read from 'f'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                               ^   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:26: warning: Although the value stored to 'g' is 
used in the enclosing expression, the value is never actually read from 'g' 
[clang-analyzer-deadcode.DeadStores]
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                   ^   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:26: note: Although the value stored to 'g' is used 
in the enclosing expression, the value is never actually read from 'g'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                   ^   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:30: warning: Although the value stored to 'h' is 
used in the enclosing expression, the value is never actually read from 'h' 
[clang-analyzer-deadcode.DeadStores]
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                       ^   ~~~~~~~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:30: note: Although the value stored to 'h' is used 
in the enclosing expression, the value is never actually read from 'h'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                       ^   ~~~~~~~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:34: warning: Although the value stored to 'ss1' is 
used in the enclosing expression, the value is never actually read from 'ss1' 
[clang-analyzer-deadcode.DeadStores]
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                           ^     ~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:34: note: Although the value stored to 'ss1' is 
used in the enclosing expression, the value is never actually read from 'ss1'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                           ^     ~~~~~~~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:40: warning: Although the value stored to 'ss2' is 
used in the enclosing expression, the value is never actually read from 'ss2' 
[clang-analyzer-deadcode.DeadStores]
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                                 ^     ~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:40: note: Although the value stored to 'ss2' is 
used in the enclosing expression, the value is never actually read from 'ss2'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                                 ^     ~~~~~~~~~~~~~
   crypto/sm3_generic.c:121:46: warning: Although the value stored to 'tt1' is 
used in the enclosing expression, the value is never actually read from 'tt1' 
[clang-analyzer-deadcode.DeadStores]
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                                       ^     ~~~~~~~
   crypto/sm3_generic.c:121:46: note: Although the value stored to 'tt1' is 
used in the enclosing expression, the value is never actually read from 'tt1'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                                       ^     ~~~~~~~
   crypto/sm3_generic.c:121:52: warning: Although the value stored to 'tt2' is 
used in the enclosing expression, the value is never actually read from 'tt2' 
[clang-analyzer-deadcode.DeadStores]
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                                             ^     ~
   crypto/sm3_generic.c:121:52: note: Although the value stored to 'tt2' is 
used in the enclosing expression, the value is never actually read from 'tt2'
           a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
                                                             ^     ~
   Suppressed 1 warnings (1 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   2 warnings generated.
   drivers/video/backlight/qcom-wled.c:1124:3: warning: Value stored to 'rc' is 
never read [clang-analyzer-deadcode.DeadStores]
                   rc = regmap_update_bits(wled->regmap, addr,
                   ^    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/video/backlight/qcom-wled.c:1124:3: note: Value stored to 'rc' is 
never read
                   rc = regmap_update_bits(wled->regmap, addr,
                   ^    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   Suppressed 1 warnings (1 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   1 warning generated.
   Suppressed 1 warnings (1 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   7 warnings generated.
   drivers/video/backlight/sky81452-backlight.c:129:5: warning: Call to 
function 'strcat' is insecure as it does not provide bounding of the memory 
buffer. Replace unbounded copy functions with analogous functions that support 
length arguments such as 'strlcat'. CWE-119 
[clang-analyzer-security.insecureAPI.strcpy]
                                   strcat(buf, tmp);
                                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:129:5: note: Call to function 
'strcat' is insecure as it does not provide bounding of the memory buffer. 
Replace unbounded copy functions with analogous functions that support length 
arguments such as 'strlcat'. CWE-119
                                   strcat(buf, tmp);
                                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:133:3: warning: Call to 
function 'strcat' is insecure as it does not provide bounding of the memory 
buffer. Replace unbounded copy functions with analogous functions that support 
length arguments such as 'strlcat'. CWE-119 
[clang-analyzer-security.insecureAPI.strcpy]
                   strcat(buf, "\n");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:133:3: note: Call to function 
'strcat' is insecure as it does not provide bounding of the memory buffer. 
Replace unbounded copy functions with analogous functions that support length 
arguments such as 'strlcat'. CWE-119
                   strcat(buf, "\n");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:135:3: warning: Call to 
function 'strcpy' is insecure as it does not provide bounding of the memory 
buffer. Replace unbounded copy functions with analogous functions that support 
length arguments such as 'strlcpy'. CWE-119 
[clang-analyzer-security.insecureAPI.strcpy]
                   strcpy(buf, "none\n");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:135:3: note: Call to function 
'strcpy' is insecure as it does not provide bounding of the memory buffer. 
Replace unbounded copy functions with analogous functions that support length 
arguments such as 'strlcpy'. CWE-119
                   strcpy(buf, "none\n");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:155:3: warning: Call to 
function 'strcat' is insecure as it does not provide bounding of the memory 
buffer. Replace unbounded copy functions with analogous functions that support 
length arguments such as 'strlcat'. CWE-119 
[clang-analyzer-security.insecureAPI.strcpy]
                   strcat(buf, "over-current ");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:155:3: note: Call to function 
'strcat' is insecure as it does not provide bounding of the memory buffer. 
Replace unbounded copy functions with analogous functions that support length 
arguments such as 'strlcat'. CWE-119
                   strcat(buf, "over-current ");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:158:3: warning: Call to 
function 'strcat' is insecure as it does not provide bounding of the memory 
buffer. Replace unbounded copy functions with analogous functions that support 
length arguments such as 'strlcat'. CWE-119 
[clang-analyzer-security.insecureAPI.strcpy]
                   strcat(buf, "over-temperature");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:158:3: note: Call to function 
'strcat' is insecure as it does not provide bounding of the memory buffer. 
Replace unbounded copy functions with analogous functions that support length 
arguments such as 'strlcat'. CWE-119
                   strcat(buf, "over-temperature");
                   ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:160:2: warning: Call to 
function 'strcat' is insecure as it does not provide bounding of the memory 
buffer. Replace unbounded copy functions with analogous functions that support 
length arguments such as 'strlcat'. CWE-119 
[clang-analyzer-security.insecureAPI.strcpy]
           strcat(buf, "\n");
           ^~~~~~
   drivers/video/backlight/sky81452-backlight.c:160:2: note: Call to function 
'strcat' is insecure as it does not provide bounding of the memory buffer. 
Replace unbounded copy functions with analogous functions that support length 
arguments such as 'strlcat'. CWE-119
           strcat(buf, "\n");
           ^~~~~~
   Suppressed 1 warnings (1 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   2 warnings generated.
   Suppressed 2 warnings (1 in non-user code, 1 with check filters).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   2 warnings generated.
   Suppressed 2 warnings (1 in non-user code, 1 with check filters).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   13 warnings generated.
>> arch/arm/kernel/traps.c:67:16: warning: Value stored to 'end' during its 
>> initialization is never read [clang-analyzer-deadcode.DeadStores]
           unsigned long end = frame + 4 + sizeof(struct pt_regs);
                         ^~~   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/arm/kernel/traps.c:67:16: note: Value stored to 'end' during its 
initialization is never read
           unsigned long end = frame + 4 + sizeof(struct pt_regs);
                         ^~~   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/arm/kernel/traps.c:184:4: warning: Value stored to 'p' is never read 
[clang-analyzer-deadcode.DeadStores]
                           p += sprintf(p, "bad PC value");
                           ^    ~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/arm/kernel/traps.c:184:4: note: Value stored to 'p' is never read
                           p += sprintf(p, "bad PC value");
                           ^    ~~~~~~~~~~~~~~~~~~~~~~~~~~
   Suppressed 11 warnings (11 with check filters).
   1 warning generated.
   Suppressed 1 warnings (1 with check filters).
   3 warnings generated.
   Suppressed 3 warnings (3 with check filters).
   1 warning generated.
   arch/arm/kernel/devtree.c:232:6: warning: Access to field 'dt_fixup' results 
in a dereference of a null pointer (loaded from variable 'mdesc') 
[clang-analyzer-core.NullDereference]
           if (mdesc->dt_fixup)
               ^~~~~
   arch/arm/kernel/devtree.c:206:6: note: Assuming 'dt_virt' is non-null
           if (!dt_virt || !early_init_dt_verify(dt_virt))
               ^~~~~~~~
   arch/arm/kernel/devtree.c:206:6: note: Left side of '||' is false
   arch/arm/kernel/devtree.c:206:18: note: Assuming the condition is false
           if (!dt_virt || !early_init_dt_verify(dt_virt))
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/arm/kernel/devtree.c:206:2: note: Taking false branch
           if (!dt_virt || !early_init_dt_verify(dt_virt))
           ^
   arch/arm/kernel/devtree.c:209:2: note: Value assigned to 'mdesc'
           mdesc = of_flat_dt_match_machine(mdesc_best, arch_get_next_mach);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/arm/kernel/devtree.c:211:6: note: Assuming 'mdesc' is null
           if (!mdesc) {
               ^~~~~~
   arch/arm/kernel/devtree.c:211:2: note: Taking true branch
           if (!mdesc) {
           ^
   arch/arm/kernel/devtree.c:221:10: note: Assuming 'size' is <= 0
                   while (size > 0) {
                          ^~~~~~~~
   arch/arm/kernel/devtree.c:221:3: note: Loop condition is false. Execution 
continues on line 226
                   while (size > 0) {
                   ^
   arch/arm/kernel/devtree.c:232:6: note: Access to field 'dt_fixup' results in 
a dereference of a null pointer (loaded from variable 'mdesc')
           if (mdesc->dt_fixup)
               ^~~~~
   1 warning generated.
   Suppressed 1 warnings (1 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   1 warning generated.
   Suppressed 1 warnings (1 in non-user code).
   Use -header-filter=.* to display errors from all non-system headers. Use 
-system-headers to display errors from system headers as well.
   1 warning generated.
   drivers/gpio/gpio-xilinx.c:101:13: warning: The left expression of the 
compound assignment is an uninitialized value. The computed value will also be 
garbage [clang-analyzer-core.uninitialized.Assign]
           map[index] &= ~(0xFFFFFFFFul << offset);
                      ^
   drivers/gpio/gpio-xilinx.c:162:2: note: Calling 'xgpio_read_ch'
           xgpio_read_ch(chip, XGPIO_DATA_OFFSET, bit, state);
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/gpio/gpio-xilinx.c:120:2: note: Calling 'xgpio_set_value32'
           xgpio_set_value32(a, bit, xgpio_readreg(addr));
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/gpio/gpio-xilinx.c:98:2: note: 'index' initialized here
           const size_t index = BIT_WORD(bit);
           ^~~~~~~~~~~~~~~~~~
   drivers/gpio/gpio-xilinx.c:101:13: note: The left expression of the compound 
assignment is an uninitialized value. The computed value will also be garbage
           map[index] &= ~(0xFFFFFFFFul << offset);
           ~~~~~~~~~~ ^
   3 warnings generated.
   drivers/pwm/core.c:427:20: warning: Value stored to 'last' during its 
initialization is never read [clang-analyzer-deadcode.DeadStores]
           struct pwm_state *last = &pwm->last;
                             ^~~~   ~~~~~~~~~~
   drivers/pwm/core.c:427:20: note: Value stored to 'last' during its 
initialization is never read
           struct pwm_state *last = &pwm->last;
                             ^~~~   ~~~~~~~~~~
   drivers/pwm/core.c:428:19: warning: Value stored to 'chip' during its 
initialization is never read [clang-analyzer-deadcode.DeadStores]
           struct pwm_chip *chip = pwm->chip;
                            ^~~~   ~~~~~~~~~
   drivers/pwm/core.c:428:19: note: Value stored to 'chip' during its 
initialization is never read
           struct pwm_chip *chip = pwm->chip;
                            ^~~~   ~~~~~~~~~
   drivers/pwm/core.c:825:13: warning: Access to field 'name' results in a 
dereference of a null pointer (loaded from variable 'np') 
[clang-analyzer-core.NullDereference]
                           con_id = np->name;
                                    ^
   drivers/pwm/core.c:1157:6: note: Assuming the condition is true
           if (is_of_node(fwnode))
               ^~~~~~~~~~~~~~~~~~
   drivers/pwm/core.c:1157:2: note: Taking true branch
           if (is_of_node(fwnode))
           ^
   drivers/pwm/core.c:1158:25: note: Assuming the condition is false
                   pwm = of_pwm_get(dev, to_of_node(fwnode), con_id);
                                         ^
   include/linux/of.h:164:3: note: expanded from macro 'to_of_node'
                   is_of_node(__to_of_node_fwnode) ?                       \
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   drivers/pwm/core.c:1158:25: note: '?' condition is false
                   pwm = of_pwm_get(dev, to_of_node(fwnode), con_id);

vim +/end +67 arch/arm/kernel/traps.c

^1da177e4c3f41 Linus Torvalds     2005-04-16  63  
5489ab50c22771 Dmitry Safonov     2020-06-08  64  void 
dump_backtrace_entry(unsigned long where, unsigned long from,
5489ab50c22771 Dmitry Safonov     2020-06-08  65                          
unsigned long frame, const char *loglvl)
^1da177e4c3f41 Linus Torvalds     2005-04-16  66  {
40ff1ddb557028 Vincent Whitchurch 2019-12-16 @67        unsigned long end = 
frame + 4 + sizeof(struct pt_regs);
40ff1ddb557028 Vincent Whitchurch 2019-12-16  68  

:::::: The code at line 67 was first introduced by commit
:::::: 40ff1ddb5570284e039e0ff14d7a859a73dc3673 ARM: 8948/1: Prevent OOB access 
in stacktrace

:::::: TO: Vincent Whitchurch <[email protected]>
:::::: CC: Russell King <[email protected]>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]

Attachment: .config.gz
Description: application/gzip

_______________________________________________
kbuild mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to