CC: [email protected] CC: [email protected] CC: [email protected] TO: Chris Down <[email protected]> CC: Petr Mladek <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 923dcc5eb0c111eccd51cc7ce1658537e3c38b25 commit: 337015573718b161891a3473d25f59273f2e626b printk: Userspace format indexing support date: 4 months ago :::::: branch date: 25 hours ago :::::: commit date: 4 months ago config: arm-randconfig-c002-20210928 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project dc6e8dfdfe7efecfda318d43a06fae18b40eb498) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=337015573718b161891a3473d25f59273f2e626b git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 337015573718b161891a3473d25f59273f2e626b # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:753:20: note: '?' condition is true if (nr == _IOC_NR(HL_IOCTL_INFO)) { ^ include/uapi/misc/habanalabs.h:1053:3: note: expanded from macro 'HL_IOCTL_INFO' _IOWR('H', 0x01, struct hl_info_args) ^ include/uapi/asm-generic/ioctl.h:88:68: note: expanded from macro '_IOWR' #define _IOWR(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),(_IOC_TYPECHECK(size))) ^ include/asm-generic/ioctl.h:13:3: note: expanded from macro '_IOC_TYPECHECK' ((sizeof(t) == sizeof(t[1]) && \ ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:753:6: note: Assuming the condition is true if (nr == _IOC_NR(HL_IOCTL_INFO)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:753:2: note: Taking true branch if (nr == _IOC_NR(HL_IOCTL_INFO)) { ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:761:9: note: Calling '_hl_ioctl' return _hl_ioctl(filep, cmd, arg, ioctl, hdev->dev_ctrl); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:653:2: note: 'kdata' initialized to a null pointer value char *kdata = NULL; ^~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:659:6: note: Assuming field 'hard_reset_pending' is 0 if (hdev->hard_reset_pending) { ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:659:2: note: Taking false branch if (hdev->hard_reset_pending) { ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:668:15: note: Assuming 'func' is non-null if (unlikely(!func)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:668:2: note: Taking false branch if (unlikely(!func)) { ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:676:6: note: Assuming 'hl_size' is <= 'asize' if (hl_size > asize) ^~~~~~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:676:2: note: Taking false branch if (hl_size > asize) ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:681:6: note: Assuming the condition is false if (cmd & (IOC_IN | IOC_OUT)) { ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:681:2: note: Taking false branch if (cmd & (IOC_IN | IOC_OUT)) { ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:693:6: note: Assuming the condition is true if (cmd & IOC_IN) { ^~~~~~~~~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:693:2: note: Taking true branch if (cmd & IOC_IN) { ^ drivers/misc/habanalabs/common/habanalabs_ioctl.c:694:22: note: Passing null pointer value via 1st parameter 'to' if (copy_from_user(kdata, (void __user *)arg, usize)) { ^~~~~ drivers/misc/habanalabs/common/habanalabs_ioctl.c:694:7: note: Calling 'copy_from_user' if (copy_from_user(kdata, (void __user *)arg, usize)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:191:2: note: Taking true branch if (likely(check_copy_size(to, n, false))) ^ include/linux/uaccess.h:192:23: note: Passing null pointer value via 1st parameter 'to' n = _copy_from_user(to, from, n); ^~ include/linux/uaccess.h:192:7: note: Calling '_copy_from_user' n = _copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:6: note: Left side of '&&' is true if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/uaccess.h:157:33: note: Assuming the condition is false if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/compiler.h:77:20: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:2: note: Taking false branch if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/uaccess.h:161:6: note: Assuming 'res' is not equal to 0 if (unlikely(res)) ^ include/linux/compiler.h:78:40: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^~~~ include/linux/uaccess.h:161:2: note: Taking true branch if (unlikely(res)) ^ include/linux/uaccess.h:162:3: note: Null pointer passed as 1st argument to memory set function memset(to + (n - res), 0, res); ^ ~~~~~~~~~~~~~~ Suppressed 9 warnings (9 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. >> fs/jffs2/gc.c:846:3: warning: Argument to kfree() is the address of the >> local variable 'dev', which is not memory allocated by malloc() >> [clang-analyzer-unix.Malloc] kfree(mdata); ^ ~~~~~ fs/jffs2/gc.c:770:6: note: Assuming the condition is true if (S_ISBLK(JFFS2_F_I_MODE(f)) || ^ include/uapi/linux/stat.h:25:21: note: expanded from macro 'S_ISBLK' #define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK) ^~~~~~~~~~~~~~~~~~~~~~~~~ fs/jffs2/gc.c:770:33: note: Left side of '||' is true if (S_ISBLK(JFFS2_F_I_MODE(f)) || ^ fs/jffs2/gc.c:775:3: note: 0 is < 1 jffs2_dbg(1, "%s(): Writing %d bytes of kdev_t\n", ^ fs/jffs2/debug.h:69:6: note: expanded from macro 'jffs2_dbg' if (CONFIG_JFFS2_FS_DEBUG >= level) \ ^~~~~~~~~~~~~~~~~~~~~ ./include/generated/autoconf.h:692:31: note: expanded from macro 'CONFIG_JFFS2_FS_DEBUG' #define CONFIG_JFFS2_FS_DEBUG 0 ^ fs/jffs2/gc.c:775:3: note: Taking false branch jffs2_dbg(1, "%s(): Writing %d bytes of kdev_t\n", ^ fs/jffs2/debug.h:69:2: note: expanded from macro 'jffs2_dbg' if (CONFIG_JFFS2_FS_DEBUG >= level) \ ^ fs/jffs2/gc.c:775:3: note: Loop condition is false. Exiting loop jffs2_dbg(1, "%s(): Writing %d bytes of kdev_t\n", ^ fs/jffs2/debug.h:67:37: note: expanded from macro 'jffs2_dbg' #define jffs2_dbg(level, fmt, ...) \ ^ fs/jffs2/gc.c:798:6: note: Assuming 'ret' is 0 if (ret) { ^~~ fs/jffs2/gc.c:798:2: note: Taking false branch if (ret) { ^ fs/jffs2/gc.c:805:6: note: 'last_frag' is null if (last_frag) ^~~~~~~~~ fs/jffs2/gc.c:805:2: note: Taking false branch if (last_frag) ^ fs/jffs2/gc.c:824:25: note: Assuming '__UNIQUE_ID___x273' is <= '__UNIQUE_ID___y274' ri.atime = cpu_to_je32(JFFS2_F_I_ATIME(f)); ^ fs/jffs2/os-linux.h:40:28: note: expanded from macro 'JFFS2_F_I_ATIME' #define JFFS2_F_I_ATIME(f) I_SEC(OFNI_EDONI_2SFFJ(f)->i_atime) ^ fs/jffs2/os-linux.h:37:19: note: expanded from macro 'I_SEC' #define I_SEC(tv) JFFS2_CLAMP_TIME((tv).tv_sec) ^ fs/jffs2/os-linux.h:34:40: note: expanded from macro 'JFFS2_CLAMP_TIME' #define JFFS2_CLAMP_TIME(t) ((uint32_t)clamp_t(time64_t, (t), 0, U32_MAX)) ^ note: (skipping 6 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/minmax.h:38:14: note: expanded from macro '__careful_cmp' __cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op)) ^ include/linux/minmax.h:31:25: note: expanded from macro '__cmp_once' typeof(x) unique_x = (x); \ ^ fs/jffs2/nodelist.h:37:36: note: expanded from macro 'cpu_to_je32' #define cpu_to_je32(x) ((jint32_t){x}) ^ fs/jffs2/gc.c:824:25: note: '?' condition is false ri.atime = cpu_to_je32(JFFS2_F_I_ATIME(f)); ^ fs/jffs2/os-linux.h:40:28: note: expanded from macro 'JFFS2_F_I_ATIME' #define JFFS2_F_I_ATIME(f) I_SEC(OFNI_EDONI_2SFFJ(f)->i_atime) ^ fs/jffs2/os-linux.h:37:19: note: expanded from macro 'I_SEC' #define I_SEC(tv) JFFS2_CLAMP_TIME((tv).tv_sec) ^ fs/jffs2/os-linux.h:34:40: note: expanded from macro 'JFFS2_CLAMP_TIME' #define JFFS2_CLAMP_TIME(t) ((uint32_t)clamp_t(time64_t, (t), 0, U32_MAX)) ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp' __cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op)) ^ include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once' __cmp(unique_x, unique_y, op); }) ^ include/linux/minmax.h:28:26: note: expanded from macro '__cmp' #define __cmp(x, y, op) ((x) op (y) ? (x) : (y)) ^ fs/jffs2/gc.c:824:25: note: '__UNIQUE_ID___x275' is < '__UNIQUE_ID___y276' ri.atime = cpu_to_je32(JFFS2_F_I_ATIME(f)); ^ fs/jffs2/os-linux.h:40:28: note: expanded from macro 'JFFS2_F_I_ATIME' #define JFFS2_F_I_ATIME(f) I_SEC(OFNI_EDONI_2SFFJ(f)->i_atime) ^ fs/jffs2/os-linux.h:37:19: note: expanded from macro 'I_SEC' #define I_SEC(tv) JFFS2_CLAMP_TIME((tv).tv_sec) ^ fs/jffs2/os-linux.h:34:40: note: expanded from macro 'JFFS2_CLAMP_TIME' #define JFFS2_CLAMP_TIME(t) ((uint32_t)clamp_t(time64_t, (t), 0, U32_MAX)) ^ vim +/dev +846 fs/jffs2/gc.c ^1da177e4c3f41 Linus Torvalds 2005-04-16 757 ^1da177e4c3f41 Linus Torvalds 2005-04-16 758 static int jffs2_garbage_collect_metadata(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, ^1da177e4c3f41 Linus Torvalds 2005-04-16 759 struct jffs2_inode_info *f, struct jffs2_full_dnode *fn) ^1da177e4c3f41 Linus Torvalds 2005-04-16 760 { ^1da177e4c3f41 Linus Torvalds 2005-04-16 761 struct jffs2_full_dnode *new_fn; ^1da177e4c3f41 Linus Torvalds 2005-04-16 762 struct jffs2_raw_inode ri; 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 763 struct jffs2_node_frag *last_frag; aef9ab47841af4 David Woodhouse 2006-05-19 764 union jffs2_device_node dev; 2e16cfca6e17ae David Woodhouse 2009-12-16 765 char *mdata = NULL; 2e16cfca6e17ae David Woodhouse 2009-12-16 766 int mdatalen = 0; 9fe4854cd1f602 David Woodhouse 2006-05-23 767 uint32_t alloclen, ilen; ^1da177e4c3f41 Linus Torvalds 2005-04-16 768 int ret; ^1da177e4c3f41 Linus Torvalds 2005-04-16 769 ^1da177e4c3f41 Linus Torvalds 2005-04-16 770 if (S_ISBLK(JFFS2_F_I_MODE(f)) || ^1da177e4c3f41 Linus Torvalds 2005-04-16 771 S_ISCHR(JFFS2_F_I_MODE(f)) ) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 772 /* For these, we don't actually need to read the old node */ aef9ab47841af4 David Woodhouse 2006-05-19 773 mdatalen = jffs2_encode_dev(&dev, JFFS2_F_I_RDEV(f)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 774 mdata = (char *)&dev; 9c261b33a9c417 Joe Perches 2012-02-15 775 jffs2_dbg(1, "%s(): Writing %d bytes of kdev_t\n", 9c261b33a9c417 Joe Perches 2012-02-15 776 __func__, mdatalen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 777 } else if (S_ISLNK(JFFS2_F_I_MODE(f))) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 778 mdatalen = fn->size; ^1da177e4c3f41 Linus Torvalds 2005-04-16 779 mdata = kmalloc(fn->size, GFP_KERNEL); ^1da177e4c3f41 Linus Torvalds 2005-04-16 780 if (!mdata) { da320f055a8818 Joe Perches 2012-02-15 781 pr_warn("kmalloc of mdata failed in jffs2_garbage_collect_metadata()\n"); ^1da177e4c3f41 Linus Torvalds 2005-04-16 782 return -ENOMEM; ^1da177e4c3f41 Linus Torvalds 2005-04-16 783 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 784 ret = jffs2_read_dnode(c, f, fn, mdata, 0, mdatalen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 785 if (ret) { da320f055a8818 Joe Perches 2012-02-15 786 pr_warn("read of old metadata failed in jffs2_garbage_collect_metadata(): %d\n", da320f055a8818 Joe Perches 2012-02-15 787 ret); ^1da177e4c3f41 Linus Torvalds 2005-04-16 788 kfree(mdata); ^1da177e4c3f41 Linus Torvalds 2005-04-16 789 return ret; ^1da177e4c3f41 Linus Torvalds 2005-04-16 790 } 9c261b33a9c417 Joe Perches 2012-02-15 791 jffs2_dbg(1, "%s(): Writing %d bites of symlink target\n", 9c261b33a9c417 Joe Perches 2012-02-15 792 __func__, mdatalen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 793 ^1da177e4c3f41 Linus Torvalds 2005-04-16 794 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 795 9fe4854cd1f602 David Woodhouse 2006-05-23 796 ret = jffs2_reserve_space_gc(c, sizeof(ri) + mdatalen, &alloclen, e631ddba588783 Ferenc Havasi 2005-09-07 797 JFFS2_SUMMARY_INODE_SIZE); ^1da177e4c3f41 Linus Torvalds 2005-04-16 798 if (ret) { da320f055a8818 Joe Perches 2012-02-15 799 pr_warn("jffs2_reserve_space_gc of %zd bytes for garbage_collect_metadata failed: %d\n", ^1da177e4c3f41 Linus Torvalds 2005-04-16 800 sizeof(ri) + mdatalen, ret); ^1da177e4c3f41 Linus Torvalds 2005-04-16 801 goto out; ^1da177e4c3f41 Linus Torvalds 2005-04-16 802 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 803 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 804 last_frag = frag_last(&f->fragtree); 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 805 if (last_frag) 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 806 /* Fetch the inode length from the fragtree rather then 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 807 * from i_size since i_size may have not been updated yet */ 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 808 ilen = last_frag->ofs + last_frag->size; 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 809 else 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 810 ilen = JFFS2_F_I_SIZE(f); 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 811 ^1da177e4c3f41 Linus Torvalds 2005-04-16 812 memset(&ri, 0, sizeof(ri)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 813 ri.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK); ^1da177e4c3f41 Linus Torvalds 2005-04-16 814 ri.nodetype = cpu_to_je16(JFFS2_NODETYPE_INODE); ^1da177e4c3f41 Linus Torvalds 2005-04-16 815 ri.totlen = cpu_to_je32(sizeof(ri) + mdatalen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 816 ri.hdr_crc = cpu_to_je32(crc32(0, &ri, sizeof(struct jffs2_unknown_node)-4)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 817 ^1da177e4c3f41 Linus Torvalds 2005-04-16 818 ri.ino = cpu_to_je32(f->inocache->ino); ^1da177e4c3f41 Linus Torvalds 2005-04-16 819 ri.version = cpu_to_je32(++f->highest_version); ^1da177e4c3f41 Linus Torvalds 2005-04-16 820 ri.mode = cpu_to_jemode(JFFS2_F_I_MODE(f)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 821 ri.uid = cpu_to_je16(JFFS2_F_I_UID(f)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 822 ri.gid = cpu_to_je16(JFFS2_F_I_GID(f)); 8557fd51c22e4c Artem B. Bityuckiy 2005-04-09 823 ri.isize = cpu_to_je32(ilen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 824 ri.atime = cpu_to_je32(JFFS2_F_I_ATIME(f)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 825 ri.ctime = cpu_to_je32(JFFS2_F_I_CTIME(f)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 826 ri.mtime = cpu_to_je32(JFFS2_F_I_MTIME(f)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 827 ri.offset = cpu_to_je32(0); ^1da177e4c3f41 Linus Torvalds 2005-04-16 828 ri.csize = cpu_to_je32(mdatalen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 829 ri.dsize = cpu_to_je32(mdatalen); ^1da177e4c3f41 Linus Torvalds 2005-04-16 830 ri.compr = JFFS2_COMPR_NONE; ^1da177e4c3f41 Linus Torvalds 2005-04-16 831 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 832 ri.data_crc = cpu_to_je32(crc32(0, mdata, mdatalen)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 833 9fe4854cd1f602 David Woodhouse 2006-05-23 834 new_fn = jffs2_write_dnode(c, f, &ri, mdata, mdatalen, ALLOC_GC); ^1da177e4c3f41 Linus Torvalds 2005-04-16 835 ^1da177e4c3f41 Linus Torvalds 2005-04-16 836 if (IS_ERR(new_fn)) { da320f055a8818 Joe Perches 2012-02-15 837 pr_warn("Error writing new dnode: %ld\n", PTR_ERR(new_fn)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 838 ret = PTR_ERR(new_fn); ^1da177e4c3f41 Linus Torvalds 2005-04-16 839 goto out; ^1da177e4c3f41 Linus Torvalds 2005-04-16 840 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 841 jffs2_mark_node_obsolete(c, fn->raw); ^1da177e4c3f41 Linus Torvalds 2005-04-16 842 jffs2_free_full_dnode(fn); ^1da177e4c3f41 Linus Torvalds 2005-04-16 843 f->metadata = new_fn; ^1da177e4c3f41 Linus Torvalds 2005-04-16 844 out: ^1da177e4c3f41 Linus Torvalds 2005-04-16 845 if (S_ISLNK(JFFS2_F_I_MODE(f))) ^1da177e4c3f41 Linus Torvalds 2005-04-16 @846 kfree(mdata); ^1da177e4c3f41 Linus Torvalds 2005-04-16 847 return ret; ^1da177e4c3f41 Linus Torvalds 2005-04-16 848 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 849 :::::: The code at line 846 was first introduced by commit :::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2 :::::: TO: Linus Torvalds <[email protected]> :::::: CC: Linus Torvalds <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
