CC: [email protected] CC: [email protected] CC: [email protected] TO: Tom Zanussi <[email protected]> CC: "Steven Rostedt (VMware)" <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: a7904a538933c525096ca2ccde1e60d0ee62c08e commit: c910db943d35d4ac4b77570ece76e0799af24233 tracing: Dynamically allocate the per-elt hist_elt_data array date: 3 months ago :::::: branch date: 9 hours ago :::::: commit date: 3 months ago config: i386-randconfig-c001-20211212 (https://download.01.org/0day-ci/archive/20211220/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 097a1cb1d5ebb3a0ec4bcaed8ba3ff6a8e33c00a) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c910db943d35d4ac4b77570ece76e0799af24233 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout c910db943d35d4ac4b77570ece76e0799af24233 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ~~~~~~~~~~~~~ ^ Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (3 in non-user code, 2 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (3 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 34 warnings generated. kernel/trace/trace_events_hist.c:1146:4: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(full_name, field->system); ^~~~~~ kernel/trace/trace_events_hist.c:1146:4: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(full_name, field->system); ^~~~~~ kernel/trace/trace_events_hist.c:1147:4: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(full_name, "."); ^~~~~~ kernel/trace/trace_events_hist.c:1147:4: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(full_name, "."); ^~~~~~ kernel/trace/trace_events_hist.c:1148:4: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(full_name, field->event_name); ^~~~~~ kernel/trace/trace_events_hist.c:1148:4: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(full_name, field->event_name); ^~~~~~ kernel/trace/trace_events_hist.c:1149:4: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(full_name, "."); ^~~~~~ kernel/trace/trace_events_hist.c:1149:4: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(full_name, "."); ^~~~~~ kernel/trace/trace_events_hist.c:1150:4: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(full_name, field->name); ^~~~~~ kernel/trace/trace_events_hist.c:1150:4: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(full_name, field->name); ^~~~~~ kernel/trace/trace_events_hist.c:1389:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(comm, "<idle>"); ^~~~~~ kernel/trace/trace_events_hist.c:1389:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(comm, "<idle>"); ^~~~~~ kernel/trace/trace_events_hist.c:1394:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(comm, "<XXX>"); ^~~~~~ kernel/trace/trace_events_hist.c:1394:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(comm, "<XXX>"); ^~~~~~ >> kernel/trace/trace_events_hist.c:1406:9: warning: Array access (via field >> 'field_var_str') results in a null pointer dereference >> [clang-analyzer-core.NullDereference] kfree(elt_data->field_var_str[i]); ^ kernel/trace/trace_events_hist.c:1429:13: note: Calling 'kzalloc' elt_data = kzalloc(sizeof(*elt_data), GFP_KERNEL); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:721:9: note: Calling 'kmalloc' return kmalloc(size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:579:2: note: Taking false branch if (__builtin_constant_p(size)) { ^ include/linux/slab.h:596:2: note: Returning pointer, which participates in a condition later return __kmalloc(size, flags); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:721:9: note: Returning from 'kmalloc' return kmalloc(size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:721:2: note: Returning pointer, which participates in a condition later return kmalloc(size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_events_hist.c:1429:13: note: Returning from 'kzalloc' elt_data = kzalloc(sizeof(*elt_data), GFP_KERNEL); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_events_hist.c:1430:6: note: Assuming 'elt_data' is non-null if (!elt_data) ^~~~~~~~~ kernel/trace/trace_events_hist.c:1430:2: note: Taking false branch if (!elt_data) ^ kernel/trace/trace_events_hist.c:1433:2: note: Assuming 'i' is >= field 'n_fields' for_each_hist_field(i, hist_data) { ^ kernel/trace/trace_events_hist.c:310:16: note: expanded from macro 'for_each_hist_field' for ((i) = 0; (i) < (hist_data)->n_fields; (i)++) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_events_hist.c:1433:2: note: Loop condition is false. Execution continues on line 1446 for_each_hist_field(i, hist_data) { ^ kernel/trace/trace_events_hist.c:310:2: note: expanded from macro 'for_each_hist_field' for ((i) = 0; (i) < (hist_data)->n_fields; (i)++) ^ kernel/trace/trace_events_hist.c:1448:6: note: Assuming 'n_str' is <= SYNTH_FIELDS_MAX if (n_str > SYNTH_FIELDS_MAX) { ^~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_events_hist.c:1448:2: note: Taking false branch if (n_str > SYNTH_FIELDS_MAX) { ^ kernel/trace/trace_events_hist.c:1453:2: note: Taking false branch BUILD_BUG_ON(STR_VAR_LEN_MAX & (sizeof(u64) - 1)); ^ include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON' BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition) ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:308:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ kernel/trace/trace_events_hist.c:1453:2: note: Loop condition is false. Exiting loop BUILD_BUG_ON(STR_VAR_LEN_MAX & (sizeof(u64) - 1)); ^ include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON' BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition) ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:306:2: note: expanded from macro '__compiletime_assert' do { \ ^ kernel/trace/trace_events_hist.c:1457:28: note: Calling 'kcalloc' elt_data->field_var_str = kcalloc(n_str, sizeof(char *), GFP_KERNEL); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:660:9: note: Calling 'kmalloc_array' return kmalloc_array(n, size, flags | __GFP_ZERO); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:627:2: note: Taking false branch if (unlikely(check_mul_overflow(n, size, &bytes))) ^ include/linux/slab.h:629:30: note: Left side of '&&' is false if (__builtin_constant_p(n) && __builtin_constant_p(size)) ^ include/linux/slab.h:631:2: note: Returning pointer return __kmalloc(bytes, flags); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/slab.h:660:9: note: Returning from 'kmalloc_array' return kmalloc_array(n, size, flags | __GFP_ZERO); vim +/field_var_str +1406 kernel/trace/trace_events_hist.c 7ef224d1d0e3a1 Tom Zanussi 2016-03-03 1385 6b4827ad028a1a Tom Zanussi 2016-03-03 1386 static inline void save_comm(char *comm, struct task_struct *task) 6b4827ad028a1a Tom Zanussi 2016-03-03 1387 { 6b4827ad028a1a Tom Zanussi 2016-03-03 1388 if (!task->pid) { 6b4827ad028a1a Tom Zanussi 2016-03-03 @1389 strcpy(comm, "<idle>"); 6b4827ad028a1a Tom Zanussi 2016-03-03 1390 return; 6b4827ad028a1a Tom Zanussi 2016-03-03 1391 } 6b4827ad028a1a Tom Zanussi 2016-03-03 1392 6b4827ad028a1a Tom Zanussi 2016-03-03 1393 if (WARN_ON_ONCE(task->pid < 0)) { 6b4827ad028a1a Tom Zanussi 2016-03-03 1394 strcpy(comm, "<XXX>"); 6b4827ad028a1a Tom Zanussi 2016-03-03 1395 return; 6b4827ad028a1a Tom Zanussi 2016-03-03 1396 } 6b4827ad028a1a Tom Zanussi 2016-03-03 1397 27242c62b14124 Tom Zanussi 2019-03-05 1398 strncpy(comm, task->comm, TASK_COMM_LEN); 6b4827ad028a1a Tom Zanussi 2016-03-03 1399 } 6b4827ad028a1a Tom Zanussi 2016-03-03 1400 af6a29bcaf8ff2 Tom Zanussi 2018-01-15 1401 static void hist_elt_data_free(struct hist_elt_data *elt_data) 6b4827ad028a1a Tom Zanussi 2016-03-03 1402 { 02205a6752f223 Tom Zanussi 2018-01-15 1403 unsigned int i; 02205a6752f223 Tom Zanussi 2018-01-15 1404 c910db943d35d4 Tom Zanussi 2021-09-02 1405 for (i = 0; i < elt_data->n_field_var_str; i++) 02205a6752f223 Tom Zanussi 2018-01-15 @1406 kfree(elt_data->field_var_str[i]); 02205a6752f223 Tom Zanussi 2018-01-15 1407 c910db943d35d4 Tom Zanussi 2021-09-02 1408 kfree(elt_data->field_var_str); c910db943d35d4 Tom Zanussi 2021-09-02 1409 af6a29bcaf8ff2 Tom Zanussi 2018-01-15 1410 kfree(elt_data->comm); af6a29bcaf8ff2 Tom Zanussi 2018-01-15 1411 kfree(elt_data); 6b4827ad028a1a Tom Zanussi 2016-03-03 1412 } 6b4827ad028a1a Tom Zanussi 2016-03-03 1413 :::::: The code at line 1406 was first introduced by commit :::::: 02205a6752f223779a1b0e9e8ffacbea6e717851 tracing: Add support for 'field variables' :::::: TO: Tom Zanussi <[email protected]> :::::: CC: Steven Rostedt (VMware) <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
