CC: [email protected] CC: [email protected] CC: Linux Memory Management List <[email protected]> TO: Kees Cook <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: d25ee88530253138d0b20d43511ca5acbda4e9f7 commit: 6303361147fc8984dd259b54c189592cd0551ab6 [1565/1734] fortify: Work around Clang inlining bugs :::::: branch date: 17 hours ago :::::: commit date: 26 hours ago config: x86_64-randconfig-c007-20220124 (https://download.01.org/0day-ci/archive/20220126/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 997e128e2a78f5a5434fc75997441ae1ee76f8a4) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6303361147fc8984dd259b54c189592cd0551ab6 git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git fetch --no-tags linux-next master git checkout 6303361147fc8984dd259b54c189592cd0551ab6 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^ ~~~~~~~~~~~~~~~~~~~ fs/reiserfs/inode.c:3197:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = try_to_release_page(page, 0); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/inode.c:3197:3: note: Value stored to 'ret' is never read ret = try_to_release_page(page, 0); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/reiserfs.h:1280:17: warning: The left operand of '&' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult] v2->v = (v2->v & cpu_to_le64(15ULL << 60)) | cpu_to_le64(offset); ^ fs/reiserfs/inode.c:1938:9: note: Assuming field 't_trans_id' is not equal to 0 BUG_ON(!th->t_trans_id); ^ include/asm-generic/bug.h:65:45: note: expanded from macro 'BUG_ON' #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) ^~~~~~~~~ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ fs/reiserfs/inode.c:1938:2: note: Taking false branch BUG_ON(!th->t_trans_id); ^ include/asm-generic/bug.h:65:32: note: expanded from macro 'BUG_ON' #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) ^ fs/reiserfs/inode.c:1938:2: note: Loop condition is false. Exiting loop BUG_ON(!th->t_trans_id); ^ include/asm-generic/bug.h:65:27: note: expanded from macro 'BUG_ON' #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) ^ fs/reiserfs/inode.c:1943:6: note: Assuming 'err' is 0 if (err) ^~~ fs/reiserfs/inode.c:1943:2: note: Taking false branch if (err) ^ fs/reiserfs/inode.c:1945:6: note: Assuming field 'i_nlink' is not equal to 0 if (!dir->i_nlink) { ^~~~~~~~~~~~~ fs/reiserfs/inode.c:1945:2: note: Taking false branch if (!dir->i_nlink) { ^ fs/reiserfs/inode.c:1953:6: note: Assuming field 'k_objectid' is not equal to 0 if (!ih.ih_key.k_objectid) { ^~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/inode.c:1953:2: note: Taking false branch if (!ih.ih_key.k_objectid) { ^ fs/reiserfs/inode.c:1958:6: note: Assuming the condition is false if (old_format_only(sb)) ^ fs/reiserfs/reiserfs.h:728:29: note: expanded from macro 'old_format_only' #define old_format_only(s) (REISERFS_SB(s)->s_properties & (1 << REISERFS_3_5)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/inode.c:1958:2: note: Taking false branch if (old_format_only(sb)) ^ fs/reiserfs/inode.c:1962:3: note: Calling 'make_le_item_head' make_le_item_head(&ih, NULL, KEY_FORMAT_3_6, SD_OFFSET, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/inode.c:142:6: note: 'key' is null if (key) { ^~~ fs/reiserfs/inode.c:142:2: note: Taking false branch if (key) { ^ fs/reiserfs/inode.c:147:2: note: Loop condition is false. Exiting loop put_ih_version(ih, version); ^ fs/reiserfs/reiserfs.h:1403:38: note: expanded from macro 'put_ih_version' #define put_ih_version(ih, val) do { (ih)->ih_version = cpu_to_le16(val); } while (0) ^ fs/reiserfs/inode.c:148:2: note: Calling 'set_le_ih_k_offset' set_le_ih_k_offset(ih, offset); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/reiserfs.h:1522:2: note: Calling 'set_le_key_k_offset' set_le_key_k_offset(ih_version(ih), &(ih->ih_key), offset); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/reiserfs.h:1502:6: note: 'version' is not equal to KEY_FORMAT_3_5 if (version == KEY_FORMAT_3_5) ^~~~~~~ fs/reiserfs/reiserfs.h:1502:2: note: Taking false branch if (version == KEY_FORMAT_3_5) ^ fs/reiserfs/reiserfs.h:1505:3: note: Calling 'set_offset_v2_k_offset' set_offset_v2_k_offset(&key->u.k_offset_v2, offset); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/reiserfs/reiserfs.h:1280:17: note: The left operand of '&' is a garbage value v2->v = (v2->v & cpu_to_le64(15ULL << 60)) | cpu_to_le64(offset); ~~~~~ ^ Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. >> kernel/bpf/btf.c:6509:2: warning: Argument to kfree() is the address of the >> local variable 'local_cand', which is not memory allocated by malloc() >> [clang-analyzer-unix.Malloc] kfree(cands); ^ kernel/bpf/btf.c:6789:20: note: Assuming field 'kind' is not equal to BPF_CORE_TYPE_ID_LOCAL bool need_cands = relo->kind != BPF_CORE_TYPE_ID_LOCAL; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6798:6: note: Assuming 'specs' is non-null if (!specs) ^~~~~~ kernel/bpf/btf.c:6798:2: note: Taking false branch if (!specs) ^ kernel/bpf/btf.c:6801:6: note: 'need_cands' is true if (need_cands) { ^~~~~~~~~~ kernel/bpf/btf.c:6801:2: note: Taking true branch if (need_cands) { ^ kernel/bpf/btf.c:6806:8: note: Calling 'bpf_core_find_cands' cc = bpf_core_find_cands(ctx, relo->type_id); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6711:2: note: Taking false branch if (IS_ERR(main_btf)) ^ kernel/bpf/btf.c:6715:6: note: Assuming 'local_type' is non-null if (!local_type) ^~~~~~~~~~~ kernel/bpf/btf.c:6715:2: note: Taking false branch if (!local_type) ^ kernel/bpf/btf.c:6719:6: note: Assuming the condition is false if (str_is_empty(name)) ^~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6719:2: note: Taking false branch if (str_is_empty(name)) ^ kernel/bpf/btf.c:6730:6: note: 'cc' is null if (cc) { ^~ kernel/bpf/btf.c:6730:2: note: Taking false branch if (cc) { ^ kernel/bpf/btf.c:6737:10: note: Calling 'bpf_core_add_cands' cands = bpf_core_add_cands(cands, main_btf, 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6660:26: note: Assuming 'i' is < 'n' for (i = targ_start_id; i < n; i++) { ^~~~~ kernel/bpf/btf.c:6660:2: note: Loop condition is true. Entering loop body for (i = targ_start_id; i < n; i++) { ^ kernel/bpf/btf.c:6662:7: note: Assuming the condition is false if (btf_kind(t) != cands->kind) ^~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6662:3: note: Taking false branch if (btf_kind(t) != cands->kind) ^ kernel/bpf/btf.c:6666:7: note: Assuming 'targ_name' is non-null if (!targ_name) ^~~~~~~~~~ kernel/bpf/btf.c:6666:3: note: Taking false branch if (!targ_name) ^ kernel/bpf/btf.c:6674:3: note: Taking false branch if (strncmp(cands->name, targ_name, cands->name_len) != 0) ^ kernel/bpf/btf.c:6678:7: note: Assuming 'targ_essent_len' is equal to field 'name_len' if (targ_essent_len != cands->name_len) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6678:3: note: Taking false branch if (targ_essent_len != cands->name_len) ^ kernel/bpf/btf.c:6683:7: note: Assuming 'new_cands' is non-null if (!new_cands) { ^~~~~~~~~~ kernel/bpf/btf.c:6683:3: note: Taking false branch if (!new_cands) { ^ kernel/bpf/btf.c:6689:3: note: Calling 'bpf_free_cands' bpf_free_cands(cands); ^~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6506:6: note: Assuming field 'cnt' is not equal to 0 if (!cands->cnt) ^~~~~~~~~~~ kernel/bpf/btf.c:6506:2: note: Taking false branch if (!cands->cnt) ^ kernel/bpf/btf.c:6509:2: note: Argument to kfree() is the address of the local variable 'local_cand', which is not memory allocated by malloc() kfree(cands); ^ ~~~~~ kernel/bpf/btf.c:6739:3: warning: Address of stack memory associated with local variable 'local_cand' returned to caller [clang-analyzer-core.StackAddressEscape] return ERR_CAST(cands); ^ kernel/bpf/btf.c:6789:20: note: Assuming field 'kind' is not equal to BPF_CORE_TYPE_ID_LOCAL bool need_cands = relo->kind != BPF_CORE_TYPE_ID_LOCAL; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/btf.c:6798:6: note: Assuming 'specs' is non-null if (!specs) ^~~~~~ kernel/bpf/btf.c:6798:2: note: Taking false branch if (!specs) vim +/local_cand +6509 kernel/bpf/btf.c 1e89106da25390 Alexei Starovoitov 2021-12-01 6503 1e89106da25390 Alexei Starovoitov 2021-12-01 6504 static void bpf_free_cands(struct bpf_cand_cache *cands) 1e89106da25390 Alexei Starovoitov 2021-12-01 6505 { 1e89106da25390 Alexei Starovoitov 2021-12-01 6506 if (!cands->cnt) 1e89106da25390 Alexei Starovoitov 2021-12-01 6507 /* empty candidate array was allocated on stack */ 1e89106da25390 Alexei Starovoitov 2021-12-01 6508 return; 1e89106da25390 Alexei Starovoitov 2021-12-01 @6509 kfree(cands); 1e89106da25390 Alexei Starovoitov 2021-12-01 6510 } 1e89106da25390 Alexei Starovoitov 2021-12-01 6511 :::::: The code at line 6509 was first introduced by commit :::::: 1e89106da25390826608ad6ac0edfb7c9952eff3 bpf: Add bpf_core_add_cands() and wire it into bpf_core_apply_relo_insn(). :::::: TO: Alexei Starovoitov <[email protected]> :::::: CC: Andrii Nakryiko <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
