CC: [email protected] CC: [email protected] CC: [email protected] TO: Andy Shevchenko <[email protected]> CC: Pavel Machek <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 0280e3c58f92b2fe0e8fbbdf8d386449168de4a8 commit: 2cbbe9c50d13b6417e0baf8e8475ed73d4d12c2d leds: lgm-sso: Remove unneeded of_match_ptr() date: 8 months ago :::::: branch date: 17 hours ago :::::: commit date: 8 months ago config: x86_64-randconfig-c007-20220124 (https://download.01.org/0day-ci/archive/20220126/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 997e128e2a78f5a5434fc75997441ae1ee76f8a4) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2cbbe9c50d13b6417e0baf8e8475ed73d4d12c2d git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 2cbbe9c50d13b6417e0baf8e8475ed73d4d12c2d # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) drivers/most/configfs.c:446:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(mdev_link->name, name); ^~~~~~ drivers/most/configfs.c:535:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(mdev_link->name, name); ^~~~~~ drivers/most/configfs.c:535:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(mdev_link->name, name); ^~~~~~ 3 warnings generated. fs/cifs/smb2ops.c:4020:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(message, "R"); ^~~~~~ fs/cifs/smb2ops.c:4020:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(message, "R"); ^~~~~~ fs/cifs/smb2ops.c:4024:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(message, "H"); ^~~~~~ fs/cifs/smb2ops.c:4024:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(message, "H"); ^~~~~~ fs/cifs/smb2ops.c:4028:3: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(message, "W"); ^~~~~~ fs/cifs/smb2ops.c:4028:3: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(message, "W"); ^~~~~~ 4 warnings generated. net/sunrpc/svcauth_unix.c:131:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(new->m_class, item->m_class); ^~~~~~ net/sunrpc/svcauth_unix.c:131:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(new->m_class, item->m_class); ^~~~~~ net/sunrpc/svcauth_unix.c:294:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ip.m_class, class); ^~~~~~ net/sunrpc/svcauth_unix.c:294:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ip.m_class, class); ^~~~~~ net/sunrpc/svcauth_unix.c:819:29: warning: Although the value stored to 'len' is used in the enclosing expression, the value is never actually read from 'len' [clang-analyzer-deadcode.DeadStores] if (slen > UNX_NGROUPS || (len -= (slen + 2)*4) < 0) ^ ~~~~~~~~~~~~ net/sunrpc/svcauth_unix.c:819:29: note: Although the value stored to 'len' is used in the enclosing expression, the value is never actually read from 'len' if (slen > UNX_NGROUPS || (len -= (slen + 2)*4) < 0) ^ ~~~~~~~~~~~~ Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. net/sunrpc/addr.c:92:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(buf, scopebuf); ^~~~~~ net/sunrpc/addr.c:92:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(buf, scopebuf); ^~~~~~ 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. net/mptcp/crypto.c:60:12: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign] input[i] ^= key1be[i]; ^ ~~~~~~~~~ net/mptcp/crypto.c:51:19: note: Assuming 'len' is <= 32 if (WARN_ON_ONCE(len > SHA256_DIGEST_SIZE)) ^ include/asm-generic/bug.h:102:25: note: expanded from macro 'WARN_ON_ONCE' int __ret_warn_on = !!(condition); \ ^~~~~~~~~ net/mptcp/crypto.c:51:6: note: Taking false branch if (WARN_ON_ONCE(len > SHA256_DIGEST_SIZE)) ^ include/asm-generic/bug.h:103:2: note: expanded from macro 'WARN_ON_ONCE' if (unlikely(__ret_warn_on)) \ ^ net/mptcp/crypto.c:51:2: note: Taking false branch if (WARN_ON_ONCE(len > SHA256_DIGEST_SIZE)) ^ net/mptcp/crypto.c:54:2: note: Calling 'put_unaligned_be64' put_unaligned_be64(key1, key1be); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/mptcp/crypto.c:54:2: note: Returning from 'put_unaligned_be64' put_unaligned_be64(key1, key1be); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/mptcp/crypto.c:59:2: note: Loop condition is true. Entering loop body for (i = 0; i < 8; i++) ^ net/mptcp/crypto.c:59:21: note: The value 1 is assigned to 'i' for (i = 0; i < 8; i++) ^~~ net/mptcp/crypto.c:59:2: note: Loop condition is true. Entering loop body for (i = 0; i < 8; i++) ^ net/mptcp/crypto.c:60:12: note: Assigned value is garbage or undefined input[i] ^= key1be[i]; ^ ~~~~~~~~~ 1 warning generated. >> net/mptcp/ctrl.c:89:3: warning: Argument to kfree() is the address of the >> global variable 'mptcp_sysctl_table', which is not memory allocated by >> malloc() [clang-analyzer-unix.Malloc] kfree(table); ^ net/mptcp/ctrl.c:109:9: note: Calling 'mptcp_pernet_new_table' return mptcp_pernet_new_table(net, pernet); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/mptcp/ctrl.c:70:6: note: Assuming the condition is false if (!net_eq(net, &init_net)) { ^~~~~~~~~~~~~~~~~~~~~~~ net/mptcp/ctrl.c:70:2: note: Taking false branch if (!net_eq(net, &init_net)) { ^ net/mptcp/ctrl.c:80:6: note: Assuming 'hdr' is null if (!hdr) ^~~~ net/mptcp/ctrl.c:80:2: note: Taking true branch if (!hdr) ^ net/mptcp/ctrl.c:81:3: note: Control jumps to line 88 goto err_reg; ^ net/mptcp/ctrl.c:88:6: note: Assuming the condition is true if (!net_eq(net, &init_net)) ^~~~~~~~~~~~~~~~~~~~~~~ net/mptcp/ctrl.c:88:2: note: Taking true branch if (!net_eq(net, &init_net)) ^ net/mptcp/ctrl.c:89:3: note: Argument to kfree() is the address of the global variable 'mptcp_sysctl_table', which is not memory allocated by malloc() kfree(table); ^ ~~~~~ 1 warning generated. drivers/hid/hid-lg-g15.c:365:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = (ret < 0) ? ret : -EIO; ^ ~~~~~~~~~~~~~~~~~~~~~~ drivers/hid/hid-lg-g15.c:365:3: note: Value stored to 'ret' is never read ret = (ret < 0) ? ret : -EIO; ^ ~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. drivers/hid/hid-magicmouse.c:743:3: warning: Value stored to 'report' is never read [clang-analyzer-deadcode.DeadStores] report = hid_register_report(hdev, HID_INPUT_REPORT, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/hid/hid-magicmouse.c:743:3: note: Value stored to 'report' is never read report = hid_register_report(hdev, HID_INPUT_REPORT, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 warnings generated. net/ipv4/ipconfig.c:366:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ir.ifr_ifrn.ifrn_name, ic_dev->dev->name); ^~~~~~ net/ipv4/ipconfig.c:366:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ir.ifr_ifrn.ifrn_name, ic_dev->dev->name); ^~~~~~ net/ipv4/ipconfig.c:1034:2: warning: Value stored to 'h' is never read [clang-analyzer-deadcode.DeadStores] h = &b->iph; ^ ~~~~~~~ net/ipv4/ipconfig.c:1034:2: note: Value stored to 'h' is never read h = &b->iph; ^ ~~~~~~~ Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. net/unix/af_unix.c:1505:3: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores] err = 0; ^ ~ net/unix/af_unix.c:1505:3: note: Value stored to 'err' is never read err = 0; ^ ~ 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. net/ipv4/udp.c:728:2: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores] err = 0; ^ ~ net/ipv4/udp.c:728:2: note: Value stored to 'err' is never read err = 0; ^ ~ 1 warning generated. drivers/crypto/qat/qat_common/qat_hal.c:1436:2: warning: 6th function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage] qat_hal_wr_rel_reg(handle, ae, ctx, ICP_GPB_REL, gprnum, gprval); ^ drivers/crypto/qat/qat_common/qat_hal.c:1521:6: note: Assuming 'reg_num' is < ICP_QAT_UCLO_MAX_XFER_REG if (reg_num >= ICP_QAT_UCLO_MAX_XFER_REG) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/crypto/qat/qat_common/qat_hal.c:1521:2: note: Taking false branch if (reg_num >= ICP_QAT_UCLO_MAX_XFER_REG) ^ drivers/crypto/qat/qat_common/qat_hal.c:1525:7: note: Assuming 'ctx_mask' is equal to 0 if (ctx_mask == 0) { ^~~~~~~~~~~~~ drivers/crypto/qat/qat_common/qat_hal.c:1525:3: note: Taking true branch if (ctx_mask == 0) { ^ drivers/crypto/qat/qat_common/qat_hal.c:1535:10: note: Calling 'qat_hal_put_rel_wr_xfer' stat = qat_hal_put_rel_wr_xfer(handle, ae, ctx, type, reg, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/crypto/qat/qat_common/qat_hal.c:1388:15: note: 'gprval' declared without an initial value unsigned int gprval, ctx_enables; ^~~~~~ vim +/mptcp_sysctl_table +89 net/mptcp/ctrl.c 784325e9f037e5f Matthieu Baerts 2020-01-21 63 784325e9f037e5f Matthieu Baerts 2020-01-21 64 static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet) 784325e9f037e5f Matthieu Baerts 2020-01-21 65 { 784325e9f037e5f Matthieu Baerts 2020-01-21 66 struct ctl_table_header *hdr; 784325e9f037e5f Matthieu Baerts 2020-01-21 67 struct ctl_table *table; 784325e9f037e5f Matthieu Baerts 2020-01-21 68 784325e9f037e5f Matthieu Baerts 2020-01-21 69 table = mptcp_sysctl_table; 784325e9f037e5f Matthieu Baerts 2020-01-21 70 if (!net_eq(net, &init_net)) { 784325e9f037e5f Matthieu Baerts 2020-01-21 71 table = kmemdup(table, sizeof(mptcp_sysctl_table), GFP_KERNEL); 784325e9f037e5f Matthieu Baerts 2020-01-21 72 if (!table) 784325e9f037e5f Matthieu Baerts 2020-01-21 73 goto err_alloc; 784325e9f037e5f Matthieu Baerts 2020-01-21 74 } 784325e9f037e5f Matthieu Baerts 2020-01-21 75 784325e9f037e5f Matthieu Baerts 2020-01-21 76 table[0].data = &pernet->mptcp_enabled; 93f323b9cccc1fc Geliang Tang 2020-11-03 77 table[1].data = &pernet->add_addr_timeout; 784325e9f037e5f Matthieu Baerts 2020-01-21 78 784325e9f037e5f Matthieu Baerts 2020-01-21 79 hdr = register_net_sysctl(net, MPTCP_SYSCTL_PATH, table); 784325e9f037e5f Matthieu Baerts 2020-01-21 80 if (!hdr) 784325e9f037e5f Matthieu Baerts 2020-01-21 81 goto err_reg; 784325e9f037e5f Matthieu Baerts 2020-01-21 82 784325e9f037e5f Matthieu Baerts 2020-01-21 83 pernet->ctl_table_hdr = hdr; 784325e9f037e5f Matthieu Baerts 2020-01-21 84 784325e9f037e5f Matthieu Baerts 2020-01-21 85 return 0; 784325e9f037e5f Matthieu Baerts 2020-01-21 86 784325e9f037e5f Matthieu Baerts 2020-01-21 87 err_reg: 784325e9f037e5f Matthieu Baerts 2020-01-21 88 if (!net_eq(net, &init_net)) 784325e9f037e5f Matthieu Baerts 2020-01-21 @89 kfree(table); 784325e9f037e5f Matthieu Baerts 2020-01-21 90 err_alloc: 784325e9f037e5f Matthieu Baerts 2020-01-21 91 return -ENOMEM; 784325e9f037e5f Matthieu Baerts 2020-01-21 92 } 784325e9f037e5f Matthieu Baerts 2020-01-21 93 :::::: The code at line 89 was first introduced by commit :::::: 784325e9f037e5f7a7f9a46ecbb27384128f8b6e mptcp: new sysctl to control the activation per NS :::::: TO: Matthieu Baerts <[email protected]> :::::: CC: David S. Miller <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
