CC: [email protected] CC: [email protected] BCC: [email protected] CC: [email protected] TO: Ard Biesheuvel <[email protected]> CC: Nick Desaulniers <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 52d543b5497cf31d6baeb0bcfe5a5474c3238578 commit: 538b9265c063f081ca6b1228d242575a1db60711 ARM: unwind: track location of LR value in stack frame date: 6 weeks ago :::::: branch date: 6 hours ago :::::: commit date: 6 weeks ago config: arm-randconfig-c002-20220324 (https://download.01.org/0day-ci/archive/20220326/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=538b9265c063f081ca6b1228d242575a1db60711 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 538b9265c063f081ca6b1228d242575a1db60711 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) if (program_size > 52L) { ^ drivers/misc/altera-stapl/altera.c:284:7: note: Assuming 'first_word' is equal to 1245793536 if ((first_word != 0x4A414D00L) && (first_word != 0x4A414D01L)) { ^~~~~~~~~~~~~~~~~~~~~~~~~ drivers/misc/altera-stapl/altera.c:284:34: note: Left side of '&&' is false if ((first_word != 0x4A414D00L) && (first_word != 0x4A414D01L)) { ^ drivers/misc/altera-stapl/altera.c:290:6: note: Assuming 'sym_count' is <= 0 if (sym_count <= 0) ^~~~~~~~~~~~~~ drivers/misc/altera-stapl/altera.c:290:2: note: Taking true branch if (sym_count <= 0) ^ drivers/misc/altera-stapl/altera.c:291:3: note: Control jumps to line 419 goto exit_done; ^ drivers/misc/altera-stapl/altera.c:419:6: note: 'status' is equal to 0 if (status != 0) ^~~~~~ drivers/misc/altera-stapl/altera.c:419:2: note: Taking false branch if (status != 0) ^ drivers/misc/altera-stapl/altera.c:431:6: note: 'version' is <= 0 if (version > 0) { ^~~~~~~ drivers/misc/altera-stapl/altera.c:431:2: note: Taking false branch if (version > 0) { ^ drivers/misc/altera-stapl/altera.c:509:2: note: Loop condition is true. Entering loop body while (!done) { ^ drivers/misc/altera-stapl/altera.c:514:7: note: Assuming 'debug' is <= 1 if (debug > 1) ^~~~~~~~~ drivers/misc/altera-stapl/altera.c:514:3: note: Taking false branch if (debug > 1) ^ drivers/misc/altera-stapl/altera.c:518:15: note: Assuming 'i' is < 'arg_count' for (i = 0; i < arg_count; ++i) { ^~~~~~~~~~~~~ drivers/misc/altera-stapl/altera.c:518:3: note: Loop condition is true. Entering loop body for (i = 0; i < arg_count; ++i) { ^ drivers/misc/altera-stapl/altera.c:518:15: note: Assuming 'i' is < 'arg_count' for (i = 0; i < arg_count; ++i) { ^~~~~~~~~~~~~ drivers/misc/altera-stapl/altera.c:518:3: note: Loop condition is true. Entering loop body for (i = 0; i < arg_count; ++i) { ^ drivers/misc/altera-stapl/altera.c:518:15: note: Assuming 'i' is < 'arg_count' for (i = 0; i < arg_count; ++i) { ^~~~~~~~~~~~~ drivers/misc/altera-stapl/altera.c:518:3: note: Loop condition is true. Entering loop body for (i = 0; i < arg_count; ++i) { ^ drivers/misc/altera-stapl/altera.c:518:3: note: Loop condition is false. Execution continues on line 523 drivers/misc/altera-stapl/altera.c:523:3: note: Control jumps to 'case OP_CMPA:' at line 1998 switch (opcode) { ^ drivers/misc/altera-stapl/altera.c:2010:24: note: Array access (from variable 'vars') results in a null pointer dereference u8 *source1 = (u8 *)vars[args[0]]; ^~~~ Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 14 warnings generated. arch/arm/kernel/traps.c:67:16: warning: Value stored to 'end' during its initialization is never read [clang-analyzer-deadcode.DeadStores] unsigned long end = frame + 4 + sizeof(struct pt_regs); ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/traps.c:67:16: note: Value stored to 'end' during its initialization is never read unsigned long end = frame + 4 + sizeof(struct pt_regs); ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/traps.c:198:4: warning: Value stored to 'p' is never read [clang-analyzer-deadcode.DeadStores] p += sprintf(p, "bad PC value"); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/traps.c:198:4: note: Value stored to 'p' is never read p += sprintf(p, "bad PC value"); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 12 warnings (1 in non-user code, 11 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. arch/arm/kernel/atags_compat.c:200:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(tag->u.cmdline.cmdline, params->commandline); ^~~~~~ arch/arm/kernel/atags_compat.c:200:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(tag->u.cmdline.cmdline, params->commandline); ^~~~~~ 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. >> arch/arm/kernel/unwind.c:479:17: warning: Assigned value is garbage or >> undefined [clang-analyzer-core.uninitialized.Assign] frame->lr_addr = ctrl.lr_addr; ^ arch/arm/kernel/unwind.c:489:2: note: Taking false branch pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk); ^ include/linux/printk.h:576:2: note: expanded from macro 'pr_debug' no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:131:2: note: expanded from macro 'no_printk' if (0) \ ^ arch/arm/kernel/unwind.c:491:6: note: Assuming 'tsk' is non-null if (!tsk) ^~~~ arch/arm/kernel/unwind.c:491:2: note: Taking false branch if (!tsk) ^ arch/arm/kernel/unwind.c:494:6: note: Assuming 'regs' is null if (regs) { ^~~~ arch/arm/kernel/unwind.c:494:2: note: Taking false branch if (regs) { ^ arch/arm/kernel/unwind.c:499:13: note: Assuming the condition is false } else if (tsk == current) { ^~~~~~~~~~~~~~ arch/arm/kernel/unwind.c:499:9: note: Taking false branch } else if (tsk == current) { ^ arch/arm/kernel/unwind.c:516:2: note: Loop condition is true. Entering loop body while (1) { ^ arch/arm/kernel/unwind.c:520:9: note: Calling 'unwind_frame' urc = unwind_frame(&frame); ^~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/unwind.c:398:2: note: Taking false branch pr_debug("%s(pc = %08lx lr = %08lx sp = %08lx)\n", __func__, ^ include/linux/printk.h:576:2: note: expanded from macro 'pr_debug' no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:131:2: note: expanded from macro 'no_printk' if (0) \ ^ arch/arm/kernel/unwind.c:401:8: note: Calling 'unwind_find_idx' idx = unwind_find_idx(frame->pc); ^~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/unwind.c:175:2: note: Taking false branch pr_debug("%s(%08lx)\n", __func__, addr); ^ include/linux/printk.h:576:2: note: expanded from macro 'pr_debug' no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:131:2: note: expanded from macro 'no_printk' if (0) \ ^ arch/arm/kernel/unwind.c:177:6: note: Assuming the condition is true if (core_kernel_text(addr)) { ^~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/unwind.c:177:2: note: Taking true branch if (core_kernel_text(addr)) { ^ arch/arm/kernel/unwind.c:178:16: note: Assuming '__origin_unwind_idx' is non-null if (unlikely(!__origin_unwind_idx)) ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ arch/arm/kernel/unwind.c:178:3: note: Taking false branch if (unlikely(!__origin_unwind_idx)) ^ arch/arm/kernel/unwind.c:184:9: note: Calling 'search_index' idx = search_index(addr, __start_unwind_idx, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/unwind.c:109:2: note: Taking false branch pr_debug("%s(%08lx, %p, %p, %p)\n", ^ include/linux/printk.h:576:2: note: expanded from macro 'pr_debug' no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:131:2: note: expanded from macro 'no_printk' if (0) \ ^ arch/arm/kernel/unwind.c:116:6: note: Assuming 'addr' is < 'start' if (addr < (unsigned long)start) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/arm/kernel/unwind.c:116:2: note: Taking true branch if (addr < (unsigned long)start) ^ arch/arm/kernel/unwind.c:126:2: note: Loop condition is false. Execution continues on line 144 while (start < stop - 1) { ^ arch/arm/kernel/unwind.c:144:13: note: Assuming 'addr_prel31' is >= field 'addr_offset' if (likely(start->addr_offset <= addr_prel31)) ^ include/linux/compiler.h:77:40: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^ arch/arm/kernel/unwind.c:144:2: note: Taking true branch if (likely(start->addr_offset <= addr_prel31)) vim +479 arch/arm/kernel/unwind.c bff595c15c92b9 Catalin Marinas 2009-02-16 383 bff595c15c92b9 Catalin Marinas 2009-02-16 384 /* bff595c15c92b9 Catalin Marinas 2009-02-16 385 * Unwind a single frame starting with *sp for the symbol at *pc. It bff595c15c92b9 Catalin Marinas 2009-02-16 386 * updates the *pc and *sp with the new values. bff595c15c92b9 Catalin Marinas 2009-02-16 387 */ bff595c15c92b9 Catalin Marinas 2009-02-16 388 int unwind_frame(struct stackframe *frame) bff595c15c92b9 Catalin Marinas 2009-02-16 389 { de66a979012dbc Uwe Kleine-König 2011-12-05 390 const struct unwind_idx *idx; bff595c15c92b9 Catalin Marinas 2009-02-16 391 struct unwind_ctrl_block ctrl; bff595c15c92b9 Catalin Marinas 2009-02-16 392 a51345770e5195 Anurag Aggarwal 2014-02-24 393 /* store the highest address on the stack to avoid crossing it*/ b6506981f880de Ard Biesheuvel 2021-10-05 394 ctrl.sp_low = frame->sp; a1c510d0adc604 Ard Biesheuvel 2021-09-23 395 ctrl.sp_high = ALIGN(ctrl.sp_low - THREAD_SIZE, THREAD_ALIGN) a1c510d0adc604 Ard Biesheuvel 2021-09-23 396 + THREAD_SIZE; bff595c15c92b9 Catalin Marinas 2009-02-16 397 bff595c15c92b9 Catalin Marinas 2009-02-16 398 pr_debug("%s(pc = %08lx lr = %08lx sp = %08lx)\n", __func__, bff595c15c92b9 Catalin Marinas 2009-02-16 399 frame->pc, frame->lr, frame->sp); bff595c15c92b9 Catalin Marinas 2009-02-16 400 bff595c15c92b9 Catalin Marinas 2009-02-16 401 idx = unwind_find_idx(frame->pc); bff595c15c92b9 Catalin Marinas 2009-02-16 402 if (!idx) { 8b521cb2947d88 Joe Perches 2014-09-16 403 pr_warn("unwind: Index not found %08lx\n", frame->pc); bff595c15c92b9 Catalin Marinas 2009-02-16 404 return -URC_FAILURE; bff595c15c92b9 Catalin Marinas 2009-02-16 405 } bff595c15c92b9 Catalin Marinas 2009-02-16 406 bff595c15c92b9 Catalin Marinas 2009-02-16 407 ctrl.vrs[FP] = frame->fp; bff595c15c92b9 Catalin Marinas 2009-02-16 408 ctrl.vrs[SP] = frame->sp; bff595c15c92b9 Catalin Marinas 2009-02-16 409 ctrl.vrs[LR] = frame->lr; bff595c15c92b9 Catalin Marinas 2009-02-16 410 ctrl.vrs[PC] = 0; bff595c15c92b9 Catalin Marinas 2009-02-16 411 bff595c15c92b9 Catalin Marinas 2009-02-16 412 if (idx->insn == 1) bff595c15c92b9 Catalin Marinas 2009-02-16 413 /* can't unwind */ bff595c15c92b9 Catalin Marinas 2009-02-16 414 return -URC_FAILURE; 532319b9c418fc Ard Biesheuvel 2021-10-04 415 else if (frame->pc == prel31_to_addr(&idx->addr_offset)) { 532319b9c418fc Ard Biesheuvel 2021-10-04 416 /* 532319b9c418fc Ard Biesheuvel 2021-10-04 417 * Unwinding is tricky when we're halfway through the prologue, 532319b9c418fc Ard Biesheuvel 2021-10-04 418 * since the stack frame that the unwinder expects may not be 532319b9c418fc Ard Biesheuvel 2021-10-04 419 * fully set up yet. However, one thing we do know for sure is 532319b9c418fc Ard Biesheuvel 2021-10-04 420 * that if we are unwinding from the very first instruction of 532319b9c418fc Ard Biesheuvel 2021-10-04 421 * a function, we are still effectively in the stack frame of 532319b9c418fc Ard Biesheuvel 2021-10-04 422 * the caller, and the unwind info has no relevance yet. 532319b9c418fc Ard Biesheuvel 2021-10-04 423 */ 532319b9c418fc Ard Biesheuvel 2021-10-04 424 if (frame->pc == frame->lr) 532319b9c418fc Ard Biesheuvel 2021-10-04 425 return -URC_FAILURE; 532319b9c418fc Ard Biesheuvel 2021-10-04 426 frame->sp_low = frame->sp; 532319b9c418fc Ard Biesheuvel 2021-10-04 427 frame->pc = frame->lr; 532319b9c418fc Ard Biesheuvel 2021-10-04 428 return URC_OK; 532319b9c418fc Ard Biesheuvel 2021-10-04 429 } else if ((idx->insn & 0x80000000) == 0) bff595c15c92b9 Catalin Marinas 2009-02-16 430 /* prel31 to the unwind table */ bff595c15c92b9 Catalin Marinas 2009-02-16 431 ctrl.insn = (unsigned long *)prel31_to_addr(&idx->insn); bff595c15c92b9 Catalin Marinas 2009-02-16 432 else if ((idx->insn & 0xff000000) == 0x80000000) bff595c15c92b9 Catalin Marinas 2009-02-16 433 /* only personality routine 0 supported in the index */ bff595c15c92b9 Catalin Marinas 2009-02-16 434 ctrl.insn = &idx->insn; bff595c15c92b9 Catalin Marinas 2009-02-16 435 else { 8b521cb2947d88 Joe Perches 2014-09-16 436 pr_warn("unwind: Unsupported personality routine %08lx in the index at %p\n", bff595c15c92b9 Catalin Marinas 2009-02-16 437 idx->insn, idx); bff595c15c92b9 Catalin Marinas 2009-02-16 438 return -URC_FAILURE; bff595c15c92b9 Catalin Marinas 2009-02-16 439 } bff595c15c92b9 Catalin Marinas 2009-02-16 440 bff595c15c92b9 Catalin Marinas 2009-02-16 441 /* check the personality routine */ bff595c15c92b9 Catalin Marinas 2009-02-16 442 if ((*ctrl.insn & 0xff000000) == 0x80000000) { bff595c15c92b9 Catalin Marinas 2009-02-16 443 ctrl.byte = 2; bff595c15c92b9 Catalin Marinas 2009-02-16 444 ctrl.entries = 1; bff595c15c92b9 Catalin Marinas 2009-02-16 445 } else if ((*ctrl.insn & 0xff000000) == 0x81000000) { bff595c15c92b9 Catalin Marinas 2009-02-16 446 ctrl.byte = 1; bff595c15c92b9 Catalin Marinas 2009-02-16 447 ctrl.entries = 1 + ((*ctrl.insn & 0x00ff0000) >> 16); bff595c15c92b9 Catalin Marinas 2009-02-16 448 } else { 8b521cb2947d88 Joe Perches 2014-09-16 449 pr_warn("unwind: Unsupported personality routine %08lx at %p\n", bff595c15c92b9 Catalin Marinas 2009-02-16 450 *ctrl.insn, ctrl.insn); bff595c15c92b9 Catalin Marinas 2009-02-16 451 return -URC_FAILURE; bff595c15c92b9 Catalin Marinas 2009-02-16 452 } bff595c15c92b9 Catalin Marinas 2009-02-16 453 a51345770e5195 Anurag Aggarwal 2014-02-24 454 ctrl.check_each_pop = 0; a51345770e5195 Anurag Aggarwal 2014-02-24 455 bff595c15c92b9 Catalin Marinas 2009-02-16 456 while (ctrl.entries > 0) { a51345770e5195 Anurag Aggarwal 2014-02-24 457 int urc; a51345770e5195 Anurag Aggarwal 2014-02-24 458 if ((ctrl.sp_high - ctrl.vrs[SP]) < sizeof(ctrl.vrs)) a51345770e5195 Anurag Aggarwal 2014-02-24 459 ctrl.check_each_pop = 1; a51345770e5195 Anurag Aggarwal 2014-02-24 460 urc = unwind_exec_insn(&ctrl); bff595c15c92b9 Catalin Marinas 2009-02-16 461 if (urc < 0) bff595c15c92b9 Catalin Marinas 2009-02-16 462 return urc; b6506981f880de Ard Biesheuvel 2021-10-05 463 if (ctrl.vrs[SP] < ctrl.sp_low || ctrl.vrs[SP] > ctrl.sp_high) c894ed6956f126 Catalin Marinas 2009-06-19 464 return -URC_FAILURE; bff595c15c92b9 Catalin Marinas 2009-02-16 465 } bff595c15c92b9 Catalin Marinas 2009-02-16 466 bff595c15c92b9 Catalin Marinas 2009-02-16 467 if (ctrl.vrs[PC] == 0) bff595c15c92b9 Catalin Marinas 2009-02-16 468 ctrl.vrs[PC] = ctrl.vrs[LR]; bff595c15c92b9 Catalin Marinas 2009-02-16 469 c894ed6956f126 Catalin Marinas 2009-06-19 470 /* check for infinite loop */ 8d54a275938968 Russell King 2019-12-22 471 if (frame->pc == ctrl.vrs[PC] && frame->sp == ctrl.vrs[SP]) c894ed6956f126 Catalin Marinas 2009-06-19 472 return -URC_FAILURE; c894ed6956f126 Catalin Marinas 2009-06-19 473 bff595c15c92b9 Catalin Marinas 2009-02-16 474 frame->fp = ctrl.vrs[FP]; bff595c15c92b9 Catalin Marinas 2009-02-16 475 frame->sp = ctrl.vrs[SP]; bff595c15c92b9 Catalin Marinas 2009-02-16 476 frame->lr = ctrl.vrs[LR]; bff595c15c92b9 Catalin Marinas 2009-02-16 477 frame->pc = ctrl.vrs[PC]; 4ab6827081c63b Ard Biesheuvel 2021-10-05 478 frame->sp_low = ctrl.sp_low; 538b9265c063f0 Ard Biesheuvel 2022-01-24 @479 frame->lr_addr = ctrl.lr_addr; bff595c15c92b9 Catalin Marinas 2009-02-16 480 bff595c15c92b9 Catalin Marinas 2009-02-16 481 return URC_OK; bff595c15c92b9 Catalin Marinas 2009-02-16 482 } bff595c15c92b9 Catalin Marinas 2009-02-16 483 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
