CC: [email protected] CC: [email protected] BCC: [email protected] CC: [email protected] TO: Christoph Hellwig <[email protected]> CC: Keith Busch <[email protected]> CC: "Javier González" <[email protected]> CC: Chaitanya Kulkarni <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: e8b767f5e04097aaedcd6e06e2270f9fe5282696 commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file date: 12 months ago :::::: branch date: 20 hours ago :::::: commit date: 12 months ago config: mips-randconfig-c004-20220328 (https://download.01.org/0day-ci/archive/20220402/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install mips cross compiling tool for clang build # apt-get install binutils-mips-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 2405252a680e2151046f4f256d706c3ca92fedef # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~~~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:37:35: note: expanded from macro 'AXP20X_ADC_RATE_HZ' #define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK) ^~~~~~~~~~~~~~~ include/linux/log2.h:162:2: note: expanded from macro 'ilog2' __ilog2_u32(n) : \ ^~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:594:6: note: The result of the left shift is undefined because the left operand is negative AXP813_ADC_RATE_HZ(rate)); ^ drivers/iio/adc/axp20x_adc.c:41:34: note: expanded from macro 'AXP813_ADC_RATE_HZ' #define AXP813_ADC_RATE_HZ(x) (AXP20X_ADC_RATE_HZ(x) | AXP813_V_I_ADC_RATE_HZ(x)) ^~~~~~~~~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:37:51: note: expanded from macro 'AXP20X_ADC_RATE_HZ' #define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK) ~~~~~~~~~~~~~~~ ^ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. include/linux/hid.h:999:9: warning: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input') [clang-analyzer-core.NullDereference] input->name, c, type); ^ drivers/hid/hid-ezkey.c:29:6: note: Assuming the condition is false if ((usage->hid & HID_USAGE_PAGE) != HID_UP_CONSUMER) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/hid/hid-ezkey.c:29:2: note: Taking false branch if ((usage->hid & HID_USAGE_PAGE) != HID_UP_CONSUMER) ^ drivers/hid/hid-ezkey.c:32:2: note: Control jumps to 'case 562:' at line 40 switch (usage->hid & HID_USAGE) { ^ drivers/hid/hid-ezkey.c:40:14: note: Calling 'hid_map_usage' case 0x232: ez_map_rel(REL_HWHEEL); break; ^ drivers/hid/hid-ezkey.c:22:23: note: expanded from macro 'ez_map_rel' #define ez_map_rel(c) hid_map_usage(hi, usage, bit, max, EV_REL, (c)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:974:2: note: 'input' initialized here struct input_dev *input = hidinput->input; ^~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:978:2: note: Control jumps to 'case 2:' at line 983 switch (type) { ^ include/linux/hid.h:986:3: note: Execution continues on line 997 break; ^ include/linux/hid.h:997:15: note: 'c' is <= 'limit' if (unlikely(c > limit || !bmap)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/hid.h:997:15: note: Left side of '||' is false if (unlikely(c > limit || !bmap)) { ^ include/linux/hid.h:997:28: note: Assuming 'bmap' is null if (unlikely(c > limit || !bmap)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/hid.h:997:2: note: Taking true branch if (unlikely(c > limit || !bmap)) { ^ include/linux/hid.h:998:3: note: Assuming the condition is true pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:528:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/printk.h:511:6: note: expanded from macro 'printk_ratelimited' if (__ratelimit(&_rs)) \ ^~~~~~~~~~~~~~~~~ include/linux/ratelimit_types.h:41:28: note: expanded from macro '__ratelimit' #define __ratelimit(state) ___ratelimit(state, __func__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:998:3: note: Taking true branch pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:528:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:511:2: note: expanded from macro 'printk_ratelimited' if (__ratelimit(&_rs)) \ ^ include/linux/hid.h:999:9: note: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input') input->name, c, type); ^ include/linux/printk.h:528:49: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~ include/linux/printk.h:512:17: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^~~~~~~~~~~ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. >> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a >> garbage value [clang-analyzer-core.uninitialized.Branch] if (cmd.flags) ^ drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438 switch (cmd) { ^ drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd' return nvme_user_cmd(ctrl, NULL, argp); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/host/ioctl.c:189:6: note: Assuming the condition is false if (!capable(CAP_SYS_ADMIN)) ^~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/host/ioctl.c:189:2: note: Taking false branch if (!capable(CAP_SYS_ADMIN)) ^ drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user' if (copy_from_user(&cmd, ucmd, sizeof(cmd))) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:191:2: note: Taking true branch if (likely(check_copy_size(to, n, false))) ^ include/linux/uaccess.h:192:7: note: Calling '_copy_from_user' n = _copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:6: note: Assuming the condition is true if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:6: note: Left side of '&&' is true include/linux/uaccess.h:157:33: note: Assuming the condition is true if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/compiler.h:77:20: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:2: note: Taking true branch if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user' res = raw_copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch if (eva_kernel_access()) ^ arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags' return __invoke_copy_from_user(to, from, n); ^ include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user' res = raw_copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later if (unlikely(res)) ^ include/linux/compiler.h:78:40: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^~~~ include/linux/uaccess.h:161:2: note: Taking false branch if (unlikely(res)) ^ include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags' return res; ^ include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later return res; ^~~~~~~~~~ include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user' n = _copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags' return n; ^ include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later return n; ^~~~~~~~ drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user' if (copy_from_user(&cmd, ucmd, sizeof(cmd))) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/host/ioctl.c:191:2: note: Taking false branch if (copy_from_user(&cmd, ucmd, sizeof(cmd))) ^ drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value if (cmd.flags) ^~~~~~~~~ drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign] if (put_user(result, &ucmd->result)) ^ arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user' __put_user_check((x), (ptr), sizeof(*(ptr))) ^ arch/mips/include/asm/uaccess.h:441:2: note: expanded from macro '__put_user_check' __typeof__(*(ptr)) __pu_val = (x); \ ^ drivers/nvme/host/ioctl.c:355:2: note: Taking true branch if (is_ctrl_ioctl(cmd)) ^ drivers/nvme/host/ioctl.c:356:10: note: Calling 'nvme_ctrl_ioctl' return nvme_ctrl_ioctl(ns->ctrl, cmd, argp); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/nvme/host/ioctl.c:293:2: note: Control jumps to 'case 3225964097:' at line 294 switch (cmd) { ^ drivers/nvme/host/ioctl.c:295:10: note: Calling 'nvme_user_cmd' vim +193 drivers/nvme/host/ioctl.c 2405252a680e21 Christoph Hellwig 2021-04-10 179 2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns, 2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd) 2405252a680e21 Christoph Hellwig 2021-04-10 182 { 2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd; 2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c; 2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0; 2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result; 2405252a680e21 Christoph Hellwig 2021-04-10 187 int status; 2405252a680e21 Christoph Hellwig 2021-04-10 188 2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN)) 2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES; 2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd))) 2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT; 2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags) 2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL; 2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) { 2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device, 2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n", 2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id); 2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL; 2405252a680e21 Christoph Hellwig 2021-04-10 200 } 2405252a680e21 Christoph Hellwig 2021-04-10 201 2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c)); 2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode; 2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags; 2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid); 2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2); 2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3); 2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10); 2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11); 2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12); 2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13); 2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14); 2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15); 2405252a680e21 Christoph Hellwig 2021-04-10 214 2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms) 2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms); 2405252a680e21 Christoph Hellwig 2021-04-10 217 2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c, 2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len, 2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len, 2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout); 2405252a680e21 Christoph Hellwig 2021-04-10 222 2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) { 2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result)) 2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT; 2405252a680e21 Christoph Hellwig 2021-04-10 226 } 2405252a680e21 Christoph Hellwig 2021-04-10 227 2405252a680e21 Christoph Hellwig 2021-04-10 228 return status; 2405252a680e21 Christoph Hellwig 2021-04-10 229 } 2405252a680e21 Christoph Hellwig 2021-04-10 230 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
