CC: [email protected] CC: [email protected] BCC: [email protected] CC: [email protected] TO: Arnd Bergmann <[email protected]> CC: Masahiro Yamada <[email protected]> CC: Alex Shi <[email protected]> CC: Nick Desaulniers <[email protected]> CC: Miguel Ojeda <[email protected]> CC: Nathan Chancellor <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 3123109284176b1532874591f7c81f3837bbdc17 commit: e8c07082a810fbb9db303a2b66b66b8d7e588b53 Kbuild: move to -std=gnu11 date: 3 weeks ago :::::: branch date: 2 days ago :::::: commit date: 3 weeks ago config: i386-randconfig-c001-20220404 (https://download.01.org/0day-ci/archive/20220406/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project c4a1b07d0979e7ff20d7d541af666d822d66b566) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c07082a810fbb9db303a2b66b66b8d7e588b53 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout e8c07082a810fbb9db303a2b66b66b8d7e588b53 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ sound/core/compress_offload.c:453:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&caps, 0, sizeof(caps)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ sound/core/compress_offload.c:453:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&caps, 0, sizeof(caps)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ Suppressed 41 warnings (41 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 42 warnings generated. sound/i2c/other/ak4117.c:262:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(ucontrol->value.iec958.status, 0xff, AK4117_REG_RXCSB_SIZE); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ sound/i2c/other/ak4117.c:262:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(ucontrol->value.iec958.status, 0xff, AK4117_REG_RXCSB_SIZE); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ Suppressed 41 warnings (41 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 47 warnings generated. Suppressed 47 warnings (47 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 51 warnings generated. arch/x86/power/hibernate.c:162:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy((void *)relocated_restore_code, core_restore_code, PAGE_SIZE); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ arch/x86/power/hibernate.c:162:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy((void *)relocated_restore_code, core_restore_code, PAGE_SIZE); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ Suppressed 50 warnings (47 in non-user code, 3 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 47 warnings generated. arch/x86/kernel/cpu/mce/inject.c:115:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(m, 0, sizeof(struct mce)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:115:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(m, 0, sizeof(struct mce)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:136:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(i, m, sizeof(struct mce)); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:136:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(i, m, sizeof(struct mce)); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:147:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&b, 0xff, sizeof(mce_banks_t)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:147:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&b, 0xff, sizeof(mce_banks_t)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:160:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(®s, 0, sizeof(struct pt_regs)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:160:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(®s, 0, sizeof(struct pt_regs)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ >> arch/x86/kernel/cpu/mce/inject.c:355:6: warning: Call to function 'sprintf' >> is insecure as it does not provide bounding of the memory buffer or security >> checks introduced in the C11 standard. Replace with analogous functions that >> support length arguments or provides boundary checks such as 'sprintf_s' in >> case of C11 >> [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] n = sprintf(buf, "%s\n", flags_options[inj_type]); ^~~~~~~ arch/x86/kernel/cpu/mce/inject.c:355:6: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 n = sprintf(buf, "%s\n", flags_options[inj_type]); ^~~~~~~ arch/x86/kernel/cpu/mce/inject.c:746:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&dfs_fls, 0, sizeof(dfs_fls)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/mce/inject.c:746:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&dfs_fls, 0, sizeof(dfs_fls)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ Suppressed 41 warnings (41 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 41 warnings generated. Suppressed 41 warnings (41 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 24 warnings generated. sound/core/device.c:237:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] list_for_each_entry_safe_reverse(dev, next, &card->devices, list) ^ include/linux/list.h:773:7: note: expanded from macro 'list_for_each_entry_safe_reverse' n = list_prev_entry(pos, member); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:572:2: note: expanded from macro 'list_prev_entry' list_entry((pos)->member.prev, typeof(*(pos)), member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:520:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/container_of.h:18:25: note: expanded from macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~~~ sound/core/device.c:226:17: note: Assuming 'card' is non-null if (snd_BUG_ON(!card)) ^ include/sound/core.h:413:25: note: expanded from macro 'snd_BUG_ON' int __ret_warn_on = !!(condition); \ ^~~~~~~~~ sound/core/device.c:226:2: note: Taking false branch if (snd_BUG_ON(!card)) ^ sound/core/device.c:228:2: note: Loop condition is true. Entering loop body list_for_each_entry_safe_reverse(dev, next, &card->devices, list) { ^ include/linux/list.h:772:2: note: expanded from macro 'list_for_each_entry_safe_reverse' for (pos = list_last_entry(head, typeof(*pos), member), \ ^ sound/core/device.c:230:7: note: Assuming field 'type' is not equal to SNDRV_DEV_CONTROL if (dev->type == SNDRV_DEV_CONTROL || ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sound/core/device.c:230:7: note: Left side of '||' is false sound/core/device.c:231:7: note: Assuming field 'type' is not equal to SNDRV_DEV_LOWLEVEL dev->type == SNDRV_DEV_LOWLEVEL) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sound/core/device.c:230:3: note: Taking false branch if (dev->type == SNDRV_DEV_CONTROL || ^ sound/core/device.c:233:3: note: Calling '__snd_device_free' __snd_device_free(dev); ^~~~~~~~~~~~~~~~~~~~~~ sound/core/device.c:75:6: note: Assuming field 'dev_free' is null if (dev->ops->dev_free) { ^~~~~~~~~~~~~~~~~~ sound/core/device.c:75:2: note: Taking false branch if (dev->ops->dev_free) { ^ sound/core/device.c:79:2: note: Memory is released kfree(dev); ^~~~~~~~~~ sound/core/device.c:233:3: note: Returning; memory was released via 1st parameter __snd_device_free(dev); ^~~~~~~~~~~~~~~~~~~~~~ sound/core/device.c:228:2: note: Loop condition is false. Execution continues on line 237 list_for_each_entry_safe_reverse(dev, next, &card->devices, list) { ^ include/linux/list.h:772:2: note: expanded from macro 'list_for_each_entry_safe_reverse' for (pos = list_last_entry(head, typeof(*pos), member), \ ^ sound/core/device.c:237:2: note: Use of memory after it is freed list_for_each_entry_safe_reverse(dev, next, &card->devices, list) ^ include/linux/list.h:773:7: note: expanded from macro 'list_for_each_entry_safe_reverse' n = list_prev_entry(pos, member); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:572:2: note: expanded from macro 'list_prev_entry' list_entry((pos)->member.prev, typeof(*(pos)), member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:520:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/container_of.h:18:25: note: expanded from macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~~~ Suppressed 22 warnings (22 in non-user code). -- ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ fs/hfs/mdb.c:297:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(HFS_SB(sb)->alt_mdb, HFS_SB(sb)->mdb, HFS_SECTOR_SIZE); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ fs/hfs/mdb.c:297:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(HFS_SB(sb)->alt_mdb, HFS_SB(sb)->mdb, HFS_SECTOR_SIZE); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ fs/hfs/mdb.c:326:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(bh->b_data + off, ptr, len); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ fs/hfs/mdb.c:326:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(bh->b_data + off, ptr, len); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ Suppressed 47 warnings (47 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 40 warnings generated. Suppressed 40 warnings (40 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 51 warnings generated. drivers/gpu/drm/gud/gud_connector.c:212:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(buf, ctx->buf + start, len); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ drivers/gpu/drm/gud/gud_connector.c:212:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(buf, ctx->buf + start, len); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ Suppressed 50 warnings (50 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 28 warnings generated. Suppressed 28 warnings (28 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 47 warnings generated. Suppressed 47 warnings (47 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 52 warnings generated. drivers/block/virtio_blk.c:587:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); ^~~~~~~~ drivers/block/virtio_blk.c:587:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(vblk->vqs[i].name, VQ_NAME_LEN, "req.%d", i); ^~~~~~~~ drivers/block/virtio_blk.c:633:2: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memmove(begin, p, end - p); ^~~~~~~ drivers/block/virtio_blk.c:633:2: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 memmove(begin, p, end - p); ^~~~~~~ drivers/block/virtio_blk.c:634:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(buf, prefix, strlen(prefix)); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ drivers/block/virtio_blk.c:634:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(buf, prefix, strlen(prefix)); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ drivers/block/virtio_blk.c:817:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&vblk->tag_set, 0, sizeof(vblk->tag_set)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ drivers/block/virtio_blk.c:817:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&vblk->tag_set, 0, sizeof(vblk->tag_set)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ Suppressed 48 warnings (48 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 31 warnings generated. drivers/of/pdt.c:52:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(buf, name); ^~~~~~ drivers/of/pdt.c:52:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(buf, name); ^~~~~~ >> drivers/of/pdt.c:58:2: warning: Call to function 'sprintf' is insecure as it >> does not provide bounding of the memory buffer or security checks introduced >> in the C11 standard. Replace with analogous functions that support length >> arguments or provides boundary checks such as 'sprintf_s' in case of C11 >> [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] sprintf(buf, "%s@unknown%i", name, failsafe_id++); ^~~~~~~ drivers/of/pdt.c:58:2: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 sprintf(buf, "%s@unknown%i", name, failsafe_id++); ^~~~~~~ drivers/of/pdt.c:76:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(p, 0, sizeof(*p) + 32); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ drivers/of/pdt.c:76:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(p, 0, sizeof(*p) + 32); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ drivers/of/pdt.c:85:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(p->name, special_name); ^~~~~~ drivers/of/pdt.c:85:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(p->name, special_name); ^~~~~~ drivers/of/pdt.c:88:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(p->value, special_val, special_len); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ drivers/of/pdt.c:88:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(p->value, special_val, special_len); ^ arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy' #define memcpy(t, f, n) __builtin_memcpy(t, f, n) ^~~~~~~~~~~~~~~~ drivers/of/pdt.c:138:3: warning: Value stored to 'len' is never read [clang-analyzer-deadcode.DeadStores] len = of_pdt_prom_ops->getproperty(node, name, buf, len); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/of/pdt.c:138:3: note: Value stored to 'len' is never read len = of_pdt_prom_ops->getproperty(node, name, buf, len); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 25 warnings (25 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 40 warnings generated. drivers/char/lp.c:923:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&ppdev_cb, 0, sizeof(ppdev_cb)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ drivers/char/lp.c:923:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&ppdev_cb, 0, sizeof(ppdev_cb)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ Suppressed 39 warnings (39 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 41 warnings generated. sound/core/seq/seq_timer.c:270:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] sprintf(str, "sequencer queue %i", q->queue); ^~~~~~~ sound/core/seq/seq_timer.c:270:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 sprintf(str, "sequencer queue %i", q->queue); ^~~~~~~ sound/core/seq/seq_timer.c:286:4: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&tid, 0, sizeof(tid)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ sound/core/seq/seq_timer.c:286:4: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&tid, 0, sizeof(tid)); ^ arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset' #define memset(s, c, count) __builtin_memset(s, c, count) ^~~~~~~~~~~~~~~~ Suppressed 39 warnings (39 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 39 warnings generated. Suppressed 39 warnings (39 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 48 warnings generated. Suppressed 48 warnings (48 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 47 warnings generated. Suppressed 47 warnings (47 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 48 warnings generated. Suppressed 48 warnings (48 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 52 warnings generated. drivers/media/i2c/rdacm21.c:373:11: warning: The left operand of '==' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult] if (val == OV10640_ID_HIGH) ^ drivers/media/i2c/rdacm21.c:550:6: note: Assuming 'dev' is non-null if (!dev) ^~~~ drivers/media/i2c/rdacm21.c:550:2: note: Taking false branch if (!dev) vim +355 arch/x86/kernel/cpu/mce/inject.c bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 348 bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 349 static ssize_t flags_read(struct file *filp, char __user *ubuf, bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 350 size_t cnt, loff_t *ppos) bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 351 { bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 352 char buf[MAX_FLAG_OPT_SIZE]; bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 353 int n; bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 354 bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 @355 n = sprintf(buf, "%s\n", flags_options[inj_type]); bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 356 bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 357 return simple_read_from_buffer(ubuf, cnt, ppos, buf, n); bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 358 } bc8e80d56c1ecb arch/x86/kernel/cpu/mcheck/mce-inject.c Borislav Petkov 2017-06-13 359 :::::: The code at line 355 was first introduced by commit :::::: bc8e80d56c1ecb35e65df392d7601d1427d14efe x86/mce: Merge mce_amd_inj into mce-inject :::::: TO: Borislav Petkov <[email protected]> :::::: CC: Ingo Molnar <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
