CC: [email protected] CC: [email protected] BCC: [email protected] In-Reply-To: <[email protected]> References: <[email protected]> TO: Fabien Dessenne <[email protected]> TO: Linus Walleij <[email protected]> TO: Maxime Coquelin <[email protected]> TO: Alexandre Torgue <[email protected]> TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] CC: Fabien Dessenne <[email protected]>
Hi Fabien, I love your patch! Perhaps something to improve: [auto build test WARNING on atorgue-stm32/stm32-next] [also build test WARNING on linusw-pinctrl/devel v5.18-rc5 next-20220503] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/intel-lab-lkp/linux/commits/Fabien-Dessenne/pinctrl-stm32-prevent-the-use-of-the-secure-protected-pins/20220502-233443 base: https://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32.git stm32-next :::::: branch date: 28 hours ago :::::: commit date: 28 hours ago config: riscv-randconfig-c006-20220501 (https://download.01.org/0day-ci/archive/20220504/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 363b3a645a1e30011cc8da624f13dac5fd915628) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install riscv cross compiling tool for clang build # apt-get install binutils-riscv64-linux-gnu # https://github.com/intel-lab-lkp/linux/commit/39534741c9e791ea613038c0cc5a8fbe475430bc git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Fabien-Dessenne/pinctrl-stm32-prevent-the-use-of-the-secure-protected-pins/20220502-233443 git checkout 39534741c9e791ea613038c0cc5a8fbe475430bc # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) fs/udf/misc.c:73:4: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 memmove(&ad[size], ad, iinfo->i_lenAlloc); ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ fs/udf/misc.c:107:5: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memmove(&ea[offset - aal + size], ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ fs/udf/misc.c:107:5: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 memmove(&ea[offset - aal + size], ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ fs/udf/misc.c:117:5: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memmove(&ea[offset - ial + size], ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ fs/udf/misc.c:117:5: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 memmove(&ea[offset - ial + size], ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ fs/udf/misc.c:128:5: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memmove(&ea[offset - aal + size], ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ fs/udf/misc.c:128:5: note: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 memmove(&ea[offset - aal + size], ^ include/linux/fortify-string.h:373:27: note: expanded from macro 'memmove' #define memmove(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:46:30: note: expanded from macro '__underlying_memmove' #define __underlying_memmove __builtin_memmove ^~~~~~~~~~~~~~~~~ Suppressed 50 warnings (50 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 38 warnings generated. Suppressed 38 warnings (38 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 39 warnings generated. Suppressed 39 warnings (38 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 40 warnings generated. >> drivers/pinctrl/stm32/pinctrl-stm32.c:304:24: warning: Value stored to >> 'pctl' during its initialization is never read >> [clang-analyzer-deadcode.DeadStores] struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent); ^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:304:24: note: Value stored to 'pctl' during its initialization is never read struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent); ^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1419:21: warning: Passed-by-value struct argument contains uninitialized data (e.g., field: 'id_size') [clang-analyzer-core.CallAndMessage] pctl->irqmux[i] = devm_regmap_field_alloc(dev, rm, mux); ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1489:6: note: Assuming 'np' is non-null if (!np) ^~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1489:2: note: Taking false branch if (!np) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1493:6: note: Assuming 'match' is non-null if (!match || !match->data) ^~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1493:6: note: Left side of '||' is false drivers/pinctrl/stm32/pinctrl-stm32.c:1493:16: note: Assuming field 'data' is non-null if (!match || !match->data) ^~~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1493:2: note: Taking false branch if (!match || !match->data) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1496:6: note: Assuming the condition is false if (!of_find_property(np, "pins-are-numbered", NULL)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1496:2: note: Taking false branch if (!of_find_property(np, "pins-are-numbered", NULL)) { ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1502:6: note: Assuming 'pctl' is non-null if (!pctl) ^~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1502:2: note: Taking false branch if (!pctl) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1509:2: note: Taking false branch if (IS_ERR(pctl->domain)) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1514:6: note: 'hwlock_id' is >= 0 if (hwlock_id < 0) { ^~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1514:2: note: Taking false branch if (hwlock_id < 0) { ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1521:2: note: Loop condition is false. Exiting loop spin_lock_init(&pctl->irqmux_lock); ^ include/linux/spinlock.h:329:35: note: expanded from macro 'spin_lock_init' # define spin_lock_init(lock) \ ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1527:2: note: Taking false branch if (!of_property_read_u32(np, "st,package", &pctl->pkg)) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1532:6: note: Assuming field 'pins' is non-null if (!pctl->pins) ^~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1532:2: note: Taking false branch if (!pctl->pins) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1536:6: note: 'ret' is 0 if (ret) ^~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1536:2: note: Taking false branch if (ret) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1540:6: note: Assuming 'ret' is 0 if (ret) { ^~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1540:2: note: Taking false branch if (ret) { ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1545:6: note: Assuming field 'domain' is non-null if (pctl->domain) { ^~~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1545:2: note: Taking true branch if (pctl->domain) { ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1546:9: note: Calling 'stm32_pctrl_dt_setup_irq' ret = stm32_pctrl_dt_setup_irq(pdev, pctl); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1394:2: note: Taking false branch if (IS_ERR(pctl->regmap)) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1400:6: note: Assuming 'ret' is 0 if (ret) ^~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1400:2: note: Taking false branch if (ret) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1404:6: note: Assuming 'ret' is 0 if (ret) ^~~ drivers/pinctrl/stm32/pinctrl-stm32.c:1404:2: note: Taking false branch if (ret) ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1409:2: note: Loop condition is true. Entering loop body for (i = 0; i < STM32_GPIO_PINS_PER_BANK; i++) { ^ drivers/pinctrl/stm32/pinctrl-stm32.c:1410:3: note: 'mux' initialized here vim +/pctl +304 drivers/pinctrl/stm32/pinctrl-stm32.c acaa037970f610 Alexandre TORGUE 2017-05-29 298 39534741c9e791 Fabien Dessenne 2022-05-02 299 static int stm32_gpio_init_valid_mask(struct gpio_chip *chip, 39534741c9e791 Fabien Dessenne 2022-05-02 300 unsigned long *valid_mask, 39534741c9e791 Fabien Dessenne 2022-05-02 301 unsigned int ngpios) 39534741c9e791 Fabien Dessenne 2022-05-02 302 { 39534741c9e791 Fabien Dessenne 2022-05-02 303 struct stm32_gpio_bank *bank = gpiochip_get_data(chip); 39534741c9e791 Fabien Dessenne 2022-05-02 @304 struct stm32_pinctrl *pctl = dev_get_drvdata(bank->gpio_chip.parent); 39534741c9e791 Fabien Dessenne 2022-05-02 305 unsigned int i; 39534741c9e791 Fabien Dessenne 2022-05-02 306 u32 sec; 39534741c9e791 Fabien Dessenne 2022-05-02 307 39534741c9e791 Fabien Dessenne 2022-05-02 308 /* All gpio are valid per default */ 39534741c9e791 Fabien Dessenne 2022-05-02 309 bitmap_fill(valid_mask, ngpios); 39534741c9e791 Fabien Dessenne 2022-05-02 310 39534741c9e791 Fabien Dessenne 2022-05-02 311 if (bank->secure_control) { 39534741c9e791 Fabien Dessenne 2022-05-02 312 /* Tag secured pins as invalid */ 39534741c9e791 Fabien Dessenne 2022-05-02 313 sec = readl_relaxed(bank->base + STM32_GPIO_SECCFGR); 39534741c9e791 Fabien Dessenne 2022-05-02 314 39534741c9e791 Fabien Dessenne 2022-05-02 315 for (i = 0; i < ngpios; i++) { 39534741c9e791 Fabien Dessenne 2022-05-02 316 if (sec & BIT(i)) { 39534741c9e791 Fabien Dessenne 2022-05-02 317 clear_bit(i, valid_mask); 39534741c9e791 Fabien Dessenne 2022-05-02 318 dev_dbg(pctl->dev, "No access to gpio %d - %d\n", bank->bank_nr, i); 39534741c9e791 Fabien Dessenne 2022-05-02 319 } 39534741c9e791 Fabien Dessenne 2022-05-02 320 } 39534741c9e791 Fabien Dessenne 2022-05-02 321 } 39534741c9e791 Fabien Dessenne 2022-05-02 322 39534741c9e791 Fabien Dessenne 2022-05-02 323 return 0; 39534741c9e791 Fabien Dessenne 2022-05-02 324 } 39534741c9e791 Fabien Dessenne 2022-05-02 325 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
