:::::: :::::: Manual check reason: "low confidence static check first_new_problem: drivers/watchdog/watchdog_dev.c:542:9: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]" ::::::
CC: [email protected] BCC: [email protected] TO: [email protected] TO: Guenter Roeck <[email protected]> tree: https://chromium.googlesource.com/chromiumos/third_party/kernel chromeos-5.10 head: eac8b965b3d595180654d8895d89bf1c21dba722 commit: 56f22b8f6853d26be82709a978e89db6856af6b4 [25/29] BACKPORT: Kbuild: move to -std=gnu11 :::::: branch date: 23 hours ago :::::: commit date: 3 weeks ago config: mips-randconfig-c004-20220531 (https://download.01.org/0day-ci/archive/20220605/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project b364c76683f8ef241025a9556300778c07b590c2) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install mips cross compiling tool for clang build # apt-get install binutils-mipsel-linux-gnu git remote add chrome-os https://chromium.googlesource.com/chromiumos/third_party/kernel git fetch --no-tags chrome-os chromeos-5.10 git checkout 56f22b8f6853d26be82709a978e89db6856af6b4 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~~~~~~~~ include/linux/log2.h:24:2: note: Returning the value -1 return fls(n) - 1; ^~~~~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:582:6: note: Returning from '__ilog2_u32' AXP813_ADC_RATE_HZ(rate)); ^ drivers/iio/adc/axp20x_adc.c:41:34: note: expanded from macro 'AXP813_ADC_RATE_HZ' #define AXP813_ADC_RATE_HZ(x) (AXP20X_ADC_RATE_HZ(x) | AXP813_V_I_ADC_RATE_HZ(x)) ^~~~~~~~~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:37:35: note: expanded from macro 'AXP20X_ADC_RATE_HZ' #define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK) ^~~~~~~~~~~~~~~ include/linux/log2.h:161:2: note: expanded from macro 'ilog2' __ilog2_u32(n) : \ ^~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:582:6: note: The result of the left shift is undefined because the left operand is negative AXP813_ADC_RATE_HZ(rate)); ^ drivers/iio/adc/axp20x_adc.c:41:34: note: expanded from macro 'AXP813_ADC_RATE_HZ' #define AXP813_ADC_RATE_HZ(x) (AXP20X_ADC_RATE_HZ(x) | AXP813_V_I_ADC_RATE_HZ(x)) ^~~~~~~~~~~~~~~~~~~~~ drivers/iio/adc/axp20x_adc.c:37:51: note: expanded from macro 'AXP20X_ADC_RATE_HZ' #define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK) ~~~~~~~~~~~~~~~ ^ Suppressed 34 warnings (34 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 34 warnings generated. Suppressed 34 warnings (34 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 36 warnings generated. drivers/input/keyboard/lkkbd.c:627:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(lk->keycode, lkkbd_keycode, sizeof(lk->keycode)); ^~~~~~ drivers/input/keyboard/lkkbd.c:627:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(lk->keycode, lkkbd_keycode, sizeof(lk->keycode)); ^~~~~~ drivers/input/keyboard/lkkbd.c:630:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(lk->phys, sizeof(lk->phys), "%s/input0", serio->phys); ^~~~~~~~ drivers/input/keyboard/lkkbd.c:630:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(lk->phys, sizeof(lk->phys), "%s/input0", serio->phys); ^~~~~~~~ Suppressed 34 warnings (34 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 41 warnings generated. Suppressed 41 warnings (41 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 22 warnings generated. Suppressed 22 warnings (22 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 22 warnings generated. Suppressed 22 warnings (22 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 22 warnings generated. Suppressed 22 warnings (22 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 34 warnings generated. Suppressed 34 warnings (34 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 34 warnings generated. Suppressed 34 warnings (34 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 44 warnings generated. drivers/watchdog/watchdog_dev.c:454:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%d\n", !!test_bit(WDOG_NO_WAY_OUT, &wdd->status)); ^~~~~~~ drivers/watchdog/watchdog_dev.c:454:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%d\n", !!test_bit(WDOG_NO_WAY_OUT, &wdd->status)); ^~~~~~~ drivers/watchdog/watchdog_dev.c:488:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "0x%x\n", status); ^~~~~~~ drivers/watchdog/watchdog_dev.c:488:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "0x%x\n", status); ^~~~~~~ drivers/watchdog/watchdog_dev.c:497:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%u\n", wdd->bootstatus); ^~~~~~~ drivers/watchdog/watchdog_dev.c:497:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%u\n", wdd->bootstatus); ^~~~~~~ drivers/watchdog/watchdog_dev.c:513:12: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] status = sprintf(buf, "%u\n", val); ^~~~~~~ drivers/watchdog/watchdog_dev.c:513:12: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 status = sprintf(buf, "%u\n", val); ^~~~~~~ drivers/watchdog/watchdog_dev.c:524:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%u\n", wdd->timeout); ^~~~~~~ drivers/watchdog/watchdog_dev.c:524:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%u\n", wdd->timeout); ^~~~~~~ drivers/watchdog/watchdog_dev.c:533:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%u\n", wdd->pretimeout); ^~~~~~~ drivers/watchdog/watchdog_dev.c:533:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%u\n", wdd->pretimeout); ^~~~~~~ >> drivers/watchdog/watchdog_dev.c:542:9: warning: Call to function 'sprintf' >> is insecure as it does not provide bounding of the memory buffer or security >> checks introduced in the C11 standard. Replace with analogous functions that >> support length arguments or provides boundary checks such as 'sprintf_s' in >> case of C11 >> [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%s\n", wdd->info->identity); ^~~~~~~ drivers/watchdog/watchdog_dev.c:542:9: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%s\n", wdd->info->identity); ^~~~~~~ drivers/watchdog/watchdog_dev.c:552:10: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "active\n"); ^~~~~~~ drivers/watchdog/watchdog_dev.c:552:10: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "active\n"); ^~~~~~~ drivers/watchdog/watchdog_dev.c:554:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "inactive\n"); ^~~~~~~ drivers/watchdog/watchdog_dev.c:554:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "inactive\n"); ^~~~~~~ drivers/watchdog/watchdog_dev.c:1009:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] kthread_init_work(&wd_data->work, watchdog_ping_work); ^ include/linux/kthread.h:165:3: note: expanded from macro 'kthread_init_work' memset((work), 0, sizeof(struct kthread_work)); \ ^~~~~~ drivers/watchdog/watchdog_dev.c:1009:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 kthread_init_work(&wd_data->work, watchdog_ping_work); ^ include/linux/kthread.h:165:3: note: expanded from macro 'kthread_init_work' memset((work), 0, sizeof(struct kthread_work)); \ ^~~~~~ Suppressed 34 warnings (34 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 40 warnings generated. drivers/mtd/ubi/fastmap.c:742:23: warning: The left operand of '==' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult] if (tmp_aeb->pnum == pnum) { ~~~~~~~~~~~~~ ^ drivers/mtd/ubi/fastmap.c:566:2: note: Calling 'INIT_LIST_HEAD' INIT_LIST_HEAD(&used); ^~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:35:2: note: Left side of '||' is false WRITE_ONCE(list->next, list); ^ include/asm-generic/rwonce.h:60:2: note: expanded from macro 'WRITE_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:277:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ include/linux/list.h:35:2: note: Left side of '||' is false WRITE_ONCE(list->next, list); ^ include/asm-generic/rwonce.h:60:2: note: expanded from macro 'WRITE_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:277:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ include/linux/list.h:35:2: note: Left side of '||' is true WRITE_ONCE(list->next, list); ^ include/asm-generic/rwonce.h:60:2: note: expanded from macro 'WRITE_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:278:28: note: expanded from macro '__native_word' sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) ^ include/linux/list.h:35:2: note: Taking false branch WRITE_ONCE(list->next, list); ^ include/asm-generic/rwonce.h:60:2: note: expanded from macro 'WRITE_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:315:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:303:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:295:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ include/linux/list.h:35:2: note: Loop condition is false. Exiting loop WRITE_ONCE(list->next, list); ^ include/asm-generic/rwonce.h:60:2: note: expanded from macro 'WRITE_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ vim +542 drivers/watchdog/watchdog_dev.c 33b711269ade3f Pratyush Anand 2015-12-17 518 33b711269ade3f Pratyush Anand 2015-12-17 519 static ssize_t timeout_show(struct device *dev, struct device_attribute *attr, 33b711269ade3f Pratyush Anand 2015-12-17 520 char *buf) 33b711269ade3f Pratyush Anand 2015-12-17 521 { 33b711269ade3f Pratyush Anand 2015-12-17 522 struct watchdog_device *wdd = dev_get_drvdata(dev); 33b711269ade3f Pratyush Anand 2015-12-17 523 33b711269ade3f Pratyush Anand 2015-12-17 @524 return sprintf(buf, "%u\n", wdd->timeout); 33b711269ade3f Pratyush Anand 2015-12-17 525 } 33b711269ade3f Pratyush Anand 2015-12-17 526 static DEVICE_ATTR_RO(timeout); 33b711269ade3f Pratyush Anand 2015-12-17 527 df044e02206230 Wolfram Sang 2016-08-31 528 static ssize_t pretimeout_show(struct device *dev, df044e02206230 Wolfram Sang 2016-08-31 529 struct device_attribute *attr, char *buf) df044e02206230 Wolfram Sang 2016-08-31 530 { df044e02206230 Wolfram Sang 2016-08-31 531 struct watchdog_device *wdd = dev_get_drvdata(dev); df044e02206230 Wolfram Sang 2016-08-31 532 df044e02206230 Wolfram Sang 2016-08-31 533 return sprintf(buf, "%u\n", wdd->pretimeout); df044e02206230 Wolfram Sang 2016-08-31 534 } df044e02206230 Wolfram Sang 2016-08-31 535 static DEVICE_ATTR_RO(pretimeout); df044e02206230 Wolfram Sang 2016-08-31 536 33b711269ade3f Pratyush Anand 2015-12-17 537 static ssize_t identity_show(struct device *dev, struct device_attribute *attr, 33b711269ade3f Pratyush Anand 2015-12-17 538 char *buf) 33b711269ade3f Pratyush Anand 2015-12-17 539 { 33b711269ade3f Pratyush Anand 2015-12-17 540 struct watchdog_device *wdd = dev_get_drvdata(dev); 33b711269ade3f Pratyush Anand 2015-12-17 541 33b711269ade3f Pratyush Anand 2015-12-17 @542 return sprintf(buf, "%s\n", wdd->info->identity); 33b711269ade3f Pratyush Anand 2015-12-17 543 } 33b711269ade3f Pratyush Anand 2015-12-17 544 static DEVICE_ATTR_RO(identity); 33b711269ade3f Pratyush Anand 2015-12-17 545 :::::: The code at line 542 was first introduced by commit :::::: 33b711269ade3f6bc9d9d15e4343e6fa922d999b watchdog: Read device status through sysfs attributes :::::: TO: Pratyush Anand <[email protected]> :::::: CC: Wim Van Sebroeck <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
