:::::: :::::: Manual check reason: "low confidence static check warning: kernel/dma/swiotlb.c:655:14: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]" ::::::
CC: [email protected] CC: [email protected] BCC: [email protected] In-Reply-To: <[email protected]> References: <[email protected]> TO: Tianyu Lan <[email protected]> Hi Tianyu, [FYI, it's a private test report for your RFC patch.] [auto build test WARNING on akpm-mm/mm-everything] [also build test WARNING on linus/master v5.19-rc2 next-20220617] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/intel-lab-lkp/linux/commits/Tianyu-Lan/swiotlb-Split-up-single-swiotlb-lock/20220618-010819 base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything :::::: branch date: 2 days ago :::::: commit date: 2 days ago config: s390-randconfig-c005-20220617 (https://download.01.org/0day-ci/archive/20220619/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 91688716ba49942051dccdf7b9c4f81a7ec8feaf) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install s390 cross compiling tool for clang build # apt-get install binutils-s390x-linux-gnu # https://github.com/intel-lab-lkp/linux/commit/47bb420a6670ad36f2bec2dd442d79f17453186d git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Tianyu-Lan/swiotlb-Split-up-single-swiotlb-lock/20220618-010819 git checkout 47bb420a6670ad36f2bec2dd442d79f17453186d # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=s390 clang-analyzer If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^ include/asm-generic/bug.h:71:27: note: expanded from macro 'BUG_ON' #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) ^ kernel/dma/swiotlb.c:752:2: note: Calling '__raw_spin_lock_irqsave' spin_lock_irqsave(&area->lock, flags); ^ include/linux/spinlock.h:379:2: note: expanded from macro 'spin_lock_irqsave' raw_spin_lock_irqsave(spinlock_check(lock), flags); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/spinlock.h:242:11: note: expanded from macro 'raw_spin_lock_irqsave' flags = _raw_spin_lock_irqsave(lock); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/spinlock_api_smp.h:59:38: note: expanded from macro '_raw_spin_lock_irqsave' #define _raw_spin_lock_irqsave(lock) __raw_spin_lock_irqsave(lock) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/spinlock_api_smp.h:108:2: note: Loop condition is false. Exiting loop local_irq_save(flags); ^ include/linux/irqflags.h:244:36: note: expanded from macro 'local_irq_save' #define local_irq_save(flags) do { raw_local_irq_save(flags); } while (0) ^ include/linux/irqflags.h:176:2: note: expanded from macro 'raw_local_irq_save' do { \ ^ include/linux/spinlock_api_smp.h:108:2: note: Loop condition is false. Exiting loop local_irq_save(flags); ^ include/linux/irqflags.h:244:31: note: expanded from macro 'local_irq_save' #define local_irq_save(flags) do { raw_local_irq_save(flags); } while (0) ^ include/linux/spinlock_api_smp.h:110:2: note: Loop condition is false. Exiting loop spin_acquire(&lock->dep_map, 0, 0, _RET_IP_); ^ include/linux/lockdep.h:522:35: note: expanded from macro 'spin_acquire' #define spin_acquire(l, s, t, i) lock_acquire_exclusive(l, s, t, NULL, i) ^ include/linux/lockdep.h:518:48: note: expanded from macro 'lock_acquire_exclusive' #define lock_acquire_exclusive(l, s, t, n, i) lock_acquire(l, s, t, 0, 1, n, i) ^ include/linux/lockdep.h:356:44: note: expanded from macro 'lock_acquire' # define lock_acquire(l, s, t, r, c, n, i) do { } while (0) ^ include/linux/spinlock_api_smp.h:111:44: note: Calling 'do_raw_spin_lock' LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock); ^ include/linux/lockdep.h:477:2: note: expanded from macro 'LOCK_CONTENDED' lock(_lock) ^~~~~~~~~~~ include/linux/spinlock.h:185:2: note: Calling 'arch_spin_lock' arch_spin_lock(&lock->raw_lock); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/s390/include/asm/spinlock.h:66:7: note: Calling 'arch_spin_trylock_once' if (!arch_spin_trylock_once(lp)) ^~~~~~~~~~~~~~~~~~~~~~~~~~ arch/s390/include/asm/spinlock.h:61:52: note: Dereference of null pointer return likely(__atomic_cmpxchg_bool(&lp->lock, 0, SPINLOCK_LOCKVAL)); ^ arch/s390/include/asm/spinlock.h:19:26: note: expanded from macro 'SPINLOCK_LOCKVAL' #define SPINLOCK_LOCKVAL (S390_lowcore.spinlock_lockval) ^ include/linux/compiler.h:77:40: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^ kernel/dma/swiotlb.c:268:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(vaddr, 0, bytes); ^~~~~~ kernel/dma/swiotlb.c:268:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(vaddr, 0, bytes); ^~~~~~ kernel/dma/swiotlb.c:451:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(mem, 0, sizeof(*mem)); ^~~~~~ kernel/dma/swiotlb.c:451:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(mem, 0, sizeof(*mem)); ^~~~~~ kernel/dma/swiotlb.c:519:5: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(vaddr, buffer + offset, sz); ^~~~~~ kernel/dma/swiotlb.c:519:5: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(vaddr, buffer + offset, sz); ^~~~~~ kernel/dma/swiotlb.c:521:5: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(buffer + offset, vaddr, sz); ^~~~~~ kernel/dma/swiotlb.c:521:5: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(buffer + offset, vaddr, sz); ^~~~~~ kernel/dma/swiotlb.c:531:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(vaddr, phys_to_virt(orig_addr), size); ^~~~~~ kernel/dma/swiotlb.c:531:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(vaddr, phys_to_virt(orig_addr), size); ^~~~~~ kernel/dma/swiotlb.c:533:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(phys_to_virt(orig_addr), vaddr, size); ^~~~~~ kernel/dma/swiotlb.c:533:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(phys_to_virt(orig_addr), vaddr, size); ^~~~~~ >> kernel/dma/swiotlb.c:655:14: warning: Dereference of null pointer >> [clang-analyzer-core.NullDereference] int start = raw_smp_processor_id() & ((1U << __fls(mem->nareas)) - 1); ^ arch/s390/include/asm/smp.h:14:32: note: expanded from macro 'raw_smp_processor_id' #define raw_smp_processor_id() (S390_lowcore.cpu_nr) ^ kernel/dma/swiotlb.c:827:17: note: Calling 'swiotlb_tbl_map_single' swiotlb_addr = swiotlb_tbl_map_single(dev, paddr, size, size, 0, dir, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/dma/swiotlb.c:692:6: note: Assuming 'mem' is non-null if (!mem) ^~~~ kernel/dma/swiotlb.c:692:2: note: Taking false branch if (!mem) ^ kernel/dma/swiotlb.c:695:2: note: Taking false branch if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) ^ kernel/dma/swiotlb.c:698:6: note: 'mapping_size' is <= 'alloc_size' if (mapping_size > alloc_size) { ^~~~~~~~~~~~ kernel/dma/swiotlb.c:698:2: note: Taking false branch if (mapping_size > alloc_size) { ^ kernel/dma/swiotlb.c:704:10: note: Calling 'swiotlb_find_slots' index = swiotlb_find_slots(dev, orig_addr, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/dma/swiotlb.c:655:14: note: Dereference of null pointer int start = raw_smp_processor_id() & ((1U << __fls(mem->nareas)) - 1); ^ arch/s390/include/asm/smp.h:14:32: note: expanded from macro 'raw_smp_processor_id' #define raw_smp_processor_id() (S390_lowcore.cpu_nr) ^~~~~~~~~~~~~~~~~~~~~ Suppressed 60 warnings (48 in non-user code, 12 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 108 warnings generated. arch/s390/include/asm/preempt.h:17:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] return READ_ONCE(S390_lowcore.preempt_count) & ~PREEMPT_NEED_RESCHED; ^ include/asm-generic/rwonce.h:50:2: note: expanded from macro 'READ_ONCE' __READ_ONCE(x); \ ^ include/asm-generic/rwonce.h:44:24: note: expanded from macro '__READ_ONCE' #define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x)) ^ init/main.c:1418:2: note: Loop condition is true. Entering loop body for (fn = __initcall_start; fn < __initcall0_start; fn++) ^ init/main.c:1419:3: note: Calling 'do_one_initcall' do_one_initcall(initcall_from_entry(fn)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ init/main.c:1292:14: note: Calling 'preempt_count' int count = preempt_count(); ^~~~~~~~~~~~~~~ arch/s390/include/asm/preempt.h:17:9: note: Left side of '||' is false return READ_ONCE(S390_lowcore.preempt_count) & ~PREEMPT_NEED_RESCHED; ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:319:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ arch/s390/include/asm/preempt.h:17:9: note: Left side of '||' is false return READ_ONCE(S390_lowcore.preempt_count) & ~PREEMPT_NEED_RESCHED; ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:319:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ arch/s390/include/asm/preempt.h:17:9: note: Left side of '||' is true return READ_ONCE(S390_lowcore.preempt_count) & ~PREEMPT_NEED_RESCHED; ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:320:28: note: expanded from macro '__native_word' sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) ^ arch/s390/include/asm/preempt.h:17:9: note: Taking false branch return READ_ONCE(S390_lowcore.preempt_count) & ~PREEMPT_NEED_RESCHED; ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:352:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) vim +655 kernel/dma/swiotlb.c ^1da177e4c3f41 arch/ia64/lib/swiotlb.c Linus Torvalds 2005-04-16 650 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 651 static int swiotlb_find_slots(struct device *dev, phys_addr_t orig_addr, 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 652 size_t alloc_size, unsigned int alloc_align_mask) 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 653 { 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 654 struct io_tlb_mem *mem = dev->dma_io_tlb_mem; 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 @655 int start = raw_smp_processor_id() & ((1U << __fls(mem->nareas)) - 1); 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 656 int i = start, index; 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 657 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 658 do { 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 659 index = swiotlb_do_find_slots(mem, mem->areas + i, i, 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 660 dev, orig_addr, alloc_size, 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 661 alloc_align_mask); 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 662 if (index >= 0) 26a7e094783d48 kernel/dma/swiotlb.c Christoph Hellwig 2021-02-04 663 return index; 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 664 if (++i >= mem->nareas) 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 665 i = 0; 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 666 } while (i != start); 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 667 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 668 return -1; 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 669 } 47bb420a6670ad kernel/dma/swiotlb.c Tianyu Lan 2022-06-17 670 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
