:::::: :::::: Manual check reason: "low confidence static check first_new_problem: arch/arm/include/asm/atomic.h:224:17: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]" ::::::
CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: linux-ker...@vger.kernel.org TO: "Eric W. Biederman" <ebied...@xmission.com> CC: Alexey Gladkov <leg...@kernel.org> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: d0f67adb790698017030365e90e9e394de7cac7c commit: 32342701b4ba57a6fd77e8aca2f65f68c0fa1da6 ucounts: Use atomic_long_sub_return for clarity date: 8 months ago :::::: branch date: 3 hours ago :::::: commit date: 8 months ago config: arm-randconfig-c002-20220625 (https://download.01.org/0day-ci/archive/20220702/202207020515.ktulzeao-...@intel.com/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 42a7ddb428c999229491b0effbb1a4059149fba8) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32342701b4ba57a6fd77e8aca2f65f68c0fa1da6 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 32342701b4ba57a6fd77e8aca2f65f68c0fa1da6 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <l...@intel.com> clang-analyzer warnings: (new ones prefixed by >>) ^ fs/jfs/xattr.c:678:2: note: Null pointer value stored to 'ealist' ealist = (struct jfs_ea_list *) ea_buf.xattr; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/jfs/xattr.c:681:6: note: 'xattr_size' is 0 if (xattr_size) { ^~~~~~~~~~ fs/jfs/xattr.c:681:2: note: Taking false branch if (xattr_size) { ^ fs/jfs/xattr.c:699:7: note: 'found' is 0 if (!found) { ^~~~~ fs/jfs/xattr.c:699:2: note: Taking true branch if (!found) { ^ fs/jfs/xattr.c:700:3: note: Taking false branch if (flags & XATTR_REPLACE) { ^ fs/jfs/xattr.c:704:7: note: Assuming 'value' is not equal to NULL if (value == NULL) { ^~~~~~~~~~~~~ fs/jfs/xattr.c:704:3: note: Taking false branch if (value == NULL) { ^ fs/jfs/xattr.c:709:6: note: 'value' is non-null if (value) ^~~~~ fs/jfs/xattr.c:709:2: note: Taking true branch if (value) ^ fs/jfs/xattr.c:712:6: note: Assuming 'new_size' is <= field 'max_size' if (new_size > ea_buf.max_size) { ^~~~~~~~~~~~~~~~~~~~~~~~~~ fs/jfs/xattr.c:712:2: note: Taking false branch if (new_size > ea_buf.max_size) { ^ fs/jfs/xattr.c:727:6: note: 'found' is 0 if (found) { ^~~~~ fs/jfs/xattr.c:727:2: note: Taking false branch if (found) { ^ fs/jfs/xattr.c:736:6: note: 'value' is non-null if (value) { ^~~~~ fs/jfs/xattr.c:736:2: note: Taking true branch if (value) { ^ fs/jfs/xattr.c:737:7: note: 'xattr_size' is equal to 0 if (xattr_size == 0) ^~~~~~~~~~ fs/jfs/xattr.c:737:3: note: Taking true branch if (xattr_size == 0) ^ fs/jfs/xattr.c:749:7: note: Assuming the condition is false if (value_len >= USHRT_MAX) { ^~~~~~~~~~~~~~~~~~~~~~ fs/jfs/xattr.c:749:3: note: Taking false branch if (value_len >= USHRT_MAX) { ^ fs/jfs/xattr.c:754:3: note: Null pointer value stored to 'ea' ea = (struct jfs_ea *) ((char *) ealist + xattr_size); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/jfs/xattr.c:755:12: note: Access to field 'flag' results in a dereference of a null pointer (loaded from variable 'ea') ea->flag = 0; ~~ ^ fs/jfs/xattr.c:1017:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(name, XATTR_SECURITY_PREFIX); ^~~~~~ fs/jfs/xattr.c:1017:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(name, XATTR_SECURITY_PREFIX); ^~~~~~ fs/jfs/xattr.c:1018:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name); ^~~~~~ fs/jfs/xattr.c:1018:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name); ^~~~~~ Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. Suppressed 6 warnings (6 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. >> arch/arm/include/asm/atomic.h:224:17: warning: Use of memory after it is >> freed [clang-analyzer-unix.Malloc] ATOMIC_OPS(sub, -=, sub) ^ kernel/ucount.c:317:2: note: Loop condition is true. Entering loop body for (iter = ucounts; iter; iter = iter->ns->ucounts) { ^ kernel/ucount.c:318:14: note: Left side of '||' is false long max = READ_ONCE(iter->ns->ucount_max[type]); ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:290:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ kernel/ucount.c:318:14: note: Left side of '||' is false long max = READ_ONCE(iter->ns->ucount_max[type]); ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:290:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ kernel/ucount.c:318:14: note: Left side of '||' is true long max = READ_ONCE(iter->ns->ucount_max[type]); ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:291:28: note: expanded from macro '__native_word' sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) ^ kernel/ucount.c:318:14: note: Taking false branch long max = READ_ONCE(iter->ns->ucount_max[type]); ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:308:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ kernel/ucount.c:318:14: note: Loop condition is false. Exiting loop long max = READ_ONCE(iter->ns->ucount_max[type]); ^ include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:306:2: note: expanded from macro '__compiletime_assert' do { \ ^ kernel/ucount.c:320:7: note: Assuming 'new' is >= 0 if (new < 0 || new > max) ^~~~~~~ kernel/ucount.c:320:7: note: Left side of '||' is false kernel/ucount.c:320:18: note: Assuming 'new' is <= 'max' if (new < 0 || new > max) ^~~~~~~~~ kernel/ucount.c:320:3: note: Taking false branch if (new < 0 || new > max) ^ kernel/ucount.c:322:7: note: 'iter' is equal to 'ucounts' if (iter == ucounts) ^~~~ kernel/ucount.c:322:3: note: Taking true branch if (iter == ucounts) ^ kernel/ucount.c:328:7: note: Assuming 'new' is equal to 1 if (new != 1) ^~~~~~~~ kernel/ucount.c:328:3: note: Taking false branch if (new != 1) ^ kernel/ucount.c:330:8: note: Calling 'get_ucounts' vim +224 arch/arm/include/asm/atomic.h db38ee874c48713 Will Deacon 2014-02-21 217 aee9a55452f0371 Peter Zijlstra 2014-03-23 218 #define ATOMIC_OPS(op, c_op, asm_op) \ aee9a55452f0371 Peter Zijlstra 2014-03-23 219 ATOMIC_OP(op, c_op, asm_op) \ 6da068c1beba684 Peter Zijlstra 2016-04-18 220 ATOMIC_OP_RETURN(op, c_op, asm_op) \ 6da068c1beba684 Peter Zijlstra 2016-04-18 221 ATOMIC_FETCH_OP(op, c_op, asm_op) aee9a55452f0371 Peter Zijlstra 2014-03-23 222 aee9a55452f0371 Peter Zijlstra 2014-03-23 223 ATOMIC_OPS(add, +=, add) aee9a55452f0371 Peter Zijlstra 2014-03-23 @224 ATOMIC_OPS(sub, -=, sub) aee9a55452f0371 Peter Zijlstra 2014-03-23 225 :::::: The code at line 224 was first introduced by commit :::::: aee9a55452f0371258e18b41649ce650ff344090 locking,arch,arm: Fold atomic_ops :::::: TO: Peter Zijlstra <pet...@infradead.org> :::::: CC: Ingo Molnar <mi...@kernel.org> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org