:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check first_new_problem: kernel/kexec_core.c:827:25: warning: use of NULL 'kbuf' where non-null expected [CWE-476] [-Wanalyzer-null-argument]" ::::::
CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: Linux Memory Management List <linux...@kvack.org> TO: Alexander Lobakin <alexandr.loba...@intel.com> CC: Yury Norov <yury.no...@gmail.com> CC: Marco Elver <el...@google.com> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: b6f1f2fa2bddd69ff46a190b8120bd440fd50563 commit: b03fc1173c0c2bb8fad61902a862985cecdc4b1b [6818/7943] bitops: let optimize out non-atomic bitops on compile-time constants :::::: branch date: 3 hours ago :::::: commit date: 3 days ago config: arm-randconfig-c002-20220703 (https://download.01.org/0day-ci/archive/20220704/202207041805.1c2cmqwt-...@intel.com/config) compiler: arm-linux-gnueabi-gcc (GCC) 11.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b03fc1173c0c2bb8fad61902a862985cecdc4b1b git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git fetch --no-tags linux-next master git checkout b03fc1173c0c2bb8fad61902a862985cecdc4b1b # save the config file ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <l...@intel.com> gcc-analyzer warnings: (new ones prefixed by >>) kernel/kexec_core.c: In function 'kimage_load_normal_segment': >> kernel/kexec_core.c:827:25: warning: use of NULL 'kbuf' where non-null >> expected [CWE-476] [-Wanalyzer-null-argument] 827 | memcpy(ptr, kbuf, uchunk); | ^~~~~~~~~~~~~~~~~~~~~~~~~ 'kimage_load_segment': events 1-4 | | 917 | int kimage_load_segment(struct kimage *image, | | ^~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to 'kimage_load_segment' |...... | 922 | switch (image->type) { | | ~~~~~~ | | | | | (2) following 'false' branch... | 923 | case KEXEC_TYPE_DEFAULT: | | ~~~~ | | | | | (3) ...to here | 924 | result = kimage_load_normal_segment(image, segment); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) calling 'kimage_load_normal_segment' from 'kimage_load_segment' | +--> 'kimage_load_normal_segment': events 5-8 | | 567 | result = kimage_add_entry(image, destination | IND_DESTINATION); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) calling 'kimage_add_entry' from 'kimage_load_normal_segment' |...... | 781 | static int kimage_load_normal_segment(struct kimage *image, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) entry to 'kimage_load_normal_segment' |...... | 790 | if (image->file_mode) | | ~ | | | | | (6) following 'false' branch... |...... | 793 | buf = segment->buf; | | ~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here | +--> 'kimage_add_entry': events 9-11 | | 535 | static int kimage_add_entry(struct kimage *image, kimage_entry_t entry) | | ^~~~~~~~~~~~~~~~ | | | | | (9) entry to 'kimage_add_entry' |...... | 540 | if (image->entry == image->last_entry) { | | ~ | | | | | (10) following 'false' branch... |...... | 554 | *image->entry = entry; | | ~~~~~~~~~~~~ | | | | | (11) ...to here | <------+ | 'kimage_load_normal_segment': events 12-13 | | 567 | result = kimage_add_entry(image, destination | IND_DESTINATION); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (12) returning to 'kimage_load_normal_segment' from 'kimage_add_entry' |...... | 799 | if (result < 0) | | ~ | | | | | (13) following 'false' branch (when 'result >= 0')... | 'kimage_load_normal_segment': event 14 | |cc1: | (14): ...to here | 'kimage_load_normal_segment': events 15-17 | | 802 | while (mbytes) { | | ^~~~~~ | | | | | (15) following 'true' branch (when 'mbytes != 0')... |...... | 807 | page = kimage_alloc_page(image, GFP_HIGHUSER, maddr); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (16) ...to here | | (17) calling 'kimage_alloc_page' from 'kimage_load_normal_segment' | +--> 'kimage_alloc_page': event 18 | | 685 | static struct page *kimage_alloc_page(struct kimage *image, | | ^~~~~~~~~~~~~~~~~ | | | | | (18) entry to 'kimage_alloc_page' | vim +/kbuf +827 kernel/kexec_core.c 2965faa5e03d1e Dave Young 2015-09-09 780 2965faa5e03d1e Dave Young 2015-09-09 781 static int kimage_load_normal_segment(struct kimage *image, 2965faa5e03d1e Dave Young 2015-09-09 782 struct kexec_segment *segment) 2965faa5e03d1e Dave Young 2015-09-09 783 { 2965faa5e03d1e Dave Young 2015-09-09 784 unsigned long maddr; 2965faa5e03d1e Dave Young 2015-09-09 785 size_t ubytes, mbytes; 2965faa5e03d1e Dave Young 2015-09-09 786 int result; 2965faa5e03d1e Dave Young 2015-09-09 787 unsigned char __user *buf = NULL; 2965faa5e03d1e Dave Young 2015-09-09 788 unsigned char *kbuf = NULL; 2965faa5e03d1e Dave Young 2015-09-09 789 2965faa5e03d1e Dave Young 2015-09-09 790 if (image->file_mode) 2965faa5e03d1e Dave Young 2015-09-09 791 kbuf = segment->kbuf; 2965faa5e03d1e Dave Young 2015-09-09 792 else 2965faa5e03d1e Dave Young 2015-09-09 793 buf = segment->buf; 2965faa5e03d1e Dave Young 2015-09-09 794 ubytes = segment->bufsz; 2965faa5e03d1e Dave Young 2015-09-09 795 mbytes = segment->memsz; 2965faa5e03d1e Dave Young 2015-09-09 796 maddr = segment->mem; 2965faa5e03d1e Dave Young 2015-09-09 797 2965faa5e03d1e Dave Young 2015-09-09 798 result = kimage_set_destination(image, maddr); 2965faa5e03d1e Dave Young 2015-09-09 799 if (result < 0) 2965faa5e03d1e Dave Young 2015-09-09 800 goto out; 2965faa5e03d1e Dave Young 2015-09-09 801 2965faa5e03d1e Dave Young 2015-09-09 802 while (mbytes) { 2965faa5e03d1e Dave Young 2015-09-09 803 struct page *page; 2965faa5e03d1e Dave Young 2015-09-09 804 char *ptr; 2965faa5e03d1e Dave Young 2015-09-09 805 size_t uchunk, mchunk; 2965faa5e03d1e Dave Young 2015-09-09 806 2965faa5e03d1e Dave Young 2015-09-09 807 page = kimage_alloc_page(image, GFP_HIGHUSER, maddr); 2965faa5e03d1e Dave Young 2015-09-09 808 if (!page) { 2965faa5e03d1e Dave Young 2015-09-09 809 result = -ENOMEM; 2965faa5e03d1e Dave Young 2015-09-09 810 goto out; 2965faa5e03d1e Dave Young 2015-09-09 811 } 43546d8669d62d Russell King 2016-08-02 812 result = kimage_add_page(image, page_to_boot_pfn(page) 2965faa5e03d1e Dave Young 2015-09-09 813 << PAGE_SHIFT); 2965faa5e03d1e Dave Young 2015-09-09 814 if (result < 0) 2965faa5e03d1e Dave Young 2015-09-09 815 goto out; 2965faa5e03d1e Dave Young 2015-09-09 816 2965faa5e03d1e Dave Young 2015-09-09 817 ptr = kmap(page); 2965faa5e03d1e Dave Young 2015-09-09 818 /* Start with a clear page */ 2965faa5e03d1e Dave Young 2015-09-09 819 clear_page(ptr); 2965faa5e03d1e Dave Young 2015-09-09 820 ptr += maddr & ~PAGE_MASK; 2965faa5e03d1e Dave Young 2015-09-09 821 mchunk = min_t(size_t, mbytes, 2965faa5e03d1e Dave Young 2015-09-09 822 PAGE_SIZE - (maddr & ~PAGE_MASK)); 2965faa5e03d1e Dave Young 2015-09-09 823 uchunk = min(ubytes, mchunk); 2965faa5e03d1e Dave Young 2015-09-09 824 2965faa5e03d1e Dave Young 2015-09-09 825 /* For file based kexec, source pages are in kernel memory */ 2965faa5e03d1e Dave Young 2015-09-09 826 if (image->file_mode) 2965faa5e03d1e Dave Young 2015-09-09 @827 memcpy(ptr, kbuf, uchunk); 2965faa5e03d1e Dave Young 2015-09-09 828 else 2965faa5e03d1e Dave Young 2015-09-09 829 result = copy_from_user(ptr, buf, uchunk); 2965faa5e03d1e Dave Young 2015-09-09 830 kunmap(page); 2965faa5e03d1e Dave Young 2015-09-09 831 if (result) { 2965faa5e03d1e Dave Young 2015-09-09 832 result = -EFAULT; 2965faa5e03d1e Dave Young 2015-09-09 833 goto out; 2965faa5e03d1e Dave Young 2015-09-09 834 } 2965faa5e03d1e Dave Young 2015-09-09 835 ubytes -= uchunk; 2965faa5e03d1e Dave Young 2015-09-09 836 maddr += mchunk; 2965faa5e03d1e Dave Young 2015-09-09 837 if (image->file_mode) 2965faa5e03d1e Dave Young 2015-09-09 838 kbuf += mchunk; 2965faa5e03d1e Dave Young 2015-09-09 839 else 2965faa5e03d1e Dave Young 2015-09-09 840 buf += mchunk; 2965faa5e03d1e Dave Young 2015-09-09 841 mbytes -= mchunk; a8311f647e4196 Jarrett Farnitano 2018-06-14 842 a8311f647e4196 Jarrett Farnitano 2018-06-14 843 cond_resched(); 2965faa5e03d1e Dave Young 2015-09-09 844 } 2965faa5e03d1e Dave Young 2015-09-09 845 out: 2965faa5e03d1e Dave Young 2015-09-09 846 return result; 2965faa5e03d1e Dave Young 2015-09-09 847 } 2965faa5e03d1e Dave Young 2015-09-09 848 :::::: The code at line 827 was first introduced by commit :::::: 2965faa5e03d1e71e9ff9aa143fff39e0a77543a kexec: split kexec_load syscall from kexec core code :::::: TO: Dave Young <dyo...@redhat.com> :::::: CC: Linus Torvalds <torva...@linux-foundation.org> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org
