:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: include/linux/fortify-string.h:20:45: warning: use of uninitialized value '*(unsigned char *)(&stat_buf[31])' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Kees Cook <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 6614a3c3164a5df2b54abb0b3559f51041cf705b commit: 3009f891bb9f328945ebd5b71e12df7e2467f3dd fortify: Allow strlen() and strnlen() to pass compile-time known lengths date: 11 months ago :::::: branch date: 6 hours ago :::::: commit date: 11 months ago config: arm-randconfig-c002-20220805 (https://download.01.org/0day-ci/archive/20220806/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3009f891bb9f328945ebd5b71e12df7e2467f3dd git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 3009f891bb9f328945ebd5b71e12df7e2467f3dd # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc-analyzer warnings: (new ones prefixed by >>) | +--> 'uart_port_ref': event 33 | | 58 | static inline struct uart_port *uart_port_ref(struct uart_state *state) | | ^~~~~~~~~~~~~ | | | | | (33) entry to 'uart_port_ref' | 'uart_port_ref': event 34 | |include/linux/atomic/atomic-arch-fallback.h:1161:20: | 1161 | if (unlikely(c == u)) | | ^ | | | | | (34) following 'false' branch... | 'uart_port_ref': event 35 | | 995 | #define arch_atomic_try_cmpxchg arch_atomic_try_cmpxchg | | ^ | | | | | (35) ...to here include/linux/atomic/atomic-arch-fallback.h:1163:19: note: in expansion of macro 'arch_atomic_try_cmpxchg' | 1163 | } while (!arch_atomic_try_cmpxchg(v, &c, c + a)); | | ^~~~~~~~~~~~~~~~~~~~~~~ | <------+ | 'uart_port_startup': event 36 | |drivers/tty/serial/serial_core.c:73:45: | 73 | struct uart_port *__uport = uart_port_ref(state); \ | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (36) returning to 'uart_port_startup' from 'uart_port_ref' drivers/tty/serial/serial_core.c:207:9: note: in expansion of macro 'uart_port_lock' | 207 | uart_port_lock(state, flags); | | ^~~~~~~~~~~~~~ | 'uart_port_startup': event 37 | | 74 | if (__uport) \ | | ^ | | | | | (37) following 'false' branch (when '__uport' is NULL)... drivers/tty/serial/serial_core.c:207:9: note: in expansion of macro 'uart_port_lock' | 207 | uart_port_lock(state, flags); | | ^~~~~~~~~~~~~~ | 'uart_port_startup': events 38-39 | | 208 | if (!state->xmit.buf) { | | ~ ~~~~~~~~~~~^~~~ | | | | | | | (38) ...to here | | (39) following 'false' branch... | 'uart_port_startup': event 40 | | 82 | if (__uport) { \ | | ^ | | | | | (40) ...to here drivers/tty/serial/serial_core.c:213:17: note: in expansion of macro 'uart_port_unlock' | 213 | uart_port_unlock(uport, flags); | | ^~~~~~~~~~~~~~~~ | 'uart_port_startup': event 41 | | 82 | if (__uport) { \ | | ^ | | | | | (41) following 'true' branch... drivers/tty/serial/serial_core.c:213:17: note: in expansion of macro 'uart_port_unlock' | 213 | uart_port_unlock(uport, flags); | | ^~~~~~~~~~~~~~~~ | 'uart_port_startup': events 42-43 | |arch/arm/include/asm/irqflags.h:159:9: | 159 | asm volatile( | | ^~~ | | | | | (42) ...to here |...... | 171 | asm volatile( | | ~~~ | | | | | (43) use of uninitialized value 'flags' here | In file included from include/linux/string.h:253, from include/linux/bitmap.h:10, from include/linux/cpumask.h:12, from include/linux/mm_types_task.h:14, from include/linux/mm_types.h:5, from include/linux/buildid.h:5, from include/linux/module.h:14: In function 'strnlen', inlined from 'strlen' at include/linux/fortify-string.h:103:8, inlined from 'uart_line_info' at drivers/tty/serial/serial_core.c:1860:3: >> include/linux/fortify-string.h:20:45: warning: use of uninitialized value >> '*(unsigned char *)(&stat_buf[31])' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] 20 | if (__builtin_constant_p(__p[p_len]) && \ | ~~~^~~~~~~ include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' 77 | size_t p_len = __compiletime_strlen(p); | ^~~~~~~~~~~~~~~~~~~~ 'uart_line_info': events 1-7 | |drivers/tty/serial/serial_core.c:1804:14: | 1804 | char stat_buf[32]; | | ^~~~~~~~ | | | | | (1) region created on stack here |...... | 1810 | if (!uport) | | ~ | | | | | (2) following 'false' branch... |...... | 1813 | mmio = uport->iotype >= UPIO_MEM; | | ~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 1821 | if (uport->type == PORT_UNKNOWN) { | | ~ | | | | | (4) following 'false' branch... |...... | 1826 | if (capable(CAP_SYS_ADMIN)) { | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(5) ...to here | | (6) following 'true' branch... | 1827 | pm_state = state->pm_state; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here | 'uart_line_info': event 8 | | 1850 | if (uport->mctrl & (bit)) \ | | ^ | | | | | (8) following 'true' branch... drivers/tty/serial/serial_core.c:1860:17: note: in expansion of macro 'INFOBIT' | 1860 | INFOBIT(TIOCM_RTS, "|RTS"); | | ^~~~~~~ | 'uart_line_info': event 9 | |include/linux/fortify-string.h:20:45: | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (9) ...to here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | 'uart_line_info': event 10 | | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (10) use of uninitialized value '*(unsigned char *)(&stat_buf[31])' here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | In function 'strnlen', inlined from 'strlen' at include/linux/fortify-string.h:103:8, inlined from 'strncat' at include/linux/fortify-string.h:192:10, inlined from 'uart_line_info' at drivers/tty/serial/serial_core.c:1860:3: >> include/linux/fortify-string.h:20:45: warning: use of uninitialized value >> '*(unsigned char *)(&stat_buf[31])' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] 20 | if (__builtin_constant_p(__p[p_len]) && \ | ~~~^~~~~~~ include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' 77 | size_t p_len = __compiletime_strlen(p); | ^~~~~~~~~~~~~~~~~~~~ 'uart_line_info': events 1-7 | |drivers/tty/serial/serial_core.c:1804:14: | 1804 | char stat_buf[32]; | | ^~~~~~~~ | | | | | (1) region created on stack here |...... | 1810 | if (!uport) | | ~ | | | | | (2) following 'false' branch... |...... | 1813 | mmio = uport->iotype >= UPIO_MEM; | | ~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 1821 | if (uport->type == PORT_UNKNOWN) { | | ~ | | | | | (4) following 'false' branch... |...... | 1826 | if (capable(CAP_SYS_ADMIN)) { | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(5) ...to here | | (6) following 'true' branch... | 1827 | pm_state = state->pm_state; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here | 'uart_line_info': event 8 | | 1850 | if (uport->mctrl & (bit)) \ | | ^ | | | | | (8) following 'true' branch... drivers/tty/serial/serial_core.c:1860:17: note: in expansion of macro 'INFOBIT' | 1860 | INFOBIT(TIOCM_RTS, "|RTS"); | | ^~~~~~~ | 'uart_line_info': event 9 | |include/linux/fortify-string.h:20:45: | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (9) ...to here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | 'uart_line_info': events 10-12 | | 89 | if (p_size <= ret && maxlen != ret) | | ^ | | | | | (10) following 'false' branch... |...... | 104 | if (p_size <= ret) | | ~ | | | | | (11) ...to here | | (12) following 'false' branch... | 'uart_line_info': event 13 | |drivers/tty/serial/serial_core.c:1851:17: | 1851 | strncat(stat_buf, (str), sizeof(stat_buf) - \ | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) ...to here | 1852 | strlen(stat_buf) - 2) | | ~~~~~~~~~~~~~~~~~~~~~ drivers/tty/serial/serial_core.c:1860:17: note: in expansion of macro 'INFOBIT' | 1860 | INFOBIT(TIOCM_RTS, "|RTS"); | | ^~~~~~~ | 'uart_line_info': event 14 | |include/linux/fortify-string.h:20:45: | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (14) use of uninitialized value '*(unsigned char *)(&stat_buf[31])' here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | In function 'strnlen', inlined from 'strlen' at include/linux/fortify-string.h:103:8, inlined from 'uart_line_info' at drivers/tty/serial/serial_core.c:1860:3: >> include/linux/fortify-string.h:20:45: warning: use of uninitialized value >> '*(unsigned char *)(&stat_buf[31])' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] 20 | if (__builtin_constant_p(__p[p_len]) && \ | ~~~^~~~~~~ include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' 77 | size_t p_len = __compiletime_strlen(p); | ^~~~~~~~~~~~~~~~~~~~ 'uart_proc_show': events 1-4 | |drivers/tty/serial/serial_core.c:1878:12: | 1878 | static int uart_proc_show(struct seq_file *m, void *v) | | ^~~~~~~~~~~~~~ | | | | | (1) entry to 'uart_proc_show' |...... | 1885 | for (i = 0; i < drv->nr; i++) | | ~~~~~~~~~~~ | | | | | (2) following 'true' branch... | 1886 | uart_line_info(m, drv, i); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling 'uart_line_info' from 'uart_proc_show' | +--> 'uart_line_info': events 5-12 | | 1798 | static void uart_line_info(struct seq_file *m, struct uart_driver *drv, int i) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to 'uart_line_info' |...... | 1804 | char stat_buf[32]; | | ~~~~~~~~ | | | | | (6) region created on stack here |...... | 1810 | if (!uport) | | ~ | | | | | (7) following 'false' branch... |...... | 1813 | mmio = uport->iotype >= UPIO_MEM; | | ~~~~~~~~~~~~~ | | | | | (8) ...to here |...... | 1821 | if (uport->type == PORT_UNKNOWN) { | | ~ | | | | | (9) following 'false' branch... |...... | 1826 | if (capable(CAP_SYS_ADMIN)) { | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(10) ...to here | | (11) following 'true' branch... | 1827 | pm_state = state->pm_state; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (12) ...to here | 'uart_line_info': event 13 | | 1850 | if (uport->mctrl & (bit)) \ | | ^ | | | | | (13) following 'true' branch... drivers/tty/serial/serial_core.c:1860:17: note: in expansion of macro 'INFOBIT' | 1860 | INFOBIT(TIOCM_RTS, "|RTS"); | | ^~~~~~~ | 'uart_line_info': event 14 | |include/linux/fortify-string.h:20:45: | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (14) ...to here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | 'uart_line_info': event 15 | | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (15) use of uninitialized value '*(unsigned char *)(&stat_buf[31])' here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | In function 'strnlen', inlined from 'strlen' at include/linux/fortify-string.h:103:8, inlined from 'strncat' at include/linux/fortify-string.h:192:10, inlined from 'uart_line_info' at drivers/tty/serial/serial_core.c:1860:3: >> include/linux/fortify-string.h:20:45: warning: use of uninitialized value >> '*(unsigned char *)(&stat_buf[31])' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] 20 | if (__builtin_constant_p(__p[p_len]) && \ | ~~~^~~~~~~ include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' 77 | size_t p_len = __compiletime_strlen(p); | ^~~~~~~~~~~~~~~~~~~~ 'uart_proc_show': events 1-4 | |drivers/tty/serial/serial_core.c:1878:12: | 1878 | static int uart_proc_show(struct seq_file *m, void *v) | | ^~~~~~~~~~~~~~ | | | | | (1) entry to 'uart_proc_show' |...... | 1885 | for (i = 0; i < drv->nr; i++) | | ~~~~~~~~~~~ | | | | | (2) following 'true' branch... | 1886 | uart_line_info(m, drv, i); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling 'uart_line_info' from 'uart_proc_show' | +--> 'uart_line_info': events 5-12 | | 1798 | static void uart_line_info(struct seq_file *m, struct uart_driver *drv, int i) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to 'uart_line_info' |...... | 1804 | char stat_buf[32]; | | ~~~~~~~~ | | | | | (6) region created on stack here |...... | 1810 | if (!uport) | | ~ | | | | | (7) following 'false' branch... |...... | 1813 | mmio = uport->iotype >= UPIO_MEM; | | ~~~~~~~~~~~~~ | | | | | (8) ...to here |...... | 1821 | if (uport->type == PORT_UNKNOWN) { | | ~ | | | | | (9) following 'false' branch... |...... | 1826 | if (capable(CAP_SYS_ADMIN)) { | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(10) ...to here | | (11) following 'true' branch... | 1827 | pm_state = state->pm_state; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (12) ...to here | 'uart_line_info': event 13 | | 1850 | if (uport->mctrl & (bit)) \ | | ^ | | | | | (13) following 'true' branch... drivers/tty/serial/serial_core.c:1860:17: note: in expansion of macro 'INFOBIT' | 1860 | INFOBIT(TIOCM_RTS, "|RTS"); | | ^~~~~~~ | 'uart_line_info': event 14 | |include/linux/fortify-string.h:20:45: | 20 | if (__builtin_constant_p(__p[p_len]) && \ | | ~~~^~~~~~~ | | | | | (14) ...to here include/linux/fortify-string.h:77:24: note: in expansion of macro '__compiletime_strlen' | 77 | size_t p_len = __compiletime_strlen(p); | | ^~~~~~~~~~~~~~~~~~~~ | 'uart_line_info': events 15-17 | | 89 | if (p_size <= ret && maxlen != ret) | | ^ | | | | | (15) following 'false' branch... |...... | 104 | if (p_size <= ret) | | ~ | | | | | (16) ...to here | | (17) following 'false' branch... | 'uart_line_info': event 18 | |drivers/tty/serial/serial_core.c:1851:17: | 1851 | strncat(stat_buf, (str), sizeof(stat_buf) - \ | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | vim +20 include/linux/fortify-string.h a28a6e860c6cf2 Francis Laniel 2021-02-25 12 3009f891bb9f32 Kees Cook 2021-08-02 13 #define __compiletime_strlen(p) \ 3009f891bb9f32 Kees Cook 2021-08-02 14 ({ \ 3009f891bb9f32 Kees Cook 2021-08-02 15 unsigned char *__p = (unsigned char *)(p); \ 3009f891bb9f32 Kees Cook 2021-08-02 16 size_t ret = (size_t)-1; \ 3009f891bb9f32 Kees Cook 2021-08-02 17 size_t p_size = __builtin_object_size(p, 1); \ 3009f891bb9f32 Kees Cook 2021-08-02 18 if (p_size != (size_t)-1) { \ 3009f891bb9f32 Kees Cook 2021-08-02 19 size_t p_len = p_size - 1; \ 3009f891bb9f32 Kees Cook 2021-08-02 @20 if (__builtin_constant_p(__p[p_len]) && \ 3009f891bb9f32 Kees Cook 2021-08-02 21 __p[p_len] == '\0') \ 3009f891bb9f32 Kees Cook 2021-08-02 22 ret = __builtin_strlen(__p); \ 3009f891bb9f32 Kees Cook 2021-08-02 23 } \ 3009f891bb9f32 Kees Cook 2021-08-02 24 ret; \ 3009f891bb9f32 Kees Cook 2021-08-02 25 }) 3009f891bb9f32 Kees Cook 2021-08-02 26 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
