:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check first_new_problem: drivers/char/pcmcia/synclink_cs.c:1952:13: warning: use of uninitialized value '<unknown>' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Kees Cook <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 80e78fcce86de0288793a0ef0f6acf37656ee4cf commit: f68f2ff91512c199ec24883001245912afc17873 fortify: Detect struct member overflows in memcpy() at compile-time date: 7 months ago :::::: branch date: 24 hours ago :::::: commit date: 7 months ago config: arm-randconfig-c002-20220911 (https://download.01.org/0day-ci/archive/20220913/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f68f2ff91512c199ec24883001245912afc17873 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout f68f2ff91512c199ec24883001245912afc17873 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc_analyzer warnings: (new ones prefixed by >>) drivers/char/pcmcia/synclink_cs.c: In function 'wait_events': >> drivers/char/pcmcia/synclink_cs.c:1952:13: warning: use of uninitialized >> value '<unknown>' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 1952 | int mask; | ^~~~ 'mgslpc_ioctl': events 1-4 | | 669 | if (!info) | | ~ | | | | | (2) following 'false' branch (when 'info' is non-NULL)... |...... | 2219 | static int mgslpc_ioctl(struct tty_struct *tty, | | ^~~~~~~~~~~~ | | | | | (1) entry to 'mgslpc_ioctl' |...... | 2232 | if (cmd != TIOCMIWAIT) { | | ~ | | | | | (3) ...to here | | (4) following 'true' branch (when 'cmd != 21596')... | 'mgslpc_ioctl': event 5 | |include/asm-generic/bitops/non-atomic.h:118:27: | 118 | return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1))); | | ~~~~^~~~~~~~~~~~~~ | | | | | (5) ...to here | 'mgslpc_ioctl': events 6-10 | |drivers/char/pcmcia/synclink_cs.c:2233:20: | 2233 | if (tty_io_error(tty)) | | ^ | | | | | (6) following 'false' branch... |...... | 2237 | switch (cmd) { | | ~~~~~~ | | | | | (7) ...to here | | (8) following 'case 3221515528:' branch... |...... | 2258 | case MGSL_IOCWAITEVENT: | | ~~~~ | | | | | (9) ...to here | 2259 | return wait_events(info, argp); | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (10) calling 'wait_events' from 'mgslpc_ioctl' | +--> 'wait_events': events 11-12 | | 1945 | static int wait_events(MGSLPC_INFO * info, int __user *mask_ptr) | | ^~~~~~~~~~~ | | | | | (11) entry to 'wait_events' |...... | 1952 | int mask; | | ~~~~ | | | | | (12) use of uninitialized value '<unknown>' here | In file included from include/linux/bitops.h:7, from include/linux/log2.h:12, from include/asm-generic/div64.h:55, from arch/arm/include/asm/div64.h:107, from include/linux/math.h:5, from include/linux/math64.h:6, from include/linux/time.h:6, from include/linux/stat.h:19, from include/linux/module.h:13, from drivers/char/pcmcia/synclink_cs.c:38: drivers/char/pcmcia/synclink_cs.c: In function 'mgslpc_wait_until_sent': include/linux/typecheck.h:11:19: warning: use of uninitialized value '<unknown>' [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 11 | typeof(x) __dummy2; \ | ^~~~~~~~ include/linux/jiffies.h:105:10: note: in expansion of macro 'typecheck' 105 | (typecheck(unsigned long, a) && \ | ^~~~~~~~~ drivers/char/pcmcia/synclink_cs.c:2391:40: note: in expansion of macro 'time_after' 2391 | if (timeout && time_after(jiffies, orig_jiffies + timeout)) | ^~~~~~~~~~ 'mgslpc_wait_until_sent': event 1 | | 2355 | if (!info) | | ^ | | | | | (1) following 'false' branch (when 'info' is non-NULL)... | 'mgslpc_wait_until_sent': events 2-5 | | 2358 | if (debug_level >= DEBUG_LEVEL_INFO) |...... | 2365 | if (!tty_port_initialized(&info->port)) | | ~ | | | | | (3) following 'true' branch... |...... | 2368 | orig_jiffies = jiffies; vim +1952 drivers/char/pcmcia/synclink_cs.c ^1da177e4c3f41 Linus Torvalds 2005-04-16 1936 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1937 /* wait for specified event to occur ^1da177e4c3f41 Linus Torvalds 2005-04-16 1938 * ^1da177e4c3f41 Linus Torvalds 2005-04-16 1939 * Arguments: info pointer to device instance data ^1da177e4c3f41 Linus Torvalds 2005-04-16 1940 * mask pointer to bitmask of events to wait for ^1da177e4c3f41 Linus Torvalds 2005-04-16 1941 * Return Value: 0 if successful and bit mask updated with ^1da177e4c3f41 Linus Torvalds 2005-04-16 1942 * of events triggerred, ^1da177e4c3f41 Linus Torvalds 2005-04-16 1943 * otherwise error code ^1da177e4c3f41 Linus Torvalds 2005-04-16 1944 */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 1945 static int wait_events(MGSLPC_INFO * info, int __user *mask_ptr) ^1da177e4c3f41 Linus Torvalds 2005-04-16 1946 { ^1da177e4c3f41 Linus Torvalds 2005-04-16 1947 unsigned long flags; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1948 int s; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1949 int rc=0; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1950 struct mgsl_icount cprev, cnow; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1951 int events; ^1da177e4c3f41 Linus Torvalds 2005-04-16 @1952 int mask; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1953 struct _input_signal_events oldsigs, newsigs; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1954 DECLARE_WAITQUEUE(wait, current); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1955 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1956 COPY_FROM_USER(rc,&mask, mask_ptr, sizeof(int)); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1957 if (rc) ^1da177e4c3f41 Linus Torvalds 2005-04-16 1958 return -EFAULT; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1959 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1960 if (debug_level >= DEBUG_LEVEL_INFO) ^1da177e4c3f41 Linus Torvalds 2005-04-16 1961 printk("wait_events(%s,%d)\n", info->device_name, mask); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1962 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1963 spin_lock_irqsave(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1964 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1965 /* return immediately if state matches requested events */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 1966 get_signals(info); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1967 s = info->serial_signals; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1968 events = mask & ^1da177e4c3f41 Linus Torvalds 2005-04-16 1969 ( ((s & SerialSignal_DSR) ? MgslEvent_DsrActive:MgslEvent_DsrInactive) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 1970 ((s & SerialSignal_DCD) ? MgslEvent_DcdActive:MgslEvent_DcdInactive) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 1971 ((s & SerialSignal_CTS) ? MgslEvent_CtsActive:MgslEvent_CtsInactive) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 1972 ((s & SerialSignal_RI) ? MgslEvent_RiActive :MgslEvent_RiInactive) ); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1973 if (events) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 1974 spin_unlock_irqrestore(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1975 goto exit; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1976 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 1977 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1978 /* save current irq counts */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 1979 cprev = info->icount; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1980 oldsigs = info->input_signal_events; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1981 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1982 if ((info->params.mode == MGSL_MODE_HDLC) && ^1da177e4c3f41 Linus Torvalds 2005-04-16 1983 (mask & MgslEvent_ExitHuntMode)) ^1da177e4c3f41 Linus Torvalds 2005-04-16 1984 irq_enable(info, CHA, IRQ_EXITHUNT); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1985 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1986 set_current_state(TASK_INTERRUPTIBLE); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1987 add_wait_queue(&info->event_wait_q, &wait); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1988 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1989 spin_unlock_irqrestore(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1990 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1991 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1992 for(;;) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 1993 schedule(); ^1da177e4c3f41 Linus Torvalds 2005-04-16 1994 if (signal_pending(current)) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 1995 rc = -ERESTARTSYS; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1996 break; ^1da177e4c3f41 Linus Torvalds 2005-04-16 1997 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 1998 ^1da177e4c3f41 Linus Torvalds 2005-04-16 1999 /* get current irq counts */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 2000 spin_lock_irqsave(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2001 cnow = info->icount; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2002 newsigs = info->input_signal_events; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2003 set_current_state(TASK_INTERRUPTIBLE); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2004 spin_unlock_irqrestore(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2005 ^1da177e4c3f41 Linus Torvalds 2005-04-16 2006 /* if no change, wait aborted for some reason */ ^1da177e4c3f41 Linus Torvalds 2005-04-16 2007 if (newsigs.dsr_up == oldsigs.dsr_up && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2008 newsigs.dsr_down == oldsigs.dsr_down && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2009 newsigs.dcd_up == oldsigs.dcd_up && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2010 newsigs.dcd_down == oldsigs.dcd_down && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2011 newsigs.cts_up == oldsigs.cts_up && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2012 newsigs.cts_down == oldsigs.cts_down && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2013 newsigs.ri_up == oldsigs.ri_up && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2014 newsigs.ri_down == oldsigs.ri_down && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2015 cnow.exithunt == cprev.exithunt && ^1da177e4c3f41 Linus Torvalds 2005-04-16 2016 cnow.rxidle == cprev.rxidle) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 2017 rc = -EIO; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2018 break; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2019 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 2020 ^1da177e4c3f41 Linus Torvalds 2005-04-16 2021 events = mask & ^1da177e4c3f41 Linus Torvalds 2005-04-16 2022 ( (newsigs.dsr_up != oldsigs.dsr_up ? MgslEvent_DsrActive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2023 (newsigs.dsr_down != oldsigs.dsr_down ? MgslEvent_DsrInactive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2024 (newsigs.dcd_up != oldsigs.dcd_up ? MgslEvent_DcdActive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2025 (newsigs.dcd_down != oldsigs.dcd_down ? MgslEvent_DcdInactive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2026 (newsigs.cts_up != oldsigs.cts_up ? MgslEvent_CtsActive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2027 (newsigs.cts_down != oldsigs.cts_down ? MgslEvent_CtsInactive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2028 (newsigs.ri_up != oldsigs.ri_up ? MgslEvent_RiActive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2029 (newsigs.ri_down != oldsigs.ri_down ? MgslEvent_RiInactive:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2030 (cnow.exithunt != cprev.exithunt ? MgslEvent_ExitHuntMode:0) + ^1da177e4c3f41 Linus Torvalds 2005-04-16 2031 (cnow.rxidle != cprev.rxidle ? MgslEvent_IdleReceived:0) ); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2032 if (events) ^1da177e4c3f41 Linus Torvalds 2005-04-16 2033 break; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2034 ^1da177e4c3f41 Linus Torvalds 2005-04-16 2035 cprev = cnow; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2036 oldsigs = newsigs; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2037 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 2038 ^1da177e4c3f41 Linus Torvalds 2005-04-16 2039 remove_wait_queue(&info->event_wait_q, &wait); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2040 set_current_state(TASK_RUNNING); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2041 ^1da177e4c3f41 Linus Torvalds 2005-04-16 2042 if (mask & MgslEvent_ExitHuntMode) { ^1da177e4c3f41 Linus Torvalds 2005-04-16 2043 spin_lock_irqsave(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2044 if (!waitqueue_active(&info->event_wait_q)) ^1da177e4c3f41 Linus Torvalds 2005-04-16 2045 irq_disable(info, CHA, IRQ_EXITHUNT); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2046 spin_unlock_irqrestore(&info->lock, flags); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2047 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 2048 exit: ^1da177e4c3f41 Linus Torvalds 2005-04-16 2049 if (rc == 0) ^1da177e4c3f41 Linus Torvalds 2005-04-16 2050 PUT_USER(rc, events, mask_ptr); ^1da177e4c3f41 Linus Torvalds 2005-04-16 2051 return rc; ^1da177e4c3f41 Linus Torvalds 2005-04-16 2052 } ^1da177e4c3f41 Linus Torvalds 2005-04-16 2053 :::::: The code at line 1952 was first introduced by commit :::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2 :::::: TO: Linus Torvalds <[email protected]> :::::: CC: Linus Torvalds <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
