* security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
@ 2022-01-13 20:51 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-01-13 20:51 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 18133 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Tushar Sugandhi <tusharsu@linux.microsoft.com>
CC: Mimi Zohar <zohar@linux.ibm.com>
CC: Petr Vorel <pvorel@suse.cz>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 455e73a07f6e288b0061dfcf4fcf54fa9fe06458
commit: 52c208397c246f0c31d031eb8c41f9c7e9fdec0e IMA: support for duplicate measurement records
date: 7 months ago
:::::: branch date: 20 hours ago
:::::: commit date: 7 months ago
config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220114/202201140423.yRkoYDjV-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 244dd2913a43a200f5a6544d424cdc37b771028b)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52c208397c246f0c31d031eb8c41f9c7e9fdec0e
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 52c208397c246f0c31d031eb8c41f9c7e9fdec0e
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
drivers/acpi/acpica/dspkginit.c:80:9: note: Left side of '||' is false
while ((parent->common.aml_opcode == AML_PACKAGE_OP) ||
^
drivers/acpi/acpica/dspkginit.c:81:10: note: Assuming field 'aml_opcode' is not equal to AML_VARIABLE_PACKAGE_OP
(parent->common.aml_opcode == AML_VARIABLE_PACKAGE_OP)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:80:2: note: Loop condition is false. Execution continues on line 90
while ((parent->common.aml_opcode == AML_PACKAGE_OP) ||
^
drivers/acpi/acpica/dspkginit.c:91:6: note: Assuming 'obj_desc' is null
if (!obj_desc) {
^~~~~~~~~
drivers/acpi/acpica/dspkginit.c:91:2: note: Taking true branch
if (!obj_desc) {
^
drivers/acpi/acpica/dspkginit.c:94:7: note: Assuming 'obj_desc' is non-null
if (!obj_desc) {
^~~~~~~~~
drivers/acpi/acpica/dspkginit.c:94:3: note: Taking false branch
if (!obj_desc) {
^
drivers/acpi/acpica/dspkginit.c:101:6: note: Assuming the condition is false
if (obj_desc->package.flags & AOPOBJ_DATA_VALID) { /* Just in case */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:101:2: note: Taking false branch
if (obj_desc->package.flags & AOPOBJ_DATA_VALID) { /* Just in case */
^
drivers/acpi/acpica/dspkginit.c:111:6: note: Assuming field 'elements' is non-null
if (!obj_desc->package.elements) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:111:2: note: Taking false branch
if (!obj_desc->package.elements) {
^
drivers/acpi/acpica/dspkginit.c:138:6: note: 'module_level_code' is 0
if (module_level_code) {
^~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:138:2: note: Taking false branch
if (module_level_code) {
^
drivers/acpi/acpica/dspkginit.c:153:14: note: Assuming 'arg' is non-null
for (i = 0; arg && (i < element_count); i++) {
^~~
drivers/acpi/acpica/dspkginit.c:153:14: note: Left side of '&&' is true
drivers/acpi/acpica/dspkginit.c:153:22: note: Assuming 'i' is < 'element_count'
for (i = 0; arg && (i < element_count); i++) {
^~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:153:2: note: Loop condition is true. Entering loop body
for (i = 0; arg && (i < element_count); i++) {
^
drivers/acpi/acpica/dspkginit.c:154:7: note: Assuming field 'aml_opcode' is not equal to AML_INT_RETURN_VALUE_OP
if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:154:3: note: Taking false branch
if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) {
^
drivers/acpi/acpica/dspkginit.c:205:8: note: Assuming the condition is false
if (status == AE_NOT_FOUND) {
^~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:205:4: note: Taking false branch
if (status == AE_NOT_FOUND) {
^
drivers/acpi/acpica/dspkginit.c:210:9: note: 'module_level_code' is 0
if (!module_level_code) {
^~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:210:4: note: Taking true branch
if (!module_level_code) {
^
drivers/acpi/acpica/dspkginit.c:219:26: note: Passing null pointer value via 3rd parameter 'state'
elements[i], NULL,
^
include/linux/stddef.h:8:14: note: expanded from macro 'NULL'
#define NULL ((void *)0)
^~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:217:5: note: Calling 'acpi_ds_init_package_element'
acpi_ds_init_package_element(0,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:332:6: note: Assuming 'source_object' is non-null
if (!source_object) {
^~~~~~~~~~~~~~
drivers/acpi/acpica/dspkginit.c:332:2: note: Taking false branch
if (!source_object) {
^
drivers/acpi/acpica/dspkginit.c:342:6: note: Assuming 'context' is null
if (context) {
^~~~~~~
drivers/acpi/acpica/dspkginit.c:342:2: note: Taking false branch
if (context) {
^
drivers/acpi/acpica/dspkginit.c:350:17: note: Dereference of null pointer
element_ptr = state->pkg.this_target_obj;
^~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
>> security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_queue.c:163:6: note: Value stored to 'digest' during its initialization is never read
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
security/integrity/ima/ima_main.c:417:15: warning: Value stored to 'file' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
security/integrity/ima/ima_main.c:417:15: note: Value stored to 'file' during its initialization is never read
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
security/integrity/ima/ima_crypto.c:428:2: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
ima_free_pages(rbuf[1], rbuf_size[1]);
^
security/integrity/ima/ima_crypto.c:546:6: note: Assuming the condition is false
if (file->f_flags & O_DIRECT) {
^~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:546:2: note: Taking false branch
if (file->f_flags & O_DIRECT) {
^
security/integrity/ima/ima_crypto.c:553:6: note: Assuming the condition is false
if (!(file->f_mode & FMODE_READ)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:553:2: note: Taking false branch
if (!(file->f_mode & FMODE_READ)) {
^
security/integrity/ima/ima_crypto.c:566:6: note: Assuming 'ima_ahash_minsize' is not equal to 0
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:6: note: Left side of '&&' is true
security/integrity/ima/ima_crypto.c:566:27: note: Assuming 'i_size' is >= 'ima_ahash_minsize'
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:2: note: Taking true branch
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^
security/integrity/ima/ima_crypto.c:567:8: note: Calling 'ima_calc_file_ahash'
rc = ima_calc_file_ahash(f, hash);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:445:2: note: Taking false branch
if (IS_ERR(tfm))
^
security/integrity/ima/ima_crypto.c:448:7: note: Calling 'ima_calc_file_hash_atfm'
rc = ima_calc_file_hash_atfm(file, hash, tfm);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Calling 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Calling 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:544:2: note: Taking false branch
if (__builtin_constant_p(size)) {
^
include/linux/slab.h:561:2: note: Returning pointer, which participates in a condition later
return __kmalloc(size, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Returning from 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:607:6: note: Assuming 'req' is non-null, which participates in a condition later
if (likely(req))
^
include/linux/compiler.h:77:38: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~
include/crypto/hash.h:607:2: note: Taking true branch
if (likely(req))
^
include/crypto/hash.h:610:2: note: Returning pointer (loaded from 'req'), which participates in a condition later
return req;
^~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Returning from 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:343:7: note: 'req' is non-null
if (!req)
^~~
security/integrity/ima/ima_crypto.c:343:2: note: Taking false branch
if (!req)
^
security/integrity/ima/ima_crypto.c:351:18: note: Calling 'crypto_ahash_init'
rc = ahash_wait(crypto_ahash_init(req), &wait);
^~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:6: note: Assuming the condition is false
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:2: note: Taking false branch
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^
include/crypto/hash.h:535:2: note: Returning value, which participates in a condition later
vim +/digest +163 security/integrity/ima/ima_queue.c
3323eec921efd8 Mimi Zohar 2009-02-04 150
d158847ae89a25 Mimi Zohar 2016-12-19 151 /*
d158847ae89a25 Mimi Zohar 2016-12-19 152 * Add template entry to the measurement list and hash table, and
d158847ae89a25 Mimi Zohar 2016-12-19 153 * extend the pcr.
d158847ae89a25 Mimi Zohar 2016-12-19 154 *
d158847ae89a25 Mimi Zohar 2016-12-19 155 * On systems which support carrying the IMA measurement list across
d158847ae89a25 Mimi Zohar 2016-12-19 156 * kexec, maintain the total memory size required for serializing the
d158847ae89a25 Mimi Zohar 2016-12-19 157 * binary_runtime_measurements.
3323eec921efd8 Mimi Zohar 2009-02-04 158 */
3323eec921efd8 Mimi Zohar 2009-02-04 159 int ima_add_template_entry(struct ima_template_entry *entry, int violation,
9803d413f41db8 Roberto Sassu 2013-06-07 160 const char *op, struct inode *inode,
9803d413f41db8 Roberto Sassu 2013-06-07 161 const unsigned char *filename)
3323eec921efd8 Mimi Zohar 2009-02-04 162 {
2592677c0486e6 Roberto Sassu 2020-03-25 @163 u8 *digest = entry->digests[ima_hash_algo_idx].digest;
1ea973df6e2166 Roberto Sassu 2020-03-25 164 struct tpm_digest *digests_arg = entry->digests;
3323eec921efd8 Mimi Zohar 2009-02-04 165 const char *audit_cause = "hash_added";
7b7e5916aa2f46 Roberto Sassu 2011-12-19 166 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
3323eec921efd8 Mimi Zohar 2009-02-04 167 int audit_info = 1;
7b7e5916aa2f46 Roberto Sassu 2011-12-19 168 int result = 0, tpmresult = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 169
3323eec921efd8 Mimi Zohar 2009-02-04 170 mutex_lock(&ima_extend_list_mutex);
52c208397c246f Tushar Sugandhi 2021-05-10 171 if (!violation && !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)) {
67696f6d79923c Eric Richter 2016-06-01 172 if (ima_lookup_digest_entry(digest, entry->pcr)) {
3323eec921efd8 Mimi Zohar 2009-02-04 173 audit_cause = "hash_exists";
45fae7493970d7 Roberto Sassu 2011-12-19 174 result = -EEXIST;
3323eec921efd8 Mimi Zohar 2009-02-04 175 goto out;
3323eec921efd8 Mimi Zohar 2009-02-04 176 }
3323eec921efd8 Mimi Zohar 2009-02-04 177 }
3323eec921efd8 Mimi Zohar 2009-02-04 178
52c208397c246f Tushar Sugandhi 2021-05-10 179 result = ima_add_digest_entry(entry,
52c208397c246f Tushar Sugandhi 2021-05-10 180 !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE));
3323eec921efd8 Mimi Zohar 2009-02-04 181 if (result < 0) {
3323eec921efd8 Mimi Zohar 2009-02-04 182 audit_cause = "ENOMEM";
3323eec921efd8 Mimi Zohar 2009-02-04 183 audit_info = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 184 goto out;
3323eec921efd8 Mimi Zohar 2009-02-04 185 }
3323eec921efd8 Mimi Zohar 2009-02-04 186
3323eec921efd8 Mimi Zohar 2009-02-04 187 if (violation) /* invalidate pcr */
1ea973df6e2166 Roberto Sassu 2020-03-25 188 digests_arg = digests;
3323eec921efd8 Mimi Zohar 2009-02-04 189
1ea973df6e2166 Roberto Sassu 2020-03-25 190 tpmresult = ima_pcr_extend(digests_arg, entry->pcr);
7b7e5916aa2f46 Roberto Sassu 2011-12-19 191 if (tpmresult != 0) {
7b7e5916aa2f46 Roberto Sassu 2011-12-19 192 snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
7b7e5916aa2f46 Roberto Sassu 2011-12-19 193 tpmresult);
7b7e5916aa2f46 Roberto Sassu 2011-12-19 194 audit_cause = tpm_audit_cause;
3323eec921efd8 Mimi Zohar 2009-02-04 195 audit_info = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 196 }
3323eec921efd8 Mimi Zohar 2009-02-04 197 out:
3323eec921efd8 Mimi Zohar 2009-02-04 198 mutex_unlock(&ima_extend_list_mutex);
9803d413f41db8 Roberto Sassu 2013-06-07 199 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
3323eec921efd8 Mimi Zohar 2009-02-04 200 op, audit_cause, result, audit_info);
3323eec921efd8 Mimi Zohar 2009-02-04 201 return result;
3323eec921efd8 Mimi Zohar 2009-02-04 202 }
94c3aac567a9dd Mimi Zohar 2016-12-19 203
:::::: The code at line 163 was first introduced by commit
:::::: 2592677c0486e64a08e0b930a7dfa6fbf77e6fc1 ima: Use ima_hash_algo for collision detection in the measurement list
:::::: TO: Roberto Sassu <roberto.sassu@huawei.com>
:::::: CC: Mimi Zohar <zohar@linux.ibm.com>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
@ 2022-06-01 0:44 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-06-01 0:44 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 18602 bytes --]
::::::
:::::: Manual check reason: "low confidence static check warning: security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]"
::::::
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Tushar Sugandhi <tusharsu@linux.microsoft.com>
CC: Mimi Zohar <zohar@linux.ibm.com>
CC: Petr Vorel <pvorel@suse.cz>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 2a5699b0de4ee623d77f183c8e8e62691bd60a70
commit: 52c208397c246f0c31d031eb8c41f9c7e9fdec0e IMA: support for duplicate measurement records
date: 12 months ago
:::::: branch date: 3 hours ago
:::::: commit date: 12 months ago
config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220601/202206010842.GY5H3xtp-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0fbe3f3f486e01448121f7931a4ca29fac1504ab)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52c208397c246f0c31d031eb8c41f9c7e9fdec0e
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 52c208397c246f0c31d031eb8c41f9c7e9fdec0e
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
fs/mpage.c:612:6: note: 'bio' is equal to NULL
if (bio == NULL) {
^~~
fs/mpage.c:612:2: note: Taking true branch
if (bio == NULL) {
^
fs/mpage.c:613:7: note: 'first_unmapped' is equal to 'blocks_per_page'
if (first_unmapped == blocks_per_page) {
^~~~~~~~~~~~~~
fs/mpage.c:613:3: note: Taking true branch
if (first_unmapped == blocks_per_page) {
^
fs/mpage.c:614:8: note: Assuming the condition is false
if (!bdev_write_page(bdev, blocks[0] << (blkbits - 9),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/mpage.c:614:4: note: Taking false branch
if (!bdev_write_page(bdev, blocks[0] << (blkbits - 9),
^
fs/mpage.c:620:7: note: 'bio' is not equal to NULL
if (bio == NULL)
^~~
fs/mpage.c:620:3: note: Taking false branch
if (bio == NULL)
^
fs/mpage.c:634:6: note: Assuming the condition is false
if (bio_add_page(bio, page, length, 0) < length) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/mpage.c:634:2: note: Taking false branch
if (bio_add_page(bio, page, length, 0) < length) {
^
fs/mpage.c:641:2: note: Assuming the condition is false
BUG_ON(PageWriteback(page));
^
include/asm-generic/bug.h:63:36: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~
fs/mpage.c:641:2: note: Taking false branch
BUG_ON(PageWriteback(page));
^
include/asm-generic/bug.h:63:32: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^
fs/mpage.c:641:2: note: Loop condition is false. Exiting loop
BUG_ON(PageWriteback(page));
^
include/asm-generic/bug.h:63:27: note: expanded from macro 'BUG_ON'
#define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
^
fs/mpage.c:644:6: note: 'boundary' is 0
if (boundary || (first_unmapped != blocks_per_page)) {
^~~~~~~~
fs/mpage.c:644:6: note: Left side of '||' is false
fs/mpage.c:644:19: note: 'first_unmapped' is equal to 'blocks_per_page'
if (boundary || (first_unmapped != blocks_per_page)) {
^~~~~~~~~~~~~~
fs/mpage.c:644:2: note: Taking false branch
if (boundary || (first_unmapped != blocks_per_page)) {
^
fs/mpage.c:651:26: note: Assigned value is garbage or undefined
mpd->last_block_in_bio = blocks[blocks_per_page - 1];
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (2 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
fs/kernfs/symlink.c:77:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(s, "../");
^~~~~~
fs/kernfs/symlink.c:77:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(s, "../");
^~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
>> security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_queue.c:163:6: note: Value stored to 'digest' during its initialization is never read
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
security/integrity/ima/ima_main.c:417:15: warning: Value stored to 'file' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
security/integrity/ima/ima_main.c:417:15: note: Value stored to 'file' during its initialization is never read
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
security/integrity/ima/ima_crypto.c:428:2: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
ima_free_pages(rbuf[1], rbuf_size[1]);
^
security/integrity/ima/ima_crypto.c:546:6: note: Assuming the condition is false
if (file->f_flags & O_DIRECT) {
^~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:546:2: note: Taking false branch
if (file->f_flags & O_DIRECT) {
^
security/integrity/ima/ima_crypto.c:553:6: note: Assuming the condition is false
if (!(file->f_mode & FMODE_READ)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:553:2: note: Taking false branch
if (!(file->f_mode & FMODE_READ)) {
^
security/integrity/ima/ima_crypto.c:566:6: note: Assuming 'ima_ahash_minsize' is not equal to 0
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:6: note: Left side of '&&' is true
security/integrity/ima/ima_crypto.c:566:27: note: Assuming 'i_size' is >= 'ima_ahash_minsize'
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:2: note: Taking true branch
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^
security/integrity/ima/ima_crypto.c:567:8: note: Calling 'ima_calc_file_ahash'
rc = ima_calc_file_ahash(f, hash);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:445:2: note: Taking false branch
if (IS_ERR(tfm))
^
security/integrity/ima/ima_crypto.c:448:7: note: Calling 'ima_calc_file_hash_atfm'
rc = ima_calc_file_hash_atfm(file, hash, tfm);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Calling 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Calling 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:544:2: note: Taking false branch
if (__builtin_constant_p(size)) {
^
include/linux/slab.h:561:2: note: Returning pointer, which participates in a condition later
return __kmalloc(size, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Returning from 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:607:6: note: Assuming 'req' is non-null, which participates in a condition later
if (likely(req))
^
include/linux/compiler.h:77:38: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~
include/crypto/hash.h:607:2: note: Taking true branch
if (likely(req))
^
include/crypto/hash.h:610:2: note: Returning pointer (loaded from 'req'), which participates in a condition later
return req;
^~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Returning from 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:343:7: note: 'req' is non-null
if (!req)
^~~
security/integrity/ima/ima_crypto.c:343:2: note: Taking false branch
if (!req)
^
security/integrity/ima/ima_crypto.c:351:18: note: Calling 'crypto_ahash_init'
rc = ahash_wait(crypto_ahash_init(req), &wait);
^~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:6: note: Assuming the condition is false
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:2: note: Taking false branch
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^
include/crypto/hash.h:535:2: note: Returning value, which participates in a condition later
vim +/digest +163 security/integrity/ima/ima_queue.c
3323eec921efd8 Mimi Zohar 2009-02-04 150
d158847ae89a25 Mimi Zohar 2016-12-19 151 /*
d158847ae89a25 Mimi Zohar 2016-12-19 152 * Add template entry to the measurement list and hash table, and
d158847ae89a25 Mimi Zohar 2016-12-19 153 * extend the pcr.
d158847ae89a25 Mimi Zohar 2016-12-19 154 *
d158847ae89a25 Mimi Zohar 2016-12-19 155 * On systems which support carrying the IMA measurement list across
d158847ae89a25 Mimi Zohar 2016-12-19 156 * kexec, maintain the total memory size required for serializing the
d158847ae89a25 Mimi Zohar 2016-12-19 157 * binary_runtime_measurements.
3323eec921efd8 Mimi Zohar 2009-02-04 158 */
3323eec921efd8 Mimi Zohar 2009-02-04 159 int ima_add_template_entry(struct ima_template_entry *entry, int violation,
9803d413f41db8 Roberto Sassu 2013-06-07 160 const char *op, struct inode *inode,
9803d413f41db8 Roberto Sassu 2013-06-07 161 const unsigned char *filename)
3323eec921efd8 Mimi Zohar 2009-02-04 162 {
2592677c0486e6 Roberto Sassu 2020-03-25 @163 u8 *digest = entry->digests[ima_hash_algo_idx].digest;
1ea973df6e2166 Roberto Sassu 2020-03-25 164 struct tpm_digest *digests_arg = entry->digests;
3323eec921efd8 Mimi Zohar 2009-02-04 165 const char *audit_cause = "hash_added";
7b7e5916aa2f46 Roberto Sassu 2011-12-19 166 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
3323eec921efd8 Mimi Zohar 2009-02-04 167 int audit_info = 1;
7b7e5916aa2f46 Roberto Sassu 2011-12-19 168 int result = 0, tpmresult = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 169
3323eec921efd8 Mimi Zohar 2009-02-04 170 mutex_lock(&ima_extend_list_mutex);
52c208397c246f Tushar Sugandhi 2021-05-10 171 if (!violation && !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)) {
67696f6d79923c Eric Richter 2016-06-01 172 if (ima_lookup_digest_entry(digest, entry->pcr)) {
3323eec921efd8 Mimi Zohar 2009-02-04 173 audit_cause = "hash_exists";
45fae7493970d7 Roberto Sassu 2011-12-19 174 result = -EEXIST;
3323eec921efd8 Mimi Zohar 2009-02-04 175 goto out;
3323eec921efd8 Mimi Zohar 2009-02-04 176 }
3323eec921efd8 Mimi Zohar 2009-02-04 177 }
3323eec921efd8 Mimi Zohar 2009-02-04 178
52c208397c246f Tushar Sugandhi 2021-05-10 179 result = ima_add_digest_entry(entry,
52c208397c246f Tushar Sugandhi 2021-05-10 180 !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE));
3323eec921efd8 Mimi Zohar 2009-02-04 181 if (result < 0) {
3323eec921efd8 Mimi Zohar 2009-02-04 182 audit_cause = "ENOMEM";
3323eec921efd8 Mimi Zohar 2009-02-04 183 audit_info = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 184 goto out;
3323eec921efd8 Mimi Zohar 2009-02-04 185 }
3323eec921efd8 Mimi Zohar 2009-02-04 186
3323eec921efd8 Mimi Zohar 2009-02-04 187 if (violation) /* invalidate pcr */
1ea973df6e2166 Roberto Sassu 2020-03-25 188 digests_arg = digests;
3323eec921efd8 Mimi Zohar 2009-02-04 189
1ea973df6e2166 Roberto Sassu 2020-03-25 190 tpmresult = ima_pcr_extend(digests_arg, entry->pcr);
7b7e5916aa2f46 Roberto Sassu 2011-12-19 191 if (tpmresult != 0) {
7b7e5916aa2f46 Roberto Sassu 2011-12-19 192 snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
7b7e5916aa2f46 Roberto Sassu 2011-12-19 193 tpmresult);
7b7e5916aa2f46 Roberto Sassu 2011-12-19 194 audit_cause = tpm_audit_cause;
3323eec921efd8 Mimi Zohar 2009-02-04 195 audit_info = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 196 }
3323eec921efd8 Mimi Zohar 2009-02-04 197 out:
3323eec921efd8 Mimi Zohar 2009-02-04 198 mutex_unlock(&ima_extend_list_mutex);
9803d413f41db8 Roberto Sassu 2013-06-07 199 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
3323eec921efd8 Mimi Zohar 2009-02-04 200 op, audit_cause, result, audit_info);
3323eec921efd8 Mimi Zohar 2009-02-04 201 return result;
3323eec921efd8 Mimi Zohar 2009-02-04 202 }
94c3aac567a9dd Mimi Zohar 2016-12-19 203
:::::: The code at line 163 was first introduced by commit
:::::: 2592677c0486e64a08e0b930a7dfa6fbf77e6fc1 ima: Use ima_hash_algo for collision detection in the measurement list
:::::: TO: Roberto Sassu <roberto.sassu@huawei.com>
:::::: CC: Mimi Zohar <zohar@linux.ibm.com>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 4+ messages in thread
* security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
@ 2022-05-30 2:05 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-05-30 2:05 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17329 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Tushar Sugandhi <tusharsu@linux.microsoft.com>
CC: Mimi Zohar <zohar@linux.ibm.com>
CC: Petr Vorel <pvorel@suse.cz>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: b00ed48bb0a7c295facf9036135a573a5cdbe7de
commit: 52c208397c246f0c31d031eb8c41f9c7e9fdec0e IMA: support for duplicate measurement records
date: 12 months ago
:::::: branch date: 7 hours ago
:::::: commit date: 12 months ago
config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220530/202205300941.9gBLLc3T-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0fbe3f3f486e01448121f7931a4ca29fac1504ab)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52c208397c246f0c31d031eb8c41f9c7e9fdec0e
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 52c208397c246f0c31d031eb8c41f9c7e9fdec0e
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
fs/f2fs/xattr.c:787:8: note: Calling '__f2fs_setxattr'
err = __f2fs_setxattr(inode, index, name, value, size, ipage, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:640:6: note: Assuming 'name' is not equal to NULL
if (name == NULL)
^~~~~~~~~~~~
fs/f2fs/xattr.c:640:2: note: Taking false branch
if (name == NULL)
^
fs/f2fs/xattr.c:643:6: note: Assuming 'value' is not equal to NULL
if (value == NULL)
^~~~~~~~~~~~~
fs/f2fs/xattr.c:643:2: note: Taking false branch
if (value == NULL)
^
fs/f2fs/xattr.c:648:6: note: Assuming 'len' is <= F2FS_NAME_LEN
if (len > F2FS_NAME_LEN)
^~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:648:2: note: Taking false branch
if (len > F2FS_NAME_LEN)
^
fs/f2fs/xattr.c:651:6: note: Assuming the condition is false
if (size > MAX_VALUE_LEN(inode))
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:651:2: note: Taking false branch
if (size > MAX_VALUE_LEN(inode))
^
fs/f2fs/xattr.c:654:10: note: Calling 'read_all_xattrs'
error = read_all_xattrs(inode, ipage, &base_addr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:397:29: note: Calling 'inline_xattr_size'
unsigned int inline_size = inline_xattr_size(inode);
^~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:2883:6: note: Assuming the condition is false
if (f2fs_has_inline_xattr(inode))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:2883:2: note: Taking false branch
if (f2fs_has_inline_xattr(inode))
^
fs/f2fs/f2fs.h:2885:2: note: Returning zero, which participates in a condition later
return 0;
^~~~~~~~
fs/f2fs/xattr.c:397:29: note: Returning from 'inline_xattr_size'
unsigned int inline_size = inline_xattr_size(inode);
^~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:401:16: note: Calling 'f2fs_kzalloc'
txattr_addr = f2fs_kzalloc(F2FS_I_SB(inode),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:3063:9: note: Calling 'f2fs_kmalloc'
return f2fs_kmalloc(sbi, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:3052:6: note: Assuming the condition is false
if (time_to_inject(sbi, FAULT_KMALLOC)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:3052:2: note: Taking false branch
if (time_to_inject(sbi, FAULT_KMALLOC)) {
^
fs/f2fs/f2fs.h:3057:9: note: Uninitialized value stored to field 'h_magic'
return kmalloc(size, flags);
^~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:3057:2: note: Returning pointer, which participates in a condition later
return kmalloc(size, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:3063:9: note: Returning from 'f2fs_kmalloc'
return f2fs_kmalloc(sbi, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/f2fs.h:3063:2: note: Returning pointer, which participates in a condition later
return f2fs_kmalloc(sbi, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:401:16: note: Returning from 'f2fs_kzalloc'
txattr_addr = f2fs_kzalloc(F2FS_I_SB(inode),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/f2fs/xattr.c:403:6: note: Assuming 'txattr_addr' is non-null
if (!txattr_addr)
^~~~~~~~~~~~
fs/f2fs/xattr.c:403:2: note: Taking false branch
if (!txattr_addr)
^
fs/f2fs/xattr.c:407:6: note: 'inline_size' is 0
if (inline_size) {
^~~~~~~~~~~
fs/f2fs/xattr.c:407:2: note: Taking false branch
if (inline_size) {
^
fs/f2fs/xattr.c:414:6: note: Assuming 'xnid' is 0
if (xnid) {
^~~~
fs/f2fs/xattr.c:414:2: note: Taking false branch
if (xnid) {
^
fs/f2fs/xattr.c:423:35: note: The left operand of '!=' is a garbage value
if (le32_to_cpu(header->h_magic) != F2FS_XATTR_MAGIC) {
^
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
>> security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_queue.c:163:6: note: Value stored to 'digest' during its initialization is never read
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
security/integrity/ima/ima_main.c:417:15: warning: Value stored to 'file' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
security/integrity/ima/ima_main.c:417:15: note: Value stored to 'file' during its initialization is never read
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
security/integrity/ima/ima_crypto.c:428:2: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
ima_free_pages(rbuf[1], rbuf_size[1]);
^
security/integrity/ima/ima_crypto.c:546:6: note: Assuming the condition is false
if (file->f_flags & O_DIRECT) {
^~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:546:2: note: Taking false branch
if (file->f_flags & O_DIRECT) {
^
security/integrity/ima/ima_crypto.c:553:6: note: Assuming the condition is false
if (!(file->f_mode & FMODE_READ)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:553:2: note: Taking false branch
if (!(file->f_mode & FMODE_READ)) {
^
security/integrity/ima/ima_crypto.c:566:6: note: Assuming 'ima_ahash_minsize' is not equal to 0
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:6: note: Left side of '&&' is true
security/integrity/ima/ima_crypto.c:566:27: note: Assuming 'i_size' is >= 'ima_ahash_minsize'
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:2: note: Taking true branch
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^
security/integrity/ima/ima_crypto.c:567:8: note: Calling 'ima_calc_file_ahash'
rc = ima_calc_file_ahash(f, hash);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:445:2: note: Taking false branch
if (IS_ERR(tfm))
^
security/integrity/ima/ima_crypto.c:448:7: note: Calling 'ima_calc_file_hash_atfm'
rc = ima_calc_file_hash_atfm(file, hash, tfm);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Calling 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Calling 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:544:2: note: Taking false branch
if (__builtin_constant_p(size)) {
^
include/linux/slab.h:561:2: note: Returning pointer, which participates in a condition later
return __kmalloc(size, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Returning from 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:607:6: note: Assuming 'req' is non-null, which participates in a condition later
if (likely(req))
^
include/linux/compiler.h:77:38: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~
include/crypto/hash.h:607:2: note: Taking true branch
if (likely(req))
^
include/crypto/hash.h:610:2: note: Returning pointer (loaded from 'req'), which participates in a condition later
return req;
^~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Returning from 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:343:7: note: 'req' is non-null
if (!req)
^~~
security/integrity/ima/ima_crypto.c:343:2: note: Taking false branch
if (!req)
^
security/integrity/ima/ima_crypto.c:351:18: note: Calling 'crypto_ahash_init'
rc = ahash_wait(crypto_ahash_init(req), &wait);
^~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:6: note: Assuming the condition is false
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:2: note: Taking false branch
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^
include/crypto/hash.h:535:2: note: Returning value, which participates in a condition later
vim +/digest +163 security/integrity/ima/ima_queue.c
3323eec921efd81 Mimi Zohar 2009-02-04 150
d158847ae89a256 Mimi Zohar 2016-12-19 151 /*
d158847ae89a256 Mimi Zohar 2016-12-19 152 * Add template entry to the measurement list and hash table, and
d158847ae89a256 Mimi Zohar 2016-12-19 153 * extend the pcr.
d158847ae89a256 Mimi Zohar 2016-12-19 154 *
d158847ae89a256 Mimi Zohar 2016-12-19 155 * On systems which support carrying the IMA measurement list across
d158847ae89a256 Mimi Zohar 2016-12-19 156 * kexec, maintain the total memory size required for serializing the
d158847ae89a256 Mimi Zohar 2016-12-19 157 * binary_runtime_measurements.
3323eec921efd81 Mimi Zohar 2009-02-04 158 */
3323eec921efd81 Mimi Zohar 2009-02-04 159 int ima_add_template_entry(struct ima_template_entry *entry, int violation,
9803d413f41db86 Roberto Sassu 2013-06-07 160 const char *op, struct inode *inode,
9803d413f41db86 Roberto Sassu 2013-06-07 161 const unsigned char *filename)
3323eec921efd81 Mimi Zohar 2009-02-04 162 {
2592677c0486e64 Roberto Sassu 2020-03-25 @163 u8 *digest = entry->digests[ima_hash_algo_idx].digest;
1ea973df6e2166d Roberto Sassu 2020-03-25 164 struct tpm_digest *digests_arg = entry->digests;
3323eec921efd81 Mimi Zohar 2009-02-04 165 const char *audit_cause = "hash_added";
7b7e5916aa2f46e Roberto Sassu 2011-12-19 166 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
3323eec921efd81 Mimi Zohar 2009-02-04 167 int audit_info = 1;
7b7e5916aa2f46e Roberto Sassu 2011-12-19 168 int result = 0, tpmresult = 0;
3323eec921efd81 Mimi Zohar 2009-02-04 169
3323eec921efd81 Mimi Zohar 2009-02-04 170 mutex_lock(&ima_extend_list_mutex);
52c208397c246f0 Tushar Sugandhi 2021-05-10 171 if (!violation && !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)) {
67696f6d79923cd Eric Richter 2016-06-01 172 if (ima_lookup_digest_entry(digest, entry->pcr)) {
3323eec921efd81 Mimi Zohar 2009-02-04 173 audit_cause = "hash_exists";
45fae7493970d7c Roberto Sassu 2011-12-19 174 result = -EEXIST;
3323eec921efd81 Mimi Zohar 2009-02-04 175 goto out;
3323eec921efd81 Mimi Zohar 2009-02-04 176 }
3323eec921efd81 Mimi Zohar 2009-02-04 177 }
3323eec921efd81 Mimi Zohar 2009-02-04 178
52c208397c246f0 Tushar Sugandhi 2021-05-10 179 result = ima_add_digest_entry(entry,
52c208397c246f0 Tushar Sugandhi 2021-05-10 180 !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE));
3323eec921efd81 Mimi Zohar 2009-02-04 181 if (result < 0) {
3323eec921efd81 Mimi Zohar 2009-02-04 182 audit_cause = "ENOMEM";
3323eec921efd81 Mimi Zohar 2009-02-04 183 audit_info = 0;
3323eec921efd81 Mimi Zohar 2009-02-04 184 goto out;
3323eec921efd81 Mimi Zohar 2009-02-04 185 }
3323eec921efd81 Mimi Zohar 2009-02-04 186
3323eec921efd81 Mimi Zohar 2009-02-04 187 if (violation) /* invalidate pcr */
1ea973df6e2166d Roberto Sassu 2020-03-25 188 digests_arg = digests;
3323eec921efd81 Mimi Zohar 2009-02-04 189
1ea973df6e2166d Roberto Sassu 2020-03-25 190 tpmresult = ima_pcr_extend(digests_arg, entry->pcr);
7b7e5916aa2f46e Roberto Sassu 2011-12-19 191 if (tpmresult != 0) {
7b7e5916aa2f46e Roberto Sassu 2011-12-19 192 snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
7b7e5916aa2f46e Roberto Sassu 2011-12-19 193 tpmresult);
7b7e5916aa2f46e Roberto Sassu 2011-12-19 194 audit_cause = tpm_audit_cause;
3323eec921efd81 Mimi Zohar 2009-02-04 195 audit_info = 0;
3323eec921efd81 Mimi Zohar 2009-02-04 196 }
3323eec921efd81 Mimi Zohar 2009-02-04 197 out:
3323eec921efd81 Mimi Zohar 2009-02-04 198 mutex_unlock(&ima_extend_list_mutex);
9803d413f41db86 Roberto Sassu 2013-06-07 199 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
3323eec921efd81 Mimi Zohar 2009-02-04 200 op, audit_cause, result, audit_info);
3323eec921efd81 Mimi Zohar 2009-02-04 201 return result;
3323eec921efd81 Mimi Zohar 2009-02-04 202 }
94c3aac567a9ddb Mimi Zohar 2016-12-19 203
:::::: The code at line 163 was first introduced by commit
:::::: 2592677c0486e64a08e0b930a7dfa6fbf77e6fc1 ima: Use ima_hash_algo for collision detection in the measurement list
:::::: TO: Roberto Sassu <roberto.sassu@huawei.com>
:::::: CC: Mimi Zohar <zohar@linux.ibm.com>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 4+ messages in thread
* security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
@ 2021-12-17 15:38 kernel test robot
0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-12-17 15:38 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 18265 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Tushar Sugandhi <tusharsu@linux.microsoft.com>
CC: Mimi Zohar <zohar@linux.ibm.com>
CC: Petr Vorel <pvorel@suse.cz>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 6441998e2e37131b0a4c310af9156d79d3351c16
commit: 52c208397c246f0c31d031eb8c41f9c7e9fdec0e IMA: support for duplicate measurement records
date: 6 months ago
:::::: branch date: 16 hours ago
:::::: commit date: 6 months ago
config: i386-randconfig-c001-20211215 (https://download.01.org/0day-ci/archive/20211217/202112172305.Kzh5R1KG-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project dd245bab9fbb364faa1581e4f92ba3119a872fba)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52c208397c246f0c31d031eb8c41f9c7e9fdec0e
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 52c208397c246f0c31d031eb8c41f9c7e9fdec0e
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
drivers/video/fbdev/core/fbmem.c:809:3: warning: Value stored to 'dst' is never read [clang-analyzer-deadcode.DeadStores]
dst += c;
^ ~
drivers/video/fbdev/core/fbmem.c:809:3: note: Value stored to 'dst' is never read
dst += c;
^ ~
drivers/video/fbdev/core/fbmem.c:887:3: warning: Value stored to 'src' is never read [clang-analyzer-deadcode.DeadStores]
src += c;
^ ~
drivers/video/fbdev/core/fbmem.c:887:3: note: Value stored to 'src' is never read
src += c;
^ ~
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
drivers/video/fbdev/core/fbmon.c:925:20: warning: Division by zero [clang-analyzer-core.DivideZero]
var->pixclock = KHZ2PICOS(var->pixclock);
^
include/uapi/linux/fb.h:240:35: note: expanded from macro 'KHZ2PICOS'
#define KHZ2PICOS(a) (1000000000UL/(a))
~~~~~~~~~~~~^~~~
drivers/video/fbdev/core/fbmon.c:899:6: note: Assuming 'edid' is not equal to NULL
if (edid == NULL || var == NULL)
^~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:899:6: note: Left side of '||' is false
drivers/video/fbdev/core/fbmon.c:899:22: note: Assuming 'var' is not equal to NULL
if (edid == NULL || var == NULL)
^~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:899:2: note: Taking false branch
if (edid == NULL || var == NULL)
^
drivers/video/fbdev/core/fbmon.c:902:6: note: Assuming the condition is false
if (!(edid_checksum(edid)))
^~~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:902:2: note: Taking false branch
if (!(edid_checksum(edid)))
^
drivers/video/fbdev/core/fbmon.c:905:6: note: Assuming the condition is false
if (!(edid_check_header(edid)))
^~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:905:2: note: Taking false branch
if (!(edid_check_header(edid)))
^
drivers/video/fbdev/core/fbmon.c:910:2: note: Loop condition is true. Entering loop body
for (i = 0; i < 4; i++, block += DETAILED_TIMING_DESCRIPTION_SIZE) {
^
drivers/video/fbdev/core/fbmon.c:911:7: note: Calling 'edid_is_timing_block'
if (edid_is_timing_block(block)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:138:7: note: Assuming the condition is false
if ((block[0] != 0x00) || (block[1] != 0x00) ||
^~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:138:6: note: Left side of '||' is false
if ((block[0] != 0x00) || (block[1] != 0x00) ||
^
drivers/video/fbdev/core/fbmon.c:138:29: note: Assuming the condition is false
if ((block[0] != 0x00) || (block[1] != 0x00) ||
^~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:138:6: note: Left side of '||' is false
if ((block[0] != 0x00) || (block[1] != 0x00) ||
^
drivers/video/fbdev/core/fbmon.c:139:7: note: Assuming the condition is true
(block[2] != 0x00) || (block[4] != 0x00))
^~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:139:25: note: Left side of '||' is true
(block[2] != 0x00) || (block[4] != 0x00))
^
drivers/video/fbdev/core/fbmon.c:140:3: note: Returning the value 1, which participates in a condition later
return 1;
^~~~~~~~
drivers/video/fbdev/core/fbmon.c:911:7: note: Returning from 'edid_is_timing_block'
if (edid_is_timing_block(block)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:911:3: note: Taking true branch
if (edid_is_timing_block(block)) {
^
drivers/video/fbdev/core/fbmon.c:924:4: note: The value 0 is assigned to field 'pixclock'
var->pixclock /= 1000;
^~~~~~~~~~~~~~~~~~~~~
drivers/video/fbdev/core/fbmon.c:925:20: note: Division by zero
var->pixclock = KHZ2PICOS(var->pixclock);
^
include/uapi/linux/fb.h:240:35: note: expanded from macro 'KHZ2PICOS'
#define KHZ2PICOS(a) (1000000000UL/(a))
~~~~~~~~~~~~^~~~
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
>> security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_queue.c:163:6: note: Value stored to 'digest' during its initialization is never read
u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
security/integrity/ima/ima_main.c:417:15: warning: Value stored to 'file' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
security/integrity/ima/ima_main.c:417:15: note: Value stored to 'file' during its initialization is never read
struct file *file = vma->vm_file;
^~~~ ~~~~~~~~~~~~
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
security/integrity/ima/ima_crypto.c:428:2: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
ima_free_pages(rbuf[1], rbuf_size[1]);
^
security/integrity/ima/ima_crypto.c:546:6: note: Assuming the condition is false
if (file->f_flags & O_DIRECT) {
^~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:546:2: note: Taking false branch
if (file->f_flags & O_DIRECT) {
^
security/integrity/ima/ima_crypto.c:553:6: note: Assuming the condition is false
if (!(file->f_mode & FMODE_READ)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:553:2: note: Taking false branch
if (!(file->f_mode & FMODE_READ)) {
^
security/integrity/ima/ima_crypto.c:566:6: note: Assuming 'ima_ahash_minsize' is not equal to 0
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:6: note: Left side of '&&' is true
security/integrity/ima/ima_crypto.c:566:27: note: Assuming 'i_size' is >= 'ima_ahash_minsize'
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:566:2: note: Taking true branch
if (ima_ahash_minsize && i_size >= ima_ahash_minsize) {
^
security/integrity/ima/ima_crypto.c:567:8: note: Calling 'ima_calc_file_ahash'
rc = ima_calc_file_ahash(f, hash);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:445:2: note: Taking false branch
if (IS_ERR(tfm))
^
security/integrity/ima/ima_crypto.c:448:7: note: Calling 'ima_calc_file_hash_atfm'
rc = ima_calc_file_hash_atfm(file, hash, tfm);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Calling 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Calling 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:544:2: note: Taking false branch
if (__builtin_constant_p(size)) {
^
include/linux/slab.h:561:2: note: Returning pointer, which participates in a condition later
return __kmalloc(size, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:604:8: note: Returning from 'kmalloc'
req = kmalloc(sizeof(struct ahash_request) +
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:607:6: note: Assuming 'req' is non-null, which participates in a condition later
if (likely(req))
^
include/linux/compiler.h:77:38: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~
include/crypto/hash.h:607:2: note: Taking true branch
if (likely(req))
^
include/crypto/hash.h:610:2: note: Returning pointer (loaded from 'req'), which participates in a condition later
return req;
^~~~~~~~~~
security/integrity/ima/ima_crypto.c:342:8: note: Returning from 'ahash_request_alloc'
req = ahash_request_alloc(tfm, GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_crypto.c:343:7: note: 'req' is non-null
if (!req)
^~~
security/integrity/ima/ima_crypto.c:343:2: note: Taking false branch
if (!req)
^
security/integrity/ima/ima_crypto.c:351:18: note: Calling 'crypto_ahash_init'
rc = ahash_wait(crypto_ahash_init(req), &wait);
^~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:6: note: Assuming the condition is false
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/crypto/hash.h:532:2: note: Taking false branch
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
^
include/crypto/hash.h:535:2: note: Returning value, which participates in a condition later
vim +/digest +163 security/integrity/ima/ima_queue.c
3323eec921efd8 Mimi Zohar 2009-02-04 150
d158847ae89a25 Mimi Zohar 2016-12-19 151 /*
d158847ae89a25 Mimi Zohar 2016-12-19 152 * Add template entry to the measurement list and hash table, and
d158847ae89a25 Mimi Zohar 2016-12-19 153 * extend the pcr.
d158847ae89a25 Mimi Zohar 2016-12-19 154 *
d158847ae89a25 Mimi Zohar 2016-12-19 155 * On systems which support carrying the IMA measurement list across
d158847ae89a25 Mimi Zohar 2016-12-19 156 * kexec, maintain the total memory size required for serializing the
d158847ae89a25 Mimi Zohar 2016-12-19 157 * binary_runtime_measurements.
3323eec921efd8 Mimi Zohar 2009-02-04 158 */
3323eec921efd8 Mimi Zohar 2009-02-04 159 int ima_add_template_entry(struct ima_template_entry *entry, int violation,
9803d413f41db8 Roberto Sassu 2013-06-07 160 const char *op, struct inode *inode,
9803d413f41db8 Roberto Sassu 2013-06-07 161 const unsigned char *filename)
3323eec921efd8 Mimi Zohar 2009-02-04 162 {
2592677c0486e6 Roberto Sassu 2020-03-25 @163 u8 *digest = entry->digests[ima_hash_algo_idx].digest;
1ea973df6e2166 Roberto Sassu 2020-03-25 164 struct tpm_digest *digests_arg = entry->digests;
3323eec921efd8 Mimi Zohar 2009-02-04 165 const char *audit_cause = "hash_added";
7b7e5916aa2f46 Roberto Sassu 2011-12-19 166 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
3323eec921efd8 Mimi Zohar 2009-02-04 167 int audit_info = 1;
7b7e5916aa2f46 Roberto Sassu 2011-12-19 168 int result = 0, tpmresult = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 169
3323eec921efd8 Mimi Zohar 2009-02-04 170 mutex_lock(&ima_extend_list_mutex);
52c208397c246f Tushar Sugandhi 2021-05-10 171 if (!violation && !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)) {
67696f6d79923c Eric Richter 2016-06-01 172 if (ima_lookup_digest_entry(digest, entry->pcr)) {
3323eec921efd8 Mimi Zohar 2009-02-04 173 audit_cause = "hash_exists";
45fae7493970d7 Roberto Sassu 2011-12-19 174 result = -EEXIST;
3323eec921efd8 Mimi Zohar 2009-02-04 175 goto out;
3323eec921efd8 Mimi Zohar 2009-02-04 176 }
3323eec921efd8 Mimi Zohar 2009-02-04 177 }
3323eec921efd8 Mimi Zohar 2009-02-04 178
52c208397c246f Tushar Sugandhi 2021-05-10 179 result = ima_add_digest_entry(entry,
52c208397c246f Tushar Sugandhi 2021-05-10 180 !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE));
3323eec921efd8 Mimi Zohar 2009-02-04 181 if (result < 0) {
3323eec921efd8 Mimi Zohar 2009-02-04 182 audit_cause = "ENOMEM";
3323eec921efd8 Mimi Zohar 2009-02-04 183 audit_info = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 184 goto out;
3323eec921efd8 Mimi Zohar 2009-02-04 185 }
3323eec921efd8 Mimi Zohar 2009-02-04 186
3323eec921efd8 Mimi Zohar 2009-02-04 187 if (violation) /* invalidate pcr */
1ea973df6e2166 Roberto Sassu 2020-03-25 188 digests_arg = digests;
3323eec921efd8 Mimi Zohar 2009-02-04 189
1ea973df6e2166 Roberto Sassu 2020-03-25 190 tpmresult = ima_pcr_extend(digests_arg, entry->pcr);
7b7e5916aa2f46 Roberto Sassu 2011-12-19 191 if (tpmresult != 0) {
7b7e5916aa2f46 Roberto Sassu 2011-12-19 192 snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
7b7e5916aa2f46 Roberto Sassu 2011-12-19 193 tpmresult);
7b7e5916aa2f46 Roberto Sassu 2011-12-19 194 audit_cause = tpm_audit_cause;
3323eec921efd8 Mimi Zohar 2009-02-04 195 audit_info = 0;
3323eec921efd8 Mimi Zohar 2009-02-04 196 }
3323eec921efd8 Mimi Zohar 2009-02-04 197 out:
3323eec921efd8 Mimi Zohar 2009-02-04 198 mutex_unlock(&ima_extend_list_mutex);
9803d413f41db8 Roberto Sassu 2013-06-07 199 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
3323eec921efd8 Mimi Zohar 2009-02-04 200 op, audit_cause, result, audit_info);
3323eec921efd8 Mimi Zohar 2009-02-04 201 return result;
3323eec921efd8 Mimi Zohar 2009-02-04 202 }
94c3aac567a9dd Mimi Zohar 2016-12-19 203
:::::: The code at line 163 was first introduced by commit
:::::: 2592677c0486e64a08e0b930a7dfa6fbf77e6fc1 ima: Use ima_hash_algo for collision detection in the measurement list
:::::: TO: Roberto Sassu <roberto.sassu@huawei.com>
:::::: CC: Mimi Zohar <zohar@linux.ibm.com>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-01 0:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-13 20:51 security/integrity/ima/ima_queue.c:163:6: warning: Value stored to 'digest' during its initialization is never read [clang-analyzer-deadcode.DeadStores] kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-06-01 0:44 kernel test robot
2022-05-30 2:05 kernel test robot
2021-12-17 15:38 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.