All of lore.kernel.org
 help / color / mirror / Atom feed
* [kees:kspp/uninit/macro 15/16] drivers/vhost/net.c:1080 get_rx_bufs() error: uninitialized symbol 'len'.
@ 2020-06-20 23:45 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2020-06-20 23:45 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 8863 bytes --]

CC: kbuild-all(a)lists.01.org
TO: Kees Cook <keescook@chromium.org>
CC: Chao Yu <yuchao0@huawei.com>, Chao Yu <chao@kernel.org>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git kspp/uninit/macro
head:   2d0e6f87039d3bbf4d54bf426ea7c51bb405b8cc
commit: 4ee42e96f8519aa948c3eebe14ad67b82c02a2c2 [15/16] treewide: Remove uninitialized_var() usage
:::::: branch date: 20 hours ago
:::::: commit date: 20 hours ago
config: x86_64-randconfig-m001-20200621 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-13) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
drivers/vhost/net.c:1080 get_rx_bufs() error: uninitialized symbol 'len'.
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c:642 _rtl92cu_init_chipn_two_out_ep_priority() error: uninitialized symbol 'valuelow'.
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c:644 _rtl92cu_init_chipn_two_out_ep_priority() error: uninitialized symbol 'valuehi'.
drivers/net/wireless/broadcom/b43/xmit.c:457 b43_generate_txhdr() error: uninitialized symbol 'cts'.
drivers/net/wireless/broadcom/b43/xmit.c:479 b43_generate_txhdr() error: uninitialized symbol 'rts'.
drivers/net/wireless/broadcom/b43/xmit.c:497 b43_generate_txhdr() error: uninitialized symbol 'plcp'.
drivers/net/wireless/broadcom/b43/xmit.c:517 b43_generate_txhdr() error: potentially dereferencing uninitialized 'hdr'.
drivers/net/wireless/broadcom/b43/xmit.c:664 b43_rx() error: uninitialized symbol 'macstat'.
drivers/net/wireless/broadcom/b43/xmit.c:719 b43_rx() error: uninitialized symbol 'chanstat'.
drivers/net/wireless/broadcom/b43/xmit.c:771 b43_rx() error: uninitialized symbol 'mactime'.
drivers/net/wireless/broadcom/b43/dma.c:67 b43_dma_address() error: uninitialized symbol 'addr'.

Old smatch warnings:
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c:649 _rtl92cu_init_chipn_two_out_ep_priority() error: uninitialized symbol 'valuehi'.
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c:650 _rtl92cu_init_chipn_two_out_ep_priority() error: uninitialized symbol 'valuelow'.

# https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=4ee42e96f8519aa948c3eebe14ad67b82c02a2c2
git remote add kees https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git
git remote update kees
git checkout 4ee42e96f8519aa948c3eebe14ad67b82c02a2c2
vim +/len +1080 drivers/vhost/net.c

03088137246065 Jason Wang         2016-03-04  1018  
8dd014adfea6f1 David Stevens      2010-07-27  1019  /* This is a multi-buffer version of vhost_get_desc, that works if
8dd014adfea6f1 David Stevens      2010-07-27  1020   *	vq has read descriptors only.
8dd014adfea6f1 David Stevens      2010-07-27  1021   * @vq		- the relevant virtqueue
8dd014adfea6f1 David Stevens      2010-07-27  1022   * @datalen	- data length we'll be reading
8dd014adfea6f1 David Stevens      2010-07-27  1023   * @iovcount	- returned count of io vectors we fill
8dd014adfea6f1 David Stevens      2010-07-27  1024   * @log		- vhost log
8dd014adfea6f1 David Stevens      2010-07-27  1025   * @log_num	- log offset
94249369e99302 Jason Wang         2011-01-17  1026   * @quota       - headcount quota, 1 for big buffer
8dd014adfea6f1 David Stevens      2010-07-27  1027   *	returns number of buffer heads allocated, negative on error
8dd014adfea6f1 David Stevens      2010-07-27  1028   */
8dd014adfea6f1 David Stevens      2010-07-27  1029  static int get_rx_bufs(struct vhost_virtqueue *vq,
8dd014adfea6f1 David Stevens      2010-07-27  1030  		       struct vring_used_elem *heads,
8dd014adfea6f1 David Stevens      2010-07-27  1031  		       int datalen,
8dd014adfea6f1 David Stevens      2010-07-27  1032  		       unsigned *iovcount,
8dd014adfea6f1 David Stevens      2010-07-27  1033  		       struct vhost_log *log,
94249369e99302 Jason Wang         2011-01-17  1034  		       unsigned *log_num,
94249369e99302 Jason Wang         2011-01-17  1035  		       unsigned int quota)
8dd014adfea6f1 David Stevens      2010-07-27  1036  {
8dd014adfea6f1 David Stevens      2010-07-27  1037  	unsigned int out, in;
8dd014adfea6f1 David Stevens      2010-07-27  1038  	int seg = 0;
8dd014adfea6f1 David Stevens      2010-07-27  1039  	int headcount = 0;
8dd014adfea6f1 David Stevens      2010-07-27  1040  	unsigned d;
8dd014adfea6f1 David Stevens      2010-07-27  1041  	int r, nlogs = 0;
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1042  	/* len is always initialized before use since we are always called with
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1043  	 * datalen > 0.
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1044  	 */
4ee42e96f8519a Kees Cook          2020-06-03  1045  	u32 len;
8dd014adfea6f1 David Stevens      2010-07-27  1046  
94249369e99302 Jason Wang         2011-01-17  1047  	while (datalen > 0 && headcount < quota) {
e0e9b406470b8d Jason Wang         2010-09-14  1048  		if (unlikely(seg >= UIO_MAXIOV)) {
8dd014adfea6f1 David Stevens      2010-07-27  1049  			r = -ENOBUFS;
8dd014adfea6f1 David Stevens      2010-07-27  1050  			goto err;
8dd014adfea6f1 David Stevens      2010-07-27  1051  		}
47283bef7ed356 Michael S. Tsirkin 2014-06-05  1052  		r = vhost_get_vq_desc(vq, vq->iov + seg,
8dd014adfea6f1 David Stevens      2010-07-27  1053  				      ARRAY_SIZE(vq->iov) - seg, &out,
8dd014adfea6f1 David Stevens      2010-07-27  1054  				      &in, log, log_num);
a39ee449f96a2c Michael S. Tsirkin 2014-03-27  1055  		if (unlikely(r < 0))
a39ee449f96a2c Michael S. Tsirkin 2014-03-27  1056  			goto err;
a39ee449f96a2c Michael S. Tsirkin 2014-03-27  1057  
a39ee449f96a2c Michael S. Tsirkin 2014-03-27  1058  		d = r;
8dd014adfea6f1 David Stevens      2010-07-27  1059  		if (d == vq->num) {
8dd014adfea6f1 David Stevens      2010-07-27  1060  			r = 0;
8dd014adfea6f1 David Stevens      2010-07-27  1061  			goto err;
8dd014adfea6f1 David Stevens      2010-07-27  1062  		}
8dd014adfea6f1 David Stevens      2010-07-27  1063  		if (unlikely(out || in <= 0)) {
8dd014adfea6f1 David Stevens      2010-07-27  1064  			vq_err(vq, "unexpected descriptor format for RX: "
8dd014adfea6f1 David Stevens      2010-07-27  1065  				"out %d, in %d\n", out, in);
8dd014adfea6f1 David Stevens      2010-07-27  1066  			r = -EINVAL;
8dd014adfea6f1 David Stevens      2010-07-27  1067  			goto err;
8dd014adfea6f1 David Stevens      2010-07-27  1068  		}
8dd014adfea6f1 David Stevens      2010-07-27  1069  		if (unlikely(log)) {
8dd014adfea6f1 David Stevens      2010-07-27  1070  			nlogs += *log_num;
8dd014adfea6f1 David Stevens      2010-07-27  1071  			log += *log_num;
8dd014adfea6f1 David Stevens      2010-07-27  1072  		}
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1073  		heads[headcount].id = cpu_to_vhost32(vq, d);
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1074  		len = iov_length(vq->iov + seg, in);
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1075  		heads[headcount].len = cpu_to_vhost32(vq, len);
8b38694a2dc8b1 Michael S. Tsirkin 2014-10-24  1076  		datalen -= len;
8dd014adfea6f1 David Stevens      2010-07-27  1077  		++headcount;
8dd014adfea6f1 David Stevens      2010-07-27  1078  		seg += in;
8dd014adfea6f1 David Stevens      2010-07-27  1079  	}
99975cc6ada0d5 Michael S. Tsirkin 2015-01-07 @1080  	heads[headcount - 1].len = cpu_to_vhost32(vq, len + datalen);
8dd014adfea6f1 David Stevens      2010-07-27  1081  	*iovcount = seg;
8dd014adfea6f1 David Stevens      2010-07-27  1082  	if (unlikely(log))
8dd014adfea6f1 David Stevens      2010-07-27  1083  		*log_num = nlogs;
d8316f3991d207 Michael S. Tsirkin 2014-03-27  1084  
d8316f3991d207 Michael S. Tsirkin 2014-03-27  1085  	/* Detect overrun */
d8316f3991d207 Michael S. Tsirkin 2014-03-27  1086  	if (unlikely(datalen > 0)) {
d8316f3991d207 Michael S. Tsirkin 2014-03-27  1087  		r = UIO_MAXIOV + 1;
d8316f3991d207 Michael S. Tsirkin 2014-03-27  1088  		goto err;
d8316f3991d207 Michael S. Tsirkin 2014-03-27  1089  	}
8dd014adfea6f1 David Stevens      2010-07-27  1090  	return headcount;
8dd014adfea6f1 David Stevens      2010-07-27  1091  err:
8dd014adfea6f1 David Stevens      2010-07-27  1092  	vhost_discard_vq_desc(vq, headcount);
8dd014adfea6f1 David Stevens      2010-07-27  1093  	return r;
8dd014adfea6f1 David Stevens      2010-07-27  1094  }
8dd014adfea6f1 David Stevens      2010-07-27  1095  

:::::: The code at line 1080 was first introduced by commit
:::::: 99975cc6ada0d5f2675e83abecae05aba5f437d2 vhost/net: length miscalculation

:::::: TO: Michael S. Tsirkin <mst@redhat.com>
:::::: CC: Michael S. Tsirkin <mst@redhat.com>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 33531 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-06-20 23:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-20 23:45 [kees:kspp/uninit/macro 15/16] drivers/vhost/net.c:1080 get_rx_bufs() error: uninitialized symbol 'len' kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.