* drivers/usb/core/hcd.c:1313:18: warning: Access to field 'x' results in a dereference of a null pointer (loaded from variable '__pptr') [clang-analyzer-core.NullDereference]
@ 2021-08-02 23:58 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-08-02 23:58 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 14583 bytes --]
CC: clang-built-linux(a)googlegroups.com
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Arnd Bergmann <arnd@arndb.de>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: c7d102232649226a69dddd58a4942cf13cff4f7c
commit: 803f4e1eab7a8938ba3a3c30dd4eb5e9eeef5e63 asm-generic: simplify asm/unaligned.h
date: 3 months ago
:::::: branch date: 3 days ago
:::::: commit date: 3 months ago
config: x86_64-randconfig-c001-20210731 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 4f71f59bf3d9914188a11d0c41bedbb339d36ff5)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=803f4e1eab7a8938ba3a3c30dd4eb5e9eeef5e63
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 803f4e1eab7a8938ba3a3c30dd4eb5e9eeef5e63
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
if (!cps.clp) {
^~~~~~~~
fs/nfs/callback_xdr.c:950:3: note: Taking false branch
if (!cps.clp) {
^
fs/nfs/callback_xdr.c:954:7: note: Assuming the condition is false
if (!check_gss_callback_principal(cps.clp, rqstp)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:954:3: note: Taking false branch
if (!check_gss_callback_principal(cps.clp, rqstp)) {
^
fs/nfs/callback_xdr.c:964:6: note: Assuming the condition is false
if (encode_compound_hdr_res(&xdr_out, &hdr_res) != 0) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:964:2: note: Taking false branch
if (encode_compound_hdr_res(&xdr_out, &hdr_res) != 0) {
^
fs/nfs/callback_xdr.c:969:9: note: 'status' is equal to 0
while (status == 0 && nops != hdr_arg.nops) {
^~~~~~
fs/nfs/callback_xdr.c:969:9: note: Left side of '&&' is true
fs/nfs/callback_xdr.c:969:24: note: Assuming 'nops' is not equal to field 'nops'
while (status == 0 && nops != hdr_arg.nops) {
^~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:969:2: note: Loop condition is true. Entering loop body
while (status == 0 && nops != hdr_arg.nops) {
^
fs/nfs/callback_xdr.c:969:9: note: Assuming 'status' is equal to 0
while (status == 0 && nops != hdr_arg.nops) {
^~~~~~~~~~~
fs/nfs/callback_xdr.c:969:9: note: Left side of '&&' is true
fs/nfs/callback_xdr.c:969:24: note: Assuming 'nops' is not equal to field 'nops'
while (status == 0 && nops != hdr_arg.nops) {
^~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:969:2: note: Loop condition is true. Entering loop body
while (status == 0 && nops != hdr_arg.nops) {
^
fs/nfs/callback_xdr.c:970:12: note: Calling 'process_op'
status = process_op(nops, rqstp, &xdr_in,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:872:2: note: 'op_nr' declared without an initial value
unsigned int op_nr;
^~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:877:11: note: Calling 'decode_op_hdr'
status = decode_op_hdr(xdr_in, &op_nr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:171:15: note: Assuming 'p' is equal to null
if (unlikely(p == NULL))
^
include/linux/compiler.h:48:41: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^
fs/nfs/callback_xdr.c:171:2: note: Taking true branch
if (unlikely(p == NULL))
^
fs/nfs/callback_xdr.c:172:3: note: Returning without writing to '*op'
return htonl(NFS4ERR_RESOURCE_HDR);
^
fs/nfs/callback_xdr.c:877:11: note: Returning from 'decode_op_hdr'
status = decode_op_hdr(xdr_in, &op_nr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:878:6: note: Assuming 'status' is 0
if (unlikely(status))
^
include/linux/compiler.h:48:24: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:33:32: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^~~~
fs/nfs/callback_xdr.c:878:2: note: Taking false branch
if (unlikely(status))
^
fs/nfs/callback_xdr.c:881:2: note: Control jumps to the 'default' case at line 891
switch (cps->minorversion) {
^
fs/nfs/callback_xdr.c:895:6: note: Assuming the condition is false
if (status == htonl(NFS4ERR_OP_ILLEGAL))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nfs/callback_xdr.c:895:2: note: Taking false branch
if (status == htonl(NFS4ERR_OP_ILLEGAL))
^
fs/nfs/callback_xdr.c:897:6: note: Assuming 'status' is not equal to 0
if (status)
^~~~~~
fs/nfs/callback_xdr.c:897:2: note: Taking true branch
if (status)
^
fs/nfs/callback_xdr.c:898:3: note: Control jumps to line 914
goto encode_hdr;
^
fs/nfs/callback_xdr.c:914:8: note: 2nd function call argument is an uninitialized value
res = encode_op_hdr(xdr_out, op_nr, status);
^ ~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
>> drivers/usb/core/hcd.c:1313:18: warning: Access to field 'x' results in a dereference of a null pointer (loaded from variable '__pptr') [clang-analyzer-core.NullDereference]
vaddr = (void *)get_unaligned((unsigned long *)(vaddr + size));
^
include/asm-generic/unaligned.h:22:28: note: expanded from macro 'get_unaligned'
#define get_unaligned(ptr) __get_unaligned_t(typeof(*(ptr)), (ptr))
^
include/asm-generic/unaligned.h:14:2: note: expanded from macro '__get_unaligned_t'
__pptr->x; \
^
drivers/usb/core/hcd.c:1411:2: note: Taking false branch
if (usb_endpoint_xfer_control(&urb->ep->desc)) {
^
drivers/usb/core/hcd.c:1442:8: note: '?' condition is false
dir = usb_urb_dir_in(urb) ? DMA_FROM_DEVICE : DMA_TO_DEVICE;
^
drivers/usb/core/hcd.c:1443:6: note: Assuming field 'transfer_buffer_length' is not equal to 0
if (urb->transfer_buffer_length != 0
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1443:6: note: Left side of '&&' is true
drivers/usb/core/hcd.c:1444:9: note: Assuming the condition is true
&& !(urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1443:2: note: Taking true branch
if (urb->transfer_buffer_length != 0
^
drivers/usb/core/hcd.c:1445:7: note: Assuming field 'localmem_pool' is non-null
if (hcd->localmem_pool) {
^~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1445:3: note: Taking true branch
if (hcd->localmem_pool) {
^
drivers/usb/core/hcd.c:1452:8: note: 'ret' is not equal to 0
if (ret == 0)
^~~
drivers/usb/core/hcd.c:1452:4: note: Taking false branch
if (ret == 0)
^
drivers/usb/core/hcd.c:1506:7: note: 'ret' is -14
if (ret && (urb->transfer_flags & (URB_SETUP_MAP_SINGLE |
^~~
drivers/usb/core/hcd.c:1506:7: note: Left side of '&&' is true
drivers/usb/core/hcd.c:1506:15: note: Assuming the condition is true
if (ret && (urb->transfer_flags & (URB_SETUP_MAP_SINGLE |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1506:3: note: Taking true branch
if (ret && (urb->transfer_flags & (URB_SETUP_MAP_SINGLE |
^
drivers/usb/core/hcd.c:1508:4: note: Calling 'usb_hcd_unmap_urb_for_dma'
usb_hcd_unmap_urb_for_dma(hcd, urb);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1358:8: note: '?' condition is false
dir = usb_urb_dir_in(urb) ? DMA_FROM_DEVICE : DMA_TO_DEVICE;
^
drivers/usb/core/hcd.c:1359:6: note: Left side of '&&' is true
if (IS_ENABLED(CONFIG_HAS_DMA) &&
^
include/linux/kconfig.h:71:28: note: expanded from macro 'IS_ENABLED'
#define IS_ENABLED(option) __or(IS_BUILTIN(option), IS_MODULE(option))
^
include/linux/kconfig.h:24:22: note: expanded from macro '__or'
#define __or(x, y) ___or(x, y)
^
include/linux/kconfig.h:25:23: note: expanded from macro '___or'
#define ___or(x, y) ____or(__ARG_PLACEHOLDER_##x, y)
^
include/linux/kconfig.h:26:65: note: expanded from macro '____or'
#define ____or(arg1_or_junk, y) __take_second_arg(arg1_or_junk 1, y)
^
drivers/usb/core/hcd.c:1360:7: note: Assuming the condition is false
(urb->transfer_flags & URB_DMA_MAP_SG))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1359:2: note: Taking false branch
if (IS_ENABLED(CONFIG_HAS_DMA) &&
^
drivers/usb/core/hcd.c:1365:11: note: Left side of '&&' is true
else if (IS_ENABLED(CONFIG_HAS_DMA) &&
^
include/linux/kconfig.h:71:28: note: expanded from macro 'IS_ENABLED'
#define IS_ENABLED(option) __or(IS_BUILTIN(option), IS_MODULE(option))
^
include/linux/kconfig.h:24:22: note: expanded from macro '__or'
#define __or(x, y) ___or(x, y)
^
include/linux/kconfig.h:25:23: note: expanded from macro '___or'
#define ___or(x, y) ____or(__ARG_PLACEHOLDER_##x, y)
^
include/linux/kconfig.h:26:65: note: expanded from macro '____or'
#define ____or(arg1_or_junk, y) __take_second_arg(arg1_or_junk 1, y)
^
drivers/usb/core/hcd.c:1366:5: note: Assuming the condition is false
(urb->transfer_flags & URB_DMA_MAP_PAGE))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hcd.c:1365:7: note: Taking false branch
else if (IS_ENABLED(CONFIG_HAS_DMA) &&
^
drivers/usb/core/hcd.c:1371:11: note: Left side of '&&' is true
else if (IS_ENABLED(CONFIG_HAS_DMA) &&
^
include/linux/kconfig.h:71:28: note: expanded from macro 'IS_ENABLED'
#define IS_ENABLED(option) __or(IS_BUILTIN(option), IS_MODULE(option))
^
vim +1313 drivers/usb/core/hcd.c
b3476675320eda8 Magnus Damm 2008-01-23 1306
b3476675320eda8 Magnus Damm 2008-01-23 1307 static void hcd_free_coherent(struct usb_bus *bus, dma_addr_t *dma_handle,
b3476675320eda8 Magnus Damm 2008-01-23 1308 void **vaddr_handle, size_t size,
b3476675320eda8 Magnus Damm 2008-01-23 1309 enum dma_data_direction dir)
9a9bf406df3ce23 Alan Stern 2007-08-02 1310 {
b3476675320eda8 Magnus Damm 2008-01-23 1311 unsigned char *vaddr = *vaddr_handle;
b3476675320eda8 Magnus Damm 2008-01-23 1312
b3476675320eda8 Magnus Damm 2008-01-23 @1313 vaddr = (void *)get_unaligned((unsigned long *)(vaddr + size));
b3476675320eda8 Magnus Damm 2008-01-23 1314
b3476675320eda8 Magnus Damm 2008-01-23 1315 if (dir == DMA_FROM_DEVICE)
b3476675320eda8 Magnus Damm 2008-01-23 1316 memcpy(vaddr, *vaddr_handle, size);
b3476675320eda8 Magnus Damm 2008-01-23 1317
b3476675320eda8 Magnus Damm 2008-01-23 1318 hcd_buffer_free(bus, size + sizeof(vaddr), *vaddr_handle, *dma_handle);
b3476675320eda8 Magnus Damm 2008-01-23 1319
b3476675320eda8 Magnus Damm 2008-01-23 1320 *vaddr_handle = vaddr;
b3476675320eda8 Magnus Damm 2008-01-23 1321 *dma_handle = 0;
b3476675320eda8 Magnus Damm 2008-01-23 1322 }
b3476675320eda8 Magnus Damm 2008-01-23 1323
:::::: The code at line 1313 was first introduced by commit
:::::: b3476675320eda83cf061a686cdc80b76f2bfdc4 usb: dma bounce buffer support
:::::: TO: Magnus Damm <magnus.damm@gmail.com>
:::::: CC: Greg Kroah-Hartman <gregkh@suse.de>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 34761 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-02 23:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-02 23:58 drivers/usb/core/hcd.c:1313:18: warning: Access to field 'x' results in a dereference of a null pointer (loaded from variable '__pptr') [clang-analyzer-core.NullDereference] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.