tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: e22ce8eb631bdc47a4a4ea7ecf4e4ba499db4f93 commit: ef75e73182949a94bde169a774de1b62ae21fbbc powerpc/signal32: Transform save_user_regs() and save_tm_user_regs() in 'unsafe' version date: 9 months ago config: powerpc-randconfig-c003-20210821 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project d9c5613e856cf2addfbf892fc4c1ce9ef9feceaa) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install powerpc cross compiling tool for clang build # apt-get install binutils-powerpc-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef75e73182949a94bde169a774de1b62ae21fbbc git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout ef75e73182949a94bde169a774de1b62ae21fbbc # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=powerpc clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot clang-analyzer warnings: (new ones prefixed by >>) ^ crypto/ecc.c:880:7: note: Assuming the condition is false if (EVEN(a)) { ^ crypto/ecc.c:853:20: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ^~~~~~~~~~~~~ crypto/ecc.c:880:3: note: Taking false branch if (EVEN(a)) { ^ crypto/ecc.c:889:14: note: Assuming the condition is true } else if (EVEN(b)) { ^ crypto/ecc.c:853:20: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ^~~~~~~~~~~~~ crypto/ecc.c:889:10: note: Taking true branch } else if (EVEN(b)) { ^ crypto/ecc.c:892:9: note: The left operand of '&' is a garbage value if (!EVEN(v)) ^ crypto/ecc.c:853:29: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ~~~~~~ ^ crypto/ecc.c:920:9: warning: The left operand of '&' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult] if (!EVEN(v)) ^ crypto/ecc.c:853:29: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ^ crypto/ecc.c:1245:2: note: Calling 'ecc_point_add' ecc_point_add(&sum, p, q, curve); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:1221:2: note: Calling 'vli_mod_inv' vli_mod_inv(z, z, curve->p, ndigits); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:866:6: note: Assuming the condition is false if (vli_is_zero(input, ndigits)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:866:2: note: Taking false branch if (vli_is_zero(input, ndigits)) { ^ crypto/ecc.c:875:2: note: Calling 'vli_clear' vli_clear(v, ndigits); ^~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:113:2: note: Loop condition is false. Execution continues on line 113 for (i = 0; i < ndigits; i++) ^ crypto/ecc.c:115:1: note: Returning without writing to '*vli' } ^ crypto/ecc.c:875:2: note: Returning from 'vli_clear' vli_clear(v, ndigits); ^~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:877:9: note: Assuming the condition is true while ((cmp_result = vli_cmp(a, b, ndigits)) != 0) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:877:2: note: Loop condition is true. Entering loop body while ((cmp_result = vli_cmp(a, b, ndigits)) != 0) { ^ crypto/ecc.c:880:7: note: Assuming the condition is false if (EVEN(a)) { ^ crypto/ecc.c:853:20: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ^~~~~~~~~~~~~ crypto/ecc.c:880:3: note: Taking false branch if (EVEN(a)) { ^ crypto/ecc.c:889:14: note: Assuming the condition is false } else if (EVEN(b)) { ^ crypto/ecc.c:853:20: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ^~~~~~~~~~~~~ crypto/ecc.c:889:10: note: Taking false branch } else if (EVEN(b)) { ^ crypto/ecc.c:898:14: note: Assuming 'cmp_result' is <= 0 } else if (cmp_result > 0) { ^~~~~~~~~~~~~~ crypto/ecc.c:898:10: note: Taking false branch } else if (cmp_result > 0) { ^ crypto/ecc.c:916:8: note: Assuming the condition is false if (vli_cmp(v, u, ndigits) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~ crypto/ecc.c:916:4: note: Taking false branch if (vli_cmp(v, u, ndigits) < 0) ^ crypto/ecc.c:920:9: note: The left operand of '&' is a garbage value if (!EVEN(v)) ^ crypto/ecc.c:853:29: note: expanded from macro 'EVEN' #define EVEN(vli) (!(vli[0] & 1)) ~~~~~~ ^ Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. >> arch/powerpc/kernel/signal_32.c:297:2: warning: Value stored to 'msr' is never read [clang-analyzer-deadcode.DeadStores] msr &= ~MSR_VSX; ^ ~~~~~~~~ arch/powerpc/kernel/signal_32.c:297:2: note: Value stored to 'msr' is never read msr &= ~MSR_VSX; ^ ~~~~~~~~ arch/powerpc/kernel/signal_32.c:765:16: warning: Value stored to 'msr' during its initialization is never read [clang-analyzer-deadcode.DeadStores] unsigned long msr = regs->msr; ^~~ ~~~~~~~~~ arch/powerpc/kernel/signal_32.c:765:16: note: Value stored to 'msr' during its initialization is never read unsigned long msr = regs->msr; ^~~ ~~~~~~~~~ arch/powerpc/kernel/signal_32.c:869:16: warning: Value stored to 'msr' during its initialization is never read [clang-analyzer-deadcode.DeadStores] unsigned long msr = regs->msr; ^~~ ~~~~~~~~~ arch/powerpc/kernel/signal_32.c:869:16: note: Value stored to 'msr' during its initialization is never read unsigned long msr = regs->msr; ^~~ ~~~~~~~~~ Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. arch/powerpc/kernel/vdso.c:251:8: warning: Dereference of null pointer (loaded from variable 'size') [clang-analyzer-core.NullDereference] *size = 0; ^ arch/powerpc/kernel/vdso.c:750:6: note: Calling 'vdso_setup' if (vdso_setup()) { ^~~~~~~~~~~~ arch/powerpc/kernel/vdso.c:618:6: note: Calling 'vdso_do_find_sections' if (vdso_do_find_sections(&v32, &v64)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/powerpc/kernel/vdso.c:440:52: note: Passing null pointer value via 3rd parameter 'size' v32->dynstr = find_section32(v32->hdr, ".dynstr", NULL); ^ include/linux/stddef.h:8:14: note: expanded from macro 'NULL' #define NULL ((void *)0) ^~~~~~~~~~~ arch/powerpc/kernel/vdso.c:440:16: note: Calling 'find_section32' v32->dynstr = find_section32(v32->hdr, ".dynstr", NULL); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/powerpc/kernel/vdso.c:244:14: note: 'i' is >= field 'e_shnum' for (i = 1; i < ehdr->e_shnum; i++) { ^ arch/powerpc/kernel/vdso.c:244:2: note: Loop condition is false. Execution continues on line 251 for (i = 1; i < ehdr->e_shnum; i++) { ^ arch/powerpc/kernel/vdso.c:251:8: note: Dereference of null pointer (loaded from variable 'size') *size = 0; ~~~~ ^ Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. fs/fscache/object.c:284:2: warning: Value stored to 'start' is never read [clang-analyzer-deadcode.DeadStores] start = jiffies; ^ ~~~~~~~ fs/fscache/object.c:284:2: note: Value stored to 'start' is never read start = jiffies; ^ ~~~~~~~ fs/fscache/object.c:454:25: warning: Value stored to 'cookie' during its initialization is never read [clang-analyzer-deadcode.DeadStores] struct fscache_cookie *cookie = object->cookie; ^~~~~~ ~~~~~~~~~~~~~~ fs/fscache/object.c:454:25: note: Value stored to 'cookie' during its initialization is never read struct fscache_cookie *cookie = object->cookie; ^~~~~~ ~~~~~~~~~~~~~~ Suppressed 4 warnings (1 in non-user code, 3 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. fs/fscache/operation.c:627:2: warning: Value stored to 'start' is never read [clang-analyzer-deadcode.DeadStores] start = jiffies; ^ ~~~~~~~ fs/fscache/operation.c:627:2: note: Value stored to 'start' is never read start = jiffies; ^ ~~~~~~~ Suppressed 3 warnings (1 in non-user code, 2 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. fs/fscache/page.c:354:2: warning: Value stored to 'jif' is never read [clang-analyzer-deadcode.DeadStores] jif = jiffies; ^ ~~~~~~~ fs/fscache/page.c:354:2: note: Value stored to 'jif' is never read jif = jiffies; ^ ~~~~~~~ fs/fscache/page.c:409:32: warning: Value stored to 'state' during its initialization is never read [clang-analyzer-deadcode.DeadStores] enum fscache_operation_state state = op->state; ^~~~~ ~~~~~~~~~ fs/fscache/page.c:409:32: note: Value stored to 'state' during its initialization is never read enum fscache_operation_state state = op->state; ^~~~~ ~~~~~~~~~ fs/fscache/page.c:998:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = -ENOBUFS; vim +/msr +297 arch/powerpc/kernel/signal_32.c 968c4fccd1bb8b arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 262 ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 263 static int save_user_regs_unsafe(struct pt_regs *regs, struct mcontext __user *frame, 8d33001dd650b8 arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 264 struct mcontext __user *tm_frame, int ctx_has_vsx_region) ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 265 { 9e7511861c4f8d arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 266 unsigned long msr = regs->msr; 9e7511861c4f8d arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 267 c6e6771b87d4e3 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 268 /* save general registers */ ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 269 unsafe_save_general_regs(regs, frame, failed); ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 270 ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 271 #ifdef CONFIG_ALTIVEC ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 272 /* save altivec registers */ ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 273 if (current->thread.used_vr) { ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 274 unsafe_copy_to_user(&frame->mc_vregs, ¤t->thread.vr_state, ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 275 ELF_NVRREG * sizeof(vector128), failed); ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 276 /* set MSR_VEC in the saved MSR value to indicate that ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 277 frame->mc_vregs contains valid data */ 9e7511861c4f8d arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 278 msr |= MSR_VEC; ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 279 } ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 280 /* else assert((regs->msr & MSR_VEC) == 0) */ ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 281 ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 282 /* We always copy to/from vrsave, it's 0 if we don't have or don't ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 283 * use altivec. Since VSCR only contains 32 bits saved in the least ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 284 * significant bits of a vector, we "cheat" and stuff VRSAVE in the ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 285 * most significant bits of that same vector. --BenH 408a7e08b2112f arch/powerpc/kernel/signal_32.c Paul Mackerras 2013-08-05 286 * Note that the current VRSAVE value is in the SPR at this point. ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 287 */ ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 288 unsafe_put_user(current->thread.vrsave, (u32 __user *)&frame->mc_vregs[32], ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 289 failed); ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 290 #endif /* CONFIG_ALTIVEC */ ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 291 unsafe_copy_fpr_to_user(&frame->mc_fregs, current, failed); ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 292 ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 293 /* ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 294 * Clear the MSR VSX bit to indicate there is no valid state attached ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 295 * to this context, except in the specific case below where we set it. ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 296 */ ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 @297 msr &= ~MSR_VSX; 6a274c08f2f4df arch/powerpc/kernel/signal_32.c Michael Neuling 2008-07-02 298 #ifdef CONFIG_VSX ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 299 /* ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 300 * Copy VSR 0-31 upper half from thread_struct to local ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 301 * buffer, then write that to userspace. Also set MSR_VSX in ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 302 * the saved MSR value to indicate that frame->mc_vregs ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 303 * contains valid data ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 304 */ 16c29d180becc5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-10-23 305 if (current->thread.used_vsr && ctx_has_vsx_region) { ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 306 unsafe_copy_vsx_to_user(&frame->mc_vsregs, current, failed); ce48b2100785e5 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 307 msr |= MSR_VSX; ec67ad82814bee arch/powerpc/kernel/signal_32.c Michael Neuling 2013-11-25 308 } c6e6771b87d4e3 arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 309 #endif /* CONFIG_VSX */ 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 310 #ifdef CONFIG_SPE 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 311 /* save spe registers */ 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 312 if (current->thread.used_spe) { ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 313 unsafe_copy_to_user(&frame->mc_vregs, current->thread.evr, ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 314 ELF_NEVRREG * sizeof(u32), failed); 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 315 /* set MSR_SPE in the saved MSR value to indicate that 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 316 frame->mc_vregs contains valid data */ 9e7511861c4f8d arch/powerpc/kernel/signal_32.c Michael Neuling 2008-06-25 317 msr |= MSR_SPE; 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 318 } 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 319 /* else assert((regs->msr & MSR_SPE) == 0) */ 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 320 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 321 /* We always copy to/from spefscr */ ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 322 unsafe_put_user(current->thread.spefscr, ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 323 (u32 __user *)&frame->mc_vregs + ELF_NEVRREG, failed); 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 324 #endif /* CONFIG_SPE */ 81e7009ea46c95 arch/powerpc/kernel/signal_32.c Stephen Rothwell 2005-10-18 325 ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 326 unsafe_put_user(msr, &frame->mc_gregs[PT_MSR], failed); ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 327 1d25f11fdbcc53 arch/powerpc/kernel/signal_32.c Michael Neuling 2013-06-09 328 /* We need to write 0 the MSR top 32 bits in the tm frame so that we 1d25f11fdbcc53 arch/powerpc/kernel/signal_32.c Michael Neuling 2013-06-09 329 * can check it on the restore to see if TM is active 1d25f11fdbcc53 arch/powerpc/kernel/signal_32.c Michael Neuling 2013-06-09 330 */ ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 331 if (tm_frame) ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 332 unsafe_put_user(0, &tm_frame->mc_gregs[PT_MSR], failed); 1d25f11fdbcc53 arch/powerpc/kernel/signal_32.c Michael Neuling 2013-06-09 333 ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 334 return 0; ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 335 ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 336 failed: ef75e73182949a arch/powerpc/kernel/signal_32.c Christophe Leroy 2020-08-18 337 return 1; ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 338 } ^1da177e4c3f41 arch/ppc64/kernel/signal32.c Linus Torvalds 2005-04-16 339 :::::: The code at line 297 was first introduced by commit :::::: ec67ad82814bee92251fd963bf01c7a173856555 powerpc/signals: Improved mark VSX not saved with small contexts fix :::::: TO: Michael Neuling :::::: CC: Benjamin Herrenschmidt --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org