* kernel/cred.c:363:22: warning: Access to field 'ucounts' results in a dereference of a null pointer [clang-analyzer-core.NullDereference]
@ 2021-08-28 20:17 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-08-28 20:17 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 16544 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Alexey Gladkov <legion@kernel.org>
CC: "Eric W. Biederman" <ebiederm@xmission.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 64b4fc45bea6f4faa843d2f97ff51665280efee1
commit: 21d1c5e386bc751f1953b371d72cd5b7d9c9e270 Reimplement RLIMIT_NPROC on top of ucounts
date: 4 months ago
:::::: branch date: 21 hours ago
:::::: commit date: 4 months ago
config: riscv-randconfig-c006-20210828 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 4e1a164d7bd53653f79decc121afe784d2fde0a7)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21d1c5e386bc751f1953b371d72cd5b7d9c9e270
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 21d1c5e386bc751f1953b371d72cd5b7d9c9e270
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
mm/mmap.c:2880:7: note: 'error' is 0
if (error)
^~~~~
mm/mmap.c:2880:3: note: Taking false branch
if (error)
^
mm/mmap.c:2887:6: note: Assuming field 'locked_vm' is not equal to 0
if (mm->locked_vm) {
^~~~~~~~~~~~~
mm/mmap.c:2887:2: note: Taking true branch
if (mm->locked_vm) {
^
mm/mmap.c:2889:10: note: Assuming pointer value is null
while (tmp && tmp->vm_start < end) {
^~~
mm/mmap.c:2889:10: note: Assuming 'tmp' is null
while (tmp && tmp->vm_start < end) {
^~~
mm/mmap.c:2889:14: note: Left side of '&&' is false
while (tmp && tmp->vm_start < end) {
^
mm/mmap.c:2900:38: note: Passing null pointer value via 2nd parameter 'vma'
if (!detach_vmas_to_be_unmapped(mm, vma, prev, end))
^~~
mm/mmap.c:2900:7: note: Calling 'detach_vmas_to_be_unmapped'
if (!detach_vmas_to_be_unmapped(mm, vma, prev, end))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/mmap.c:2691:21: note: 'prev' is non-null
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
^~~~
mm/mmap.c:2691:21: note: '?' condition is true
mm/mmap.c:2692:15: note: Access to field 'vm_prev' results in a dereference of a null pointer (loaded from variable 'vma')
vma->vm_prev = NULL;
~~~ ^
mm/mmap.c:3293:3: warning: Value stored to 'faulted_in_anon_vma' is never read [clang-analyzer-deadcode.DeadStores]
faulted_in_anon_vma = false;
^ ~~~~~
mm/mmap.c:3293:3: note: Value stored to 'faulted_in_anon_vma' is never read
faulted_in_anon_vma = false;
^ ~~~~~
mm/mmap.c:3739:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]
ret = percpu_counter_init(&vm_committed_as, 0, GFP_KERNEL);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mm/mmap.c:3739:2: note: Value stored to 'ret' is never read
ret = percpu_counter_init(&vm_committed_as, 0, GFP_KERNEL);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
drivers/misc/enclosure.c:186:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcpy(name, "enclosure_device:");
^~~~~~
drivers/misc/enclosure.c:186:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119
strcpy(name, "enclosure_device:");
^~~~~~
drivers/misc/enclosure.c:187:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
strcat(name, dev_name(&cdev->cdev));
^~~~~~
drivers/misc/enclosure.c:187:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119
strcat(name, dev_name(&cdev->cdev));
^~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
>> kernel/cred.c:363:22: warning: Access to field 'ucounts' results in a dereference of a null pointer [clang-analyzer-core.NullDereference]
inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
^
include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts'
#define task_ucounts(task) (task_cred_xxx((task), ucounts))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx'
___val = __task_cred((task))->xxx; \
^~~~~~~~~~~~~~~~~~~~~~~~
include/linux/cred.h:322:2: note: expanded from macro '__task_cred'
rcu_dereference((task)->real_cred)
^
include/linux/rcupdate.h:571:28: note: expanded from macro 'rcu_dereference'
#define rcu_dereference(p) rcu_dereference_check(p, 0)
^
include/linux/rcupdate.h:513:2: note: expanded from macro 'rcu_dereference_check'
__rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu)
^
include/linux/rcupdate.h:371:46: note: expanded from macro '__rcu_dereference_check'
#define __rcu_dereference_check(p, c, space) \
^
kernel/cred.c:355:3: note: Assuming the condition is true
clone_flags & CLONE_THREAD
^~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/cred.c:351:2: note: Taking true branch
if (
^
kernel/cred.c:360:3: note: Taking false branch
kdebug("share_creds(%p{%d,%d})",
^
kernel/cred.c:27:2: note: expanded from macro 'kdebug'
if (0) \
^
kernel/cred.c:360:3: note: Loop condition is false. Exiting loop
kdebug("share_creds(%p{%d,%d})",
^
kernel/cred.c:25:31: note: expanded from macro 'kdebug'
#define kdebug(FMT, ...) \
^
kernel/cred.c:363:22: note: Left side of '||' is false
inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
^
include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts'
#define task_ucounts(task) (task_cred_xxx((task), ucounts))
^
include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx'
___val = __task_cred((task))->xxx; \
^
include/linux/cred.h:322:2: note: expanded from macro '__task_cred'
rcu_dereference((task)->real_cred)
^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:282:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
kernel/cred.c:363:22: note: Left side of '||' is false
inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
^
include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts'
#define task_ucounts(task) (task_cred_xxx((task), ucounts))
^
include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx'
___val = __task_cred((task))->xxx; \
^
include/linux/cred.h:322:2: note: expanded from macro '__task_cred'
rcu_dereference((task)->real_cred)
^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:282:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
kernel/cred.c:363:22: note: Left side of '||' is true
inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
^
include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts'
#define task_ucounts(task) (task_cred_xxx((task), ucounts))
^
include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx'
___val = __task_cred((task))->xxx; \
^
include/linux/cred.h:322:2: note: expanded from macro '__task_cred'
rcu_dereference((task)->real_cred)
^
note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
vim +/ucounts +363 kernel/cred.c
7743c48e54ee9b David Howells 2019-06-19 350
d84f4f992cbd76 David Howells 2008-11-14 351 if (
d84f4f992cbd76 David Howells 2008-11-14 352 #ifdef CONFIG_KEYS
d84f4f992cbd76 David Howells 2008-11-14 353 !p->cred->thread_keyring &&
d84f4f992cbd76 David Howells 2008-11-14 354 #endif
d84f4f992cbd76 David Howells 2008-11-14 355 clone_flags & CLONE_THREAD
d84f4f992cbd76 David Howells 2008-11-14 356 ) {
3b11a1decef07c David Howells 2008-11-14 357 p->real_cred = get_cred(p->cred);
d84f4f992cbd76 David Howells 2008-11-14 358 get_cred(p->cred);
e0e817392b9acf David Howells 2009-09-02 359 alter_cred_subscribers(p->cred, 2);
e0e817392b9acf David Howells 2009-09-02 360 kdebug("share_creds(%p{%d,%d})",
e0e817392b9acf David Howells 2009-09-02 361 p->cred, atomic_read(&p->cred->usage),
e0e817392b9acf David Howells 2009-09-02 362 read_cred_subscribers(p->cred));
21d1c5e386bc75 Alexey Gladkov 2021-04-22 @363 inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
d84f4f992cbd76 David Howells 2008-11-14 364 return 0;
d84f4f992cbd76 David Howells 2008-11-14 365 }
d84f4f992cbd76 David Howells 2008-11-14 366
d84f4f992cbd76 David Howells 2008-11-14 367 new = prepare_creds();
d84f4f992cbd76 David Howells 2008-11-14 368 if (!new)
f1752eec6145c9 David Howells 2008-11-14 369 return -ENOMEM;
f1752eec6145c9 David Howells 2008-11-14 370
18b6e0414e42d9 Serge Hallyn 2008-10-15 371 if (clone_flags & CLONE_NEWUSER) {
18b6e0414e42d9 Serge Hallyn 2008-10-15 372 ret = create_user_ns(new);
18b6e0414e42d9 Serge Hallyn 2008-10-15 373 if (ret < 0)
18b6e0414e42d9 Serge Hallyn 2008-10-15 374 goto error_put;
905ae01c4ae2ae Alexey Gladkov 2021-04-22 375 if (set_cred_ucounts(new) < 0)
905ae01c4ae2ae Alexey Gladkov 2021-04-22 376 goto error_put;
18b6e0414e42d9 Serge Hallyn 2008-10-15 377 }
18b6e0414e42d9 Serge Hallyn 2008-10-15 378
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 30423 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-28 20:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-28 20:17 kernel/cred.c:363:22: warning: Access to field 'ucounts' results in a dereference of a null pointer [clang-analyzer-core.NullDereference] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.