* drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
@ 2022-04-03 5:49 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-04-03 5:49 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17393 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Keith Busch <kbusch@kernel.org>
CC: "Javier González" <javier.gonz@samsung.com>
CC: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 6f34f8c3d6178527d4c02aa3a53c370cc70cb91e
commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file
date: 12 months ago
:::::: branch date: 12 hours ago
:::::: commit date: 12 months ago
config: mips-randconfig-c004-20220328 (https://download.01.org/0day-ci/archive/20220403/202204031308.jm6oxbcK-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2405252a680e2151046f4f256d706c3ca92fedef
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
include/linux/pagemap.h:610:20: note: Passing null pointer value via 1st parameter 'page'
if (!trylock_page(page))
^~~~
include/linux/pagemap.h:610:7: note: Calling 'trylock_page'
if (!trylock_page(page))
^~~~~~~~~~~~~~~~~~
include/linux/pagemap.h:600:23: note: Passing null pointer value via 1st parameter 'page'
page = compound_head(page);
^~~~
include/linux/pagemap.h:600:9: note: Calling 'compound_head'
page = compound_head(page);
^~~~~~~~~~~~~~~~~~~
include/linux/page-flags.h:184:23: note: Left side of '||' is false
unsigned long head = READ_ONCE(page->compound_head);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:282:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
include/linux/page-flags.h:184:23: note: Left side of '||' is false
unsigned long head = READ_ONCE(page->compound_head);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:282:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
include/linux/page-flags.h:184:23: note: Left side of '||' is true
unsigned long head = READ_ONCE(page->compound_head);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:283:28: note: expanded from macro '__native_word'
sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
^
include/linux/page-flags.h:184:23: note: Taking false branch
unsigned long head = READ_ONCE(page->compound_head);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:320:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:308:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:300:3: note: expanded from macro '__compiletime_assert'
if (!(condition)) \
^
include/linux/page-flags.h:184:23: note: Loop condition is false. Exiting loop
unsigned long head = READ_ONCE(page->compound_head);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:320:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:308:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:298:2: note: expanded from macro '__compiletime_assert'
do { \
^
include/linux/page-flags.h:184:23: note: Dereference of null pointer
unsigned long head = READ_ONCE(page->compound_head);
^
include/asm-generic/rwonce.h:50:2: note: expanded from macro 'READ_ONCE'
__READ_ONCE(x); \
^~~~~~~~~~~~~~
include/asm-generic/rwonce.h:44:24: note: expanded from macro '__READ_ONCE'
#define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
>> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
if (cmd.flags)
^
drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438
switch (cmd) {
^
drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd'
return nvme_user_cmd(ctrl, NULL, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:191:2: note: Taking true branch
if (likely(check_copy_size(to, n, false)))
^
include/linux/uaccess.h:192:7: note: Calling '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Left side of '&&' is true
include/linux/uaccess.h:157:33: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:2: note: Taking true branch
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch
if (eva_kernel_access())
^
arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags'
return __invoke_copy_from_user(to, from, n);
^
include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later
if (unlikely(res))
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
include/linux/uaccess.h:161:2: note: Taking false branch
if (unlikely(res))
^
include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags'
return res;
^
include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later
return res;
^~~~~~~~~~
include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags'
return n;
^
include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later
return n;
^~~~~~~~
drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:191:2: note: Taking false branch
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^
drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value
if (cmd.flags)
^~~~~~~~~
drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
if (put_user(result, &ucmd->result))
^
arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user'
__put_user_check((x), (ptr), sizeof(*(ptr)))
^
arch/mips/include/asm/uaccess.h:441:2: note: expanded from macro '__put_user_check'
__typeof__(*(ptr)) __pu_val = (x); \
^
drivers/nvme/host/ioctl.c:355:2: note: Taking true branch
if (is_ctrl_ioctl(cmd))
^
drivers/nvme/host/ioctl.c:356:10: note: Calling 'nvme_ctrl_ioctl'
return nvme_ctrl_ioctl(ns->ctrl, cmd, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:293:2: note: Control jumps to 'case 3225964097:' at line 294
switch (cmd) {
^
drivers/nvme/host/ioctl.c:295:10: note: Calling 'nvme_user_cmd'
vim +193 drivers/nvme/host/ioctl.c
2405252a680e21 Christoph Hellwig 2021-04-10 179
2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd)
2405252a680e21 Christoph Hellwig 2021-04-10 182 {
2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd;
2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c;
2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0;
2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result;
2405252a680e21 Christoph Hellwig 2021-04-10 187 int status;
2405252a680e21 Christoph Hellwig 2021-04-10 188
2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN))
2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES;
2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags)
2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) {
2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device,
2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id);
2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 200 }
2405252a680e21 Christoph Hellwig 2021-04-10 201
2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c));
2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode;
2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags;
2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid);
2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
2405252a680e21 Christoph Hellwig 2021-04-10 214
2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms)
2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms);
2405252a680e21 Christoph Hellwig 2021-04-10 217
2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c,
2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len,
2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len,
2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout);
2405252a680e21 Christoph Hellwig 2021-04-10 222
2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) {
2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result))
2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 226 }
2405252a680e21 Christoph Hellwig 2021-04-10 227
2405252a680e21 Christoph Hellwig 2021-04-10 228 return status;
2405252a680e21 Christoph Hellwig 2021-04-10 229 }
2405252a680e21 Christoph Hellwig 2021-04-10 230
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
@ 2022-04-01 19:29 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-04-01 19:29 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17580 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Keith Busch <kbusch@kernel.org>
CC: "Javier González" <javier.gonz@samsung.com>
CC: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: e8b767f5e04097aaedcd6e06e2270f9fe5282696
commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file
date: 12 months ago
:::::: branch date: 20 hours ago
:::::: commit date: 12 months ago
config: mips-randconfig-c004-20220328 (https://download.01.org/0day-ci/archive/20220402/202204020315.xc7GLwtS-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2405252a680e2151046f4f256d706c3ca92fedef
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:37:35: note: expanded from macro 'AXP20X_ADC_RATE_HZ'
#define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK)
^~~~~~~~~~~~~~~
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:594:6: note: The result of the left shift is undefined because the left operand is negative
AXP813_ADC_RATE_HZ(rate));
^
drivers/iio/adc/axp20x_adc.c:41:34: note: expanded from macro 'AXP813_ADC_RATE_HZ'
#define AXP813_ADC_RATE_HZ(x) (AXP20X_ADC_RATE_HZ(x) | AXP813_V_I_ADC_RATE_HZ(x))
^~~~~~~~~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:37:51: note: expanded from macro 'AXP20X_ADC_RATE_HZ'
#define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK)
~~~~~~~~~~~~~~~ ^
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
include/linux/hid.h:999:9: warning: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input') [clang-analyzer-core.NullDereference]
input->name, c, type);
^
drivers/hid/hid-ezkey.c:29:6: note: Assuming the condition is false
if ((usage->hid & HID_USAGE_PAGE) != HID_UP_CONSUMER)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hid/hid-ezkey.c:29:2: note: Taking false branch
if ((usage->hid & HID_USAGE_PAGE) != HID_UP_CONSUMER)
^
drivers/hid/hid-ezkey.c:32:2: note: Control jumps to 'case 562:' at line 40
switch (usage->hid & HID_USAGE) {
^
drivers/hid/hid-ezkey.c:40:14: note: Calling 'hid_map_usage'
case 0x232: ez_map_rel(REL_HWHEEL); break;
^
drivers/hid/hid-ezkey.c:22:23: note: expanded from macro 'ez_map_rel'
#define ez_map_rel(c) hid_map_usage(hi, usage, bit, max, EV_REL, (c))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/hid.h:974:2: note: 'input' initialized here
struct input_dev *input = hidinput->input;
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/hid.h:978:2: note: Control jumps to 'case 2:' at line 983
switch (type) {
^
include/linux/hid.h:986:3: note: Execution continues on line 997
break;
^
include/linux/hid.h:997:15: note: 'c' is <= 'limit'
if (unlikely(c > limit || !bmap)) {
^
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/hid.h:997:15: note: Left side of '||' is false
if (unlikely(c > limit || !bmap)) {
^
include/linux/hid.h:997:28: note: Assuming 'bmap' is null
if (unlikely(c > limit || !bmap)) {
^
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/hid.h:997:2: note: Taking true branch
if (unlikely(c > limit || !bmap)) {
^
include/linux/hid.h:998:3: note: Assuming the condition is true
pr_warn_ratelimited("%s: Invalid code %d type %d\n",
^
include/linux/printk.h:528:2: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/printk.h:511:6: note: expanded from macro 'printk_ratelimited'
if (__ratelimit(&_rs)) \
^~~~~~~~~~~~~~~~~
include/linux/ratelimit_types.h:41:28: note: expanded from macro '__ratelimit'
#define __ratelimit(state) ___ratelimit(state, __func__)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/hid.h:998:3: note: Taking true branch
pr_warn_ratelimited("%s: Invalid code %d type %d\n",
^
include/linux/printk.h:528:2: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:511:2: note: expanded from macro 'printk_ratelimited'
if (__ratelimit(&_rs)) \
^
include/linux/hid.h:999:9: note: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input')
input->name, c, type);
^
include/linux/printk.h:528:49: note: expanded from macro 'pr_warn_ratelimited'
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~
include/linux/printk.h:512:17: note: expanded from macro 'printk_ratelimited'
printk(fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
>> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
if (cmd.flags)
^
drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438
switch (cmd) {
^
drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd'
return nvme_user_cmd(ctrl, NULL, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:191:2: note: Taking true branch
if (likely(check_copy_size(to, n, false)))
^
include/linux/uaccess.h:192:7: note: Calling '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Left side of '&&' is true
include/linux/uaccess.h:157:33: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:2: note: Taking true branch
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch
if (eva_kernel_access())
^
arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags'
return __invoke_copy_from_user(to, from, n);
^
include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later
if (unlikely(res))
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
include/linux/uaccess.h:161:2: note: Taking false branch
if (unlikely(res))
^
include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags'
return res;
^
include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later
return res;
^~~~~~~~~~
include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags'
return n;
^
include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later
return n;
^~~~~~~~
drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:191:2: note: Taking false branch
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^
drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value
if (cmd.flags)
^~~~~~~~~
drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
if (put_user(result, &ucmd->result))
^
arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user'
__put_user_check((x), (ptr), sizeof(*(ptr)))
^
arch/mips/include/asm/uaccess.h:441:2: note: expanded from macro '__put_user_check'
__typeof__(*(ptr)) __pu_val = (x); \
^
drivers/nvme/host/ioctl.c:355:2: note: Taking true branch
if (is_ctrl_ioctl(cmd))
^
drivers/nvme/host/ioctl.c:356:10: note: Calling 'nvme_ctrl_ioctl'
return nvme_ctrl_ioctl(ns->ctrl, cmd, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:293:2: note: Control jumps to 'case 3225964097:' at line 294
switch (cmd) {
^
drivers/nvme/host/ioctl.c:295:10: note: Calling 'nvme_user_cmd'
vim +193 drivers/nvme/host/ioctl.c
2405252a680e21 Christoph Hellwig 2021-04-10 179
2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd)
2405252a680e21 Christoph Hellwig 2021-04-10 182 {
2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd;
2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c;
2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0;
2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result;
2405252a680e21 Christoph Hellwig 2021-04-10 187 int status;
2405252a680e21 Christoph Hellwig 2021-04-10 188
2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN))
2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES;
2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags)
2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) {
2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device,
2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id);
2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 200 }
2405252a680e21 Christoph Hellwig 2021-04-10 201
2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c));
2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode;
2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags;
2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid);
2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
2405252a680e21 Christoph Hellwig 2021-04-10 214
2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms)
2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms);
2405252a680e21 Christoph Hellwig 2021-04-10 217
2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c,
2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len,
2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len,
2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout);
2405252a680e21 Christoph Hellwig 2021-04-10 222
2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) {
2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result))
2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 226 }
2405252a680e21 Christoph Hellwig 2021-04-10 227
2405252a680e21 Christoph Hellwig 2021-04-10 228 return status;
2405252a680e21 Christoph Hellwig 2021-04-10 229 }
2405252a680e21 Christoph Hellwig 2021-04-10 230
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
@ 2022-03-31 3:58 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-03-31 3:58 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 18118 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Keith Busch <kbusch@kernel.org>
CC: "Javier González" <javier.gonz@samsung.com>
CC: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 74164d284b2909de0ba13518cc063e9ea9334749
commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file
date: 12 months ago
:::::: branch date: 10 hours ago
:::::: commit date: 12 months ago
config: mips-randconfig-c004-20220328 (https://download.01.org/0day-ci/archive/20220331/202203311116.PVvMfM4M-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2405252a680e2151046f4f256d706c3ca92fedef
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
drivers/iio/adc/axp20x_adc.c:37:35: note: expanded from macro 'AXP20X_ADC_RATE_HZ'
#define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK)
^~~~~~~~~~~~~~~
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
include/linux/log2.h:24:2: note: Returning the value -1
return fls(n) - 1;
^~~~~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:594:6: note: Returning from '__ilog2_u32'
AXP813_ADC_RATE_HZ(rate));
^
drivers/iio/adc/axp20x_adc.c:41:34: note: expanded from macro 'AXP813_ADC_RATE_HZ'
#define AXP813_ADC_RATE_HZ(x) (AXP20X_ADC_RATE_HZ(x) | AXP813_V_I_ADC_RATE_HZ(x))
^~~~~~~~~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:37:35: note: expanded from macro 'AXP20X_ADC_RATE_HZ'
#define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK)
^~~~~~~~~~~~~~~
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:594:6: note: The result of the left shift is undefined because the left operand is negative
AXP813_ADC_RATE_HZ(rate));
^
drivers/iio/adc/axp20x_adc.c:41:34: note: expanded from macro 'AXP813_ADC_RATE_HZ'
#define AXP813_ADC_RATE_HZ(x) (AXP20X_ADC_RATE_HZ(x) | AXP813_V_I_ADC_RATE_HZ(x))
^~~~~~~~~~~~~~~~~~~~~
drivers/iio/adc/axp20x_adc.c:37:51: note: expanded from macro 'AXP20X_ADC_RATE_HZ'
#define AXP20X_ADC_RATE_HZ(x) ((ilog2((x) / 25) << 6) & AXP20X_ADC_RATE_MASK)
~~~~~~~~~~~~~~~ ^
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
>> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
if (cmd.flags)
^
drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438
switch (cmd) {
^
drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd'
return nvme_user_cmd(ctrl, NULL, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:191:2: note: Taking true branch
if (likely(check_copy_size(to, n, false)))
^
include/linux/uaccess.h:192:7: note: Calling '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Left side of '&&' is true
include/linux/uaccess.h:157:33: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:2: note: Taking true branch
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch
if (eva_kernel_access())
^
arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags'
return __invoke_copy_from_user(to, from, n);
^
include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later
if (unlikely(res))
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
include/linux/uaccess.h:161:2: note: Taking false branch
if (unlikely(res))
^
include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags'
return res;
^
include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later
return res;
^~~~~~~~~~
include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags'
return n;
^
include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later
return n;
^~~~~~~~
drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:191:2: note: Taking false branch
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^
drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value
if (cmd.flags)
^~~~~~~~~
drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
if (put_user(result, &ucmd->result))
^
arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user'
__put_user_check((x), (ptr), sizeof(*(ptr)))
^
arch/mips/include/asm/uaccess.h:441:2: note: expanded from macro '__put_user_check'
__typeof__(*(ptr)) __pu_val = (x); \
^
drivers/nvme/host/ioctl.c:355:2: note: Taking true branch
if (is_ctrl_ioctl(cmd))
^
drivers/nvme/host/ioctl.c:356:10: note: Calling 'nvme_ctrl_ioctl'
return nvme_ctrl_ioctl(ns->ctrl, cmd, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:293:2: note: Control jumps to 'case 3225964097:' at line 294
switch (cmd) {
^
drivers/nvme/host/ioctl.c:295:10: note: Calling 'nvme_user_cmd'
vim +193 drivers/nvme/host/ioctl.c
2405252a680e21 Christoph Hellwig 2021-04-10 179
2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd)
2405252a680e21 Christoph Hellwig 2021-04-10 182 {
2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd;
2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c;
2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0;
2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result;
2405252a680e21 Christoph Hellwig 2021-04-10 187 int status;
2405252a680e21 Christoph Hellwig 2021-04-10 188
2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN))
2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES;
2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags)
2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) {
2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device,
2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id);
2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 200 }
2405252a680e21 Christoph Hellwig 2021-04-10 201
2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c));
2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode;
2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags;
2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid);
2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
2405252a680e21 Christoph Hellwig 2021-04-10 214
2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms)
2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms);
2405252a680e21 Christoph Hellwig 2021-04-10 217
2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c,
2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len,
2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len,
2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout);
2405252a680e21 Christoph Hellwig 2021-04-10 222
2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) {
2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result))
2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 226 }
2405252a680e21 Christoph Hellwig 2021-04-10 227
2405252a680e21 Christoph Hellwig 2021-04-10 228 return status;
2405252a680e21 Christoph Hellwig 2021-04-10 229 }
2405252a680e21 Christoph Hellwig 2021-04-10 230
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
@ 2022-03-29 9:27 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-03-29 9:27 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17569 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Keith Busch <kbusch@kernel.org>
CC: "Javier González" <javier.gonz@samsung.com>
CC: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 1930a6e739c4b4a654a69164dbe39e554d228915
commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file
date: 12 months ago
:::::: branch date: 9 hours ago
:::::: commit date: 12 months ago
config: mips-randconfig-c004-20220328 (https://download.01.org/0day-ci/archive/20220329/202203291754.Ag0o8SnD-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 0f6d9501cf49ce02937099350d08f20c4af86f3d)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2405252a680e2151046f4f256d706c3ca92fedef
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/dma/sh/rcar-dmac.c:892:2: note: Control jumps to 'case DMA_MEM_TO_DEV:' at line 899
switch (desc->direction) {
^
drivers/dma/sh/rcar-dmac.c:903:3: note: Execution continues on line 913
break;
^
drivers/dma/sh/rcar-dmac.c:913:21: note: '?' condition is false
desc->xfer_shift = ilog2(xfer_size);
^
include/linux/log2.h:158:2: note: expanded from macro 'ilog2'
__builtin_constant_p(n) ? \
^
drivers/dma/sh/rcar-dmac.c:913:21: note: '?' condition is true
desc->xfer_shift = ilog2(xfer_size);
^
include/linux/log2.h:161:2: note: expanded from macro 'ilog2'
(sizeof(n) <= 4) ? \
^
drivers/dma/sh/rcar-dmac.c:913:21: note: Calling '__ilog2_u32'
desc->xfer_shift = ilog2(xfer_size);
^
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
include/linux/log2.h:24:2: note: Returning the value -1
return fls(n) - 1;
^~~~~~~~~~~~~~~~~
drivers/dma/sh/rcar-dmac.c:913:21: note: Returning from '__ilog2_u32'
desc->xfer_shift = ilog2(xfer_size);
^
include/linux/log2.h:162:2: note: expanded from macro 'ilog2'
__ilog2_u32(n) : \
^~~~~~~~~~~~~~
drivers/dma/sh/rcar-dmac.c:913:2: note: The value 4294967295 is assigned to field 'xfer_shift'
desc->xfer_shift = ilog2(xfer_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/dma/sh/rcar-dmac.c:914:20: note: The right operand of '|' is a garbage value due to array index out of bounds
desc->chcr = chcr | chcr_ts[desc->xfer_shift];
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (2 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
drivers/media/dvb-frontends/sp8870.c:381:2: warning: Value stored to 'tmp' is never read [clang-analyzer-deadcode.DeadStores]
tmp = ret & 0x3F;
^ ~~~~~~~~~~
drivers/media/dvb-frontends/sp8870.c:381:2: note: Value stored to 'tmp' is never read
tmp = ret & 0x3F;
^ ~~~~~~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
drivers/media/dvb-frontends/s5h1432.c:207:4: warning: Value stored to 'dvb_bandwidth' is never read [clang-analyzer-deadcode.DeadStores]
dvb_bandwidth = 6;
^ ~
drivers/media/dvb-frontends/s5h1432.c:207:4: note: Value stored to 'dvb_bandwidth' is never read
dvb_bandwidth = 6;
^ ~
drivers/media/dvb-frontends/s5h1432.c:211:4: warning: Value stored to 'dvb_bandwidth' is never read [clang-analyzer-deadcode.DeadStores]
dvb_bandwidth = 7;
^ ~
drivers/media/dvb-frontends/s5h1432.c:211:4: note: Value stored to 'dvb_bandwidth' is never read
dvb_bandwidth = 7;
^ ~
drivers/media/dvb-frontends/s5h1432.c:215:4: warning: Value stored to 'dvb_bandwidth' is never read [clang-analyzer-deadcode.DeadStores]
dvb_bandwidth = 8;
^ ~
drivers/media/dvb-frontends/s5h1432.c:215:4: note: Value stored to 'dvb_bandwidth' is never read
dvb_bandwidth = 8;
^ ~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
>> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
if (cmd.flags)
^
drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438
switch (cmd) {
^
drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd'
return nvme_user_cmd(ctrl, NULL, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:191:2: note: Taking true branch
if (likely(check_copy_size(to, n, false)))
^
include/linux/uaccess.h:192:7: note: Calling '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Left side of '&&' is true
include/linux/uaccess.h:157:33: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:2: note: Taking true branch
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch
if (eva_kernel_access())
^
arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags'
return __invoke_copy_from_user(to, from, n);
^
include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later
if (unlikely(res))
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
include/linux/uaccess.h:161:2: note: Taking false branch
if (unlikely(res))
^
include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags'
return res;
^
include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later
return res;
^~~~~~~~~~
include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags'
return n;
^
include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later
return n;
^~~~~~~~
drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:191:2: note: Taking false branch
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^
drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value
if (cmd.flags)
^~~~~~~~~
drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
if (put_user(result, &ucmd->result))
^
arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user'
__put_user_check((x), (ptr), sizeof(*(ptr)))
^
arch/mips/include/asm/uaccess.h:441:2: note: expanded from macro '__put_user_check'
__typeof__(*(ptr)) __pu_val = (x); \
^
drivers/nvme/host/ioctl.c:355:2: note: Taking true branch
if (is_ctrl_ioctl(cmd))
^
drivers/nvme/host/ioctl.c:356:10: note: Calling 'nvme_ctrl_ioctl'
return nvme_ctrl_ioctl(ns->ctrl, cmd, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:293:2: note: Control jumps to 'case 3225964097:' at line 294
switch (cmd) {
^
drivers/nvme/host/ioctl.c:295:10: note: Calling 'nvme_user_cmd'
vim +193 drivers/nvme/host/ioctl.c
2405252a680e21 Christoph Hellwig 2021-04-10 179
2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd)
2405252a680e21 Christoph Hellwig 2021-04-10 182 {
2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd;
2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c;
2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0;
2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result;
2405252a680e21 Christoph Hellwig 2021-04-10 187 int status;
2405252a680e21 Christoph Hellwig 2021-04-10 188
2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN))
2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES;
2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags)
2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) {
2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device,
2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id);
2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 200 }
2405252a680e21 Christoph Hellwig 2021-04-10 201
2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c));
2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode;
2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags;
2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid);
2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
2405252a680e21 Christoph Hellwig 2021-04-10 214
2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms)
2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms);
2405252a680e21 Christoph Hellwig 2021-04-10 217
2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c,
2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len,
2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len,
2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout);
2405252a680e21 Christoph Hellwig 2021-04-10 222
2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) {
2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result))
2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 226 }
2405252a680e21 Christoph Hellwig 2021-04-10 227
2405252a680e21 Christoph Hellwig 2021-04-10 228 return status;
2405252a680e21 Christoph Hellwig 2021-04-10 229 }
2405252a680e21 Christoph Hellwig 2021-04-10 230
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
@ 2022-01-09 5:49 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2022-01-09 5:49 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17765 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Keith Busch <kbusch@kernel.org>
CC: "Javier González" <javier.gonz@samsung.com>
CC: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 4634129ad9fdc89d10b597fc6f8f4336fb61e105
commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file
date: 9 months ago
:::::: branch date: 9 hours ago
:::::: commit date: 9 months ago
config: mips-randconfig-c004-20220107 (https://download.01.org/0day-ci/archive/20220109/202201091309.HFm9hkOZ-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 32167bfe64a4c5dd4eb3f7a58e24f4cba76f5ac2)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2405252a680e2151046f4f256d706c3ca92fedef
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
note: (skipping 5 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/linux/percpu-defs.h:263:47: note: expanded from macro 'per_cpu_ptr'
#define per_cpu_ptr(ptr, cpu) ({ (void)(cpu); VERIFY_PERCPU_PTR(ptr); })
^
include/linux/percpu-defs.h:259:2: note: expanded from macro 'VERIFY_PERCPU_PTR'
__verify_pcpu_ptr(__p); \
^
include/linux/percpu-defs.h:217:37: note: expanded from macro '__verify_pcpu_ptr'
#define __verify_pcpu_ptr(ptr) \
^
kernel/rcu/rcutorture.c:1588:2: note: Loop condition is false. Exiting loop
__this_cpu_inc(rcu_torture_batch[completed]);
^
include/linux/percpu-defs.h:497:30: note: expanded from macro '__this_cpu_inc'
#define __this_cpu_inc(pcp) __this_cpu_add(pcp, 1)
^
include/linux/percpu-defs.h:458:2: note: expanded from macro '__this_cpu_add'
raw_cpu_add(pcp, val); \
^
include/linux/percpu-defs.h:422:32: note: expanded from macro 'raw_cpu_add'
#define raw_cpu_add(pcp, val) __pcpu_size_call(raw_cpu_add_, pcp, val)
^
note: (skipping 1 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
note: expanded from here
include/asm-generic/percpu.h:227:34: note: expanded from macro 'raw_cpu_add_4'
#define raw_cpu_add_4(pcp, val) raw_cpu_generic_to_op(pcp, val, +=)
^
include/asm-generic/percpu.h:70:48: note: expanded from macro 'raw_cpu_generic_to_op'
#define raw_cpu_generic_to_op(pcp, val, op) \
^
kernel/rcu/rcutorture.c:1588:2: note: Execution continues on line 1588
__this_cpu_inc(rcu_torture_batch[completed]);
^
include/linux/percpu-defs.h:497:30: note: expanded from macro '__this_cpu_inc'
#define __this_cpu_inc(pcp) __this_cpu_add(pcp, 1)
^
include/linux/percpu-defs.h:458:2: note: expanded from macro '__this_cpu_add'
raw_cpu_add(pcp, val); \
^
include/linux/percpu-defs.h:422:32: note: expanded from macro 'raw_cpu_add'
#define raw_cpu_add(pcp, val) __pcpu_size_call(raw_cpu_add_, pcp, val)
^
include/linux/percpu-defs.h:379:42: note: expanded from macro '__pcpu_size_call'
case 4: stem##4(variable, __VA_ARGS__);break; \
^
kernel/rcu/rcutorture.c:1588:2: note: Loop condition is false. Exiting loop
__this_cpu_inc(rcu_torture_batch[completed]);
^
include/linux/percpu-defs.h:497:30: note: expanded from macro '__this_cpu_inc'
#define __this_cpu_inc(pcp) __this_cpu_add(pcp, 1)
^
include/linux/percpu-defs.h:458:2: note: expanded from macro '__this_cpu_add'
raw_cpu_add(pcp, val); \
^
include/linux/percpu-defs.h:422:32: note: expanded from macro 'raw_cpu_add'
#define raw_cpu_add(pcp, val) __pcpu_size_call(raw_cpu_add_, pcp, val)
^
include/linux/percpu-defs.h:373:50: note: expanded from macro '__pcpu_size_call'
#define __pcpu_size_call(stem, variable, ...) \
^
kernel/rcu/rcutorture.c:1589:2: note: Taking false branch
preempt_enable();
^
include/linux/preempt.h:191:2: note: expanded from macro 'preempt_enable'
if (unlikely(preempt_count_dec_and_test())) \
^
kernel/rcu/rcutorture.c:1589:2: note: Loop condition is false. Exiting loop
preempt_enable();
^
include/linux/preempt.h:188:26: note: expanded from macro 'preempt_enable'
#define preempt_enable() \
^
kernel/rcu/rcutorture.c:1590:6: note: Assuming field 'get_gp_state' is non-null
if (cur_ops->get_gp_state && cur_ops->poll_gp_state)
^~~~~~~~~~~~~~~~~~~~~
kernel/rcu/rcutorture.c:1590:6: note: Left side of '&&' is true
kernel/rcu/rcutorture.c:1590:31: note: Assuming field 'poll_gp_state' is non-null
if (cur_ops->get_gp_state && cur_ops->poll_gp_state)
^~~~~~~~~~~~~~~~~~~~~~
kernel/rcu/rcutorture.c:1590:2: note: Taking true branch
if (cur_ops->get_gp_state && cur_ops->poll_gp_state)
^
kernel/rcu/rcutorture.c:1591:13: note: 1st function call argument is an uninitialized value
WARN_ONCE(cur_ops->poll_gp_state(cookie),
^
include/asm-generic/bug.h:157:27: note: expanded from macro 'WARN_ONCE'
int __ret_warn_once = !!(condition); \
^~~~~~~~~
kernel/rcu/rcutorture.c:2667:4: warning: Value stored to 'errexit' is never read [clang-analyzer-deadcode.DeadStores]
errexit = true;
^ ~~~~
kernel/rcu/rcutorture.c:2667:4: note: Value stored to 'errexit' is never read
errexit = true;
^ ~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
>> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
if (cmd.flags)
^
drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438
switch (cmd) {
^
drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd'
return nvme_user_cmd(ctrl, NULL, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:7: note: Calling 'capable'
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~
include/linux/capability.h:235:2: note: Returning the value 1, which participates in a condition later
return true;
^~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:7: note: Returning from 'capable'
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:191:2: note: Taking true branch
if (likely(check_copy_size(to, n, false)))
^
include/linux/uaccess.h:192:7: note: Calling '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:7: note: Calling 'should_fail_usercopy'
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~
include/linux/fault-inject-usercopy.h:18:49: note: Returning zero, which participates in a condition later
static inline bool should_fail_usercopy(void) { return false; }
^~~~~~~~~~~~
include/linux/uaccess.h:157:7: note: Returning from 'should_fail_usercopy'
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Left side of '&&' is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:157:33: note: Assuming the condition is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/compiler.h:77:20: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:2: note: Taking true branch
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch
if (eva_kernel_access())
^
arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags'
return __invoke_copy_from_user(to, from, n);
^
include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later
if (unlikely(res))
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
include/linux/uaccess.h:161:2: note: Taking false branch
if (unlikely(res))
^
include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags'
return res;
^
include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later
return res;
^~~~~~~~~~
include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags'
return n;
^
include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later
return n;
^~~~~~~~
drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:191:2: note: Taking false branch
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^
drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value
if (cmd.flags)
^~~~~~~~~
drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
if (put_user(result, &ucmd->result))
^
arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user'
__put_user_check((x), (ptr), sizeof(*(ptr)))
vim +193 drivers/nvme/host/ioctl.c
2405252a680e21 Christoph Hellwig 2021-04-10 179
2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd)
2405252a680e21 Christoph Hellwig 2021-04-10 182 {
2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd;
2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c;
2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0;
2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result;
2405252a680e21 Christoph Hellwig 2021-04-10 187 int status;
2405252a680e21 Christoph Hellwig 2021-04-10 188
2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN))
2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES;
2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags)
2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) {
2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device,
2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id);
2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 200 }
2405252a680e21 Christoph Hellwig 2021-04-10 201
2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c));
2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode;
2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags;
2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid);
2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
2405252a680e21 Christoph Hellwig 2021-04-10 214
2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms)
2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms);
2405252a680e21 Christoph Hellwig 2021-04-10 217
2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c,
2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len,
2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len,
2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout);
2405252a680e21 Christoph Hellwig 2021-04-10 222
2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) {
2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result))
2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 226 }
2405252a680e21 Christoph Hellwig 2021-04-10 227
2405252a680e21 Christoph Hellwig 2021-04-10 228 return status;
2405252a680e21 Christoph Hellwig 2021-04-10 229 }
2405252a680e21 Christoph Hellwig 2021-04-10 230
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
@ 2021-12-05 13:43 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-12-05 13:43 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17887 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Keith Busch <kbusch@kernel.org>
CC: "Javier González" <javier.gonz@samsung.com>
CC: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 79a72162048e42a677bc7336a9f5d86fc3ff9558
commit: 2405252a680e2151046f4f256d706c3ca92fedef nvme: move the ioctl code to a separate file
date: 8 months ago
:::::: branch date: 12 hours ago
:::::: commit date: 8 months ago
config: mips-randconfig-c004-20211203 (https://download.01.org/0day-ci/archive/20211205/202112052142.JqvLRFgR-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 1e328b06c15273edf4a40a27ca24931b5efb3a87)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2405252a680e2151046f4f256d706c3ca92fedef
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2405252a680e2151046f4f256d706c3ca92fedef
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
drivers/usb/host/ehci-q.c:792:2: note: Taking false branch
if (maxp > 1024) {
^
drivers/usb/host/ehci-q.c:805:6: note: Assuming 'type' is equal to PIPE_INTERRUPT
if (type == PIPE_INTERRUPT) {
^~~~~~~~~~~~~~~~~~~~~~
drivers/usb/host/ehci-q.c:805:2: note: Taking true branch
if (type == PIPE_INTERRUPT) {
^
drivers/usb/host/ehci-q.c:812:7: note: Assuming field 'speed' is not equal to USB_SPEED_HIGH
if (urb->dev->speed == USB_SPEED_HIGH) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/host/ehci-q.c:812:3: note: Taking false branch
if (urb->dev->speed == USB_SPEED_HIGH) {
^
drivers/usb/host/ehci-q.c:842:8: note: 'is_input' is 0
if (is_input) { // SPLIT, gap, CSPLIT+DATA
^~~~~~~~
drivers/usb/host/ehci-q.c:842:4: note: Taking false branch
if (is_input) { // SPLIT, gap, CSPLIT+DATA
^
drivers/usb/host/ehci-q.c:850:17: note: Assuming 'tt' is null
think_time = tt ? tt->think_time : 0;
^~
drivers/usb/host/ehci-q.c:850:17: note: '?' condition is false
drivers/usb/host/ehci-q.c:854:8: note: Assuming field 'interval' is <= field 'periodic_size'
if (urb->interval > ehci->periodic_size)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/host/ehci-q.c:854:4: note: Taking false branch
if (urb->interval > ehci->periodic_size)
^
drivers/usb/host/ehci-q.c:859:10: note: Assuming '__UNIQUE_ID___x396' is >= '__UNIQUE_ID___y397'
tmp = min_t(unsigned, EHCI_BANDWIDTH_FRAMES,
^
include/linux/minmax.h:110:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:44:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:39:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:34:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^~~~~~~~~~
drivers/usb/host/ehci-q.c:859:10: note: '?' condition is false
tmp = min_t(unsigned, EHCI_BANDWIDTH_FRAMES,
^
include/linux/minmax.h:110:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^
include/linux/minmax.h:44:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^
include/linux/minmax.h:39:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^
include/linux/minmax.h:34:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^
drivers/usb/host/ehci-q.c:861:10: note: '?' condition is false
tmp = rounddown_pow_of_two(tmp);
^
include/linux/log2.h:193:2: note: expanded from macro 'rounddown_pow_of_two'
__builtin_constant_p(n) ? ( \
^
drivers/usb/host/ehci-q.c:861:10: note: Calling '__rounddown_pow_of_two'
tmp = rounddown_pow_of_two(tmp);
^
include/linux/log2.h:195:2: note: expanded from macro 'rounddown_pow_of_two'
__rounddown_pow_of_two(n) \
^~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/log2.h:67:13: note: The result of the left shift is undefined due to shifting by '4294967295', which is greater or equal to the width of type 'unsigned long'
return 1UL << (fls_long(n) - 1);
^ ~~~~~~~~~~~~~~~~~
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
drivers/base/regmap/regmap-mmio.c:52:3: warning: Value stored to 'min_stride' is never read [clang-analyzer-deadcode.DeadStores]
min_stride = 0;
^ ~
drivers/base/regmap/regmap-mmio.c:52:3: note: Value stored to 'min_stride' is never read
min_stride = 0;
^ ~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
11 warnings generated.
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
>> drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]
if (cmd.flags)
^
drivers/nvme/host/ioctl.c:437:2: note: Control jumps to 'case 3225964097:' at line 438
switch (cmd) {
^
drivers/nvme/host/ioctl.c:439:10: note: Calling 'nvme_user_cmd'
return nvme_user_cmd(ctrl, NULL, argp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:189:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
drivers/nvme/host/ioctl.c:191:6: note: Calling 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:191:2: note: Taking true branch
if (likely(check_copy_size(to, n, false)))
^
include/linux/uaccess.h:192:7: note: Calling '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:7: note: Calling 'should_fail_usercopy'
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~
include/linux/fault-inject-usercopy.h:18:49: note: Returning zero, which participates in a condition later
static inline bool should_fail_usercopy(void) { return false; }
^~~~~~~~~~~~
include/linux/uaccess.h:157:7: note: Returning from 'should_fail_usercopy'
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:157:6: note: Left side of '&&' is true
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:157:33: note: Assuming the condition is false
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/compiler.h:45:22: note: expanded from macro 'likely'
# define likely(x) (__branch_check__(x, 1, __builtin_constant_p(x)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:33:32: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^~~~
include/linux/uaccess.h:157:2: note: Taking true branch
if (!should_fail_usercopy() && likely(access_ok(from, n))) {
^
include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch
if (eva_kernel_access())
^
arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->flags'
return __invoke_copy_from_user(to, from, n);
^
include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user'
res = raw_copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later
if (unlikely(res))
^
include/linux/compiler.h:48:24: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:33:32: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^~~~
include/linux/uaccess.h:161:2: note: Taking false branch
if (unlikely(res))
^
include/linux/uaccess.h:163:2: note: Returning without writing to 'to->flags'
return res;
^
include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later
return res;
^~~~~~~~~~
include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user'
n = _copy_from_user(to, from, n);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:193:2: note: Returning without writing to 'to->flags'
return n;
^
include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later
return n;
^~~~~~~~
drivers/nvme/host/ioctl.c:191:6: note: Returning from 'copy_from_user'
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/nvme/host/ioctl.c:191:2: note: Taking false branch
if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
^
drivers/nvme/host/ioctl.c:193:6: note: Branch condition evaluates to a garbage value
if (cmd.flags)
^~~~~~~~~
drivers/nvme/host/ioctl.c:224:7: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]
if (put_user(result, &ucmd->result))
^
arch/mips/include/asm/uaccess.h:154:2: note: expanded from macro 'put_user'
__put_user_check((x), (ptr), sizeof(*(ptr)))
vim +193 drivers/nvme/host/ioctl.c
2405252a680e21 Christoph Hellwig 2021-04-10 179
2405252a680e21 Christoph Hellwig 2021-04-10 180 static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
2405252a680e21 Christoph Hellwig 2021-04-10 181 struct nvme_passthru_cmd __user *ucmd)
2405252a680e21 Christoph Hellwig 2021-04-10 182 {
2405252a680e21 Christoph Hellwig 2021-04-10 183 struct nvme_passthru_cmd cmd;
2405252a680e21 Christoph Hellwig 2021-04-10 184 struct nvme_command c;
2405252a680e21 Christoph Hellwig 2021-04-10 185 unsigned timeout = 0;
2405252a680e21 Christoph Hellwig 2021-04-10 186 u64 result;
2405252a680e21 Christoph Hellwig 2021-04-10 187 int status;
2405252a680e21 Christoph Hellwig 2021-04-10 188
2405252a680e21 Christoph Hellwig 2021-04-10 189 if (!capable(CAP_SYS_ADMIN))
2405252a680e21 Christoph Hellwig 2021-04-10 190 return -EACCES;
2405252a680e21 Christoph Hellwig 2021-04-10 191 if (copy_from_user(&cmd, ucmd, sizeof(cmd)))
2405252a680e21 Christoph Hellwig 2021-04-10 192 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 @193 if (cmd.flags)
2405252a680e21 Christoph Hellwig 2021-04-10 194 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 195 if (ns && cmd.nsid != ns->head->ns_id) {
2405252a680e21 Christoph Hellwig 2021-04-10 196 dev_err(ctrl->device,
2405252a680e21 Christoph Hellwig 2021-04-10 197 "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
2405252a680e21 Christoph Hellwig 2021-04-10 198 current->comm, cmd.nsid, ns->head->ns_id);
2405252a680e21 Christoph Hellwig 2021-04-10 199 return -EINVAL;
2405252a680e21 Christoph Hellwig 2021-04-10 200 }
2405252a680e21 Christoph Hellwig 2021-04-10 201
2405252a680e21 Christoph Hellwig 2021-04-10 202 memset(&c, 0, sizeof(c));
2405252a680e21 Christoph Hellwig 2021-04-10 203 c.common.opcode = cmd.opcode;
2405252a680e21 Christoph Hellwig 2021-04-10 204 c.common.flags = cmd.flags;
2405252a680e21 Christoph Hellwig 2021-04-10 205 c.common.nsid = cpu_to_le32(cmd.nsid);
2405252a680e21 Christoph Hellwig 2021-04-10 206 c.common.cdw2[0] = cpu_to_le32(cmd.cdw2);
2405252a680e21 Christoph Hellwig 2021-04-10 207 c.common.cdw2[1] = cpu_to_le32(cmd.cdw3);
2405252a680e21 Christoph Hellwig 2021-04-10 208 c.common.cdw10 = cpu_to_le32(cmd.cdw10);
2405252a680e21 Christoph Hellwig 2021-04-10 209 c.common.cdw11 = cpu_to_le32(cmd.cdw11);
2405252a680e21 Christoph Hellwig 2021-04-10 210 c.common.cdw12 = cpu_to_le32(cmd.cdw12);
2405252a680e21 Christoph Hellwig 2021-04-10 211 c.common.cdw13 = cpu_to_le32(cmd.cdw13);
2405252a680e21 Christoph Hellwig 2021-04-10 212 c.common.cdw14 = cpu_to_le32(cmd.cdw14);
2405252a680e21 Christoph Hellwig 2021-04-10 213 c.common.cdw15 = cpu_to_le32(cmd.cdw15);
2405252a680e21 Christoph Hellwig 2021-04-10 214
2405252a680e21 Christoph Hellwig 2021-04-10 215 if (cmd.timeout_ms)
2405252a680e21 Christoph Hellwig 2021-04-10 216 timeout = msecs_to_jiffies(cmd.timeout_ms);
2405252a680e21 Christoph Hellwig 2021-04-10 217
2405252a680e21 Christoph Hellwig 2021-04-10 218 status = nvme_submit_user_cmd(ns ? ns->queue : ctrl->admin_q, &c,
2405252a680e21 Christoph Hellwig 2021-04-10 219 nvme_to_user_ptr(cmd.addr), cmd.data_len,
2405252a680e21 Christoph Hellwig 2021-04-10 220 nvme_to_user_ptr(cmd.metadata), cmd.metadata_len,
2405252a680e21 Christoph Hellwig 2021-04-10 221 0, &result, timeout);
2405252a680e21 Christoph Hellwig 2021-04-10 222
2405252a680e21 Christoph Hellwig 2021-04-10 223 if (status >= 0) {
2405252a680e21 Christoph Hellwig 2021-04-10 224 if (put_user(result, &ucmd->result))
2405252a680e21 Christoph Hellwig 2021-04-10 225 return -EFAULT;
2405252a680e21 Christoph Hellwig 2021-04-10 226 }
2405252a680e21 Christoph Hellwig 2021-04-10 227
2405252a680e21 Christoph Hellwig 2021-04-10 228 return status;
2405252a680e21 Christoph Hellwig 2021-04-10 229 }
2405252a680e21 Christoph Hellwig 2021-04-10 230
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-04-03 5:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-03 5:49 drivers/nvme/host/ioctl.c:193:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch] kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-04-01 19:29 kernel test robot
2022-03-31 3:58 kernel test robot
2022-03-29 9:27 kernel test robot
2022-01-09 5:49 kernel test robot
2021-12-05 13:43 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.