* [congwang:bpf 2/2] include/linux/skmsg.h:185:19: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage [clang-analyzer-core.uninitialized.Assign]
@ 2022-05-07 3:20 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-05-07 3:20 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 19017 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Cong Wang <cong.wang@bytedance.com>
tree: https://github.com/congwang/linux.git bpf
head: d6cae019e880ce9f03a12e9da56255f4bc638dc5
commit: d6cae019e880ce9f03a12e9da56255f4bc638dc5 [2/2] skmsg: improve error handling for sk_psock_queue_msg()
:::::: branch date: 4 days ago
:::::: commit date: 4 days ago
config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220507/202205071113.LDJfVE4y-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 363b3a645a1e30011cc8da624f13dac5fd915628)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/congwang/linux/commit/d6cae019e880ce9f03a12e9da56255f4bc638dc5
git remote add congwang https://github.com/congwang/linux.git
git fetch --no-tags congwang bpf
git checkout d6cae019e880ce9f03a12e9da56255f4bc638dc5
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^
arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy'
#define memcpy(t, f, n) __builtin_memcpy(t, f, n)
^~~~~~~~~~~~~~~~
fs/reiserfs/resize.c:106:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(jbitmap[i].bitmaps, jb->bitmaps, copy_size);
^
arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy'
#define memcpy(t, f, n) __builtin_memcpy(t, f, n)
^~~~~~~~~~~~~~~~
fs/reiserfs/resize.c:155:4: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(bh->b_data, 0, sb_blocksize(sb));
^
arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset'
#define memset(s, c, count) __builtin_memset(s, c, count)
^~~~~~~~~~~~~~~~
fs/reiserfs/resize.c:155:4: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(bh->b_data, 0, sb_blocksize(sb));
^
arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset'
#define memset(s, c, count) __builtin_memset(s, c, count)
^~~~~~~~~~~~~~~~
Suppressed 37 warnings (37 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
33 warnings generated.
Suppressed 33 warnings (33 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
19 warnings generated.
sound/drivers/mpu401/mpu401_uart.c:586:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(rmidi->name, sizeof(rmidi->name), "%s MIDI",
^~~~~~~~
sound/drivers/mpu401/mpu401_uart.c:586:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(rmidi->name, sizeof(rmidi->name), "%s MIDI",
^~~~~~~~
sound/drivers/mpu401/mpu401_uart.c:589:3: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(rmidi->name, "MPU-401 MIDI %d-%d",card->number, device);
^~~~~~~
sound/drivers/mpu401/mpu401_uart.c:589:3: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(rmidi->name, "MPU-401 MIDI %d-%d",card->number, device);
^~~~~~~
Suppressed 17 warnings (17 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
42 warnings generated.
Suppressed 42 warnings (42 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
17 warnings generated.
Suppressed 17 warnings (17 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
38 warnings generated.
drivers/leds/leds-dac124s085.c:66:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(led->name, sizeof(led->name), "dac124s085-%d", i);
^~~~~~~~
drivers/leds/leds-dac124s085.c:66:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(led->name, sizeof(led->name), "dac124s085-%d", i);
^~~~~~~~
Suppressed 37 warnings (37 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
21 warnings generated.
Suppressed 21 warnings (21 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
38 warnings generated.
drivers/staging/greybus/bootrom.c:166:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
snprintf(firmware_name, sizeof(firmware_name),
^~~~~~~~
drivers/staging/greybus/bootrom.c:166:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
snprintf(firmware_name, sizeof(firmware_name),
^~~~~~~~
drivers/staging/greybus/bootrom.c:291:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(firmware_response->data, fw->data + offset, size);
^
arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy'
#define memcpy(t, f, n) __builtin_memcpy(t, f, n)
^~~~~~~~~~~~~~~~
drivers/staging/greybus/bootrom.c:291:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(firmware_response->data, fw->data + offset, size);
^
arch/x86/include/asm/string_32.h:150:25: note: expanded from macro 'memcpy'
#define memcpy(t, f, n) __builtin_memcpy(t, f, n)
^~~~~~~~~~~~~~~~
Suppressed 36 warnings (36 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
99 warnings generated.
Suppressed 99 warnings (99 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
100 warnings generated.
net/ipv4/tcp_cubic.c:109:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(ca, 0, offsetof(struct bictcp, unused));
^
arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset'
#define memset(s, c, count) __builtin_memset(s, c, count)
^~~~~~~~~~~~~~~~
net/ipv4/tcp_cubic.c:109:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(ca, 0, offsetof(struct bictcp, unused));
^
arch/x86/include/asm/string_32.h:195:29: note: expanded from macro 'memset'
#define memset(s, c, count) __builtin_memset(s, c, count)
^~~~~~~~~~~~~~~~
Suppressed 99 warnings (99 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
105 warnings generated.
>> include/linux/skmsg.h:185:19: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage [clang-analyzer-core.uninitialized.Assign]
dst->sg.size += size;
^
net/ipv4/tcp_bpf.c:22:8: note: Calling 'kzalloc'
tmp = kzalloc(sizeof(*tmp), __GFP_NOWARN | GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:714:9: note: Uninitialized value stored to field 'size'
return kmalloc(size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ipv4/tcp_bpf.c:22:8: note: Returning from 'kzalloc'
tmp = kzalloc(sizeof(*tmp), __GFP_NOWARN | GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/ipv4/tcp_bpf.c:23:15: note: Assuming 'tmp' is non-null
if (unlikely(!tmp))
^
include/linux/compiler.h:48:41: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
net/ipv4/tcp_bpf.c:23:16: note: 'tmp' is non-null
if (unlikely(!tmp))
^
include/linux/compiler.h:48:68: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:35:19: note: expanded from macro '__branch_check__'
expect, is_constant); \
^~~~~~~~~~~
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:52: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
net/ipv4/tcp_bpf.c:23:2: note: '?' condition is false
if (unlikely(!tmp))
^
include/linux/compiler.h:56:28: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
include/linux/compiler.h:58:31: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^
net/ipv4/tcp_bpf.c:23:16: note: 'tmp' is non-null
if (unlikely(!tmp))
^
include/linux/compiler.h:48:41: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:33:34: note: expanded from macro '__branch_check__'
______r = __builtin_expect(!!(x), expect); \
^
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value'
(cond) ? \
^~~~
net/ipv4/tcp_bpf.c:23:16: note: 'tmp' is non-null
if (unlikely(!tmp))
^
include/linux/compiler.h:48:68: note: expanded from macro 'unlikely'
# define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x)))
^
include/linux/compiler.h:35:19: note: expanded from macro '__branch_check__'
expect, is_constant); \
^~~~~~~~~~~
include/linux/compiler.h:56:47: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^~~~
include/linux/compiler.h:58:86: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^~~~
include/linux/compiler.h:69:3: note: expanded from macro '__trace_if_value'
(cond) ? \
^~~~
net/ipv4/tcp_bpf.c:23:2: note: '?' condition is false
if (unlikely(!tmp))
^
include/linux/compiler.h:56:28: note: expanded from macro 'if'
#define if(cond, ...) if ( __trace_if_var( !!(cond , ## __VA_ARGS__) ) )
^
include/linux/compiler.h:58:69: note: expanded from macro '__trace_if_var'
#define __trace_if_var(cond) (__builtin_constant_p(cond) ? (cond) : __trace_if_value(cond))
^
include/linux/compiler.h:69:2: note: expanded from macro '__trace_if_value'
(cond) ? \
^
net/ipv4/tcp_bpf.c:23:2: note: Taking false branch
if (unlikely(!tmp))
vim +185 include/linux/skmsg.h
604326b41a6fb9 Daniel Borkmann 2018-10-13 179
604326b41a6fb9 Daniel Borkmann 2018-10-13 180 static inline void sk_msg_xfer(struct sk_msg *dst, struct sk_msg *src,
604326b41a6fb9 Daniel Borkmann 2018-10-13 181 int which, u32 size)
604326b41a6fb9 Daniel Borkmann 2018-10-13 182 {
604326b41a6fb9 Daniel Borkmann 2018-10-13 183 dst->sg.data[which] = src->sg.data[which];
604326b41a6fb9 Daniel Borkmann 2018-10-13 184 dst->sg.data[which].length = size;
3f4c3127d33200 John Fastabend 2018-10-16 @185 dst->sg.size += size;
81aabbb9fb7b4b John Fastabend 2020-05-04 186 src->sg.size -= size;
604326b41a6fb9 Daniel Borkmann 2018-10-13 187 src->sg.data[which].length -= size;
604326b41a6fb9 Daniel Borkmann 2018-10-13 188 src->sg.data[which].offset += size;
604326b41a6fb9 Daniel Borkmann 2018-10-13 189 }
604326b41a6fb9 Daniel Borkmann 2018-10-13 190
:::::: The code at line 185 was first introduced by commit
:::::: 3f4c3127d332000530349db4843deece27fe5e0c bpf: sockmap, fix skmsg recvmsg handler to track size correctly
:::::: TO: John Fastabend <john.fastabend@gmail.com>
:::::: CC: Daniel Borkmann <daniel@iogearbox.net>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-07 3:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-07 3:20 [congwang:bpf 2/2] include/linux/skmsg.h:185:19: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage [clang-analyzer-core.uninitialized.Assign] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.