* [congwang:sch_bpf 2/4] net/core/skb_map.c:175:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
@ 2022-05-27 22:59 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-05-27 22:59 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 17863 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Cong Wang <xiyou.wangcong@gmail.com>
tree: https://github.com/congwang/linux.git sch_bpf
head: d7144f4291a2882e698a6d9d83f7e614d97be9c8
commit: c27f47230e7935f94ef17b29accb49defa7be17e [2/4] bpf: introduce skb map
:::::: branch date: 31 hours ago
:::::: commit date: 31 hours ago
config: x86_64-randconfig-c007 (https://download.01.org/0day-ci/archive/20220528/202205280603.5BAjdCkI-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 134d7f9a4b97e9035150d970bd9e376043c4577e)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/congwang/linux/commit/c27f47230e7935f94ef17b29accb49defa7be17e
git remote add congwang https://github.com/congwang/linux.git
git fetch --no-tags congwang sch_bpf
git checkout c27f47230e7935f94ef17b29accb49defa7be17e
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~~~~~~~~~~~
net/atm/mpc.c:1347:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(&tlv[7], mesg->MPS_ctrl, ATM_ESA_LEN); /* MPC ctrl ATM addr */
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
net/atm/mpc.c:1348:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(mpc->our_ctrl_addr, mesg->MPS_ctrl, ATM_ESA_LEN);
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
net/atm/mpc.c:1348:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(mpc->our_ctrl_addr, mesg->MPS_ctrl, ATM_ESA_LEN);
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
net/atm/mpc.c:1515:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(mpc, 0, sizeof(struct mpoa_client));
^
include/linux/fortify-string.h:288:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:281:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
net/atm/mpc.c:1515:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(mpc, 0, sizeof(struct mpoa_client));
^
include/linux/fortify-string.h:288:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:281:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
Suppressed 76 warnings (76 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
89 warnings generated.
net/core/bpf_sk_storage.c:764:4: warning: Value stored to 'b' is never read [clang-analyzer-deadcode.DeadStores]
b = &smap->buckets[bucket_id++];
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/core/bpf_sk_storage.c:764:4: note: Value stored to 'b' is never read
b = &smap->buckets[bucket_id++];
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 88 warnings (88 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
83 warnings generated.
net/core/skb_map.c:85:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(rb, 0, sizeof(*rb));
^
include/linux/fortify-string.h:288:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:281:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
net/core/skb_map.c:85:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(rb, 0, sizeof(*rb));
^
include/linux/fortify-string.h:288:25: note: expanded from macro 'memset'
#define memset(p, c, s) __fortify_memset_chk(p, c, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:281:2: note: expanded from macro '__fortify_memset_chk'
__underlying_memset(p, c, __fortify_size); \
^~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset'
#define __underlying_memset __builtin_memset
^~~~~~~~~~~~~~~~
>> net/core/skb_map.c:175:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
rank = *(u64 *) key;
^~~~~~~~~~~~
net/core/skb_map.c:170:6: note: Assuming 'key' is null
if (!key) {
^~~~
net/core/skb_map.c:170:2: note: Taking true branch
if (!key) {
^
net/core/skb_map.c:171:9: note: Assuming '____ptr' is non-null
skb = skb_rb_first(&rb->root);
^
include/linux/skbuff.h:3911:28: note: expanded from macro 'skb_rb_first'
#define skb_rb_first(root) rb_to_skb(rb_first(root))
^~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/skbuff.h:3910:23: note: expanded from macro 'rb_to_skb'
#define rb_to_skb(rb) rb_entry_safe(rb, struct sk_buff, rbnode)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/rbtree.h:79:5: note: expanded from macro 'rb_entry_safe'
____ptr ? rb_entry(____ptr, type, member) : NULL; \
^~~~~~~
net/core/skb_map.c:171:9: note: '?' condition is true
skb = skb_rb_first(&rb->root);
^
include/linux/skbuff.h:3911:28: note: expanded from macro 'skb_rb_first'
#define skb_rb_first(root) rb_to_skb(rb_first(root))
^
include/linux/skbuff.h:3910:23: note: expanded from macro 'rb_to_skb'
#define rb_to_skb(rb) rb_entry_safe(rb, struct sk_buff, rbnode)
^
include/linux/rbtree.h:79:5: note: expanded from macro 'rb_entry_safe'
____ptr ? rb_entry(____ptr, type, member) : NULL; \
^
net/core/skb_map.c:172:8: note: 'skb' is non-null
if (!skb)
^~~
net/core/skb_map.c:172:3: note: Taking false branch
if (!skb)
^
net/core/skb_map.c:175:9: note: Dereference of null pointer
rank = *(u64 *) key;
^~~~~~~~~~~~
Suppressed 81 warnings (81 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
80 warnings generated.
fs/cifs/ioctl.c:334:4: warning: Value stored to 'caps' is never read [clang-analyzer-deadcode.DeadStores]
caps = le64_to_cpu(tcon->fsUnixInfo.Capability);
^
fs/cifs/ioctl.c:334:4: note: Value stored to 'caps' is never read
fs/cifs/ioctl.c:445:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(pkey_inf.auth_key, tcon->ses->auth_key.response,
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
fs/cifs/ioctl.c:445:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(pkey_inf.auth_key, tcon->ses->auth_key.response,
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
fs/cifs/ioctl.c:447:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(pkey_inf.smb3decryptionkey,
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
fs/cifs/ioctl.c:447:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(pkey_inf.smb3decryptionkey,
^
include/linux/fortify-string.h:385:26: note: expanded from macro 'memcpy'
#define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/fortify-string.h:378:2: note: expanded from macro '__fortify_memcpy_chk'
__underlying_##op(p, q, __fortify_size); \
^~~~~~~~~~~~~~~~~
note: expanded from here
include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy'
#define __underlying_memcpy __builtin_memcpy
^~~~~~~~~~~~~~~~
vim +175 net/core/skb_map.c
c27f47230e7935 Cong Wang 2020-11-08 162
c27f47230e7935 Cong Wang 2020-11-08 163 /* Called from syscall */
c27f47230e7935 Cong Wang 2020-11-08 164 static int skb_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
c27f47230e7935 Cong Wang 2020-11-08 165 {
c27f47230e7935 Cong Wang 2020-11-08 166 struct bpf_skb_map *rb = bpf_skb_map(map);
c27f47230e7935 Cong Wang 2020-11-08 167 struct sk_buff *skb;
c27f47230e7935 Cong Wang 2020-11-08 168 u64 rank;
c27f47230e7935 Cong Wang 2020-11-08 169
c27f47230e7935 Cong Wang 2020-11-08 170 if (!key) {
c27f47230e7935 Cong Wang 2020-11-08 171 skb = skb_rb_first(&rb->root);
c27f47230e7935 Cong Wang 2020-11-08 172 if (!skb)
c27f47230e7935 Cong Wang 2020-11-08 173 return -ENOENT;
c27f47230e7935 Cong Wang 2020-11-08 174 }
c27f47230e7935 Cong Wang 2020-11-08 @175 rank = *(u64 *) key;
c27f47230e7935 Cong Wang 2020-11-08 176 skb = skb_rb_find(&rb->root, rank);
c27f47230e7935 Cong Wang 2020-11-08 177 if (!skb)
c27f47230e7935 Cong Wang 2020-11-08 178 return -ENOENT;
c27f47230e7935 Cong Wang 2020-11-08 179 skb = skb_rb_next(skb);
c27f47230e7935 Cong Wang 2020-11-08 180 if (!skb)
c27f47230e7935 Cong Wang 2020-11-08 181 return 0;
c27f47230e7935 Cong Wang 2020-11-08 182 *(u64 *) next_key = skb_map_cb(skb)->rank;
c27f47230e7935 Cong Wang 2020-11-08 183 return 0;
c27f47230e7935 Cong Wang 2020-11-08 184 }
c27f47230e7935 Cong Wang 2020-11-08 185
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-27 22:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-27 22:59 [congwang:sch_bpf 2/4] net/core/skb_map.c:175:9: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.