* [linux-next:master 14468/14705] lib/maple_tree.c:667:9: warning: The right operand of '>=' is a garbage value due to array index out of bounds [clang-analyzer-core.UndefinedBinaryOperatorResult]
@ 2022-06-03 5:04 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-06-03 5:04 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 16905 bytes --]
::::::
:::::: Manual check reason: "low confidence static check warning: lib/maple_tree.c:667:9: warning: The right operand of '>=' is a garbage value due to array index out of bounds [clang-analyzer-core.UndefinedBinaryOperatorResult]"
::::::
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: "Liam R. Howlett" <Liam.Howlett@Oracle.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
CC: "Matthew Wilcox (Oracle)" <willy@infradead.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 2e776ccffa840ce53ee1c21bde54cbe4bc102c3b
commit: 2434ee25be6b2f86767dcfd83f1c923f109fe73e [14468/14705] Maple Tree: add new data structure
:::::: branch date: 25 hours ago
:::::: commit date: 30 hours ago
config: s390-randconfig-c005-20220531 (https://download.01.org/0day-ci/archive/20220603/202206031212.dGV52qAL-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project b364c76683f8ef241025a9556300778c07b590c2)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=2434ee25be6b2f86767dcfd83f1c923f109fe73e
git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git fetch --no-tags linux-next master
git checkout 2434ee25be6b2f86767dcfd83f1c923f109fe73e
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=s390 clang-analyzer
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
include/linux/percpu-defs.h:520:28: note: expanded from macro 'this_cpu_inc'
#define this_cpu_inc(pcp) this_cpu_add(pcp, 1)
^~~~~~~~~~~~~~~~~~~~
include/linux/percpu-defs.h:509:33: note: expanded from macro 'this_cpu_add'
#define this_cpu_add(pcp, val) __pcpu_size_call(this_cpu_add_, pcp, val)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/percpu-defs.h:379:11: note: expanded from macro '__pcpu_size_call'
case 4: stem##4(variable, __VA_ARGS__);break; \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
note: (skipping 4 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
include/asm-generic/percpu.h:44:31: note: expanded from macro 'arch_raw_cpu_ptr'
#define arch_raw_cpu_ptr(ptr) SHIFT_PERCPU_PTR(ptr, __my_cpu_offset)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/percpu-defs.h:231:2: note: expanded from macro 'SHIFT_PERCPU_PTR'
RELOC_HIDE((typeof(*(__p)) __kernel __force *)(__p), (__offset))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:170:28: note: expanded from macro 'RELOC_HIDE'
(typeof(ptr)) (__ptr + (off)); })
^~~~~
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
29 warnings generated.
lib/kobject_uevent.c:665:8: warning: Call to function 'vsnprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'vsnprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
len = vsnprintf(&env->buf[env->buflen],
^~~~~~~~~
lib/kobject_uevent.c:665:8: note: Call to function 'vsnprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'vsnprintf_s' in case of C11
len = vsnprintf(&env->buf[env->buflen],
^~~~~~~~~
Suppressed 28 warnings (16 in non-user code, 12 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
21 warnings generated.
Suppressed 21 warnings (9 in non-user code, 12 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
26 warnings generated.
arch/s390/include/asm/spinlock.h:61:52: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
return likely(__atomic_cmpxchg_bool(&lp->lock, 0, SPINLOCK_LOCKVAL));
^
arch/s390/include/asm/spinlock.h:19:26: note: expanded from macro 'SPINLOCK_LOCKVAL'
#define SPINLOCK_LOCKVAL (S390_lowcore.spinlock_lockval)
^
lib/maple_tree.c:6259:2: note: Calling 'spin_lock'
mtree_lock(mt);
^
include/linux/maple_tree.h:253:25: note: expanded from macro 'mtree_lock'
#define mtree_lock(mt) spin_lock((&(mt)->ma_lock))
^~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/spinlock.h:349:2: note: Calling '__raw_spin_lock'
raw_spin_lock(&lock->rlock);
^
include/linux/spinlock.h:215:29: note: expanded from macro 'raw_spin_lock'
#define raw_spin_lock(lock) _raw_spin_lock(lock)
^~~~~~~~~~~~~~~~~~~~
include/linux/spinlock_api_smp.h:47:30: note: expanded from macro '_raw_spin_lock'
#define _raw_spin_lock(lock) __raw_spin_lock(lock)
^~~~~~~~~~~~~~~~~~~~~
include/linux/spinlock_api_smp.h:133:2: note: Loop condition is false. Exiting loop
spin_acquire(&lock->dep_map, 0, 0, _RET_IP_);
^
include/linux/lockdep.h:522:35: note: expanded from macro 'spin_acquire'
#define spin_acquire(l, s, t, i) lock_acquire_exclusive(l, s, t, NULL, i)
^
include/linux/lockdep.h:518:48: note: expanded from macro 'lock_acquire_exclusive'
#define lock_acquire_exclusive(l, s, t, n, i) lock_acquire(l, s, t, 0, 1, n, i)
^
include/linux/lockdep.h:356:44: note: expanded from macro 'lock_acquire'
# define lock_acquire(l, s, t, r, c, n, i) do { } while (0)
^
include/linux/spinlock_api_smp.h:134:44: note: Calling 'do_raw_spin_lock'
LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);
^
include/linux/lockdep.h:477:2: note: expanded from macro 'LOCK_CONTENDED'
lock(_lock)
^~~~~~~~~~~
include/linux/spinlock.h:185:2: note: Calling 'arch_spin_lock'
arch_spin_lock(&lock->raw_lock);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/s390/include/asm/spinlock.h:66:7: note: Calling 'arch_spin_trylock_once'
if (!arch_spin_trylock_once(lp))
^~~~~~~~~~~~~~~~~~~~~~~~~~
arch/s390/include/asm/spinlock.h:61:52: note: Dereference of null pointer
return likely(__atomic_cmpxchg_bool(&lp->lock, 0, SPINLOCK_LOCKVAL));
^
arch/s390/include/asm/spinlock.h:19:26: note: expanded from macro 'SPINLOCK_LOCKVAL'
#define SPINLOCK_LOCKVAL (S390_lowcore.spinlock_lockval)
^
include/linux/compiler.h:77:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
lib/maple_tree.c:326:2: warning: Value stored to 'node' is never read [clang-analyzer-deadcode.DeadStores]
node = (void *)((unsigned long)node & ~MAPLE_ENODE_NULL);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/maple_tree.c:326:2: note: Value stored to 'node' is never read
node = (void *)((unsigned long)node & ~MAPLE_ENODE_NULL);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/maple_tree.c:331:2: warning: Value stored to 'node' is never read [clang-analyzer-deadcode.DeadStores]
node = (void *)((unsigned long)node | MAPLE_ENODE_NULL);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/maple_tree.c:331:2: note: Value stored to 'node' is never read
node = (void *)((unsigned long)node | MAPLE_ENODE_NULL);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> lib/maple_tree.c:667:9: warning: The right operand of '>=' is a garbage value due to array index out of bounds [clang-analyzer-core.UndefinedBinaryOperatorResult]
if(piv >= mt_pivots[piv]) {
^
lib/maple_tree.c:5223:6: note: Left side of '||' is false
if (mas_is_none(mas) || mas_is_ptr(mas)) {
^
lib/maple_tree.c:5223:2: note: Taking false branch
if (mas_is_none(mas) || mas_is_ptr(mas)) {
^
lib/maple_tree.c:5235:2: note: Taking false branch
if (mas_is_err(mas))
^
lib/maple_tree.c:5238:11: note: Field 'offset' is not equal to MAPLE_NODE_SLOTS
if (mas->offset == MAPLE_NODE_SLOTS)
^
lib/maple_tree.c:5238:2: note: Taking false branch
if (mas->offset == MAPLE_NODE_SLOTS)
^
lib/maple_tree.c:5246:11: note: Field 'offset' is 15
if (mas->offset)
^
lib/maple_tree.c:5246:2: note: Taking true branch
if (mas->offset)
^
lib/maple_tree.c:5247:30: note: Passing the value 14 via 2nd parameter 'piv'
min = mte_pivot(mas->node, mas->offset - 1) + 1;
^~~~~~~~~~~~~~~
lib/maple_tree.c:5247:9: note: Calling 'mte_pivot'
min = mte_pivot(mas->node, mas->offset - 1) + 1;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/maple_tree.c:667:9: note: The right operand of '>=' is a garbage value due to array index out of bounds
if(piv >= mt_pivots[piv]) {
^ ~~~~~~~~~~~~~~
lib/maple_tree.c:1206:23: warning: Value stored to 'nodep' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct maple_alloc **nodep = &mas->alloc;
^~~~~ ~~~~~~~~~~~
lib/maple_tree.c:1206:23: note: Value stored to 'nodep' during its initialization is never read
struct maple_alloc **nodep = &mas->alloc;
^~~~~ ~~~~~~~~~~~
lib/maple_tree.c:1218:20: warning: Access to field 'node_count' results in a dereference of a null pointer (loaded from field 'alloc') [clang-analyzer-core.NullDereference]
if (!allocated || mas->alloc->node_count == MAPLE_ALLOC_SLOTS - 1) {
^
lib/maple_tree.c:5936:6: note: Calling 'mas_is_none'
if (mas_is_none(mas) || mas_is_paused(mas))
^~~~~~~~~~~~~~~~
include/linux/maple_tree.h:477:9: note: Assuming field 'node' is not equal to MAS_NONE
return mas->node == MAS_NONE;
^~~~~~~~~~~~~~~~~~~~~
include/linux/maple_tree.h:477:2: note: Returning without writing to 'mas->alloc', which participates in a condition later
return mas->node == MAS_NONE;
^
include/linux/maple_tree.h:477:2: note: Returning without writing to 'mas->alloc'
lib/maple_tree.c:5936:6: note: Returning from 'mas_is_none'
if (mas_is_none(mas) || mas_is_paused(mas))
^~~~~~~~~~~~~~~~
lib/maple_tree.c:5936:6: note: Left side of '||' is false
lib/maple_tree.c:5936:26: note: Calling 'mas_is_paused'
if (mas_is_none(mas) || mas_is_paused(mas))
^~~~~~~~~~~~~~~~~~
include/linux/maple_tree.h:483:9: note: Assuming field 'node' is not equal to MAS_PAUSE
return mas->node == MAS_PAUSE;
^~~~~~~~~~~~~~~~~~~~~~
include/linux/maple_tree.h:483:2: note: Returning without writing to 'mas->alloc', which participates in a condition later
return mas->node == MAS_PAUSE;
^
include/linux/maple_tree.h:483:2: note: Returning without writing to 'mas->alloc'
lib/maple_tree.c:5936:26: note: Returning from 'mas_is_paused'
if (mas_is_none(mas) || mas_is_paused(mas))
^~~~~~~~~~~~~~~~~~
lib/maple_tree.c:5936:2: note: Taking false branch
if (mas_is_none(mas) || mas_is_paused(mas))
^
lib/maple_tree.c:5940:10: note: Calling 'mas_state_walk'
entry = mas_state_walk(mas);
^~~~~~~~~~~~~~~~~~~
lib/maple_tree.c:3745:10: note: Calling 'mas_start'
entry = mas_start(mas);
^~~~~~~~~~~~~~
lib/maple_tree.c:1322:13: note: Calling 'mas_is_start'
if (likely(mas_is_start(mas))) {
^
include/linux/compiler.h:77:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
lib/maple_tree.c:243:9: note: Assuming field 'node' is equal to MAS_START
return mas->node == MAS_START;
^~~~~~~~~~~~~~~~~~~~~~
lib/maple_tree.c:243:2: note: Returning without writing to 'mas->alloc', which participates in a condition later
return mas->node == MAS_START;
^
lib/maple_tree.c:243:2: note: Returning without writing to 'mas->alloc'
lib/maple_tree.c:1322:13: note: Returning from 'mas_is_start'
if (likely(mas_is_start(mas))) {
^
include/linux/compiler.h:77:40: note: expanded from macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
lib/maple_tree.c:1322:2: note: Taking true branch
if (likely(mas_is_start(mas))) {
^
lib/maple_tree.c:1333:3: note: Taking false branch
vim +667 lib/maple_tree.c
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 654
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 655 /*
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 656 * mte_pivot() - Get the pivot at @piv of the maple encoded node.
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 657 * @mn: The maple encoded node.
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 658 * @piv: The pivot.
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 659 *
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 660 * Return: the pivot at @piv of @mn.
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 661 */
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 662 static inline unsigned long mte_pivot(const struct maple_enode *mn,
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 663 unsigned char piv)
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 664 {
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 665 struct maple_node *node = mte_to_node(mn);
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 666
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 @667 if(piv >= mt_pivots[piv]) {
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 668 WARN_ON(1);
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 669 return 0;
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 670 }
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 671 switch (mte_node_type(mn)) {
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 672 case maple_arange_64:
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 673 return node->ma64.pivot[piv];
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 674 case maple_range_64:
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 675 case maple_leaf_64:
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 676 return node->mr64.pivot[piv];
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 677 case maple_dense:
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 678 return 0;
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 679 }
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 680 return 0;
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 681 }
2434ee25be6b2f8 Liam R. Howlett 2022-06-01 682
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-03 5:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-03 5:04 [linux-next:master 14468/14705] lib/maple_tree.c:667:9: warning: The right operand of '>=' is a garbage value due to array index out of bounds [clang-analyzer-core.UndefinedBinaryOperatorResult] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.