From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com
Subject: drivers/mtd/ubi/eba.c:848:9: warning: use of NULL 'buf' where non-null expected [CWE-476]
Date: Sun, 22 Jan 2023 08:41:49 +0800 [thread overview]
Message-ID: <202301220809.Z83VshLt-lkp@intel.com> (raw)
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check first_new_problem: drivers/mtd/ubi/eba.c:848:9: warning: use of NULL 'buf' where non-null expected [CWE-476] [-Wanalyzer-null-argument]"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Christophe Leroy <christophe.leroy@csgroup.eu>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f67144022885344375ad03593e7a290cc614da34
commit: f334f5668bedf7307f6df1d98b14f55902931926 ilog2: force inlining of __ilog2_u32() and __ilog2_u64()
date: 10 months ago
:::::: branch date: 5 hours ago
:::::: commit date: 10 months ago
config: arm-randconfig-c002-20230118 (https://download.01.org/0day-ci/archive/20230122/202301220809.Z83VshLt-lkp@intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f334f5668bedf7307f6df1d98b14f55902931926
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout f334f5668bedf7307f6df1d98b14f55902931926
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
gcc_analyzer warnings: (new ones prefixed by >>)
| | |
| | (17) ...to here
|
<------+
|
'leb_write_lock': events 18-19
|
| 365 | le = ltree_add_entry(ubi, vol_id, lnum);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (18) returning to 'leb_write_lock' from 'ltree_add_entry'
| 366 | if (IS_ERR(le))
| | ~
| | |
| | (19) following 'true' branch...
|
'leb_write_lock': event 20
|
|include/linux/err.h:31:16:
| 31 | return (long) ptr;
| | ^~~~~~~~~~
| | |
| | (20) ...to here
|
<------+
|
'ubi_eba_unmap_leb': events 21-26
|
|drivers/mtd/ubi/eba.c:458:15:
| 458 | err = leb_write_lock(ubi, vol_id, lnum);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (21) returning to 'ubi_eba_unmap_leb' from 'leb_write_lock'
| 459 | if (err)
| | ~
| | |
| | (22) following 'false' branch (when 'err == 0')...
|......
| 462 | pnum = vol->eba_tbl->entries[lnum].pnum;
| | ~~~~~~~~~~~~
| | |
| | (23) ...to here
| 463 | if (pnum < 0)
| | ~
| | |
| | (24) following 'false' branch (when 'pnum >= 0')...
|......
| 469 | down_read(&ubi->fm_eba_sem);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (25) ...to here
|......
| 475 | leb_write_unlock(ubi, vol_id, lnum);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (26) calling 'leb_write_unlock' from 'ubi_eba_unmap_leb'
|
+--> 'leb_write_unlock': events 27-28
|
| 412 | static void leb_write_unlock(struct ubi_device *ubi, int vol_id, int lnum)
| | ^~~~~~~~~~~~~~~~
| | |
| | (27) entry to 'leb_write_unlock'
|......
| 417 | le = ltree_lookup(ubi, vol_id, lnum);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (28) calling 'ltree_lookup' from 'leb_write_unlock'
|
+--> 'ltree_lookup': events 29-30
|
| 210 | static struct ubi_ltree_entry *ltree_lookup(struct ubi_device *ubi, int vol_id,
| | ^~~~~~~~~~~~
| | |
| | (29) entry to 'ltree_lookup'
|......
| 216 | while (p) {
| | ~
| | |
| | (30) following 'false' branch (when 'p' is NULL)...
|
'ltree_lookup': event 31
|
|cc1:
| (31): ...to here
|
<------+
|
'leb_write_unlock': events 32-33
|
| 417 | le = ltree_lookup(ubi, vol_id, lnum);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (32) return of NULL to 'leb_write_unlock' from 'ltree_lookup'
| 418 | le->users -= 1;
| | ~~~~~~~~~
| | |
| | (33) dereference of NULL 'le'
|
drivers/mtd/ubi/eba.c: In function 'try_recover_peb':
>> drivers/mtd/ubi/eba.c:848:9: warning: use of NULL 'buf' where non-null expected [CWE-476] [-Wanalyzer-null-argument]
848 | memcpy(ubi->peb_buf + offset, buf, len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'ubi_eba_atomic_leb_change': events 1-6
|
| 1188 | int ubi_eba_atomic_leb_change(struct ubi_device *ubi, struct ubi_volume *vol,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ubi_eba_atomic_leb_change'
|......
| 1196 | if (ubi->ro_mode)
| | ~
| | |
| | (2) following 'false' branch...
|......
| 1199 | if (len == 0) {
| | ~
| | |
| | (3) ...to here
| | (4) following 'true' branch (when 'len == 0')...
|......
| 1204 | err = ubi_eba_unmap_leb(ubi, vol, lnum);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| | (6) calling 'ubi_eba_unmap_leb' from 'ubi_eba_atomic_leb_change'
|
+--> 'ubi_eba_unmap_leb': events 7-10
|
| 450 | int ubi_eba_unmap_leb(struct ubi_device *ubi, struct ubi_volume *vol,
| | ^~~~~~~~~~~~~~~~~
| | |
| | (7) entry to 'ubi_eba_unmap_leb'
|......
| 455 | if (ubi->ro_mode)
| | ~
| | |
| | (8) following 'false' branch...
|......
| 458 | err = leb_write_lock(ubi, vol_id, lnum);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| | (10) calling 'leb_write_lock' from 'ubi_eba_unmap_leb'
|
+--> 'leb_write_lock': events 11-12
|
| 361 | static int leb_write_lock(struct ubi_device *ubi, int vol_id, int lnum)
| | ^~~~~~~~~~~~~~
| | |
| | (11) entry to 'leb_write_lock'
|......
| 365 | le = ltree_add_entry(ubi, vol_id, lnum);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (12) calling 'ltree_add_entry' from 'leb_write_lock'
|
+--> 'ltree_add_entry': events 13-17
|
| 249 | static struct ubi_ltree_entry *ltree_add_entry(struct ubi_device *ubi,
| | ^~~~~~~~~~~~~~~
| | |
| | (13) entry to 'ltree_add_entry'
|......
| 266 | if (le1) {
| | ~
| | |
| | (14) following 'false' branch (when 'le1' is NULL)...
|......
| 282 | p = &ubi->ltree.rb_node;
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) ...to here
| 283 | while (*p) {
| | ~
| | |
| | (16) following 'false' branch...
|......
| 300 | rb_link_node(&le->rb, parent, p);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (17) ...to here
|
<------+
|
'leb_write_lock': events 18-19
|
| 365 | le = ltree_add_entry(ubi, vol_id, lnum);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (18) returning to 'leb_write_lock' from 'ltree_add_entry'
| 366 | if (IS_ERR(le))
| | ~
| | |
| | (19) following 'true' branch...
|
'leb_write_lock': event 20
|
|include/linux/err.h:31:16:
| 31 | return (long) ptr;
| | ^~~~~~~~~~
vim +/buf +848 drivers/mtd/ubi/eba.c
9ff08979e17423 Richard Weinberger 2015-01-10 787
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 788 /**
f036dfeb859cb4 Boris Brezillon 2016-09-16 789 * try_recover_peb - try to recover from write failure.
f036dfeb859cb4 Boris Brezillon 2016-09-16 790 * @vol: volume description object
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 791 * @pnum: the physical eraseblock to recover
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 792 * @lnum: logical eraseblock number
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 793 * @buf: data which was not written because of the write failure
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 794 * @offset: offset of the failed write
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 795 * @len: how many bytes should have been written
3291b52f9ff0ac Boris Brezillon 2016-09-16 796 * @vidb: VID buffer
f036dfeb859cb4 Boris Brezillon 2016-09-16 797 * @retry: whether the caller should retry in case of failure
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 798 *
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 799 * This function is called in case of a write failure and moves all good data
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 800 * from the potentially bad physical eraseblock to a good physical eraseblock.
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 801 * This function also writes the data which was not written due to the failure.
f036dfeb859cb4 Boris Brezillon 2016-09-16 802 * Returns 0 in case of success, and a negative error code in case of failure.
f036dfeb859cb4 Boris Brezillon 2016-09-16 803 * In case of failure, the %retry parameter is set to false if this is a fatal
f036dfeb859cb4 Boris Brezillon 2016-09-16 804 * error (retrying won't help), and true otherwise.
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 805 */
f036dfeb859cb4 Boris Brezillon 2016-09-16 806 static int try_recover_peb(struct ubi_volume *vol, int pnum, int lnum,
f036dfeb859cb4 Boris Brezillon 2016-09-16 807 const void *buf, int offset, int len,
3291b52f9ff0ac Boris Brezillon 2016-09-16 808 struct ubi_vid_io_buf *vidb, bool *retry)
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 809 {
f036dfeb859cb4 Boris Brezillon 2016-09-16 810 struct ubi_device *ubi = vol->ubi;
3291b52f9ff0ac Boris Brezillon 2016-09-16 811 struct ubi_vid_hdr *vid_hdr;
f036dfeb859cb4 Boris Brezillon 2016-09-16 812 int new_pnum, err, vol_id = vol->vol_id, data_size;
972228d87445dc Richard Weinberger 2016-06-21 813 uint32_t crc;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 814
f036dfeb859cb4 Boris Brezillon 2016-09-16 815 *retry = false;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 816
b36a261e8c0ab3 Richard Weinberger 2012-05-14 817 new_pnum = ubi_wl_get_peb(ubi);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 818 if (new_pnum < 0) {
f036dfeb859cb4 Boris Brezillon 2016-09-16 819 err = new_pnum;
f036dfeb859cb4 Boris Brezillon 2016-09-16 820 goto out_put;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 821 }
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 822
326087033108e7 Tanya Brokhman 2014-10-20 823 ubi_msg(ubi, "recover PEB %d, move data to PEB %d",
326087033108e7 Tanya Brokhman 2014-10-20 824 pnum, new_pnum);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 825
3291b52f9ff0ac Boris Brezillon 2016-09-16 826 err = ubi_io_read_vid_hdr(ubi, pnum, vidb, 1);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 827 if (err && err != UBI_IO_BITFLIPS) {
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 828 if (err > 0)
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 829 err = -EIO;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 830 goto out_put;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 831 }
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 832
884a3b647809cb Geert Uytterhoeven 2016-10-13 833 vid_hdr = ubi_get_vid_hdr(vidb);
972228d87445dc Richard Weinberger 2016-06-21 834 ubi_assert(vid_hdr->vol_type == UBI_VID_DYNAMIC);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 835
4df581f3dc6a91 Artem Bityutskiy 2008-12-04 836 mutex_lock(&ubi->buf_mutex);
0ca39d74de8b26 Artem Bityutskiy 2012-03-08 837 memset(ubi->peb_buf + offset, 0xFF, len);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 838
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 839 /* Read everything before the area where the write failure happened */
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 840 if (offset > 0) {
0ca39d74de8b26 Artem Bityutskiy 2012-03-08 841 err = ubi_io_read_data(ubi, ubi->peb_buf, pnum, 0, offset);
f036dfeb859cb4 Boris Brezillon 2016-09-16 842 if (err && err != UBI_IO_BITFLIPS)
4df581f3dc6a91 Artem Bityutskiy 2008-12-04 843 goto out_unlock;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 844 }
f036dfeb859cb4 Boris Brezillon 2016-09-16 845
f036dfeb859cb4 Boris Brezillon 2016-09-16 846 *retry = true;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 847
0ca39d74de8b26 Artem Bityutskiy 2012-03-08 @848 memcpy(ubi->peb_buf + offset, buf, len);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 849
972228d87445dc Richard Weinberger 2016-06-21 850 data_size = offset + len;
972228d87445dc Richard Weinberger 2016-06-21 851 crc = crc32(UBI_CRC32_INIT, ubi->peb_buf, data_size);
972228d87445dc Richard Weinberger 2016-06-21 852 vid_hdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
972228d87445dc Richard Weinberger 2016-06-21 853 vid_hdr->copy_flag = 1;
972228d87445dc Richard Weinberger 2016-06-21 854 vid_hdr->data_size = cpu_to_be32(data_size);
972228d87445dc Richard Weinberger 2016-06-21 855 vid_hdr->data_crc = cpu_to_be32(crc);
3291b52f9ff0ac Boris Brezillon 2016-09-16 856 err = ubi_io_write_vid_hdr(ubi, new_pnum, vidb);
f036dfeb859cb4 Boris Brezillon 2016-09-16 857 if (err)
f036dfeb859cb4 Boris Brezillon 2016-09-16 858 goto out_unlock;
972228d87445dc Richard Weinberger 2016-06-21 859
0ca39d74de8b26 Artem Bityutskiy 2012-03-08 860 err = ubi_io_write_data(ubi, ubi->peb_buf, new_pnum, 0, data_size);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 861
f036dfeb859cb4 Boris Brezillon 2016-09-16 862 out_unlock:
e88d6e10e5c848 Artem Bityutskiy 2007-08-29 863 mutex_unlock(&ubi->buf_mutex);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 864
f036dfeb859cb4 Boris Brezillon 2016-09-16 865 if (!err)
799dca34ac5434 Boris Brezillon 2016-09-16 866 vol->eba_tbl->entries[lnum].pnum = new_pnum;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 867
4df581f3dc6a91 Artem Bityutskiy 2008-12-04 868 out_put:
f036dfeb859cb4 Boris Brezillon 2016-09-16 869 up_read(&ubi->fm_eba_sem);
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 870
f036dfeb859cb4 Boris Brezillon 2016-09-16 871 if (!err) {
f036dfeb859cb4 Boris Brezillon 2016-09-16 872 ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
f036dfeb859cb4 Boris Brezillon 2016-09-16 873 ubi_msg(ubi, "data was successfully recovered");
f036dfeb859cb4 Boris Brezillon 2016-09-16 874 } else if (new_pnum >= 0) {
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 875 /*
f036dfeb859cb4 Boris Brezillon 2016-09-16 876 * Bad luck? This physical eraseblock is bad too? Crud. Let's
f036dfeb859cb4 Boris Brezillon 2016-09-16 877 * try to get another one.
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 878 */
d36e59e69b8be5 Joel Reardon 2012-05-18 879 ubi_wl_put_peb(ubi, vol_id, lnum, new_pnum, 1);
f036dfeb859cb4 Boris Brezillon 2016-09-16 880 ubi_warn(ubi, "failed to write to PEB %d", new_pnum);
f036dfeb859cb4 Boris Brezillon 2016-09-16 881 }
f036dfeb859cb4 Boris Brezillon 2016-09-16 882
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 883 return err;
801c135ce73d5d Artem B. Bityutskiy 2006-06-27 884 }
f036dfeb859cb4 Boris Brezillon 2016-09-16 885
:::::: The code at line 848 was first introduced by commit
:::::: 0ca39d74de8b269fb61eac11b75bd6c3fc887c28 UBI: rename peb_buf1 to peb_buf
:::::: TO: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
:::::: CC: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
next reply other threads:[~2023-01-22 0:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-22 0:41 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-01-07 23:53 drivers/mtd/ubi/eba.c:848:9: warning: use of NULL 'buf' where non-null expected [CWE-476] kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202301220809.Z83VshLt-lkp@intel.com \
--to=lkp@intel.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.