tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 03c765b0e3b4cb5063276b086c76f7a612856a9a commit: f68f2ff91512c199ec24883001245912afc17873 fortify: Detect struct member overflows in memcpy() at compile-time date: 4 months ago config: arm64-randconfig-s031-20220627 compiler: aarch64-linux-gcc (GCC) 11.3.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # apt-get install sparse # sparse version: v0.6.4-31-g4880bd19-dirty # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f68f2ff91512c199ec24883001245912afc17873 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout f68f2ff91512c199ec24883001245912afc17873 # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=arm64 SHELL=/bin/bash If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot sparse warnings: (new ones prefixed by >>) drivers/firmware/meson/meson_sm.c:85:24: sparse: sparse: Using plain integer as NULL pointer drivers/firmware/meson/meson_sm.c:170:17: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *sm_shmem_out_base @@ drivers/firmware/meson/meson_sm.c:170:17: sparse: expected void const * drivers/firmware/meson/meson_sm.c:170:17: sparse: got void [noderef] __iomem *sm_shmem_out_base drivers/firmware/meson/meson_sm.c:170:17: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *sm_shmem_out_base @@ drivers/firmware/meson/meson_sm.c:170:17: sparse: expected void const * drivers/firmware/meson/meson_sm.c:170:17: sparse: got void [noderef] __iomem *sm_shmem_out_base drivers/firmware/meson/meson_sm.c:170:17: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *sm_shmem_out_base @@ drivers/firmware/meson/meson_sm.c:170:17: sparse: expected void const * drivers/firmware/meson/meson_sm.c:170:17: sparse: got void [noderef] __iomem *sm_shmem_out_base >> drivers/firmware/meson/meson_sm.c:206:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *sm_shmem_in_base @@ drivers/firmware/meson/meson_sm.c:206:9: sparse: expected void const * drivers/firmware/meson/meson_sm.c:206:9: sparse: got void [noderef] __iomem *sm_shmem_in_base >> drivers/firmware/meson/meson_sm.c:206:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const * @@ got void [noderef] __iomem *sm_shmem_in_base @@ drivers/firmware/meson/meson_sm.c:206:9: sparse: expected void const * drivers/firmware/meson/meson_sm.c:206:9: sparse: got void [noderef] __iomem *sm_shmem_in_base drivers/firmware/meson/meson_sm.c:206:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void * @@ got void [noderef] __iomem *sm_shmem_in_base @@ drivers/firmware/meson/meson_sm.c:206:9: sparse: expected void * drivers/firmware/meson/meson_sm.c:206:9: sparse: got void [noderef] __iomem *sm_shmem_in_base vim +206 drivers/firmware/meson/meson_sm.c 2c4ddb215521d5 Carlo Caione 2016-08-27 124 2c4ddb215521d5 Carlo Caione 2016-08-27 125 /** 2c4ddb215521d5 Carlo Caione 2016-08-27 126 * meson_sm_call_read - retrieve data from secure-monitor 2c4ddb215521d5 Carlo Caione 2016-08-27 127 * 8cde3c2153e8f5 Carlo Caione 2019-07-31 128 * @fw: Pointer to secure-monitor firmware 2c4ddb215521d5 Carlo Caione 2016-08-27 129 * @buffer: Buffer to store the retrieved data 83e007a0c6a3f4 Carlo Caione 2017-03-03 130 * @bsize: Size of the buffer 2c4ddb215521d5 Carlo Caione 2016-08-27 131 * @cmd_index: Index of the SMC32 function ID 2c4ddb215521d5 Carlo Caione 2016-08-27 132 * @arg0: SMC32 Argument 0 2c4ddb215521d5 Carlo Caione 2016-08-27 133 * @arg1: SMC32 Argument 1 2c4ddb215521d5 Carlo Caione 2016-08-27 134 * @arg2: SMC32 Argument 2 2c4ddb215521d5 Carlo Caione 2016-08-27 135 * @arg3: SMC32 Argument 3 2c4ddb215521d5 Carlo Caione 2016-08-27 136 * @arg4: SMC32 Argument 4 2c4ddb215521d5 Carlo Caione 2016-08-27 137 * 2c4ddb215521d5 Carlo Caione 2016-08-27 138 * Return: size of read data on success, a negative value on error 7a9bc330df9b8f Carlo Caione 2017-03-03 139 * When 0 is returned there is no guarantee about the amount of 7a9bc330df9b8f Carlo Caione 2017-03-03 140 * data read and bsize bytes are copied in buffer. 2c4ddb215521d5 Carlo Caione 2016-08-27 141 */ 8cde3c2153e8f5 Carlo Caione 2019-07-31 142 int meson_sm_call_read(struct meson_sm_firmware *fw, void *buffer, 8cde3c2153e8f5 Carlo Caione 2019-07-31 143 unsigned int bsize, unsigned int cmd_index, u32 arg0, 8cde3c2153e8f5 Carlo Caione 2019-07-31 144 u32 arg1, u32 arg2, u32 arg3, u32 arg4) 2c4ddb215521d5 Carlo Caione 2016-08-27 145 { 2c4ddb215521d5 Carlo Caione 2016-08-27 146 u32 size; 7a9bc330df9b8f Carlo Caione 2017-03-03 147 int ret; 2c4ddb215521d5 Carlo Caione 2016-08-27 148 8cde3c2153e8f5 Carlo Caione 2019-07-31 149 if (!fw->chip) 2c4ddb215521d5 Carlo Caione 2016-08-27 150 return -ENOENT; 2c4ddb215521d5 Carlo Caione 2016-08-27 151 8cde3c2153e8f5 Carlo Caione 2019-07-31 152 if (!fw->chip->cmd_shmem_out_base) 2c4ddb215521d5 Carlo Caione 2016-08-27 153 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 154 8cde3c2153e8f5 Carlo Caione 2019-07-31 155 if (bsize > fw->chip->shmem_size) 83e007a0c6a3f4 Carlo Caione 2017-03-03 156 return -EINVAL; 83e007a0c6a3f4 Carlo Caione 2017-03-03 157 8cde3c2153e8f5 Carlo Caione 2019-07-31 158 if (meson_sm_call(fw, cmd_index, &size, arg0, arg1, arg2, arg3, arg4) < 0) 2c4ddb215521d5 Carlo Caione 2016-08-27 159 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 160 7a9bc330df9b8f Carlo Caione 2017-03-03 161 if (size > bsize) 2c4ddb215521d5 Carlo Caione 2016-08-27 162 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 163 7a9bc330df9b8f Carlo Caione 2017-03-03 164 ret = size; 7a9bc330df9b8f Carlo Caione 2017-03-03 165 7a9bc330df9b8f Carlo Caione 2017-03-03 166 if (!size) 7a9bc330df9b8f Carlo Caione 2017-03-03 167 size = bsize; 7a9bc330df9b8f Carlo Caione 2017-03-03 168 2c4ddb215521d5 Carlo Caione 2016-08-27 169 if (buffer) 8cde3c2153e8f5 Carlo Caione 2019-07-31 @170 memcpy(buffer, fw->sm_shmem_out_base, size); 2c4ddb215521d5 Carlo Caione 2016-08-27 171 7a9bc330df9b8f Carlo Caione 2017-03-03 172 return ret; 2c4ddb215521d5 Carlo Caione 2016-08-27 173 } 2c4ddb215521d5 Carlo Caione 2016-08-27 174 EXPORT_SYMBOL(meson_sm_call_read); 2c4ddb215521d5 Carlo Caione 2016-08-27 175 2c4ddb215521d5 Carlo Caione 2016-08-27 176 /** 2c4ddb215521d5 Carlo Caione 2016-08-27 177 * meson_sm_call_write - send data to secure-monitor 2c4ddb215521d5 Carlo Caione 2016-08-27 178 * 8cde3c2153e8f5 Carlo Caione 2019-07-31 179 * @fw: Pointer to secure-monitor firmware 2c4ddb215521d5 Carlo Caione 2016-08-27 180 * @buffer: Buffer containing data to send 2c4ddb215521d5 Carlo Caione 2016-08-27 181 * @size: Size of the data to send 2c4ddb215521d5 Carlo Caione 2016-08-27 182 * @cmd_index: Index of the SMC32 function ID 2c4ddb215521d5 Carlo Caione 2016-08-27 183 * @arg0: SMC32 Argument 0 2c4ddb215521d5 Carlo Caione 2016-08-27 184 * @arg1: SMC32 Argument 1 2c4ddb215521d5 Carlo Caione 2016-08-27 185 * @arg2: SMC32 Argument 2 2c4ddb215521d5 Carlo Caione 2016-08-27 186 * @arg3: SMC32 Argument 3 2c4ddb215521d5 Carlo Caione 2016-08-27 187 * @arg4: SMC32 Argument 4 2c4ddb215521d5 Carlo Caione 2016-08-27 188 * 2c4ddb215521d5 Carlo Caione 2016-08-27 189 * Return: size of sent data on success, a negative value on error 2c4ddb215521d5 Carlo Caione 2016-08-27 190 */ 8cde3c2153e8f5 Carlo Caione 2019-07-31 191 int meson_sm_call_write(struct meson_sm_firmware *fw, void *buffer, 8cde3c2153e8f5 Carlo Caione 2019-07-31 192 unsigned int size, unsigned int cmd_index, u32 arg0, 8cde3c2153e8f5 Carlo Caione 2019-07-31 193 u32 arg1, u32 arg2, u32 arg3, u32 arg4) 2c4ddb215521d5 Carlo Caione 2016-08-27 194 { 2c4ddb215521d5 Carlo Caione 2016-08-27 195 u32 written; 2c4ddb215521d5 Carlo Caione 2016-08-27 196 8cde3c2153e8f5 Carlo Caione 2019-07-31 197 if (!fw->chip) 2c4ddb215521d5 Carlo Caione 2016-08-27 198 return -ENOENT; 2c4ddb215521d5 Carlo Caione 2016-08-27 199 8cde3c2153e8f5 Carlo Caione 2019-07-31 200 if (size > fw->chip->shmem_size) 2c4ddb215521d5 Carlo Caione 2016-08-27 201 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 202 8cde3c2153e8f5 Carlo Caione 2019-07-31 203 if (!fw->chip->cmd_shmem_in_base) 2c4ddb215521d5 Carlo Caione 2016-08-27 204 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 205 8cde3c2153e8f5 Carlo Caione 2019-07-31 @206 memcpy(fw->sm_shmem_in_base, buffer, size); 2c4ddb215521d5 Carlo Caione 2016-08-27 207 8cde3c2153e8f5 Carlo Caione 2019-07-31 208 if (meson_sm_call(fw, cmd_index, &written, arg0, arg1, arg2, arg3, arg4) < 0) 2c4ddb215521d5 Carlo Caione 2016-08-27 209 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 210 2c4ddb215521d5 Carlo Caione 2016-08-27 211 if (!written) 2c4ddb215521d5 Carlo Caione 2016-08-27 212 return -EINVAL; 2c4ddb215521d5 Carlo Caione 2016-08-27 213 2c4ddb215521d5 Carlo Caione 2016-08-27 214 return written; 2c4ddb215521d5 Carlo Caione 2016-08-27 215 } 2c4ddb215521d5 Carlo Caione 2016-08-27 216 EXPORT_SYMBOL(meson_sm_call_write); 2c4ddb215521d5 Carlo Caione 2016-08-27 217 :::::: The code at line 206 was first introduced by commit :::::: 8cde3c2153e8f57be884c0e73f18bc4de150e870 firmware: meson_sm: Rework driver as a proper platform driver :::::: TO: Carlo Caione :::::: CC: Kevin Hilman -- 0-DAY CI Kernel Test Service https://01.org/lkp