From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH V2 2/2] soc: qcom: smem: validate fields of shared structures
Date: Fri, 09 Jul 2021 08:12:17 +0800 [thread overview]
Message-ID: <202107090815.lrk6f29K-lkp@intel.com> (raw)
In-Reply-To: <1625763502-22806-3-git-send-email-deesin@codeaurora.org>
[-- Attachment #1: Type: text/plain, Size: 14829 bytes --]
Hi Deepak,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[also build test WARNING on v5.13 next-20210708]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Deepak-Kumar-Singh/smem-partition-remap-and-bound-check-changes/20210709-010025
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e9f1cbc0c4114880090c7a578117d3b9cf184ad4
config: x86_64-randconfig-s021-20210707 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.3-341-g8af24329-dirty
# https://github.com/0day-ci/linux/commit/04fbf96d72efa72996d7e78dcb648caa88a84069
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Deepak-Kumar-Singh/smem-partition-remap-and-bound-check-changes/20210709-010025
git checkout 04fbf96d72efa72996d7e78dcb648caa88a84069
# save the attached .config to linux build tree
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/soc/qcom/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
drivers/soc/qcom/smem.c:371:14: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_partition_header *phdr @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:371:14: sparse: expected struct smem_partition_header *phdr
drivers/soc/qcom/smem.c:371:14: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:429:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_header *header @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:429:16: sparse: expected struct smem_header *header
drivers/soc/qcom/smem.c:429:16: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:516:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_header *header @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:516:16: sparse: expected struct smem_header *header
drivers/soc/qcom/smem.c:516:16: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:536:50: sparse: sparse: incorrect type in return expression (different address spaces) @@ expected void * @@ got void [noderef] __iomem * @@
drivers/soc/qcom/smem.c:536:50: sparse: expected void *
drivers/soc/qcom/smem.c:536:50: sparse: got void [noderef] __iomem *
drivers/soc/qcom/smem.c:554:14: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_partition_header *phdr @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:554:14: sparse: expected struct smem_partition_header *phdr
drivers/soc/qcom/smem.c:554:14: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:700:22: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_partition_header *phdr @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:700:22: sparse: expected struct smem_partition_header *phdr
drivers/soc/qcom/smem.c:700:22: sparse: got void [noderef] __iomem *virt_base
>> drivers/soc/qcom/smem.c:704:27: sparse: sparse: cast to restricted __le32
drivers/soc/qcom/smem.c:708:22: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_partition_header *phdr @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:708:22: sparse: expected struct smem_partition_header *phdr
drivers/soc/qcom/smem.c:708:22: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:712:27: sparse: sparse: cast to restricted __le32
drivers/soc/qcom/smem.c:715:24: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_header *header @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:715:24: sparse: expected struct smem_header *header
drivers/soc/qcom/smem.c:715:24: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:728:30: sparse: sparse: incompatible types in comparison expression (different address spaces):
drivers/soc/qcom/smem.c:728:30: sparse: void *
drivers/soc/qcom/smem.c:728:30: sparse: void [noderef] __iomem *
drivers/soc/qcom/smem.c:749:36: sparse: sparse: subtraction of different types can't work (different address spaces)
drivers/soc/qcom/smem.c:758:28: sparse: sparse: subtraction of different types can't work (different address spaces)
drivers/soc/qcom/smem.c:767:36: sparse: sparse: subtraction of different types can't work (different address spaces)
drivers/soc/qcom/smem.c:782:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_header *header @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:782:16: sparse: expected struct smem_header *header
drivers/soc/qcom/smem.c:782:16: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:815:57: sparse: sparse: restricted __le32 degrades to integer
drivers/soc/qcom/smem.c:836:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_partition_header *header @@ got void [noderef] __iomem * @@
drivers/soc/qcom/smem.c:836:16: sparse: expected struct smem_partition_header *header
drivers/soc/qcom/smem.c:836:16: sparse: got void [noderef] __iomem *
drivers/soc/qcom/smem.c:1033:22: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_ptable *ptable @@ got void [noderef] __iomem * @@
drivers/soc/qcom/smem.c:1033:22: sparse: expected struct smem_ptable *ptable
drivers/soc/qcom/smem.c:1033:22: sparse: got void [noderef] __iomem *
drivers/soc/qcom/smem.c:1048:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_header *header @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:1048:16: sparse: expected struct smem_header *header
drivers/soc/qcom/smem.c:1048:16: sparse: got void [noderef] __iomem *virt_base
drivers/soc/qcom/smem.c:1049:14: sparse: sparse: incorrect type in assignment (different base types) @@ expected unsigned int [usertype] size @@ got restricted __le32 [usertype] available @@
drivers/soc/qcom/smem.c:1049:14: sparse: expected unsigned int [usertype] size
drivers/soc/qcom/smem.c:1049:14: sparse: got restricted __le32 [usertype] available
drivers/soc/qcom/smem.c:1090:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct smem_header *header @@ got void [noderef] __iomem *virt_base @@
drivers/soc/qcom/smem.c:1090:16: sparse: expected struct smem_header *header
drivers/soc/qcom/smem.c:1090:16: sparse: got void [noderef] __iomem *virt_base
vim +704 drivers/soc/qcom/smem.c
503
504 static void *qcom_smem_get_global(struct qcom_smem *smem,
505 unsigned item,
506 size_t *size)
507 {
508 struct smem_header *header;
509 struct smem_region *region;
510 struct smem_global_entry *entry;
511 u64 entry_offset;
512 u32 e_size;
513 u32 aux_base;
514 unsigned i;
515
516 header = smem->regions[0].virt_base;
517 entry = &header->toc[item];
518 if (!entry->allocated)
519 return ERR_PTR(-ENXIO);
520
521 aux_base = le32_to_cpu(entry->aux_base) & AUX_BASE_MASK;
522
523 for (i = 0; i < smem->num_regions; i++) {
524 region = &smem->regions[i];
525
526 if (region->aux_base == aux_base || !aux_base) {
527 e_size = le32_to_cpu(entry->size);
528 entry_offset = le32_to_cpu(entry->offset);
529
530 if (WARN_ON(e_size + entry_offset > region->size))
531 return ERR_PTR(-EINVAL);
532
533 if (size != NULL)
534 *size = e_size;
535
> 536 return region->virt_base + entry_offset;
537 }
538 }
539
540 return ERR_PTR(-ENOENT);
541 }
542
543 static void *qcom_smem_get_private(struct qcom_smem *smem,
544 struct smem_partition *part,
545 unsigned item,
546 size_t *size)
547 {
548 struct smem_private_entry *e, *end;
549 struct smem_partition_header *phdr;
550 void *item_ptr, *p_end;
551 u32 padding_data;
552 u32 e_size;
553
554 phdr = part->virt_base;
555 p_end = (void *)phdr + part->size;
556
557 e = phdr_to_first_uncached_entry(phdr);
558 end = phdr_to_last_uncached_entry(phdr);
559
560 if (WARN_ON((void *)end > p_end))
561 return ERR_PTR(-EINVAL);
562
563 while (e < end) {
564 if (e->canary != SMEM_PRIVATE_CANARY)
565 goto invalid_canary;
566
567 if (le16_to_cpu(e->item) == item) {
568 if (size != NULL) {
569 e_size = le32_to_cpu(e->size);
570 padding_data = le16_to_cpu(e->padding_data);
571
572 if (WARN_ON(e_size > part->size || padding_data > e_size))
573 return ERR_PTR(-EINVAL);
574
575 *size = e_size - padding_data;
576 }
577
578 item_ptr = uncached_entry_to_item(e);
579 if (WARN_ON(item_ptr > p_end))
580 return ERR_PTR(-EINVAL);
581
582 return item_ptr;
583 }
584
585 e = uncached_entry_next(e);
586 }
587
588 if (WARN_ON((void *)e > p_end))
589 return ERR_PTR(-EINVAL);
590
591 /* Item was not found in the uncached list, search the cached list */
592
593 e = phdr_to_first_cached_entry(phdr, part->cacheline);
594 end = phdr_to_last_cached_entry(phdr);
595
596 if (WARN_ON((void *)e < (void *)phdr || (void *)end > p_end))
597 return ERR_PTR(-EINVAL);
598
599 while (e > end) {
600 if (e->canary != SMEM_PRIVATE_CANARY)
601 goto invalid_canary;
602
603 if (le16_to_cpu(e->item) == item) {
604 if (size != NULL) {
605 e_size = le32_to_cpu(e->size);
606 padding_data = le16_to_cpu(e->padding_data);
607
608 if (WARN_ON(e_size > part->size || padding_data > e_size))
609 return ERR_PTR(-EINVAL);
610
611 *size = e_size - padding_data;
612 }
613
614 item_ptr = cached_entry_to_item(e);
615 if (WARN_ON(item_ptr < (void *)phdr))
616 return ERR_PTR(-EINVAL);
617
618 return item_ptr;
619 }
620
621 e = cached_entry_next(e, part->cacheline);
622 }
623
624 if (WARN_ON((void *)e < (void *)phdr))
625 return ERR_PTR(-EINVAL);
626
627 return ERR_PTR(-ENOENT);
628
629 invalid_canary:
630 dev_err(smem->dev, "Found invalid canary in hosts %hu:%hu partition\n",
631 le16_to_cpu(phdr->host0), le16_to_cpu(phdr->host1));
632
633 return ERR_PTR(-EINVAL);
634 }
635
636 /**
637 * qcom_smem_get() - resolve ptr of size of a smem item
638 * @host: the remote processor, or -1
639 * @item: smem item handle
640 * @size: pointer to be filled out with size of the item
641 *
642 * Looks up smem item and returns pointer to it. Size of smem
643 * item is returned in @size.
644 */
645 void *qcom_smem_get(unsigned host, unsigned item, size_t *size)
646 {
647 struct smem_partition *part;
648 unsigned long flags;
649 int ret;
650 void *ptr = ERR_PTR(-EPROBE_DEFER);
651
652 if (!__smem)
653 return ptr;
654
655 if (WARN_ON(item >= __smem->item_count))
656 return ERR_PTR(-EINVAL);
657
658 ret = hwspin_lock_timeout_irqsave(__smem->hwlock,
659 HWSPINLOCK_TIMEOUT,
660 &flags);
661 if (ret)
662 return ERR_PTR(ret);
663
664 if (host < SMEM_HOST_COUNT && __smem->partitions[host].virt_base) {
665 part = &__smem->partitions[host];
666 ptr = qcom_smem_get_private(__smem, part, item, size);
667 } else if (__smem->global_partition.virt_base) {
668 part = &__smem->global_partition;
669 ptr = qcom_smem_get_private(__smem, part, item, size);
670 } else {
671 ptr = qcom_smem_get_global(__smem, item, size);
672 }
673
674 hwspin_unlock_irqrestore(__smem->hwlock, &flags);
675
676 return ptr;
677
678 }
679 EXPORT_SYMBOL(qcom_smem_get);
680
681 /**
682 * qcom_smem_get_free_space() - retrieve amount of free space in a partition
683 * @host: the remote processor identifying a partition, or -1
684 *
685 * To be used by smem clients as a quick way to determine if any new
686 * allocations has been made.
687 */
688 int qcom_smem_get_free_space(unsigned host)
689 {
690 struct smem_partition *part;
691 struct smem_partition_header *phdr;
692 struct smem_header *header;
693 unsigned ret;
694
695 if (!__smem)
696 return -EPROBE_DEFER;
697
698 if (host < SMEM_HOST_COUNT && __smem->partitions[host].virt_base) {
699 part = &__smem->partitions[host];
700 phdr = part->virt_base;
701 ret = le32_to_cpu(phdr->offset_free_cached) -
702 le32_to_cpu(phdr->offset_free_uncached);
703
> 704 if (ret > le32_to_cpu(part->size))
705 return -EINVAL;
706 } else if (__smem->global_partition.virt_base) {
707 part = &__smem->global_partition;
708 phdr = part->virt_base;
709 ret = le32_to_cpu(phdr->offset_free_cached) -
710 le32_to_cpu(phdr->offset_free_uncached);
711
712 if (ret > le32_to_cpu(part->size))
713 return -EINVAL;
714 } else {
715 header = __smem->regions[0].virt_base;
716 ret = le32_to_cpu(header->available);
717
718 if (ret > __smem->regions[0].size)
719 return -EINVAL;
720 }
721
722 return ret;
723 }
724 EXPORT_SYMBOL(qcom_smem_get_free_space);
725
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 38793 bytes --]
prev parent reply other threads:[~2021-07-09 0:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-08 16:58 [PATCH V2 0/2] smem partition remap and bound check changes Deepak Kumar Singh
2021-07-08 16:58 ` [PATCH V2 1/2] soc: qcom: smem: map only partitions used by local HOST Deepak Kumar Singh
2021-07-08 23:17 ` kernel test robot
2021-07-08 23:17 ` kernel test robot
2021-07-08 16:58 ` [PATCH V2 2/2] soc: qcom: smem: validate fields of shared structures Deepak Kumar Singh
2021-07-09 0:12 ` kernel test robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202107090815.lrk6f29K-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild-all@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.