From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: [daniel-thompson:clang-analyzer/initial_review 7/7] kernel/bpf/syscall.c:747:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg]
Date: Mon, 09 May 2022 05:41:56 +0800 [thread overview]
Message-ID: <202205090556.edTCutdb-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 76875 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Daniel Thompson <daniel.thompson@linaro.org>
tree: https://git.linaro.org/people/daniel.thompson/linux.git clang-analyzer/initial_review
head: ad6525bf355a301ca52b1dc3639fa340409c79b9
commit: ad6525bf355a301ca52b1dc3639fa340409c79b9 [7/7] [RFC] linux/err.h: Refactor IS_ERR_VALUE(x) to improve clang reasoning
:::::: branch date: 4 days ago
:::::: commit date: 4 days ago
config: x86_64-randconfig-c007 (https://download.01.org/0day-ci/archive/20220509/202205090556.edTCutdb-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 5e004fb787698440a387750db7f8028e7cb14cfc)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
git remote add daniel-thompson https://git.linaro.org/people/daniel.thompson/linux.git
git fetch --no-tags daniel-thompson clang-analyzer/initial_review
git checkout ad6525bf355a301ca52b1dc3639fa340409c79b9
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
crypto/ecc.c:918:2: note: Taking false branch
if (strncmp(curve->name, "nist_", 5) != 0) {
^
crypto/ecc.c:934:2: note: Control jumps to the 'default' case at line 944
switch (ndigits) {
^
crypto/ecc.c:945:3: note: Assuming the condition is false
pr_err_ratelimited("ecc: unsupported digits size!\n");
^
include/linux/printk.h:654:2: note: expanded from macro 'pr_err_ratelimited'
printk_ratelimited(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/printk.h:639:6: note: expanded from macro 'printk_ratelimited'
if (__ratelimit(&_rs)) \
^~~~~~~~~~~~~~~~~
include/linux/ratelimit_types.h:41:28: note: expanded from macro '__ratelimit'
#define __ratelimit(state) ___ratelimit(state, __func__)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:945:3: note: Taking false branch
pr_err_ratelimited("ecc: unsupported digits size!\n");
^
include/linux/printk.h:654:2: note: expanded from macro 'pr_err_ratelimited'
printk_ratelimited(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:639:2: note: expanded from macro 'printk_ratelimited'
if (__ratelimit(&_rs)) \
^
crypto/ecc.c:946:3: note: Returning without writing to '*result'
return false;
^
crypto/ecc.c:982:2: note: Returning from 'vli_mmod_fast'
vli_mmod_fast(result, product, curve);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:983:1: note: Returning without writing to '*result'
}
^
crypto/ecc.c:1568:2: note: Returning from 'vli_mod_square_fast'
vli_mod_square_fast(xxx, pk->x, curve); /* x^2 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:1569:2: note: Calling 'vli_mod_mult_fast'
vli_mod_mult_fast(xxx, xxx, pk->x, curve); /* x^3 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:971:2: note: Calling 'vli_mult'
vli_mult(product, left, right, curve->g.ndigits);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:401:14: note: Assuming the condition is true
for (k = 0; k < ndigits * 2 - 1; k++) {
^~~~~~~~~~~~~~~~~~~
crypto/ecc.c:401:2: note: Loop condition is true. Entering loop body
for (k = 0; k < ndigits * 2 - 1; k++) {
^
crypto/ecc.c:404:7: note: Assuming 'k' is < 'ndigits'
if (k < ndigits)
^~~~~~~~~~~
crypto/ecc.c:404:3: note: Taking true branch
if (k < ndigits)
^
crypto/ecc.c:405:4: note: The value 0 is assigned to 'min'
min = 0;
^~~~~~~
crypto/ecc.c:409:8: note: The value 0 is assigned to 'i'
for (i = min; i <= k && i < ndigits; i++) {
^~~~~~~
crypto/ecc.c:409:17: note: 'i' is <= 'k'
for (i = min; i <= k && i < ndigits; i++) {
^
crypto/ecc.c:409:17: note: Left side of '&&' is true
crypto/ecc.c:409:27: note: 'i' is < 'ndigits'
for (i = min; i <= k && i < ndigits; i++) {
^
crypto/ecc.c:409:3: note: Loop condition is true. Entering loop body
for (i = min; i <= k && i < ndigits; i++) {
^
crypto/ecc.c:412:14: note: 1st function call argument is an uninitialized value
product = mul_64_64(left[i], right[k - i]);
^ ~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
26 warnings generated.
Suppressed 26 warnings (26 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
Suppressed 9 warnings (8 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
12 warnings generated.
>> kernel/bpf/syscall.c:747:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg]
memset(dst, 0, size);
^
kernel/bpf/syscall.c:4758:2: note: Control jumps to 'case BPF_MAP_CREATE:' at line 4759
switch (cmd) {
^
kernel/bpf/syscall.c:4764:3: note: Execution continues on line 4771
break;
^
kernel/bpf/syscall.c:4771:9: note: Calling '__sys_bpf'
return __sys_bpf(cmd, KERNEL_BPFPTR(attr), attr_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4600:6: note: Assuming 'sysctl_unprivileged_bpf_disabled' is 0
if (sysctl_unprivileged_bpf_disabled && !bpf_capable())
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4600:39: note: Left side of '&&' is false
if (sysctl_unprivileged_bpf_disabled && !bpf_capable())
^
kernel/bpf/syscall.c:4604:6: note: 'err' is 0
if (err)
^~~
kernel/bpf/syscall.c:4604:2: note: Taking false branch
if (err)
^
kernel/bpf/syscall.c:4606:9: note: Assuming '__UNIQUE_ID___x903' is >= '__UNIQUE_ID___y904'
size = min_t(u32, size, sizeof(attr));
^
include/linux/minmax.h:104:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:28:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^~~~~~~~~~
kernel/bpf/syscall.c:4606:9: note: '?' condition is false
size = min_t(u32, size, sizeof(attr));
^
include/linux/minmax.h:104:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^
include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^
include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^
include/linux/minmax.h:28:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^
kernel/bpf/syscall.c:4610:6: note: Calling 'copy_from_bpfptr'
if (copy_from_bpfptr(&attr, uattr, size) != 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpfptr.h:57:9: note: Calling 'copy_from_bpfptr_offset'
return copy_from_bpfptr_offset(dst, src, 0, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpfptr.h:52:9: note: Calling 'copy_from_sockptr_offset'
return copy_from_sockptr_offset(dst, (sockptr_t) src, offset, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/sockptr.h:47:2: note: Taking false branch
if (!sockptr_is_kernel(src))
^
include/linux/bpfptr.h:52:9: note: Returning from 'copy_from_sockptr_offset'
return copy_from_sockptr_offset(dst, (sockptr_t) src, offset, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpfptr.h:57:9: note: Returning from 'copy_from_bpfptr_offset'
return copy_from_bpfptr_offset(dst, src, 0, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4610:6: note: Returning from 'copy_from_bpfptr'
if (copy_from_bpfptr(&attr, uattr, size) != 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4610:2: note: Taking false branch
if (copy_from_bpfptr(&attr, uattr, size) != 0)
^
kernel/bpf/syscall.c:4614:6: note: Assuming 'err' is >= 0
if (err < 0)
^~~~~~~
kernel/bpf/syscall.c:4614:2: note: Taking false branch
if (err < 0)
^
kernel/bpf/syscall.c:4617:2: note: Control jumps to 'case BPF_MAP_CREATE:' @line 4618
switch (cmd) {
^
kernel/bpf/syscall.c:4619:9: note: Calling 'map_create'
err = map_create(&attr);
^~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:839:8: note: Assuming the condition is false
err = CHECK_ATTR(BPF_MAP_CREATE);
^
kernel/bpf/syscall.c:733:2: note: expanded from macro 'CHECK_ATTR'
memchr_inv((void *) &attr->CMD##_LAST_FIELD + \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:840:6: note: 'err' is 0
if (err)
^~~
kernel/bpf/syscall.c:840:2: note: Taking false branch
if (err)
--
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:402:10: note: Returning from 'opal_discovery0_step'
error = opal_discovery0_step(dev);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:403:6: note: 'error' is 0
if (error)
^~~~~
block/sed-opal.c:403:2: note: Taking false branch
if (error)
^
block/sed-opal.c:406:2: note: Loop condition is true. Entering loop body
for (state = 0; state < n_steps; state++) {
^
block/sed-opal.c:407:11: note: Calling 'execute_step'
error = execute_step(dev, &steps[state], state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:384:28: note: Passing null pointer value via 2nd parameter 'data'
int error = step->fn(dev, step->data);
^~~~~~~~~~
block/sed-opal.c:384:14: note: Calling 'start_SIDASP_opal_session'
int error = step->fn(dev, step->data);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1458:6: note: Assuming 'key' is null
if (!key) {
^~~~
block/sed-opal.c:1458:2: note: Taking true branch
if (!key) {
^
block/sed-opal.c:1459:3: note: 'okey' initialized to a null pointer value
const struct opal_key *okey = data;
^~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1464:8: note: Access to field 'key_len' results in a dereference of a null pointer (loaded from variable 'okey')
okey->key_len);
^~~~
block/sed-opal.c:1492:8: warning: Access to field 'key_len' results in a dereference of a null pointer (loaded from variable 'okey') [clang-analyzer-core.NullDereference]
okey->key_len);
^
block/sed-opal.c:2628:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2628:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
block/sed-opal.c:2630:6: note: Assuming 'dev' is non-null
if (!dev)
^~~~
block/sed-opal.c:2630:2: note: Taking false branch
if (!dev)
^
block/sed-opal.c:2632:6: note: Assuming field 'supported' is true
if (!dev->supported)
^~~~~~~~~~~~~~~
block/sed-opal.c:2632:2: note: Taking false branch
if (!dev->supported)
^
block/sed-opal.c:2636:2: note: Taking false branch
if (IS_ERR(p))
^
block/sed-opal.c:2639:2: note: Control jumps to 'case 1091072232:' at line 2682
switch (cmd) {
^
block/sed-opal.c:2683:9: note: Calling 'opal_reverttper'
ret = opal_reverttper(dev, p, true);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2337:2: note: field 'data' initialized to a null pointer value
const struct opal_step psid_revert_steps[] = {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2346:6: note: 'psid' is true
if (psid)
^~~~
block/sed-opal.c:2346:2: note: Taking true branch
if (psid)
^
block/sed-opal.c:2347:9: note: Calling 'execute_steps'
ret = execute_steps(dev, psid_revert_steps,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:403:6: note: 'error' is 0
if (error)
^~~~~
block/sed-opal.c:403:2: note: Taking false branch
if (error)
^
block/sed-opal.c:406:2: note: Loop condition is true. Entering loop body
for (state = 0; state < n_steps; state++) {
^
block/sed-opal.c:407:11: note: Calling 'execute_step'
error = execute_step(dev, &steps[state], state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:384:28: note: Passing null pointer value via 2nd parameter 'data'
int error = step->fn(dev, step->data);
^~~~~~~~~~
block/sed-opal.c:384:14: note: Calling 'start_PSID_opal_session'
int error = step->fn(dev, step->data);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1487:2: note: 'okey' initialized to a null pointer value
const struct opal_key *okey = data;
^~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1492:8: note: Access to field 'key_len' results in a dereference of a null pointer (loaded from variable 'okey')
okey->key_len);
^~~~
>> block/sed-opal.c:1499:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
size_t keylen = session->opal_key.key_len;
^
block/sed-opal.c:2628:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2628:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
block/sed-opal.c:2630:6: note: Assuming 'dev' is non-null
if (!dev)
^~~~
block/sed-opal.c:2630:2: note: Taking false branch
if (!dev)
^
block/sed-opal.c:2632:6: note: Assuming field 'supported' is true
if (!dev->supported)
^~~~~~~~~~~~~~~
block/sed-opal.c:2632:2: note: Taking false branch
if (!dev->supported)
^
block/sed-opal.c:2636:2: note: Taking false branch
if (IS_ERR(p))
^
block/sed-opal.c:2639:2: note: Control jumps to 'case 1091596518:' at line 2676
switch (cmd) {
^
block/sed-opal.c:2677:9: note: Calling 'opal_erase_locking_range'
ret = opal_erase_locking_range(dev, p);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2185:2: note: field 'data' initialized to a null pointer value
const struct opal_step erase_steps[] = {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2194:8: note: Calling 'execute_steps'
ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:403:6: note: 'error' is 0
if (error)
^~~~~
block/sed-opal.c:403:2: note: Taking false branch
if (error)
^
block/sed-opal.c:406:2: note: Loop condition is true. Entering loop body
for (state = 0; state < n_steps; state++) {
^
block/sed-opal.c:407:11: note: Calling 'execute_step'
error = execute_step(dev, &steps[state], state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:384:28: note: Passing null pointer value via 2nd parameter 'data'
int error = step->fn(dev, step->data);
^~~~~~~~~~
block/sed-opal.c:384:14: note: Calling 'start_auth_opal_session'
int error = step->fn(dev, step->data);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1497:2: note: 'session' initialized to a null pointer value
struct opal_session_info *session = data;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1499:18: note: Dereference of null pointer
size_t keylen = session->opal_key.key_len;
^~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
fs/binfmt_elf.c:1317:3: warning: Value stored to 'error' is never read [clang-analyzer-deadcode.DeadStores]
error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1317:3: note: Value stored to 'error' is never read
error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1470:23: warning: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'men') [clang-analyzer-core.NullDereference]
en.n_namesz = strlen(men->name) + 1;
^
fs/binfmt_elf.c:2194:6: note: Assuming the condition is false
if (dump_vma_snapshot(cprm, &vma_count, &vma_meta, &vma_data_size))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:2194:2: note: Taking false branch
if (dump_vma_snapshot(cprm, &vma_count, &vma_meta, &vma_data_size))
^
fs/binfmt_elf.c:2209:12: note: Assuming 'segs' is <= PN_XNUM
e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
^~~~~~~~~~~~~~
fs/binfmt_elf.c:2209:12: note: '?' condition is false
fs/binfmt_elf.c:2215:7: note: Calling 'fill_note_info'
if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1824:2: note: Null pointer value stored to 'info.thread'
info->thread = NULL;
^~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1827:6: note: Assuming 'psinfo' is not equal to NULL
--
^
include/linux/err.h:89:9: note: Assuming the condition is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:14: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
fs/ext4/verity.c:51:7: note: Returning from 'IS_ERR'
if (IS_ERR(page))
^~~~~~~~~~~~
fs/ext4/verity.c:51:3: note: Taking true branch
if (IS_ERR(page))
^
fs/ext4/verity.c:52:4: note: Returning without writing to '*buf'
return PTR_ERR(page);
^
fs/ext4/verity.c:52:4: note: Returning value, which participates in a condition later
return PTR_ERR(page);
^~~~~~~~~~~~~~~~~~~~
fs/ext4/verity.c:315:8: note: Returning from 'pagecache_read'
err = pagecache_read(inode, &desc_size_disk, sizeof(desc_size_disk),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/ext4/verity.c:317:6: note: Assuming 'err' is 0
if (err)
^~~
fs/ext4/verity.c:317:2: note: Taking false branch
if (err)
^
fs/ext4/verity.c:319:12: note: Assigned value is garbage or undefined
desc_size = le32_to_cpu(desc_size_disk);
^
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
fs/fs-writeback.c:148:3: warning: Argument to kfree() is the address of the local variable 'work', which is not memory allocated by malloc() [clang-analyzer-unix.Malloc]
kfree(work);
^
fs/fs-writeback.c:2702:6: note: Assuming the condition is false
if (bdi == &noop_backing_dev_info)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:2702:2: note: Taking false branch
if (bdi == &noop_backing_dev_info)
^
fs/fs-writeback.c:2704:2: note: Taking false branch
WARN_ON(!rwsem_is_locked(&sb->s_umount));
^
include/asm-generic/bug.h:122:2: note: expanded from macro 'WARN_ON'
if (unlikely(__ret_warn_on)) \
^
fs/fs-writeback.c:2708:2: note: Calling 'bdi_split_work_to_wbs'
bdi_split_work_to_wbs(bdi, &work, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:1204:2: note: Loop condition is false. Exiting loop
might_sleep();
^
include/linux/kernel.h:138:2: note: expanded from macro 'might_sleep'
do { __might_sleep(__FILE__, __LINE__); might_resched(); } while (0)
^
fs/fs-writeback.c:1206:7: note: 'skip_if_busy' is false
if (!skip_if_busy || !writeback_in_progress(&bdi->wb)) {
^~~~~~~~~~~~
fs/fs-writeback.c:1206:20: note: Left side of '||' is true
if (!skip_if_busy || !writeback_in_progress(&bdi->wb)) {
^
fs/fs-writeback.c:1208:3: note: Calling 'wb_queue_work'
wb_queue_work(&bdi->wb, base_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:163:6: note: Assuming field 'done' is null
if (work->done)
^~~~~~~~~~
fs/fs-writeback.c:163:2: note: Taking false branch
if (work->done)
^
fs/fs-writeback.c:168:6: note: Assuming the condition is false
if (test_bit(WB_registered, &wb->state)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:168:2: note: Taking false branch
if (test_bit(WB_registered, &wb->state)) {
^
fs/fs-writeback.c:172:3: note: Calling 'finish_writeback_work'
finish_writeback_work(wb, work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:147:6: note: Assuming field 'auto_free' is not equal to 0
if (work->auto_free)
^~~~~~~~~~~~~~~
fs/fs-writeback.c:147:2: note: Taking true branch
if (work->auto_free)
^
fs/fs-writeback.c:148:3: note: Argument to kfree() is the address of the local variable 'work', which is not memory allocated by malloc()
kfree(work);
^ ~~~~
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
10 warnings generated.
>> drivers/net/phy/mdio_bus.c:497:2: warning: Null pointer passed as 1st argument to string copy function [clang-analyzer-unix.cstring.NullArg]
strncpy(mdiodev->modalias, bi->modalias,
^ ~~~~~~~~~~~~~~~~~
drivers/net/phy/mdio_bus.c:494:2: note: Taking false branch
if (IS_ERR(mdiodev))
^
drivers/net/phy/mdio_bus.c:497:2: note: Null pointer passed as 1st argument to string copy function
strncpy(mdiodev->modalias, bi->modalias,
^ ~~~~~~~~~~~~~~~~~
drivers/net/phy/mdio_bus.c:689:21: warning: Value stored to 'phydev' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct phy_device *phydev = ERR_PTR(-ENODEV);
^~~~~~ ~~~~~~~~~~~~~~~~
drivers/net/phy/mdio_bus.c:689:21: note: Value stored to 'phydev' during its initialization is never read
struct phy_device *phydev = ERR_PTR(-ENODEV);
^~~~~~ ~~~~~~~~~~~~~~~~
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
drivers/net/phy/sfp-bus.c:510:2: warning: Access to field 'attach' results in a dereference of a null pointer (loaded from field 'upstream_ops') [clang-analyzer-core.NullDereference]
bus->upstream_ops->attach(bus->upstream, bus);
^
drivers/net/phy/sfp-bus.c:694:6: note: Assuming 'bus' is non-null
if (!bus)
^~~~
drivers/net/phy/sfp-bus.c:694:2: note: Taking false branch
if (!bus)
^
drivers/net/phy/sfp-bus.c:699:2: note: Value assigned to field 'upstream_ops'
bus->upstream_ops = ops;
^~~~~~~~~~~~~~~~~~~~~~~
drivers/net/phy/sfp-bus.c:702:6: note: Assuming field 'sfp' is non-null
if (bus->sfp) {
^~~~~~~~
drivers/net/phy/sfp-bus.c:702:2: note: Taking true branch
if (bus->sfp) {
^
drivers/net/phy/sfp-bus.c:703:9: note: Calling 'sfp_register_bus'
ret = sfp_register_bus(bus);
^~~~~~~~~~~~~~~~~~~~~
drivers/net/phy/sfp-bus.c:497:6: note: Assuming 'ops' is null
if (ops) {
^~~
drivers/net/phy/sfp-bus.c:497:2: note: Taking false branch
if (ops) {
^
drivers/net/phy/sfp-bus.c:508:6: note: Assuming field 'started' is false
if (bus->started)
^~~~~~~~~~~~
drivers/net/phy/sfp-bus.c:508:2: note: Taking false branch
if (bus->started)
^
drivers/net/phy/sfp-bus.c:510:2: note: Access to field 'attach' results in a dereference of a null pointer (loaded from field 'upstream_ops')
bus->upstream_ops->attach(bus->upstream, bus);
^ ~~~~~~~~~~~~
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
12 warnings generated.
net/sctp/sm_sideeffect.c:812:41: warning: Access to field 'skb' results in a dereference of a null pointer (loaded from variable 'chunk') [clang-analyzer-core.NullDereference]
hbinfo = (struct sctp_sender_hb_info *)chunk->skb->data;
^
net/sctp/sm_sideeffect.c:1274:21: note: 'chunk' initialized to a null pointer value
struct sctp_chunk *chunk = NULL, *new_obj;
^~~~~
net/sctp/sm_sideeffect.c:1285:6: note: Assuming 'event_type' is equal to SCTP_EVENT_T_TIMEOUT
if (SCTP_EVENT_T_TIMEOUT != event_type)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/sctp/sm_sideeffect.c:1285:2: note: Taking false branch
if (SCTP_EVENT_T_TIMEOUT != event_type)
^
net/sctp/sm_sideeffect.c:1295:2: note: Loop condition is true. Entering loop body
while (NULL != (cmd = sctp_next_cmd(commands))) {
^
net/sctp/sm_sideeffect.c:1296:3: note: Control jumps to 'case SCTP_CMD_TRANSPORT_ON:' at line 1658
switch (cmd->verb) {
^
net/sctp/sm_sideeffect.c:1660:45: note: Passing null pointer value via 4th parameter 'chunk'
sctp_cmd_transport_on(commands, asoc, t, chunk);
^~~~~
net/sctp/sm_sideeffect.c:1660:4: note: Calling 'sctp_cmd_transport_on'
sctp_cmd_transport_on(commands, asoc, t, chunk);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/sctp/sm_sideeffect.c:775:6: note: Assuming field 'state' is >= SCTP_STATE_SHUTDOWN_PENDING
if (t->asoc->state < SCTP_STATE_SHUTDOWN_PENDING)
--
^
fs/nilfs2/mdt.c:291:2: note: Taking false branch
if (unlikely(start > end))
^
fs/nilfs2/mdt.c:294:8: note: Calling 'nilfs_mdt_read_block'
ret = nilfs_mdt_read_block(inode, start, true, out_bh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:170:22: note: 'first_bh' declared without an initial value
struct buffer_head *first_bh, *bh;
^~~~~~~~
fs/nilfs2/mdt.c:175:8: note: Calling 'nilfs_mdt_submit_block'
err = nilfs_mdt_submit_block(inode, block, REQ_OP_READ, 0, &first_bh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:122:15: note: Assuming 'bh' is non-null
if (unlikely(!bh))
^
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
fs/nilfs2/mdt.c:122:2: note: Taking false branch
if (unlikely(!bh))
^
fs/nilfs2/mdt.c:126:6: note: Assuming the condition is false
if (buffer_uptodate(bh))
^~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:126:2: note: Taking false branch
if (buffer_uptodate(bh))
^
fs/nilfs2/mdt.c:129:2: note: Taking false branch
if (mode_flags & REQ_RAHEAD) {
^
fs/nilfs2/mdt.c:137:6: note: Assuming the condition is false
if (buffer_uptodate(bh)) {
^~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:137:2: note: Taking false branch
if (buffer_uptodate(bh)) {
^
fs/nilfs2/mdt.c:143:6: note: Assuming 'ret' is not equal to 0
if (unlikely(ret)) {
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
fs/nilfs2/mdt.c:143:2: note: Taking true branch
if (unlikely(ret)) {
^
fs/nilfs2/mdt.c:145:3: note: Control jumps to line 160
goto failed_bh;
^
fs/nilfs2/mdt.c:164:2: note: Returning without writing to '*out_bh'
return ret;
^
fs/nilfs2/mdt.c:175:8: note: Returning from 'nilfs_mdt_submit_block'
err = nilfs_mdt_submit_block(inode, block, REQ_OP_READ, 0, &first_bh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:176:6: note: Assuming the condition is true
if (err == -EEXIST) /* internal code */
^~~~~~~~~~~~~~
fs/nilfs2/mdt.c:176:2: note: Taking true branch
if (err == -EEXIST) /* internal code */
^
fs/nilfs2/mdt.c:177:3: note: Control jumps to line 208
goto out;
^
fs/nilfs2/mdt.c:208:10: note: Assigned value is garbage or undefined
*out_bh = first_bh;
^ ~~~~~~~~
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (4 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
16 warnings generated.
>> drivers/hwmon/applesmc.c:415:7: warning: Null pointer passed as 1st argument to string comparison function [clang-analyzer-unix.cstring.NullArg]
if (strcmp(entry->key, key) < 0)
^
drivers/hwmon/applesmc.c:1313:6: note: Assuming the condition is false
if (!dmi_check_system(applesmc_whitelist)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:1313:2: note: Taking false branch
if (!dmi_check_system(applesmc_whitelist)) {
^
drivers/hwmon/applesmc.c:1319:6: note: Assuming the condition is false
if (!request_region(APPLESMC_DATA_PORT, APPLESMC_NR_PORTS,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:1319:2: note: Taking false branch
if (!request_region(APPLESMC_DATA_PORT, APPLESMC_NR_PORTS,
^
drivers/hwmon/applesmc.c:1326:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:1326:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:1331:2: note: Taking false branch
if (IS_ERR(pdev)) {
^
drivers/hwmon/applesmc.c:1337:8: note: Calling 'applesmc_init_smcreg'
ret = applesmc_init_smcreg();
^~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:656:2: note: Loop condition is true. Entering loop body
for (ms = 0; ms < INIT_TIMEOUT_MSECS; ms += INIT_WAIT_MSECS) {
^
drivers/hwmon/applesmc.c:657:9: note: Calling 'applesmc_init_smcreg_try'
ret = applesmc_init_smcreg_try();
^~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:573:6: note: Assuming field 'init_complete' is false
if (s->init_complete)
^~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:573:2: note: Taking false branch
if (s->init_complete)
^
drivers/hwmon/applesmc.c:577:6: note: 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:577:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:580:6: note: Assuming field 'cache' is null
if (s->cache && s->key_count != count) {
^~~~~~~~
drivers/hwmon/applesmc.c:580:15: note: Left side of '&&' is false
if (s->cache && s->key_count != count) {
^
drivers/hwmon/applesmc.c:588:10: note: Field 'cache' is null
if (!s->cache)
^
drivers/hwmon/applesmc.c:588:2: note: Taking true branch
if (!s->cache)
^
drivers/hwmon/applesmc.c:590:6: note: Assuming field 'cache' is non-null
if (!s->cache)
^~~~~~~~~
drivers/hwmon/applesmc.c:590:2: note: Taking false branch
if (!s->cache)
^
drivers/hwmon/applesmc.c:594:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:594:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:597:6: note: Assuming field 'fan_count' is <= 10
if (s->fan_count > 10)
^~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:597:2: note: Taking false branch
if (s->fan_count > 10)
^
drivers/hwmon/applesmc.c:600:8: note: Calling 'applesmc_get_lower_bound'
ret = applesmc_get_lower_bound(&s->temp_begin, "T");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:408:9: note: Assuming 'begin' is not equal to 'end'
while (begin != end) {
^~~~~~~~~~~~
drivers/hwmon/applesmc.c:408:2: note: Loop condition is true. Entering loop body
while (begin != end) {
^
drivers/hwmon/applesmc.c:411:3: note: Taking false branch
if (IS_ERR(entry)) {
^
drivers/hwmon/applesmc.c:415:7: note: Null pointer passed as 1st argument to string comparison function
if (strcmp(entry->key, key) < 0)
^ ~~~~~~~~~~
>> drivers/hwmon/applesmc.c:437:7: warning: Null pointer passed as 2nd argument to string comparison function [clang-analyzer-unix.cstring.NullArg]
if (strcmp(key, entry->key) < 0)
^
drivers/hwmon/applesmc.c:989:8: note: Calling 'applesmc_read_key'
ret = applesmc_read_key(KEY_COUNT_KEY, buffer, 4);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:468:10: note: Calling 'applesmc_get_entry_by_key'
entry = applesmc_get_entry_by_key(key);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:453:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:453:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:455:8: note: Calling 'applesmc_get_upper_bound'
ret = applesmc_get_upper_bound(&end, key);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:430:9: note: Assuming 'begin' is not equal to 'end'
while (begin != end) {
^~~~~~~~~~~~
drivers/hwmon/applesmc.c:430:2: note: Loop condition is true. Entering loop body
while (begin != end) {
^
drivers/hwmon/applesmc.c:433:3: note: Taking false branch
if (IS_ERR(entry)) {
^
drivers/hwmon/applesmc.c:437:7: note: Null pointer passed as 2nd argument to string comparison function
if (strcmp(key, entry->key) < 0)
^ ~~~~~~~~~~
drivers/hwmon/applesmc.c:510:27: warning: The left operand of '<<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
*value = ((s16)buffer[0] << 8) | buffer[1];
^
drivers/hwmon/applesmc.c:959:2: note: Calling 'applesmc_calibrate'
applesmc_calibrate();
^~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:719:2: note: Calling 'applesmc_read_s16'
applesmc_read_s16(MOTION_SENSOR_X_KEY, &rest_x);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:506:8: note: Calling 'applesmc_read_key'
ret = applesmc_read_key(key, buffer, 2);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:469:6: note: Calling 'IS_ERR'
if (IS_ERR(entry))
^~~~~~~~~~~~~
include/linux/err.h:89:9: note: Assuming '_l' is not equal to 0, which participates in a condition later
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/err.h:89:9: note: Left side of '&&' is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^
include/linux/err.h:89:9: note: Assuming the condition is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:14: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
drivers/hwmon/applesmc.c:469:6: note: Returning from 'IS_ERR'
if (IS_ERR(entry))
^~~~~~~~~~~~~
drivers/hwmon/applesmc.c:469:2: note: Taking true branch
if (IS_ERR(entry))
^
drivers/hwmon/applesmc.c:470:3: note: Returning without writing to '*buffer'
return PTR_ERR(entry);
^
drivers/hwmon/applesmc.c:470:3: note: Returning value, which participates in a condition later
return PTR_ERR(entry);
^~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:506:8: note: Returning from 'applesmc_read_key'
ret = applesmc_read_key(key, buffer, 2);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:507:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:507:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:510:27: note: The left operand of '<<' is a garbage value
*value = ((s16)buffer[0] << 8) | buffer[1];
~~~~~~~~~ ^
drivers/hwmon/applesmc.c:527:16: warning: The left operand of '!=' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
(buffer[0] != 0x00 || buffer[1] != 0x00))
^
drivers/hwmon/applesmc.c:696:2: note: Calling 'applesmc_device_init'
applesmc_device_init();
^~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:522:6: note: Assuming field 'has_accelerometer' is true
if (!smcreg.has_accelerometer)
--
^~~~~~~~~~~
net/sunrpc/cache.c:1077:3: note: Taking true branch
if (!cq->reader) {
^
net/sunrpc/cache.c:1079:8: note: Assuming 'ch' is equal to field 'item'
if (cr->item != ch)
^~~~~~~~~~~~~~
net/sunrpc/cache.c:1079:4: note: Taking false branch
if (cr->item != ch)
^
net/sunrpc/cache.c:1081:8: note: Assuming the condition is false
if (test_bit(CACHE_PENDING, &ch->flags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/sunrpc/cache.c:1081:4: note: Taking false branch
if (test_bit(CACHE_PENDING, &ch->flags))
^
net/sunrpc/cache.c:1084:8: note: Assuming field 'readers' is equal to 0
if (cr->readers != 0)
^~~~~~~~~~~~~~~~
net/sunrpc/cache.c:1084:4: note: Taking false branch
if (cr->readers != 0)
^
net/sunrpc/cache.c:1076:2: note: Loop condition is false. Execution continues on line 1088
list_for_each_entry_safe(cq, tmp, &detail->queue, list)
^
include/linux/list.h:725:2: note: expanded from macro 'list_for_each_entry_safe'
for (pos = list_first_entry(head, typeof(*pos), member), \
^
net/sunrpc/cache.c:1089:2: note: Loop condition is true. Entering loop body
while (!list_empty(&dequeued)) {
^
net/sunrpc/cache.c:1094:3: note: Memory is released
kfree(cr);
^~~~~~~~~
net/sunrpc/cache.c:1089:2: note: Loop condition is true. Entering loop body
while (!list_empty(&dequeued)) {
^
net/sunrpc/cache.c:1091:3: note: Calling 'list_del'
list_del(&cr->q.list);
^~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:149:14: note: Use of memory after it is freed
entry->next = LIST_POISON1;
~~~~~~~~~~~ ^
Suppressed 9 warnings (9 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
>> drivers/scsi/scsi_lib.c:1129:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg]
memset(req->__cmd, 0, sizeof(req->__cmd));
^
drivers/scsi/scsi_lib.c:2287:12: note: Calling 'scsi_execute_req'
result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, sshdr,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/scsi/scsi_device.h:469:9: note: Null is equal to null
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:15: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:50:19: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:39:58: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
include/linux/compiler_types.h:346:22: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler_types.h:334:23: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler_types.h:326:9: note: expanded from macro '__compiletime_assert'
if (!(condition)) \
^~~~~~~~~
include/scsi/scsi_device.h:469:9: note: Left side of '&&' is false
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:31: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
^
include/scsi/scsi_device.h:469:9: note: Taking false branch
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:2: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
^
include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^
include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^
include/linux/compiler_types.h:346:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:334:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:326:3: note: expanded from macro '__compiletime_assert'
if (!(condition)) \
^
include/scsi/scsi_device.h:469:9: note: Loop condition is false. Exiting loop
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:2: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
^
include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^
include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^
include/linux/compiler_types.h:346:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:334:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:318:2: note: expanded from macro '__compiletime_assert'
do { \
^
include/scsi/scsi_device.h:469:9: note: Calling '__scsi_execute'
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:460:2: note: expanded from macro 'scsi_execute'
__scsi_execute(sdev, cmd, data_direction, buffer, bufflen, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:220:4: note: 'data_direction' is not equal to DMA_TO_DEVICE
data_direction == DMA_TO_DEVICE ?
^~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:220:4: note: '?' condition is false
drivers/scsi/scsi_lib.c:222:4: note: '?' condition is false
rq_flags & RQF_PM ? BLK_MQ_REQ_PM : 0);
^
drivers/scsi/scsi_lib.c:219:8: note: Calling 'scsi_alloc_request'
req = scsi_alloc_request(sdev->request_queue,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:1145:2: note: Taking true branch
if (!IS_ERR(rq))
^
drivers/scsi/scsi_lib.c:1146:3: note: Calling 'scsi_initialize_rq'
scsi_initialize_rq(rq);
^~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:1129:2: note: Null pointer passed as 1st argument to memory set function
memset(req->__cmd, 0, sizeof(req->__cmd));
^ ~~~~~~~~~~
include/scsi/scsi_common.h:66:31: warning: The left operand of '&' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
--
^~~~~~~~~~~~
net/wireless/nl80211.c:948:2: note: Taking true branch
if (!cb->args[0]) {
^
net/wireless/nl80211.c:951:8: note: 'attrbuf' is non-null, which participates in a condition later
if (!attrbuf) {
^~~~~~~
net/wireless/nl80211.c:951:3: note: Taking false branch
if (!attrbuf) {
^
net/wireless/nl80211.c:959:9: note: Calling 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Calling '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:6: note: Assuming the condition is false
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:2: note: Taking false branch
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^
include/net/netlink.h:733:2: note: Returning value, which participates in a condition later
return __nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Returning from '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:2: note: Returning value, which participates in a condition later
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:959:9: note: Returning from 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:963:7: note: Assuming 'err' is 0
if (err) {
^~~
net/wireless/nl80211.c:963:3: note: Taking false branch
if (err) {
^
net/wireless/nl80211.c:972:7: note: Calling 'IS_ERR'
if (IS_ERR(*wdev)) {
^~~~~~~~~~~~~
include/linux/err.h:89:9: note: Assuming '_l' is not equal to 0, which participates in a condition later
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/err.h:89:9: note: Left side of '&&' is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^
include/linux/err.h:89:9: note: Assuming the condition is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:14: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
net/wireless/nl80211.c:972:7: note: Returning from 'IS_ERR'
if (IS_ERR(*wdev)) {
^~~~~~~~~~~~~
net/wireless/nl80211.c:972:3: note: Taking true branch
if (IS_ERR(*wdev)) {
^
net/wireless/nl80211.c:974:4: note: Returning without writing to '*rdev'
return PTR_ERR(*wdev);
^
net/wireless/nl80211.c:974:4: note: Returning value, which participates in a condition later
return PTR_ERR(*wdev);
^~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:9890:8: note: Returning from 'nl80211_prepare_wdev_dump'
res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:9891:6: note: Assuming 'res' is 0
if (res) {
^~~
net/wireless/nl80211.c:9891:2: note: Taking false branch
if (res) {
^
net/wireless/nl80211.c:9901:6: note: Assuming field 'netdev' is null
if (!wdev->netdev) {
^~~~~~~~~~~~~
net/wireless/nl80211.c:9901:2: note: Taking true branch
if (!wdev->netdev) {
^
net/wireless/nl80211.c:9903:3: note: Control jumps to line 9937
goto out_err;
^
net/wireless/nl80211.c:9938:2: note: 1st function call argument is an uninitialized value
wiphy_unlock(&rdev->wiphy);
^ ~~~~~~~~~~~~
>> net/wireless/nl80211.c:14150:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
^
net/wireless/nl80211.c:14212:8: note: Calling 'nl80211_prepare_vendor_dump'
err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14097:6: note: Assuming the condition is false
if (cb->args[0]) {
^~~~~~~~~~~
net/wireless/nl80211.c:14097:2: note: Taking false branch
if (cb->args[0]) {
^
net/wireless/nl80211.c:14120:12: note: Calling 'kcalloc'
attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:652:9: note: Calling 'kmalloc_array'
return kmalloc_array(n, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:617:2: note: Taking false branch
if (unlikely(check_mul_overflow(n, size, &bytes)))
^
include/linux/slab.h:619:30: note: Left side of '&&' is false
if (__builtin_constant_p(n) && __builtin_constant_p(size))
^
include/linux/slab.h:621:2: note: Returning pointer, which participates in a condition later
return __kmalloc(bytes, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:652:9: note: Returning from 'kmalloc_array'
return kmalloc_array(n, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:652:2: note: Returning pointer, which participates in a condition later
return kmalloc_array(n, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14120:12: note: Returning from 'kcalloc'
attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14121:6: note: Assuming 'attrbuf' is non-null
if (!attrbuf)
^~~~~~~~
net/wireless/nl80211.c:14121:2: note: Taking false branch
if (!attrbuf)
^
net/wireless/nl80211.c:14124:8: note: Calling 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Calling '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:6: note: Assuming the condition is false
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:2: note: Taking false branch
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^
include/net/netlink.h:733:9: note: Assigning value, which participates in a condition later
return __nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:733:2: note: Returning value, which participates in a condition later
return __nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Returning from '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:2: note: Returning value, which participates in a condition later
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14124:8: note: Returning from 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14128:6: note: Assuming 'err' is 0
if (err)
^~~
net/wireless/nl80211.c:14128:2: note: Taking false branch
if (err)
^
net/wireless/nl80211.c:14131:6: note: Assuming the condition is false
if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14131:6: note: Left side of '||' is false
net/wireless/nl80211.c:14132:6: note: Assuming the condition is false
!attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14131:2: note: Taking false branch
if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
^
net/wireless/nl80211.c:14138:2: note: Taking false branch
if (IS_ERR(*wdev))
^
net/wireless/nl80211.c:14141:2: note: Value assigned to 'rdev'
*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14142:6: note: Calling 'IS_ERR'
if (IS_ERR(*rdev)) {
^~~~~~~~~~~~~
include/linux/err.h:89:9: note: Assuming '_l' is equal to 0
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
vim +747 kernel/bpf/syscall.c
aa79781b65b9cf Daniel Borkmann 2015-10-29 730
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 731 /* helper macro to check that unused fields 'union bpf_attr' are zero */
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 732 #define CHECK_ATTR(CMD) \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 733 memchr_inv((void *) &attr->CMD##_LAST_FIELD + \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 734 sizeof(attr->CMD##_LAST_FIELD), 0, \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 735 sizeof(*attr) - \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 736 offsetof(union bpf_attr, CMD##_LAST_FIELD) - \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 737 sizeof(attr->CMD##_LAST_FIELD)) != NULL
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 738
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 739 /* dst and src must have at least "size" number of bytes.
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 740 * Return strlen on success and < 0 on error.
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 741 */
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 742 int bpf_obj_name_cpy(char *dst, const char *src, unsigned int size)
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 743 {
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 744 const char *end = src + size;
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 745 const char *orig_src = src;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 746
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 @747 memset(dst, 0, size);
3e0ddc4f3ff143 Daniel Borkmann 2019-04-09 748 /* Copy all isalnum(), '_' and '.' chars. */
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 749 while (src < end && *src) {
3e0ddc4f3ff143 Daniel Borkmann 2019-04-09 750 if (!isalnum(*src) &&
3e0ddc4f3ff143 Daniel Borkmann 2019-04-09 751 *src != '_' && *src != '.')
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 752 return -EINVAL;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 753 *dst++ = *src++;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 754 }
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 755
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 756 /* No '\0' found in "size" number of bytes */
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 757 if (src == end)
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 758 return -EINVAL;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 759
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 760 return src - orig_src;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 761 }
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 762
:::::: The code@line 747 was first introduced by commit
:::::: 8e7ae2518f5265f0ef09d561748098fde5a87ccd bpf: Sanitize the bpf_struct_ops tcp-cc name
:::::: TO: Martin KaFai Lau <kafai@fb.com>
:::::: CC: Daniel Borkmann <daniel@iogearbox.net>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
reply other threads:[~2022-05-08 21:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202205090556.edTCutdb-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.