* [daniel-thompson:clang-analyzer/initial_review 7/7] kernel/bpf/syscall.c:747:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg]
@ 2022-05-08 21:41 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-05-08 21:41 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 76875 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Daniel Thompson <daniel.thompson@linaro.org>
tree: https://git.linaro.org/people/daniel.thompson/linux.git clang-analyzer/initial_review
head: ad6525bf355a301ca52b1dc3639fa340409c79b9
commit: ad6525bf355a301ca52b1dc3639fa340409c79b9 [7/7] [RFC] linux/err.h: Refactor IS_ERR_VALUE(x) to improve clang reasoning
:::::: branch date: 4 days ago
:::::: commit date: 4 days ago
config: x86_64-randconfig-c007 (https://download.01.org/0day-ci/archive/20220509/202205090556.edTCutdb-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 5e004fb787698440a387750db7f8028e7cb14cfc)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
git remote add daniel-thompson https://git.linaro.org/people/daniel.thompson/linux.git
git fetch --no-tags daniel-thompson clang-analyzer/initial_review
git checkout ad6525bf355a301ca52b1dc3639fa340409c79b9
# save the config file
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
crypto/ecc.c:918:2: note: Taking false branch
if (strncmp(curve->name, "nist_", 5) != 0) {
^
crypto/ecc.c:934:2: note: Control jumps to the 'default' case at line 944
switch (ndigits) {
^
crypto/ecc.c:945:3: note: Assuming the condition is false
pr_err_ratelimited("ecc: unsupported digits size!\n");
^
include/linux/printk.h:654:2: note: expanded from macro 'pr_err_ratelimited'
printk_ratelimited(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/printk.h:639:6: note: expanded from macro 'printk_ratelimited'
if (__ratelimit(&_rs)) \
^~~~~~~~~~~~~~~~~
include/linux/ratelimit_types.h:41:28: note: expanded from macro '__ratelimit'
#define __ratelimit(state) ___ratelimit(state, __func__)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:945:3: note: Taking false branch
pr_err_ratelimited("ecc: unsupported digits size!\n");
^
include/linux/printk.h:654:2: note: expanded from macro 'pr_err_ratelimited'
printk_ratelimited(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
^
include/linux/printk.h:639:2: note: expanded from macro 'printk_ratelimited'
if (__ratelimit(&_rs)) \
^
crypto/ecc.c:946:3: note: Returning without writing to '*result'
return false;
^
crypto/ecc.c:982:2: note: Returning from 'vli_mmod_fast'
vli_mmod_fast(result, product, curve);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:983:1: note: Returning without writing to '*result'
}
^
crypto/ecc.c:1568:2: note: Returning from 'vli_mod_square_fast'
vli_mod_square_fast(xxx, pk->x, curve); /* x^2 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:1569:2: note: Calling 'vli_mod_mult_fast'
vli_mod_mult_fast(xxx, xxx, pk->x, curve); /* x^3 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:971:2: note: Calling 'vli_mult'
vli_mult(product, left, right, curve->g.ndigits);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/ecc.c:401:14: note: Assuming the condition is true
for (k = 0; k < ndigits * 2 - 1; k++) {
^~~~~~~~~~~~~~~~~~~
crypto/ecc.c:401:2: note: Loop condition is true. Entering loop body
for (k = 0; k < ndigits * 2 - 1; k++) {
^
crypto/ecc.c:404:7: note: Assuming 'k' is < 'ndigits'
if (k < ndigits)
^~~~~~~~~~~
crypto/ecc.c:404:3: note: Taking true branch
if (k < ndigits)
^
crypto/ecc.c:405:4: note: The value 0 is assigned to 'min'
min = 0;
^~~~~~~
crypto/ecc.c:409:8: note: The value 0 is assigned to 'i'
for (i = min; i <= k && i < ndigits; i++) {
^~~~~~~
crypto/ecc.c:409:17: note: 'i' is <= 'k'
for (i = min; i <= k && i < ndigits; i++) {
^
crypto/ecc.c:409:17: note: Left side of '&&' is true
crypto/ecc.c:409:27: note: 'i' is < 'ndigits'
for (i = min; i <= k && i < ndigits; i++) {
^
crypto/ecc.c:409:3: note: Loop condition is true. Entering loop body
for (i = min; i <= k && i < ndigits; i++) {
^
crypto/ecc.c:412:14: note: 1st function call argument is an uninitialized value
product = mul_64_64(left[i], right[k - i]);
^ ~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
26 warnings generated.
Suppressed 26 warnings (26 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
Suppressed 9 warnings (8 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
12 warnings generated.
>> kernel/bpf/syscall.c:747:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg]
memset(dst, 0, size);
^
kernel/bpf/syscall.c:4758:2: note: Control jumps to 'case BPF_MAP_CREATE:' at line 4759
switch (cmd) {
^
kernel/bpf/syscall.c:4764:3: note: Execution continues on line 4771
break;
^
kernel/bpf/syscall.c:4771:9: note: Calling '__sys_bpf'
return __sys_bpf(cmd, KERNEL_BPFPTR(attr), attr_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4600:6: note: Assuming 'sysctl_unprivileged_bpf_disabled' is 0
if (sysctl_unprivileged_bpf_disabled && !bpf_capable())
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4600:39: note: Left side of '&&' is false
if (sysctl_unprivileged_bpf_disabled && !bpf_capable())
^
kernel/bpf/syscall.c:4604:6: note: 'err' is 0
if (err)
^~~
kernel/bpf/syscall.c:4604:2: note: Taking false branch
if (err)
^
kernel/bpf/syscall.c:4606:9: note: Assuming '__UNIQUE_ID___x903' is >= '__UNIQUE_ID___y904'
size = min_t(u32, size, sizeof(attr));
^
include/linux/minmax.h:104:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:28:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^~~~~~~~~~
kernel/bpf/syscall.c:4606:9: note: '?' condition is false
size = min_t(u32, size, sizeof(attr));
^
include/linux/minmax.h:104:27: note: expanded from macro 'min_t'
#define min_t(type, x, y) __careful_cmp((type)(x), (type)(y), <)
^
include/linux/minmax.h:38:3: note: expanded from macro '__careful_cmp'
__cmp_once(x, y, __UNIQUE_ID(__x), __UNIQUE_ID(__y), op))
^
include/linux/minmax.h:33:3: note: expanded from macro '__cmp_once'
__cmp(unique_x, unique_y, op); })
^
include/linux/minmax.h:28:26: note: expanded from macro '__cmp'
#define __cmp(x, y, op) ((x) op (y) ? (x) : (y))
^
kernel/bpf/syscall.c:4610:6: note: Calling 'copy_from_bpfptr'
if (copy_from_bpfptr(&attr, uattr, size) != 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpfptr.h:57:9: note: Calling 'copy_from_bpfptr_offset'
return copy_from_bpfptr_offset(dst, src, 0, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpfptr.h:52:9: note: Calling 'copy_from_sockptr_offset'
return copy_from_sockptr_offset(dst, (sockptr_t) src, offset, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/sockptr.h:47:2: note: Taking false branch
if (!sockptr_is_kernel(src))
^
include/linux/bpfptr.h:52:9: note: Returning from 'copy_from_sockptr_offset'
return copy_from_sockptr_offset(dst, (sockptr_t) src, offset, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/bpfptr.h:57:9: note: Returning from 'copy_from_bpfptr_offset'
return copy_from_bpfptr_offset(dst, src, 0, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4610:6: note: Returning from 'copy_from_bpfptr'
if (copy_from_bpfptr(&attr, uattr, size) != 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:4610:2: note: Taking false branch
if (copy_from_bpfptr(&attr, uattr, size) != 0)
^
kernel/bpf/syscall.c:4614:6: note: Assuming 'err' is >= 0
if (err < 0)
^~~~~~~
kernel/bpf/syscall.c:4614:2: note: Taking false branch
if (err < 0)
^
kernel/bpf/syscall.c:4617:2: note: Control jumps to 'case BPF_MAP_CREATE:' @line 4618
switch (cmd) {
^
kernel/bpf/syscall.c:4619:9: note: Calling 'map_create'
err = map_create(&attr);
^~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:839:8: note: Assuming the condition is false
err = CHECK_ATTR(BPF_MAP_CREATE);
^
kernel/bpf/syscall.c:733:2: note: expanded from macro 'CHECK_ATTR'
memchr_inv((void *) &attr->CMD##_LAST_FIELD + \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c:840:6: note: 'err' is 0
if (err)
^~~
kernel/bpf/syscall.c:840:2: note: Taking false branch
if (err)
--
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:402:10: note: Returning from 'opal_discovery0_step'
error = opal_discovery0_step(dev);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:403:6: note: 'error' is 0
if (error)
^~~~~
block/sed-opal.c:403:2: note: Taking false branch
if (error)
^
block/sed-opal.c:406:2: note: Loop condition is true. Entering loop body
for (state = 0; state < n_steps; state++) {
^
block/sed-opal.c:407:11: note: Calling 'execute_step'
error = execute_step(dev, &steps[state], state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:384:28: note: Passing null pointer value via 2nd parameter 'data'
int error = step->fn(dev, step->data);
^~~~~~~~~~
block/sed-opal.c:384:14: note: Calling 'start_SIDASP_opal_session'
int error = step->fn(dev, step->data);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1458:6: note: Assuming 'key' is null
if (!key) {
^~~~
block/sed-opal.c:1458:2: note: Taking true branch
if (!key) {
^
block/sed-opal.c:1459:3: note: 'okey' initialized to a null pointer value
const struct opal_key *okey = data;
^~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1464:8: note: Access to field 'key_len' results in a dereference of a null pointer (loaded from variable 'okey')
okey->key_len);
^~~~
block/sed-opal.c:1492:8: warning: Access to field 'key_len' results in a dereference of a null pointer (loaded from variable 'okey') [clang-analyzer-core.NullDereference]
okey->key_len);
^
block/sed-opal.c:2628:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2628:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
block/sed-opal.c:2630:6: note: Assuming 'dev' is non-null
if (!dev)
^~~~
block/sed-opal.c:2630:2: note: Taking false branch
if (!dev)
^
block/sed-opal.c:2632:6: note: Assuming field 'supported' is true
if (!dev->supported)
^~~~~~~~~~~~~~~
block/sed-opal.c:2632:2: note: Taking false branch
if (!dev->supported)
^
block/sed-opal.c:2636:2: note: Taking false branch
if (IS_ERR(p))
^
block/sed-opal.c:2639:2: note: Control jumps to 'case 1091072232:' at line 2682
switch (cmd) {
^
block/sed-opal.c:2683:9: note: Calling 'opal_reverttper'
ret = opal_reverttper(dev, p, true);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2337:2: note: field 'data' initialized to a null pointer value
const struct opal_step psid_revert_steps[] = {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2346:6: note: 'psid' is true
if (psid)
^~~~
block/sed-opal.c:2346:2: note: Taking true branch
if (psid)
^
block/sed-opal.c:2347:9: note: Calling 'execute_steps'
ret = execute_steps(dev, psid_revert_steps,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:403:6: note: 'error' is 0
if (error)
^~~~~
block/sed-opal.c:403:2: note: Taking false branch
if (error)
^
block/sed-opal.c:406:2: note: Loop condition is true. Entering loop body
for (state = 0; state < n_steps; state++) {
^
block/sed-opal.c:407:11: note: Calling 'execute_step'
error = execute_step(dev, &steps[state], state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:384:28: note: Passing null pointer value via 2nd parameter 'data'
int error = step->fn(dev, step->data);
^~~~~~~~~~
block/sed-opal.c:384:14: note: Calling 'start_PSID_opal_session'
int error = step->fn(dev, step->data);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1487:2: note: 'okey' initialized to a null pointer value
const struct opal_key *okey = data;
^~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1492:8: note: Access to field 'key_len' results in a dereference of a null pointer (loaded from variable 'okey')
okey->key_len);
^~~~
>> block/sed-opal.c:1499:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
size_t keylen = session->opal_key.key_len;
^
block/sed-opal.c:2628:6: note: Assuming the condition is false
if (!capable(CAP_SYS_ADMIN))
^~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2628:2: note: Taking false branch
if (!capable(CAP_SYS_ADMIN))
^
block/sed-opal.c:2630:6: note: Assuming 'dev' is non-null
if (!dev)
^~~~
block/sed-opal.c:2630:2: note: Taking false branch
if (!dev)
^
block/sed-opal.c:2632:6: note: Assuming field 'supported' is true
if (!dev->supported)
^~~~~~~~~~~~~~~
block/sed-opal.c:2632:2: note: Taking false branch
if (!dev->supported)
^
block/sed-opal.c:2636:2: note: Taking false branch
if (IS_ERR(p))
^
block/sed-opal.c:2639:2: note: Control jumps to 'case 1091596518:' at line 2676
switch (cmd) {
^
block/sed-opal.c:2677:9: note: Calling 'opal_erase_locking_range'
ret = opal_erase_locking_range(dev, p);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2185:2: note: field 'data' initialized to a null pointer value
const struct opal_step erase_steps[] = {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:2194:8: note: Calling 'execute_steps'
ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:403:6: note: 'error' is 0
if (error)
^~~~~
block/sed-opal.c:403:2: note: Taking false branch
if (error)
^
block/sed-opal.c:406:2: note: Loop condition is true. Entering loop body
for (state = 0; state < n_steps; state++) {
^
block/sed-opal.c:407:11: note: Calling 'execute_step'
error = execute_step(dev, &steps[state], state);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:384:28: note: Passing null pointer value via 2nd parameter 'data'
int error = step->fn(dev, step->data);
^~~~~~~~~~
block/sed-opal.c:384:14: note: Calling 'start_auth_opal_session'
int error = step->fn(dev, step->data);
^~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1497:2: note: 'session' initialized to a null pointer value
struct opal_session_info *session = data;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block/sed-opal.c:1499:18: note: Dereference of null pointer
size_t keylen = session->opal_key.key_len;
^~~~~~~~~~~~~~~~~~~~~~~~~
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
fs/binfmt_elf.c:1317:3: warning: Value stored to 'error' is never read [clang-analyzer-deadcode.DeadStores]
error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1317:3: note: Value stored to 'error' is never read
error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1470:23: warning: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'men') [clang-analyzer-core.NullDereference]
en.n_namesz = strlen(men->name) + 1;
^
fs/binfmt_elf.c:2194:6: note: Assuming the condition is false
if (dump_vma_snapshot(cprm, &vma_count, &vma_meta, &vma_data_size))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:2194:2: note: Taking false branch
if (dump_vma_snapshot(cprm, &vma_count, &vma_meta, &vma_data_size))
^
fs/binfmt_elf.c:2209:12: note: Assuming 'segs' is <= PN_XNUM
e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
^~~~~~~~~~~~~~
fs/binfmt_elf.c:2209:12: note: '?' condition is false
fs/binfmt_elf.c:2215:7: note: Calling 'fill_note_info'
if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1824:2: note: Null pointer value stored to 'info.thread'
info->thread = NULL;
^~~~~~~~~~~~~~~~~~~
fs/binfmt_elf.c:1827:6: note: Assuming 'psinfo' is not equal to NULL
--
^
include/linux/err.h:89:9: note: Assuming the condition is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:14: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
fs/ext4/verity.c:51:7: note: Returning from 'IS_ERR'
if (IS_ERR(page))
^~~~~~~~~~~~
fs/ext4/verity.c:51:3: note: Taking true branch
if (IS_ERR(page))
^
fs/ext4/verity.c:52:4: note: Returning without writing to '*buf'
return PTR_ERR(page);
^
fs/ext4/verity.c:52:4: note: Returning value, which participates in a condition later
return PTR_ERR(page);
^~~~~~~~~~~~~~~~~~~~
fs/ext4/verity.c:315:8: note: Returning from 'pagecache_read'
err = pagecache_read(inode, &desc_size_disk, sizeof(desc_size_disk),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/ext4/verity.c:317:6: note: Assuming 'err' is 0
if (err)
^~~
fs/ext4/verity.c:317:2: note: Taking false branch
if (err)
^
fs/ext4/verity.c:319:12: note: Assigned value is garbage or undefined
desc_size = le32_to_cpu(desc_size_disk);
^
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
fs/fs-writeback.c:148:3: warning: Argument to kfree() is the address of the local variable 'work', which is not memory allocated by malloc() [clang-analyzer-unix.Malloc]
kfree(work);
^
fs/fs-writeback.c:2702:6: note: Assuming the condition is false
if (bdi == &noop_backing_dev_info)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:2702:2: note: Taking false branch
if (bdi == &noop_backing_dev_info)
^
fs/fs-writeback.c:2704:2: note: Taking false branch
WARN_ON(!rwsem_is_locked(&sb->s_umount));
^
include/asm-generic/bug.h:122:2: note: expanded from macro 'WARN_ON'
if (unlikely(__ret_warn_on)) \
^
fs/fs-writeback.c:2708:2: note: Calling 'bdi_split_work_to_wbs'
bdi_split_work_to_wbs(bdi, &work, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:1204:2: note: Loop condition is false. Exiting loop
might_sleep();
^
include/linux/kernel.h:138:2: note: expanded from macro 'might_sleep'
do { __might_sleep(__FILE__, __LINE__); might_resched(); } while (0)
^
fs/fs-writeback.c:1206:7: note: 'skip_if_busy' is false
if (!skip_if_busy || !writeback_in_progress(&bdi->wb)) {
^~~~~~~~~~~~
fs/fs-writeback.c:1206:20: note: Left side of '||' is true
if (!skip_if_busy || !writeback_in_progress(&bdi->wb)) {
^
fs/fs-writeback.c:1208:3: note: Calling 'wb_queue_work'
wb_queue_work(&bdi->wb, base_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:163:6: note: Assuming field 'done' is null
if (work->done)
^~~~~~~~~~
fs/fs-writeback.c:163:2: note: Taking false branch
if (work->done)
^
fs/fs-writeback.c:168:6: note: Assuming the condition is false
if (test_bit(WB_registered, &wb->state)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:168:2: note: Taking false branch
if (test_bit(WB_registered, &wb->state)) {
^
fs/fs-writeback.c:172:3: note: Calling 'finish_writeback_work'
finish_writeback_work(wb, work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fs-writeback.c:147:6: note: Assuming field 'auto_free' is not equal to 0
if (work->auto_free)
^~~~~~~~~~~~~~~
fs/fs-writeback.c:147:2: note: Taking true branch
if (work->auto_free)
^
fs/fs-writeback.c:148:3: note: Argument to kfree() is the address of the local variable 'work', which is not memory allocated by malloc()
kfree(work);
^ ~~~~
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
10 warnings generated.
>> drivers/net/phy/mdio_bus.c:497:2: warning: Null pointer passed as 1st argument to string copy function [clang-analyzer-unix.cstring.NullArg]
strncpy(mdiodev->modalias, bi->modalias,
^ ~~~~~~~~~~~~~~~~~
drivers/net/phy/mdio_bus.c:494:2: note: Taking false branch
if (IS_ERR(mdiodev))
^
drivers/net/phy/mdio_bus.c:497:2: note: Null pointer passed as 1st argument to string copy function
strncpy(mdiodev->modalias, bi->modalias,
^ ~~~~~~~~~~~~~~~~~
drivers/net/phy/mdio_bus.c:689:21: warning: Value stored to 'phydev' during its initialization is never read [clang-analyzer-deadcode.DeadStores]
struct phy_device *phydev = ERR_PTR(-ENODEV);
^~~~~~ ~~~~~~~~~~~~~~~~
drivers/net/phy/mdio_bus.c:689:21: note: Value stored to 'phydev' during its initialization is never read
struct phy_device *phydev = ERR_PTR(-ENODEV);
^~~~~~ ~~~~~~~~~~~~~~~~
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
drivers/net/phy/sfp-bus.c:510:2: warning: Access to field 'attach' results in a dereference of a null pointer (loaded from field 'upstream_ops') [clang-analyzer-core.NullDereference]
bus->upstream_ops->attach(bus->upstream, bus);
^
drivers/net/phy/sfp-bus.c:694:6: note: Assuming 'bus' is non-null
if (!bus)
^~~~
drivers/net/phy/sfp-bus.c:694:2: note: Taking false branch
if (!bus)
^
drivers/net/phy/sfp-bus.c:699:2: note: Value assigned to field 'upstream_ops'
bus->upstream_ops = ops;
^~~~~~~~~~~~~~~~~~~~~~~
drivers/net/phy/sfp-bus.c:702:6: note: Assuming field 'sfp' is non-null
if (bus->sfp) {
^~~~~~~~
drivers/net/phy/sfp-bus.c:702:2: note: Taking true branch
if (bus->sfp) {
^
drivers/net/phy/sfp-bus.c:703:9: note: Calling 'sfp_register_bus'
ret = sfp_register_bus(bus);
^~~~~~~~~~~~~~~~~~~~~
drivers/net/phy/sfp-bus.c:497:6: note: Assuming 'ops' is null
if (ops) {
^~~
drivers/net/phy/sfp-bus.c:497:2: note: Taking false branch
if (ops) {
^
drivers/net/phy/sfp-bus.c:508:6: note: Assuming field 'started' is false
if (bus->started)
^~~~~~~~~~~~
drivers/net/phy/sfp-bus.c:508:2: note: Taking false branch
if (bus->started)
^
drivers/net/phy/sfp-bus.c:510:2: note: Access to field 'attach' results in a dereference of a null pointer (loaded from field 'upstream_ops')
bus->upstream_ops->attach(bus->upstream, bus);
^ ~~~~~~~~~~~~
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
8 warnings generated.
Suppressed 8 warnings (8 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
12 warnings generated.
net/sctp/sm_sideeffect.c:812:41: warning: Access to field 'skb' results in a dereference of a null pointer (loaded from variable 'chunk') [clang-analyzer-core.NullDereference]
hbinfo = (struct sctp_sender_hb_info *)chunk->skb->data;
^
net/sctp/sm_sideeffect.c:1274:21: note: 'chunk' initialized to a null pointer value
struct sctp_chunk *chunk = NULL, *new_obj;
^~~~~
net/sctp/sm_sideeffect.c:1285:6: note: Assuming 'event_type' is equal to SCTP_EVENT_T_TIMEOUT
if (SCTP_EVENT_T_TIMEOUT != event_type)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/sctp/sm_sideeffect.c:1285:2: note: Taking false branch
if (SCTP_EVENT_T_TIMEOUT != event_type)
^
net/sctp/sm_sideeffect.c:1295:2: note: Loop condition is true. Entering loop body
while (NULL != (cmd = sctp_next_cmd(commands))) {
^
net/sctp/sm_sideeffect.c:1296:3: note: Control jumps to 'case SCTP_CMD_TRANSPORT_ON:' at line 1658
switch (cmd->verb) {
^
net/sctp/sm_sideeffect.c:1660:45: note: Passing null pointer value via 4th parameter 'chunk'
sctp_cmd_transport_on(commands, asoc, t, chunk);
^~~~~
net/sctp/sm_sideeffect.c:1660:4: note: Calling 'sctp_cmd_transport_on'
sctp_cmd_transport_on(commands, asoc, t, chunk);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/sctp/sm_sideeffect.c:775:6: note: Assuming field 'state' is >= SCTP_STATE_SHUTDOWN_PENDING
if (t->asoc->state < SCTP_STATE_SHUTDOWN_PENDING)
--
^
fs/nilfs2/mdt.c:291:2: note: Taking false branch
if (unlikely(start > end))
^
fs/nilfs2/mdt.c:294:8: note: Calling 'nilfs_mdt_read_block'
ret = nilfs_mdt_read_block(inode, start, true, out_bh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:170:22: note: 'first_bh' declared without an initial value
struct buffer_head *first_bh, *bh;
^~~~~~~~
fs/nilfs2/mdt.c:175:8: note: Calling 'nilfs_mdt_submit_block'
err = nilfs_mdt_submit_block(inode, block, REQ_OP_READ, 0, &first_bh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:122:15: note: Assuming 'bh' is non-null
if (unlikely(!bh))
^
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
fs/nilfs2/mdt.c:122:2: note: Taking false branch
if (unlikely(!bh))
^
fs/nilfs2/mdt.c:126:6: note: Assuming the condition is false
if (buffer_uptodate(bh))
^~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:126:2: note: Taking false branch
if (buffer_uptodate(bh))
^
fs/nilfs2/mdt.c:129:2: note: Taking false branch
if (mode_flags & REQ_RAHEAD) {
^
fs/nilfs2/mdt.c:137:6: note: Assuming the condition is false
if (buffer_uptodate(bh)) {
^~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:137:2: note: Taking false branch
if (buffer_uptodate(bh)) {
^
fs/nilfs2/mdt.c:143:6: note: Assuming 'ret' is not equal to 0
if (unlikely(ret)) {
^
include/linux/compiler.h:78:40: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^~~~
fs/nilfs2/mdt.c:143:2: note: Taking true branch
if (unlikely(ret)) {
^
fs/nilfs2/mdt.c:145:3: note: Control jumps to line 160
goto failed_bh;
^
fs/nilfs2/mdt.c:164:2: note: Returning without writing to '*out_bh'
return ret;
^
fs/nilfs2/mdt.c:175:8: note: Returning from 'nilfs_mdt_submit_block'
err = nilfs_mdt_submit_block(inode, block, REQ_OP_READ, 0, &first_bh);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/nilfs2/mdt.c:176:6: note: Assuming the condition is true
if (err == -EEXIST) /* internal code */
^~~~~~~~~~~~~~
fs/nilfs2/mdt.c:176:2: note: Taking true branch
if (err == -EEXIST) /* internal code */
^
fs/nilfs2/mdt.c:177:3: note: Control jumps to line 208
goto out;
^
fs/nilfs2/mdt.c:208:10: note: Assigned value is garbage or undefined
*out_bh = first_bh;
^ ~~~~~~~~
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (4 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
16 warnings generated.
>> drivers/hwmon/applesmc.c:415:7: warning: Null pointer passed as 1st argument to string comparison function [clang-analyzer-unix.cstring.NullArg]
if (strcmp(entry->key, key) < 0)
^
drivers/hwmon/applesmc.c:1313:6: note: Assuming the condition is false
if (!dmi_check_system(applesmc_whitelist)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:1313:2: note: Taking false branch
if (!dmi_check_system(applesmc_whitelist)) {
^
drivers/hwmon/applesmc.c:1319:6: note: Assuming the condition is false
if (!request_region(APPLESMC_DATA_PORT, APPLESMC_NR_PORTS,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:1319:2: note: Taking false branch
if (!request_region(APPLESMC_DATA_PORT, APPLESMC_NR_PORTS,
^
drivers/hwmon/applesmc.c:1326:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:1326:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:1331:2: note: Taking false branch
if (IS_ERR(pdev)) {
^
drivers/hwmon/applesmc.c:1337:8: note: Calling 'applesmc_init_smcreg'
ret = applesmc_init_smcreg();
^~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:656:2: note: Loop condition is true. Entering loop body
for (ms = 0; ms < INIT_TIMEOUT_MSECS; ms += INIT_WAIT_MSECS) {
^
drivers/hwmon/applesmc.c:657:9: note: Calling 'applesmc_init_smcreg_try'
ret = applesmc_init_smcreg_try();
^~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:573:6: note: Assuming field 'init_complete' is false
if (s->init_complete)
^~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:573:2: note: Taking false branch
if (s->init_complete)
^
drivers/hwmon/applesmc.c:577:6: note: 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:577:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:580:6: note: Assuming field 'cache' is null
if (s->cache && s->key_count != count) {
^~~~~~~~
drivers/hwmon/applesmc.c:580:15: note: Left side of '&&' is false
if (s->cache && s->key_count != count) {
^
drivers/hwmon/applesmc.c:588:10: note: Field 'cache' is null
if (!s->cache)
^
drivers/hwmon/applesmc.c:588:2: note: Taking true branch
if (!s->cache)
^
drivers/hwmon/applesmc.c:590:6: note: Assuming field 'cache' is non-null
if (!s->cache)
^~~~~~~~~
drivers/hwmon/applesmc.c:590:2: note: Taking false branch
if (!s->cache)
^
drivers/hwmon/applesmc.c:594:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:594:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:597:6: note: Assuming field 'fan_count' is <= 10
if (s->fan_count > 10)
^~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:597:2: note: Taking false branch
if (s->fan_count > 10)
^
drivers/hwmon/applesmc.c:600:8: note: Calling 'applesmc_get_lower_bound'
ret = applesmc_get_lower_bound(&s->temp_begin, "T");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:408:9: note: Assuming 'begin' is not equal to 'end'
while (begin != end) {
^~~~~~~~~~~~
drivers/hwmon/applesmc.c:408:2: note: Loop condition is true. Entering loop body
while (begin != end) {
^
drivers/hwmon/applesmc.c:411:3: note: Taking false branch
if (IS_ERR(entry)) {
^
drivers/hwmon/applesmc.c:415:7: note: Null pointer passed as 1st argument to string comparison function
if (strcmp(entry->key, key) < 0)
^ ~~~~~~~~~~
>> drivers/hwmon/applesmc.c:437:7: warning: Null pointer passed as 2nd argument to string comparison function [clang-analyzer-unix.cstring.NullArg]
if (strcmp(key, entry->key) < 0)
^
drivers/hwmon/applesmc.c:989:8: note: Calling 'applesmc_read_key'
ret = applesmc_read_key(KEY_COUNT_KEY, buffer, 4);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:468:10: note: Calling 'applesmc_get_entry_by_key'
entry = applesmc_get_entry_by_key(key);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:453:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:453:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:455:8: note: Calling 'applesmc_get_upper_bound'
ret = applesmc_get_upper_bound(&end, key);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:430:9: note: Assuming 'begin' is not equal to 'end'
while (begin != end) {
^~~~~~~~~~~~
drivers/hwmon/applesmc.c:430:2: note: Loop condition is true. Entering loop body
while (begin != end) {
^
drivers/hwmon/applesmc.c:433:3: note: Taking false branch
if (IS_ERR(entry)) {
^
drivers/hwmon/applesmc.c:437:7: note: Null pointer passed as 2nd argument to string comparison function
if (strcmp(key, entry->key) < 0)
^ ~~~~~~~~~~
drivers/hwmon/applesmc.c:510:27: warning: The left operand of '<<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
*value = ((s16)buffer[0] << 8) | buffer[1];
^
drivers/hwmon/applesmc.c:959:2: note: Calling 'applesmc_calibrate'
applesmc_calibrate();
^~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:719:2: note: Calling 'applesmc_read_s16'
applesmc_read_s16(MOTION_SENSOR_X_KEY, &rest_x);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:506:8: note: Calling 'applesmc_read_key'
ret = applesmc_read_key(key, buffer, 2);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:469:6: note: Calling 'IS_ERR'
if (IS_ERR(entry))
^~~~~~~~~~~~~
include/linux/err.h:89:9: note: Assuming '_l' is not equal to 0, which participates in a condition later
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/err.h:89:9: note: Left side of '&&' is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^
include/linux/err.h:89:9: note: Assuming the condition is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:14: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
drivers/hwmon/applesmc.c:469:6: note: Returning from 'IS_ERR'
if (IS_ERR(entry))
^~~~~~~~~~~~~
drivers/hwmon/applesmc.c:469:2: note: Taking true branch
if (IS_ERR(entry))
^
drivers/hwmon/applesmc.c:470:3: note: Returning without writing to '*buffer'
return PTR_ERR(entry);
^
drivers/hwmon/applesmc.c:470:3: note: Returning value, which participates in a condition later
return PTR_ERR(entry);
^~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:506:8: note: Returning from 'applesmc_read_key'
ret = applesmc_read_key(key, buffer, 2);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:507:6: note: Assuming 'ret' is 0
if (ret)
^~~
drivers/hwmon/applesmc.c:507:2: note: Taking false branch
if (ret)
^
drivers/hwmon/applesmc.c:510:27: note: The left operand of '<<' is a garbage value
*value = ((s16)buffer[0] << 8) | buffer[1];
~~~~~~~~~ ^
drivers/hwmon/applesmc.c:527:16: warning: The left operand of '!=' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
(buffer[0] != 0x00 || buffer[1] != 0x00))
^
drivers/hwmon/applesmc.c:696:2: note: Calling 'applesmc_device_init'
applesmc_device_init();
^~~~~~~~~~~~~~~~~~~~~~
drivers/hwmon/applesmc.c:522:6: note: Assuming field 'has_accelerometer' is true
if (!smcreg.has_accelerometer)
--
^~~~~~~~~~~
net/sunrpc/cache.c:1077:3: note: Taking true branch
if (!cq->reader) {
^
net/sunrpc/cache.c:1079:8: note: Assuming 'ch' is equal to field 'item'
if (cr->item != ch)
^~~~~~~~~~~~~~
net/sunrpc/cache.c:1079:4: note: Taking false branch
if (cr->item != ch)
^
net/sunrpc/cache.c:1081:8: note: Assuming the condition is false
if (test_bit(CACHE_PENDING, &ch->flags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/sunrpc/cache.c:1081:4: note: Taking false branch
if (test_bit(CACHE_PENDING, &ch->flags))
^
net/sunrpc/cache.c:1084:8: note: Assuming field 'readers' is equal to 0
if (cr->readers != 0)
^~~~~~~~~~~~~~~~
net/sunrpc/cache.c:1084:4: note: Taking false branch
if (cr->readers != 0)
^
net/sunrpc/cache.c:1076:2: note: Loop condition is false. Execution continues on line 1088
list_for_each_entry_safe(cq, tmp, &detail->queue, list)
^
include/linux/list.h:725:2: note: expanded from macro 'list_for_each_entry_safe'
for (pos = list_first_entry(head, typeof(*pos), member), \
^
net/sunrpc/cache.c:1089:2: note: Loop condition is true. Entering loop body
while (!list_empty(&dequeued)) {
^
net/sunrpc/cache.c:1094:3: note: Memory is released
kfree(cr);
^~~~~~~~~
net/sunrpc/cache.c:1089:2: note: Loop condition is true. Entering loop body
while (!list_empty(&dequeued)) {
^
net/sunrpc/cache.c:1091:3: note: Calling 'list_del'
list_del(&cr->q.list);
^~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:149:14: note: Use of memory after it is freed
entry->next = LIST_POISON1;
~~~~~~~~~~~ ^
Suppressed 9 warnings (9 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
Suppressed 5 warnings (5 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
7 warnings generated.
>> drivers/scsi/scsi_lib.c:1129:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg]
memset(req->__cmd, 0, sizeof(req->__cmd));
^
drivers/scsi/scsi_lib.c:2287:12: note: Calling 'scsi_execute_req'
result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, sshdr,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/scsi/scsi_device.h:469:9: note: Null is equal to null
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:15: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:50:19: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:39:58: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
include/linux/compiler_types.h:346:22: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler_types.h:334:23: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler_types.h:326:9: note: expanded from macro '__compiletime_assert'
if (!(condition)) \
^~~~~~~~~
include/scsi/scsi_device.h:469:9: note: Left side of '&&' is false
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:31: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
^
include/scsi/scsi_device.h:469:9: note: Taking false branch
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:2: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
^
include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^
include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^
include/linux/compiler_types.h:346:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:334:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:326:3: note: expanded from macro '__compiletime_assert'
if (!(condition)) \
^
include/scsi/scsi_device.h:469:9: note: Loop condition is false. Exiting loop
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:458:2: note: expanded from macro 'scsi_execute'
BUILD_BUG_ON((sense) != NULL && \
^
include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^
include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^
include/linux/compiler_types.h:346:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:334:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:318:2: note: expanded from macro '__compiletime_assert'
do { \
^
include/scsi/scsi_device.h:469:9: note: Calling '__scsi_execute'
return scsi_execute(sdev, cmd, data_direction, buffer,
^
include/scsi/scsi_device.h:460:2: note: expanded from macro 'scsi_execute'
__scsi_execute(sdev, cmd, data_direction, buffer, bufflen, \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:220:4: note: 'data_direction' is not equal to DMA_TO_DEVICE
data_direction == DMA_TO_DEVICE ?
^~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:220:4: note: '?' condition is false
drivers/scsi/scsi_lib.c:222:4: note: '?' condition is false
rq_flags & RQF_PM ? BLK_MQ_REQ_PM : 0);
^
drivers/scsi/scsi_lib.c:219:8: note: Calling 'scsi_alloc_request'
req = scsi_alloc_request(sdev->request_queue,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:1145:2: note: Taking true branch
if (!IS_ERR(rq))
^
drivers/scsi/scsi_lib.c:1146:3: note: Calling 'scsi_initialize_rq'
scsi_initialize_rq(rq);
^~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/scsi_lib.c:1129:2: note: Null pointer passed as 1st argument to memory set function
memset(req->__cmd, 0, sizeof(req->__cmd));
^ ~~~~~~~~~~
include/scsi/scsi_common.h:66:31: warning: The left operand of '&' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
--
^~~~~~~~~~~~
net/wireless/nl80211.c:948:2: note: Taking true branch
if (!cb->args[0]) {
^
net/wireless/nl80211.c:951:8: note: 'attrbuf' is non-null, which participates in a condition later
if (!attrbuf) {
^~~~~~~
net/wireless/nl80211.c:951:3: note: Taking false branch
if (!attrbuf) {
^
net/wireless/nl80211.c:959:9: note: Calling 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Calling '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:6: note: Assuming the condition is false
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:2: note: Taking false branch
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^
include/net/netlink.h:733:2: note: Returning value, which participates in a condition later
return __nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Returning from '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:2: note: Returning value, which participates in a condition later
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:959:9: note: Returning from 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:963:7: note: Assuming 'err' is 0
if (err) {
^~~
net/wireless/nl80211.c:963:3: note: Taking false branch
if (err) {
^
net/wireless/nl80211.c:972:7: note: Calling 'IS_ERR'
if (IS_ERR(*wdev)) {
^~~~~~~~~~~~~
include/linux/err.h:89:9: note: Assuming '_l' is not equal to 0, which participates in a condition later
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/err.h:89:9: note: Left side of '&&' is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^
include/linux/err.h:89:9: note: Assuming the condition is true
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:14: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
net/wireless/nl80211.c:972:7: note: Returning from 'IS_ERR'
if (IS_ERR(*wdev)) {
^~~~~~~~~~~~~
net/wireless/nl80211.c:972:3: note: Taking true branch
if (IS_ERR(*wdev)) {
^
net/wireless/nl80211.c:974:4: note: Returning without writing to '*rdev'
return PTR_ERR(*wdev);
^
net/wireless/nl80211.c:974:4: note: Returning value, which participates in a condition later
return PTR_ERR(*wdev);
^~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:9890:8: note: Returning from 'nl80211_prepare_wdev_dump'
res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:9891:6: note: Assuming 'res' is 0
if (res) {
^~~
net/wireless/nl80211.c:9891:2: note: Taking false branch
if (res) {
^
net/wireless/nl80211.c:9901:6: note: Assuming field 'netdev' is null
if (!wdev->netdev) {
^~~~~~~~~~~~~
net/wireless/nl80211.c:9901:2: note: Taking true branch
if (!wdev->netdev) {
^
net/wireless/nl80211.c:9903:3: note: Control jumps to line 9937
goto out_err;
^
net/wireless/nl80211.c:9938:2: note: 1st function call argument is an uninitialized value
wiphy_unlock(&rdev->wiphy);
^ ~~~~~~~~~~~~
>> net/wireless/nl80211.c:14150:18: warning: Dereference of null pointer [clang-analyzer-core.NullDereference]
for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
^
net/wireless/nl80211.c:14212:8: note: Calling 'nl80211_prepare_vendor_dump'
err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14097:6: note: Assuming the condition is false
if (cb->args[0]) {
^~~~~~~~~~~
net/wireless/nl80211.c:14097:2: note: Taking false branch
if (cb->args[0]) {
^
net/wireless/nl80211.c:14120:12: note: Calling 'kcalloc'
attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:652:9: note: Calling 'kmalloc_array'
return kmalloc_array(n, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:617:2: note: Taking false branch
if (unlikely(check_mul_overflow(n, size, &bytes)))
^
include/linux/slab.h:619:30: note: Left side of '&&' is false
if (__builtin_constant_p(n) && __builtin_constant_p(size))
^
include/linux/slab.h:621:2: note: Returning pointer, which participates in a condition later
return __kmalloc(bytes, flags);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:652:9: note: Returning from 'kmalloc_array'
return kmalloc_array(n, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/slab.h:652:2: note: Returning pointer, which participates in a condition later
return kmalloc_array(n, size, flags | __GFP_ZERO);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14120:12: note: Returning from 'kcalloc'
attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14121:6: note: Assuming 'attrbuf' is non-null
if (!attrbuf)
^~~~~~~~
net/wireless/nl80211.c:14121:2: note: Taking false branch
if (!attrbuf)
^
net/wireless/nl80211.c:14124:8: note: Calling 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Calling '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:6: note: Assuming the condition is false
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:728:2: note: Taking false branch
if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) {
^
include/net/netlink.h:733:9: note: Assigning value, which participates in a condition later
return __nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:733:2: note: Returning value, which participates in a condition later
return __nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:9: note: Returning from '__nlmsg_parse'
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/net/netlink.h:772:2: note: Returning value, which participates in a condition later
return __nlmsg_parse(nlh, hdrlen, tb, maxtype, policy,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14124:8: note: Returning from 'nlmsg_parse_deprecated'
err = nlmsg_parse_deprecated(cb->nlh,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14128:6: note: Assuming 'err' is 0
if (err)
^~~
net/wireless/nl80211.c:14128:2: note: Taking false branch
if (err)
^
net/wireless/nl80211.c:14131:6: note: Assuming the condition is false
if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14131:6: note: Left side of '||' is false
net/wireless/nl80211.c:14132:6: note: Assuming the condition is false
!attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14131:2: note: Taking false branch
if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
^
net/wireless/nl80211.c:14138:2: note: Taking false branch
if (IS_ERR(*wdev))
^
net/wireless/nl80211.c:14141:2: note: Value assigned to 'rdev'
*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/wireless/nl80211.c:14142:6: note: Calling 'IS_ERR'
if (IS_ERR(*rdev)) {
^~~~~~~~~~~~~
include/linux/err.h:89:9: note: Assuming '_l' is equal to 0
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:58:3: note: expanded from macro 'IS_ERR_VALUE'
_l != 0 && -MAX_ERRNO <= _l; \
^~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
vim +747 kernel/bpf/syscall.c
aa79781b65b9cf Daniel Borkmann 2015-10-29 730
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 731 /* helper macro to check that unused fields 'union bpf_attr' are zero */
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 732 #define CHECK_ATTR(CMD) \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 733 memchr_inv((void *) &attr->CMD##_LAST_FIELD + \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 734 sizeof(attr->CMD##_LAST_FIELD), 0, \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 735 sizeof(*attr) - \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 736 offsetof(union bpf_attr, CMD##_LAST_FIELD) - \
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 737 sizeof(attr->CMD##_LAST_FIELD)) != NULL
99c55f7d47c0dc Alexei Starovoitov 2014-09-26 738
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 739 /* dst and src must have at least "size" number of bytes.
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 740 * Return strlen on success and < 0 on error.
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 741 */
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 742 int bpf_obj_name_cpy(char *dst, const char *src, unsigned int size)
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 743 {
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 744 const char *end = src + size;
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 745 const char *orig_src = src;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 746
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 @747 memset(dst, 0, size);
3e0ddc4f3ff143 Daniel Borkmann 2019-04-09 748 /* Copy all isalnum(), '_' and '.' chars. */
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 749 while (src < end && *src) {
3e0ddc4f3ff143 Daniel Borkmann 2019-04-09 750 if (!isalnum(*src) &&
3e0ddc4f3ff143 Daniel Borkmann 2019-04-09 751 *src != '_' && *src != '.')
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 752 return -EINVAL;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 753 *dst++ = *src++;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 754 }
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 755
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 756 /* No '\0' found in "size" number of bytes */
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 757 if (src == end)
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 758 return -EINVAL;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 759
8e7ae2518f5265 Martin KaFai Lau 2020-03-13 760 return src - orig_src;
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 761 }
cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 762
:::::: The code@line 747 was first introduced by commit
:::::: 8e7ae2518f5265f0ef09d561748098fde5a87ccd bpf: Sanitize the bpf_struct_ops tcp-cc name
:::::: TO: Martin KaFai Lau <kafai@fb.com>
:::::: CC: Daniel Borkmann <daniel@iogearbox.net>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-08 21:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-08 21:41 [daniel-thompson:clang-analyzer/initial_review 7/7] kernel/bpf/syscall.c:747:2: warning: Null pointer passed as 1st argument to memory set function [clang-analyzer-unix.cstring.NullArg] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.