From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: drivers/crypto/stm32/stm32-cryp.c:1057:17: warning: dereference of NULL '*cryp.areq' [CWE-476]
Date: Sat, 18 Jun 2022 05:21:46 +0800 [thread overview]
Message-ID: <202206180511.ERN5XweR-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 11757 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check warning: drivers/crypto/stm32/stm32-cryp.c:1057:17: warning: dereference of NULL '*cryp.areq' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 4b35035bcf80ddb47c0112c4fbd84a63a2836a18
commit: 4b898d5cfa4d9a0ad5bc82cb5eafdc092394c6a9 crypto: stm32/cryp - fix bugs and crash in tests
date: 6 months ago
:::::: branch date: 59 minutes ago
:::::: commit date: 6 months ago
config: arm-randconfig-c002-20220616 (https://download.01.org/0day-ci/archive/20220618/202206180511.ERN5XweR-lkp(a)intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4b898d5cfa4d9a0ad5bc82cb5eafdc092394c6a9
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 4b898d5cfa4d9a0ad5bc82cb5eafdc092394c6a9
# save the config file
ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
drivers/crypto/stm32/stm32-cryp.c: In function 'stm32_cryp_prepare_req':
>> drivers/crypto/stm32/stm32-cryp.c:1057:17: warning: dereference of NULL '*cryp.areq' [CWE-476] [-Wanalyzer-null-dereference]
1057 | scatterwalk_copychunks(NULL, &cryp->out_walk, cryp->areq->assoclen, 2);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'stm32_cryp_prepare_req': events 1-3
|
| 999 | if (!cryp)
| | ^
| | |
| | (1) following 'false' branch (when 'cryp' is non-NULL)...
|......
| 1002 | rctx = req ? skcipher_request_ctx(req) : aead_request_ctx(areq);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
| | (3) following 'true' branch (when 'req' is non-NULL)...
|
'stm32_cryp_prepare_req': event 4
|
|include/crypto/internal/skcipher.h:156:16:
| 156 | return req->__ctx;
| | ^~~
| | |
| | (4) ...to here
|
'stm32_cryp_prepare_req': events 5-6
|
|drivers/crypto/stm32/stm32-cryp.c:1011:12:
| 1011 | if (req) {
| | ^
| | |
| | (5) following 'true' branch (when 'req' is non-NULL)...
| 1012 | cryp->req = req;
| | ~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
|
'stm32_cryp_prepare_req': events 7-13
|
| 1013 | cryp->areq = NULL;
|......
| 1049 | in_sg = req ? req->src : areq->src;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) following 'true' branch (when 'req' is non-NULL)...
| | (9) ...to here
|......
| 1052 | cryp->out_sg = req ? req->dst : areq->dst;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (10) following 'true' branch (when 'req' is non-NULL)...
| | (11) ...to here
|......
| 1057 | scatterwalk_copychunks(NULL, &cryp->out_walk, cryp->areq->assoclen, 2);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | (13) dereference of NULL '*cryp.areq' (12) '*cryp.areq' is NULL
|
vim +1057 drivers/crypto/stm32/stm32-cryp.c
9e054ec21ef834 Fabien DESSENNE 2017-10-19 981
47ece4813f19f1 Ard Biesheuvel 2019-11-09 982 static int stm32_cryp_prepare_req(struct skcipher_request *req,
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 983 struct aead_request *areq)
9e054ec21ef834 Fabien DESSENNE 2017-10-19 984 {
9e054ec21ef834 Fabien DESSENNE 2017-10-19 985 struct stm32_cryp_ctx *ctx;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 986 struct stm32_cryp *cryp;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 987 struct stm32_cryp_reqctx *rctx;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 988 struct scatterlist *in_sg;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 989 int ret;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 990
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 991 if (!req && !areq)
9e054ec21ef834 Fabien DESSENNE 2017-10-19 992 return -EINVAL;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 993
47ece4813f19f1 Ard Biesheuvel 2019-11-09 994 ctx = req ? crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)) :
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 995 crypto_aead_ctx(crypto_aead_reqtfm(areq));
9e054ec21ef834 Fabien DESSENNE 2017-10-19 996
9e054ec21ef834 Fabien DESSENNE 2017-10-19 997 cryp = ctx->cryp;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 998
9e054ec21ef834 Fabien DESSENNE 2017-10-19 999 if (!cryp)
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1000 return -ENODEV;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1001
47ece4813f19f1 Ard Biesheuvel 2019-11-09 1002 rctx = req ? skcipher_request_ctx(req) : aead_request_ctx(areq);
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1003 rctx->mode &= FLG_MODE_MASK;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1004
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1005 ctx->cryp = cryp;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1006
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1007 cryp->flags = (cryp->flags & ~FLG_MODE_MASK) | rctx->mode;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1008 cryp->hw_blocksize = is_aes(cryp) ? AES_BLOCK_SIZE : DES_BLOCK_SIZE;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1009 cryp->ctx = ctx;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1010
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1011 if (req) {
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1012 cryp->req = req;
29aed438e87020 Lionel Debieve 2019-04-24 1013 cryp->areq = NULL;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1014 cryp->header_in = 0;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1015 cryp->payload_in = req->cryptlen;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1016 cryp->payload_out = req->cryptlen;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1017 cryp->authsize = 0;
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1018 } else {
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1019 /*
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1020 * Length of input and output data:
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1021 * Encryption case:
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1022 * INPUT = AssocData || PlainText
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1023 * <- assoclen -> <- cryptlen ->
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1024 *
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1025 * OUTPUT = AssocData || CipherText || AuthTag
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1026 * <- assoclen -> <-- cryptlen --> <- authsize ->
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1027 *
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1028 * Decryption case:
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1029 * INPUT = AssocData || CipherTex || AuthTag
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1030 * <- assoclen ---> <---------- cryptlen ---------->
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1031 *
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1032 * OUTPUT = AssocData || PlainText
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1033 * <- assoclen -> <- cryptlen - authsize ->
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1034 */
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1035 cryp->areq = areq;
29aed438e87020 Lionel Debieve 2019-04-24 1036 cryp->req = NULL;
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1037 cryp->authsize = crypto_aead_authsize(crypto_aead_reqtfm(areq));
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1038 if (is_encrypt(cryp)) {
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1039 cryp->payload_in = areq->cryptlen;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1040 cryp->header_in = areq->assoclen;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1041 cryp->payload_out = areq->cryptlen;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1042 } else {
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1043 cryp->payload_in = areq->cryptlen - cryp->authsize;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1044 cryp->header_in = areq->assoclen;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1045 cryp->payload_out = cryp->payload_in;
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1046 }
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1047 }
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1048
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1049 in_sg = req ? req->src : areq->src;
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1050 scatterwalk_start(&cryp->in_walk, in_sg);
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1051
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1052 cryp->out_sg = req ? req->dst : areq->dst;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1053 scatterwalk_start(&cryp->out_walk, cryp->out_sg);
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1054
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1055 if (is_gcm(cryp) || is_ccm(cryp)) {
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1056 /* In output, jump after assoc data */
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 @1057 scatterwalk_copychunks(NULL, &cryp->out_walk, cryp->areq->assoclen, 2);
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1058 }
9d3b5030bc1e44 Fabien DESSENNE 2018-02-07 1059
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1060 if (is_ctr(cryp))
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1061 memset(cryp->last_ctr, 0, sizeof(cryp->last_ctr));
4b898d5cfa4d9a Nicolas Toromanoff 2021-11-30 1062
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1063 ret = stm32_cryp_hw_init(cryp);
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1064 return ret;
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1065 }
9e054ec21ef834 Fabien DESSENNE 2017-10-19 1066
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next reply other threads:[~2022-06-17 21:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 21:21 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-06-17 12:17 drivers/crypto/stm32/stm32-cryp.c:1057:17: warning: dereference of NULL '*cryp.areq' [CWE-476] kernel test robot
2022-06-16 20:15 kernel test robot
2022-06-16 20:04 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202206180511.ERN5XweR-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.