tree:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: d8079fac168168b25677dc16c00ffaf9fb7df723
commit: 2485bd7557a7edb4520b4072af464f0a08c8efe0 cifs: only write 64kb
at a time when fallocating a small region of a file
date: 3 days ago
:::::: branch date: 6 hours ago
:::::: commit date: 3 days ago
config: x86_64-randconfig-c001-20210725 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project
3f2c1e99e44d028d5e9dd685f3c568f2661f2f68)
reproduce (this is a W=1 build):
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
-O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
#
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2485bd7557a7edb4520b4072af464f0a08c8efe0
git remote add linus
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 2485bd7557a7edb4520b4072af464f0a08c8efe0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross
clang-analyzer ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
clang-analyzer warnings: (new ones prefixed by >>)
net/lapb/lapb_iface.c:47:2: note: Memory is released
kfree(lapb);
^~~~~~~~~~~
net/lapb/lapb_iface.c:58:3: note: Returning; memory was released via
1st parameter
lapb_free_cb(lapb);
^~~~~~~~~~~~~~~~~~
net/lapb/lapb_iface.c:68:3: note: Returning; memory was released via
1st parameter
lapb_put(lapb);
^~~~~~~~~~~~~~
net/lapb/lapb_iface.c:200:2: note: Returning; memory was released
via 1st parameter
__lapb_remove_cb(lapb);
^~~~~~~~~~~~~~~~~~~~~~
net/lapb/lapb_iface.c:202:2: note: Use of memory after it is freed
lapb_put(lapb);
^ ~~~~
Suppressed 9 warnings (9 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
8 warnings generated.
drivers/media/dvb-frontends/stv090x.c:2289:23: warning: The result
of the '/' expression is undefined
[clang-analyzer-core.UndefinedBinaryOperatorResult]
steps_max = (car_max / inc) + 1; /* min steps = 3 */
^
drivers/media/dvb-frontends/stv090x.c:2405:2: note: Calling
'stv090x_get_loop_params'
stv090x_get_loop_params(state, &inc, &timeout_step, &steps_max);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2251:6: note: Assuming
'car_max' is <= 16384
if (car_max > 0x4000)
^~~~~~~~~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2251:2: note: Taking false branch
if (car_max > 0x4000)
^
drivers/media/dvb-frontends/stv090x.c:2260:2: note: Control jumps to
'case STV090x_SEARCH_DVBS2:' at line 2267
switch (state->search_mode) {
^
drivers/media/dvb-frontends/stv090x.c:2270:3: note: Execution
continues on line 2278
break;
^
drivers/media/dvb-frontends/stv090x.c:2279:7: note: Assuming 'inc'
is <= 'car_max'
if ((inc > car_max) || (inc < 0))
^~~~~~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2279:6: note: Left side of
'||' is false
if ((inc > car_max) || (inc < 0))
^
drivers/media/dvb-frontends/stv090x.c:2279:26: note: Assuming 'inc'
is >= 0
if ((inc > car_max) || (inc < 0))
^~~~~~~
drivers/media/dvb-frontends/stv090x.c:2279:2: note: Taking false branch
if ((inc > car_max) || (inc < 0))
^
drivers/media/dvb-frontends/stv090x.c:2283:6: note: Assuming 'srate'
is <= 0
if (srate > 0)
^~~~~~~~~
drivers/media/dvb-frontends/stv090x.c:2283:2: note: Taking false branch
if (srate > 0)
^
drivers/media/dvb-frontends/stv090x.c:2286:7: note: 'timeout' is > 100
if ((timeout > 100) || (timeout < 0))
^~~~~~~
drivers/media/dvb-frontends/stv090x.c:2286:22: note: Left side of
'||' is true
if ((timeout > 100) || (timeout < 0))
^
drivers/media/dvb-frontends/stv090x.c:2289:23: note: The result of
the '/' expression is undefined
steps_max = (car_max / inc) + 1; /* min steps = 3 */
~~~~~~~~^~~~~
drivers/media/dvb-frontends/stv090x.c:2960:2: warning: Value stored
to 'reg' is never read [clang-analyzer-deadcode.DeadStores]
reg = STV090x_READ_DEMOD(state, TMGOBS);
^
drivers/media/dvb-frontends/stv090x.c:2960:2: note: Value stored to
'reg' is never read
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
7 warnings generated.
Suppressed 7 warnings (6 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
13 warnings generated.
>> fs/cifs/smb2ops.c:3646:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn]
return rc;
^
fs/cifs/smb2ops.c:3668:6: note: Assuming 'rc' is 0
if (rc)
^~
fs/cifs/smb2ops.c:3668:2: note: Taking false branch
if (rc)
^
fs/cifs/smb2ops.c:3673:6: note: Assuming 'out_data_len' is not equal
to 0
if (out_data_len == 0)
^~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3673:2: note: Taking false branch
if (out_data_len == 0)
^
fs/cifs/smb2ops.c:3677:6: note: Assuming 'buf' is not equal to NULL
if (buf == NULL) {
^~~~~~~~~~~
fs/cifs/smb2ops.c:3677:2: note: Taking false branch
if (buf == NULL) {
^
fs/cifs/smb2ops.c:3683:2: note: Loop condition is true. Entering
loop body
while (len) {
^
fs/cifs/smb2ops.c:3687:7: note: 'out_data_len' is not equal to 0
if (out_data_len == 0) {
^~~~~~~~~~~~
fs/cifs/smb2ops.c:3687:3: note: Taking false branch
if (out_data_len == 0) {
^
fs/cifs/smb2ops.c:3693:7: note: Assuming the condition is false
if (out_data_len < sizeof(struct
file_allocated_range_buffer)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3693:3: note: Taking false branch
if (out_data_len < sizeof(struct
file_allocated_range_buffer)) {
^
fs/cifs/smb2ops.c:3698:7: note: Assuming 'off' is < field 'file_offset'
if (off < le64_to_cpu(tmp_data->file_offset)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3698:3: note: Taking true branch
if (off < le64_to_cpu(tmp_data->file_offset)) {
^
fs/cifs/smb2ops.c:3705:8: note: Assuming 'len' is >= 'l'
if (len < l)
^~~~~~~
fs/cifs/smb2ops.c:3705:4: note: Taking false branch
if (len < l)
^
fs/cifs/smb2ops.c:3707:9: note: Calling
'smb3_simple_fallocate_write_range'
rc = smb3_simple_fallocate_write_range(xid,
tcon,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/cifs/smb2ops.c:3620:6: note: 'rc' declared without an initial value
int rc, nbytes;
^~
fs/cifs/smb2ops.c:3629:2: note: Loop condition is false. Execution
continues on line 3646
while (len) {
^
fs/cifs/smb2ops.c:3646:2: note: Undefined or garbage value returned
to caller
return rc;
^ ~~
fs/cifs/smb2ops.c:4178:3: warning: Call to function 'strcat' is
insecure as it does not provide bounding of the memory buffer. Replace
unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(message, "R");
^~~~~~
fs/cifs/smb2ops.c:4178:3: note: Call to function 'strcat' is
insecure as it does not provide bounding of the memory buffer. Replace
unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(message, "R");
^~~~~~
fs/cifs/smb2ops.c:4182:3: warning: Call to function 'strcat' is
insecure as it does not provide bounding of the memory buffer. Replace
unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(message, "H");
^~~~~~
fs/cifs/smb2ops.c:4182:3: note: Call to function 'strcat' is
insecure as it does not provide bounding of the memory buffer. Replace
unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(message, "H");
^~~~~~
fs/cifs/smb2ops.c:4186:3: warning: Call to function 'strcat' is
insecure as it does not provide bounding of the memory buffer. Replace
unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcat(message, "W");
^~~~~~
fs/cifs/smb2ops.c:4186:3: note: Call to function 'strcat' is
insecure as it does not provide bounding of the memory buffer. Replace
unbounded copy functions with analogous functions that support length
arguments such as 'strlcat'. CWE-119
strcat(message, "W");
^~~~~~
Suppressed 9 warnings (9 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
4 warnings generated.
Suppressed 4 warnings (4 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers.
Use -system-headers to display errors from system headers as well.
vim +3646 fs/cifs/smb2ops.c
31742c5a331766 Steve French 2014-08-17 3612 966a3cb7c7db78 Ronnie
Sahlberg 2021-06-03 3613 static int
smb3_simple_fallocate_write_range(unsigned int xid,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3614 struct
cifs_tcon *tcon,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3615 struct
cifsFileInfo *cfile,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3616 loff_t off,
loff_t len,
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3617 char *buf)
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3618 {
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3619 struct cifs_io_parms
io_parms = {0};
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3620 int rc, nbytes;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3621 struct kvec iov[2];
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3622 966a3cb7c7db78 Ronnie
Sahlberg 2021-06-03 3623 io_parms.netfid = cfile->fid.netfid;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3624 io_parms.pid =
current->tgid;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3625 io_parms.tcon = tcon;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3626
io_parms.persistent_fid = cfile->fid.persistent_fid;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3627 io_parms.volatile_fid
= cfile->fid.volatile_fid;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3628 2485bd7557a7ed Ronnie
Sahlberg 2021-07-22 3629 while (len) {
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3630 io_parms.offset = off;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3631 io_parms.length = len;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3632 if (io_parms.length >
SMB2_MAX_BUFFER_SIZE)
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3633 io_parms.length =
SMB2_MAX_BUFFER_SIZE;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3634 /* iov[0] is reserved
for smb header */
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3635 iov[1].iov_base = buf;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3636 iov[1].iov_len =
io_parms.length;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3637 rc = SMB2_write(xid,
&io_parms, &nbytes, iov, 1);
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3638 if (rc)
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3639 break;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3640 if (nbytes > len)
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3641 return -EINVAL;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3642 buf += nbytes;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3643 off += nbytes;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3644 len -= nbytes;
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 3645 }
2485bd7557a7ed Ronnie Sahlberg 2021-07-22 @3646 return rc;
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3647 }
966a3cb7c7db78 Ronnie Sahlberg 2021-06-03 3648
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]