September 2021 - kbuild

[trace:ftrace/core 35/39] kernel/trace/trace_boot.c:421:5: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]

by kernel test robot

CC: llvm(a)lists.linux.dev CC: kbuild-all(a)lists.01.org CC: linux-kernel(a)vger.kernel.org TO: Masami Hiramatsu <mhiramat(a)kernel.org> CC: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> tree: https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git ftrace/core head: 3dc65994e3c1c999be3d991cdc96705e167cb3b1 commit: 5d4648a0415efc239ffb377bce1d389723eda25d [35/39] tracing/boot: Show correct histogram error command :::::: branch date: 3 weeks ago :::::: commit date: 3 weeks ago config: i386-randconfig-c001-20210831 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 4b1fde8a2b681dad2ce0c082a5d6422caa06b0bc) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git/c... git remote add trace https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git git fetch --no-tags trace ftrace/core git checkout 5d4648a0415efc239ffb377bce1d389723eda25d # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fs-writeback.c:2688:2: note: Taking false branch if (bdi == &noop_backing_dev_info) ^ fs/fs-writeback.c:2690:2: note: Taking false branch WARN_ON(!rwsem_is_locked(&sb->s_umount)); ^ include/asm-generic/bug.h:122:2: note: expanded from macro 'WARN_ON' if (unlikely(__ret_warn_on)) \ ^ fs/fs-writeback.c:2694:2: note: Calling 'bdi_split_work_to_wbs' bdi_split_work_to_wbs(bdi, &work, false); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fs-writeback.c:1196:2: note: Loop condition is false. Exiting loop might_sleep(); ^ include/linux/kernel.h:132:2: note: expanded from macro 'might_sleep' do { __might_sleep(__FILE__, __LINE__, 0); might_resched(); } while (0) ^ fs/fs-writeback.c:1198:7: note: 'skip_if_busy' is false if (!skip_if_busy || !writeback_in_progress(&bdi->wb)) { ^~~~~~~~~~~~ fs/fs-writeback.c:1198:20: note: Left side of '||' is true if (!skip_if_busy || !writeback_in_progress(&bdi->wb)) { ^ fs/fs-writeback.c:1200:3: note: Calling 'wb_queue_work' wb_queue_work(&bdi->wb, base_work); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fs-writeback.c:163:6: note: Assuming field 'done' is null if (work->done) ^~~~~~~~~~ fs/fs-writeback.c:163:2: note: Taking false branch if (work->done) ^ fs/fs-writeback.c:168:6: note: Assuming the condition is false if (test_bit(WB_registered, &wb->state)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fs-writeback.c:168:2: note: Taking false branch if (test_bit(WB_registered, &wb->state)) { ^ fs/fs-writeback.c:172:3: note: Calling 'finish_writeback_work' finish_writeback_work(wb, work); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fs-writeback.c:147:6: note: Assuming field 'auto_free' is not equal to 0 if (work->auto_free) ^~~~~~~~~~~~~~~ fs/fs-writeback.c:147:2: note: Taking true branch if (work->auto_free) ^ fs/fs-writeback.c:148:3: note: Argument to kfree() is the address of the local variable 'work', which is not memory allocated by malloc() kfree(work); ^ ~~~~ Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. kernel/trace/trace_probe.c:195:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(p, trace_probe_log.argv[i]); ^~~~~~ kernel/trace/trace_probe.c:195:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(p, trace_probe_log.argv[i]); ^~~~~~ Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. kernel/trace/trace_uprobe.c:544:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = 0; ^ ~ kernel/trace/trace_uprobe.c:544:2: note: Value stored to 'ret' is never read ret = 0; ^ ~ Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 13 warnings generated. kernel/trace/trace_boot.c:300:2: warning: Undefined or garbage value returned to caller [clang-analyzer-core.uninitialized.UndefReturn] return ret; ^ ~~~ kernel/trace/trace_boot.c:283:2: note: 'ret' declared without an initial value int ret; ^~~~~~~ kernel/trace/trace_boot.c:287:2: note: Loop condition is false. Execution continues on line 297 xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:2: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:297:6: note: Assuming the condition is false if (xbc_node_find_child(hnode, param)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:297:2: note: Taking false branch if (xbc_node_find_child(hnode, param)) ^ kernel/trace/trace_boot.c:300:2: note: Undefined or garbage value returned to caller return ret; ^ ~~~ >> kernel/trace/trace_boot.c:421:5: warning: 2nd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage] pr_err("Failed to apply hist trigger: %s\n", tmp); ^ include/linux/printk.h:390:2: note: expanded from macro 'pr_err' printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__) ^ kernel/trace/trace_boot.c:617:6: note: Assuming 'trace_node' is non-null if (!trace_node) ^~~~~~~~~~~ kernel/trace/trace_boot.c:617:2: note: Taking false branch if (!trace_node) ^ kernel/trace/trace_boot.c:621:7: note: 'tr' is non-null if (!tr) ^~ kernel/trace/trace_boot.c:621:2: note: Taking false branch if (!tr) ^ kernel/trace/trace_boot.c:625:2: note: Calling 'trace_boot_init_one_instance' trace_boot_init_one_instance(tr, trace_node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:580:2: note: Calling 'trace_boot_init_events' trace_boot_init_events(tr, node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:490:6: note: Assuming 'node' is non-null if (!node) ^~~~~ kernel/trace/trace_boot.c:490:2: note: Taking false branch if (!node) ^ kernel/trace/trace_boot.c:493:32: note: Assuming 'gnode' is not equal to null xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:493:2: note: Loop condition is true. Entering loop body xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:495:7: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:495:3: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:500:34: note: Assuming 'enode' is not equal to null xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:500:3: note: Loop condition is true. Entering loop body xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:502:8: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:502:4: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:506:4: note: Calling 'trace_boot_init_one_event' trace_boot_init_one_event(tr, gnode, enode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:6: note: Assuming the condition is false if (!strcmp(group, "kprobes")) ^~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:2: note: Taking false branch if (!strcmp(group, "kprobes")) ^ kernel/trace/trace_boot.c:443:6: note: Assuming the condition is false if (!strcmp(group, "synthetic")) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:443:2: note: Taking false branch if (!strcmp(group, "synthetic")) ^ kernel/trace/trace_boot.c:449:6: note: Assuming 'file' is non-null if (!file) { ^~~~~ kernel/trace/trace_boot.c:449:2: note: Taking false branch if (!file) { ^ kernel/trace/trace_boot.c:455:6: note: Assuming 'p' is null if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:455:8: note: Left side of '&&' is false if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:462:57: note: Assuming 'p' is equal to null xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:55: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:462:2: note: Loop condition is false. Execution continues on line 468 xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:2: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^ kernel/trace/trace_boot.c:469:6: note: Assuming 'anode' is non-null if (anode) ^~~~~ kernel/trace/trace_boot.c:469:2: note: Taking true branch if (anode) ^ kernel/trace/trace_boot.c:470:3: note: Calling 'trace_boot_init_histograms' trace_boot_init_histograms(file, anode, buf, ARRAY_SIZE(buf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:402:2: note: 'tmp' declared without an initial value char *tmp; ^~~~~~~~~ kernel/trace/trace_boot.c:404:2: note: Loop condition is false. Execution continues on line 417 xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:2: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:417:6: note: Assuming the condition is true if (xbc_node_find_child(hnode, "keys")) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:417:2: note: Taking true branch if (xbc_node_find_child(hnode, "keys")) { ^ kernel/trace/trace_boot.c:418:7: note: Assuming the condition is false if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:418:3: note: Taking false branch if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) ^ kernel/trace/trace_boot.c:420:8: note: Assuming the condition is true if (trigger_process_regex(file, buf) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:420:4: note: Taking true branch if (trigger_process_regex(file, buf) < 0) ^ kernel/trace/trace_boot.c:421:5: note: 2nd function call argument is an uninitialized value pr_err("Failed to apply hist trigger: %s\n", tmp); ^ include/linux/printk.h:390:2: note: expanded from macro 'pr_err' printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__) ^ ~~~~~~~~~~~ >> kernel/trace/trace_boot.c:421:5: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] pr_err("Failed to apply hist trigger: %s\n", tmp); ^ include/linux/printk.h:390:2: note: expanded from macro 'pr_err' printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__) ^ kernel/trace/trace_boot.c:617:6: note: Assuming 'trace_node' is non-null if (!trace_node) ^~~~~~~~~~~ kernel/trace/trace_boot.c:617:2: note: Taking false branch if (!trace_node) ^ kernel/trace/trace_boot.c:621:7: note: 'tr' is non-null if (!tr) ^~ kernel/trace/trace_boot.c:621:2: note: Taking false branch if (!tr) ^ kernel/trace/trace_boot.c:625:2: note: Calling 'trace_boot_init_one_instance' trace_boot_init_one_instance(tr, trace_node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:580:2: note: Calling 'trace_boot_init_events' trace_boot_init_events(tr, node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:490:6: note: Assuming 'node' is non-null if (!node) ^~~~~ kernel/trace/trace_boot.c:490:2: note: Taking false branch if (!node) ^ kernel/trace/trace_boot.c:493:32: note: Assuming 'gnode' is not equal to null xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:493:2: note: Loop condition is true. Entering loop body xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:495:7: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:495:3: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:500:34: note: Assuming 'enode' is not equal to null xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:500:3: note: Loop condition is true. Entering loop body xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:502:8: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:502:4: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:506:4: note: Calling 'trace_boot_init_one_event' trace_boot_init_one_event(tr, gnode, enode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:6: note: Assuming the condition is false if (!strcmp(group, "kprobes")) ^~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:2: note: Taking false branch if (!strcmp(group, "kprobes")) ^ kernel/trace/trace_boot.c:443:6: note: Assuming the condition is false if (!strcmp(group, "synthetic")) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:443:2: note: Taking false branch if (!strcmp(group, "synthetic")) ^ kernel/trace/trace_boot.c:449:6: note: Assuming 'file' is non-null if (!file) { ^~~~~ kernel/trace/trace_boot.c:449:2: note: Taking false branch if (!file) { ^ kernel/trace/trace_boot.c:455:6: note: Assuming 'p' is null if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:455:8: note: Left side of '&&' is false if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:462:57: note: Assuming 'p' is equal to null xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:55: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:462:2: note: Loop condition is false. Execution continues on line 468 xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:2: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^ kernel/trace/trace_boot.c:469:6: note: Assuming 'anode' is non-null if (anode) ^~~~~ kernel/trace/trace_boot.c:469:2: note: Taking true branch if (anode) ^ kernel/trace/trace_boot.c:470:3: note: Calling 'trace_boot_init_histograms' trace_boot_init_histograms(file, anode, buf, ARRAY_SIZE(buf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:404:34: note: Assuming 'node' is not equal to null xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:44: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:404:2: note: Loop condition is true. Entering loop body xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:2: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:406:3: note: Taking false branch if (!isdigit(p[0])) ^ kernel/trace/trace_boot.c:409:7: note: Assuming the condition is true if (trace_boot_compose_hist_cmd(node, buf, size) == 0) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:409:3: note: Taking true branch if (trace_boot_compose_hist_cmd(node, buf, size) == 0) { ^ kernel/trace/trace_boot.c:411:8: note: Assuming the condition is false if (trigger_process_regex(file, buf) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:411:4: note: Taking false branch if (trigger_process_regex(file, buf) < 0) ^ kernel/trace/trace_boot.c:413:4: note: Memory is released kfree(tmp); ^~~~~~~~~~ kernel/trace/trace_boot.c:404:34: note: Assuming 'node' is equal to null xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:44: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:404:2: note: Loop condition is false. Execution continues on line 417 xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:2: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:417:6: note: Assuming the condition is true if (xbc_node_find_child(hnode, "keys")) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:417:2: note: Taking true branch if (xbc_node_find_child(hnode, "keys")) { ^ kernel/trace/trace_boot.c:418:7: note: Assuming the condition is false if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:418:3: note: Taking false branch if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) ^ kernel/trace/trace_boot.c:420:8: note: Assuming the condition is true if (trigger_process_regex(file, buf) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:420:4: note: Taking true branch if (trigger_process_regex(file, buf) < 0) ^ kernel/trace/trace_boot.c:421:5: note: Use of memory after it is freed pr_err("Failed to apply hist trigger: %s\n", tmp); ^ include/linux/printk.h:390:2: note: expanded from macro 'pr_err' printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__) ^ ~~~~~~~~~~~ >> kernel/trace/trace_boot.c:422:4: warning: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage] kfree(tmp); ^ kernel/trace/trace_boot.c:617:6: note: Assuming 'trace_node' is non-null if (!trace_node) ^~~~~~~~~~~ kernel/trace/trace_boot.c:617:2: note: Taking false branch if (!trace_node) ^ kernel/trace/trace_boot.c:621:7: note: 'tr' is non-null if (!tr) ^~ kernel/trace/trace_boot.c:621:2: note: Taking false branch if (!tr) ^ kernel/trace/trace_boot.c:625:2: note: Calling 'trace_boot_init_one_instance' trace_boot_init_one_instance(tr, trace_node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:580:2: note: Calling 'trace_boot_init_events' trace_boot_init_events(tr, node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:490:6: note: Assuming 'node' is non-null if (!node) ^~~~~ kernel/trace/trace_boot.c:490:2: note: Taking false branch if (!node) ^ kernel/trace/trace_boot.c:493:32: note: Assuming 'gnode' is not equal to null xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:493:2: note: Loop condition is true. Entering loop body xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:495:7: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:495:3: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:500:34: note: Assuming 'enode' is not equal to null xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:500:3: note: Loop condition is true. Entering loop body xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:502:8: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:502:4: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:506:4: note: Calling 'trace_boot_init_one_event' trace_boot_init_one_event(tr, gnode, enode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:6: note: Assuming the condition is false if (!strcmp(group, "kprobes")) ^~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:2: note: Taking false branch if (!strcmp(group, "kprobes")) ^ kernel/trace/trace_boot.c:443:6: note: Assuming the condition is false if (!strcmp(group, "synthetic")) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:443:2: note: Taking false branch if (!strcmp(group, "synthetic")) ^ kernel/trace/trace_boot.c:449:6: note: Assuming 'file' is non-null if (!file) { ^~~~~ kernel/trace/trace_boot.c:449:2: note: Taking false branch if (!file) { ^ kernel/trace/trace_boot.c:455:6: note: Assuming 'p' is null if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:455:8: note: Left side of '&&' is false if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:462:57: note: Assuming 'p' is equal to null xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:55: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:462:2: note: Loop condition is false. Execution continues on line 468 xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:2: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^ kernel/trace/trace_boot.c:469:6: note: Assuming 'anode' is non-null if (anode) ^~~~~ kernel/trace/trace_boot.c:469:2: note: Taking true branch if (anode) ^ kernel/trace/trace_boot.c:470:3: note: Calling 'trace_boot_init_histograms' trace_boot_init_histograms(file, anode, buf, ARRAY_SIZE(buf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:402:2: note: 'tmp' declared without an initial value char *tmp; ^~~~~~~~~ kernel/trace/trace_boot.c:404:2: note: Loop condition is false. Execution continues on line 417 xbc_node_for_each_subkey(hnode, node) { ^ include/linux/bootconfig.h:206:2: note: expanded from macro 'xbc_node_for_each_subkey' for (child = xbc_node_get_subkey(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:417:6: note: Assuming the condition is true if (xbc_node_find_child(hnode, "keys")) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:417:2: note: Taking true branch if (xbc_node_find_child(hnode, "keys")) { ^ kernel/trace/trace_boot.c:418:7: note: Assuming the condition is false if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:418:3: note: Taking false branch if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) ^ kernel/trace/trace_boot.c:420:8: note: Assuming the condition is false if (trigger_process_regex(file, buf) < 0) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:420:4: note: Taking false branch if (trigger_process_regex(file, buf) < 0) ^ kernel/trace/trace_boot.c:422:4: note: 1st function call argument is an uninitialized value kfree(tmp); ^ ~~~ >> kernel/trace/trace_boot.c:422:4: warning: Attempt to free released memory [clang-analyzer-unix.Malloc] kfree(tmp); ^ kernel/trace/trace_boot.c:617:6: note: Assuming 'trace_node' is non-null if (!trace_node) ^~~~~~~~~~~ kernel/trace/trace_boot.c:617:2: note: Taking false branch if (!trace_node) ^ kernel/trace/trace_boot.c:621:7: note: 'tr' is non-null if (!tr) ^~ kernel/trace/trace_boot.c:621:2: note: Taking false branch if (!tr) ^ kernel/trace/trace_boot.c:625:2: note: Calling 'trace_boot_init_one_instance' trace_boot_init_one_instance(tr, trace_node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:580:2: note: Calling 'trace_boot_init_events' trace_boot_init_events(tr, node); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:490:6: note: Assuming 'node' is non-null if (!node) ^~~~~ kernel/trace/trace_boot.c:490:2: note: Taking false branch if (!node) ^ kernel/trace/trace_boot.c:493:32: note: Assuming 'gnode' is not equal to null xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:493:2: note: Loop condition is true. Entering loop body xbc_node_for_each_child(node, gnode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:495:7: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:495:3: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:500:34: note: Assuming 'enode' is not equal to null xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:43: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:500:3: note: Loop condition is true. Entering loop body xbc_node_for_each_child(gnode, enode) { ^ include/linux/bootconfig.h:194:2: note: expanded from macro 'xbc_node_for_each_child' for (child = xbc_node_get_child(parent); child != NULL ; \ ^ kernel/trace/trace_boot.c:502:8: note: Assuming the condition is false if (!strcmp(data, "enable")) { ^~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:502:4: note: Taking false branch if (!strcmp(data, "enable")) { ^ kernel/trace/trace_boot.c:506:4: note: Calling 'trace_boot_init_one_event' trace_boot_init_one_event(tr, gnode, enode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:6: note: Assuming the condition is false if (!strcmp(group, "kprobes")) ^~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:440:2: note: Taking false branch if (!strcmp(group, "kprobes")) ^ kernel/trace/trace_boot.c:443:6: note: Assuming the condition is false if (!strcmp(group, "synthetic")) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/trace/trace_boot.c:443:2: note: Taking false branch if (!strcmp(group, "synthetic")) ^ kernel/trace/trace_boot.c:449:6: note: Assuming 'file' is non-null if (!file) { ^~~~~ kernel/trace/trace_boot.c:449:2: note: Taking false branch if (!file) { ^ kernel/trace/trace_boot.c:455:6: note: Assuming 'p' is null if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:455:8: note: Left side of '&&' is false if (p && *p != '\0') { ^ kernel/trace/trace_boot.c:462:57: note: Assuming 'p' is equal to null xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:55: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ ^~~~~~~~~~~~~ kernel/trace/trace_boot.c:462:2: note: Loop condition is false. Execution continues on line 468 xbc_node_for_each_array_value(enode, "actions", anode, p) { ^ include/linux/bootconfig.h:225:2: note: expanded from macro 'xbc_node_for_each_array_value' for (value = xbc_node_find_value(node, key, &anode); value != NULL; \ vim +421 kernel/trace/trace_boot.c 30cb856e3067e5 Masami Hiramatsu 2021-08-06 395 30cb856e3067e5 Masami Hiramatsu 2021-08-06 396 static void __init 30cb856e3067e5 Masami Hiramatsu 2021-08-06 397 trace_boot_init_histograms(struct trace_event_file *file, 30cb856e3067e5 Masami Hiramatsu 2021-08-06 398 struct xbc_node *hnode, char *buf, size_t size) 30cb856e3067e5 Masami Hiramatsu 2021-08-06 399 { 30cb856e3067e5 Masami Hiramatsu 2021-08-06 400 struct xbc_node *node; 30cb856e3067e5 Masami Hiramatsu 2021-08-06 401 const char *p; 5d4648a0415efc Masami Hiramatsu 2021-08-06 402 char *tmp; 30cb856e3067e5 Masami Hiramatsu 2021-08-06 403 30cb856e3067e5 Masami Hiramatsu 2021-08-06 404 xbc_node_for_each_subkey(hnode, node) { 30cb856e3067e5 Masami Hiramatsu 2021-08-06 405 p = xbc_node_get_data(node); 30cb856e3067e5 Masami Hiramatsu 2021-08-06 406 if (!isdigit(p[0])) 30cb856e3067e5 Masami Hiramatsu 2021-08-06 407 continue; 30cb856e3067e5 Masami Hiramatsu 2021-08-06 408 /* All digit started node should be instances. */ 30cb856e3067e5 Masami Hiramatsu 2021-08-06 409 if (trace_boot_compose_hist_cmd(node, buf, size) == 0) { 5d4648a0415efc Masami Hiramatsu 2021-08-06 410 tmp = kstrdup(buf, GFP_KERNEL); 30cb856e3067e5 Masami Hiramatsu 2021-08-06 411 if (trigger_process_regex(file, buf) < 0) 5d4648a0415efc Masami Hiramatsu 2021-08-06 412 pr_err("Failed to apply hist trigger: %s\n", tmp); 5d4648a0415efc Masami Hiramatsu 2021-08-06 413 kfree(tmp); 30cb856e3067e5 Masami Hiramatsu 2021-08-06 414 } 30cb856e3067e5 Masami Hiramatsu 2021-08-06 415 } 30cb856e3067e5 Masami Hiramatsu 2021-08-06 416 30cb856e3067e5 Masami Hiramatsu 2021-08-06 417 if (xbc_node_find_child(hnode, "keys")) { 30cb856e3067e5 Masami Hiramatsu 2021-08-06 418 if (trace_boot_compose_hist_cmd(hnode, buf, size) == 0) 5d4648a0415efc Masami Hiramatsu 2021-08-06 419 tmp = kstrdup(buf, GFP_KERNEL); 30cb856e3067e5 Masami Hiramatsu 2021-08-06 420 if (trigger_process_regex(file, buf) < 0) 5d4648a0415efc Masami Hiramatsu 2021-08-06 @421 pr_err("Failed to apply hist trigger: %s\n", tmp); 5d4648a0415efc Masami Hiramatsu 2021-08-06 @422 kfree(tmp); 30cb856e3067e5 Masami Hiramatsu 2021-08-06 423 } 30cb856e3067e5 Masami Hiramatsu 2021-08-06 424 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

4 months, 2 weeks

1
0
0 / 0

Re: [PATCH bpf-next RFC v1 1/8] bpf: Introduce BPF support for kernel module function calls

by kernel test robot

CC: llvm(a)lists.linux.dev CC: kbuild-all(a)lists.01.org In-Reply-To: <20210830173424.1385796-2-memxor(a)gmail.com> References: <20210830173424.1385796-2-memxor(a)gmail.com> TO: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Hi Kumar, [FYI, it's a private test report for your RFC patch.] [auto build test WARNING on bpf-next/master] url: https://github.com/0day-ci/linux/commits/Kumar-Kartikeya-Dwivedi/Support-... base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master :::::: branch date: 32 hours ago :::::: commit date: 32 hours ago config: i386-randconfig-c001-20210830 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 4b1fde8a2b681dad2ce0c082a5d6422caa06b0bc) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/e868250a992dc2f10616aa6e2882072bb... git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Kumar-Kartikeya-Dwivedi/Support-kernel-module-function-calls-from-eBPF/20210831-013531 git checkout e868250a992dc2f10616aa6e2882072bb42bb1c5 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com> clang-analyzer warnings: (new ones prefixed by >>) drivers/acpi/acpica/dspkginit.c:94:3: note: Taking false branch if (!obj_desc) { ^ drivers/acpi/acpica/dspkginit.c:101:6: note: Assuming the condition is false if (obj_desc->package.flags & AOPOBJ_DATA_VALID) { /* Just in case */ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:101:2: note: Taking false branch if (obj_desc->package.flags & AOPOBJ_DATA_VALID) { /* Just in case */ ^ drivers/acpi/acpica/dspkginit.c:111:6: note: Assuming field 'elements' is non-null if (!obj_desc->package.elements) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:111:2: note: Taking false branch if (!obj_desc->package.elements) { ^ drivers/acpi/acpica/dspkginit.c:138:6: note: 'module_level_code' is 0 if (module_level_code) { ^~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:138:2: note: Taking false branch if (module_level_code) { ^ drivers/acpi/acpica/dspkginit.c:153:14: note: Assuming 'arg' is non-null for (i = 0; arg && (i < element_count); i++) { ^~~ drivers/acpi/acpica/dspkginit.c:153:14: note: Left side of '&&' is true drivers/acpi/acpica/dspkginit.c:153:22: note: Assuming 'i' is < 'element_count' for (i = 0; arg && (i < element_count); i++) { ^~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:153:2: note: Loop condition is true. Entering loop body for (i = 0; arg && (i < element_count); i++) { ^ drivers/acpi/acpica/dspkginit.c:154:7: note: Assuming field 'aml_opcode' is not equal to AML_INT_RETURN_VALUE_OP if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:154:3: note: Taking false branch if (arg->common.aml_opcode == AML_INT_RETURN_VALUE_OP) { ^ drivers/acpi/acpica/dspkginit.c:205:8: note: Assuming the condition is false if (status == AE_NOT_FOUND) { ^~~~~~~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:205:4: note: Taking false branch if (status == AE_NOT_FOUND) { ^ drivers/acpi/acpica/dspkginit.c:210:9: note: 'module_level_code' is 0 if (!module_level_code) { ^~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:210:4: note: Taking true branch if (!module_level_code) { ^ drivers/acpi/acpica/dspkginit.c:219:26: note: Passing null pointer value via 3rd parameter 'state' elements[i], NULL, ^ include/linux/stddef.h:8:14: note: expanded from macro 'NULL' #define NULL ((void *)0) ^~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:217:5: note: Calling 'acpi_ds_init_package_element' acpi_ds_init_package_element(0, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:332:6: note: Assuming 'source_object' is non-null if (!source_object) { ^~~~~~~~~~~~~~ drivers/acpi/acpica/dspkginit.c:332:2: note: Taking false branch if (!source_object) { ^ drivers/acpi/acpica/dspkginit.c:342:6: note: Assuming 'context' is null if (context) { ^~~~~~~ drivers/acpi/acpica/dspkginit.c:342:2: note: Taking false branch if (context) { ^ drivers/acpi/acpica/dspkginit.c:350:17: note: Dereference of null pointer element_ptr = state->pkg.this_target_obj; ^~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 26 warnings generated. Suppressed 26 warnings (26 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. kernel/trace/trace_probe.c:195:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(p, trace_probe_log.argv[i]); ^~~~~~ kernel/trace/trace_probe.c:195:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(p, trace_probe_log.argv[i]); ^~~~~~ Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. Suppressed 3 warnings (2 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (4 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. >> kernel/bpf/syscall.c:2286:14: warning: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage] mod_btf = btf_get_by_fd(fds[i]); ^ ~~~~~~ kernel/bpf/syscall.c:2170:6: note: Assuming the condition is false if (CHECK_ATTR(BPF_PROG_LOAD)) ^ kernel/bpf/syscall.c:716:2: note: expanded from macro 'CHECK_ATTR' memchr_inv((void *) &attr->CMD##_LAST_FIELD + \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2170:2: note: Taking false branch if (CHECK_ATTR(BPF_PROG_LOAD)) ^ kernel/bpf/syscall.c:2173:6: note: Assuming the condition is false if (attr->prog_flags & ~(BPF_F_STRICT_ALIGNMENT | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2173:2: note: Taking false branch if (attr->prog_flags & ~(BPF_F_STRICT_ALIGNMENT | ^ kernel/bpf/syscall.c:2180:58: note: Left side of '&&' is false if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && ^ kernel/bpf/syscall.c:2186:6: note: Assuming the condition is false if (strncpy_from_bpfptr(license, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2186:2: note: Taking false branch if (strncpy_from_bpfptr(license, ^ kernel/bpf/syscall.c:2195:6: note: Assuming field 'insn_cnt' is not equal to 0 if (attr->insn_cnt == 0 || ^~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2195:6: note: Left side of '||' is false kernel/bpf/syscall.c:2196:24: note: Assuming the condition is false attr->insn_cnt > (bpf_capable() ? BPF_COMPLEXITY_LIMIT_INSNS : BPF_MAXINSNS)) ^~~~~~~~~~~~~ kernel/bpf/syscall.c:2196:24: note: '?' condition is false kernel/bpf/syscall.c:2196:6: note: Assuming the condition is false attr->insn_cnt > (bpf_capable() ? BPF_COMPLEXITY_LIMIT_INSNS : BPF_MAXINSNS)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2195:2: note: Taking false branch if (attr->insn_cnt == 0 || ^ kernel/bpf/syscall.c:2198:6: note: Assuming 'type' is equal to BPF_PROG_TYPE_SOCKET_FILTER if (type != BPF_PROG_TYPE_SOCKET_FILTER && ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2198:42: note: Left side of '&&' is false if (type != BPF_PROG_TYPE_SOCKET_FILTER && ^ kernel/bpf/syscall.c:2203:6: note: Calling 'is_net_admin_prog_type' if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2111:2: note: Control jumps to the 'default' case at line 2135 switch (prog_type) { ^ kernel/bpf/syscall.c:2136:3: note: Returning zero, which participates in a condition later return false; ^~~~~~~~~~~~ kernel/bpf/syscall.c:2203:6: note: Returning from 'is_net_admin_prog_type' if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2203:35: note: Left side of '&&' is false if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) ^ kernel/bpf/syscall.c:2205:6: note: Calling 'is_perfmon_prog_type' if (is_perfmon_prog_type(type) && !perfmon_capable()) ^~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2142:2: note: Control jumps to the 'default' case at line 2153 switch (prog_type) { ^ kernel/bpf/syscall.c:2154:3: note: Returning zero, which participates in a condition later return false; ^~~~~~~~~~~~ kernel/bpf/syscall.c:2205:6: note: Returning from 'is_perfmon_prog_type' if (is_perfmon_prog_type(type) && !perfmon_capable()) ^~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2205:33: note: Left side of '&&' is false if (is_perfmon_prog_type(type) && !perfmon_capable()) ^ kernel/bpf/syscall.c:2207:6: note: Assuming field 'kfunc_btf_fds_cnt' is <= MAX_KFUNC_DESCS if (attr->kfunc_btf_fds_cnt > MAX_KFUNC_DESCS) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2207:2: note: Taking false branch if (attr->kfunc_btf_fds_cnt > MAX_KFUNC_DESCS) ^ kernel/bpf/syscall.c:2213:6: note: Assuming field 'attach_prog_fd' is 0 if (attr->attach_prog_fd) { ^~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2213:2: note: Taking false branch if (attr->attach_prog_fd) { ^ kernel/bpf/syscall.c:2228:13: note: Assuming field 'attach_btf_id' is 0 } else if (attr->attach_btf_id) { ^~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:2228:9: note: Taking false branch } else if (attr->attach_btf_id) { ^ kernel/bpf/syscall.c:2238:2: note: Calling 'bpf_prog_load_fixup_attach_type' bpf_prog_load_fixup_attach_type(attr); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/bpf/syscall.c:1994:2: note: 'Default' branch taken. Execution continues on line 1994 switch (attr->prog_type) { ^ vim +2286 kernel/bpf/syscall.c 09756af46893c1 Alexei Starovoitov 2014-09-26 2160 af2ac3e13e4575 Alexei Starovoitov 2021-05-13 2161 static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr) 09756af46893c1 Alexei Starovoitov 2014-09-26 2162 { 09756af46893c1 Alexei Starovoitov 2014-09-26 2163 enum bpf_prog_type type = attr->prog_type; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2164 struct bpf_prog *prog, *dst_prog = NULL; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2165 struct btf *attach_btf = NULL; 09756af46893c1 Alexei Starovoitov 2014-09-26 2166 char license[128]; 09756af46893c1 Alexei Starovoitov 2014-09-26 2167 bool is_gpl; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2168 int err; 09756af46893c1 Alexei Starovoitov 2014-09-26 2169 09756af46893c1 Alexei Starovoitov 2014-09-26 2170 if (CHECK_ATTR(BPF_PROG_LOAD)) 09756af46893c1 Alexei Starovoitov 2014-09-26 2171 return -EINVAL; 09756af46893c1 Alexei Starovoitov 2014-09-26 2172 c240eff63a1cf1 Jiong Wang 2019-05-24 2173 if (attr->prog_flags & ~(BPF_F_STRICT_ALIGNMENT | c240eff63a1cf1 Jiong Wang 2019-05-24 2174 BPF_F_ANY_ALIGNMENT | 10d274e880eb20 Alexei Starovoitov 2019-08-22 2175 BPF_F_TEST_STATE_FREQ | 1e6c62a8821557 Alexei Starovoitov 2020-08-27 2176 BPF_F_SLEEPABLE | c240eff63a1cf1 Jiong Wang 2019-05-24 2177 BPF_F_TEST_RND_HI32)) e07b98d9bffe41 David S. Miller 2017-05-10 2178 return -EINVAL; e07b98d9bffe41 David S. Miller 2017-05-10 2179 e9ee9efc0d1765 David Miller 2018-11-30 2180 if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && e9ee9efc0d1765 David Miller 2018-11-30 2181 (attr->prog_flags & BPF_F_ANY_ALIGNMENT) && 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2182 !bpf_capable()) e9ee9efc0d1765 David Miller 2018-11-30 2183 return -EPERM; e9ee9efc0d1765 David Miller 2018-11-30 2184 09756af46893c1 Alexei Starovoitov 2014-09-26 2185 /* copy eBPF program license from user space */ af2ac3e13e4575 Alexei Starovoitov 2021-05-13 2186 if (strncpy_from_bpfptr(license, af2ac3e13e4575 Alexei Starovoitov 2021-05-13 2187 make_bpfptr(attr->license, uattr.is_kernel), 09756af46893c1 Alexei Starovoitov 2014-09-26 2188 sizeof(license) - 1) < 0) 09756af46893c1 Alexei Starovoitov 2014-09-26 2189 return -EFAULT; 09756af46893c1 Alexei Starovoitov 2014-09-26 2190 license[sizeof(license) - 1] = 0; 09756af46893c1 Alexei Starovoitov 2014-09-26 2191 09756af46893c1 Alexei Starovoitov 2014-09-26 2192 /* eBPF programs must be GPL compatible to use GPL-ed functions */ 09756af46893c1 Alexei Starovoitov 2014-09-26 2193 is_gpl = license_is_gpl_compatible(license); 09756af46893c1 Alexei Starovoitov 2014-09-26 2194 c04c0d2b968ac4 Alexei Starovoitov 2019-04-01 2195 if (attr->insn_cnt == 0 || 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2196 attr->insn_cnt > (bpf_capable() ? BPF_COMPLEXITY_LIMIT_INSNS : BPF_MAXINSNS)) ef0915cacd04c9 Daniel Borkmann 2016-12-07 2197 return -E2BIG; 80b7d81912d807 Chenbo Feng 2017-05-31 2198 if (type != BPF_PROG_TYPE_SOCKET_FILTER && 80b7d81912d807 Chenbo Feng 2017-05-31 2199 type != BPF_PROG_TYPE_CGROUP_SKB && 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2200 !bpf_capable()) 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2201 return -EPERM; 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2202 b338cb921e6739 Maciej Żenczykowski 2020-06-20 2203 if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2204 return -EPERM; 2c78ee898d8f10 Alexei Starovoitov 2020-05-13 2205 if (is_perfmon_prog_type(type) && !perfmon_capable()) 1be7f75d1668d6 Alexei Starovoitov 2015-10-07 2206 return -EPERM; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2207 if (attr->kfunc_btf_fds_cnt > MAX_KFUNC_DESCS) e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2208 return -E2BIG; 1be7f75d1668d6 Alexei Starovoitov 2015-10-07 2209 290248a5b7d829 Andrii Nakryiko 2020-12-03 2210 /* attach_prog_fd/attach_btf_obj_fd can specify fd of either bpf_prog 290248a5b7d829 Andrii Nakryiko 2020-12-03 2211 * or btf, we need to check which one it is 290248a5b7d829 Andrii Nakryiko 2020-12-03 2212 */ 290248a5b7d829 Andrii Nakryiko 2020-12-03 2213 if (attr->attach_prog_fd) { 290248a5b7d829 Andrii Nakryiko 2020-12-03 2214 dst_prog = bpf_prog_get(attr->attach_prog_fd); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2215 if (IS_ERR(dst_prog)) { 290248a5b7d829 Andrii Nakryiko 2020-12-03 2216 dst_prog = NULL; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2217 attach_btf = btf_get_by_fd(attr->attach_btf_obj_fd); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2218 if (IS_ERR(attach_btf)) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2219 return -EINVAL; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2220 if (!btf_is_kernel(attach_btf)) { 8bdd8e275ede97 Andrii Nakryiko 2020-12-07 2221 /* attaching through specifying bpf_prog's BTF 8bdd8e275ede97 Andrii Nakryiko 2020-12-07 2222 * objects directly might be supported eventually 8bdd8e275ede97 Andrii Nakryiko 2020-12-07 2223 */ 290248a5b7d829 Andrii Nakryiko 2020-12-03 2224 btf_put(attach_btf); 8bdd8e275ede97 Andrii Nakryiko 2020-12-07 2225 return -ENOTSUPP; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2226 } 290248a5b7d829 Andrii Nakryiko 2020-12-03 2227 } 290248a5b7d829 Andrii Nakryiko 2020-12-03 2228 } else if (attr->attach_btf_id) { 290248a5b7d829 Andrii Nakryiko 2020-12-03 2229 /* fall back to vmlinux BTF, if BTF type ID is specified */ 290248a5b7d829 Andrii Nakryiko 2020-12-03 2230 attach_btf = bpf_get_btf_vmlinux(); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2231 if (IS_ERR(attach_btf)) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2232 return PTR_ERR(attach_btf); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2233 if (!attach_btf) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2234 return -EINVAL; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2235 btf_get(attach_btf); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2236 } 290248a5b7d829 Andrii Nakryiko 2020-12-03 2237 aac3fc320d9404 Andrey Ignatov 2018-03-30 2238 bpf_prog_load_fixup_attach_type(attr); ccfe29eb29c2ed Alexei Starovoitov 2019-10-15 2239 if (bpf_prog_load_check_attach(type, attr->expected_attach_type, 290248a5b7d829 Andrii Nakryiko 2020-12-03 2240 attach_btf, attr->attach_btf_id, 290248a5b7d829 Andrii Nakryiko 2020-12-03 2241 dst_prog)) { 290248a5b7d829 Andrii Nakryiko 2020-12-03 2242 if (dst_prog) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2243 bpf_prog_put(dst_prog); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2244 if (attach_btf) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2245 btf_put(attach_btf); 5e43f899b03a34 Andrey Ignatov 2018-03-30 2246 return -EINVAL; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2247 } 5e43f899b03a34 Andrey Ignatov 2018-03-30 2248 09756af46893c1 Alexei Starovoitov 2014-09-26 2249 /* plain bpf_prog allocation */ 09756af46893c1 Alexei Starovoitov 2014-09-26 2250 prog = bpf_prog_alloc(bpf_prog_size(attr->insn_cnt), GFP_USER); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2251 if (!prog) { 290248a5b7d829 Andrii Nakryiko 2020-12-03 2252 if (dst_prog) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2253 bpf_prog_put(dst_prog); 290248a5b7d829 Andrii Nakryiko 2020-12-03 2254 if (attach_btf) 290248a5b7d829 Andrii Nakryiko 2020-12-03 2255 btf_put(attach_btf); 09756af46893c1 Alexei Starovoitov 2014-09-26 2256 return -ENOMEM; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2257 } 09756af46893c1 Alexei Starovoitov 2014-09-26 2258 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2259 if (attr->kfunc_btf_fds_cnt) { e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2260 struct bpf_kfunc_btf_tab *tab; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2261 int fds[MAX_KFUNC_DESCS], i; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2262 bpfptr_t kfunc_btf_fds; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2263 u32 kfunc_btf_size, n; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2264 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2265 kfunc_btf_size = min_t(u32, MAX_KFUNC_DESCS, attr->kfunc_btf_fds_cnt); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2266 kfunc_btf_fds = make_bpfptr(attr->kfunc_btf_fds, uattr.is_kernel); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2267 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2268 err = -EFAULT; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2269 if (copy_from_bpfptr(fds, kfunc_btf_fds, kfunc_btf_size * sizeof(int))) e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2270 goto free_prog; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2271 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2272 err = -ENOMEM; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2273 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2274 n = kfunc_btf_size; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2275 kfunc_btf_size *= sizeof(prog->aux->kfunc_btf_tab->btfs[0]); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2276 kfunc_btf_size += sizeof(*prog->aux->kfunc_btf_tab); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2277 prog->aux->kfunc_btf_tab = kzalloc(kfunc_btf_size, GFP_KERNEL); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2278 if (!prog->aux->kfunc_btf_tab) e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2279 goto free_prog; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2280 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2281 tab = prog->aux->kfunc_btf_tab; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2282 for (i = 0; i < n; i++) { e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2283 struct btf_mod_pair *p; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2284 struct btf *mod_btf; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2285 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 @2286 mod_btf = btf_get_by_fd(fds[i]); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2287 if (IS_ERR(mod_btf)) { e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2288 err = PTR_ERR(mod_btf); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2289 goto free_prog; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2290 } e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2291 if (!btf_is_module(mod_btf)) { e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2292 err = -EINVAL; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2293 btf_put(mod_btf); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2294 goto free_prog; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2295 } e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2296 e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2297 p = &tab->btfs[tab->nr_btfs]; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2298 p->module = btf_try_get_module(mod_btf); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2299 if (!p->module) { e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2300 btf_put(mod_btf); e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2301 goto free_prog; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2302 } e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2303 p->btf = mod_btf; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2304 tab->nr_btfs++; e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2305 } e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2306 } e868250a992dc2 Kumar Kartikeya Dwivedi 2021-08-30 2307 5e43f899b03a34 Andrey Ignatov 2018-03-30 2308 prog->expected_attach_type = attr->expected_attach_type; 290248a5b7d829 Andrii Nakryiko 2020-12-03 2309 prog->aux->attach_btf = attach_btf; ccfe29eb29c2ed Alexei Starovoitov 2019-10-15 2310 prog->aux->attach_btf_id = attr->attach_btf_id; 3aac1ead5eb6b7 Toke Høiland-Jørgensen 2020-09-29 2311 prog->aux->dst_prog = dst_prog; 9a18eedb145d08 Jakub Kicinski 2017-12-27 2312 prog->aux->offload_requested = !!attr->prog_ifindex; 1e6c62a8821557 Alexei Starovoitov 2020-08-27 2313 prog->aux->sleepable = attr->prog_flags & BPF_F_SLEEPABLE; 9a18eedb145d08 Jakub Kicinski 2017-12-27 2314 afdb09c720b62b Chenbo Feng 2017-10-18 2315 err = security_bpf_prog_alloc(prog->aux); aaac3ba95e4c8b Alexei Starovoitov 2015-10-07 2316 if (err) 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2317 goto free_prog; afdb09c720b62b Chenbo Feng 2017-10-18 2318 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2319 prog->aux->user = get_current_user(); 09756af46893c1 Alexei Starovoitov 2014-09-26 2320 prog->len = attr->insn_cnt; 09756af46893c1 Alexei Starovoitov 2014-09-26 2321 09756af46893c1 Alexei Starovoitov 2014-09-26 2322 err = -EFAULT; af2ac3e13e4575 Alexei Starovoitov 2021-05-13 2323 if (copy_from_bpfptr(prog->insns, af2ac3e13e4575 Alexei Starovoitov 2021-05-13 2324 make_bpfptr(attr->insns, uattr.is_kernel), aafe6ae9cee32d Daniel Borkmann 2016-12-18 2325 bpf_prog_insn_size(prog)) != 0) 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2326 goto free_prog_sec; 09756af46893c1 Alexei Starovoitov 2014-09-26 2327 09756af46893c1 Alexei Starovoitov 2014-09-26 2328 prog->orig_prog = NULL; a91263d520246b Daniel Borkmann 2015-09-30 2329 prog->jited = 0; 09756af46893c1 Alexei Starovoitov 2014-09-26 2330 85192dbf4de087 Andrii Nakryiko 2019-11-17 2331 atomic64_set(&prog->aux->refcnt, 1); a91263d520246b Daniel Borkmann 2015-09-30 2332 prog->gpl_compatible = is_gpl ? 1 : 0; 09756af46893c1 Alexei Starovoitov 2014-09-26 2333 9a18eedb145d08 Jakub Kicinski 2017-12-27 2334 if (bpf_prog_is_dev_bound(prog->aux)) { ab3f0063c48c26 Jakub Kicinski 2017-11-03 2335 err = bpf_prog_offload_init(prog, attr); ab3f0063c48c26 Jakub Kicinski 2017-11-03 2336 if (err) 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2337 goto free_prog_sec; ab3f0063c48c26 Jakub Kicinski 2017-11-03 2338 } ab3f0063c48c26 Jakub Kicinski 2017-11-03 2339 09756af46893c1 Alexei Starovoitov 2014-09-26 2340 /* find program type: socket_filter vs tracing_filter */ 09756af46893c1 Alexei Starovoitov 2014-09-26 2341 err = find_prog_type(type, prog); 09756af46893c1 Alexei Starovoitov 2014-09-26 2342 if (err < 0) 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2343 goto free_prog_sec; 09756af46893c1 Alexei Starovoitov 2014-09-26 2344 9285ec4c8b61d4 Jason A. Donenfeld 2019-06-21 2345 prog->aux->load_time = ktime_get_boottime_ns(); 8e7ae2518f5265 Martin KaFai Lau 2020-03-13 2346 err = bpf_obj_name_cpy(prog->aux->name, attr->prog_name, 8e7ae2518f5265 Martin KaFai Lau 2020-03-13 2347 sizeof(attr->prog_name)); 8e7ae2518f5265 Martin KaFai Lau 2020-03-13 2348 if (err < 0) 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2349 goto free_prog_sec; cb4d2b3f03d8ee Martin KaFai Lau 2017-09-27 2350 09756af46893c1 Alexei Starovoitov 2014-09-26 2351 /* run eBPF verifier */ 838e96904ff3fc Yonghong Song 2018-11-19 2352 err = bpf_check(&prog, attr, uattr); 09756af46893c1 Alexei Starovoitov 2014-09-26 2353 if (err < 0) 09756af46893c1 Alexei Starovoitov 2014-09-26 2354 goto free_used_maps; 09756af46893c1 Alexei Starovoitov 2014-09-26 2355 d1c55ab5e41fcd Daniel Borkmann 2016-05-13 2356 prog = bpf_prog_select_runtime(prog, &err); 04fd61ab36ec06 Alexei Starovoitov 2015-05-19 2357 if (err < 0) 04fd61ab36ec06 Alexei Starovoitov 2015-05-19 2358 goto free_used_maps; 09756af46893c1 Alexei Starovoitov 2014-09-26 2359 dc4bb0e2356149 Martin KaFai Lau 2017-06-05 2360 err = bpf_prog_alloc_id(prog); dc4bb0e2356149 Martin KaFai Lau 2017-06-05 2361 if (err) dc4bb0e2356149 Martin KaFai Lau 2017-06-05 2362 goto free_used_maps; dc4bb0e2356149 Martin KaFai Lau 2017-06-05 2363 c751798aa224fa Daniel Borkmann 2019-08-23 2364 /* Upon success of bpf_prog_alloc_id(), the BPF prog is c751798aa224fa Daniel Borkmann 2019-08-23 2365 * effectively publicly exposed. However, retrieving via c751798aa224fa Daniel Borkmann 2019-08-23 2366 * bpf_prog_get_fd_by_id() will take another reference, c751798aa224fa Daniel Borkmann 2019-08-23 2367 * therefore it cannot be gone underneath us. c751798aa224fa Daniel Borkmann 2019-08-23 2368 * c751798aa224fa Daniel Borkmann 2019-08-23 2369 * Only for the time /after/ successful bpf_prog_new_fd() c751798aa224fa Daniel Borkmann 2019-08-23 2370 * and before returning to userspace, we might just hold c751798aa224fa Daniel Borkmann 2019-08-23 2371 * one reference and any parallel close on that fd could c751798aa224fa Daniel Borkmann 2019-08-23 2372 * rip everything out. Hence, below notifications must c751798aa224fa Daniel Borkmann 2019-08-23 2373 * happen before bpf_prog_new_fd(). c751798aa224fa Daniel Borkmann 2019-08-23 2374 * c751798aa224fa Daniel Borkmann 2019-08-23 2375 * Also, any failure handling from this point onwards must c751798aa224fa Daniel Borkmann 2019-08-23 2376 * be using bpf_prog_put() given the program is exposed. b16d9aa4c2b90a Martin KaFai Lau 2017-06-05 2377 */ 74451e66d516c5 Daniel Borkmann 2017-02-16 2378 bpf_prog_kallsyms_add(prog); 6ee52e2a3fe4ea Song Liu 2019-01-17 2379 perf_event_bpf_event(prog, PERF_BPF_EVENT_PROG_LOAD, 0); bae141f54be83b Daniel Borkmann 2019-12-06 2380 bpf_audit_prog(prog, BPF_AUDIT_LOAD); c751798aa224fa Daniel Borkmann 2019-08-23 2381 c751798aa224fa Daniel Borkmann 2019-08-23 2382 err = bpf_prog_new_fd(prog); c751798aa224fa Daniel Borkmann 2019-08-23 2383 if (err < 0) c751798aa224fa Daniel Borkmann 2019-08-23 2384 bpf_prog_put(prog); 09756af46893c1 Alexei Starovoitov 2014-09-26 2385 return err; 09756af46893c1 Alexei Starovoitov 2014-09-26 2386 09756af46893c1 Alexei Starovoitov 2014-09-26 2387 free_used_maps: cd7455f1013ef9 Daniel Borkmann 2019-10-22 2388 /* In case we have subprogs, we need to wait for a grace cd7455f1013ef9 Daniel Borkmann 2019-10-22 2389 * period before we can tear down JIT memory since symbols cd7455f1013ef9 Daniel Borkmann 2019-10-22 2390 * are already exposed under kallsyms. cd7455f1013ef9 Daniel Borkmann 2019-10-22 2391 */ cd7455f1013ef9 Daniel Borkmann 2019-10-22 2392 __bpf_prog_put_noref(prog, prog->aux->func_cnt); cd7455f1013ef9 Daniel Borkmann 2019-10-22 2393 return err; afdb09c720b62b Chenbo Feng 2017-10-18 2394 free_prog_sec: 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2395 free_uid(prog->aux->user); afdb09c720b62b Chenbo Feng 2017-10-18 2396 security_bpf_prog_free(prog->aux); 3ac1f01b43b6e2 Roman Gushchin 2020-12-01 2397 free_prog: 22dc4a0f5ed11b Andrii Nakryiko 2020-12-03 2398 if (prog->aux->attach_btf) 22dc4a0f5ed11b Andrii Nakryiko 2020-12-03 2399 btf_put(prog->aux->attach_btf); 09756af46893c1 Alexei Starovoitov 2014-09-26 2400 bpf_prog_free(prog); 09756af46893c1 Alexei Starovoitov 2014-09-26 2401 return err; 09756af46893c1 Alexei Starovoitov 2014-09-26 2402 } 09756af46893c1 Alexei Starovoitov 2014-09-26 2403 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

4 months, 2 weeks

1
0
0 / 0

[linux-next:master 5941/11397] drivers/gpu/host1x/fence.c:156 host1x_fence_create() warn: possible memory leak of 'fence'

by kernel test robot

CC: kbuild-all(a)lists.01.org CC: Linux Memory Management List <linux-mm(a)kvack.org> TO: Mikko Perttunen <mperttunen(a)nvidia.com> CC: Thierry Reding <treding(a)nvidia.com> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: 52c7b727581fe725f8b8a283af21fe0651c73c48 commit: 687db2207b1bc94ca34743871167923a6de78d85 [5941/11397] gpu: host1x: Add DMA fence implementation :::::: branch date: 17 hours ago :::::: commit date: 3 weeks ago config: arm64-randconfig-m031-20210831 (attached as .config) compiler: aarch64-linux-gcc (GCC) 11.2.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> smatch warnings: drivers/gpu/host1x/fence.c:156 host1x_fence_create() warn: possible memory leak of 'fence' vim +/fence +156 drivers/gpu/host1x/fence.c 687db2207b1bc9 Mikko Perttunen 2021-06-10 145 687db2207b1bc9 Mikko Perttunen 2021-06-10 146 struct dma_fence *host1x_fence_create(struct host1x_syncpt *sp, u32 threshold) 687db2207b1bc9 Mikko Perttunen 2021-06-10 147 { 687db2207b1bc9 Mikko Perttunen 2021-06-10 148 struct host1x_syncpt_fence *fence; 687db2207b1bc9 Mikko Perttunen 2021-06-10 149 687db2207b1bc9 Mikko Perttunen 2021-06-10 150 fence = kzalloc(sizeof(*fence), GFP_KERNEL); 687db2207b1bc9 Mikko Perttunen 2021-06-10 151 if (!fence) 687db2207b1bc9 Mikko Perttunen 2021-06-10 152 return ERR_PTR(-ENOMEM); 687db2207b1bc9 Mikko Perttunen 2021-06-10 153 687db2207b1bc9 Mikko Perttunen 2021-06-10 154 fence->waiter = kzalloc(sizeof(*fence->waiter), GFP_KERNEL); 687db2207b1bc9 Mikko Perttunen 2021-06-10 155 if (!fence->waiter) 687db2207b1bc9 Mikko Perttunen 2021-06-10 @156 return ERR_PTR(-ENOMEM); --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

4 months, 2 weeks

1
0
0 / 0

2022

2021

2020

2019

kbuild September 2021