CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com In-Reply-To: <20220320183225.1.Iaf638bb9f885f5880ab1b4e7ae2f73dd53a54661@changeid> References: <20220320183225.1.Iaf638bb9f885f5880ab1b4e7ae2f73dd53a54661@changeid> TO: Manish Mandlik <mmand...@google.com> TO: mar...@holtmann.org TO: luiz.de...@gmail.com CC: chromeos-bluetooth-upstream...@chromium.org CC: linux-blueto...@vger.kernel.org CC: "Abhishek Pandit-Subedi" <abhishekpan...@chromium.org> CC: Manish Mandlik <mmand...@google.com> CC: Jakub Kicinski <k...@kernel.org> CC: Johan Hedberg <johan.hedb...@gmail.com> CC: Paolo Abeni <pab...@redhat.com> CC: linux-ker...@vger.kernel.org CC: net...@vger.kernel.org
Hi Manish, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on bluetooth/master] [also build test WARNING on bluetooth-next/master v5.17 next-20220323] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Manish-Mandlik/Bluetooth-Add-support-for-devcoredump/20220321-093553 base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git master :::::: branch date: 3 days ago :::::: commit date: 3 days ago config: i386-randconfig-c001 (https://download.01.org/0day-ci/archive/20220324/202203241228.edfar8zw-...@intel.com/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 85e9b2687a13d1908aa86d1b89c5ce398a06cd39) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/ac170a5ea7c81e445f903d14dce2a5f92155d1ef git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Manish-Mandlik/Bluetooth-Add-support-for-devcoredump/20220321-093553 git checkout ac170a5ea7c81e445f903d14dce2a5f92155d1ef # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <l...@intel.com> clang-analyzer warnings: (new ones prefixed by >>) strcpy(motu->card->mixername, motu->spec->name); ^~~~~~ sound/firewire/motu/motu.c:46:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(motu->card->mixername, motu->spec->name); ^~~~~~ 1 warning generated. sound/firewire/motu/motu-pcm.c:363:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(pcm->name, motu->card->shortname); ^~~~~~ sound/firewire/motu/motu-pcm.c:363:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(pcm->name, motu->card->shortname); ^~~~~~ 2 warnings generated. sound/firewire/fireface/ff.c:31:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ff->card->shortname, name); ^~~~~~ sound/firewire/fireface/ff.c:31:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ff->card->shortname, name); ^~~~~~ sound/firewire/fireface/ff.c:32:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ff->card->mixername, name); ^~~~~~ sound/firewire/fireface/ff.c:32:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ff->card->mixername, name); ^~~~~~ 1 warning generated. sound/firewire/fireface/ff-hwdep.c:181:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(hwdep->name, ff->card->driver); ^~~~~~ sound/firewire/fireface/ff-hwdep.c:181:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(hwdep->name, ff->card->driver); ^~~~~~ 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. fs/xfs/xfs_reflink.c:1154:3: warning: Value stored to 'qdelta' is never read [clang-analyzer-deadcode.DeadStores] qdelta += dmap->br_blockcount; ^ ~~~~~~~~~~~~~~~~~~~ fs/xfs/xfs_reflink.c:1154:3: note: Value stored to 'qdelta' is never read qdelta += dmap->br_blockcount; ^ ~~~~~~~~~~~~~~~~~~~ Suppressed 2 warnings (1 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. drivers/net/can/softing/softing_fw.c:531:3: warning: Value stored to 'error_reporting' is never read [clang-analyzer-deadcode.DeadStores] error_reporting += softing_error_reporting(netdev); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/can/softing/softing_fw.c:531:3: note: Value stored to 'error_reporting' is never read error_reporting += softing_error_reporting(netdev); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4 warnings generated. net/bluetooth/hci_core.c:891:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(di.name, hdev->name); ^~~~~~ net/bluetooth/hci_core.c:891:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(di.name, hdev->name); ^~~~~~ >> net/bluetooth/hci_core.c:2467:2: warning: Value stored to 'ptr' is never >> read [clang-analyzer-deadcode.DeadStores] ptr += read; ^ ~~~~ net/bluetooth/hci_core.c:2467:2: note: Value stored to 'ptr' is never read ptr += read; ^ ~~~~ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c:372:4: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores] err = 0; ^ ~ drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c:372:4: note: Value stored to 'err' is never read err = 0; ^ ~ 1 warning generated. drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c:152:34: warning: Value stored to 'tx_ring' during its initialization is never read [clang-analyzer-deadcode.DeadStores] const struct mcp251xfd_tx_ring *tx_ring = priv->tx; ^~~~~~~ ~~~~~~~~ drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c:152:34: note: Value stored to 'tx_ring' during its initialization is never read const struct mcp251xfd_tx_ring *tx_ring = priv->tx; ^~~~~~~ ~~~~~~~~ 1 warning generated. sound/soc/codecs/da7213.c:1427:3: warning: Value stored to 'indiv' is never read [clang-analyzer-deadcode.DeadStores] indiv = DA7213_PLL_INDIV_9_TO_18_MHZ_VAL; ^ sound/soc/codecs/da7213.c:1427:3: note: Value stored to 'indiv' is never read 1 warning generated. drivers/media/i2c/imx258.c:781:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = imx258_write_reg(imx258, IMX258_REG_TEST_PATTERN, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/imx258.c:781:3: note: Value stored to 'ret' is never read ret = imx258_write_reg(imx258, IMX258_REG_TEST_PATTERN, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. sound/firewire/fireworks/fireworks.c:94:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(efw->card->shortname, hwinfo->model_name); ^~~~~~ sound/firewire/fireworks/fireworks.c:94:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(efw->card->shortname, hwinfo->model_name); ^~~~~~ sound/firewire/fireworks/fireworks.c:95:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(efw->card->mixername, hwinfo->model_name); ^~~~~~ sound/firewire/fireworks/fireworks.c:95:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(efw->card->mixername, hwinfo->model_name); ^~~~~~ 1 warning generated. drivers/input/rmi4/rmi_f11.c:1129:2: warning: Value stored to 'query_offset' is never read [clang-analyzer-deadcode.DeadStores] query_offset += rc; ^ ~~ drivers/input/rmi4/rmi_f11.c:1129:2: note: Value stored to 'query_offset' is never read query_offset += rc; ^ ~~ 3 warnings generated. drivers/input/rmi4/rmi_f12.c:133:3: warning: Value stored to 'offset' is never read [clang-analyzer-deadcode.DeadStores] offset += 1; ^ ~ drivers/input/rmi4/rmi_f12.c:133:3: note: Value stored to 'offset' is never read offset += 1; ^ ~ drivers/input/rmi4/rmi_f12.c:401:2: warning: Value stored to 'query_addr' is never read [clang-analyzer-deadcode.DeadStores] query_addr += 3; ^ ~ drivers/input/rmi4/rmi_f12.c:401:2: note: Value stored to 'query_addr' is never read query_addr += 3; ^ ~ drivers/input/rmi4/rmi_f12.c:520:3: warning: Value stored to 'data_offset' is never read [clang-analyzer-deadcode.DeadStores] data_offset += item->reg_size; ^ ~~~~~~~~~~~~~~ drivers/input/rmi4/rmi_f12.c:520:3: note: Value stored to 'data_offset' is never read data_offset += item->reg_size; ^ ~~~~~~~~~~~~~~ 2 warnings generated. drivers/media/i2c/adv7170.c:361:3: warning: Value stored to 'i' is never read [clang-analyzer-deadcode.DeadStores] i = adv7170_write(sd, 0x07, TR0MODE | TR0RST); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/adv7170.c:361:3: note: Value stored to 'i' is never read i = adv7170_write(sd, 0x07, TR0MODE | TR0RST); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/adv7170.c:362:3: warning: Value stored to 'i' is never read [clang-analyzer-deadcode.DeadStores] i = adv7170_write(sd, 0x07, TR0MODE); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/adv7170.c:362:3: note: Value stored to 'i' is never read i = adv7170_write(sd, 0x07, TR0MODE); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. drivers/media/i2c/adv7175.c:416:3: warning: Value stored to 'i' is never read [clang-analyzer-deadcode.DeadStores] i = adv7175_write(sd, 0x07, TR0MODE | TR0RST); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/adv7175.c:416:3: note: Value stored to 'i' is never read i = adv7175_write(sd, 0x07, TR0MODE | TR0RST); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/adv7175.c:417:3: warning: Value stored to 'i' is never read [clang-analyzer-deadcode.DeadStores] i = adv7175_write(sd, 0x07, TR0MODE); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/i2c/adv7175.c:417:3: note: Value stored to 'i' is never read i = adv7175_write(sd, 0x07, TR0MODE); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. arch/x86/include/asm/paravirt.h:55:2: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign] vim +/ptr +2467 net/bluetooth/hci_core.c ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2445 ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2446 static int hci_devcoredump_mkheader(struct hci_dev *hdev, char *buf, ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2447 size_t buf_size) ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2448 { ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2449 char *ptr = buf; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2450 size_t rem = buf_size; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2451 size_t read = 0; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2452 ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2453 read = hci_devcoredump_update_hdr_state(ptr, rem, HCI_DEVCOREDUMP_IDLE); ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2454 read += 1; /* update_hdr_state adds \0 at the end upon state rewrite */ ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2455 rem -= read; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2456 ptr += read; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2457 ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2458 if (hdev->dump.dmp_hdr) { ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2459 /* dmp_hdr() should return number of bytes written */ ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2460 read = hdev->dump.dmp_hdr(hdev, ptr, rem); ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2461 rem -= read; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2462 ptr += read; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2463 } ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2464 ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2465 read = snprintf(ptr, rem, "--- Start dump ---\n"); ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2466 rem -= read; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 @2467 ptr += read; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2468 ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2469 return buf_size - rem; ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2470 } ac170a5ea7c81e Abhishek Pandit-Subedi 2022-03-20 2471 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org