| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161128090300.ux67txkljn7enhpr@wfg-t540p.sh.intel.com>
Date: Mon, 28 Nov 2016 17:03:00 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Julia Lawall <julia.lawall@...6.fr>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, kbuild-all@...org,
linux-kernel@...r.kernel.org
Subject: Re: [kbuild-all] drivers/staging/greybus/bootrom.c:298:35-39: ERROR:
fw is NULL but dereferenced.
On Mon, Nov 28, 2016 at 09:59:52AM +0100, Julia Lawall wrote:
>
>
>On Mon, 28 Nov 2016, Fengguang Wu wrote:
>
>> On Sun, Nov 27, 2016 at 12:06:33PM +0100, Greg KH wrote:
>> > On Sun, Nov 27, 2016 at 07:11:46AM +0800, kbuild test robot wrote:
>> > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
>> > > master
>> > > head: a0d60e62ea5c88a9823410e9d0929a513e29dea2
>> > > commit: f44dd184634d401f5cf88a6d8b4a60d5ff4f417f Merge greybus driver tree
>> > > into 4.8-rc6
>> > > date: 10 weeks ago
>> >
>> > This is a false-positive, sorry.
>>
>> Yes it's a false warning: ret != 0, so fw->size in the if test won't be
>> dereferenced.
>> Relevant code:
>>
>> if (!fw) {
>> dev_err(dev, "%s: firmware not available\n", __func__);
>> ret = -EINVAL;
>> goto unlock;
>> }
>> ...
>> unlock:
>> mutex_unlock(&bootrom->mutex);
>>
>> queue_work:
>> /* Refresh timeout */
>> if (!ret && (offset + size == fw->size))
>> next_request = NEXT_REQ_READY_TO_BOOT;
>> else
>> next_request = NEXT_REQ_GET_FIRMWARE;
>>
>> CC Julia for possible improvements to the coccinelle script. If it's
>> not convenient to fix there I'll teach the robot to ignore this
>> particular false warning.
>
>This looks like it depends on analyzing the values of variables.
>
>It may be best to teach the robot to avoid this warning. I can check
>these reports if needed for this problem.
OK. I'll send this kind of warnings to you instead of directly
reporting to the developer. Hope it's not a big burden on you.
Thanks,
Fengguang
>> > > coccinelle warnings: (new ones prefixed by >>)
>> > >
>> > > >> drivers/staging/greybus/bootrom.c:298:35-39: ERROR: fw is NULL but
>> > > dereferenced.
>> > >
>> > > vim +298 drivers/staging/greybus/bootrom.c
>> > >
>> > > 90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 282
>> > > dev_err(dev, "%s: error allocating response\n", __func__);
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 283
>> > > ret = -ENOMEM;
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 284
>> > > goto unlock;
>> > > 90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 285
>> > > }
>> > > 90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 286
>> > > 90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 287
>> > > firmware_response = op->response->payload;
>> > > 98645a9c drivers/staging/greybus/firmware.c Johan Hovold 2015-11-19 288
>> > > memcpy(firmware_response->data, fw->data + offset, size);
>> > > 90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 289
>> > > fc41c2da drivers/staging/greybus/firmware.c Eli Sennesh 2016-01-08 290
>> > > dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n", offset,
>> > > fc41c2da drivers/staging/greybus/firmware.c Eli Sennesh 2016-01-08 291
>> > > size);
>> > > fc41c2da drivers/staging/greybus/firmware.c Eli Sennesh 2016-01-08 292
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 293
>> > > unlock:
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 294
>> > > mutex_unlock(&bootrom->mutex);
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 295
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 296
>> > > queue_work:
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 297
>> > > /* Refresh timeout */
>> > > a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 @298
>> > > if (!ret && (offset + size == fw->size))
>> > > a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 299
>> > > next_request = NEXT_REQ_READY_TO_BOOT;
>> > > a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 300
>> > > else
>> > > a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 301
>> > > next_request = NEXT_REQ_GET_FIRMWARE;
>> > > a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 302
>> > > dbb8cfeb drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 303
>> > > gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 304
>> > > a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 305
>> > > return ret;
>> > > 90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 306
>> > > }
>> > >
>> > > :::::: The code at line 298 was first introduced by commit
>> > > :::::: a4293e1d4e6416477976ee3bd248589d3fc4bb19 greybus: bootrom: Enhance
>> > > timeout error message
>> > >
>> > > :::::: TO: Viresh Kumar <viresh.kumar@...aro.org>
>> > > :::::: CC: Greg Kroah-Hartman <gregkh@...gle.com>
>> > >
>> > > ---
>> > > 0-DAY kernel test infrastructure Open Source Technology
>> > > Center
>> > > https://lists.01.org/pipermail/kbuild-all Intel
>> > > Corporation
>>
>_______________________________________________
>kbuild-all mailing list
>kbuild-all@...ts.01.org
>https://lists.01.org/mailman/listinfo/kbuild-all
Powered by blists - more mailing lists