Re: [alobakin:pfcp 11/19] include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]'

From: Alexander Lobakin
Date: Mon Nov 06 2023 - 11:33:56 EST

Next message: Jeff Johnson: "Re: [PATCH v2 0/3] wifi: rt2x00: improve watchdog support"
Previous message: Mathieu Desnoyers: "Re: [RFC PATCH v2 0/2] sched/fair migration reduction features"
Next in thread: Andy Shevchenko: "Re: [alobakin:pfcp 11/19] include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BTW, I have this in my inbox:

From: Kernel Test Robot <lkp@xxxxxxxxx>
Date: Tue, 17 Oct 2023 08:14:51 +0800

> tree: https://github.com/alobakin/linux pfcp
> head: 9183a3eb639912169a3d3e2be4f25556b465919b
> commit: c8a652cdcc0964510f108726b3da0784d1bc0cd2 [11/19] bitmap: make bitmap_{get,set}_value8() use bitmap_{read,write}()

So it happened after I converted bitmap_{get,set}_value8() so that they
use bitmap_{read,write}().

> config: x86_64-randconfig-004-20231017 (https://download.01.org/0day-ci/archive/20231017/202310170708.fJzLlgDM-lkp@xxxxxxxxx/config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310170708.fJzLlgDM-lkp@xxxxxxxxx/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@xxxxxxxxx>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202310170708.fJzLlgDM-lkp@xxxxxxxxx/
>
> All warnings (new ones prefixed by >>):
>
> In file included from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:23,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:9,
> from include/linux/preempt.h:79,
> from include/linux/spinlock.h:56,
> from include/linux/mmzone.h:8,
> from include/linux/gfp.h:7,
> from include/linux/slab.h:16,
> from include/linux/resource_ext.h:11,
> from include/linux/acpi.h:13,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c: In function 'pca953x_probe':
>>> include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
> 642 | map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
> | ^~
> In file included from include/linux/kasan-checks.h:5,
> from include/asm-generic/rwonce.h:26,
> from ./arch/x86/include/generated/asm/rwonce.h:1,
> from include/linux/compiler.h:246,
> from include/linux/build_bug.h:5,
> from include/linux/bits.h:21,
> from include/linux/ioport.h:13,
> from include/linux/acpi.h:12,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
> 1032 | DECLARE_BITMAP(val, MAX_LINE);
> | ^~~
> include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
> 11 | unsigned long name[BITS_TO_LONGS(bits)]
> | ^~~~
> In file included from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:23,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:9,
> from include/linux/preempt.h:79,
> from include/linux/spinlock.h:56,
> from include/linux/mmzone.h:8,
> from include/linux/gfp.h:7,
> from include/linux/slab.h:16,
> from include/linux/resource_ext.h:11,
> from include/linux/acpi.h:13,
> from drivers/gpio/gpio-pca953x.c:11:
>>> include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
> 642 | map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
> | ^~
> In file included from include/linux/kasan-checks.h:5,
> from include/asm-generic/rwonce.h:26,
> from ./arch/x86/include/generated/asm/rwonce.h:1,
> from include/linux/compiler.h:246,
> from include/linux/build_bug.h:5,
> from include/linux/bits.h:21,
> from include/linux/ioport.h:13,
> from include/linux/acpi.h:12,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
> 1032 | DECLARE_BITMAP(val, MAX_LINE);
> | ^~~
> include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
> 11 | unsigned long name[BITS_TO_LONGS(bits)]
> | ^~~~
> In file included from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:23,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:9,
> from include/linux/preempt.h:79,
> from include/linux/spinlock.h:56,
> from include/linux/mmzone.h:8,
> from include/linux/gfp.h:7,
> from include/linux/slab.h:16,
> from include/linux/resource_ext.h:11,
> from include/linux/acpi.h:13,
> from drivers/gpio/gpio-pca953x.c:11:
> include/linux/bitmap.h:643:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
> 643 | map[index + 1] |= (value >> space);
> | ^~
> In file included from include/linux/kasan-checks.h:5,
> from include/asm-generic/rwonce.h:26,
> from ./arch/x86/include/generated/asm/rwonce.h:1,
> from include/linux/compiler.h:246,
> from include/linux/build_bug.h:5,
> from include/linux/bits.h:21,
> from include/linux/ioport.h:13,
> from include/linux/acpi.h:12,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
> 1032 | DECLARE_BITMAP(val, MAX_LINE);
> | ^~~
> include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
> 11 | unsigned long name[BITS_TO_LONGS(bits)]
> | ^~~~
> In file included from include/linux/cpumask.h:12,
> from arch/x86/include/asm/cpumask.h:5,
> from arch/x86/include/asm/msr.h:11,
> from arch/x86/include/asm/processor.h:23,
> from arch/x86/include/asm/cpufeature.h:5,
> from arch/x86/include/asm/thread_info.h:53,
> from include/linux/thread_info.h:60,
> from arch/x86/include/asm/preempt.h:9,
> from include/linux/preempt.h:79,
> from include/linux/spinlock.h:56,
> from include/linux/mmzone.h:8,
> from include/linux/gfp.h:7,
> from include/linux/slab.h:16,
> from include/linux/resource_ext.h:11,
> from include/linux/acpi.h:13,
> from drivers/gpio/gpio-pca953x.c:11:
> include/linux/bitmap.h:643:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]' [-Warray-bounds]
> 643 | map[index + 1] |= (value >> space);
> | ^~
> In file included from include/linux/kasan-checks.h:5,
> from include/asm-generic/rwonce.h:26,
> from ./arch/x86/include/generated/asm/rwonce.h:1,
> from include/linux/compiler.h:246,
> from include/linux/build_bug.h:5,
> from include/linux/bits.h:21,
> from include/linux/ioport.h:13,
> from include/linux/acpi.h:12,
> from drivers/gpio/gpio-pca953x.c:11:
> drivers/gpio/gpio-pca953x.c:1032:17: note: while referencing 'val'
> 1032 | DECLARE_BITMAP(val, MAX_LINE);
> | ^~~
> include/linux/types.h:11:16: note: in definition of macro 'DECLARE_BITMAP'
> 11 | unsigned long name[BITS_TO_LONGS(bits)]
> | ^~~~
>
>
> vim +642 include/linux/bitmap.h
>
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 603
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 604 /**
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 605 * bitmap_write - write n-bit value within a memory region
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 606 * @map: address to the bitmap memory region
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 607 * @value: value to write, clamped to nbits
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 608 * @start: bit offset of the n-bit value
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 609 * @nbits: size of value in bits, nonzero, up to BITS_PER_LONG.
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 610 *
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 611 * bitmap_write() behaves as-if implemented as @nbits calls of __assign_bit(),
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 612 * i.e. bits beyond @nbits are ignored:
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 613 *
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 614 * for (bit = 0; bit < nbits; bit++)
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 615 * __assign_bit(start + bit, bitmap, val & BIT(bit));
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 616 */
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 617 static inline void bitmap_write(unsigned long *map,
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 618 unsigned long value,
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 619 unsigned long start, unsigned long nbits)
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 620 {
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 621 size_t index;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 622 unsigned long offset;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 623 unsigned long space;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 624 unsigned long mask;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 625 bool fit;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 626
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 627 if (unlikely(!nbits))
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 628 return;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 629
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 630 mask = BITMAP_LAST_WORD_MASK(nbits);
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 631 value &= mask;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 632 offset = start % BITS_PER_LONG;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 633 space = BITS_PER_LONG - offset;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 634 fit = space >= nbits;

For that particular case, @offset is not a compile-time constant, thus
the compiler can't assume anything. @space and @fit are as well due to that.

> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 635 index = BIT_WORD(start);
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 636
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 637 map[index] &= (fit ? (~(mask << offset)) : ~BITMAP_FIRST_WORD_MASK(start));
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 638 map[index] |= value << offset;
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 639 if (fit)
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 640 return;

...which means the compiler doesn't know whether this condition will
return from the function or not.

> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 641
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 @642 map[index + 1] &= BITMAP_FIRST_WORD_MASK(start + nbits);
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 643 map[index + 1] |= (value >> space);

However, it knows that the bitmap has only 1 long and indexes above 0
are not valid.

Not sure how to approach this :z It was also captured on the version you
sent 2 weeks ago, so this could've been resolved already.

> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 644 }
> c8ac468adba7fe Syed Nayyar Waris 2023-10-11 645
>
> :::::: The code at line 642 was first introduced by commit
> :::::: c8ac468adba7fe930ec22f392d5f127b768deccc lib/bitmap: add bitmap_{read,write}()
>
> :::::: TO: Syed Nayyar Waris <syednwaris@xxxxxxxxx>
> :::::: CC: Alexander Lobakin <aleksander.lobakin@xxxxxxxxx>
>

Thanks,
Olek

Next message: Jeff Johnson: "Re: [PATCH v2 0/3] wifi: rt2x00: improve watchdog support"
Previous message: Mathieu Desnoyers: "Re: [RFC PATCH v2 0/2] sched/fair migration reduction features"
Next in thread: Andy Shevchenko: "Re: [alobakin:pfcp 11/19] include/linux/bitmap.h:642:17: warning: array subscript [1, 1024] is outside array bounds of 'long unsigned int[1]'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]