Bug Summary

File:arch/amd64/amd64/db_trace.c
Warning:line 175, column 32
The left operand of '==' is a garbage value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name db_trace.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -ffreestanding -mcmodel=kernel -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -target-feature -sse2 -target-feature -sse -target-feature -3dnow -target-feature -mmx -target-feature +save-args -disable-red-zone -no-implicit-float -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/sys -I /usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -I /usr/src/sys/arch -I /usr/src/sys/dev/pci/drm/include -I /usr/src/sys/dev/pci/drm/include/uapi -I /usr/src/sys/dev/pci/drm/amd/include/asic_reg -I /usr/src/sys/dev/pci/drm/amd/include -I /usr/src/sys/dev/pci/drm/amd/amdgpu -I /usr/src/sys/dev/pci/drm/amd/display -I /usr/src/sys/dev/pci/drm/amd/display/include -I /usr/src/sys/dev/pci/drm/amd/display/dc -I /usr/src/sys/dev/pci/drm/amd/display/amdgpu_dm -I /usr/src/sys/dev/pci/drm/amd/pm/inc -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu11 -I /usr/src/sys/dev/pci/drm/amd/pm/swsmu/smu12 -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/hwmgr -I /usr/src/sys/dev/pci/drm/amd/pm/powerplay/smumgr -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc -I /usr/src/sys/dev/pci/drm/amd/display/dc/inc/hw -I /usr/src/sys/dev/pci/drm/amd/display/dc/clk_mgr -I /usr/src/sys/dev/pci/drm/amd/display/modules/inc -I /usr/src/sys/dev/pci/drm/amd/display/modules/hdcp -I /usr/src/sys/dev/pci/drm/amd/display/dmub/inc -I /usr/src/sys/dev/pci/drm/i915 -D DDB -D DIAGNOSTIC -D KTRACE -D ACCOUNTING -D KMEMSTATS -D PTRACE -D POOL_DEBUG -D CRYPTO -D SYSVMSG -D SYSVSEM -D SYSVSHM -D UVM_SWAP_ENCRYPT -D FFS -D FFS2 -D FFS_SOFTUPDATES -D UFS_DIRHASH -D QUOTA -D EXT2FS -D MFS -D NFSCLIENT -D NFSSERVER -D CD9660 -D UDF -D MSDOSFS -D FIFO -D FUSE -D SOCKET_SPLICE -D TCP_ECN -D TCP_SIGNATURE -D INET6 -D IPSEC -D PPP_BSDCOMP -D PPP_DEFLATE -D PIPEX -D MROUTING -D MPLS -D BOOT_CONFIG -D USER_PCICONF -D APERTURE -D MTRR -D NTFS -D HIBERNATE -D PCIVERBOSE -D USBVERBOSE -D WSDISPLAY_COMPAT_USL -D WSDISPLAY_COMPAT_RAWKBD -D WSDISPLAY_DEFAULTSCREENS=6 -D X86EMU -D ONEWIREVERBOSE -D MULTIPROCESSOR -D MAXUSERS=80 -D _KERNEL -D CONFIG_DRM_AMD_DC_DCN3_0 -O2 -Wno-pointer-sign -Wno-address-of-packed-member -Wno-constant-conversion -Wno-unused-but-set-variable -Wno-gnu-folding-constant -fdebug-compilation-dir=/usr/src/sys/arch/amd64/compile/GENERIC.MP/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /usr/obj/sys/arch/amd64/compile/GENERIC.MP/scan-build/2022-01-12-131800-47421-1 -x c /usr/src/sys/arch/amd64/amd64/db_trace.c
1/* $OpenBSD: db_trace.c,v 1.54 2021/09/04 07:13:14 jasper Exp $ */
2/* $NetBSD: db_trace.c,v 1.1 2003/04/26 18:39:27 fvdl Exp $ */
3
4/*
5 * Mach Operating System
6 * Copyright (c) 1991,1990 Carnegie Mellon University
7 * All Rights Reserved.
8 *
9 * Permission to use, copy, modify and distribute this software and its
10 * documentation is hereby granted, provided that both the copyright
11 * notice and this permission notice appear in all copies of the
12 * software, derivative works or modified versions, and any portions
13 * thereof, and that both notices appear in supporting documentation.
14 *
15 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
16 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
17 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
18 *
19 * Carnegie Mellon requests users of this software to return to
20 *
21 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
22 * School of Computer Science
23 * Carnegie Mellon University
24 * Pittsburgh PA 15213-3890
25 *
26 * any improvements or extensions that they make and grant Carnegie the
27 * rights to redistribute these changes.
28 */
29
30#include <sys/param.h>
31#include <sys/systm.h>
32#include <sys/proc.h>
33#include <sys/stacktrace.h>
34#include <sys/user.h>
35
36#include <machine/db_machdep.h>
37#include <machine/frame.h>
38#include <machine/trap.h>
39
40#include <ddb/db_sym.h>
41#include <ddb/db_access.h>
42#include <ddb/db_variables.h>
43#include <ddb/db_output.h>
44
45/*
46 * Machine register set.
47 */
48struct db_variable db_regs[] = {
49 { "rdi", (long *)&ddb_regs.tf_rdi, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
50 { "rsi", (long *)&ddb_regs.tf_rsi, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
51 { "rbp", (long *)&ddb_regs.tf_rbp, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
52 { "rbx", (long *)&ddb_regs.tf_rbx, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
53 { "rdx", (long *)&ddb_regs.tf_rdx, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
54 { "rcx", (long *)&ddb_regs.tf_rcx, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
55 { "rax", (long *)&ddb_regs.tf_rax, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
56 { "r8", (long *)&ddb_regs.tf_r8, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
57 { "r9", (long *)&ddb_regs.tf_r9, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
58 { "r10", (long *)&ddb_regs.tf_r10, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
59 { "r11", (long *)&ddb_regs.tf_r11, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
60 { "r12", (long *)&ddb_regs.tf_r12, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
61 { "r13", (long *)&ddb_regs.tf_r13, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
62 { "r14", (long *)&ddb_regs.tf_r14, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
63 { "r15", (long *)&ddb_regs.tf_r15, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
64 { "rip", (long *)&ddb_regs.tf_rip, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
65 { "cs", (long *)&ddb_regs.tf_cs, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
66 { "rflags", (long *)&ddb_regs.tf_rflags, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
67 { "rsp", (long *)&ddb_regs.tf_rsp, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
68 { "ss", (long *)&ddb_regs.tf_ss, FCN_NULL((int (*)(struct db_variable *, db_expr_t *, int))0) },
69};
70struct db_variable * db_eregs = db_regs + nitems(db_regs)(sizeof((db_regs)) / sizeof((db_regs)[0]));
71
72/*
73 * Stack trace.
74 */
75#define INKERNEL(va)(((vaddr_t)(va)) >= 0xffff800000000000) (((vaddr_t)(va)) >= VM_MIN_KERNEL_ADDRESS0xffff800000000000)
76
77
78const unsigned long *db_reg_args[6] = {
79 (unsigned long *)&ddb_regs.tf_rdi,
80 (unsigned long *)&ddb_regs.tf_rsi,
81 (unsigned long *)&ddb_regs.tf_rdx,
82 (unsigned long *)&ddb_regs.tf_rcx,
83 (unsigned long *)&ddb_regs.tf_r8,
84 (unsigned long *)&ddb_regs.tf_r9,
85};
86
87void
88db_stack_trace_print(db_expr_t addr, int have_addr, db_expr_t count,
89 char *modif, int (*pr)(const char *, ...))
90{
91 struct callframe *frame, *lastframe;
92 unsigned long *argp, *arg0;
93 vaddr_t callpc;
94 unsigned int cr4save = CR4_SMEP0x00100000|CR4_SMAP0x00200000;
95 int kernel_only = 1;
96 int trace_proc = 0;
97 struct proc *p;
98
99 {
100 char *cp = modif;
101 char c;
102
103 while ((c = *cp++) != 0) {
1
Assuming the condition is false
2
Loop condition is false. Execution continues on line 111
104 if (c == 't')
105 trace_proc = 1;
106 if (c == 'u')
107 kernel_only = 0;
108 }
109 }
110
111 if (trace_proc
2.1
'trace_proc' is 0
) {
3
Taking false branch
112 p = tfind((pid_t)addr);
113 if (p == NULL((void *)0)) {
114 (*pr) ("not found\n");
115 return;
116 }
117 }
118
119 cr4save = rcr4();
120 if (cr4save & CR4_SMAP0x00200000)
4
Assuming the condition is false
5
Taking false branch
121 lcr4(cr4save & ~CR4_SMAP0x00200000);
122
123 if (!have_addr) {
6
Assuming 'have_addr' is 0
7
Taking true branch
124 frame = (struct callframe *)ddb_regs.tf_rbp;
125 callpc = (vaddr_t)ddb_regs.tf_rip;
126 } else if (trace_proc) {
127 frame = (struct callframe *)p->p_addr->u_pcb.pcb_rbp;
128 callpc = (vaddr_t)
129 db_get_value((vaddr_t)&frame->f_retaddr, 8, 0);
130 frame = (struct callframe *)frame->f_frame;
131 } else {
132 frame = (struct callframe *)addr;
133 callpc = (vaddr_t)
134 db_get_value((vaddr_t)&frame->f_retaddr, 8, 0);
135 frame = (struct callframe *)frame->f_frame;
136 }
137
138 lastframe = 0;
139 while (count && frame != 0) {
8
Assuming 'count' is not equal to 0
9
Assuming 'frame' is not equal to null
10
Loop condition is true. Entering loop body
140 int narg;
141 unsigned int i;
142 char * name;
143 db_expr_t offset;
11
'offset' declared without an initial value
144 Elf_SymElf64_Sym * sym;
145
146 if (INKERNEL(frame)(((vaddr_t)(frame)) >= 0xffff800000000000)) {
12
Assuming 'frame' is < -140737488355328
13
Taking false branch
147 sym = db_search_symbol(callpc, DB_STGY_ANY0, &offset);
148 db_symbol_values(sym, &name, NULL((void *)0));
149 } else {
150 sym = NULL((void *)0);
151 name = NULL((void *)0);
152 }
153
154 if (lastframe
13.1
'lastframe' is equal to null
== 0 && sym
13.2
'sym' is equal to NULL
== NULL((void *)0) && callpc != 0) {
14
Assuming 'callpc' is equal to 0
15
Taking false branch
155 /* Symbol not found, peek at code */
156 unsigned long instr = db_get_value(callpc, 8, 0);
157
158 offset = 1;
159 if (instr == 0xe5894855 ||
160 /* enter: pushq %rbp, movq %rsp, %rbp */
161 (instr & 0x00ffffff) == 0x00e58948
162 /* enter+1: movq %rsp, %rbp */) {
163 offset = 0;
164 }
165 }
166
167 if ((narg = db_ctf_func_numargs(sym)) < 0)
16
Assuming the condition is false
17
Taking false branch
168 narg = 6;
169
170 if (name
17.1
'name' is equal to NULL
== NULL((void *)0))
18
Taking true branch
171 (*pr)("%lx(", callpc);
172 else
173 (*pr)("%s(", name);
174
175 if (lastframe
18.1
'lastframe' is equal to null
== 0 && offset == 0 && !have_addr) {
19
The left operand of '==' is a garbage value
176 /* We have a breakpoint before the frame is set up */
177 for (i = 0; i < narg; i++) {
178 (*pr)("%lx", *db_reg_args[i]);
179 if (--narg != 0)
180 (*pr)(",");
181 }
182
183 /* Use %rsp instead */
184 arg0 =
185 &((struct callframe *)(ddb_regs.tf_rsp-8))->f_arg0;
186 } else {
187 argp = (unsigned long *)frame;
188 for (i = narg; i > 0; i--) {
189 argp--;
190 (*pr)("%lx", db_get_value((vaddr_t)argp,
191 sizeof(*argp), 0));
192 if (--narg != 0)
193 (*pr)(",");
194 }
195
196 arg0 = &frame->f_arg0;
197 }
198
199 for (argp = arg0; narg > 0; ) {
200 (*pr)("%lx", db_get_value((vaddr_t)argp,
201 sizeof(*argp), 0));
202 argp++;
203 if (--narg != 0)
204 (*pr)(",");
205 }
206 (*pr)(") at ");
207 db_printsym(callpc, DB_STGY_PROC2, pr);
208 (*pr)("\n");
209
210 if (lastframe == 0 && offset == 0 && !have_addr) {
211 /* Frame really belongs to next callpc */
212 lastframe = (struct callframe *)(ddb_regs.tf_rsp-8);
213 callpc = (vaddr_t)
214 db_get_value((vaddr_t)&lastframe->f_retaddr,
215 8, 0);
216 continue;
217 }
218
219 lastframe = frame;
220 callpc = (vaddr_t)db_get_value(
221 (vaddr_t)&frame->f_retaddr, 8, 0);
222 frame = (struct callframe *)db_get_value(
223 (vaddr_t)&frame->f_frame, 8, 0);
224
225 if (frame == 0) {
226 /* end of chain */
227 break;
228 }
229 if (INKERNEL(frame)(((vaddr_t)(frame)) >= 0xffff800000000000)) {
230 /* staying in kernel */
231 if (frame <= lastframe) {
232 (*pr)("Bad frame pointer: %p\n", frame);
233 break;
234 }
235 } else if (INKERNEL(lastframe)(((vaddr_t)(lastframe)) >= 0xffff800000000000)) {
236 /* switch from user to kernel */
237 if (kernel_only) {
238 (*pr)("end of kernel\n");
239 break; /* kernel stack only */
240 }
241 } else {
242 /* in user */
243 if (frame <= lastframe) {
244 (*pr)("Bad user frame pointer: %p\n",
245 frame);
246 break;
247 }
248 }
249 --count;
250 }
251 (*pr)("end trace frame: 0x%lx, count: %d\n", frame, count);
252
253 if (cr4save & CR4_SMAP0x00200000)
254 lcr4(cr4save);
255}
256
257void
258stacktrace_save_at(struct stacktrace *st, unsigned int skip)
259{
260 struct callframe *frame, *lastframe, *limit;
261 struct pcb *pcb = curpcb({struct cpu_info *__ci; asm volatile("movq %%gs:%P1,%0" : "=r"
(__ci) :"n" (__builtin_offsetof(struct cpu_info, ci_self)));
__ci;})->ci_curpcb
;
262
263 st->st_count = 0;
264
265 if (pcb == NULL((void *)0))
266 return;
267
268 frame = __builtin_frame_address(0);
269 KASSERT(INKERNEL(frame))(((((vaddr_t)(frame)) >= 0xffff800000000000)) ? (void)0 : __assert
("diagnostic ", "/usr/src/sys/arch/amd64/amd64/db_trace.c", 269
, "INKERNEL(frame)"))
;
270 limit = (struct callframe *)((struct trapframe *)pcb->pcb_kstack - 1);
271
272 while (st->st_count < STACKTRACE_MAX19) {
273 if (skip == 0)
274 st->st_pc[st->st_count++] = frame->f_retaddr;
275 else
276 skip--;
277
278 lastframe = frame;
279 frame = frame->f_frame;
280
281 if (frame <= lastframe)
282 break;
283 if (frame >= limit)
284 break;
285 if (!INKERNEL(frame->f_retaddr)(((vaddr_t)(frame->f_retaddr)) >= 0xffff800000000000))
286 break;
287 }
288}
289
290vaddr_t
291db_get_pc(struct trapframe *tf)
292{
293 struct callframe *cf = (struct callframe *)(tf->tf_rsp - sizeof(long));
294
295 return db_get_value((vaddr_t)&cf->f_retaddr, sizeof(long), 0);
296}
297
298vaddr_t
299db_get_probe_addr(struct trapframe *tf)
300{
301 return tf->tf_rip - BKPT_SIZE(1);
302}