Hi Tyrone, First bad commit (maybe != root cause): tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: f2528c29385819a84480cacef4886b049761e2c5 commit: bbc38ed53a02a759d8e5c01e834eca49304a2315 [1342/8914] i2c: npcm: Support NPCM845 config: microblaze-randconfig-m031-20220706 (https://download.01.org/0day-ci/archive/20220711/202207110811.lWIJpo4l-lkp@xxxxxxxxx/config) compiler: microblaze-linux-gcc (GCC) 11.3.0 If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> smatch warnings: drivers/i2c/busses/i2c-npcm7xx.c:639 npcm_i2c_slave_enable() error: buffer overflow 'npcm_i2caddr' 2 <= 9 vim +/npcm_i2caddr +639 drivers/i2c/busses/i2c-npcm7xx.c f54736925a4f83 Tali Perry 2020-05-27 607 static int npcm_i2c_slave_enable(struct npcm_i2c *bus, enum i2c_addr addr_type, f54736925a4f83 Tali Perry 2020-05-27 608 u8 addr, bool enable) f54736925a4f83 Tali Perry 2020-05-27 609 { f54736925a4f83 Tali Perry 2020-05-27 610 u8 i2cctl1; f54736925a4f83 Tali Perry 2020-05-27 611 u8 i2cctl3; f54736925a4f83 Tali Perry 2020-05-27 612 u8 sa_reg; f54736925a4f83 Tali Perry 2020-05-27 613 f54736925a4f83 Tali Perry 2020-05-27 614 sa_reg = (addr & 0x7F) | FIELD_PREP(NPCM_I2CADDR_SAEN, enable); f54736925a4f83 Tali Perry 2020-05-27 615 if (addr_type == I2C_GC_ADDR) { f54736925a4f83 Tali Perry 2020-05-27 616 i2cctl1 = ioread8(bus->reg + NPCM_I2CCTL1); f54736925a4f83 Tali Perry 2020-05-27 617 if (enable) f54736925a4f83 Tali Perry 2020-05-27 618 i2cctl1 |= NPCM_I2CCTL1_GCMEN; f54736925a4f83 Tali Perry 2020-05-27 619 else f54736925a4f83 Tali Perry 2020-05-27 620 i2cctl1 &= ~NPCM_I2CCTL1_GCMEN; f54736925a4f83 Tali Perry 2020-05-27 621 iowrite8(i2cctl1, bus->reg + NPCM_I2CCTL1); f54736925a4f83 Tali Perry 2020-05-27 622 return 0; 47d506d1a28fd1 Tali Perry 2022-05-25 623 } else if (addr_type == I2C_ARP_ADDR) { f54736925a4f83 Tali Perry 2020-05-27 624 i2cctl3 = ioread8(bus->reg + NPCM_I2CCTL3); f54736925a4f83 Tali Perry 2020-05-27 625 if (enable) f54736925a4f83 Tali Perry 2020-05-27 626 i2cctl3 |= I2CCTL3_ARPMEN; f54736925a4f83 Tali Perry 2020-05-27 627 else f54736925a4f83 Tali Perry 2020-05-27 628 i2cctl3 &= ~I2CCTL3_ARPMEN; f54736925a4f83 Tali Perry 2020-05-27 629 iowrite8(i2cctl3, bus->reg + NPCM_I2CCTL3); f54736925a4f83 Tali Perry 2020-05-27 630 return 0; f54736925a4f83 Tali Perry 2020-05-27 631 } 47d506d1a28fd1 Tali Perry 2022-05-25 632 if (addr_type > I2C_SLAVE_ADDR2 && addr_type <= I2C_SLAVE_ADDR10) 47d506d1a28fd1 Tali Perry 2022-05-25 633 dev_err(bus->dev, "try to enable more than 2 SA not supported\n"); This prints an error message for values 2-10, but allows 0-1,11,12. Maybe the intention here was to return -EINVAL? It seldom makes sense to print an error and then go forward with an out of bounds access. 47d506d1a28fd1 Tali Perry 2022-05-25 634 f54736925a4f83 Tali Perry 2020-05-27 635 if (addr_type >= I2C_ARP_ADDR) ^^^^^^^^^^^^ This is addr_type >= 11 so Smatch complains that npcm_i2caddr[] only has two elements. My personal Smatch run with the cross function DB says that addr_type is always 0 so it doesn't complain. However, one rule of kernel style is that we do not allow stub code and also to a human reader this code really does look buggy... :/ f54736925a4f83 Tali Perry 2020-05-27 636 return -EFAULT; 47d506d1a28fd1 Tali Perry 2022-05-25 637 f54736925a4f83 Tali Perry 2020-05-27 638 /* Set and enable the address */ f54736925a4f83 Tali Perry 2020-05-27 @639 iowrite8(sa_reg, bus->reg + npcm_i2caddr[addr_type]); f54736925a4f83 Tali Perry 2020-05-27 640 npcm_i2c_slave_int_enable(bus, enable); 47d506d1a28fd1 Tali Perry 2022-05-25 641 f54736925a4f83 Tali Perry 2020-05-27 642 return 0; f54736925a4f83 Tali Perry 2020-05-27 643 } -- 0-DAY CI Kernel Test Service https://01.org/lkp
