* [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
@ 2015-11-04 17:46 Stephen Hemminger
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Hemminger @ 2015-11-04 17:46 UTC (permalink / raw)
To: dev
Begin forwarded message:
Date: Wed, 04 Nov 2015 08:08:51 -0800
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
Hi,
Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
17 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
20 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 119270: Integer handling issues (SIGN_EXTENSION)
/drivers/net/fm10k/fm10k_rxtx_vec.c: 652 in vtx1()
________________________________________________________________________________________________________
*** CID 119270: Integer handling issues (SIGN_EXTENSION)
/drivers/net/fm10k/fm10k_rxtx_vec.c: 652 in vtx1()
646
647 static inline void
648 vtx1(volatile struct fm10k_tx_desc *txdp,
649 struct rte_mbuf *pkt, uint64_t flags)
650 {
651 __m128i descriptor = _mm_set_epi64x(flags << 56 |
>>> CID 119270: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "pkt->vlan_tci" with type "unsigned short" (16 bits, unsigned) is promoted in "pkt->vlan_tci << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "pkt->vlan_tci << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
652 pkt->vlan_tci << 16 | pkt->data_len,
653 MBUF_DMA_ADDR(pkt));
654 _mm_store_si128((__m128i *)txdp, descriptor);
655 }
656
657 static inline void
** CID 119269: Integer handling issues (SIGN_EXTENSION)
/drivers/net/virtio/virtio_rxtx.c: 355 in virtio_dev_vring_start()
________________________________________________________________________________________________________
*** CID 119269: Integer handling issues (SIGN_EXTENSION)
/drivers/net/virtio/virtio_rxtx.c: 355 in virtio_dev_vring_start()
349 int mid_idx = vq->vq_nentries >> 1;
350 for (i = 0; i < mid_idx; i++) {
351 vq->vq_ring.avail->ring[i] = i + mid_idx;
352 vq->vq_ring.desc[i + mid_idx].next = i;
353 vq->vq_ring.desc[i + mid_idx].addr =
354 vq->virtio_net_hdr_mem +
>>> CID 119269: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "vq->hw->vtnet_hdr_size" with type "unsigned short" (16 bits, unsigned) is promoted in "mid_idx * vq->hw->vtnet_hdr_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "mid_idx * vq->hw->vtnet_hdr_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
355 mid_idx * vq->hw->vtnet_hdr_size;
356 vq->vq_ring.desc[i + mid_idx].len =
357 vq->hw->vtnet_hdr_size;
358 vq->vq_ring.desc[i + mid_idx].flags =
359 VRING_DESC_F_NEXT;
360 vq->vq_ring.desc[i].flags = 0;
** CID 119268: Integer handling issues (SIGN_EXTENSION)
/drivers/net/i40e/i40e_fdir.c: 1097 in i40e_fdir_filter_programming()
________________________________________________________________________________________________________
*** CID 119268: Integer handling issues (SIGN_EXTENSION)
/drivers/net/i40e/i40e_fdir.c: 1097 in i40e_fdir_filter_programming()
1091 if (filter->input.flow_ext.is_vf)
1092 vsi_id = pf->vfs[filter->input.flow_ext.dst_id].vsi->vsi_id;
1093 else
1094 /* Use LAN VSI Id by default */
1095 vsi_id = pf->main_vsi->vsi_id;
1096 fdirdp->qindex_flex_ptype_vsi |=
>>> CID 119268: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "vsi_id" with type "unsigned short" (16 bits, unsigned) is promoted in "vsi_id << 23" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "vsi_id << 23" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1097 rte_cpu_to_le_32((vsi_id <<
1098 I40E_TXD_FLTR_QW0_DEST_VSI_SHIFT) &
1099 I40E_TXD_FLTR_QW0_DEST_VSI_MASK);
1100
1101 fdirdp->dtype_cmd_cntindex =
1102 rte_cpu_to_le_32(I40E_TX_DESC_DTYPE_FILTER_PROG);
** CID 119267: Null pointer dereferences (REVERSE_INULL)
/drivers/net/i40e/i40e_rxtx.c: 2596 in i40e_rx_queue_release_mbufs()
________________________________________________________________________________________________________
*** CID 119267: Null pointer dereferences (REVERSE_INULL)
/drivers/net/i40e/i40e_rxtx.c: 2596 in i40e_rx_queue_release_mbufs()
2590 /* SSE Vector driver has a different way of releasing mbufs. */
2591 if (rxq->rx_using_sse) {
2592 i40e_rx_queue_release_mbufs_vec(rxq);
2593 return;
2594 }
2595
>>> CID 119267: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "rxq" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2596 if (!rxq || !rxq->sw_ring) {
2597 PMD_DRV_LOG(DEBUG, "Pointer to rxq or sw_ring is NULL");
2598 return;
2599 }
2600
2601 for (i = 0; i < rxq->nb_rx_desc; i++) {
** CID 119266: Null pointer dereferences (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev_vf.c: 2090 in i40evf_set_rss_lut()
________________________________________________________________________________________________________
*** CID 119266: Null pointer dereferences (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev_vf.c: 2090 in i40evf_set_rss_lut()
2084 i40evf_set_rss_lut(struct i40e_vsi *vsi, uint8_t *lut, uint16_t lut_size)
2085 {
2086 struct i40e_vf *vf = I40E_VSI_TO_VF(vsi);
2087 struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
2088 int ret;
2089
>>> CID 119266: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "vsi" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2090 if (!vsi || !lut)
2091 return -EINVAL;
2092
2093 if (vf->flags & I40E_FLAG_RSS_AQ_CAPABLE) {
2094 ret = i40e_aq_set_rss_lut(hw, vsi->vsi_id, FALSE,
2095 lut, lut_size);
** CID 119265: Null pointer dereferences (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev.c: 2796 in i40e_set_rss_lut()
________________________________________________________________________________________________________
*** CID 119265: Null pointer dereferences (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev.c: 2796 in i40e_set_rss_lut()
2790 i40e_set_rss_lut(struct i40e_vsi *vsi, uint8_t *lut, uint16_t lut_size)
2791 {
2792 struct i40e_pf *pf = I40E_VSI_TO_PF(vsi);
2793 struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
2794 int ret;
2795
>>> CID 119265: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "vsi" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2796 if (!vsi || !lut)
2797 return -EINVAL;
2798
2799 if (pf->flags & I40E_FLAG_RSS_AQ_CAPABLE) {
2800 ret = i40e_aq_set_rss_lut(hw, vsi->vsi_id, TRUE,
2801 lut, lut_size);
** CID 119264: Memory - corruptions (OVERRUN)
/app/test-pmd/testpmd.c: 541 in init_config()
________________________________________________________________________________________________________
*** CID 119264: Memory - corruptions (OVERRUN)
/app/test-pmd/testpmd.c: 541 in init_config()
535 else {
536 uint32_t socket_id = rte_eth_dev_socket_id(pid);
537
538 /* if socket_id is invalid, set to 0 */
539 if (check_socket_id(socket_id) < 0)
540 socket_id = 0;
>>> CID 119264: Memory - corruptions (OVERRUN)
>>> Overrunning array "port_per_socket" of 8 bytes at byte offset 4294967295 using index "socket_id" (which evaluates to 4294967295).
541 port_per_socket[socket_id]++;
542 }
543 }
544
545 /* set flag to initialize port/queue */
546 port->need_reconfig = 1;
** CID 119263: Memory - corruptions (OVERRUN)
/lib/librte_hash/rte_cuckoo_hash.c: 807 in remove_entry()
________________________________________________________________________________________________________
*** CID 119263: Memory - corruptions (OVERRUN)
/lib/librte_hash/rte_cuckoo_hash.c: 807 in remove_entry()
801 n_slots = rte_ring_mp_enqueue_burst(h->free_slots,
802 cached_free_slots->objs,
803 LCORE_CACHE_SIZE);
804 cached_free_slots->len -= n_slots;
805 }
806 /* Put index of new free slot in cache. */
>>> CID 119263: Memory - corruptions (OVERRUN)
>>> Overrunning array "cached_free_slots->objs" of 8 8-byte elements at element index 8 (byte offset 64) using index "cached_free_slots->len" (which evaluates to 8).
807 cached_free_slots->objs[cached_free_slots->len] =
808 (void *)((uintptr_t)bkt->key_idx[i]);
809 cached_free_slots->len++;
810 } else {
811 rte_ring_sp_enqueue(h->free_slots,
812 (void *)((uintptr_t)bkt->key_idx[i]));
** CID 119262: Null pointer dereferences (NULL_RETURNS)
/lib/librte_vhost/vhost_user/virtio-net-user.c: 332 in user_set_vring_enable()
________________________________________________________________________________________________________
*** CID 119262: Null pointer dereferences (NULL_RETURNS)
/lib/librte_vhost/vhost_user/virtio-net-user.c: 332 in user_set_vring_enable()
326
327 if (notify_ops->vring_state_changed) {
328 notify_ops->vring_state_changed(dev, base_idx / VIRTIO_QNUM,
329 enable);
330 }
331
>>> CID 119262: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "dev".
332 dev->virtqueue[base_idx + VIRTIO_RXQ]->enabled = enable;
333 dev->virtqueue[base_idx + VIRTIO_TXQ]->enabled = enable;
334
335 return 0;
336 }
337
** CID 119260: Control flow issues (NESTING_INDENT_MISMATCH)
/drivers/net/e1000/em_ethdev.c: 642 in eth_em_start()
________________________________________________________________________________________________________
*** CID 119260: Control flow issues (NESTING_INDENT_MISMATCH)
/drivers/net/e1000/em_ethdev.c: 642 in eth_em_start()
636 e1000_setup_link(hw);
637
638 if (rte_intr_allow_others(intr_handle)) {
639 /* check if lsc interrupt is enabled */
640 if (dev->data->dev_conf.intr_conf.lsc != 0)
641 ret = eth_em_interrupt_setup(dev);
>>> CID 119260: Control flow issues (NESTING_INDENT_MISMATCH)
>>> This 'if' statement is indented to column 25, as if it were nested within the preceding parent statement, but it is not.
642 if (ret) {
643 PMD_INIT_LOG(ERR, "Unable to setup interrupts");
644 em_dev_clear_queues(dev);
645 return ret;
646 }
647 } else {
** CID 119259: Memory - corruptions (NEGATIVE_RETURNS)
/app/test-pmd/testpmd.c: 541 in init_config()
________________________________________________________________________________________________________
*** CID 119259: Memory - corruptions (NEGATIVE_RETURNS)
/app/test-pmd/testpmd.c: 541 in init_config()
535 else {
536 uint32_t socket_id = rte_eth_dev_socket_id(pid);
537
538 /* if socket_id is invalid, set to 0 */
539 if (check_socket_id(socket_id) < 0)
540 socket_id = 0;
>>> CID 119259: Memory - corruptions (NEGATIVE_RETURNS)
>>> Using variable "socket_id" as an index to array "port_per_socket".
541 port_per_socket[socket_id]++;
542 }
543 }
544
545 /* set flag to initialize port/queue */
546 port->need_reconfig = 1;
** CID 119258: (FORWARD_NULL)
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
________________________________________________________________________________________________________
*** CID 119258: (FORWARD_NULL)
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
360 eth_dev->rx_pkt_burst = eth_ring_rx;
361 eth_dev->tx_pkt_burst = eth_ring_tx;
362
363 return data->port_id;
364
365 error:
>>> CID 119258: (FORWARD_NULL)
>>> Dereferencing null pointer "data".
366 rte_free(data->rx_queues);
367 rte_free(data->tx_queues);
368 rte_free(data);
369 rte_free(internals);
370
371 return -1;
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
360 eth_dev->rx_pkt_burst = eth_ring_rx;
361 eth_dev->tx_pkt_burst = eth_ring_tx;
362
363 return data->port_id;
364
365 error:
>>> CID 119258: (FORWARD_NULL)
>>> Dereferencing null pointer "data".
366 rte_free(data->rx_queues);
367 rte_free(data->tx_queues);
368 rte_free(data);
369 rte_free(internals);
370
371 return -1;
** CID 119257: Null pointer dereferences (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3254 in rte_eth_copy_pci_info()
________________________________________________________________________________________________________
*** CID 119257: Null pointer dereferences (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3254 in rte_eth_copy_pci_info()
3248 if ((eth_dev == NULL) || (pci_dev == NULL)) {
3249 PMD_DEBUG_TRACE("NULL pointer eth_dev=%p pci_dev=%p\n",
3250 eth_dev, pci_dev);
3251 }
3252
3253 eth_dev->data->dev_flags = 0;
>>> CID 119257: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "pci_dev".
3254 if (pci_dev->driver->drv_flags & RTE_PCI_DRV_INTR_LSC)
3255 eth_dev->data->dev_flags |= RTE_ETH_DEV_INTR_LSC;
3256 if (pci_dev->driver->drv_flags & RTE_PCI_DRV_DETACHABLE)
3257 eth_dev->data->dev_flags |= RTE_ETH_DEV_DETACHABLE;
3258
3259 eth_dev->data->kdrv = pci_dev->kdrv;
3260 eth_dev->data->numa_node = pci_dev->numa_node;
3261 eth_dev->data->drv_name = pci_dev->driver->name;
** CID 119256: Null pointer dereferences (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3253 in rte_eth_copy_pci_info()
________________________________________________________________________________________________________
*** CID 119256: Null pointer dereferences (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3253 in rte_eth_copy_pci_info()
3247 {
3248 if ((eth_dev == NULL) || (pci_dev == NULL)) {
3249 PMD_DEBUG_TRACE("NULL pointer eth_dev=%p pci_dev=%p\n",
3250 eth_dev, pci_dev);
3251 }
3252
>>> CID 119256: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "eth_dev".
3253 eth_dev->data->dev_flags = 0;
3254 if (pci_dev->driver->drv_flags & RTE_PCI_DRV_INTR_LSC)
3255 eth_dev->data->dev_flags |= RTE_ETH_DEV_INTR_LSC;
3256 if (pci_dev->driver->drv_flags & RTE_PCI_DRV_DETACHABLE)
3257 eth_dev->data->dev_flags |= RTE_ETH_DEV_DETACHABLE;
3258
3259 eth_dev->data->kdrv = pci_dev->kdrv;
3260 eth_dev->data->numa_node = pci_dev->numa_node;
3261 eth_dev->data->drv_name = pci_dev->driver->name;
** CID 119255: Control flow issues (DEADCODE)
/drivers/net/i40e/i40e_ethdev.c: 6797 in i40e_generate_inset_mask_reg()
________________________________________________________________________________________________________
*** CID 119255: Control flow issues (DEADCODE)
/drivers/net/i40e/i40e_ethdev.c: 6797 in i40e_generate_inset_mask_reg()
6791 {I40E_INSET_IPV6_NEXT_HDR, I40E_INSET_IPV6_NEXT_HDR_MASK},
6792 };
6793
6794 if (!inset || !mask || !nb_elem)
6795 return 0;
6796
>>> CID 119255: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "nb_elem >= 2" inside this statement: "if (!inset && nb_elem >= 2)...".
6797 if (!inset && nb_elem >= I40E_INSET_MASK_NUM_REG) {
6798 for (i = 0; i < I40E_INSET_MASK_NUM_REG; i++)
6799 mask[i] = 0;
6800 return I40E_INSET_MASK_NUM_REG;
6801 }
6802
** CID 119254: Control flow issues (DEADCODE)
/app/test-pmd/config.c: 1257 in dcb_fwd_config_setup()
________________________________________________________________________________________________________
*** CID 119254: Control flow issues (DEADCODE)
/app/test-pmd/config.c: 1257 in dcb_fwd_config_setup()
1251 /* reinitialize forwarding streams */
1252 init_fwd_streams();
1253 sm_id = 0;
1254 if ((rxp & 0x1) == 0)
1255 txp = (portid_t) (rxp + 1);
1256 else
>>> CID 119254: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "txp = (portid_t)(rxp - 1);".
1257 txp = (portid_t) (rxp - 1);
1258 /* get the dcb info on the first RX and TX ports */
1259 (void)rte_eth_dev_get_dcb_info(fwd_ports_ids[rxp], &rxp_dcb_info);
1260 (void)rte_eth_dev_get_dcb_info(fwd_ports_ids[txp], &txp_dcb_info);
1261
1262 for (lc_id = 0; lc_id < cur_fwd_config.nb_fwd_lcores; lc_id++) {
** CID 119251: Error handling issues (CHECKED_RETURN)
/app/test-pmd/cmdline.c: 1492 in cmd_config_rss_parsed()
________________________________________________________________________________________________________
*** CID 119251: Error handling issues (CHECKED_RETURN)
/app/test-pmd/cmdline.c: 1492 in cmd_config_rss_parsed()
1486 else {
1487 printf("Unknown parameter\n");
1488 return;
1489 }
1490 rss_conf.rss_key = NULL;
1491 for (i = 0; i < rte_eth_dev_count(); i++)
>>> CID 119251: Error handling issues (CHECKED_RETURN)
>>> Calling "rte_eth_dev_rss_hash_update" without checking return value (as is done elsewhere 5 out of 6 times).
1492 rte_eth_dev_rss_hash_update(i, &rss_conf);
1493 }
1494
1495 cmdline_parse_token_string_t cmd_config_rss_port =
1496 TOKEN_STRING_INITIALIZER(struct cmd_config_rss, port, "port");
1497 cmdline_parse_token_string_t cmd_config_rss_keyword =
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/dpdk-data-plane-development-kit?tab=overview
To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://scan.coverity.com/subscriptions/edit?email=stephen%40networkplumber.org&token=41b352b884ef3fc73426635eebc294c3
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
2017-05-08 15:35 Stephen Hemminger
@ 2017-05-09 13:00 ` Adrien Mazarguil
0 siblings, 0 replies; 3+ messages in thread
From: Adrien Mazarguil @ 2017-05-09 13:00 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: Thomas Monjalon, dev
Hi,
On Mon, May 08, 2017 at 08:35:16AM -0700, Stephen Hemminger wrote:
> Lots of new warnings. Most of them from the ARK driver.
[...]
> ** CID 144519: Parse warnings (PARSE_ERROR)
> /tmp/auto-config-h.sh.10760.c: 3 in ()
>
>
> ________________________________________________________________________________________________________
> *** CID 144519: Parse warnings (PARSE_ERROR)
> /tmp/auto-config-h.sh.10760.c: 3 in ()
> 1 #include <linux/pkt_cls.h>
> 2
> >>> CID 144519: Parse warnings (PARSE_ERROR)
> >>> identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
[...]
Coverity should not check the temporary files created by auto-config.sh as
they fail to compile on purpose when a requested symbol is missing.
Is there a way to ignore these?
--
Adrien Mazarguil
6WIND
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
@ 2017-05-08 15:35 Stephen Hemminger
2017-05-09 13:00 ` Adrien Mazarguil
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2017-05-08 15:35 UTC (permalink / raw)
To: Thomas Monjalon; +Cc: dev
Lots of new warnings. Most of them from the ARK driver.
Begin forwarded message:
Date: Mon, 08 May 2017 03:17:22 -0700
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
Hi,
Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
15 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)
** CID 144526: Incorrect expression (USELESS_CALL)
________________________________________________________________________________________________________
*** CID 144526: Incorrect expression (USELESS_CALL)
/drivers/net/bonding/rte_eth_bond_pmd.c: 2486 in bond_remove()
2480
2481 eth_dev->dev_ops = NULL;
2482 eth_dev->rx_pkt_burst = NULL;
2483 eth_dev->tx_pkt_burst = NULL;
2484
2485 internals = eth_dev->data->dev_private;
>>> CID 144526: Incorrect expression (USELESS_CALL)
>>> Calling "rte_bitmap_free(internals->vlan_filter_bmp)" is only useful for its return value, which is ignored.
2486 rte_bitmap_free(internals->vlan_filter_bmp);
2487 rte_free(internals->vlan_filter_bmpmem);
2488 rte_free(eth_dev->data->dev_private);
2489 rte_free(eth_dev->data->mac_addrs);
2490
2491 rte_eth_dev_release_port(eth_dev);
** CID 144525: Control flow issues (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()
________________________________________________________________________________________________________
*** CID 144525: Control flow issues (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()
54 _ASM_ALIGN "\n\t"
55 _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t"
56 ".popsection \n\t"
57 : : "i" (key), "i" (branch) : : l_yes);
58
59 return false;
>>> CID 144525: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "l_yes:
return true;".
60 l_yes:
61 return true;
62 }
63
64 #ifdef CONFIG_X86_64
65 typedef u64 jump_label_t;
** CID 144524: Insecure data handling (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()
________________________________________________________________________________________________________
*** CID 144524: Insecure data handling (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()
193 PMD_DEBUG_LOG(DEBUG, "ARK EXT NO dll path specified\n");
194 return 0;
195 }
196 PMD_DRV_LOG(INFO, "ARK EXT found dll path at %s\n", dllpath);
197
198 /* Open and load the .so */
>>> CID 144524: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "dllpath" to "dlopen", which cannot accept tainted data.
199 ark->d_handle = dlopen(dllpath, RTLD_LOCAL | RTLD_LAZY);
200 if (ark->d_handle == NULL) {
201 PMD_DRV_LOG(ERR, "Could not load user extension %s\n",
202 dllpath);
203 return -1;
204 }
** CID 144523: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()
________________________________________________________________________________________________________
*** CID 144523: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()
483
484 len = rte_eth_xstats_get_names_by_id(port_id, NULL, 0, NULL);
485 if (len < 0) {
486 printf("Cannot get xstats count\n");
487 return;
488 }
>>> CID 144523: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.
489 values = malloc(sizeof(values) * len);
490 if (values == NULL) {
491 printf("Cannot allocate memory for xstats\n");
492 return;
493 }
494
** CID 144522: Code maintainability issues (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()
________________________________________________________________________________________________________
*** CID 144522: Code maintainability issues (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()
1711 else {
1712 uint16_t i, size;
1713 uint64_t *values_copy;
1714
1715 size = rte_eth_xstats_get_by_id(port_id, NULL, NULL, 0);
1716
>>> CID 144522: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (values_copy) */ * size" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.
1717 values_copy = malloc(sizeof(values_copy) * size);
1718 if (!values_copy) {
1719 RTE_PMD_DEBUG_TRACE(
1720 "ERROR: can't allocate memory for values_copy\n");
1721 return -1;
1722 }
** CID 144521: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()
________________________________________________________________________________________________________
*** CID 144521: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()
431 {
432 struct rte_eth_xstat_name *xstats_names;
433 uint64_t *values;
434 int ret, i;
435 static const char *nic_stats_border = "########################";
436
>>> CID 144521: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.
437 values = malloc(sizeof(values) * len);
438 if (values == NULL) {
439 printf("Cannot allocate memory for xstats\n");
440 return;
441 }
442
** CID 144520: Null pointer dereferences (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()
________________________________________________________________________________________________________
*** CID 144520: Null pointer dereferences (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()
513 ark_pktgen_uninit(ark->pg);
514 ark_pktchkr_uninit(ark->pc);
515
516 dev->dev_ops = NULL;
517 dev->rx_pkt_burst = NULL;
518 dev->tx_pkt_burst = NULL;
>>> CID 144520: Null pointer dereferences (REVERSE_INULL)
>>> Directly dereferencing pointer "dev->data".
519 if (dev->data->mac_addrs)
520 rte_free(dev->data->mac_addrs);
521 if (dev->data)
522 rte_free(dev->data);
523
524 return 0;
** CID 144519: Parse warnings (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()
________________________________________________________________________________________________________
*** CID 144519: Parse warnings (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()
1 #include <linux/pkt_cls.h>
2
>>> CID 144519: Parse warnings (PARSE_ERROR)
>>> identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
** CID 144518: Memory - illegal accesses (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()
________________________________________________________________________________________________________
*** CID 144518: Memory - illegal accesses (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()
187 /*
188 * To make bond_ethdev_configure() happy we need to free the
189 * internals->kvlist here.
190 *
191 * Also see comment in bond_ethdev_configure().
192 */
>>> CID 144518: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "rte_eth_devices" of 32 16512-byte elements at element index 32 (byte offset 528384) using index "port_id" (which evaluates to 32).
193 internals = rte_eth_devices[port_id].data->dev_private;
194 rte_kvargs_free(internals->kvlist);
195 internals->kvlist = NULL;
196
197 return port_id;
198 }
** CID 144517: Null pointer dereferences (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()
________________________________________________________________________________________________________
*** CID 144517: Null pointer dereferences (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()
896 /* Open the configuration file */
897 FILE *file = fopen(value, "r");
898 char line[ARK_MAX_ARG_LEN];
899 int size = 0;
900 int first = 1;
901
>>> CID 144517: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "file" when calling "fgets".
902 while (fgets(line, sizeof(line), file)) {
903 size += strlen(line);
904 if (size >= ARK_MAX_ARG_LEN) {
905 PMD_DRV_LOG(ERR, "Unable to parse file %s args, "
906 "parameter list is too long\n", value);
907 fclose(file);
** CID 144516: Null pointer dereferences (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()
________________________________________________________________________________________________________
*** CID 144516: Null pointer dereferences (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()
1152 }
1153
1154 if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
1155 PMD_RX_LOG(ERR, rxq,
1156 "New buffer allocation failed,"
1157 "dropping incoming packet\n");
>>> CID 144516: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "fp_cqe".
1158 qede_recycle_rx_bd_ring(rxq, qdev, fp_cqe->bd_num);
1159 rte_eth_devices[rxq->port_id].
1160 data->rx_mbuf_alloc_failed++;
1161 rxq->rx_alloc_errors++;
1162 break;
1163 }
** CID 144515: Integer handling issues (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()
________________________________________________________________________________________________________
*** CID 144515: Integer handling issues (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()
469
470 double time_tot, time_avg, time_max, time_min;
471
472 const uint64_t tunit = 1000000; /* us */
473 const uint64_t tsc_hz = rte_get_tsc_hz();
474
>>> CID 144515: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "enqd_tot / b_idx", division by expression "b_idx" which may be zero has undefined behavior.
475 uint64_t enqd_avg = enqd_tot / b_idx;
476 uint64_t deqd_avg = deqd_tot / b_idx;
477 uint64_t tsc_avg = tsc_tot / tsc_idx;
478
479 time_tot = tunit*(double)(tsc_tot) / tsc_hz;
480 time_avg = tunit*(double)(tsc_avg) / tsc_hz;
** CID 144514: Error handling issues (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()
________________________________________________________________________________________________________
*** CID 144514: Error handling issues (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()
585 if (ark->start_pg && (dev->data->port_id == 0)) {
586 pthread_t thread;
587
588 /* Delay packet generatpr start allow the hardware to be ready
589 * This is only used for sanity checking with internal generator
590 */
>>> CID 144514: Error handling issues (CHECKED_RETURN)
>>> Calling "pthread_create" without checking return value (as is done elsewhere 9 out of 11 times).
591 pthread_create(&thread, NULL, delay_pg_start, ark);
592 }
593
594 if (ark->user_ext.dev_start)
595 ark->user_ext.dev_start(dev, ark->user_data);
596
** CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()
________________________________________________________________________________________________________
*** CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()
351 o->v.INT = atoi(val);
352 break;
353 case OTLONG:
354 o->v.INT = atoll(val);
355 break;
356 case OTSTRING:
>>> CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.
357 strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
358 break;
359 }
360 return 1;
361 }
362 return 0;
** CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()
________________________________________________________________________________________________________
*** CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()
369 o->v.INT = atoi(val);
370 break;
371 case OTLONG:
372 o->v.INT = atoll(val);
373 break;
374 case OTSTRING:
>>> CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.
375 strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
376 break;
377 }
378 return 1;
379 }
380 return 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0Qt9ij22m9JoWRM-2Bu-2FgMOQvgDO96ToKKQr-2BHbE-2B4y4A6hYR6hDHrxqtZLW-2F-2BSveqal9yE1JYBmEDFIklYxtDtKNK8YXHP1RtVSUr37lztSx4JOl8BJsxOXNp94BI-2Fz4EQFmL5cfcGaSwiJWKvv8j5RIN4-3D
To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0QtxrEfMB5Fn2el9EfKjD2wG7MZotubvvw1vr0sTDxxn-2FyjxEPp9zt9280hwopzcYBB5sOkDBel6hJOWiO7VJwB0lMgay76v4JAP1m4kRhXx3RP-2B6KoJkJmPiUnNoQeN4bPiY0fo-2Fhf0HA14ZL6awa26g-3D
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-09 13:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-11-04 17:46 [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit Stephen Hemminger
2017-05-08 15:35 Stephen Hemminger
2017-05-09 13:00 ` Adrien Mazarguil
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).