From: Stephen Hemminger <stephen@networkplumber.org>
To: Thomas Monjalon <thomas@monjalon.net>
Cc: dev@dpdk.org
Subject: [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
Date: Mon, 8 May 2017 08:35:16 -0700 [thread overview]
Message-ID: <20170508083516.707a862b@xeon-e3> (raw)
Lots of new warnings. Most of them from the ARK driver.
Begin forwarded message:
Date: Mon, 08 May 2017 03:17:22 -0700
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
Hi,
Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
15 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)
** CID 144526: Incorrect expression (USELESS_CALL)
________________________________________________________________________________________________________
*** CID 144526: Incorrect expression (USELESS_CALL)
/drivers/net/bonding/rte_eth_bond_pmd.c: 2486 in bond_remove()
2480
2481 eth_dev->dev_ops = NULL;
2482 eth_dev->rx_pkt_burst = NULL;
2483 eth_dev->tx_pkt_burst = NULL;
2484
2485 internals = eth_dev->data->dev_private;
>>> CID 144526: Incorrect expression (USELESS_CALL)
>>> Calling "rte_bitmap_free(internals->vlan_filter_bmp)" is only useful for its return value, which is ignored.
2486 rte_bitmap_free(internals->vlan_filter_bmp);
2487 rte_free(internals->vlan_filter_bmpmem);
2488 rte_free(eth_dev->data->dev_private);
2489 rte_free(eth_dev->data->mac_addrs);
2490
2491 rte_eth_dev_release_port(eth_dev);
** CID 144525: Control flow issues (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()
________________________________________________________________________________________________________
*** CID 144525: Control flow issues (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()
54 _ASM_ALIGN "\n\t"
55 _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t"
56 ".popsection \n\t"
57 : : "i" (key), "i" (branch) : : l_yes);
58
59 return false;
>>> CID 144525: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "l_yes:
return true;".
60 l_yes:
61 return true;
62 }
63
64 #ifdef CONFIG_X86_64
65 typedef u64 jump_label_t;
** CID 144524: Insecure data handling (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()
________________________________________________________________________________________________________
*** CID 144524: Insecure data handling (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()
193 PMD_DEBUG_LOG(DEBUG, "ARK EXT NO dll path specified\n");
194 return 0;
195 }
196 PMD_DRV_LOG(INFO, "ARK EXT found dll path at %s\n", dllpath);
197
198 /* Open and load the .so */
>>> CID 144524: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "dllpath" to "dlopen", which cannot accept tainted data.
199 ark->d_handle = dlopen(dllpath, RTLD_LOCAL | RTLD_LAZY);
200 if (ark->d_handle == NULL) {
201 PMD_DRV_LOG(ERR, "Could not load user extension %s\n",
202 dllpath);
203 return -1;
204 }
** CID 144523: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()
________________________________________________________________________________________________________
*** CID 144523: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()
483
484 len = rte_eth_xstats_get_names_by_id(port_id, NULL, 0, NULL);
485 if (len < 0) {
486 printf("Cannot get xstats count\n");
487 return;
488 }
>>> CID 144523: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.
489 values = malloc(sizeof(values) * len);
490 if (values == NULL) {
491 printf("Cannot allocate memory for xstats\n");
492 return;
493 }
494
** CID 144522: Code maintainability issues (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()
________________________________________________________________________________________________________
*** CID 144522: Code maintainability issues (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()
1711 else {
1712 uint16_t i, size;
1713 uint64_t *values_copy;
1714
1715 size = rte_eth_xstats_get_by_id(port_id, NULL, NULL, 0);
1716
>>> CID 144522: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (values_copy) */ * size" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.
1717 values_copy = malloc(sizeof(values_copy) * size);
1718 if (!values_copy) {
1719 RTE_PMD_DEBUG_TRACE(
1720 "ERROR: can't allocate memory for values_copy\n");
1721 return -1;
1722 }
** CID 144521: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()
________________________________________________________________________________________________________
*** CID 144521: Code maintainability issues (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()
431 {
432 struct rte_eth_xstat_name *xstats_names;
433 uint64_t *values;
434 int ret, i;
435 static const char *nic_stats_border = "########################";
436
>>> CID 144521: Code maintainability issues (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.
437 values = malloc(sizeof(values) * len);
438 if (values == NULL) {
439 printf("Cannot allocate memory for xstats\n");
440 return;
441 }
442
** CID 144520: Null pointer dereferences (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()
________________________________________________________________________________________________________
*** CID 144520: Null pointer dereferences (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()
513 ark_pktgen_uninit(ark->pg);
514 ark_pktchkr_uninit(ark->pc);
515
516 dev->dev_ops = NULL;
517 dev->rx_pkt_burst = NULL;
518 dev->tx_pkt_burst = NULL;
>>> CID 144520: Null pointer dereferences (REVERSE_INULL)
>>> Directly dereferencing pointer "dev->data".
519 if (dev->data->mac_addrs)
520 rte_free(dev->data->mac_addrs);
521 if (dev->data)
522 rte_free(dev->data);
523
524 return 0;
** CID 144519: Parse warnings (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()
________________________________________________________________________________________________________
*** CID 144519: Parse warnings (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()
1 #include <linux/pkt_cls.h>
2
>>> CID 144519: Parse warnings (PARSE_ERROR)
>>> identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
** CID 144518: Memory - illegal accesses (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()
________________________________________________________________________________________________________
*** CID 144518: Memory - illegal accesses (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()
187 /*
188 * To make bond_ethdev_configure() happy we need to free the
189 * internals->kvlist here.
190 *
191 * Also see comment in bond_ethdev_configure().
192 */
>>> CID 144518: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "rte_eth_devices" of 32 16512-byte elements at element index 32 (byte offset 528384) using index "port_id" (which evaluates to 32).
193 internals = rte_eth_devices[port_id].data->dev_private;
194 rte_kvargs_free(internals->kvlist);
195 internals->kvlist = NULL;
196
197 return port_id;
198 }
** CID 144517: Null pointer dereferences (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()
________________________________________________________________________________________________________
*** CID 144517: Null pointer dereferences (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()
896 /* Open the configuration file */
897 FILE *file = fopen(value, "r");
898 char line[ARK_MAX_ARG_LEN];
899 int size = 0;
900 int first = 1;
901
>>> CID 144517: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "file" when calling "fgets".
902 while (fgets(line, sizeof(line), file)) {
903 size += strlen(line);
904 if (size >= ARK_MAX_ARG_LEN) {
905 PMD_DRV_LOG(ERR, "Unable to parse file %s args, "
906 "parameter list is too long\n", value);
907 fclose(file);
** CID 144516: Null pointer dereferences (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()
________________________________________________________________________________________________________
*** CID 144516: Null pointer dereferences (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()
1152 }
1153
1154 if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
1155 PMD_RX_LOG(ERR, rxq,
1156 "New buffer allocation failed,"
1157 "dropping incoming packet\n");
>>> CID 144516: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "fp_cqe".
1158 qede_recycle_rx_bd_ring(rxq, qdev, fp_cqe->bd_num);
1159 rte_eth_devices[rxq->port_id].
1160 data->rx_mbuf_alloc_failed++;
1161 rxq->rx_alloc_errors++;
1162 break;
1163 }
** CID 144515: Integer handling issues (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()
________________________________________________________________________________________________________
*** CID 144515: Integer handling issues (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()
469
470 double time_tot, time_avg, time_max, time_min;
471
472 const uint64_t tunit = 1000000; /* us */
473 const uint64_t tsc_hz = rte_get_tsc_hz();
474
>>> CID 144515: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "enqd_tot / b_idx", division by expression "b_idx" which may be zero has undefined behavior.
475 uint64_t enqd_avg = enqd_tot / b_idx;
476 uint64_t deqd_avg = deqd_tot / b_idx;
477 uint64_t tsc_avg = tsc_tot / tsc_idx;
478
479 time_tot = tunit*(double)(tsc_tot) / tsc_hz;
480 time_avg = tunit*(double)(tsc_avg) / tsc_hz;
** CID 144514: Error handling issues (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()
________________________________________________________________________________________________________
*** CID 144514: Error handling issues (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()
585 if (ark->start_pg && (dev->data->port_id == 0)) {
586 pthread_t thread;
587
588 /* Delay packet generatpr start allow the hardware to be ready
589 * This is only used for sanity checking with internal generator
590 */
>>> CID 144514: Error handling issues (CHECKED_RETURN)
>>> Calling "pthread_create" without checking return value (as is done elsewhere 9 out of 11 times).
591 pthread_create(&thread, NULL, delay_pg_start, ark);
592 }
593
594 if (ark->user_ext.dev_start)
595 ark->user_ext.dev_start(dev, ark->user_data);
596
** CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()
________________________________________________________________________________________________________
*** CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()
351 o->v.INT = atoi(val);
352 break;
353 case OTLONG:
354 o->v.INT = atoll(val);
355 break;
356 case OTSTRING:
>>> CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.
357 strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
358 break;
359 }
360 return 1;
361 }
362 return 0;
** CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()
________________________________________________________________________________________________________
*** CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()
369 o->v.INT = atoi(val);
370 break;
371 case OTLONG:
372 o->v.INT = atoll(val);
373 break;
374 case OTSTRING:
>>> CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.
375 strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
376 break;
377 }
378 return 1;
379 }
380 return 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0Qt9ij22m9JoWRM-2Bu-2FgMOQvgDO96ToKKQr-2BHbE-2B4y4A6hYR6hDHrxqtZLW-2F-2BSveqal9yE1JYBmEDFIklYxtDtKNK8YXHP1RtVSUr37lztSx4JOl8BJsxOXNp94BI-2Fz4EQFmL5cfcGaSwiJWKvv8j5RIN4-3D
To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0QtxrEfMB5Fn2el9EfKjD2wG7MZotubvvw1vr0sTDxxn-2FyjxEPp9zt9280hwopzcYBB5sOkDBel6hJOWiO7VJwB0lMgay76v4JAP1m4kRhXx3RP-2B6KoJkJmPiUnNoQeN4bPiY0fo-2Fhf0HA14ZL6awa26g-3D
next reply other threads:[~2017-05-08 15:35 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-08 15:35 Stephen Hemminger [this message]
2017-05-09 13:00 ` Adrien Mazarguil
-- strict thread matches above, loose matches on Subject: below --
2015-11-04 17:46 Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170508083516.707a862b@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=dev@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).