From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f52.google.com (mail-pg0-f52.google.com [74.125.83.52]) by dpdk.org (Postfix) with ESMTP id D6B591F5 for ; Mon, 8 May 2017 17:35:19 +0200 (CEST) Received: by mail-pg0-f52.google.com with SMTP id u187so28804577pgb.0 for ; Mon, 08 May 2017 08:35:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:mime-version :content-transfer-encoding; bh=DwgbxuqyFFG9/6HkM7di/JfM+fvkb0ifAUxBJuvfa4c=; b=hhKUmeLOcj6XE7c+MpYWLXEDxFz57Rft4CPqq9DpUvW1KFv5X7ns9DFObnAJeeda0r X4QkVb9mXJQRxZ7a1/khvgtK8hplL8DeIx7QSkv6bdqkUnL37jy7ToRLA4w92TgT0G17 6C5kQjQLNdX/2LqsYPJuXzuE/Affb9TJO5c8av+coTo3vk6ySTKwYGGx4JrWv530GWGU XrbPMvvyBi4WFFl9Kqp6cDKsJU5rCTcCjkY8bbdSIekFL8WQr1DI/f5MoBWn6HbODxpM QwQfCzbpyQgMCyUyoXDAKgVNHyL7gIap3qbaxQPj0zVe6ituzkyURzdJC1UH0LGHQtDM TKiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-transfer-encoding; bh=DwgbxuqyFFG9/6HkM7di/JfM+fvkb0ifAUxBJuvfa4c=; b=i4HMQ1MQLXLiBzt+bZJI0cUywuNpMIA2x6hMz8zi3MTOItKPG4bTx/XsjII0Bwl9mC hDuyO8EpP+WuQuZdYE6fGPl6MCQ7/o6AOdJqj0VxFEX9d+bAf/n+TrB1HVsDMkVbzNDv p8lh8fztKHgcjTpZm8920XF9gKGTJpUY4L8/dXWPSFl6xfSMrYgSvVmcRDzz/PGNWv4r k/GzR4Ueo0WHUUEKvj3n8pTK1h69Y7Fsd9lF0+3ybFpHNNfuXIjxFY0JnL9N5fapX7BE ZXmyl2BT59oNpHfh7CBemE/E1wWbToc2LjqvPH2Bj/fusnXR9+qYPqsHBRRZxJ0+U4MA 2V7A== X-Gm-Message-State: AN3rC/4oCrxYRky7WCP4NeC29JsuYbf+eTF14uZNEGsbfH7RIQykV8u1 nLtTzXnOYa/J4pm4T84= X-Received: by 10.84.237.8 with SMTP id s8mr85451203plk.163.1494257718740; Mon, 08 May 2017 08:35:18 -0700 (PDT) Received: from xeon-e3 (76-14-206-252.or.wavecable.com. [76.14.206.252]) by smtp.gmail.com with ESMTPSA id e64sm24348817pfl.49.2017.05.08.08.35.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 08 May 2017 08:35:18 -0700 (PDT) Date: Mon, 8 May 2017 08:35:16 -0700 From: Stephen Hemminger To: Thomas Monjalon Cc: dev@dpdk.org Message-ID: <20170508083516.707a862b@xeon-e3> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2017 15:35:20 -0000 Lots of new warnings. Most of them from the ARK driver. Begin forwarded message: Date: Mon, 08 May 2017 03:17:22 -0700 From: scan-admin@coverity.com To: stephen@networkplumber.org Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit Hi, Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan. 15 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan. 26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 15 of 15 defect(s) ** CID 144526: Incorrect expression (USELESS_CALL) ________________________________________________________________________________________________________ *** CID 144526: Incorrect expression (USELESS_CALL) /drivers/net/bonding/rte_eth_bond_pmd.c: 2486 in bond_remove() 2480 2481 eth_dev->dev_ops = NULL; 2482 eth_dev->rx_pkt_burst = NULL; 2483 eth_dev->tx_pkt_burst = NULL; 2484 2485 internals = eth_dev->data->dev_private; >>> CID 144526: Incorrect expression (USELESS_CALL) >>> Calling "rte_bitmap_free(internals->vlan_filter_bmp)" is only useful for its return value, which is ignored. 2486 rte_bitmap_free(internals->vlan_filter_bmp); 2487 rte_free(internals->vlan_filter_bmpmem); 2488 rte_free(eth_dev->data->dev_private); 2489 rte_free(eth_dev->data->mac_addrs); 2490 2491 rte_eth_dev_release_port(eth_dev); ** CID 144525: Control flow issues (UNREACHABLE) /usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump() ________________________________________________________________________________________________________ *** CID 144525: Control flow issues (UNREACHABLE) /usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump() 54 _ASM_ALIGN "\n\t" 55 _ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t" 56 ".popsection \n\t" 57 : : "i" (key), "i" (branch) : : l_yes); 58 59 return false; >>> CID 144525: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "l_yes: return true;". 60 l_yes: 61 return true; 62 } 63 64 #ifdef CONFIG_X86_64 65 typedef u64 jump_label_t; ** CID 144524: Insecure data handling (TAINTED_STRING) /drivers/net/ark/ark_ethdev.c: 199 in check_for_ext() ________________________________________________________________________________________________________ *** CID 144524: Insecure data handling (TAINTED_STRING) /drivers/net/ark/ark_ethdev.c: 199 in check_for_ext() 193 PMD_DEBUG_LOG(DEBUG, "ARK EXT NO dll path specified\n"); 194 return 0; 195 } 196 PMD_DRV_LOG(INFO, "ARK EXT found dll path at %s\n", dllpath); 197 198 /* Open and load the .so */ >>> CID 144524: Insecure data handling (TAINTED_STRING) >>> Passing tainted string "dllpath" to "dlopen", which cannot accept tainted data. 199 ark->d_handle = dlopen(dllpath, RTLD_LOCAL | RTLD_LAZY); 200 if (ark->d_handle == NULL) { 201 PMD_DRV_LOG(ERR, "Could not load user extension %s\n", 202 dllpath); 203 return -1; 204 } ** CID 144523: Code maintainability issues (SIZEOF_MISMATCH) /app/proc_info/main.c: 489 in nic_xstats_display() ________________________________________________________________________________________________________ *** CID 144523: Code maintainability issues (SIZEOF_MISMATCH) /app/proc_info/main.c: 489 in nic_xstats_display() 483 484 len = rte_eth_xstats_get_names_by_id(port_id, NULL, 0, NULL); 485 if (len < 0) { 486 printf("Cannot get xstats count\n"); 487 return; 488 } >>> CID 144523: Code maintainability issues (SIZEOF_MISMATCH) >>> Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption. 489 values = malloc(sizeof(values) * len); 490 if (values == NULL) { 491 printf("Cannot allocate memory for xstats\n"); 492 return; 493 } 494 ** CID 144522: Code maintainability issues (SIZEOF_MISMATCH) /lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id() ________________________________________________________________________________________________________ *** CID 144522: Code maintainability issues (SIZEOF_MISMATCH) /lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id() 1711 else { 1712 uint16_t i, size; 1713 uint64_t *values_copy; 1714 1715 size = rte_eth_xstats_get_by_id(port_id, NULL, NULL, 0); 1716 >>> CID 144522: Code maintainability issues (SIZEOF_MISMATCH) >>> Passing argument "8UL /* sizeof (values_copy) */ * size" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption. 1717 values_copy = malloc(sizeof(values_copy) * size); 1718 if (!values_copy) { 1719 RTE_PMD_DEBUG_TRACE( 1720 "ERROR: can't allocate memory for values_copy\n"); 1721 return -1; 1722 } ** CID 144521: Code maintainability issues (SIZEOF_MISMATCH) /app/proc_info/main.c: 437 in nic_xstats_by_ids_display() ________________________________________________________________________________________________________ *** CID 144521: Code maintainability issues (SIZEOF_MISMATCH) /app/proc_info/main.c: 437 in nic_xstats_by_ids_display() 431 { 432 struct rte_eth_xstat_name *xstats_names; 433 uint64_t *values; 434 int ret, i; 435 static const char *nic_stats_border = "########################"; 436 >>> CID 144521: Code maintainability issues (SIZEOF_MISMATCH) >>> Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious. In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption. 437 values = malloc(sizeof(values) * len); 438 if (values == NULL) { 439 printf("Cannot allocate memory for xstats\n"); 440 return; 441 } 442 ** CID 144520: Null pointer dereferences (REVERSE_INULL) /drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit() ________________________________________________________________________________________________________ *** CID 144520: Null pointer dereferences (REVERSE_INULL) /drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit() 513 ark_pktgen_uninit(ark->pg); 514 ark_pktchkr_uninit(ark->pc); 515 516 dev->dev_ops = NULL; 517 dev->rx_pkt_burst = NULL; 518 dev->tx_pkt_burst = NULL; >>> CID 144520: Null pointer dereferences (REVERSE_INULL) >>> Directly dereferencing pointer "dev->data". 519 if (dev->data->mac_addrs) 520 rte_free(dev->data->mac_addrs); 521 if (dev->data) 522 rte_free(dev->data); 523 524 return 0; ** CID 144519: Parse warnings (PARSE_ERROR) /tmp/auto-config-h.sh.10760.c: 3 in () ________________________________________________________________________________________________________ *** CID 144519: Parse warnings (PARSE_ERROR) /tmp/auto-config-h.sh.10760.c: 3 in () 1 #include 2 >>> CID 144519: Parse warnings (PARSE_ERROR) >>> identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined ** CID 144518: Memory - illegal accesses (OVERRUN) /drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create() ________________________________________________________________________________________________________ *** CID 144518: Memory - illegal accesses (OVERRUN) /drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create() 187 /* 188 * To make bond_ethdev_configure() happy we need to free the 189 * internals->kvlist here. 190 * 191 * Also see comment in bond_ethdev_configure(). 192 */ >>> CID 144518: Memory - illegal accesses (OVERRUN) >>> Overrunning array "rte_eth_devices" of 32 16512-byte elements at element index 32 (byte offset 528384) using index "port_id" (which evaluates to 32). 193 internals = rte_eth_devices[port_id].data->dev_private; 194 rte_kvargs_free(internals->kvlist); 195 internals->kvlist = NULL; 196 197 return port_id; 198 } ** CID 144517: Null pointer dereferences (NULL_RETURNS) /drivers/net/ark/ark_ethdev.c: 902 in process_file_args() ________________________________________________________________________________________________________ *** CID 144517: Null pointer dereferences (NULL_RETURNS) /drivers/net/ark/ark_ethdev.c: 902 in process_file_args() 896 /* Open the configuration file */ 897 FILE *file = fopen(value, "r"); 898 char line[ARK_MAX_ARG_LEN]; 899 int size = 0; 900 int first = 1; 901 >>> CID 144517: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be null "file" when calling "fgets". 902 while (fgets(line, sizeof(line), file)) { 903 size += strlen(line); 904 if (size >= ARK_MAX_ARG_LEN) { 905 PMD_DRV_LOG(ERR, "Unable to parse file %s args, " 906 "parameter list is too long\n", value); 907 fclose(file); ** CID 144516: Null pointer dereferences (FORWARD_NULL) /drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts() ________________________________________________________________________________________________________ *** CID 144516: Null pointer dereferences (FORWARD_NULL) /drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts() 1152 } 1153 1154 if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) { 1155 PMD_RX_LOG(ERR, rxq, 1156 "New buffer allocation failed," 1157 "dropping incoming packet\n"); >>> CID 144516: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "fp_cqe". 1158 qede_recycle_rx_bd_ring(rxq, qdev, fp_cqe->bd_num); 1159 rte_eth_devices[rxq->port_id]. 1160 data->rx_mbuf_alloc_failed++; 1161 rxq->rx_alloc_errors++; 1162 break; 1163 } ** CID 144515: Integer handling issues (DIVIDE_BY_ZERO) /app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner() ________________________________________________________________________________________________________ *** CID 144515: Integer handling issues (DIVIDE_BY_ZERO) /app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner() 469 470 double time_tot, time_avg, time_max, time_min; 471 472 const uint64_t tunit = 1000000; /* us */ 473 const uint64_t tsc_hz = rte_get_tsc_hz(); 474 >>> CID 144515: Integer handling issues (DIVIDE_BY_ZERO) >>> In expression "enqd_tot / b_idx", division by expression "b_idx" which may be zero has undefined behavior. 475 uint64_t enqd_avg = enqd_tot / b_idx; 476 uint64_t deqd_avg = deqd_tot / b_idx; 477 uint64_t tsc_avg = tsc_tot / tsc_idx; 478 479 time_tot = tunit*(double)(tsc_tot) / tsc_hz; 480 time_avg = tunit*(double)(tsc_avg) / tsc_hz; ** CID 144514: Error handling issues (CHECKED_RETURN) /drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start() ________________________________________________________________________________________________________ *** CID 144514: Error handling issues (CHECKED_RETURN) /drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start() 585 if (ark->start_pg && (dev->data->port_id == 0)) { 586 pthread_t thread; 587 588 /* Delay packet generatpr start allow the hardware to be ready 589 * This is only used for sanity checking with internal generator 590 */ >>> CID 144514: Error handling issues (CHECKED_RETURN) >>> Calling "pthread_create" without checking return value (as is done elsewhere 9 out of 11 times). 591 pthread_create(&thread, NULL, delay_pg_start, ark); 592 } 593 594 if (ark->user_ext.dev_start) 595 ark->user_ext.dev_start(dev, ark->user_data); 596 ** CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING) /drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg() ________________________________________________________________________________________________________ *** CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING) /drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg() 351 o->v.INT = atoi(val); 352 break; 353 case OTLONG: 354 o->v.INT = atoll(val); 355 break; 356 case OTSTRING: >>> CID 144513: Memory - illegal accesses (BUFFER_SIZE_WARNING) >>> Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated. 357 strncpy(o->v.STR, val, ARK_MAX_STR_LEN); 358 break; 359 } 360 return 1; 361 } 362 return 0; ** CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING) /drivers/net/ark/ark_pktchkr.c: 375 in set_arg() ________________________________________________________________________________________________________ *** CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING) /drivers/net/ark/ark_pktchkr.c: 375 in set_arg() 369 o->v.INT = atoi(val); 370 break; 371 case OTLONG: 372 o->v.INT = atoll(val); 373 break; 374 case OTSTRING: >>> CID 144512: Memory - illegal accesses (BUFFER_SIZE_WARNING) >>> Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated. 375 strncpy(o->v.STR, val, ARK_MAX_STR_LEN); 376 break; 377 } 378 return 1; 379 } 380 return 0; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0Qt9ij22m9JoWRM-2Bu-2FgMOQvgDO96ToKKQr-2BHbE-2B4y4A6hYR6hDHrxqtZLW-2F-2BSveqal9yE1JYBmEDFIklYxtDtKNK8YXHP1RtVSUr37lztSx4JOl8BJsxOXNp94BI-2Fz4EQFmL5cfcGaSwiJWKvv8j5RIN4-3D To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0QtxrEfMB5Fn2el9EfKjD2wG7MZotubvvw1vr0sTDxxn-2FyjxEPp9zt9280hwopzcYBB5sOkDBel6hJOWiO7VJwB0lMgay76v4JAP1m4kRhXx3RP-2B6KoJkJmPiUnNoQeN4bPiY0fo-2Fhf0HA14ZL6awa26g-3D