Re: [dpdk-dev] New Coverity defects in VFIO

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Alejandro Lucero <alejandro.lucero@netronome.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: dev <dev@dpdk.org>
Subject: Re: [dpdk-dev] New Coverity defects in VFIO
Date: Fri, 12 May 2017 07:29:52 +0100	[thread overview]
Message-ID: <CAD+H991qhqEnWrUB+Unxh9SW7SnLryL0WjxMcYt+6MC2t4p6yw@mail.gmail.com> (raw)
In-Reply-To: <20170511093839.7c16ebd0@xeon-e3>

On Thu, May 11, 2017 at 5:38 PM, Stephen Hemminger <
stephen@networkplumber.org> wrote:

> Looks like obvious C array bounds issues...
>
>
Right.

I will send a patch today.

Thanks


> Begin forwarded message:
>
> Date: Thu, 11 May 2017 06:32:38 -0700
> From: scan-admin@coverity.com
> To: stephen@networkplumber.org
> Subject: New Defects reported by Coverity Scan for DPDK Data Plane
> Development Kit
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to DPDK Data
> Plane Development Kit found with Coverity Scan.
>
> 4 new defect(s) introduced to DPDK Data Plane Development Kit found with
> Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 4 of 4 defect(s)
>
>
> ** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
> 1     #include <linux/pkt_cls.h>
> 2
> >>>     CID 144558:  Parse warnings  (PARSE_ERROR)
> >>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
>
> ** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
> 201             int i;
> 202
> 203             i = get_vfio_group_idx(vfio_group_fd);
> 204             if (i < 0 || i > VFIO_MAX_GROUPS)
> 205                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 206             else
> >>>     CID 144557:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 207                     vfio_cfg.vfio_groups[i].devices--;
> 208     }
> 209
> 210     static int
> 211     vfio_group_device_count(int vfio_group_fd)
> 212     {
>
> ** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
> 215             i = get_vfio_group_idx(vfio_group_fd);
> 216             if (i < 0 || i > VFIO_MAX_GROUPS) {
> 217                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 218                     return -1;
> 219             }
> 220
> >>>     CID 144556:  Memory - illegal accesses  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 221             return vfio_cfg.vfio_groups[i].devices;
> 222     }
> 223
> 224     int
> 225     clear_group(int vfio_group_fd)
> 226     {
>
> ** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
> 189             int i;
> 190
> 191             i = get_vfio_group_idx(vfio_group_fd);
> 192             if (i < 0 || i > VFIO_MAX_GROUPS)
> 193                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 194             else
> >>>     CID 144555:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 195                     vfio_cfg.vfio_groups[i].devices++;
> 196     }
> 197
> 198     static void
> 199     vfio_group_device_put(int vfio_group_fd)
> 200     {
>
>
> ____________________________________________________________
> ____________________________________________
> To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.
> net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-
> 2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-
> 2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-
> 2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQR
> BN8re6yFBwOsnahFZyjQW3aqTA5h9rz-2BI7CfexKV5NFlSm1lW-2Fiif3a6-2Fu7-
> 2Fs613T3n94FacSVILpwmgH4KcYzHtMPdTwJy1kCK02zCViEtNsq-
> 2FCKPHCFx1r4p5UV6Psx61JLzOXw56M2GSEUOPo8sP2PR2MWjeCdy5rfIyU-3D
>
> To manage Coverity Scan email notifications for "
> stephen@networkplumber.org", click https://u2389337.ct.sendgrid.
> net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-
> 2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3
> IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-
> 2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnG
> x3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsnahFZygYSNuU7rrSKQ
> tPVcIi21MDpz6KZwG8nS4KmgXtet9991WL1lHRPs9GRo4zwJ-2Bnb-2FTnQYqob6zFOkhFpJ-
> 2FjhXOQt2JMEhg-2FflJvekTxexy1BKKt-2FaadTS9JcUmvbkxxm73IxfO8iGv39
> u0aDGpPB0r8-3D
>
>

     prev parent reply	other threads:[~2017-05-12  6:29 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-11 16:38 Stephen Hemminger
2017-05-11 16:47 ` Mcnamara, John
2017-05-12  6:29 ` Alejandro Lucero [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAD+H991qhqEnWrUB+Unxh9SW7SnLryL0WjxMcYt+6MC2t4p6yw@mail.gmail.com \
    --to=alejandro.lucero@netronome.com \
    --cc=dev@dpdk.org \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).