[dpdk-dev] New Coverity defects in VFIO

DPDK patches and discussions
 help / color / mirror / Atom feed

* [dpdk-dev] New Coverity defects in VFIO
@ 2017-05-11 16:38 Stephen Hemminger
  2017-05-11 16:47 ` Mcnamara, John
  2017-05-12  6:29 ` Alejandro Lucero
  0 siblings, 2 replies; 3+ messages in thread
From: Stephen Hemminger @ 2017-05-11 16:38 UTC (permalink / raw)
  To: Alejandro Lucero, dev

Looks like obvious C array bounds issues...

Begin forwarded message:

Date: Thu, 11 May 2017 06:32:38 -0700
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit


Hi,

Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.

4 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 144558:  Parse warnings  (PARSE_ERROR)
/tmp/auto-config-h.sh.116891.c: 3 in ()


________________________________________________________________________________________________________
*** CID 144558:  Parse warnings  (PARSE_ERROR)
/tmp/auto-config-h.sh.116891.c: 3 in ()
1     #include <linux/pkt_cls.h>
2     
>>>     CID 144558:  Parse warnings  (PARSE_ERROR)
>>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined  

** CID 144557:  Memory - corruptions  (OVERRUN)
/lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()


________________________________________________________________________________________________________
*** CID 144557:  Memory - corruptions  (OVERRUN)
/lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
201     	int i;
202     
203     	i = get_vfio_group_idx(vfio_group_fd);
204     	if (i < 0 || i > VFIO_MAX_GROUPS)
205     		RTE_LOG(ERR, EAL, "  wrong vfio_group index (%d)\n", i);
206     	else
>>>     CID 144557:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at element index 64 (byte offset 768) using index "i" (which evaluates to 64).  
207     		vfio_cfg.vfio_groups[i].devices--;
208     }
209     
210     static int
211     vfio_group_device_count(int vfio_group_fd)
212     {

** CID 144556:  Memory - illegal accesses  (OVERRUN)
/lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()


________________________________________________________________________________________________________
*** CID 144556:  Memory - illegal accesses  (OVERRUN)
/lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
215     	i = get_vfio_group_idx(vfio_group_fd);
216     	if (i < 0 || i > VFIO_MAX_GROUPS) {
217     		RTE_LOG(ERR, EAL, "  wrong vfio_group index (%d)\n", i);
218     		return -1;
219     	}
220     
>>>     CID 144556:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at element index 64 (byte offset 768) using index "i" (which evaluates to 64).  
221     	return vfio_cfg.vfio_groups[i].devices;
222     }
223     
224     int
225     clear_group(int vfio_group_fd)
226     {

** CID 144555:  Memory - corruptions  (OVERRUN)
/lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()


________________________________________________________________________________________________________
*** CID 144555:  Memory - corruptions  (OVERRUN)
/lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
189     	int i;
190     
191     	i = get_vfio_group_idx(vfio_group_fd);
192     	if (i < 0 || i > VFIO_MAX_GROUPS)
193     		RTE_LOG(ERR, EAL, "  wrong vfio_group index (%d)\n", i);
194     	else
>>>     CID 144555:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at element index 64 (byte offset 768) using index "i" (which evaluates to 64).  
195     		vfio_cfg.vfio_groups[i].devices++;
196     }
197     
198     static void
199     vfio_group_device_put(int vfio_group_fd)
200     {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsnahFZyjQW3aqTA5h9rz-2BI7CfexKV5NFlSm1lW-2Fiif3a6-2Fu7-2Fs613T3n94FacSVILpwmgH4KcYzHtMPdTwJy1kCK02zCViEtNsq-2FCKPHCFx1r4p5UV6Psx61JLzOXw56M2GSEUOPo8sP2PR2MWjeCdy5rfIyU-3D

To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsnahFZygYSNuU7rrSKQtPVcIi21MDpz6KZwG8nS4KmgXtet9991WL1lHRPs9GRo4zwJ-2Bnb-2FTnQYqob6zFOkhFpJ-2FjhXOQt2JMEhg-2FflJvekTxexy1BKKt-2FaadTS9JcUmvbkxxm73IxfO8iGv39u0aDGpPB0r8-3D

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] New Coverity defects in VFIO
  2017-05-11 16:38 [dpdk-dev] New Coverity defects in VFIO Stephen Hemminger
@ 2017-05-11 16:47 ` Mcnamara, John
  2017-05-12  6:29 ` Alejandro Lucero
  1 sibling, 0 replies; 3+ messages in thread
From: Mcnamara, John @ 2017-05-11 16:47 UTC (permalink / raw)
  To: Stephen Hemminger, Alejandro Lucero, dev



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Stephen Hemminger
> Sent: Thursday, May 11, 2017 5:39 PM
> To: Alejandro Lucero <alejandro.lucero@netronome.com>; dev@dpdk.org
> Subject: [dpdk-dev] New Coverity defects in VFIO
> 
> Looks like obvious C array bounds issues...
> 


Hi Stephen,

Thanks for highlighting this, and previous, coverity reports.

Just so you know we don't ignore these and after each run I send an automated email to the author of each defect (based on git blame).

Nevertheless the number of defects has been creeping up. It is currently around 70 having been down around 20 several months ago.

I will start going through the backlog and pinging authors again in the next few weeks.

In the meantime if anyone has open coverity defects against them (check your past emails) can you please try to address them in the next few weeks.

John



> Begin forwarded message:
> 
> Date: Thu, 11 May 2017 06:32:38 -0700
> From: scan-admin@coverity.com
> To: stephen@networkplumber.org
> Subject: New Defects reported by Coverity Scan for DPDK Data Plane
> Development Kit
> 
> 
> Hi,
> 
> Please find the latest report on new defect(s) introduced to DPDK Data
> Plane Development Kit found with Coverity Scan.
> 
> 4 new defect(s) introduced to DPDK Data Plane Development Kit found with
> Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
> 
> New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s)
> 
> 
> ** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
> 
> 
> __________________________________________________________________________
> ______________________________
> *** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
> 1     #include <linux/pkt_cls.h>
> 2
> >>>     CID 144558:  Parse warnings  (PARSE_ERROR)
> >>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
> 
> ** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
> 
> 
> __________________________________________________________________________
> ______________________________
> *** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
> 201     	int i;
> 202
> 203     	i = get_vfio_group_idx(vfio_group_fd);
> 204     	if (i < 0 || i > VFIO_MAX_GROUPS)
> 205     		RTE_LOG(ERR, EAL, "  wrong vfio_group index (%d)\n", i);
> 206     	else
> >>>     CID 144557:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to
> 64).
> 207     		vfio_cfg.vfio_groups[i].devices--;
> 208     }
> 209
> 210     static int
> 211     vfio_group_device_count(int vfio_group_fd)
> 212     {
> 
> ** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
> 
> 
> __________________________________________________________________________
> ______________________________
> *** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
> 215     	i = get_vfio_group_idx(vfio_group_fd);
> 216     	if (i < 0 || i > VFIO_MAX_GROUPS) {
> 217     		RTE_LOG(ERR, EAL, "  wrong vfio_group index (%d)\n", i);
> 218     		return -1;
> 219     	}
> 220
> >>>     CID 144556:  Memory - illegal accesses  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to
> 64).
> 221     	return vfio_cfg.vfio_groups[i].devices;
> 222     }
> 223
> 224     int
> 225     clear_group(int vfio_group_fd)
> 226     {
> 
> ** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
> 
> 
> __________________________________________________________________________
> ______________________________
> *** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
> 189     	int i;
> 190
> 191     	i = get_vfio_group_idx(vfio_group_fd);
> 192     	if (i < 0 || i > VFIO_MAX_GROUPS)
> 193     		RTE_LOG(ERR, EAL, "  wrong vfio_group index (%d)\n", i);
> 194     	else
> >>>     CID 144555:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to
> 64).
> 195     		vfio_cfg.vfio_groups[i].devices++;
> 196     }
> 197
> 198     static void
> 199     vfio_group_device_put(int vfio_group_fd)
> 200     {
> 
> 
> __________________________________________________________________________
> ______________________________
> To view the defects in Coverity Scan visit,
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-
> 2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-
> 2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-
> 2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsna
> hFZyjQW3aqTA5h9rz-2BI7CfexKV5NFlSm1lW-2Fiif3a6-2Fu7-
> 2Fs613T3n94FacSVILpwmgH4KcYzHtMPdTwJy1kCK02zCViEtNsq-
> 2FCKPHCFx1r4p5UV6Psx61JLzOXw56M2GSEUOPo8sP2PR2MWjeCdy5rfIyU-3D
> 
> To manage Coverity Scan email notifications for
> "stephen@networkplumber.org", click
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-
> 2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-
> 2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-
> 2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-
> 3D_5xu02FVv-
> 2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsna
> hFZygYSNuU7rrSKQtPVcIi21MDpz6KZwG8nS4KmgXtet9991WL1lHRPs9GRo4zwJ-2Bnb-
> 2FTnQYqob6zFOkhFpJ-2FjhXOQt2JMEhg-2FflJvekTxexy1BKKt-
> 2FaadTS9JcUmvbkxxm73IxfO8iGv39u0aDGpPB0r8-3D

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] New Coverity defects in VFIO
  2017-05-11 16:38 [dpdk-dev] New Coverity defects in VFIO Stephen Hemminger
  2017-05-11 16:47 ` Mcnamara, John
@ 2017-05-12  6:29 ` Alejandro Lucero
  1 sibling, 0 replies; 3+ messages in thread
From: Alejandro Lucero @ 2017-05-12  6:29 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: dev

On Thu, May 11, 2017 at 5:38 PM, Stephen Hemminger <
stephen@networkplumber.org> wrote:

> Looks like obvious C array bounds issues...
>
>
Right.

I will send a patch today.

Thanks


> Begin forwarded message:
>
> Date: Thu, 11 May 2017 06:32:38 -0700
> From: scan-admin@coverity.com
> To: stephen@networkplumber.org
> Subject: New Defects reported by Coverity Scan for DPDK Data Plane
> Development Kit
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to DPDK Data
> Plane Development Kit found with Coverity Scan.
>
> 4 new defect(s) introduced to DPDK Data Plane Development Kit found with
> Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 4 of 4 defect(s)
>
>
> ** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
> 1     #include <linux/pkt_cls.h>
> 2
> >>>     CID 144558:  Parse warnings  (PARSE_ERROR)
> >>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
>
> ** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
> 201             int i;
> 202
> 203             i = get_vfio_group_idx(vfio_group_fd);
> 204             if (i < 0 || i > VFIO_MAX_GROUPS)
> 205                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 206             else
> >>>     CID 144557:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 207                     vfio_cfg.vfio_groups[i].devices--;
> 208     }
> 209
> 210     static int
> 211     vfio_group_device_count(int vfio_group_fd)
> 212     {
>
> ** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
> 215             i = get_vfio_group_idx(vfio_group_fd);
> 216             if (i < 0 || i > VFIO_MAX_GROUPS) {
> 217                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 218                     return -1;
> 219             }
> 220
> >>>     CID 144556:  Memory - illegal accesses  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 221             return vfio_cfg.vfio_groups[i].devices;
> 222     }
> 223
> 224     int
> 225     clear_group(int vfio_group_fd)
> 226     {
>
> ** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
> 189             int i;
> 190
> 191             i = get_vfio_group_idx(vfio_group_fd);
> 192             if (i < 0 || i > VFIO_MAX_GROUPS)
> 193                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 194             else
> >>>     CID 144555:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 195                     vfio_cfg.vfio_groups[i].devices++;
> 196     }
> 197
> 198     static void
> 199     vfio_group_device_put(int vfio_group_fd)
> 200     {
>
>
> ____________________________________________________________
> ____________________________________________
> To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.
> net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-
> 2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-
> 2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-
> 2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQR
> BN8re6yFBwOsnahFZyjQW3aqTA5h9rz-2BI7CfexKV5NFlSm1lW-2Fiif3a6-2Fu7-
> 2Fs613T3n94FacSVILpwmgH4KcYzHtMPdTwJy1kCK02zCViEtNsq-
> 2FCKPHCFx1r4p5UV6Psx61JLzOXw56M2GSEUOPo8sP2PR2MWjeCdy5rfIyU-3D
>
> To manage Coverity Scan email notifications for "
> stephen@networkplumber.org", click https://u2389337.ct.sendgrid.
> net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-
> 2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3
> IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-
> 2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnG
> x3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsnahFZygYSNuU7rrSKQ
> tPVcIi21MDpz6KZwG8nS4KmgXtet9991WL1lHRPs9GRo4zwJ-2Bnb-2FTnQYqob6zFOkhFpJ-
> 2FjhXOQt2JMEhg-2FflJvekTxexy1BKKt-2FaadTS9JcUmvbkxxm73IxfO8iGv39
> u0aDGpPB0r8-3D
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-05-12  6:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-11 16:38 [dpdk-dev] New Coverity defects in VFIO Stephen Hemminger
2017-05-11 16:47 ` Mcnamara, John
2017-05-12  6:29 ` Alejandro Lucero

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).