DPDK patches and discussions
 help / color / mirror / Atom feed
From: Stephen Hemminger <stephen@networkplumber.org>
To: Thomas Monjalon <thomas@monjalon.net>
Cc: dev@dpdk.org
Subject: [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
Date: Mon, 8 May 2017 08:35:16 -0700	[thread overview]
Message-ID: <20170508083516.707a862b@xeon-e3> (raw)

Lots of new warnings. Most of them from the ARK driver.

Begin forwarded message:

Date: Mon, 08 May 2017 03:17:22 -0700
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit


Hi,

Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.

15 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)


** CID 144526:  Incorrect expression  (USELESS_CALL)


________________________________________________________________________________________________________
*** CID 144526:  Incorrect expression  (USELESS_CALL)
/drivers/net/bonding/rte_eth_bond_pmd.c: 2486 in bond_remove()
2480     
2481     	eth_dev->dev_ops = NULL;
2482     	eth_dev->rx_pkt_burst = NULL;
2483     	eth_dev->tx_pkt_burst = NULL;
2484     
2485     	internals = eth_dev->data->dev_private;
>>>     CID 144526:  Incorrect expression  (USELESS_CALL)
>>>     Calling "rte_bitmap_free(internals->vlan_filter_bmp)" is only useful for its return value, which is ignored.  
2486     	rte_bitmap_free(internals->vlan_filter_bmp);
2487     	rte_free(internals->vlan_filter_bmpmem);
2488     	rte_free(eth_dev->data->dev_private);
2489     	rte_free(eth_dev->data->mac_addrs);
2490     
2491     	rte_eth_dev_release_port(eth_dev);

** CID 144525:  Control flow issues  (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()


________________________________________________________________________________________________________
*** CID 144525:  Control flow issues  (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()
54     		_ASM_ALIGN "\n\t"
55     		_ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t"
56     		".popsection \n\t"
57     		: :  "i" (key), "i" (branch) : : l_yes);
58     
59     	return false;
>>>     CID 144525:  Control flow issues  (UNREACHABLE)
>>>     This code cannot be reached: "l_yes:  
return true;".
60     l_yes:
61     	return true;
62     }
63     
64     #ifdef CONFIG_X86_64
65     typedef u64 jump_label_t;

** CID 144524:  Insecure data handling  (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()


________________________________________________________________________________________________________
*** CID 144524:  Insecure data handling  (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()
193     		PMD_DEBUG_LOG(DEBUG, "ARK EXT NO dll path specified\n");
194     		return 0;
195     	}
196     	PMD_DRV_LOG(INFO, "ARK EXT found dll path at %s\n", dllpath);
197     
198     	/* Open and load the .so */
>>>     CID 144524:  Insecure data handling  (TAINTED_STRING)
>>>     Passing tainted string "dllpath" to "dlopen", which cannot accept tainted data.  
199     	ark->d_handle = dlopen(dllpath, RTLD_LOCAL | RTLD_LAZY);
200     	if (ark->d_handle == NULL) {
201     		PMD_DRV_LOG(ERR, "Could not load user extension %s\n",
202     			    dllpath);
203     		return -1;
204     	}

** CID 144523:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()


________________________________________________________________________________________________________
*** CID 144523:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()
483     
484     	len = rte_eth_xstats_get_names_by_id(port_id, NULL, 0, NULL);
485     	if (len < 0) {
486     		printf("Cannot get xstats count\n");
487     		return;
488     	}
>>>     CID 144523:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious.  In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.  
489     	values = malloc(sizeof(values) * len);
490     	if (values == NULL) {
491     		printf("Cannot allocate memory for xstats\n");
492     		return;
493     	}
494     

** CID 144522:  Code maintainability issues  (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()


________________________________________________________________________________________________________
*** CID 144522:  Code maintainability issues  (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()
1711     	else {
1712     		uint16_t i, size;
1713     		uint64_t *values_copy;
1714     
1715     		size = rte_eth_xstats_get_by_id(port_id, NULL, NULL, 0);
1716     
>>>     CID 144522:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "8UL /* sizeof (values_copy) */ * size" to function "malloc" and then casting the return value to "uint64_t *" is suspicious.  In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.  
1717     		values_copy = malloc(sizeof(values_copy) * size);
1718     		if (!values_copy) {
1719     			RTE_PMD_DEBUG_TRACE(
1720     			    "ERROR: can't allocate memory for values_copy\n");
1721     			return -1;
1722     		}

** CID 144521:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()


________________________________________________________________________________________________________
*** CID 144521:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()
431     {
432     	struct rte_eth_xstat_name *xstats_names;
433     	uint64_t *values;
434     	int ret, i;
435     	static const char *nic_stats_border = "########################";
436     
>>>     CID 144521:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious.  In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.  
437     	values = malloc(sizeof(values) * len);
438     	if (values == NULL) {
439     		printf("Cannot allocate memory for xstats\n");
440     		return;
441     	}
442     

** CID 144520:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()


________________________________________________________________________________________________________
*** CID 144520:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()
513     	ark_pktgen_uninit(ark->pg);
514     	ark_pktchkr_uninit(ark->pc);
515     
516     	dev->dev_ops = NULL;
517     	dev->rx_pkt_burst = NULL;
518     	dev->tx_pkt_burst = NULL;
>>>     CID 144520:  Null pointer dereferences  (REVERSE_INULL)
>>>     Directly dereferencing pointer "dev->data".  
519     	if (dev->data->mac_addrs)
520     		rte_free(dev->data->mac_addrs);
521     	if (dev->data)
522     		rte_free(dev->data);
523     
524     	return 0;

** CID 144519:  Parse warnings  (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()


________________________________________________________________________________________________________
*** CID 144519:  Parse warnings  (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()
1     #include <linux/pkt_cls.h>
2     
>>>     CID 144519:  Parse warnings  (PARSE_ERROR)
>>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined  

** CID 144518:  Memory - illegal accesses  (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()


________________________________________________________________________________________________________
*** CID 144518:  Memory - illegal accesses  (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()
187     	/*
188     	 * To make bond_ethdev_configure() happy we need to free the
189     	 * internals->kvlist here.
190     	 *
191     	 * Also see comment in bond_ethdev_configure().
192     	 */
>>>     CID 144518:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "rte_eth_devices" of 32 16512-byte elements at element index 32 (byte offset 528384) using index "port_id" (which evaluates to 32).  
193     	internals = rte_eth_devices[port_id].data->dev_private;
194     	rte_kvargs_free(internals->kvlist);
195     	internals->kvlist = NULL;
196     
197     	return port_id;
198     }

** CID 144517:  Null pointer dereferences  (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()


________________________________________________________________________________________________________
*** CID 144517:  Null pointer dereferences  (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()
896     	/* Open the configuration file */
897     	FILE *file = fopen(value, "r");
898     	char line[ARK_MAX_ARG_LEN];
899     	int  size = 0;
900     	int first = 1;
901     
>>>     CID 144517:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "file" when calling "fgets".  
902     	while (fgets(line, sizeof(line), file)) {
903     		size += strlen(line);
904     		if (size >= ARK_MAX_ARG_LEN) {
905     			PMD_DRV_LOG(ERR, "Unable to parse file %s args, "
906     				    "parameter list is too long\n", value);
907     			fclose(file);

** CID 144516:  Null pointer dereferences  (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()


________________________________________________________________________________________________________
*** CID 144516:  Null pointer dereferences  (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()
1152     		}
1153     
1154     		if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
1155     			PMD_RX_LOG(ERR, rxq,
1156     				   "New buffer allocation failed,"
1157     				   "dropping incoming packet\n");
>>>     CID 144516:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "fp_cqe".  
1158     			qede_recycle_rx_bd_ring(rxq, qdev, fp_cqe->bd_num);
1159     			rte_eth_devices[rxq->port_id].
1160     			    data->rx_mbuf_alloc_failed++;
1161     			rxq->rx_alloc_errors++;
1162     			break;
1163     		}

** CID 144515:  Integer handling issues  (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()


________________________________________________________________________________________________________
*** CID 144515:  Integer handling issues  (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()
469     
470     		double time_tot, time_avg, time_max, time_min;
471     
472     		const uint64_t tunit = 1000000; /* us */
473     		const uint64_t tsc_hz = rte_get_tsc_hz();
474     
>>>     CID 144515:  Integer handling issues  (DIVIDE_BY_ZERO)
>>>     In expression "enqd_tot / b_idx", division by expression "b_idx" which may be zero has undefined behavior.  
475     		uint64_t enqd_avg = enqd_tot / b_idx;
476     		uint64_t deqd_avg = deqd_tot / b_idx;
477     		uint64_t tsc_avg = tsc_tot / tsc_idx;
478     
479     		time_tot = tunit*(double)(tsc_tot) / tsc_hz;
480     		time_avg = tunit*(double)(tsc_avg) / tsc_hz;

** CID 144514:  Error handling issues  (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()


________________________________________________________________________________________________________
*** CID 144514:  Error handling issues  (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()
585     	if (ark->start_pg && (dev->data->port_id == 0)) {
586     		pthread_t thread;
587     
588     		/* Delay packet generatpr start allow the hardware to be ready
589     		 * This is only used for sanity checking with internal generator
590     		 */
>>>     CID 144514:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "pthread_create" without checking return value (as is done elsewhere 9 out of 11 times).  
591     		pthread_create(&thread, NULL, delay_pg_start, ark);
592     	}
593     
594     	if (ark->user_ext.dev_start)
595     		ark->user_ext.dev_start(dev, ark->user_data);
596     

** CID 144513:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()


________________________________________________________________________________________________________
*** CID 144513:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()
351     			o->v.INT = atoi(val);
352     			break;
353     		case OTLONG:
354     			o->v.INT = atoll(val);
355     			break;
356     		case OTSTRING:
>>>     CID 144513:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.  
357     			strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
358     			break;
359     		}
360     		return 1;
361     	}
362     	return 0;

** CID 144512:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()


________________________________________________________________________________________________________
*** CID 144512:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()
369     			o->v.INT = atoi(val);
370     			break;
371     		case OTLONG:
372     			o->v.INT = atoll(val);
373     			break;
374     		case OTSTRING:
>>>     CID 144512:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.  
375     			strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
376     			break;
377     		}
378     		return 1;
379     	}
380     	return 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0Qt9ij22m9JoWRM-2Bu-2FgMOQvgDO96ToKKQr-2BHbE-2B4y4A6hYR6hDHrxqtZLW-2F-2BSveqal9yE1JYBmEDFIklYxtDtKNK8YXHP1RtVSUr37lztSx4JOl8BJsxOXNp94BI-2Fz4EQFmL5cfcGaSwiJWKvv8j5RIN4-3D

To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0QtxrEfMB5Fn2el9EfKjD2wG7MZotubvvw1vr0sTDxxn-2FyjxEPp9zt9280hwopzcYBB5sOkDBel6hJOWiO7VJwB0lMgay76v4JAP1m4kRhXx3RP-2B6KoJkJmPiUnNoQeN4bPiY0fo-2Fhf0HA14ZL6awa26g-3D

             reply	other threads:[~2017-05-08 15:35 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-08 15:35 Stephen Hemminger [this message]
2017-05-09 13:00 ` Adrien Mazarguil
  -- strict thread matches above, loose matches on Subject: below --
2015-11-04 17:46 Stephen Hemminger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170508083516.707a862b@xeon-e3 \
    --to=stephen@networkplumber.org \
    --cc=dev@dpdk.org \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).