DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
@ 2017-05-08 15:35 Stephen Hemminger
  2017-05-09 13:00 ` Adrien Mazarguil
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2017-05-08 15:35 UTC (permalink / raw)
  To: Thomas Monjalon; +Cc: dev

Lots of new warnings. Most of them from the ARK driver.

Begin forwarded message:

Date: Mon, 08 May 2017 03:17:22 -0700
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit


Hi,

Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.

15 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)


** CID 144526:  Incorrect expression  (USELESS_CALL)


________________________________________________________________________________________________________
*** CID 144526:  Incorrect expression  (USELESS_CALL)
/drivers/net/bonding/rte_eth_bond_pmd.c: 2486 in bond_remove()
2480     
2481     	eth_dev->dev_ops = NULL;
2482     	eth_dev->rx_pkt_burst = NULL;
2483     	eth_dev->tx_pkt_burst = NULL;
2484     
2485     	internals = eth_dev->data->dev_private;
>>>     CID 144526:  Incorrect expression  (USELESS_CALL)
>>>     Calling "rte_bitmap_free(internals->vlan_filter_bmp)" is only useful for its return value, which is ignored.  
2486     	rte_bitmap_free(internals->vlan_filter_bmp);
2487     	rte_free(internals->vlan_filter_bmpmem);
2488     	rte_free(eth_dev->data->dev_private);
2489     	rte_free(eth_dev->data->mac_addrs);
2490     
2491     	rte_eth_dev_release_port(eth_dev);

** CID 144525:  Control flow issues  (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()


________________________________________________________________________________________________________
*** CID 144525:  Control flow issues  (UNREACHABLE)
/usr/src/kernels/4.8.10-200.fc24.x86_64/arch/x86/include/asm/jump_label.h: 60 in arch_static_branch_jump()
54     		_ASM_ALIGN "\n\t"
55     		_ASM_PTR "1b, %l[l_yes], %c0 + %c1 \n\t"
56     		".popsection \n\t"
57     		: :  "i" (key), "i" (branch) : : l_yes);
58     
59     	return false;
>>>     CID 144525:  Control flow issues  (UNREACHABLE)
>>>     This code cannot be reached: "l_yes:  
return true;".
60     l_yes:
61     	return true;
62     }
63     
64     #ifdef CONFIG_X86_64
65     typedef u64 jump_label_t;

** CID 144524:  Insecure data handling  (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()


________________________________________________________________________________________________________
*** CID 144524:  Insecure data handling  (TAINTED_STRING)
/drivers/net/ark/ark_ethdev.c: 199 in check_for_ext()
193     		PMD_DEBUG_LOG(DEBUG, "ARK EXT NO dll path specified\n");
194     		return 0;
195     	}
196     	PMD_DRV_LOG(INFO, "ARK EXT found dll path at %s\n", dllpath);
197     
198     	/* Open and load the .so */
>>>     CID 144524:  Insecure data handling  (TAINTED_STRING)
>>>     Passing tainted string "dllpath" to "dlopen", which cannot accept tainted data.  
199     	ark->d_handle = dlopen(dllpath, RTLD_LOCAL | RTLD_LAZY);
200     	if (ark->d_handle == NULL) {
201     		PMD_DRV_LOG(ERR, "Could not load user extension %s\n",
202     			    dllpath);
203     		return -1;
204     	}

** CID 144523:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()


________________________________________________________________________________________________________
*** CID 144523:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 489 in nic_xstats_display()
483     
484     	len = rte_eth_xstats_get_names_by_id(port_id, NULL, 0, NULL);
485     	if (len < 0) {
486     		printf("Cannot get xstats count\n");
487     		return;
488     	}
>>>     CID 144523:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious.  In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.  
489     	values = malloc(sizeof(values) * len);
490     	if (values == NULL) {
491     		printf("Cannot allocate memory for xstats\n");
492     		return;
493     	}
494     

** CID 144522:  Code maintainability issues  (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()


________________________________________________________________________________________________________
*** CID 144522:  Code maintainability issues  (SIZEOF_MISMATCH)
/lib/librte_ether/rte_ethdev.c: 1717 in rte_eth_xstats_get_by_id()
1711     	else {
1712     		uint16_t i, size;
1713     		uint64_t *values_copy;
1714     
1715     		size = rte_eth_xstats_get_by_id(port_id, NULL, NULL, 0);
1716     
>>>     CID 144522:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "8UL /* sizeof (values_copy) */ * size" to function "malloc" and then casting the return value to "uint64_t *" is suspicious.  In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.  
1717     		values_copy = malloc(sizeof(values_copy) * size);
1718     		if (!values_copy) {
1719     			RTE_PMD_DEBUG_TRACE(
1720     			    "ERROR: can't allocate memory for values_copy\n");
1721     			return -1;
1722     		}

** CID 144521:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()


________________________________________________________________________________________________________
*** CID 144521:  Code maintainability issues  (SIZEOF_MISMATCH)
/app/proc_info/main.c: 437 in nic_xstats_by_ids_display()
431     {
432     	struct rte_eth_xstat_name *xstats_names;
433     	uint64_t *values;
434     	int ret, i;
435     	static const char *nic_stats_border = "########################";
436     
>>>     CID 144521:  Code maintainability issues  (SIZEOF_MISMATCH)
>>>     Passing argument "8UL /* sizeof (values) */ * len" to function "malloc" and then casting the return value to "uint64_t *" is suspicious.  In this particular case "sizeof (uint64_t *)" happens to be equal to "sizeof (uint64_t)", but this is not a portable assumption.  
437     	values = malloc(sizeof(values) * len);
438     	if (values == NULL) {
439     		printf("Cannot allocate memory for xstats\n");
440     		return;
441     	}
442     

** CID 144520:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()


________________________________________________________________________________________________________
*** CID 144520:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/ark/ark_ethdev.c: 519 in eth_ark_dev_uninit()
513     	ark_pktgen_uninit(ark->pg);
514     	ark_pktchkr_uninit(ark->pc);
515     
516     	dev->dev_ops = NULL;
517     	dev->rx_pkt_burst = NULL;
518     	dev->tx_pkt_burst = NULL;
>>>     CID 144520:  Null pointer dereferences  (REVERSE_INULL)
>>>     Directly dereferencing pointer "dev->data".  
519     	if (dev->data->mac_addrs)
520     		rte_free(dev->data->mac_addrs);
521     	if (dev->data)
522     		rte_free(dev->data);
523     
524     	return 0;

** CID 144519:  Parse warnings  (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()


________________________________________________________________________________________________________
*** CID 144519:  Parse warnings  (PARSE_ERROR)
/tmp/auto-config-h.sh.10760.c: 3 in ()
1     #include <linux/pkt_cls.h>
2     
>>>     CID 144519:  Parse warnings  (PARSE_ERROR)
>>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined  

** CID 144518:  Memory - illegal accesses  (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()


________________________________________________________________________________________________________
*** CID 144518:  Memory - illegal accesses  (OVERRUN)
/drivers/net/bonding/rte_eth_bond_api.c: 193 in rte_eth_bond_create()
187     	/*
188     	 * To make bond_ethdev_configure() happy we need to free the
189     	 * internals->kvlist here.
190     	 *
191     	 * Also see comment in bond_ethdev_configure().
192     	 */
>>>     CID 144518:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "rte_eth_devices" of 32 16512-byte elements at element index 32 (byte offset 528384) using index "port_id" (which evaluates to 32).  
193     	internals = rte_eth_devices[port_id].data->dev_private;
194     	rte_kvargs_free(internals->kvlist);
195     	internals->kvlist = NULL;
196     
197     	return port_id;
198     }

** CID 144517:  Null pointer dereferences  (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()


________________________________________________________________________________________________________
*** CID 144517:  Null pointer dereferences  (NULL_RETURNS)
/drivers/net/ark/ark_ethdev.c: 902 in process_file_args()
896     	/* Open the configuration file */
897     	FILE *file = fopen(value, "r");
898     	char line[ARK_MAX_ARG_LEN];
899     	int  size = 0;
900     	int first = 1;
901     
>>>     CID 144517:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "file" when calling "fgets".  
902     	while (fgets(line, sizeof(line), file)) {
903     		size += strlen(line);
904     		if (size >= ARK_MAX_ARG_LEN) {
905     			PMD_DRV_LOG(ERR, "Unable to parse file %s args, "
906     				    "parameter list is too long\n", value);
907     			fclose(file);

** CID 144516:  Null pointer dereferences  (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()


________________________________________________________________________________________________________
*** CID 144516:  Null pointer dereferences  (FORWARD_NULL)
/drivers/net/qede/qede_rxtx.c: 1158 in qede_recv_pkts()
1152     		}
1153     
1154     		if (unlikely(qede_alloc_rx_buffer(rxq) != 0)) {
1155     			PMD_RX_LOG(ERR, rxq,
1156     				   "New buffer allocation failed,"
1157     				   "dropping incoming packet\n");
>>>     CID 144516:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "fp_cqe".  
1158     			qede_recycle_rx_bd_ring(rxq, qdev, fp_cqe->bd_num);
1159     			rte_eth_devices[rxq->port_id].
1160     			    data->rx_mbuf_alloc_failed++;
1161     			rxq->rx_alloc_errors++;
1162     			break;
1163     		}

** CID 144515:  Integer handling issues  (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()


________________________________________________________________________________________________________
*** CID 144515:  Integer handling issues  (DIVIDE_BY_ZERO)
/app/test-crypto-perf/cperf_test_latency.c: 475 in cperf_latency_test_runner()
469     
470     		double time_tot, time_avg, time_max, time_min;
471     
472     		const uint64_t tunit = 1000000; /* us */
473     		const uint64_t tsc_hz = rte_get_tsc_hz();
474     
>>>     CID 144515:  Integer handling issues  (DIVIDE_BY_ZERO)
>>>     In expression "enqd_tot / b_idx", division by expression "b_idx" which may be zero has undefined behavior.  
475     		uint64_t enqd_avg = enqd_tot / b_idx;
476     		uint64_t deqd_avg = deqd_tot / b_idx;
477     		uint64_t tsc_avg = tsc_tot / tsc_idx;
478     
479     		time_tot = tunit*(double)(tsc_tot) / tsc_hz;
480     		time_avg = tunit*(double)(tsc_avg) / tsc_hz;

** CID 144514:  Error handling issues  (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()


________________________________________________________________________________________________________
*** CID 144514:  Error handling issues  (CHECKED_RETURN)
/drivers/net/ark/ark_ethdev.c: 591 in eth_ark_dev_start()
585     	if (ark->start_pg && (dev->data->port_id == 0)) {
586     		pthread_t thread;
587     
588     		/* Delay packet generatpr start allow the hardware to be ready
589     		 * This is only used for sanity checking with internal generator
590     		 */
>>>     CID 144514:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "pthread_create" without checking return value (as is done elsewhere 9 out of 11 times).  
591     		pthread_create(&thread, NULL, delay_pg_start, ark);
592     	}
593     
594     	if (ark->user_ext.dev_start)
595     		ark->user_ext.dev_start(dev, ark->user_data);
596     

** CID 144513:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()


________________________________________________________________________________________________________
*** CID 144513:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktgen.c: 357 in pmd_set_arg()
351     			o->v.INT = atoi(val);
352     			break;
353     		case OTLONG:
354     			o->v.INT = atoll(val);
355     			break;
356     		case OTSTRING:
>>>     CID 144513:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.  
357     			strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
358     			break;
359     		}
360     		return 1;
361     	}
362     	return 0;

** CID 144512:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()


________________________________________________________________________________________________________
*** CID 144512:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/drivers/net/ark/ark_pktchkr.c: 375 in set_arg()
369     			o->v.INT = atoi(val);
370     			break;
371     		case OTLONG:
372     			o->v.INT = atoll(val);
373     			break;
374     		case OTSTRING:
>>>     CID 144512:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 64 bytes on destination array "o->v.STR" of size 64 bytes might leave the destination string unterminated.  
375     			strncpy(o->v.STR, val, ARK_MAX_STR_LEN);
376     			break;
377     		}
378     		return 1;
379     	}
380     	return 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0Qt9ij22m9JoWRM-2Bu-2FgMOQvgDO96ToKKQr-2BHbE-2B4y4A6hYR6hDHrxqtZLW-2F-2BSveqal9yE1JYBmEDFIklYxtDtKNK8YXHP1RtVSUr37lztSx4JOl8BJsxOXNp94BI-2Fz4EQFmL5cfcGaSwiJWKvv8j5RIN4-3D

To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6nSIpfeTpmFagPq7jjt4zF278tARzqPKRe0Aa99gY0QtxrEfMB5Fn2el9EfKjD2wG7MZotubvvw1vr0sTDxxn-2FyjxEPp9zt9280hwopzcYBB5sOkDBel6hJOWiO7VJwB0lMgay76v4JAP1m4kRhXx3RP-2B6KoJkJmPiUnNoQeN4bPiY0fo-2Fhf0HA14ZL6awa26g-3D

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit
@ 2015-11-04 17:46 Stephen Hemminger
  0 siblings, 0 replies; 3+ messages in thread
From: Stephen Hemminger @ 2015-11-04 17:46 UTC (permalink / raw)
  To: dev



Begin forwarded message:

Date: Wed, 04 Nov 2015 08:08:51 -0800
From: scan-admin@coverity.com
To: stephen@networkplumber.org
Subject: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit



Hi,

Please find the latest report on new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.

17 new defect(s) introduced to DPDK Data Plane Development Kit found with Coverity Scan.
20 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)


** CID 119270:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/fm10k/fm10k_rxtx_vec.c: 652 in vtx1()


________________________________________________________________________________________________________
*** CID 119270:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/fm10k/fm10k_rxtx_vec.c: 652 in vtx1()
646     
647     static inline void
648     vtx1(volatile struct fm10k_tx_desc *txdp,
649     		struct rte_mbuf *pkt, uint64_t flags)
650     {
651     	__m128i descriptor = _mm_set_epi64x(flags << 56 |
>>>     CID 119270:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "pkt->vlan_tci" with type "unsigned short" (16 bits, unsigned) is promoted in "pkt->vlan_tci << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "pkt->vlan_tci << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
652     			pkt->vlan_tci << 16 | pkt->data_len,
653     			MBUF_DMA_ADDR(pkt));
654     	_mm_store_si128((__m128i *)txdp, descriptor);
655     }
656     
657     static inline void

** CID 119269:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/virtio/virtio_rxtx.c: 355 in virtio_dev_vring_start()


________________________________________________________________________________________________________
*** CID 119269:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/virtio/virtio_rxtx.c: 355 in virtio_dev_vring_start()
349     			int mid_idx  = vq->vq_nentries >> 1;
350     			for (i = 0; i < mid_idx; i++) {
351     				vq->vq_ring.avail->ring[i] = i + mid_idx;
352     				vq->vq_ring.desc[i + mid_idx].next = i;
353     				vq->vq_ring.desc[i + mid_idx].addr =
354     					vq->virtio_net_hdr_mem +
>>>     CID 119269:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "vq->hw->vtnet_hdr_size" with type "unsigned short" (16 bits, unsigned) is promoted in "mid_idx * vq->hw->vtnet_hdr_size" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "mid_idx * vq->hw->vtnet_hdr_size" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
355     						mid_idx * vq->hw->vtnet_hdr_size;
356     				vq->vq_ring.desc[i + mid_idx].len =
357     					vq->hw->vtnet_hdr_size;
358     				vq->vq_ring.desc[i + mid_idx].flags =
359     					VRING_DESC_F_NEXT;
360     				vq->vq_ring.desc[i].flags = 0;

** CID 119268:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/i40e/i40e_fdir.c: 1097 in i40e_fdir_filter_programming()


________________________________________________________________________________________________________
*** CID 119268:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/i40e/i40e_fdir.c: 1097 in i40e_fdir_filter_programming()
1091     	if (filter->input.flow_ext.is_vf)
1092     		vsi_id = pf->vfs[filter->input.flow_ext.dst_id].vsi->vsi_id;
1093     	else
1094     		/* Use LAN VSI Id by default */
1095     		vsi_id = pf->main_vsi->vsi_id;
1096     	fdirdp->qindex_flex_ptype_vsi |=
>>>     CID 119268:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "vsi_id" with type "unsigned short" (16 bits, unsigned) is promoted in "vsi_id << 23" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "vsi_id << 23" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1097     		rte_cpu_to_le_32((vsi_id <<
1098     				  I40E_TXD_FLTR_QW0_DEST_VSI_SHIFT) &
1099     				  I40E_TXD_FLTR_QW0_DEST_VSI_MASK);
1100     
1101     	fdirdp->dtype_cmd_cntindex =
1102     			rte_cpu_to_le_32(I40E_TX_DESC_DTYPE_FILTER_PROG);

** CID 119267:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/i40e/i40e_rxtx.c: 2596 in i40e_rx_queue_release_mbufs()


________________________________________________________________________________________________________
*** CID 119267:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/i40e/i40e_rxtx.c: 2596 in i40e_rx_queue_release_mbufs()
2590     	/* SSE Vector driver has a different way of releasing mbufs. */
2591     	if (rxq->rx_using_sse) {
2592     		i40e_rx_queue_release_mbufs_vec(rxq);
2593     		return;
2594     	}
2595     
>>>     CID 119267:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "rxq" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2596     	if (!rxq || !rxq->sw_ring) {
2597     		PMD_DRV_LOG(DEBUG, "Pointer to rxq or sw_ring is NULL");
2598     		return;
2599     	}
2600     
2601     	for (i = 0; i < rxq->nb_rx_desc; i++) {

** CID 119266:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev_vf.c: 2090 in i40evf_set_rss_lut()


________________________________________________________________________________________________________
*** CID 119266:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev_vf.c: 2090 in i40evf_set_rss_lut()
2084     i40evf_set_rss_lut(struct i40e_vsi *vsi, uint8_t *lut, uint16_t lut_size)
2085     {
2086     	struct i40e_vf *vf = I40E_VSI_TO_VF(vsi);
2087     	struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
2088     	int ret;
2089     
>>>     CID 119266:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "vsi" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2090     	if (!vsi || !lut)
2091     		return -EINVAL;
2092     
2093     	if (vf->flags & I40E_FLAG_RSS_AQ_CAPABLE) {
2094     		ret = i40e_aq_set_rss_lut(hw, vsi->vsi_id, FALSE,
2095     					  lut, lut_size);

** CID 119265:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev.c: 2796 in i40e_set_rss_lut()


________________________________________________________________________________________________________
*** CID 119265:  Null pointer dereferences  (REVERSE_INULL)
/drivers/net/i40e/i40e_ethdev.c: 2796 in i40e_set_rss_lut()
2790     i40e_set_rss_lut(struct i40e_vsi *vsi, uint8_t *lut, uint16_t lut_size)
2791     {
2792     	struct i40e_pf *pf = I40E_VSI_TO_PF(vsi);
2793     	struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
2794     	int ret;
2795     
>>>     CID 119265:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "vsi" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2796     	if (!vsi || !lut)
2797     		return -EINVAL;
2798     
2799     	if (pf->flags & I40E_FLAG_RSS_AQ_CAPABLE) {
2800     		ret = i40e_aq_set_rss_lut(hw, vsi->vsi_id, TRUE,
2801     					  lut, lut_size);

** CID 119264:  Memory - corruptions  (OVERRUN)
/app/test-pmd/testpmd.c: 541 in init_config()


________________________________________________________________________________________________________
*** CID 119264:  Memory - corruptions  (OVERRUN)
/app/test-pmd/testpmd.c: 541 in init_config()
535     			else {
536     				uint32_t socket_id = rte_eth_dev_socket_id(pid);
537     
538     				/* if socket_id is invalid, set to 0 */
539     				if (check_socket_id(socket_id) < 0)
540     					socket_id = 0;
>>>     CID 119264:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "port_per_socket" of 8 bytes at byte offset 4294967295 using index "socket_id" (which evaluates to 4294967295).
541     				port_per_socket[socket_id]++;
542     			}
543     		}
544     
545     		/* set flag to initialize port/queue */
546     		port->need_reconfig = 1;

** CID 119263:  Memory - corruptions  (OVERRUN)
/lib/librte_hash/rte_cuckoo_hash.c: 807 in remove_entry()


________________________________________________________________________________________________________
*** CID 119263:  Memory - corruptions  (OVERRUN)
/lib/librte_hash/rte_cuckoo_hash.c: 807 in remove_entry()
801     			n_slots = rte_ring_mp_enqueue_burst(h->free_slots,
802     						cached_free_slots->objs,
803     						LCORE_CACHE_SIZE);
804     			cached_free_slots->len -= n_slots;
805     		}
806     		/* Put index of new free slot in cache. */
>>>     CID 119263:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "cached_free_slots->objs" of 8 8-byte elements at element index 8 (byte offset 64) using index "cached_free_slots->len" (which evaluates to 8).
807     		cached_free_slots->objs[cached_free_slots->len] =
808     				(void *)((uintptr_t)bkt->key_idx[i]);
809     		cached_free_slots->len++;
810     	} else {
811     		rte_ring_sp_enqueue(h->free_slots,
812     				(void *)((uintptr_t)bkt->key_idx[i]));

** CID 119262:  Null pointer dereferences  (NULL_RETURNS)
/lib/librte_vhost/vhost_user/virtio-net-user.c: 332 in user_set_vring_enable()


________________________________________________________________________________________________________
*** CID 119262:  Null pointer dereferences  (NULL_RETURNS)
/lib/librte_vhost/vhost_user/virtio-net-user.c: 332 in user_set_vring_enable()
326     
327     	if (notify_ops->vring_state_changed) {
328     		notify_ops->vring_state_changed(dev, base_idx / VIRTIO_QNUM,
329     						enable);
330     	}
331     
>>>     CID 119262:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a null pointer "dev".
332     	dev->virtqueue[base_idx + VIRTIO_RXQ]->enabled = enable;
333     	dev->virtqueue[base_idx + VIRTIO_TXQ]->enabled = enable;
334     
335     	return 0;
336     }
337     

** CID 119260:  Control flow issues  (NESTING_INDENT_MISMATCH)
/drivers/net/e1000/em_ethdev.c: 642 in eth_em_start()


________________________________________________________________________________________________________
*** CID 119260:  Control flow issues  (NESTING_INDENT_MISMATCH)
/drivers/net/e1000/em_ethdev.c: 642 in eth_em_start()
636     	e1000_setup_link(hw);
637     
638     	if (rte_intr_allow_others(intr_handle)) {
639     		/* check if lsc interrupt is enabled */
640     		if (dev->data->dev_conf.intr_conf.lsc != 0)
641     			ret = eth_em_interrupt_setup(dev);
>>>     CID 119260:  Control flow issues  (NESTING_INDENT_MISMATCH)
>>>     This 'if'  statement is indented to column 25, as if it were nested within the preceding parent statement, but it is not.
642     			if (ret) {
643     				PMD_INIT_LOG(ERR, "Unable to setup interrupts");
644     				em_dev_clear_queues(dev);
645     				return ret;
646     			}
647     	} else {

** CID 119259:  Memory - corruptions  (NEGATIVE_RETURNS)
/app/test-pmd/testpmd.c: 541 in init_config()


________________________________________________________________________________________________________
*** CID 119259:  Memory - corruptions  (NEGATIVE_RETURNS)
/app/test-pmd/testpmd.c: 541 in init_config()
535     			else {
536     				uint32_t socket_id = rte_eth_dev_socket_id(pid);
537     
538     				/* if socket_id is invalid, set to 0 */
539     				if (check_socket_id(socket_id) < 0)
540     					socket_id = 0;
>>>     CID 119259:  Memory - corruptions  (NEGATIVE_RETURNS)
>>>     Using variable "socket_id" as an index to array "port_per_socket".
541     				port_per_socket[socket_id]++;
542     			}
543     		}
544     
545     		/* set flag to initialize port/queue */
546     		port->need_reconfig = 1;

** CID 119258:    (FORWARD_NULL)
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()


________________________________________________________________________________________________________
*** CID 119258:    (FORWARD_NULL)
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
360     	eth_dev->rx_pkt_burst = eth_ring_rx;
361     	eth_dev->tx_pkt_burst = eth_ring_tx;
362     
363     	return data->port_id;
364     
365     error:
>>>     CID 119258:    (FORWARD_NULL)
>>>     Dereferencing null pointer "data".
366     	rte_free(data->rx_queues);
367     	rte_free(data->tx_queues);
368     	rte_free(data);
369     	rte_free(internals);
370     
371     	return -1;
/drivers/net/ring/rte_eth_ring.c: 366 in rte_eth_from_rings()
360     	eth_dev->rx_pkt_burst = eth_ring_rx;
361     	eth_dev->tx_pkt_burst = eth_ring_tx;
362     
363     	return data->port_id;
364     
365     error:
>>>     CID 119258:    (FORWARD_NULL)
>>>     Dereferencing null pointer "data".
366     	rte_free(data->rx_queues);
367     	rte_free(data->tx_queues);
368     	rte_free(data);
369     	rte_free(internals);
370     
371     	return -1;

** CID 119257:  Null pointer dereferences  (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3254 in rte_eth_copy_pci_info()


________________________________________________________________________________________________________
*** CID 119257:  Null pointer dereferences  (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3254 in rte_eth_copy_pci_info()
3248     	if ((eth_dev == NULL) || (pci_dev == NULL)) {
3249     		PMD_DEBUG_TRACE("NULL pointer eth_dev=%p pci_dev=%p\n",
3250     				eth_dev, pci_dev);
3251     	}
3252     
3253     	eth_dev->data->dev_flags = 0;
>>>     CID 119257:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "pci_dev".
3254     	if (pci_dev->driver->drv_flags & RTE_PCI_DRV_INTR_LSC)
3255     		eth_dev->data->dev_flags |= RTE_ETH_DEV_INTR_LSC;
3256     	if (pci_dev->driver->drv_flags & RTE_PCI_DRV_DETACHABLE)
3257     		eth_dev->data->dev_flags |= RTE_ETH_DEV_DETACHABLE;
3258     
3259     	eth_dev->data->kdrv = pci_dev->kdrv;
3260     	eth_dev->data->numa_node = pci_dev->numa_node;
3261     	eth_dev->data->drv_name = pci_dev->driver->name;

** CID 119256:  Null pointer dereferences  (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3253 in rte_eth_copy_pci_info()


________________________________________________________________________________________________________
*** CID 119256:  Null pointer dereferences  (FORWARD_NULL)
/lib/librte_ether/rte_ethdev.c: 3253 in rte_eth_copy_pci_info()
3247     {
3248     	if ((eth_dev == NULL) || (pci_dev == NULL)) {
3249     		PMD_DEBUG_TRACE("NULL pointer eth_dev=%p pci_dev=%p\n",
3250     				eth_dev, pci_dev);
3251     	}
3252     
>>>     CID 119256:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "eth_dev".
3253     	eth_dev->data->dev_flags = 0;
3254     	if (pci_dev->driver->drv_flags & RTE_PCI_DRV_INTR_LSC)
3255     		eth_dev->data->dev_flags |= RTE_ETH_DEV_INTR_LSC;
3256     	if (pci_dev->driver->drv_flags & RTE_PCI_DRV_DETACHABLE)
3257     		eth_dev->data->dev_flags |= RTE_ETH_DEV_DETACHABLE;
3258     
3259     	eth_dev->data->kdrv = pci_dev->kdrv;
3260     	eth_dev->data->numa_node = pci_dev->numa_node;
3261     	eth_dev->data->drv_name = pci_dev->driver->name;

** CID 119255:  Control flow issues  (DEADCODE)
/drivers/net/i40e/i40e_ethdev.c: 6797 in i40e_generate_inset_mask_reg()


________________________________________________________________________________________________________
*** CID 119255:  Control flow issues  (DEADCODE)
/drivers/net/i40e/i40e_ethdev.c: 6797 in i40e_generate_inset_mask_reg()
6791     		{I40E_INSET_IPV6_NEXT_HDR, I40E_INSET_IPV6_NEXT_HDR_MASK},
6792     	};
6793     
6794     	if (!inset || !mask || !nb_elem)
6795     		return 0;
6796     
>>>     CID 119255:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "nb_elem >= 2" inside this statement: "if (!inset && nb_elem >= 2)...".
6797     	if (!inset && nb_elem >= I40E_INSET_MASK_NUM_REG) {
6798     		for (i = 0; i < I40E_INSET_MASK_NUM_REG; i++)
6799     			mask[i] = 0;
6800     		return I40E_INSET_MASK_NUM_REG;
6801     	}
6802     

** CID 119254:  Control flow issues  (DEADCODE)
/app/test-pmd/config.c: 1257 in dcb_fwd_config_setup()


________________________________________________________________________________________________________
*** CID 119254:  Control flow issues  (DEADCODE)
/app/test-pmd/config.c: 1257 in dcb_fwd_config_setup()
1251     	/* reinitialize forwarding streams */
1252     	init_fwd_streams();
1253     	sm_id = 0;
1254     	if ((rxp & 0x1) == 0)
1255     		txp = (portid_t) (rxp + 1);
1256     	else
>>>     CID 119254:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "txp = (portid_t)(rxp - 1);".
1257     		txp = (portid_t) (rxp - 1);
1258     	/* get the dcb info on the first RX and TX ports */
1259     	(void)rte_eth_dev_get_dcb_info(fwd_ports_ids[rxp], &rxp_dcb_info);
1260     	(void)rte_eth_dev_get_dcb_info(fwd_ports_ids[txp], &txp_dcb_info);
1261     
1262     	for (lc_id = 0; lc_id < cur_fwd_config.nb_fwd_lcores; lc_id++) {

** CID 119251:  Error handling issues  (CHECKED_RETURN)
/app/test-pmd/cmdline.c: 1492 in cmd_config_rss_parsed()


________________________________________________________________________________________________________
*** CID 119251:  Error handling issues  (CHECKED_RETURN)
/app/test-pmd/cmdline.c: 1492 in cmd_config_rss_parsed()
1486     	else {
1487     		printf("Unknown parameter\n");
1488     		return;
1489     	}
1490     	rss_conf.rss_key = NULL;
1491     	for (i = 0; i < rte_eth_dev_count(); i++)
>>>     CID 119251:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "rte_eth_dev_rss_hash_update" without checking return value (as is done elsewhere 5 out of 6 times).
1492     		rte_eth_dev_rss_hash_update(i, &rss_conf);
1493     }
1494     
1495     cmdline_parse_token_string_t cmd_config_rss_port =
1496     	TOKEN_STRING_INITIALIZER(struct cmd_config_rss, port, "port");
1497     cmdline_parse_token_string_t cmd_config_rss_keyword =


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/dpdk-data-plane-development-kit?tab=overview

To manage Coverity Scan email notifications for "stephen@networkplumber.org", click https://scan.coverity.com/subscriptions/edit?email=stephen%40networkplumber.org&token=41b352b884ef3fc73426635eebc294c3

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-05-09 13:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-08 15:35 [dpdk-dev] Fw: New Defects reported by Coverity Scan for DPDK Data Plane Development Kit Stephen Hemminger
2017-05-09 13:00 ` Adrien Mazarguil
  -- strict thread matches above, loose matches on Subject: below --
2015-11-04 17:46 Stephen Hemminger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).