[dpdk-dev] New Coverity defects in VFIO

Alejandro Lucero alejandro.lucero at netronome.com
Fri May 12 08:29:52 CEST 2017


On Thu, May 11, 2017 at 5:38 PM, Stephen Hemminger <
stephen at networkplumber.org> wrote:

> Looks like obvious C array bounds issues...
>
>
Right.

I will send a patch today.

Thanks


> Begin forwarded message:
>
> Date: Thu, 11 May 2017 06:32:38 -0700
> From: scan-admin at coverity.com
> To: stephen at networkplumber.org
> Subject: New Defects reported by Coverity Scan for DPDK Data Plane
> Development Kit
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to DPDK Data
> Plane Development Kit found with Coverity Scan.
>
> 4 new defect(s) introduced to DPDK Data Plane Development Kit found with
> Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 4 of 4 defect(s)
>
>
> ** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144558:  Parse warnings  (PARSE_ERROR)
> /tmp/auto-config-h.sh.116891.c: 3 in ()
> 1     #include <linux/pkt_cls.h>
> 2
> >>>     CID 144558:  Parse warnings  (PARSE_ERROR)
> >>>     identifier "TCA_FLOWER_KEY_VLAN_PRIO" is undefined
>
> ** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144557:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 207 in vfio_group_device_put()
> 201             int i;
> 202
> 203             i = get_vfio_group_idx(vfio_group_fd);
> 204             if (i < 0 || i > VFIO_MAX_GROUPS)
> 205                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 206             else
> >>>     CID 144557:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 207                     vfio_cfg.vfio_groups[i].devices--;
> 208     }
> 209
> 210     static int
> 211     vfio_group_device_count(int vfio_group_fd)
> 212     {
>
> ** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144556:  Memory - illegal accesses  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 221 in vfio_group_device_count()
> 215             i = get_vfio_group_idx(vfio_group_fd);
> 216             if (i < 0 || i > VFIO_MAX_GROUPS) {
> 217                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 218                     return -1;
> 219             }
> 220
> >>>     CID 144556:  Memory - illegal accesses  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 221             return vfio_cfg.vfio_groups[i].devices;
> 222     }
> 223
> 224     int
> 225     clear_group(int vfio_group_fd)
> 226     {
>
> ** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
>
>
> ____________________________________________________________
> ____________________________________________
> *** CID 144555:  Memory - corruptions  (OVERRUN)
> /lib/librte_eal/linuxapp/eal/eal_vfio.c: 195 in vfio_group_device_get()
> 189             int i;
> 190
> 191             i = get_vfio_group_idx(vfio_group_fd);
> 192             if (i < 0 || i > VFIO_MAX_GROUPS)
> 193                     RTE_LOG(ERR, EAL, "  wrong vfio_group index
> (%d)\n", i);
> 194             else
> >>>     CID 144555:  Memory - corruptions  (OVERRUN)
> >>>     Overrunning array "vfio_cfg.vfio_groups" of 64 12-byte elements at
> element index 64 (byte offset 768) using index "i" (which evaluates to 64).
> 195                     vfio_cfg.vfio_groups[i].devices++;
> 196     }
> 197
> 198     static void
> 199     vfio_group_device_put(int vfio_group_fd)
> 200     {
>
>
> ____________________________________________________________
> ____________________________________________
> To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.
> net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-
> 2Bd2MGckcRatAu7kfwx-2FEYQLnaewVIzHeicA-2BXVfT6hZ5-
> 2BlQUbOEuO498PDBpm2du3zbqLAIkSYNH-2F4pgPd0yf8CgX5U0jRj_5xu02FVv-
> 2BCbxTLHpBsC0RXI5u3ZIuvswXolnGx3HI6n1gq9Xsuj8K50wQIlWov7yyQR
> BN8re6yFBwOsnahFZyjQW3aqTA5h9rz-2BI7CfexKV5NFlSm1lW-2Fiif3a6-2Fu7-
> 2Fs613T3n94FacSVILpwmgH4KcYzHtMPdTwJy1kCK02zCViEtNsq-
> 2FCKPHCFx1r4p5UV6Psx61JLzOXw56M2GSEUOPo8sP2PR2MWjeCdy5rfIyU-3D
>
> To manage Coverity Scan email notifications for "
> stephen at networkplumber.org", click https://u2389337.ct.sendgrid.
> net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-
> 2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4sKfrkUL5oDv8dgJj5BU3
> IfRYzaFCVGnOstQOuK3KKCEYrqlxJ2-2FPVogkBzkcq1Dg-2FyXbbLWT-2BUFivnCf-
> 2Ffy5pynld3GGM7zvzbDuODpBlYA-3D_5xu02FVv-2BCbxTLHpBsC0RXI5u3ZIuvswXolnG
> x3HI6n1gq9Xsuj8K50wQIlWov7yyQRBN8re6yFBwOsnahFZygYSNuU7rrSKQ
> tPVcIi21MDpz6KZwG8nS4KmgXtet9991WL1lHRPs9GRo4zwJ-2Bnb-2FTnQYqob6zFOkhFpJ-
> 2FjhXOQt2JMEhg-2FflJvekTxexy1BKKt-2FaadTS9JcUmvbkxxm73IxfO8iGv39
> u0aDGpPB0r8-3D
>
>


More information about the dev mailing list