From: Joshua Otto <jtotto@uwaterloo.ca>
To: ian.campbell@citrix.com, xen-devel@lists.xen.org
Cc: wei.liu2@citrix.com, stefano.stabellini@eu.citrix.com,
george.dunlap@eu.citrix.com, dario.faggioli@citrix.com,
ian.jackson@eu.citrix.com, czylin@uwaterloo.ca,
hjarmstr@uwaterloo.ca
Subject: Coverity tidying
Date: Mon, 28 Dec 2015 00:16:43 -0500 [thread overview]
Message-ID: <1451279808-25264-1-git-send-email-jtotto@uwaterloo.ca> (raw)
In-Reply-To: <1450091323.16856.24.camel@citrix.com>
On Mon, Dec 14, 2015 at 11:08:43AM +0000, Ian Campbell wrote:
> On Sat, 2015-12-12 at 17:07 -0500, Joshua Otto wrote:
> > On Fri, Dec 11, 2015 at 01:52:41PM +0000, Ian Campbell wrote:
> > > Cool! Just to be clear, you are looking for one project for the 3 of
> > > you to
> > > work on as a group (vs 3 individual projects), is that right?
> >
> > Yes, that's right.
> >
> > > It's been a while since there has been a scan run, I did one yesterday but
> > > it is taking an unusually long time to get the results back. Hopefully
> > > we'll have an up to date set of defects early next week and I can have a
> > > scrobble around for some interesting ones for you guys to take a look at.
> >
> > That would be perfect, thanks!
>
> Results are in. I've cherry-picked a few of the new issues below. I've not
> checked carefully for false +ves.
>
> Not a great deal of massive thrills in there, but some one liners etc to
> dip your toes in I guess.
These patches address the Coverity scan issues identified below that appear to
be actual problems. For issues that we believe to be false positives, we
briefly explain why.
We've attempted to CC maintainers according to get_maintainer.pl.
> ________________________________________________________________________________________________________
> *** CID 1343310: Code maintainability issues (UNUSED_VALUE)
> /xen/arch/x86/hvm/svm/intr.c: 95 in svm_enable_intr_window()
> 89 struct vmcb_struct *gvmcb = nv->nv_vvmcx;
> 90
> 91 /* check if l1 guest injects interrupt into l2 guest via vintr.
> 92 * return here or l2 guest looses interrupts, otherwise.
> 93 */
> 94 ASSERT(gvmcb != NULL);
> >>> CID 1343310: Code maintainability issues (UNUSED_VALUE)
> >>> Assigning value from "vmcb_get_vintr(gvmcb)" to "intr" here, but that stored value is overwritten before it can be used.
> 95 intr = vmcb_get_vintr(gvmcb);
> 96 if ( intr.fields.irq )
> 97 return;
> 98 }
> 99 }
> 100
intr is used on the next line, so this appears to be a false positive without an
obvious rephrasing that Coverity would accept.
> ________________________________________________________________________________________________________
> *** CID 1343309: Control flow issues (UNREACHABLE)
> /tools/libxl/libxl.c: 5575 in libxl_get_scheduler()
> 5569 {
> 5570 libxl_scheduler sched, ret;
> 5571 GC_INIT(ctx);
> 5572 if ((ret = xc_sched_id(ctx->xch, (int *)&sched)) != 0) {
> 5573 LOGE(ERROR, "getting domain info list");
> 5574 return ERROR_FAIL;
> >>> CID 1343309: Control flow issues (UNREACHABLE)
> >>> This code cannot be reached: "libxl__free_all(gc);".
> 5575 GC_FREE;
> 5576 }
> 5577 GC_FREE;
> 5578 return sched;
> 5579 }
> 5580
>
> As well as putting GC_FREE in the right place this function could be
> reworked to follow the recommendations in tools/libxl/CODING_STYLE.
This issue is addressed by patches 1 and 2.
> ** CID 1343307: (RESOURCE_LEAK)
> /tools/libxl/libxl_dm.c: 746 in libxl__dm_runas_helper()
> /tools/libxl/libxl_dm.c: 748 in libxl__dm_runas_helper()
> /tools/libxl/libxl_dm.c: 749 in libxl__dm_runas_helper()
>
>
> ________________________________________________________________________________________________________
> *** CID 1343307: (RESOURCE_LEAK)
> /tools/libxl/libxl_dm.c: 746 in libxl__dm_runas_helper()
> 740 ret = getpwnam_r(username, &pwd, buf, buf_size, &user);
> 741 if (ret == ERANGE) {
> 742 buf_size += 128;
> 743 continue;
> 744 }
> 745 if (ret != 0)
> >>> CID 1343307: (RESOURCE_LEAK)
> >>> Variable "buf" going out of scope leaks the storage it points to.
> 746 return ERROR_FAIL;
> 747 if (user != NULL)
> 748 return 1;
> 749 return 0;
> 750 }
> 751 }
> /tools/libxl/libxl_dm.c: 748 in libxl__dm_runas_helper()
> 742 buf_size += 128;
> 743 continue;
> 744 }
> 745 if (ret != 0)
> 746 return ERROR_FAIL;
> 747 if (user != NULL)
> >>> CID 1343307: (RESOURCE_LEAK)
> >>> Variable "buf" going out of scope leaks the storage it points to.
> 748 return 1;
> 749 return 0;
> 750 }
> 751 }
> 752
> 753 static int libxl__build_device_model_args_new(libxl__gc *gc,
> /tools/libxl/libxl_dm.c: 749 in libxl__dm_runas_helper()
> 743 continue;
> 744 }
> 745 if (ret != 0)
> 746 return ERROR_FAIL;
> 747 if (user != NULL)
> 748 return 1;
> >>> CID 1343307: (RESOURCE_LEAK)
> >>> Variable "buf" going out of scope leaks the storage it points to.
> 749 return 0;
> 750 }
> 751 }
> 752
> 753 static int libxl__build_device_model_args_new(libxl__gc *gc,
> 754 const char *dm, int guest_domid,
This appears to be a false positive - libxl__realloc() ensures that any
new allocations are added to the gc, and that subsequent reallocations
bring the gc up to date, so exiting the function at any time should be
safe.
> *** CID 1343302: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
> /xen/drivers/char/ns16550.c: 916 in pci_uart_config()
> 910
> 911 p = uart_config[i].param;
> 912 /*
> 913 * Force length of mmio region to be at least
> 914 * 8 bytes times (1 << reg_shift)
> 915 */
> >>> CID 1343302: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
> >>> Potentially overflowing expression "1 << uart_param[p].reg_shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "u64" (64 bits, unsigned).
> 916 if ( size < (0x8 * (1 << uart_param[p].reg_shift)) )
> 917 continue;
> 918
> 919 if ( bar_idx >= uart_param[p].max_bars )
> 920 continue;
> 921
This should be fine - reg_shift never exceeds 2, so there's no need to
worry about overflow. However, if it's possible that reg_shift might in the
future have a value that causes overflow it could be addressed by applying our
third patch.
> ________________________________________________________________________________________________________
> *** CID 1343301: Incorrect expression (NO_EFFECT)
> /xen/common/sched_credit.c: 1795 in csched_dump_pcpu()
> 1789 csched_dump_pcpu(const struct scheduler *ops, int cpu)
> 1790 {
> 1791 struct list_head *runq, *iter;
> 1792 struct csched_private *prv = CSCHED_PRIV(ops);
> 1793 struct csched_pcpu *spc;
> 1794 struct csched_vcpu *svc;
> >>> CID 1343301: Incorrect expression (NO_EFFECT)
> >>> Assignment operation "lock = lock" has no effect.
> 1795 spinlock_t *lock = lock;
> 1796 unsigned long flags;
> 1797 int loop;
> 1798 #define cpustr keyhandler_scratch
> 1799
> 1800 /*
This is addressed by the fourth patch.
> *** CID 1343299: Incorrect expression (MIXED_ENUMS)
> /tools/libxl/libxl_psr.c: 313 in libxl_psr_cat_set_cbm()
> 307 goto out;
> 308 }
> 309
> 310 libxl_for_each_set_bit(socketid, *target_map) {
> 311 if (socketid >= nr_sockets)
> 312 break;
> >>> CID 1343299: Incorrect expression (MIXED_ENUMS)
> >>> Mixing enum types "enum libxl_psr_cbm_type" and "enum xc_psr_cat_type" for "type".
> 313 if (xc_psr_cat_set_domain_data(ctx->xch, domid, type, socketid, cbm)) {
> 314 libxl__psr_cat_log_err_msg(gc, errno);
> 315 rc = ERROR_FAIL;
> 316 }
> 317 }
> 318
The enum types being mixed are identical - one lives in the libxl types
IDL and the other in libxc. Our fifth patch introduces an explicit conversion,
in case this style is preferable.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2015-12-28 5:16 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-04 20:26 Taking on a Xen development project jtotto
2015-12-10 10:59 ` Wei Liu
2015-12-10 17:23 ` Andrew Cooper
2015-12-12 2:19 ` Yang Hongyang
2015-12-12 22:30 ` Joshua Otto
2015-12-12 23:02 ` Andrew Cooper
2015-12-14 22:49 ` Joshua Otto
2015-12-11 13:52 ` Ian Campbell
2015-12-12 22:07 ` Joshua Otto
2015-12-14 11:08 ` Ian Campbell
2015-12-14 22:59 ` Joshua Otto
2015-12-15 15:48 ` Ian Campbell
2015-12-28 5:16 ` Joshua Otto [this message]
2015-12-28 5:16 ` [PATCH 1/5] libxl: tidy libxl_get_scheduler() according to CODING_STYLE Joshua Otto
2016-01-04 16:23 ` Ian Campbell
2016-01-05 8:20 ` Dario Faggioli
2016-01-19 5:57 ` [PATCH v2 " Chester Lin
2016-01-19 9:14 ` Dario Faggioli
2016-01-19 11:28 ` Wei Liu
2016-01-19 11:35 ` Ian Campbell
2015-12-28 5:16 ` [PATCH 2/5] libxl: make GC_FREE reachable in libxl_get_scheduler() Joshua Otto
2016-01-04 16:29 ` Ian Campbell
2016-01-05 8:49 ` Dario Faggioli
2016-01-05 11:16 ` Ian Campbell
2016-01-19 5:57 ` [PATCH v2 " Chester Lin
2016-01-19 9:08 ` Dario Faggioli
2016-01-19 14:15 ` Ian Jackson
2015-12-28 5:16 ` [PATCH 3/5] ns16550: widen an integer constant for Coverity Joshua Otto
2016-01-04 16:36 ` Ian Campbell
2016-01-06 9:26 ` Jan Beulich
2016-01-19 5:57 ` [PATCH v2 3/5] n16550: add sanity check for reg_shift Chester Lin
2016-01-19 13:32 ` Jan Beulich
2016-01-25 0:41 ` czylin
2015-12-28 5:16 ` [PATCH 4/5] credit: remove pointless local variable initialization Joshua Otto
2015-12-28 5:16 ` [PATCH 5/5] libxl: Add explicit cast to libxl_psr_cat_set_cbm Joshua Otto
2016-01-04 16:40 ` Ian Campbell
2016-01-19 5:58 ` [PATCH v2 " Chester Lin
2016-01-19 8:34 ` Dario Faggioli
2016-01-19 14:06 ` Ian Jackson
2016-01-19 14:21 ` Ian Campbell
2016-01-19 14:28 ` Dario Faggioli
2016-01-19 14:33 ` Ian Jackson
2016-01-19 14:31 ` George Dunlap
2016-01-19 14:31 ` Ian Campbell
2016-01-19 14:35 ` Ian Jackson
2017-01-12 18:08 ` George Dunlap
2017-01-13 9:05 ` Dario Faggioli
2015-12-28 9:34 ` Coverity tidying Andrew Cooper
2016-01-01 3:14 ` [PATCH] svm: rephrase local variable use for Coverity Joshua Otto
2016-01-06 13:24 ` Jan Beulich
2016-01-06 14:33 ` Boris Ostrovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1451279808-25264-1-git-send-email-jtotto@uwaterloo.ca \
--to=jtotto@uwaterloo.ca \
--cc=czylin@uwaterloo.ca \
--cc=dario.faggioli@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=hjarmstr@uwaterloo.ca \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.