[PATCH 0/3] vhost coverity issue fixes

[PATCH 0/3] vhost coverity issue fixes

[Yuanhan Liu]

This is a small series fixes 3 coverity issues.

John, I'm wondering maybe maybe we could add the next-net and
next-virtio tree into the coverity test as well? So that we could
catch those errors as earlier as possible, say, at least before
they got merged into mainline.

---
Yuanhan Liu (3):
  vhost: fix memory leak
  vhost: fix not null terminated string
  vhost: fix potential NULL pointer dereference

 lib/librte_vhost/vhost_user/vhost-net-user.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

-- 
1.9.0

[PATCH 1/3] vhost: fix memory leak

[Yuanhan Liu]

Fix potential memory leak raised by Coverity.

    >>>     Variable "vsocket" going out of scope leaks the storage it
    >>>     points to.

Coverity issue: 127483
Fixes: e623e0c6d8a5 ("vhost: add reconnect ability")

Reported-by: John McNamara <john.mcnamara@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
---
 lib/librte_vhost/vhost_user/vhost-net-user.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c b/lib/librte_vhost/vhost_user/vhost-net-user.c
index 94f1b92..90cc127 100644
--- a/lib/librte_vhost/vhost_user/vhost-net-user.c
+++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
@@ -617,8 +617,11 @@ rte_vhost_driver_register(const char *path, uint64_t flags)
 	if ((flags & RTE_VHOST_USER_CLIENT) != 0) {
 		vsocket->reconnect = !(flags & RTE_VHOST_USER_NO_RECONNECT);
 		if (vsocket->reconnect && reconn_tid == 0) {
-			if (vhost_user_reconnect_init() < 0)
+			if (vhost_user_reconnect_init() < 0) {
+				free(vsocket->path);
+				free(vsocket);
 				goto out;
+			}
 		}
 		ret = vhost_user_create_client(vsocket);
 	} else {
-- 
1.9.0

[PATCH 2/3] vhost: fix not null terminated string

[Yuanhan Liu]

Fix an issue raised by Coverity.

    >>>     CID 127475:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
    >>>     Calling strncpy with a maximum size argument of 108 bytes on
    >>>     destination array "un->sun_path" of size 108 bytes might leave
    >>>     the destination string unterminated.
    441             strncpy(un->sun_path, path, sizeof(un->sun_path));
    442
    443             return fd;
    444     }

Coverity issue: 127475
Fixes: 64ab701c3d1e ("vhost: add vhost-user client mode")

Reported-by: John McNamara <john.mcnamara@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
---
 lib/librte_vhost/vhost_user/vhost-net-user.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c b/lib/librte_vhost/vhost_user/vhost-net-user.c
index 90cc127..67303a4 100644
--- a/lib/librte_vhost/vhost_user/vhost-net-user.c
+++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
@@ -439,6 +439,7 @@ create_unix_socket(const char *path, struct sockaddr_un *un, bool is_server)
 	memset(un, 0, sizeof(*un));
 	un->sun_family = AF_UNIX;
 	strncpy(un->sun_path, path, sizeof(un->sun_path));
+	un->sun_path[sizeof(un->sun_path) - 1] = '\0';
 
 	return fd;
 }
-- 
1.9.0

[PATCH 3/3] vhost: fix potential NULL pointer dereference

[Yuanhan Liu]

Fix the potential NULL pointer dereference issue raised by Coverity.

    578             reconn = malloc(sizeof(*reconn));
    >>>     CID 127481:  Null pointer dereferences  (NULL_RETURNS)
    >>>     Dereferencing a null pointer "reconn".
    579             reconn->un = un;

Coverity issue: 127481
Fixes: e623e0c6d8a5 ("vhost: add reconnect ability")

Reported-by: John McNamara <john.mcnamara@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
---
 lib/librte_vhost/vhost_user/vhost-net-user.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c b/lib/librte_vhost/vhost_user/vhost-net-user.c
index 67303a4..a0d83f3 100644
--- a/lib/librte_vhost/vhost_user/vhost-net-user.c
+++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
@@ -577,6 +577,12 @@ vhost_user_create_client(struct vhost_user_socket *vsocket)
 
 	RTE_LOG(ERR, VHOST_CONFIG, "%s: reconnecting...\n", path);
 	reconn = malloc(sizeof(*reconn));
+	if (reconn == NULL) {
+		RTE_LOG(ERR, VHOST_CONFIG,
+			"failed to allocate memory for reconnect\n");
+		close(fd);
+		return -1;
+	}
 	reconn->un = un;
 	reconn->fd = fd;
 	reconn->vsocket = vsocket;
-- 
1.9.0

Re: [PATCH 0/3] vhost coverity issue fixes

[Mcnamara, John]

> -----Original Message-----
> From: Yuanhan Liu [mailto:yuanhan.liu@linux.intel.com]
> Sent: Tuesday, June 28, 2016 4:58 AM
> To: dev@dpdk.org
> Cc: Xie, Huawei <huawei.xie@intel.com>; Mcnamara, John
> <john.mcnamara@intel.com>; Yuanhan Liu <yuanhan.liu@linux.intel.com>
> Subject: [PATCH 0/3] vhost coverity issue fixes
> 
> This is a small series fixes 3 coverity issues.
> 
> John, I'm wondering maybe maybe we could add the next-net and next-virtio
> tree into the coverity test as well? So that we could catch those errors
> as earlier as possible, say, at least before they got merged into
> mainline.

Hi Yuanhan,

Good suggestion. I can do that. Are there any additional configs that should
be enabled? Currently the check runs with:

    CONFIG_RTE_LIBRTE_PMD_PCAP=y
    CONFIG_RTE_LIBRTE_PMD_QAT=y
    CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y
    CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y
    CONFIG_RTE_LIBRTE_PMD_SNOW3G=y

John

Re: [PATCH 0/3] vhost coverity issue fixes

[Yuanhan Liu]

On Thu, Jun 30, 2016 at 03:58:31PM +0000, Mcnamara, John wrote:
> > -----Original Message-----
> > From: Yuanhan Liu [mailto:yuanhan.liu@linux.intel.com]
> > Sent: Tuesday, June 28, 2016 4:58 AM
> > To: dev@dpdk.org
> > Cc: Xie, Huawei <huawei.xie@intel.com>; Mcnamara, John
> > <john.mcnamara@intel.com>; Yuanhan Liu <yuanhan.liu@linux.intel.com>
> > Subject: [PATCH 0/3] vhost coverity issue fixes
> > 
> > This is a small series fixes 3 coverity issues.
> > 
> > John, I'm wondering maybe maybe we could add the next-net and next-virtio
> > tree into the coverity test as well? So that we could catch those errors
> > as earlier as possible, say, at least before they got merged into
> > mainline.
> 
> Hi Yuanhan,
> 
> Good suggestion. I can do that.

John, Great!

> Are there any additional configs that should
> be enabled? Currently the check runs with:
> 
>     CONFIG_RTE_LIBRTE_PMD_PCAP=y
>     CONFIG_RTE_LIBRTE_PMD_QAT=y
>     CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y
>     CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y
>     CONFIG_RTE_LIBRTE_PMD_SNOW3G=y

Non of them are related to vhost/virtio, thus we may don't need them
for next-virtio tree. And I just think of one that should be enabled:

	CONFIG_RTE_LIBRTE_VHOST_NUMA=y

OTOH, I'm wondering is it worth to enable those debug options, to cover
more codes?

One more question: will it cover all branches? I have 2 branches there,
master and for-testing. It would be great if the coverity test can cover
the two branches. However, it does not matter at all if it just covers
one branch only: master.

Thanks.

	--yliu

Re: [PATCH 0/3] vhost coverity issue fixes

[Yuanhan Liu]

On Tue, Jun 28, 2016 at 11:58:28AM +0800, Yuanhan Liu wrote:
> This is a small series fixes 3 coverity issues.

Series applied to dpdk-next-virtio.

	--yliu
> 
> John, I'm wondering maybe maybe we could add the next-net and
> next-virtio tree into the coverity test as well? So that we could
> catch those errors as earlier as possible, say, at least before
> they got merged into mainline.
> 
> ---
> Yuanhan Liu (3):
>   vhost: fix memory leak
>   vhost: fix not null terminated string
>   vhost: fix potential NULL pointer dereference
> 
>  lib/librte_vhost/vhost_user/vhost-net-user.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> -- 
> 1.9.0