KVM Archive on lore.kernel.org
 help / color / Atom feed
* re: vfio/fsl-mc: trigger an interrupt via eventfd
@ 2020-10-15 12:12 Colin Ian King
  0 siblings, 0 replies; only message in thread
From: Colin Ian King @ 2020-10-15 12:12 UTC (permalink / raw)
  To: Diana Craciun, kvm
  Cc: Bharat Bhushan, Diana Craciun, Eric Auger, Alex Williamson, linux-kernel


Static analysis with Coverity on linux-next today has detected an issue
in the following commit:

commit cc0ee20bd96971c10eba9a83ecf1c0733078a083
Author: Diana Craciun <diana.craciun@oss.nxp.com>
Date:   Mon Oct 5 20:36:52 2020 +0300

    vfio/fsl-mc: trigger an interrupt via eventfd

The analysis is as follows:

106 static int vfio_fsl_mc_set_irq_trigger(struct vfio_fsl_mc_device *vdev,
107                                       unsigned int index, unsigned
int start,
108                                       unsigned int count, u32 flags,
109                                       void *data)
110 {
111        struct fsl_mc_device *mc_dev = vdev->mc_dev;
112        int ret, hwirq;
113        struct vfio_fsl_mc_irq *irq;
114        struct device *cont_dev = fsl_mc_cont_dev(&mc_dev->dev);
115        struct fsl_mc_device *mc_cont = to_fsl_mc_device(cont_dev);

cond_const: Condition count != 1U, taking false branch. Now the value of
count is equal to 1.

117        if (start != 0 || count != 1)
118                return -EINVAL;
120        mutex_lock(&vdev->reflck->lock);
121        ret = fsl_mc_populate_irq_pool(mc_cont,
122                        FSL_MC_IRQ_POOL_MAX_TOTAL_IRQS);
123        if (ret)
124                goto unlock;
126        ret = vfio_fsl_mc_irqs_allocate(vdev);
127        if (ret)
128                goto unlock;
129        mutex_unlock(&vdev->reflck->lock);

const: At condition count, the value of count must be equal to 1.
dead_error_condition: The condition !count cannot be true.

Logically dead code (DEADCODE)
dead_error_line: Execution cannot reach the expression flags & 1U inside
this statement: if (!count && flags & 1U)

131        if (!count && (flags & VFIO_IRQ_SET_DATA_NONE))
132                return vfio_set_trigger(vdev, index, -1);

At line 131, count is 1 because of the check and return on lines
117-118.  !count is 0, and so 0 && (flags & VFIO_IRQ_SET_DATA_NONE) is
always false, so the vfio_set_trigger is never called. I suspect that
was not the intention.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-15 12:12 vfio/fsl-mc: trigger an interrupt via eventfd Colin Ian King

KVM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \
	public-inbox-index kvm

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git