Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
11 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1316592: Code maintainability issues (UNUSED_VALUE)
/sys/dev/pci/ixgbe/ixv.c: 1879 in ixv_free_pci_resources()
________________________________________________________________________________________________________
*** CID 1316592: Code maintainability issues (UNUSED_VALUE)
/sys/dev/pci/ixgbe/ixv.c: 1879 in ixv_free_pci_resources()
1873 int rid;
1874
1875 /*
1876 ** Release all msix queue resources:
1877 */
1878 for (int i = 0; i < adapter->num_queues; i++, que++) {
>>> CID 1316592: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "que->msix + 1U" to "rid" here, but that stored value is overwritten before it can be used.
1879 rid = que->msix + 1;
1880 if (que->res != NULL)
1881 pci_intr_disestablish(adapter->osdep.pc,
1882 adapter->osdep.ihs[i]);
1883 }
1884
** CID 1316591: Memory - illegal accesses (OVERRUN)
/sys/dev/pci/ixgbe/ixv.c: 1892 in ixv_free_pci_resources()
________________________________________________________________________________________________________
*** CID 1316591: Memory - illegal accesses (OVERRUN)
/sys/dev/pci/ixgbe/ixv.c: 1892 in ixv_free_pci_resources()
1886 /* Clean the Legacy or Link interrupt last */
1887 if (adapter->mbxvec) /* we are doing MSIX */
1888 rid = adapter->mbxvec + 1;
1889 else
1890 (adapter->msix != 0) ? (rid = 1):(rid = 0);
1891
>>> CID 1316591: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "adapter->osdep.ihs" of 2 8-byte elements at element index 2 (byte offset 16) using index "rid" (which evaluates to 2).
1892 if (adapter->osdep.ihs[rid] != NULL)
1893 pci_intr_disestablish(adapter->osdep.pc,
1894 adapter->osdep.ihs[rid]);
1895 adapter->osdep.ihs[rid] = NULL;
1896
1897 #if defined(NETBSD_MSI_OR_MSIX)
** CID 1316590: Null pointer dereferences (FORWARD_NULL)
/sys/dev/pci/ixgbe/ixv.c: 2852 in ixv_refresh_mbufs()
________________________________________________________________________________________________________
*** CID 1316590: Null pointer dereferences (FORWARD_NULL)
/sys/dev/pci/ixgbe/ixv.c: 2852 in ixv_refresh_mbufs()
2846 if (mp == NULL) {
2847 rxr->no_jmbuf.ev_count++;
2848 goto update;
2849 } else
2850 mp = rxbuf->m_pack;
2851
>>> CID 1316590: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "mp".
2852 mp->m_pkthdr.len = mp->m_len = adapter->rx_mbuf_sz;
2853 /* Get the memory mapping */
2854 error = bus_dmamap_load_mbuf(rxr->ptag->dt_dmat,
2855 rxbuf->pmap, mp, BUS_DMA_NOWAIT);
2856 if (error != 0) {
2857 printf("GET BUF: dmamap load"
** CID 1316589: Error handling issues (CHECKED_RETURN)
/sys/dev/pci/ixgbe/ixv.c: 3899 in ixv_handle_mbx()
________________________________________________________________________________________________________
*** CID 1316589: Error handling issues (CHECKED_RETURN)
/sys/dev/pci/ixgbe/ixv.c: 3899 in ixv_handle_mbx()
3893 */
3894 static void
3895 ixv_handle_mbx(void *context)
3896 {
3897 struct adapter *adapter = context;
3898
>>> CID 1316589: Error handling issues (CHECKED_RETURN)
>>> Calling "ixgbe_check_link" without checking return value (as is done elsewhere 8 out of 9 times).
3899 ixgbe_check_link(&adapter->hw,
3900 &adapter->link_speed, &adapter->link_up, 0);
3901 ixv_update_link_status(adapter);
3902 }
3903
3904 /*
** CID 1316545: Control flow issues (DEADCODE)
/sys/ufs/lfs/lfs_alloc.c: 312 in lfs_valloc_fixed()
________________________________________________________________________________________________________
*** CID 1316545: Control flow issues (DEADCODE)
/sys/ufs/lfs/lfs_alloc.c: 312 in lfs_valloc_fixed()
306 brelse(bp, 0);
307 }
308 if (nextfree == LFS_UNUSED_INUM) {
309 brelse(bp, 0);
310 return ENOENT;
311 }
>>> CID 1316545: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "lfs_if_setnextfree(fs, ifp,...".
312 lfs_if_setnextfree(fs, ifp, oldnext);
313 LFS_BWRITE_LOG(bp);
314 }
315
316 return 0;
317 }
** CID 1316544: Incorrect expression (ASSERT_SIDE_EFFECT)
/sys/netinet/if_arp.c: 582 in arp_rtrequest()
________________________________________________________________________________________________________
*** CID 1316544: Incorrect expression (ASSERT_SIDE_EFFECT)
/sys/netinet/if_arp.c: 582 in arp_rtrequest()
576 {
577 /*
578 * Give this route an expiration time, even though
579 * it's a "permanent" route, so that routes cloned
580 * from it do not need their expiration time set.
581 */
>>> CID 1316544: Incorrect expression (ASSERT_SIDE_EFFECT)
>>> Argument "time_uptime" of KASSERT() has a side effect because the variable is volatile. The containing function might work differently in a non-debug build.
582 KASSERT(time_uptime != 0);
583 rt->rt_expire = time_uptime;
584 /*
585 * linklayers with particular link MTU limitation.
586 */
587 switch (ifp->if_type) {
** CID 1305544: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixgbe.c: 2670 in ixgbe_allocate_msix()
________________________________________________________________________________________________________
*** CID 1305544: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixgbe.c: 2670 in ixgbe_allocate_msix()
2664 aprint_error_dev(dev,
2665 "Failed to register QUE handler\n");
2666 kcpuset_destroy(affinity);
2667 return ENXIO;
2668 }
2669 que->msix = vector;
>>> CID 1305544: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << que->msix" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "u64" (64 bits, unsigned).
2670 adapter->que_mask |= (u64)(1 << que->msix);
2671 #ifdef RSS
2672 /*
2673 * The queue ID is used as the RSS layer bucket ID.
2674 * We look up the queue ID -> RSS CPU ID and select
2675 * that.
** CID 1305542: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixv.c: 1710 in ixv_allocate_msix()
________________________________________________________________________________________________________
*** CID 1305542: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixv.c: 1710 in ixv_allocate_msix()
1704 aprint_error_dev(dev,
1705 "Failed to register QUE handler");
1706 kcpuset_destroy(affinity);
1707 return (ENXIO);
1708 }
1709 que->msix = vector;
>>> CID 1305542: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << que->msix" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "u64" (64 bits, unsigned).
1710 adapter->que_mask |= (u64)(1 << que->msix);
1711
1712 cpu_id = i;
1713 /* Round-robin affinity */
1714 kcpuset_zero(affinity);
1715 kcpuset_set(affinity, cpu_id % ncpu);
** CID 1008346: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixv.c: 1024 in ixv_disable_queue()
________________________________________________________________________________________________________
*** CID 1008346: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixv.c: 1024 in ixv_disable_queue()
1018 }
1019
1020 static inline void
1021 ixv_disable_queue(struct adapter *adapter, u32 vector)
1022 {
1023 struct ixgbe_hw *hw = &adapter->hw;
>>> CID 1008346: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << vector" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "u64" (64 bits, unsigned).
1024 u64 queue = (u64)(1 << vector);
1025 u32 mask;
1026
1027 mask = (IXGBE_EIMS_RTX_QUEUE & queue);
1028 IXGBE_WRITE_REG(hw, IXGBE_VTEIMC, mask);
1029 }
** CID 1006456: Uninitialized variables (UNINIT)
/sys/dev/pci/ixgbe/ixv.c: 2001 in ixv_config_link()
________________________________________________________________________________________________________
*** CID 1006456: Uninitialized variables (UNINIT)
/sys/dev/pci/ixgbe/ixv.c: 2001 in ixv_config_link()
1995 err = hw->mac.ops.check_link(hw, &autoneg,
1996 &adapter->link_up, FALSE);
1997 if (err)
1998 goto out;
1999
2000 if (hw->mac.ops.setup_link)
>>> CID 1006456: Uninitialized variables (UNINIT)
>>> Using uninitialized value "autoneg" when calling "*hw->mac.ops.setup_link".
2001 err = hw->mac.ops.setup_link(hw,
2002 autoneg, adapter->link_up);
2003 out:
2004 return;
2005 }
2006
** CID 1006225: Control flow issues (UNREACHABLE)
/sys/dev/pci/ixgbe/ixv.c: 2373 in ixv_initialize_transmit_units()
________________________________________________________________________________________________________
*** CID 1006225: Control flow issues (UNREACHABLE)
/sys/dev/pci/ixgbe/ixv.c: 2373 in ixv_initialize_transmit_units()
2367 ixv_initialize_transmit_units(struct adapter *adapter)
2368 {
2369 struct tx_ring *txr = adapter->tx_rings;
2370 struct ixgbe_hw *hw = &adapter->hw;
2371
2372
>>> CID 1006225: Control flow issues (UNREACHABLE)
>>> Since the loop increment "(i++) , (txr++);" is unreachable, the loop body will never execute more than once.
2373 for (int i = 0; i < adapter->num_queues; i++, txr++) {
2374 u64 tdba = txr->txdma.dma_paddr;
2375 u32 txctrl, txdctl;
2376
2377 /* Set WTHRESH to 8, burst writeback */
2378 txdctl = IXGBE_READ_REG(hw, IXGBE_VFTXDCTL(i));
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-kernel?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index