Another bundle of issues from Coverity triage. The first one is in x86/mm, and looks scarier than it is. The others are all in xen/drivers and AFAICT are pretty minor. Cheers, Tim.
Tim Deegan
2013-Sep-12 12:15 UTC
[PATCH 1/9] x86/mm: Don''t dereference p2m pointer before NULL check.
Not a security bug, because in fact this is never called with a NULL
argument.
Coverity CID 1055955
Signed-off-by: Tim Deegan <tim@xen.org>
---
xen/arch/x86/mm/p2m.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index f5ddd20..8f380ed 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -453,7 +453,7 @@ void p2m_teardown(struct p2m_domain *p2m)
* We know we don''t have any extra mappings to these pages */
{
struct page_info *pg;
- struct domain *d = p2m->domain;
+ struct domain *d;
unsigned long gfn;
p2m_type_t t;
mfn_t mfn;
@@ -461,6 +461,8 @@ void p2m_teardown(struct p2m_domain *p2m)
if (p2m == NULL)
return;
+ d = p2m->domain;
+
p2m_lock(p2m);
/* Try to unshare any remaining shared p2m entries. Safeguard
--
1.7.10.4
Tim Deegan
2013-Sep-12 12:15 UTC
[PATCH 2/9] passthrough/amd: Drop unnecessary lock lookup.
The lock''s not used for anything, and AFAICT no locking is needed
since the IVRS tables are static after boot.
Coverity CID 1087199
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: Jacob Shin <jacob.shin@amd.com>
---
xen/drivers/passthrough/amd/iommu_intr.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/xen/drivers/passthrough/amd/iommu_intr.c
b/xen/drivers/passthrough/amd/iommu_intr.c
index 831f92a..213f4d7 100644
--- a/xen/drivers/passthrough/amd/iommu_intr.c
+++ b/xen/drivers/passthrough/amd/iommu_intr.c
@@ -443,7 +443,6 @@ static int update_intremap_entry_from_msi_msg(
* devices.
*/
- lock = get_intremap_lock(iommu->seg, alias_id);
if ( ( req_id != alias_id ) &&
get_ivrs_mappings(iommu->seg)[alias_id].intremap_table != NULL )
{
--
1.7.10.4
Coverity CID 1055502
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: Jacob Shin <jacob.shin@amd.com>
---
xen/drivers/passthrough/amd/iommu_guest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/drivers/passthrough/amd/iommu_guest.c
b/xen/drivers/passthrough/amd/iommu_guest.c
index 85f2361..952600a 100644
--- a/xen/drivers/passthrough/amd/iommu_guest.c
+++ b/xen/drivers/passthrough/amd/iommu_guest.c
@@ -728,6 +728,7 @@ static void guest_iommu_mmio_write64(struct guest_iommu
*iommu,
break;
case IOMMU_EVENT_LOG_BASE_LOW_OFFSET:
u64_to_reg(&iommu->event_log.reg_base, val);
+ break;
case IOMMU_PPR_LOG_BASE_LOW_OFFSET:
u64_to_reg(&iommu->ppr_log.reg_base, val);
break;
--
1.7.10.4
Coverity''s parser chokes on seeing __section() before the type.
Coverity CID 1087190
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: Jacob Shin <jacob.shin@amd.com>
---
xen/drivers/passthrough/amd/iommu_acpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c
b/xen/drivers/passthrough/amd/iommu_acpi.c
index 89b359c..2bfe61e 100644
--- a/xen/drivers/passthrough/amd/iommu_acpi.c
+++ b/xen/drivers/passthrough/amd/iommu_acpi.c
@@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range(
return dev_length;
}
-static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf));
+static DECLARE_BITMAP(__initdata ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf));
static void __init parse_ivrs_ioapic(char *str)
{
--
1.7.10.4
The def_sampling_rate() one is, I think, a real bug. The others were
spotted at the same time and are probably not bugs until we start
dealing with 40GHz CPus.
Coverity CID 1055682
Coverity CID 1055683
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Liu Jinsong <jinsong.liu@intel.com>
---
xen/drivers/cpufreq/cpufreq_ondemand.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c
b/xen/drivers/cpufreq/cpufreq_ondemand.c
index b3f9ab8..7fdba03 100644
--- a/xen/drivers/cpufreq/cpufreq_ondemand.c
+++ b/xen/drivers/cpufreq/cpufreq_ondemand.c
@@ -144,7 +144,7 @@ static void dbs_check_cpu(struct cpu_dbs_info_s
*this_dbs_info)
}
/* Check for frequency increase */
- if (max_load_freq > dbs_tuners_ins.up_threshold * policy->cur) {
+ if (max_load_freq > (uint64_t) dbs_tuners_ins.up_threshold *
policy->cur) {
/* if we are already at full speed then break out early */
if (policy->cur == max)
return;
@@ -162,7 +162,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s
*this_dbs_info)
* can support the current CPU usage without triggering the up
* policy. To be safe, we focus 10 points under the threshold.
*/
- if (max_load_freq < (dbs_tuners_ins.up_threshold - 10) * policy->cur)
{
+ if (max_load_freq
+ < (uint64_t) (dbs_tuners_ins.up_threshold - 10) * policy->cur) {
uint64_t freq_next;
freq_next = max_load_freq / (dbs_tuners_ins.up_threshold - 10);
@@ -246,7 +247,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy,
unsigned int event)
* is used for first time
*/
if ((dbs_enable == 1) && !dbs_tuners_ins.sampling_rate) {
- def_sampling_rate = policy->cpuinfo.transition_latency *
+ def_sampling_rate = (uint64_t)
policy->cpuinfo.transition_latency *
DEF_SAMPLING_RATE_LATENCY_MULTIPLIER;
if (def_sampling_rate < MIN_STAT_SAMPLING_RATE)
--
1.7.10.4
Coverity CID 1055131
Coverity CID 1055132
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Liu Jinsong <jinsong.liu@intel.com>
---
xen/drivers/cpufreq/cpufreq.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c
index 0de5d41..ab66884 100644
--- a/xen/drivers/cpufreq/cpufreq.c
+++ b/xen/drivers/cpufreq/cpufreq.c
@@ -471,8 +471,12 @@ int set_px_pminfo(uint32_t acpi_id, struct
xen_processor_performance *dom0_px_in
ret = -ENOMEM;
goto out;
}
- copy_from_guest(pxpt->states, dom0_px_info->states,
- dom0_px_info->state_count);
+ if ( copy_from_guest(pxpt->states, dom0_px_info->states,
+ dom0_px_info->state_count) )
+ {
+ ret = -EFAULT;
+ goto out;
+ }
pxpt->state_count = dom0_px_info->state_count;
if ( cpufreq_verbose )
--
1.7.10.4
Unlikely to ever see hardware reporting 0 ports, but might as well
fail gracefully if we do.
Coverity CID 1055266
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/drivers/char/ehci-dbgp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c
index 2504979..0ac2dd9 100644
--- a/xen/drivers/char/ehci-dbgp.c
+++ b/xen/drivers/char/ehci-dbgp.c
@@ -1099,6 +1099,9 @@ try_next_port:
dbgp_printk("n_ports: %u\n", n_ports);
ehci_dbgp_status(dbgp, "");
+ if ( n_ports == 0 )
+ return -1;
+
for ( i = 1; i <= n_ports; i++ )
{
portsc = readl(&dbgp->ehci_regs->port_status[i-1]);
--
1.7.10.4
We can only reach this spot by breaking out of the scan loop,
so by construction ret > 0.
Coverity CID 1055259
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/drivers/char/ehci-dbgp.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c
index 0ac2dd9..b900d60 100644
--- a/xen/drivers/char/ehci-dbgp.c
+++ b/xen/drivers/char/ehci-dbgp.c
@@ -946,11 +946,6 @@ try_again:
dbgp_printk("could not find attached debug device\n");
goto err;
}
- if ( ret < 0 )
- {
- dbgp_printk("attached device is not a debug device\n");
- goto err;
- }
dbgp->out.endpoint = dbgp_desc.bDebugOutEndpoint;
dbgp->in.endpoint = dbgp_desc.bDebugInEndpoint;
--
1.7.10.4
Tim Deegan
2013-Sep-12 12:15 UTC
[PATCH 9/9] acpi/pmstat: fix check for empty name strings.
These ''name'' strings are actually arrays in their structs. So
the
address is never NULL: instead, we should check the first character to
detect cases where the field wasn''t initialized.
Coverity CID 1055633
Signed-off-by: Tim Deegan <tim@xen.org>
Cc: Jan Beulich <jbeulich@suse.com>
---
xen/drivers/acpi/pmstat.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c
index f8a9c85..daac2da 100644
--- a/xen/drivers/acpi/pmstat.c
+++ b/xen/drivers/acpi/pmstat.c
@@ -264,13 +264,13 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op *op)
op->u.get_para.scaling_max_freq = policy->max;
op->u.get_para.scaling_min_freq = policy->min;
- if ( cpufreq_driver->name )
+ if ( cpufreq_driver->name[0] )
strlcpy(op->u.get_para.scaling_driver,
cpufreq_driver->name, CPUFREQ_NAME_LEN);
else
strlcpy(op->u.get_para.scaling_driver, "Unknown",
CPUFREQ_NAME_LEN);
- if ( policy->governor->name )
+ if ( policy->governor->name[0] )
strlcpy(op->u.get_para.scaling_governor,
policy->governor->name, CPUFREQ_NAME_LEN);
else
--
1.7.10.4
On 12/09/13 13:15, Tim Deegan wrote:> Another bundle of issues from Coverity triage. > The first one is in x86/mm, and looks scarier than it is. The others > are all in xen/drivers and AFAICT are pretty minor. > > Cheers, > > Tim. >All Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>> > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
Jan Beulich
2013-Sep-12 13:35 UTC
Re: [PATCH 2/9] passthrough/amd: Drop unnecessary lock lookup.
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > The lock''s not used for anything, and AFAICT no locking is needed > since the IVRS tables are static after boot. > > Coverity CID 1087199 > > Signed-off-by: Tim Deegan <tim@xen.org>That was an oversight of mine I think. Reviewed-by: Jan Beulich <jbeulich@suse.com>> --- a/xen/drivers/passthrough/amd/iommu_intr.c > +++ b/xen/drivers/passthrough/amd/iommu_intr.c > @@ -443,7 +443,6 @@ static int update_intremap_entry_from_msi_msg( > * devices. > */ > > - lock = get_intremap_lock(iommu->seg, alias_id); > if ( ( req_id != alias_id ) && > get_ivrs_mappings(iommu->seg)[alias_id].intremap_table != NULL ) > { > -- > 1.7.10.4 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > Coverity''s parser chokes on seeing __section() before the type. > > Coverity CID 1087190 > > Signed-off-by: Tim Deegan <tim@xen.org> > Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> > Cc: Jacob Shin <jacob.shin@amd.com> > --- > xen/drivers/passthrough/amd/iommu_acpi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c > b/xen/drivers/passthrough/amd/iommu_acpi.c > index 89b359c..2bfe61e 100644 > --- a/xen/drivers/passthrough/amd/iommu_acpi.c > +++ b/xen/drivers/passthrough/amd/iommu_acpi.c > @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( > return dev_length; > } > > -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); > +static DECLARE_BITMAP(__initdata ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf));But putting it inside the DECLARE_BITMAP() doesn''t seem that nice either. I think the second best option - if we need to play such games for Coverity in the first place - would be to put this at the end. Jan
At 14:38 +0100 on 12 Sep (1378996715), Jan Beulich wrote:> >>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > > Coverity''s parser chokes on seeing __section() before the type. > > > > Coverity CID 1087190 > > > > Signed-off-by: Tim Deegan <tim@xen.org> > > Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> > > Cc: Jacob Shin <jacob.shin@amd.com> > > --- > > xen/drivers/passthrough/amd/iommu_acpi.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c > > b/xen/drivers/passthrough/amd/iommu_acpi.c > > index 89b359c..2bfe61e 100644 > > --- a/xen/drivers/passthrough/amd/iommu_acpi.c > > +++ b/xen/drivers/passthrough/amd/iommu_acpi.c > > @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( > > return dev_length; > > } > > > > -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); > > +static DECLARE_BITMAP(__initdata ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); > > But putting it inside the DECLARE_BITMAP() doesn''t seem that nice > either. I think the second best option - if we need to play such > games for Coverity in the first place -Yes, I think the question of how much we''re willing to accommodate Coverity in our source code needs to be discussed. On that subject I have an RFC patch that introduces some annotation...> would be to put this at the end.Yes, that sounds better. Thus? index 89b359c..e967eba 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( return dev_length; } -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); +static DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)) __initdata; static void __init parse_ivrs_ioapic(char *str) { Tim.
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > The def_sampling_rate() one is, I think, a real bug. The others were > spotted at the same time and are probably not bugs until we start > dealing with 40GHz CPus. > > Coverity CID 1055682 > Coverity CID 1055683 > > Signed-off-by: Tim Deegan <tim@xen.org>Acked-by: Jan Beulich <jbeulich@suse.com>> Cc: Liu Jinsong <jinsong.liu@intel.com> > --- > xen/drivers/cpufreq/cpufreq_ondemand.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c > b/xen/drivers/cpufreq/cpufreq_ondemand.c > index b3f9ab8..7fdba03 100644 > --- a/xen/drivers/cpufreq/cpufreq_ondemand.c > +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c > @@ -144,7 +144,7 @@ static void dbs_check_cpu(struct cpu_dbs_info_s > *this_dbs_info) > } > > /* Check for frequency increase */ > - if (max_load_freq > dbs_tuners_ins.up_threshold * policy->cur) { > + if (max_load_freq > (uint64_t) dbs_tuners_ins.up_threshold * policy->cur) > { > /* if we are already at full speed then break out early */ > if (policy->cur == max) > return; > @@ -162,7 +162,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s > *this_dbs_info) > * can support the current CPU usage without triggering the up > * policy. To be safe, we focus 10 points under the threshold. > */ > - if (max_load_freq < (dbs_tuners_ins.up_threshold - 10) * policy->cur) { > + if (max_load_freq > + < (uint64_t) (dbs_tuners_ins.up_threshold - 10) * policy->cur) { > uint64_t freq_next; > > freq_next = max_load_freq / (dbs_tuners_ins.up_threshold - 10); > @@ -246,7 +247,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, > unsigned int event) > * is used for first time > */ > if ((dbs_enable == 1) && !dbs_tuners_ins.sampling_rate) { > - def_sampling_rate = policy->cpuinfo.transition_latency * > + def_sampling_rate = (uint64_t) policy->cpuinfo.transition_latency > * > DEF_SAMPLING_RATE_LATENCY_MULTIPLIER; > > if (def_sampling_rate < MIN_STAT_SAMPLING_RATE) > -- > 1.7.10.4
Jan Beulich
2013-Sep-12 13:54 UTC
Re: [PATCH 6/9] cpufreq: missing check of copy_from_guest()
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > Coverity CID 1055131 > Coverity CID 1055132 > > Signed-off-by: Tim Deegan <tim@xen.org>Acked-by: Jan Beulich <jbeulich@suse.com>> Cc: Liu Jinsong <jinsong.liu@intel.com> > --- > xen/drivers/cpufreq/cpufreq.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c > index 0de5d41..ab66884 100644 > --- a/xen/drivers/cpufreq/cpufreq.c > +++ b/xen/drivers/cpufreq/cpufreq.c > @@ -471,8 +471,12 @@ int set_px_pminfo(uint32_t acpi_id, struct xen_processor_performance *dom0_px_in > ret = -ENOMEM; > goto out; > } > - copy_from_guest(pxpt->states, dom0_px_info->states, > - dom0_px_info->state_count); > + if ( copy_from_guest(pxpt->states, dom0_px_info->states, > + dom0_px_info->state_count) ) > + { > + ret = -EFAULT; > + goto out; > + } > pxpt->state_count = dom0_px_info->state_count; > > if ( cpufreq_verbose ) > -- > 1.7.10.4
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > Unlikely to ever see hardware reporting 0 ports, but might as well > fail gracefully if we do. > > Coverity CID 1055266 > > Signed-off-by: Tim Deegan <tim@xen.org>Well, that''s a really pointless change, but anyway: Acked-by: Jan Beulich <jbeulich@suse.com>> --- > xen/drivers/char/ehci-dbgp.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c > index 2504979..0ac2dd9 100644 > --- a/xen/drivers/char/ehci-dbgp.c > +++ b/xen/drivers/char/ehci-dbgp.c > @@ -1099,6 +1099,9 @@ try_next_port: > dbgp_printk("n_ports: %u\n", n_ports); > ehci_dbgp_status(dbgp, ""); > > + if ( n_ports == 0 ) > + return -1; > + > for ( i = 1; i <= n_ports; i++ ) > { > portsc = readl(&dbgp->ehci_regs->port_status[i-1]); > -- > 1.7.10.4
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > We can only reach this spot by breaking out of the scan loop, > so by construction ret > 0. > > Coverity CID 1055259 > > Signed-off-by: Tim Deegan <tim@xen.org>Acked-by: Jan Beulich <jbeulich@suse.com> But this should really be patched in the original (Linux) first...> --- > xen/drivers/char/ehci-dbgp.c | 5 ----- > 1 file changed, 5 deletions(-) > > diff --git a/xen/drivers/char/ehci-dbgp.c b/xen/drivers/char/ehci-dbgp.c > index 0ac2dd9..b900d60 100644 > --- a/xen/drivers/char/ehci-dbgp.c > +++ b/xen/drivers/char/ehci-dbgp.c > @@ -946,11 +946,6 @@ try_again: > dbgp_printk("could not find attached debug device\n"); > goto err; > } > - if ( ret < 0 ) > - { > - dbgp_printk("attached device is not a debug device\n"); > - goto err; > - } > dbgp->out.endpoint = dbgp_desc.bDebugOutEndpoint; > dbgp->in.endpoint = dbgp_desc.bDebugInEndpoint; > > -- > 1.7.10.4
Jan Beulich
2013-Sep-12 14:02 UTC
Re: [PATCH 9/9] acpi/pmstat: fix check for empty name strings.
>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: > These ''name'' strings are actually arrays in their structs. So the > address is never NULL: instead, we should check the first character to > detect cases where the field wasn''t initialized. > > Coverity CID 1055633 > > Signed-off-by: Tim Deegan <tim@xen.org>Acked-by: Jan Beulich <jbeulich@suse.com>> --- > xen/drivers/acpi/pmstat.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c > index f8a9c85..daac2da 100644 > --- a/xen/drivers/acpi/pmstat.c > +++ b/xen/drivers/acpi/pmstat.c > @@ -264,13 +264,13 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op > *op) > op->u.get_para.scaling_max_freq = policy->max; > op->u.get_para.scaling_min_freq = policy->min; > > - if ( cpufreq_driver->name ) > + if ( cpufreq_driver->name[0] ) > strlcpy(op->u.get_para.scaling_driver, > cpufreq_driver->name, CPUFREQ_NAME_LEN); > else > strlcpy(op->u.get_para.scaling_driver, "Unknown", CPUFREQ_NAME_LEN); > > - if ( policy->governor->name ) > + if ( policy->governor->name[0] ) > strlcpy(op->u.get_para.scaling_governor, > policy->governor->name, CPUFREQ_NAME_LEN); > else > -- > 1.7.10.4
>>> On 12.09.13 at 15:44, Tim Deegan <tim@xen.org> wrote: > At 14:38 +0100 on 12 Sep (1378996715), Jan Beulich wrote: >> >>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: >> > Coverity''s parser chokes on seeing __section() before the type. >> > >> > Coverity CID 1087190 >> > >> > Signed-off-by: Tim Deegan <tim@xen.org> >> > Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> >> > Cc: Jacob Shin <jacob.shin@amd.com> >> > --- >> > xen/drivers/passthrough/amd/iommu_acpi.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c >> > b/xen/drivers/passthrough/amd/iommu_acpi.c >> > index 89b359c..2bfe61e 100644 >> > --- a/xen/drivers/passthrough/amd/iommu_acpi.c >> > +++ b/xen/drivers/passthrough/amd/iommu_acpi.c >> > @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( >> > return dev_length; >> > } >> > >> > -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); >> > +static DECLARE_BITMAP(__initdata ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); >> >> But putting it inside the DECLARE_BITMAP() doesn''t seem that nice >> either. I think the second best option - if we need to play such >> games for Coverity in the first place - > > Yes, I think the question of how much we''re willing to accommodate > Coverity in our source code needs to be discussed. On that subject I > have an RFC patch that introduces some annotation... > >> would be to put this at the end. > > Yes, that sounds better. Thus?Ack.> --- a/xen/drivers/passthrough/amd/iommu_acpi.c > +++ b/xen/drivers/passthrough/amd/iommu_acpi.c > @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( > return dev_length; > } > > -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); > +static DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)) __initdata; > > static void __init parse_ivrs_ioapic(char *str) > { > > Tim.
Tim Deegan wrote:> The def_sampling_rate() one is, I think, a real bug. The others were > spotted at the same time and are probably not bugs until we start > dealing with 40GHz CPus. > > Coverity CID 1055682 > Coverity CID 1055683 > > Signed-off-by: Tim Deegan <tim@xen.org> > Cc: Jan Beulich <jbeulich@suse.com> > Cc: Liu Jinsong <jinsong.liu@intel.com> > --- > xen/drivers/cpufreq/cpufreq_ondemand.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/xen/drivers/cpufreq/cpufreq_ondemand.c > b/xen/drivers/cpufreq/cpufreq_ondemand.c index b3f9ab8..7fdba03 100644 > --- a/xen/drivers/cpufreq/cpufreq_ondemand.c > +++ b/xen/drivers/cpufreq/cpufreq_ondemand.c > @@ -144,7 +144,7 @@ static void dbs_check_cpu(struct cpu_dbs_info_s > *this_dbs_info) } > > /* Check for frequency increase */ > - if (max_load_freq > dbs_tuners_ins.up_threshold * policy->cur) { > + if (max_load_freq > (uint64_t) dbs_tuners_ins.up_threshold * > policy->cur) { /* if we are already at full speed then break > out early */ if (policy->cur == max) > return; > @@ -162,7 +162,8 @@ static void dbs_check_cpu(struct cpu_dbs_info_s > *this_dbs_info) > * can support the current CPU usage without triggering the up > * policy. To be safe, we focus 10 points under the threshold. > */ > - if (max_load_freq < (dbs_tuners_ins.up_threshold - 10) * > policy->cur) { + if (max_load_freq > + < (uint64_t) (dbs_tuners_ins.up_threshold - 10) * > policy->cur) { uint64_t freq_next; > > freq_next = max_load_freq / (dbs_tuners_ins.up_threshold - > 10); @@ -246,7 +247,7 @@ int cpufreq_governor_dbs(struct > cpufreq_policy *policy, unsigned int event) > * is used for first time > */ > if ((dbs_enable == 1) && !dbs_tuners_ins.sampling_rate) { > - def_sampling_rate = policy->cpuinfo.transition_latency * > + def_sampling_rate = (uint64_t) > policy->cpuinfo.transition_latency * > DEF_SAMPLING_RATE_LATENCY_MULTIPLIER; > > if (def_sampling_rate < MIN_STAT_SAMPLING_RATE)Acked-by: Liu Jinsong <jinsong.liu@intel.com>
Liu, Jinsong
2013-Sep-13 07:18 UTC
Re: [PATCH 6/9] cpufreq: missing check of copy_from_guest()
Tim Deegan wrote:> Coverity CID 1055131 > Coverity CID 1055132 > > Signed-off-by: Tim Deegan <tim@xen.org> > Cc: Jan Beulich <jbeulich@suse.com> > Cc: Liu Jinsong <jinsong.liu@intel.com> > --- > xen/drivers/cpufreq/cpufreq.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/xen/drivers/cpufreq/cpufreq.c > b/xen/drivers/cpufreq/cpufreq.c > index 0de5d41..ab66884 100644 > --- a/xen/drivers/cpufreq/cpufreq.c > +++ b/xen/drivers/cpufreq/cpufreq.c > @@ -471,8 +471,12 @@ int set_px_pminfo(uint32_t acpi_id, struct > xen_processor_performance *dom0_px_in ret = -ENOMEM; > goto out; > } > - copy_from_guest(pxpt->states, dom0_px_info->states, > - dom0_px_info->state_count); > + if ( copy_from_guest(pxpt->states, dom0_px_info->states, > + dom0_px_info->state_count) ) > + { > + ret = -EFAULT; > + goto out; > + } > pxpt->state_count = dom0_px_info->state_count; > > if ( cpufreq_verbose )Acked-by: Liu Jinsong <jinsong.liu@intel.com>
Suravee Suthikulpanit
2013-Sep-17 15:04 UTC
Re: [PATCH 3/9] passthrough/amd: Missing ''break''
On 09/12/2013 07:15 AM, Tim Deegan wrote:> Coverity CID 1055502 > > Signed-off-by: Tim Deegan <tim@xen.org> > Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> > Cc: Jacob Shin <jacob.shin@amd.com> > --- > xen/drivers/passthrough/amd/iommu_guest.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c > index 85f2361..952600a 100644 > --- a/xen/drivers/passthrough/amd/iommu_guest.c > +++ b/xen/drivers/passthrough/amd/iommu_guest.c > @@ -728,6 +728,7 @@ static void guest_iommu_mmio_write64(struct guest_iommu *iommu, > break; > case IOMMU_EVENT_LOG_BASE_LOW_OFFSET: > u64_to_reg(&iommu->event_log.reg_base, val); > + break; > case IOMMU_PPR_LOG_BASE_LOW_OFFSET: > u64_to_reg(&iommu->ppr_log.reg_base, val); > break;Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Suravee Suthikulpanit
2013-Sep-17 15:19 UTC
Re: [PATCH 4/9] passthrough/amd: Shuffle declaration.
On 09/12/2013 09:03 AM, Jan Beulich wrote:>>>> On 12.09.13 at 15:44, Tim Deegan <tim@xen.org> wrote: >> At 14:38 +0100 on 12 Sep (1378996715), Jan Beulich wrote: >>>>>> On 12.09.13 at 14:15, Tim Deegan <tim@xen.org> wrote: >>>> Coverity''s parser chokes on seeing __section() before the type. >>>> >>>> Coverity CID 1087190 >>>> >>>> Signed-off-by: Tim Deegan <tim@xen.org> >>>> Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> >>>> Cc: Jacob Shin <jacob.shin@amd.com> >>>> --- >>>> xen/drivers/passthrough/amd/iommu_acpi.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c >>>> b/xen/drivers/passthrough/amd/iommu_acpi.c >>>> index 89b359c..2bfe61e 100644 >>>> --- a/xen/drivers/passthrough/amd/iommu_acpi.c >>>> +++ b/xen/drivers/passthrough/amd/iommu_acpi.c >>>> @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( >>>> return dev_length; >>>> } >>>> >>>> -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); >>>> +static DECLARE_BITMAP(__initdata ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); >>> But putting it inside the DECLARE_BITMAP() doesn''t seem that nice >>> either. I think the second best option - if we need to play such >>> games for Coverity in the first place - >> Yes, I think the question of how much we''re willing to accommodate >> Coverity in our source code needs to be discussed. On that subject I >> have an RFC patch that introduces some annotation... >> >>> would be to put this at the end. >> Yes, that sounds better. Thus? > Ack. > >> --- a/xen/drivers/passthrough/amd/iommu_acpi.c >> +++ b/xen/drivers/passthrough/amd/iommu_acpi.c >> @@ -633,7 +633,7 @@ static u16 __init parse_ivhd_device_extended_range( >> return dev_length; >> } >> >> -static __initdata DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)); >> +static DECLARE_BITMAP(ioapic_cmdline, ARRAY_SIZE(ioapic_sbdf)) __initdata; >> >> static void __init parse_ivrs_ioapic(char *str) >> { >> >> Tim.Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Apparently Analagous Threads
- [PATCH V2] x86/AMD-Vi: Add additional check for invalid special->handle
- [PATCH 1/1 V3] x86/AMD-Vi: Add additional check for invalid special->handle
- [xen-unstable] Commit 2ca9fbd739b8a72b16dd790d0fff7b75f5488fb8 AMD IOMMU: allocate IRTE entries instead of using a static mapping, makes dom0 boot process stall several times.
- [PATCH] AMD IOMMU: add missing checks
- AMD IOMMU disabled - No Perdev Intremap