https://bugzilla.redhat.com/show_bug.cgi?id=1814682 --- Comment #14 from Honggang LI <honli@xxxxxxxxxx> --- (In reply to lsun from comment #13) > Thanks all for the comments! > Below are the updated info (2.0.1) trying to solve these comments. > > Spec URL: > https://github.com/Mellanox/rshim-user-space/releases/download/rshim-2.0.1/ > rshim.spec > SRPM URL: > https://github.com/Mellanox/rshim-user-space/releases/download/rshim-2.0.1/ > rshim-2.0.1-1.fc31.src.rpm ************************************************************* Task method: VersionDiffBuild Task URL: https://cov01.lab.eng.brq.redhat.com/covscanhub/task/164815/ Comment: Added (+), Fixed (-) SLEEP +2 TAINTED_SCALAR +1 BUFFER_SIZE_WARNING -1 CLANG_WARNING -4 LOCK -2 OVERRUN -1 PW.BAD_PRINTF_FORMAT_STRING -3 RESOURCE_LEAK -1 SIZEOF_MISMATCH -1 SLEEP -4 TAINTED_SCALAR -7 ************************************************************* Newly introduced defects List of Defects Error: TAINTED_SCALAR (CWE-20): [#def1] rshim-2.0.1/src/rshim.c:2209: tainted_argument: Calling function "rshim_fd_full_read" taints argument "index". rshim-2.0.1/src/rshim.c:2211: tainted_data: Using tainted variable "index" as an index into an array "rshim_devs". rshim-2.0.1/src/rshim.c:2211: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range. # 2209| rc = rshim_fd_full_read(rshim_work_fd[0], &index, sizeof(index)); # 2210| if (rc == sizeof(index)) { # 2211|-> bd = rshim_devs[index]; # 2212| if (bd) # 2213| rshim_work_handler(bd); Error: SLEEP (CWE-367): [#def2] rshim-2.0.1/src/rshim_pcie.c:392: lock_acquire: Calling function "pthread_mutex_lock" acquires lock "bd->mutex". rshim-2.0.1/src/rshim_pcie.c:400: sleep: Call to "rshim_register" might sleep while holding lock "bd->mutex". # 398| */ # 399| rshim_lock(); # 400|-> ret = rshim_register(bd); # 401| if (ret) { # 402| rshim_unlock(); Error: SLEEP (CWE-367): [#def3] rshim-2.0.1/src/rshim_pcie_lf.c:524: lock_acquire: Calling function "pthread_mutex_lock" acquires lock "bd->mutex". rshim-2.0.1/src/rshim_pcie_lf.c:532: sleep: Call to "rshim_register" might sleep while holding lock "bd->mutex". # 530| */ # 531| rshim_lock(); # 532|-> ret = rshim_register(bd); # 533| if (ret) { # 534| rshim_unlock(); > koji build URL: https://koji.fedoraproject.org/koji/taskinfo?taskID=42727191 > > Below are the unsolved coverity warnings and explanations (based on Comment > 12): > > Error: LOCK (CWE-667): [#def2] > [lsun] Function rshim_write_delayed() has lock held outside by the caller. > No need to unlock it on return. > > Error: LOCK (CWE-667): [#def3] > [lsun] same. > > Error: MISSING_LOCK (CWE-667): [#def4] > [lsun] This is the RSH_DEV_TYPE_TMFIFO case and is called from > rshim_fifo_input()and rshim_fifo_output(). In both cases the ringlock are > already held. > > Error: MISSING_LOCK (CWE-667): [#def5] > [lsun] This one is called from the 'RSH_EVENT_ATTACH' handling, which > already has the lock held when calling rshim_notify(bd, RSH_EVENT_ATTACH, 0). > > Error: MISSING_LOCK (CWE-667): [#def6] > [lsun] same > > Error: SLEEP (CWE-367): [#def26] > rshim_register(bd); > [lsun] This one is called during device probe at early stage. The sleep > purpose is to detect if any other driver has already attached to the same > rshim device (since it could be attached from USB or PCIe via different host > machine). The probing takes some time. The sleep here is ok. > > Error: MISSING_LOCK (CWE-667): [#def24] > Error: MISSING_LOCK (CWE-667): [#def25] > [lsun] same as [#def4 above. Thanks for the comments. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
