search

ofiwg / libfabric

Open Fabric Interfaces
http://libfabric.org/
Other
573 stars 382 forks source link

prov/misc: covscan report from redhat #6820

Closed shefty closed 2 years ago

shefty commented 3 years ago 
Error: CLANG_WARNING: [#def1]
libfabric-1.12.1/prov/hook/src/hook_av.c:34: included_from: Included from here.
libfabric-1.12.1/include/ofi_hook.h:48: included_from: Included from here.
libfabric-1.12.1/include/ofi.h:49: included_from: Included from here.
libfabric-1.12.1/include/ofi_abi.h:38: included_from: Included from here.
libfabric-1.12.1/include/ofi_osd.h:68: included_from: Included from here.
libfabric-1.12.1/include/linux/osd.h:92:2: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#   90|         return 0;
#   91|   
#   92|->   ret = ofi_free_hugepage_buf(buffer, len);
#   93|     assert(ret == 0);
#   94|   

Error: CLANG_WARNING: [#def9]
libfabric-1.12.1/prov/mrail/src/mrail_ep.c:34: included_from: Included from here.
libfabric-1.12.1/include/ofi_iov.h:39: included_from: Included from here.
libfabric-1.12.1/include/ofi.h:53: included_from: Included from here.
libfabric-1.12.1/include/ofi_mem.h:42: included_from: Included from here.
libfabric-1.12.1/include/ofi_list.h:43: included_from: Included from here.
libfabric-1.12.1/include/rdma/fabric.h:595:9: warning[core.NullDereference]: Access to field 'ops' results in a dereference of a null pointer (loaded from variable 'fid')
#  593|   static inline int fi_close(struct fid *fid)
#  594|   {
#  595|->   return fid->ops->close(fid);
#  596|   }
#  597|   

Error: CLANG_WARNING: [#def45]
libfabric-1.12.1/prov/mrail/src/mrail_fabric.c:33: included_from: Included from here.
libfabric-1.12.1/prov/mrail/src/mrail.h:355:7: warning[core.NullDereference]: Array access (from variable 'fids') results in a null pointer dereference
#  353|   
#  354|     for (i = 0; i < count; i++) {
#  355|->       if (fids[i]) {
#  356|             ret = fi_close(fids[i]);
#  357|             if (ret)

Error: UNUSED_VALUE (CWE-563): [#def46]
libfabric-1.12.1/prov/mrail/src/mrail_cq.c:179: value_overwrite: Overwriting previous write to "ret" with value from "fi_readmsg(&mrail_ep->util_ep.ep_fid, &rma_msg, 1152921504623624192UL)".
libfabric-1.12.1/prov/mrail/src/mrail_cq.c:158: returned_value: Assigning value from "fi_mr_map_raw(&mrail_ep->util_ep.domain->domain_fid, base_addrs[i], rndv_req->rawkey + offset, key_size, &rndv_req->rma_iov[i].key, 0UL)" to "ret" here, but that stored value is overwritten before it can be used.
#  156|         if (i < rndv_req->mr_count) {
#  157|             key_size = rndv_req->rma_iov[i].key;
#  158|->           ret = fi_mr_map_raw(&mrail_ep->util_ep.domain->domain_fid,
#  159|                         base_addrs[i],
#  160|                         rndv_req->rawkey + offset,

Error: CLANG_WARNING: [#def47]
libfabric-1.12.1/prov/mrail/src/mrail_cq.c:158:4: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#  156|         if (i < rndv_req->mr_count) {
#  157|             key_size = rndv_req->rma_iov[i].key;
#  158|->           ret = fi_mr_map_raw(&mrail_ep->util_ep.domain->domain_fid,
#  159|                         base_addrs[i],
#  160|                         rndv_req->rawkey + offset,

Error: CLANG_WARNING: [#def48]
libfabric-1.12.1/prov/mrail/src/mrail_ep.c:427:3: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#  425|             return ret;
#  426|         total_key_size = 0;
#  427|->       ret = fi_mr_raw_attr(mr, &addr, NULL, &total_key_size, 0);
#  428|         assert(ret == -FI_ETOOSMALL);
#  429|         mr_count = 1;

Error: CLANG_WARNING: [#def49]
libfabric-1.12.1/prov/mrail/src/mrail_ep.c:436:4: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#  434|             mr = &((struct mrail_mr *)desc[i])->mr_fid;
#  435|             key_size = 0;
#  436|->           ret = fi_mr_raw_attr(mr, &addr, NULL, &key_size, 0);
#  437|             assert(ret == -FI_ETOOSMALL);
#  438|             total_key_size += key_size;

Error: CLANG_WARNING: [#def50]
libfabric-1.12.1/prov/mrail/src/mrail_ep.c:460:4: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#  458|                 mr = &((struct mrail_mr *)desc[i])->mr_fid;
#  459|             key_size = total_key_size - offset;
#  460|->           ret = fi_mr_raw_attr(mr, &base_addrs[i],
#  461|                          tx_buf->rndv_req->rawkey + offset,
#  462|                          &key_size, 0);

Error: CLANG_WARNING: [#def51]
libfabric-1.12.1/prov/mrail/src/mrail_ep.c:785:19: warning[core.NullDereference]: Dereference of null pointer
#  783|   
#  784|     for (i = 0; i < mrail_ep->num_eps; i++) {
#  785|->       ret = fi_close(&mrail_ep->rails[i].ep->fid);
#  786|         if (ret)
#  787|             retv = ret;

Error: CLANG_WARNING: [#def52]
libfabric-1.12.1/prov/mrail/src/mrail_ep.c:1066:2: warning[unix.Malloc]: Attempt to free released memory
# 1064|     mrail_ep_close(&mrail_ep->util_ep.ep_fid.fid);
# 1065|   free_ep:
# 1066|->   free(mrail_ep);
# 1067|     return ret;
# 1068|   }

Error: CLANG_WARNING: [#def53]
libfabric-1.12.1/prov/mrail/src/mrail_init.c:343:4: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#  341|              */
#  342|             core_hints->caps = 0;
#  343|->           ret = fi_getinfo(version, NULL, NULL,
#  344|                      OFI_GETINFO_INTERNAL, core_hints,
#  345|                      &tmp_info);

Error: CLANG_WARNING: [#def170]
libfabric-1.12.1/prov/rstream/src/rstream_msg.c:472:2: warning[deadcode.DeadStores]: Value stored to 'available_len' is never read
#  470|         return available_len;
#  471|   
#  472|->   available_len = rstream_alloc_contig_len_available(&ep->local_mr.tx,
#  473|         tx_addr, requested_len);
#  474|     available_len = rstream_alloc_contig_len_available(&ep->remote_data.mr,

Error: CLANG_WARNING: [#def171]
libfabric-1.12.1/prov/rstream/src/rstream_msg.c:535:4: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
#  533|   
#  534|         if (RSTREAM_USING_IWARP) {
#  535|->           ret = fi_write(ep->ep_fd, tx_addr, curr_avail_len,
#  536|                 ep->local_mr.ldesc, 0, (uint64_t)remote_addr,
#  537|                 ep->remote_data.rkey, ctx);

Error: CLANG_WARNING: [#def172]
libfabric-1.12.1/prov/rxd/src/rxd_atomic.c:91:4: warning[deadcode.DeadStores]: Value stored to 'len' is never read
#   89|             max_inline /= 2;
#   90|             assert(tx_entry->cq_entry.len <= max_inline);
#   91|->           len = rxd_init_msg(&ptr, comp_iov, comp_count,
#   92|                     tx_entry->cq_entry.len,
#   93|                     max_inline);

Error: CLANG_WARNING: [#def173]
libfabric-1.12.1/prov/rxd/src/rxd_cq.c:655:20: warning[core.NullDereference]: Access to field 'tx_id' results in a dereference of a null pointer (loaded from variable 'sar_hdr')
#  653|         return NULL;
#  654|     }
#  655|->   rx_entry->tx_id = sar_hdr->tx_id;
#  656|   
#  657|     rx_entry->op = RXD_DATA_READ;
shefty commented 3 years ago 
Error: CLANG_WARNING: [#def184]
libfabric-1.12.1/prov/sockets/src/sock_atomic.c:225:3: warning[deadcode.DeadStores]: Value stored to 'src_len' is never read
#  223|         goto err;
#  224|     } else {
#  225|->       src_len = dst_len;
#  226|     }
#  227|   

Error: ATOMICITY (CWE-667): [#def185]
libfabric-1.12.1/prov/sockets/src/sock_cntr.c:314: lock: Locking "&cntr->mut".
libfabric-1.12.1/prov/sockets/src/sock_cntr.c:332: def: Assigning data that might be protected by the lock to "last_read".
libfabric-1.12.1/prov/sockets/src/sock_cntr.c:337: unlock: Unlocking "&cntr->mut". "last_read" might now be unreliable because other threads can now change the data that it depends on.
libfabric-1.12.1/prov/sockets/src/sock_cntr.c:339: lockagain: Locking "&cntr->mut" again.
libfabric-1.12.1/prov/sockets/src/sock_cntr.c:357: use: Using an unreliable value of "last_read" inside the second locked section. If the data that "last_read" depends on was changed by another thread, this use might be incorrect.
#  355|     }
#  356|   
#  357|->   ofi_atomic_set32(&cntr->last_read_val, last_read);
#  358|     ofi_atomic_dec32(&cntr->num_waiting);
#  359|   

Error: CLANG_WARNING: [#def186]
libfabric-1.12.1/prov/sockets/src/sock_conn.c:71:2: warning[deadcode.DeadStores]: Value stored to 'total_len' is never read
#   69|     SOCK_LOG_DBG("New conn msg on TX: %p using conn: %p\n", tx_ctx, conn);
#   70|   
#   71|->   total_len = 0;
#   72|     tx_op.src_iov_len = sizeof(union ofi_sock_ip);
#   73|     total_len = tx_op.src_iov_len + sizeof(struct sock_op_send);

Error: CLANG_WARNING: [#def187]
libfabric-1.12.1/prov/sockets/src/sock_conn.c:345:16: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
#  343|   
#  344|         for (i = 0; i < num_fds; i++) {
#  345|->           conn_handle = ep_contexts[i];
#  346|   
#  347|             if (conn_handle == NULL) { /* signal event */

Error: CLANG_WARNING: [#def188]
libfabric-1.12.1/prov/sockets/src/sock_cq.c:305:61: warning[unix.Malloc]: Use of memory after it is freed
#  303|         ofi_rbcommit(&cq->addr_rb);
#  304|   
#  305|->       ofi_rbfdwrite(&cq->cq_rbfd, &overflow_entry->cq_entry[0], overflow_entry->len);
#  306|         if (cq->domain->progress_mode == FI_PROGRESS_MANUAL)
#  307|             ofi_rbcommit(&cq->cq_rbfd.rb);

Error: CLANG_WARNING: [#def189]
libfabric-1.12.1/prov/sockets/src/sock_ctx.c:78:3: warning[unix.Malloc]: Use of memory after it is freed
#   76|     /* free any remaining buffered entries */
#   77|     while (!dlist_empty(&rx_ctx->rx_buffered_list)) {
#   78|->       dlist_pop_front(&rx_ctx->rx_buffered_list,
#   79|                         struct sock_rx_entry, rx_buffered, entry);
#   80|         free(rx_buffered);

Error: CLANG_WARNING: [#def190]
libfabric-1.12.1/prov/sockets/src/sock_ep_msg.c:413:3: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
#  411|   
#  412|         cm_entry->fid = &ep->ep.fid;
#  413|->       memcpy(&cm_entry->data, param, cm_data_sz);
#  414|         ep->attr->cm.state = SOCK_CM_STATE_CONNECTED;
#  415|         ep->attr->cm.sock = sock_fd;

Error: CLANG_WARNING: [#def191]
libfabric-1.12.1/prov/sockets/src/sock_ep_msg.c:1198:11: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 1196|         }
# 1197|         for (i = 0; i < num_fds; i++) {
# 1198|->           handle = ep_contexts[i];
# 1199|   
# 1200|             if (handle == NULL) { /* Signal event */

Error: SLEEP (CWE-367): [#def192]
libfabric-1.12.1/prov/sockets/src/sock_ep_msg.c:1187: lock_acquire: Calling function "pthread_mutex_lock" acquires lock "cm_head->signal_lock".
libfabric-1.12.1/prov/sockets/src/sock_ep_msg.c:1216: sleep: Call to "sock_ep_cm_handle_rx" might sleep while holding lock "cm_head->signal_lock".
# 1214|   
# 1215|             assert(handle->sock_fd != INVALID_SOCKET);
# 1216|->           sock_ep_cm_handle_rx(cm_head, handle);
# 1217|         }
# 1218|   skip:

Error: CLANG_WARNING: [#def193]
libfabric-1.12.1/prov/sockets/src/sock_poll.c:90:7: warning[unix.Malloc]: Use of memory after it is freed
#   88|     for (p = head->next; p != head; p = p->next) {
#   89|         list_item = container_of(p, struct sock_fid_list, entry);
#   90|->       if (list_item->fid == event_fid) {
#   91|             dlist_remove(p);
#   92|             switch (list_item->fid->fclass) {

Error: TAINTED_SCALAR (CWE-20): [#def194]
libfabric-1.12.1/prov/sockets/src/sock_progress.c:895: tainted_argument: Calling function "sock_pe_recv_field" taints argument "pe_entry->pe.rx.rx_op".
libfabric-1.12.1/prov/sockets/src/sock_progress.c:908: var_assign_var: Assigning: "*entry_len" = "24UL * pe_entry->pe.rx.rx_op.dest_iov_len". Both are now tainted.
libfabric-1.12.1/prov/sockets/src/sock_progress.c:909: tainted_data: Passing tainted expression "*entry_len" to "sock_pe_recv_field", which uses it as an offset.
libfabric-1.12.1/prov/sockets/src/sock_progress.c:909: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
#  907|     /* dst iocs */
#  908|     *entry_len = sizeof(union sock_iov) * pe_entry->pe.rx.rx_op.dest_iov_len;
#  909|->   if (sock_pe_recv_field(pe_entry, &pe_entry->pe.rx.rx_iov[0],
#  910|                    *entry_len, len))
#  911|         return -FI_EAGAIN;

Error: TAINTED_SCALAR (CWE-20): [#def195]
libfabric-1.12.1/prov/sockets/src/sock_progress.c:895: tainted_argument: Calling function "sock_pe_recv_field" taints argument "pe_entry->pe.rx.rx_op".
libfabric-1.12.1/prov/sockets/src/sock_progress.c:916: lower_bounds: Casting narrower unsigned "pe_entry->pe.rx.rx_op.dest_iov_len" to wider signed type "int" effectively tests its lower bound.
libfabric-1.12.1/prov/sockets/src/sock_progress.c:916: tainted_data: Using tainted variable "pe_entry->pe.rx.rx_op.dest_iov_len" as a loop boundary.
libfabric-1.12.1/prov/sockets/src/sock_progress.c:916: remediation: Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
#  914|     *entry_len = 0;
#  915|     *datatype_sz = ofi_datatype_size(pe_entry->pe.rx.rx_op.atomic.datatype);
#  916|->   for (i = 0; i < pe_entry->pe.rx.rx_op.dest_iov_len; i++) {
#  917|         *entry_len += pe_entry->pe.rx.rx_iov[i].ioc.count;
#  918|     }
shefty commented 3 years ago 
Error: RESOURCE_LEAK (CWE-772): [#def222] [important]
libfabric-1.12.1/prov/util/src/util_av.c:862: alloc_arg: "ofi_ip_av_sym_getaddr" allocates memory that is stored into "addr".
libfabric-1.12.1/prov/util/src/util_av.c:865: leaked_storage: Variable "addr" going out of scope leaks the storage it points to.
#  863|                       svccnt, &addr, &addrlen);
#  864|     if (count <= 0)
#  865|->       return count;
#  866|   
#  867|     ret = ofi_ip_av_insertv(av, addr, addrlen, count,

Error: BAD_SHIFT (CWE-682): [#def223]
libfabric-1.12.1/prov/util/src/util_coll.c:602: zero_return: Function call "ofi_lsb(rank)" returns 0.
libfabric-1.12.1/prov/util/src/util_coll.c:602: negative_shift: In expression "1 << ofi_lsb(rank) - 1", shifting by a negative amount has undefined behavior.  The shift amount, "ofi_lsb(rank) - 1", is -1.
#  600|   static size_t util_binomial_tree_values_to_recv(uint64_t rank, size_t numranks)
#  601|   {
#  602|->   size_t nvalues = 0x1 << (ofi_lsb(rank) - 1);
#  603|     if (numranks < rank + nvalues)
#  604|         nvalues = numranks - rank;

Error: LOCK (CWE-667): [#def224]
libfabric-1.12.1/prov/util/src/util_mem_monitor.c:314: lock: "pthread_mutex_lock" locks "mm_lock".
libfabric-1.12.1/prov/util/src/util_mem_monitor.c:316: missing_unlock: Returning without unlocking "mm_lock".
#  314|         pthread_mutex_lock(&mm_lock);
#  315|     }
#  316|-> }
#  317|   
#  318|   int ofi_monitor_subscribe(struct ofi_mem_monitor *monitor,

Error: CLANG_WARNING: [#def225]
libfabric-1.12.1/prov/util/src/util_mr_map.c:234:31: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
#  232|   
#  233|     if (FI_VERSION_GE(user_version, FI_VERSION(1, 5))) {
#  234|->       cur_abi_attr->auth_key_size = user_attr->auth_key_size;
#  235|         cur_abi_attr->auth_key = user_attr->auth_key;
#  236|     } else {

Error: CLANG_WARNING: [#def226]
libfabric-1.12.1/prov/util/src/util_wait.c:125:3: warning[unix.Malloc]: Use of memory after it is freed
#  123|   
#  124|     while (!dlist_empty(&wait->fid_list)) {
#  125|->       dlist_pop_front(&wait->fid_list, struct ofi_wait_fid_entry,
#  126|                 fid_entry, entry);
#  127|         free(fid_entry->pollfds.fd);

Error: CLANG_WARNING: [#def227]
libfabric-1.12.1/prov/util/src/util_wait.c:470:3: warning[unix.Malloc]: Use of memory after it is freed
#  468|     fastlock_acquire(&wait->util_wait.lock);
#  469|     while (!dlist_empty(&wait->fd_list)) {
#  470|->       dlist_pop_front(&wait->fd_list, struct ofi_wait_fd_entry,
#  471|                 fd_entry, entry);
#  472|         ofi_wait_fdset_del(wait, fd_entry->fd);
github-actions[bot] commented 2 years ago

This issue is stale because it has been open 360 days with no activity. Remove stale label or comment, otherwise it will be closed in 7 days.