From: Tom Rini <trini@konsulko.com>
To: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Cc: u-boot@lists.denx.de, nd@arm.com, xueliang.zhong@arm.com
Subject: Re: Fwd: New Defects reported by Coverity Scan for Das U-Boot
Date: Wed, 25 Oct 2023 10:57:36 -0400 [thread overview]
Message-ID: <20231025145736.GS496310@bill-the-cat> (raw)
In-Reply-To: <20231020115747.GA141285@e130802.arm.com>
[-- Attachment #1: Type: text/plain, Size: 4911 bytes --]
On Fri, Oct 20, 2023 at 12:57:47PM +0100, Abdellatif El Khlifi wrote:
> Hi Tom,
>
> > ________________________________________________________________________________________________________
> > *** CID 464361: Control flow issues (DEADCODE)
> > /drivers/firmware/arm-ffa/arm-ffa-uclass.c: 148 in ffa_print_error_log()
> > 142
> > 143 if (ffa_id < FFA_FIRST_ID || ffa_id > FFA_LAST_ID)
> > 144 return -EINVAL;
> > 145
> > 146 abi_idx = FFA_ID_TO_ERRMAP_ID(ffa_id);
> > 147 if (abi_idx < 0 || abi_idx >= FFA_ERRMAP_COUNT)
> > >>> CID 464361: Control flow issues (DEADCODE)
> > >>> Execution cannot reach this statement: "return -22;".
> > 148 return -EINVAL;
>
> This is a false positive.
>
> abi_idx value could end up matching this condition "(abi_idx < 0 || abi_idx >= FFA_ERRMAP_COUNT)".
>
> This happens when ffa_id value is above the allowed bounds. Example: when ffa_id is 0x50 or 0x80
>
> ffa_print_error_log(0x50, ...); /* exceeding lower bound */
> ffa_print_error_log(0x80, ...); /* exceeding upper bound */
>
> In these cases "return -EINVAL;" is executed.
So those invalid values aren't caught by the previous check that ffa_id
falls within FFA_FIRST_ID to FFA_LAST_ID ?
> > ...
> > ________________________________________________________________________________________________________
> > *** CID 464360: Control flow issues (NO_EFFECT)
> > /drivers/firmware/arm-ffa/arm-ffa-uclass.c: 207 in ffa_get_version_hdlr()
> > 201 major = GET_FFA_MAJOR_VERSION(res.a0);
> > 202 minor = GET_FFA_MINOR_VERSION(res.a0);
> > 203
> > 204 log_debug("FF-A driver %d.%d\nFF-A framework %d.%d\n",
> > 205 FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor);
> > 206
> > >>> CID 464360: Control flow issues (NO_EFFECT)
> > >>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "minor >= 0".
> > 207 if (major == FFA_MAJOR_VERSION && minor >= FFA_MINOR_VERSION) {
>
> Providing the facts that:
>
> #define FFA_MINOR_VERSION (0)
> u16 minor;
>
> Yes, currently this condition is always true: minor >= FFA_MINOR_VERSION
>
> However, we might upgrade FFA_MINOR_VERSION in the future. If we remove the "minor >= FFA_MINOR_VERSION" ,
> non compatible versions could pass which we don't want.
>
> To keep this code scalable, I think it's better to keep this condition.
OK, thanks this makes sense as an intentional change for future sanity
checking.
> > ________________________________________________________________________________________________________
> > *** CID 464359: (PASS_BY_VALUE)
> > /drivers/firmware/arm-ffa/arm-ffa-uclass.c: 168 in invoke_ffa_fn()
> > 162 * @args: FF-A ABI arguments to be copied to Xn registers
> > 163 * @res: FF-A ABI return data to be copied from Xn registers
> > 164 *
> > 165 * Calls low level SMC implementation.
> > 166 * This function should be implemented by the user driver.
> > 167 */
> > >>> CID 464359: (PASS_BY_VALUE)
> > >>> Passing parameter args of type "ffa_value_t" (size 144 bytes) by value, which exceeds the low threshold of 128 bytes.
> > 168 void __weak invoke_ffa_fn(ffa_value_t args, ffa_value_t *res)
>
> We are using invoke_ffa_fn with the same arguments as in linux. The aim is to use the same interfaces as in the Linux FF-A
> driver to make porting code easier.
>
> In Linux, args is passed by value [1].
> ffa_value_t is a structure with 18 "unsigned long" fields. So, the size is fixed.
>
> [1]: invoke_ffa_fn arguments in the Linux FF-A driver
>
> https://elixir.bootlin.com/linux/v6.6-rc6/source/drivers/firmware/arm_ffa/driver.c#L115
> https://elixir.bootlin.com/linux/v6.6-rc6/source/drivers/firmware/arm_ffa/driver.c#L54
> https://elixir.bootlin.com/linux/v6.6-rc6/source/drivers/firmware/arm_ffa/common.h#L15
>
> [2]: include/linux/arm-smccc.h
So this is intentional, OK.
>
> > 169 {
> > 170 }
> > 171
> > 172 /**
> > 173 * ffa_get_version_hdlr() - FFA_VERSION handler function
> > /drivers/firmware/arm-ffa/ffa-emul-uclass.c: 673 in invoke_ffa_fn()
> > 667 * invoke_ffa_fn() - SMC wrapper
> > 668 * @args: FF-A ABI arguments to be copied to Xn registers
> > 669 * @res: FF-A ABI return data to be copied from Xn registers
> > 670 *
> > 671 * Calls the emulated SMC call.
> > 672 */
> > >>> CID 464359: (PASS_BY_VALUE)
> > >>> Passing parameter args of type "ffa_value_t" (size 144 bytes) by value, which exceeds the low threshold of 128 bytes.
> > 673 void invoke_ffa_fn(ffa_value_t args, ffa_value_t *res)
>
> Same feedback as above.
Thanks. I'll update the last 3 CIDs shortly.
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2023-10-25 14:57 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-21 21:09 Fwd: New Defects reported by Coverity Scan for Das U-Boot Tom Rini
2023-08-24 9:27 ` Abdellatif El Khlifi
2023-08-28 16:09 ` Alvaro Fernando García
2023-08-28 16:11 ` Tom Rini
2023-10-20 11:57 ` Abdellatif El Khlifi
2023-10-20 13:15 ` [PATCH] arm_ffa: fix: remove deadcode in ffa_print_error_log() Abdellatif El Khlifi
2023-10-30 21:35 ` Tom Rini
2023-10-25 14:57 ` Tom Rini [this message]
2023-10-25 15:12 ` Fwd: New Defects reported by Coverity Scan for Das U-Boot Abdellatif El Khlifi
2023-10-25 15:15 ` Tom Rini
2023-10-31 14:21 ` Abdellatif El Khlifi
-- strict thread matches above, loose matches on Subject: below --
2024-01-08 17:45 Tom Rini
2024-01-09 5:26 ` Sean Anderson
2024-01-09 22:18 ` Tom Rini
2024-01-18 14:35 Tom Rini
[not found] <65a933ab652b3_da12cbd3e77f998728e5@prd-scan-dashboard-0.mail>
2024-01-19 8:47 ` Heinrich Schuchardt
2024-01-22 23:30 Tom Rini
2024-01-23 8:15 ` Hugo Cornelis
2024-01-22 23:52 Tom Rini
[not found] <20240127154018.GC785631@bill-the-cat>
2024-01-27 20:56 ` Heinrich Schuchardt
2024-01-28 8:51 ` Heinrich Schuchardt
2024-01-29 23:55 Tom Rini
2024-01-30 8:14 ` Heinrich Schuchardt
2024-04-22 21:48 Tom Rini
2024-07-23 14:18 Tom Rini
2024-07-24 9:21 ` Mattijs Korpershoek
2024-07-24 9:45 ` Heinrich Schuchardt
2024-07-24 9:56 ` Mattijs Korpershoek
2024-07-24 10:06 ` Heinrich Schuchardt
2024-07-24 22:40 ` Tom Rini
2024-07-25 8:04 ` Mattijs Korpershoek
2024-07-25 17:16 ` Tom Rini
2024-07-24 9:53 ` Mattijs Korpershoek
2024-10-07 17:15 Tom Rini
2024-10-16 3:47 Tom Rini
2024-10-16 5:56 ` Tudor Ambarus
2024-10-19 16:16 Tom Rini
2024-10-28 3:11 Tom Rini
2024-11-12 2:11 Tom Rini
2024-11-15 13:27 Tom Rini
2024-12-24 17:14 Tom Rini
2024-12-31 13:55 Tom Rini
2025-02-10 22:26 Tom Rini
2025-02-11 6:14 ` Heiko Schocher
2025-02-11 22:30 ` Tom Rini
2025-02-25 2:39 Tom Rini
2025-02-25 6:06 ` Heiko Schocher
2025-02-25 10:48 ` Quentin Schulz
2025-02-25 10:54 ` Heiko Schocher
2025-03-11 1:49 Tom Rini
2025-04-28 21:59 Tom Rini
2025-04-29 12:07 ` Jerome Forissier
2025-04-30 16:50 ` Marek Vasut
2025-04-30 17:01 ` Tom Rini
2025-04-30 18:23 ` Heinrich Schuchardt
2025-04-30 19:14 ` Tom Rini
2025-07-08 14:10 Tom Rini
2025-07-14 23:29 Tom Rini
2025-07-15 13:45 ` Rasmus Villemoes
2025-07-25 13:26 Tom Rini
2025-07-25 13:34 ` Michal Simek
2025-08-04 9:11 ` Alexander Dahl
2025-07-29 16:32 Tom Rini
2025-08-06 18:35 Tom Rini
2025-08-07 9:17 ` Heiko Schocher
2025-08-08 3:37 ` Maniyam, Dinesh
2025-08-08 4:01 ` Heiko Schocher
2025-10-11 18:06 Tom Rini
2025-10-12 14:22 ` Mikhail Kshevetskiy
2025-10-12 19:07 ` Tom Rini
2025-11-01 6:32 ` Mikhail Kshevetskiy
2025-11-03 15:17 ` Tom Rini
2025-11-03 15:24 ` Michael Nazzareno Trimarchi
2025-11-10 18:55 Tom Rini
2025-11-23 19:03 Tom Rini
2025-12-08 19:38 Tom Rini
2026-01-05 23:58 Tom Rini
2026-01-06 9:37 ` Mattijs Korpershoek
2026-01-06 17:15 ` Tom Rini
2026-01-06 10:03 ` Heiko Schocher
2026-01-06 20:36 Tom Rini
2026-01-16 19:43 Tom Rini
2026-02-09 11:05 ` Guillaume La Roque
2026-02-20 16:11 ` Tom Rini
2026-02-13 22:09 Tom Rini
2026-02-18 23:02 ` Chris Morgan
2026-02-20 16:11 ` Tom Rini
2026-02-20 16:23 ` Chris Morgan
2026-02-23 19:51 Tom Rini
2026-03-09 21:23 Tom Rini
2026-03-09 22:05 ` Raphaël Gallais-Pou
2026-03-09 22:13 ` Tom Rini
2026-04-06 19:12 Tom Rini
2026-04-28 14:04 Tom Rini
2026-04-29 6:31 ` Michal Simek
2026-05-01 22:51 ` Raymond Mao
2026-05-12 8:44 ` Christian Pötzsch
2026-05-12 18:38 ` Tom Rini
2026-05-08 23:42 Tom Rini
2026-05-14 15:39 ` Lucien.Jheng
2026-05-11 22:35 Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231025145736.GS496310@bill-the-cat \
--to=trini@konsulko.com \
--cc=abdellatif.elkhlifi@arm.com \
--cc=nd@arm.com \
--cc=u-boot@lists.denx.de \
--cc=xueliang.zhong@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.