Xen project Mailing List

Re: [Xen-devel] Uninitialized variables in hvm_event_breakpoint (Re: New Defects reported by Coverity Scan for XenProject)

To: Ian Campbell <ian.campbell@xxxxxxxxxx>, Corneliu ZUZU <czuzu@xxxxxxxxxxxxxxx>

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Thu, 18 Feb 2016 12:13:15 +0200

Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

Delivery-date: Thu, 18 Feb 2016 10:12:28 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=PmLZBqQ0SSNFRZ1K6Xq1B0KwAntLb04fwYOb+XYBa0U+MLpI2YDhl2zyEmXVz9ACYaX8QRvANDEgWhqOxn2hdWj6sR5IYN7LUuOeiXxpWfvKzzDLCDG7dVhx/GAmJZlpbeddojMByOq/xBfz/6TL/xLZ0uaVVpTIX+u25PMUuuk1yNz9FowSDUovEAJc6OLilR35o5mXVnSL9LfyvzFGa81OGee7EVkkrF2JnwK0n5giJ3nz728etAk1/7O7i3fCvRVZaYqK6tYTyGr+18cwZe16WB+jij10HMbWlxwSoK8cBE1s3/83+21VEg7+qimNCD1Nfxt0FsPKxWT9IWmqBA==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 02/18/2016 12:01 PM, Ian Campbell wrote: > On Wed, 2016-02-17 at 16:02 -0800, scan-admin@xxxxxxxxxxxx wrote: >> Hi, >> >> Please find the latest report on new defect(s) introduced to XenProject >> found with Coverity Scan. >> >> 1 new defect(s) introduced to XenProject found with Coverity Scan. >> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the >> recent build analyzed by Coverity Scan. >> >> New defect(s) Reported-by: Coverity Scan >> Showing 1 of 1 defect(s) >> >> >> ** CID 1353192: Uninitialized variables (UNINIT) >> /xen/arch/x86/hvm/event.c: 176 in hvm_event_breakpoint() > > This appears to have been introduced by: > commit > 557c7873f35aa39bd84977b28948457b1b342f92 > Author: Corneliu ZUZU <czuzu@bitdef > ender.com> > Date: Mon Feb 15 14:14:16 2016 +0100 > > x86: merge 2 hvm_event_... functions into 1 > > This patch merges almost identical functions hvm_event_int3 and > hvm_event_single_step into a single function called > hvm_event_breakpoint. > Also fixes event.c file header comment in the process. > > Signed-off-by: Corneliu ZUZU < czuzu@xxxxxxxxxxxxxxx > > Acked-by: Razvan Cojocaru < rcojocaru@xxxxxxxxxxxxxxx > > Acked-by: Jan Beulich < jbeulich@xxxxxxxx > > > > hvm_event_breakpoint calls hvm_event_traps(&req) and if sync is true that > ors some bits into req->flags which was never initialised. > >> >> >> _________________________________________________________________________ >> _______________________________ >> *** CID 1353192: Uninitialized variables (UNINIT) >> /xen/arch/x86/hvm/event.c: 176 in hvm_event_breakpoint() >> 170 >> 171 int hvm_event_breakpoint(unsigned long rip, >> 172 enum hvm_event_breakpoint_type type) >> 173 { >> 174 struct vcpu *curr = current; >> 175 struct arch_domain *ad = &curr->domain->arch; >>>>> CID 1353192: Uninitialized variables (UNINIT) >>>>> Declaring variable "req" without initializer. >> 176 vm_event_request_t req; >> 177 >> 178 switch ( type ) >> 179 { >> 180 case HVM_EVENT_SOFTWARE_BREAKPOINT: >> 181 if ( !ad->monitor.software_breakpoint_enabled ) But the structure is being initialized in both cases (HVM_EVENT_SOFTWARE_BREAKPOINT and HVM_EVENT_SINGLESTEP_BREAKPOINT), and the default case returns, so it's not possible to get to the hvm_event_traps(&req) call with an uninitialized req. Am I missing something? Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.