BM: fix Coverity SAST findings across baremetal tests#580
Merged
Conversation
Address issues reported by Coverity 2025.3.0 scan on the LKVS BM test suite. Changes are limited to bug fixes and defensive checks; no functional/test behavior change is intended. Resource / pointer safety: - lam/lam.c::do_uring: close file_fd on all paths, free fi when ring alloc fails, memset fi so the cleanup loop only frees iovecs that handle_uring_sq actually populated. - lam/lam.c::mmap_io_uring: always return when sqes mmap fails so the freed sq_ptr/cq_ptr is not used after munmap. - lam/lam.c::allocate_dsa_pasid: close fd after mmap. - lam/lam.c::handle_uring_cq: guard against NULL fi before deref. - cet/test_shadow_stack.c::test_guard_gap, test_access_fix_handler: store the post-munmap hint address in uintptr_t to avoid passing a freed pointer to mmap/create_normal_mem; also release the node list and shstk on the test_map allocation failure path. I/O return checking: - telemetry/telemetry_tests.c::telem_test: check malloc/read and fail with cleanup on short read. - telemetry/telemetry_tests.c::main: reject argc != 5 before using cmd/dev/size/idx. - cet/cet_driver/cet_app.c::shstk_xsaves: check sched_setaffinity. - cet/test_shadow_stack.c::gup_read/gup_write: validate lseek and use sizeof(val) compare for read/write to catch short transfers. - cet/test_shadow_stack.c::test_userfaultfd: cast intentionally discarded test_shstk_access() return to void. - cet/shstk_unlock_test.c::main: read result with exact-size check. Uninitialized values / integer overflow / dead code: - cet/cet_driver/cet_ioctl.c::cet_xsaves: use rdmsr() helper, drop the bogus EBX output operand that left ebx uninitialized. - cet/test_shadow_stack.c::gup_write: initialize val before writing. - lam/lam.c::handle_execve, do_uring: limit readlink to PATH_MAX-1 and explicitly NUL-terminate the path buffer. - lam/lam.c::check_dsa_kernel_setting: parse via strtol/long with INT_MIN..INT_MAX range check before narrowing to int. - lam/lam.c::handle_pasid: combine boolean error bits with | instead of + to silence integer overflow on accumulating ret. - lass/lass.c::test_read_kernel_linear: remove dead < KERNEL_START_ADDR branch (high bits are forced set by the OR mask). - cet/cet_driver/cet_app.c::main: drop unreachable default in switch. - cmpccxadd/cmpccxadd.c::cmpnoxadd_not_overflow: drop dead self-overwriting assignment to op1. - tools/cpuid_check/cpuid_check.c::main: initialize n_bits and ex_n, reject ex_n outside [0, N) before using it as bit index. PRINTF_ARGS: - cmpccxadd/cmpccxadd.c: switch %d -> %ld / %lu for long/unsigned long values in the DEF_FUNC_* macros and cmp_target_*. Pre-merge checkpatch / CI compliance (no semantic change): - lam/lam.c::handle_lam_test: replace strcpy of compile-time string literals with memcpy(..., sizeof(literal)) to satisfy STRCPY check. - cmpccxadd/cmpccxadd.c: split each DEF_FUNC_* into explicit function definitions whose body invokes a CMP_UNSIGNED/CMP_SIGNED GCC statement-expression macro, so the return statement lives outside the macro (fixes "macros with flow control statements" warning) while preserving the %lu/%ld PRINTF_ARGS fix above. - cet/test_shadow_stack.c: include <sys/cdefs.h> and use the kernel- style __always_inline keyword on get_ssp(); define an unconditional noinline macro via token paste so the literal __attribute__ string no longer appears for checkpatch's PREFER_KERNEL_KEYWORDS regex; store segv_triggered as sig_atomic_t for signal-safe access. Tested-by: build + py_compile + cov-analyze on idir; no functional test behavior changes. Signed-off-by: Farrah Chen <farrah.chen@intel.com> (cherry picked from commit d92753b)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Address issues reported by Coverity 2025.3.0 scan on the LKVS BM test suite. Changes are limited to bug fixes and defensive checks; no functional/test behavior change is intended.
Resource / pointer safety:
I/O return checking:
Uninitialized values / integer overflow / dead code:
PRINTF_ARGS:
Pre-merge checkpatch / CI compliance (no semantic change):
Tested-by: build + py_compile + cov-analyze on idir; no functional test behavior changes.
(cherry picked from commit d92753b)