[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Tue May 10 13:32:31 CEST 2016
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
10 new defect(s) introduced to coreboot found with Coverity Scan.
120 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1355175: Control flow issues (STRAY_SEMICOLON)
/src/soc/intel/apollolake/lpc.c: 61 in lpc_init()
________________________________________________________________________________________________________
*** CID 1355175: Control flow issues (STRAY_SEMICOLON)
/src/soc/intel/apollolake/lpc.c: 61 in lpc_init()
55 }
56
57 scnt = pci_read_config8(dev, REG_SERIRQ_CTL);
58 scnt &= ~(SCNT_EN | SCNT_MODE);
59 if (cfg->serirq_mode == SERIRQ_QUIET)
60 scnt |= SCNT_EN;
>>> CID 1355175: Control flow issues (STRAY_SEMICOLON)
>>> An "if" statement with no "then" or "else" is suspicious.
61 else if (cfg->serirq_mode == SERIRQ_CONTINUOUS);
62 scnt |= SCNT_EN | SCNT_MODE;
63 pci_write_config8(dev, REG_SERIRQ_CTL, scnt);
64 }
65
66 static void soc_lpc_add_io_resources(device_t dev)
** CID 1355174: Memory - corruptions (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 184 in cores_pwr_domain_on()
________________________________________________________________________________________________________
*** CID 1355174: Memory - corruptions (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 184 in cores_pwr_domain_on()
178 cpus_power_domain_off(cpu, core_pwr_pd);
179 }
180 }
181
182 static int cores_pwr_domain_on(unsigned long mpidr, uint64_t entrypoint)
183 {
>>> CID 1355174: Memory - corruptions (OVERRUN)
>>> Assigning: "cpu_id" = "plat_core_pos_by_mpidr(mpidr)". The value of "cpu_id" is now -1.
184 uint32_t cpu_id = plat_core_pos_by_mpidr(mpidr);
185
186 assert(cpuson_flags[cpu_id] == 0);
187 cpuson_flags[cpu_id] = PMU_CPU_HOTPLUG;
188 cpuson_entry_point[cpu_id] = entrypoint;
189 dsb();
** CID 1355173: Memory - illegal accesses (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 186 in cores_pwr_domain_on()
________________________________________________________________________________________________________
*** CID 1355173: Memory - illegal accesses (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 186 in cores_pwr_domain_on()
180 }
181
182 static int cores_pwr_domain_on(unsigned long mpidr, uint64_t entrypoint)
183 {
184 uint32_t cpu_id = plat_core_pos_by_mpidr(mpidr);
185
>>> CID 1355173: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "cpuson_flags" of 6 4-byte elements at element index 4294967295 (byte offset 17179869180) using index "cpu_id" (which evaluates to 4294967295).
186 assert(cpuson_flags[cpu_id] == 0);
187 cpuson_flags[cpu_id] = PMU_CPU_HOTPLUG;
188 cpuson_entry_point[cpu_id] = entrypoint;
189 dsb();
190
191 cpus_power_domain_on(cpu_id);
** CID 1355172: Memory - corruptions (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 188 in cores_pwr_domain_on()
________________________________________________________________________________________________________
*** CID 1355172: Memory - corruptions (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 188 in cores_pwr_domain_on()
182 static int cores_pwr_domain_on(unsigned long mpidr, uint64_t entrypoint)
183 {
184 uint32_t cpu_id = plat_core_pos_by_mpidr(mpidr);
185
186 assert(cpuson_flags[cpu_id] == 0);
187 cpuson_flags[cpu_id] = PMU_CPU_HOTPLUG;
>>> CID 1355172: Memory - corruptions (OVERRUN)
>>> Overrunning array "cpuson_entry_point" of 6 8-byte elements at element index 4294967295 (byte offset 34359738360) using index "cpu_id" (which evaluates to 4294967295).
188 cpuson_entry_point[cpu_id] = entrypoint;
189 dsb();
190
191 cpus_power_domain_on(cpu_id);
192
193 return 0;
** CID 1355171: Integer handling issues (NO_EFFECT)
/src/soc/rockchip/common/spi.c: 126 in rockchip_spi_init()
________________________________________________________________________________________________________
*** CID 1355171: Integer handling issues (NO_EFFECT)
/src/soc/rockchip/common/spi.c: 126 in rockchip_spi_init()
120 assert(clk_div * hz == SPI_SRCCLK_HZ && !(clk_div & 1));
121 write32(®s->baudr, clk_div);
122 }
123
124 void rockchip_spi_init(unsigned int bus, unsigned int speed_hz)
125 {
>>> CID 1355171: Integer handling issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "bus >= 0U".
126 assert(bus >= 0 && bus < ARRAY_SIZE(rockchip_spi_slaves));
127 struct rockchip_spi *regs = rockchip_spi_slaves[bus].regs;
128 unsigned int ctrlr0 = 0;
129
130 rkclk_configure_spi(bus, SPI_SRCCLK_HZ);
131 rockchip_spi_enable_chip(regs, 0);
** CID 1355170: Memory - illegal accesses (NEGATIVE_RETURNS)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 186 in cores_pwr_domain_on()
________________________________________________________________________________________________________
*** CID 1355170: Memory - illegal accesses (NEGATIVE_RETURNS)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 186 in cores_pwr_domain_on()
180 }
181
182 static int cores_pwr_domain_on(unsigned long mpidr, uint64_t entrypoint)
183 {
184 uint32_t cpu_id = plat_core_pos_by_mpidr(mpidr);
185
>>> CID 1355170: Memory - illegal accesses (NEGATIVE_RETURNS)
>>> Using variable "cpu_id" as an index to array "cpuson_flags".
186 assert(cpuson_flags[cpu_id] == 0);
187 cpuson_flags[cpu_id] = PMU_CPU_HOTPLUG;
188 cpuson_entry_point[cpu_id] = entrypoint;
189 dsb();
190
191 cpus_power_domain_on(cpu_id);
** CID 1355169: Incorrect expression (COPY_PASTE_ERROR)
/src/soc/rockchip/rk3399/clock.c: 371 in rkclk_init()
________________________________________________________________________________________________________
*** CID 1355169: Incorrect expression (COPY_PASTE_ERROR)
/src/soc/rockchip/rk3399/clock.c: 371 in rkclk_init()
365 /* perilp1 hclk select gpll as source */
366 hclk_div = GPLL_HZ / PERILP1_HCLK_HZ - 1;
367 assert((hclk_div + 1) * PERILP1_HCLK_HZ ==
368 GPLL_HZ && (hclk_div < 0x1f));
369
370 pclk_div = PERILP1_HCLK_HZ / PERILP1_HCLK_HZ - 1;
>>> CID 1355169: Incorrect expression (COPY_PASTE_ERROR)
>>> "pclk_div" in "pclk_div + 1U" looks like a copy-paste error.
371 assert((pclk_div + 1) * PERILP1_HCLK_HZ ==
372 PERILP1_HCLK_HZ && (hclk_div < 0x7));
373
374 write32(&cru_ptr->clksel_con[25],
375 RK_CLRSETBITS(PCLK_PERILP1_DIV_CON_MASK <<
376 PCLK_PERILP1_DIV_CON_SHIFT |
** CID 1355168: (CONSTANT_EXPRESSION_RESULT)
/src/soc/rockchip/rk3399/clock.c: 483 in rkclk_configure_spi()
/src/soc/rockchip/rk3399/clock.c: 498 in rkclk_configure_spi()
/src/soc/rockchip/rk3399/clock.c: 502 in rkclk_configure_spi()
________________________________________________________________________________________________________
*** CID 1355168: (CONSTANT_EXPRESSION_RESULT)
/src/soc/rockchip/rk3399/clock.c: 483 in rkclk_configure_spi()
477 case 0:
478 write32(&cru_ptr->clksel_con[59],
479 SPI_CLK_REG_VALUE(0, src_clk_div));
480 break;
481 case 1:
482 write32(&cru_ptr->clksel_con[59],
>>> CID 1355168: (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* (CLK_SPI_PLL_SEL_MASK << CLK_SPI1_PLL_SEL_SHIFT) | (CLK_SPI_PLL_DIV_CON_MASK << CLK_SPI1_PLL_DIV_CON_SHIFT) */) | ((32768 /* CLK_SPI_PLL_SEL_GPLL << CLK_SPI1_PLL_SEL_SHIFT */) | (src_clk_div - 1 << CLK_SPI1_PLL_DIV_CON_SHIFT))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
483 SPI_CLK_REG_VALUE(1, src_clk_div));
484 break;
485 case 2:
486 write32(&cru_ptr->clksel_con[60],
487 SPI_CLK_REG_VALUE(2, src_clk_div));
488 break;
/src/soc/rockchip/rk3399/clock.c: 498 in rkclk_configure_spi()
492 SPI3_DIV_CON_MASK << SPI3_DIV_CON_SHIFT,
493 SPI3_PLL_SEL_PPLL << SPI3_PLL_SEL_SHIFT |
494 (src_clk_div - 1) << SPI3_DIV_CON_SHIFT));
495 break;
496 case 4:
497 write32(&cru_ptr->clksel_con[60],
>>> CID 1355168: (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* (CLK_SPI_PLL_SEL_MASK << CLK_SPI4_PLL_SEL_SHIFT) | (CLK_SPI_PLL_DIV_CON_MASK << CLK_SPI4_PLL_DIV_CON_SHIFT) */) | ((32768 /* CLK_SPI_PLL_SEL_GPLL << CLK_SPI4_PLL_SEL_SHIFT */) | (src_clk_div - 1 << CLK_SPI4_PLL_DIV_CON_SHIFT))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
498 SPI_CLK_REG_VALUE(4, src_clk_div));
499 break;
500 case 5:
501 write32(&cru_ptr->clksel_con[58],
502 SPI_CLK_REG_VALUE(5, src_clk_div));
503 break;
/src/soc/rockchip/rk3399/clock.c: 502 in rkclk_configure_spi()
496 case 4:
497 write32(&cru_ptr->clksel_con[60],
498 SPI_CLK_REG_VALUE(4, src_clk_div));
499 break;
500 case 5:
501 write32(&cru_ptr->clksel_con[58],
>>> CID 1355168: (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* (CLK_SPI_PLL_SEL_MASK << CLK_SPI5_PLL_SEL_SHIFT) | (CLK_SPI_PLL_DIV_CON_MASK << CLK_SPI5_PLL_DIV_CON_SHIFT) */) | ((32768 /* CLK_SPI_PLL_SEL_GPLL << CLK_SPI5_PLL_SEL_SHIFT */) | (src_clk_div - 1 << CLK_SPI5_PLL_DIV_CON_SHIFT))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
502 SPI_CLK_REG_VALUE(5, src_clk_div));
503 break;
504 default:
505 printk(BIOS_ERR, "do not support this spi bus\n");
506 }
507 }
** CID 1355167: (CONSTANT_EXPRESSION_RESULT)
/src/soc/rockchip/rk3399/clock.c: 555 in rkclk_configure_i2c()
/src/soc/rockchip/rk3399/clock.c: 559 in rkclk_configure_i2c()
/src/soc/rockchip/rk3399/clock.c: 563 in rkclk_configure_i2c()
________________________________________________________________________________________________________
*** CID 1355167: (CONSTANT_EXPRESSION_RESULT)
/src/soc/rockchip/rk3399/clock.c: 555 in rkclk_configure_i2c()
549 case 4:
550 write32(&pmucru_ptr->pmucru_clksel[3],
551 PMU_I2C_CLK_REG_VALUE(4, src_clk_div));
552 break;
553 case 5:
554 write32(&cru_ptr->clksel_con[61],
>>> CID 1355167: (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C5_DIV_CON_SHIFT) | (CLK_I2C_PLL_SEL_MASK << CLK_I2C5_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << CLK_I2C5_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << CLK_I2C5_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
555 I2C_CLK_REG_VALUE(5, src_clk_div));
556 break;
557 case 6:
558 write32(&cru_ptr->clksel_con[62],
559 I2C_CLK_REG_VALUE(6, src_clk_div));
560 break;
/src/soc/rockchip/rk3399/clock.c: 559 in rkclk_configure_i2c()
553 case 5:
554 write32(&cru_ptr->clksel_con[61],
555 I2C_CLK_REG_VALUE(5, src_clk_div));
556 break;
557 case 6:
558 write32(&cru_ptr->clksel_con[62],
>>> CID 1355167: (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C6_DIV_CON_SHIFT) | (CLK_I2C_PLL_SEL_MASK << CLK_I2C6_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << CLK_I2C6_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << CLK_I2C6_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
559 I2C_CLK_REG_VALUE(6, src_clk_div));
560 break;
561 case 7:
562 write32(&cru_ptr->clksel_con[63],
563 I2C_CLK_REG_VALUE(7, src_clk_div));
564 break;
/src/soc/rockchip/rk3399/clock.c: 563 in rkclk_configure_i2c()
557 case 6:
558 write32(&cru_ptr->clksel_con[62],
559 I2C_CLK_REG_VALUE(6, src_clk_div));
560 break;
561 case 7:
562 write32(&cru_ptr->clksel_con[63],
>>> CID 1355167: (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C7_DIV_CON_SHIFT) | (CLK_I2C_PLL_SEL_MASK << CLK_I2C7_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << CLK_I2C7_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << CLK_I2C7_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
563 I2C_CLK_REG_VALUE(7, src_clk_div));
564 break;
565 case 8:
566 write32(&pmucru_ptr->pmucru_clksel[2],
567 PMU_I2C_CLK_REG_VALUE(8, src_clk_div));
568 break;
** CID 1355166: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/rockchip/rk3399/clock.c: 592 in rkclk_configure_saradc()
________________________________________________________________________________________________________
*** CID 1355166: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/rockchip/rk3399/clock.c: 592 in rkclk_configure_saradc()
586
587 /* saradc src clk from 24MHz */
588 src_clk_div = 24 * MHz / hz;
589 assert((src_clk_div - 1 < 255) && (src_clk_div * hz == 24 * MHz));
590
591 write32(&cru_ptr->clksel_con[26],
>>> CID 1355166: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "((65280 /* CLK_SARADC_DIV_CON_MASK << CLK_SARADC_DIV_CON_SHIFT */) | (src_clk_div - 1 << CLK_SARADC_DIV_CON_SHIFT)) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of '|'.
592 RK_CLRSETBITS(CLK_SARADC_DIV_CON_MASK <<
593 CLK_SARADC_DIV_CON_SHIFT,
594 (src_clk_div - 1) << CLK_SARADC_DIV_CON_SHIFT));
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/coreboot?tab=overview
To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=49533df725f93b78361afb7b89ccde93
More information about the coreboot
mailing list