/usr/src/usr.sbin/kgmon/kgmon.c

Bug Summary

File:	src/usr.sbin/kgmon/kgmon.c
Warning:	line 473, column 3 Potential leak of memory pointed to by 'zbuf'

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name kgmon.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/kgmon/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/kgmon/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.sbin/kgmon/kgmon.c

1/*	$OpenBSD: kgmon.c,v 1.26 2019/06/28 13:32:48 deraadt Exp $	*/

3/*
* Copyright (c) 1983, 1992, 1993
*	The Regents of the University of California.  All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
*    may be used to endorse or promote products derived from this software
*    without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

32#include <sys/types.h>
33#include <sys/sysctl.h>
34#include <sys/time.h>
35#include <sys/gmon.h>

37#include <errno(*__errno()).h>
38#include <err.h>
39#include <fcntl.h>
40#include <kvm.h>
41#include <limits.h>
42#include <stdio.h>
43#include <stdlib.h>
44#include <unistd.h>
45#include <string.h>
46#include <nlist.h>
47#include <paths.h>

49struct nlist nl[] = {
50#define	N_GMONPARAM0	0
{ "__gmonparam" },
52#define	N_PROFHZ1	1
{ "_profhz" },
{ NULL((void *)0) }
55};

57struct kvmvars {
kvm_t	*kd;
struct gmonparam gpm;
60};

62extern char *__progname;

64int	bflag, cflag, hflag, kflag, rflag, pflag;
65int	debug = 0;
66void	kgmon(char *, char *, struct kvmvars *, int);
67void	setprof(struct kvmvars *, int, int);
68void	dumpstate(struct kvmvars *, int);
69void	reset(struct kvmvars *, int);
70void	kern_readonly(int);
71int	getprof(struct kvmvars *, int);
72int	getprofhz(struct kvmvars *);
73int	openfiles(char *, char *, struct kvmvars *, int);
74int	getncpu(void);

76int
77main(int argc, char **argv)
78{
int ch, ncpu, cpuid = -1;
struct kvmvars kvmvars;
char *sys, *kmemf;
const char *p;

kmemf = NULL((void *)0);
sys = NULL((void *)0);
while ((ch = getopt(argc, argv, "M:N:bc:hpr")) != -1) {
1
Assuming the condition is false→
2
←
Loop condition is false. Execution continues on line 127→
switch(ch) {

case 'M':
	kmemf = optarg;
	kflag = 1;
	break;

case 'N':
	sys = optarg;
	break;

case 'b':
	bflag = 1;
	break;

case 'c':
	cflag = 1;
	cpuid = strtonum(optarg, 0, 1024, &p);
	if (p)
		errx(1, "illegal CPU id %s: %s", optarg, p);
	break;

case 'h':
	hflag = 1;
	break;

case 'p':
	pflag = 1;
	break;

case 'r':
	rflag = 1;
	break;

default:
	fprintf(stderr(&__sF[2]), "usage: %s [-bhpr] "
	    "[-c cpuid] [-M core] [-N system]\n", __progname);
	exit(1);
}
}
argc -= optind;
argv += optind;

130#define BACKWARD_COMPATIBILITY
131#ifdef	BACKWARD_COMPATIBILITY
if (*argv) {
3
←
Assuming the condition is false→
4
←
Taking false branch→
sys = *argv;
if (*++argv) {
	kmemf = *argv;
	++kflag;
}
}
139#endif

if (cflag) {
5
←
Assuming 'cflag' is not equal to 0→
6
←
Taking true branch→
kgmon(sys, kmemf, &kvmvars, cpuid);
7
←
Calling 'kgmon'→
} else {
ncpu = getncpu();
for (cpuid = 0; cpuid < ncpu; cpuid++)
	kgmon(sys, kmemf, &kvmvars, cpuid);
}

return (0);
150}

152void
153kgmon(char *sys, char *kmemf, struct kvmvars *kvp, int cpuid)
154{
int mode, disp, accessmode;

accessmode = openfiles(sys, kmemf, kvp, cpuid);
mode = getprof(kvp, cpuid);
if (hflag)
8
←
Assuming 'hflag' is not equal to 0→
9
←
Taking true branch→
disp = GMON_PROF_OFF3;
else if (bflag)
disp = GMON_PROF_ON0;
else
disp = mode;
if (pflag)
10
←
Assuming 'pflag' is 0→
11
←
Taking false branch→
dumpstate(kvp, cpuid);
if (rflag)
12
←
Assuming 'rflag' is not equal to 0→
13
←
Taking true branch→
reset(kvp, cpuid);
14
←
Calling 'reset'→
if (accessmode == O_RDWR0x0002)
setprof(kvp, cpuid, disp);
printf("%s: kernel profiling is %s for cpu %d.\n", __progname,
   disp == GMON_PROF_OFF3 ? "off" : "running", cpuid);
173}

175/*
* Check that profiling is enabled and open any ncessary files.
*/
178int
179openfiles(char *sys, char *kmemf, struct kvmvars *kvp, int cpuid)
180{
int mib[4], state, openmode;
size_t size;
char errbuf[_POSIX2_LINE_MAX2048];

if (!kflag) {
mib[0] = CTL_KERN1;
mib[1] = KERN_PROF16;
mib[2] = GPROF_STATE0;
mib[3] = cpuid;
size = sizeof state;
if (sysctl(mib, 4, &state, &size, NULL((void *)0), 0) == -1)
	errx(20, "profiling not defined in kernel.");
if (!(bflag || hflag || rflag ||
    (pflag && state == GMON_PROF_ON0)))
	return (O_RDONLY0x0000);
if (sysctl(mib, 4, NULL((void *)0), NULL((void *)0), &state, size) >= 0)
	return (O_RDWR0x0002);
kern_readonly(state);
return (O_RDONLY0x0000);
}
openmode = (bflag || hflag || pflag || rflag) ? O_RDWR0x0002 : O_RDONLY0x0000;
kvp->kd = kvm_openfiles(sys, kmemf, NULL((void *)0), openmode, errbuf);
if (kvp->kd == NULL((void *)0)) {
if (openmode == O_RDWR0x0002) {
	openmode = O_RDONLY0x0000;
	kvp->kd = kvm_openfiles(sys, kmemf, NULL((void *)0), O_RDONLY0x0000,
	    errbuf);
}
if (kvp->kd == NULL((void *)0))
	errx(2, "kvm_openfiles: %s", errbuf);
kern_readonly(GMON_PROF_ON0);
}
if (kvm_nlist(kvp->kd, nl) == -1)
errx(3, "%s: no namelist", sys ? sys : _PATH_UNIX"/bsd");
if (!nl[N_GMONPARAM0].n_value)
errx(20, "profiling not defined in kernel.");
return (openmode);
218}

220/*
* Suppress options that require a writable kernel.
*/
223void
224kern_readonly(int mode)
225{
extern char *__progname;

(void)fprintf(stderr(&__sF[2]), "%s: kernel read-only: ", __progname);
if (pflag && mode == GMON_PROF_ON0)
(void)fprintf(stderr(&__sF[2]), "data may be inconsistent\n");
if (rflag)
(void)fprintf(stderr(&__sF[2]), "-r suppressed\n");
if (bflag)
(void)fprintf(stderr(&__sF[2]), "-b suppressed\n");
if (hflag)
(void)fprintf(stderr(&__sF[2]), "-h suppressed\n");
rflag = bflag = hflag = 0;
238}

240/*
* Get the state of kernel profiling.
*/
243int
244getprof(struct kvmvars *kvp, int cpuid)
245{
int mib[4];
size_t size;

if (kflag) {
size = kvm_read(kvp->kd, nl[N_GMONPARAM0].n_value, &kvp->gpm,
    sizeof kvp->gpm);
} else {
mib[0] = CTL_KERN1;
mib[1] = KERN_PROF16;
mib[2] = GPROF_GMONPARAM4;
mib[3] = cpuid;
size = sizeof kvp->gpm;
if (sysctl(mib, 4, &kvp->gpm, &size, NULL((void *)0), 0) == -1)
	size = 0;
}
if (size != sizeof kvp->gpm)
errx(4, "cannot get gmonparam: %s",
    kflag ? kvm_geterr(kvp->kd) : strerror(errno(*__errno())));
return (kvp->gpm.state);
265}

267/*
* Enable or disable kernel profiling according to the state variable.
*/
270void
271setprof(struct kvmvars *kvp, int cpuid, int state)
272{
struct gmonparam *p = (struct gmonparam *)nl[N_GMONPARAM0].n_value;
int mib[4], oldstate;
size_t sz;

sz = sizeof(state);
if (!kflag) {
mib[0] = CTL_KERN1;
mib[1] = KERN_PROF16;
mib[2] = GPROF_STATE0;
mib[3] = cpuid;
if (sysctl(mib, 4, &oldstate, &sz, NULL((void *)0), 0) == -1)
	goto bad;
if (oldstate == state)
	return;
if (sysctl(mib, 4, NULL((void *)0), NULL((void *)0), &state, sz) >= 0)
	return;
} else if (kvm_write(kvp->kd, (u_long)&p->state, (void *)&state, sz)
   == sz)
return;
292bad:
warnx("warning: cannot turn profiling %s",
   state == GMON_PROF_OFF3 ? "off" : "on");
295}

297/*
* Build the gmon.out file.
*/
300void
301dumpstate(struct kvmvars *kvp, int cpuid)
302{
FILE *fp;
struct rawarc rawarc;
struct tostruct *tos;
u_long frompc;
u_short *froms, *tickbuf;
int mib[4];
size_t i;
struct gmonhdr h;
int fromindex, endfrom, toindex;
char buf[16];

snprintf(buf, sizeof(buf), "gmon-%02d.out", cpuid);

setprof(kvp, cpuid, GMON_PROF_OFF3);
fp = fopen(buf, "w");
if (fp == 0) {
perror(buf);
return;
}

/*
* Build the gmon header and write it to a file.
*/
bzero(&h, sizeof(h));
h.lpc = kvp->gpm.lowpc;
h.hpc = kvp->gpm.highpc;
h.ncnt = kvp->gpm.kcountsize + sizeof(h);
h.version = GMONVERSION0x00051879;
h.profrate = getprofhz(kvp);
fwrite((char *)&h, sizeof(h), 1, fp);

/*
* Write out the tick buffer.
*/
mib[0] = CTL_KERN1;
mib[1] = KERN_PROF16;
if ((tickbuf = malloc(kvp->gpm.kcountsize)) == NULL((void *)0))
errx(5, "cannot allocate kcount space");
if (kflag) {
i = kvm_read(kvp->kd, (u_long)kvp->gpm.kcount, (void *)tickbuf,
    kvp->gpm.kcountsize);
} else {
mib[2] = GPROF_COUNT1;
mib[3] = cpuid;
i = kvp->gpm.kcountsize;
if (sysctl(mib, 4, tickbuf, &i, NULL((void *)0), 0) == -1)
	i = 0;
}
if (i != kvp->gpm.kcountsize)
errx(6, "read ticks: read %lu, got %zu: %s",
    kvp->gpm.kcountsize, i,
    kflag ? kvm_geterr(kvp->kd) : strerror(errno(*__errno())));
if ((fwrite(tickbuf, kvp->gpm.kcountsize, 1, fp)) != 1)
err(7, "writing tocks to gmon.out");
free(tickbuf);

/*
* Write out the arc info.
*/
if ((froms = malloc(kvp->gpm.fromssize)) == NULL((void *)0))
errx(8, "cannot allocate froms space");
if (kflag) {
i = kvm_read(kvp->kd, (u_long)kvp->gpm.froms, (void *)froms,
    kvp->gpm.fromssize);
} else {
mib[2] = GPROF_FROMS2;
mib[3] = cpuid;
i = kvp->gpm.fromssize;
if (sysctl(mib, 4, froms, &i, NULL((void *)0), 0) == -1)
	i = 0;
}
if (i != kvp->gpm.fromssize)
errx(9, "read froms: read %lu, got %zu: %s",
    kvp->gpm.fromssize, i,
    kflag ? kvm_geterr(kvp->kd) : strerror(errno(*__errno())));
if ((tos = malloc(kvp->gpm.tossize)) == NULL((void *)0))
errx(10, "cannot allocate tos space");
if (kflag) {
i = kvm_read(kvp->kd, (u_long)kvp->gpm.tos, (void *)tos,
    kvp->gpm.tossize);
} else {
mib[2] = GPROF_TOS3;
mib[3] = cpuid;
i = kvp->gpm.tossize;
if (sysctl(mib, 4, tos, &i, NULL((void *)0), 0) == -1)
	i = 0;
}
if (i != kvp->gpm.tossize)
errx(11, "read tos: read %lu, got %zu: %s",
    kvp->gpm.tossize, i,
    kflag ? kvm_geterr(kvp->kd) : strerror(errno(*__errno())));
if (debug)
warnx("lowpc 0x%lx, textsize 0x%lx",
    kvp->gpm.lowpc, kvp->gpm.textsize);
endfrom = kvp->gpm.fromssize / sizeof(*froms);
for (fromindex = 0; fromindex < endfrom; ++fromindex) {
if (froms[fromindex] == 0)
	continue;
frompc = (u_long)kvp->gpm.lowpc +
    (fromindex * kvp->gpm.hashfraction * sizeof(*froms));
for (toindex = froms[fromindex]; toindex != 0;
   toindex = tos[toindex].link) {
	if (debug)
	  warnx("[mcleanup] frompc 0x%lx selfpc 0x%lx count %ld",
	    frompc, tos[toindex].selfpc, tos[toindex].count);
	rawarc.raw_frompc = frompc;
	rawarc.raw_selfpc = (u_long)tos[toindex].selfpc;
	rawarc.raw_count = tos[toindex].count;
	fwrite((char *)&rawarc, sizeof(rawarc), 1, fp);
}
}
fclose(fp);
415}

417/*
* Get the profiling rate.
*/
420int
421getprofhz(struct kvmvars *kvp)
422{
int mib[2], profrate;
size_t size;
struct clockinfo clockrate;

if (kflag) {
profrate = 1;
if (kvm_read(kvp->kd, nl[N_PROFHZ1].n_value, &profrate,
    sizeof profrate) != sizeof profrate)
	warnx("get clockrate: %s", kvm_geterr(kvp->kd));
return (profrate);
}
mib[0] = CTL_KERN1;
mib[1] = KERN_CLOCKRATE12;
clockrate.profhz = 1;
size = sizeof clockrate;
if (sysctl(mib, 2, &clockrate, &size, NULL((void *)0), 0) == -1)
warn("get clockrate");
return (clockrate.profhz);
441}

443/*
* Reset the kernel profiling date structures.
*/
446void
447reset(struct kvmvars *kvp, int cpuid)
448{
char *zbuf;
u_long biggest;
int mib[4];

setprof(kvp, cpuid, GMON_PROF_OFF3);

biggest = kvp->gpm.kcountsize;
if (kvp->gpm.fromssize > biggest)
15
←
Assuming 'biggest' is >= field 'fromssize'→
16
←
Taking false branch→
biggest = kvp->gpm.fromssize;
if (kvp->gpm.tossize > biggest)
17
←
Assuming 'biggest' is >= field 'tossize'→
18
←
Taking false branch→
biggest = kvp->gpm.tossize;
if ((zbuf = malloc(biggest)) == NULL((void *)0))
19
←
Memory is allocated→
20
←
Assuming the condition is false→
21
←
Taking false branch→
errx(12, "cannot allocate zbuf space");
bzero(zbuf, biggest);
if (kflag) {
22
←
Assuming 'kflag' is not equal to 0→
23
←
Taking true branch→
if (kvm_write(kvp->kd, (u_long)kvp->gpm.kcount, zbuf,
24
←
Assuming the condition is false→
25
←
Taking false branch→
    kvp->gpm.kcountsize) != kvp->gpm.kcountsize)
	errx(13, "tickbuf zero: %s", kvm_geterr(kvp->kd));
if (kvm_write(kvp->kd, (u_long)kvp->gpm.froms, zbuf,
26
←
Assuming the condition is false→
27
←
Taking false branch→
    kvp->gpm.fromssize) != kvp->gpm.fromssize)
	errx(14, "froms zero: %s", kvm_geterr(kvp->kd));
if (kvm_write(kvp->kd, (u_long)kvp->gpm.tos, zbuf,
28
←
Assuming the condition is false→
29
←
Taking false branch→
    kvp->gpm.tossize) != kvp->gpm.tossize)
	errx(15, "tos zero: %s", kvm_geterr(kvp->kd));
return;
30
←
Potential leak of memory pointed to by 'zbuf'
}
mib[0] = CTL_KERN1;
mib[1] = KERN_PROF16;
mib[2] = GPROF_COUNT1;
mib[3] = cpuid;
if (sysctl(mib, 4, NULL((void *)0), NULL((void *)0), zbuf, kvp->gpm.kcountsize) == -1)
err(13, "tickbuf zero");
mib[2] = GPROF_FROMS2;
if (sysctl(mib, 4, NULL((void *)0), NULL((void *)0), zbuf, kvp->gpm.fromssize) == -1)
err(14, "froms zero");
mib[2] = GPROF_TOS3;
if (sysctl(mib, 4, NULL((void *)0), NULL((void *)0), zbuf, kvp->gpm.tossize) == -1)
err(15, "tos zero");
free(zbuf);
488}

490int
491getncpu(void)
492{
int mib[2] = { CTL_HW6, HW_NCPU3 };
size_t size;
int ncpu;

size = sizeof(ncpu);
if (sysctl(mib, 2, &ncpu, &size, NULL((void *)0), 0) == -1) {
warnx("cannot read hw.ncpu");
return (1);
}

return (ncpu);
504}