| Message ID | 20240619093508.2528537-2-jamin_lin@aspeedtech.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix coverity issues for AST2700 | expand |
On 6/19/24 11:35 AM, Jamin Lin wrote: > Fix coverity defect: DIVIDE_BY_ZERO. > > Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> I have rewritten the commit log : aspeed/soc: Fix possible divide by zero Coverity reports a possible DIVIDE_BY_ZERO issue regarding the "ram_size" object property. This can not happen because RAM has predefined valid sizes per SoC. Nevertheless, add a test to close the issue. Fixes: Coverity CID 1547113 with that, Reviewed-by: Cédric Le Goater <clg@redhat.com> Thanks, C. > --- > hw/arm/aspeed_ast27x0.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c > index b6876b4862..d14a46df6f 100644 > --- a/hw/arm/aspeed_ast27x0.c > +++ b/hw/arm/aspeed_ast27x0.c > @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void *opaque, hwaddr addr, uint64_t data, > ram_size = object_property_get_uint(OBJECT(&s->sdmc), "ram-size", > &error_abort); > > + if (!ram_size) { > + qemu_log_mask(LOG_GUEST_ERROR, > + "%s: ram_size is zero", __func__); > + return; > + } > + > /* > * Emulate ddr capacity hardware behavior. > * If writes the data to the address which is beyond the ram size,
On Wed, 19 Jun 2024 at 10:35, Jamin Lin <jamin_lin@aspeedtech.com> wrote: > > Fix coverity defect: DIVIDE_BY_ZERO. > > Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> > --- > hw/arm/aspeed_ast27x0.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c > index b6876b4862..d14a46df6f 100644 > --- a/hw/arm/aspeed_ast27x0.c > +++ b/hw/arm/aspeed_ast27x0.c > @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void *opaque, hwaddr addr, uint64_t data, > ram_size = object_property_get_uint(OBJECT(&s->sdmc), "ram-size", > &error_abort); > > + if (!ram_size) { > + qemu_log_mask(LOG_GUEST_ERROR, > + "%s: ram_size is zero", __func__); > + return; > + } > + Isn't this a QEMU bug rather than a guest error? The RAM size presumably should never be zero unless the board set the ram-size property on the SDMC incorrectly. So the SDMC device should check (and return an error from its realize method) that the ram-size property is valid, and then here we can just assert(ram_size != 0). thanks -- PMM
On 6/24/24 2:18 PM, Peter Maydell wrote: > On Wed, 19 Jun 2024 at 10:35, Jamin Lin <jamin_lin@aspeedtech.com> wrote: >> >> Fix coverity defect: DIVIDE_BY_ZERO. >> >> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> >> --- >> hw/arm/aspeed_ast27x0.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c >> index b6876b4862..d14a46df6f 100644 >> --- a/hw/arm/aspeed_ast27x0.c >> +++ b/hw/arm/aspeed_ast27x0.c >> @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void *opaque, hwaddr addr, uint64_t data, >> ram_size = object_property_get_uint(OBJECT(&s->sdmc), "ram-size", >> &error_abort); >> >> + if (!ram_size) { >> + qemu_log_mask(LOG_GUEST_ERROR, >> + "%s: ram_size is zero", __func__); >> + return; >> + } >> + > > Isn't this a QEMU bug rather than a guest error? The > RAM size presumably should never be zero unless the board > set the ram-size property on the SDMC incorrectly. So the > SDMC device should check (and return an error from its realize > method) that the ram-size property is valid, That's the case in aspeed_sdmc_set_ram_size() which is called from the aspeed machine init routine when the ram size is set. Setting the machine ram size to zero on the command line doesn't report an error though and the size is the default. > and then here we can just assert(ram_size != 0). Yes. Jamin, could you please send a v2 with the commit logs update I proposed ? See the patches on my aspeed-9.1 branch. Thanks, C.
On Mon, 24 Jun 2024 at 14:58, Cédric Le Goater <clg@kaod.org> wrote: > > On 6/24/24 2:18 PM, Peter Maydell wrote: > > On Wed, 19 Jun 2024 at 10:35, Jamin Lin <jamin_lin@aspeedtech.com> wrote: > >> > >> Fix coverity defect: DIVIDE_BY_ZERO. > >> > >> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> > >> --- > >> hw/arm/aspeed_ast27x0.c | 6 ++++++ > >> 1 file changed, 6 insertions(+) > >> > >> diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c > >> index b6876b4862..d14a46df6f 100644 > >> --- a/hw/arm/aspeed_ast27x0.c > >> +++ b/hw/arm/aspeed_ast27x0.c > >> @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void *opaque, hwaddr addr, uint64_t data, > >> ram_size = object_property_get_uint(OBJECT(&s->sdmc), "ram-size", > >> &error_abort); > >> > >> + if (!ram_size) { > >> + qemu_log_mask(LOG_GUEST_ERROR, > >> + "%s: ram_size is zero", __func__); > >> + return; > >> + } > >> + > > > > Isn't this a QEMU bug rather than a guest error? The > > RAM size presumably should never be zero unless the board > > set the ram-size property on the SDMC incorrectly. So the > > SDMC device should check (and return an error from its realize > > method) that the ram-size property is valid, > > That's the case in aspeed_sdmc_set_ram_size() which is called from > the aspeed machine init routine when the ram size is set. True, but if the property is never set at all then the struct field will be left at whatever value it had, which is 0, I think. So if that's not valid then it either needs to be a different default or else the realize method should complain that the property was never set. thanks -- PMM
On 6/24/24 4:01 PM, Peter Maydell wrote: > On Mon, 24 Jun 2024 at 14:58, Cédric Le Goater <clg@kaod.org> wrote: >> >> On 6/24/24 2:18 PM, Peter Maydell wrote: >>> On Wed, 19 Jun 2024 at 10:35, Jamin Lin <jamin_lin@aspeedtech.com> wrote: >>>> >>>> Fix coverity defect: DIVIDE_BY_ZERO. >>>> >>>> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> >>>> --- >>>> hw/arm/aspeed_ast27x0.c | 6 ++++++ >>>> 1 file changed, 6 insertions(+) >>>> >>>> diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c >>>> index b6876b4862..d14a46df6f 100644 >>>> --- a/hw/arm/aspeed_ast27x0.c >>>> +++ b/hw/arm/aspeed_ast27x0.c >>>> @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void *opaque, hwaddr addr, uint64_t data, >>>> ram_size = object_property_get_uint(OBJECT(&s->sdmc), "ram-size", >>>> &error_abort); >>>> >>>> + if (!ram_size) { >>>> + qemu_log_mask(LOG_GUEST_ERROR, >>>> + "%s: ram_size is zero", __func__); >>>> + return; >>>> + } >>>> + >>> >>> Isn't this a QEMU bug rather than a guest error? The >>> RAM size presumably should never be zero unless the board >>> set the ram-size property on the SDMC incorrectly. So the >>> SDMC device should check (and return an error from its realize >>> method) that the ram-size property is valid, >> >> That's the case in aspeed_sdmc_set_ram_size() which is called from >> the aspeed machine init routine when the ram size is set. > > True, but if the property is never set at all then the > struct field will be left at whatever value it had, which > is 0, I think. So if that's not valid then it either needs > to be a different default or else the realize method should > complain that the property was never set. Ah, yes, and the issue has been there for while. I will send a separate patch for this. Thanks, C.
Hi Cedric, > -----Original Message----- > From: Cédric Le Goater <clg@kaod.org> > Sent: Monday, June 24, 2024 9:58 PM > To: Peter Maydell <peter.maydell@linaro.org>; Jamin Lin > <jamin_lin@aspeedtech.com> > Cc: Steven Lee <steven_lee@aspeedtech.com>; Troy Lee > <leetroy@gmail.com>; Andrew Jeffery <andrew@codeconstruct.com.au>; Joel > Stanley <joel@jms.id.au>; open list:ASPEED BMCs <qemu-arm@nongnu.org>; > open list:All patches CC here <qemu-devel@nongnu.org>; Troy Lee > <troy_lee@aspeedtech.com>; Yunlin Tang <yunlin.tang@aspeedtech.com> > Subject: Re: [PATCH v1 1/2] aspeed/soc: fix coverity issue > > On 6/24/24 2:18 PM, Peter Maydell wrote: > > On Wed, 19 Jun 2024 at 10:35, Jamin Lin <jamin_lin@aspeedtech.com> > wrote: > >> > >> Fix coverity defect: DIVIDE_BY_ZERO. > >> > >> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> > >> --- > >> hw/arm/aspeed_ast27x0.c | 6 ++++++ > >> 1 file changed, 6 insertions(+) > >> > >> diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c index > >> b6876b4862..d14a46df6f 100644 > >> --- a/hw/arm/aspeed_ast27x0.c > >> +++ b/hw/arm/aspeed_ast27x0.c > >> @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void > *opaque, hwaddr addr, uint64_t data, > >> ram_size = object_property_get_uint(OBJECT(&s->sdmc), > "ram-size", > >> &error_abort); > >> > >> + if (!ram_size) { > >> + qemu_log_mask(LOG_GUEST_ERROR, > >> + "%s: ram_size is zero", __func__); > >> + return; > >> + } > >> + > > > > Isn't this a QEMU bug rather than a guest error? The RAM size > > presumably should never be zero unless the board set the ram-size > > property on the SDMC incorrectly. So the SDMC device should check (and > > return an error from its realize > > method) that the ram-size property is valid, > > That's the case in aspeed_sdmc_set_ram_size() which is called from the > aspeed machine init routine when the ram size is set. > > Setting the machine ram size to zero on the command line doesn't report an > error though and the size is the default. > > > and then here we can just assert(ram_size != 0). > > Yes. > > Jamin, could you please send a v2 with the commit logs update I proposed ? > See the patches on my aspeed-9.1 branch. I resend v2 patch with your commit log, https://www.mail-archive.com/qemu-devel@nongnu.org/msg1050302.html Do we need to drop this patch, https://www.mail-archive.com/qemu-devel@nongnu.org/msg1050301.html? Thanks-Jamin > > Thanks, > > C.
Hello On 6/25/24 3:55 AM, Jamin Lin wrote: > Hi Cedric, >> -----Original Message----- >> From: Cédric Le Goater <clg@kaod.org> >> Sent: Monday, June 24, 2024 9:58 PM >> To: Peter Maydell <peter.maydell@linaro.org>; Jamin Lin >> <jamin_lin@aspeedtech.com> >> Cc: Steven Lee <steven_lee@aspeedtech.com>; Troy Lee >> <leetroy@gmail.com>; Andrew Jeffery <andrew@codeconstruct.com.au>; Joel >> Stanley <joel@jms.id.au>; open list:ASPEED BMCs <qemu-arm@nongnu.org>; >> open list:All patches CC here <qemu-devel@nongnu.org>; Troy Lee >> <troy_lee@aspeedtech.com>; Yunlin Tang <yunlin.tang@aspeedtech.com> >> Subject: Re: [PATCH v1 1/2] aspeed/soc: fix coverity issue >> >> On 6/24/24 2:18 PM, Peter Maydell wrote: >>> On Wed, 19 Jun 2024 at 10:35, Jamin Lin <jamin_lin@aspeedtech.com> >> wrote: >>>> >>>> Fix coverity defect: DIVIDE_BY_ZERO. >>>> >>>> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> >>>> --- >>>> hw/arm/aspeed_ast27x0.c | 6 ++++++ >>>> 1 file changed, 6 insertions(+) >>>> >>>> diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c index >>>> b6876b4862..d14a46df6f 100644 >>>> --- a/hw/arm/aspeed_ast27x0.c >>>> +++ b/hw/arm/aspeed_ast27x0.c >>>> @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void >> *opaque, hwaddr addr, uint64_t data, >>>> ram_size = object_property_get_uint(OBJECT(&s->sdmc), >> "ram-size", >>>> &error_abort); >>>> >>>> + if (!ram_size) { >>>> + qemu_log_mask(LOG_GUEST_ERROR, >>>> + "%s: ram_size is zero", __func__); >>>> + return; >>>> + } >>>> + >>> >>> Isn't this a QEMU bug rather than a guest error? The RAM size >>> presumably should never be zero unless the board set the ram-size >>> property on the SDMC incorrectly. So the SDMC device should check (and >>> return an error from its realize >>> method) that the ram-size property is valid, >> >> That's the case in aspeed_sdmc_set_ram_size() which is called from the >> aspeed machine init routine when the ram size is set. >> >> Setting the machine ram size to zero on the command line doesn't report an >> error though and the size is the default. >> >>> and then here we can just assert(ram_size != 0). >> >> Yes. >> >> Jamin, could you please send a v2 with the commit logs update I proposed ? >> See the patches on my aspeed-9.1 branch. > I resend v2 patch with your commit log, https://www.mail-archive.com/qemu-devel@nongnu.org/msg1050302.html We'll need a v3 with the assert. No hurries. We still have some time before the soft freeze. Thanks, C. > Do we need to drop this patch, https://www.mail-archive.com/qemu-devel@nongnu.org/msg1050301.html? > > Thanks-Jamin >> >> Thanks, >> >> C.
diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c index b6876b4862..d14a46df6f 100644 --- a/hw/arm/aspeed_ast27x0.c +++ b/hw/arm/aspeed_ast27x0.c @@ -211,6 +211,12 @@ static void aspeed_ram_capacity_write(void *opaque, hwaddr addr, uint64_t data, ram_size = object_property_get_uint(OBJECT(&s->sdmc), "ram-size", &error_abort); + if (!ram_size) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: ram_size is zero", __func__); + return; + } + /* * Emulate ddr capacity hardware behavior. * If writes the data to the address which is beyond the ram size,
Fix coverity defect: DIVIDE_BY_ZERO. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> --- hw/arm/aspeed_ast27x0.c | 6 ++++++ 1 file changed, 6 insertions(+)