| Message ID | 20240722103531.2377348-1-smostafa@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | hw/arm/smmuv3: Assert input to oas2bits() is valid | expand |
On 22/7/24 12:35, Mostafa Saleh wrote: > Coverity has spotted a possible problem with the OAS handling > (CID 1558464), where the error return of oas2bits() -1 is not > checked, which can cause an overflow in oas value. > > oas2bits() is only called with valid inputs, harden the function > to assert that. > > Reported-By: Peter Maydell <peter.maydell@linaro.org> > Link: https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mHC+eL6YjfL1m+x+b+Fk3mkgZbN74WNxifFVow@mail.gmail.com/ > Signed-off-by: Mostafa Saleh <smostafa@google.com> > --- > hw/arm/smmuv3-internal.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On 7/22/24 12:35, Mostafa Saleh wrote: > Coverity has spotted a possible problem with the OAS handling > (CID 1558464), where the error return of oas2bits() -1 is not > checked, which can cause an overflow in oas value. > > oas2bits() is only called with valid inputs, harden the function > to assert that. > > Reported-By: Peter Maydell <peter.maydell@linaro.org> > Link: https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mHC+eL6YjfL1m+x+b+Fk3mkgZbN74WNxifFVow@mail.gmail.com/ > Signed-off-by: Mostafa Saleh <smostafa@google.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Eric > --- > hw/arm/smmuv3-internal.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h > index 0ebf2eebcf..b6b7399347 100644 > --- a/hw/arm/smmuv3-internal.h > +++ b/hw/arm/smmuv3-internal.h > @@ -599,7 +599,8 @@ static inline int oas2bits(int oas_field) > case 5: > return 48; > } > - return -1; > + > + g_assert_not_reached(); > } > > /* CD fields */
On Mon, 22 Jul 2024 at 11:35, Mostafa Saleh <smostafa@google.com> wrote: > > Coverity has spotted a possible problem with the OAS handling > (CID 1558464), where the error return of oas2bits() -1 is not > checked, which can cause an overflow in oas value. > > oas2bits() is only called with valid inputs, harden the function > to assert that. > > Reported-By: Peter Maydell <peter.maydell@linaro.org> > Link: https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mHC+eL6YjfL1m+x+b+Fk3mkgZbN74WNxifFVow@mail.gmail.com/ > Signed-off-by: Mostafa Saleh <smostafa@google.com> Applied to target-arm.next, thanks. -- PMM
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index 0ebf2eebcf..b6b7399347 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -599,7 +599,8 @@ static inline int oas2bits(int oas_field) case 5: return 48; } - return -1; + + g_assert_not_reached(); } /* CD fields */
Coverity has spotted a possible problem with the OAS handling (CID 1558464), where the error return of oas2bits() -1 is not checked, which can cause an overflow in oas value. oas2bits() is only called with valid inputs, harden the function to assert that. Reported-By: Peter Maydell <peter.maydell@linaro.org> Link: https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mHC+eL6YjfL1m+x+b+Fk3mkgZbN74WNxifFVow@mail.gmail.com/ Signed-off-by: Mostafa Saleh <smostafa@google.com> --- hw/arm/smmuv3-internal.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)