From patchwork Mon Jan 6 13:28:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11319257 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C7D531398 for ; Mon, 6 Jan 2020 13:30:18 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A0D53222D9 for ; Mon, 6 Jan 2020 13:30:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="cP28wLZ9" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A0D53222D9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ioSRN-0005lo-8t; Mon, 06 Jan 2020 13:29:05 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ioSRL-0005li-NI for xen-devel@lists.xenproject.org; Mon, 06 Jan 2020 13:29:03 +0000 X-Inumbo-ID: 80455483-3088-11ea-ab05-12813bfff9fa Received: from esa3.hc3370-68.iphmx.com (unknown [216.71.145.155]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 80455483-3088-11ea-ab05-12813bfff9fa; Mon, 06 Jan 2020 13:29:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1578317343; h=from:to:cc:subject:date:message-id:mime-version; bh=01oSMARpNQcg2T+tOdO47Ycni+oDCjg6CsSqWpukElM=; b=cP28wLZ9QKaMXi+Q3E/s2hLyOu/eqFicM5211qaiy6pBJmpkjylI8uz9 25yV1ijgRu//O7IDRLaJdWFmMS0PEDX0oFDBLu6x5clelLE/UhsMNScly VoRagU4KDFrPbJVaRcNxNsR+wa5HGsq2cLRXbzVilmAkdpuCTl+K3shjB E=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa3.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: Ndi8RPDQtGV0I0H7bNjNXctu+05f3q+L2Eh9rOMmL+/YHa3qRLdB8TgozLCRAwuILUPDhiN+75 0lKv4SO35q2yz25QTMiJWnNoJ9ttcGp1pFqMJaEsOGG7lufkLP1IOwBXPWfRmYyOSUidHmtrrd b9bHEf5jz5X/jQdjzSNPKvOdYt10LCRdym0GKaPAaNw43JHEpW2VAC1XDALemgbP0v6CtbNC/Z rLpJK+MmNBe4eJDk1quZXIrp2WkMp5Wcl0VpvM60972uHtIbP3MlwIsDYvZZMrxYBTL5nC3DTU LIE= X-SBRS: 2.7 X-MesageID: 10480170 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.69,402,1571716800"; d="scan'208";a="10480170" From: Andrew Cooper To: Xen-devel Date: Mon, 6 Jan 2020 13:28:59 +0000 Message-ID: <20200106132859.25882-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] Coverity: Improve model for {, un}map_domain_page() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Jan Beulich , Ian Jackson Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The first attempt resulted in several "Free of address-of expression (BAD_FREE)" issues, because of code which relies on the fact that any pointer in the same page is ok to pass to unmap_domain_page() Model this property to remove the issues. Coverity IDs: 1135356 113536{0,1} 1401300 141809{0,1} 1438864 Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: George Dunlap CC: Ian Jackson CC: Jan Beulich CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall As the only way of testing is to upload a new model, this change matches what I've already done in Snapshot 182435. --- misc/coverity/model.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/misc/coverity/model.c b/misc/coverity/model.c index bd62566a0d..1ec3fe8673 100644 --- a/misc/coverity/model.c +++ b/misc/coverity/model.c @@ -82,21 +82,31 @@ void xfree(void *va) * allocation of exactly 1 page. * * map_domain_page() never fails. (It will BUG() before returning NULL) - * - * TODO: work out how to correctly model the behaviour that this function will - * only ever return page aligned pointers. */ void *map_domain_page(unsigned long mfn) { - return __coverity_alloc__(PAGE_SIZE); + unsigned long ptr = (unsigned long)__coverity_alloc__(PAGE_SIZE); + + /* + * Expressing the alignment of the memory allocation isn't possible. As a + * substitute, tell Coverity to ignore any path where ptr isn't page + * aligned. + */ + if ( ptr & ~PAGE_MASK ) + __coverity_panic__(); + + return (void *)ptr; } /* - * unmap_domain_page() will unmap a page. Model it as a free(). + * unmap_domain_page() will unmap a page. Model it as a free(). Any *va + * within the page is valid to pass. */ void unmap_domain_page(const void *va) { - __coverity_free__(va); + unsigned long ptr = (unsigned long)va & PAGE_MASK; + + __coverity_free__((void *)ptr); } /*