Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range
Date:	Fri, 13 May 2022 18:55:12 +0200

On Fri, May 13, 2022 at 6:43 PM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> In tpm_tis_mmio_read(), tpm_tis_mmio_write() and
> tpm_tis_dump_state(), we calculate a locality index with
> tpm_tis_locality_from_addr() and then use it as an index into the
> s->loc[] array.  In all these cases, the array index can't overflow
> because the MemoryRegion is sized to be TPM_TIS_NUM_LOCALITIES <<
> TPM_TIS_LOCALITY_SHIFT bytes.  However, Coverity can't see that, and
> it complains (CID 1487138, 1487180, 1487188, 1487198, 1487240).
>
> Add assertions that the calculated locality index is valid, which
> will help Coverity and also catch any potential future bug where
> the MemoryRegion isn't sized exactly.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Tested with 'make check' only...
>
>  hw/tpm/tpm_tis_common.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c
> index e700d821816..81edae410c8 100644
> --- a/hw/tpm/tpm_tis_common.c
> +++ b/hw/tpm/tpm_tis_common.c
> @@ -295,6 +295,8 @@ static void tpm_tis_dump_state(TPMState *s, hwaddr addr)
>      uint8_t locty = tpm_tis_locality_from_addr(addr);
>      hwaddr base = addr & ~0xfff;
>
> +    assert(TPM_TIS_IS_VALID_LOCTY(locty));
> +
>      printf("tpm_tis: active locality      : %d\n"
>             "tpm_tis: state of locality %d : %d\n"
>             "tpm_tis: register dump:\n",

This one was here ...:
https://lore.kernel.org/qemu-devel/20220330235723.68033-1-philippe.mathieu.daude@gmail.com/

> @@ -336,6 +338,8 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr 
> addr,
>      uint32_t avail;
>      uint8_t v;
>
> +    assert(TPM_TIS_IS_VALID_LOCTY(locty));
> +
>      if (tpm_backend_had_startup_error(s->be_driver)) {
>          return 0;
>      }
> @@ -458,6 +462,8 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
>      uint16_t len;
>      uint32_t mask = (size == 1) ? 0xff : ((size == 2) ? 0xffff : ~0);
>
> +    assert(TPM_TIS_IS_VALID_LOCTY(locty));
> +
>      trace_tpm_tis_mmio_write(size, addr, val);
>
>      if (locty == 4) {

... but not these, so:
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range, Peter Maydell, 2022/05/13
- Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range, Philippe Mathieu-Daudé <=
- Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range, Stefan Berger, 2022/05/18
  - Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range, Peter Maydell, 2022/05/18

Prev by Date: Re: [PATCH v2 1/4] kvm: Dynamically adjust the rate of dirty ring reaper thread
Next by Date: Re: [PATCH] target/ppc: Fix tlbie
Previous by thread: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range
Next by thread: Re: [PATCH] hw/tpm/tpm_tis_common.c: Assert that locty is in range
Index(es):
- Date
- Thread