[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] coverity-model: model address_space_read/wri
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v2] coverity-model: model address_space_read/write |
Date: |
Wed, 15 Mar 2017 06:55:32 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 03/15/2017 03:16 AM, Paolo Bonzini wrote:
> Commit eb7eeb8 ("memory: split address_space_read and
> address_space_write", 2015-12-17) made address_space_rw
> dispatch to one of address_space_read or address_space_write,
> rather than vice versa.
>
> For callers of address_space_read and address_space_write this
> causes false positive defects when Coverity sees a length-8 write in
> address_space_read and a length-4 (e.g. int*) buffer to read into.
> As long as the size of the buffer is okay, this is a false positive.
>
> Reflect the code change into the model.
>
> Signed-off-by: Paolo Bonzini <address@hidden>
> ---
> scripts/coverity-model.c | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
> -MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
> - uint8_t *buf, int len, bool is_write)
> +MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
> + MemTxAttrs attrs,
> + uint8_t *buf, int len)
> {
> MemTxResult result;
> -
> // TODO: investigate impact of treating reads as producing
> // tainted data, with __coverity_tainted_data_argument__(buf).
> - if (is_write) __bufread(buf, len); else __bufwrite(buf, len);
Old code did __bufread for reads,
> + __bufwrite(buf, len);
but the new does __bufwrite.
> + return result;
> +}
>
> +MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
> + MemTxAttrs attrs,
> + const uint8_t *buf, int len)
> +{
> + MemTxResult result;
> + __bufread(buf, len);
And __bufread for writes. Did you get this backwards?
> return result;
> }
>
> +
> /* Tainting */
>
> typedef struct {} name2keysym_t;
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature