[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helpe
|
From: |
Auger Eric |
|
Subject: |
Re: [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helper |
|
Date: |
Mon, 14 May 2018 18:41:38 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 |
Hi Peter,
On 05/14/2018 06:23 PM, Peter Maydell wrote:
> On 4 May 2018 at 18:15, Peter Maydell <address@hidden> wrote:
>> From: Eric Auger <address@hidden>
>>
>> Let's introduce a helper function aiming at recording an
>> event in the event queue.
>
>> +void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
>> +{
>> + Evt evt;
>> + MemTxResult r;
>>
>> if (!smmuv3_eventq_enabled(s)) {
>> return;
>> }
>>
>> - if (smmuv3_q_full(q)) {
>> + EVT_SET_TYPE(&evt, info->type);
>> + EVT_SET_SID(&evt, info->sid);
>
> Hi Eric -- Coverity complains about use of uninitialized data
> here (CID 1391004). Evt is a struct, and there's no initializer
> where we declare it, so its fields are uninitialized. The
> The EVT_SET_TYPE and similar setters use deposit32() on fields
> in the struct, so they read the uninitialized existing values.
> In cases where we don't set all the fields in the event struct
> we'll end up leaking random uninitialized data from QEMU's
> stack into the guest.
>
> Initializing the struct with "Evt evt = {};" ought to satisfy
> Coverity and fix the data leak.
Sure I will send a patch.
Thanks
Eric
>
> thanks
> -- PMM
>
- [Qemu-devel] [PULL 10/24] target/arm: Implement v8M VLLDM and VLSTM, (continued)
- [Qemu-devel] [PULL 10/24] target/arm: Implement v8M VLLDM and VLSTM, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 12/24] hw/arm/smmu-common: IOMMU memory region and address space setup, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 11/24] hw/arm/smmu-common: smmu base device and datatypes, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 15/24] hw/arm/smmuv3: Wired IRQ and GERROR helpers, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 16/24] hw/arm/smmuv3: Queue helpers, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 17/24] hw/arm/smmuv3: Implement MMIO write operations, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 19/24] hw/arm/smmuv3: Implement translate callback, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 22/24] hw/arm/virt: Add SMMUv3 to the virt board, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helper, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 13/24] hw/arm/smmu-common: VMSAv8-64 page table walk, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 20/24] hw/arm/smmuv3: Abort on vfio or vhost case, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 21/24] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 24/24] hw/arm/virt: Introduce the iommu option, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 23/24] hw/arm/virt-acpi-build: Add smmuv3 node in IORT table, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 14/24] hw/arm/smmuv3: Skeleton, Peter Maydell, 2018/05/04
- Re: [Qemu-devel] [PULL 00/24] target-arm queue, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 00/24] target-arm queue, Peter Maydell, 2018/05/04