qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] virtio-ccw.c vs larger VIRTIO_QUEUE_MAX (coverity warning C

From: Peter Maydell
Subject: [Qemu-devel] virtio-ccw.c vs larger VIRTIO_QUEUE_MAX (coverity warning CID 1390619)
Date: Mon, 14 May 2018 19:12:27 +0100 
Hi; Coverity has I think enabled a new warning recently, which
is triggering on virtio_ccw_notify() in hw/s390x/virtio-ccw.c
(CID 1390619).

This function does
    indicators |= 1ULL << vector;
but the code is guarded only by
    if (vector < VIRTIO_QUEUE_MAX) {

That used to be OK when VIRTIO_QUEUE_MAX was 64, but in
commit b829c2a98f1 it was raised to 1024, and this is no longer
a useful guard. The commit message for b829c2a98f1 suggests that
this is a "can't happen" case -- is that so? If so then the
else {} part of the code and an earlier check on
"if (vector >= VIRTIO_QUEUE_MAX + 64)" are dead code.
However it looks like the device_plugged method is also
checking VIRTIO_QUEUE_MAX, rather than 64.

If this is a false positive, then an assert() in
virtio_ccw_notify() and cleaning up the dead code would
help placate coverity.

(Other odd code in that function:
    vector = 0;
    [...]
    indicators |= 1ULL << vector;
is that really supposed to ignore the input vector number?)

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]