[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helpe
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helper |
|
Date: |
Mon, 14 May 2018 17:23:31 +0100 |
On 4 May 2018 at 18:15, Peter Maydell <address@hidden> wrote:
> From: Eric Auger <address@hidden>
>
> Let's introduce a helper function aiming at recording an
> event in the event queue.
> +void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
> +{
> + Evt evt;
> + MemTxResult r;
>
> if (!smmuv3_eventq_enabled(s)) {
> return;
> }
>
> - if (smmuv3_q_full(q)) {
> + EVT_SET_TYPE(&evt, info->type);
> + EVT_SET_SID(&evt, info->sid);
Hi Eric -- Coverity complains about use of uninitialized data
here (CID 1391004). Evt is a struct, and there's no initializer
where we declare it, so its fields are uninitialized. The
The EVT_SET_TYPE and similar setters use deposit32() on fields
in the struct, so they read the uninitialized existing values.
In cases where we don't set all the fields in the event struct
we'll end up leaking random uninitialized data from QEMU's
stack into the guest.
Initializing the struct with "Evt evt = {};" ought to satisfy
Coverity and fix the data leak.
thanks
-- PMM
- [Qemu-devel] [PULL 09/24] hw/arm: Don't fail qtest due to missing SD card in -nodefaults mode, (continued)
- [Qemu-devel] [PULL 09/24] hw/arm: Don't fail qtest due to missing SD card in -nodefaults mode, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 10/24] target/arm: Implement v8M VLLDM and VLSTM, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 12/24] hw/arm/smmu-common: IOMMU memory region and address space setup, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 11/24] hw/arm/smmu-common: smmu base device and datatypes, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 15/24] hw/arm/smmuv3: Wired IRQ and GERROR helpers, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 16/24] hw/arm/smmuv3: Queue helpers, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 17/24] hw/arm/smmuv3: Implement MMIO write operations, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 19/24] hw/arm/smmuv3: Implement translate callback, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 22/24] hw/arm/virt: Add SMMUv3 to the virt board, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helper, Peter Maydell, 2018/05/04
- Re: [Qemu-devel] [PULL 18/24] hw/arm/smmuv3: Event queue recording helper,
Peter Maydell <=
- [Qemu-devel] [PULL 13/24] hw/arm/smmu-common: VMSAv8-64 page table walk, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 20/24] hw/arm/smmuv3: Abort on vfio or vhost case, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 21/24] target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 24/24] hw/arm/virt: Introduce the iommu option, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 23/24] hw/arm/virt-acpi-build: Add smmuv3 node in IORT table, Peter Maydell, 2018/05/04
- [Qemu-devel] [PULL 14/24] hw/arm/smmuv3: Skeleton, Peter Maydell, 2018/05/04
- Re: [Qemu-devel] [PULL 00/24] target-arm queue, Peter Maydell, 2018/05/04