[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 02/21] hw/arm/smmuv3: Assert input to oas2bits() is valid
|
From: |
Peter Maydell |
|
Subject: |
[PULL 02/21] hw/arm/smmuv3: Assert input to oas2bits() is valid |
|
Date: |
Tue, 30 Jul 2024 10:40:01 +0100 |
From: Mostafa Saleh <smostafa@google.com>
Coverity has spotted a possible problem with the OAS handling
(CID 1558464), where the error return of oas2bits() -1 is not
checked, which can cause an overflow in oas value.
oas2bits() is only called with valid inputs, harden the function
to assert that.
Reported-By: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20240722103531.2377348-1-smostafa@google.com
Link:
https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mHC+eL6YjfL1m+x+b+Fk3mkgZbN74WNxifFVow@mail.gmail.com/
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/smmuv3-internal.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 0ebf2eebcff..b6b7399347f 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -599,7 +599,8 @@ static inline int oas2bits(int oas_field)
case 5:
return 48;
}
- return -1;
+
+ g_assert_not_reached();
}
/* CD fields */
--
2.34.1
- [PULL 00/21] target-arm queue, Peter Maydell, 2024/07/30
- [PULL 01/21] hw/char/bcm2835_aux: Fix assert when receive FIFO fills up, Peter Maydell, 2024/07/30
- [PULL 03/21] target/arm/kvm: Set PMU for host only when available, Peter Maydell, 2024/07/30
- [PULL 04/21] target/arm/kvm: Do not silently remove PMU, Peter Maydell, 2024/07/30
- [PULL 08/21] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, Peter Maydell, 2024/07/30
- [PULL 06/21] hvf: arm: Properly disable PMU, Peter Maydell, 2024/07/30
- [PULL 14/21] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl(), Peter Maydell, 2024/07/30
- [PULL 02/21] hw/arm/smmuv3: Assert input to oas2bits() is valid,
Peter Maydell <=
- [PULL 05/21] hvf: arm: Raise an exception for sysreg by default, Peter Maydell, 2024/07/30
- [PULL 07/21] hvf: arm: Do not advance PC when raising an exception, Peter Maydell, 2024/07/30
- [PULL 15/21] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled, Peter Maydell, 2024/07/30
- [PULL 18/21] target/m68k: avoid shift into sign bit in dump_address_map(), Peter Maydell, 2024/07/30
- [PULL 19/21] target/i386: Remove dead assignment to ss in do_interrupt64(), Peter Maydell, 2024/07/30
- [PULL 20/21] target/sh4: Avoid shift into sign bit in update_itlb_use(), Peter Maydell, 2024/07/30
- [PULL 21/21] system/physmem: Where we assume we have a RAM MR, assert it, Peter Maydell, 2024/07/30
- [PULL 09/21] hw/misc/bcm2835_property: Avoid overflow in OTP access properties, Peter Maydell, 2024/07/30
- [PULL 11/21] hw/misc/bcm2835_property: Reduce scope of variables in mbox push function, Peter Maydell, 2024/07/30
- [PULL 10/21] hw/misc/bcm2835_property: Restrict scope of start_num, number, otp_row, Peter Maydell, 2024/07/30