[PULL 21/21] system/physmem: Where we assume we have a RAM MR, assert it

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 21/21] system/physmem: Where we assume we have a RAM MR, assert it

From:	Peter Maydell
Subject:	[PULL 21/21] system/physmem: Where we assume we have a RAM MR, assert it
Date:	Tue, 30 Jul 2024 10:40:20 +0100

In the functions invalidate_and_set_dirty() and
cpu_physical_memory_snapshot_and_clear_dirty(), we assume that we
are dealing with RAM memory regions. In this case we know that
memory_region_get_ram_addr() will succeed. Assert this before we
use the returned ram_addr_t in arithmetic.

This makes Coverity happier about these functions: it otherwise
complains that we might have an arithmetic overflow that stems
from the possible -1 return from memory_region_get_ram_addr().

Resolves: Coverity CID 1547629, 1547715

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-id: 20240723170513.1676453-1-peter.maydell@linaro.org
---
 system/physmem.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/system/physmem.c b/system/physmem.c
index 0e19186e1b4..94600a33ec3 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -923,13 +923,19 @@ DirtyBitmapSnapshot 
*cpu_physical_memory_snapshot_and_clear_dirty
     (MemoryRegion *mr, hwaddr offset, hwaddr length, unsigned client)
 {
     DirtyMemoryBlocks *blocks;
-    ram_addr_t start = memory_region_get_ram_addr(mr) + offset;
+    ram_addr_t start, first, last;
     unsigned long align = 1UL << (TARGET_PAGE_BITS + BITS_PER_LEVEL);
-    ram_addr_t first = QEMU_ALIGN_DOWN(start, align);
-    ram_addr_t last  = QEMU_ALIGN_UP(start + length, align);
     DirtyBitmapSnapshot *snap;
     unsigned long page, end, dest;
 
+    start = memory_region_get_ram_addr(mr);
+    /* We know we're only called for RAM MemoryRegions */
+    assert(start != RAM_ADDR_INVALID);
+    start += offset;
+
+    first = QEMU_ALIGN_DOWN(start, align);
+    last  = QEMU_ALIGN_UP(start + length, align);
+
     snap = g_malloc0(sizeof(*snap) +
                      ((last - first) >> (TARGET_PAGE_BITS + 3)));
     snap->start = first;
@@ -2659,7 +2665,11 @@ static void invalidate_and_set_dirty(MemoryRegion *mr, 
hwaddr addr,
                                      hwaddr length)
 {
     uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
-    addr += memory_region_get_ram_addr(mr);
+    ram_addr_t ramaddr = memory_region_get_ram_addr(mr);
+
+    /* We know we're only called for RAM MemoryRegions */
+    assert(ramaddr != RAM_ADDR_INVALID);
+    addr += ramaddr;
 
     /* No early return if dirty_log_mask is or becomes 0, because
      * cpu_physical_memory_set_dirty_range will still call
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 08/21] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, (continued)
- [PULL 08/21] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, Peter Maydell, 2024/07/30
- [PULL 06/21] hvf: arm: Properly disable PMU, Peter Maydell, 2024/07/30
- [PULL 14/21] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl(), Peter Maydell, 2024/07/30
- [PULL 02/21] hw/arm/smmuv3: Assert input to oas2bits() is valid, Peter Maydell, 2024/07/30
- [PULL 05/21] hvf: arm: Raise an exception for sysreg by default, Peter Maydell, 2024/07/30
- [PULL 07/21] hvf: arm: Do not advance PC when raising an exception, Peter Maydell, 2024/07/30
- [PULL 15/21] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled, Peter Maydell, 2024/07/30
- [PULL 18/21] target/m68k: avoid shift into sign bit in dump_address_map(), Peter Maydell, 2024/07/30
- [PULL 19/21] target/i386: Remove dead assignment to ss in do_interrupt64(), Peter Maydell, 2024/07/30
- [PULL 20/21] target/sh4: Avoid shift into sign bit in update_itlb_use(), Peter Maydell, 2024/07/30
- [PULL 21/21] system/physmem: Where we assume we have a RAM MR, assert it, Peter Maydell <=
- [PULL 09/21] hw/misc/bcm2835_property: Avoid overflow in OTP access properties, Peter Maydell, 2024/07/30
- [PULL 11/21] hw/misc/bcm2835_property: Reduce scope of variables in mbox push function, Peter Maydell, 2024/07/30
- [PULL 10/21] hw/misc/bcm2835_property: Restrict scope of start_num, number, otp_row, Peter Maydell, 2024/07/30
- [PULL 12/21] target/arm: Don't assert for 128-bit tile accesses when SVL is 128, Peter Maydell, 2024/07/30
- [PULL 13/21] target/arm: Fix UMOPA/UMOPS of 16-bit values, Peter Maydell, 2024/07/30
- [PULL 16/21] target/tricore: Use unsigned types for bitops in helper_eq_b(), Peter Maydell, 2024/07/30
- [PULL 17/21] target/xtensa: Make use of 'segment' in pptlb helper less confusing, Peter Maydell, 2024/07/30
- Re: [PULL 00/21] target-arm queue, Richard Henderson, 2024/07/30

Prev by Date: [PULL 20/21] target/sh4: Avoid shift into sign bit in update_itlb_use()
Next by Date: [PULL 09/21] hw/misc/bcm2835_property: Avoid overflow in OTP access properties
Previous by thread: [PULL 20/21] target/sh4: Avoid shift into sign bit in update_itlb_use()
Next by thread: [PULL 09/21] hw/misc/bcm2835_property: Avoid overflow in OTP access properties
Index(es):
- Date
- Thread