From: Cornelia Huck <cohuck@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
Halil Pasic <pasic@linux.ibm.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>,
Jason Wang <jasowang@redhat.com>,
qemu-s390x@nongnu.org
Subject: Re: [Qemu-devel] virtio-ccw.c vs larger VIRTIO_QUEUE_MAX (coverity warning CID 1390619)
Date: Tue, 15 May 2018 10:32:29 +0200 [thread overview]
Message-ID: <20180515103229.6684fbe9.cohuck@redhat.com> (raw)
In-Reply-To: <CAFEAcA93DU7H73F-3Xd_4eP6MCZn-JHWMMeqVtyDHoMWYBXHiA@mail.gmail.com>
On Mon, 14 May 2018 19:12:27 +0100
Peter Maydell <peter.maydell@linaro.org> wrote:
> Hi; Coverity has I think enabled a new warning recently, which
> is triggering on virtio_ccw_notify() in hw/s390x/virtio-ccw.c
> (CID 1390619).
>
> This function does
> indicators |= 1ULL << vector;
> but the code is guarded only by
> if (vector < VIRTIO_QUEUE_MAX) {
>
> That used to be OK when VIRTIO_QUEUE_MAX was 64, but in
> commit b829c2a98f1 it was raised to 1024, and this is no longer
> a useful guard. The commit message for b829c2a98f1 suggests that
> this is a "can't happen" case -- is that so?
That is outdated; we bumped max virtqueues for ccw in b1914b824ade.
> If so then the
> else {} part of the code and an earlier check on
> "if (vector >= VIRTIO_QUEUE_MAX + 64)" are dead code.
> However it looks like the device_plugged method is also
> checking VIRTIO_QUEUE_MAX, rather than 64.
>
> If this is a false positive, then an assert() in
> virtio_ccw_notify() and cleaning up the dead code would
> help placate coverity.
It is a false positive as far as I can see; this is the notification
code for classical interrupts, and we fence off more than 64 virtqueues
already when the guest tries to set it up (introduced in 797b608638c5).
As that code flow is basically impossible to deduce by a static code
checker, adding an assert() seems like a good idea. Halil, what do you
think?
>
> (Other odd code in that function:
> vector = 0;
> [...]
> indicators |= 1ULL << vector;
> is that really supposed to ignore the input vector number?)
Yes; this as a configuration change notification done via secondary
indicators (different from either the classical indicators or the
adapter interrupt indicators). We always set the same bit, and it is
always triggered by doing a notification with a number one above the
maximum possible virtqueue number. (I agree that it does look odd, we
should maybe add a comment.)
next prev parent reply other threads:[~2018-05-15 8:32 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-14 18:12 [Qemu-devel] virtio-ccw.c vs larger VIRTIO_QUEUE_MAX (coverity warning CID 1390619) Peter Maydell
2018-05-15 8:32 ` Cornelia Huck [this message]
2018-05-15 12:00 ` [Qemu-devel] [qemu-s390x] " Halil Pasic
2018-05-15 12:07 ` Peter Maydell
2018-05-15 13:17 ` Halil Pasic
2018-05-15 14:01 ` Cornelia Huck
2018-05-15 15:30 ` Halil Pasic
2018-05-15 15:45 ` Cornelia Huck
2018-05-15 13:37 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180515103229.6684fbe9.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=jasowang@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).