From: Atish Patra <atishp@rivosinc.com>
To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org
Cc: palmer@dabbelt.com, liwei1518@gmail.com,
zhiwei_liu@linux.alibaba.com, bin.meng@windriver.com,
dbarboza@ventanamicro.com, alistair.francis@wdc.com,
Peter Maydell <peter.maydell@linaro.org>,
Atish Patra <atishp@rivosinc.com>
Subject: [PATCH] target/riscv: Add asserts for out-of-bound access
Date: Wed, 24 Jul 2024 01:31:36 -0700 [thread overview]
Message-ID: <20240724-fixes-v1-1-4a64596b0d64@rivosinc.com> (raw)
Coverity complained about the possible out-of-bounds access with
counter_virt/counter_virt_prev because these two arrays are
accessed with privilege mode. However, these two arrays are accessed
only when virt is enabled. Thus, the privilege mode can't be M mode.
Add the asserts anyways to detect any wrong usage of these arrays
in the future.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
---
The lore discussion can be found here
https://lore.kernel.org/all/CAHBxVyGQHBobpf71o4Qp51iQGXKBh0Ajup=e_a95xdLF==V_WQ@mail.gmail.com/
---
target/riscv/pmu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/target/riscv/pmu.c b/target/riscv/pmu.c
index 3cc0b3648cad..e05ab067d2f2 100644
--- a/target/riscv/pmu.c
+++ b/target/riscv/pmu.c
@@ -204,6 +204,7 @@ static void riscv_pmu_icount_update_priv(CPURISCVState *env,
}
if (env->virt_enabled) {
+ g_assert(env->priv <= PRV_S);
counter_arr = env->pmu_fixed_ctrs[1].counter_virt;
snapshot_prev = env->pmu_fixed_ctrs[1].counter_virt_prev;
} else {
@@ -212,6 +213,7 @@ static void riscv_pmu_icount_update_priv(CPURISCVState *env,
}
if (new_virt) {
+ g_assert(newpriv <= PRV_S);
snapshot_new = env->pmu_fixed_ctrs[1].counter_virt_prev;
} else {
snapshot_new = env->pmu_fixed_ctrs[1].counter_prev;
@@ -242,6 +244,7 @@ static void riscv_pmu_cycle_update_priv(CPURISCVState *env,
}
if (env->virt_enabled) {
+ g_assert(env->priv <= PRV_S);
counter_arr = env->pmu_fixed_ctrs[0].counter_virt;
snapshot_prev = env->pmu_fixed_ctrs[0].counter_virt_prev;
} else {
@@ -250,6 +253,7 @@ static void riscv_pmu_cycle_update_priv(CPURISCVState *env,
}
if (new_virt) {
+ g_assert(newpriv <= PRV_S);
snapshot_new = env->pmu_fixed_ctrs[0].counter_virt_prev;
} else {
snapshot_new = env->pmu_fixed_ctrs[0].counter_prev;
---
base-commit: daff9f7f7a457f78ce455e6abf19c2a37dfe7630
change-id: 20240723-fixes-439b929bfbc8
--
Regards,
Atish patra
next reply other threads:[~2024-07-24 8:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-24 8:31 Atish Patra [this message]
2024-07-26 5:11 ` [PATCH] target/riscv: Add asserts for out-of-bound access Alistair Francis
2024-07-27 1:25 ` Atish Kumar Patra
2024-07-27 1:35 ` Atish Kumar Patra
2024-07-31 9:34 ` Alistair Francis
2024-07-31 9:44 ` Peter Maydell
2024-08-05 2:02 ` Alistair Francis
2024-08-05 2:05 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240724-fixes-v1-1-4a64596b0d64@rivosinc.com \
--to=atishp@rivosinc.com \
--cc=alistair.francis@wdc.com \
--cc=bin.meng@windriver.com \
--cc=dbarboza@ventanamicro.com \
--cc=liwei1518@gmail.com \
--cc=palmer@dabbelt.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).