[PULL 03/15] hw/s390x/s390-pci-bus.c: Use g_assert_not_reached() in functions taking an ett

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Thomas Huth <thuth@redhat.com>
To: qemu-devel@nongnu.org
Cc: Stefan Hajnoczi <stefanha@redhat.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	Matthew Rosato <mjrosato@linux.ibm.com>,
	Halil Pasic <pasic@linux.ibm.com>
Subject: [PULL 03/15] hw/s390x/s390-pci-bus.c: Use g_assert_not_reached() in functions taking an ett
Date: Fri, 11 Jul 2025 11:33:28 +0200	[thread overview]
Message-ID: <20250711093340.608485-4-thuth@redhat.com> (raw)
In-Reply-To: <20250711093340.608485-1-thuth@redhat.com>

From: Peter Maydell <peter.maydell@linaro.org>

The s390-pci-bus.c code, Coverity complains about a possible overflow
because get_table_index() can return -1 if the ett value passed in is
not one of the three permitted ZPCI_ETT_PT, ZPCI_ETT_ST, ZPCI_ETT_RT,
but the caller in table_translate() doesn't check this and instead
uses the return value directly in a calculation of the guest address
to read from.

In fact this case cannot happen, because:
 * get_table_index() is called only from table_translate()
 * the only caller of table_translate() loops through the ett values
   in the order RT, ST, PT until table_translate() returns 0
 * table_translate() will return 0 for the error cases and when
   translate_iscomplete() returns true
 * translate_iscomplete() is always true for ZPCI_ETT_PT

So table_translate() is always called with a valid ett value.

Instead of having the various functions called from table_translate()
return a default or dummy value when the ett argument is out of range,
use g_assert_not_reached() to indicate that this is impossible.

Coverity: CID 1547609
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Message-ID: <20250710161552.1287399-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 hw/s390x/s390-pci-bus.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index e6aa44531f6..f87d2748b63 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -384,9 +384,9 @@ static uint64_t get_table_index(uint64_t iova, int8_t ett)
         return calc_sx(iova);
     case ZPCI_ETT_RT:
         return calc_rtx(iova);
+    default:
+        g_assert_not_reached();
     }
-
-    return -1;
 }
 
 static bool entry_isvalid(uint64_t entry, int8_t ett)
@@ -397,22 +397,24 @@ static bool entry_isvalid(uint64_t entry, int8_t ett)
     case ZPCI_ETT_ST:
     case ZPCI_ETT_RT:
         return rt_entry_isvalid(entry);
+    default:
+        g_assert_not_reached();
     }
-
-    return false;
 }
 
 /* Return true if address translation is done */
 static bool translate_iscomplete(uint64_t entry, int8_t ett)
 {
     switch (ett) {
-    case 0:
+    case ZPCI_ETT_ST:
         return (entry & ZPCI_TABLE_FC) ? true : false;
-    case 1:
+    case ZPCI_ETT_RT:
         return false;
+    case ZPCI_ETT_PT:
+        return true;
+    default:
+        g_assert_not_reached();
     }
-
-    return true;
 }
 
 static uint64_t get_frame_size(int8_t ett)
@@ -424,9 +426,9 @@ static uint64_t get_frame_size(int8_t ett)
         return 1ULL << 20;
     case ZPCI_ETT_RT:
         return 1ULL << 31;
+    default:
+        g_assert_not_reached();
     }
-
-    return 0;
 }
 
 static uint64_t get_next_table_origin(uint64_t entry, int8_t ett)
@@ -438,9 +440,9 @@ static uint64_t get_next_table_origin(uint64_t entry, int8_t ett)
         return get_st_pto(entry);
     case ZPCI_ETT_RT:
         return get_rt_sto(entry);
+    default:
+        g_assert_not_reached();
     }
-
-    return 0;
 }
 
 /**
-- 
2.50.0

next prev parent reply	other threads:[~2025-07-11  9:35 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-11  9:33 [PULL 00/15] functional tests and s390x patches Thomas Huth
2025-07-11  9:33 ` [PULL 01/15] target/s390x/kvm: Use vaddr in find/insert_hw_breakpoint() Thomas Huth
2025-07-11  9:33 ` [PULL 02/15] target/s390x/tcg: Use vaddr in s390_probe_access() Thomas Huth
2025-07-11  9:33 ` Thomas Huth [this message]
2025-07-11  9:33 ` [PULL 04/15] pc-bios/s390-ccw: Allow to select a different pxelinux.cfg entry via loadparm Thomas Huth
2025-07-11  9:33 ` [PULL 05/15] pc-bios/s390-ccw: Allow up to 31 entries for pxelinux.cfg Thomas Huth
2025-07-11  9:33 ` [PULL 06/15] pc-bios/s390-ccw: Make get_boot_index() from menu.c global Thomas Huth
2025-07-11  9:33 ` [PULL 07/15] pc-bios/s390-ccw: Add a boot menu for booting via pxelinux.cfg Thomas Huth
2025-07-11  9:33 ` [PULL 08/15] tests/functional: Add a test for s390x pxelinux.cfg network booting Thomas Huth
2025-07-11  9:33 ` [PULL 09/15] pc-bios/s390-ccw: link statically Thomas Huth
2025-07-11  9:33 ` [PULL 10/15] pc-bios: Update the s390 bios images with the pxelinux.cfg loadparm changes Thomas Huth
2025-07-11  9:33 ` [PULL 11/15] tests/functional: Add dependency to the keymap_targets Thomas Huth
2025-07-11  9:33 ` [PULL 12/15] tests/functional/test_ppc_bamboo: Replace broken link with working assets Thomas Huth
2025-07-11  9:33 ` [PULL 13/15] target/s390x: Remove unused s390_cpu_[un]halt() user stubs Thomas Huth
2025-07-11  9:33 ` [PULL 14/15] target/s390x: Expose s390_count_running_cpus() method Thomas Huth
2025-07-11  9:33 ` [PULL 15/15] target/s390x: Have s390_cpu_halt() not return anything Thomas Huth
2025-07-13  7:06 ` [PULL 00/15] functional tests and s390x patches Stefan Hajnoczi

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e6aa44531f dfblob:f87d2748b6 )
 OR (
bs:"[PULL 03/15] hw/s390x/s390-pci-bus.c: Use g_assert_not_reached() in functions taking an ett" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250711093340.608485-4-thuth@redhat.com \
    --to=thuth@redhat.com \
    --cc=mjrosato@linux.ibm.com \
    --cc=pasic@linux.ibm.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).