From: Eric Blake <eblake@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: armbru@redhat.com
Subject: Re: [Qemu-devel] [PATCH v2] coverity-model: model address_space_read/write
Date: Wed, 15 Mar 2017 06:55:32 -0500 [thread overview]
Message-ID: <7d1e7414-1194-2d81-1058-62b6313b625e@redhat.com> (raw)
In-Reply-To: <20170315081641.20588-1-pbonzini@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1995 bytes --]
On 03/15/2017 03:16 AM, Paolo Bonzini wrote:
> Commit eb7eeb8 ("memory: split address_space_read and
> address_space_write", 2015-12-17) made address_space_rw
> dispatch to one of address_space_read or address_space_write,
> rather than vice versa.
>
> For callers of address_space_read and address_space_write this
> causes false positive defects when Coverity sees a length-8 write in
> address_space_read and a length-4 (e.g. int*) buffer to read into.
> As long as the size of the buffer is okay, this is a false positive.
>
> Reflect the code change into the model.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> scripts/coverity-model.c | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
> -MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
> - uint8_t *buf, int len, bool is_write)
> +MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
> + MemTxAttrs attrs,
> + uint8_t *buf, int len)
> {
> MemTxResult result;
> -
> // TODO: investigate impact of treating reads as producing
> // tainted data, with __coverity_tainted_data_argument__(buf).
> - if (is_write) __bufread(buf, len); else __bufwrite(buf, len);
Old code did __bufread for reads,
> + __bufwrite(buf, len);
but the new does __bufwrite.
> + return result;
> +}
>
> +MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
> + MemTxAttrs attrs,
> + const uint8_t *buf, int len)
> +{
> + MemTxResult result;
> + __bufread(buf, len);
And __bufread for writes. Did you get this backwards?
> return result;
> }
>
> +
> /* Tainting */
>
> typedef struct {} name2keysym_t;
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2017-03-15 11:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 8:16 [Qemu-devel] [PATCH v2] coverity-model: model address_space_read/write Paolo Bonzini
2017-03-15 11:55 ` Eric Blake [this message]
2017-03-15 11:58 ` Peter Maydell
2017-03-15 12:19 ` Eric Blake
2017-03-15 13:01 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7d1e7414-1194-2d81-1058-62b6313b625e@redhat.com \
--to=eblake@redhat.com \
--cc=armbru@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).