* [PATCH 0/2] pci *_by_mask() coverity fix @ 2022-07-26 16:32 Peter Maydell 2022-07-26 16:32 ` [PATCH 1/2] pci: Remove unused pci_get_*_by_mask() functions Peter Maydell 2022-07-26 16:32 ` [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() Peter Maydell 0 siblings, 2 replies; 9+ messages in thread From: Peter Maydell @ 2022-07-26 16:32 UTC (permalink / raw) To: qemu-devel; +Cc: Michael S. Tsirkin, Marcel Apfelbaum This patchset fixes a Coverity nit relating to the pci_set_*_by_mask() helper functions, where we might shift off the end of a variable if the caller passes in a bogus mask argument. Patch 2 is the coverity fix (adding an assert() to help Coverity out a bit and to catch potential future actual bugs). Patch 1 removes the _get_ versions of the functions, because they've been in the tree for a decade and never had any callers at any point in those 10 years :-) thanks -- PMM Peter Maydell (2): pci: Remove unused pci_get_*_by_mask() functions pci: Sanity check mask argument to pci_set_*_by_mask() include/hw/pci/pci.h | 48 +++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 32 deletions(-) -- 2.25.1 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/2] pci: Remove unused pci_get_*_by_mask() functions 2022-07-26 16:32 [PATCH 0/2] pci *_by_mask() coverity fix Peter Maydell @ 2022-07-26 16:32 ` Peter Maydell 2022-07-26 22:27 ` Richard Henderson 2022-07-26 16:32 ` [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() Peter Maydell 1 sibling, 1 reply; 9+ messages in thread From: Peter Maydell @ 2022-07-26 16:32 UTC (permalink / raw) To: qemu-devel; +Cc: Michael S. Tsirkin, Marcel Apfelbaum The helper functions pci_get_{byte,word,long,quad}_by_mask() were added in 2012 in commit c9f50cea70a1596. In the decade since we have never added a single use of them. The helpers clearly aren't that helpful, so drop them rather than carrying around dead code. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/pci/pci.h | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index b54b6ef88fc..c79144bc5ef 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -692,13 +692,6 @@ pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg) pci_set_byte(config, (~mask & val) | (mask & rval)); } -static inline uint8_t -pci_get_byte_by_mask(uint8_t *config, uint8_t mask) -{ - uint8_t val = pci_get_byte(config); - return (val & mask) >> ctz32(mask); -} - static inline void pci_set_word_by_mask(uint8_t *config, uint16_t mask, uint16_t reg) { @@ -707,13 +700,6 @@ pci_set_word_by_mask(uint8_t *config, uint16_t mask, uint16_t reg) pci_set_word(config, (~mask & val) | (mask & rval)); } -static inline uint16_t -pci_get_word_by_mask(uint8_t *config, uint16_t mask) -{ - uint16_t val = pci_get_word(config); - return (val & mask) >> ctz32(mask); -} - static inline void pci_set_long_by_mask(uint8_t *config, uint32_t mask, uint32_t reg) { @@ -722,13 +708,6 @@ pci_set_long_by_mask(uint8_t *config, uint32_t mask, uint32_t reg) pci_set_long(config, (~mask & val) | (mask & rval)); } -static inline uint32_t -pci_get_long_by_mask(uint8_t *config, uint32_t mask) -{ - uint32_t val = pci_get_long(config); - return (val & mask) >> ctz32(mask); -} - static inline void pci_set_quad_by_mask(uint8_t *config, uint64_t mask, uint64_t reg) { @@ -737,13 +716,6 @@ pci_set_quad_by_mask(uint8_t *config, uint64_t mask, uint64_t reg) pci_set_quad(config, (~mask & val) | (mask & rval)); } -static inline uint64_t -pci_get_quad_by_mask(uint8_t *config, uint64_t mask) -{ - uint64_t val = pci_get_quad(config); - return (val & mask) >> ctz32(mask); -} - PCIDevice *pci_new_multifunction(int devfn, bool multifunction, const char *name); PCIDevice *pci_new(int devfn, const char *name); -- 2.25.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/2] pci: Remove unused pci_get_*_by_mask() functions 2022-07-26 16:32 ` [PATCH 1/2] pci: Remove unused pci_get_*_by_mask() functions Peter Maydell @ 2022-07-26 22:27 ` Richard Henderson 0 siblings, 0 replies; 9+ messages in thread From: Richard Henderson @ 2022-07-26 22:27 UTC (permalink / raw) To: Peter Maydell, qemu-devel; +Cc: Michael S. Tsirkin, Marcel Apfelbaum On 7/26/22 09:32, Peter Maydell wrote: > The helper functions pci_get_{byte,word,long,quad}_by_mask() > were added in 2012 in commit c9f50cea70a1596. In the decade > since we have never added a single use of them. > > The helpers clearly aren't that helpful, so drop them > rather than carrying around dead code. > > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > include/hw/pci/pci.h | 28 ---------------------------- > 1 file changed, 28 deletions(-) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~ ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() 2022-07-26 16:32 [PATCH 0/2] pci *_by_mask() coverity fix Peter Maydell 2022-07-26 16:32 ` [PATCH 1/2] pci: Remove unused pci_get_*_by_mask() functions Peter Maydell @ 2022-07-26 16:32 ` Peter Maydell 2022-07-26 21:29 ` Philippe Mathieu-Daudé via 2022-07-26 22:30 ` Richard Henderson 1 sibling, 2 replies; 9+ messages in thread From: Peter Maydell @ 2022-07-26 16:32 UTC (permalink / raw) To: qemu-devel; +Cc: Michael S. Tsirkin, Marcel Apfelbaum Coverity complains that in functions like pci_set_word_by_mask() we might end up shifting by more than 31 bits. This is true, but only if the caller passes in a zero mask. Help Coverity out by asserting that the mask argument is valid. Fixes: CID 1487168 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- Note that only 1 of these 4 functions is used, and that only in 2 places in the codebase. In both cases the mask argument is a compile-time constant. --- include/hw/pci/pci.h | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index c79144bc5ef..0392b947b8b 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -688,7 +688,10 @@ static inline void pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg) { uint8_t val = pci_get_byte(config); - uint8_t rval = reg << ctz32(mask); + uint8_t rval; + + assert(mask & 0xff); + rval = reg << ctz32(mask); pci_set_byte(config, (~mask & val) | (mask & rval)); } @@ -696,7 +699,10 @@ static inline void pci_set_word_by_mask(uint8_t *config, uint16_t mask, uint16_t reg) { uint16_t val = pci_get_word(config); - uint16_t rval = reg << ctz32(mask); + uint16_t rval; + + assert(mask & 0xffff); + rval = reg << ctz32(mask); pci_set_word(config, (~mask & val) | (mask & rval)); } @@ -704,7 +710,10 @@ static inline void pci_set_long_by_mask(uint8_t *config, uint32_t mask, uint32_t reg) { uint32_t val = pci_get_long(config); - uint32_t rval = reg << ctz32(mask); + uint32_t rval; + + assert(mask); + rval = reg << ctz32(mask); pci_set_long(config, (~mask & val) | (mask & rval)); } @@ -712,7 +721,10 @@ static inline void pci_set_quad_by_mask(uint8_t *config, uint64_t mask, uint64_t reg) { uint64_t val = pci_get_quad(config); - uint64_t rval = reg << ctz32(mask); + uint64_t rval; + + assert(mask); + rval = reg << ctz32(mask); pci_set_quad(config, (~mask & val) | (mask & rval)); } -- 2.25.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() 2022-07-26 16:32 ` [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() Peter Maydell @ 2022-07-26 21:29 ` Philippe Mathieu-Daudé via 2022-07-26 22:30 ` Richard Henderson 1 sibling, 0 replies; 9+ messages in thread From: Philippe Mathieu-Daudé via @ 2022-07-26 21:29 UTC (permalink / raw) To: Peter Maydell, qemu-devel; +Cc: Michael S. Tsirkin, Marcel Apfelbaum On 26/7/22 18:32, Peter Maydell wrote: > Coverity complains that in functions like pci_set_word_by_mask() > we might end up shifting by more than 31 bits. This is true, > but only if the caller passes in a zero mask. Help Coverity out > by asserting that the mask argument is valid. > > Fixes: CID 1487168 > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > Note that only 1 of these 4 functions is used, and that only > in 2 places in the codebase. In both cases the mask argument > is a compile-time constant. > --- > include/hw/pci/pci.h | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() 2022-07-26 16:32 ` [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() Peter Maydell 2022-07-26 21:29 ` Philippe Mathieu-Daudé via @ 2022-07-26 22:30 ` Richard Henderson 2022-07-27 10:26 ` Peter Maydell 1 sibling, 1 reply; 9+ messages in thread From: Richard Henderson @ 2022-07-26 22:30 UTC (permalink / raw) To: Peter Maydell, qemu-devel; +Cc: Michael S. Tsirkin, Marcel Apfelbaum On 7/26/22 09:32, Peter Maydell wrote: > Coverity complains that in functions like pci_set_word_by_mask() > we might end up shifting by more than 31 bits. This is true, > but only if the caller passes in a zero mask. Help Coverity out > by asserting that the mask argument is valid. > > Fixes: CID 1487168 > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > Note that only 1 of these 4 functions is used, and that only > in 2 places in the codebase. In both cases the mask argument > is a compile-time constant. > --- > include/hw/pci/pci.h | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) > > diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h > index c79144bc5ef..0392b947b8b 100644 > --- a/include/hw/pci/pci.h > +++ b/include/hw/pci/pci.h > @@ -688,7 +688,10 @@ static inline void > pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg) > { > uint8_t val = pci_get_byte(config); > - uint8_t rval = reg << ctz32(mask); > + uint8_t rval; > + > + assert(mask & 0xff); Why the and, especially considering the uint8_t type? > @@ -696,7 +699,10 @@ static inline void > pci_set_word_by_mask(uint8_t *config, uint16_t mask, uint16_t reg) > { > uint16_t val = pci_get_word(config); > - uint16_t rval = reg << ctz32(mask); > + uint16_t rval; > + > + assert(mask & 0xffff); Similarly. Otherwise, Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~ ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() 2022-07-26 22:30 ` Richard Henderson @ 2022-07-27 10:26 ` Peter Maydell 2022-08-17 10:48 ` Michael S. Tsirkin 0 siblings, 1 reply; 9+ messages in thread From: Peter Maydell @ 2022-07-27 10:26 UTC (permalink / raw) To: Richard Henderson; +Cc: qemu-devel, Michael S. Tsirkin, Marcel Apfelbaum On Tue, 26 Jul 2022 at 23:30, Richard Henderson <richard.henderson@linaro.org> wrote: > > On 7/26/22 09:32, Peter Maydell wrote: > > Coverity complains that in functions like pci_set_word_by_mask() > > we might end up shifting by more than 31 bits. This is true, > > but only if the caller passes in a zero mask. Help Coverity out > > by asserting that the mask argument is valid. > > > > Fixes: CID 1487168 > > > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > > --- > > Note that only 1 of these 4 functions is used, and that only > > in 2 places in the codebase. In both cases the mask argument > > is a compile-time constant. > > --- > > include/hw/pci/pci.h | 20 ++++++++++++++++---- > > 1 file changed, 16 insertions(+), 4 deletions(-) > > > > diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h > > index c79144bc5ef..0392b947b8b 100644 > > --- a/include/hw/pci/pci.h > > +++ b/include/hw/pci/pci.h > > @@ -688,7 +688,10 @@ static inline void > > pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg) > > { > > uint8_t val = pci_get_byte(config); > > - uint8_t rval = reg << ctz32(mask); > > + uint8_t rval; > > + > > + assert(mask & 0xff); > > Why the and, especially considering the uint8_t type? Oops, yes. I think I was mixing up prototypes and thought the mask was passed as a 32-bit value in both these functions. -- PMM ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() 2022-07-27 10:26 ` Peter Maydell @ 2022-08-17 10:48 ` Michael S. Tsirkin 2022-08-17 12:31 ` Peter Maydell 0 siblings, 1 reply; 9+ messages in thread From: Michael S. Tsirkin @ 2022-08-17 10:48 UTC (permalink / raw) To: Peter Maydell; +Cc: Richard Henderson, qemu-devel, Marcel Apfelbaum On Wed, Jul 27, 2022 at 11:26:15AM +0100, Peter Maydell wrote: > On Tue, 26 Jul 2022 at 23:30, Richard Henderson > <richard.henderson@linaro.org> wrote: > > > > On 7/26/22 09:32, Peter Maydell wrote: > > > Coverity complains that in functions like pci_set_word_by_mask() > > > we might end up shifting by more than 31 bits. This is true, > > > but only if the caller passes in a zero mask. Help Coverity out > > > by asserting that the mask argument is valid. > > > > > > Fixes: CID 1487168 > > > > > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > > > --- > > > Note that only 1 of these 4 functions is used, and that only > > > in 2 places in the codebase. In both cases the mask argument > > > is a compile-time constant. > > > --- > > > include/hw/pci/pci.h | 20 ++++++++++++++++---- > > > 1 file changed, 16 insertions(+), 4 deletions(-) > > > > > > diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h > > > index c79144bc5ef..0392b947b8b 100644 > > > --- a/include/hw/pci/pci.h > > > +++ b/include/hw/pci/pci.h > > > @@ -688,7 +688,10 @@ static inline void > > > pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg) > > > { > > > uint8_t val = pci_get_byte(config); > > > - uint8_t rval = reg << ctz32(mask); > > > + uint8_t rval; > > > + > > > + assert(mask & 0xff); > > > > Why the and, especially considering the uint8_t type? > > Oops, yes. I think I was mixing up prototypes and thought the > mask was passed as a 32-bit value in both these functions. > > -- PMM Did you intend to send v2 of this without the &? -- MST ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() 2022-08-17 10:48 ` Michael S. Tsirkin @ 2022-08-17 12:31 ` Peter Maydell 0 siblings, 0 replies; 9+ messages in thread From: Peter Maydell @ 2022-08-17 12:31 UTC (permalink / raw) To: Michael S. Tsirkin; +Cc: Richard Henderson, qemu-devel, Marcel Apfelbaum On Wed, 17 Aug 2022 at 11:48, Michael S. Tsirkin <mst@redhat.com> wrote: > > On Wed, Jul 27, 2022 at 11:26:15AM +0100, Peter Maydell wrote: > > On Tue, 26 Jul 2022 at 23:30, Richard Henderson > > <richard.henderson@linaro.org> wrote: > > > > > > On 7/26/22 09:32, Peter Maydell wrote: > > > > Coverity complains that in functions like pci_set_word_by_mask() > > > > we might end up shifting by more than 31 bits. This is true, > > > > but only if the caller passes in a zero mask. Help Coverity out > > > > by asserting that the mask argument is valid. > > > > > > > > Fixes: CID 1487168 > > > > > > > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > > > > --- > > > > Note that only 1 of these 4 functions is used, and that only > > > > in 2 places in the codebase. In both cases the mask argument > > > > is a compile-time constant. > > > > --- > > > > include/hw/pci/pci.h | 20 ++++++++++++++++---- > > > > 1 file changed, 16 insertions(+), 4 deletions(-) > > > > > > > > diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h > > > > index c79144bc5ef..0392b947b8b 100644 > > > > --- a/include/hw/pci/pci.h > > > > +++ b/include/hw/pci/pci.h > > > > @@ -688,7 +688,10 @@ static inline void > > > > pci_set_byte_by_mask(uint8_t *config, uint8_t mask, uint8_t reg) > > > > { > > > > uint8_t val = pci_get_byte(config); > > > > - uint8_t rval = reg << ctz32(mask); > > > > + uint8_t rval; > > > > + > > > > + assert(mask & 0xff); > > > > > > Why the and, especially considering the uint8_t type? > > > > Oops, yes. I think I was mixing up prototypes and thought the > > mask was passed as a 32-bit value in both these functions. > Did you intend to send v2 of this without the &? Thanks for the reminder -- I'd forgotten I needed to respin. -- PMM ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-08-17 12:33 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-07-26 16:32 [PATCH 0/2] pci *_by_mask() coverity fix Peter Maydell 2022-07-26 16:32 ` [PATCH 1/2] pci: Remove unused pci_get_*_by_mask() functions Peter Maydell 2022-07-26 22:27 ` Richard Henderson 2022-07-26 16:32 ` [PATCH 2/2] pci: Sanity check mask argument to pci_set_*_by_mask() Peter Maydell 2022-07-26 21:29 ` Philippe Mathieu-Daudé via 2022-07-26 22:30 ` Richard Henderson 2022-07-27 10:26 ` Peter Maydell 2022-08-17 10:48 ` Michael S. Tsirkin 2022-08-17 12:31 ` Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).