spapr-tpm-proxy: Drop misleading check

[Qemu-devel] [PATCH] spapr-tpm-proxy: Drop misleading check

Posted by Greg Kurz 4 years, 7 months ago

Coverity is reporting in CID 1405304 that tpm_execute() may pass a NULL
tpm_proxy->host_path pointer to open(). This is based on the fact that
h_tpm_comm() does a NULL check on tpm_proxy->host_path and then passes
tpm_proxy to tpm_execute().

The check in h_tpm_comm() is abusive actually since a spapr-proxy-tpm
requires a non NULL host_path property, as checked during realize.

Fixes: 0fb6bd073230
Signed-off-by: Greg Kurz <groug@kaod.org>
---
 hw/ppc/spapr_tpm_proxy.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_tpm_proxy.c b/hw/ppc/spapr_tpm_proxy.c
index b835d25be6f6..ca1caec113f0 100644
--- a/hw/ppc/spapr_tpm_proxy.c
+++ b/hw/ppc/spapr_tpm_proxy.c
@@ -114,7 +114,7 @@ static target_ulong h_tpm_comm(PowerPCCPU *cpu,
         return H_FUNCTION;
     }
 
-    trace_spapr_h_tpm_comm(tpm_proxy->host_path ?: "null", op);
+    trace_spapr_h_tpm_comm(tpm_proxy->host_path, op);
 
     switch (op) {
     case TPM_COMM_OP_EXECUTE:

Re: [Qemu-devel] [PATCH] spapr-tpm-proxy: Drop misleading check

Posted by Michael Roth 4 years, 7 months ago

Quoting Greg Kurz (2019-09-09 13:10:09)
> Coverity is reporting in CID 1405304 that tpm_execute() may pass a NULL
> tpm_proxy->host_path pointer to open(). This is based on the fact that
> h_tpm_comm() does a NULL check on tpm_proxy->host_path and then passes
> tpm_proxy to tpm_execute().
> 
> The check in h_tpm_comm() is abusive actually since a spapr-proxy-tpm
> requires a non NULL host_path property, as checked during realize.
> 
> Fixes: 0fb6bd073230
> Signed-off-by: Greg Kurz <groug@kaod.org>

Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Thanks for the quick fix!

> ---
>  hw/ppc/spapr_tpm_proxy.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr_tpm_proxy.c b/hw/ppc/spapr_tpm_proxy.c
> index b835d25be6f6..ca1caec113f0 100644
> --- a/hw/ppc/spapr_tpm_proxy.c
> +++ b/hw/ppc/spapr_tpm_proxy.c
> @@ -114,7 +114,7 @@ static target_ulong h_tpm_comm(PowerPCCPU *cpu,
>          return H_FUNCTION;
>      }
> 
> -    trace_spapr_h_tpm_comm(tpm_proxy->host_path ?: "null", op);
> +    trace_spapr_h_tpm_comm(tpm_proxy->host_path, op);
> 
>      switch (op) {
>      case TPM_COMM_OP_EXECUTE:
>

Re: [Qemu-devel] [PATCH] spapr-tpm-proxy: Drop misleading check

Posted by David Gibson 4 years, 7 months ago

On Mon, Sep 09, 2019 at 08:10:09PM +0200, Greg Kurz wrote:
> Coverity is reporting in CID 1405304 that tpm_execute() may pass a NULL
> tpm_proxy->host_path pointer to open(). This is based on the fact that
> h_tpm_comm() does a NULL check on tpm_proxy->host_path and then passes
> tpm_proxy to tpm_execute().
> 
> The check in h_tpm_comm() is abusive actually since a spapr-proxy-tpm
> requires a non NULL host_path property, as checked during realize.
> 
> Fixes: 0fb6bd073230
> Signed-off-by: Greg Kurz <groug@kaod.org>

Applied to ppc-for-4.2, thanks.

> ---
>  hw/ppc/spapr_tpm_proxy.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr_tpm_proxy.c b/hw/ppc/spapr_tpm_proxy.c
> index b835d25be6f6..ca1caec113f0 100644
> --- a/hw/ppc/spapr_tpm_proxy.c
> +++ b/hw/ppc/spapr_tpm_proxy.c
> @@ -114,7 +114,7 @@ static target_ulong h_tpm_comm(PowerPCCPU *cpu,
>          return H_FUNCTION;
>      }
>  
> -    trace_spapr_h_tpm_comm(tpm_proxy->host_path ?: "null", op);
> +    trace_spapr_h_tpm_comm(tpm_proxy->host_path, op);
>  
>      switch (op) {
>      case TPM_COMM_OP_EXECUTE:
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson