[v3] hw/net/can/ctucan: fix Coverity and other issues

[PATCH for-5.2 v3 0/4] hw/net/can/ctucan: fix Coverity and other issues

Pavel Pisa posted 4 patches 3 years, 5 months ago

Diff against v1 v2
Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/cover.1605044619.git.pisa@cmp.felk.cvut.cz

Maintainers: Jason Wang <jasowang@redhat.com>, Vikram Garhwal <fnu.vikram@xilinx.com>, Pavel Pisa <pisa@cmp.felk.cvut.cz>

hw/net/can/ctucan_core.c | 23 +++++++----------------
hw/net/can/ctucan_core.h |  3 +--
2 files changed, 8 insertions(+), 18 deletions(-)

Expand all Fold all

[PATCH for-5.2 v3 0/4] hw/net/can/ctucan: fix Coverity and other issues

Posted by Pavel Pisa 3 years, 5 months ago

Credit for finding and fixes goes to Peter Maydell

This patchset fixes a couple of issues spotted by Coverity:
 * incorrect address checks meant the guest could write off the
   end of the tx_buffer arrays
 * we had an unused value in ctucan_send_ready_buffers()
and also some I noticed while reading the code:
 * we don't adjust the device's non-portable use of bitfields
   on bigendian hosts
 * we should use stl_le_p() rather than casting uint_t* to
   uint32_t*

Tested with "make check" only.

Changes v1->v2: don't assert() the can't-happen case in patch 1,
to allow for future adjustment of #defines that correspond to
h/w synthesis parameters.

Changes v2->v3: minnor corrections of range checking,
support for unaligned and partial word writes into Tx
buffers. Tested on x86_64 guest on x86_64 host and bige-edian
MIPS guest on x86_64 host Pavel Pisa.

Peter Maydell (4):
  hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
  hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
  hw/net/can/ctucan_core: Handle big-endian hosts
  hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers

 hw/net/can/ctucan_core.c | 23 +++++++----------------
 hw/net/can/ctucan_core.h |  3 +--
 2 files changed, 8 insertions(+), 18 deletions(-)

-- 
2.20.1

Re: [PATCH for-5.2 v3 0/4] hw/net/can/ctucan: fix Coverity and other issues

Posted by Jason Wang 3 years, 5 months ago

On 2020/11/11 上午5:52, Pavel Pisa wrote:
> Credit for finding and fixes goes to Peter Maydell
>
> This patchset fixes a couple of issues spotted by Coverity:
>   * incorrect address checks meant the guest could write off the
>     end of the tx_buffer arrays
>   * we had an unused value in ctucan_send_ready_buffers()
> and also some I noticed while reading the code:
>   * we don't adjust the device's non-portable use of bitfields
>     on bigendian hosts
>   * we should use stl_le_p() rather than casting uint_t* to
>     uint32_t*
>
> Tested with "make check" only.
>
> Changes v1->v2: don't assert() the can't-happen case in patch 1,
> to allow for future adjustment of #defines that correspond to
> h/w synthesis parameters.
>
> Changes v2->v3: minnor corrections of range checking,
> support for unaligned and partial word writes into Tx
> buffers. Tested on x86_64 guest on x86_64 host and bige-edian
> MIPS guest on x86_64 host Pavel Pisa.
>
> Peter Maydell (4):
>    hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
>    hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
>    hw/net/can/ctucan_core: Handle big-endian hosts
>    hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
>
>   hw/net/can/ctucan_core.c | 23 +++++++----------------
>   hw/net/can/ctucan_core.h |  3 +--
>   2 files changed, 8 insertions(+), 18 deletions(-)


Applied.

Thanks


>