From nobody Wed Nov 27 07:40:03 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 169990224352649.717164390047515; Mon, 13 Nov 2023 11:04:03 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r2cDP-00035U-D8; Mon, 13 Nov 2023 14:03:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r2cDN-0002x2-OE for qemu-devel@nongnu.org; Mon, 13 Nov 2023 14:03:17 -0500 Received: from vps-vb.mhejs.net ([37.28.154.113]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r2cDL-0000Ni-2B for qemu-devel@nongnu.org; Mon, 13 Nov 2023 14:03:17 -0500 Received: from MUA by vps-vb.mhejs.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1r2cDG-0003PW-Hj; Mon, 13 Nov 2023 20:03:10 +0100 From: "Maciej S. Szmigiero" To: qemu-devel@nongnu.org Cc: Peter Maydell , David Hildenbrand , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH] hv-balloon: define dm_hot_add_with_region to avoid Coverity warning Date: Mon, 13 Nov 2023 20:03:04 +0100 Message-ID: X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=37.28.154.113; envelope-from=mail@maciej.szmigiero.name; helo=vps-vb.mhejs.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1699902247197100005 Content-Type: text/plain; charset="utf-8" From: "Maciej S. Szmigiero" Since the presence of a hot add memory region is optional in hot add request message it wasn't part of this message declaration (struct dm_hot_add). Instead, the code allocated such enlarged message by simply adding the necessary size for this extra field to the size of basic hot add message struct. However, Coverity considers accessing this extra member to be an out-of-bounds access, even thought the memory is actually there. Fix this by adding an extended variant of this message that explicitly has an additional union dm_mem_page_range at its end. CID: #1523903 Signed-off-by: Maciej S. Szmigiero --- hw/hyperv/hv-balloon.c | 10 +++++----- include/hw/hyperv/dynmem-proto.h | 9 ++++++++- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/hw/hyperv/hv-balloon.c b/hw/hyperv/hv-balloon.c index a4b4bde0a1e9..5b8f8aac7216 100644 --- a/hw/hyperv/hv-balloon.c +++ b/hw/hyperv/hv-balloon.c @@ -512,8 +512,8 @@ ret_idle: static void hv_balloon_hot_add_rb_wait(HvBalloon *balloon, StateDesc *stde= sc) { VMBusChannel *chan =3D hv_balloon_get_channel(balloon); - struct dm_hot_add *ha; - size_t ha_size =3D sizeof(*ha) + sizeof(ha->range); + struct dm_hot_add_with_region *ha; + size_t ha_size =3D sizeof(*ha); =20 assert(balloon->state =3D=3D S_HOT_ADD_RB_WAIT); =20 @@ -529,8 +529,8 @@ static void hv_balloon_hot_add_posting(HvBalloon *ballo= on, StateDesc *stdesc) PageRange *hot_add_range =3D &balloon->hot_add_range; uint64_t *current_count =3D &balloon->ha_current_count; VMBusChannel *chan =3D hv_balloon_get_channel(balloon); - g_autofree struct dm_hot_add *ha =3D NULL; - size_t ha_size =3D sizeof(*ha) + sizeof(ha->range); + g_autofree struct dm_hot_add_with_region *ha =3D NULL; + size_t ha_size =3D sizeof(*ha); union dm_mem_page_range *ha_region; uint64_t align, chunk_max_size; ssize_t ret; @@ -559,7 +559,7 @@ static void hv_balloon_hot_add_posting(HvBalloon *ballo= on, StateDesc *stdesc) *current_count =3D MIN(hot_add_range->count, chunk_max_size); =20 ha =3D g_malloc0(ha_size); - ha_region =3D &(&ha->range)[1]; + ha_region =3D &ha->region; ha->hdr.type =3D DM_MEM_HOT_ADD_REQUEST; ha->hdr.size =3D ha_size; ha->hdr.trans_id =3D balloon->trans_id; diff --git a/include/hw/hyperv/dynmem-proto.h b/include/hw/hyperv/dynmem-pr= oto.h index d0f9090ac489..834edeb59855 100644 --- a/include/hw/hyperv/dynmem-proto.h +++ b/include/hw/hyperv/dynmem-proto.h @@ -328,7 +328,8 @@ struct dm_unballoon_response { /* * Hot add request message. Message sent from the host to the guest. * - * mem_range: Memory range to hot add. + * range: Memory range to hot add. + * region: Explicit hot add memory region for guest to use. Optional. * */ =20 @@ -337,6 +338,12 @@ struct dm_hot_add { union dm_mem_page_range range; } QEMU_PACKED; =20 +struct dm_hot_add_with_region { + struct dm_header hdr; + union dm_mem_page_range range; + union dm_mem_page_range region; +} QEMU_PACKED; + /* * Hot add response message. * This message is sent by the guest to report the status of a hot add req= uest.