Re: [Qemu-devel] [PATCH v2 2/3] tpm_tis: assert valid addr passed to tpm

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 2/3] tpm_tis: assert valid addr passed to tpm

From:	Stefan Berger
Subject:	Re: [Qemu-devel] [PATCH v2 2/3] tpm_tis: assert valid addr passed to tpm_tis_locality_from_addr()
Date:	Tue, 12 Feb 2019 12:29:15 -0500
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1

On 2/11/19 10:03 AM, Liam Merwick wrote:

Defensive check to prevent future caller passing incorrect address
or catch if the MMIO address parameters were not all changed together.

Signed-off-by: Liam Merwick <address@hidden>
---

I've been running static analysis tools on QEMU and one reports this check.
While it's just theoretically correct (impossible to hit with current code),
fixing this helps minimise noise and find other issues using those static
analyzers as well as defending against the addition of future bugs.

  hw/tpm/tpm_tis.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 61a130beef35..860c2ace7d99 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -100,6 +100,7 @@ static uint64_t tpm_tis_mmio_read(void *opaque, hwaddr addr,

static uint8_t tpm_tis_locality_from_addr(hwaddr addr)

  {
+    assert(addr < TPM_TIS_ADDR_SIZE);
      return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
  }

If we want to add a check then we should check the value of the localitythat's being derived from the address here since that one serves as anindex into the array. However, we shouldn't need it with the way weregister the amount of MMIO memory derived from the number of localitiesand the way we then derive the locality from the address.


diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 61a130beef..797f107246 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c

@@ -100,7 +100,10 @@ static uint64_t tpm_tis_mmio_read(void *opaque,hwaddr addr,


 static uint8_t tpm_tis_locality_from_addr(hwaddr addr)
 {
-    return (uint8_t)((addr >> TPM_TIS_LOCALITY_SHIFT) & 0x7);
+    uint8_t locty = (uint8_t)(addr >> TPM_TIS_LOCALITY_SHIFT);
+    fprintf(stderr, "addr=%08lx locty=%u\n", addr, locty);
+    assert(TPM_TIS_IS_VALID_LOCTY(locty));
+    return locty;
 }

 static void tpm_tis_show_buffer(const unsigned char *buffer,

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v2 3/3] tpm_tis: fix format string specifier in tpm_tis_show_buffer(), (continued)
- [Qemu-devel] [PATCH v2 2/3] tpm_tis: assert valid addr passed to tpm_tis_locality_from_addr(), Liam Merwick, 2019/02/11
  - Re: [Qemu-devel] [PATCH v2 2/3] tpm_tis: assert valid addr passed to tpm_tis_locality_from_addr(), Stefan Berger <=
- Re: [Qemu-devel] [PATCH v2 1/3] tpm_tis: fix loop that cancels any seizure by a lower locality, Stefan Berger, 2019/02/11

Prev by Date: Re: [Qemu-devel] [PATCH 08/13] block: Allow changing the backing file on reopen
Next by Date: [Qemu-devel] [PATCH] SiFive RISC-V GPIO Device
Previous by thread: [Qemu-devel] [PATCH v2 2/3] tpm_tis: assert valid addr passed to tpm_tis_locality_from_addr()
Next by thread: Re: [Qemu-devel] [PATCH v2 1/3] tpm_tis: fix loop that cancels any seizure by a lower locality
Index(es):
- Date
- Thread