首頁 探索 說明
註冊 登入
FangSoftSoft
/
qemu
镜像来自 https://github.com/utmapp/qemu.git
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

system/physmem: Where we assume we have a RAM MR, assert it

In the functions invalidate_and_set_dirty() and
cpu_physical_memory_snapshot_and_clear_dirty(), we assume that we
are dealing with RAM memory regions. In this case we know that
memory_region_get_ram_addr() will succeed. Assert this before we
use the returned ram_addr_t in arithmetic.

This makes Coverity happier about these functions: it otherwise
complains that we might have an arithmetic overflow that stems
from the possible -1 return from memory_region_get_ram_addr().

Resolves: Coverity CID 1547629, 1547715

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-id: 20240723170513.1676453-1-peter.maydell@linaro.org
Peter Maydell 1 年之前
父節點
525650cd71
當前提交
73188068d7
共有 1 個文件被更改,包括 14 次插入4 次删除
分割檢視 顯示文件統計
  1. 14 4
      system/physmem.c

+ 14 - 4
system/physmem.c
查看文件 

@@ -923,13 +923,19 @@ DirtyBitmapSnapshot *cpu_physical_memory_snapshot_and_clear_dirty
 
     (MemoryRegion *mr, hwaddr offset, hwaddr length, unsigned client)
 
 {
 
     DirtyMemoryBlocks *blocks;
 
-    ram_addr_t start = memory_region_get_ram_addr(mr) + offset;
 
+    ram_addr_t start, first, last;
 
     unsigned long align = 1UL << (TARGET_PAGE_BITS + BITS_PER_LEVEL);
 
-    ram_addr_t first = QEMU_ALIGN_DOWN(start, align);
 
-    ram_addr_t last  = QEMU_ALIGN_UP(start + length, align);
 
     DirtyBitmapSnapshot *snap;
 
     unsigned long page, end, dest;
 
 
+    start = memory_region_get_ram_addr(mr);
 
+    /* We know we're only called for RAM MemoryRegions */
 
+    assert(start != RAM_ADDR_INVALID);
 
+    start += offset;
 
+
 
+    first = QEMU_ALIGN_DOWN(start, align);
 
+    last  = QEMU_ALIGN_UP(start + length, align);
 
+
 
     snap = g_malloc0(sizeof(*snap) +
 
                      ((last - first) >> (TARGET_PAGE_BITS + 3)));
 
     snap->start = first;
 
@@ -2659,7 +2665,11 @@ static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
 
                                      hwaddr length)
 
 {
 
     uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
 
-    addr += memory_region_get_ram_addr(mr);
 
+    ram_addr_t ramaddr = memory_region_get_ram_addr(mr);
 
+
 
+    /* We know we're only called for RAM MemoryRegions */
 
+    assert(ramaddr != RAM_ADDR_INVALID);
 
+    addr += ramaddr;
 
 
     /* No early return if dirty_log_mask is or becomes 0, because
 
      * cpu_physical_memory_set_dirty_range will still call